 |
> Network Administrator Guide > Changing the Post Office Profile | 8.2.5b |
 |
Capter 5b - (2/2) |
Changing the Post Office Profile
Select Change Post Office Profile to view or change the mailbox security defaults, Router call profile, and default user settings as shown in Figure 4.4.
Figure 4.4: The Post Office Profile default settings
The settings shown here allow the administrator to enable or disable options in the user mail applications, and to change other default settings for the post office. Options can be enabled or disabled by highlighting the option and pressing enter to change setting for the highlighted option to Yes or No. Options described here are not in the order displayed, but are grouped in order of importanceFile Access Protection
The File Access Protection setting (FAP) is buried in the Post Office Profile under the heading "Miscellaneous", but is the most important setting to know about because it can save your post office from a potentially catastrophic data corruption. You should always have File Access Protection set to YES. The reason is that memory corruptions in multi-tasking environments without memory protection built-in to the operating system can allow file handles to be used by the wrong application. This can cause foreign application data to be written to the cc:Mail post office database files corrupting them. With File Access Protection enabled, the administration program and user mail applications open the database files in read-only mode. When writing to a database file, the programs will close and temporarily re-open the files in read-write mode. After a write operation is successful, such as after sending a message or adding a directory entry with the administration program, the files are closed again and re-opened in read-only mode. This greatly reducuces the possibility of database corruptions in unstable multi-tasking environments.
If FAP is not enabled, the administration program and user mail applications always open the post office database files in read-write mode creating a larger window of opportunity for corruptions. Older versions of cc:Mail did not have the FAP option and in the first release that supported it the default setting was "No." The reason was that FAP slows down the user mail applications and other cc:Mail software. However, the default was later changed to "Yes" to reduce the probability of database corruptions in unstable environments.
Some backup programs will open and attempt to backup files that are open in read-only mode. The files, however, are locked for the duration of the backup process once it has started. This means that user mail applications already logged in when the backup began will report errors when attempting to send or delete messages while the backup is running.
Setting minimum password length and expiration
The password settings are used to force users to set a password of a specified minimum length, and to require them to change the password periodically by having it automatically expire after the number of days specified in the password expiration setting. When a local user mailbox is created, the initial password setting is blank. This is a potential short-term security hole, since that mailbox is unprotected by a password until the user logs in for the first time. At the time the mailbox is created, the administrator may set a mailbox password for each user. This is a more secure procedure than leaving the password blank.
If your policy is to set an initial password for new users, it is a good idea to set the Pre-expired passwords setting to Yes to immediately expire the password and to require the user to change the password to something unique. The default minimum password length of 1 simply ensures that the user must have a password set. I recommend that you set the minimum password length to at least 6 to make it impossible for users to set short, easy to guess passwords. You can improve mailbox security further by providing your users with some guidance as to what type of password to set. For example, you may recommend the use of both letters and numbers in the mailbox password, and recommend against using a password that would be easy to guess, such as the user’s own name, or the name of a family member or pet.
Setting incorrect login tries
The incorrect login tries setting causes the mailbox to lock out all attempts at login once someone tries to log in with the wrong password more than the specified number of times in a row. This is to prevent someone from trying to break into a mailbox by repeatedly trying to guess the password. There is a counter in the mailbox which keeps track of how many consecutive times the incorrect mailbox password was entered. If a user types in the wrong password once by mistake, but then enters the correct password this resets the cumulative bad password counter for this mailbox back to 0. It’s a good idea to set the incorrect login tries to 3, as it’s unlikely that a user will type their own password incorrectly three times in a row.
Once a mailbox has become locked, it cannot be accessed until unlocked by the administrator. The administrator can unlock the mailbox from within the administration program by selecting the user name in the cc:Mail Directory and selecting Unlock User’s Account.
Delivery Notification
When a user addresses a message, they can mark the message as "Return Receipt", indicating that they want a message to be automatically generated and returned indicating the time and date when the recipient opened the message. Delivery of the receipt may be delayed for a recipient reading the message using cc:Mail Mobile, because the receipt will not be delivered until the next time the Mobile user connects to the post office after having read the message. The Delivery notification option in the post office profile specifies that the sender of any message marked "Return Receipt" be immediately sent a delivery notification message when a cc:Mail Mobile user has picked up the message.
