Professional Documents
Culture Documents
AMS
Technical Documentation
Administrator's Guide
by Dokumenta
23 May 2006
This document contains confidential information and is made available under a license
agreement or nondisclosure agreement only. The information may not be assigned or
transferred to any third party without Dokumentas express prior consent. No part of this
manual may be reproduced without the express written permission of Dokumenta.
Information in this document is subject to change without notice.
The software described in this document is furnished under a license agreement or
nondisclosure agreement and may be used or copied only in accordance with the terms
of that agreement. It is not permitted to copy the software except as specifically allowed
in the license or nondisclosure agreement.
Copyright 1999-2006
Dokumenta S.A.
16, rue dEpernay
L-1490 Luxembourg
Tel.
(+352) 400 173-23
Fax
(+352) 400 173-33
AMS@Dokumenta.lu
http://www.AMS.lu
All rights reserved.
Contents
Introduction
30
36
Contents i
[Sentinel\]................................................................................................................... 36
SMTP Settings ............................................................................................. 39
HTTP Settings.............................................................................................. 40
Server Page Extension Settings ................................................................... 43
Mail Transfer Failure Settings ..................................................................... 43
Filter Settings ............................................................................................... 44
Workflow Settings ....................................................................................... 45
Directories.................................................................................................... 46
[Sentinel\Access SMTP\] ........................................................................................... 48
Examples...................................................................................................... 48
[Sentinel\AddressRouting\]........................................................................................ 48
Examples...................................................................................................... 49
[Sentinel\AddressRouting from inside\], [Sentinel\AddressRouting from outside\],
[Sentinel\AddressRouting from Undef\] .................................................................... 49
[Sentinel\AMS Check\].............................................................................................. 49
HTML File Names....................................................................................... 52
Timeout Settings .......................................................................................... 53
Sensitivity Settings....................................................................................... 56
Notification Settings .................................................................................... 56
Status Strings ............................................................................................... 59
Registry Backup Settings............................................................................. 59
[Sentinel\AMS Check\Accept Mail From\], [Sentinel\AMS Check\Accept Mail To\],
[Sentinel\AMS Check\Proof Mail From\], [Sentinel\AMS Check\Proof Mail To\],
[Sentinel\AMS Check\Reject Mail From\], [Sentinel\AMS Check\Reject Mail To\]60
Examples...................................................................................................... 60
[Sentinel\CGI Scripts\]............................................................................................... 61
Examples...................................................................................................... 61
[Sentinel\Crypt].......................................................................................................... 61
[Sentinel\Crypt\eCrypt Management Tool Display].................................... 64
[Sentinel\Crypt\Encrypt Content Type]....................................................... 64
[Sentinel\Crypt\Global Error] ...................................................................... 64
[Sentinel\Crypt\Spool Error (to outside)] .................................................... 65
[Sentinel\Crypt\Undef Error] ....................................................................... 65
[Sentinel\Crypt\Wire Error (to inside)]........................................................ 65
[Sentinel\Crypt\Mail Mime Type] ............................................................... 65
[Sentinel\eBusy]......................................................................................................... 65
[Sentinel\eMIM]......................................................................................................... 66
[Sentinel\eMIM\From call eMIM] [Sentinel\eMIM\From deliver
immediately] [Sentinel\eMIM\To call eMIM] [Sentinel\eMIM\To deliver
immediately]
67
[Sentinel\eMIM\WWW-Settings]................................................................ 67
[Sentinel\EMMS\] ...................................................................................................... 67
[Sentinel\Environment\]............................................................................................. 69
[Sentinel\External Config\] ........................................................................................ 69
[Sentinel\IMAP]......................................................................................................... 69
[Sentinel\Information\]............................................................................................... 71
[Sentinel\Internal Network\] ...................................................................................... 72
Examples...................................................................................................... 72
[Sentinel\Logfiles] ..................................................................................................... 73
Column Settings........................................................................................... 73
ii Contents
Example ....................................................................................................... 74
[Sentinel\MAIL from call AMS\], [Sentinel\MAIL from deliver immediately\],
[Sentinel\MAIL to call AMS\], [Sentinel\MAIL to deliver immediately\] ............... 75
Examples...................................................................................................... 75
[Sentinel\MiMail\] ..................................................................................................... 76
[Sentinel\MiMail\Icons\]............................................................................................ 76
Examples...................................................................................................... 76
Special Entries ............................................................................................. 77
[Sentinel\MiMail\Edit\].............................................................................................. 77
[Sentinel\MiMail\Mime Type\].................................................................................. 78
[Sentinel\MiMail\Mime Type\Weak\] ....................................................................... 78
[Sentinel\MIME Types\] ............................................................................................ 78
Examples...................................................................................................... 79
[Sentinel\POP3\] ........................................................................................................ 79
[Sentinel\POP3\User\]................................................................................................ 79
[Sentinel\RegistryWatch\].......................................................................................... 80
[Sentinel\Relay for Global (any side)\], [Sentinel\Relay for Spool (outside)\],
[Sentinel\Relay for Wire (inside)\] ............................................................................ 80
Examples...................................................................................................... 81
[Sentinel\Relay for Undef\]........................................................................................ 81
Examples...................................................................................................... 82
[Sentinel\Rules\]......................................................................................................... 83
[Sentinel\Rules\Content\]........................................................................................... 84
[Sentinel\Rules\From Inside\], [Sentinel\Rules\From Outside\],
[Sentinel\Rules\Global\]............................................................................................. 84
Filter Actions ............................................................................................... 84
Examples of Filter Actions .......................................................................... 85
[Sentinel\Scheduler\].................................................................................................. 85
Examples...................................................................................................... 85
[Sentinel\Security\] .................................................................................................... 85
[Sentinel\Server Page Extensions\] ............................................................................ 86
Examples...................................................................................................... 86
[Sentinel\Transfer Failures\] ...................................................................................... 86
[Sentinel\Translation\................................................................................................. 86
[Sentinel\Undef Network\]......................................................................................... 87
[Sentinel\User\] .......................................................................................................... 87
[Sentinel\User\Exchange\] ........................................................................... 87
[Sentinel\User\Settings\ ............................................................................... 87
[Sentinel\User\Import\], [Sentinel\User\Export\] ........................................ 88
User Registry Settings
88
[HKEY_USERS\.AMSUser\] .................................................................................... 89
Single User ................................................................................................................. 90
System Data ................................................................................................. 90
Personal Data ............................................................................................... 93
Groups ........................................................................................................................ 93
Diasepa Server Page Extension
93
Contents iii
iv Contents
106
Document History
02 Nov 2001
28 Nov 2001
Post-editing (ab)
20 Dec 2001
11 Jan 2002
Post-editing (ab)
22 Jan 2002
21 Feb 2002
07 Jun 2002
04 Jul 2002
Document History v
Updates (jen)
Concerning modifying submitted messages:
[Sentinel\MiMail\]
Concerning eCrypt:
[Sentinel\Crypt]
New command for filter rules: QueryUDB.
New registry settings:
Autodefine Default Authorizers, cf. [Sentinel\AMS Check\]
Timeout Choose, cf. Timeout Settings
30 Jan 2002
Updates (jen)
New functionality for message with expiration date, cf. Expiration
Date
19 Nov 2002
Updates (jen)
Concerning eCrypt
28 Apr 2003
07 Feb 2005
21 Feb 2005
Post-editing (ab)
08 Apr 2005
11 Apr 2005
Post-editing (ab)
12 Apr 2005
19 Apr 2005
vi Document History
22 Apr 2005
Post-editing (ab)
26 Apr 2005
10 May 2005
Post-editing (ab)
30 May 2005
01 Jul 2005
08 Aug 2005
09 Aug 2005
Post-editing (ab)
30 Sep 2005
11 Oct 2005
Post-editing (ab)
17 Oct 2005
12 Jan 2006
23 Mai 2006
Overview
This manual provides a description of the technical details of the AMS product family
(eGuard, eMiM, etc.). It is strongly recommended that you read the eGuard Users
Guide first to understand the purpose of this software.
Introduction provides a general overview of all parts of AMS and their function.
Registry Entries of AMS is the main section of this documentation. It is a reference for all
the registry settings that can be used to customise AMS.
User Registry Settings explains the content of the user database, which also resides in
the registry.
Diasepa Server Page Extension describes the Diasepa ActiveX control used by the web
interface.
Appendix A covers the functions and command-line options of the various executables
belonging to AMS.
Typographic Conventions
Registry keys and entries are always put in [] braces. In this manual, the names of keys
(or branches) always end with a backslash \, while names of entries do not.
Unless otherwise noted, all keys and entries are always indicated in relation to the main
AMS registry branch [HKEY_LOCAL_MACHINE\Software\DIaLOGIKa\AMS\].
For example, [Sentinel\AMS Check\Timeout Overall] actually refers to the entry
Timeout Overall in the registry key
[HKEY_LOCAL_MACHINE\Software\DIaLOGIKa\AMS\Sentinel\AMS Check\].
Each entry is typically described in the following format:
EntryName = <value-type>
Purpose:
Default:
(If the entry does not exist, AMS creates it with this default value.)
The <value type> specifies the type of the entry data. The different <value types> are:
Terms
The following terms are frequently used in this manual:
A message is an e-mail sent out by a user.
A notification is an e-mail sent out by the AMS system to inform a user. (Some
notifications are UDP transmissions instead of e-mails.)
An originator or a sender is a user who has sent a message that reaches the AMS
server.
An authorizer is a user who is asked to authorize a message, or who could be possibly
asked.
Document History ix
Introduction
The AMS system provides the following functions:
Message workflow system
When the authorization process is started for a message, the message enters a
workflow in which notifications are sent to authorizers, events like accept or
withdraw are processed, and the status of the message is updated.
Message filtering, routing and relaying
Many customisation options define the route a message takes through the system.
Certain messages can be filtered, workflows can be skipped, the recipients address
can be changed, etc. To define these options, use the eGateway Configuration tool.
Web interface
The web interface consists of dynamically created web pages that display information
about the current status of messages, providing the possibility to accept, reject or
withdraw them.
AMS management
With Rdexpo, the AMS Management tool, you can
specify user properties to be used by eGuard, e.g. superior and substitute
relations, user authorization levels and timeout values
configure eMIM
define workflow properties, etc.
Consequently, you are able to configure the functionality of the various AMS
products.
POP3 accounts
A POP3 account (mailbox) can be created for each user on the AMS server.
eMIM
eMIM is of special interest to companies for which responsiveness is crucial by
guaranteeing that urgent incoming messages are delivered and handled on time.
eCrypt
eCrypt supports message signing and crypting, applying an easy-to-administer
central crypting server approach (cf. eCrypt Administrators Guide).
eWebGuard
eWebGuard is a web traffic monitoring tool.
eMMS Monitoring Process
This process checks whether the mail transfer process is working properly and notifies
administrators in the event of problems.
This introduction focuses on the different parts of the AMS system which are responsible
for the functions outlined above.
The most important part is AMS Sentinel. It is a Windows service that can be divided into
several threads (simultaneously running subroutines) which are responsible for various
tasks:
Introduction 1
2 Introduction
using the filter rules web interface and by various registry settings (cf. eCrypt
Administrators Guide).
An attempt is made in the following sections to explain how the parts of the AMS system
generally work. Note: the above order is not necessarily followed in providing an
overview of the relationships of the parts and functions to one other. Schematic of the
AMS System on page 29 provides a summary of the interactions between all parts.
For many functions mentioned here, a cross-reference to a registry key or entry is given
which can be used to customise the function. See the respective section in Registry
Entries of AMS for further information on the setting. You can also look up the key and
entry names in the index at the end of this manual.
Introduction 3
IP AccessSMTP
Step 1b
Yes
Step 1
IP Undef Network
Yes
Undef
No
IP SMTPWire or
Internal Network
Spool
Decode
Relay Rules
No
Yes
Step 1c
Wire
Step 5
Step 1b
Step 2
Decrypt Before
Spool / Wire = 1
Filter Usage
from ... = 1
Decode
Filter
Step 3
Step 4
Crypt after
Spool / Wire = 1
Workflow
Encode
Introduction 5
Undef Network
Under some circumstances it may be necessary for the sentinel to do something special
with a message if it comes from certain hosts [Sentinel\Undef Network\]. This message
is treated as coming from undef. Depending on the route such a message took to the
sentinel, it is dispatched immediately, or it is treated as incoming or outgoing mail and
the filter and workflow processes are started.
This is necessary if all incoming or outgoing messages are to be sent to a server like
MIMEsweeper, which checks incoming message for viruses, offensive language etc. and
returns the messages to the sending host. In this case, the sentinel sends mail from the
inside directly to the MIMEsweeper server; however, mail coming from this server is
treated as outgoing mail, with a workflow being created for this. [Sentinel\Relay for Undef\] shows how to implement this example in the registry settings.
If an undef network is specified, the four steps above have to be extended as follows:
AMS Technical Documentation
Introduction 7
POP3 Server
The AMS server also features POP3 server capabilities.
The administrator can create POP3 accounts for specific e-mail addresses. Messages to
these addresses are stored locally in the respective mailboxes, which are subdirectories
of the POP3 directory .
8 Introduction
IMAP Server
The AMS system also consists of an IMAP server, which offers an alternative way to
access the POP3 mailboxes. It is designed to implement the complete IMAP4rev1
protocol, except for TLS encryption. Note that the IMAP server is a stand-alone
application (imapsrv.exe), and is not part of the sentinel.
The IMAP server uses the POP3 account configuration, accessing and storing the e-mail
messages in the users' POP folders. Consequently, an ordinary IMAP client can connect to
the server using the same user credentials as a POP3 client. Each IMAP mailbox initially
contains an INBOX folder holding the incoming messages from the sentinel.
By default, the IMAP server shares these incoming messages with the POP3 server, such
that IMAP and POP3 clients see and manipulate the very same messages. Depending on
the registry settings, the IMAP server may also use its own independent copy of the
incoming messages instead. IMAP clients are able to create additional folders and store
messages there, these additional folders being invisible to the POP3 server and clients in
any event.
Please refer to [Sentinel\IMAP] for the registry settings directly related to IMAP access,
and to POP3 Server for general information on configuring POP3 mailboxes.
Introduction 9
AMSCheck is responsible for reattaching a skipped authorizer when s/he loads the
message details page.
Being executed as a CGI program, MimeMail is responsible for displaying the content
and the attachments of a message on the message details page.
The sentinel calls the Diasepa server pages engine for certain file types regardless of the
program that created the file to be sent [Sentinel\Server Page Extensions\]. The engine
executes scripts which actually fill the pages with dynamic content. This topic is covered
in the next subsection.
