Postini Archiving Admin

Message ArchivingAdministration Guide

• Google Message Discovery

• Postini Message Archiving

2 Message Archiving Administration Guide

Google, Inc.

1600 Amphitheatre Parkway

Mountain View, CA 94043

www.google.com

Part number: PMAAG_643_32

February 24, 2012

© Copyright 2012 Google, Inc. All rights reserved.

Google, the Google logo, Google Message Filtering, Google Message Security, Google Message Discovery, Postini, the

Postini logo, Postini Perimeter Manager, Postini Threat Identification Network (PTIN), Postini Industry Heuristics, and

PREEMPT are trademarks, registered trademarks, or service marks of Google, Inc. All other trademarks are the property of

their respective owners.

Use of any Google solution is governed by the license agreement included in your original contract. Any intellectual property

rights relating to the Google services are and shall remain the exclusive property of Google, Inc. and/or its subsidiaries

(“Google”). You may not attempt to decipher, decompile, or develop source code for any Google product or service offering,

or knowingly allow others to do so.

Google documentation may not be sold, resold, licensed or sublicensed and may not be transferred without the prior written

consent of Google. Your right to copy this manual is limited by copyright law. Making copies, adaptations, or compilation works,

without prior written authorization of Google. is prohibited by law and constitutes a punishable violation of the law. No part of

this manual may be reproduced in whole or in part without the express written consent of Google. Copyright © by Google, Inc.

Postini, Inc. provides this publication “as is” without warranty of any either express or implied, including but not limited to the

implied warranties of merchantability or fitness for a particular purpose. Postini, Inc. may revise this publication from time to

time without notice. Some jurisdictions do not allow disclaimer of express or implied warranties in certain transactions;

therefore, this statement may not apply to you.

GD Graphics Copyright Notice:

Google uses GD graphics.

Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000 by Cold Spring Harbor Laboratory. Funded under Grant P41-

RR02188 by the National Institutes of Health.

Portions copyright 1996, 1997, 1998, 1999, 2000 by Boutell.Com, Inc.

Portions relating to GD2 format copyright 1999, 2000 Philip Warner.

Portions relating to PNG copyright 1999, 2000 Greg Roelofs.

Portions relating to libttf copyright 1999, 2000 John Ellson ([email protected]).

Portions relating to JPEG copyright 2000, Doug Becker and copyright (C) 1994-1998, Thomas G. Lane.

This software is based in part on the work of the Independent JPEG Group.

Portions relating to WBMP copyright 2000 Maurice Szmurlo and Johan Van den Brande.

Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application,

provided that this notice is present in user-accessible supporting documentation.

This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd,

not to interfere with your productive use of gd. If you have questions, ask. “Derived works” includes all programs that utilize the

library. Credit must be given in user-accessible documentation.

http://www.google.com

3

This software is provided “AS IS.” The copyright holders disclaim all warranties, either express or implied, including but not

limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying

documentation.

Although their code does not appear in gd 1.8.4, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue

Software Corporation for their prior contributions.

Google Compliance Policies Notice:

Google assumes no responsibility in connection with the Compliance Policies lexicon-filtering feature, including any failure to

recognize credit card or social security numbers that do not follow an applicable pattern as established in Postini’s systems or

any failure to encrypt a credit card or social security number.

Contents 5

Contents

About This Guide.................................................................................................7

What This Guide Contains.....................................................................................7

Who This Guide Is for ............................................................................................7

Related Documentation .........................................................................................8

How to Get Support .............................................................................................10

How to Send Comments About This Guide .........................................................10

Chapter 1: Introduction.....................................................................................11

About Message Archiving ....................................................................................11

Why Archive Email Messages? ...........................................................................12

Features and Benefits..........................................................................................13

Message Archiving Editions.................................................................................15

Overview of Message Archiving Components .....................................................15

How Message Archiving Captures Email Messages ...........................................24

Message Archiving Security ................................................................................32

Message Retention and Deletion.........................................................................34

Continuation Events and Archiving......................................................................34

Disaster Recovery ...............................................................................................35

Maximum Message Size......................................................................................36

Requirements ......................................................................................................37

Chapter 2: Setting Up Message Archiving ......................................................39

About Setting Up Message Archiving ..................................................................39

Step 1. Ensure your Users are Registered with your Message Security Service 40

Step 2. Choose an Email Archiving Option..........................................................41

Step 3. Enable and Configure Outbound Service (Optional) ...............................42

Step 4. Set Up Your Organization Hierarchy (Optional) ......................................43

Step 5. Turn On Archiving ...................................................................................45

Step 6. Set Up Message Archiving for Journaling ...............................................47

Step 7. Grant Archiving Privileges to Your Users ................................................54

Chapter 3: Granting Message Archiving Privileges .......................................61

About Archive Privileges......................................................................................61

About Granting Message Archiving Privileges.....................................................62

Allow a User to Set Up Message Archiving .........................................................68


Allow a User Full Access to the Corporate Archive .............................................69

Allow a User to Search the Corporate Archive ....................................................70

Allow a User to Manage Message Retention.......................................................71

Allow a User to View and Create Reports ...........................................................72

Allow a User to Restrict Searches .......................................................................73

Allow a User to Access the Personal Archive......................................................75

Appendix A: How To..........................................................................................79

Appendix B: Troubleshooting ..........................................................................81

Index ...................................................................................................................83

7

About This Guide

What This Guide Contains

The Message Archiving Administration Guide provides information about:

• How Message Archiving works

• Setting up Message Archiving for your message security service

• Granting Message Archiving privileges to other users

• Generating Message Archiving usage reports

This guide does not include information about using the Message Archiving

search panels, which you use to search for, view, and export archived messages;

or about creating archive audit reports. For this information, refer to the Message

Archiving User’s Guide. This document is also available on the Postini Support

Portal. For details, see “How to Get Support” on page 10.

Who This Guide Is for

This guide provides information for:

• Administrators of Google Message Discovery who have privileges to set up

Message Archiving

• Administrators of email servers, including Microsoft Exchange Server

This guide assumes that you are familiar with Google Message Discovery. For

details about using the features and components of that service, refer to the

Administration Guide for Message Discovery. This document is also available on

the Postini Support Portal. For details, see “How to Get Support” on page 10.

http://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/

http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_user/



Related Documentation

For additional information about Message Archiving and your message security

service, refer to the following related documents. These documents are available

on the Postini Support Portal. For details, see “How to Get Support” on page 10.

Document Description

Message Security Release

Notes

The latest information about new features in

this release, known issues, and resolved

issues.

Message Archiving Quick Start Instructions for quickly setting up and verifying

Inbound Archiving.

Message Archiving User’s

Guide

Instructions for searching for, viewing,

managing, and exporting archived email

messages. Also includes instructions for

creating archive-audit reports, which illustrate

user activity in the archive.

Message Archiving - Microsoft

Exchange Journaling

Configuration Guide For

Exchange Server 2000 and

2003

Message Archiving - Microsoft

Exchange Journaling


Exchange Server 2007 and

2010

Instructions for setting up journaling on

Microsoft Exchange Server, which lets you

save copies of users’ incoming, outgoing, and

intradomain email messages and send them to

your archive.

Message Archiving - Lotus

Domino Journaling


Domino Server 6.5.4 and up

Instructions for setting up journaling on Lotus

Domino Server, which lets you save copies of

users’ incoming, outgoing, and intradomain

email messages and send them to your

archive.

Personal Archive Quick Start

(PDF)

Instructions for using the Personal Archive.

You can distribute this guide to users to whom

you provide access to the Personal Archive.

This guide is also available in Microsoft Word

format on the Postini Support Portal. You can

use the Word version to customize the guide

for your users.

Message Security

Administration Guide

Instructions for setting up and administering

your message security service, including how

to set up your organization hierarchy, create

user accounts, grant privileges to users,

provide Message Center access to users,

configure junk email and virus filters, and

create reports.



http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_ex_config/

http://support.google.com/postini/bin/answer.py?hl=en&answer=1067381

http://www.google.com/support/enterprise/static/postini/docs/admin/en/personal_arch/pa_qs_en.pdf

http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_ex07_config/

http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_dom_config/

http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_quickstart/archive_quick_start.pdf

9

Outbound Services

Configuration Guide

Step-by-step instructions for setting up your

network environment and mail server for

Outbound Services, an optional feature that

allows filtering of outbound messages.

Batch Reference Guide Instructions for using batch commands to

perform message security configuration tasks,

including creating, deleting, and modifying

organizations, users, domains, and aliases.

Document Description

http://www.google.com/support/enterprise/static/postini/docs/admin/en/batch_reference/

http://www.google.com/support/enterprise/static/postini/docs/admin/en/outbound/


How to Get Support

You with several options for getting support for Message Archiving, including:

• Related documentation and FAQs

• A searchable knowledge base

• Support tools

• Email support

• Phone support

• Instructor-led and self-paced training

• Account management

To access support resources, go to the Postini Support Portal at:

https://support.postini.com

How to Send Comments About This Guide

We value your feedback. If you have comments about this guide, please send an

email message to:

[email protected]

In your email message, please specify the section to which your comment applies.

If you want to receive a response to your comments, ensure that you include your

name and contact information.

https://support.postini.com

Chapter 1

Introduction 11

Introduction Chapter 1

About Message Archiving

Welcome to Message Archiving, an easy-to-deploy solution for storing electronic

communications for the purposes of data retention, regulatory compliance, and

legal discovery. Message Archiving can capture all email messages that users on

your network send and receive, and store them in a central corporate archive.

Authorized users can then retrieve stored messages at any time, using

comprehensive search options, and export them to files or to their email inboxes.

Moreover, you can optionally provide each user with access to the Personal

Archive, which lets a user search for, view, and export only his or her archived

email messages.

Message Archiving integrates with your Message Discovery service, a service

that filters junk and virus-infected email messages before they reach your

network.

As part of your managed Message Discovery service, Message Archiving requires

no additional hardware or software on your network, so you can streamline the

storage of all your inbound, outbound, and internal electronic communications.

And because it works with the junk-email and virus filters of your Message

Discovery service, Message Archiving stores only legitimate messages, saving

storage space and reducing the time required to retrieve specific messages from

the archive.


Why Archive Email Messages?

Your company may have several reasons for archiving email messages. The

following are some of the most common reasons for establishing a message

archiving policy:

• Business continuity and disaster recovery: Organizations require secure

long-term storage of email communications, which have become key

business assets. With an archiving solution, an organization can continue to

access its complete message record even when its mail servers or local data

systems become unavailable.

