11.0 - Setting - Up - SMTP - Archiving
11.0 - Setting - Up - SMTP - Archiving
11.0 - Setting - Up - SMTP - Archiving
11.0
Symantec Enterprise Vault: Setting up SMTP
Archiving
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.
Legal Notice
Copyright © 2014 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo, the Checkmark Logo, Enterprise Vault, Compliance Accelerator,
and Discovery Accelerator are trademarks or registered trademarks of Symantec Corporation
or its affiliates in the U.S. and other countries. Other names may be trademarks of their
respective owners.
This Symantec product may contain third party software for which Symantec is required to
provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs
are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under those
open source or free software licenses. Please see the Third Party Software file accompanying
this Symantec product for more information on the Third Party Programs.
The product described in this document is distributed under licenses restricting its use, copying,
distribution, and decompilation/reverse engineering. No part of this document may be
reproduced in any form by any means without prior written authorization of Symantec
Corporation and its licensors, if any.
The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation
350 Ellis Street, Mountain View, CA 94043
http://www.symantec.com
Technical Support
Symantec Technical Support maintains support centers globally. Technical Support’s
primary role is to help you resolve specific problems with a Symantec product. The
Technical Support group also creates content for our online Knowledge Base. The
Technical Support group works collaboratively with the other functional areas within
Symantec to answer your questions in a timely fashion. For example, the Technical
Support group works with Product Engineering and Symantec Security Response
to provide alerting services and virus definition updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right amount
of service for any size organization
■ Telephone and/or web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our website at
the following URL:
http://support.symantec.com
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.
Customer service
Customer service information is available at the following URL:
http://support.symantec.com
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs or manuals
Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:
Index .................................................................................................................... 32
Chapter 1
About this guide
This chapter includes the following topics:
Document Comments
Symantec Enterprise Vault Includes all the following documents in Windows Help (.chm)
Documentation Library format so that you can search across them all. It also includes
links to the guides in Acrobat (.pdf) format.
You can access the library in several ways, including the
following:
Deployment Scanner Describes how to check the prerequisite software and settings
before you install Enterprise Vault.
Setting up Exchange Server Describes how to archive items from Microsoft Exchange
Archiving user mailboxes, journal mailboxes, and public folders.
Setting up Domino Server Describes how to archive items from Domino mail files and
Archiving journal databases.
Setting up File System Describes how to archive the files that are held on network
Archiving file servers.
Setting up SharePoint Server Describes how to archive content from Microsoft SharePoint
Archiving servers.
Setting up SMTP Archiving Describes how to archive SMTP messages from other
messaging servers.
Document Comments
Registry Values A reference document that lists the registry values with which
you can modify many aspects of Enterprise Vault behavior.
Help for Administration The online Help for the Enterprise Vault Administration
Console Console.
Help for Enterprise Vault The online Help for Enterprise Vault Operations Manager.
Operations Manager
For the latest information on supported devices and versions of software, see the
Enterprise Vault Compatibility Charts book, which is available from this address:
http://www.symantec.com/docs/TECH38537
auditing. By using SMTP archiving with FSA, you can capture and store the
messages centrally.
Then you can search, view and, if necessary, restore the messages using facilities
such as Enterprise Vault Search.
Note the following points about SMTP archiving:
■ As SMTP archiving stores messages as EML files, you should not use SMTP
archiving to archive MAPI messages.
■ You configure Enterprise Vault File System Archiving (FSA) to archive the
captured SMTP messages. FSA is not described in this manual. For overview
information about FSA, see Symantec Enterprise Vault Introduction and Planning.
For detailed instructions on how to set up FSA, see Setting up File System
Archiving.
■ Enterprise Vault does not index custom SMTP headers (X-headers) with the
exception of "x-KVS-MessageType" and "x–EV-evtag-policytype", which
Symantec Compliance Accelerator uses. This means that you cannot use other
custom SMTP headers as search criteria in Enterprise Vault searches.
Figure 2-1 illustrates the components of Enterprise Vault SMTP archiving.
