It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Step 5 - Choose Your Journaling Deployment

  • Last updated on

Before choosing your journaling deployment, you must configure your LDAP settings. See LDAP - Active Directory Integration for instructions.

Configure Microsoft 365 Journaling

Step 1. Ensure Public Access to Port 25 on the Barracuda Message Archiver

To journal mail directly from Microsoft 365 to your Barracuda Message Archiver, you must have a public IP address and port 25 open and NATed to the Barracuda Message Archiver. Additionally, you can optionally have a public DNS record. You can test this by attempting to telnet to the Barracuda Message Archiver on port 25. You can expect one of three outcomes:

  1. If the Barracuda Message Archiver is not accessible, either due to port 25 being blocked or incorrectly configured on the firewall, the attempt to telnet simply hangs at Trying [IP address]. In this case, troubleshoot your network settings:
    telnet_port_25_blocked.png 
  2. If the Barracuda Message Archiver is accessible and you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to No, telnet establishes a connection to the Barracuda Message Archiver:
    telnet_port_25_open_all.png
  3. If the Barracuda Message Archiver is accessible, you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to Yes, and you are attempting to telnet from an IP address not listed in the Trusted SMTP Servers section, telnet establishes a connection and the connection is immediately closed.
    telnet_port_25_openO365.png

Step 2. Add Microsoft 365 Endpoints to the Trusted SMTP Servers List

Microsoft publishes a list of IP addresses used for Microsoft 365 endpoints. The endpoints are grouped into four service areas:

  • Exchange Online
  • SharePoint Online and OneDrive for Business
  • Skype for Business Online and Microsoft Teams
  • Microsoft 365 Common and Office Online.

See the TechNet article Microsoft 365 URLs and IP address ranges for further details. Note: For Microsoft 365 Germany endpoints, see the TechNet article Microsoft 365 Germany endpoints .

  1. Log into the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
  2. Click Bulk Edit.
  3. Go to the TechNet article Microsoft 365 URLs and IP address ranges. Copy and paste the IP addresses based on your Microsoft 365 endpoints.
  4. Click Save .

Step 3. Configure SMTP Forwarding Settings

Because this configuration requires the Barracuda Message Archiver to be public-facing, Barracuda Networks strongly recommends that you configure the Barracuda Message Archiver to only accept mail from the list of Trusted SMTP Servers. If you are also receiving mail from sources other than Microsoft 365, such as an on-premise Exchange server, make sure you add those IP addresses to the list of Trusted SMTP Servers before setting the Barracuda Message Archiver to Allow Only Trusted Hosts.

To configure SMTP forwarding settings:

  1. Log into the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
  2. In the SMTP Forwarding Settings section, set Allow Only Trusted Hosts to Yes.
  3. Click Save.

Step 4. Configure Local Domains

  1. Log into the Barracuda Message Archiver as the administrator, and go to the Basic > IP Configuration page.
  2. In the Local Domains section, add all of your mail-enabled domains including your onmicrosoft.com domain, as well as your non-routable domain, for example, bma.int.
  3. Click Add after each domain entry, and then click Save.

Step 5. Configure SMTP Over TLS/SSL (Optional)

  1. Log into the Barracuda Message Archiver as the administrator, and go to the Advanced > SMTP Configuration page.
  2. In the SMTP Over TLS/SSL section, set Enable SMTP over TLS/SSL to Yes.
  3. Click Save.

Step 6. Create a Remote Domain

  1. Log into the Exchange admin center (EAC), and click mail flow > remote domains:
    365_02.png
  2.  Click the + symbol, and in the new remote domain dialog box, configure the following options:
    1. Name – Type Barracuda Message Archiver
    2. Remote Domain – Type BMA.int or any non-routable domain
    3. Out of Office automatic reply types – Select None

    4. Automatic replies – Select Allow automatic forwarding
    5. Message reporting – Clear all options
    6. Use rich-text format – Select Never
    7. MIME Character Set – Select None
    8. Non-MIME Character Set – Select None
      CreateRemoteDomain.png
  3. Click Save.