Before sending out a text file, the HTTP part of the sentinel always parses the file again
[Sentinel\Parse for Environment]. During this step, all variable names parenthesised by
$$<< and >>$$ are replaced by the actual values of the variables defined in the
registry [Sentinel\Environment\]. This makes it possible to create pages with semidynamic content like the version number or copyright line.
Finally, the sentinel sends the file to the client via HTTP.
10 Introduction
Filter Program
It is possible to define filter rules to process messages before they leave the AMS server
or before a workflow is created. For example, you may want to delete mail with certain
content or send copies of a message to other addresses.
It is possible to define filter rules for messages from the inside, from the outside, and
from both directions [Sentinel\Rules\From Inside/. These rules are not applied unless
filtering is generally enabled [Sentinel\Filter Usage from inside/outside].
Each rule has a condition that has to be fulfilled, a priority, and one or more actions.
The sentinel starts the filter program explicitly [Sentinel\Filter Program] after it has
received the message. It then checks whether a filter rule matches the message. This is
the case if the condition of the rule evaluates to true and if the priority of the rule is
high enough. The filter program then performs the actions belonging to that rule. This
may create new messages which are sent out immediately.
The matching of rules and action types is explained in [Sentinel\Rules\]. The expression
syntax of the conditions are described in eCrypt Administrator's Guide, Filter Rules
section.
Introduction 11
Content Handler
Upon receiving a message it is possible to pass it to another program. For example, you
may want to check whether attachments contain tracked changes or convert attachments
to TIFF to send them to Faxination.
To configure this feature, use ContentHandler.hta (located in the HTA subdirectory of
Sentinel, e.g. c:\ams\sentinel\hta) .
Handle inbound/- It is possible to handle messages from the inside, from the
outbound content outside, and from both directions [Sentinel\Rules\Content\ Check
12 Introduction
Inbound/Outbound Content].
Critical content Messages having a calculated critical value higher than this value
are treated as critical messages. This means:
First, Second, Last The content handlers are divided into three groups, called First,
Content Handler Second and Last. The content handlers are executed in this order.
The order in which the content handlers in one group are
launched is at random. You should try to distribute your handlers
in reasonable order so as to optimize the duration of the content
handling phase.
Content handler Select one of the entries below Select the content handler and
click on Edit to edit the corresponding rule.
Rule The content handler is often time-consuming and/or may alter the
Introduction 13
handle the message. (If the EXE and DLL fields are filled in, DLL
has the higher priority.)
Function When using a DLL this function is called via GetProcAddress. The
CONTENT.INI path is the only LPSTR parameter. Results are
written to CONTENT.INI.
Apply Click on Apply to confirm the entries you have made and to keep
ContentHandler.hta open.
Cancel Click on Cancel to discard the entries you have just made and to
leave ContentHandler.hta.
The filter program starts the content checker with "filter.exe CNTCHECK" (the setup
routine writes this information to the registry). The content handler controls the folder
[Sentinel\ContentCheckPath] (e.g. "C:\ams\sentinel\CntCheck\"). The content handler
continues processing messages in this folder until there are no more to handle.
Note: You may define a content handler, e.g. to convert attachments to TIFF. Probably,
these messages should not be marked as critical. Nevertheless, you may want to show
the conversion result, e.g. the TIFF file, to the originator of the message. To do this,
define a filter rule with the same condition as the condition used for the content handler
(e.g. TIFF Converter). The action of the filter rule would modify X-EGUARD-STATUS to
include USE_EGUARD and ASK_ORIG (see also Filter Rules in the eCrypt Administrator's
Guide).
Note: The user property Machine Account (cf. Rdexpo Reference Guide.pdf) has a higher
priority than critical content in the sense that machine accounts never receive
notifications, even in the event of critical messages.
14 Introduction
Convert to TIFF Converts Excel, Word, PowerPoint, PDF (and TIFF) to TIFF. This
can be used for Faxination, for example. Only the converted TIFF
file (i.e. only one file) is attached to a message.
Advantages:
Fax Time Stamp When faxes arrive Faxination sends an e-mail to the recipient. The
e-mail body contains the information when the fax arrived (time
stamp), the attachment being the fax in TIFF format.
When using the Fax Time Stamp content handler the time stamp
is added to the TIFF file, i.e. it is sufficient to have the TIFF file to
see when the fax arrived.
This is very useful for incoming faxes. The following rule condition
ensures that only incoming messages with one attachment sent to
faxination@comany.com are handled.
(Getenv("CC_Dir") = "inbound" and AttachmentCount = 1 and
(smtpfrom$ instri "faxination@comany.com")
The Fax Time Stamp content handler is implemented to search for
specific patterns in the default template (MAILIN) from Faxination.
If the MAILIN template has been customized it might be
AMS Technical Documentation
Introduction 15
Detect File Format Used to detect the file format and use this information for filtering
or in other subsequent AMS processing. Example: this content
handler could be used to prevent users from sending Word
documents as e-mail attachments.
The EXE to be used for the Detect File Format content handler is:
ccprim.exe FileFormat %1
The file format content handler writes the file format to
CONTENT.INI. This information may be evaluated, e.g. by filter
rules in AMS. The result can be accessed using the GetAnyDBValue(str1, "CC_Result", str3) function, cf. Filter Rules in the
eCrypt Administrator's Guide.
The following is a list of file formats known to the Detect File
Format content handler. The first column shows the information
written by the content handler, the second column contains an
expanded description of the format.
BMP
DOC
EML
GIF
HTML
JPG
PDF
PIV
PPT
PS
Q1
RTF
SGML
SGMLP
TIFF
TNEF
TXT
UTXT
VSD
WP
WRD
XLS
unknown
16 Introduction
BITMAP
WINWORD
MIME
GIF
HTML
JPG
PDF
PIVOT
PowerPoint
POSTSCRIPT
QONE
RTF
SGML
SGMLPACKED
TIFF
TNEF
TEXTFILE
UNICODE
VISIO
WordPerfect
Dos Word
EXCEL
The file format could not be detected
AMS Technical Documentation
Detect Bar Code The Detect Bar Code content handler is an enhanced fax customer
authentication technology (TIN barcode labels). This content
handler detects EAN 128 barcodes contained in TIFF files.
The EXE to be used for the Detect Bar Code content handler is:
cmd.exe /c LookForBarcode.vbs %1
To use other content handlers, ask for the content handler API.
Authorizer Tree
Each user in the AMS user database has one superior (head) and an optional number of
substitutes. This way an authorizer tree or hierarchy is built up which defines who may
authorize whose messages.
eGuard derives a list of possible authorizers for each user from this tree as follows:
6. the user
7. the substitutes of the user (if [.AMSUser\Use Substitutes directly] is set to 1)
8. the users superior
9. the substitutes of the users superior
10. the superior of the users superior
11. etc.
After the list is built, it is cleaned up:
Each group in the list is replaced by the members of the group.
Any users without an authorization level are removed from the list, as they may not
authorize messages.
AMS Technical Documentation
Introduction 17
18 Introduction
4. The second authorizer is asked to accept or reject the message. If s/he rejects the
message, the originator is informed. If s/he accepts the message, the message is
sent out.
5. If the second authorizer fails to act on the message in
user in the originators list of authorizers becomes the
the workflow continues with step 2. If the new second
or is already the first authorizer, the system takes the
Actually, the whole process is even more complicated, as a skipped authorizer has the
option of reattaching to a workflow under certain circumstances, and the originator can
withdraw the message at any point in time before the workflow is finished. Therefore, it
is advisable to carefully study Schematic of the AMS Authorization Workflow.
Workflow-specific settings are to be found in Workflow Settings on page 45 and in
[Sentinel\AMS Check\]. The eGuard Users Guide shows the steps from the users point
of view.
The following is a list of registry settings and user properties which are checked at the
beginning of the workflow:
1. User property What to Do with Mail (cf. AMS Management Guide). If the value of this
property is less than zero the intermediate workflow state is reject, if it is greater
than zero the state is accept, otherwise the state is proof. If the state is proof
continue with check 2.
2. The recipient is checked against the following registry keys:
[Sentinel\AMS Check\Accept Mail From\],
[Sentinel\AMS Check\Accept Mail To\],
[Sentinel\AMS Check\Proof Mail From\],
[Sentinel\AMS Check\Proof Mail To\],
[Sentinel\AMS Check\Reject Mail From\],
[Sentinel\AMS Check\Reject Mail To\]
If the state is still proof continue with check 3.
3. If [Sentinel/AMS Check/Reject If No Authorizers Specified] is set and the list of
possible authorizers for the originator is empty the state is set to reject. Otherwise,
continue with check 4:
4. If the classification of the message is private or passed and [Sentinel\AMS
Check\Private Allowed/Passed Allowed] is enabled the state is set to accept.
Otherwise, the workflow is started, i.e. authorizers are determined etc.
Workflow Engine
The workflow engine (AMSCheck) [Sentinel\Authorizer Program] is explicitly executed by
the sentinel. It manages all the workflows within the AMS system by updating and
AMS Technical Documentation
Introduction 19
classification:
to be
authorized
YES
Status: select
authorizers
Sender:
automatic
authorizer
selection
YES
NO
"eGuard Select"
mail to Sender
Sender selects
first and second
authorizer
Sender
withdraws
message
Status: Pending
first authorizer
accepts message
NO
Timeout
Status:
withdrawn
first authorizer
rejects message
Timeout
second
authorizer
rejects
message
"eGuard Rejected"
mail to Sender
"eGuard Non-Resp."
mail to Sender
Status: Rejected
Status: nonreponding
second authorizer
accepts message
Status: Sent
Introduction 21
AU1 = Sender?
NO
i := 1
YES
AUi enters
Authorization Page
p := i
Finish Work
Timeout
(i < n),
i := i + 1
Sender
withdraws
message
AUp processes message
Finish Work
Timeout
(i = n)
AUp
rejects
message
Page shows
"Command cannot
be executed"
AUi: the i-th authorizer in the list of authorizers for the originator,
where AU1 is the authorizer selected by the originator
Expiration Date
Outlook provides the message option Expires after to make a message unavailable after
a specified date. You can set this option in your message window as follows:
1. Call the Options command in the View menu.
2. Under Delivery options, select the Expires after checkbox, and then enter the
expiration date you want.
Example: You sent out a message to Mr. Smith with the expiration date 30.10.2002
11:00.
If Mr. Smith does not read the message before 30.10.2002 11:00 the message is
deleted from his inbox.
AMS Technical Documentation
Introduction 23
If Mr. Smith does read the message before 30.10.2002 11:00 the message appears
as struck through in his inbox (as soon as the expiration date has passed).
eGuard provides an additional functionality for messages with an expiration date. The
originator of those messages gets an interim notification if a certain percentage of the
expiry time has already elapsed and the message has not yet been authorized and thus
not yet been sent out. This feature and the percentage to be used can be configured by
the administrator.
The following registry settings found under [Sentinel\AMS Check\] can be used to
configure this feature:
Use Expiry-Date
Set to 1 to enable the feature. If set to 0 the following registry settings are ignored.
Timeout Expiry-Date minimum minutes
eGuard ignores the expiration date and handles the message as a standard message
(without any expiration date) if the following is true: the interval between the time
eGuard receives the message and the expiration date specified in the message is less
than the timeout specified in this registry entry.
Timeout Warning of Expiration Time (percent)
Timeout Notify Standard / Urgent
The originator of a message gets a notification if the percentage specified here of the
expiry time has already elapsed and the message has not yet been authorized and thus
not yet been sent out. Actually, eGuard uses the minimum of the value calculated on the
basis of this setting and the value specified under Timeout Notify Standard / Urgent.
Remove after Use: Expiry-Date
If set to 1 eGuard removes the expiration date from the message before sending out the
message, i.e. the expiration date is used to trigger interim notifications only, and not to
make the message unavailable after a specific date.
There is one more registry setting which is not used to configure this feature. It is
mentioned here because it contains the word Expiry-Date:
24 Introduction
To configure this feature use eGuard.hta (located in the HTA subdirectory of Sentinel,
e.g. c:\ams\sentinel\hta).
If you check the Mention Authorizer within X-Message-Flag box, all messages which have
been authorized by at least one person different from the sender get an X-message-flag.
In the X-Message-Flag content box you can specify the text to be displayed in the Xmessage flag. Use variables '%%Authorizer1CurrentNice%%' and
'%%Authorizer2CurrentNice%%' (in single quotes) as placeholders for the names of the
authorizers.
Introduction 25
26 Introduction
= 0|1
Write OutOfOffice
Purpose:
= 0|1
= <number>
Purpose:
This entry specifies the time in minutes after which Out-of-Office status is to
be synchronized for users who were available during the last sync
operation.
Example:
"120"
= <number>
Purpose:
This entry specifies the time in minutes after which Out-of-Office status is to
be synchronized for users who were unavailable during the last sync
operation.
Example:
"5"
Note: The sync process (syncooo.bat) should be scheduled in Rdexpo to run as often as
the minimum of the above two values, i.e. 5 minutes in the above example.
Syncooo.bat contains the following line of code:
cscript c:\ams\sentinel\CheckOOO.vbs %COMPUTERNAME% 6 //T:2400
The second parameter of the VBS script (in this example 6) should be set to X+1, where
X is the number of minutes the sync process is scheduled to run.
In addition, there is the following registry entry:
Default Write Interval State
Purpose:
= 0|1
Only relevant if Write OutOfOffice is set to 1. Specifies the default value for
the checkbox Set Outlooks Out of Office status at the beginning and end of
this period and add the following AutoReply message to this period.
Introduction 27
authorization request. If you send out a message at 4:59 p.m., you will most likely get a
timeout from each authorizer. Instead, you would want the system to give each
authorizer 15 minutes within the official working time, i.e. the first authorizer could
respond until 9:14 a.m. the next day.
This is where eBusy comes in. It allows you to specify the official working time intervals
for each day of the week, and for special dates (usually holidays). Furthermore, it is
possible to give each interval a "type" which defines the working level. A level of 100%
means "full work", i.e. one work minute corresponds to one minute in real time. During
an interval with a level of 50%, somebody who is requested to authorize within
15 minutes actually has 30 minutes to do this, as one work minute corresponds to two
minutes in real time. This feature enables you to approximate the times when not
everybody is usually at work.
The entire eBusy database can be maintained via the eBusy Web Interface. It lets you
add and remove special holidays, as well as edit the list of time intervals. Most of the
interface should be self-explanatory, except for the option for defining nested intervals.
The interface automatically sorts nested intervals so that the interval type A always
precedes interval type B if A comes somewhere after B in the list.
Please refer to [Sentinel\eBusy] for the registry options for configuring database access
and to eBusy Interface on page 104, which describes the eBusy Server Page Extensions.
The AMS, Web-based Administrator Tools (WebAdminGuide.pdf) describes the e Busy
Web Interface.
