7021038: Configuring and Troubleshooting IMAP at the POA

Both GWAVA 3.7 and GWAVA 4 need to be able to establish an IMAP connection with the post office in order to accomplish various tasks.

Before you do anything, you must consider the location of your POA. If your POA is on the same server as the GWIA you need to be careful how you configure IMAP to avoid any port conflicts. The GWIA by default will be running IMAP on port 143. We recommend you enable IMAP on the POA using port 142 or 144. The following example will assume the GWIA is on the same server as the POA, but if the POA is alone on the server the ports are of no concern.

Open Novell ConsoleOne (make sure you are logged into the Novell Client as admin). Then open your domain. Select Post Office Agents.

Right-click on your POA. Select Properties.

Enable IMAP

First, Enable IMAP by checking it in the agent settings subsection of GroupWise.

Right-click the GroupWise tab. Select Agent Settings.

Change IMAP Port

If necessary, change the port number in the network address subsection.

Right-click the GroupWise tab. Select Network Address.

Change the port number (142 or 144).

Verify IMAP Listener Starts

After you have made the appropriate changes click Apply and then Close. The changes will be pushed down to your POA. A message like the following will appear in the agent screen.

At this point IMAP will be set up and the POA will be listening for incoming IMAP connection on port 142 or 144.

If however, you do not see this line, refer to troubleshooting.

Verify the POA is listening

To verify that the POA is listening, open a command prompt and attempt a telnet connection on port 142 (or whatever port you have specified) as shown below.

You should get a response that looks similar to the one below. Type ao1 logout to exit.


If you get a screen that looks like this when you look at the POA screen:

You have a port conflict. The POA will exit after you have seen this message.

Go into ConsoleOne and change the port as shown in the above section Change IMAP Port. Then you will need to rebuild the PO database in order for the POA to use the port you changed upon startup.

If when you tried the telnet connection and you get the following:

There are four possible reasons for this:

1) The POA is not running. Please verify that the POA is loaded on the NetWare server.

2) You might be using the wrong IP address. Please verify you are trying to connect to the right IP address. You can verify that by typing ipconfig at the NetWare server console.

3) You are using the wrong port number. Please verify the port number by looking at the port in ConsoleOne. Refer to the above section Change IMAP Port.

4)The POA is not listening yet for any incoming connections. Please refer to the section

Verify IMAP Listener Starts. If there is no such message in the POA log, please verify that the settings are correct in ConsoleOne by referring to the above sections Enable IMAP and Changing IMAP Port.

If you get a screen that looks like the following, but the POA dredger or Post Office Scans fail.

Chances are you are connecting to your GWIA IMAP listener. Verify that you have the right IP address set up and that you are trying to use the right port. Follow the information from troubleshooting section 2 above to verify the information.


Email can’t connect to cluster8.eu.messagelabs.com

I need a solution


I have a problem when I send mail to my clients if they use your system.

See this message

” connect to cluster8.eu.messagelabs.com[]:25: Connection timed out”

My IP are, can you allow my adress?

Best regards



7019130: Exchange Archiving Overview

As an Exchange system admin, you have concerns about how to balance the needs of your organization’s data retentions needs with the limitations of Exchange.

Why Archiving to A Separate Server is Important

Your organization’s retention policy requires you to store years of data. With the average user receiving 120 emails a day, you are looking at over 40,000 messages a year, add that over 10 years, plus the calendar items, contact lists and so on, and you are looking at half a million items or more, just for an average user, then you have the heavy users that get a million items a year.
While you can certainly use Exchange’s retention features, but Exchange has quotas that keep it working, because we have learned from experience that if an Exchange mailbox has too many items, it suffers performance issues. http://blogs.technet.com/b/exchange/archive/2005/03/14/395229.aspx
The reality is that the vast majority of messages will never be accessed again by the user. So why keep them on the Exchange server, dragging it down?
Retain allows you to remove messages from the Exchange server so Exchange can do what it does best, which is making sure messages get to the right place and off load the long term storage of messages to a server that specializes in storage.