Setting up SMTP archiving 14
About Enterprise Vault SMTP archiving
Messages for
archiving in
Enterprise Vault
Microsoft
SMTP Server
+
Enterprise Vault
SMTP Archiving
+
EML File Holding Area
Enterprise Vault
Server
+ Archives
File System Archiving
You must set up the holding area with a domain root folder for each recipient
address domain. You can configure SMTP archiving to create a mailbox folder
automatically for each recipient address; otherwise you must create the mailbox
folders manually.
Note that SMTP archiving processes the message for the first recipient address
only, even if the message contains several recipient addresses.
SMTP archiving stores the messages in the holding area in a subfolder structure
as follows:
DomainRoot\MailboxName\Year\Month\Day\Hour
For example:
symantecdomain\j.doe\2009\08\30\09
Note that SMTP archiving uses UTC when creating the date and time subfolders.
■ On the Enterprise Vault server, you configure FSA to take the EML files from
the holding area and store them in archives. In FSA, you configure the holding
area folder as an FSA archiving target. FSA creates archives based on the
location of archive points in the holding area folder structure.
Archive points are a feature of FSA. FSA creates a new archive when it
encounters an archive point in the folder hierarchy of an archiving target. The
SMTP archiving configuration file includes an option to create mailbox folders
and associated archive points automatically. If you set this option, SMTP
archiving creates a mailbox folder for each recipient address, and an FSA archive
point for each mailbox folder. This means that FSA creates a separate archive
for each mailbox.
If you do not enable automatic mailbox folder creation in SMTP archiving, then
you need to create manually the top-level mailbox folders in the holding area,
and also the required FSA archive points. The Setting up File System Archiving
guide provides detailed instructions on how to create archive points.
Step 2 Set up the Microsoft SMTP Server. See “Setting up the Microsoft
SMTP Server for SMTP archiving”
on page 17.
Step 3 Install and configure the Enterprise See “Installing the Enterprise Vault
Vault SMTP archiving components SMTP archiving components”
on the Microsoft SMTP Server on page 17.
computer.
Step 4 On the Microsoft SMTP Server See “About the SMTP archiving
computer, create a suitable SMTP configuration file” on page 18.
archiving configuration file.
Step 5 Create the holding area and its See “Creating the folder structure
folder structure. in the SMTP archiving holding
area” on page 27.
Step 6 Run the SMTP archiving See “Enabling and disabling SMTP
configuration process to apply archiving ” on page 28.
settings in the configuration file,
and enable the SMTP archiving
feature.
■ The Microsoft SMTP virtual server associated with the SMTP archiving process
(Only one Microsoft SMTP virtual server can be specified in a configuration file).
■ The path to the root folder for mailbox folders for each domain (There can be
multiple domains specified in a configuration file).
■ Whether mailbox folders for domain addresses and archive points, are created
automatically under the root folders.
■ The indexing level for archive points on auto-enabled mailbox folders for the
domain.
You have to specify the name of the configuration file when you run the SMTP
archiving configuration process. You can create different configuration files for
different SMTP virtual servers.
A skeleton configuration file, EVSMTPArchiveConfig.ini, is installed in the x64
folder in the Enterprise Vault installation folder when you install the SMTP archiving
components. The installation location is typically, C:\Program Files
(x86)\Enterprise Vault\x64. Edit the skeleton configuration file, or create a new
one.
The skeleton configuration file is in INI format with several sections:
■ The [Server] section contains information related to the Microsoft SMTP virtual
server. There can only be one [Server] section in a configuration file.
■ The [Domain] sections contain information for each domain encountered in the
recipient addresses.
Note the following:
■ Section and attribute names are not case-sensitive.
■ White space and blank lines are ignored.
■ Comment lines must have a semi-colon in the first non-white space.
■ You can specify local drives or UNC hidden or regular shares in the configuration
file. However, for security and performance reasons we recommend that you
use local paths where possible.
■ The configuration file must be saved as a Unicode file.