28 Introduction
HTTP Client
(Browser)
SMTP Client
(Mailer)
outer world
POP3 Client
(Mailer)
IMAP Client
(Mailer)
SMTPWire
(e.g. Exchange)
SMTPHost
HTTP
Server
SMTP
Server
Mail router
POP3
Server
IMAP
Server
Diasepa
engine
Workflow
engine
(AMSCheck)
Filter program
POP3
accounts
AMS System
Sentinel
Scheduler
Schedule
programs (filter
and workflow
scheduler,
eMMS batch
files, etc.)
runs, uses
Workflow
database
User database
(Registry)
accesses
communicates with
Introduction 29
eCluster
Two independent AMS servers called AMSX and AMSY below work together as a
single AMS system to ensure that mission-critical applications and resources remain
available to clients. Both AMS Servers have individual IP addresses. Both IPs are entered
as an A record in the DNS server (e.g. for eGuard). There is one IP address, called IPV
(for virtual IP). At the beginning this IP belongs to AMSX, i.e. AMSX is now the master.
Important: The purpose of eCluster is simply to guarantee the availability of the AMS
service but not back up the AMS workflow data.
A sample architecture Might be as follows: AMSX and AMSY both have two network
cards. The network cards X1 and Y1 would be used to communicate with the outside
world. The network cards X2 and Y2 would be used for communication between AMSX
and AMSY, e.g. for synchronization. In order to obtain this architecture, eCluster would
be configured as shown in Configuring eCluster, below.
AMSX
AMSY
IP X1
IPV
Network
card X1
IP Y1
Network
card Y1
IP X2
Network
card X2
IP Y2
Network
card Y2
Assigning IPV
On the slave a fastping on IPV is performed every N ms (N is configured in the Interval
box in the Ping frame of CluistUI.exe, cf. below). If the fastping returns a valid answer it
is assumed that everything is running smoothly. If the fastping does not return a valid
answer, several stress fastpings are performed (every M ms; M is configured in the
Stress interval box, the number of stress fastpings being configured via Stress count in
30 e Cluster
the Ping frame). If these fastpings also return invalid answers, the IPV is assigned to the
slave, i.e. the old slave is now the master (IPHlpApi.dll).
Synchronization
A IPCheck program runs on AMSX and AMSY, the program checking whether IPV belongs
to AMSX or AMSY.
If IPV belongs to AMSX:
Synchronization on AMSX: Scheduled jobs are running, i.e. a synchronize Exchange job
would be executed.
Synchronization on AMSY:
Scheduled jobs are not running on the slave. eCluster calls the following two programs
to synchronize data (by default all relevant data is synchronized; using CluistUI.exe files,
folders or registry branches to be synchronized may be added or removed):
-
If IPV belongs to AMSY: same as above, except replace AMSX with AMSY and AMSY
with AMSX.
e Cluster 31
Configuring eCluster
Clustui.exe is an application used to configure eCluster. It reads and writes from the
registry [HKLM\SOFTWARE\DIALOGIKA\AMS\eCluster].
Network
Adapter Select the network card to be used for the virtual IP.
In the sample architecture above, Network card X1 (Y1) would be
selected.
Add Virtual IP now Click on this button to make this AMS server the master.
Test on Virtual IP Click on this button to get information on who currently owns IPV.
Ping
Interval Specifies in which time intervals (ms) the slave fastpings the IPV
address.
Stress interval Specifies in which time intervals (ms) the slave stress-fastpings
the IPV address.
Stress count How many stress-fastpings have to fail before IPV is associated
with the slave, making the slave the new master.
Receive timeout This entry specifies after which time intervals (ms) fastpings time
out.
Add Virtual IP Relevant when there is alternation between the master and the
AMS Technical Documentation
e Cluster 33
automatically slave. When this box is checked, the slave automatically tries to
get IPV. When this box is not checked, there is a message for the
administrator to assign IPV manually. This would be done by
clicking the Add virtual IP now button in the Network frame on the
new master.
Replication
User User account to be used to synchronize files and registry data.
Password Password of the user account.
Interval Specifies in which time intervals (ms) replication
Reinit Configuration Specifies in which time intervals (ms) eCluster reads the settings
(ms) from the registry.
SyncDir Program Name of the program to synchronize files.
SyncDir Parameters Parameters for the SyncDir program.
SyncReg Program Name of the program to synchronize the registry.
SyncReg Parameters Parameters for the SyncReg program.
Broadcast Stress (ms) Specifies in which time intervals (ms) eCluster sends a broadcast
message about IPV during the first 2 minutes after alternating
between the slave and the master.
Broadcast Standard Specifies in which time intervals (ms) eCluster sends a broadcast
(ms) message about IPV.
Jobs
The Jobs button opens a dialog for specifying programs to be executed On startup, On
startup as master, On startup as slave, On switching to master, On switching to slave.
This is useful when you have additional software that has to be notified about the current
34 e Cluster
The dialog lists all the jobs configured on the current machine. There are no predefined
jobs included with the AMS setup. Notice that these jobs are not monitored by eCluster.
Once they are successfully started, they are on their own doing whatever they have to
do.
Add job Clicking on this button opens a dialog for specifying a new job. You
have to configure when the job is to run, a nice name for the job,
and the program path of the program to be executed. You can also
add a list of command-line parameters that are appended to the
executed program call along with a username/password combination
of the Windows User Account used to run the job.
You can set the When option to Never, which ensures that the job
will never be started without removing it from the list first.)
e Cluster 35
If AMSX (acting as the master in the cluster) fails, the admin has to do the following:
i.
On AMSY (old slave): Call Clustui.exe and check the This machine is configured as
Master box in the Tools Options frame.
[Sentinel\]
The AMS Sentinel Service is AMSs main service. It contains the HTTP Server and Mail
Server, and is responsible for launching all scheduling processes and the AMS workflow
state engine. This section describes the main settings of the sentinel.
CreateUserAccountAddress = <string>
Purpose:
Default:
CreateAccount@eguard.ams
This entry specifies how many milliseconds a query to the workflow database
is to wait until a timeout is returned.
Default:
5000
DoRelay = <boolean>
Purpose:
If this entry is set to 0, the sentinel only accepts messages for extraspecified addresses.
Default:
Messages to this domain are notifications from the user to the AMS system.
They should be treated independently of any specific user rights (i.e. send
directly).
Default:
Eguard.ams
Default:
20
FixGateway = <boolean>
Purpose:
Default:
The service stores all messages and its databases in the file system. Regular
checks are made to determine whether the file system still has sufficient
space for everything. Each directory of the service is checked separately,
thus enabling these directories to be spread over different partitions. If the
service finds that one of its directories has less space than this value, it
initiates its shutdown. See also FreeSpace Warning MByte below
Default:
20
Purpose:
If one of the directories has less than the amount of free disk space specified
here, a warning is written to the log file.
Default:
100
The service logs all actions to a log file called sentinel.log. It starts a new log
file for each new day and for each service restart, while renaming the older
log files and deleting the oldest log file. The log file of yesterday is called
sentinel.000, the log file of the day before yesterday is called sentinel.001.
The number given by this entry defines how many log files are to be stored
before the oldest one is deleted.
Default:
99
LoggingAddress = <string>
Purpose:
After a single workflow has terminated its log files, message and status
reports are packaged to a message and sent to this address for archiving.
Default:
(none)
Example:
AMSLog@company.com
The number of seconds specified here determines how often the sentinel
starts the workflow scheduler, filter schedule program and user-defined
scheduling programs [Sentinel\Scheduler\], and checks for transfer errors
and sufficient free disk space, etc.
Default:
180
This entry specifies how many threads of the following Max Thread value are
allowed to be used for trying to send messages.
Default:
32
Each incoming mail or each HTTP request uses a thread of its own. This
enables the sentinel service to scale well on multi-CPU systems. You can
specify how many concurrent threads are to be allowed.
Default:
128
ReRouteFromAddress = <string>
Purpose:
This e-mail address is used in the From: field if a notification is sent from
the sentinel to the originator of a message, e.g. in the select authorizers
notification. This entry is usually the same as the LoggingAddress.
Default:
(none)
Example:
AMSLog@company.com
There can be more than one IP address assigned to the AMS server
computer. If this setting is set to 0.0.0.0, the sentinel listens to all of its IP
addresses for connections. Otherwise it listens to a particular IP address
specified in this entry.
Default:
0.0.0.0
UseDNS = <boolean>
Purpose:
This value defines whether the sentinel is to also use available DNS service
to find out how to route the message to the next gateway or recipient
(defined MX records of domains).
Default:
SMTP Settings
HELO Server Name = <string>
Purpose:
This entry defines how the message engine is to identify itself during an
SMTP session. If the string is left empty, the message engine identifies itself
with its DNS name.
Default:
If this entry is set to 1, the SMTP part of the sentinel checks the recipients
address of each mail sent. If the right part of the address (domain name)
contains characters not specified in the SMTP Domain Chars entry below, the
mail is not sent.
Default:
This entry specifies a set of valid characters for the domain name part of a
recipients address (see SMTP Check Domainname above). If this entry is
empty (), no check is performed.
Default:
0123456789.abcdefghijklmnopqrstuvwxyz-
The SMTP part of the sentinel listens to this port for incoming messages.
Default:
25
Smtphost = <string>
Purpose:
This is the IP address of the default mail gateway and, if the DNS is not
enabled, of the only mail gateway for messages from the inside.
Default:
1.1.1.2
SMTPWire = <string>
Purpose:
This is the IP address and port of the inside host. Messages from this host
are treated as inside messages. Messages from the outside are forwarded to
this host.
Default:
1.1.1.1:25
A message may contain special information indicating that the sender wants
a delivery notification from the recipient (RFC 1891). If this entry is set to
0, the sentinel strips this information from the message.
Default:
If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of a computer sending a message via SMTP to the sentinel. The resolved
name is used in the log files and in the added Received: field of the mail
header.
Default:
HTTP Settings
AMS Cache = <string>
Purpose:
Each HTTP session is able to store memory snapshots and access this
memory instead of recomputing all components each time. These snapshots
are stored in this directory.
Default:
<SENTINEL_DIR>\CACHE
Example:
C:\AMS\SENTINEL\CACHE
Default:
CookieLifetime = <number>
40 Registry Entries of AMS
Purpose:
Default:
32
The sentinel sometimes creates temporary files while receiving data via
HTTP. If this setting is set to 1, these files are deleted immediately.
Default:
Default:
Default:
Default:
<SENTINEL_DIR>\WWW
Example:
C:\AMS\SENTINEL\WWW
Default:
/index.htm
When the HTTP part of the sentinel sends a cookie to a client, it needs to
specify the HTTP domain of the server. The domain given here has to match
the HTTP server setting and has to start with a dot.
Default:
.ams.com
This entry defines the number of seconds until a dynamically created file
expires. When the user loads an expired file, the browser sends a new HTTP
request to the sentinel instead of loading the file from its cache.
Default:
10
This entry defines the number of seconds until a normal file (not dynamically
created) expires. When the user loads an expired file, the browser sends a
new HTTP request to the sentinel instead of loading the file from its cache.
Default:
The HTTP part of the sentinel service listens to this port for incoming HTTP
requests.
Default:
8080
This entry defines for how many seconds reception of an HTTP request may
be idle before the sentinel can be sure the connection timed out.
Default:
60
This entry defines the HTTP send buffer size. The answers of an HTTP
request are split into TCP/IP packets up to this maximum size.
Default:
512
This entry defines for how many seconds transfer of HTTP data may be idle
before the sentinel can be sure the connection timed out.
Default:
60
This entry specifies the complete server part of the URL including the port
number. This setting must match the HTTP Domain setting (cf. above). The
HTTP part of the sentinel uses this setting to identify itself.
Default:
http://www.ams.com:8080
If this entry is set to 1, each HTML page the sentinel sends is parsed for
variable names enclosed in $$<< and >>$$ which are replaced by the
variable values defined in [Sentinel\Environment\]. See HTTP Server and
Web Interface on page 9 for a detailed explanation.
Default:
Purpose:
To reduce traffic, a client sending an HTTP request can specify a date in the
IF-MODIFIED-SINCE field of the request header. If the requested file on
the server has not been modified since that date, the server normally sends
a blank file instead. The HTTP part of the sentinel does the same thing unless
this entry is set to 0 (which makes the sentinel ignore the IF-MODIFIEDSINCE field).
Default:
If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of the client computer sending an HTTP request. The resolved name is only
used in log files.
Default:
This entry specifies additional parameters for the script interpreter. The
parameter //B suppresses the display of all user prompts and script errors.
//Nologo suppresses the display of the interpreter logo, and //T:20 limits
the execution of each script to twenty seconds. (//Nologo //T:20 should be
used for development work only, as the missing //B allows AMS to fill the
%%VBS_ERROR%% AMS placeholder with the VB Script error message.)
Default:
Default:
CSCRIPT.EXE
When the Diasepa engine processes an .ams file, the following temporary
files are created: a VBScript file (.vbs), an error file (.vbs.error) and a
value file (.vbs.value). If one of the above entries is set to 1, the
respective file is deleted immediately afterwards.
Default:
Default:
64
Default:
If a message has not been delivered successfully to the next mail gateway or
mail recipient the sentinel waits for the number of minutes specified in this
entry before it retries sending the message. This value is also tallied for each
additional failure.
Default:
The default values for the entries in this section have the following effect: The time
difference between two retries is increased by five minutes, i.e. 5 min., 10 min., 15 min.,
20 min., This means the sentinel tries to send the message after 0 min., 5 min., 15
min., 30 min., 50 min., The originator is informed about the problem after three tries,
i.e. after 15 minutes. After 64 tries, i.e. after 0+5+10+15+20+ = (n*(n-1)/2)*X
minutes = (64*(64-1)/2)*5 minutes = 10080 minutes = 7 days the sentinel gives up and
sends a notification to the originator of the message.
Filter Settings
Filter Clean Program = <string>
Purpose:
Default:
FILTER.EXE SCHEDULE
The file name of the filter program. This program is called explicitly for each
message to be filtered.
Default:
FILTER.EXE
If this entry is set to 1, the filter rules are applied to all messages coming
from the inside.
Default:
If this entry is set to 1, the filter rules are applied to all messages coming
from the outside.
Default:
FilterPath = <string>
Purpose:
Default:
<SENTINEL_DIR>\FILTER
Example:
C:\AMS\SENTINEL\FILTER
Workflow Settings
Allow direct Delivery Notification to inside = <boolean>
Purpose:
Default:
Same as the above setting, but for outgoing delivery notifications. Delivery
notifications have an empty From: field. If this entry is set to 1, no
outgoing mail with an empty From: field results in an authorizer workflow,
which might be a security risk.
