Difference between revisions of "MailStore Server Service Configuration"

[unchecked revision][checked revision]
 
(79 intermediate revisions by 6 users not shown)
Line 1: Line 1:
= MailStore Server Base Configuration =
+
With the MailStore Server Service Configuration you can configure low level features of a MailStore Server installation as well as control the MailStore Server service. The current status of the MailStore Server service is shown at the bottom of the window.
  
Basic administrative functions are available in the MailStore Server Base Configuration which can be accessed from the MailStore Server program folder in the Window start menu.
+
== General==
 +
On this page you can select the storage location of the master database, configure where audit events should be stored and enable or disable support for the Volume Shadow Copy Service (VSS).
  
[[File:tech_config_01.png|center|450px]]
+
[[File:tech_config_01.png|center|500px]]
  
The following functions and settings are available:
+
=== Master Database ===
 +
Select the storage location of an existing master database. If you chose an empty directory, a new master database will be created therein. If you want to move an existing archive to a new storage location, refer to the instructions in [[Moving the Archive]].
  
'''Master Database'''
+
=== Audit Log ===
Under Directory, select the storage location of an existing master database. If an empty directory is chosen, a new master database is created therein. Additional information about master databases is available in chapter Structure of the MailStore Database.
+
Select the preferred location for storing audit log events.  
  
'''IP Address and Port'''
+
* ''Windows Event Log''<br/>Audit events will be stored in the Windows Event Log, which allows to access and monitor audit event with other 3rd party tools
These settings can be adjusted as needed. 
 
  
'''Web Access'''
+
* ''Integrated Audit Log''<br/>Audit events will be stored in the current archive and MailStore administrators may use the [[Audit Log|MailStore Client]] to search inside the audit log.
The Web Access configuration dialog will be opened. Additional information is available in chapter Web Access Configuration.
 
  
'''Debug Log'''
+
=== Volume Shadow Copy Services (VSS) Support ===
Activate this setting if problems or errors have occurred while operating MailStore Server. After restarting the server service by clicking on Restart in the same window, a detailed log file is written. This file can be evaluated by the MailStore support team, for example.
+
Third party backup solutions may utilize Windows' Volume Shadow Copy Service to create consistent backups of data. Please refer to [[Backup and Restore]] to learn more about the various backup scenarios and in which enabling MailStore's VSS support might be beneficial.
  
'''Locksmith'''
+
The following settings are available in this section:
With this function, the user admin with the password admin can be restored. 
 
  
'''Windows Service'''
+
* ''VSS Writer''<br/>Activates the MailStore VSS Writer for enabling live backups of the archive using an [[Backup_and_Restore#Using_External_Backup_Software|external backup software]].
With this function, the MailStore Server service can be stopped and restarted. This may become necessary after certain changes to the configuration have been made or before performing a Backup.
+
** ''Exclude Indexes from VSS Backup''<br/>Location of index files will not be reported by the VSS Writer.
  
= MailStore Web Access Configuration =
+
=== Controlling the Service ===
 +
The current status of the MailStore Server service is shown at the bottom of the window. By using the buttons you can control the MailStore Server service.
  
MailStore Web Access is a limited web version of MailStore Client. It provides access to the archived emails using an internet browser; an installation of MailStore Client is not required.
+
==== Safe Mode ====
 +
The MailStore Server service can be started in ''Safe Mode'' to perform configuration changes or execute maintenance task without interference of background jobs or users.  
  
Users can use the following internet addresses to access their archives. A detailed description is available in chapter Using MailStore Web Access. 
+
While the ''Safe Mode'' is active:
 +
* Only administrators can log in to MailStore
 +
* Automatic archiving and export profiles are not started
 +
* Jobs are not started automatically
 +
* All internal heartbeats are disabled
 +
* The ''MailStore Server Service Configuration'' cannot be closed
  
*http://servername:8461
+
== Network Settings ==
*https://servername:8462
+
=== Certificate ===
 +
Shows the current TLS certificate used by all integrated services. Click on the name of the TLS certificate to view further details. Using the ellipsis button (…) next to the name you can:
 +
* Select a TLS certificate from the certificate store of the MailStore Server computer.
 +
* Import a TLS certificate from a file directly into the certificate store of the MailStore Server computer. The file must be in PKCS #12 format and usually has the file extension ''.pfx'' or ''.p12''.
 +
* Request a TLS certificate from Let's Encrypt
 +
* Create a new self-signed TLS certificate.
  
