Vous êtes sur la page 1sur 129

AMS Advanced Messaging Security

AMS
Technical Documentation

Administrator's Guide
by Dokumenta

23 May 2006

This document contains confidential information and is made available under a license
agreement or nondisclosure agreement only. The information may not be assigned or
transferred to any third party without Dokumentas express prior consent. No part of this
manual may be reproduced without the express written permission of Dokumenta.
Information in this document is subject to change without notice.
The software described in this document is furnished under a license agreement or
nondisclosure agreement and may be used or copied only in accordance with the terms
of that agreement. It is not permitted to copy the software except as specifically allowed
in the license or nondisclosure agreement.
Copyright 1999-2006
Dokumenta S.A.
16, rue dEpernay
L-1490 Luxembourg
Tel.
(+352) 400 173-23
Fax
(+352) 400 173-33
AMS@Dokumenta.lu
http://www.AMS.lu
All rights reserved.

Contents
Introduction

SMTP Server and Mail Routing Engine ...................................................................... 3


How a Message Is Processed by AMS .......................................................... 3
Undef Network............................................................................................... 7
POP3 Server................................................................................................................. 8
IMAP Server ................................................................................................................ 9
HTTP Server and Web Interface.................................................................................. 9
Diasepa Server Page Extension ................................................................... 10
Scheduler Thread of the Sentinel ............................................................................... 11
Filter Program ............................................................................................................ 11
Web Interface for Filter Rules ..................................................................... 11
Filter Scheduling Program ........................................................................... 12
Content Handler ......................................................................................................... 12
What Content Handlers Are Available ........................................................ 14
User Database and AMS Management ...................................................................... 17
Authorizer Tree............................................................................................ 17
AMS User Database and Other Message Systems ...................................... 18
AMS Authorization Workflow .................................................................................. 18
Workflow Database and Directory .............................................................. 19
Workflow Engine......................................................................................... 19
Web Interface for Authorization Tasks........................................................ 20
Workflow Scheduling Program ................................................................... 20
Schematic of the AMS Authorization Workflow ........................................ 21
Notifications and eGuardian ..................................................................................... 22
Expiration Date ............................................................................................ 23
Show Authorizers to Recipient .................................................................................. 25
eMMS E-mail Path Monitoring Process ................................................................... 26
Out of Office and the eBusy Database...................................................................... 26
Out of Office ................................................................................................ 26
Out of Office Synchronizing AMS and Exchange .................................... 26
The eBusy Database.................................................................................... 27
Schematic of the AMS System .................................................................................. 29
eCluster

30

Workflow with eCluster............................................................................................ 30


Assigning IPV ............................................................................................................ 30
Synchronization ......................................................................................................... 31
Configuring eCluster................................................................................................. 32
Other Registry Settings ................................................................................ 34
Jobs............................................................................................................................. 34
What to Do When a Server Fails ............................................................................... 35
Registry Entries of AMS
AMS Technical Documentation

36
Contents i

[Sentinel\]................................................................................................................... 36
SMTP Settings ............................................................................................. 39
HTTP Settings.............................................................................................. 40
Server Page Extension Settings ................................................................... 43
Mail Transfer Failure Settings ..................................................................... 43
Filter Settings ............................................................................................... 44
Workflow Settings ....................................................................................... 45
Directories.................................................................................................... 46
[Sentinel\Access SMTP\] ........................................................................................... 48
Examples...................................................................................................... 48
[Sentinel\AddressRouting\]........................................................................................ 48
Examples...................................................................................................... 49
[Sentinel\AddressRouting from inside\], [Sentinel\AddressRouting from outside\],
[Sentinel\AddressRouting from Undef\] .................................................................... 49
[Sentinel\AMS Check\].............................................................................................. 49
HTML File Names....................................................................................... 52
Timeout Settings .......................................................................................... 53
Sensitivity Settings....................................................................................... 56
Notification Settings .................................................................................... 56
Status Strings ............................................................................................... 59
Registry Backup Settings............................................................................. 59
[Sentinel\AMS Check\Accept Mail From\], [Sentinel\AMS Check\Accept Mail To\],
[Sentinel\AMS Check\Proof Mail From\], [Sentinel\AMS Check\Proof Mail To\],
[Sentinel\AMS Check\Reject Mail From\], [Sentinel\AMS Check\Reject Mail To\]60
Examples...................................................................................................... 60
[Sentinel\CGI Scripts\]............................................................................................... 61
Examples...................................................................................................... 61
[Sentinel\Crypt].......................................................................................................... 61
[Sentinel\Crypt\eCrypt Management Tool Display].................................... 64
[Sentinel\Crypt\Encrypt Content Type]....................................................... 64
[Sentinel\Crypt\Global Error] ...................................................................... 64
[Sentinel\Crypt\Spool Error (to outside)] .................................................... 65
[Sentinel\Crypt\Undef Error] ....................................................................... 65
[Sentinel\Crypt\Wire Error (to inside)]........................................................ 65
[Sentinel\Crypt\Mail Mime Type] ............................................................... 65
[Sentinel\eBusy]......................................................................................................... 65
[Sentinel\eMIM]......................................................................................................... 66
[Sentinel\eMIM\From call eMIM] [Sentinel\eMIM\From deliver
immediately] [Sentinel\eMIM\To call eMIM] [Sentinel\eMIM\To deliver
immediately]
67
[Sentinel\eMIM\WWW-Settings]................................................................ 67
[Sentinel\EMMS\] ...................................................................................................... 67
[Sentinel\Environment\]............................................................................................. 69
[Sentinel\External Config\] ........................................................................................ 69
[Sentinel\IMAP]......................................................................................................... 69
[Sentinel\Information\]............................................................................................... 71
[Sentinel\Internal Network\] ...................................................................................... 72
Examples...................................................................................................... 72
[Sentinel\Logfiles] ..................................................................................................... 73
Column Settings........................................................................................... 73
ii Contents

AMS Technical Documentation

Example ....................................................................................................... 74
[Sentinel\MAIL from call AMS\], [Sentinel\MAIL from deliver immediately\],
[Sentinel\MAIL to call AMS\], [Sentinel\MAIL to deliver immediately\] ............... 75
Examples...................................................................................................... 75
[Sentinel\MiMail\] ..................................................................................................... 76
[Sentinel\MiMail\Icons\]............................................................................................ 76
Examples...................................................................................................... 76
Special Entries ............................................................................................. 77
[Sentinel\MiMail\Edit\].............................................................................................. 77
[Sentinel\MiMail\Mime Type\].................................................................................. 78
[Sentinel\MiMail\Mime Type\Weak\] ....................................................................... 78
[Sentinel\MIME Types\] ............................................................................................ 78
Examples...................................................................................................... 79
[Sentinel\POP3\] ........................................................................................................ 79
[Sentinel\POP3\User\]................................................................................................ 79
[Sentinel\RegistryWatch\].......................................................................................... 80
[Sentinel\Relay for Global (any side)\], [Sentinel\Relay for Spool (outside)\],
[Sentinel\Relay for Wire (inside)\] ............................................................................ 80
Examples...................................................................................................... 81
[Sentinel\Relay for Undef\]........................................................................................ 81
Examples...................................................................................................... 82
[Sentinel\Rules\]......................................................................................................... 83
[Sentinel\Rules\Content\]........................................................................................... 84
[Sentinel\Rules\From Inside\], [Sentinel\Rules\From Outside\],
[Sentinel\Rules\Global\]............................................................................................. 84
Filter Actions ............................................................................................... 84
Examples of Filter Actions .......................................................................... 85
[Sentinel\Scheduler\].................................................................................................. 85
Examples...................................................................................................... 85
[Sentinel\Security\] .................................................................................................... 85
[Sentinel\Server Page Extensions\] ............................................................................ 86
Examples...................................................................................................... 86
[Sentinel\Transfer Failures\] ...................................................................................... 86
[Sentinel\Translation\................................................................................................. 86
[Sentinel\Undef Network\]......................................................................................... 87
[Sentinel\User\] .......................................................................................................... 87
[Sentinel\User\Exchange\] ........................................................................... 87
[Sentinel\User\Settings\ ............................................................................... 87
[Sentinel\User\Import\], [Sentinel\User\Export\] ........................................ 88
User Registry Settings

88

[HKEY_USERS\.AMSUser\] .................................................................................... 89
Single User ................................................................................................................. 90
System Data ................................................................................................. 90
Personal Data ............................................................................................... 93
Groups ........................................................................................................................ 93
Diasepa Server Page Extension

93

Session Interface ........................................................................................................ 95


Initialisation and Value-Defining Functions................................................ 95
AMS Technical Documentation

Contents iii

Environment Variable Functions ................................................................. 95


Database and Snapshot Functions................................................................ 96
Workflow Database Functions..................................................................... 96
User Database Functions.............................................................................. 97
SortArray Functions..................................................................................... 98
Date and Time Functions ............................................................................. 99
Registry Functions ....................................................................................... 99
Miscellaneous Functions.............................................................................. 99
MimeMail Interface ................................................................................................. 100
Rules Interface ......................................................................................................... 101
Equation Interface .................................................................................................... 102
Log Files Interface ................................................................................................... 103
eBusy Interface ....................................................................................................... 104
A. Programs

iv Contents

106

AMS Technical Documentation

Document History
02 Nov 2001

First version (rogr)

28 Nov 2001

Post-editing (ab)

20 Dec 2001

Layout changes and updates concerning eMMS (jen)

11 Jan 2002

Post-editing (ab)

22 Jan 2002

Updates concerning Rdexpo. The former user manager is now


called AMS Management Tool (due to its enlarged functionality,
jen).

21 Feb 2002

Updates concerning the Logfile interface (rogr):


[Sentinel\Logfiles]
Log Files Interface

07 Jun 2002
04 Jul 2002

Updates concerning eCrypt. New variables for filter rules (jen).


Updates (jen)
Concerning eMIM:
[Sentinel\eMIM]
New Registry Settings:
[Sentinel\AMS Check]
Reject If No Authorizers Specified
SendMail TimeOutWarning
SendMail During OOO
SendMail EMIM Notify
SendMail Import Failed
SendUDP TimeOutWarning
SendUDP During OOO
SendUDP EMIM Notify
SendUDP Import Failed
Timeout EMIM Cleanup
Timeout EMIM Overall
Timeout EMIM Work
Timeout Expiry-Date minimum minutes
Timeout Notify Standard
Timeout Notify Urgent

AMS Technical Documentation

Document History v

Timeout Warning of Expiration Time (percent)


Use Expiry-Date
[.AMSUser]
Show All Authorizers As Default
Timeout Global EMIM
Timeout Notify Standard
Timeout Notify Urgent
Timeout Work EMIM
23 Sep 2002

Updates (jen)
Concerning modifying submitted messages:
[Sentinel\MiMail\]
Concerning eCrypt:
[Sentinel\Crypt]
New command for filter rules: QueryUDB.
New registry settings:
Autodefine Default Authorizers, cf. [Sentinel\AMS Check\]
Timeout Choose, cf. Timeout Settings

30 Jan 2002

Updates (jen)
New functionality for message with expiration date, cf. Expiration
Date

19 Nov 2002

Updates (jen)
Concerning eCrypt

28 Apr 2003

New eBusy sections (rogr)

07 Feb 2005

Major update and new layout (jen)


Appendix C Filter Expression Syntax moved to eCrypt
Administrator's Guide, Filter Rules section
Appendix B Logging Information moved to AMS Web-based Admin
Tools , AMS Log. section
Show Authorizers to Recipient
Revised Introduction

21 Feb 2005

Post-editing (ab)

08 Apr 2005

Update of the Content Handler description (jen)

11 Apr 2005

Post-editing (ab)

12 Apr 2005

New eCluster chapter (draft) (jen)

19 Apr 2005

eCluster section finalized (jen)

vi Document History

AMS Technical Documentation

22 Apr 2005

Post-editing (ab)

26 Apr 2005

New RegistryWatch sections (rogr)

10 May 2005

Post-editing (ab)

30 May 2005

New Jobs option for eCluster (jen)

01 Jul 2005

Minor Update (NiceName registry entry) (jen)

08 Aug 2005

eCluster update (sak)

09 Aug 2005

Post-editing (ab)

30 Sep 2005

Out of Office Synchronizing AMS and Exchange (jen)

11 Oct 2005

Post-editing (ab)

17 Oct 2005

Weights for Send Directly: How a Message Is Processed by AMS


(jen/ab)

12 Jan 2006

New [Sentinel\MiMail\] and [Sentinel\User\Exchange\] setting


(jen/ab)

23 Mai 2006

New IMAP Server section and [Sentinel\IMAP] settings (rogr/ab)

AMS Technical Documentation

Document History vii

Overview
This manual provides a description of the technical details of the AMS product family
(eGuard, eMiM, etc.). It is strongly recommended that you read the eGuard Users
Guide first to understand the purpose of this software.
Introduction provides a general overview of all parts of AMS and their function.
Registry Entries of AMS is the main section of this documentation. It is a reference for all
the registry settings that can be used to customise AMS.
User Registry Settings explains the content of the user database, which also resides in
the registry.
Diasepa Server Page Extension describes the Diasepa ActiveX control used by the web
interface.
Appendix A covers the functions and command-line options of the various executables
belonging to AMS.