How Not To Lose Data

Out of the box Exchange allows users to receive mail, file it or trash it. When a user puts a message in the Deleted Items folder, they can then empty that folder, which moves the message into a semi-hidden folder called Recoverable Items. By default, Exchange will keep items in the Recoverable Items folder for 14 days and then remove them from disk. However, a user can right click on the Deleted Items folder and access “Recover deleted items…” which will bring up a dialog box where they can either recover the item to their inbox or purge the item which will immediately remove the item from disk.
While that is good for disk space, it is not so good for you when the men in the dark suits come, especially when they already have some incriminating messages sent from your mail servers, which they always do.

Your job is to store all messages so when the lawyers come asking about certain messages you are able to comply with the request and not go to jail. Retain is here to help make that happen but you have to enable some settings in Exchange to make that work.

When the lawyers come and you put a Litigation hold on one or more users, nothing can magically make deleted message reappear. You need to have them stored somewhere, preferably someplace easier to reach then the tape backups. However, if you set things up properly Retain will have all the messages and you can give the lawyers the information they need quickly, easily and securely.

Retain is an archiving solution. It keeps a copy of all the messages and makes them easy to search. Retain is usually run once a day and it may take a few hours to download messages from Exchange. The initial dredge may take weeks. From now on what you need is a way to prevent users from being able to purge items from Exchange before Retain has a chance to storage all the messages.

Exchange does not have item level controls over messages in its own system. Exchange does not know if an individual item has been archived or not, so we need to find a way to copy all the messages.

How to Get A Complete Archive

The first thing you need to do is find a way to keep Exchange from deleting items until Retain has a chance to archive them. You could use a Litigation hold but there is the downside of having Exchange keep all items forever filling up your server. An In-Place Hold is very similar to a Litigation hold but is easier to set for the entire system (https://technet.microsoft.com/en-us/library/ff637980%28v=exchg.150%29.aspx).

You also want it rolling so it only lasts a limited amount of time, so your Exchange server does not experience performance issues due to excessive storage load. You want this time period to be long enough for your team to be able to detect and resolve issues before they become real problems. We recommend at least 14 days, but 60 days and up to 90 days is certainly a good idea.

What happens with a Rolling In-Place Hold is that when a user attempts to Purge an item from their Recoverable Items folder it is moved to a hidden folder called Purges. The Purges folder is inaccessible to the user but not the system. When the Retain Profile is set to “Include user’s recoverable items” then Retain will use the ApplicationImpersonation user to traverse the folder structure of each user’s mailbox including the Purges folder. http://msexchangeguru.com/2013/03/29/totaldeleteditemssize/

Creating a complete archive is straightforward to do by enabling a Rolling In-Place Hold in Exchange. You’ll have a Profile for your initial dredge that archives everything.

  • Message Settings should be all kinds of messages.

  • Scope should be set to:

    • Date Range to Scan = “All Messages (ignore date)

    • Duplicate Check = “Try to publish all messages (SLOW)”

    • Set the Item Store Flag, enabled by default

  • Miscellaneous should be set to:

    • Enable “Store/index Internet Headers”

    • Enable “Include user’s archive mailbox” (if applicable)

    • Enable “Include user’s recoverable items”

    • If you want to include Public Folders set that to “Owned by Mailbox” as the impersonation user does not have the rights to access a document that resides in a different mailbox, it can only enter one mailbox at a time

  • Profile should also be set

    • Duplicate Check is set to “Ignore all messages older than item store flag (fast)” with the Item store flag enabled

How To Know Retain Is Working

There are a few ways to check to see if Retain is working.

  • You can check the Worker status web page [server]:48080/RetainWorker[add the worker number if you have multiple workers]. This is best to check while a job is running.

  • You can use the reports from Retain’s Reporting and Monitoring Server daily to detect issues. If a user’s Item Store Flag is not up to date then you know there is something going on. Usually a message that is returning an error when Exchange tries to access it. You can have reports scheduled to be emailed to you in a recurring manner. This is usually easiest.

  • You can also check to see if an individual job is running by checking the Job/[job name]/Status in the Retain Web Console.

What If Your Users Want Messages In Their Proper Folders

Most users remember where they stored items rather than the item itself. So while they could use search it may make good sense to set things up so your users can look in their folders. Unfortunately, Retain is not a file manager, so the best way to pull this off would be to run a job over the weekend that has a profile that goes back 7-14 days and updates the location of the messages.

Archiving Alternative: Journaling

If you have On-Premise Exchange you can use a different archiving method called journaling. This doubles the amount of storage Exchange requires as it keeps a copy in the journal mailbox. This is also not available in Office365.