Default:
This entry specifies the name of the workflow engine. You may wonder why
the workflow engine is not part of the sentinel. The answer is simple: By
separating the sentinel from the workflow engine via process boundaries, the
sentinel service cant be harmed by a workflow mistake.
Default:
AMSCHECK.EXE
Default:
Default:
Default:
The AMS workflow stops creating notifications if more than this number of
messages are waiting for delivery to the users.
Default:
1024
This entry specifies how the sentinel is to call the scheduling part of the
workflow engine. It backs up the registry regularly, checks the workflows for
timeouts, and synchronises the workflow database with the workflow
directory. Refer to Workflow Scheduling Program on page 20 for detailed
information.
Default:
AMSCHECK.EXE -SCHEDULE
Directories
AMS Logfiles = <string>
Purpose:
The various AMS programs store logging information in this directory. See
AMS Web-based Admin Tools , AMS Log section for more information about
the logging format and file names.
Default:
<SENTINEL_DIR>\LOGFILES
Example:
C:\AMS\SENTINEL\LOGFILES
This entry specifies the directory where eMMS (E-mail Path Monitoring
Process) stores its files.
Default:
<SENTINEL_DIR>\EMMS
Example:
C:\AMS\SENTINEL\EMMS
This directory contains all the subdirectories for each outbound workflow.
Default:
<SENTINEL_DIR>\MSGS
Example:
C:\AMS\SENTINEL\MSGS
This directory contains all the subdirectories for each inbound workflow.
Default:
<SENTINEL_DIR>\EMIM
Example:
C:\AMS\SENTINEL\EMIM
Pop3Path = <string>
Purpose:
This entry specifies the directory where the POP3 mailboxes are stored.
Default:
<SENTINEL_DIR>\POP3
Example:
C:\AMS\SENTINEL\POP3
SpoolDrv = <string>
Purpose:
The SMTP part of the sentinel stores all mail to the outside in this directory.
Default:
<SENTINEL_DIR>\SPOOL
Example:
C:\AMS\SENTINEL\SPOOL
WireSpoolDrv = <string>
Purpose:
Default:
<SENTINEL_DIR>\WIRE
Example:
C:\AMS\SENTINEL\WIRE
UndefSpoolDrv = <string>
Purpose:
This directory is used for storing all mail coming from a computer belonging
to the IP addresses specified in [Sentinel\Undef Network\].
Default:
<SENTINEL_DIR>\UNDEF
Example:
C:\AMS\SENTINEL\UNDEF
[Sentinel\Access SMTP\]
<string> = <string>
This key defines which IP addresses are allowed to establish an SMTP connection to the
sentinel.
The syntax of each entry is
<network name> = <IP address> <subnet mask>
The meaning of the parts is the same as in [Sentinel\Internal Network\].
There is a special entry called Anyone. If it does not exist, the sentinel creates one with
the value 0.0.0.0 0.0.0.0. This means any computer may establish an SMTP connection
to the sentinel, as any IP address which is logically associated with the subnet mask
0.0.0.0 results in 0.0.0.0. You cannot delete the Anyone entry because it is
automatically recreated. If you do not want anybody to connect to the sentinel, you can
set the entry to a value that never matches, e.g. 255.255.255.255 0.0.0.0.
Examples
Anyone = 255.255.255.255 0.0.0.0
Net 1 = 192.168.17.0 255.255.255.0
Meaning:
[Sentinel\AddressRouting\]
<string> = <string>
This key contains a number of rules that translate the message recipient address of
inside and outside messages by changing the To field of the message header. In
addition, the sentinel adds information about the change in the header of the MIME part.
The rules defined here are applied if no other address translation rules match (see
[Sentinel\AddressRouting from inside/outside\] and [Sentinel\AddressRouting from
Undef\] below.
Each entry (rule) has the following syntax:
<destination address> = [<value>,]<destination address>
It is possible to use wildcards on the left side and insert the content of these wildcards
again on the right side. However, the @ cannot be part of a wildcard, e.g. *1 never
matches abc@something.com. The universal e-mail address is *1@*2.
If no value is specified the default value (=50) is used. If two entries match the message
address the rule with the highest value wins. The registry is passed using the standard
Windows NT registry enumeration functions. If more than one entry matches and the
values are the same, the result is unpredictable.
48 Registry Entries of AMS
Examples
*1@somewhere.com = someone@somewhere.com
Meaning:
special@*1 = someonespecial@*1
Meaning:
*1.*2@anywhere.net = *2.*1@anywhere.net
Meaning:
This entry expects the left side of the @ to have a dot. A.B@anywhere.net is
translated into B.A@anywhere.net. Again, the default value (=50) is applied.
*1@*2.*3 = 30,*1.*2.*3@router.net
Meaning:
[Sentinel\AMS Check\]
AMS Technical Documentation
This is the place in the registry where the workflow engine finds its custom settings.
Allow Authorizer reattach after timeout = <boolean>
Purpose:
Default:
Default:
Default:
<SENTINEL_DIR>\WWW\ANSWERS.INI
Example:
C:\AMS\SENTINEL\WWW\ANSWERS.INI
This template file contains the format in which archived messages are sent
to the logging address.
Default:
<SENTINEL_DIR>\WWW\AMSDATA.TXT
Example:
C:\AMS\SENTINEL\WWW\AMSDATA.TXT
(reserved)
If set to 1: if the originator selects authorizers and does not yet have default
authorizers defined, the selected authorizers are saved as default
authorizers.
If set to 2: the authorizers selected last are saved as default authorizers.
Default:
Purpose:
After all possible authorizers have timed out, is the workflow to abort (0) or
start again with the first authorizer of the list (1)?
Default:
= <Dword>
Purpose:
A weight for the user property Send Directly=1. If Send Directly=1, this
value is compared with the weight of From/To Deliver Immediately (defined
in eGateway). The setting with the higher weight determines whether or not
the workflow is started.
Default:
0xffffffff
= <dword>
Purpose:
A weight for the user property Send Directly=-1 (minus 1). If Send
Directly=-1, this value is compared with the weight of From/To Call
Outbound Workflow (defined in eGateway). The setting with the higher
weight determines whether or not the workflow is started.
Default:
0xffffffff
If you check the Mention Authorizer within the X-Message-Flag box all
messages which have been authorized by at least one person different from
the sender get an X-message-flag, cf. Show Authorizers to Recipient on page
25.
Default:
Default:
If set to 1 eGuard removes the expiration date from the message before
sending out the message, i.e. the expiration date is used to trigger the
interim notifications only, and not to make the message unavailable after a
specific date.
Default:
If the status of a message is the same as the string in Status Private, the
message passes AMS without a filter and a workflow, unless this setting is
set to 0.
Default:
This entry specifies how many seconds the workflow is to wait for a locking
condition of a single instance.
Default:
(reserved)
Default:
This entry specifies whether messages to more than one recipient are to be
summarised to only one workflow (0) or whether several workflows are to be
created for each recipient (1).
Default:
(reserved)
Meaning:
Default:
/EPORTAL.AMS
The page which lets the author of a message select two authorizers.
Default:
<SENTINEL_DIR>\WWW\CHOOSEAUTHORIZER.HTM
Example:
C:\AMS\SENTINEL\WWW\CHOOSEAUTHORIZER.HTM
This is the message details page which gives tracking information about a
message.
Default:
<SENTINEL_DIR>\WWW\DETAILS.AMS
Example:
C:\AMS\SENTINEL\WWW\DETAILS.AMS
The pages which let the first/second authorizer accept or reject the message.
Default:
<SENTINEL_DIR>\WWW\APPROVE1.HTM and
<SENTINEL_DIR>\WWW\APPROVE2.HTM
Example:
C:\AMS\SENTINEL\WWW\APPROVE1.HTM and
C:\AMS\SENTINEL\WWW\APPROVE2.HTM
This is the page an authorizer sees after s/he has accepted or rejected the
message.
Default:
Example:
The AMS/eGuard logo picture which is displayed on all AMS web pages. It
can be in GIF, JPG or any image format supported by the web browser.
Default:
<SENTINEL_DIR>\WWW\IMAGES\AMSLOGO.GIF
Example:
C:\AMS\SENTINEL\WWW\IMAGES\AMSLOGO.JPG
Default:
/emms.ams
The portal page for each user. The path has to be given in relation to the
HTTP base path.
Default:
/PORTAL.AMS
Timeout Settings
Timeout Cleanup = <number>
Purpose:
Default:
Default:
The final cleanup date of workflow instances is computed and stored per
instance in order to prevent finished workflow instances from consuming too
much CPU power. If the Timeout Cleanup value is changed these instance
values are recomputed. This value allows AMS to notice a change in the
Timeout Cleanup value. Note: Never change this value manually.
Default:
Example:
When this number of minutes has elapsed since a message was added to an
eMIM queue and if the message has not been acted on within this time, the
workflow is finished. The value of SendMail EMIM Notify determines whether
the originator of the message is informed about the timeout. Note: this entry
can be set using the AMS Management tool (Tools menu, System Workflow
Properties command, eMIM timeout global field).
Example:
Example:
60
Purpose:
The minimum time frame to be used for expiry timeouts, i.e. eGuard ignores
any expiration dates (specified in Outlook) which are less than this entry,
cf. Expiration Date for more information.
Example:
10
Example:
30
Same as above for messages having the mime flag Importance High. This
flag can be set in Outlook using the Options dialog box. Note: this entry can
be set using the AMS Management tool (Tools menu, System Workflow
Properties command, Timeout warning urgent field).
Example:
15
Providing Use Expiry-Date (cf. below) is set to 1 and a message has the
option Expires after set (in Outlook, View/Options): the originator of the
message gets a notification if the percentage specified here of the expiry
time has elapsed and the message has not yet been authorized and thus not
yet been sent out. Actually, eGuard uses the minimum of the value
calculated on the basis of this setting and the value specified under Timeout
Notify Standard / Urgent, cf. Expiration Date for more information.
Example:
50
When this number of minutes has elapsed since a message was sent and if
the message has not been authorized within this time, the workflow is
finished. The value of SendMail TimeOut determines whether the originator
of the message is informed about the timeout.
Default:
This entry specifies how long (minutes) the workflow is to wait for the
authorizer to start work before it hands the job over to another authorizer.
Default:
60
Purpose:
Default:
300
Set to 1 to enable the Expiry-Date feature, cf. Expiration Date for more
information.
Default:
Sensitivity Settings
Each message can have a certain sensitivity level which can be set in the mail client
program. The settings are Private, Personal, Company-Confidential and (normal).
The [Sentinel\AMS Check\] key contains entries with the following syntax:
Sensitivity:<level> = <status>
These settings define what AMS status a message with a certain sensitivity level is to get
when it is received. If the sensitivity level status of a received messages is not specified,
the default status ? is taken.
See Private Allowed for an example showing what happens to mail with a certain
status.
Default Classification
Default Classification = <string>
Purpose:
Default:
Examples
Default Classification = ?
Sensitivity:Company-Confidential = Private
Sensitivity:Private = Private
Meaning:
Notification Settings
There are several events where the workflow may or may not send a notification to the
author or the authorizers. There are two types of notification:
56 Registry Entries of AMS
The user may get the notification via ordinary e-mail. The following entries starting
with SendMail define for which event such a message is sent. If the value is -1, no
notification message is sent at all, 0 means a message is sent, and 1 means a
message is sent containing the original message which raised the workflow as an
attachment.
The user may get the notification by eGuardian, which pops up a dialog box (see
Notifications and eGuardian on page 22). The following entries starting with
SendUDP define for which event such a dialog box is shown. If the value is 1, a
popup window is shown, if it is 0, nothing is shown.
SendMail Approve = <number>
SendUDP Approve = <boolean>
Purpose:
Default:
Default:
Default:
Default:
Default:
A notification informs the originator that his or her message has been
rejected.
Default:
Tells the originator that his or her message has been submitted.
Default:
Default:
Default:
Default:
Default:
Default:
Default:
Status Strings
Each message processed by AMS gets an internal status. The following entries associate
a string with each status. This string is used in the workflow databases and in log files.
Status Accepted = <string>
Purpose:
Default:
Accepted
String value with the meaning out of office. Authorizers marked as being
out of the office are marked this way when selected.
Default:
Out Of Office
Default:
Private
Default:
Rejected
Default:
Timeout
Default:
Withdrawn
Default:
(none)
All registry values below the key [HKEY_USERS\.AMSUser\] are stored in the
backup file COPY_OF_USER.REG at the beginning of the day. The day when
the last backup was made is stored here (1-31). The registry key is stored as
soon as the current day no longer matches this value. This value should not
be changed.
Default:
(none)
Examples
[Accept Mail To\]
*1@something.com = 0x00000032 (50)
[Proof Mail From\]
someone@something.com = 0x00000064 (100)
60 Registry Entries of AMS
[Sentinel\CGI Scripts\]
<string> = <string>
Using this registry key it is possible to define for which requested files the HTTP part of
the sentinel service starts a program on the AMS server instead of simply delivering the
file.
The syntax of each entry in this key is
<filename> = [<MIME type>,]<command>
<filename> is the name of the requested file for which the CGI program is started. It
may contain file name wildcards (*). <command> is the name of the program including
parameters. The <MIME type> defines the MIME type of the output generated by the
program. If this is specified, the sentinel creates the MIME header by itself, otherwise
this has to be done by the CGI program.
Examples
/sample.htm = text/plain,cmd.exe /c dir c:\*
Meaning:
Instead of delivering the requested file /sample.htm, the HTTP part of the
sentinel service supplies the output of the specified command as plain text.
In this example, the client receives a directory listing of C:\.
[Sentinel\Crypt]
CerPath = <string>
Purpose:
The path used by eCrypt to store the public certificates (*.cer files).
Default:
C:\\ams\\sentinel\\keys\\cer\\
Set to 1 if you want recipients who don't have S/MIME security to be able to
read the message. Note: this entry can be set using the eCrypt Management
Tool (Options menu, Settings command, Send clear text signed mail when
sending signed messages option).
Possible Values:
0 or 1
Example 1: You want to classify certificates as critical if their usage has not
been valid at least once: Set the Critical if is higher than entry to 1 and set
the Critical difference percentage to 100.
Example 2: You want to classify certificates as critical if their usage has not
been valid more than 50% of the time: Set the Critical if is higher than entry
to 1 and set the Critical difference percentage to 50.
Note: this entry can be set using the eCrypt Management Tool (Options
menu, Settings command, the percentage of the actual access count and
the successful access count is lower than % option).
Possible Values:
0 or 1
Possible Values:
0 or 1
DecodePath = <string>
Purpose:
The path used by eCrypt to look for messages to be decoded (i.e. decrypted
and validated).
Default:
C:\\ams\\sentinel\\decode\\
Possible Values:
0 or 1
EncodePath = <string>
Purpose:
The path used by eCrypt to look for messages to be encoded (i.e. encrypted
and signed).