Typographic Conventions
Registry keys and entries are always put in [] braces. In this manual, the names of keys
(or branches) always end with a backslash \, while names of entries do not.
Unless otherwise noted, all keys and entries are always indicated in relation to the main
AMS registry branch [HKEY_LOCAL_MACHINE\Software\DIaLOGIKa\AMS\].
For example, [Sentinel\AMS Check\Timeout Overall] actually refers to the entry
Timeout Overall in the registry key
[HKEY_LOCAL_MACHINE\Software\DIaLOGIKa\AMS\Sentinel\AMS Check\].
Each entry is typically described in the following format:
EntryName = <value-type>
Purpose:

(This section briefly describes the function of the entry.)

Default:

(If the entry does not exist, AMS creates it with this default value.)

The <value type> specifies the type of the entry data. The different <value types> are:

<boolean> A STRING value to reflect Boolean entries.

The true state is represented by 0,


and the false state is represented by 1.

<number> A STRING value to reflect numbers,


e.g. 462 is represented by 462

<dword_number> A DWORD value to reflect numbers,

e.g. 462 is represented by 0x000001CE.

<string> A STRING value to reflect any string,

e.g. abc123 is represented by abc123

viii Document History

AMS Technical Documentation

Sometimes a default value given in this manual contains the placeholder


<SENTINEL_DIR>, which refers to the directory where the Sentinel Service is located.
For example, if the Sentinel Service is installed in C:\AMS\SENTINEL, then
<SENTINEL_DIR>\CACHE means the directory C:\AMS\SENTINEL\CACHE.
Some keys contain entries which are treated as rules. In these cases, the left side (name
of the entry) and the right side (entry data) both define the rule. For these keys, the
syntax of each entry (rule) is described in the following format:
entry name = entry data
Different types of brackets define the syntax of both sides:
Text in <> brackets must be replaced with a certain value, e.g.
<destination address> means, insert a destination address here.
Parts in [] brackets are optional and can be left out.
The {} brackets contain a choice of options of which exactly one must be used, e.g.
{ A | B | C } means you have to insert either A or B or C at this position.
Most of the sections describing these keys contain examples demonstrating how to set up
the rules. Additionally, the keys themselves often contain sample entries created by AMS.
These entries contain the string sample in their names and are always ignored by AMS.

Terms
The following terms are frequently used in this manual:
A message is an e-mail sent out by a user.
A notification is an e-mail sent out by the AMS system to inform a user. (Some
notifications are UDP transmissions instead of e-mails.)
An originator or a sender is a user who has sent a message that reaches the AMS
server.
An authorizer is a user who is asked to authorize a message, or who could be possibly
asked.

AMS Technical Documentation

Document History ix

Introduction
The AMS system provides the following functions:
Message workflow system
When the authorization process is started for a message, the message enters a
workflow in which notifications are sent to authorizers, events like accept or
withdraw are processed, and the status of the message is updated.
Message filtering, routing and relaying
Many customisation options define the route a message takes through the system.
Certain messages can be filtered, workflows can be skipped, the recipients address
can be changed, etc. To define these options, use the eGateway Configuration tool.
Web interface
The web interface consists of dynamically created web pages that display information
about the current status of messages, providing the possibility to accept, reject or
withdraw them.
AMS management
With Rdexpo, the AMS Management tool, you can
specify user properties to be used by eGuard, e.g. superior and substitute
relations, user authorization levels and timeout values
configure eMIM
define workflow properties, etc.
Consequently, you are able to configure the functionality of the various AMS
products.
POP3 accounts
A POP3 account (mailbox) can be created for each user on the AMS server.
eMIM
eMIM is of special interest to companies for which responsiveness is crucial by
guaranteeing that urgent incoming messages are delivered and handled on time.
eCrypt
eCrypt supports message signing and crypting, applying an easy-to-administer
central crypting server approach (cf. eCrypt Administrators Guide).
eWebGuard
eWebGuard is a web traffic monitoring tool.
eMMS Monitoring Process
This process checks whether the mail transfer process is working properly and notifies
administrators in the event of problems.
This introduction focuses on the different parts of the AMS system which are responsible
for the functions outlined above.
The most important part is AMS Sentinel. It is a Windows service that can be divided into
several threads (simultaneously running subroutines) which are responsible for various
tasks:

AMS Technical Documentation

Introduction 1

SMTP server thread


The sentinel acts as an SMTP server in order to receive and send out mail.
Mail routing thread
The sentinel makes sure that every message within the AMS system passes several
steps in a certain order and that it is sent out to the correct address in accordance
with administrator-defined rules.
POP3 server thread
The sentinel acts as a POP3 server in order to provide access to the local POP3
accounts (mailboxes).
HTTP server thread
The pages of the web interface can be accessed via the sentinels HTTP server
capabilities.
Scheduler thread
The sentinel regularly performs system checks and executes scheduling programs.
For manageability and stability reasons, the sentinel service only contains functions that
always need to be active. There are other programs that are called by the sentinel
regularly or on certain events:
Workflow engine and workflow database
The workflow engine keeps track of the actual workflows within the system. It creates
new workflows, reacts to user inputs like accept, and sends out notifications to
users. The engine is responsible for always keeping the workflow database
containing information about all workflowsup to date.
AMS management (rdexpo) and user database
Rdexpo is graphical interface to the user database (and other configuration settings),
which contains information about all the users known to the system. This mainly
pertains to the position of each user in the authorizer list/hierarchy.
Diasepa Server Pages engine
This engine is an interface to the user and workflow databases. It is used in Diasepa
files to dynamically create content on the pages of the web interface.
Filter program
This is a tool that evaluates the rules that can be defined to filter messages entering
the AMS system.
Scheduling programs
The sentinel may run several administrator-defined tools that synchronise databases,
etc.
eGuardian
Instead of receiving system notifications via e-mail, the user can install this small
resident tool which informs him about incoming notifications.
eMMS
The eMMS process is set up by various registry settings, parameters (DUTYTIME.INI)
and a job list definition (defined using Rdexpo).
eCrypt
The eCrypt process is set up by the eCrypt Management Tool, filter rules defined

2 Introduction

AMS Technical Documentation

using the filter rules web interface and by various registry settings (cf. eCrypt
Administrators Guide).
An attempt is made in the following sections to explain how the parts of the AMS system
generally work. Note: the above order is not necessarily followed in providing an
overview of the relationships of the parts and functions to one other. Schematic of the
AMS System on page 29 provides a summary of the interactions between all parts.
For many functions mentioned here, a cross-reference to a registry key or entry is given
which can be used to customise the function. See the respective section in Registry
Entries of AMS for further information on the setting. You can also look up the key and
entry names in the index at the end of this manual.

SMTP Server and Mail Routing Engine


AMS Server is placed between two servers called SMTPWire and SMTPHost.
SMTPWire [Sentinel\SMTPWire] is normally a companys in-house mail server, e.g.
Microsoft Exchange Server, Lotus Notes Server, etc.
If the company runs other mail servers, they can be declared as hosts belonging to the
Internal Network [Sentinel\Internal Network\].
SMTPHost [Sentinel\SMTPHost] is the companys mail gateway. It is used to send mail to
the outside world and to receive mail from it. All mail servers must be configured to send
outgoing mail to the AMS server and not SMTPHost. SMTPHost must be configured to
send incoming mail to the AMS server and not the mail servers.
There is also an undef network [Sentinel\Undef Network\], which is explained later.

How a Message Is Processed by AMS


The AMS server, or more precisely the SMTP part of the sentinel, waits at its SMTP port
[Sentinel\SMTP Listen Port] for connection requests. When a computer tries to establish
a connection to the sentinel, the following steps are performed:

AMS Technical Documentation

Introduction 3

IP AccessSMTP

Step 1b

Yes

Step 1

IP Undef Network

Yes
Undef

No
IP SMTPWire or
Internal Network

Spool

Decode

Relay Rules

No

Yes

Decrypt Before Undef = 1

AMS Message Processing

Step 1c

Wire
Step 5

Step 1b

Step 2

Decrypt Before
Spool / Wire = 1

Filter Usage
from ... = 1

Decode

Filter

Step 3

Step 4

Crypt after
Spool / Wire = 1

Workflow

Encode

Step 1: Receiving mail


At first the sentinel checks whether the IP address of the requesting computer belongs to
the range of allowed addresses [Sentinel\Access SMTP\]. If not, the computer has no
permission to connect to the sentinel and the request is ignored.
If the computer has permission, the sentinel checks whether the request is from
SMTPWire or from a host belonging to the internal network [Sentinel\Internal Network\]
(The Undef Network case is explained later). In this case, the message is treated as a
message from the inside, otherwise it is treated as a message from the outside.
After these checks the message is received and put into a directory as a file. If the
message is from the inside, the file gets the extension .SMTP and is put into the spool
directory [Sentinel\SpoolDrv]. If the message comes from the outside, the file gets the
extension .WIRE and is put into the wire directory [Sentinel\WireSpoolDrv].
In addition, a MIME field with the name X-AMS-FROM-IP containing the IP address of the
calling machine is written to the beginning of the mail header. If AMS receives the same
message a second or third (or more) time it is able to notice this circumstance using this
information.
It is possible to make the sentinel change the recipient or originator address field when
the message is received using AddressRouting and AddressRewriting rules. These rules
are configured using eGateway (cf. eGateway Administrator's Guide).
Depending on the state of the message (wire, spool, undef) the recipient address is
checked with "AddressRouting from inside", "AddressRouting from outside",
"AddressRouting from Undef" and translated. If no match is found "AddressRouting" is
checked.
4 Introduction

AMS Technical Documentation

The message is now properly flagged and stored as a file.


