 |
||
| Up One Level | ||
| Help Contents | ||
 |
|
FirstClass 7 Internet Services Administrator's Guide Contents Understanding how Internet Services and FirstClass server work together Understanding Internet Services protocols Understanding domain names and IP addresses Understanding the role of the DNS server Understanding gateways Understanding reserved words Basic Internet Setup form Configuring the Internet Gateway form Setting the Internet Services connection schedule Configuring a dial-up connection Advanced Internet Setup Advanced Directory Starting Internet Services Internet Services console Creating a simple clustered service Connecting your new service to the server machine Clustering scenarios Clustering services by protocol: Scenario 1 Binding one or more user groups to a clustered service Clustering services by domain: scenario 2 Clustering services by protocols and domains: scenario 3 The default Internet Services web site setup Displaying different template sets Understanding how languages work in Internet Services Creating a single web site Creating multiple web sites Husky Planes site setup Other useful web site tips Global Site Preferences form How Internet Services accesses images and resources Web icons and the Icons.rez file Creating a home page using a text editor Creating a home page using a FirstClass document Creating site content Associating file types with programs Rendering non-template documents Enabling browsers to identify non-html files Rendering server-parsed files to the web using the Mimetype file Managing system security An overview of approaches to system security An overview of Internet Security Handling spam Preventing unauthorized mail relaying SMTP mail rules FirstClass user-created mail rules Creating Internet security certificates SSL protocol overview SSL support in Internet Services Creating a security certificate for your system Copyright 1997, 2003 by Open Text Corp. SOF3131.3B Open Text Corp. 905-762-6000 or 1-800-763-8272 Web: www.firstclass.com Email: support@firstclass.com, sales@firstclass.com Notices You must accept the FirstClass License Agreement before you can use this product. If you do not accept the terms of the License Agreement, do not install the software and return the entire package within 30 days to the place from which you obtained it for a full refund. No refunds will be given for returned products that have missing components. Information in this document is subject to change without notice. Certain features and products described in this document may not be currently available in all geographic regions. Distribution or reproduction of this document in whole or in part must be in accordance with the terms of the License Agreement. All rights reserved. FirstClass is a registered trademark of Open Text Corp. The FirstClass logo is a trademark of Open Text Corp. All other trademarks are property of their respective owners. This edition applies to Version 7.1 of FirstClass and to all subsequent releases and modifications until otherwise indicated in new editions. This document is bound by international copyright law and the FirstClass Software License Agreement and Limited Warranty included with every FirstClass product. Technical support Telephone technical support is available to registered administrators at the following numbers: Toll free in North America: 1-800-346-9108 Toronto: 905-762-6060 International: +353-61-725-245. Online support questions may be directed to support@firstclass.com. Overview Internet Services is a module that connects your FirstClass server to the Internet and supports a wide variety of Internet protocols. For an explanation of how Internet Services works and the different Internet protocols supported, see Internet Services concepts. For Internet Services system requirements and installation procedures, see FirstClass Administrator’s Guide. Internet Services plays a key role in the FirstClass architecture, as it is the module that acts as the gateway connecting the core server (which is at the center of the FirstClass system) to the Internet.  This document describes the responsibilities and activities of an Internet Services administrator, including: • performing basic and advanced setup • understanding Internet Services works and Internet Services concepts • clustering Internet Services • creating web sites and supporting different languages • customizing web sites • serving out FirstClass content to the web • filtering mail • enabling FTP, Java, CGI, and security certificates. This book is partitioned into the following five sections: • Introduction This section provides conceptual information about Internet Services and the administrator’s role. This section also provides requirements and instructions for installing Internet Services components and forms and configuring and customizing them to suit your needs. • Planning your Internet Services environment This section provides information on features that help you plan your Internet Services system, including browser steering and clustering. • Creating your Internet Services environment This section provides information for creating items on and customizing your Internet Services system, including web sites, CGIs, MIME types, and web content. • Maintaining your Internet Services environment This section provides information for daily maintenance of Internet Services, including understanding the Internet Services console, Internet Services monitor, filters, and security certificates. You might find it useful to follow along with the examples provided. Keep in mind, the examples used are for illustrative purposes only. While it should help you understand some of the principles involved in setting up an Internet Services system, it will not