• Regulatory and compliance requirements: Governmental agencies, such

as the U.S. Securities and Exchange Commission (SEC) and other regulatory

organizations, have established requirements for message retention,

accessibility, and security. To be in compliance, organizations must establish

archiving systems to retain electronic communications and assure that

requested materials can be retrieved and presented in a timely manner.

• Legal discovery and investigations: Organizations must be able to retrieve

relevant messages in the event of legal discovery, audits, and business or

personnel investigations. An archiving solution assures that evidentiary-

quality records are systematically stored in a central repository, and with

security in place to guard against issues of tampering.

• Storage management: As the volume of messages continues to increase, an

archiving solution lets organizations offload message storage from their

corporate servers. This reduction in stored messages helps to ensure that

server performance is maintained, minimizes storage costs, and greatly

simplifies restore operations in the event of a server failure.

Introduction 13

Features and Benefits

Message Archiving provides a complete solution for message capture, secure

storage, search and discovery, and archive management and access.

Feature Benefits

Email capture

and archiving

• Captures all inbound, outbound, and intradomain

(internal) email messages and attachments and

stores them in a central, corporate archive.

• Integrates with your message security service,

filtering to ensure that only legitimate email is

archived. Your message archive remains free of junk

mail and virus-infected messages.

• Automatically archives any email messages that

users or administrators view or deliver from

quarantine.

• Automatically accepts encrypted messages if your

email server uses TLS (Transport Layer Security).

Storage and

business

continuity

• Provides long-term storage of archived messages.

• In the event that your email server is unavailable,

archives inbound messages before they are spooled.

• Automatically deletes messages at the end of the

month after their retention period has expired.

• Supports holding messages beyond their retention

periods.

Search and

discovery

• Allows authorized users to search for, view, and

export messages in the archive, using a Web-based

interface.

• Provides robust search options with which users can

search for messages based on date range, sender,

recipient, subject, content, or file attachments.

Message export • Forwards archived messages to an email address.

• Saves archived messages to an industry-standard

MBOX or PST file. The MBOX format is supported by

other search and management tools, such as

litigation support systems. You can import PST files in

Outlook, or open unencrypted PST files in text or

hexidecimal editors.


Investigations

management

Standard,

Professional, and

Google Message

Discovery editions

• Allows users to set up investigations that organize

and save search criteria and search results for

specific topics.

• Includes an option to place a litigation hold on saved

results to prevent them from being purged when their

retention periods expire.

• Allows an administrator to restrict the scope of an

investigator’s search to a specific set of senders and

recipients.

• Allows a user to transfer saved search criteria and

results to another Message Archiving user.

Message

retention and

purging

Standard,

Professional, and

Google Message

Discovery editions

• Place a litigation/investigation hold on messages.

• Manually purge unneeded messages from your

archive.

• Set automatic purging on or off.

Audit reports

Optional feature

• Allows authorized users to create, view, and export

detailed reports of any user’s activities in the archive,

including the search criteria the user entered and

which messages the user viewed in the corporate

archive or the Personal Archive.

• Shows authorized users a list of all archive users who

accessed a specific archived message, including the

dates and times of access.

Management and

configuration

• Provides flexible, policy-based configuration options

with which you can include or exclude archiving for

specific organizations within your enterprise.

• Allows you to control which users can configure, view,

and search the archive.

• Reports archive traffic and usage.

Personal Archive

Standard,

Professional, and

Google Message

Discovery editions

• Long-term storage solution, accessible in Message

Center.

• Lets users search for, view, print, and export their own

email messages.

• Improves email-server efficiency by allowing

administrators to reduce storage quotas on those

servers.

Feature Benefits

Introduction 15

Message Archiving Editions

Postini Message Archiving is available as a standalone product, and as part of

Google Message Discovery. Each version offers the following features:

• User access to Personal Archive

• Web-based access to corporate archive

• Message retention/purge management

• Investigation management

• Usage, archive, and audit reports

• Option to forward archived messages to your inbox as attachments

• Option to export archived messages as MBOX of PST files

• Redundant (backup) storage

You can purchase the following services:

Message Consolidation service (add to any edition)

Consolidates your legacy messages from multiple platforms, data stores, and

media types, so you can centralize management and discovery of archived data.

This service also lets you apply more-consistent retention policies across your

stored message data. For information about this service, or to purchase it, contact

your Postini account manager.

Overview of Message Archiving Components

The following provides an overview of the primary components of Message

Archiving.

Message Capture and Storage

Message Archiving can capture and store email messages, including any file

attachments, that users on your network send or receive.

Legacy message

archiving

Optional feature

• Lets you merge email messages stored on other

systems and media types with your Postini archive.

• Centralizes management and discovery of archived

data.

Note: Requires the Message Consolidation service.

Feature Benefits


For details about how Message Archiving captures messages for archiving, see

“How Message Archiving Captures Email Messages” on page 24.

Introduction 17

Setup Options

You can set up Message Archiving to establish archiving polices for users, and to

grant access to the corporate archive and the Personal Archive. Because

Message Archiving settings are integrated with your Message Discovery service,

you access them through the Administration Console.

You use the following Message Archiving Settings page to turn on email archiving

for any user organization in your organization hierarchy, and to set the retention

period for archived messages.

You have two options for archiving users’ email messages:

• Inbound/outbound archiving: Stores all email messages that users receive

from and, optionally, send to addresses outside your network (all incoming

and, optionally, outgoing messages).

Inbound archiving requires no additional setup on your email server.

If you want to archive outbound email, however, you must also configure the

outbound services for your message security service. For details, see the

Outbound Services Configuration Guide.

• Journal archiving: Stores all incoming and outgoing email messages, as

well as all intradomain (internal) messages. To use this option, you must set

up your email server to journal (record copies of) users’ email messages and

send them to Message Archiving.



For details about configuring journaling on Microsoft Exchange Server, refer

to:

• Microsoft Exchange Journaling Configuration Guide For Exchange Server

2000 and 2003


2007 and 2010

For details about configuring journaling on Lotus Domino Server, refer to:

• Message Archiving - Lotus Domino Journaling Configuration Guide For


You can also set the number of months that messages are archived for an org, up

to your maximum contracted retention period.

Message Indexing

Before a message enters the archive, Message Archiving indexes of the

keywords (significant or meaningful words) in all parts of the message, including

the body text, Subject line, and headers. It also indexes keywords in most types of

file attachments that include text, such as Microsoft Office documents, PDF files,

text files, and HTML pages. Message Archiving does not, however, index

common words such as articles (for example, the, that, and an), prepositions (for

example, to, in, and on), and conjunctions (for example, and, or, and so).

A message’s index is a map of its content, and specifies in which part of the

message each keyword appears, for example, in the body, Subject line, To or

From field, headers, or attachments.

When you initiate a search, Message Archiving checks the indexes for matches to

the keywords you enter rather than checking the full contents of each message

and attachment identified by your criteria, thereby reducing the retrieval time.




Introduction 19

Search and Discovery Options

Depending on privileges, users have access to either the Search tab or the

Discovery tab. Both tabs include search panels with which users can search for

archived messages, and display search results.

Search Tab

This Search tab provides authorized users with tools to search for, view, print, and

export messages in your corporate archive. The following figure shows the

Search tab:

For details about using the Search tab, refer to the Message Archiving User’s

Guide.




Discovery Tab

The Discovery tab provides the same features as the Search tab, with the

additional options to set up investigations to save and organize search criteria and

results for specific topics. The following figure shows the Discovery tab:

For details about using the Discovery tab, refer to the Message Archiving User’s

Guide.

Search Panels

Both the Search tab and the Discovery tab include the following search panels, on

which users can enter criteria to retrieve archived messages:

• Email Search panel: Provides fields that let users enter criteria to find

archived email messages.

• Boolean Search panel: Lets users enter their own query strings, using the

Apache Lucene query syntax. This syntax supports Boolean operators,

wildcards, fuzzy matches, and proximity matches, allowing users to create

more-complex or targeted search queries.



Introduction 21

The following figure shows the Email Search panel:

Search Results

Once a user retrieves messages from the archive, search results appear in the

page. For example:

For details about using the Message Archiving search panels, refer to the

Message Archiving User’s Guide.



Retention Tab

The Retention tab lets you manage the retention and deletion of messages from

your corporate archive. Use the Retention tab to:

• View a monthly list of messages that are on extension beyond the expiration

of their retention periods. The list indicates the month in which the messages

were archived.

Messages are on extension when their retention periods have expired but

they have not been deleted because you have turned off auto-purging.

• View how many of the messages on extension are also on hold (not available

to purge).

• Purge messages from the archive that are not on hold.

• View the history of when and by who messages were purged.

• View contact information for investigators who have placed messages on

hold.

• View the number and overall size of the messages placed on hold by each

investigator.

For complete details about using the Retention tab, refer to the Message

Archiving User’s Guide.



Introduction 23

Reports Tab

The Reports tab provides four different types of reports:

• Storage Overview An overview of mail flow, and current and historical

archive storage

• Storage Reports A month-by-month listing of the number and overall size of

archived messages and messages on extension

• Purge History A list of purge events

• Audit Reports Information about user activity in the archive

For complete details about using the Reports tab, refer to the Message Archiving

User’s Guide.

Usage Reports

You can monitor archiving activity in usage reports, which are available in the

Administration Console. These reports provide information about the number of

messages in your archive and how much storage space they occupy per domain

or user account. You can also obtain a log that provides information about which

users accessed the archive. For more information, refer to the Message Archiving

User’s Guide.






Personal Archive

Optional feature

The Personal Archive is a user-level subset of the corporate archive. It provides a

user with Web-based access to only his or her archived email messages.

Users can access their archives at any time to recover (export) messages that

were lost or deleted from your email server, or to read their messages when your

server is unavailable.

Because users no longer need to store their email messages on your email server

for long periods, the Personal Archive can improve the performance of your server

and reduce the time required to recover from a server outage.

You can select which users have access to the Personal Archive. With access, the

Archive tab appears in a user’s Message Center, as shown in the following figure:

For more information about Message Center and how to provide user access,

refer to the Message Security Administration Guide.

How Message Archiving Captures Email Messages

The following overview describes how messages flow through your message

security service, and how Message Archiving captures and stores them in the

archive.