Step 1b: Decoding mail
If decrypting is enabled [Sentinel\Crypt] (Decrypt Before Spool, Decrypt Before Undef,
Decrypt Before Wire), the message is moved to the Decode directory (and tbclr is
appended to the file extension), where the decrypting process takes over. The result of
the decrypting process is written to the header field "X-ECRYPT-STATUS" of the message
and the message is moved back to the Spool, Wire or Undef directory. See eCrypt
Administrator's Guide for more information.
Step 1c: Relay Rules
If the message is located in the Undef directory, the relay rules (cf. eGateway
Configurator Administrators Guide and [Sentinel\Relay for Undef\]) are used to decide
whether to send out the message directly or to move it to the spool or wire directory for
further processing by AMS.
Step 2: Filtering
The mail is filtered according to user-defined filter rules [Sentinel\Rules\]. (cf. also Filter
Program on page 11, Filter Settings on page 44 and eCrypt Administrator's Guide, Filter
Rules section)
If filters are generally enabled [Sentinel\Filter Usage from inside/outside], the message is
moved to the filter directory [Sentinel\FilterPath] and fil is appended to the file
extension.
If the message is from the inside, the file gets the extension .smtpfil. The filter
program is explicitly executed for this message file. Afterwards the file is moved back
to the spool directory and gets the extension .smtp.
If the message is from the outside, the file gets the extension .wirefil. The filter
program is explicitly executed for this message file. Afterwards the file is moved back
to the wire directory and gets the extension .wire.
Step 3: Starting a workflow
AMS contains two workflows, eGuard for outbound messages and eMIM for inbound
messages. Messages in the "spool" (=outbound) or "wire" (=inbound) directory having
the pure extension ".SMTP" or ".WIRE" are checked to determine whether or not they are
to be handed over to their workflow engine.
Outbound Messages (eGuard)
For outbound messages the recipient is checked whether it belongs to the virtual AMS
domain [Sentinel\Eguard Domain] or matches the [Sentinel\CreateUserAccountAddress]
or [Sentinel\CreateSSLUserAccountAddress] address. In addition, AMS checks whether or
not the authorization workflow is to be called as follows:
1. Check the field X-EGUARD-STATUS (see also eCrypt Administrator's Guide,
Expression Overview section). If it contains:
no_eguard the workflow is skipped,
use_eguard the workflow is started,

AMS Technical Documentation

Introduction 5

both, use_eguard and no_eguard, the workflow is started,


otherwise, continue with check 2.
2. Check the field Send Directly (user property, cf. AMS Management Guide) for the
originator of the message. A value greater than zero means skip the workflow; a
value less than zero means start the workflow. No value means continue with
check 3. You can specify a weight for this setting to be compared with the outbound
routing weights specified in eGateway, cf. Do Send Directly Level and Do Not Send
Directly Level for more information.
3. Check whether the originator or recipient match one of the entries under registry
keys [Sentinel\MAIL from call AMS\],
[Sentinel\MAIL from deliver immediately\],
[Sentinel\MAIL to call AMS\],
[Sentinel\MAIL to deliver immediately\].
No match means continue with check 4.
4. If the message has no originator (at the SMTP level, e.g. in the case of delivery
notifications) and [Sentinel\Allow direct Delivery Notification to inside/outside] is set
to 1, no workflow is started (.SMTPok). Otherwise continue with 5.
5. If a decision still hasn't been made the default is 'start the workflow'.
If a workflow is started for an outbound message, the message is moved to a
subdirectory of its own in the workflow directory [Sentinel\HTTP AMSPath], where it is
processed by the workflow engine AMSCheck [Sentinel\Authorizer Program]. When both
authorizers have accepted the message, the message is moved back to the spool
directory and gets the extension .smtpok.
If no workflow is initiated for an outgoing message, it immediately gets the extension
.smtpok.
Inbound Messages (eMIM)
The following checks are made to decide whether or not to call the monitoring workflow:
1. Check the field X-EGUARD-STATUS (see also eCrypt Administrator's Guide,
Expression Overview section). If it contains:
no_ emim the workflow is skipped,
use_ emim the workflow is started,
both, use_ emim and no_ emim, the workflow is started,
otherwise, continue with check 2.
2. Check the field Receive via EMIM (user property, cf. AMS Management Guide) for the
recipient of the message. A value greater than zero means start the workflow; a
value less than zero means skip the workflow. No value means continue with check 3.
3. Check whether the originator or recipient match one of the entries under registry
keys [Sentinel\eMIM\From call eMIM]
[Sentinel\eMIM\From deliver immediately]
[Sentinel\eMIM\To call eMIM]
6 Introduction

AMS Technical Documentation

[Sentinel\eMIM\To deliver immediately].


No match means continue with 4.
4. If the message has no originator (at the SMTP level, e.g. in the case of delivery
notifications) and [Sentinel\Allow direct Delivery Notification to inside/outside] is set
to 1, no workflow is started (.WIREok). Otherwise continue with 5.
5. If a decision still hasn't been made the default is 'skip the workflow', deliver directly.
If a workflow is started for an inbound message, the message is moved to a subdirectory
of its own in the workflow directory [Sentinel\MIM Path], where it is processed by the
workflow engine AMSCheck [Sentinel\Authorizer Program]. When the message is
forwarded or fetched, the message is moved back to the wire directory and gets the
extension .WIREok.
If no workflow is initiated for an inbound message, it immediately gets the extension
.WIREok.
Step 4: Encoding mail
If encoding is enabled [Sentinel\Crypt] (Crypt After Spool, Crypt After Wire), the
message is moved to the Encode directory where the encoding process takes over. The
result of the encoding process is written to the header field "X-ECRYPT-STATUS" of the
message and the message is moved back to the Spool or Wire directory. See eCrypt
Administrator's Guide for more information.
Step 5: Sending mail
In this step, all mail with the extension .smtpok or .wireok is sent in accordance with
specific relay rules which define the host to which the individual messages are forwarded
[Sentinel\Relay for .
Incoming messages in the wire directory: the Relay for Wire rules are applied to
these messages. If none of these rules fit, the Relay for Global rules are checked,
too.
Outgoing messages in the spool directory: the Relay for Spool rules are applied to
these messages. If none of these rules fit, the Relay for Global rules are checked,
too.

Undef Network
Under some circumstances it may be necessary for the sentinel to do something special
with a message if it comes from certain hosts [Sentinel\Undef Network\]. This message
is treated as coming from undef. Depending on the route such a message took to the
sentinel, it is dispatched immediately, or it is treated as incoming or outgoing mail and
the filter and workflow processes are started.
This is necessary if all incoming or outgoing messages are to be sent to a server like
MIMEsweeper, which checks incoming message for viruses, offensive language etc. and
returns the messages to the sending host. In this case, the sentinel sends mail from the
inside directly to the MIMEsweeper server; however, mail coming from this server is
treated as outgoing mail, with a workflow being created for this. [Sentinel\Relay for Undef\] shows how to implement this example in the registry settings.
If an undef network is specified, the four steps above have to be extended as follows:
AMS Technical Documentation

Introduction 7

Step 1: Receiving mail


If the message received comes from a valid IP address [Sentinel\Access SMTP\] and if
that address belongs to the undef network, the message is classified as from undef.
The message is treated as from undef even if the address belongs to the undef network
and to the internal network.
While a message is being received from undef, the recipient may be changed via
address routing rules defined in [Sentinel\AddressRouting\] and
[Sentinel\AddressRouting from Undef\].
The message gets a random name with the extension .udef and is moved to the undef
directory.
Step 2: Filtering
No filter is applied to from undef messages.
Step 3: Starting the authorization workflow
No workflow is created for from undef messages.
Step 4: Sending mail
For from undef messages, the sentinel checks the undef relay rules [Sentinel\Relay for Undef\]. These rules define the destination of a message in keeping with the
recipients address and the route taken by the message so far.
The following cases are possible:
The matching rule contains an IP address. The message is immediately sent to that
address.
The matching rule has the destination TO_INSIDE. The message is moved to the
wire directory, gets the extension .wire, and is treated as a normal incoming
message. The sentinel continues with step 2 (filter for incoming messages).
The matching rule has the destination TO_OUTSIDE. The message is moved to the
spool directory, gets the extension .smtp, and is treated as a normal outgoing
message. The sentinel continues with step 2 (filter for outgoing messages).
No matching rule is found. In this case the sentinel checks
[Sentinel\Internal Network\]: if the IP address the message came from belongs to the
internal network, the message is treated as an outgoing message, is moved to the
spool directory, and gets the extension .smtp. Otherwise the message is treated as
an incoming message, is moved to the wire directory, and gets the extension .wire.
The sentinel continues with step 2 (filtering).

POP3 Server
The AMS server also features POP3 server capabilities.
The administrator can create POP3 accounts for specific e-mail addresses. Messages to
these addresses are stored locally in the respective mailboxes, which are subdirectories
of the POP3 directory .

8 Introduction

AMS Technical Documentation

Depending on the registry settings


[Sentinel\Deliver spool (to outside)/ wire (to inside)/ undef to local POP accounts]
a workflow may or may not be created for these messages.
The messages of the mailbox can then be downloaded or deleted using an ordinary POP3
client, i.e. by communicating to the AMS Server via the POP3 protocol. Refer to
[Sentinel\POP3\] and [Sentinel\POP3\User\] to learn more about customising the POP3
part of the sentinel.
A POP3 account can also be used in a test scenario for eMMS. This account is then used
as the originator account (From: address) to send test messages to auto-reply
accounts. For more information, refer to eMMS E-mail Path Monitoring Process on page
26 and to the eMMS Administrators Guide.

IMAP Server
The AMS system also consists of an IMAP server, which offers an alternative way to
access the POP3 mailboxes. It is designed to implement the complete IMAP4rev1
protocol, except for TLS encryption. Note that the IMAP server is a stand-alone
application (imapsrv.exe), and is not part of the sentinel.
The IMAP server uses the POP3 account configuration, accessing and storing the e-mail
messages in the users' POP folders. Consequently, an ordinary IMAP client can connect to
the server using the same user credentials as a POP3 client. Each IMAP mailbox initially
contains an INBOX folder holding the incoming messages from the sentinel.
By default, the IMAP server shares these incoming messages with the POP3 server, such
that IMAP and POP3 clients see and manipulate the very same messages. Depending on
the registry settings, the IMAP server may also use its own independent copy of the
incoming messages instead. IMAP clients are able to create additional folders and store
messages there, these additional folders being invisible to the POP3 server and clients in
any event.
Please refer to [Sentinel\IMAP] for the registry settings directly related to IMAP access,
and to POP3 Server for general information on configuring POP3 mailboxes.

HTTP Server and Web Interface


The HTTP part of the sentinel listens to its HTTP port [Sentinel\HTTP Port] for requests.
The sentinel searches the requested file in the HTTP directory [Sentinel\HTTP BasePath].
It also tries to determine the MIME type of the file on the basis of the file extension by
looking it up in the class registry. If this fails, it tries to obtain the MIME type via its own
table [Sentinel\MIME Types\].
For specific files (actually, for most files on the server), the sentinel executes a CGI
program instead of delivering the file directly [Sentinel\CGI Scripts\]. Depending on the
registry settings, the MIME header for the delivered data is created by the sentinel itself
or by the CGI program.
Usually there are only two CGI programs the sentinel calls:
AMSCheck returns all dynamic pages of the AMS web interface. The pages are created
in keeping with the requesting user, the content of the workflow database, etc.
AMS Technical Documentation

Introduction 9

AMSCheck is responsible for reattaching a skipped authorizer when s/he loads the
message details page.
Being executed as a CGI program, MimeMail is responsible for displaying the content
and the attachments of a message on the message details page.
The sentinel calls the Diasepa server pages engine for certain file types regardless of the
program that created the file to be sent [Sentinel\Server Page Extensions\]. The engine
executes scripts which actually fill the pages with dynamic content. This topic is covered
in the next subsection.
Before sending out a text file, the HTTP part of the sentinel always parses the file again
[Sentinel\Parse for Environment]. During this step, all variable names parenthesised by
$$<< and >>$$ are replaced by the actual values of the variables defined in the
registry [Sentinel\Environment\]. This makes it possible to create pages with semidynamic content like the version number or copyright line.
Finally, the sentinel sends the file to the client via HTTP.