provide you with a fully developed system. For information on setting up a FirstClass server on your system, see FirstClass Administrator’s Guide. For detailed how-to descriptions of features, see our online help or press F1. For descriptions of forms and fields, see our online help or press F1 when you have the form open. Who should read this book This book is meant for FirstClass administrators responsible for supporting Internet Services on either Mac® OS or Windows® platforms. What you should already know You should be familiar with the capabilities and terminology of your: • FirstClass server • FirstClass administrator’s Desktop • FirstClass client software • Mac OS or Windows operating system • a general understanding of Internet protocols and Domain Name System (DNS) servers. You should also be familiar with basic Internet concepts. For information on the Internet, it is recommended that you read relevant materials. Documentation conventions We use certain documentation conventions for menu items and variables in this guide. Menu items Each level of menu items is separated by >. For example, the Clear item under the Edit menu is shown as Edit > Clear. Variables Text in italics indicates arguments, variables, or other information for which you must type your own value. New in this version These are the new features and additions in Internet Services: • Realtime Blocking List (RBL) or Realtime Blackhole List support allows administrators to configure their FirstClass systems to block Internet mail considered spam, as listed on a chosen RBL service site, see Configuring Internet Services and Managing system security • SMTP Auth provides stricter login security that requests exact credentials from users logging into a FirstClass system and considers these users fully trusted if relaying is enabled • SMTP mail rules provide the administrator with the ability analyze inbound SMTP messages and control the actions he can take as a result of this analysis, see Managing system security At this time, only the Internet headers can be examined, not message bodies or attachments. SMTP mail-rule documents must be placed in the Filters folder. • web user interface support for new user mail rules, see our online help. • support for the new Webmail templates, which offer a simplified web interface oriented at messaging or unified messaging only access For information on how to configure Webmail templates, see Displaying different template sets. For information on how to use Webmail templates, see our online help. • added support for Enhanced web layout You can now optionally switch between a standard layout view and an enhanced layout view for your FirstClass web interface, see Displaying different template sets. Since the Enhanced view of the standard templates includes many of the features of the legacy full templates, this set is no longer shipped with the product. For information on how to enable the Enhanced template view, see Customizing your web user’s interface. Administrator tasks As the FirstClass administrator for your organization, you are responsible for many tasks. For server administrator tasks, see FirstClass Administrator’s Guide. In this chapter, we outline your responsibilities and categorize them by stages. In subsequent chapters, we expand on these responsibilities. Your responsibilities as Internet Services administrator The icons on the administrator’s Desktop represent most of the functions you will perform in your FirstClass system. However, there are other responsibilities not represented by those icons. As the Internet Services administrator, your ongoing responsibilities fall into these categories: • installing and configuring Internet Services and its required components • planning your Internet Services environment • creating your Internet Services environment • maintaining your Internet Services environment. Installing and configuring Internet Services Installing and configuring Internet Services involves: • installing the FirstClass Internet Services module, as described in Installing Internet Services • configuring FirstClass Internet Services, as described in Configuring Internet Services Planning your Internet Services environment Planning is the most important stage before creating your FirstClass environment. Equally, before creating your Internet Services environment, you should establish the setup that you want to achieve. When planning, remember that although Internet Services is a separate module in the FirstClass architecture, it does not act independently. FirstClass server and Internet Services are strongly interdependent, so what you create in Internet Services may have an impact on the FirstClass server. The same holds true in the reverse situation. For information on planning and creating your FirstClass server environment, see FirstClass Administrator’s
Guide. Planning your Internet Services environment involves these main tasks: • planning your users’ FirstClass web site experience • coding the HeaderMatch document to steer different users to your site(s), as described in Using the HeaderMatch document to plan your system • clustering Internet Services to separate protocols and domains, as described in Clustering Internet Services to plan your system. Creating your Internet Services environment After planning your Internet Services environment, the next step is to create it. Creating your Internet Services environment involves these tasks: • creating single or multiple web sites on your FirstClass system, as described in Creating your web sites • understanding and configuring the Multiple Sites and Languages form, as described in Using the Multiple Sites & Languages form • customizing your web user interface, as described in Customizing your web user’s