Configuring Journal/BCC for PoV

Cisco Secure Email Cloud Gateway

About

This page covers the necessary steps to configure the journal rule for your Microsoft 365 or Google Workspace and share copies of inbound messages to the Cisco Secure Email Cloud Gateway.

Prerequisites

Cisco recommends that you have the following knowledge and permissions to configure:

Background Information

You should receive an encrypted email from Cisco that provides you with Cisco Secure Email Cloud Gateway's IP addresses, login information, and, most importantly, a unique journal recipient email address.

If you have not received this encrypted letter, please reach out to [email protected] with your contact information, customer name and domain name.

780

💬

All information provided in this encrypted email is unique for each customer and will not likely change without notification.

Configure

Journal rule for Microsoft 365

  1. Log in to the Microsoft 365 Admin Center (https://portal.microsoft.com)
  2. Go to Admin Centers > Exchange
  3. Click > compliance management
  4. Click > journal rules tab
  5. Click +
  6. In the 'Send journal reports to,' type the unique email address received from Cisco
  7. Name the new journal rule (Journal to Cisco Secure Email )
  8. For 'If the message is sent to or received from', select > [Apply to all messages]
  9. In the 'Journal the following messages' drop-down list, select > External messages
  10. Click > Save
  11. Click > Yes in the confirmation message
966

BCC Rule for Microsoft Office 365

  1. Log in to the Microsoft 365 Admin Center (https://portal.microsoft.com)
  2. Go to Admin Centers > Exchange
  3. Click > mail flow
  4. Click > rule tab
  5. Click +
  6. Name the new BCC rule (BCC to Cisco Secure Email)
  7. Configure > Apply the rule if: The sender is located …
  8. Choose: Outside the organization
  9. Click OK
  10. Configure > Do the following: Bcc the message to …
  11. Insert Check names: the unique email address received from Cisco
  12. Click Check names (Note: “unique email address” will be added into 'Add ->' box)
  13. Click > OK
  14. Click > SAVE
930

Journal Rule for Google Workspace

  1. Log in to the Google Admin (https://admin.google.com)
  2. Go to Apps > Google Workspace > Gmail
  3. Scroll down the page, and click > Routing
  4. Click > ADD ANOTHER
  5. Name the new routing setting (BBC to Cisco Secure Email)
  6. For 'Message to affect', choose > Inbound
  7. Look for 'Also deliver to', select > Add more recipients
  8. Click ADD
  9. In 'Recipient address', enter the unique email address received from Cisco
  10. Click > Save
  11. Click > ADD SETTING
  12. Click > SAVE at the bottom of the main page
602

Verify the status of journal mail flow in Cisco Secure Email Cloud Gateway

Once the above steps have been completed, Cisco Secure Email Cloud Gateway will receive copies of inbound messages sent to your organization. You can confirm the traffic flow by logging in to the Cisco Secure Email and Web Manager portal.

  1. Log in to the Cisco Secure Email and Web Manager (i.e.: https://dh123-sma1.iphmx.com/ng-login )
  2. Click > Tracking tab
  3. Click > Search
  4. All email messages journaled from Microsoft 365 or Google Workspace are listed in the search result page.
1377
  1. Click > More Detail on one of the messages
  2. Make sure the SPF, DKIM, and/or DMARC verification result = Pass
724

Configure Incoming Relay Setting (OPTIONAL)

The Journal/BCC deployment method has been developed for seamless Microsoft 365 and Google Workspace integration. In principle, this module does not expect that there is a previous element in front of Microsoft 365 or Google Workspace.

If a Secure Email Gateway (SEG) is present, we will follow the steps to enable SEG support It is necessary to configure the "Incoming Relay" setting on the Cisco Secure Email Cloud Gateway to optimize the POV outcome.

  1. Log in to your Cisco Secure Email Cloud Gateway UI (i.e: https://dh123-esa1.iphmx.com)
  2. Navigate to Network > Incoming Relay
  3. Click > Enable
  4. Click > Add Relay …
  5. Name the relay profile (example: O365)
  6. Add the MTA IP address or hostname (example: .outlook.com)
  7. On the Header option, stay as Parse the "Receiving" header
  8. Keep 'Begin parsing after' as from
  9. Choose the appropriate hop count (*) from the drop-down list.

📘

(*) Recommended hop count for O365 (.outlook.com) is 3+N, and G-Suite (.google.com) is 2+N

  1. Click > Submit
  2. Click > Commit Changes (the yellow button on the top right corner)
  3. Give an optional comment and click > Commit Changes again
2048

To avoid errors, disable SPF and DMARC verification:

  1. Navigate to Mail Policies > Mail Flow Policies
  2. Click > Default Policy Parameters
  3. Click > Off on SPF/SIDF verification
  4. Click > Off on DMARC Verification
  5. Click > Submit
  6. Click > Commit Changes (the yellow button on the top right corner)
  7. Give an optional comment and click > Commit Changes again

🚧

PLEASE READ CAREFULLY

Cisco strongly advices customers to keep the setting of "Recipient Access Table" and "SMTP Routes" as default when Journal or BCC mode is enabled in Cisco Secure Email Cloud Gateway. Please contact [email protected] if you need to change these settings.