Methods of Archiving Email Messages

Email messages enter the archive differently, depending on which archiving

option you set up for your company: inbound/outbound archiving or journal

archiving.


Introduction 25

Inbound/Outbound Archiving

If you set up the inbound/outbound archiving option, Message Archiving stores

only the email messages that users receive from and, optionally, send to others

outside your network. Internal-only, or intradomain, messages, which do not leave

your network, are not archived.

Use inbound/outbound archiving if any of the following are true:

• You want to archive only messages that users receive from or, optionally,

send to others outside your network. For example, this option is appropriate if

you need to archive only communications between your organization’s

employees and your customers.

• You use the Outbound services for the message security service to enforce

policies, and you want to archive messages after the policies are enforced.

For example, if you set up your Outbound services to append a disclaimer on

all outgoing messages, using inbound/outbound archiving ensures that

archived messages contain the disclaimer.

• The email messaging environment for your network does not provide a

journaling option.

Note:

• For details about setting up the Outbound services, see the Outbound

Services Configuration Guide.

• You can archive messages in a catchall account. Those messages, however,

are not available in the Personal Archives of individual users whose mail ends

up in the catchall account. If you start archiving messages for those users

outside the catchall account, their messages are available in the Personal

Archives only after the switch from the catchall account to individual accounts.

• If you delete and then add back the same user in your message security

service, messages for that user are available in the Personal Archive only

from the point at which you add back the user.

Journal Archiving

Journaling is a mechanism by which your email server records copies of all email

messages that users on your network send or receive. If you set up the journal

archiving option, Message Archiving receives copies of journaled email messages

from your email server, and then stores them in the archive. These email

messages include:

• Messages that users send to and receive from others outside your network

• Internal-only, or intradomain, messages, which do not leave your network




Use journal archiving if both of the following are true:

• You want to archive all inbound, outbound, and intradomain email messages

for users.

• Your email server provides a journaling option.

Note:

For details about configuring journaling on Microsoft Exchange Server, refer to:


2000 and 2003


2007 and 2010




If you delete and then add back the same user in your message security service,

messages for that user are available in the Personal Archive only from the point at

which you add back the user.

General Message Flow for Message Security Service

Inbound email messages, and optionally outbound email messages, flow through

your message security service, which resides in a Postini data center. As the

message security service filters your incoming email, it quarantines suspicious

messages, and then delivers legitimate messages to your email server. The

following figure shows the message flow through your message security service.

With the addition of Message Archiving, you can archive messages for users in

one or more user organizations in your organization hierarchy.




Introduction 27

The process by which users’ email enters the archive differs, however, depending

on whether you choose to use inbound/outbound archiving or journal archiving.

Message Capture for Inbound/Outbound Archiving

If you use inbound/outbound archiving, rather than journal archiving, Message

Archiving automatically captures, stores, and indexes legitimate inbound and,

optionally, outbound messages as they flow through your message security

service. The following figure shows an overview of how Message Archiving

captures inbound and outbound messages.

How Inbound Messages Are Archived

When the message security service receives an inbound message, it filters the

message if the recipient is a registered user (has an account on the service).

If the message for a registered user is not blackholed, bounced, or quarantined as

a result of filtering, or if the recipient is not a registered user, then the service

attempts to deliver the message to your email server. If your email server confirms

that the recipient is valid, it sends a 250 response code to your message security

service.

If the recipient is valid and has an account on your message security service,

Message Archiving archives the message only if the account resides in a user

organization for which archiving is turned on. (You can determine which users in

your message security service have messages archived by assigning them to

different organizations.)

If the recipient is valid and messages are archived for that account, but your mail

server rejects the message for some reason after it was filtered by the message

security service, then the message is still archived even though it was never

delivered to the recipient. In this case, the message security service relays the

response from the recipient server to the sending server.

If the recipient is valid but does not have an account on your message security

service, Message Archiving does not archive the message.


If a message includes registered and non-registered addresses, the message is

archived for only the registered users for whom archiving is turned on.

After the message is archived, the message security service sends the sending

server a reply code to confirm that the message was delivered.

Blackholed and Bounced Messages

Message Archiving does not store any incoming messages that the message

security service blackholes (deletes) or bounces back to the sender.

Quarantined Inbound Messages

Message Archiving does not store any incoming messages that the message

security service quarantines. However, if a user or administrator either views a

message in a quarantine or delivers it to his or her inbox, Message Archiving then

stores the message in the archive.

User Aliases, Domain Aliases, and Domain Substripping for Inbound Messages

Message Archiving stores any inbound messages addressed to the following

types of alternate addresses if your message security service is set up to process

them:

• User aliases: For example, if a user has a primary email address

[email protected] and an alias address [email protected], Message

Archiving stores any inbound messages sent to either address.

• Domain aliases: For example, if your domain is jumboinc.com, and you set

up the domain jumboinc.net as its alias, Message Archiving stores any

inbound messages sent to either [email protected] or

[email protected].

• Domain substripping: For example, if your domain is jumboinc.com and you

have a subdomain sales.jumboinc.com, Message Archiving stores any

inbound messages sent to either [email protected] or

[email protected].

For more information about aliases and domain substripping, refer to the

Message Security Administration Guide.

Duplicate Message Handling for Inbound Messages

• If someone outside your network sends an incoming message to multiple

recipients on your network, Message Archiving stores a single copy of the

message.

• In the rare case that someone outside your network must re-send a message

to a user because the message security service was unavailable, Message

Archiving stores only a single copy of the message.


Introduction 29

How Outbound Messages Are Archived

Note: Outbound messages are archived only if you enable and configure the

Outbound service for your message security service. For details about setting up

the Outbound services, see the Outbound Services Configuration Guide.

After your message security service processes an outbound message and

determines that it adheres to your corporate policies, Message Archiving archives

the message for the sender if the sender belongs to a user org for which archiving

is turned on, and if the message is delivered to at least one recipient mail host.

Quarantined Outbound Messages

If your message security service determines that an outbound message does not

adhere to corporate policies and places it in the outbound quarantine, Message

Archiving archives the messages only if an administrator either views the

message or delivers it.

Bounced Outbound Messages

When a receiving server bounces an outbound message—for example, if it was

sent to an invalid address—Message Archiving stores both the bounced message

and the original message. Because both messages are stored, a record of the

attempted delivery can be retrieved from the archive if necessary.

Encrypted Outbound Messages

If your email server encrypts outgoing messages using TLS (Transport-Layer

Security), Message Archiving accepts the encrypted messages.

Duplicate Message Handling for Outbound Message

If a user sends an outgoing message to multiple recipients, Message Archiving

stores a single copy of the message.



Message Capture for Journal Archiving

When you configure your email server for journaling, your server records a copy

of, or journals, all inbound, outbound, and intradomain messages for the users

you specify, and stores those messages in a special mailbox on your email server

or a separate journaling email server. The server then automatically forwards the

messages to your archive. The following figure shows an overview of how

Message Archiving captures email messages for journal archiving.

As Message Archiving receives journaled messages from your email server, it

checks their sender and recipient addresses. It then indexes and archives only

those messages (including attachments) that were either sent or received by

users who have accounts in an organization for which you turned on archiving. If a

user does not have an account on your message security service, Message

Archiving does not archive journaled messages for that user.

User Accounts and Journal Archiving

When you turn on archiving for an organization, Message Archiving immediately

begins to archive journaled email messages for existing users in that organization.

If you add users to an archiving-enabled organization using batch commands,

Directory Sync or Web Autocreate, or directly through the Administration Console,

Message Archiving starts to archive their messages as well. With Automatic

Account Creation, though, provisional users’ journaled messages are not archived

until your message security service promotes those users to registered users.

Blackholed or Bounced Messages

If the message security service blackholes (deletes) or bounces back (returns) to

the sender any incoming messages, your email server does not journal them.

Therefore, these messages are not archived.

Introduction 31

Quarantined Inbound Messages

If your message security service quarantines an incoming message, your email

server does not journal that message, and that message is not archived.

However, if a user or administrator views a message in a quarantine without

delivering it to his or her inbox, Message Archiving then captures the message

directly and stores it in the archive. If a user or administrator delivers a

quarantined message to his or her inbox, your email server journals the message

normally and sends it to the archive. Note that if a user or administrator first views

the message and then delivers it, Message Archiving stores only one copy of that

message.

WARNING: Keep in mind that if you view or forward mail from the junk quarantine,

then that junk mail is archived.

You cannot view or forward mail from the virus quarantine.

Quarantined Outbound Messages

Your email server journals all outbound messages before they reach the Postini

data center. Therefore, if you use Postini Outbound Services, and a user’s

outbound message is quarantined, Message Archiving still receives a copy of the

journaled message from your email server and archives it. If an administrator

views or delivers the quarantined message, another copy of the message is

archived.

WARNING: Keep in mind that if you view or forward mail from the junk quarantine,

then that junk mail is archived.

You cannot view or forward mail from the virus quarantine.

Duplicate Journaled Messages

In most cases, your email server journals only one copy of a message. For

example, Microsoft Exchange Server journals only one copy a message that a

user sends to multiple recipients or that multiple users receive. For details about

duplicate message handling during the journaling process, refer to your email

server’s documentation and support resources.

If you set up journaling on two or more email servers, multiple servers might

journal a separate copy of the same message. To handle these cases for

Exchange Servers, Message Archiving includes a feature called Exchange

Duplicate Suppression. With this feature, Message Archiving parses all journals

before storing the messages in the archive. To suppress duplicates, an

Exchange-journal fingerprint, based on the the information received in each

journal (including the original message binary, and the ordered list of sender &

recipients), is taken during indexing, and this fingerprint is stored as metadata in

the index.

When a query is issued for a customer with Exchange Duplicate Suppression

enabled, the Message Archiving service identifies the messages with identifical

fingerprints and returns only one result for the messages determined to be exact

duplicates. The duplicate messages do not appear in search results, nor in

exported results sets.


To implement Exchange Duplicate Suppression, contact Support or your reseller.

How Quickly Are Email Messages Archived?

In most cases, Message Archiving typically stores an email message in the

archive within about 30 minutes after a user sends or receives it. However, the

time can be longer, depending on whether the message contains file attachments,

and the size of those attachments. Moreover, if you use the journal archiving

option, messages must be journaled by your email server before they are

archived, potentially increasing the time before they enter the archive.

Message Archiving Security

As a component of the message security service, Message Archiving provides

highly secure access, connections, and storage. In addition, if you use the journal

archiving option, Message Archiving keeps the connection between your server

and archive secure.