Step 7. Create a Send Connector for the Remote Domain

  1. Log into EAC, and click mail flow > connectors.
  2. Click the + symbol. In the Select your mail flow scenario page, configure the following options:
    1. From – Select Office 365
    2. To – Select Your organization's email server
      SelectMailFlow.png 
  3. Click Next. In the New connector page, Configure the following options:
    1. Name – Type Barracuda Message Archiver
    2. What do you want to do after connector is saved – Select both Turn it on and Retain internal Exchange email headers (recommended):
      Ensure the Turn it on check box is selected, otherwise the connector will fail to validate and will not send a test message.
      NewConnector.png
  4. Click Next. In the New Connector page, select Only when email message are sent to these domains.
  5. Click the + symbol. Enter the non-routable domain configured in Step 6 (for example, bma.int), and click OK:
    AddDomain.png 
  6. Click Next. In the New connector page, click the + symbol. Type your public FQDN or IP Address assigned to your Message Archiver. For example, archiver.getcuda.com. Click Save:
    GetCuda.png
  7. Click Next. In the New connector page, select Always use Transport Layer Security (TLS) and Any digital certificate, including self-signed certificates:

    Note that this step is optional and only applies if you enabled SMTP Over TLS/SSL in Step 5 .

    If you previously configured a certificate from a trusted certificate authority, select the Issued by a trusted certificate authority (CA) option.

    Certificate.png

  8. Click Next. Verify your settings in the summary page, and click Next.
  9. Click the + symbol in the Validate this connector page, type test@[non-routable domain] , and click OK:
    Validate.png 
  10. Click Validate.
  11. In the New connector validation results page, verify the connector Status displays as Succeeded, and click Finish.

Step 8. Create a Non-Delivery Report Recipient

Before creating journal rules, specify a journal recipient for non-delivery reports (NDRs) to reduce the risk of losing journal reports:
ndr_warning.png 

 To create an NDR recipient:
  1. Log into the Microsoft Purview compliance portal, navigate to Solutions > Data lifecycle management > Exchange (legacy).
  2. Click the Settings icon.
  3. In Send undeliverable journal reports to, enter the email address of a valid user account. Note that the mailbox must be a mail user, mail contact, or external user, not an Exchange Online Mailbox.

  4. Click Save.

Step 9. Configure Journaling

  1. Log into the Microsoft Purview compliance portal, navigate to Solutions > Data lifecycle management > Exchange (legacy) > Journal rules, and then select + New rule.
  2. On the Define journal rule settings page, provide a name for the journal rule and then configure the following options:
    1. Send journal reports to – Type journal@[non-routable domain]. For example, type: journal@bma.int
    2. Journal rule name – Type Barracuda Message Archiver

    3. Journal messages sent or received from – Select Apply to all Messages.

    4. Type of message to journal – Select All Messages.

  3. Select Next, review the settings, and then click Submit to create the journal rule.

Configure Envelope Journaling for Microsoft Exchange Server 2013 and Newer - Standard

 

Microsoft Exchange allows a Journal recipient to be either a mailbox or a contact. By using a contact with an email address that is part of a non-existent domain, you can create a send connector that uses SMTP to deliver journaled mail to the Barracuda Message Archiver. Use the steps in this article to configure Envelope Journaling.

Use the examples in this article to simplify troubleshooting. Note that you can cut and paste the shell commands directly from this article.

Step 1. Register Each Exchange Server as a Trusted SMTP Server

To ensure that archiving begins as soon as your Exchange Servers are configured to send journal copies, first register each Exchange Server that is in a Client Access Server (CAS) role as a Trusted SMTP Server with the Barracuda Message Archiver on the Mail Sources > SMTP page in the web interface.

  1. Log into the Barracuda Message Archiver web interface, and go to the Mail Sources > SMTP page.
  2. In the Trusted SMTP Servers section, enter the details for each Exchange Server that is to journal directly to the Barracuda Message Archiver; click Add after entering the details for each Exchange Server, and then click Save

Step 2. Create a Remote Domain From the Exchange Management PowerShell

The Remote Domain must not be your normal email domain. The remote domain must be a non-existent and non-routable/unresolvable domain from either inside or outside your organization (such as bma.int). This domain must be used for the email address of the Mail Contact that is to be the journaled message recipient.