Default:
C:\\ams\\sentinel\\encode\\
Purpose:
This entry stores which of the following options have been set using the
eCrypt Management Tool (Options menu, Settings command, Outgoing mail
handling frame):
1. Add digital signature to outgoing messages
2. Encrypt all content for outgoing messages
(the 3rd option Send clear text signed mail when sending signed messages is
stored by the entry Clear-signing, cf. above)
To get the value for this entry, add 1 if the first option is checked, add 2 for
the second. Cf. eCrypt Administrators Guide for more information on these
settings.
Example:
MainPath = <string>
Purpose:
Default:
C:\\ams\\sentinel\\
Password = <string>
Purpose:
This entry stores the password which has been set using the eCrypt
Management Tool (Options menu, Password command). Cf. eCrypt
Administrators Guide for more information on this entry.
Example:
U4pP42Xfoy+Z3hZcGc27UTEJ
PfxPath = <string>
Purpose:
The path used by eCrypt to store full certificates (*.pfx Personal Information
Exchange files).
Default:
C:\\ams\\sentinel\\keys\\pfx\\
Set to 1 if new pending certificates are to get the Active status even if there
is already an existing active certificate for the respective user. Note: this
entry can be set using the eCrypt Management Tool (Options menu,
Settings command, Set new pending certificates as active certificates
option).
Possible Values:
0 or 1
This entry stores which of the following options have been set using the
eCrypt Management Tool (Options menu, Settings command, Critical
certificates frame):
1. Use critical certificates to sign outgoing messages
2. Use critical certificates to encrypt outgoing messages
3. No notification when critical certificates verify incoming messages
4. No notification when critical certificates decrypt incoming messages
Cf. eCrypt Administrators Guide for more information on these settings.
Example:
12 (which means that the third and fourth option (4+8) are checked)
This entry stores which of the following options have been set using the
eCrypt Management Tool (Options menu, Settings command, Use pending
certificates to options):
1. Use pending certificates to verify incoming messages
2. Use pending certificates to encrypt outgoing messages
Cf. eCrypt Administrators Guide for more information on these settings.
Example:
3 (which means that the first and second option (1+2) are checked)
This entry specifies in which time intervals (minutes) eCrypt checks the
decode and encode directory to see whether there is work to do.
Default:
10
This entry specifies what eCrypt adds to the message header when clearsigning the message.
Default:
application/x-pkcs7-signature;name=\"smime.p7s\"
Encrypting = <string>
Purpose:
This entry specifies what eCrypt adds to the message header when
encrpyting the message.
Default:
application/x-pkcs7-mime;name=\"smime.p7m\";smime-type=envelopeddata
Signing = <string>
Purpose:
This entry specifies what eCrypt adds to the message header when signing
the message.
Default:
application/x-pkcs7-mime;name=\"smime.p7m\";smime-type=signed-data
[Sentinel\Crypt\Global Error]
64 Registry Entries of AMS
[Sentinel\eBusy]
With eBusy you can define certain working times that prevent AMS from requesting a
reply while nobody is at work. This part of the sentinel is described in detail in the
introductory section The eBusy Database on page 27.
All defined intervals are stored in the eBusy database file. A cache file is used to speed
up work time computation. The following registry settings mainly define the cache size
and the directory where both files are stored.
Cache Days Generate Before = <number>
Cache Days Generate After = <number>
Purpose:
The cache size is always updated so that it at least covers the time range of
the last eBusy request, plus a number of days before and after that range
specified by these registry entries.
Default:
Default:
When no working time intervals are specified for a weekday, eBusy assumes
people work the entire day with a working level described by this entry.
Default:
100
Specifies the directory where the eBusy database file (ebusy.dat) and the
eBusy cache file (ebusy.ecf) are stored.
Default:
[Sentinel\eMIM]
Default Rotation = <number>
Purpose:
Incoming faxes are rotated by this factor before entering the eMIM
workflow.
Default:
10
1 enables the registry entry Dispatch Extra Time. If 0 the new individual
responsible gets his own value of Timeout EMIM Work.
Example: The system value for Timeout EMIM Work is 60 minutes. There are
no user-specific entries for Timeout EMIM Work. A delegates a message after
20 minutes to B. Then B has another 60 minutes to handle the message.
Default:
Default:
16
Default:
64
If this entry is set to 1 a superior and all his/her substitutes are notified
simultaneously. If it is set to 0 substitutes are notified only if the superior did
not handle the message in time.
Default:
You can flag a message as important, meaning that it may not leave eMIM
monitoring (i.e. the message may be fetched or delegated but not
forwarded). The entry may contain a formula. The result of the formula
should be 1 or 0, indicating that the message is important or not important
(cf. AMS Management Guide, section Message May Not Leave eMIM
Monitoring for more information).
Default:
[Sentinel\eMIM\WWW-Settings]
Max User in SelectList = <string>
Purpose:
Default:
30
[Sentinel\EMMS\]
Clean Finished Timeout = <number>
AMS Technical Documentation
Purpose:
Default:
60
Default:
Default:
Default:
12
By default, eMMS uses the AMS user level to determine who should receive
a notification in case eMMS detects a problem. Alternatively, this entry can
be used to define a program or batch file name to be launched if eMMS
detects a problem.
Default:
Default:
Scheduler = <string>
Purpose:
Default:
doemms.exe default
Purpose:
This entry enables you to configure how long problems may remain
unresolved before administrators are notified again. For example, if a
problem is not resolved within 60 minutes administrators are notified again
about the problem.
Default:
60
[Sentinel\Environment\]
<string> = <string>
It is possible to use this part to define global environment settings for all AMS processes.
It should be used, for example, to redefine TMP and TEMP to the cache subdirectory.
The syntax of each entry is
<environment variable> = <value>
Names of environment variables are case-insensitive.
[Sentinel\External Config\]
<string> = <string>
This key contains several commands that are executed when the sentinel service is
started. Usually, various AMS applications are run to initialise themselves.
The syntax of each entry is
<program name> = <command with params>
<program name> is an identifier designed to make recognising the program easier for
the administrator; it is ignored by the sentinel. <command with params> is the
command that is executed from the sentinel directory.
[Sentinel\IMAP]
The settings below this key control the behaviour of the external IMAP server, thus
providing an alternative way to access the POP3 mailboxes. Please refer to IMAP Server
on page 9 for further information on the IMAP server.
Allow plain authentication = <boolean>
Purpose:
The server provides for two types of authentication: CRAM-MD5, where user
names and passwords are encrypted, and plain authentication, where the
credentials are transmitted as readable text. If you use Microsoft Outlook or
Outlook Express for IMAP access, you need to enable plain authentication,
since these clients do not support CRAM-MD5.
Default:
Purpose:
Specifies (in seconds) how often the server is to check the currently selected
folder for new messages and notify the client accordingly. If the setting is 0
(zero), automatic notification is disabled.
Default:
15
The port number on which the IMAP server listens for incoming client
connections.
Default:
143
This entry defines the IMAP receive and send buffer size. The requests to the
IMAP server and the responses are received and sent in TCP/IP packets up to
this maximum size. A negative number means that the default buffer size is
used.
Default:
Specifies the period in seconds during which the server attempts to receive
an expected command continuation or to send a response to the client
before it cancels the current operation. Note: The server never unilaterally
shuts down a connection to a client unless it is closed.
Default:
An IMAP mailbox can contain folders and subfolders, each of which may
contain messages except for the root folder. Also, a folder named INBOX
always has to be present. With this setting enabled, the messages appearing
in the INBOX are actually stored in the POP (root) folder so that these
messages are accessible via POP3 and IMAP. If this setting is disabled, the
IMAP server copies new messages from the root to the INBOX folder, thus
preventing a POP3 client from altering the messages in the IMAP INBOX.
Default:
Specifies the maximum number of messages in a folder that are made visible
to the client. If the number is 0 (zero), all messages are considered.
Default:
4096
Purpose:
If the recipient has read a message (i.e. if the Seen flag of the message is
set for the first time) and if a request for a read receipt is found in the
message header, the server sends this receipt to the originator of the
message by calling the application specified in this entry, with the message
file name as argument.
Default:
filter.exe mdnnotify
Default:
If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of the client computer sending an IMAP request. The resolved name is only
used in the log files.
Default:
Default:
[Sentinel\Information\]
This key contains several strings that appear in AMS messages. These messages can be
adapted to other languages by changing these strings.
Append the Authorizer to X-Message-Flag
Purpose:
Default:
delivery aborted
Default:
Your message did not reach some or all of the intended recipients.
HTTP_BadRequest = <string>
Default:
<html><head><title>Bad Request</title></head><body><h1>Bad
Request</h1>Sorry, I do not understand what you want.</body></html>
HTTP_FileNotFound = <string>
Default:
HTTP_TooManyConnects = <string>
Default:
<html><head><title>Too many
connections</title></head><body><h1>Access Denied, Too Many
Connections</h1>Try again later.</body></html>
[Sentinel\Internal Network\]
<string> = <string>
The SMTP part of the sentinel service distinguishes between messages from the inside,
from the outside and from an undefined location. By default, a message from any source
is treated as from the outside. Only messages from the IP address of the wire host
[Sentinel\SMTPWire] are treated as coming from the inside. If you logically connect more
than one device to the sentinel it may be necessary to define more inside IP addresses.
This registry key defines other inside sources for messages.
The syntax of each entry is
<name> = <network address> <subnet mask>
The name on the left side is designed to make identification of the network easier for the
administrator; the sentinel ignores the name. The network address and the subnet mask,
separated by a space, specify the range of IP addresses belonging to the internal
network. To determine whether a specific IP address belongs to a network, the sentinel
combines the IP address and the subnet mask with a logical AND and compares the
result with the network address.
Examples
[Sentinel\Logfiles]
The logging information produced by the different AMS processes can be easily accessed
via the Log files web interface. This key contains information about how the interface
should treat the data and fields in the AMS log files. To find out how to access these
registry settings via the Log file interface of the Diasepa Server Pages, please read Log
Files Interface on page 103.
To distinguish between the different types of logging information (log types), each log
file name has a four-letter prefix, e.g. HTTP is used for files that log accesses to the
web server. For more information on that topic, please refer to AMS Web-based Admin
Tools , AMS Log section.
The [Sentinel\Logfiles] key contains no entries, but instead several sub keys. Each sub
key must have a name of a log type, and only the sub keys defined here are displayed in
the log type selection box of the web interface.
Each of these log type keys may contain the following entries:
Display Name = <string>
Purpose:
This entry defines the name of the log type as it is display in the log type
selection box of the web interface.
Default:
The short name of the log type (i.e. the four-letter prefix)
This entry specifies in which order the columns in the file are displayed in the
table of the web interface. The entry must be a comma-separated list of
column numbers (see below). You can leave out certain columns or display
them more than once.
Example:
0,1,5,4,2
Default:
0,1,2,n where n is the number of the last column (i.e., all columns are
shown in the order they appear in the file)
Column Settings
Each line in a log file is separated into several fields. You can specify how each field
should be treated by the web interface.
Each of the log type keys mentioned above may contain several sub keys, one for each
data field in the file. The name of each key must be the number of a field/column,
starting from 0. The first field (0) usually contains a time value. Each sub key contains
entries to describe the column. Please note that the next section contains an example to
show how to use all these settings.
Filter = <string>
Purpose:
Specifies a filter for the field, which must be a regular expression. If the data
in the field matches the filter, the whole line/row will not be displayed.
Example:
clock\.js
Default:
Header = <string>
Purpose:
Replace<x> = <string>
Replace<x>With = <string>
Purpose:
The data in the field can be modified according to these settings. If the data
matches Replace<x>, it is replaced with Replace<x>With, where <x> is a
digit between 0 and 9. At first, Replace0 and Replace0With are checked, then
Replace1 and Replace1With, and so on. This way, you can define up to ten
replacing rules.
Type = <string>
Purpose:
Specifies the data type of the current field. This can be Time for time
values, IP for IP addresses, Number for numbers and for no special
types. The type influences the way user-defined filter ranges are treated.
Example: If the user defines a filter range from 1 to 4, a lexicographic
comparison is performed, thus not filtering fields containing 12. This can be
avoided by giving the field the Number type, in which case the comparison
is done numerically.
Width = <string>
Purpose:
Specifies the width of the column when displayed. This can be a relative
value like 40% or an absolute value like 200px. In fact, the width string
given here is used as the WIDTH attribute of the TD tags in the table.
Example
[Sentinel\Logfiles\HTTP]
Column Order = 0,2,1
Display Name = HTTP - requests to the web server
[Sentinel\Logfiles\HTTP\0]
Header = Time
Type = Time
[Sentinel\Logfiles\HTTP\1]
Header = User agent
Replace0 = .*(MSIE[^;]*).*
Replace0With = $1
[Sentinel\Logfiles\HTTP\2]
Header = Requested file
Width = 100%
Meaning:
This example defines just one log type, HTTP. In the web interface, it will be
displayed as HTTP requested to the web server. The files contain at least
three columns, which are displayed in the order 0,2,1. The first column (0)
contains a time value. The second column (1) contains information about the
user agent. Via the Replace0 and Replace0With entries, the whole user agent
identification line will be replaced with the extracted browser name and
version number. The third column (2) contains the names of the requested
files. This column gets all the space on the screen not needed by the other
columns.
Examples
[MAIL to deliver immediately\]
*1@something.com = 0x00001000
[MAIL to call AMS\]
someone@something.com = 0x00002000
AMS Technical Documentation
Meaning:
[Sentinel\MiMail\]
Convert text plain2html = <boolean >
Purpose:
Plain text is converted to HTML (by default) to look nicer. Set this entry to 0
to prevent plain text from being converted to HTML.
Default:
These entries belong to the Modify submitted messages feature (still under
development and not yet ready for use).
These entries specify whether the first authorizer, the second authorizer and
the originator are allowed to change the content and attachments of a
message in a workflow.
Default:
[Sentinel\MiMail\Icons\]
<string> = <string>
The Message Details Page shows the user a list of all the files attached to the message.
Each file name has an icon next to it in keeping with the file type. This section specifies
which icon is to be used for which file type.
Icons can be specified via the extension of the file name or via the MIME type, the syntax
of each entry being respectively
<file extension> = <icon file>
or
<MIME type> = <icon file>,
The file name of the icon has to include the full path in relation to the HTTP base path. If
both the MIME type and the file extension are specified for a specific file type, the icon
file name given via the MIME type is taken.
Examples
application/msword = /images/icon_winword.gif
.doc = /images/icon_wordpad.gif
Meaning:
Files with the MIME type application/msword are indicated by the icon in
icon_winword.gif. Files with the extension .doc are indicated by the icon
in icon_wordpad.gif. The MIME type entry has a higher priority,
consequently MS Word documents are displayed with icon_winword.gif.