Diasepa Server Page Extension


The Diasepa Server Pages engine consists of two parts: the Diasepa ActiveX control and
the Diasepa file parser. Both parts are situated in DIASEPA.DLL.
The ActiveX control extends the capabilities of the Windows Scripting Host by an
interface to the AMS system, thus making it possible to gain access to the AMS workflow
database, the AMS registry settings, etc. within an ordinary Visual Basic Script file. In
addition, variables can be created with computed values and written to a special value
file. A detailed explanation on how to use this control in VBScript and a reference of all
the functions are given in Diasepa Server Page Extension.
The Diasepa file parser processes Diasepa files. These are special HTML files containing
variable placeholders and VBScript sections.
The variable placeholders have the format %%variablename%%. They may not occur
within the VBScript sections. However, the VBScript sections are enclosed in %%[ and
]%% and contain ordinary VBScript code.
The Diasepa file parser first extracts these sections to a file with the extension .vbs
which is executed with the Windows Scripting engine. Using the AMS ActiveX control
creates a value file with the extension .vbs.value in which values for variables are
defined. If the engine encounters an error, it writes the error string to a file with the
extension .vbs.error. After execution, the file parser creates a new variable
VBS_ERROR in the value file with the content of the error file as the value.
Finally, the file parser extracts the non-VBScript sections of the Diasepa file and replaces
all variable placeholders with the content of the variable in the value file. The result is
written to a file with the extension .htm.
In short, the VBScript sections of the Diasepa file compute dynamic content, while the
variable placeholders within the HTML code insert that content at the appropriate
positions on the page.

10 Introduction

AMS Technical Documentation

Scheduler Thread of the Sentinel


The scheduler thread of the sentinel regularly performs the following steps:
[Sentinel\Mail Schedule Timeout]
It calls the scheduling part of the workflow engine (see workflow engine section in the
introduction).
It checks whether each of the AMS directories has enough free disk space
[Sentinel\FreeSpace Warning/ Shutdown MByte].
It checks whether mail transfer failures have occurred, and tries to resend a message
if necessary (see also Mail Transfer Failure Settings on page 43 and
[Sentinel\Transfer Failures\]).
It starts the filter scheduling program (see also Filter Program on page 11).
It starts user-defined scheduling tasks [Sentinel\Scheduler\] and the eMMS process
(see also [Sentinel\EMMS\], eMMS E-mail Path Monitoring Process on page 26 and
the eMMS Administrators Guide.)

Filter Program
It is possible to define filter rules to process messages before they leave the AMS server
or before a workflow is created. For example, you may want to delete mail with certain
content or send copies of a message to other addresses.
It is possible to define filter rules for messages from the inside, from the outside, and
from both directions [Sentinel\Rules\From Inside/. These rules are not applied unless
filtering is generally enabled [Sentinel\Filter Usage from inside/outside].
Each rule has a condition that has to be fulfilled, a priority, and one or more actions.
The sentinel starts the filter program explicitly [Sentinel\Filter Program] after it has
received the message. It then checks whether a filter rule matches the message. This is
the case if the condition of the rule evaluates to true and if the priority of the rule is
high enough. The filter program then performs the actions belonging to that rule. This
may create new messages which are sent out immediately.
The matching of rules and action types is explained in [Sentinel\Rules\]. The expression
syntax of the conditions are described in eCrypt Administrator's Guide, Filter Rules
section.

Web Interface for Filter Rules


There is also a web interface that provides a convenient way to edit the filter rules and
compile filter conditions (cf. eCrypt Administrators Guide, Filter Rules section). This
interface uses the Diasepa ActiveX control, which in turn provides interfaces to the filter
rule registry settings and to the formula compiler. These interfaces are described in Rules
Interface on page 101 and in Equation Interface on page 102.

AMS Technical Documentation

Introduction 11

Filter Scheduling Program


Normally, execution of the filter program should not take much time. However, it is
possible for the filter process not to return for some reason, e.g. due to a program bug or
a system crash. This is where the filter scheduling program [Sentinel\Filter Clean
Program] comes into play.
The sentinel calls this program periodically [Sentinel\Rules\Filter Recheck Time]. The
program checks whether there are messages in the filter directory that have not been
filtered yet. These messages are filtered again. If a message cannot be filtered at all
[Sentinel\Rules\Filter Final Time], the message is sent to a certain logging address
[Sentinel\Rules\Unfiltered SMTP Address].

Content Handler
Upon receiving a message it is possible to pass it to another program. For example, you
may want to check whether attachments contain tracked changes or convert attachments
to TIFF to send them to Faxination.
To configure this feature, use ContentHandler.hta (located in the HTA subdirectory of
Sentinel, e.g. c:\ams\sentinel\hta) .

Handle inbound/- It is possible to handle messages from the inside, from the
outbound content outside, and from both directions [Sentinel\Rules\Content\ Check
12 Introduction

AMS Technical Documentation

Inbound/Outbound Content].

Critical content Messages having a calculated critical value higher than this value
are treated as critical messages. This means:

In the eGuard message queue the subject is displayed in


purple.
On the message details page, the analysis of the content
handler is displayed in red.
The content handlers provided with AMS return a value of 500 if
the content is classified as critical, i.e. if you enter a value higher
than 500, the messages classified as critical by a content handler
will not be displayed as critical to the user (no purple subject, no
content analysis on the details page).
In a default AMS installation, there is a filter rule for critical
content, i.e. critical messages always pass through the AMS
workflow. The originator of critical messages is asked to confirm
that s/he wants to send out the message despite the fact that the
message might be critical. And s/he has to confirm the
authorizers, even if default authorizers are selected.

First, Second, Last The content handlers are divided into three groups, called First,
Content Handler Second and Last. The content handlers are executed in this order.
The order in which the content handlers in one group are
launched is at random. You should try to distribute your handlers
in reasonable order so as to optimize the duration of the content
handling phase.

Select one of First, Second or Last Content Handler, then click on


Select to edit the rules belonging to the corresponding group (or
to add new rules to this group).

Content handler Select one of the entries below Select the content handler and
click on Edit to edit the corresponding rule.

To define a new content handler, select <New Content Handler>


and then click on Edit. A new field called Content Handler Name
appears. Enter the name for the new content handler and then
click on the Create button. The new content handler name is now
included in the list of content handlers. Select the new name and
click on Edit to define the rule for this new content handler.

Rule The content handler is often time-consuming and/or may alter the

message. That's why defining a rule to control the content handler


is important. Example: only messages from the outside should be
checked for spam.

All variables provided by the filter engine may be used. The


expression syntax of the conditions are described in Filter Rules of
the eCrypt Administrator's Guide.
In addition, getenv("CC_Dir") returns "inbound", "outbound". This
may be used in the rule to decide whether the message is from
the inside, the outside or is important.
The result of the rule is interpreted as Boolean. "True" means the
content handler is to be executed.
AMS Technical Documentation

Introduction 13

Click on Check Rule Syntax to have the syntax of the rule


checked. If there is an error in the syntax, information about the
error is displayed in the box below the button.

EXE Program handling of the message if the rule condition evaluates to


"true", e.g. ccprim.exe RevisionMarks %1. %1 is replaced with
the path to CONTENT.INI. If %1 is not used, the path to
CONTENT.INI is appended with a blank (CONTENT.INI is the
interface between AMS and the content handler).

EXE timeout Timeout for the EXE file in seconds.


DLL As an alternative to the EXE program, a DLL may be used to

handle the message. (If the EXE and DLL fields are filled in, DLL
has the higher priority.)

Function When using a DLL this function is called via GetProcAddress. The
CONTENT.INI path is the only LPSTR parameter. Results are
written to CONTENT.INI.

OK Click on Ok to confirm the entries you have made and to leave


ContentHandler.hta.

Apply Click on Apply to confirm the entries you have made and to keep
ContentHandler.hta open.

Cancel Click on Cancel to discard the entries you have just made and to
leave ContentHandler.hta.

The filter program starts the content checker with "filter.exe CNTCHECK" (the setup
routine writes this information to the registry). The content handler controls the folder
[Sentinel\ContentCheckPath] (e.g. "C:\ams\sentinel\CntCheck\"). The content handler
continues processing messages in this folder until there are no more to handle.
Note: You may define a content handler, e.g. to convert attachments to TIFF. Probably,
these messages should not be marked as critical. Nevertheless, you may want to show
the conversion result, e.g. the TIFF file, to the originator of the message. To do this,
define a filter rule with the same condition as the condition used for the content handler
(e.g. TIFF Converter). The action of the filter rule would modify X-EGUARD-STATUS to
include USE_EGUARD and ASK_ORIG (see also Filter Rules in the eCrypt Administrator's
Guide).
Note: The user property Machine Account (cf. Rdexpo Reference Guide.pdf) has a higher
priority than critical content in the sense that machine accounts never receive
notifications, even in the event of critical messages.

What Content Handlers Are Available


The following optional packages are currently available as content handlers for AMS. A
preliminary entry is provided by Setup for all packages. To activate one or more of the
content handlers, the condition (rule field in ContentHandler.hta) has to be set. The
simplest way to activate a content handler is to set the rule to 1 (to deactivate it, set the
rule to 0). To optimize the speed behaviour of AMS, use a more elaborate rule condition
(cf. below).

14 Introduction

AMS Technical Documentation

Revision Marks Used to detect whether Word documents attached to a message


contain tracked changes. If so, the message is classified as
critical.

To check only outgoing messages, set the condition as follows:


Getenv("CC_Dir") = "outbound"
If only messages from specific users are to be checked, do the
following: Add "CheckRevMark" to the user property CntCheck for
those users whose messages are to be checked (cf. AMS
Management Guide) and enter the following as the rule condition:
(Getenv("CC_Dir")="outbound") and
(QueryUDB("Read:"+smtpfrom$+",CntCheck") instri
"CheckRevMark")
The EXE to be used for the Revision Marks content handler is:
ccprim.exe RevisionMarks %1

Clever Message Used to duplicate messages. This can be used to archive


Duplicate to Archive messages, for example.
There is a setup routine to install the Duplicate Messages content
handler. Setup asks where to copy inbound and outbound
messages. This information is written to DoubleCopy.INI.
The EXE to be used for the Duplicate Messages content handler is:
cmd.exe /c DoubleCopy.vbs %1

Convert to TIFF Converts Excel, Word, PowerPoint, PDF (and TIFF) to TIFF. This

can be used for Faxination, for example. Only the converted TIFF
file (i.e. only one file) is attached to a message.
Advantages:

The authorizer sees the message in exactly the same way


it will arrive at the recipient's.

Several attachments are combined into one TIFF file.

Rule: 1 and (smtpto$ instri "@faxsrv.dialogika.de")


The EXE to be used for the Convert to TIFF content handler is:
%PrgFiles$%\2tiff\Program\mparse.exe -tiff %1
%PrgFiles$%\2tiff\PrepareCheck\

Fax Time Stamp When faxes arrive Faxination sends an e-mail to the recipient. The
e-mail body contains the information when the fax arrived (time
stamp), the attachment being the fax in TIFF format.

When using the Fax Time Stamp content handler the time stamp
is added to the TIFF file, i.e. it is sufficient to have the TIFF file to
see when the fax arrived.
This is very useful for incoming faxes. The following rule condition
ensures that only incoming messages with one attachment sent to
faxination@comany.com are handled.
(Getenv("CC_Dir") = "inbound" and AttachmentCount = 1 and
(smtpfrom$ instri "faxination@comany.com")
The Fax Time Stamp content handler is implemented to search for
specific patterns in the default template (MAILIN) from Faxination.
If the MAILIN template has been customized it might be
AMS Technical Documentation

Introduction 15

necessary to adapt the Fax Time Stamp script.