Remote Domain

In previous versions of Exchange Server, the Exchange Management Console was used to create a Remote Domain; in Exchange Server 2013 and newer, the ECP/EAC has no analogous functionality so you must use PowerShell to create the Remote Domain.

To create a Remote Domain, you must enter a Name to describe the domain, and the actual Domain Name to use. In this example, bma.int is the dummy Domain Name that is used. You can use bma.int or create your own dummy Domain Name. Note that this Domain Name is also used to create the Mail Contact in Step 4. Create a Send Connector for the Remote Domain.

  1. Open the Exchange Management Shell. 
  2. Enter the following command to create the remote domain; this command ensures TNEF encoding is disabled: 
    New-RemoteDomain -DomainName bma.int -Name "Message Archiver Domain"  
  3. Enter the following command to enable auto-forwarding:
    Get-RemoteDomain | Where {$_.DomainName -eq "bma.int"} | Set-RemoteDomain -TNEFEnabled $false -AutoForwardEnabled $true
  4. Enter the following command to verify the settings:
    Get-RemoteDomain | Where {$_.DomainName -eq "bma.int"} |Format-table Name, DomainName, TNEFEnabled, AutoForwardEnabled

Step 3. Create a Recipient Mail Contact/Alternate Email Address

The Mail Contact is the account that is to act as a "holding location" for journaled messages. The email address associated with this account is the designated recipient and must be associated with a non-existent, non-routable dummy Domain Name created above in Step 2. Create a Remote Domain From the Exchange Management PowerShell. Use the following steps to create the Mail Contact:

  1. Log into the Exchange Admin Center (EAC), and click recipients contacts.
  2. Click the + symbol, and click Mail contact:
    MailContact.png 
  3. In the new mail contact dialog box, enter the following details:
    1. First name – Type  Barracuda
    2. Initials – Leave this field blank
    3. Last name – Type  Journaling
    4. Display name – This field automatically populates
    5. Alias – Type  BMA_Journaling
    6. External email address – Type  bma_journaling@bma.int
    NewMailContact.png
  4. Click save .
Hide Contact from Global Address List

Barracuda Networks recommends hiding the mail contact from the Global Address List. You can use the following command in Exchange Management Shell to hide the mail contact:

Get-MailContact | Where {$_.Name -eq "Barracuda Journaling"} | Set-MailContact -HiddenFromAddressListsEnabled $True

Enter the following command to verify the setting:

Get-MailContact | Where {$_.Name -eq "Barracuda Journaling"} | Format-table Name, HiddenFromAddressListsEnabled

Step 4. Create a Send Connector for the Remote Domain

To ensure proper mail flow, verify that the Barracuda Message Archiver send connector has a lower cost value than the send connector for outbound SMTP traffic.

To route journaled mail that is sent to the contact to the Barracuda Message Archiver, use the following steps to create a Send Connector for the Remote Domain:

  1. Log into the EAC, click mail flow in the left pane, select send connectors at the top of the page, and then click the + symbol to create a new send connector:
    sendConnector.jpg
  2. In the Name field, enter a name for the connector, and in the Type section, select Custom:
    new_send_connector.jpg
  3. Click next. In the Network settings page, select Route mail through smart hosts:
    new_send_connector2.jpg
  4. Click next. In the add smart host page, enter the Barracuda Message Archiver fully qualified domain name (FQDN) or IP address:  
    add_smart_host.jpg
  5. Click save. the FQDN or IP Address displays in the SMART HOST list; verify the address:
    smart_host_added.jpg
  6. Click next. In the Smart host authentication page, because authentication is not used on the smart host connection to the Barracuda Message Archiver, no changes are necessary; click next:
    authenticationUpdate.jpg
  7. In the Address space section, click the + symbol:
    address_space.jpg
  8. In the Address Space page, enter the domain that matches the domain for the external email address used to create the journal contact, for example, bma.int (see Step 2. Create a Remote Domain From the Exchange Management PowerShell):
    add_domain.jpg
  9. The domain is added to the Address space list:
    verify_address_space.jpg
  10. Click next. In the Source server section, click the + symbol:
    source_server.jpg
  11. Verify all of the appropriate Exchange Servers are listed; click add to add additional servers:
    verify_listed_servers.png
  12. Click ok. In the Source server page, the selected servers display:
    finishStandard.jpg
  13. Click finish. The new send connector displays as enabled in the send connectors list:
    enabledStandard.jpg
  14. Click the Edit ( editUpdate.jpg ) icon to edit the Send Connector properties. From the Maximum send message size (MB) drop-down list, select unlimited, and then click save:
    editConnector.jpg

Step 5. Set Up Mailbox Database Journaling

Use the following steps to set up mailbox database journaling:

Important

 You must complete all of the steps in this section for each Exchange Email Database.