interface • publishing web site content, as described in Publishing content to the web • customizing templates, as described in Creating custom templates • configuring the Aliases document, as described in Creating and editing the Aliases document • creating CGI applications for your system, as described in Creating CGIs • working with the Java and FTP folders, as described in Using the Java and FTP folders Maintaining your environment After you have planned and created your Internet Services environment, you need to maintain your system and provide some level of security. Maintaining and securing your Internet Services environment involves these tasks: • understanding the Internet Services console and available pull down menus, as described in Internet Services console • reading the information displayed on the Internet Services Monitor, as described in Internet Services Monitor display • managing your Internet Services system security, as described in Managing system security. Internet Services concepts Before you can begin working as an Internet Services administrator, there are certain concepts you should understand. In this chapter, we discuss: • Internet Services and FirstClass server interaction • Internet Services protocols • domains and Internet Protocol (IP) addresses • gateways • system reserved words. Understanding how Internet Services and FirstClass server work together Internet Services converts data from FirstClass format, FirstClass protocol (FCP), into the appropriate Internet format and sends it out to the Internet. In turn, Internet Services takes incoming information from the Internet and converts it back into FCP. All FirstClass content can be sent out to the Internet including messages, conferences, documents, server-parsed files, and web pages. FCP is the language the FirstClass server speaks and is used to access the core services of FirstClass. FCP can be thought of as the conduit that connects FirstClass clients, gateways, and core servers together. Internet Services bi-directionally translates FirstClass formatted data from the server into the appropriate protocol for the Internet and back again. The diagram below shows this relationship:  Let’s use an analogy to explain the role of Internet Services. You can think of a FirstClass system as a United Nations (UN), meeting, where Internet Services acts as a team of UN translators. The FirstClass server represents the UN speaker standing on a podium giving a speech in one language to delegates speaking different languages. This speech must be translated into several different languages that each delegate can understand. In turn, if the delegates respond, their respective languages must be translated back to the speaker into the one language he understands. This is handled by Internet Services. The graphic below shows this interaction:  Just as the team of translators must make sure languages are translated between the UN speaker and the delegates, so must Internet Services make sure data is translated between the Internet and the FirstClass server. You can think of the multiple languages as different Internet protocols, see Understanding Internet Services Protocols. These protocols must be translated into the one language the server understands (FCP). Internet Services must then translate FCP back into Internet-friendly protocols. The traffic moves in both directions simultaneously, and many conversations can occur at once. There is no place to store missed conversation, so it is important for everything to get translated on the fly. The translation must happen quickly, accurately, and without fail. Understanding Internet Services protocols Although Internet Services is implemented as a single protocol module, it is actually comprised of a series of protocol services: gateway, client, and Directory. Gateway services Gateway services moves bulk content in and out of FirstClass using: • Simple Mail Transfer Protocol (SMTP) • Network News Transfer Protocol (NNTP) • Internet Mail Application Protocol (IMAP4) • Post Office Protocol 3 (POP3) importer • Hyper Text Transfer Protocol (HTTP) for web servers. Client services Client services renders post office content to alternative clients using: • HTTP • File Transfer Protocol (FTP) • POP3 client • Internet Mail Application Protocol (IMAP4). Directory services Directory services renders Directory content to alternate clients using: • Finger • Lightweight Directory Access Protocol (LDAP). Using Gateway, Client, and Directory services, Internet Services expands the server's functionality to incorporate popular Internet protocols. Protocol definitions • HTTP HTTP is the underlying protocol used by the World Wide Web (WWW). HTTP defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands. For example, when you enter a URL in your browser, this actually sends an HTTP command to the web server directing it to fetch and transmit the requested web page. • SMTP SMTP is a protocol for sending email messages between servers. Most email systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an email client, such as FirstClass, POP3 or IMAP4. In addition, SMTP is generally used to send messages from a mail client to a mail server. This is why you need to specify both the POP or IMAP server and the SMTP server when you configure your email application. • POP3 POP is a protocol used to retrieve email from a mail server. Most email applications use the POP protocol. • IMAP4 IMAP is a protocol used for retrieving email messages. The latest version, IMAP4, is similar to POP3 but supports some additional features. For example, with IMAP4, you can search through your email messages for keywords while the messages are still on the mail server. You can then choose which messages to download