CanIt handles scanning of outbound email via streams the same as inbound. To enable it for an on-premise implementation of CanIt.
- Instead of having your MDA send your outbound mail directly out to the Internet, you have it route that mail to CanIt instead.
How you do this will be dependent on configuration settings for your mail server, but look for a feature called Smart Host, which is generally the name this kind of thing goes by.
NOTE: Don't actually turn this feature on until after you complete the CanIt side of the setup, explained in the following steps.
- In CanIt, go to Known Networks. Add an entry for your MDA's IP address. Known Networks wants a CIDR-formatted address (e.g. 192.168.123.254/32) so if you have a number of Exchange servers (say, for different domains) you could either list them individually using a bunch of /32 hosts or as a network block.
- Configure the various checkmarks to handle outbound mail the way you want it handled. For a guide on how to do this consult Guidelines to Outbound Settings. The Administration Guide explains what all the checkmarks do in detail.
- On the right, there's a field called "Force to Stream". Force your outbound mail through a stream called something like "outbound" or "outgoing".
If you don't then your outbound mail will be streamed exactly the same way your inbound mail is, and you may end up creating a bunch of streams that nobody can find.
- If you want any special settings or rules (whitelists, blacklists, change the spam threshold, add a boilerplate, strip training links, etc.) set them up by changing "View This Stream" to the stream you named in the immediately previous step. (the field for changing streams is at the top of every page, for the admin. user).
- Now set up your Mail Delivery Agent to route external mail to CanIt, and that's it! Outbound mail will be scanned and trapped according to the way you want, in the stream you named.
You may wish to check this trap periodically, looking for false positives (legit. outbound mail that got trapped), or you could just wait 'til someone asks what happened to their outbound message, and look here to see if it got trapped when they ask.