'''Please note:''' By default, the setup of MailStore Web Access is completed. This chapter only provides information about the settings and how they may be adjusted.
+
Further information about certificates and TLS security can be found in the following articles:
  
== Summary for Experts ==
+
* [[Using_Your_Own_SSL_Certificate|Using Your Own SSL Certificate]]
 +
* [[Enhancing_SSL_Security|Enhancing SSL Security]]
 +
* [[Using_Lets_Encrypt_Certificates|Using Let's Encrypt Certificates]]
  
[[File:tech_webconfig_01.png|right|350px]]
+
=== Services ===
 +
In addition to enabling and disabling individual network services provided by MailStore Server, you can choose the IP address and the port to which a service is to be bound.
  
*MailStore Web Access requires MailStore Server to run on Windows XP starting with SP2, Windows Vista, or Windows Server 2003 or 2008.
+
[[File:tech_config_02.png|center|550px]]
*By default, MailStore Web Access is activated. The preset URLs are http://servername:8461 and https://servername:8462 respectively.
 
*Using the MailStore Server Base Configuration, MailStore Web Access can be activated and deactivated, and HTTP and HTTPS ports as well as SSL certificates can be specified if a secure connection is required.
 
*To use the function Open in Microsoft Outlook, MAPI must be installed. If neither Outlook nor Exchange Server 2003 or lower are installed on the server, MAPI must be installed separately using the following download: http://www.mailstore.com/?mapi.
 
*To use the function Restore to Mailbox, the SMTP access data must be specified once through administrative tools.
 
  
== System Requirements ==
+
* ''MailStore Client''<br/>Access for the [[Accessing_the_Archive_with_the_MailStore_Client_software|MailStore Client]] application via a TLS encrypted TCP connection. This service cannot be disabled because the MailStore Client is essential for managing MailStore Server. The default TCP port is 8460.
 +
* ''MailStore Web Access / Outlook Add-In (HTTPS)''<br/> This service provides TLS-encrypted archive access through [[Accessing_the_Archive_with_MailStore_Web_Access|MailStore Web Access]] and the [[Accessing_the_Archive_with_the_Microsoft_Outlook_integration|MailStore Outlook Add-in]]. The default TCP port is 8462. This service cannot be disabled.
 +
* ''IMAP Server (STARTTLS)''<br/>Enables the STARTTLS-encrypted archive access through the integrated [[Accessing_the_Archive_via_Integrated_IMAP_Server|IMAP server]] (explicit TLS). Login over unencrypted connections is not supported.
 +
* ''IMAP Server (SSL)''<br/>Enables TLS-encrypted archive access through the integrated IMAP server (implicit TLS).
 +
* ''MailStore Administration API (HTTPS)''<br/>Enables TLS-encrypted access to the [[Administration_API_-_Using_the_API|MailStore Administration API]]. The default TCP port is 8463. Since this API is only used for administrating MailStore Server, this port only needs to be reachable from computers within the organisation.
 +
* ''Let's Encrypt HTTP-01 Challenge Port''<br/>This port is used temporarily when [[Using_Lets_Encrypt_Certificates|requesting or renewing certificates from Let's Encrypt]].
  
In order to be able to use MailStore Web Access, MailStore Server must be installed on one of the following operating systems:
+
==== IP Address ====
 +
The IP address on which the service accepts connections. Generally, it is recommended to bind the MailStore Server services to all IP addresses (default).
  