  1. Log into the EAC, click servers in the left pane, select database at the top of the page, and then click the Edit (editUpdate.jpg) icon to edit the database properties:
    edit_db.jpg
  2. In the Properties page, click maintenance in the left pane:
    mailbox_db_properties.jpg
  3. In the maintenance page, click browse following the Journal recipient field:
    browse_to_recipient.jpg
  4. Navigate to and select the destination location for journaled messages, for example journal@bma.int:
    SelectRecipientbmaint.png
  5. Click ok to select the journal message recipient. The recipient displays in the maintenance page:
    journal_contact.jpg
  6. Click save to save your settings.

The configuration is now complete and journaled mail is forwarded to the Barracuda Message Archiver. Log into the Barracuda Message Archiver, and go to the Basic > Search page in the web interface to verify that new mail is being processed. Note that it may take up to 30 minutes before journaled mail is available in the search results.

Barracuda Networks recommends hiding the Journal Contact, as well as any mailbox set up for undeliverable journal reports, from the Global Address List (GAL) so that mail is not sent directly to these accounts.  

Configure Envelope Journaling for Microsoft Exchange Server 2013 and Newer - Premium

 

Microsoft Exchange allows a Journal recipient to be either a mailbox or contact. By using a contact with an email address that is part of a non-existent domain, you can create a send connector that uses SMTP to deliver journaled mail to the Barracuda Message Archiver. Also see Understanding SMTP Forwarding and Trusted Servers.

Excluding Health Monitor Alerts

By default, Health Monitor Alerts are automatically journaled in Exchange 2013. To exclude these alerts from journaling, refer to the Microsoft support article Managed Availability messages are journaled in Exchange Server 2013.

Use the examples included in this article to simplify troubleshooting. Note that you can cut and paste the shell commands directly from this article.

Step 1. Register Each Exchange Server as a Trusted SMTP Server

To ensure that archiving begins as soon as your Exchange Servers are configured to send journal copies, first register each Exchange Server that is in a Client Access Server (CAS) role as a Trusted SMTP Server with the Barracuda Message Archiver on the Mail Sources > SMTP page in the web interface.

  1. Log into the Barracuda Message Archiver web interface, and go to the Mail Sources > SMTP page.
  2. In the Trusted SMTP Servers section, enter the details for each Exchange Server that is to journal directly to the Barracuda Message Archiver; click Add after entering the details for each Exchange Server, and then click Save.

Step 2. Create a Remote Domain From the Exchange Management PowerShell

The Remote Domain must not be your normal email domain. The remote domain must be a non-existent and non-routable/unresolvable domain from either inside or outside your organization (such as bma.int). This domain must be used for the email address of the Mail Contact that is to be the journaled message recipient.

Remote Domain

In previous versions of Exchange Server, the Exchange Management Console was used to create a Remote Domain; in Exchange Server 2013 the ECP/EAC has no analogous functionality so you must use PowerShell to create the Remote Domain.

To create a Remote Domain, you must enter a Name to describe the domain, and the actual Domain Name to use. In this example, bma.int is the dummy Domain Name that is used. You can use bma.intor create your own dummy Domain Name. Note that this Domain Name is also used when creating the Mail Contact in Step 4. Create a Send Connector for the Remote Domain.