to your machine. • FTP FTP is a protocol used on the Internet for sending files. Many organizations have a designated FTP server used only for uploading and downloading files for their users. • Lightweight Directory Access Protocol (LDAP) LDAP is a directory access protocol used to search, read, and write directory information over a network. LDAP supports TCP/IP, which is necessary for any type of Internet access. FirstClass LDAP support consists of Internet Services listening on the LDAP TCP port (389) and servicing lookup requests. In other words, using any LDAP client, for example Outlook Express, you can access your FirstClass Directory including your network Address Book. FirstClass LDAP support includes both authenticated and unauthenticated access but does not support using LDAP to update the FirstClass Directory (no Dir Sync) or credentials lookup. If you access a name in FirstClass using LDAP these are the information fields you get: • Name • Email address • Company • Department • Web page You can set what your users can view in the Directory (accessed through LDAP or any other protocol) using FirstClass Directory filtering, see FirstClass Administrator's Guide. For example, you can configure your system to prevent unauthenticated users from accessing your system's Directory, while authenticated users can continue to have full access to the Directory including their network Address Book. To configure the LDAP protocol for your system, see Basic Internet Setup - Directory. • Finger Finger is a UNIX program that takes an email address as input and returns information about the user who owns that email address. On some systems, finger only reports whether the user is currently logged on. Other systems return additional information, such as the user's full name, address, and telephone number, which the user must first enter. Understanding domain names and IP addresses You can think of domain names as the user-friendly form of an IP address. Users find it easier to remember addresses such as, www.huskyplanes.com as opposed to numbers, such as 192.166.0.0. A domain name identifies one or more IP addresses. An IP address is a unique number that identifies any machine, for example, your mail server, web server, FTP server (if any), and end user computers. If you are using Windows, you can define multiple IP addresses (that is, you can define multiple servers) on your network interface card (NIC). If you choose not to define multiple IP addresses, you should list your default domain IP address on the Multiple Sites & Languages form. You can also register multiple domain names and point them to one IP address, see Using the Multiple Sites & Languages form. Domain names are used in both URLs and email addresses to identify particular web pages and email recipients respectively. For example, the Husky Planes web site address is www.huskyplanes.com. The whole domain name in this address is huskyplanes.com and represents one IP address, 192.166.0.0. Roy Allen’s email address on Husky Planes is roy_allen@huskyplanes.com. Again the domain name is huskyplanes.com. In the case of the email address, roy_allen signifies the recipient’s unique name. Note Each name in an email address must be unique to each user on your system. Otherwise, you may find your server unable to distinguish between two recipients and, thus, unable to properly deliver mail. Every domain name has a suffix that indicates which top level domain (TLD) it belongs to. There are only a limited number of such domains. For example: • gov – Government agencies • edu – Educational institutions • org – Organizations (nonprofit) Understanding the role of the DNS server Because the web servers work with IP addresses and not domain names, every system requires a separate Domain Name System (DNS) server. This server tells a web or mail server where to deliver messages by translating domain addresses into IP addresses and verifying that both are the same. Generally, when a FirstClass user sends an email message to a recipient (either inside or outside of a FirstClass system), Internet Services sends it out using the SMTP protocol. This message then finds its way to the recipient’s machine through the recipient’s mail server, where the recipient’s system performs its own DNS server verification on the email address and then delivers it to the recipient. DNS servers keep a list of all registered domain names and corresponding IP addresses worldwide. Let’s take a look at the path of an email sent by Husky Planes employee Roy Allen:  NoteAll of the steps in the above diagram may not always occur, depending on how your server and network are configured to handle mail. For example, you may not have reverse DNS enabled for your system. In this example, Roy Allen sends an email message from his client machine to his friend Ann Jones at Avalon Academy. In Step 1, this message goes to the FirstClass server, where it is then handed over to Internet Services. In Step 2, Internet Services queries Husky Plane’s DNS server as to which outside server it must send the message (DNS lookup). The DNS server then matches the domain name in the email address (avalon.com) to the IP address of the recipient’s server. If an IP address is correctly matched with the domain name of the email address, this information is sent back to Internet Services , which then promptly sends out the message (this is Step 3). The message, now on its way to Ann Jones at Avalon Academy, will have to go through a similar process but in reverse. In Step 4, Avalon Academy’s Internet Services queries its DNS server as to which server the message came from. Avalon Academy’s server then sends the message to Ann Jones’ client machine. The same process occurs when a user enters a web