Adding an "Attachment Options" Button to a Notes Mail Database for the SecurTrac's Secure E-mail Attachment Delivery Feature

Introduction

SecurTrac’s Secure E-Mail Attachment Delivery feature can virtually eliminate the possibility of e-mail attachments being filtered or quarantined by external e-mail systems. This is achieved when the outbound e-mail reaches your company perimeter Domino SMTP server that is running SecurTrac. SecurTrac will intercept outgoing e-mails and will relocate any or selected file attachments in the e-mail to a secured storage repository on the Domino server. The e-mail message body is updated to include a secret URL link, where external e-mail recipients can download the attachment(s) via HTTP or securely via HTTPS. To further authenticate the recipients, they can be asked for authentication code when downloading the file attachments. The authentication code is delivered to the recipient by e-mail when requested.

It is possible to add an "Attachment Options" button to a Notes mail database, so that when user uses that mail database to compose a new e-mail from his/her Notes client, he/she can press the "Attachment Options" button to launch a dialog box, which allows he/she to choose whether and what attachments will be replaced with download links, and also capable to control whether verification code is needed to download the attachment. In this guide we will describe how to setup the corresponding SecurTrac configuration and how to add the "Attachment Options" button to a Notes mail database.



Pre-requisites

Before trying to enable the Secure E-Mail Attachment Delivery feature and adding an "Attachment Options" button to your Notes mail database, you will have to install SecurTrac 2.6 or a later version on your company perimeter Domino SMTP server at first. HTTP task must be running on that Domino server, and that server must be accessible by external Web users. For details about installing SecurTrac on your Domino server, please refer to the SecurTrac Administration Guide.



Configuring the SecurTrac Configuration Database

You will have to setup two SecurTrac Mail Policy documents for the Secure E-Mail Attachment Delivery feature. In addition, you will have to configure the "Attachment settings" in the SecurTrac Server document.
Hide details for Mail Policy document (need verification code to download attachment)Mail Policy document (need verification code to download attachment)


1.

Use Notes client to open the SecurTrac Configuration database (SecurTrac\SctCfg.nsf) on your perimeter Domino SMTP server.

2.

Select "Mail Policy" from the left pane.

3.

Click the "Create Mail Policy" button from the right pane.

4.

In the Mail Policy document, configure the following settings:

Basics tab:
Server(s) – Only the following:
Specify the name of your perimeter Domino SMTP server.
Description (Optional):
Specify an optional description for this mail policy, e.g. "Replace Download Link (with verification code)".

Policy tab:
E-Mail Type – Select the type of e-mail to be inspected:
Choose "Outgoing E-Mail to the Internet".
Criteria to Match – Specify criteria by using:
Choose "Formula Editor", and then copy and paste the following formula into the "Log if formula is true" field:

@IF (@Attachments > 0 & (SCTAttLinkEnabled = "1" | X_SCTAttLinkEnabled = "1") & (SCTAttLinkNeedVerify = "1" | X_SCTAttLinkNeedVerify = "1") & (SCTAttLinkIsForAllFiles = "1" | X_SCTAttLinkIsForAllFiles = "1" | !@IsNotMember(SCTAttLinkToFiles:@URLDecode("UTF-8";@Explode(X_SCTAttLinkToFilesEncode;",;"));@AttachmentNames)); @True; @False)

Note that "SCTAttLinkEnabled", "SCTAttLinkNeedVerify", "SCTAttLinkIsForAllFiles" and "SCTAttLinkToFiles" are Notes fields that would be added into an e-mail by the "Attachment Options" button. Depending on the mail routing topology of your environment, Domino server may add the corresponding "X_" fields (i.e. the x-headers) into the e-mail when routing the outbound message to your company perimeter SMTP Domino server through SMTP/MIME.
Action:
Choose "Audit and Replace attachment(s) with download link(s)".

Leave the "And replace with the following text" field with the default value "[Download attachment "%AttachmentName%" (%AttachmentSize%)]", or modify the text if you like. Note that both %AttachmentName% and %AttachmentSize% are reserved keywords which will be replaced with the name and size of the corresponding attachment in the e-mail.

Select the "Need Verification Code to download attachment" checkbox.

Select the "Customize E-mail Notification Message" checkbox if you want to modify the subject and/or body message of the notification message.

Select the "Stop processing other policies when this policy is triggered" checkbox.

5.

Leave other fields as default values and press the "Save and Close" button.
Hide details for Mail Policy document (do not need verification code to download attachment)Mail Policy document (do not need verification code to download attachment)


1.

Use Notes client to open the SecurTrac Configuration database (SecurTrac\SctCfg.nsf) on your perimeter Domino SMTP server.

2.

Select "Mail Policy" from the left pane.

3.

Click the "Create Mail Policy" button from the right pane.

4.

In the Mail Policy document, configure the following settings:

Basics tab:
Server(s) – Only the following:
Specify the name of your perimeter Domino SMTP server.
Description (Optional):
Specify an optional description for this mail policy, e.g. "Replace Download Link (without verification code)".