  1. Open the Exchange Management Shell.
  2. Enter the following commands to create the remote domain; these commands ensure TNEF encoding is disabled and auto-forwarding is enabled:
    New-RemoteDomain -DomainName bma.int -Name "Message Archiver Domain" Get-RemoteDomain | Where {$_.DomainName -eq "bma.int"} | Set-RemoteDomain -TNEFEnabled $false -AutoForwardEnabled $true
  3. Enter the following command to verify the settings:
    Get-RemoteDomain | Where {$_.DomainName -eq "bma.int"} |Format-table Name, DomainName, TNEFEnabled, AutoForwardEnabled

    These commands ensure TNEF encoding is disabled and auto-forwarding is enabled. Barracuda Networks recommends disabling TNEF encoding. Auto-forwarding is enabled to allow mail for the contact to be forwarded to the Barracuda Message Archiver.

Step 3. Create a Recipient Mail Contact/Alternate Email Address

The Mail Contact is the account that is to act as a "holding location" for journaled messages. The email address associated with this account is the designated recipient and must be associated with a non-existent, non-routable dummy Domain Name created above in Step 2. Create a Remote Domain From the Exchange Management PowerShell. Use the following steps to create the Mail Contact:

  1. Log into the Exchange Admin Center (EAC), click recipients in the left pane, select contacts at the top of the page, and then click the + symbol to create a new mail contact:
    recipient_update.jpg
  2. In the new mail contact page, enter details for the designated recipient account details:
    new_mail_contact.jpg
  3. Click save. The new contact displays in the contacts list:
    contact_created.jpg

    Hide Contact from Global Address List

    Barracuda Networks recommends hiding the mail contact from the Global Address List (GAL). One method to hide the mail contact is to utilize the following shell command:

    Get-MailContact | Where {$_.Name -eq "Journal Contact"} | Set-MailContact -HiddenFromAddressListsEnabled $True

    The setting can be verified by executing:
    Get-MailContact | Where {$_.Name -eq "Journal Contact"} | Format-table Name, HiddenFromAddressListsEnabled  

    Alternate Journaling Mailbox

    You can configure an additional parameter in Exchange 2013 to specify that a journal report temporarily cannot be delivered. For details, refer to the Journal Reports section of the Microsoft TechNet Journaling article.

  4. In the EAC, click recipients in the left pane, select mailboxes at the top of the page, and click the + symbol to create an alternate journaling mailbox:
    mailboxes.jpg  
  5. In the new user mailbox  page, enter details for the alternate journaling mailbox:
    journal_ndr.jpg
  6. Click save. The new mailbox displays in the mailboxes list:
    journal_ndr2.jpg  

Hide Alternate Contact from GAL

Barracuda Networks recommends hiding the alternate mail contact from the GAL; to do so, with the new mailbox still selected, click the Edit ( editUpdate.jpg) icon. In the general page, turn on Hide from address lists:

hide.jpg

Step 4. Create a Send Connector for the Remote Domain

To route journaled mail that is sent to the contact to the Barracuda Message Archiver, use the following steps to create a Send Connector for the Remote Domain:

  1. In the EAC click mail flow in the left pane, select send connectors at the top of the page, and then click the + symbol to create a new send connector:
    sendConnector.jpg
  2. In the Name field, enter a name for the connector, and in the Type section, select Custom:
    new_send_connector.jpg
  3. Click next. In the Network settings page, select Route mail through smart hosts:
    new_send_connector2.jpg
  4. Click next. In the add smart host page, enter the Barracuda Message Archiver fully qualified domain name (FQDN) or IP address:
    add_smart_host.jpg
  5. Click save. The FQDN or IP address displays in the SMART HOST list; verify the address:
    smart_host_added.jpg
  6. Click next. In the Smart host authentication page, because authentication is not used on the smart host connection to the Barracuda Message Archiver, no changes are necessary; click next:
    authenticationUpdate.jpg
  7. In the Address space section, click the + symbol :
    address_space.jpg
  8. In the Address Space page, enter the domain that matches the domain for the external email address used to create the journal contact, for example, bma.int (see Step 2. Create a Remote Domain From the Exchange Management PowerShell):
    add_domain.jpg
  9. The domain is added to the Address space list:
    verify_address_space.jpg
  10. Click next. In the Source server  section, click the + symbol:
    source_server.jpg
  11. Verify all the Exchange Servers that are in the CAS role are listed; click add to add additional servers:
    verify_listed_servers.png
  12. Click ok. In the Source server page, the selected servers display:
    finishUpdate1.jpg
  13. Click finish. The new send connector displays as enabled in the send connectors list:
    finishUpdate2.jpg
  14. Click the Edit (editUpdate.jpg) icon to edit the Send Connector properties. From the Maximum send message size (MB) drop-down list, select unlimited:
    edit_connector.jpg 
  15. Click save.