site address (for example, www.huskyplanes.com). Understanding gateways Gateways are a bridge between your system and other devices or systems. There are two major types of gateways: server-to-server and third-party. The purpose of either gateway is to transfer mail, conference content, and Directory information to another messaging server. Server-to-server gateways connect two FirstClass systems directly, while third-party gateways allow FirstClass servers to exchange mail and synchronize directories with foreign mail systems. For a complete explanation of gateways and creating gateways, see FirstClass Administrator’s Guide. Understanding reserved words There are special words that are reserved for system use only. These words cannot be used to name any other object (document or container) in your FirstClass system. An example of a reserved word is "Permissions". For a complete listing of reserved words, see Reserved words in our online help. Configuring Internet Services As a FirstClass administrator, you must configure several forms before you can properly run Internet Services. In this chapter, we will discuss how the Husky Planes' administrator configures information in: Note All form fields and tabs may not be described. For a description of all the fields on these and other forms, see our online help or press F1 when you have the form open. Basic Internet Setup form You must complete the Basic Internet Setup form to enable the various Internet protocols on your system. The form may seem large, but you only need to complete those sections that are important to you. For instance, if you don’t intend to poll for newsgroups, you need not complete the News tab. In this section, we’ll walk through the Husky Planes setup. For a complete description of all fields on the Basic Internet Setup form, press F1 when you have the form open. Basic Internet Setup - General On this tab, we provide some general information about the Internet Services system setup.  The "Primary domain name" for our company is "huskyplanes.com". When we send Internet mail to people, our address will be in the format user@huskyplanes.com. Since we maintain our own DNS machine we entered, "198.166.0.0" in "Primary DNS". If you use your ISP’s DNS, you’ll need to get this IP address from them. If you have more than one DNS machine available, you will need to add those addresses on the Advanced DNS form, see our online help or press F1 when you have the form open. We want all email directed to postmaster@huskyplanes.com to go to an account we have created for the user called "webadmin". We’ve done this rather than using administrator because we want to separate Internet and server administration duties. We've selected "Start Internet Services automatically" because we always want Internet Services to automatically run when the FirstClass server is started and both modules are located on the same machine. Note If the server and Internet Services are installed on separate machines, you cannot select this feature, as the server cannot control another machine. Also, if you run FirstClass server as a Windows NT service, it will not automatically start Internet Services. For details about running FirstClass server as a Windows NT service, see FirstClass Administrator’s Guide. Basic Internet Setup - Connection On this tab, we indicate how we connect to the Internet. Husky Planes has a continuous Internet connection, so all we need to do is select Continuous. We will need to set some scheduling information, but we’ll deal with that in Setting the Internet Services connection schedule. We’ll discuss dial-up connections in Configuring a dial-up connection.  Basic Internet Setup - Mail On this tab, we set basic Internet mail protocols. You only have to do this if you want your users to receive Internet email. On Husky Planes we have all mail protocols selected, as we want of our users to be able to receive SMTP, POP3, and IMAP4 mail.  If you enable SMTP mail, you must enter a server domain name, in our case "mail.huskyplanes.com". This name resolves to the IP address of the computer that Internet Services is installed on. We have registered it in the DNS. If you enable POP3 mail, your users users will be able to log in using a POP3 mail client, like Eudora, and retrieve their email. Your users can enter their own POP3 mail accounts in their user preferences, see our online help or press F1 for more information. If you enable IMAP4 mail, your users will be able to log in using an IMAP4 client, like Outlook Express, and retrieve their email. For more information about logging in with an IMAP4 client, see our online help or press F1. We picked "10" as the number for "Max outgoing mail". This is large enough to maintain significant mail flow but not so large as to cause memory problems. You may want to adjust this number if you notice mail overflow or low memory problems on your system. You can monitor your mail status on the Internet Services Monitor, see Internet Services Monitor display. On Husky Planes we leave "Mail server" blank, as we leave it up to our users to fill out their own Mail Import Accounts form, see our online help or press F1 when you have the form open. This field only needs to be filled out if all your users are going to be retrieving POP3 mail from the same mail server. Basic Internet Setup - News On this tab, we set basic Internet news settings. You should only do this if you want to receive newsgroups.  