In Exchange Admin Center you can set up a special mailbox called a journaling mailbox that collects all the mail for your domain. Retain can dredge this mailbox and delete items as they are stored. Which brings up the major downside. If you have a large message volume it may happen that the mailbox becomes too large for Exchange to serve the mailbox to anyone including Retain. So it is very important to monitor the journal mailbox so it doesn’t become too large and it is more about the number of items rather than size of those items. I have seen a mailbox become unservable with 125,000 messages in it but another with >1 million messages that was able to be dredged. It seems to depend on the hardware that Exchange has access to.

Journaling also has the limitation of keeping everything it gets in one mailbox so anyone who searches it will see everyone’s email. That is often not desirable for ordinary users to have that ability.

Additional things to make life easier

Exchange has a set of mailboxes called HealthMailbox that the system uses to make sure that it is functioning properly. Mostly it is just lots of messages that say: “This is a mailbox delivery probe”
You can and should exclude these users from your production Retain system.


Re: Email Import using Standard Import – Deployment

Hello Bhuvana,

In email connection under System > System Configuration tab > Configuration Settings list > Email Connection option

For IMAP4 and exchange protocols except POP3 and SMTP, you have an option to setup the folder you may want to watch for emails.

I would suggest to use different email id’s for different environments if you use POP3 protocol.


Naresh Kumar


IMAP crawler in WEX


I have created an **IMAP crawler in WEX** for an outlook office mailbox online (https://outlook.office365.com).

The crawl has produced numerous errors of the following type **Cannot tell if [INBOX] exists : A4 BAD User is authenticated but not connected**:

![alt text][1]
This is definitely not a password problem since other messages are perfectly crawled.
Could anyone provide a hint on how this problem could be dealt with? Thank you in advance.


[1]: /answers/storage/temp/15714-error-imap.png


Re: Want a way to ensure email shouldn’t be deleted after getting picked up by the standard import ?

Hello Shivam999,

That is an interesting question. As Roman said, it is as per design. Maybe, we can raise a feature request for the same, if you raise an SR for it to make that part simple. Apart from that, I have an Idea that is not tested. You may have to use IMAP protocol for the same. Also, you have to setup your mailbox (Mailbox rules) to move Forwarded e-mails to a folder apart from Inbox. You can define SkippedSuccessError address to the same mailbox. This would re-send and isolate the mails that are processed, but also has a risk of not processing e-mails that customers forward to the mail address. I guess we can also try custom scripting.

Thanks & Regards,



7020271: Configuring a GWAVA POA Scanner to delete Viruses from a Post Office

In order to scan a GroupWise Post Office, there are few things that need to be setup. Prior to setting up the GWAVA Post Office scanner, IMAP needs be enabled on the Post Office. This allows access through a Trusted Application key which cannot be done through the IMAP connection on the GWIA. Follow the steps below to prepare the post office to accept a GWAVA POA Scanner.

In general a Post Office scanner should only be used to search for very specific items where false positives won’t happen. A Post Office scanner reads the messages directly in a user’s mailbox and will delete the message if the message matches the criteria you specify in your POA scanner configuration. If you are doing anything other than virus scanning you should quarantine the messages just in case to make sure that you don’t accidentally remove mail. The best use of a post office scanner is to scan for viruses inside user mailboxes as will be shown in this article.

Prepare the Post Office

1) Set the IMAP port FIRST.

GroupWise 2014:

Open a browser and log in to the GroupWise Administration Console. Go to Post Office Agents, click on the POA and select the Agent Settings tab.

Scroll down to IMAP. Make sure IMAP is enabled.

Set the IMAP port to something other than 143 (this example uses 144), then click on Save.

This prevents the POA IMAP port from interfering with the GWIA IMAP port if they are on the same server.

If they are set to the same port, the POA will unload.

GroupWise 2012 / 8:

In ConsoleOne, open the properties of the POA (not the post office), and select Network Address, under the GroupWise tab. Set the IMAP port to something other than 143 (this example uses 144), then select Apply, and Close.

This prevents the POA IMAP port from interfering with the GWIA IMAP port if they are on the same server.

If they are set to the same port, the POA will unload.

Next, switch to the Agent Settings section under the GroupWise tab, and enable IMAP on the post office.