Access Security

With Message Archiving, you have a high level of control over which users can

configure and view the corporate message archive and which users have access

to the Personal Archive.

Access to Archive Configuration Options

Administrators of your message security service who have the Message

Archiving privilege in their authorization records have access to the Message

Archiving configuration options. These administrators can turn on archiving and

set options only for the user organizations for which they have administrative

control. They can also grant the Message Archiving privilege to other users in

their organizations.

Access to the Corporate Archive

Because your corporate message archive may contain sensitive or private

information, you can strictly control which users have access. During the Message

Archiving activation process, you can designate a single user to have access to

the archive. If this user is also an administrator with the ability to grant privileges,

he or she can grant search privileges to other users. If the user is not also an

administrator, and you later want to allow other users to search the archive, you

can request this access by contacting Postini Customer Care (if you are a direct

customer) or your reseller. For details, see “About Archive Privileges” on page 61.

Introduction 33

The account password for a user who has authorization to search the archive

must meet the same strict requirements as those for administrators’ passwords. If

a user’s password does not meet these requirements, your message security

service automatically prompts the user to change his or her password before

logging in to Message Archiving. For more information about administrator

password requirements, refer to the Message Security Administration Guide.

Access to the Personal Archive

Users access the Personal Archive in Message Center. Each user’s account in

Message Center is password protected and accessible only to that user.

Connection Security

Both Message Archiving and the Administration Console use SSL to encrypt user

name and password information. In addition, all pages in Message Archiving and

the Administration Console are 128-bit encrypted and HTTPS secured.

Archive Storage Security

Message Archiving processes your company’s electronic messages in

geographically-distributed primary and secondary (backup) data centers. Each

data center is located in a physically secured facility with SAS-70 certification, is

serviced by a Tier-1 or better network provider, and contains multiple layers of

redundancy for network connectivity and power.

During the processing of a message, indexing servers create an index for the

message, and then store the index on multiple devices. When the message

processing has finished, the message is then written to at least two separate

geographical locations.

Journal Archiving Security

If you use the journal archiving option, Message Archiving generates a private

email address for your corporate archive. In addition, when setting up Message

Archiving for journaling, you must specify an access control list (ACL) that tells

Message Archiving the IP addresses of email servers from which it can accept

incoming journaled messages. The combination of access control and private

archive address prevents malicious senders from sending messages to your

archive.

To further enhance security for journal archiving, you can use TLS (Transport-

Layer Security) encryption. If the email server that forwards journaled messages

to your archive uses TLS encryption, Message Archiving automatically accepts

the encrypted messages. It then decrypts the messages before storing them in

the archive.



Message Retention and Deletion

You specify the maximum retention period for your messages when you purchase

Message Discovery. Message Archiving can retain messages for periods of up to

10 years. You set a separate retention period up to that maximum for each user

org. The flexibility to set retention periods on a per-org basis lets you tailor

message retention to the needs of various user groups.

You can retain messages longer than your retention period if you turn off Auto-

purge (see below).

The Message Archiving Settings page for an organization indicates the retention

period. For information about setting the retention period for an organization, see

“Step 5. Turn On Archiving” on page 45.

You can use the Auto-purge option to have Message Archiving automatically

delete messages at the end of the month in which their retention periods expire

(Auto-purge ON), or you can choose to manually purge messages from the

archive (Auto-purge OFF). You can also place a hold on saved search results,

which temporarily halts automatic message deletion. This option may be useful

during an investigation or notice of litigation.

You can use the Retention tab to turn the Auto-purge function on and off, and to

manually purge messages from the archive. For more information, see the


Note: You cannot delete messages from your corporate archive before their

retention periods expire or if they are on hold beyond their retention periods.

Continuation Events and Archiving

If a continuation event occurs (failover to the secondary data center), Message

Archiving continues to process and archive messages as usual. However, during

a full continuation event, some features are not available, as the following table

describes. For more information about continuation events, refer to the Message

Security Administration Guide.

Feature

Available during mailflow

continuation event?

Available during full

continuation event?

Message

capture and

storage

Yes. Message Archiving

continues to archive email.


continues to archive email.

Message

indexing


updates the message

indexes as usual.


updates the message indexes

as usual.

http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_user/retention.html



Introduction 35

Disaster Recovery

If you have set up automatic spooling for your message security service, and your

email server experiences an outage, the following occurs:

• If you set up inbound/outbound archiving, Message Archiving stores all

legitimate inbound messages before they are spooled. In this case, while your

email server is still down, you can view these inbound messages in the

corporate archive, and users can view their own messages in the Personal

Archive. Outbound messages are archived only if you are using the outbound

service and your outbound email server is able to send messages to the

message security service.

• If you set up journal archiving, once your email server is back up, it will

receive the spooled messages, journal them, and send them to your archive.

During your server outage, however, messages are not archived because

your server is unable to send journaled messages to the archive.

For more information about the spooling feature of your message security service,

refer to the Message Security Administration Guide.

Search or

Discovery tab

Reports tab

Yes. Users with Archive

Search privilege can use

the Search tab or

Discovery tab (depending

on the options included

with your Message

Archiving service).

Users with the Archive

Search, Archive Discovery,

Archive Audit, or Archive

Retention privilege can

use the Reports tab and

the corresponding reports.

No. Attempts to log in to

Message Archiving return a

message indicating that

access is temporarily

unavailable.

Message

Archiving

settings

Yes. Administrators can

edit settings.

No. Settings are active, but

administrators cannot edit

them.

Archiving

reports


continues to update report

data for the following day’s

report. Administrators can

view reports.

No. Message Archiving

continues to update report

data for the following day’s

report. However,

administrators cannot view

reports.

Feature

Available during mailflow

continuation event?

Available during full

continuation event?



Maximum Message Size

Message Archiving supports a maximum message size of 200 MB. This maximum

size is the total for the message and any attachments. However, the maximum

size for a message that can be archived may be lower, depending on the setting

for the Inbound Attachment Manager Message Size filter for your message

security service.

For example, if the Message Size filter for Inbound Attachment Manager is set to

50 MB, Message Archiving will not store messages over 50 MB.

Note: The Inbound Attachment Manager Message Size filter affects all messages

sent to Message Archiving for storage, including inbound, outbound, and internal-

only (intradomain) messages. Other Inbound Attachment Manager filter settings

do not affect acceptance of messages into the archive.

The default setting for Inbound Attachment Manager Message Size filter is 200

MB. For more information about setting this filter for Inbound Attachment

Manager, refer to the Message Security Administration Guide.


Introduction 37

Requirements

The following table lists the requirements for Message Archiving. For more

information on supported configurations and platforms, please contact your

account manager.

Service

configurations

• Message Discovery

Email server platforms

for journaling

• Microsoft Exchange 2007 and 2010 Standard &

Enterprise Editions

• Microsoft Exchange 2003 Standard & Enterprise

Editions

• Microsoft Exchange 2000 Standard & Enterprise

Editions

• Microsoft Windows Small Business Server

• Lotus Domino 6.5.4 to 8.0.2

For the complete list of requirements for Microsoft

Exchange Server, refer to:

• Microsoft Exchange Journaling Configuration

Guide For Exchange Server 2000 and 2003

• Microsoft Exchange Journaling Configuration

Guide For Exchange Server 2007 and 2010

For details about configuring journaling on Lotus

Domino Server, refer to:

• Message Archiving - Lotus Domino Journaling

Configuration Guide For Domino Server 6.5.4

and up

Browser for access to

Message Archiving

• Microsoft Internet Explorer 6.x and 7.x on

Windows XP

• Mozilla Firefox 1.5.x on Windows XP

• Mozilla Firefox 1.5.x on Redhat Linux

• Safari 1.3.x on Mac OS X





Chapter 2

Setting Up Message Archiving 39

Setting Up Message Archiving Chapter 2

About Setting Up Message Archiving

To store email messages in your archive, you need to set up Message Archiving

on your Message Discovery service. The following table summarizes the steps to

set up Message Archiving:

Step Description

Step 1. Ensure your Users

are Registered with your

Message Security Service

Make sure the users for whom you want to

archive messages are registered with your


Step 2. Choose an Email

Archiving Option

Determine which type of email archiving you

want to set up: journal or inbound/outbound or

archiving.

Step 3. Enable and

Configure Outbound

Service (Optional)

If you choose the inbound/outbound archiving

option, configure your Outbound service if you

have not already done so.

Step 4. Set Up Your

Organization Hierarchy

(Optional)

Choose which users’ messages you want to

archive, and optionally set up or rearrange your

organization hierarchy.

Step 5. Turn On Archiving Turn on archiving for your message security

service at the user organization level, and select

archiving options, including retention period.


Note:

If you chose the journal archiving option for email messages, you must also set up

journaling on your email server.

For details about configuring journaling on Microsoft Exchange Server, refer to:


2000 and 2003


2007 and 2010




Step 1. Ensure your Users are Registered with your Message Security

Service

In order to archive email for a user, that user must be registered with your


Step 6. Set Up Message

Archiving for Journaling

If you chose the journal archiving option, set up

Message Archiving on your message security

service to accept incoming journaled messages

from your email server.

Turn on archiving alerts so the system can keep

you apprised of any anomalies with journaled

messages reaching the archive.

To complete this step, you need the IP address

or address range for your email servers.

You also need to set up journaling on your email

servers.

Step 7. Grant Archiving

Privileges to Your Users

Once you have set up the type of archiving you

want to provide for your organization, you then

need to grant archiving privileges to your users

so they can access and manage the archive, and

run the necessary reports.

Step 7. Search the

Archive, Manage Message

Retention, Run Reports

After you grant archiving privileges to your users,

they can (depending on their privileges) search

the archive, set up investigations, manage

message retention, and run reports.

Step Description






You can use Google Apps Directory Sync for Message Security to synchronize

the user directory on your LDAP server with your message security service. For

more information, see:

Google Apps Directory Sync Administration Guide

Note: You can also add users manually by following the instructions in:

Message Security Administration Guide

Step 2. Choose an Email Archiving Option

Message Archiving provides two options for archiving email messages: journal

archiving and inbound/outbound archiving:

Archiving Option Description

Journal archiving Captures all email messages that flow into and out

from your organization, as well as all messages that

users send to each other within your network. With

this option, Message Archiving does not capture

messages directly; instead, it archives messages

that your email server records through its journaling

option.