On Husky Planes we allow our users to register with Newsgroups and have, therefore, selected this choice. We use "news.huskyplanes.com" as our news server domain name and have registered it in our DNS. Since Husky Planes does not maintain its own news server, we use the name of the news server our Internet Service Provider (ISP) owns. If you don’t maintain your own news server, you will need to arrange with your ISP which newsgroups they send to you. Basic Internet Setup - Web & FTP On this tab, we set up the HTTP protocol (allowing people to access our web site with their web browsers) and the FTP protocol (allowing people to download files from our web site).  On Husky Planes, we have enabled both HTTP and FTP protocols and entered their corresponding domain names. Since we are a business, it is very important for people to be able to access our web site and download files using an FTP client. For information on the FTP folder, see FTP folder. As with other domain names configured on this form, both the HTTP and FTP domain names are registered in our DNS. Basic Internet Setup - Directory On this tab, you enable Directory filtering to control the exposure of users’ email addresses through Finger or LDAP clients. For more information on LDAP, see Understanding Internet Services protocols. On Husky Planes, we have disabled the Finger protocol but enabled LDAP lookup on our system.  Basic Internet Setup - UCE/Spam On this tab, we deal with the problem of SPAM, or unsolicited email. For more information on controlling SPAM and securing your Internet Services environment, see Managing system security. On this tab, you can control which messages your site relays, which messages to accept, and how to handle these messages based on your choices.  Depending on your system security needs, there are different options you can choose. Relaying In this section, you choose if you want to relay messages and, if so, what criteria is required for your users. The first and most secure choice is to disable relaying for all including SMTP AUTH users (fully authenticated users) and trusted IP addresses. If you are experiencing many problems on your site due to relaying, this option provides you with the opportunity to stop the flow completely and fix the leaks. The other choice you have is to allow relaying for SMTP AUTH users only. You can either allow authenticated users to relay regardless of which features they have on their User Information Form, or you can limit relaying to users with certain features. As per the above picture, the Husky Planes administrator allows relaying but only for authenticated users with certain features. Handling Junk mail In this section, you choose how to handle the junk mail entering your system. Husky's administrator does not automatically reject unknown IP addresses but prefers to use the RBL options instead to deal with junk mail. Reject based on RBL hosts(s) Husky's administrator checked this option. This is to ensure all incoming mail will be checked by the RBL service and any known SPAMmers automatically rejected with a corresponding message in "Help text" (see online help for details on "Help text" messages or press F1). This message describes why the connection was refused and contains a link to the RBL site where corrective action can be taken. Husky's administrator uses this message for senders who are refused: "Your mail has been found on our RBL service list and will not be delivered. Go to rbl.spamcop.org for more information". There are several reliable RBL services you can use with varying degrees of aggressiveness. We recommend you choose one or two good RBL services, which you can find on the Internet, that are not too aggressive in their spammer listings. If you are using more than one RBL service you should put the least aggressive service first and the most aggressive service last. Internet Services checks the RBL servers from the most aggressive service (to filter out the majority of bad mail) to the least aggressive service (to catch any remaining SPAM that may have slipped through). X-RBL-Warning header instead of NDN This option forwards email to the recipient but with a warning in the header. This warning tells the recipient that the email address has been found in the system RBL service and that he should use his personal mail rules to handle it, see online help. We left this option unchecked, as we want to control incoming mail before it hits the recipient's Mailbox and deal with any spammers before they enter our system. So any IP addresses from mail senders found on our RBL service list will automatically receive an NDN with the corresponding "Help text" message. Note Your Filter document overrides any settings on the UCE/Spam tab, see Using the Filters folder for system security. Basic Internet Setup - Service On this tab, we configure additional Internet Services settings.  On Husky Planes the name of our gateway service is "Internet". This name must match the name on the gateway form in order for the gateway to connect to the server. For the "Internet Services priority", we selected "Medium" because we have Internet Services and FirstClass server installed on the same single processor machine. If they were installed on different computers or on a single multiprocessor computer, we would choose "High". If you have other software running on the Internet Services machine, you would choose "Low". For "Internet sessions", we are basically estimating the number of concurrent users of Internet protocols, in this case "30". Each of these sessions has the potential to occupy one server network session, see FirstClass Administrator’s Guide for information on sessions. Since Internet Services uses caching, the actual number of sessions used may be less than the number of requests. For information on checking your session load, see Monitoring your system. Configuring the Internet gateway form The Main tab on the Internet gateway form holds general information about your account and Directory synchronization. In order for the gateway to connect to the server, the name entered in "Service name" must match the gateway name entered in "Service name" on the Service tab on the Basic Internet Setup form, see our online help or press F1 when you have the form open. Note In a clustered Internet Services environment, you will have multiple instances of this form each with a different configuration as per your service, see Clustering Internet Services to plan your system.  