The EXE to be used for the Fax Time Stamp content handler is:
cmd.exe /c FaxTimeStamp.vbs %1 "#DATE# #TIME# Total
Number of Pages: #PAGECOUNT#" "0" "top" "0" "right"
The following patterns are searched for: 'Received on', 'Items
received', and 'Job Reference'. If these patterns are not found, the
parameters for the FaxTimeStamp script define what to print
instead. The last 4 parameters define where to print. "0" means
print time stamp on all pages. Any other number means, print the
time stamp only on that page. In addition, the position
(top/bottom, left, center, right) can be specified as well. The
second "0" means print without separating line between time
stamp and fax image. "1" means print with separating line
between time stamp and fax image.

Detect File Format Used to detect the file format and use this information for filtering
or in other subsequent AMS processing. Example: this content
handler could be used to prevent users from sending Word
documents as e-mail attachments.

The EXE to be used for the Detect File Format content handler is:
ccprim.exe FileFormat %1
The file format content handler writes the file format to
CONTENT.INI. This information may be evaluated, e.g. by filter
rules in AMS. The result can be accessed using the GetAnyDBValue(str1, "CC_Result", str3) function, cf. Filter Rules in the
eCrypt Administrator's Guide.
The following is a list of file formats known to the Detect File
Format content handler. The first column shows the information
written by the content handler, the second column contains an
expanded description of the format.
BMP
DOC
EML
GIF
HTML
JPG
PDF
PIV
PPT
PS
Q1
RTF
SGML
SGMLP
TIFF
TNEF
TXT
UTXT
VSD
WP
WRD
XLS
unknown
16 Introduction

BITMAP
WINWORD
MIME
GIF
HTML
JPG
PDF
PIVOT
PowerPoint
POSTSCRIPT
QONE
RTF
SGML
SGMLPACKED
TIFF
TNEF
TEXTFILE
UNICODE
VISIO
WordPerfect
Dos Word
EXCEL
The file format could not be detected
AMS Technical Documentation

Detect Bar Code The Detect Bar Code content handler is an enhanced fax customer
authentication technology (TIN barcode labels). This content
handler detects EAN 128 barcodes contained in TIFF files.

The EXE to be used for the Detect Bar Code content handler is:
cmd.exe /c LookForBarcode.vbs %1
To use other content handlers, ask for the content handler API.

User Database and AMS Management


The AMS user database is stored in the [HKEY_USERS\.AMSUser\] hive of the registry. It
contains the rights and properties of all users known to the AMS system. The database
includes information about the level, substitutes and superior of an AMS user. This
information is used to build a list of authorizers for each user (see below).
Additionally, the database may contain groups which are just lists of users in the
database. A group can simplify the maintenance of substitutes. If, for example, there is a
team of five users who are substitutes for one other, a group can be created containing
these five users and the group assigned as a substitute for each team member. If a team
member is added, removed or replaced, only the group definition needs to be changed
rather than editing all five users.
User Registry Settings covers all the user and group properties and their corresponding
registry entries in detail.
These entries can be conveniently edited with the AMS management tool Rdexpo. Refer
to the AMS Management Guide for further information on this software.

Authorizer Tree
Each user in the AMS user database has one superior (head) and an optional number of
substitutes. This way an authorizer tree or hierarchy is built up which defines who may
authorize whose messages.
eGuard derives a list of possible authorizers for each user from this tree as follows:
6. the user
7. the substitutes of the user (if [.AMSUser\Use Substitutes directly] is set to 1)
8. the users superior
9. the substitutes of the users superior
10. the superior of the users superior
11. etc.
After the list is built, it is cleaned up:
Each group in the list is replaced by the members of the group.
Any users without an authorization level are removed from the list, as they may not
authorize messages.
AMS Technical Documentation

Introduction 17

Any duplicates are removed.


The remaining list is the authorizer list from which the originator can choose when
selecting the default authorizers or when explicitly selecting authorizers for a message.
Although the lists are identical for the first and the second authorizer, the user may not
choose the same authorizer twice. The list is not stored; it is rebuilt whenever needed.

AMS User Database and Other Message Systems


It is possible to keep the users in the AMS user database synchronised with the users
configured in the home message system. The following message systems are currently
supported:
Exchange
There are two ways to keep the AMS user database up to date: one way is to use the
AMS management tool (Rdexpo). It contains functions to manually import and export
user data from and to a text file (.csv). See [Sentinel\User\Import/Export\] for more
information about these features.
The other way is to use the ADSITOAMS2.VBS script in the sentinel directory, which
performs direct LDAP queries to the Exchange server. This script updates the AMS user
database according to the changes in the Exchange directories while preserving the
authorizer hierarchy.
The DIRSYNC.BAT file provided in the sentinel directory is an example showing how to
use the script. This batch file can be configured as a scheduler task [Sentinel\Scheduler\]
so that synchronisation is performed regularly.
A user account must be associated with this batch file. This user account must have
read access to the Exchange directory and
the user right Logon as a service must be granted to this user account on the AMS
server.

AMS Authorization Workflow


The following steps outline about what happens in an AMS authorization workflow:
1. The originator is asked to select the authorizers for the message, unless the default
authorizers are selected automatically.
2. The first authorizer is asked to accept or reject the message. If s/he rejects the
message, the originator is informed. If s/he accepts the message, the workflow
continues with step 4.
3. If the first authorizer fails to act on the message in time (see Timeout Settings on
page 53), s/he is skipped. The next user in the originators list of authorizers
becomes the new first authorizer, and the workflow continues with step 2. If the new
first authorizer is out of the office or is the second authorizer, the system takes the
next one from the list.

18 Introduction

AMS Technical Documentation

4. The second authorizer is asked to accept or reject the message. If s/he rejects the
message, the originator is informed. If s/he accepts the message, the message is
sent out.
5. If the second authorizer fails to act on the message in
user in the originators list of authorizers becomes the
the workflow continues with step 2. If the new second
or is already the first authorizer, the system takes the

time, s/he is skipped. The next


new second authorizer, and
authorizer is out of the office
next one from the list.

Actually, the whole process is even more complicated, as a skipped authorizer has the
option of reattaching to a workflow under certain circumstances, and the originator can
withdraw the message at any point in time before the workflow is finished. Therefore, it
is advisable to carefully study Schematic of the AMS Authorization Workflow.
Workflow-specific settings are to be found in Workflow Settings on page 45 and in
[Sentinel\AMS Check\]. The eGuard Users Guide shows the steps from the users point
of view.
The following is a list of registry settings and user properties which are checked at the
beginning of the workflow:
1. User property What to Do with Mail (cf. AMS Management Guide). If the value of this
property is less than zero the intermediate workflow state is reject, if it is greater
than zero the state is accept, otherwise the state is proof. If the state is proof
continue with check 2.
2. The recipient is checked against the following registry keys:
[Sentinel\AMS Check\Accept Mail From\],
[Sentinel\AMS Check\Accept Mail To\],
[Sentinel\AMS Check\Proof Mail From\],
[Sentinel\AMS Check\Proof Mail To\],
[Sentinel\AMS Check\Reject Mail From\],
[Sentinel\AMS Check\Reject Mail To\]
If the state is still proof continue with check 3.
3. If [Sentinel/AMS Check/Reject If No Authorizers Specified] is set and the list of
possible authorizers for the originator is empty the state is set to reject. Otherwise,
continue with check 4:
4. If the classification of the message is private or passed and [Sentinel\AMS
Check\Private Allowed/Passed Allowed] is enabled the state is set to accept.
Otherwise, the workflow is started, i.e. authorizers are determined etc.

Workflow Database and Directory


The workflow database is situated in AMSOVERVIEW.MRD in the sentinel directory. It
contains information about the status of all current workflows. The workflow directory
[Sentinel\HTTP AMSPath] contains a subdirectory for each workflow. These subdirectories
contain the actual messages and further information which is always synchronised with
the workflow database.

Workflow Engine
The workflow engine (AMSCheck) [Sentinel\Authorizer Program] is explicitly executed by
the sentinel. It manages all the workflows within the AMS system by updating and
AMS Technical Documentation

Introduction 19

manipulating the workflow database as well as the workflow directory. It is responsible


for the following tasks:
Starting a new workflow
A new subdirectory with a unique name is generated in the workflow directory, and a
new database entry is created.
Updating the status of an e-mail
When an authorizer accepts, rejects or withdraws the message, the message status is
updated in the database. If necessary, the workflow is concluded.
Sending request notifications
After the status of an e-mail has been updated, the workflow engine may send a
notification to the authorizer or to the originator, e.g. Waiting for authorization or
Message rejected.
Reattaching an authorizer
If a skipped authorizer wants to reattach to a workflow and has the permission to do
so, the workflow engine updates the status of the workflow.
Creating a new user account

Web Interface for Authorization Tasks


Nearly all of the actions listed above are performed via the web interface. An HTTP
request is sent even when the user clicks on the accept or reject link in his
notification. These requests are passed by the HTTP part of the sentinel to the workflow
engine [Sentinel\CGI Scripts\]. Being used as a CGI program, AMSCheck then directly
performs one of the actions above by extracting the information needed from
environment variables.
After updating the workflow information, AMSCheck sends the appropriate page back to
the user. The page itself is a Diasepa file which uses the Session Interface of the Diasepa
ActiveX control to display the brand-new information, i.e. the updated workflow status.
Session Interface on page 95 covers this topic in detail.

Workflow Scheduling Program


The sentinel [Sentinel\Mail Schedule Timeout] regularly calls the workflow scheduling
program [Sentinel\Schedule Program]. Actually, this is AMSCheck itself with a special
parameter. This scheduler performs the following steps:
It backs up the registry hives containing the AMS settings and the user database (see
also Registry Backup Settings on page 59).
It checks whether an authorizer timeout has occurred in a workflow. In this case, the
status of the workflow is updated, and the next authorizer in the list gets an
authorization request notification (see also Timeout Settings on page 53).
When a workflow is finished, it remains in the system for some time [Sentinel\AMS
Check\Timeout Cleanup]. The workflow scheduler is responsible for removing the
workflow afterwards.
The workflow scheduler synchronises the workflow database with the workflow
directory.
20 Introduction

AMS Technical Documentation

Schematic of the AMS Authorization Workflow


The following schematic is split into two diagrams for the sake of simplicity. Think of the
second diagram as a magnification of the dotted-border rectangles in the first diagram.
new mail from
Sender

classification:
to be
authorized

YES

Status: select
authorizers

Sender:
automatic
authorizer
selection

YES

NO
"eGuard Select"
mail to Sender

Sender selects
first and second
authorizer

Sender
withdraws
message

Status: Pending

first authorizer processes


message

first authorizer
accepts message

NO

Timeout
Status:
withdrawn

second authorizer processes


message

first authorizer
rejects message

Timeout

second
authorizer
rejects
message

"eGuard Rejected"
mail to Sender

"eGuard Non-Resp."
mail to Sender

Status: Rejected

Status: nonreponding

second authorizer
accepts message

Status: Sent

AMS Technical Documentation

Introduction 21

AU1 = Sender?

Start Work Timeout


(i < n),
i := i + 1

NO
i := 1

"eGuard: Authorize" mail to AUi


Sender
withdraws
message
Start Work
Timeout
(i = n)

YES

AUi enters
Authorization Page
p := i

AUj (j < i) enters


Authorization Page
p := j

Finish Work
Timeout
(i < n),
i := i + 1

Sender
withdraws
message
AUp processes message

Finish Work
Timeout
(i = n)

AUx enters Authorization Page,


accepts or rejects
(x <= i, x <> p)
AUp
accepts
message

AUp
rejects
message

Page shows
"Command cannot
be executed"

AUi: the i-th authorizer in the list of authorizers for the originator,
where AU1 is the authorizer selected by the originator

Notifications and eGuardian


From time to time, the user may receive notifications from the AMS system, e.g. when
authorizers have to be selected or when a message has been rejected.
The user can receive a notification in two ways:
E-mail notifications reach the user as ordinary e-mail which can be examined in any
mail client. The body of the e-mail contains an HTTP link to the details page of the
message.
22 Introduction

AMS Technical Documentation

UDP notifications are network transmissions caught and processed by eGuardian, a


small resident program. If eGuardian is running on the client machine and a UDP
notification is received, eGuardian pops up a window informing about the content of
the notification and providing an HTTP link to the details page of the message.
Both possibilities are equally good, however one might be preferable in a specific
situation. E-mail notifications do not need additional software installed, while UDP
notifications cannot be missed by the user due to the eGuardian popup window. The
administrator can define what type of notification is to be sent for which workflow event
(see Notification Settings on page 56).