To archive journaled messages, you must set up

journaling on your email server. Once you complete

this task, your email server journals (records a copy)

all email messages that users send or receive, and

then forwards those messages to Message

Archiving. Note that these operations can impact the

performance of your email server and network.

For an overview of how messages flow into your

archive for journal archiving, see “Message Capture

for Journal Archiving” on page 30.

Note: You cannot use journal archiving if you are a

Google Apps customer. Google Apps Email does not

provide an option to journal messages. If you are a

Google Apps customer, use the Inbound/Outbound

option described below.


http://www.google.com/support/enterprise/static/postini/docs/admin/en/dss_admin/


WARNING: If you use both journal and inbound/outbound archiving, Message

Archiving stores two copies of each inbound and outbound message: one copy is

captured during the journaling process on your email server, and the other copy is

captured as it flows through your message security service.

Step 3. Enable and Configure Outbound Service (Optional)

If you choose the inbound/outbound archiving option, and you want to archive

email messages that users send to addresses outside your network, ensure that

the Outbound service is enabled and configured for your message security

service. The Outbound service must be set up for the email configuration

associated with the user organization for which you want to turn on archiving. For

details about using the Outbound service, refer to the Message Security Service

Administration Guide.

If you are a Google Apps Premier Edition customer who has activated your Postini

services, your outbound gateway is already configured. To confirm, open the

Google Apps Control Panel, click the Service Settings tab, and check the entry

under Outbound gateway. When you upgrade your service to include Google

Message Discovery, your message security service is updated to include the

same information on the Outbound Servers tab in the Postini Administration

Console. In this case, you do not have to enable and configure the Postini

Outbound Service.

For more information about activating your Postini services, see the Activation

Guide.

Inbound/Outbound

archiving

Captures messages sent from outside your network

to users in your network.

Optionally, captures messages that users send to

addresses outside your network if you enable and

configure the Outbound service for your message

security service. This option, however, does not

capture messages that users send within your

network.

Note: If you are a Google Apps customer, use this

option.

For an overview of how messages flow into your

archive for inbound/outbound archiving, see

“Message Capture for Inbound/Outbound Archiving”

on page 27.

Archiving Option Description

http://www.google.com/support/a/bin/answer.py?hl=en&answer=94187

http://www.google.com/support/a/bin/answer.py?hl=en&answer=94187

http://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/ob_toc.html

http://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/ob_toc.html


Step 4. Set Up Your Organization Hierarchy (Optional)

Before you turn on archiving, determine the users for whom you want to archive

email messages. Because you must turn on archiving at the user organization

(org) level of your organization hierarchy—not the user account level—you may

need to reorganize your organization hierarchy. How you reorganize your

hierarchy depends on whether you are using journal archiving or inbound/

outbound archiving.

Note:

• Regardless of the number of organizations in your hierarchy, Message

Archiving stores all messages in one corporate archive.

• You can archive messages in a catchall account. Those messages, however,

are not available in the Personal Archives of individual users whose mail ends

up in the catchall account. If you start archiving messages for those users

outside the catchall account, their messages are available in the Personal

Archives only after the switch from the catchall account to individual accounts.

• If you delete and then add back the same user, messages for that user are

available in the Personal Archive only from the point at which you add back

the user.

• For details about setting up organization hierarchies, refer to the Message

Security Service Administration Guide.

Set Up Your Hierarchy for Inbound/Outbound Archiving

Inbound/outbound archiving captures received and sent messages for users on

your network who do not have accounts on your message security service. All

inbound messages that your server accepts for your domain are captured, and all

outbound messages from your email server are captured.

Once you create accounts on your message security service, however, the

following rules apply to those accounts:

• To archive messages for only specific users: Create accounts for those

users on your message security service, and then add those accounts to user

organizations for which archiving is turned on.

• To prevent archiving for only specific users: Create accounts for those

users on your message security service, and then add those accounts to user

organizations for which archiving is turned off.

• To archive messages for all users: Turn on archiving for all user

organizations in your organization hierarchy. You do not need to reorganize

the hierarchy.

Note: If you turn on Non-Account Bouncing for your message security service,

you must create user accounts for all the email accounts that exist on your email

server. Any incoming messages addressed to recipients without user accounts on

your message security service are bounced and therefore not archived.




Set Up Your Hierarchy for Journal Archiving

If you use the journal archiving option, Message Archiving stores journaled

messages only for users who have accounts on your message security service,

and only if those accounts reside in a user organization for which you turned on

archiving.

• To archive messages for only specific users: Set up your organization

hierarchy such that you place these users in separate user organizations. For

example, if you want to archive messages for only your company’s

executives, ensure that you place these users in a separate user org—for

example acme_execs. You can then turn on archiving for only that

organization.

If you use the journal archiving option with Microsoft Exchange Server, you

may want also want to map your mailbox databases or your Hub Transport

servers to your user organizations. For more information about configuring

journaling on Microsoft Exchange Server, refer to:


2000 and 2003


2007 and 2010

If you use the journaling option with Lotus Domino Server, refer to:



• To archive messages for all users: Turn on archiving for all the user

organizations in your organization hierarchy. You don’t need to reorganize

your organization hierarchy.





Step 5. Turn On Archiving

You must turn on archiving for each user organization (org) that contains users for

whom you want to archive email messages.

Before turning on archiving, ensure that you:

• Choose an email archiving option. For details, see “Step 2. Choose an Email

Archiving Option” on page 41.

• Set up your Email-Security-service organization hierarchy, if necessary. For

details, see “Step 4. Set Up Your Organization Hierarchy (Optional)” on

page 43.

Note: You can also use a batch command to turn on archiving and select an

archiving option. For details about this batch command, refer to the Batch

Reference Guide.

To turn on archiving:

1. Go to https://login.postini.com.

2. Log in to your message security service, and open the Administration

Console.

3. Click the Orgs and Users tab, or click the Show Hierarchy link in the upper-

left corner of the Home page.

4. Select the user organization (org) for which you want to turn on archiving.

5. On the Organization Management page, under Organization Settings, click

Archiving.




The Message Archiving Settings page appears.

6. On the Message Archiving Settings panel, select Archive messages for this

organization.

7. Select one of the following options:

• All inbound and outbound messages

• All journaled messages

WARNING: If you select both options, Message Archiving will store two copies

of all inbound and outbound messages.

Note: If you are a Google Apps customer, use the All inbound and outbound

messages option. You cannot use the All journaled messages option as

Google Apps Email does not provide a method of journaling messages.

For details about the options on the Archive Settings panel, see “About the

Message Archiving Settings Page for a User Org” on page 54.

8. Click Save.

9. On the Archive Retention panel, enter the number of months you want to set

for the archive retention period.


The retention period you set applies to all messages entering the archive from

that point on. It does not apply to messages already in the archive. If you need

to ensure that existing messages with shorter retention periods are not

deleted from the archive, turn off auto-purge on the Message Archiving

Retention tab.

You can enter any retention period up to the number of months equivalent to

the maximum retention period you purchased. For example, if you purchased

one year of retention, you can enter any number of months up to 12.

10. Click Save.

Note: If you select the All journaled messages option, your next step is to set up

Message Archiving for journaling. This generates the email address for your

archive, which you use when you set up journaling on your email server. See

“Step 6. Set Up Message Archiving for Journaling” on page 47.

Step 6. Set Up Message Archiving for Journaling

If you selected the All journaled messages option when turning on archiving for

a user org, you need to:

• Set up Message Archiving to accept incoming journaled messages from

your email server. Add a journaling-configuration entry to the email

configuration (config) that contains the user organization for which you turned

on archiving. Message Archiving then generates the email address for your

archive. You use this address when you configure your email server to send

journaled messages to Message Archiving.

For instructions to add a journaling configuration, see “Add a Journaling

Configuration to Your Email Config” on page 48.

Note: You must add a journaling-configuration entry to each email

configuration that contains user organizations for which you want to archive

messages. Keep in mind, though, that Message Archiving generates only one

archive email address, regardless of the number of email configurations you

set up.

• Set up your email server for journaling.

For details about configuring journaling on Microsoft Exchange Server, refer

to:


2000 and 2003


2007 and 2010









Add a Journaling Configuration to Your Email Config

A journaling configuration identifies the type of server and the IP address (or

address range) of the server from which Message Archiving can accept incoming

journaled email messages. You can also use the journaling configuration to turn

non-account archiving on or off, turn archive alerts on or off, and to specify the

address to which archive alerts are delivered. In addition, you can turn the

journaling configuration itself on or off.

After you configure a journaling configuration, you can edit or delete it at any time.

IP-Address Range

The IP-address range for an email server must be:

• External IP addresses. If your network uses network address translation

(NAT), ensure that you enter your external IP address.

• Within a single class C address space.

• Contiguous. If you use non-contiguous IP addresses for your server, make a

separate entry for each different range.

Tip: If you are using Postini Outbound Services, the IP-address range you enter

for your journaling configuration is usually the same address range you entered

for Outbound Services.

Note: If you set up an IP Lock for your own domain on your message security

service, ensure that the IP address of your email server is included in the IP lock

configuration. Otherwise, your message security service will reject journaled

messages from your server. For information about IP Lock, refer to the Message

Security Service Administration Guide.

Alerts

We recommend that you set the Alert Status to ON so that the system can keep

you apprised of any interruption in journaled messages being copied to the

archive. When you turn Alert Status on, the system sends an alert when:

• Journaled messages from your mail server are being bounced

Message text:

Journal messages from your server are currently being bounced. Check to see that your IP address is properly configured. Click here for more information: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.

Note: This condition occurs when the IP address of the server from which you

are sending journaled messages is not listed in the Administration Console. If

the system bounces three messages within a minute without receiving any

good messages, this alert is issued.

• Journaled messages from your mail server not in the correct envelope journal

format




Message text:

Journal messages from your server are not in the correct envelope journal format. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.

• The system has not received any journaled messages from your server for:

• One hour: if the system has not received a journaled message for one

hour, then an initial alert is sent.

• Six hours: After the initial one-hour alert, the system then sends an alert

every six hours until it receives a journaled message from your server.

Message text:

We have not received any messages from your journaling server. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.

For Alert Address, we recommend that you use a long-standing group address

rather than an individual address so that it remains viable over the long term. With

a group address, you can add and remove individual address from the group as

your personnel change, but you can leave the group address in place in your

Journaling Configuration.

To add a journaling configuration to your email config:


2. Log in to your message security service, and access the Administration

Console.