Step 5. Create a Journal Rule

  1. Open the EAC, click compliance management in the left pane, select journal rules at the top of the page, and then click the + symbol:
    journal_rule01.jpg
  2. In the new journal rule page, enter the following details:
    1. Enter a name for the journal rule
    2. From the If the message is sent or received from list, select Apply to all messages
    3. From the Journal the following messages list, select All messages
    4. In the Send Journal Reports field, enter the email address of the contact created in Step 4. Create a Send Connector for the Remote Domain (bma.int):
      JournalRulebmaint.jpg
  3. Click save. If the warning message Do you want this rule to apply to all future messages displays, click yes:
    warning 02.jpg
  4. The journal rule check box displays selected in the journal rules page:
    journal_rule02.jpg
  5. In the Send undeliverable journal reports to section, click Select address:
    select_address.jpg
  6. In the non-delivery reports window, click browse:
    non_delivery.jpg
  7. Browse to and select the alternate mailbox created in Step 3. Create a Recipient Mail Contact/Alternate Email Address (Journal NDR Mailbox):
    journal ndr 3.jpg
  8. Click ok. Verify your selection, and then click save:
    non_delivery02.jpg
  9. The address displays in the Send undeliverable journal reports to section:
    journal_ndr4.jpg

The configuration is now complete and journaled mail is forwarded to the Barracuda Message Archiver. Log into the Barracuda Message Archiver, and go to the Basic > Search page in the web interface to verify that new mail is being processed. Note that it may take up to 30 minutes before journaled mail is available in the search results.

Configure Envelope Journaling for Microsoft Exchange Server 2007 and 2010

Depending on your Client Access Licenses (CALs), you may need to apply these rules at the mail server level rather than the hub transport level. For more information, see the Microsoft TechNet article Overview of Compliance Features.

Register Each Exchange Server as a Trusted SMTP Server

To ensure that journaled message archiving begins as soon as your Exchange Servers are configured to send them, register each Exchange Server as a Trusted SMTP Server with the Barracuda Message Archiver (on the Mail Sources > SMTP page) prior to configuring your Exchange Servers. Also see Understanding SMTP Forwarding and Trusted Servers.

Once the Barracuda Message Archiver is configured to receive SMTP traffic, you must complete the following from the Exchange Management Console (EMC) of each Exchange Server that will be journaling directly into the Barracuda Message Archiver:

  • From Recipient Configuration – Create a Mail Contact that is to act as the recipient of all journaled messages.
  • From Organization Configuration > Hub Transport – Create the following items:
    • a (non-routable) Remote Domain, to act as the recipient domain for journaled traffic
    • a Send Connector, for routing journaled messages
    • a Journaling Rule to actually enable journaling on your Exchange Server

Configure the Barracuda Message Archiver

On the Barracuda Message Archiver, use the the following steps to enable SMTP forwarding:

  1. Go to the Mail Sources > SMTP page.
  2. In the Trusted SMTP Servers section, enter the IP address of each Exchange Server that is to journal directly to the Barracuda Message Archiver.

Create a Remote Domain

The Remote Domain must be a non-existent or externally non-routable and unresolvable domain, from either inside or outside your organization, and must match the Mail Contact that is the recipient of journaled messages as it is used by the Exchange Server for routing all SMTP Journal traffic. Use the following steps to create a remote domain:

  1. Open the EMC, expand Organization Configuration, select Hub Transport, and click the Remote Domains tab in the center pane.
  2. In the Actions panel in the right pane, click New Remote Domain. The New Remote Domain dialog displays.
  3. Enter a Name to describe the domain, and the actual Domain name you want to use. In this example, bma.int is the "fake" domain name that is used. You will use this domain name later when creating the Mail Contact:
    newremotedomain.png
  4. Click New to verify the domain settings, and click Finish to save your settings. The newly created domain displays in the Remote Domains list.
  5. Double-click on the newly created domain to open the Properties dialog for the newly created domain, and:
    • In Exchange 2007, select Format of original message sent as attachment to the journal report.
    • In Exchange 2010, select the Message Format tab in the Properties dialog box.
  6. Select the following options to ensure journal messages sent to this domain are MIME Plain Text format (rather than the unsupported Exchange Rich Text format):
    • In the Message Format Options section, turn on Allow automatic forward.
    • In the Exchange rich-text format section, select Never Use:
      bmaproperties.png

      Verify that only Never use and Allow automatic forward are selected in the dialog box.