*Microsoft Windows XP Service Pack 2 or higher
+
==== Port ====
*Microsoft Windows Vista
+
Indicates the TCP port on which the service accepts connections.
*Microsoft Windows Server 2003
+
:'''Hint:''' If no web server other than MailStore Web Access is installed (e.g. an IIS website, Microsoft Outlook Web Access or SharePoint), you can specify the HTTPS standard port (443). This way, users can access MailStore Web access directly using the URL <code>https://<server name></code> without port numbers.
*Microsoft Windows Server 2008
 
*each including Small Business Edition
 
  
Users may use any operating system because MailStore Web Access is accessed using an internet browser. MailStore officially supports the following browsers:
+
=== Outlook App ===
  
*Microsoft Internet Explorer 6
+
Here you can generate the manifest that is required to make the MailStore Outlook App [[MailStore Outlook App Deployment|available in the new Outlook]].
*Microsoft Internet Explorer 7
 
*Microsoft Internet Explorer 8
 
*Mozilla Firefox
 
*Google Chrome
 
*Opera
 
*Apple Safari
 
*Apple Safari on iPhone or iPod touch (special interface)
 
  
Windows authentication (single sign-on; login without entering the password) requires Microsoft Internet Explorer because it is the only browser capable of sending the appropriate information.  
+
== Security and Encryption ==
 +
This page provides several security features related to archive access and encryption. Please note that you cannot use these features while the MailStore Server service is running; it has to be stopped first.
 +
[[File:tech_config_03.png|center|550px]]
  
== Accessing MailStore Web Access ==
+
=== Restore Default Admin ===
 +
Through this feature, you can restore the default admin user ''admin'' with the likewise password ''admin''. [[Multi-factor Authentication]] will be disabled, if it has been enabled before. Stored auto-login credentials on this system will be removed.<br />If the recovery key of the archive whose default admin you want to restore is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.<br />
 +
A restore of the default admin user is written into the audit log.
  
Unless MailStore Server is configured otherwise, users can access MailStore Web Access with the following internet addresses:
+
=== Reinitialize Archive Encryption ===
 +
For security reasons the archive encryption is bound to the Windows installation of the MailStore Server machine. Therefore it might be necessary to reinitialize the archive encryption when moving the archive to another computer. If the recovery key of the archive whose encryption you want to reinitialize is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.
  
*http://servername:8461
+
=== Set Recovery Key ===
*https://servername:8462
+
The recovery key is used to authorize several security related tasks in MailStore Server, such as restoring the default admin, moving the archive to another machine or attaching archive stores from another MailStore installation. That way the number of people that may perform such tasks can be kept small and administrative archive and system duties can be kept separate.
  
Detailed instructions for the web access are available in chapter Using MailStore Web Access. Instructions for the special iPhone/iPod touch version is available in chapter Access Using iPhone and iPod touch.
+
By default, MailStore Server uses the product key provided during setup as recovery key and most security related tasks are carried out automatically without the need to enter the recovery key for authorization.
Activating and Deactivating MailStore Web Access
 
  
By default, MailStore Web Access is activated. To deactivate or reactivate it, please proceed as follows:
+
To improve security you can change your recovery key to an automatically generated, random value. In that case, every security related tasks must be authorized by entering the recovery key. For easier reference, each recovery key has a unique identifier that is displayed when the related recovery key must be provided. Only the most recent recovery key can be used for authorization.
  
*Start the MailStore Server Base Configuration using the appropriate desktop icon.
+
==== Changing the Recovery Key ====
*Click on ''Configure HTTP/HTTPS Access''.
+
* [[File:Tech_config_04.png|right|340px]]Click on ''Change'' to change the recovery key to an automatically generated, random value.
*Remove/add both checkmarks.
+
* You will be asked to save the recovery key to a file and/or print it. You have to choose at least one option to continue.
*Click on ''OK'' to save the settings.
+
* After successfully changing the recovery key only the new key can be used henceforth.<br clear=all />
*To apply the settings, restart MailStore Server by clicking on ''Restart''.
+
<p class="msnote">'''Important notice:''' Always store the recovery key in a secure location. Without the recovery key carrying out security related tasks is no longer possible.</p>
  
== Specifying Standard Ports for MailStore Web Access ==
+
==== Resetting the Recovery Key ====
 +
You can reset the recovery key to the current product key of your MailStore Server installation at any time. Before the reset you will be asked to enter the current recovery key. By default, MailStore Server already uses the current product key as recovery key and the button is disabled.
  