4. Select the email configuration (config) associated with the user organization

for which you turned on archiving.



Archiving.

The Message Archiving Journaling Configuration page appears.

6. Click Add Journaling Configuration.


7. Configure the following options:

Option Value

Configuration Status Select ON to archive journaled messages from

the server identified in the Sending IP Address

Range option. Those messages are archived

according to the settings on this page.

Select OFF to suspend the archiving of

messages from the server identified in the

Sending IP Address Range option. You can set

the status to OFF when you are configuring

journal archiving ahead of time, or when you

want to suspend archiving messages from a

server but want to preserve your configuration.

Server Type Select the type of server from which journaled

messages are sent:

• Exchange

• Domino

Your selection identifies the format of journaled

messages so the email security service can

ingest them properly.

Sending IP Address

Range

Enter the IP-address range for your email

server.

If your server has only one address, enter that

address is both fields.


Non-account

Archiving

Select ON to archive messages to and from

users on a particular email server who do not

also have accounts on your message security

service.

When you enable non-account archiving, you

immediately begin archiving all journaled

messages without having to first register users

with your message security service. This option

can be useful when the urgency of archiving

messages outweighs the need for granular

control of whose messages are archived. You

can enable this option to ensure that you don't

miss any messages, and then go through the

process of registering users.

Once you have registered all the users for whom

you want to archive messages, you can then

turn off this option to avoid storing unnecessary

messages in your archive.

Caution: When you enable non-account

archiving, you run the risk of archiving spam and

virus-infected messages. Messages sent or

received by users who are not registered with

your Postini Email Security system are not

filtered by the system. With non-account

archiving, those unfiltered messages are

archived.

Alert Status You can choose to receive daily email alerts

when it appears that your journaled messages

are not being archived correctly. There are alerts

that cover the following conditions:

• Journaled messages from your server are

being bounced

Note: This condition occurs when the IP

address of the server from which you are

sending journaled messages is not listed in

the Administration Console. If the system

bounces three messages within a minute

without receiving any good messages, this

alert is issued.

• Journaled messages from your server are

not in the correct envelope journal format

• The system has not received any journaled

messages from your server for the last 24

hours

Option Value


8. Click Save.

The IP address range that you entered appears on the page, along with the

other configuration settings.

The email address for your archive also appears in the message area at the

top of the page, in the following format:

archive@your_ID.archive.psmtp.com

You must use this address when you configure your email server for

journaling.

Edit or Delete a Journaling Configuration

You can edit or delete your journaling configuration at any time.

Important: If you are using Postini Outbound Services, you may be using the same

IP-address range for both Outbound Services and your journaling configuration. If

so, remember to also update the address range for Outbound Services in the

Administration Console.

To edit a journaling configuration:

In the list of journaling configurations, click the Edit icon for the configuration you

want to edit, set the options as desired, then click Save.

To delete a journaling configuration:

In the list of journaling configurations, click the Delete icon for the configuration

you want to delete.

Alert Address Enter the email address at which you want to

receive alerts.

We recommend that you use a long-standing

group address rather than an individual address

so that it remains viable over the long term.

Option Value


Step 7. Grant Archiving Privileges to Your Users

After you’ve completed the previous steps to set up archiving for your

organization, you then need to grant privileges to your administrators and users

so they can have access to the archive. For information, see “Granting Message

Archiving Privileges” on page 61.

Message Archiving Setup Reference

About the Message Archiving Settings Page for a User Org

Use the Archive Settings page to:

• Turn on email archiving for an organization.

• Select an archiving option.

• Access the archive (requires the Search Archive privilege in your

authorization record).

Message Archiving Settings panel:

Option Description

Archive messages for

this organization

Turns on email archiving for this organization.

You must turn on archiving for all organizations that

contain users for whom you want to archive email

messages.

All inbound and

outbound messages

Archives email messages flowing through your

message security service. Inbound messages are

archived by default when you select this option.

Outbound messages are archived only if you use the

optional Outbound service.

This option does not archive any intradomain email

messages—that is, messages that do not leave your

private network.

To archive outbound messages with this option, you

must turn on and configure the Outbound service for

your message security service. For details, refer to

the Administration Guide for Message Discovery.



All journaled

messages

Archives all email messages that your email server

journals for users on your network, including

inbound, outbound, and intradomain messages

(internal messages that do not leave your private

network).

WARNING: If you select this option, Postini

recommends that you do not also select the option

All inbound and outbound messages. If you

select both options, Message Archiving stores two

copies of all inbound and outbound messages.

Next steps:

If you select this option, you must set up Message

Archiving, and set up journaling on your email

server:

1. Go to the Message Archiving Journaling Setup

page for the email configuration for this

organization:

At the top of the Message Archiving Settings

page, in the Choose Org drop-down list, select

the email configuration.

2. Specify the IP-address range for the email

server that will send journaled messages to the

archive.

The email address for your archive is then

displayed.

3. Set up your email server to send journaled

messages to the address for your archive.

Current Retention

Months

Enter the number of months that Message Archiving

keeps messages in the archive.

Option Description


About the Message Archiving Journaling Configuration

Page for an Email Config

Use this page to:

• Set up Message Archiving to accept journaled email messages from your

email server.

• Obtain the email address for your archive. Use this address when you

configure your email server to send journaled messages to the archive.

• See a list of Journaling Configurations and their settings, along with options to

edit and delete those configurations.

Click Add Journaling Configuration to open the Message Archiving Journaling

Configuration panel.

Message Archiving Journaling Configuration panel:

Option Value

Configuration Status Select ON to archive journaled messages from the

server identified in the Sending IP Address Range

option. Those messages are archived according to

the settings on this page.

Select OFF to suspend the archiving of messages

from the server identified in the Sending IP Address

Range option. You can set the status to OFF when

you are configuring journal archiving ahead of time,

or when you want to suspend archiving messages

from a server but want to preserve your

configuration.

Server Type Select the type of server from which journaled

messages are sent:

• Exchange 2000/2003

• Exchange 2007/2010

• Domino

Your selection identifies the format of journaled

messages so the email security service can ingest

them properly.

Sending IP Address

Range

Enter the IP-address range for your email server.

If your server has only one address, enter that

address is both fields.


Non-account

Archiving

Select ON to archive messages to and from users

on a particular email server who do not also have

accounts on your message security service.

When you enable non-account archiving, you

immediately begin archiving all journaled messages

without having to first register users with your

message security service. This option can be useful

when the urgency of archiving messages outweighs

the need for granular control of whose messages

are archived. You can enable this option to ensure

that you don't miss any messages, and then go

through the process of registering users.

Once you have registered all the users for whom you

want to archive messages, you can then turn off this

option to avoid storing unnecessary messages in

your archive.

Caution: When you enable non-account archiving,

you run the risk of archiving spam and virus-infected

messages. Messages sent or received by users who

are not registered with your Postini Email Security

system are not filtered by the system. With non-

account archiving, those unfiltered messages are

archived.

Option Value


Alert Status You can choose to receive daily email alerts when it

appears that your journaled messages are not being

archived correctly. There are alerts that cover the

following conditions:

• Journaled messages from your server are being

bounced

Message text:

Journal messages from your server are currently being bounced. Check to see that your IP address is properly configured. Click here for more information: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.

Note: This condition occurs when the IP address

of the server from which you are sending

journaled messages is not listed in the

Administration Console. If the system bounces

three messages within a minute without

receiving any good messages, this alert is

issued.

• Journaled messages from your server are not in

the correct envelope journal format

Message text:

Journal messages from your server are not in the correct envelope journal format. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.

• The system has not received any journaled

messages from your server for the last 24 hours

Message text:

We have not received any messages from your journaling server for 24 hours. Check to see that your server is properly configured according to these instructions: https://www.postini.com/webdocs/archiving/en_US/arch_admin/setup_am_journaling.html.

Alert Address Enter the email address at which you want to receive

alerts.

We recommend that you use a long-standing group

address rather than an individual address so that it

remains viable over the long term.

Option Value


Journaling Configurations List:

Option Description

Enable ACL The On/Off value for Configuration Status

Server Type Indicates the type of email server for which you

entered an IP-address range.

IP Address Range Indicates the IP-address range that you entered for

an email server.

Non-Account

Archiving

The On/Off value for Non-Account Archiving.

Alerts The On/Off value for Alert Status.

Alert Address The address to which alerts are sent.

Edit Edit the Journaling Configuration.

Non-Account

Archiving

Specifies whether to archive messages to recipients

or from senders who do not have accounts on your

Message Security service.

You can use this option to immediately begin

archiving all journaled messages without having to

first register users with your Postini Message

Security service.

Delete Removes the Journaling Configuration from your

message security service. Once you delete a

Journaling Configuration, Message Archiving no

longer accepts journaled email messages from that

IP-address range.

Chapter 3

Granting Message Archiving Privileges 61

Granting Message Archiving Privileges Chapter 3

About Archive Privileges

Your corporate message archive will likely contain highly sensitive corporate

information, as well as private employee information. Therefore, we recommend

that you provide only one or two employees with privileges to search your archive,

purge messages, and create audit reports. Typically, you provide these privileges

only to employees who need access to your archive for the purposes of

compliance, legal discovery, or human-resources management.

To help ensure restricted access to your corporate archive, Postini Customer Care

must grant the following privileges to the first user accounts that receive them:

• Message Archiving

• Archive Security Administration

• Archive Search

• Archive Discovery

• Archive Audit

• Archive Retention

• Archive Investigator Security

• Archive Reports

To request these privileges for a user account, you must do the following:

• If you are a direct customer, contact Postini Customer Care. You will receive

instructions for creating a support case to request the privileges for the

account. If you participate in the Message Archiving activation process with a

Customer Care representative, the representative will provide you with

instructions for requesting these privileges.

• If you are not a direct customer, contact your reseller, who will make the

request to grant the privileges on your behalf.


You must also provide a formal, written request to grant the privileges to the

account. This request must be signed by an officer of your company on company

letterhead, and faxed to Postini Customer Care or your reseller.

Note: If you request any of the Message Archiving privileges for an administrator

who also has the Assign Authority privilege, he or she can grant the respective

privileges to any other user for whom he or she can create or edit authorization

records. Therefore, if you request these privileges for an administrator who has an

authorization record at the account level of your organization hierarchy, this

administrator can then grant those privileges to any other user, without you first

having to contact Postini Customer Care or your reseller. Before you provide this

ability to a user, we recommend that you carefully consider how it might affect the

security of your archive.