3) Wait one minute. Test the connection via IMAP by using Telnet.

Open a command prompt and type “telnet 144”. Insert the appropriate IP address and Port.

If the above is setup correctly, the following response should appear. If it does not, there is a problem with IMAP on the server. Do not proceed with GWAVA POA Scanner setup and configuration if there is a problem with IMAP.

NOTE: For more information on troubleshooting IMAP refer to the following article here. Once you have fixed any issues, please return to this article and set up your POA scanner.

Install a GWAVA POA Scanner

1) Open a web browser and login to the GWAVA Management Console.

2) Go to the Install Wizard

On the left side, expand the Server / Interface Management section.Expand the Wizards section, and select Install/create new interface.

3) Select the GroupWise POA Scheduled Scan Job. Click Continue.

5) Read through the prerequisites. It is not necessary at this point to create the Trusted Application Key. This will be done shortly. Click Next.

6) Create a Trusted Application Key and enter it in the Interface settings.

GroupWise 2012 / 2014:

If you are running GroupWise 2012 or 2014, have a look a following article to create the Trusted App Key:

How to manually create a Trusted Application Key for a GWAVA POA interface

GroupWise 8:

For GroupWise 8 you can either manually create a Trusted App Key as described in the article above or use the generator to create the Trusted App key as described in the following steps.

a) Click on TRUSTKEY. This will prompt a download for trustkey.exe. Save and run the file. This will install the Trusted Application Key Generator application. Map a drive to the PRIMARY DOMAIN directory. Run the Generator.

NOTE: Do not use any other key generator that may have been obtained from other GWAVA products such as GWAVA Retain. It is a different version and may not be compatible.

b) Browse to the PRIMARY DOMAIN directory. Then click Create Trusted Key.

NOTE: Do not immediately close this dialog. Make sure to copy the key to the clipboard and paste it in the web browser. Once you have continued to the next step, close the key generator application.

c) Wait at least one minute for the key to filter through the system. Check the POA log for the trusted application acknowledgement, then test. If the test is not successful, do not proceed to the next step.

7) After the Trusted Application Key has been generated and successfully tested, give the job a name and enter the IP address and port. If no port is entered, port 143 will be assumed. If the GWAVA POA Scanner connects to the GWIA rather than the POA, the scan will be unsuccessful because the Trusted Applicaiton Key does not apply at the GWIA level. To enter a specific port, use the following context. 192.168.194:144. Use the appropriate IP address and port for your system.

8) Click Next if all values are correct.

9) Create a new policy / scanner configuration.

Select Create a new policy for this interface.

Do not share the policy with a different interface type (e.g SMTP or GWIA). Doing so will use the configuration for another interface and may cause adverse effects and inadvertent mail deletion during the scanning process. This example is for scanning the post office for viruses only.

If you have multiple Post Office Agents and also want to use multiple POA interfaces in GWAVA you can share the policy with other POA interfaces.

10) Verify Stop Viruses is checked.

11) CRITICAL – Expand advanced settings.

Uncheck to block attachments and fingerprinting. All four of the lower boxes should be unchecked (highlighted in red). Leaving these checked will cause the scanner to remove all email in the post office that has attachments that match its presets (there are many types). In many cases the messages will not be recoverable.

12) Verify the configuration on the next screen and click Install.

13) Wait for the install to complete and open the job configuration.

Configuring the GWAVA POA Job

1) Go to Server / Interface Management – [Servername] – Manage Interfaces – [Interface name] – Interface settings.

2) Enable the job by checking the box next to Enable Job.

3) Check Scan Users, Scan Resources, Scan Trash, and Expunge purged items.

4) Set the Job Frequency to Just Once. Set the date to today, and the time. You could also set the job to be run on a daily or weekly basis.

5) Set Scan Messages in date range to All days.

6) Set Scan these users to All users.

7) Set Scan these folders to All Folders.

8) Once set, click Save Changes.

Verify Job is running

To check if the GWAVA POA scanner is running successfully there are several ways to check. The best way is to look at the GWAVAPOA log. The statistics on the Dashboard can also be checked.

1) The GWAVA POA logs can be found in following directory:




C:Program FilesGWAVAGWAVAserviceslogsgwavapoa

(may vary depending on the GWAVA installation directory)