General Server Options

From GWAVA4

Most day-to-day configuration and management tasks in GWAVA 4 are performed at the Scanner level, under Manage scanners.

However, several components of GWAVA - most notably GWVRELAY (the mailing component) and GWAVAQMS (the Quarantine Management System component) have critical operational settings here that should be double-checked.

At the Server level, under Server Management, and then under Configure server, you'll find

• Connectivity options for GWAVAMAN, GWAVA, and QMS (Quarantine Management System). These will be rarely adjusted
• Logging options for all components of GWAVA (including GWAVAMAN, GWAVA, interfaces, etc.). These will probably be changed a couple of times.
• Internet Domain(s) used by your organization. These need to be changed whenever the list of internet domains serviced by your organization changes.
• SMTP settings used by GWVRELAY to deliver notifications, digests, etc.
• QMS settings used by GWAVAQMS, including authentication and data maintainence.

TIP: If this server was installed into an existing GWAVA network, the defaults for several of these settings were originally inherited from the Default Settings page .

You may wish to review GWAVA 4 Components before continuing.

NOTE: As you make changes to your configuration, the disk icon in the upper right corner of the page will become active and the words SAVE CHANGES will appear. Do not forget to click the icon to save your changes before moving to another page, or your changes will be lost.

Contents 1 Connectivity Options 2 Logging options 3 SMTP and Domain options 4 QMS options

Connectivity Options

Connectivity settings are hidden by default and toggled by clicking "Show advanced connectivity settings".

• GWAVAMAN Connection address - This is the address "advertised" to other servers in the GWAVA 4 network, and must be accessible to all of the servers in the network. You may need to change this value if you change server hardware. It is recommended that a DNS address be used for this option to allow internal/external connectivity.
• GWAVAMAN Listen address - What addresses should GWAVAMAN listen to for insecure HTTP connections? Change to 127.0.0.1 if you want to disable insecure connections.
• Enable GWAVAMAN SSL - Toggle on and off SSL (https) support for the GWAVAMAN web server. Turn this on if you've generated an SSL key and certificate file, and wish to use https to connect to GWAVAMAN.
• GWAVAMAN SSL listen address - By default this is all IP addresses, on port 49382. In other words, the administrator can connect to GWAVAMAN via https://server_ip_adddress:49382. This must be a different port from the insecure (http) connection.
• GWAVAMAN SSL certificate file - Full path to SSL certificate file. If you followed the examples in Securing your GWAVA Server (SSL), this would be /opt/beginfinite/certs/mycert.crt.
• GWAVAMAN SSL key file - Full path to SSL key file. If you followed the examples in Securing your GWAVA Server (SSL), this would be /opt/beginfinite/certs/mykey.key.
• GWAVAMAN SSL key password - Password for the SSL key file. You specified this when you first created your SSL key.
• GWAVA Scanner Listen address - By default 127.0.0.1, which allows only local interfaces to communicate with the GWAVA scanner engine. You might change this in an advanced scenario where non-local interfaces needed to connect.
• QMS Listen address - What addresses should GWAVAMAN listen to for insecure HTTP connections? You do not need to disable this. If you enable SSL, and the user logs into the insecure login page, they will automatically be redirected to a secure page when they log in.
• Enable QMS SSL - Toggle on and off SSL (https) support for the QMS web server. Turn this on if you've generated an SSL key and certificate file, and wish to use https to connect to QMS.
• QMS SSL Listen address - By default this is all IP addresses on port 49385. In other words, the user can connect to QMS via
• GWAVAQMS SSL certificate file - Full path to SSL certificate file. If you followed the examples in Securing your GWAVA Server (SSL), this would be /opt/beginfinite/certs/mycert.crt.
• GWAVAQMS SSL key file - Full path to SSL key file. If you followed the examples in Securing your GWAVA Server (SSL), this would be /opt/beginfinite/certs/mykey.key.
• GWAVAQMS SSL key password - Password for the SSL key file. You specified this when you first created your SSL key.

Logging options

These logging options affect ALL GWAVA 4 components running on the server.

• Logging level - adjusts the amount of verbosity in the logs
• Suppress HTTP Logging (diagnostic logging level only) - whether or not to log even the web server GETs.
• Log days - adjusts how many days log files are kept.

See Logging for additional information.

SMTP and Domain options

• Default domain - Required, and used by numerous GWAVA services in their normal processes. This should be the primary Internet domain of mail that passes through this GWAVA server.
• SMTP server - Required. The IP Address or host name of the SMTP server to send notification and regenerated messages through.
• Auth login - Provides a login name for GWAVA to send mail through the SMTP server. Most SMTP servers require this.
• Auth password - The password for the SMTP login name. Most SMTP servers require this.
• Administrator e-mail - The address of the system administrator. Used for notifications.
• Administrator name - The name of the system administrator. Used for notifications.
• SMTP queue - The location of SMTP queue files. Leave at default unless it is necessary to move the files to a different location
• SMTP greeting Change if the HELO/EHLO greeting needs to be defined.
• SMTP auth method - Change if a specific authentication method is required and auto does not work.
• Ext SMTP - Provide an alternative SMTP server for mail not bound for defined domains only if required.
• SMTP threads - The maximum number of simultaneous SMTP messages that will be delivered before queueing occurs.

• Additional domains - If more than one domain is hosted, provide details of additional domains here. This allows GWAVA to know these domains are "native" (internal).

QMS options

Several important settings governing the function of the Quarantine Management System are found here. Most of these settings are also available within the QMS, under the QMS Globals function tab.

In particular, the QMS SMTP authentication server must be correct, or users without administrative rights to GWAVAMAN will be unable to access the QMS.

For security reasons, the GWAVA QMS does not store passwords. Instead the QMS validates user login dynamically against two possible sources:

1. GWAVAMAN - any administrator accounts are granted administrative rights to the QMS
2. SMTP - SMTP authentication is performed next, usually against the GroupWise GWIA. This allows users to use their built-in GroupWise user name and password to access the QMS.

Related but rarely changed settings are

• the QMS Authentication method - normally AUTO is just fine, but some SMTP servers may require an explicit SMTP AUTH method
• the QMS queue directory - the location where the GWAVA component dumps files into a queue for import into QMS.

These settings are hidden unless you toggle the Show Advanced QMS settings link.

The rest of the QMS settings relate to retention settings.

• QMS core DB size - Sets the maximum size to allow the quarantine database to grow to before auto-pruning. Note that this refers only to the database, and does not take the stored messages into account. Nor is this age dependent, unlike the other settings.
• Enable QMS pruning - If this is checked, the AGE of a message determines how long the m essage is retained.
• Days to retain in QMS - Sets the maximum number of days to retain message in the quarantine before pruning. What specifically is removed is specified by the next two checkboxes
• Prune stored messages - Deletes quarantined messages when they exceed the pruning age. These are the external MIME files containing the entire original message and attachments.
• Prune database entries - Deletes entries from the QMS database when they exceed the pruning age. The message will no longer be viewable in the QMS.