Canit-PRO Administration Guide for Version 8.0.3 Roaring Penguin Software Inc
Total Page:16
File Type:pdf, Size:1020Kb
CanIt-PRO Administration Guide for Version 8.0.3 Roaring Penguin Software Inc. 28 February 2011 2 CanIt-PRO — Roaring Penguin Software Inc. Contents 1 Introduction 17 1.1 Principles of Operation................................. 17 1.2 Handling False-Positives................................ 17 1.3 Organization of this Manual.............................. 18 1.4 Definitions........................................ 19 2 Operation 23 2.1 Principles of Operation................................. 23 2.2 Interaction between Whitelists, Blacklists and Mismatch Rules............ 24 2.2.1 RCPT TO: Actions............................... 25 2.2.2 Post-DATA Actions............................... 26 2.3 Streaming........................................ 28 2.4 How Addresses are Streamed.............................. 29 2.5 How Streaming Methods are Chosen.......................... 29 2.6 Status of Messages................................... 33 2.7 Handling of Suspect Messages............................. 33 2.7.1 Handling Methods............................... 33 2.7.2 Secondary MX Relays............................. 34 2.8 The Database...................................... 34 2.9 Remailing Messages.................................. 35 3 Streams 37 3.1 Introduction to Streams................................. 37 3.2 The Definition of a Stream............................... 37 3.3 Users and E-Mail Addresses.............................. 37 3.4 Mapping......................................... 40 3.5 The Home Stream.................................... 40 CanIt-PRO — Roaring Penguin Software Inc. 3 4 CONTENTS 3.6 The “default” Stream.................................. 40 4 CanIt-PRO Setup 41 4.1 Accessing The Web Interface.............................. 41 4.1.1 License Key Screen............................... 41 4.1.2 Login Screen.................................. 42 4.2 The Setup Menu..................................... 43 4.3 Wizards......................................... 44 4.3.1 Basic Setup Wizard............................... 44 4.3.2 RPTN Setup Wizard.............................. 44 4.3.3 Dictionary Attack Detection Wizard...................... 44 4.4 Verification Servers................................... 45 4.4.1 Wildcard Verification Server.......................... 47 4.5 Mail Routing...................................... 47 4.5.1 Outbound Relaying............................... 48 4.6 Cluster Management.................................. 49 4.6.1 Altering Services on a Cluster Member.................... 49 4.6.2 Renaming of Cluster Members......................... 50 4.7 Known Networks.................................... 50 4.7.1 Overlapping Networks............................. 53 4.7.2 The SMTP-AUTH Pseudo-Network...................... 54 4.8 Rate-Limiting Outbound Mail............................. 54 4.8.1 Rate-Limiting by IP Address.......................... 55 4.9 Features......................................... 55 4.9.1 Direct Queue Injection............................. 55 4.10 System Check...................................... 56 4.11 Templates........................................ 57 4.12 HTTPS......................................... 59 4.13 The Domain Mapping Table.............................. 59 4.14 The Address Mapping Table.............................. 61 4.14.1 Wild-Card Entries............................... 61 4.15 The default Stream................................. 62 4.16 Mapping Scenarios................................... 62 4.16.1 Central Scanning with Opt-Out........................ 62 4.16.2 Single Domain................................. 63 CanIt-PRO — Roaring Penguin Software Inc. CONTENTS 5 4.16.3 Single Domain with Aliases and Mailing Lists................ 63 5 CanIt-PRO Administration 65 5.1 Global Settings..................................... 65 5.2 Real-Time DNS Blacklists............................... 69 5.2.1 Entering the Master List of DNS RBLs.................... 69 5.2.2 combined.bl.rptn.ca............................... 71 5.3 Users.......................................... 71 5.3.1 User Privileges................................. 72 5.3.2 Adding a User................................. 73 5.3.3 Editing a User................................. 73 5.3.4 Deleting a User................................. 74 5.3.5 Granting Access to Streams.......................... 74 5.4 Permitting Users to Opt In............................... 75 5.5 Groups.......................................... 76 5.5.1 Creating, Deleting and Editing Groups..................... 77 5.6 Viewing Active Streams................................ 78 5.6.1 Definition of an Active Stream......................... 78 5.6.2 The Active Stream Display........................... 