Difference between revisions of "MailStore Server Service Configuration"
|[unchecked revision]||[checked revision]|
(→Volume Shadow Copy Services (VSS) Support)
|Line 67:||Line 67:|
==== IP Address ====
==== IP Address ====
The IP address on which the service accepts connections. Generally, it is recommended to bind
The IP address on which the service accepts connections. Generally, it is recommended to bind MailStore Server services to all IP addresses (default).
==== Port ====
==== Port ====
Latest revision as of 11:05, 4 March 2019
With the MailStore Server Service Configuration you can configure low level features of a MailStore Server installation as well as control the MailStore Server service. The current status of the MailStore Server service is shown at the bottom of the window.
- 1 General
- 2 Network Settings
- 3 Security and Encryption
- 4 Startup Script
- 5 Event Viewer
- 6 Debug Log
On this page you can select the storage location of the master database, configure where audit events should be stored and enable or disable support for the Volume Shadow Copy Service (VSS).
Select the storage location of an existing master database. If you chose an empty directory, a new master database will be created therein. If you want to move an existing archive to a new storage location, refer to the instructions in Moving the Archive.
Select the preferred location for storing audit log events.
- Windows Event Log
Audit events will be stored in the Windows Event Log, which allows to access and monitor audit event with other 3rd party tools
- Integrated Audit Log
Audit events will be stored in the current archive and MailStore administrators may use the MailStore Client to search inside the audit log.
Volume Shadow Copy Services (VSS) Support
Third party backup solutions may utilize Windows' Volume Shadow Copy Service to create consistent backups of data. Please refer to Backup and Restore to learn more about the various backup scenarios and in which enabling MailStore's VSS support might be beneficial.
The following settings are available in this section:
- VSS Writer
Activates the MailStore VSS Writer for enabling live backups of the archive using an external backup software.
- Exclude Indexes from VSS Backup
Location of index files will not be reported by the VSS Writer.
- Exclude Indexes from VSS Backup
Controlling the Service
The current status of the MailStore Server service is shown at the bottom of the window. By using the buttons you can control the MailStore Server service.
The MailStore Server service can be started in Safe Mode to perform configuration changes or execute maintenance task without interference of background jobs or users.
While the Safe Mode is active:
- Only administrators can log in to MailStore
- Automatic archiving and export profiles are not started
- Jobs are not started automatically
- All internal heartbeats are disabled
- The MailStore Server Service Configuration cannot be closed
Shows the current TLS certificate used by all integrated services. Click on the name of the TLS certificate to view further details. Using the ellipsis button (…) next to the name you can:
- Select a TLS certificate from the certificate store of the MailStore Server computer.
- Import a TLS certificate from a file directly into the certificate store of the MailStore Server computer. The file must be in PKCS #12 format and usually has the file extension .pfx or .p12.
- Request a TLS certificate from Let's Encrypt
- Create a new self-signed TLS certificate.
Further information about certificates and TLS security can be found in the following articles:
In addition to enabling and disabling individual network services provided by MailStore Server, you can choose the IP address and the port to which a service is to be bound.
- MailStore Client
Access for the MailStore Client application via a TLS encrypted TCP connection. This service cannot be disabled because the MailStore Client is essential for managing MailStore Server. The default TCP port is 8460.
- MailStore Web Access / Outlook Add-In (HTTP)
Enables archive access via an insecure HTTP connection through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8461.
If this service is enabled a warning will appear on the admin dashboard in MailStore Client, as this service has been marked as deprecated, and is no longer enabled by default on new installations since MailStore Server 12. It will be removed completely in a later version.
- Enable HTTPS redirect
Enabling this option redirects clients from the unencrypted HTTP requests to the HTTPS port.
- Redirect to custom server name
If MailStore Server should use a specific server name for the HTTPS redirect, it must be specified here.
- MailStore Web Access / Outlook Add-In (HTTPS)
This service provides TLS-encrypted archive access through MailStore Web Access and the MailStore Outlook Add-in. The default TCP port is 8462. This service cannot be disabled.
- IMAP Server (STARTTLS)
Enables the STARTTLS-encrypted archive access through the integrated IMAP server (explicit TLS). Login over unencrypted connections is not supported.
- IMAP Server (SSL)
Enables TLS-encrypted archive access through the integrated IMAP server (implicit TLS).
- MailStore Administration API (HTTPS)
Enables TLS-encrypted access to the MailStore Administration API. The default TCP port is 8463.
The IP address on which the service accepts connections. Generally, it is recommended to bind the MailStore Server services to all IP addresses (default).
Indicates the TCP port on which the service accepts connections.
- Hint: If no web server other than MailStore Web Access is installed (e.g. an IIS website, Microsoft Outlook Web Access or SharePoint), you can specify the HTTP- and HTTPS standard ports (80 and 443). This way, users can access MailStore Web access directly using the URLs
https://<server name>without port numbers.
Security and Encryption
This page provides several security features related to archive access and encryption. Please note that you cannot use these features while the MailStore Server service is running; it has to be stopped first.
Restore Default Admin
Through this feature you can restore the default admin user admin with the likewise password admin. If the recovery key of the archive whose default admin you want to restore is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.
A restore of the default admin user is written into the audit log.
Reinitialize Archive Encryption
For security reasons the archive encryption is bound to the Windows installation of the MailStore Server machine. Therefore it might be necessary to reinitialize the archive encryption when moving the archive to another computer. If the recovery key of the archive whose encryption you want to reinitialize is not the product key of the current MailStore Server installation, you will be asked to enter the associated recovery key.
Set Recovery Key
The recovery key is used to authorize several security related tasks in MailStore Server, such as restoring the default admin, moving the archive to another machine or attaching archive stores from another MailStore installation. That way the number of people that may perform such tasks can be kept small and administrative archive and system duties can be kept separate.
By default, MailStore Server uses the product key provided during setup as recovery key and most security related tasks are carried out automatically without the need to enter the recovery key for authorization.
To improve security you can change your recovery key to an automatically generated, random value. In that case, every security related tasks must be authorized by entering the recovery key. For easier reference, each recovery key has a unique identifier that is displayed when the related recovery key must be provided. Only the most recent recovery key can be used for authorization.
Changing the Recovery Key
- You will be asked to save the recovery key to a file and/or print it. You have to choose at least one option to continue.
- After successfully changing the recovery key only the new key can be used henceforth.
Important notice: Always store the recovery key in a secure location. Without the recovery key carrying out security related tasks is no longer possible.
Resetting the Recovery Key
You can reset the recovery key to the current product key of your MailStore Server installation at any time. Before the reset you will be asked to enter the current recovery key. By default, MailStore Server already uses the current product key as recovery key and the button is disabled.
The MailStore Server service can execute a script before startup. The script can be used to establish a connection to a network resource using special connection parameters as described in chapter Using Network Attached Storage (NAS).
Events such as starting or stopping the MailStore Server service are displayed here. If there are any errors, click on the corresponding entry to view additional details below the list.
On this page you can enable, view or delete all debug logs created by MailStore Server.
Enable Debug Log
Enable this feature if any problems or errors have occurred while running MailStore Server. After restarting the server service via Restart Service in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.
Enable IMAP Connection Debug Log
Enable this feature if problems or errors have occurred while accessing MailStore Server using the integrated IMAP server. After restarting the server service via Restart Service in the same window, a detailed log file is recorded. This file can be evaluated by the MailStore support team, for example.
The table shows an overview of all debug log files. To view the contents of a debug log file in a text editor, double-click on the file name or click on Open. To delete a debug log file, highlight the file name and click on Delete.