[[File:tech_webconfig_02.png|right|400px]]
+
== Network Shares ==
 +
The MailStore Server service can connect to network shares before startup and disconnect on shutdown. In chapter [[Using Network Attached Storage (NAS)]] further details on connecting to a network resource using special connection parameters are described.
  
If, besides MailStore Web Access, no other web server is installed (e.g. an IIS website, Microsoft Outlook Web Access or SharePoint), the standard ports HTTP and HTTPS can be specified. This way, users can access MailStore Web Access directly (without having to enter the port numbers) using the addresses http://servername or https://servername. Please proceed as follows:
+
== Event Viewer ==
 +
Events such as starting or stopping the MailStore Server service are displayed here. If there are any errors, click on the corresponding entry to view additional details below the list.
  
*Start the MailStore Server Base Configuration using the appropriate desktop icon.
+
== Debug Log ==
*Click on Configure HTTP/HTTPS Access.
+
On this page you can enable, view or delete all debug logs created by MailStore Server.
*Specify port 80 as HTTP port (upper right field).
 
*Specify port 443 as HTTPS port (lower right field).
 
*Click on OK to save the settings.
 
*To apply the new settings, restart MailStore Server by clicking on Restart.
 
  
== Specifying an SSL Certificate for MailStore Web Access ==
+
=== Enable Debug Log ===
 +
Enable this feature if any problems or errors have occurred while running MailStore Server. After restarting the server service via ''Restart Service'' in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.
  
In order to provide encrypted access (HTTPS) via MailStore Web Access, MailStore Server automatically generates a test certificate with the installation. One disadvantage of using test certificates is that, depending on which internet browser is used, a lot of warning messages are displayed. If you own an official SSL certificate for the server, it can be used for MailStore Web Access as follows:
+
=== Enable IMAP Connection Debug Log ===
 +
Enable this feature if problems or errors have occurred while accessing MailStore Server using the integrated IMAP server. After restarting the server service via ''Restart Service'' in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.
  
*Install the certificate into the certificate store (local system).
+
The table shows an overview of all debug log files. To view the contents of a debug log file in a text editor, double-click on the file name or click on ''Open''. To delete a debug log file, highlight the file name and click on ''Delete''.
*Start the MailStore Server Base Configuration using the appropriate desktop icon.
 
*Click on ''Configure HTTP/HTTPS Access''.
 
*Click on ''Select SSL Certificate'' and select the certificate that was saved in the certificate store.
 
*Click on ''OK''.
 
*Click on ''OK'' once more to save the settings.
 
*To apply the new settings, restart MailStore Server by clicking on ''Restart''.  
 
  
== Setting Up the "Open in Outlook (MSG)" Function ==
+
[[de:MailStore_Server_Dienst-Konfiguration]]
 
+
[[en:MailStore Server Service Configuration]]
To enable users to use the Open in Outlook function, MAPI must be installed on the machine on which MailStore Server is installed. This is the case whenever one of the following software products is installed:
 
 
 
*Microsoft Outlook 2000
 
*Microsoft Outlook XP
 
*Microsoft Outlook 2003
 
*Microsoft Outlook 2007
 
*Microsoft Exchange Server 2000
 
*Microsoft Exchange Server 2003
 
 
 
If none of the above products is installed, or if Microsoft Exchange Server 2007 is installed, which does not include MAPI in its installation, MAPI must be installed separately. Please proceed as follows:
 
 
 
*Download ''Microsoft Exchange Server MAPI Client and Collaboration Data Objects'' from the Microsoft website. You can enter the following email address which will redirect you to the appropriate Microsoft download page:
 
      http://www.mailstore.com/?mapi
 
*Execute the downloaded file ''ExchangeMapiCdo.exe''
 
*Specify any directory, e.g. ''C:\MAPI''
 
*The directory will now contain the following subfolder: ''ExchangeMapiCdo.'' Open it.
 
