Common CanIt User Problems

From Roaring Penguin
Revision as of 14:31, 18 April 2017 by JohnMertz (talk | contribs) (I'm Getting a Lot of False-Positives)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Main article: Quick Start Guide

If you stumble across a problem using CanIt that you cannot seem to figure out, there are several places that you can turn.

Please Note

The options within this guide may or not apply to you, depending on your version of CanIt and how it has been set up by the e-mail administrator. If you can't find something as described but think that you need it, consult your administrator; there may be a reason that you don't have it.

Where Should I Look For Help?

Each page of the WebUI has a link to documentation in the top-right corner just under the header bar. This will bring you to the relevant section of the User's Guide which goes into more detail on the functionality of each page. You can also search the manual for keywords at the bottom of the page, or browse through it with the link to it there. This wiki also provides a lot of resources for FAQs as well.

If you are unable to find answers in these locations, your best bet will be to inquire with your administrator. This may be a person working in your organizations IT department, or someone working for your service provider. To make things easier for him or her, always attach the message - or an example of a message - that is causing you trouble with all of the email headers (called Internet Headers in Outlook). Alternatively, if you have access to any other identifying information such as an IncidentID, QueueId, or at least the sender, time of arrival and subject, these will all help as well. There may be very little they can do for you without this sort of information.

If the administrator is unable to answer your question, they will forward it on to us at Roaring Penguin and we will do our best to resolve your concerns.

Below are solutions to many common problems so that you can try to solve them on your own.

I'm Getting a Lot of Spam

The majority of spam that makes it through the filter does it simply by scoring low enough not to get caught. Some spammers are very good at making their messages look trustworthy to the scanners. In the worst case scenario, special rules can be made to catch the spams. That being said, there can be several other problems that will make it easier for spam to get through and it is always best to treat the cause rather than the symptom.

If you are getting an exceptional amount of spam (read: More than a few a day) your spam threshold score may be set too high. You may or may not have the ability to change this by altering rule S-300 in Preferences->Quarantine Settings. We strongly recommend that this score be set to 5. If deviation is desired, it should be done in small increments of 0.1 - 0.2 points and given a few days to test results.

It is important to note that many spams, if the spammer is smart, will score on content only which is given 5 points for a failure. This means that even a score of 5.1 will fail to catch all of these messages.

Alternatively, you should pay close attention to the address that the message originated from. Spammers are able to either spoof their address or trick compromised machines into propagating spam. In either case, the messages may be coming from someone on your whitelist, bypassing the spam filter. This can be hard to diagnose as the true sender is often not what you see in the email, so this is something that your administrator will probably check for you.

I'm Getting a Lot of False-Positives

If you see that the messages are scoring highly it is possible to create rules to make sure that they always make it through. However, if this is happening with a variety of messages, from a variety of senders, there may be a larger problem.

If you are getting a lot of false positives (read: More than a few a week) going to your Quarantine, your spam threshold score may be set too low. These shouldn't be of too much concern as they are still safe in the quarantine, as long as you realize that it is there. That being said, the delay caused by waiting for the notification can be a problem.

The first thing to check is that your spam threshold is not too low. If you have messages getting trapped with scores lower than 5, you or your administrator should consider changing the rule S-300 in Preferences->Quarantine Settings->Filter Settings back to the default value of 5.

A real false-positive, one that is rejected by the quarantine automatically, is much more of a problem, since you are never even made aware that it is there. Luckily these are much more rare. If it is happening, then your system is almost certainly configured much to strictly. This threshold is set by rule S-100 in Preferences->Quarantine Settings->Filter Settings. Our default is 2000, which is extremely conservative to ensure that no valid messages are ever caught. A reasonable value that we often recommend is around 20. This will cut down a huge amount on the number of messages filling up your quarantine while keeping the chance of a false-positive to a tiny fraction of a percent. If it is set any lower than 10 or so the likelihood of false-positives will grow quickly.

It is important to note that most messages that are rejected by the above threshold are still logged and your administrator should be able to recover them for you if you know what the message should look like; the more information you can provide them, the better. You can look for these messages yourself in Quarantine->Spam or using the Quarantin->Search tool in the WebUI, but you cannot release them.

Contact your administrator with the IncidentID from a Quarantined message, or as much information as you know about a message you suspect was rejected. You administrator will need to know at least the expected sender and timeframe to find it in the logs, but a portion of the subject will help as well.

I have forgotten my Password/Username, etc.

We at Roaring Penguin support the software itself and are not typically the people to talk to for it's day-to-day use. The chances are that you either have an administrator in-house, or your company has a contract with a Managed Service Provider who takes care of these things.

That being said. In most instances your username will be your email address or your local computer username and your password will be the same as the password you use for these as well. If you are still having trouble, please contact your administrator.

Return to: Quick Start Guide