[Server]
Name=SMTP Virtual Server 1
NonDeliveryFolder=d:\EvMailRoot\ServerNonDelivery
DiskFullRetryLimit=15
DefaultIndexingLevel=SiteDefault
[Domain]
Name=Domain1.Vault.Local
Path=D:\EvMailRoot\Domain1
NonDeliveryFolder=d:\EvMailRoot\Domain1\MailboxNonDelivery
[Domain]
Name=Domain2.Vault.Local
Path=D:\EvMailRoot\Domain2
AutoEnableMbxFolders=True
NonDeliveryFolder=d:\EvMailRoot\Domain2\MailboxNonDelivery
IndexingLevel=Brief
The holding area folders are on a local drive (D) on the SMTP archiving computer.
The indexing level set in the Enterprise Vault Site Properties will be used for
Domain1, but Brief indexing will be used for Domain2.
For Domain2 mailbox folder creation is auto-enabled, which means that SMTP
archiving will create the mailbox folders for this domain in the holding area, and
create an archive point for each mailbox folder.
For Domain1 mailbox folder creation is not auto-enabled, which means that the
administrator must create the mailbox folders and suitable archive points.
DefaultIndexingLevel=Brief, Full, or Optional Specifies the default indexing level to set for the
SiteDefault archive points on auto-enabled mailbox folders.
This value is effective for any domains for which
an indexing level is not set explicitly. The default
is Full, which enables you to search for phrases
in the message content.
DefaultIndexSnippetLength= 128 or 1000 Optional Specifies the amount of preview text that is
displayed in a search results list. The value
specified can be 128 or 1000 (characters). The
default is 128 characters.
DefaultIndexAttachmentSnippet= true or false Optional Specifies whether preview text is displayed for
attachments in a search results list. The default
value is "false".
IndexingLevel=Brief, Full, or SiteDefault Optional Specifies the indexing level to set for archive
points on auto-enabled mailbox folders for the
domain. The default is Full, which enables you
to search for phrases in the message content.
IndexSnippetLength= 128 or 1000 Optional Specifies the amount of preview text that is
displayed in a search results list. The value
specified can be 128 or 1000 (characters). The
default is 128 characters.
IndexAttachmentSnippet= true or false Optional Specifies whether preview text is displayed for
attachments in a search results list.. The default
value is "false".
Note: Enterprise Vault does not index custom SMTP headers (X-headers) with the
exception of "x-KVS-MessageType" and "x–EV-evtag-policytype", which are used
by Symantec Compliance Accelerator.
Setting up SMTP archiving 24
Setting up the holding area
ServerNondelivery
Domain1
jdoe
msmith
MailboxNonDelivery
Domain2
ebriggs
MailboxNonDelivery
Under each mailbox folder, SMTP archiving holds the messages within a
\Year\Month\Day\Hour subfolder structure, not shown in the figure. SMTP archiving
uses UTC when creating the date and time subfolders.
If SMTP archiving encounters a Disk Full error for at least one of the folders, it waits
for 60 seconds and then tries to store the message again. You can set a limit on
the number of times that SMTP archiving retries by specifying the DiskFullRetryLimit
value in the SMTP archiving configuration file.
Setting up SMTP archiving 27
Setting up the holding area
If SMTP archiving encounters an error, messages are sent to the Enterprise Vault
event log. Critical messages are also sent to the following:
■ The Windows Application log.
■ Microsoft Operations Manager (MOM), if configured.
■ Microsoft System Center Operations Manager (SCOM), if configured.
Note: The name of the mailbox subfolder must correspond to the recipient
name in the message address.
If you choose to create the mailbox folders manually, you must only use the
characters that are acceptable in Windows folder names. In particular, the
following characters are not permitted:
■ \/:*?"<>|@
■ ASCII codes 0 through 31 and 127
In general, SMTP archiving cannot handle messages with a recipient address
that contains any of these characters.
3 Optionally, create a server non-delivery folder for any messages with
unrecognized recipient address domains (domains that are not listed in the
SMTP archiving configuration file).
If you do not create this folder and specify its path in the SMTP archiving
configuration file, SMTP archiving loses any associated non-delivered items.
4 Optionally, create a mailbox non-delivery folder for each recipient address
domain.
If you do not create these folders and specify their paths in the SMTP archiving
configuration file, SMTP archiving loses any associated non-delivered items.
