Overview

Revision as of 10:42, 6 February 2019 by Dweuthen (talk | contribs)

This article gives an high level overview of the basic concepts behind MailStore Gatway and should help to understand in which scenario it can be beneficial to use MailStore Gatway in combination with MailStore Server or MailStore Gatway.

MailStore Gateway has been designed primarily to serve two distinct purposes, which are:

  1. Being a target for deliveries from other email servers, that themselves create copies of sent and received emails.
  2. Being a SMTP and POP3 proxy that creates and stores copies of all emails, exchanged between email clients and email servers.


Both scenarios are explained more detailed in the following.

MailStore Gateway as Server

Many email servers allow the creation of copies of all in- and outbound emails for the purpose of archiving. While some allow to deliver these copies into local mailboxes, some others don't (e.g. Microsoft Office 365, Google G Suite). In the latter case, this means that third-party archiving solutions, such as MailStore Server and MailStore Service Provider Edition, must either pull these messages from other external mailboxes that have been used as a journal or archiving mailbox, or be able to receive emails directly via SMTP.

As direct SMTP archiving is generally preferred over using another third-party mailbox provider, but not supported by MailStore Server and MailStore Srevice Provider Edition, MailStore Gateway adds this functionality to these products.

Belows picture gives a good overview of how whole setup looks like.

MailStore Gateway Overview Server.png

The typical workflow to set up this scenario looks as follows:

  • First a MailStore Gateway mailboxes is created. Each MailStore Gateway mailbox has its own, unique email address.
  • On the email server, a new journal or archiving rule is created. This rule uses the email address of the previously created MailStore Gateway mailbox as target.
  • Once such a rule has been set up, copies of the messages to be archived are send to MailStore Gateway via SMTP. MailStore Gateway encrypts all email upon arrival with a key unique to the mailbox.
  • In the last step, MailStore Gateway and MailStore Service Provider Edition will archive the messages from MailStore Gatway mailboxes via the corresponding email archiving profile.

MailStore Gateway as Proxy

Organisations without their own email server and without using an email service that allows to create journal or archiving rules as mentioned before, may still use the combination of POP3/SMTP on their email client.

To archive all in- and outbound email in such a scenario, the communication between the email client and the email server must be recorded. This is what MailStore Gateway does when it is used as a email proxy.

Belows picture gives a good overview of how sich a setup looks like.

MailStore Gateway Overview Proxy.png

The typical workflow to set up this scenario looks as follows:

  • First a MailStore Gateway mailboxes is created. Each MailStore Gateway mailbox has its own, unique identifier.
  • On the email client, the in- (POP3) and outbound (SMTP) server must be replaced by the MailStore Gateway's IP address or host name. Additionally the username needs to be modified to remote_username%target_server%mailbox_id where
    • remote_username is the username (e.g. [email protected]) to login to a mailbox on target_server
    • target_server is the IP address or host name of the original email server (e.g. mail.google.com)
    • mailbox_id is the unique identifier of the MailStore Gateway mailbox into which copies of the sent or received emails should be stored.
  • Once such changes have been made, copies of all send and received messages on that particular client are stored in the given MailStore Gateway mailbox. MailStore Gateway encrypts all stored emails with a key unique to the mailbox.
  • In the last step, MailStore Gateway and MailStore Service Provider Edition will archive the messages from MailStore Gatway mailboxes via the corresponding email archiving profile.

Security

All emails stored in the MailStore Gateway mailboxes are protected by strong hybrid encryption. The mailbox passwords represent the passphrase for the private key of the asymmetric part of the hybrid encryption. This means that without the correct mailbox password, no data can ever be decrypted. Therefore it is highly recommended to keep the password in a safe place (i.e. enterprise password manager).

Additionally, MailStore Gateway does not allow usernames or passwords to be transferred over an unencrypted connection.