Skip to main content

MCE Email Configuration

Overview

Currently you must have MCE enabled via the management tool in order to enable email features.

You must configure the following integration features:

See Configuring MindLink Anywhere for further details.

Email service

The email service is required for:

It must target an active SMTP server by providing the address, port and secure socket options, supporting connection via password authentication or no authentication.

Email notifications

When enabled this feature sends out an email to all users who are able to join a group from the configured sender email address using the SMTP server provided. The email protocol headers and contents are configurable and include core group information such as the classification and security contexts of the group, as well as a group link allowing users to quickly join the group if desired.

Email notifications continue to be configured via advanced keys using:

KeyValueDescription
mce.attributesynchronization.user.emailaddress.namemailSpecifies the attribute name used to synchronize the user email address.
mce.attributesynchronization.user.emailaddress.issuerADSpecifies the attribute issuer used to synchronize the user email address, defaults to the specified default attribute issuer if omitted.
mce.emailnotifications.enabledtrueDetermines whether email notifications are enabled, therefore decides if it is included in the MCE cluster or not
mce.emailnotifications.senderaliasalias@domain.comSpecifies the email address alias used to send emails via the SMTP email server.
mce.emailnotifications.basepathhttp://domain:123/Specifies the base URL used to create group links for email notifications, defaults to the web client base URL if omitted.
mce.emailnotifications.prefix<p><span style="background: yellow;"> Hello </span></p>Optionally specifies a template for the header of the email as HTML.
mce.emailnotifications.suffix<p> Disclaimer </p>Optionally specifies a template for the footer of the email as HTML.
mce.emailnotifications.subjectNew GroupSpecifies the subject of the email.
mce.emailnotifications.minimumnotificationintervalminutes1Specifies the minimum time, in minutes, that an email notification will be sent after a user can join a group.
mce.emailnotifications.notificationtimeoutminutes60Specifies the maximum time, in minutes, to wait before attempting to send an email notification with the currently synched user and group data.
mce.emailnotifications.protocolheaders{ "X-Classification": "U", "X-Application": "MindLink Anywhere"}Specifies a collection of protocol-level email headers.
mce.emailnotifications.sender.emailaddressuser@domain.comSpecifies the sender address used to send emails via the SMTP email server.

Chat content export

Exporting content from a group chat can be represented as a five step process:

  1. Retrieve the local user's public certificate from Active Directory
  2. Send this certificate to the MLA web client
  3. Encrypt any selected messages using the public certificate on the MLA web client
  4. Send the encrypted messages alongside some metadata back to the MCE server
  5. Package and send the encrypted messages as an S/Mime email using the configured SMTP server

Visualized by the diagram below:
Chat content export process

It's important to note that the MindLink server does not have access to the message content due to the messages being encrypted on the MindLink Anywhere client. This protects the integrity of the message data in MCE groups.

The integrity of message data is also supported by allowing the configuration of an MCE chat's content copying rule. This rule allows the selection and copying options of message content to be disabled. This feature is designed to remind users that the content of a chat is sensitive and to provide a user experience that disuades message content leaving the chat. Instead, users that may wish to export group content should now do so through the secure chat content export feature, if enabled.

The group content copying and export controls are determined by the security context(s) in which a group is created. There are configurable global default options for the controls set on a security context meaning it is not necessary to specificy the option on each Security Context controls using the PowerShell command. For more documentation on changing the configuration of a security context, please refer to the Set-MceSecurityContext command.

Management Center configuration

We must configure the settings of the MCE Email services through the appropriate page in the Management Center.

Email management tool page

Email service
Specify the email service information, requires MCE enabled.

  • Enable MCE email service: Enables the email service and allows further configuration of the service.
  • SMTP server address: Specifies the SMTP server address used to send emails to users.
  • SMTP server port: Specifies the port used to access the SMTP server, used in combination with the address for connection.
  • SMTP server secure socket options: Specifies the preferred secure socket communication method.
    • None: No SSL or TLS encryption should be used.
    • Auto: Allow the SMTP server to decide which SSL or TLS options to use. If the server does not support SSL or TLS, then the connection will continue without any encryption.
    • SSL on connect: The connection should use SSL or TLS encryption immediately.
    • Start TLS: Elevates the connection to use TLS encryption immediately after reading the greeting and capabilities of the server. The server connection will fail if the server does not support the STARTTLS extention.
    • Start TLS when available: Elevates the connection to use TLS encryption immediately after reading the greeting and capabilities of the server, but only if the server supports the STARTTLS extension.
  • Trust insecure certificates: Allows self-signed certificates to be trusted.

SMTP server authentication
Specify whether to use password credentials to connect to the SMTP server.

  • Enable SMTP server password authentication: Determines whether to use password authentication when connecting to the given SMTP server.
  • Authentication username: Specifies the username for password authentication.
  • Authentication password: Specifies the password used in combination with the username for authentication.
    • Note that the password is not currently encrypted when persisted.

Secure content export
Specify the settings used for secure chat content export.

  • Enabled chat content export: Enables securely exporting chat content and allows further configuration of the feature.
  • LDAP Search filter template: Specifies the filter used to find users and retrieve user certificates used for encryption. Requires a template value of {0} which represents the linked authentication identity for users (default (msRTCSIP-PrimaryUserAddress={0})).
  • Primary S/MIME Certificate Attribute Name: The first attribute name that will be used for looking up valid S/MIME certificates. Leaving blank will default to userSMimeCertificate.
  • Secondary S/MIME Certificate Attribute Name: The second attribute name that will be used for looking up valid S/MIME certificates if no certificates are found against the primary attribute name. Leaving blank will default to userCertificate.
  • Require trusted certificate root: When enabled the S/MIME certificate will have its certificate chain validated.
  • Sender email address Specifies the email address used as the sender for exported chat content.
  • Sender email alias Specifies the email alias used as the sender for exported chat content.
  • Email subject: Specifies the email subject when receiving exported content emails. Supports template for including the group name in email subject by including template string {GroupName}.
  • Email body prefix: Specifies the prefix to include before the exported group chat content within the email. Supports template for including the security contexts of the exported group by including template string {SecurityContext}.
  • Email body suffix: Specifies the suffix to include after the exported group chat content within the email. Supports template for including the security contexts of the exported group by including template string {SecurityContext}.
  • Enable secure chat content export by default: Determines the default value for secure chat export on security contexts which do not explicitly specify a value.
  • Enable content copying by default: Determines the default value for content copying on security contexts that do not explicitly specify a value.

Email protocol headers
Specify the protocol level headers on emails for secure chat export.

  • Email Protocol headers: Specify optional header name and value pairs to include on the exported email. Supports template for including the security contexts and/or the classification of the exported group by including template strings {SecurityContext} and {Classification} respectively.