Setting the Internet Services password You must set the Internet Services gateway password so Directory services can work properly. By default, the password is blank so, for security reasons, we recommend you enter a password immediately. Note The password you set on the Internet gateway form must be the same as the one set in the InetSvcs.rez settings file, see Logging into Internet Services. To set the Internet Services password: 1 Click Directory information on the Internet gateway form in the Gateways folder on the administrator’s Desktop. 2 Enter the password you want to use to log into Internet Services . After you have entered your information, click OK to save your settings:  Internet Services and FirstClass server resident on same machine If Internet Services is installed on the same machine as FirstClass server, you can either connect with a local connection (default) or with a TCP/IP connection. If you connect locally, you don’t need to modify the settings. If you connect with TCP/IP, you must enter the IP address of your server machine. Note It is strongly recommended that you use the TCP connection method, as it is more reliable than connecting locally.  After you have entered your information, click Save. Internet Services and FirstClass server resident on separate machines If Internet Services is installed on a different machine from FirstClass server, you must connect using TCP/IP and enter the IP address of your server machine. This tells Internet Services where the FirstClass server is, enabling communication between machines.  After you have entered your information, click Save. Setting the Internet Services connection schedule Now that we have gone through a basic setup, we need to configure the Internet Services connection schedule. You can open this form by: • logging in as the administrator and opening the Internet form in the Gateways folder on the administrator’s Desktop • clicking Configure on the Basic Internet Setup - Service tab, see our online help or press F1 when you have the form open. Setting the Scheduling tab The Time A and Time B tabs control incoming email (POP3), news (NNTP), and dial-up connectivity. The Demand tab controls when the service will connect based on the number of incoming emails queued or when the user logs in (depending on what you choose). This is how we we set Husky Plane’s schedule:  Since Husky Planes does business 24 hours a day, 7 days a week, we want to receive Internet email from our ISP using POP3 everyday. We chose a 4:00 am start time so email will be there for early risers and a 1:00 am stop time for trash collection and administrative tasks when usage would probably be low. Between 1:00 AM and 4:00 AM no email or news is retrieved. In "Repeat" we selected "every hour" as the interval to connect between the start and stop times. If users find they are waiting too long for information, you can increase the "Repeat" entry. Of course, if there is a great deal of email and news, the individual connections will be long. On Husky Planes, we don’t need to use the Time B tab. The Time B tab performs the same function as the Time A tab but adds more flexibility when setting up your schedule. For example, if you have a connection where you are charged by time, or you don’t want to frequently retrieve email and news during off hours (for example, if you have a continuous connection but don’t want to put extra pressure on your system’s broadband capacity). Setting the Demand tab  We decided to retrieve messages and deliver them to users when they connect (or on the hour as set on the Time A tab). This setting lightens the load on our server, as the messages are stored on the delivering mail server until the user is logged in (or on the hour as set on the Time A tab). Coupled with our selections on the Time A tab, this means Husky Planes will retrieve messages every hour or if a user logs in during that hour. Configuring a dial-up connection Husky Planes has a continuous connection to the Internet. However, if your organization uses a dial-up connection (you dial into an Internet Service Provider to send and retrieve email and news) rather than a continuous connection to the Internet, you must configure a dial-up connection. We will cover a basic dial-up setup here. To configure a dial-up connection: 1 Select Intermittent or dial-up on the Connection tab on the Basic Internet Setup form. 2 Select "Route through one server", on the Advanced Mail - Routing tab, and enter the IP address of that server. 3 Install and configure dial-up software on the same computer where you have Internet Services installed. Note Configure Dial-Up Networking on Windows or a third-party software router (such as the Vicom Internet Gateway) to handle routing of network and IP traffic for dial-up connection support on Mac OS. 4 Set a low time-out value on your dial-up software. 