  7. Click Apply to save your settings, and click OK to close the Properties dialog.

Create a Mail Contact

The Mail Contact is the account that is to act as a "holding location" for journaled messages. The email address associated with this account is the designated recipient, and should be associated with a non-routable "dummy" domain name. Use the following steps to create a Mail Contact:

  1. In the EMC, expand Recipient Configuration, select Mail Contact, and in the Actions panel, click New Mail Contact:
    newmailcontact.png 
  2. In the dialog, select New Contact, and click Next.
  3. Enter a First name and Last name; the Name field automatically populates based on the entered values. Enter an Alias:
    newmailcontact2.png
  4. Click Edit to the right of the External e-mail address field, and in the SMTP Address dialog, enter the delivery email address, for example, BMA_Journal@bma.int:
    smtp_address.png

    The account name can be anything you want, but the domain name must match what you created in the preceding section, Create a Remote Domain.

  5. Click OK to close the dialog box. In the Wizard, click Next to verify the information:
    newmailcontact3.png 
  6.  Click New to create the Mail Contact. The newly-created contact appears in the Mail Contact list. Click Finish to close the Wizard.

Create a Send Connector

  1. In the EMC, expand Organization Configuration, select Hub Transport, and select the Send Connector tab. In the Actions panel, and click New Send Connector. The New Send Connector dialog displays. Enter a Name to identify this send connector, e.g., Barracuda Message Archiver:
    newsendconnector.png
  2. From the Select the intended use for this Send connector menu, select Custom, and click Next.
  3. In the Address Space section, click Add; the SMTP Address Space dialog box displays:
    smtpaddressspace.png
  4. In the Address space field, enter the domain created earlier, e.g., bma.int, and click OK. The SMTP connector is added:
    newsendconnector2.png
  5. Click Next. Select Route mail through the following smart host:
    newsendconnector3.png
  6. Click Add. In the Add smart host dialog box, select IP address, and enter the IP address of your Barracuda Message Archiver:
    add_smart_host.png
  7. Click OK to add the IP address. Click Next, then click Next again.
  8. In the Source Server page, if your Exchange server is not already listed, click Add to search for and add the server to this list. Click Next to verify your configuration, and click New to create the Send Connector. Click Finish to return to the Send Connectors tab; the newly-created Send Connector displays in the list.
  9. Right-click on the new Send Connector, and click Properties.
  10. In the Properties dialog box, clear Maximum message size (KB):
    send_connector_properties.png
  11.  Click Apply, and then click OK to save your changes and close the dialog box.

Create a Journaling Rule

Both the Standard and Enterprise versions of Microsoft Exchange Server 2007 and 2010 support Standard and Premium Journaling. Open the EMC, and complete the following steps to add a journaling rule:

  1. In the EMC, expand Organization Configuration, select Hub Transport, and select the Journal Rules tab.
  2. In the Actions panel, click New Journal Rule; the New Journal Rule dialog displays.
  3. Enter a Rule name, and for the Send Journal reports to e-mail address, click Browse and navigate to and select the mail contact created in the section Create a Mail Contact; for example, BMA_Journal@bma.int:
    newjournalrule.png 
  4. Select the Scope for archiving; the recommended setting is Global - all messages for the most complete coverage.
  5. Turn on Enable Rule, click New to create the Journaling rule, and click Finish to return to the Journal Rules tab where the newly-created rule displays in the list.

Configure Google Workspace Journaling

Use the steps in this article to configure Google Workspace to send journal mail to the Barracuda Message Archiver.

