Communications Prerequisites
This section outlines the networking, firewall, proxy, and email gateway requirements.
NOTE
Communication requirements involve settings specific to a data center, such as IP addresses and Message Transfer Agents (MTAs). Liaise with Support if you do not know the location of your data center.
NOTE
Aurea does not configure or maintain your MX records. Ensure that your MX records are correctly configured so that messages are correctly routed through the Email Continuity service during an outage of your primary mail system. If your MX records are incorrectly configured, mail could be delayed or lost during an activation.
Your Support representative can assist you in setting up and testing your MX record configurations. Inform your Support representative immediately if there have been any changes in your system environment that could impact mail flow to and from the Email Continuity service.
Support recommends that you run a test activation of the Email Continuity service quarterly to validate your MX record configurations and mail routing results.
Networking Requirements
The networking requirements are:
- The machine on which you install the SyncManager (called the primary controller or AMS server) must have internet access through secure hypertext transfer protocol (HTTPS), using port 443 outbound.
- Connection to the internet and a browser for performing functions in the AMS Admin Console. (See Supported Browser Software.) If you are installing on a new machine, run the Microsoft Internet Connectivity Wizard before you install service software.
- For end users accessing the webmail interface, supported browsers are listed at Supported Browser Software.
Firewall Requirements
Most organization networks include a firewall that restricts both outbound and inbound traffic based on specific rules. Make any necessary adjustments to your firewall’s configuration to ensure that it allows outbound traffic for the AMS server to the data center IP addresses on port 443:
Proxy Requirements
If you use a proxy server, set the proxy server rules to allow communication from the AMS server to the data center IP addresses:
SMTP Message Gateway Requirements
If you use an SMTP gateway server, ensure its configuration accepts inbound messages from the data center IP addresses. If your gateway server blocks all inbound messages that use one of your domains in the From: field, add an exception to this rule to accept messages originating from the data center IP addresses.
For example, if your domain is company.com and you block all inbound mail with an SMTP address of anything@company.com as spam, the exclusion list for this policy should include the data-center-specific IP addresses.
Inbound Mail Routing Requirements for Email Continuity
It is vital that a mechanism for routing mail to Email Continuity is included when your primary mail system is unavailable. This mechanism must exist outside of your on-site messaging solution, to ensure that mail flow will be maintained even if a complete loss of on-site mail routing capabilities is experienced.
If a third-party gateway is not used to filter email outside of your organization, you must include an alternative mechanism for routing messages to Continuity. Be aware that if you list the Continuity failover publicly, you will likely experience a significant level of unwanted mail content as the Email Continuity failover does not filter for spam.
To add this data to your organization’s DNS records, add a secondary MX record for your domain(s) to the data-center-specific MTA.
For example:
|
Domain |
MX Preference |
Host Name |
|
company.com |
Primary preference |
mail exchanger = |
|
company.com |
Lowest preference |
mail exchanger = [data-center-specific MTA] |
Data center MTAs:
Third-party Gateway Requirements
If you use a third-party email gateway, configure it to failover automatically to the data-center-specific message transfer agent (MTA).
When using a third-party email gateway, configure your corporate mail host to:
- Accept inbound SMTP connections from the Continuity IP addresses provided by Support.
- Configure the Continuity IP addresses provided by Support to be a trusted forwarder, but not safe-listed.
Be sure that you provide the hostname or IP address of your mailhost(s) to Support so that the data center can be configured to send email directly to your organization.
Mail Routing with Third-Party Gateway
In the example network diagram shown above:
- Configure third-party gateway to send mail to AMS when the primary mail host is down by listing the AMS MTAs as backup mail record within the third-party gateway configuration.
- Configure AMS to send mail directly to the primary mail host instead of through the MX record (to prevent mail looping).
- Configure the firewall to allow inbound SMTP traffic (port 25) from the AMS servers. This rule is the same as the firewall rule that allows inbound mail from the third-party gateway.
Mail Routing Inbound — Store and Forward
If your primary mail system has gone down, and your organization has not activated Email Continuity, Aurea performs a store and forward service and attempts to deliver your mail. By default, it tries to deliver mail to your system using the MX records for your organization, in priority order. However, if you use a third party filtering service (or for some other reason your organization’s MX records point to an address other than your organization’s), the service allows you to configure designated hosts (using hostnames or IP addresses) to which email is sent.
Similarly, if your organization performs a partial activation, this feature allows you to designate hostnames to deliver mail to users who are not active on Email Continuity.
To configure email routing for inbound mail, see Routing Policies for Forwarded Mail.
Routing for Inbound (Forwarded) Mail
In the diagram above:
- By default, AMS uses MX records to deliver mail to your system.
- Alternatively, you can designate a series of hosts through which to forward mail. (This is required for organizations using a third-party gateway.)
Mail Routing — Outbound During Activation
By default, when Email Continuity is active, it uses the MX records of mail recipients to deliver outgoing mail.
However, if your organization uses a third-party provider for security (or other features), or if you want to route outgoing mail through a different host, Email Continuity can be configured to use a designated series of hostnames or IP addresses (hops) to determine the path the outgoing email takes while Email Continuity is active. To configure the series of hosts, see Routing for Outbound Mail During an Activation.
Outbound Mail Routing During Activation