Special Entries
Default = <string>
Purpose:
If neither the MIME type nor the file extension is specified for a specific file
type, the icon file name given in this entry is taken.
Example:
/images/icon_attach.gif
Message = <string>
Purpose:
This entry specifies the icon for an e-mail message which is attached to the
message.
Default:
/images/icon_mail.gif
PutFile = <string>
Purpose:
This entry specifies the icon the user can click on to put an attached file on
the server. The icon is displayed in addition to the file type icon.
Default:
/images/putfile.gif
GetFile = <string>
Purpose:
This entry specifies the icon the user can click on to get an attached file from
the server. This icon is displayed in addition to the file type icon.
Default:
/images/getfile.gif
[Sentinel\MiMail\Edit\]
<string> = <boolean>
The settings in [Sentinel\MiMail\] determine whether certain persons may be able to
change the content of message attachments. By default, any type of attachment can be
changed. In this section you can specify which file types cannot be edited. The syntax of
each entry is
<MIME type> = <boolean>
Normally, only application/ms-tnef (Microsoft rich text format which may contain other
files) is set to zero, as MimeMail cannot extract the files in these containers.
If a specific MIME type cannot be found in this list, a new entry with that MIME type is
created and the Boolean value is set to 1 (= can be edited).
[Sentinel\MiMail\Mime Type\]
This key has no entries, but it may contain several subkeys. Each subkey has the name
of a weak MIME type, which is described in [Sentinel\MiMail\Mime Type\Weak\]. The
entries in each subkey all have the syntax
<extension> = <MIME type>
These associations enable MimeMail to easily determine the real MIME type of a weak
MIME type (see [Sentinel\MiMail\Mime Type\Weak\]).
[Sentinel\MiMail\Mime Type\Weak\]
<string> = <boolean>
This key contains a list of weak MIME types. For example, application/octet-stream is
weak, as it refers to any binary data, regardless of whether it is an image, a document,
etc. When MimeMail encounters an attachment with a weak MIME type in the header, it
tries to determine the real MIME type, e.g. image/jpeg, via the extension of the
attached file. It first asks the operating system, i.e. the Microsoft Class Registry, which
MIME type belongs to the extension. If the OS has no answer it reads from the general
AMS MIME type table in [Sentinel\MIME Types\]. The MIME type of the header remains
unchanged only if the extension is not listed there either.
Each entry in this key has the following syntax:
<MIME type> = <is weak>
If <is weak> is 1, the <MIME type> is treated as weak.
[Sentinel\MIME Types\]
<string> = <string>
When a browser requests a file, the HTTP part of the sentinel uses the standard Microsoft
Class Registry to derive the MIME type of that file from its extension. MimeMail, on the
other hand, uses the Class Registry to derive the real MIME type of a weak
attachment type (see [Sentinel\MiMail\Mime Type\Weak\]).
If you use special file extensions which are not supported by any software on the AMS
server or which only have a meaning in the AMS workflow, you can specify additional
MIME types here without changing the standard class registry key as changing the
standard class registry key may have undesirable side effects.
Note: this key does not override the MIME types in the class registry key, but is only
looked up when the class registry key does not know the MIME type.
Each entry has the syntax
<extension> = <MIME type>
where a file with a certain <extension> has the specified <MIME type>.
Examples
.txt = text/plain
.html = text/html
Meaning:
These settings define the MIME types of .txt and .html files.
[Sentinel\POP3\]
POP3 Port = <number>
Purpose:
This entry specifies the port number where the POP3 part of the sentinel
listens for connection requests.
Default:
110
This entry defines how many seconds the reception of POP3 data may take
until the sentinel diagnoses a connection timeout.
Default:
60
This entry defines how many seconds the sending of POP3 data may take
until the sentinel diagnoses a connection timeout.
Default:
60
This entry defines the POP3 send buffer size. The responses to a POP3
request are split into TCP/IP packets up to this maximum size.
Default:
512
If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of the client computer sending a POP3 request. The resolved name is only
used in the log files.
Default:
[Sentinel\POP3\User\]
This key has no entries. It contains subkeys for each POP3 mailbox on the AMS server.
The name of each subkey is the mail address of the mailbox.
Each subkey contains the following entries:
GUID = <string>
Purpose:
Path = <string>
Purpose:
The path in which the messages of the POP3 mailbox are stored.
Default:
Example:
C:\AMS\SENTINEL\POP3\SOMEONE@COMPANY.COM
[Sentinel\RegistryWatch\]
The settings below this key control the behaviour of RegistryWatch, an optional utility
which monitors and logs changes made to the registry. Please refer to the description of
regwatch.exe for further information. The key does not exist if RegistryWatch is not
installed.
Monitor Key = <string>
Purpose:
This is the root key of the registry tree that is being monitored, along with
included and excluded subkeys. The syntax is identical to the command-line
syntax of regwatch.exe.
Default:
Example:
Default:
<SENTINEL_DIR>\REGWATCH_HIVE
Example:
C:\AMS\SENTINEL\REGWATCH_HIVE
from the outside or from undef. (The key [Sentinel\Relay for Undef\] is described in the
next section.)
The syntax of an entry in each of these keys is
<destination address> = <hostname>[:<port>]
The sentinel checks whether the To field of the message matches the destination
address. The destination address may contain wildcards (*1, *2, ) in order to specify a
range of addresses. However, the @ cannot be part of a wildcard, e.g. *1 never matches
abc@something.com. The universal e-mail address is *1@*2.
The host name is the name of the host where the message is sent via SMTP. It can be an
IP address or a DNS name. If the port number is not specified, the sentinel assumes the
default SMTP port (25).
For messages in the wire directory (incoming), the sentinel tries to apply the rules in
[Sentinel\Relay for Wire (inside)\], for messages in the spool directory (outgoing), the
sentinel tries to apply the rules in [Sentinel\Relay for Spool (outside)\]. The sentinel
checks the rules in [Sentinel\Relay for Global (any side)\], too, only if none of the rules
match.
If none of the rules match, the sentinel sends incoming messages to the WireHost
[Sentinel\SMTPWire] and outgoing messages to the SMTPHost [Sentinel\SMTPHost].
If two or more rules match, the result is undefined.
Examples
[Sentinel\Relay for Spool (outside)\]
*1@subsidiary.com = mail.subsidiary.com
Meaning:
Examples
*1@*2@192.168.99.10 = 192.168.99.13
*1@*2@192.168.99.13@192.168.99.10 = TO_OUTSIDE
Meaning:
*1@*2@192.168.99.10 = 192.168.99.13
*1@*2@192.168.99.13@192.168.99.10 = 30,TO_OUTSIDE
log@company.com@192.168.99.13@192.168.99.10 = 60,TO_INSIDE
Meaning:
This example extends the above example. The mail-checking server may be
configured to send mail with viruses, offensive language etc. to the address
log@company.com. In this case the third rule matches, as it has a higher
value than the second rule. Mail from the mail-checking server to an inhouse address is treated as incoming mail, is put into the wire directory
etc.
[Sentinel\Rules\]
Do Default if Remove not specified = <boolean>
Purpose:
If a filter rule matches but no remove action is defined in that rule, the
default action (i.e. sending the message to the recipient) is performed unless
this entry is set to 0.
Default:
If a message has been waiting in the filter directory for more than the
number of seconds specified here, it is sent to the address defined in
Unfiltered SMTP Address (cf. below). If this address is not specified, the
message remains in the filter directory and is not filtered any more.
Default:
The filter schedule program continuously checks the filter directory for
messages that have been waiting there for more than the number of seconds
specified in this entry. If the schedule program finds such a message, it tries
to filter it again.
Default:
If a filter rule matches and a remove action is defined in that rule, the
default action (i.e. sending the message to the recipient) is not performed
unless this entry is set to 0.
Default:
If a filter rule matches and a remove action is defined in that rule, the
message is deleted and all other actions are ignored unless this entry is set
to 0.
Default:
Purpose:
If a message cannot be filtered until the Filter Final Time has been reached
and if this entry contains an e-mail address, the message is sent to this
address. Otherwise, the message remains in the filter directory and is not
filtered anymore.
Default:
[Sentinel\Rules\Content\]
Cf. Content Handler.
[Sentinel\Rules\From Inside\],
[Sentinel\Rules\From Outside\],
[Sentinel\Rules\Global\]
These keys contain the filter rules for messages coming from the inside and from the
outside. These rules may also be defined and changed via the web interface. First, the
rules in [Rules\Global\] are checked. Then the rules in [Rules\From Inside\] or in
[Rules\From Outside\] are checked to determine if the message respectively comes from
the inside or the outside.
Each rule is saved in a registry key which has the same name as the rule itself. Each key
has the two entries Condition and Importance as well as a number of entries for the
actions to be performed.
Condition = <string>
Purpose:
This entry specifies a condition that the message must fulfil so that the filter
rule can be applied. The syntax of the expression is described in eCrypt
Administrator's Guide, Filter Rules section.
Default:
Importance = <number>
Purpose:
Among all the rules that match, the rule with the highest importance is
applied. This entry defines the importance for a rule.
Default:
Filter Actions
Each filter action entry has the following syntax:
{IF|ELSE} <remove|reply|send> <number> = <address>
An entry beginning with IF defines an action which is executed if the filter condition
matches, while an entry beginning with ELSE defines an action which is executed if the
filter condition does not match.
Note: ELSE branches are not yet supported by the web interface, however another rule
with the negated condition (NOT command) can be defined to achieve the same effect.
84 Registry Entries of AMS
If the filter condition matches, the default recipient does not get the
message. It is returned to the sender, and then a copy is sent to an internal
address log@company.com. Note that there are double quotes: The inner
quotes are needed because the address is a string literal (see also Filter
Rules in the eCrypt Administrator's Guide).
[Sentinel\Scheduler\]
<string> = <string>
This key defines additional programs that are regularly run by the sentinel. These entries
can be edited using the AMS management tool (Rdexpo ).
The syntax of each entry is
<program> = <minutes>,<command with params>
<program> is an identifier for the program and is needed in [Sentinel\Security\]. The
<command with params> is invoked every <minutes> minutes.
Examples
Test Program every 5 minutes (Sample)=5,test.exe
Meaning:
[Sentinel\Security\]
AMS Technical Documentation
<string> = <string>
By default, the sentinel runs in the system context. This causes problems when the
sentinel service tries to perform the following actions:
The sentinel starts a scheduling program [Sentinel\Scheduler\] that requires certain
rights in order to be run.
The sentinel needs to access shared directories.
This key defines the names and passwords of users who have permission to access
shared directories and to launch programs.
The passwords are encrypted, consequently there is no use in modifying these settings
manually: use the AMS management tool (Rdexpo) instead.
Examples
.ams = 1
.css =
.dcss = 1
NULL =
Meaning:
[Sentinel\Transfer Failures\]
<string> = <dword_number>
In this section the sentinel creates an entry for each message that could not be sent. The
left side of the entry specifies the file name of the message, including the full path. The
right side contains a counter which is incremented each time the sentinel retries sending
the message. Refer to Mail Transfer Failure Settings on page 43 for more information.
[Sentinel\Translation\]
86 Registry Entries of AMS
<string> = <string>
This key is obsolete. It contains rules for simple 1:1 translations of a recipients
addresses. Each entry (rule) has the following syntax:
<old address> = <new address>
When receiving a message with the <old address> in the To: field, the SMTP part of
the sentinel changes the field to the respective <new address>.
Use the address routing rules instead [Sentinel\AddressRouting\], as they provide a
much more flexible way to change the recipients address.
[Sentinel\Undef Network\]
<string> = <string>
The sentinel distinguishes between messages from the inside, from the outside and from
an undefined location. By default, all messages are considered to be from the outside.
Only messages from the wire host [Sentinel\SMTPWire] and from the hosts defined in
[Sentinel\Internal Network\] are treated as messages from the inside. In this section,
you can define hosts or networks which belong to the undef network.
These settings affect address routing and message relaying (see Undef Network on page
7, [Sentinel\AddressRouting from Undef\] and [Sentinel\Relay for Undef\]).
The syntax of each entry is
<network name> = <IP address> <subnet mask>
Refer to [Sentinel\Internal Network\] for more information about the meaning of
<network name>, <IP address> and <subnet mask>.
[Sentinel\User\]
The settings in this key and its subkeys contain general settings defining how to manage
the user database as a whole.
[Sentinel\User\Exchange\]
Edit Periods = <boolean>
Purpose:
Example:
[Sentinel\User\Settings\]
AMSUser Hive = <string>
Purpose:
Default:
<SENTINEL_DIR>\GLOBAL_USER
Example:
C:\AMS\SENTINEL\GLOBAL_USER
[Sentinel\User\Import\], [Sentinel\User\Export\]
It is possible to keep the AMS user database synchronized with the user database of the
home message system. (This can only be an Exchange server at this time.) Refer to
AMS User Database and Other Message Systems on page 18 for more information.
One way to do this is to export the user database in Exchange as a text file (.csv), and
then import this file using the Exchange command-line option of the AMS management
tool (Rdexpo). For further information about the usage of this command-line option, refer
to the AMS Management Guide.
The AMS management tool then uses the settings in [Sentinel\User\Import\Exchange\]
to translate Exchange user property names in the text file to AMS user property names.
Each entry of this key has the following syntax:
<Exchange field name> = <AMS field name>
Additionally, there are some entries which have a special meaning:
_Field Separator = <number>
_Quote = <number>
_Separator = <number>
Purpose:
These entries define the ASCII values of special characters in the text file
used for quoting strings (_Quote), separating fields (_Field Separator), and
separating properties in a field (_Separator).
The [Sentinel\User\Export\] key comes into play when users are exported from the AMS
user database into a text file (.csv) from the AMS management tool (Rdexpo). The key
contains the above settings in the opposite direction (export), i.e. each entry has the
following syntax:
<AMS field name> = <Exchange field name>
Again, special characters used for quoting and separating can be defined in the same way
as above.
This section describes all the registry entries below the [HKEY_USERS\.AMSUser\] key.
Note: all of these entries can be conveniently edited using the AMS management tool
(Rdexpo).
[HKEY_USERS\.AMSUser\]
Eguardian valid for min = <number>
Purpose:
Default:
(reserved)
Default:
(empty string)
Default:
eGuardian regularly sends requests to the AMS server. If this entry is set to
1, these requests are used to determine whether a user has shut down his
computer, thus being treated as out of the office.
Default:
(reserved)
Default:
If this entry is set to 1, the authorizer list of a user starts with the user
himself, continues with his substitutes, then with the users superior, etc. If
this entry is set to 0, the authorizer list of a user begins with the user
himself and then immediately continues with the users superior (the
substitutes are left out).