Enabling or Disabling the Trash and Message log folders
If enabled, the Message Log folder automatically keeps a copy of every message sent and the Trash folder automatically keeps a copy of every message deleted. If both Message Log and Trash are enabled, and your users never clean them out, the users could end up storing a lot of messages which they never look at and which take up unnecessary space in the post office. If disk space is an issue, or you want to make it more difficult for users to keep copies of mail they’ve sent or deleted, you can disable the Message Log and Trash Folders. However, since the Message Log and Trash are very useful from a user perspective, I strongly recommend against disabling them.
A better solution to managing these special folders is to use the administrative utilities to periodically purge messages in these folders which are older than a specified number of days - - anywhere between 30 to 90 days is typical. If you are using Release 6, the Message Manager (MSGMGR) program is the tool you would use to purge selected old messages. If you are using a version of cc:Mail prior to Release 6, you would use an option of the CHKSTAT utility.
Settings Applicable only to users of the DOS User Mail Application
Two of the security options restrict access to the DOS prompt and directory structure from within the DOS user mail application. These settings have no effect on the Windows, Macintosh, OS/2 or Unix user mail applications. In the past, many network and cc:Mail administrators did not want the users to have access to the DOS prompt, but to just work within the applications and menus provided by the network administrator. Since the DOS user mail application allows the users to temporarily go to a DOS prompt by typing (I forget what key), this was undesirable to these sites. The Escape to DOS from menus option allows the administrator to disable the ability of users of the DOS user mail application to get to a DOS prompt from within the application.
The DOS directory restriction limits DOS users even further by preventing them from accessing any DOS directory other than the one they were in when they ran the program. This restriction prevents users from accessing archives or attaching or saving files in any other directory. These two profile settings are rarely changed from the default settings, particularly since they are only applicable to users of the DOS user mail application.
Like the DOS restrictions just described, the default printer and editor settings are only applicable to the users of the DOS user mail application. These determine the initial settings for a new mailbox and can also be customized by the user from within the DOS user mail application. These settings are seldom changed, due to the increasing popularity of Windows, DOS and OS/2 user mail applications which ignore these settings.
The Full text search option controls whether users of the DOS user mail application have the option of searching the text of messages for a specific text string. The default is to enable the full text search option for the DOS user mail application. The only reason you would want to disable this is to decrease the amount of network traffic that could be caused by excessive searches of the entire text of all messages in a mailbox.
Call Profile Settings
The lower left of the Profile shows the Call Profile, which controls default settings for entries in the Router Call List.
Understanding Post Office Statistics and Information
At the top of the administration Main Menu is a summary of information about the post office. The information which is displayed differs between Release 6 of the administration program and versions of the administration program prior to Release 6.
For all versions, the information is split into three sections. The left hand side shows a information about the number of mailboxes, post offices, mailing lists and bulletin boards listed in the post office. The center section displays information about the number and size of messages stored in the post office and about free space and the last date space was reclaimed. The right hand side shows some general information about the post office such as the post office name, administrator name, number of call entries in the Router call list and post office and call passwords.
Release 6 displays information that looks similar to that displayed by earlier versions of the administration program, yet the information is in many cases calculated in a different way. Since these are similar, and our emphasis is on Release 6, I’ll first describe the information presented by Release 6 of the administration program, and then have a separate section reviewing the information as displayed and calculated by earlier versions of the administration program.
Release 6 Statistics and Information
Release 6 of the administration program made significant improvements in clarity of the summary information presented in the Main Menu. Here’s a brief description of what you’ll find on the upper left hand side of the screen:
| Category | What is being counted |
| Total Mailboxes | Total number of directory entries (users, aliases and post offices) |
| Local Mailboxes | Total number of local "L" users in the directory |
| Post Offices | Total number of "P" or "p" entries in the directory |
| Public Mailing Lists | Total number of mailing lists in the post office |
| Bulletin Boards | Total number of bulletin boards in the post office |
The number of post offices will actually be one less than what you would actually count in the post office directory, because this counter does not count the post office entry for the post office itself which is listed in its own directory. In Release 6, each post office has an entry in its own directory for itself. This was not true of versions prior to Release 6 and is a result of the change in database architecture between Release 6 and earlier versions.
On the right side of the screen, you’ll see the post office name, the administrator name and the number of entries in the Router call list. There is also a place to display the post office administrative password and cc:Mail Router call password, though these are usually not displayed for security reasons. As mentioned earlier in this chapter, the call password is only displayed if it is different from the post office administrative password.
