Basic Mimecast Guide
Basic Mimecast Guide. Mimecast is a cloud based email filtering and archiving service. Email security is a vital part of many businesses, and Mimecast offers users added security against threats such as viruses and phishing, as well as reducing spam. Archiving and continuity are also options within the service; this allows businesses to ensure access to email is still available during an outage of their email server.
Once you have made the decision to use Mimecast, you will repoint your domain’s mail exchanger (MX) records to Mimecast’s server cluster, and you will be given access to a web portal, known as the Mimecast Administration Console.
Configuring your mail server IP address
Login to the Mimecast Administration Console and navigate to Gateway à Policies à Delivery Routing. Click the Definitions button on the right hand side, next to the Delivery Routing option.
To set a new delivery route, click New Route Definition. To edit the existing one, click on the entry. Set the Hostname field to the IP address of FQDN of your email server.
Permitting or blocking a sender
To add a new blocked or a permitted sender to Mimecast at the account level, do the following:
- Login to the Mimecast Administration Console
- Go to Directories –> Groups
- Click Blocked Senders or Permitted Senders on the left
- Then use the Build menu and select either Add Email Addresses or Add Email Domains.
This is a domain level policy which is run before the end user individual policies.
Whitelist a Sender IP address in Mimecast
Sometimes you may need to permit an IP address through Mimecast, this may be preferable to whitelisting by domain or email address under certain circumstances.
To add an IP address to an allow list, do the following:
- Login to the Mimecast Administration Console.
- Go to Gateway –> Policies.
- Find ‘Permitted Senders’ in the list and click on it.
If there is an existing policy for allowed IP addresses, there will be an entry that states it applies ‘From Everyone’ and ‘To Everyone’, if you click on this and look at the Validity section at the bottom, you may see existing whitelisted IP addresses. If this is the case, then you can add any further required IP addresses to the Validity section here.
If there is not an existing policy defined as ‘From Everyone’ and ‘To Everyone’ to permit senders, then do the following:
- Click ‘New Policy’.
- In ‘Policy Narrative’, enter an easy to understand name, such as ‘Permitted IP Addresses’.
- In ‘Permitted Sender Policy’, select ‘Permit Sender’.
- Select ‘Everyone’ for Emails From and Emails To.
- Check the ‘Policy Override’ checkbox.
Add the IP addresses required in the ‘Source IP Ranges’ box using the CIDR notation. For example:
To add a single IP address:
To add a range of addresses:
Adding new Mimecast Admin users and assigning roles
Existing admin users for Mimecast can assign the admin role to other users within the system, and add new users if required.
- Login to the Mimecast Administration Console. Then go to ‘Directories’ –> ‘Internal’. Then click the domain required.
- To edit an existing user, you can use the search feature and then click on the user to amend the role assigned.
- Click on the ‘RoleEdit’ option and click the role you wish to assign. Then click the ‘Add User to Role’ button.
You can add multiple new users to the role from here.
If you wish to add a new user, you need to do this using the ‘New Address’ option from the ‘Directories’ –> ‘Internal’ –> “domain.com” screen. However, if you use an Active Directory Server, new users added to AD will automatically be added to Mimecast. Only use the ‘New Address’ feature to add non-AD users.
Then you can change the role for the new user following the other steps detailed above.
Detecting pornographic images in email
The sensitivity level of the pornographic image detection feature in Mimecast can be amended to suit your requirements.
- Login to the Mimecast Administration Console:
- Go to Gateway –> Policies then Definitions –> Attachment Sets
- Click ‘New Attachment Set Definition’
In here, you can increase or decrease the ‘Hold images above n% probability’ option.
The lower the percentage selected, the higher chance there is of the image being filtered.
- Select lower amounts to filter more content.
- Select higher amounts to allow more content through.
Notify options are useful for informing users when a message is blocked.
If you have a group of, for example, IT users, they can be added to be notified also.