*Execute the installer file ''ExchangeMapiCdo.msi.''
 
*If the message ''"Messaging API and Collaboration Data Objects 1.2.1 cannot be installed with Microsoft Outlook / Microsoft Exchange Server."'' appears, MAPI is already installed. No additional installation is needed.
 
*After the installation, the installation directory (e.g. ''C:\MAPI'') can be removed again from the hard drive.
 
 
 
== Setting Up the "Restore to Mailbox" Function ==
 
 
 
To set up the Restore to Mailbox function, please proceed as follows:
 
 
 
*Start MailStore Client and log on as MailStore administrator (''admin'').
 
*Under ''Administrative Tools'' -> ''SMTP Settings'', specify the access data of your SMTP server. MailStore Server needs this data in order to be able to deliver the emails which are to be restored to the appropriate user. Detailed instructions are available in section SMTP Settings.
 
*Make sure that the field Email Address is filled out for every MailStore user. This prevents users from having to enter their email address each time they use the restore function.
 
 
 
[[de:MailStore_Server_Basiskonfiguration]]
 

Latest revision as of 12:51, 7 October 2024

With the MailStore Server Service Configuration you can configure low level features of a MailStore Server installation as well as control the MailStore Server service. The current status of the MailStore Server service is shown at the bottom of the window.

General

On this page you can select the storage location of the master database, configure where audit events should be stored and enable or disable support for the Volume Shadow Copy Service (VSS).

Tech config 01.png

Master Database

Select the storage location of an existing master database. If you chose an empty directory, a new master database will be created therein. If you want to move an existing archive to a new storage location, refer to the instructions in Moving the Archive.

Audit Log

Select the preferred location for storing audit log events.

  • Windows Event Log
    Audit events will be stored in the Windows Event Log, which allows to access and monitor audit event with other 3rd party tools
  • Integrated Audit Log
    Audit events will be stored in the current archive and MailStore administrators may use the MailStore Client to search inside the audit log.

Volume Shadow Copy Services (VSS) Support

Third party backup solutions may utilize Windows' Volume Shadow Copy Service to create consistent backups of data. Please refer to Backup and Restore to learn more about the various backup scenarios and in which enabling MailStore's VSS support might be beneficial.

The following settings are available in this section:

  • VSS Writer
    Activates the MailStore VSS Writer for enabling live backups of the archive using an external backup software.
    • Exclude Indexes from VSS Backup
      Location of index files will not be reported by the VSS Writer.

Controlling the Service

The current status of the MailStore Server service is shown at the bottom of the window. By using the buttons you can control the MailStore Server service.

Safe Mode

The MailStore Server service can be started in Safe Mode to perform configuration changes or execute maintenance task without interference of background jobs or users.

While the Safe Mode is active:

  • Only administrators can log in to MailStore
  • Automatic archiving and export profiles are not started
  • Jobs are not started automatically
  • All internal heartbeats are disabled
  • The MailStore Server Service Configuration cannot be closed

Network Settings

Certificate

Shows the current TLS certificate used by all integrated services. Click on the name of the TLS certificate to view further details. Using the ellipsis button (…) next to the name you can:

  • Select a TLS certificate from the certificate store of the MailStore Server computer.
  • Import a TLS certificate from a file directly into the certificate store of the MailStore Server computer. The file must be in PKCS #12 format and usually has the file extension .pfx or .p12.
  • Request a TLS certificate from Let's Encrypt
  • Create a new self-signed TLS certificate.

Further information about certificates and TLS security can be found in the following articles:

Services

In addition to enabling and disabling individual network services provided by MailStore Server, you can choose the IP address and the port to which a service is to be bound.

