Zivver Plugin Assisted Mail Submission (PAMS) with Microsoft Exchange on-premise

Introduction

This guide explains how to set up Zivver Plugin Assisted Mail Submission (PAMS) in combination with Microsoft Exchange on-premise. If your organization is using Microsoft Exchange Online (Office 365), please continue with this manual

Implement PAMS to allow Microsoft Exchange on-premise to process a Zivver message, that is sent from Microsoft Outlook (for Windows) by using the Zivver Office Plugin. This would allow Microsoft Exchange on-premise to perform actions on securely sent messages. Examples of such actions are: placing an automatic signature or disclaimer at the bottom of the outgoing message, archiving the message or making the message available for eDiscovery. These actions can take place on both to the message body as well as any additional attachment.

Without PAMS a Zivver message would be sent directly to the Zivver server by the Zivver Office plugin. Because of that Microsoft Exchange on-premise will not be able to process the message, including any additional attachments. Attachments added via the Zivver attachment button in the Zivver Office Plugin for Microsoft Outlook (for Windows) are directly uploaded to the Zivver server. This would allow you to add an attachment up to 5 TB.

Once PAMS is implemented you can no longer add an attachment via this Zivver attachment button in the Zivver Office Plugin, as these attachments would otherwise not be processed by Microsoft Exchange on-premise. Because you implement PAMS to let Microsoft Exchange on-premise process attachments you can only add attachments up to 50 MB when PAMS is implemented. This maximum size can be lower depending on the maximum message size limit set in Microsoft Exchange on-premise.

Technical requirements

To implement Zivver Plugin Assisted Mail Submission (PAMS) your organization must meet the following technical requirements:

  • Zivver Office plugin v5.2.3 or higher for Microsoft Outlook (for Windows) is installed.
  • Microsoft Exchange on-premise 2013 or higher is used.
  • The following changeds need to be made in Microsoft Exchange on-premise:
    • An Accepted domain
    • A Contact
    • A Mail Flow Rule
    • A Send Connector
    • Optional: the maximum size limit of a message sent through a Send connector might need to be increased. The standard maximum size limit in Microsoft Exchange on-premise is set to 10 MB. The Zivver SMTP Server can process a maximum of 50 MB per message, including any additional attachments.

Activate Plugin Assisted Mail Submission in the Zivver Office plugin

Zivver Plugin Assisted Mail Submission (PAMS) can be activated in Zivver Office plugin v5.2.3 or higher by using the following registry key:

EnableMailAssistedSubmission

This registry key ensures that the Zivver Office Plugin will no longer send a message directly to the Zivver server. Instead, Microsoft Outlook (for Windows) will deliver the sent Zivver message to Microsoft Exchange on-premise. This would allow Microsoft Exchange on-premise to execute certain actions on the securely sent message. Microsoft Exchange on-premise can perform these actions in a certain order. The final step that needs to be performed is that Microsoft Exchange on-premise should filter the sent Zivver message and submit it to Zivver SMTP server. Without this final step Microsoft Exchange on-premise will deliver the sent Zivver message as unsecured email message to the recipient(s).

Location in the registry:
HKEY_CURRENT_USER\Software\Zivver\OfficePlugin\Settings\

Register value:
REG_DWORD with the name EnableMailAssistedSubmission and a value of 1.

You can turn off PAMS by setting the value of this registry key to 0.

Never enable PAMS in the Zivver Office Plugin without making the required changes to Microsoft Exchange on-premise, otherwise the sent Zivver message will be delivered as unsecured email message to the recipient(s).

Implement Plugin Assisted Mail Submission on Microsoft Exchange on-premise

The following changes need to be made in Microsoft Exchange on-premise to be able to use Plugin Assisted Mail Submission (PAMS):

  1. Create an Accepted domain
  2. Create a Contact
  3. Create a Send Connector
  4. Create a Mail Flow Rule
  5. Optional: increase the maximum size limit of a message sent through a Send Connector to be able to send a message, including attachments, larger than 10 MB.

These changes are required as without them Microsoft Exchange on-premise will deliver the sent Zivver message as unsecured email message to the recipient(s). Always make sure to make these required adjustments in Microsoft Exchange on-premise if PAMS is activated in the Zivver Office Plugin.

Send Connector
PAMS uses a Send Connector in Microsoft Exchange on-premise. An outbound message can only be processed by one Send Connector. Therefore, check in advance which Send Connectors are set up in Microsoft Exchange on-premise. It may not be possible to implement PAMS if next to the Zivver Send Connector, it is required that a specific Send Connector should process the sent Zivver message. If this is the case or if you need any help please contact Zivver (enterprise@zivver.com).

Create an Accepted domain

The first step is to add a new accepted domain in Microsoft Exchange on-premise. This is a placeholder domain name and should not refer to any existing domain.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Accepted domains.
  5. Add a new domain.
  6. Enter a name.
    For example: Zivver Plugin Assisted Mail Submission
  7. Specify the accepted domain.
    For example: zivver.org
  8. Select for This accepted domain is the option Authoritative.
  9. Click Save.
    The placeholder accepted domain is now created as an accepted domain within Exchange.

Create a Contact

The second step is to create a contact person in Microsoft Exchange on-premise. This contact uses the placeholder domain that was created in the previous section.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Recipients in the menu on the left.
  4. Go to Contacts.
  5. Create a new Mail Contact.
  6. Enter a display name.
    For example: Relay to Zivver
  7. Enter a name.
    For example: Relay to Zivver
  8. Enter an alias.
    For example: relay
  9. Enter the external email address.
    Use the placeholder domain that was created in the previous section. For example: relay@zivver.org
  10. Click Save.
    The contact person is now created.