Expiration Date
Outlook provides the message option Expires after to make a message unavailable after
a specified date. You can set this option in your message window as follows:
1. Call the Options command in the View menu.
2. Under Delivery options, select the Expires after checkbox, and then enter the
expiration date you want.

Example: You sent out a message to Mr. Smith with the expiration date 30.10.2002
11:00.
If Mr. Smith does not read the message before 30.10.2002 11:00 the message is
deleted from his inbox.
AMS Technical Documentation

Introduction 23

If Mr. Smith does read the message before 30.10.2002 11:00 the message appears
as struck through in his inbox (as soon as the expiration date has passed).

eGuard provides an additional functionality for messages with an expiration date. The
originator of those messages gets an interim notification if a certain percentage of the
expiry time has already elapsed and the message has not yet been authorized and thus
not yet been sent out. This feature and the percentage to be used can be configured by
the administrator.
The following registry settings found under [Sentinel\AMS Check\] can be used to
configure this feature:
Use Expiry-Date
Set to 1 to enable the feature. If set to 0 the following registry settings are ignored.
Timeout Expiry-Date minimum minutes
eGuard ignores the expiration date and handles the message as a standard message
(without any expiration date) if the following is true: the interval between the time
eGuard receives the message and the expiration date specified in the message is less
than the timeout specified in this registry entry.
Timeout Warning of Expiration Time (percent)
Timeout Notify Standard / Urgent
The originator of a message gets a notification if the percentage specified here of the
expiry time has already elapsed and the message has not yet been authorized and thus
not yet been sent out. Actually, eGuard uses the minimum of the value calculated on the
basis of this setting and the value specified under Timeout Notify Standard / Urgent.
Remove after Use: Expiry-Date
If set to 1 eGuard removes the expiration date from the message before sending out the
message, i.e. the expiration date is used to trigger interim notifications only, and not to
make the message unavailable after a specific date.
There is one more registry setting which is not used to configure this feature. It is
mentioned here because it contains the word Expiry-Date:
24 Introduction

AMS Technical Documentation

Use Expiry-Date on Notifications


If set to 1, each notification sent by the sentinel gets an Expires after field in the mail
header. The message expires after the time specified in the registry entry Timeout
overall has passed, i.e. the notification is deleted (if it has not been read) or appears as
struck though (if it has been read), as described above.

Show Authorizers to Recipient


AMS can be configured to show the names of the authorizers in the X-message-flag of
the message. The X-message-flag is shown to the recipient of a message. Outlook
displays this information as a yellow frame above the mail header.

To configure this feature use eGuard.hta (located in the HTA subdirectory of Sentinel,
e.g. c:\ams\sentinel\hta).

If you check the Mention Authorizer within X-Message-Flag box, all messages which have
been authorized by at least one person different from the sender get an X-message-flag.
In the X-Message-Flag content box you can specify the text to be displayed in the Xmessage flag. Use variables '%%Authorizer1CurrentNice%%' and
'%%Authorizer2CurrentNice%%' (in single quotes) as placeholders for the names of the
authorizers.

AMS Technical Documentation

Introduction 25

eMMS E-mail Path Monitoring Process


The eMMS process is a member of the AMS product family that checks for the proper
working of the mail transfer process by sending test messages to auto-reply accounts
and checking the replies. In the event of problems, administrators are notified.
Although eMMS can be used independently of the AMS/eGuard authorization process, it
shares some registry settings with eGuard, which is why some of its configuration
possibilities are described in this manual for the sake of completeness.
The following list provides information about where different parts of the eMMS process
are configured:
General settings for the eMMS process are customised in [Sentinel\EMMS\].
As mentioned above, a local POP3 account can be set up for each eMMS test scenario
[Sentinel\POP3\].
The regular calls of the eMMS batch files are configured in [Sentinel\Scheduler\].
The process stores its INI file in a subdirectory of its own [Sentinel\EMMS INI Files].
Administrators can check and comment problems on the eMMS portal page
[Sentinel\AMS Check\Get EMMS Page].
A comprehensive explanation of this process can be found in the eMMS
Administrators Guide.

Out of Office and the eBusy Database


Out of Office
When you are out of the office for an extended period of time, requesting your
authorization will not lead to any response, and there will always be a timeout. In order
to speed up the authorization process, you can tell the system via the web interface how
long you will be out of the office. You will then always be skipped in the authorizer list
during the specified period of time. The sections Notification Settings on page 56 and
[HKEY_USERS\.AMSUser\] contain some out-of-office registry options.

Out of Office Synchronizing AMS and Exchange


AMS contains a built-in Unavailability Calendar, which enables the management of
holidays, sickness leave, etc. In addition, AMS supports one- or two-way synchronization
with the Exchange Out-Of-Office status flag.
All registry keys mentioned in this section are to be found under
[HKLM\Software\DIaLOGIKa\AMS\Sentinel\User\Exchange].
Read OutOfOffice
Purpose:

26 Introduction

= 0|1

If set to one, synchronization of Exchange-Out-of-Office with AMS is


activated.

AMS Technical Documentation

Write OutOfOffice
Purpose:

= 0|1

If set to one, synchronization of AMS-Out-of-Office to Exchange is activated.

The one-way Exchange-Out-of-Office --> AMS synchronization routine does the


following: the Exchange flag of each user is read, and AMS sets this user to unavailable if
the Out-Of-Office flag is found to be set in Exchange (the AMS unavailability flag is reset
when the AMS Im back button is activated, for example).
This Exchange-Out-of-Office --> AMS sync process (syncooo.bat) runs as a scheduler
job (defined in Rdexpo). The frequency of this job should not be too high as it is quite
resource-consuming in relation to the number of Exchange users.
The following has been implemented in order to improve the synchronizing speed without
being excessively resource-intensive: AMS watches the return of absent and not-absent
users in keeping with the two following registry entries:
Sync Interval Available

= <number>

Purpose:

This entry specifies the time in minutes after which Out-of-Office status is to
be synchronized for users who were available during the last sync
operation.

Example:

"120"

Sync Interval Unavailable

= <number>

Purpose:

This entry specifies the time in minutes after which Out-of-Office status is to
be synchronized for users who were unavailable during the last sync
operation.

Example:

"5"

Note: The sync process (syncooo.bat) should be scheduled in Rdexpo to run as often as
the minimum of the above two values, i.e. 5 minutes in the above example.
Syncooo.bat contains the following line of code:
cscript c:\ams\sentinel\CheckOOO.vbs %COMPUTERNAME% 6 //T:2400
The second parameter of the VBS script (in this example 6) should be set to X+1, where
X is the number of minutes the sync process is scheduled to run.
In addition, there is the following registry entry:
Default Write Interval State
Purpose:

= 0|1

Only relevant if Write OutOfOffice is set to 1. Specifies the default value for
the checkbox Set Outlooks Out of Office status at the beginning and end of
this period and add the following AutoReply message to this period.

The eBusy Database


The official working time is a completely different case. Let's assume everybody works
from 9:00 a.m. to 5:00 p.m., and everybody has 15 minutes to respond to an
AMS Technical Documentation

Introduction 27

authorization request. If you send out a message at 4:59 p.m., you will most likely get a
timeout from each authorizer. Instead, you would want the system to give each
authorizer 15 minutes within the official working time, i.e. the first authorizer could
respond until 9:14 a.m. the next day.
This is where eBusy comes in. It allows you to specify the official working time intervals
for each day of the week, and for special dates (usually holidays). Furthermore, it is
possible to give each interval a "type" which defines the working level. A level of 100%
means "full work", i.e. one work minute corresponds to one minute in real time. During
an interval with a level of 50%, somebody who is requested to authorize within
15 minutes actually has 30 minutes to do this, as one work minute corresponds to two
minutes in real time. This feature enables you to approximate the times when not
everybody is usually at work.
The entire eBusy database can be maintained via the eBusy Web Interface. It lets you
add and remove special holidays, as well as edit the list of time intervals. Most of the
interface should be self-explanatory, except for the option for defining nested intervals.
The interface automatically sorts nested intervals so that the interval type A always
precedes interval type B if A comes somewhere after B in the list.
Please refer to [Sentinel\eBusy] for the registry options for configuring database access
and to eBusy Interface on page 104, which describes the eBusy Server Page Extensions.
The AMS, Web-based Administrator Tools (WebAdminGuide.pdf) describes the e Busy
Web Interface.

28 Introduction

AMS Technical Documentation

Schematic of the AMS System


Client-dependent
Settings
(Cookies)

HTTP Client
(Browser)

SMTP Client
(Mailer)

outer world

POP3 Client
(Mailer)

IMAP Client
(Mailer)

SMTPWire
(e.g. Exchange)

SMTPHost

HTTP
Server

SMTP
Server

Mail router

POP3
Server

IMAP
Server

Diasepa
engine

Workflow
engine
(AMSCheck)

Filter program

POP3
accounts

AMS System
Sentinel
Scheduler

Schedule
programs (filter
and workflow
scheduler,
eMMS batch
files, etc.)

runs, uses

Workflow
database

AMS Technical Documentation

User database
(Registry)

accesses
communicates with

Introduction 29

eCluster
Two independent AMS servers called AMSX and AMSY below work together as a
single AMS system to ensure that mission-critical applications and resources remain
available to clients. Both AMS Servers have individual IP addresses. Both IPs are entered
as an A record in the DNS server (e.g. for eGuard). There is one IP address, called IPV
(for virtual IP). At the beginning this IP belongs to AMSX, i.e. AMSX is now the master.
Important: The purpose of eCluster is simply to guarantee the availability of the AMS
service but not back up the AMS workflow data.
A sample architecture Might be as follows: AMSX and AMSY both have two network
cards. The network cards X1 and Y1 would be used to communicate with the outside
world. The network cards X2 and Y2 would be used for communication between AMSX
and AMSY, e.g. for synchronization. In order to obtain this architecture, eCluster would
be configured as shown in Configuring eCluster, below.

AMSX

AMSY

IP X1
IPV

Network
card X1

IP Y1

Network
card Y1

IP X2

Network
card X2

IP Y2

Network
card Y2

e.g. gigabit line

Workflow with eCluster


When a message is received by eGuard the DNS server forwards the message to AMSX
or AMSY. If the receiving AMS server is the master (owns the IPV), the message enters
the AMS workflow. If the receiving AMS server is the slave, it forwards the message to
the master.

Assigning IPV
On the slave a fastping on IPV is performed every N ms (N is configured in the Interval
box in the Ping frame of CluistUI.exe, cf. below). If the fastping returns a valid answer it
is assumed that everything is running smoothly. If the fastping does not return a valid
answer, several stress fastpings are performed (every M ms; M is configured in the
Stress interval box, the number of stress fastpings being configured via Stress count in

30 e Cluster

AMS Technical Documentation

the Ping frame). If these fastpings also return invalid answers, the IPV is assigned to the
slave, i.e. the old slave is now the master (IPHlpApi.dll).