Policy tab:
E-Mail Type – Select the type of e-mail to be inspected:
Choose "Outgoing E-Mail to the Internet".
Criteria to Match – Specify criteria by using:
Choose "Formula Editor", and then copy and paste the following formula into the "Log if formula is true" field:

@IF (@Attachments > 0 & (SCTAttLinkEnabled = "1" | X_SCTAttLinkEnabled = "1") & !(SCTAttLinkNeedVerify = "1" | X_SCTAttLinkNeedVerify = "1") & (SCTAttLinkIsForAllFiles = "1" | X_SCTAttLinkIsForAllFiles = "1" | !@IsNotMember(SCTAttLinkToFiles:@URLDecode("UTF-8";@Explode(X_SCTAttLinkToFilesEncode;",;"));@AttachmentNames)); @True; @False)

Note that "SCTAttLinkEnabled", "SCTAttLinkNeedVerify", "SCTAttLinkIsForAllFiles" and "SCTAttLinkToFiles" are Notes fields that would be added into an e-mail by the "Attachment Options" button. Depending on the mail routing topology of your environment, Domino server may add the corresponding "X_" fields (i.e. the x-headers) into the e-mail when routing the outbound message to your company perimeter SMTP Domino server through SMTP/MIME.
Action:
Choose "Audit and Replace attachment(s) with download link(s)".

Leave the "And replace with the following text" field with the default value "[Download attachment "%AttachmentName%" (%AttachmentSize%)]", or modify the text if you like. Note that both %AttachmentName% and %AttachmentSize% are reserved keywords which will be replaced with the name and size of the corresponding attachment in the e-mail.

Do not select the "Need Verification Code to download attachment" checkbox.

Select the "Customize E-mail Notification Message" checkbox if you want to modify the subject and/or body message of the notification message.

Select the "Stop processing other policies when this policy is triggered" checkbox.

5.

Leave other fields as default values and press the "Save and Close" button.
Hide details for Configuring the SecurTrac Server DocumentConfiguring the SecurTrac Server Document


1.

Use Notes client to open the SecurTrac Configuration database (SecurTrac\SctCfg.nsf) on your perimeter Domino SMTP server.

2.

Select "Server Settings" from the left pane.

3.

From the right pane, double click on the Server document of your perimeter Domino SMTP server to open it up, and then press the "Edit Document" button.

4.

In the Server document, configure the following settings:

Settings tab:
Download Server Host Name:
SecurTrac would use the specified server's host name to compose the URL links for users to download the file attachments.
For MIME messages, download Link Position:
Select either "Prepend" or "Append" according to your preference.
Cleanup Attachment (days):
Specify the number of days after which the attachments stored in the SecurTrac Attachment Download database will be deleted.
Session Time-out:
Defaults to 15 minutes. Specify "0" if you want to require users to enter the verification code for every file download.

5.

Press the "Save and Close" button after making the changes in the document.


Configuring the Domino Configuration Settings for the Perimeter Domino SMTP Server

Depending on the mail routing topology of your environment, there are chances that outbound e-mails get routed to your company perimeter Domino SMTP server through SMTP/MIME. When this happens, those "SCTAttLink" fields added by the "Attachment Options" button may be automatically removed by the Domino server during mail routing, and hence the SecurTrac's Secure E-mail Attachment Delivery feature may not work as expected. In order to solve that, we need to configure additional settings to instruct your Domino server to generate the corresponding "X_" fields (i.e. the x-headers in the outbound SMTP messages) for those "SCTAttLink" fields.
Hide details for Steps for setting up the "MIME - Advanced Outbound Message Options"Steps for setting up the "MIME - Advanced Outbound Message Options"


1.

Launch the Domino Administrator client.

2.

From the Domino Administrator client, open your company perimeter Domino SMTP server, and then click the "Configuration" tab.

3.

From the "Configuration" tab, click "Messaging >> Configurations".

4.

Create/Edit the "Configuration Settings" document for the perimeter Domino SMTP server.

5.

From the "Configuration Settings" document, select "MIME >> Advanced >> Advanced Outbound Message Options" tab.

6.

Copy and paste the following value to the "Always send the following Notes items in headers" field:

SCTAttLinkEnabled, SCTAttLinkNeedVerify, SCTAttLinkIsForAllFiles, SCTAttLinkToFilesEncode


7.

Press the "Save and Close" button after making the changes in the document.


Adding an "Attachments Options" button to a Notes Mail Database

In order to add an "Attachment Options" button to a Notes mail database, you will have to copy and paste two subform design elements into the mail database by using Domino Designer client.
Hide details for Steps for adding the "Attachment Options" buttonSteps for adding the "Attachment Options" button


1.

Download the sample customized Notes mail template from the Extracomm website: Notes Mail Template with Attachment Options Button

2.

Open the sample Notes mail template with Domino Designer client.

3.

Open your mail database with Domino Designer client.

4.

Copy and paste the "SCTAttLinkOptions" and "SCTAttLinkSubform" subforms from the sample Notes mail template to your mail database.




5.

Insert the "SCTAttLinkSubform" subform into the "Message", "Reply" and "Reply with History & Attachments" forms of your mail database.




6.

There are two optional parameters can be specified in the notes.ini of the user's Notes client for controlling the default values of the Attachment Options dialog box:

$SCTAttLinkEnabled=1
Adding this will enable "Replace attachment(s) with download links" and "Apply to all attachments" by default.

$SCTAttLinkNeedVerify=1
Adding this will enable "Need verification code to download the attachment" by default.