79 5.6.3 Deleting a Stream................................ 79 5.7 Filtering Outgoing Mail................................. 79 5.8 Copying Rules from One Stream to Another...................... 80 5.9 Secondary MX Hosts.................................. 80 5.10 Avoiding Backscatter.................................. 81 5.11 Test Plugins....................................... 82 5.11.1 The PhishingAddress Plugin.......................... 82 5.12 Emergency Blocking of Delivery Status Notifications................. 83 5.13 Removing All Rules and Settings from a Stream.................... 84 6 External Authentication 85 6.1 Introduction....................................... 85 6.2 User Lookups...................................... 85 6.2.1 IMAP and POP3 Authentication........................ 87 6.2.2 LDAP Authentication and Streaming..................... 88 6.2.3 Program Authentication and Streaming.................... 91 6.2.4 Program Authentication (Legacy Method)................... 95 CanIt-PRO — Roaring Penguin Software Inc. 6 CONTENTS 6.2.5 The account-info Script.......................... 95 6.3 Authentication Mappings................................ 95 7 Bayesian Filtering 97 7.1 Introduction to Bayesian Filtering........................... 97 7.2 Unauthenticated Voting................................. 97 7.3 The Bayes Journal.................................... 98 7.4 RPTN.......................................... 98 7.5 Ruleset and Geolocation Data Updates......................... 99 8 Permissions 101 8.1 Introduction....................................... 101 8.2 Stream Permissions................................... 101 8.3 Determining Permissions................................ 102 8.4 Granting Permissions.................................. 102 8.4.1 Granting Stream Permissions.......................... 103 8.4.2 Granting User Permissions........................... 105 9 Streams, Inheritance and the Simple GUI 107 9.1 Simplification...................................... 107 9.2 Stream Inheritance................................... 107 9.3 Special Streams..................................... 109 9.3.1 Final Streams.................................. 109 9.3.2 Creating Special Streams............................ 109 9.3.3 Deleting Special Streams............................ 110 9.4 The Simplified GUI................................... 110 9.5 Inheritance from Non-Final Streams.......................... 111 9.6 Inheritance from Opted-Out Streams.......................... 111 10 Periodic Reports 113 10.1 Introduction....................................... 113 10.1.1 Periodic Reports................................ 113 10.1.2 Charts...................................... 113 10.2 Creating Charts..................................... 115 10.3 Creating Periodic Reports................................ 115 10.4 Editing Periodic Reports................................ 116 10.5 Running a Report on Demand............................. 117 CanIt-PRO — Roaring Penguin Software Inc. CONTENTS 7 11 Locked Addresses 119 11.1 Introduction to Locked Addresses........................... 119 11.2 Preparing to use Locked Addresses........................... 119 11.2.1 Create a new domain.............................. 119 11.2.2 Configure mail for the new domain...................... 119 11.2.3 Inform CanIt-PRO about the locked address domain............. 120 11.2.4 Associate each login name with an e-mail address............... 120 12 Attachment Handling 121 12.1 General Filename and MIME Type Rules....................... 121 12.2 Delaying Attachments................................. 121 12.2.1 Enabling the Feature.............................. 121 12.2.2 Creating Delay Rules.............................. 121 12.2.3 How It Works.................................. 122 12.3 Stripping Attachments................................. 123 13 CanIt Storage Manager 125 13.1 Storage Manager Concepts............................... 125 13.1.1 Principles of Operation............................. 126 13.2 Configuring the Storage Manager............................ 127 13.2.1 Enabling the Storage Manager......................... 127 13.2.2 The Configuration Wizard........................... 127 13.2.3 Local Configuration.............................. 128 13.2.4 Starting the Storage Manager.......................... 129 13.2.5 Data Stored in the Storage Manager...................... 129 13.3 Backup Considerations................................. 129 13.4 Running multiple Storage Managers.......................... 130 13.5 ps Output........................................ 130 14 Searching Logs 131 14.1 Introduction....................................... 131 14.2 Installing the Log Indexer................................ 131 14.2.1 Disk Space................................... 131 14.2.2 Installing the Module.............................