Synchronization
A IPCheck program runs on AMSX and AMSY, the program checking whether IPV belongs
to AMSX or AMSY.
If IPV belongs to AMSX:
Synchronization on AMSX: Scheduled jobs are running, i.e. a synchronize Exchange job
would be executed.
Synchronization on AMSY:
Scheduled jobs are not running on the slave. eCluster calls the following two programs
to synchronize data (by default all relevant data is synchronized; using CluistUI.exe files,
folders or registry branches to be synchronized may be added or removed):
-

syncdir.exe synchronizes data from AMSX to AMSY


syncreg.exe synchronizes the registry from AMSX to AMSY

If IPV belongs to AMSY: same as above, except replace AMSX with AMSY and AMSY
with AMSX.

AMS Technical Documentation

e Cluster 31

Configuring eCluster
Clustui.exe is an application used to configure eCluster. It reads and writes from the
registry [HKLM\SOFTWARE\DIALOGIKA\AMS\eCluster].

Network
Adapter Select the network card to be used for the virtual IP.
In the sample architecture above, Network card X1 (Y1) would be
selected.

Virtual IP The virtual IP (= IPV) for the eCluster.


Virtual subnet mask Subnet mask of IPV.
32 e Cluster

AMS Technical Documentation

Partner IP IP address of the partner server (the other server of the


eCluster).

In the sample architecture above, IP Y2 (X2) would be entered.

Add Virtual IP now Click on this button to make this AMS server the master.
Test on Virtual IP Click on this button to get information on who currently owns IPV.
Ping
Interval Specifies in which time intervals (ms) the slave fastpings the IPV
address.

Stress interval Specifies in which time intervals (ms) the slave stress-fastpings
the IPV address.

Stress count How many stress-fastpings have to fail before IPV is associated
with the slave, making the slave the new master.

Receive timeout This entry specifies after which time intervals (ms) fastpings time
out.

Packet size Specifies the size of the fastping packet in bytes.


Options
Run eCluster on this Check this box to activate eCluster.
machine
This machine is Check this box to make the current AMS server the master of the
configured as master cluster. This setting is relevant only when turning on the AMS
server, the server with this box checked tries to get IPV first.

Important: This option has to be modified if one of the AMS


servers fail. Example: AMSX is configured as the master and this
box is checked. Now AMSX drops out and the slave has to take
over the master function. Thus, the admin has to make sure to
check this box on AMSY (and to uncheck this box on AMSX after
fixing the problem with AMSX and before adding AMSX again to
the cluster).
What happens if the admin forgets to modify this option in the
event of a network problem? In the case of a network break the
slave starts to act as the master. When the network is fixed again
(and the Master checkbox has not been modified by the admin),
there are two masters now and an IP address conflict arises. This
IP conflict is solved by eCluster automatically using the
information of this checkbox. Thus, the machine configured as the
master always wins and is the master. This might result in data
loss if the master has not yet fully synchronized the data with the
old slave.

Add Virtual IP Relevant when there is alternation between the master and the
AMS Technical Documentation

e Cluster 33

automatically slave. When this box is checked, the slave automatically tries to

get IPV. When this box is not checked, there is a message for the
administrator to assign IPV manually. This would be done by
clicking the Add virtual IP now button in the Network frame on the
new master.

Replication
User User account to be used to synchronize files and registry data.
Password Password of the user account.
Interval Specifies in which time intervals (ms) replication

(synchronization) is to be launched. 0 means no replication.

Jobs Clicking on this button opens a dialog to specify programs to be

executed On startup, On startup as master, On startup as slave,


On switching to master, On switching to slave.

Advanced All relevant data is synchronized by default. Clicking on this

button launches a program to modify the files, folders or registry


branches to be synchronized.

Other Registry Settings


In addition to the above settings, there are the following internal registry settings
[HKLM\SOFTWARE\DIALOGIKA\AMS\eCluster]:

Reinit Configuration Specifies in which time intervals (ms) eCluster reads the settings
(ms) from the registry.
SyncDir Program Name of the program to synchronize files.
SyncDir Parameters Parameters for the SyncDir program.
SyncReg Program Name of the program to synchronize the registry.
SyncReg Parameters Parameters for the SyncReg program.
Broadcast Stress (ms) Specifies in which time intervals (ms) eCluster sends a broadcast
message about IPV during the first 2 minutes after alternating
between the slave and the master.

Broadcast Standard Specifies in which time intervals (ms) eCluster sends a broadcast
(ms) message about IPV.

Jobs
The Jobs button opens a dialog for specifying programs to be executed On startup, On
startup as master, On startup as slave, On switching to master, On switching to slave.
This is useful when you have additional software that has to be notified about the current
34 e Cluster

AMS Technical Documentation

AMS role. Jobs are specified in the registry


[HKLM\SOFTWARE\DIALOGIKA\AMS\eCluster\Jobs].

The dialog lists all the jobs configured on the current machine. There are no predefined
jobs included with the AMS setup. Notice that these jobs are not monitored by eCluster.
Once they are successfully started, they are on their own doing whatever they have to
do.

Add job Clicking on this button opens a dialog for specifying a new job. You

have to configure when the job is to run, a nice name for the job,
and the program path of the program to be executed. You can also
add a list of command-line parameters that are appended to the
executed program call along with a username/password combination
of the Windows User Account used to run the job.

Edit job Enables you to edit an existing job.


Remove job Use this button to permanently remove a job from the list. (Note:

You can set the When option to Never, which ensures that the job
will never be started without removing it from the list first.)

What to Do When a Server Fails


Assuming AMS is running on AMSX as the master and on AMSY as the slave, there are
two cases:
If AMSY (acting as the slave in the cluster) fails, nothing needs to be done except
remedy the problem on AMSY, after which AMSY has to be added to the cluster again.

AMS Technical Documentation

e Cluster 35

If AMSX (acting as the master in the cluster) fails, the admin has to do the following:
i.

On AMSY (old slave): Call Clustui.exe and check the This machine is configured as
Master box in the Tools Options frame.

ii. Fix the problem with the old master AMSX.


iii. Call Clustui.exe on the old master AMSX and uncheck the This machine is
configured as Master box in the Tools Options frame.
iv. Now the old master AMSX can be added as the slave to the cluster again.
Reconfiguring AMSY as the new master (step i. above) is a very important step.
Consider the following scenario: AMSX has been configured as the master but fails and is
out for an extended period of time (due to hardware failures or similar). AMSY now plays
the role of the master; however the This machine is configured as master box has not
been checked. While AMSX is undergoing maintenance AMSY might also fail. Both
systems are fixed and restarted at the same time. AMSX believes that it is still the
master system and has more knowledge than AMSY. Therefore all new data of AMSY is to
be deleted because it may not exist on AMSX.
As you can see, checking this box is extremely important in order to ensure the integrity
of your data. You may consider also backing up your data using your favourite backup
tool.

Registry Entries of AMS


This chapter describes all the Windows registry settings of AMS, except for the entries of
the user database, which are also stored in the registry and described in User Registry
Settings.
All AMS registry keys not belonging to the user database are located in the registry
branch [HKEY_LOCAL_MACHINE\Software\DIaLOGIKa\AMS\].
The name of each section in this chapter reflects the name of the key below this branch.
For example, the section [Sentinel\AMS Check\] contains descriptions of the registry
entries below the key [HKEY_LOCAL_MACHINE\Software\DIaLOGIKa\AMS\Sentinel\AMS
Check\]
Each section lists the entries belonging to the key. A section may contain subsections
that group entries semantically. For example, the [Sentinel\AMS Check\] section has a
subsection Timeout Settings which describes entries of the AMS Check key that
specifies certain timeouts.

[Sentinel\]
The AMS Sentinel Service is AMSs main service. It contains the HTTP Server and Mail
Server, and is responsible for launching all scheduling processes and the AMS workflow
state engine. This section describes the main settings of the sentinel.
CreateUserAccountAddress = <string>
Purpose:

A message to this account forces the workflow engine of the sentinel to


create a new portal for the sender and to send the access data of this new
portal to the sender in a message.

36 Registry Entries of AMS

AMS Technical Documentation

Default:

CreateAccount@eguard.ams

DB Lock Timeout = <number>


Purpose:

This entry specifies how many milliseconds a query to the workflow database
is to wait until a timeout is returned.

Default:

5000

DoRelay = <boolean>
Purpose:

If this entry is set to 0, the sentinel only accepts messages for extraspecified addresses.

Default:

Eguard Domain = <string>


Purpose:

Messages to this domain are notifications from the user to the AMS system.
They should be treated independently of any specific user rights (i.e. send
directly).

Default:

Eguard.ams

File Event Timeout = <number>


Purpose:

After a message is placed in the spool or wire directory an event is raised


and the messages are processed. Even if no event is raised the scheduler of
these directories checks their content after the number of seconds given
here.

Default:

20

FixGateway = <boolean>
Purpose:

If this entry is set to 0, the sentinel also checks whether a computer is


identified directly by the right side of the message address. In this case, the
sentinel tries to send the message to this computer.

Default:

FreeSpace Shutdown MByte = <number>


Purpose:

The service stores all messages and its databases in the file system. Regular
checks are made to determine whether the file system still has sufficient
space for everything. Each directory of the service is checked separately,
thus enabling these directories to be spread over different partitions. If the
service finds that one of its directories has less space than this value, it
initiates its shutdown. See also FreeSpace Warning MByte below

Default:

20

FreeSpace Warning MByte = <number>

AMS Technical Documentation

Registry Entries of AMS 37

Purpose:

If one of the directories has less than the amount of free disk space specified
here, a warning is written to the log file.

Default:

100

Logfile count = <number>


Purpose:

The service logs all actions to a log file called sentinel.log. It starts a new log
file for each new day and for each service restart, while renaming the older
log files and deleting the oldest log file. The log file of yesterday is called
sentinel.000, the log file of the day before yesterday is called sentinel.001.
The number given by this entry defines how many log files are to be stored
before the oldest one is deleted.

Default:

99

LoggingAddress = <string>
Purpose:

After a single workflow has terminated its log files, message and status
reports are packaged to a message and sent to this address for archiving.

Default:

(none)

Example:

AMSLog@company.com

Mail Schedule Timeout = <number>


Purpose:

The number of seconds specified here determines how often the sentinel
starts the workflow scheduler, filter schedule program and user-defined
scheduling programs [Sentinel\Scheduler\], and checks for transfer errors
and sufficient free disk space, etc.

Default:

180

Max Mail Thread = <number>


Purpose:

This entry specifies how many threads of the following Max Thread value are
allowed to be used for trying to send messages.

Default:

32

Max Thread = <number>


Purpose:

Each incoming mail or each HTTP request uses a thread of its own. This
enables the sentinel service to scale well on multi-CPU systems. You can
specify how many concurrent threads are to be allowed.

Default:

128

ReRouteFromAddress = <string>
Purpose:

This e-mail address is used in the From: field if a notification is sent from
the sentinel to the originator of a message, e.g. in the select authorizers
notification. This entry is usually the same as the LoggingAddress.

38 Registry Entries of AMS

AMS Technical Documentation

Default:

(none)

Example:

AMSLog@company.com

Server IP Address = <string>


Purpose:

There can be more than one IP address assigned to the AMS server
computer. If this setting is set to 0.0.0.0, the sentinel listens to all of its IP
addresses for connections. Otherwise it listens to a particular IP address
specified in this entry.

Default:

0.0.0.0

UseDNS = <boolean>
Purpose:

This value defines whether the sentinel is to also use available DNS service
to find out how to route the message to the next gateway or recipient
(defined MX records of domains).

Default:

SMTP Settings
HELO Server Name = <string>
Purpose:

This entry defines how the message engine is to identify itself during an
SMTP session. If the string is left empty, the message engine identifies itself
with its DNS name.

Default:

SMTP Check Domainname = <boolean>


Purpose:

If this entry is set to 1, the SMTP part of the sentinel checks the recipients
address of each mail sent. If the right part of the address (domain name)
contains characters not specified in the SMTP Domain Chars entry below, the
mail is not sent.