Tech config 02.png
  • MailStore Client
    Access for the MailStore Client application via a TLS encrypted TCP connection. This service cannot be disabled because the MailStore Client is essential for managing MailStore Server. The default TCP port is 8460.
  • MailStore Web Access / Outlook Add-In (HTTPS)
    This service provides TLS-encrypted archive access through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8462. This service cannot be disabled.
  • IMAP Server (STARTTLS)
    Enables the STARTTLS-encrypted archive access through the integrated IMAP server (explicit TLS). Login over unencrypted connections is not supported.
  • IMAP Server (SSL)
    Enables TLS-encrypted archive access through the integrated IMAP server (implicit TLS).
  • MailStore Administration API (HTTPS)
    Enables TLS-encrypted access to the MailStore Administration API. The default TCP port is 8463. Since this API is only used for administrating MailStore Server, this port only needs to be reachable from computers within the organisation.
  • Let's Encrypt HTTP-01 Challenge Port
    This port is used temporarily when requesting or renewing certificates from Let's Encrypt.

IP Address

The IP address on which the service accepts connections. Generally, it is recommended to bind the MailStore Server services to all IP addresses (default).

Port

Indicates the TCP port on which the service accepts connections.

Hint: If no web server other than MailStore Web Access is installed (e.g. an IIS website, Microsoft Outlook Web Access or SharePoint), you can specify the HTTPS standard port (443). This way, users can access MailStore Web access directly using the URL https://<server name> without port numbers.

Outlook App

Here you can generate the manifest that is required to make the MailStore Outlook App available in the new Outlook.

Security and Encryption

This page provides several security features related to archive access and encryption. Please note that you cannot use these features while the MailStore Server service is running; it has to be stopped first.

Tech config 03.png

Restore Default Admin

Through this feature, you can restore the default admin user admin with the likewise password admin. Multi-factor Authentication will be disabled, if it has been enabled before. Stored auto-login credentials on this system will be removed.
If the recovery key of the archive whose default admin you want to restore is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.
A restore of the default admin user is written into the audit log.

Reinitialize Archive Encryption

For security reasons the archive encryption is bound to the Windows installation of the MailStore Server machine. Therefore it might be necessary to reinitialize the archive encryption when moving the archive to another computer. If the recovery key of the archive whose encryption you want to reinitialize is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.

Set Recovery Key

The recovery key is used to authorize several security related tasks in MailStore Server, such as restoring the default admin, moving the archive to another machine or attaching archive stores from another MailStore installation. That way the number of people that may perform such tasks can be kept small and administrative archive and system duties can be kept separate.

By default, MailStore Server uses the product key provided during setup as recovery key and most security related tasks are carried out automatically without the need to enter the recovery key for authorization.

To improve security you can change your recovery key to an automatically generated, random value. In that case, every security related tasks must be authorized by entering the recovery key. For easier reference, each recovery key has a unique identifier that is displayed when the related recovery key must be provided. Only the most recent recovery key can be used for authorization.

Changing the Recovery Key

  • Tech config 04.png
    Click on Change to change the recovery key to an automatically generated, random value.
  • You will be asked to save the recovery key to a file and/or print it. You have to choose at least one option to continue.
  • After successfully changing the recovery key only the new key can be used henceforth.

Important notice: Always store the recovery key in a secure location. Without the recovery key carrying out security related tasks is no longer possible.

Resetting the Recovery Key

You can reset the recovery key to the current product key of your MailStore Server installation at any time. Before the reset you will be asked to enter the current recovery key. By default, MailStore Server already uses the current product key as recovery key and the button is disabled.

Network Shares

The MailStore Server service can connect to network shares before startup and disconnect on shutdown. In chapter Using Network Attached Storage (NAS) further details on connecting to a network resource using special connection parameters are described.

Event Viewer

Events such as starting or stopping the MailStore Server service are displayed here. If there are any errors, click on the corresponding entry to view additional details below the list.

Debug Log

On this page you can enable, view or delete all debug logs created by MailStore Server.

Enable Debug Log

Enable this feature if any problems or errors have occurred while running MailStore Server. After restarting the server service via Restart Service in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.

Enable IMAP Connection Debug Log

Enable this feature if problems or errors have occurred while accessing MailStore Server using the integrated IMAP server. After restarting the server service via Restart Service in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.

The table shows an overview of all debug log files. To view the contents of a debug log file in a text editor, double-click on the file name or click on Open. To delete a debug log file, highlight the file name and click on Delete.