Default:
Single User
The rights and properties of each user are stored in a subkey of
[HKEY_USERS\.AMSUser]. The name of the subkey is the AMS user name, which is
always the users e-mail address. The default value of the following settings is always
(empty string).
System Data
Alias = <string>
Purpose:
This entry contains the unique value of the user in the message system from
where the users data has been imported. This entry should not be changed.
This entry may contain the strings _USER and/or _ADMIN. If a user is
_ADMIN, s/he is allowed to administer the server. If the user is _USER, s/he
is allowed to administer the user entries.
This is the date (minutes since 01/01/1900) of the changes last made to the
user data in the home message system (e.g. Exchange). This entry should
not be changed.
Container = <string>
Purpose:
This entry contains the container where the user is located in the home
message system (e.g. Exchange). This entry should not be changed.
This is the creation date (minutes since 01/01/1900) of the user data in the
home message system (e.g. Exchange). This entry should not be changed.
deleted = <boolean>
Purpose:
If a user is deleted in the home message system (e.g. Exchange), s/he is not
deleted from the AMS user database in order to keep the current
authorization tree up to date. Instead, this flag is set to 1, and the user
level is set to an empty string so that the user can no longer authorize any
messages. (The administrator has to rearrange the authorization tree
manually, as this cannot be done by the system.)
EMail = <string>
Purpose:
If the user properties have been imported from another system, this entry
contains the users e-mail address according to this system.
Purpose:
This is the user name (e-mail address) of the first default authorizer. The
user can modify this value in his or her Personal Settings, therefore this
value should not be altered via the AMS management tool.
GUID = <string>
Purpose:
This is a unique value comprised of the user name and the user password.
When the user performs a workflow action (e.g. clicking on the accept link)
the GUID is sent instead of the user name and password being sent to the
HTTP server. The server can extract the user name and password from this
value to verify the permission to perform the action. The GUID is stored
locally in a browser cookie. The user can always force AMS to generate a
new value and send it to him/her in a message.
Head = <string>
Purpose:
This is the server where the user has his or her mailbox, point of presence
etc. AMS uses this entry for user-specific out-of-office solutions or LDAP
queries. This entry should not be changed.
Level = <string>
Purpose:
This is the authorizer level of AMS. Currently the following levels are
configured: a single letter A, B or C, or an empty string if the user has
no authorization level.
NiceName = <string>
Purpose:
This entry contains the name of the user in a user-readable way. It is used
on the pages of the web interface, e.g. on the portal page or in the select
authorizers list.
NTAccount = <string>
Purpose:
This is the unique name of the users NT account. This entry should not be
changed.
This value (minutes since 01/01/1900) indicates until when the user will be
out of the office. Notifications of the AMS system are sent to this user,
however the system does not wait for a timeout to look for a substitute.
This is the user name (e-mail address) of the second default authorizer. The
user can modify this value in his or her Personal Settings, therefore this
entry should not be changed via the AMS management tool.
Purpose:
Messages from this user pass the AMS system without needing any further
authorization.
This number includes several data items: The IP address of the user which is
needed to send UDP notifications; the time of the last connect to the AMS
server used to determine whether the user is to be treated as being out of
the office (e.g. due to the client computer crashing); and the version number
of the client used to check for client updates.
Substitutes = <string>
Purpose:
= <number>
The possible values in this entry are 0, 1 and 2. If this value is 0, the
AMS system always asks the originator for the authorizers of each message.
If this value is 1, the automatic authorizers or the above-specified first and
second authorizers are automatically selected as the authorizers of each
message. If this value is 2, the system resets this value to 1 for the
users next message and asks for authorizers only once. Each user can set
this entry in his or her Personal Settings, therefore this entry should not be
changed via the AMS management tool.
User Proof Hash = <string>
Purpose:
(reserved)
Personal Data
The following entries can be left empty:
GivenName = <string>
Surname = <string>
Title = <string>
Purpose:
These entries specify the users given name, surname and title.
Address = <string>
City = <string>
Country = <string>
State = <string>
Zip = <string>
Purpose:
Company = <string>
Department = <string>
Purpose:
These entries specify the company and the department where the user
works/is employed.
Groups
The settings of each group are to be found in a subkey of [HKEY_USERS\.AMSUser\].
Each group subkey has the special name <group_name>@group.ams. This name is not
really an e-mail address. Instead, the group.ams domain indicates that the subkey
contains settings for a group. The default value for the following settings is always
(empty string).
NiceName = <string>
Purpose:
Substitutes = <string>
Purpose:
dynamic content. (Refer to Diasepa Server Page Extension on page 93 for an explanation
of how the Diasepa engine works.)
This ActiveX control has four interfaces that give the programmer access to different
parts of the system:
The Session Interface offers basic functions for defining values, reading environment
variables, changing registry settings, etc. In addition, it is used to read and write
values from the user and workflow databases.
The MimeMail Interface provides access to the content and the attachments of a
message.
The Rules Interface is use to read and write the filter rules in the registry.
The Equation Interface is used to check and evaluate filter rule conditions.
This section describes the functions (methods) and properties of the interfaces.
Functions (methods)
The following notation is used for the function headers:
<returntype> <functionname>(<argtype1> <arg1>, <argtype2> <arg2>, )
Example:
Meaning:
Functions only use the three types: string, long and integer, corresponding to the Visual
Basic data types String, Long and Integer. If no return type is given, the function doesnt
return anything.
Properties
Properties can be regarded as functions to which a value can be assigned. They are
notated with the keyword property.
Example:
Meaning:
The property with the name SignOfLife has two string parameters: User
and SignName. Calling SignOfLife returns the value of the property in
accordance with the parameters specified. In addition, values can be
assigned to the property, e.g. SignOfLife(strUser, strSignName) = 1
The return type is always HRESULT. The real return value of the function is always
passed via the last parameter, which must be a pointer. BSTR is the Visual Basic String
data type.
The complete C function header for the above property example would be:
HRESULT SignOfLife([in]BSTR User,string SignName,[out,retval]long *PVal);
HRESULT SignOfLife([in] BSTR User, [in] BSTR SignName, [in] long NewVal);
SignOfLife actually consists of two functions: The first one reads the property and returns
the value via the last argument, the second one sets the property to the value given in
the last argument.
Session Interface
The Session Interface can be accessed in VBScript via:
Set AMS = CreateObject(DIASEPA.Session)
The functions can then be accessed via AMS.Init(), etc.
Reads the entry with the specified Name from a Postfile. (If long strings or strings with
CRLF have been POSTed, they cannot be accessed via ReadFileIntoEnvironment.)
string Getenv(string Varname)
Returns the value of the environment variable Varname.
Setenv(string Varname, string Varvalue)
Sets the environment variable Varname to Varvalue.
Returns the value in the What field of the AMS object with the Unique specified (workflow
ID).
SetINIData(string Unique, string What, string Value);
This function sets the What field to the Value given for the AMS object with the workflow
ID Unique. Opposite of GetINIData. This function may fail! To access an AMS object,
Unique has to be known. If the AMS file is called directly from the HTTP server, the
function will probably work. If the AMS file is called from AMSCheck (CGI entry, creation
of a status), the AMS object is already being used for this Unique. That is why
SetINIData should always be used with On Error.
SortArray Functions
CreateSortArray(long XSize, long YSize)
Generates a SortArray of size XSize*YSize.
long GetSortArrayXSize()
long GetSortArrayYSize()
Respectively return XSize or YSize of the SortArray generated.
property string SAValue(long X, long Y)
Reads and writes the property SAValue used to get and set values in SortArray at
position X/Y.
DoSortArray(string Indexlist)
SortArray is sorted according to the sort string Indexlist. Example: if SortArray has XSize
5 and Indexlist is 2,3,4,1,0, the array is sorted by the second column, then by the
third, etc.
DoSortArrayUp(string Indexlist)
Like DoSortArray, however the order is inverted.
string SaveSortArray()
Saves SortArray temporarily. The result is a key which can be used to reload the array.
LoadSortArray(string SortID)
98 Diasepa Server Page Extension
Registry Functions
property string RegistryValue(string Key, string Name)
Reads or sets a registry value of Key and the entry Name.
string RegistryBrowseKey(string Key, long Index)
Returns the name of the Index-th subkey to be found below Key, where Index=0 returns
the first subkey. If there is no Index-th subkey, this function returns an empty string.
string RegistryBrowseValue(string Key, long Index)
Returns the name of the Index-th entry to be found in Key, where Index=0 returns the
first entry name. If there is no Index-th entry, the function returns an empty string.
Miscellaneous Functions
string MakeHTML(string Plaintext)
Converts Plaintext to HTML.
string MakePRE(string Plaintext)
Converts Plaintext to PRE.
long CValue(string str)
Converts a string into a number (atoi). (For some obscure reason, VBScript does not
provide this functionality.)
string GetCreateUserAccountAddress()
AMS Technical Documentation
Returns the e-mail address to which a message must be sent in order to create a portal
for a user.
long GetHashValue(string String)
Returns a (long) hash value for a given string.
integer GetRandom()
Returns a random number.
Trace(string Tracemessage)
Writes Tracemessage to the log file of the sentinel (sentinel.log).
MimeMail Interface
The MimeMail Interface can be accessed in VBScript via:
Set MIME = CreateObject(DIASEPA.MimeMail)
The functions can then be accessed via MIME.Init(), etc.
When using the MimeMail Interface, the environment variables User, Password,
Upassword and GUID should have been set to reasonable values. If an AMS file is
started via MIMAIL.EXE, these values are normally set to useful values.
In this case, there are three additional environment variables: ChangesAllowed
indicates whether the current user may change the message, and WorkFlowFinished
indicates whether the current workflow has been finished. Both variables can have the
values yes or no; they can also be read out via the functions of the same name. The
third variable, MimeUnique, identifies the current MIME part of the message. It is
needed during initialisation.
Init(string Unique, string MimeUnique)
Initialises the MIME object. Both parameters can be read out from the corresponding
environment variables.
string GetHeaderEntry(string Name)
Reads the header value Name from the message (subject, to, cc, from, date, etc.).
Caution: should be prepared with MakeHTML before use.
property string PlainTextBody()
Reads and writes the message body. Note: The MimeMail object has to be re-initialised
after the body is written.
string GetAttachmentKind(long Index)
Returns the type of the Index-th attachment of a message. Possible types: Attachment
or Message.
string GetAttachmentName(long Index)
Rules Interface
The Rules Interface can be accessed in VBScript via:
Set Rule = CreateObject(DIASEPA.Rules)
The functions can then be accessed via Rule.SetKey(), etc.
SetKey(string Regkey)
Initialises the rules interface with a registry key Regkey. Regkey can be From Outside,
From Inside or Global, depending on which rules are to be used.
long Count()
How many rules belong to the key?
string Name(long Index)
Returns the name of the Index-th rule.
Read(long Index)
Reads the Index-th rule.
ReadByName(string Name)
Reads the rule with Name.
property string Condition()
AMS Technical Documentation
Equation Interface
The Equation Interface can be accessed in VBScript via:
Set Equ = CreateObject(DIASEPA.Equation)
The functions can then be accessed via Equ.Compile(), etc.
Compile(string Formula);
Returns the column order of the given log type. If no column order was defined, the
function returns 0,1,2,n where n is the number of the last column, resulting in a table
where all columns are displayed in the order they appear in the log file.
string GetLogFileName(string Prefix, long Min1900)
Computes the full name of the log file that contains logging information of the date given
in minutes since 1900. Prefix specifies the log type, e.g. HTTP.
long GetColCount(string Prefix)
Returns the number of columns that were defined for the given log type (Prefix).
string GetHeader(string Prefix, long Column)
string GetWidth(string Prefix, long Column)
string GetColType(string Prefix, long Column)
string GetFilter(string Prefix, long Column)
Returns the header, width, type or filter of the specified Column and log type Prefix.
The column type is returned in lower case. If the specific entry is not found, an empty
string is returned, and the registry remains unchanged.
string GetReplace(string Prefix, long Column, long Number)
string GetReplaceWith(string Prefix, long Column, long Number)
Each column may contain several replace expressions. These functions return the
Number-th replace pattern or replaced-with pattern, respectively, of the specified Column
and log type Prefix.
string GetInternalFormat(string Prefix, long Column, string Data)
Returns the internal representation of the given Data string according to the given log
type Prefix and the Column. The internal format is needed for handling the user-defined
from/to filter interval correctly.
string GetDisplayFormat(string Prefix, long Column, string Data)
Reverts a string in the internal format back into a displayable form.
eBusy Interface
The eBusy interface can be accessed in VBScript via:
Set EBUSY = CreateObject(LOSP.ebusy)
The functions can then be accessed via EBUSY.GetHolidayCount(), etc.
The following functions provide an interface for reading and writing the eBusy database.
Section The eBusy Database on page 27 contains more information on eBusy, and
[Sentinel\eBusy] explains how to configure database access.
104 Diasepa Server Page Extension
Note: Actual database access is effected by the eBusy C library (EBUSY.DLL), which is not
dealt with further here. The eBusy interface described here is merely an ActiveX wrapper
for this library. The interface is situated in LOSP.DLL for efficiency reasons, hence the
"LOSP.ebusy" identifier in the example above.
long GetHolidayCount()
Returns the number of holidays in the database.
long GetHolidayDate(long Number)
Returns the date of the Number-th holiday in the database, counting from zero. The date
is given in minutes since 1900. If there is no Number-th holiday, 0 is returned.
string GetHolidayName(long Date)
Returns the name of a holiday. If there is no holiday at the specified Date, an empty
string is returned.
string GetHolidayIntervals(long Date)
SetHolidayIntervals(long Date, string Intervals)
Gets or sets the interval list of a holiday specified by Date. Each interval is described by a
string of the format "from;to;type;". 'from' and 'to' are the start and end points, given in
minutes since midnight, and 'type' is the interval type. The interval list is the
concatenation of all interval description strings. An empty Intervals string denotes an
empty interval list. When using the SetHolidayIntervals function, it is important to stick
to this format.
Examples: "480;960;50;600;860;100;" means "from 8:00 to 16:00 (50%) and from
10:00 to 14:00 (100%)".
string GetIntervals(long Day)
SetIntervals(long Day, string Intervals)
These functions work like the Get/SetHolidayIntervals functions described above, but for
normal weekdays. Day has to be a number between 0 (Monday) and 6 (Sunday).
AddHoliday(long Date, string Name)
RemoveHoliday(long Date)
RemoveAllHolidays()
These functions add or remove holidays from the database.
ImportOutlookDates(string Filename, string Country)
This function imports a list of holidays that has been exported from Microsoft Outlook.
