Hosted CanIt Roaring Penguin Software Inc. 26 April 2011
1 1 Introduction Thank you for selecting Hosted CanIt. This document explains how Hosted CanIt works and how you should configure your network to use it effectively. Hosted CanIt is Software as a Service. Our CanIt anti-spam software runs on our servers, scanning your inbound e-mail. Clean e-mail is delivered to your mail servers, while suspect e-mail is held in a quarantine for you to review. You get the benefits of world-class spam and virus scanning without having to run your own servers, maintain your own software, or handle the bandwidth of massive amounts of unwanted e-mail. 2 Principles of Operation Hosted CanIt works as follows: You tell Hosted CanIt the host names or IP addresses of your real mail servers. You set the MX records for your domain to point to the Hosted CanIt scanner rather than your real mail servers. (Optional, but highly recommended) You block your real mail server from accepting SMTP connections from all external hosts except for the Hosted CanIt server. It s as simple as that! Figure 1 summarizes the way Hosted CanIt works: (a) shows your unprotected mail server receiving all mail from the. (b) shows Hosted CanIt protecting your mail server. Note that there is no direct path for unwanted mail to enter your server. (c) shows what happens if you allow external access to your real mail server. Spammers can make an end-run around Hosted CanIt. For this reason, you should not publish your real mail server as an MX record, and should firewall off port 25 except from the Hosted CanIt servers.
2 (a) Your Mail Server (b) Hosted CanIt Filter Your Mail Server NOT RECOMMENDED (c) Hosted CanIt Filter Your Mail Server Figure 1: Hosted CanIt Operation 3 Preparing to use Hosted CanIt In order to use Hosted CanIt, you must meet the following prerequisites: You must have your own domain name. We cannot filter personal Hotmail or GMail mail (for example). You must have your own SMTP server. Hosted CanIt does not offer POP3, IMAP or Webmail access. It merely acts as a relay, accepting SMTP in and delivering clean mail via SMTP.
3 Your SMTP server should validate recipients. That is, if it receives an SMTP RCPT command for a nonexistent recipient, it must return a failure code. If this is not the case, you will have to work with Roaring Penguin support personnel to come up with a way to validate recipients. You should turn off all SMTP anti-spam countermeasures such as greylisting, greet-delays, tarpitting, etc. These only serve to slow down Hosted CanIt for no benefit. You must be able to disable these countermeasures (at least for the Hosted CanIt server) to be eligible to use Hosted CanIt. You must also disable SPF on the back-end server; any necessary SPF checks will be made by Hosted CanIt.
4 4 Gathering Information For Roaring Penguin to configure Hosted CanIt, we require the information in the first three rows of the following table. (This information was likely entered into the Hosted CanIt Request Form; you can print a copy of this page and write in the information for your records.) Roaring Penguin will supply the information in the rest of the table. The IP addresses of our filtering machines are given to you so you can adjust your firewall rules to only allow SMTP traffic from Hosted CanIt. E-Mail Address of Contact Person: Domain Name: Host Name or IP Address to route mail to: Hosted CanIt MX Record #1: Hosted CanIt MX Record #2: Hosted CanIt Login URL: Hosted CanIt User Name: Hosted CanIt Password: IP Address of Hosted Filter 1: 72.1.205.163 IP Address of Hosted Filter 2: 70.38.114.81 IP Address of Hosted Filter 3: 174.142.25.1