You can register one SMTP archiving process per Microsoft SMTP virtual
server instance. If you run the configuration process multiple times against the
same virtual server, the previous settings are overwritten.
3 You are prompted to specify the domain name and user name of an account
under which to run the SMTP archiving process.
■ To use the IIS account (LocalSystem, by default), press Return without
entering an account.
■ To specify an account, enter the domain name and user name in the form
domain_name\user_name. Enterprise Vault grants this account the right
"log on as a batch process" on the holding area computer.
Enterprise Vault uses the chosen account until you rerun the SMTP archiving
configuration process to disable SMTP archiving, or to change the account
used.
The configuration process parses the configuration file and reports any
problems. If the parsing is successful, a message is reported in the Enterprise
Vault event log when the SMTP archiving process starts.
To disable SMTP archiving
1 Log on to the SMTP archiving computer.
2 Do one of the following:
■ Click the SMTP Archiving Configuration desktop shortcut.
Setting up SMTP archiving 30
File System Archiving requirements for Enterprise Vault SMTP archiving
When you are prompted, enter the name of the required SMTP archiving
configuration file, for example EVSMTPArchiveConfig.ini. If the
configuration file is not located in the x64 folder in the Enterprise Vault
installation folder, then enter the full path for the required configuration file.
For example C:\Program Files (x86)\Enterprise
Vault\x64\EVSMTPArchiveConfig.ini.
You are then asked if you want to disable SMTP archiving. Enter Y.
■ Open a Command Prompt window and change to the Enterprise Vault
installation folder.
Then unregister the SMTP archiving process by entering the following
command:
EVSMTPArchiveConfig config_file /U
Where config_file is the name of the configuration file. The default file
is EVSMTPArchiveConfig.ini.
If the configuration file is not located in the x64 folder in the Enterprise Vault
installation folder, then enter the full path for the required configuration file.
For example C:\Program Files (x86)\Enterprise
Vault\x64\EVSMTPArchiveConfig.ini.
The process parses the configuration file and reports any problems. If the
parsing is successful, a message is displayed to indicate that SMTP archiving
is disabled. A message is also reported in the Enterprise Vault event log when
the process stops.
See "Adding file servers as archiving targets" in Setting up File System Archiving.
■ Create a suitable volume policy for archiving the EML files.
We recommend that you configure the volume policy as follows:
■ Disable quotas for the policy.
■ Do not replace the archived items with placeholder shortcuts.
■ Create an archiving rule to archive *.eml files. On the rule's Shortcut Creation
tab, select None. Archive and delete file.
See "Creating FSA archiving policies" in Setting up File System Archiving.
■ Add as an FSA target volume the holding area, or the volume that includes the
holding area. Apply the volume policy that you created, and select the option to
archive the volume.
■ If you auto-enabled mailbox folder creation for a domain in the configuration file,
SMTP archiving creates an archive point for each mailbox folder automatically.
You can manage these archive points in the same way as regular archive points.
■ If you did not auto-enable mailbox folder creation for a domain, note the following:
■ You must create the required archive points for the domain's mailbox folders
manually. We recommend that you create one archive point and thus one
archive for each mailbox folder. This configuration is the default if SMTP
archiving creates the archive points automatically.
■ You may want to set the indexing level manually for the domain's archives.
When setting the indexing level, choose "Full" if you want to be able to search
for phrases in the message content. SMTP archiving sets the indexing level
to "Full" for the archives of auto-enabled mailbox folders, by default.
Note: Enterprise Vault does not index custom SMTP headers (X-headers)
with the exception of "x-KVS-MessageType" and "x–EV-evtag-policytype",
which are used by Symantec Compliance Accelerator.
■ Schedule the File System Archiving task so that it archives from the holding
area at the required times.
See "Scheduling" in Setting up File System Archiving.
Index
I
IndexingLevel 23
M
Microsoft SMTP Server
setup requirements 17
N
NonDeliveryFolder 21, 23
S
SMTP archiving
auto-enabling mailbox folders 22, 30
command line 28
Configuration file entries 20
configuration file example 19
configuration file requirements 18
configuration file settings 19
configuration utility 28
creating holding area 27