In the Autotask Integration Settings screen, the “Origin Realm” column shows the realm in which a setting has been created. If the setting exists in the current realm, you can check theReset?checkbox to remove the setting and make the setting once again inherit the value from the parent realm.
Any realm that doesnothave an Autotask account name associated with it will not have its statistics pushed to Autotask.
Note: The first time CanIt-Domain-PRO connects to Autotask, it extracts the Account, Contract and Product IDs from Autotask and from then on uses the Autotask IDs rather than the names to link to Autotask. This allows you to rename objects within Autotask without breaking the CanIt-Domain-PRO integra- tion. As a convenience, if CanIt-Domain-PRO notices that an object has been renamed in Autotask, it updates its copy of the corresponding name to match Autotask’s.
Chapter 6
CanIt-Domain-PRO Administration
6.1
Global Settings
Note: This section describes features that only the CanIt-Domain-PRO System Administrator can use. The first administrative task you should undertake is to set up global settings. Click on theAdminis- trationlink. You will see the global settings screen:
Figure 6.1: Global Settings
Note that the Basic Setup Wizard (Section5.3.1) populates some of these settings. The “ID” column is a unique identifier for each setting; it is not used except as a convenient way for Roaring Penguin support personnel to indicate a particular setting over the phone.
The global settings have the following meanings:
G-1100Maximum size of message to scan for spam (kB) Spam-scanning can be very slow on large
messages. If a message comes in that is larger than this threshold, CanIt-Domain-PRO attempts to reduce its size by removing non-text attachments before feeding the message to the scanning engine. If this succeeds, the reduced message is scanned. If the message is still too large even after the reduction, it is not scanned for spam.
G-2400Handling for messages containing viruses If you have a virus-scanner compatible with
CanIt-Domain-PRO, this setting controls how CanIt-Domain-PRO deals with virus-bearing messages. Holdholds the message in the quarantine for approval (or tags the message if the stream is in tag-only mode.) Acceptpermits the message to pass, whileRejectrejects it with an SMTP failure code. Finally,Discardsimply discards the message. We recommend setting this option toDiscard.
Note:This setting may be overridden on a per-stream basis.
G-1500Expire statistics after this many days Once a day, a cron job removes old entries from the
statistics table. By default, CanIt-Domain-PRO keeps statistics for 10,000 days (around 27 years), but you can lower this setting to as low as 90 days if you do not want to keep old statistics around.
G-1550Number of hours to keep detailed statistics CanIt-Domain-PRO keeps very detailed statis-
tics for a limited time. This setting lets you adjust the length of this time.
G-1600Expire old data after this many days Once a day, a cron job purges old messages, log entries
and incidents from the database. We recommend retaining at least 14 days’ worth of data, although you might want to lower this on a busy mail server. Note: This setting is the number of days from thecreation of the incidents being expired, regardless of whether or when they were marked as spam or non-spam.
G-1610Remember change history for this many days Most CanIt-Domain-PRO web pages have a
“Show Changes” link that lets you see changes made to rules and settings. This setting specifies how long change history should be retained. It may be set to any integer from 45 to 10000 and defaults to 732 days (about two years).
G-1700Expire messages marked as spam after this many days This setting controls when the cron
job expires messages you have marked as spam. Note that it only applies to closed incidents— that is, messages that have not only been marked as spam, but have also actually been rejected by CanIt-Domain-PRO.
G-1800Expire messages marked as non-spam after this many days This setting controls when the
cron job expires messages you have marked as non-spam. Note that it only applies to closed incidents—that is, messages that have not only been marked as non-spam, but have also actually been delivered by CanIt-Domain-PRO.
G-4010Number of hours to cache address-to-stream lookups As mentioned in Section 2.4,
address-to-stream mappings may be cached in the Address Mapping Table. This setting specifies for how long cached entries remain valid.
G-4015Number of hours before refreshing cached address-to-stream lookups If a cached address
6.1. GLOBAL SETTINGS 95
mapping to refresh the cached entry. If the lookup fails with a temporary failure, CanIt-Domain- PRO does not update the cached entry, but will continue to use it until it expires as per setting G-4010. If the lookup succeeds, CanIt-Domain-PRO updates the cached entry. If it fails with a “No such user” result, CanIt-Domain-PRO deletes the cached entry.
G-4050Time in hours to delay messages with Delayed Attachments If you use the Delayed At-
tachments feature, this setting controls the length of the delay.
G-4800Number of days to keep mail signatures for Bayesian analysis This setting specifies how
long after a message first arrives a user may vote on whether it is spam or non-spam.
