Jump to:navigation, search


Deployment and configuration of "UMA as a Service" - cloud-based email archiving

Last adaption: 11.2021


Reasons for using UMA as a Service

Managed services in IT security is much more than just offering technical solutions. Managed service means being able to offer a defined service for small environments both cost-effectively and with high availability at no cost for your own infrastructure.

UMA as a Service offers these advantages to your customers:

  • Legal advantages:
    • Signing of emails and documents with qualified time stamps
      (manipulation-free and court-proof archiving.)
    • Audit-proof email archiving to the highest standards
    • Compliance with legal requirements,
      • GoBD (Grund­sät­ze zur ord­nungs­mä­ßi­gen Füh­rung und Auf­be­wah­rung von Bü­chern, Auf­zeich­nun­gen und Un­ter­la­gen in elek­tro­ni­scher Form so­wie zum Da­ten­zu­griff / Principles for the orderly keeping and retention of books, records and records in electronic form and for data access)
      • German Commercial Code (HGB)
      • German Tax Code (AO, Abgabenordnung)
      • Basel II
      • BSI TR 03125 (Technische Richtlinie des Bundesamt für Sicherheit in der Informationstechnik / Technical guideline of the Federal Office for Information Security, national cyber security authority in Germany)
    • Rule-based storage
    • Automatic storage based on legal archiving periods
  • Operational advantages:
    • Increases the performance of an existing mail server and releases storage capacity by outsourcing historical emails.
    • Powerful search engine for emails and documents
    • Sorting, categorization and indexing of emails and documents
    • Permanently reduces email storage costs by rule-based deletion of unneeded emails.
    • Data backups are significantly simplified with UMA

In addition, UMA as a Service offers the following advantages for resellers:

  • It is multi-client capable for up to 50 customers.
  • Provision of up to 500 mailboxes
  • Optimization for Office 365
  • No change to the customer's infrastructure is necessary

Securepoint supports you with these services:

  • Complete provision
  • Journal email mailboxes
  • backup
  • monitoring
  • Updates and Support

Organizational requirements

UMA v3.1 Dashboard UMAaaS-en.png

The Managed Service "UMA as a Service" can be ordered either via the TERRA CLOUD Center or via the api Cloud.

  • For an order in the TERRA CLOUD Center, the account there must be linked to a corresponding Securepoint Reseller Account. This is configured in the settings (gearwheel at the bottom left) under "My additional services" → "Securepoint".

    After successful linking you will find our products under: "TERRA CLOUD" -> "Security as a Service". If you have any further questions regarding the ordering process, please contact the WORTMANN AG Security Team (e-mail: security@wortmann.de). Please use only the URL www.terracloud.de for orders.

  • For an order via api Cloud the account there must be linked with a corresponding Securepoint Reseller-Account. This can be configured in the settings (gearwheel at the bottom left) under "My additional services" > "Securepoint".

    If you have further questions about the order process, please contact the api Security Team (e-mail: security@vad4u.de).

The service is provided by the company Wortmann AG and hosted on their servers in Germany and configured and maintained by Securepoint.
If the service is provided, a mail with the required credentials will be sent.
The password for administrator access is communicated by telephone and must not be changed! We need the credentials for the maintenance of the Managed Service (updates, monitoring etc.) !

  • Konfiguration

    Create e-mail domains

    System Settings  /  Mailserver

    By default, email addresses are provided for receiving mails for archiving under the domain archiv.securepoint.cloud. This access is already preconfigured.
    Additional domains can be added whose access must be configured in the Remote email accounts section.

    Remote Mailserver settings
    Email domains: ttt-point.onmicrosoft.com
    Example for Office 365 domain
    Submit email domain with add See also the wiki article on Office 365 accounts.

    In order to archive an email for an account, the complete email domain must be stored here.

    The administration center allows further settings, which should however not be changed in any case without consulting our support.

    Remote email accounts
    Changes only after consultation with our support!
    Remote Smarthost Settings
    Not configured
    Remote email accounts
    At this point, the central mailbox is configured where all emails to be archived arrive.
    The assignment to individual users with their mail addresses is done in the Accounts tab or UMA NG v3 (New or Upgrade from June 15, 2020): on the Mail Accounts . With Add account additional mailboxes can be configured.
    Name: Xnnnnn Name of the connection to the server Wird von Securepoint vergeben
    Servername: imap.archiv.securepoint.cloud Adresse des Servers, auf dem die zu archivierende Mails eintreffen. Wird von Securepoint vergeben
    Protocol: Auto The protocol used (POP3 or IMAP) with which the UMA collects the emails from the mail server. With the AUTO option, the UMA automatically searches for the protocol used on the mailserver.
    Username: Xnnnnn User name used to log on to the mailserver.
    Password: •••••• Password for logging on to the server on which the mails to be archived arrive.
    Fetch Mails Every: 1 Minute (Default) Frequency with which the mails are collected
    Keep Mails Activate only for test and verification purposes, otherwise the mailbox will overflow.
    SSL: Required
    Disable MS Journal-Envelope Autodetection With activation the detection of the header entries "MS Journal-Envelope" is switched off.
    BCC recipients are not in the original mail header. Detecting the header entries "MS Journal-Envelope" enables the UMA BCC recipient to detect them in the Exchange header and assign them to a user account.
    Max. E-Mail Size: Disabled Can be set between disabled and 1- 100MB.

    Configuring User Accounts

    System Settings  /  Mail Accounts

    User Repository
    User repository
    Local users
    Local users
    Only local user lists can be used.
    To be able to use AD or LDAP directory services an UMA as Hardware or VM is necessary.

    Local users
    Add user
    Add user
    Username: Username for access to the UMA email archive. ( user-definable)
    The username cannot be changed later anymore.
    We recommend absolutely to provide the username with a customer-specific prefix. This ensures an overview when displaying the accounts and avoids problems with identical names!
    Password Password, for access to the UMA e-mail archive
    First Name: First name of the user
    Last Name: User's last name
    E-Mail Mail address to which the user has access, e.g.: user@ttt-point.onmicrosoft.com . Here several addresses can be defined with hinzufügen.
    In order for the emails to be archived, the corresponding mail domain (here: ttt-point.onmicrosoft.com) must be entered under / Remote Email Server Settings.
    Save Completion of the process
    CSV Import
    CSV Import
    A .csv file with the following format can be imported: User ID, password, first name, last name, email, further email
    Any number of email addresses can be specified.
    The content of the .csv file must be UTF-8 encoded and without header line.
    Datei auswählen Selecting an Import File
    Import Completion of the process
    CSV Export
    CSV Export
    Download The user list can be exported with the following information:
    User ID, password, first name, last name, e-mail, other e-mail addresses
    The content of the .csv file is UTF-8 encoded and without headers.

    Select Accounts

    Select Accounts to store
    Enable manual select
    Choosing this option allows you to restrict archiving to individual accounts.
    When removing mail accounts from archiving, it must be noted whether legal regulations on storage are affected!
    User Search     Immediately filters the displayed accounts for contained characters.