Figure 4.5: Release 6 post office information
As shown in Figure 4.5 above, the center panel contains information about storage in the CCPOMSGS file that can be used by the administrator to monitor and assess the efficiency and usage of the post office. Here’s a quick summary of the information you’ll find.
| Category | What is being counted |
| Number | Total number of messages stored in the post office |
| Msg Bytes | Total size of all messages stored in the post office |
| Reclaimed | Date the post office database was last reclaimed |
| Number Free | Number of free space entries in the post office |
| Free Bytes | Total size of all free space in the post office |
By looking at the changes in the number of messages and total message bytes over time, you can get an idea of how much your post office is growing and how much it is being used. You can use the number and size of free space entries to get an idea of when it would be a good idea to Reclaim the post office. To understand the Number Free and Free Bytes information you need to know a little about how space is reused in the post office message file.
Statistics and Information for Versions prior to Release 6
If you are running a version of the administration program prior to Release 6, your statistics and information will look slightly different, as shown in Figure 4.6.
Figure 4.6: Post office information for administration prior to Release 6.
As was described for Release 6, the left hand side contains counts of mailboxes, post offices, mailing lists and bulletin boards. Unfortunately, the information provided by the older version is not quite what you’d expect and is therefore somewhat less easy to use. Heres a quick summary of the numbers displayed, and what is actually being counted:
| Category | What is being counted |
| Mailboxes | Total number of directory entries (all types) |
| Remote Mailboxes | Total number of directory entries which are "r", "l", "R", "a" or "A" |
| Remote Post Offices | Total number of directory entries which are "P" or "p" |
| Public Mailing Lists | Total number of mailing lists |
| Bulletin Boards | Total number of bulletin boards |
You will notice that count displayed for Remote Mailboxes also counts aliases ("A" and "a"), which is somewhat misleading. Also, there is no count of local users, which is probably the most important number to keep track of from an administration and post office management perspective. You can figure out the number of "L" local users by taking the total number of mailboxes and subtracting the numbers listed for Remote Mailboxes and Remote Post Offices. The above confusion is why it was changed in Release 6.
On the right hand side of the screen, you will see pos toffice information which is exactly the same as that displayed in Release 6, except that it does not display who is designated as the cc:Mail Administrator, and it has an additional number for "Data Base". The Data Base number is the size of the CLANDATA file which contains the post office directory, call list, mailing lists, bulletin boards, and pointers to all messages in the message file (MLANDATA).
Actually, to be more exact, the size listed for Data Base in the right hand column does not exactly correspond to the size of CLANDATA. The size of the CLANDATA file on disk is rounded up to the next number divisible by 512 bytes because of the way data is written into the file.
The top center section of the screen shows information about the messages and reclaimable space as summarized below:
| Category | What is being counted |
| Number | Total number of messages in the post office |
| Deleted | Total number free spaces in the post office |
| Reclaimed | Date the post office was last Reclaimed |
| Msg Bytes | Number of bytes in the MLANDATA file which contain messages (512 byte increments) |
| Data Base | Total size of the messages data file (MLANDATA) |
You’ll notice that two different numbers are displayed for "Data Base", one in the center and one on the right. The one on the right is the size of the CLANDATA file, and the one in the center is the size of the MLANDATA file.
The main difference between this information and the information you get in Release 6, is that Release 6 shows you the total number of bytes in the message file which are consumed by free space, and versions prior to Release 6 show the total size of the message database. If you subtract the Msg Bytes from the Data Base size, you can calculate the number of bytes of free space you could recover by running the Reclaim process.
©1996, 1997 by Global System Services Corporation (GSS) Portions of this material are ©1995 by Ron Herardian
DISSEMINATION, DISTRIBUTION OR COPY OF THIS INFORMATION IS STRICTLY PROHIBITED. NO PART OF THE INFORMATION CONTAINED HEREIN MAY BE REPRODUCED IN ANY FORM BY ANY ELECTRONIC OR MECHANICAL MEANS, INCLUDING PHOTOCOPYING, RECORDING, OR INFORMATION STORAGE AND RETRIEVAL, WITHOUT THE WRITTEN PERMISSION OF GLOBAL SYSTEM SERVICES CORPORATION.
 |
©1995-2005 by Global System Services Corporation (GSS). Portions
of this material are copyright ©1995-1999 by Ron Herardian