G-4900Number of generations before cleaning common Bayes tokens CanIt-Domain-PRO pe-
riodically cleans old data out of the Bayes database. This setting controls how long CanIt-Domain-PRO retains a token that has been seen frequently, but not recently. We recommend leaving it at the default value.
G-5000Number of generations before cleaning uncommon Bayes tokens CanIt-Domain-PRO pe-
riodically cleans old data out of the Bayes database. This setting controls how long CanIt- Domain-PRO retains a token that has been seen infrequently and not recently. We recommend leaving it at the default value.
G-4020Users must opt in to anti-spam scanning? If you set this toYes, then users must explicitly
opt-in to anti-spam scanning. If users do not opt-in, their mail is simply passed through un- changed. If you set this to No, then all users are implicitly opted-in. They can, however, explicitly opt out if they choose.
G-4030Users must be approved for anti-spam scanning? If you set this to Yes, then the CanIt-
Domain-PRO administrator’s approval is required before a user can opt in to anti-spam scan- ning. If you are selling anti-spam scanning as a value-added service, you should set this toYes. If anti-spam scanning is part of your basic service, set it toNo.
Note that opting in and opting out is done on a per-stream basis. Usually, a stream corresponds to a user, but it is possible for a stream to correspond to more than one user, and for a single user to be responsible for more than one stream.
G-4300Minimum size of spam corpus for Bayesian analysis CanIt-Domain-PRO will not use
Bayes data until at least this many messages have been trained as spam.
G-4400Minimum size of non-spam corpus for Bayesian analysis CanIt-Domain-PRO will not use
Bayes data until at least this many messages have been trained as non-spam.
G-3600Whitelist users who use SMTP authentication If your version of Sendmail is compiled to
support the SMTP AUTH extension, you can whitelist mail from authenticated senders by set- ting this toYes. (The default isNo.) In this case, mail from authenticated users will not be scanned for spam (but will still be scanned for viruses and bad filename extensions or MIME parts.)
Note: CanIt currently cannot preserve SMTP AUTH-based whitelisting when messages are streamed. Thus, if an AUTH’ed user sends mail to recipients in more than one stream, the whitelisting will not be applied.
G-3900Store both raw and decoded messages in incident database Some e-mail messages are ob- scured using Base64 encoding or some other encoding scheme. If you change this setting toYes, CanIt-Domain-PRO stores both the “raw” and “decoded” message in the incident database. This lets you view encoded messages more reliably, but approximately doubles the disk space used by the incident database. If you set it toNo(the default), CanIt-Domain-PRO stores only the raw message.
The message display Web page can decode some encoded messages, but it is not completely reliable. If you need a completely reliable way to view encoded messages, you should change this setting toYes.
G-4000Obscure To, Cc and Bcc fields for non-root users Because CanIt-Domain-PRO stores mes-
sages that hash identically only once, the To:, Cc: and Bcc: headers of messages may leak recipient information to other recipients of the message. To hide this information, change this setting toYes.
G-4060Users authenticated by external means default to simple GUI? If you set this toYes, then
users who authenticate via an external authentication mechanism have a much simplified inter- face to CanIt-Domain-PRO by default. This simplified interface is described in Chapter10.
G-4075Switching to expert mode cancels stream inheritance If you use the Simple Interface
(Chapter 10), then you may wish to cancel inheritance whenever a user selects the expert in- terface. In that case, change this setting to Yes. That is, if a user has selected a particular spam-scanning level in the Simple Interface, then when they switch to Expert Interface, the se- lected level is no longer used—instead, individual settings are used that do not depend on any of the preconfigured spam-scanning settings.
G-4080Support the Sendmail ‘plus hack’ for streaming Some Sendmail configuration files allow
users to add a “+” sign followed by arbitrary text to their user names, and use the resulting e-mail addresses for various purposes such as filtering e-mail. If you change this setting toYes, then CanIt-Domain-PRO ignores a “+” sign and any following text after the user name part when mapping e-mail addresses to streams.
Note that if you use the “Program” method to stream e-mail, the “+” sign and any following text is retained; it is up to your program to implement the sendmail “plus hack” if you choose.
G-4090Scan for viruses prior to streaming incoming mail If you know for sure that you always
want to reject or discard viruses, regardless of any per-stream settings, then change this setting toYes. It causes any viruses to be discarded or rejected (according to the global virus-handling setting) before any streaming takes place. If a virus comes in for more than one recipient, this can greatly reduce the load on CanIt-Domain-PRO. Note that the global virus-handling setting mustnotbe set toHold/Tagfor this setting to take effect.
G-4100Timeout in seconds for Verification Server queries If you are using the Verification Server
feature, CanIt-Domain-PRO will time out Verification Queries according to the value of this setting. You should keep it reasonably low so that a slow or dead verification server does not interfere with delivery to other domains.