For more information about the administration of privileges, see the Message

Security Administration Guide.

About Granting Message Archiving Privileges

Using the message-security-service Administration Console, you can grant

Message Archiving privileges that allow users to set up Message Archiving,

search and manage investigations of the corporate archive, purge messages from

the corporate archive, create reports, and use the Personal Archive.

http://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/auth_toc.html



The following table describes the Message Archiving privileges available for

administrators and users.

Privilege Description

Message Archiving The user can turn on archiving and set archiving options

for specific organizations (orgs) in your organization

hierarchy. Optionally, you can grant a user “read”

privilege only, which allows the user to view Message

Archiving settings but not modify them.

For details about setting up and using your organization

hierarchy, refer to the Message Security Administration

Guide.

Archiving Security

Administration

The user has full access to the corporate archive,

including access to the Discovery, Retention, Reports,

and Admin tabs, and the ability to restrict searches.

WARNING: A user with the Archiving Security

Administration privilege may have access to sensitive

corporate and employee information. Therefore, we

recommend that you take caution when granting this

privilege. For more information, see “About Archive

Privileges” on page 61.




Archive Search The user can access the Search tab to (depending on

the options your service includes) search for, view, and

print email messages in your corporate archive.

You can forward messages to your email inbox.

You can export messages as MBOX files.

The user can access the Reports tab, and the Storage

Overview and Storage reports. For an overview of

reports, see “Reports Tab” on page 23.

If you use journal archiving, Postini recommends that

you create additional, separate email accounts on your

email server for users who have access to your

corporate archive. Do not archive email for these special

accounts so you can prevent re-archiving of exported

messages.

For details about configuring journaling on Microsoft

Exchange Server, refer to:

• Microsoft Exchange Journaling Configuration Guide

For Exchange Server 2000 and 2003

• Microsoft Exchange Journaling Configuration Guide

For Exchange Server 2007 and 2010

For details about configuring journaling on Lotus Domino

Server, refer to:

• Message Archiving - Lotus Domino Journaling

Configuration Guide For Domino Server 6.5.4 and

up

WARNING: The Archive Search privilege lets a user

search all messages in the archive.and may allow that

user access to sensitive corporate and employee

information. Therefore, we recommend that you take

caution when granting this privilege. For more

information, see “About Archive Privileges” on page 61.






Archive Discovery The user can access the Discovery tab. With this

privilege, the Discovery tab replaces the Search tab

(described above). The Discovery tab includes all the

functionality of the Search tab, plus the ability to manage

investigations and place holds on messages.

With investigations, you can:

• Save named investigations, including the search

criteria and search results

• Edit saved investigations

• Set the retention periods for saved search results

• Export search results as MBOX or PST files

• Transfer investigations to other users who also have

the Archive Search and Archive Discovery

privileges

You can place a hold on all messages in a search-result

set, and place a hold on messages for an individual user.

The user can access the Reports tab, and the Storage

Overview and Storage reports. For an overview of

reports, see “Reports Tab” on page 23.

Requires that you also grant the Archive Search

privilege.

WARNING: A user with the Archive Discovery privilege

may have access to sensitive corporate and employee




Archive Audit The user can access the Reports tab, and the Audit

reports. For an overview of reports, see “Reports Tab” on

page 23.

WARNING: A user with the Archive Audit privilege may

have access to sensitive corporate and employee






Archive Retention The user can access the Retention tab to:

• View a monthly list of messages that are on

extension beyond the expiration of their retention

periods.

• View how many of the messages on extension are

also on hold (not available to purge).

• Turn Auto-archiving on and off.

• Purge messages from the archive that are not on

hold.

• View the history of when and by who messages

were purged.

• View contact information for investigators who have

placed messages on hold.

• View the number and overall size of the messages

placed on hold by each investigator.

The user can access the Reports tab, and the Purge

History report. For an overview of reports, see “Reports

Tab” on page 23.

WARNING: A user with the Archive Retention privilege

may have access to sensitive corporate and employee




Archive Investigator

Security

The user can access the Admin tab to restrict searches

by users who have the Archive Search and Archive

Discovery privileges. Searches are restricted to a

defined set of senders and recipients.

Requires that you also grant the Archive Search

privilege.

Archive Reports The user can access the Reports tab. The user has

access to specific reports based on having additional

privileges. For more information, see “Allow a User to

View and Create Reports” on page 72.



Note: If you grant privileges to a user and then remove them, the functions to

which that user had access are no longer available to that user (for example, the

ability to conduct investigations and save search criteria and results). If you

subsequently re-grant the same privileges to that user, those functions are

available again, along with any related information that was previously saved (for

example, saved search criteria and results).

Personal Archive When you grant the Personal Archive privilege, the

related Archive Search and Archive Recover

privileges are granted automatically.

• Archive Search permits users to search for and

view email messages in their personal archives.

When you grant Archive Search, the Archive tab

appears in the user’s Message Center. This tab

includes the search options for finding messages in

the Personal Archive. For more information about

the Personal Archive, including an example of the

Archive tab in Message Center, see “Personal

Archive” on page 24.

• Archive Recover permits users to export email

messages from their personal archives. In order to

use Archive Recover, Archive Search must also be

granted.



Allow a User to Set Up Message Archiving

To grant the Message Archiving privilege to another user, your administrator

account must have:

• The Assign Authority privilege for the organization in which the user’s

account resides

• The Message Archiving privilege

WARNING: If you grant the Message Archiving privilege to an administrator who

also has the Assign Authority privilege, this administrator can grant this privilege

to any other user for whom he or she can create or edit authorization records.

To grant the Message Archiving setup privilege to a user:


2. Log in to your message security service and access the Administration

Console.

3. Open the user’s authorization record. If the user does not yet have an

authorization record, create a record for the user.

For details on opening or adding authorization records for users, refer to the


4. In the authorization record, under Advanced Applications, do one or both of

the following, depending on which privileges you want to grant to the user:

• To allow the user to set up archiving for the organization, select the

Message Archiving check box in the Modify (right-hand) column.

• To allow the user to only view Message Archiving settings, select the

Message Archiving check box in the Read (left-hand) column only.



Allow a User Full Access to the Corporate Archive

To grant the Archive Security Administration privilege to another user, your

administrator account must have:


account resides

• The Archive Security Administration privilege

If no administrator account has this privilege, you must submit a request to Postini

Customer Care or your reseller to add the Archive Security Administration

privilege to a user account. For more information, see “About Archive Privileges”

on page 61.

WARNING: If you grant the Archive Security Administration privilege to an

administrator who also has the Assign Authority privilege, this administrator can

grant this privilege to any other user for whom he or she can create or edit

authorization records.

To grant the Archive Security Administration privilege to a user:



Console.

3. Open the user’s authorization record on your message security service. If the

user does not yet have an authorization record, create a record for the user.



4. Scroll down to the bottom of the list of privileges.

5. Select the Archive Security Administration check box.



Allow a User to Search the Corporate Archive

To grant the Archive Search or Archive Discovery privilege to another user,

your administrator account must have:


account resides

• The Archive Search, and optionally, Archive Discovery privilege

Note: To grant the Archive Discovery privilege, you must also grant the Archive

Search privilege.

If no administrator accounts have these privileges, you must submit a request to

Postini Customer Care or your reseller to add the Archive Search or Archive

Discovery privilege to a user account. For more information, see “About Archive

Privileges” on page 61.

Note: Before granting one of these privileges to a user, you may want to consider

setting up a special account on your email server for this user in order to prevent

re-archiving of exported messages.

WARNING: If you grant the Archive Search or Archive Discovery privilege to an


grant either privilege to any other user for whom he or she can create or edit


To grant the Archive Search or Archive Discovery privilege to a user:



Console.








5. Select the Archive Search, and optionally, the Archive Discovery check

box.

Allow a User to Manage Message Retention

To grant the Archive Retention privilege to another user, your administrator

account must have:


account resides

• The Archive Retention privilege


Customer Care or your reseller to add the Archive Retention privilege to a user

account. For more information, see “About Archive Privileges” on page 61.

WARNING: If you grant the Archive Retention privilege to an administrator who

also has the Assign Authority privilege, this administrator can grant this privilege

to any other user for whom he or she can create or edit authorization records.

To grant the Archive Retention privilege to a user:



Console.



For details on opening or adding authorization records for users, refer the





5. Select the Archive Retention check box.

Allow a User to View and Create Reports

The following table lists the reports that are available with each archive privilege:

To grant the Archive privileges to another user, your administrator account must

have:


account resides

• The corresponding Archive privileges you want to assign

Privileges Available Reports

Archive Search

Archive Reports

Storage Overview

Storage Report

Archive Search

Archive Retention

Archive Reports

Storage Overview

Storage Report

Purge History

Archive Search

Archive Audit

Archive Reports

Storage Overview

Storage Report

Audit Reports

Archive Search

Archive Retention

Archive Audit

Archive Reports

Storage Overview

Storage Report

Purge History

Audit Reports



Customer Care or your reseller to add the relevant Archive privilege to a user

account. For more information, see “About Archive Privileges” on page 61.

Note: An audit report can show the messages that users accessed in the archive.

If you want a user with the Archive Audit privilege to be able to view the content

of these messages in the report, you must also assign the Archive Search, and

optionally, the Archive Discovery privilege to that user. For more information

about audit reports, refer to the Message Archiving User’s Guide.

WARNING: If you grant the Archive privileges to an administrator who also has the

Assign Authority privilege, this administrator can grant this privilege to any other

user for whom he or she can create or edit authorization records.

To grant Archive reporting privileges to a user:



Console.






5. Select the check box for the appropriate Archive privilege.

Allow a User to Restrict Searches

To grant the Archive Investigator Security privilege to another user, your

administrator account must have:


account resides

• The Archive Investigator Security privilege

http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_user/reports.html




Customer Care or your reseller to add the Archive Investigator Security

privilege to a user account. For more information, see “About Archive Privileges”

on page 61.

You must also grant the Archive Search privilege so the user can access

Message Archiving.

WARNING: If you grant the Archive Investigator Security privilege to an


grant this privilege to any other user for whom he or she can create or edit


To grant the Archive Investigator Security privilege to a user:



Console.






5. Select the Archive Investigator Security check box.



Allow a User to Access the Personal Archive

Users access the Personal Archive in Message Center, where they can also

manage their junk and virus quarantines. If users don’t currently have access to

Message Center, you must provide that access.