Filename specifies the name of the text file containing the holiday data. Country is the
name of the country whose holidays are imported, e.g. a Country value of "Argentina"
imports all holidays in the "[Argentina]" section of the file.
DataFileAsText(string Filename)
CacheFileAsText(string Filename)
These functions are for debugging purposes only. They dump the database or cache file
contents, respectively, into a human-readable text file specified by Filename.
A. Programs
A.1
Main Programs
sentinel.exe <parameter>
Description:
Controls the sentinel service.
Options:
A.2
This section provides a brief description of the purpose of programs which are used
internally by eMMS. A detailed knowledge of their command-line options is not needed
to administer the system.
chkduty.exe <duty INI file>
Description:
Reads out the duty INI file to determine whether it is time to send test messages
out.
Options:
106
<duty INI file> File name and full path of the duty INI file, e.g.
0 No error is reported, the message that has been sent out has
been replied to.
1 The message has been sent out and hasnt yet been replied to,
and the timeout has been exceeded.
2 The message has been sent out and hasnt yet been replied to,
and the timeout has not been exceeded.
<path for INI files> The path where the INI file is created. Should be
[Sentinel\EMMS INI Files].
107
<path for INI files> The path where the eMMS INI files are stored. Should be
[Sentinel\EMMS INI Files].
<Valid time> Timeout in minutes. After this period, notification is sent out
again that a problem has not yet been attended to.
Return values:
(none)
chkerr.exe <Error Var> <Error Code>
Description:
Checks whether an environment variable contains a string.
Options:
Return values:
(none)
mail.exe <to> [<options>]
mail.exe <pop3username> /h <pop3host> /p <pop3password> [-r]
Description:
This program sends a message via SMTP, or checks mail on a POP3 account.
Options for sending mail via SMTP:
/t <nice to> The name of the recipient, e.g. John Doe (is written in the
header).
/n <nice from> The name of the sender (is written in the header).
109
/n <filename> The file name containing the message. The mail header is
-d or /d Talk to at directly.
The environment variable MAIL_SERVER specifies the destination SMTP server.
The environment variable MY_NSNAME specifies the local DNS name.
Options for retrieving mail via POP3:
A.3
Utility Programs
A.4
More Programs
There are other executables which are used internally in the AMS system. This section
provides a brief description of the purpose of these programs. A detailed knowledge of
their command-line options is not needed to administer the system.
amscheck.exe
AMSCheck is the main program which keeps track of all the workflows within the system
and maintains the workflow database. Refer to Workflow Engine on page 19 for further
information on AMSCheck.
filter.exe
The filter program is called a) explicitly for each message to be filtered, and b) regularly
with the -schedule option. Refer to Filter Program on page 11 for further information on
filters, filter scheduling etc.
mimail.exe
MimeMail is a CGI program that analyses the MIME parts of a specific message, and
returns HTML code to display and edit the content on the message details page.
111
servstat.exe
ServStat is a universal service control tool that can install, start, stop, list and configure
any NT service.
112
Index
A
Accept/Proof/Reject Mail From/To 60
Access SMTP 48
ActionCount (Diasepa) 102
Add (Diasepa) 102
AddAction (Diasepa) 102
AddHoliday (Diasepa) 105
Address (user property) 93
Address Translation 87
AddressRouting
from inside, outside and undef 49
global 48
Alias (user property) 90
Allow Authorizer reattach after timeout 50
Allow direct Delivery Notification to inside 45
Allow direct Delivery Notification to outside 45
Allow quick skip if OOO 50
AMS Answers 50
AMS Cache 40
AMS Clear Cache 40
AMS Data 50
AMS Logfiles 46
AMS Script Parameters 43
AMS Script Program 43
AMS User Level (user property) 90
AMSCheck 19, 50
amscheck.exe 111
amscheck.exe -emmsnotify 109
Scheduling program 20
Web interface 20
AMSUser Hive 87
Authorizer 1 is able to change message 76
Authorizer 2 is able to change message 76
Authorizer Program 45
C
CacheFileAsText (Diasepa) 105
Case (Diasepa) 102
CerPath 61
CGI Scripts 61
Changed Date (user property) 90
ChangesAllowed (Diasepa) 101
CheckIfAuthorizer (Diasepa) 98
City (user property) 93
Clear signing 61, 64
Cluster 30
AMS Technical Documentation
Clustui.exe 32
ColType (Diasepa) 104
CombineTwoDBs (Diasepa) 96
Command (Diasepa) 102
Company (user property) 93
Compile (Diasepa) 103
CompileError (Diasepa) 103
Compute (Diasepa) 103
Condition (Diasepa) 102
Condition (Filter rules) 84
Container (user property) 90
Content Handler 12
Admin tool 12
Convert text plain2html 76
CookieLifetime 40
Count (Diasepa) 101
Country (user property) 93
CreateANewDB (Diasepa) 96
CreateSnapShot (Diasepa) 96
CreateSnapShotFromDB (Diasepa) 96
CreateSortArray (Diasepa) 98
CreateUserAccountAddress 36
Creation Date (user property) 90
Critical difference 62
Critical if expired 62
Critical if is higher than 62
CValue (Diasepa) 99
D
DataFileAsText (Diasepa) 105
DB Lock Timeout 37
DecodePath 62
Decrypt After Spool 62
Decrypt After Wire 62
Decrypt Before Spool 62
Decrypt Before Undef 62
Decrypt Before Wire 62
Default Write Interval State 27
DefineValue (Diasepa) 95
DefineValueQuote (Diasepa) 95
DefineValueQuote2 (Diasepa) 95
Delete (Diasepa) 102
Delete temporary Post Files 41
Delete temporary StdOut Files 41
Delete temporary VBS Errorfiles 43
Delete temporary VBS files 43
Delete temporary VBS Value files 43
DeleteAction (Diasepa) 102
113
E
eBusy 65, 66
Cache Days Generate After 65
Cache Days Generate Before 65
Cache Days Init Size 65
Default interval type 65
eBusy File Directory 66
eCluster 30
eGuardian 22
eMIM 66, 67
Default Rotation 66
Dispatch Extra Time 66
Keep start time during dispatch 66
Max Tiff Page Count 66
Max User in SelectList 67
Maximum Notifications at a time 67
Notify Superior and its Substitutes at once 67
Urgent Message 67
eMMS 26, 67, 68
amscheck.exe -emmsnotify 109
chkcln.exe 108
chkduty.exe 106
chkerr.exe 108
chkpml.exe 107
Clean Finished Timeout 67
crterr.exe 107
Delete temporary EMMS StdOut Files 68
eMMS only 68
logmsg.exe 110
mail.exe 109
Maximum Revision Count 68
Notification Program 68
Omit double Errors 68
Scheduler 68
stopfor.exe 108
tracemsg.exe 110
WorkFlow Timeout 68
Edit Periods 87
114
Eguard Domain 37
Eguardian valid for min (user database) 89
EMail (user property) 90
EMMS INI Files 46
EncodePath 62
Encrypting 64
Environment variables 69
ErrorInfo (Diasepa) 103
External Config 69
F
File Event Timeout 37
Filter 11
actions 84
filter.exe 111
rules 83, 84
scheduling program 12
Web interface for rules 11
Filter Clean Program 44
Filter Final Time 83
Filter Program 44
Filter Recheck Time 83
Filter Usage from inside 45
Filter Usage from outside 45
FilterPath 45
First Authorizer (user property) 90
FixGateway 37
FreeSpace Shutdown MByte 37
G
Get AMS Logo GIF 53
Get Approve1 HTML 53
Get Approve1 Status HTML 53
Get Approve2 Status HTML 53
Get Authorizer HTML 52
Get EMMS Page 53
Get Homepage 53
Get Status HTML 52
GetAttachmentAccess (Diasepa) 101
GetAttachmentAHREF (Diasepa) 101
GetAttachmentIcon (Diasepa) 101
GetAttachmentKind (Diasepa) 100
GetAttachmentName (Diasepa) 101
GetAuthorizer (Diasepa) 98
GetAuthorizerByIndex (Diasepa) 98
GetAuthorizerSequenz (Diasepa) 98
GetColCount (Diasepa) 104
GetColOrder (Diasepa) 104
GetCreateUserAccountAddress (Diasepa) 100
GetDefaultAuthorizerByIndex (Diasepa) 98
GetDisplayFormat (Diasepa) 104
Getenv (Diasepa) 96
GetFilter (Diasepa) 104
GetHashValue (Diasepa) 100
AMS Technical Documentation
H
Handle outgoing 62
Head (user property) 91
HELO Server Name 39
Home Server (user property) 91
HTTP AMSPath 47
HTTP BasePath 41
HTTP Default 41
HTTP Domain 41
HTTP Expiration Time Of Created Files 41
HTTP Expiration Time Of Files 42
HTTP Port 42
HTTP Recv Timeout 42
HTTP Send Buffer Size 42
HTTP Send Timeout 42
HTTP Server 9, 42
I
Importance (Diasepa) 102
Importance (Filter rules) 84
ImportOutlookDates (Diasepa) 105
Information strings 71
Delivery aborted 71
Delivery Problem 71
Delivery Problem Body 71
Delivery Problem Body Aborted 72
AMS Technical Documentation
L
Level (user property) 91
LoadSortArray (Diasepa) 99
Log file settings
Column Order 73
Display Name 73
Filter 74
Header 74
Replace<x> 74
Replace<x>With 74
Type 74
Width 74
Logfile count 38
LoggingAddress 38
M
Mail Schedule Timeout 38
MAIL to/from call AMS/deliver immediately 75
Mail Transfer Failures 86
MainPath 63
MakeHTML (Diasepa) 99
MakePRE (Diasepa) 99
Master 35
Max Mail Thread 38
Max Thread 38
Maximum Files in Wire 46
Maximum Mail Error Counter 44
Mention Authorizer within X-Message-Flag 51
MIM Path 47
Mimail
Edit settings 77
Icons 76
mimail.exe 111
MIME Types 78
Mimail 78
weak 78
N
Name (Diasepa) 101
NiceDate (Diasepa) 99
NiceName (group property) 93
NiceName (user property) 91
NiceTime (Diasepa) 99
115
Notifications 22, 56
SendMail Approve 57
SendMail Choose 57
SendMail During OOO 57
SendMail EMIM Notify 57
SendMail EMMS Notify 57
SendMail Rejected 57
SendMail Submitted 58
SendMail TimeOut 58
SendMail TimeOutWarning 58
SendMail View Status 58
SendMail Withdrawn 58
SendUDP Approve 57
SendUDP Choose 57
SendUDP During OOO 57
SendUDP EMIM Notify 57
SendUDP EMMS Notify 57
SendUDP Rejected 57
SendUDP Submitted 58
SendUDP TimeOut 58
SendUDP TimeOutWarning 58
SendUDP View Status 58
SendUDP Withdrawn 58
Notify Mail Error Counter 44
NTAccount (user property) 91
O
Originator is able to change message 76
Out of Office 26
Out of Office (user property) 91
OutOfOffice (Diasepa) 98
P
Parameter (Diasepa) 102
Parse for Environment 42
Password 63
PfxPath 63
PlainTextBody (Diasepa) 100
POP3 79
GUID 80
Path 80
POP3 Port 79
POP3 Recv TimeOut 79
POP3 Send TimeOut 79
POP3 Server 8
Pop3Path 47
Send Buffer Size 79
Use DNS to resolve HTTP client ip addresses 79
Private Allowed 51
R
Read (Diasepa) 101
116
Read OutOfOffice 26
ReadByName (Diasepa) 101
ReadFileIntoEnvironment (Diasepa) 95
Registry Backup 59
RegistryBrowseKey (Diasepa) 99
RegistryBrowseValue (Diasepa) 99
RegistryValue (Diasepa) 99
RegistryWatch
Monitor Key 80
RegistryWatch Hive 80
regwatch.exe 111
Reject If No Authorizers Specified 51
Relay
for Spool, Wire and Global 80
for Undef 81
Remove after Use
Expiry-Date 51
Remove breaks Default 83
Remove is global and breaks all rules 83
RemoveAllHolidays (Diasepa) 105
RemoveHoliday (Diasepa) 105
Repeat failed send after minutes 44
ReRouteFromAddress 38
S
SAValue (Diasepa) 98
SaveSortArray (Diasepa) 98
Schedule Program (AMSCheck) 46
Schedule programs 11, 85
Scheduler Wait Timeout 52
Second Authorizer (user property) 91
Security 86
Send directly (user property) 91
Sensitivity 56
Default Classification 56
Sentinel
HTTP Server 9
POP3 Server 8
sentinel.exe 106
SMTP Server 3
Server Fails 35
Server IP Address 39
servstat.exe 112
Set new Pending active 63
Setenv (Diasepa) 96
SetHolidayIntervals (Diasepa) 105
SetINIData (Diasepa) 97
SetIntervals (Diasepa) 105
SetKey (Diasepa) 101
SetMin1900(Diasepa) 99
SetNicename (Diasepa) 97
SetPassword (Diasepa) 97
Sign Of Life (user property) 92
Signing 64
SignOfLife (Diasepa) 97
Slave 35
AMS Technical Documentation
UndefSpoolDrv 47
Unfiltered SMTP Address 83
Update Sentinel REG (per hour) 59
Update User REG (per day) 60
Use Critical 63
Use Default Authorizer (user property) 92
Use DNS to resolve HTTP client ip addresses 43
Use DNS to resolve SMTP client ip addresses 40
Use Eguardian (user database) 89
Use Expiry-Date 56
Use Expiry-Date on Notifications 58
Use HTTP IF-MODIFIED-SINCE 42
Use Message Importance also on Notifications 58
Use Pending 64
Use Substitutes directly (user database) 89
UseDNS 39
User 87
User database 17, 88
Authorizer tree 17
Import and export 18, 88
rdexpo.exe 106
UserProperty (Diasepa) 97
T
V
Timeout Choose 54
Timeout Cleanup 53
Timeout Cleanup Cached 54
Timeout EMIM Cleanup 54
Timeout EMIM Overall 54
Timeout EMIM Work 54
Timeout Expiry-Date minimum minutes 54
Timeout Global EMIM 92
Timeout Notify Standard 55, 92
Timeout Notify Urgent 55, 92
Timeout Overall 55
Timeout Start Work 55
Timeout Start Work (user property) 92
Timeout Warning of Expiration Time (percent) 55
Timeout Work completed 55
Timeout Work completed (user property) 92
Timeout Work EMIM 92
Timeouts 53
Title (user property) 93
Trace (Diasepa) 100
W
Wait Timeout 64
WireSpoolDrv 47
Work with Multi TO 52
Workflow 18
Database 19
WorkflowFinished (Diasepa) 101
Write (Diasepa) 102
Write OutOfOffice 27
Z
Zip (user property) 93
U
Undef Network 7, 87
117