The primary tasks for a domain administrator, regarding Postini services, are: to enable or to disable the Google Apps services, to define categories of users, and to grant them different rights for different applications.
The Postini console should not be confused with the Google Apps administration console (which we shall cover in Chapter 7, Managing a Google Apps Domain).
Once the Postini services have been activated, each user is granted default rights. These can be changed later by the administrator, either globally or individually. This last possibility is not recommended, however.
In the Postini administration console, users in a Google Apps domain are arranged into hierarchies of organizations:
By the time the system is activated, this hierarchy contains only two organizations. At the top level, there is the «Account Administrators org», which groups the administrator defined when the system was activated and a template user account called Default User. This model defines default user authorizations for any newly created user in the domain. Directly below the «Account Administrators org» we have «Users org», which contains all user accounts that were originally defined in the Google Apps console (see Chapter 7, Managing a Google Apps Domain).
Creating sub-organizations in this hierarchy is the preferred way to grant specific rights to some categories of users. By default, each sub-organization inherits the rights from the organization which is immediately above in the hierarchy. These default rights can be modified or refined.
Administrators who are in charge of security should be aware of the default rights granted to users regarding their access to the Message Center. The following list summarizes the most important ones. By default, each user is granted the following authorizations:
Security or Search Feature |
Access |
---|---|
Enabling/disabling the anti-spam filter |
Granted |
Modifying the global threshold of the anti-spam filter |
Granted |
Modifying the threshold of the explicit content filter |
Denied |
Disabling the antivirus filter |
Denied |
Changing the locale |
Granted |
Searching the personal archive |
Granted |
Recovering messages from the personal archive |
Granted |
Reading the reasons for why a message was routed to quarantine |
Granted |
Having a message analyzed |
Denied |
Reading the attachments of a message in the quarantine |
Granted |
C onsidering the complexity of the Postini console, we will not attempt here a thorough coverage of each feature. That would far exceed the scope of this book. We will only present the most important ones and we refer the reader to the online documentation for more detailed information.
Recall that the various settings apply either to specific users or to organizations. Options are not quite the same in both cases, as the following two figures show:
Whe n a message infected by a virus is received, the default behavior of Postini is the following:
The administrator can choose to route messages to the quarantine rather than sending them back to the sender.
The administrator can also decide to send messages whose recipient is unknown to a specific account.
The early detection mechanism may route some messages that were only suspected to be infected to the provisional quarantine (for a period of 8 hours); they will be analyzed further once the malware database has been updated. The administrator can enable or disable this service.
We indicate below which settings can be adjusted for the spam filter, both for individual users and for user organizations. Recall that messages whose recipients are on a white list (defined either by the user or the administrator) automatically bypass any filtering.
The administrator can enable or disable the spam filter, adjust its global threshold, and the threshold for different categories:
At t he level of an organization, the user can define the following parameters:
This category of filter analyzes the content of messages and attachments in order to identify illicit or confidential content. Specific words or patterns of characters can be declared as illicit and blocked. These filters are defined at the level of an organization. Among the most common uses, let's quote, for instance:
When messages are routed to the quarantine, a user will find them in his personal quarantine. The column labeled "reason for blocking" will display "Content" in this case. It is also possible to route illicit messages to the administrator's quarantine rather than to that of the user.
Regular expressions are a powerful tool for defining patterns of characters such as URLs, social security numbers, or account numbers. It is actually a standard notation used in many scripting tools such as PERL, for instance.
Without going into too much detail, here are a few examples of useful regular expressions:
badmail(w.+%-){0,25}.com
v[i!1][a@]gr[a@]
word1
, word2
, word3 word4
) use the following regexp:(W|^)(word1|word2|word3word4)(W|$)
The Postini system supports the POSIX Extended Regular Expression (ERE).
The order in which the filters are applied has its importance in defining the result of filtering. This order can be changed at any time.
A content filter is defined by at most three rules; each of them specifies the scope of the search and the type of rule that is being enforced. Either all rules apply or at least one of them.
Each filter from a list can be separately enabled or disabled. The action to take when a message is caught can also be defined for each filter. Predefined filters cannot be deleted but can be disabled.
Like c ontent filters, attachment filters are defined at the level of an organization. Among the most common uses for this kind of filter, let us mention, in particular:
Summarizing, filtering on attachment is both on the type of files and their size.
The settings that can be adjusted are:
For each kind of file (executable, archive, Office document, image, sound, multimedia, and so on.) the administrator can define one of the following kinds of actions:
It is also possible to identify attachments through binary analysis rather than by the file extensions and to enable the analysis inside compressed archives.
The quarantine summary is a message sent automatically by Postini. It contains the list of the messages that were recently routed to the quarantine. The frequency of these messages can be defined by the administrator but cannot exceed one per day.
Besides the quarantine summary, there are other notification messages that the administrator can enable:
Recall that the message archive securely stores a copy of each message that goes through the Google Apps systems except for spam. The administrator has full access to this archive and can also delegate those rights to other users. Finally, the administrator can choose to grant individual users the authorization to access their personal archives.
The primary tasks of an administrator, regarding the management of archives, are the followin g:
Archiving can be enabled for a specific set of users.
The maximal retention time for a message is 10 years, provided you have subscribed to the Message Discovery service for that period of time. Should the retention period be modified, it will only apply to the newly archived messages. The previous retention period remains valid for the messages that are already in the archive.
As we ha ve already seen, it is possible to adjust both an overall threshold and a threshold per category. Both kinds of settings have five levels. By default, the overall threshold is set to level "2" while the others are disabled. If the majority of users in a domain receive spam from just one category regularly, then, and only then, should the specific filter be activated. You should be aware, though, that specific filtering increases the chances that a valid message will be wrongly routed to the quarantine.
Another possibility for the administrator is to delegate the responsibility of filtering to users themselves. Users should however be warned in this case that they should check the quarantine regularly to make sure no desirable messages were wrongly deleted by an overzealous filter.
Clever usage of a few white lists and black lists that are updated on a regular basis often provides for the most efficient filtering.
Both the Google Apps and the Message Security services from Postini have their own filters and their own quarantines. Therefore, when a user decides to recover a message that was routed to the quarantine, it may happen that this message is then considered as spam by Gmail's filter! The obvious solution is to explicitly declare this message as non-spam directly in Gmail.