Note:

• You can limit access to only the Personal Archive, without allowing users to

also manage their message quarantines.

• For complete instructions on enabling and disabling access to Message

Center and selecting Message Center privileges for users, refer to the


Personal Archive privileges:

To grant the Personal Archive privilege to users:



Console.



4. Select the user organization (org) that contains the users for whom you want

to provide access to the Personal Archive.


Archive Search Adds the Archive tab to Message Center. Users can

search for and view any archived email messages that

they sent or received.

Archive Recover Adds the Recover button to the Archive tab in

Message Center. Users can export messages from their

Personal Archives, by forwarding them to their email

addresses.

Note: Any messages that users forward are archived

again. These archived messages contain the following

subject line:

Archive Export: original subject line of forwarded message

http://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_ee_cu/mc_toc.html



User Access.

The User Access page appears.

6. Under Personal Archive, do one of the following:

• To allow users to view and forward archived messages to their inboxes,

select both the Archive Search and Archive Recover check boxes.

Note: Any messages that users forward are archived again.

• To allow users to only view their archived messages, select only the

Archive Search check box. Your changes take effect immediately.


Allow an External User to Access your Corporate Archive

You may grant message archive access to a third-party, such as a regulatory

agency, as necessary to comply with an investigation or audit. You give these

external users access by adding them as users in Message Archiving and setting

up their permissions to search the archive and/or view activity logs.

To grant access to external users:

1. Create a new user org and add the external user with your domain as their

address.

For example, if you want an investigator such as [email protected] to

access your archive, you can add that user as yuki-

[email protected] to Message Archiving.

The user can access your archive, but cannot receive or send email unless

you add them to your mail server.

2. If you’re using Directory Sync to manage your users: Add the user to your

LDAP directory or to Directory Sync as an exception (existing only in

Message Archiving), so the user isn’t automatically removed during

synchronization.

3. Give permissions to the user to conduct an investigation. See “About Granting

Message Archiving Privileges” on page 62.

4. Notify the user that they cannot forward search results to their email account

(since they have no email account on your servers), but they can download to

their desktop or upload to an FTP server. See Export Search Results in the


http://www.google.com/support/enterprise/static/postini/docs/admin/en/arch_user/results_export.html#951960

Appendix A

How To 79

How To Appendix A

This section provides a link to each procedure in the Message Archiving

Administration Guide. These links are provided to give you easy access to the

procedural information, and are organized by chapter.

Setting Up Message Archiving

To turn on archiving:

To add a journaling configuration to your email config:

To edit a journaling configuration:

To delete a journaling configuration:

Granting Message Archiving Privileges

To grant the Message Archiving setup privilege to a user:

To grant the Archive Security Administration privilege to a user:

To grant the Archive Search or Archive Discovery privilege to a user:

To grant the Archive Retention privilege to a user:

To grant Archive reporting privileges to a user:

To grant the Archive Investigator Security privilege to a user:

To grant the Personal Archive privilege to users:

Appendix B

Troubleshooting 81

Troubleshooting Appendix B

This section discusses some of the problems that have been observed with

Message Archiving, and the solutions to those problems.

Journaled messages are being forwarded from your Exchange server to the

correct Message Archiving address, but are being bounced with the error code

“554 Cannot relay journal - psmtp.”

The IP address of the Exchange server sending the journaled messages is not

correctly identified in the relevant journaling configuration.

After you update your journaling configuration, check the Storage Overview > Mail

Flow report to verify that there is a decrease in the number of bounced messages.

Journaled messages in HTML format from your Exchange 2000 or Exchange

2003 server are being archived as plain text.

Verify that your Exchange server’s Internet Message Format is configured to

provide message bodies as both HTML and plain text.

Reports indicate that messages have been archived for users who belong to

orgs for which archiving is not turned on.

If a user for whom mail is not archived is a recipient of a message also addressed

to a user for whom mail is archived, the non-archived recipient’s address can

show up in a report.

To eliminate users for whom the messages are not archived, run the report from

an org where Message Archiving is enabled.

Index 83

Index

A

adding

services for Message Archiving 15

users to organization for journal archiving 30

Admin tab

access 66

Admin tab access 66

Aid4Mail, obtaining 64, 65

alerts for journaled messages 48

alias

addresses, how Message Archiving works with 28

domains, how Message Archiving works with 28

archive access

granting privileges 62

security 32

archive alerts, turn on 48

Archive Audit privilege

description 65

process for granting to account 61

Archive Discovery privilege

description 65


Archive Investigator Security privilege

description 66

granting 73


Archive Investigator Security privilege, granting 66, 73

Archive privileges

granting 72

Archive Reports privilege

description 66


Archive Reports privilege, granting 66

Archive Retention privilege

description 66

granting 71


Archive Retention privilege, granting 66

Archive Search privilege

description 64

granting 70


Archive Security Administration privilege

granting 69


Archive Security Administration, granting 69

archive storage security 33

archived messages

searching for in corporate archive 19

types 15

viewing in Personal Archive 24

archiving

email messages, overview 24

reasons for 12

audience for this guide 7

B

blackholed messages

how handled for inbound/outbound archiving 28

how handled for journal archiving 30

Boolean Search panel, overview 20

bounced messages

how handled for inbound/outbound archiving 28, 29


browser requirements 37

C

catchall account, archiving messages in 25, 43

comments about this guide, sending 10

components of Message Archiving 15

configuration of archive, access security 32

continuation events, how they affect archiving 34

creating reports, overview 23

creating user accounts for journal archiving 30

customer support, receiving 10

D

data centers, security 33

deleted user, message availability in Personal

Archive 25, 26, 43

deleting messages from the archive 34

Discovery tab

access 65

overview 20

documentation, related 8


domain aliases, how Message Archiving works with 28

domain substripping, how Message Archiving works

with 28

duplicate message handling

for inbound/outbound archiving 28, 29

for journal archiving 31

E

Email & IM Search panel, overview 20

email configuration

setting up for archiving 47

email messages

archived, overview 24

how quickly archived 32

types stored with inbound/outbound archiving 25

types stored with journal archiving 25

email messages, retrieved

saving to mbox file 64, 65

saving to pst file 65

Email Search panel, overview 20

encrypted messages, how handled for inbound/outbound

archiving 29

exporting retrieved email messages

saving to mbox file 64, 65

saving to pst file 65

F

failovers, how they affect archiving 34

features and benefits 13

feedback about this guide, sending 10

G

granting

Archive Audit privilege 65

Archive Discovery privilege 65

Archive Investigator Security privilege 66, 73

Archive Reports privilege 66

Archive reports privileges 72

Archive Retention privilege 66, 71

Archive Search privilege 64, 70

Archive Security Administration privilege 69

Message Archiving setup privilege 63, 68

Personal Archive privilege 67, 75

Personal Archive Recover privilege 67

Personal Archive Search privilege 67

privileges, overview 32, 62

I

inbound messages, how archived 27

inbound/outbound archiving

definition 25, 42

inbound message processing and storage 27

outbound message processing and storage 29

overview 27

setting up Outbound service 42

when to use 25

indexing of message and attachment content,

overview 18

J

journal archiving

definition 25, 41

security 33

setting up for email configuration 47

when to use 26

journaling

email, description 25

journaling configuration

adding 48

delete 53

editing 53

journaling configuration, setup 47

M

maximum message size supported 36

mbox file

saving retrieved email messages 64, 65

Message Archiving

69

adding services 15

components 15

Discovery tab, overview 20

features and benefits 13

maximum message size supported 36

overview 11

packages available 15

privileges, overview 62

Reports tab, overview 23

reports, overview 23

Retention tab, overview 22

search panels and results, overview 19

Search tab, overview 19

security, overview 32

setup options, overview 17

setup privilege, granting 63, 68

system requirements, general 37

Message Archiving privilege

description 63

granting 68


Message Archiving reports, overview 23

Message Archiving, setting up

choosing email options 41

choosing users 43

overview 39

turning on archiving 45

message capture

email, overview 24

inbound/outbound archiving 27

message capture and storage, overview 15

message flow through message security service,

overview 26

message retention and deletion 34

message retention, overview 22

message size, maximum supported 36

O

organization hierarchy, setting up for archiving 43

outbound messages, how archived 29

Outbound service, setting up for inbound/outbound

archiving 42

Index 85

P

packages, for Message Archiving 15

Personal Archive

access privilege 75

overview 24

Personal Archive privilege

description 67

granting 75

Personal Archive Recover privilege, description 67

Personal Archive Search privilege, description 67

Postini Message Archiving Administration Guide

audience 7

overview 7

related documentation 8

privileges

Archive Audit, granting 61, 65

Archive Discovery, granting 61, 65

Archive Investigator Security, granting 61, 66, 73

Archive Reports, granting 61, 66

Archive Retention, granting 61, 66, 71

Archive Search, granting 61, 64, 70

Archive Security Administration, granting 61, 69

granting Archive 72

Message Archiving setup, granting 63, 68

Message Archiving, granting 61

Personal Archive Recover, granting 67

Personal Archive Search, granting 67

Personal Archive, granting 67, 75

pst file, saving retrieved email messages 65

Q

quarantined messages

how handled for inbound/outbound archiving 28, 29


R

related documentation 8

Reports tab

access 65, 66

overview 23

reports, creating 23

reports, overview 23

requirements, browsers 37

retention periods 34

retention privilege, granting 71

Retention tab

access 66

Retention tab, access 66

Retention tab, overview 22

S

saving

retrieved email messages to mbox file 64, 65

retrieved email messages to pst file 65

search access 32

Personal Archive, security 33

security 32

search panels, overview 20

search privilege, granting 64, 65, 70

Search tab

access 64

Search tab, overview 19

security

archive access and authorizations 32

archive configuration 32

archive storage 33

connection 33

connection to Message Archiving 33

corporate archive 32

journal archiving 33

overview 32

Personal Archive 33

setting up Message Archiving

choosing email options 41

choosing users 43

overview 39

setup options

for email archiving 41

overview 17

setup privilege, granting 63, 68

spooling, how Message Archiving processes messages

during 35

support, technical, receiving 10

system requirements 37

T

technical support, receiving 10

TLS (Transport Layer Security), using with journal

archiving 33

turning on archiving 45

types of archived messages 15

U

user accounts

need for with inbound/outbound archiving 27

need for with journal archiving 30

user aliases, how Message Archiving works with 28

Documents

Postini Archiving Admin