Posts Tagged ‘mimecast’

The receiving party needed details to enable TLS enforcement 

Mimecast TLS CA 

CN = DigiCert TLS RSA SHA256 2020 CA1
O = DigiCert Inc
C = US

Cipher Strength : 256

Certificate Key Size : 2048

TLS Version : 1.2

GD Star Rating
loading...
GD Star Rating
loading...

When users try and use the Mimecast for Outlook Add-in they login and get Application Disabled

  1. Make sure this is ticked
  2. Restart Outlook then try again
  3. Sometimes Mimecast caches Authentication Profiles locally in C:\Users\%username%\AppData\Roaming\Mimecast\msw.s3db , Delete this file with Outlook closed and try again
GD Star Rating
loading...
GD Star Rating
loading...

Both Mailguard and Mimecast have a list of allowed emails for users. When migrating from one platform to another you will need to copy these over.

Mailguard does not have an export function for its “Active Whitelist” so you will need to copy the Table produced in the Admin Panel into Excel and remove all but your two columns of emails.

These two columns will need some more manipulation as they mix up Senders and Receivers in the lists and Mimecast needs one Column for Each. But the First Column in A in Excel and he Second in B

In C1 add the following ( If A1 does has @domain.com in it list it , if B1 has @domain.com in it list it ) 

=IF(ISNUMBER(SEARCH(“@domain.com”,A1)),A1,””)&IF(ISNUMBER(SEARCH(“@domain.com”,B1)),B1,””)

In D1 add the following ( If A1 does not have @domain.com in it list B1 , if B1 has @domain.com in it list A1) 

=IF(NOT(ISNUMBER(SEARCH(“@domain.com”,A1))),,B1)&IF(NOT(ISNUMBER(SEARCH(“@domain.com”,B1))),,A1)

Example

Once one , create a .xls file with columns

# addresstrusted_sendersblocked_sendersapproved_senders

Add the domain.com to #Address

Add the other domain field to either trusted_senders ( Allow Spam and Attachments ) or Approved Senders ( Allow Spam ) 

Import into Mangaed Senders using the PostIni Option 

GD Star Rating
loading...
GD Star Rating
loading...

Trying to setup a Mimecast Sync Engine Application on Prem out the Box comes up with 

“validation failed: invalid mimecast user or insufficient permissions”

This is because by default 2fa is enabled on all Accounts created in Mimecast , you need create a new Authentication Profile and Disable 2fa on this , then assign it to that user group and bind it all together with a Profile

 

GD Star Rating
loading...
GD Star Rating
loading...

 

Failed authentication for XXXX, Date: 2019-11-26, Time: 13:26:01 AEDT, IP: X.X.X.X, Application: MfO, Method: IWA, Reason: Wrong password

 

Failed authentication for XXXX, Date: 2019-11-22, Time: 15:13:23 AEDT, IP: X.X.X.X, Application: App Launcher, Method: EWS Basic, Reason: Wrong password

Application: MfO = Mimecast for Outlook

Application: App Launcher = MyApps Webbased portal

Method = IWA ( Intergrated Windows Authentication ) usually from the Mimecast Outlook Add In

Method =  EWS Basic ( Used by Domain Authentication to check onprem ) 

GD Star Rating
loading...
GD Star Rating
loading...

 

Latency Threshold – I would say to start with 50-60 Seconds to avoid any false positives.

Failure Counter threshold –  I would suggest to start with 5-6 for the same reasons.

Admin Notifications – I would suggest to notify via SMS as well, in case email is down. But if you are doing that, you will firstly have to make sure you are syncing the Mobile numbers from AD using the correct AD Attribute in Mimecast(https://community.mimecast.com/docs/DOC-1478). Then you also have to make sure that you set that attribute up to be used as the mobile attribute for SMS notifications in Administration > Account > Account Settings > System Notification Options. Then, you also have to make sure that the admins that need these SMS notifications, subscribe to them. Guidance on subscribing here – https://community.mimecast.com/docs/DOC-2085. Further details on using SMS in Continuity Here – https://community.mimecast.com/docs/DOC-2104.

Affected Group – You have to select a group that covers all users. Otherwise when you get the notification, if you opt to start a Continuity Event from the dashboard, it will only affect the Admin group you have selected.

GD Star Rating
loading...
GD Star Rating
loading...

 

Recently I tried to setup a 365 Send connector to relay it through another third party Mimecast ( https://community.mimecast.com/docs/DOC-1623 ) . Mimecast confirmed they had enabled the Tenant domains to relay through Mimecast.

 

The send connector was Failing as the last Step, however I was receiving the email. After numerous calls with office 365 support they came back with the reply “We don’t support technical help with Third Party SMTP Servers”

Checking the headers on the email that came through showed the validator wasn’t even relaying through Mimecast.

Enabling the Send Connector and trying again resolved the issue , however it’s a flawed design , because after enabling it during the validation if any user tries to send out and it doesn’t work they will produce an NDR

GD Star Rating
loading...
GD Star Rating
loading...