5 Complete the Basic Internet Setup form, as described in this chapter and our online help. 6 Enter information in the Scheduling tab on the Gateways form and complete the Demand tab to force a dialup connection, based on the number of queued messages for outgoing mail (SMTP). Note The Demand tab can also be used on continuous connections. The schedule you set on the Scheduling tab controls when you connect. The low time-out value you set on your dial-up software controls when that connection is dropped. If you have a set rate for peak hours you can set the Time A tab for frequent polling (for example, every five minutes). During off hours, where you are charged higher rates, you can set the Time B tab for less frequent polling (for example, every two hours). You should configure your Demand tab according to how many messages you want queued before initiating an automatic dial-up connection. For example, if you want all urgent messages sent out immediately, set "Urgent Messages" to a lower number. If you don’t require all your messages to go out immediately, set "All messages" to a higher number. Advanced Internet setup Most administrators with standard running sites only configure the Basic Internet Setup form. However, if there are any exceptions or particular issues to be addressed outside of the normal site configuration, you must use the advanced Internet setup forms. Since Husky Planes is a standard running site, the advanced forms are left with the default settings. For a description of the advanced Internet Services forms and other forms, see our online help or press F1 when you have the form open. Since the Advanced Directory form is somewhat more complicated to understand provide a discussion here of how you should configure it if you use it. Advanced Directory Use this form to configure Finger and LDAP protocols and to set up Internet aliases, if they differ from what you have on the Basic Internet Setup form. Advanced Directory - Aliases With the exception of the default aliases, Husky Planes does not allow its users to have additional email aliases. Each user can only receive email at his standard Internet address, for example, roy_allen@huskyplanes.com. If you want to provide your users with additional aliases, you can do so on this tab, or you can manually configure them individually on the User Information form (see our online help or press F1 when you have the form open). The Aliases tab provides options for the delivery of inbound SMTP mail. The "Automatic aliases" options allow you to set the type of mail addressing, whereas "Inbound mail addressing" lets you decide the level of matching you want to allow on your system. This feature could even be used to stop some of your users from receiving Internet mail. Using a combination of these two fields, you can set tighter controls on how inbound SMTP mail reaches your users.  For "Automatic aliases", we selected "Do not create automatic aliases" because we don’t want Internet Services automatically creating email aliases outside of the default alias, firstname_lastname@huskyplanes.com. For "Inbound mail addressing" we selected "Exact match only" Both of these settings is the default because we want the recipient’s name to have to match the entire entry on his User Information form. Husky Planes has this option selected to only allow addresses with exact matches to be delivered, for example, roy_allen@huskyplanes.com or roy@huskyplanes.com. Both of these email addresses are on Roy Allen’s User Information form. Let’s take a look at some addressing scenarios: Scenario 1 If we selected both Do not create automatic aliases and Allow short forms, the following address could no longer reach Roy Allen: • rallen@huskyplanes.com (as this is his user ID) However, the following addresses would reach Roy Allen: • ro_al@huskyplanes.com (or any other short form that produces a single match) • roy_allen@huskyplanes.com. Internet Services does the best single match automatic aliasing. This means, if you have the above settings on your system, Roy Allen can receive Internet mail addressed to different combinations of his email address roy_allen@huskyplanes.com, if no other user on the Husky system has a similar name. If there are other users on the system with a similar combination of letters, the fully qualified email address of the recipient must be used (for example, roy_allen@huskyplanes.com). Scenario 2 If we selected both Do not create automatic aliases and Exact match only, the following address could no longer reach Roy Allen: • ro_al@huskyplanes.com (or any other short form that produces a single match). However, the following addresses would reach Roy Allen: • roy_allen@huskyplanes.com (from the first and last name on his User Information form) • roy@huskyplanes.com (from the mail alias entered on his User Information form). Scenario 3 If we selected both Do not create automatic aliases and Aliases only, the following address could not longer reach Roy Allen: • ro_al@huskyplanes.com (or any other short form that produces a single match) • roy_allen@huskyplanes.com (from the first and last name on his User Information form). However, the following address would reach Roy Allen: • roy@huskyplanes.com (from the mail alias entered on his User Information form). Scenario 4 If you want to stop your users from receiving incoming mail altogether: • Select Do not create automatic aliases from the Automatic aliases options. • Select Aliases only from the Inbound mail addressing options. • Clear Mail aliases on the User Information form. Starting Internet Services and logging in Before you can log in to Internet Services, you must: • set a password for Internet Services on the Gateway Directory Information form and save it • enter information in the Internet Services account form in the Gateways folder. Starting Internet Services You can have Internet Services start automatically when you start your server, by choosing the right setting on the General tab on the Basic Internet Setup form. If you choose to start Internet Services manually, or if Internet Services is running on a different machine than your FirstClass server, do the following: Double-click the Internet Services icon:  The Internet Services application re |