Targeted Threat Protection Device Enrollment
After TTP has been activated, the default settings dictate that users must have their device enrolled in order for links and emails to flow through. This is all done automatically via. email — an enrolment email is sent to the user and they follow the links to enrol their device. However, some users might experience problems where Mimecast ask them to repeatedly enroll even if they have done it previously. A useful KB article on this problem is here: https://community.mimecast.com/docs/DOC-1684
This function works on a cookie basis and to continue working effectively, after a device has been enrolled the resulting cookie must be kept and stored by the browser. This presents a wealth of problems of its own because a lot of companies have group policies that clear down cookies whenever a browser is closed. Devices such as smart phones also have this clear down function setup by default. Mimecast have had a fair few complaints about this, and in instances where group IT policies concerning cookies cannot be altered, Mimecast have advised that customers have it switched off.
Device enrolment can be switched off and TTP still works perfectly fine. The way the system works is that an email with a suspcious URL gets blocked, the end users gets notified with an email to say so, they click the link and then have to enter their email address to have a code emailed to them which they then enter into the URL provided. This is designed as a 2-step authentication type shield but, as noted above, this 2nd step is entirely cookies based, and cookies present security risks and problems of their own. You can remove this second step so that the end user only has to click on a link to release the email, much like how it works when a spam email has been blocked.
To switch off this need to enrol devices, navigate to: Account > Account Settings > User Access And Permissions, and then untick the Targeted Threat Protection Authentication box.
Open Relay Not Allowed error message
You might run into problems with Mimecast relaying/auto-forwarding messages, especially when you have an automated system setup to forward emails automatically onto a domain that is not your own. A common error message you might get when you check Mimecast for undeliverable errors is: “Reason: Open relay not allowed”.
To get around this, you have to add the destination domain for the relaying to a permitted list by navigating to: Services > Directories > Profile Groups > Relay
Then add to the list from the Build menu as you would with other policies.
Mimecast Digest Notification
Enabling the Digest Notification feature can assist Mimecast end users with finding emails that have been filtered and held for various reasons within the Mimecast administration portal. The end users will be able to release emails directly if they need to.
Log into the Mimecast administration portal and navigate to Services > Gateway > Policies and then select Definitions by the Digest Sets policy.
Then select the definitions set from the next screen, probably called something like Default Digest Set Definition.
You can select the type of emails you wish the email digest to contain, for instance all spam emails, just the attachment policy emails, or any content filtering emails that have been held. You can also select when you would like your end users to receive the digest email. Once you have configured it as you wish, click Save.
To activate it, ensure there is a policy setup to do so. Achieve this by navigating back to the policy list as above but this time simply click anywhere on the Digest Sets row rather than the Definitions button. There should be a policy that looks something like this:
If not then select New Policy and setup a standard policy as you would do normally, with the parameters Applies From Everyone, Applies To Internal Addresses and with the Digest Set name you defined above.
When the digest report is received by the user, they will see three options next to each email in the report – Release / Block / Permit. Clicking Release will immediately release the email and deliver it to the user. The Block option will return to the sender, and all future emails from the same sender will automatically be rejected. The Permit option will release the email, and also add the sender to a whitelist.
Refer to the Help link within the Mimecast portal for further assistance with the feature.
Malicious Content Getting Through Mimecast In Legacy MS Office Files
It is has been known for malicious attachments to get through Mimecast occasionally. A certain breed of these attachments are malicious content and macros within MS Office files such as Word and Excel documents. In particular, the older versions of MS Office files are easier to hide stuff in. As most people do not use the old versions of MS Office, Mimecast have developed a shield to help prevent against these problematic legacy MS Office files. This can be activated by navigating to Services > Gateway > Policies > Attachment Management Definitions > Default Attachment Sets > Block Dangerous File Types. This will take you into a policy properties screen, and the setting you require is:
Finding an email in the Mimecast Portal
This might seem obvious to some but it is a commonly asked question about the portal.
The most effective and quickest way of finding an email of any description, be it delivered, rejected or whatever, navigate to the Services > Gateway > Tracking option, and NOT the Accepted Email option, which only queries email that Mimecast has accepted for processing.
If the Tracking option is not listed under the Gateway menu then the settings for the account are probably configured for 0 days log retention, which isn’t unusual. If this is the case, query this with your Technical Support team.