Create Send Connector

The third step is to make sure that Microsoft Exchange on-premise can submit a securely sent message to smtp.zivver.com. A Send Connector is used for this.

Send Connector
An outbound message can only be processed by one Send Connector. Therefore, check in advance which Send Connectors are set up in Microsoft Exchange on-premise. It may not be possible to implement PAMS if next to the Zivver Send Connector, it is required that a specific Send Connector should process the sent Zivver message. If this is the case or if you need any help please contact Zivver (enterprise@zivver.com).
  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Send connectors.
  5. Add a new connector.
  6. Enter a name.
    For example: Zivver Plugin Assisted Mail Submission.
  7. Select for Type either Custom or Partner.
  8. Click Next.
  9. Select the option Route mail through these smart hosts.
  10. Click Add.
  11. Enter smtp.zivver.com.
  12. Click Save.
    The added smart host is now shown in the list.
  13. Click Next.
  14. Select for Smart host authentication the option Basic authentication.
  15. Enable the option Offer basic authentication only after starting TLS.
  16. Generate Mail Submission SMTP credentials in the Zivver Organization Settings.
  17. Enter for User name: the generated SMTP username.
  18. Enter for Password: the generated SMTP password.
  19. Click Next.
  20. Click Add.
  21. Enter for Type SMTP.
  22. Enter for FQDN the fictional domain.
    For example: zivver.org
  23. Enter for Cost a 1.
  24. Click Save.
  25. Enable the option Scoped send connector.
  26. Click Next.
  27. Click Add.
  28. Select a server.
  29. Click OK.
  30. Click Finish.
    The Send Connector is set up to process all messages that are sent to this placeholder domain.

Create Mail Flow Rule

The fourth step is to create a Mail Flow Rule in Microsoft Exchange on-premise that filters out the securely sent messages. A filtered, securely sent message is redirected to the contact person that uses the fictional domain.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Rules.
  5. Create a new rule.
  6. Give the rule a name.
    For example: Zivver Plugin Assisted Mail Submission.
  7. Click in the bottom of the screen on More options.
  8. Under Apply this rule if… select A message header… that Matches these text patterns.
  9. Click Enter text….
  10. Enter zivver-relay.
  11. Click OK.
  12. Click Enter Text Patterns….
  13. Fill in ..*.
    That is 2 dots, 1 wildcard, 1 dot.
  14. Click Add.
  15. Click OK.
  16. Under Do the following… select Redirect the message to… and then These recipients.
  17. Look up the contact person that was created previously and select it.
  18. Click Add ->.
  19. Click OK.
  20. Click add action
  21. Choose Modify the message properties … > set a message header
  22. Click the first Enter text … link
  23. Enter x-zivver-ignore-smtp-recipients
  24. Click OK
  25. Click the second Enter text … link
  26. Enter true
  27. Click OK
  28. Select for Choose a mode for this rule the option Enforce.
  29. Enable the option Defer the message if rule processing doesn’t complete.
    If you enable this option, a message will not leave Exchange until the message has been checked by this rule. If for any reason Exchange temporarily does not check messages for this rule, processing these messages will be paused.
  30. Click Save.
    Verify that the priority of the newly created Mail Flow Rule is correct. Adjust the priority if necessary to ensure that the various rules have the desired effect.
  31. Enable the rule to activate it.
    The Mail Flow Rule is now set and activated.

All sent messages are now checked and, depending on the existence of the Zivver Plugin Assisted Mail Submission mail header, redirected to the contact person that uses the fictional domain. The Zivver Send Connector “catches” all messages to this placeholder domain. This Zivver Send Connector then submits these messages to the Zivver SMTP Server.

Optional: increase the maximum size limit of a message sent through a Send Connector

Plugin Assisted Mail Submission (PAMS) uses a Send Connector in Microsoft Exchange on-premise. The standard maximum message size limit of a Send Connector is set to 10 MB. If needed you can increase this maximum message size limit. The Zivver SMTP Server can process a maximum message size limit of 50 MB, including any additional attachments.

  1. Go to the Exchange Administrative Center (EAC).
    For example via https://ExchangeServerFQDN/ecp/.
  2. Log into EAC as an administrator.
  3. Go to Mail Flow in the menu on the left.
  4. Go to Send connectors.
  5. Select the Send Connector created in the previous section. For example: Zivver Plugin Assisted Mail Submission.
  6. Select or enter a higher value in the field **Maximum send message size (MB) Do note that the Zivver SMTP Server can process a maximum message size limit of 50 MB, including any additional attachments.

Perform a test

After all the required changes have been made in Microsoft Exchange on-premise, Zivver Plugin Assisted Mail Submission (PAMS) can be tested. The steps below explain how you can test whether the changes have been made correctly:

  1. Open Microsoft Outlook (for Windows).
  2. Log in to the Zivver Office plugin with a Zivver account.
  3. Compose a new message to someone outside of your own organization (for example, to a private email address).
  4. Enable the option Secure mail (the Zivver slider is set to the right).
  5. Send the message.

If PAMS is set up properly, the recipient will receive a Zivver notification message. If the message does not arrive or if an unsecured message is delivered, then PAMS is not set up properly. Please check all the steps discussed in the previous sections. You can also check the Microsoft Exchange Delivery Reports for any errors.

Was this article helpful?

thumb_up thumb_down