Step 1. Ensure Public Access to Port 25 on the Barracuda Message Archiver

To Journal mail directly from Google Workspace to your Barracuda Message Archiver, you must have a public IP address and port 25 open and NATed to the Barracuda Message Archiver. Additionally, you can optionally have a public DNS record. You can test this by attempting to telnet to the Barracuda Message Archiver on port 25. You can expect one of three outcomes:

  1. If the Barracuda Message Archiver is not accessible, either due to port 25 being blocked or incorrectly configured on the firewall, the attempt to telnet simply hangs at Trying [IP address]. In this case you need to troubleshoot your network settings:
    telnet_port_25_blocked.png 
  2. If the Barracuda Message Archiver is accessible and you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to No, telnet establishes a connection to the Barracuda Message Archiver:
    telnet_port_25_open_all.png
  3. If the Barracuda Message Archiver is accessible, you have set Allow Only Trusted Hosts on the Mail Sources > SMTP page to Yes, and you are attempting to telnet from an IP address not listed in the TRUSTED SMTP SERVERS section, telnet establishes a connection and the connection is immediately closed:
    telnet_port_25_openO365.png 

Step 2. Add Google IP Address Ranges to the Trusted SMTP Servers List

Google Workspace mail servers use a large range of IP addresses which may change. To determine the current Google IP address range, see the Google IP address ranges for outbound SMTP in the Google Workspace Administrator Help .

  1. Use the steps outlined in the Google IP address ranges for outbound SMTP  article.
  2. Log in to the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
  3. Click Bulk Edit.
  4. Copy and paste the IP addresses based on your region, and click Save .

Step 3. Configure SMTP Forwarding Settings

Because this configuration requires the Barracuda Message Archiver to be public-facing, Barracuda Networks strongly recommends that you configure the Barracuda Message Archiver to only accept mail from the list of Trusted SMTP Servers. If you are also receiving mail from sources other than Google Workspace, make sure you add those IP addresses to the list of Trusted SMTP Servers before setting the Barracuda Message Archiver to Allow Only Trusted Hosts.

To configure SMTP forwarding settings, 

1. Log into the Barracuda Message Archiver as the administrator, and go to the Mail Sources > SMTP page.
2. In the SMTP Forwarding Settings section, set Allow Only Trusted Hosts to Yes.
3. Click Save.

Step 4. Configure Local Domains

  1. Log into the Barracuda Message Archiver as the administrator, and go to the Basic > IP Configuration page.
  2. In the Local Domains section, add all of your mail-enabled domains.
  3. Click Add after each domain entry, and click Save.

Step 5. Configure SMTP Over TLS/SSL (Optional)

  1. Log into the Barracuda Message Archiver as the administrator, and go to the Advanced > SMTP Configuration page.
  2. In the SMTP Over TLS/SSL section, set Enable SMTP over TLS/SSL to Yes.
  3. Click Save.

Step 6. Add Route

  1. Sign into the Google Workspace domain console, and go to Apps > Google Workspace > Gmail > Hosts .
  2. Click Add Route.
  3. In the Add mail route page, enter your Barracuda Message Archiver settings:
    1. Type Barracuda Message Archiver in the Name field.
    2. In the Specify email server section, enter your Barracuda Message Archiver public IP address or public DNS record.

      You can optionally select Require secure transport (TLS). When selected, you must set Enable SMTP over TLS/SSL to Yes on the Advanced > SMTP Configuration page in the Barracuda Message Archiver web interface (see STEP 5 above).

      If you are using a self-signed certificate, clear Require CA signed certificate.

  4. Click Save.
  5. Go to  Apps > Google Workspace > Gmail > Routing. Click Configure or Add Another Rule
    routing.png
  6. Enter a unique name to identify the setting, and select all of the check boxes under Messages to affect:
    messages_to_affect.png
  7. Scroll to Also deliver to, click Add more recipients, and click Add.
  8. Under Recipients, select Advanced from the drop-down menu.
  9. Select Change route and Barracuda Message Archiver.
  10. Clear Do not deliver spam to this recipient and select Suppress bounces from this recipient.
  11. Click Save, and click Add Setting.
  12. Click Save:
    final.png

Additional Deployment Options

The deployment mode is dependent on the email server configuration at your site as well as the number of domains you want to archive. See Deployment Options for a complete list of supported deployment options.