Difference between revisions of "Overview"
[unchecked revision] | [unchecked revision] |
Line 36: | Line 36: | ||
The typical workflow to set up this scenario looks as follows: | The typical workflow to set up this scenario looks as follows: | ||
− | # A MailStore Gateway mailboxes is created. Each MailStore Gateway mailbox has its own unique identifier. | + | # A MailStore Gateway [[Management Console#Create Mailbox|mailboxes is created]]. Each MailStore Gateway mailbox has its own unique identifier. |
# On the email client, the in- (POP3) and outbound (SMTP) server must be replaced by the MailStore Gateway's IP address or host name. Additionally the username needs to be modified to '''remote_username%target_server%mailbox_id''' where | # On the email client, the in- (POP3) and outbound (SMTP) server must be replaced by the MailStore Gateway's IP address or host name. Additionally the username needs to be modified to '''remote_username%target_server%mailbox_id''' where | ||
#* ''remote_username'' is the username (e.g. [email protected]) to login to a mailbox on ''target_server'' | #* ''remote_username'' is the username (e.g. [email protected]) to login to a mailbox on ''target_server'' |
Revision as of 11:23, 6 February 2019
This article gives an high level overview of the basic concepts behind MailStore Gateway and should help to understand in which scenarios it can be beneficial to use MailStore Gateway in combination with MailStore Server or MailStore Gateway. In-depth instructions can be found in the corresponding articles of this help, or the help of MailStore Server and MailStore Service Provider Edition.
MailStore Gateway has been designed primarily to serve two distinct purposes, which are:
- Being a journal or archiving target for other email servers, that themselves create copies of sent and received emails.
- Being a SMTP and POP3 proxy that creates and stores copies of all emails, exchanged between email clients and email servers.
Both scenarios are explained more detailed in the following sections.
MailStore Gateway as Server
Many email servers allow the creation of copies of all in- and outbound emails for the purpose of archiving. While some allow to deliver these copies into local mailboxes, some others don't (e.g. Microsoft Office 365, Google G Suite). In the latter case, this means that third-party archiving solutions, such as MailStore Server and MailStore Service Provider Edition, must either pull these messages from other external mailboxes that have been used as a journal or archiving mailbox, or be able to receive emails directly via SMTP.
As direct SMTP archiving is generally preferred over using another third-party mailbox provider, but not supported by MailStore Server and MailStore Service Provider Edition, MailStore Gateway adds this functionality to these products without changing their basic concept of pull-only archiving.
Belows picture gives a good overview of how whole setup looks like.
The typical workflow to set up this scenario looks as follows:
- A MailStore Gateway mailboxes is created. Each MailStore Gateway mailbox has its own, unique email address.
- On the email server, a new journal or archiving rule is created. This rule uses the email address of the previously created MailStore Gateway mailbox as target.
- Once such a rule has been set up, copies of the messages to be archived are send to MailStore Gateway via SMTP. MailStore Gateway encrypts all email upon arrival with an encryption key unique to the mailbox.
- In the last step, MailStore Server and MailStore Service Provider Edition will archive the messages from MailStore Gateway mailboxes via the corresponding email archiving profile.
MailStore Gateway as Proxy
Organisations without their own email server and without using an email service that allows to create journal or archiving rules as mentioned before, may use the combination of POP3/SMTP on their email client to receive and send emails.
To archive all in- and outbound emails in such a scenario, the communication between the email client and the email server must be recorded. This is what MailStore Gateway does when it is used as an email proxy.
Belows picture gives a good overview of how such a setup looks like.
The typical workflow to set up this scenario looks as follows:
- A MailStore Gateway mailboxes is created. Each MailStore Gateway mailbox has its own unique identifier.
- On the email client, the in- (POP3) and outbound (SMTP) server must be replaced by the MailStore Gateway's IP address or host name. Additionally the username needs to be modified to remote_username%target_server%mailbox_id where
- remote_username is the username (e.g. [email protected]) to login to a mailbox on target_server
- target_server is the IP address or host name of the original email server (e.g. mail.google.com)
- mailbox_id is the unique identifier of the MailStore Gateway mailbox into which copies of the sent or received emails are to be stored.
- Once such changes have been made, copies of all send and received emails on that particular client are stored in the given MailStore Gateway mailbox. MailStore Gateway encrypts all stored emails with a key unique to the mailbox.
- Repeat step 2 in all email clients where the user's emails should be archived.
- In the last step, MailStore Server and MailStore Service Provider Edition will archive the messages from MailStore Gateway mailboxes via the corresponding email archiving profile.
Security
All emails stored in the MailStore Gateway mailboxes are protected by strong hybrid encryption. The mailbox passwords represent the passphrase for the private key of the asymmetric part of the hybrid encryption. This means that without the correct mailbox password, no data can ever be decrypted. Therefore it is highly recommended to keep the password in a safe place (i.e. enterprise password manager).
Additionally, MailStore Gateway does not allow usernames or passwords to be transferred over an unencrypted connection, requiring that the remote server for proxies connection must support implicit (SMTPS, POP3S) or explicit (SMTP+STARTTLS, POP3+STARTTLS) encryption.