Default:

SMTP Domain Chars = <string>


Purpose:

This entry specifies a set of valid characters for the domain name part of a
recipients address (see SMTP Check Domainname above). If this entry is
empty (), no check is performed.

Default:

0123456789.abcdefghijklmnopqrstuvwxyz-

SMTP Listen Port = <number>


Purpose:

The SMTP part of the sentinel listens to this port for incoming messages.

Default:

25

AMS Technical Documentation

Registry Entries of AMS 39

Smtphost = <string>
Purpose:

This is the IP address of the default mail gateway and, if the DNS is not
enabled, of the only mail gateway for messages from the inside.

Default:

1.1.1.2

SMTPWire = <string>
Purpose:

This is the IP address and port of the inside host. Messages from this host
are treated as inside messages. Messages from the outside are forwarded to
this host.

Default:

1.1.1.1:25

Support RFC 1891 = <boolean>


Purpose:

A message may contain special information indicating that the sender wants
a delivery notification from the recipient (RFC 1891). If this entry is set to
0, the sentinel strips this information from the message.

Default:

use DNS to resolve SMTP client ip addresses = <boolean>


Purpose:

If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of a computer sending a message via SMTP to the sentinel. The resolved
name is used in the log files and in the added Received: field of the mail
header.

Default:

HTTP Settings
AMS Cache = <string>
Purpose:

Each HTTP session is able to store memory snapshots and access this
memory instead of recomputing all components each time. These snapshots
are stored in this directory.

Default:

<SENTINEL_DIR>\CACHE

Example:

C:\AMS\SENTINEL\CACHE

AMS Clear Cache = <number>


Purpose:

If a memory snapshot is older then this value (unit = minutes) it is removed.


The HTTP session has to recompute all components. It is possible to save
some CPU time by increasing this value, however the information shown to
you may have changed in the mean time.

Default:

CookieLifetime = <number>
40 Registry Entries of AMS

AMS Technical Documentation

Purpose:

The number of days a cookie of the sentinel is to be valid on the client


computer.

Default:

32

Delete temporary Post Files = <boolean>


Purpose:

The sentinel sometimes creates temporary files while receiving data via
HTTP. If this setting is set to 1, these files are deleted immediately.

Default:

Delete temporary StdOut Files = <boolean>


Purpose:

The sentinel sometimes creates temporary files before dynamically created


pages are sent via HTTP. If this setting is set to 1, these files are deleted
immediately.

Default:

Dynamic create answer = <boolean>


Purpose:

Are dynamic answers to HTTP queries to be marked as dynamic?

Default:

HTTP BasePath = <string>


Purpose:

This directory contains all the .html and .ams files.

Default:

<SENTINEL_DIR>\WWW

Example:

C:\AMS\SENTINEL\WWW

HTTP Default = <string>


Purpose:

This page is shown if an empty request is made to the HTTP engine.

Default:

/index.htm

HTTP Domain = <string>


Purpose:

When the HTTP part of the sentinel sends a cookie to a client, it needs to
specify the HTTP domain of the server. The domain given here has to match
the HTTP server setting and has to start with a dot.

Default:

.ams.com

HTTP Expiration Time Of Created Files = <number>


Purpose:

This entry defines the number of seconds until a dynamically created file
expires. When the user loads an expired file, the browser sends a new HTTP
request to the sentinel instead of loading the file from its cache.

Default:

10

AMS Technical Documentation

Registry Entries of AMS 41

HTTP Expiration Time Of Files = <number>


Purpose:

This entry defines the number of seconds until a normal file (not dynamically
created) expires. When the user loads an expired file, the browser sends a
new HTTP request to the sentinel instead of loading the file from its cache.

Default:

3600 (one hour)

HTTP Port = <number>


Purpose:

The HTTP part of the sentinel service listens to this port for incoming HTTP
requests.

Default:

8080

HTTP Recv Timeout = <number>


Purpose:

This entry defines for how many seconds reception of an HTTP request may
be idle before the sentinel can be sure the connection timed out.

Default:

60

HTTP Send Buffer Size = <number>


Purpose:

This entry defines the HTTP send buffer size. The answers of an HTTP
request are split into TCP/IP packets up to this maximum size.

Default:

512

HTTP Send Timeout = <number>


Purpose:

This entry defines for how many seconds transfer of HTTP data may be idle
before the sentinel can be sure the connection timed out.

Default:

60

HTTP Server = <string>


Purpose:

This entry specifies the complete server part of the URL including the port
number. This setting must match the HTTP Domain setting (cf. above). The
HTTP part of the sentinel uses this setting to identify itself.

Default:

http://www.ams.com:8080

Parse for Environment = <boolean>


Purpose:

If this entry is set to 1, each HTML page the sentinel sends is parsed for
variable names enclosed in $$<< and >>$$ which are replaced by the
variable values defined in [Sentinel\Environment\]. See HTTP Server and
Web Interface on page 9 for a detailed explanation.

Default:

Use HTTP IF-MODIFIED-SINCE = <boolean>


42 Registry Entries of AMS

AMS Technical Documentation

Purpose:

To reduce traffic, a client sending an HTTP request can specify a date in the
IF-MODIFIED-SINCE field of the request header. If the requested file on
the server has not been modified since that date, the server normally sends
a blank file instead. The HTTP part of the sentinel does the same thing unless
this entry is set to 0 (which makes the sentinel ignore the IF-MODIFIEDSINCE field).

Default:

use DNS to resolve HTTP client ip addresses = <boolean>


Purpose:

If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of the client computer sending an HTTP request. The resolved name is only
used in log files.

Default:

Server Page Extension Settings


AMS Script Parameters = <string>
Purpose:

This entry specifies additional parameters for the script interpreter. The
parameter //B suppresses the display of all user prompts and script errors.
//Nologo suppresses the display of the interpreter logo, and //T:20 limits
the execution of each script to twenty seconds. (//Nologo //T:20 should be
used for development work only, as the missing //B allows AMS to fill the
%%VBS_ERROR%% AMS placeholder with the VB Script error message.)

Default:

//B //Nologo //T:20

AMS Script Program = <string>


Purpose:

This entry specifies the program called to interpret the VB Script.


(CSCRIPT.EXE should be chosen for development work.)

Default:

CSCRIPT.EXE

Delete temporary VBS Errorfiles = <boolean>


Delete temporary VBS files = <boolean>
Delete temporary VBS Value files = <boolean>
Purpose:

When the Diasepa engine processes an .ams file, the following temporary
files are created: a VBScript file (.vbs), an error file (.vbs.error) and a
value file (.vbs.value). If one of the above entries is set to 1, the
respective file is deleted immediately afterwards.

Default:

1 (for all three settings)

Mail Transfer Failure Settings


If an error occurs while sending a message, the sentinel creates a registry entry below
the key [Sentinel\Transfer Failures\] for this message. This entry contains a counter
which is incremented each time the message could not be sent. The following settings
specify the number of retries and the time between them.
AMS Technical Documentation

Registry Entries of AMS 43

Maximum Mail Error Counter = <number>


Purpose:

When the counter in [Sentinel\Transfer Failures\] reaches the number


specified in this entry, the system aborts this message and notifies the
originator.

Default:

64

Notify Mail Error Counter = <number>


Purpose:

When the counter in [Sentinel\Transfer Failures\] reaches the number


specified in this entry, the originator is notified about this condition. The
system keeps trying to send the message until the Maximum Mail Error
Counter (cf. above).

Default:

Repeat failed send after minutes = <number>


Purpose:

If a message has not been delivered successfully to the next mail gateway or
mail recipient the sentinel waits for the number of minutes specified in this
entry before it retries sending the message. This value is also tallied for each
additional failure.

Default:

The default values for the entries in this section have the following effect: The time
difference between two retries is increased by five minutes, i.e. 5 min., 10 min., 15 min.,
20 min., This means the sentinel tries to send the message after 0 min., 5 min., 15
min., 30 min., 50 min., The originator is informed about the problem after three tries,
i.e. after 15 minutes. After 64 tries, i.e. after 0+5+10+15+20+ = (n*(n-1)/2)*X
minutes = (64*(64-1)/2)*5 minutes = 10080 minutes = 7 days the sentinel gives up and
sends a notification to the originator of the message.

Filter Settings
Filter Clean Program = <string>
Purpose:

The command specified in this entry is invoked periodically


[Sentinel\Rules\Filter Recheck Time]. The command checks whether there
are messages in the filter directory that have not been filtered yet. These
messages are filtered again. If a message is not filtered after the amount of
time defined in [Sentinel\Rules\Filter Final Time] has elapsed, the message
is sent to a specified logging address.

Default:

FILTER.EXE SCHEDULE

Filter Program = <string>


Purpose:

The file name of the filter program. This program is called explicitly for each
message to be filtered.

Default:

FILTER.EXE

44 Registry Entries of AMS

AMS Technical Documentation

Filter Usage from inside = <boolean>


Purpose:

If this entry is set to 1, the filter rules are applied to all messages coming
from the inside.

Default:

Filter Usage from outside = <boolean>


Purpose:

If this entry is set to 1, the filter rules are applied to all messages coming
from the outside.

Default:

FilterPath = <string>
Purpose:

Every message that has to be filtered is moved to this directory and


processed by the filter program. After this, the message is moved back to
the spool directory (if the message comes from the outside) or the wire
directory (if the message comes from the inside).

Default:

<SENTINEL_DIR>\FILTER

Example:

C:\AMS\SENTINEL\FILTER

Workflow Settings
Allow direct Delivery Notification to inside = <boolean>
Purpose:

Sometimes the sender of a message wants a delivery notification from the


recipient. If this entry is set to 1, there is no AMS workflow created for
delivery notifications going to the inside. There is no need to set this setting
to 0, as mail going to the inside does not launch a workflow anyway.

Default:

Allow direct Delivery Notification to outside = <boolean>


Purpose:

Same as the above setting, but for outgoing delivery notifications. Delivery
notifications have an empty From: field. If this entry is set to 1, no
outgoing mail with an empty From: field results in an authorizer workflow,
which might be a security risk.

Default:

Authorizer Program = <string>


Purpose:

This entry specifies the name of the workflow engine. You may wonder why
the workflow engine is not part of the sentinel. The answer is simple: By
separating the sentinel from the workflow engine via process boundaries, the
sentinel service cant be harmed by a workflow mistake.

Default:

AMSCHECK.EXE

AMS Technical Documentation

Registry Entries of AMS 45

Deliver spool (to outside) to local POP accounts = <boolean>


Purpose:

If this setting is set to 1, messages in the spool directory sent to a POP3


mailbox on the AMS server are not filtered and no workflow is created.

Default:

Deliver undef to local POP accounts = <string>


Purpose:

If this setting is set to 1, messages in the undef directory sent to a POP3


mailbox on the AMS server are not filtered and no workflow is created.

Default:

Deliver wire (to inside) to local POP accounts = <string>


Purpose:

If this setting is set to 1, messages in the wire directory sent to a POP3


mailbox on the AMS server are not filtered and no workflow is created.

Default:

Maximum Files in Wire = <number>


Purpose:

The AMS workflow stops creating notifications if more than this number of
messages are waiting for delivery to the users.

Default:

1024

Schedule Program = <string>


Purpose:

This entry specifies how the sentinel is to call the scheduling part of the
workflow engine. It backs up the registry regularly, checks the workflows for
timeouts, and synchronises the workflow database with the workflow
directory. Refer to Workflow Scheduling Program on page 20 for detailed
information.

Default:

AMSCHECK.EXE -SCHEDULE

Directories
AMS Logfiles = <string>
Purpose:

The various AMS programs store logging information in this directory. See
AMS Web-based Admin Tools , AMS Log section for more information about
the logging format and file names.

Default:

<SENTINEL_DIR>\LOGFILES

Example:

C:\AMS\SENTINEL\LOGFILES

EMMS INI Files = <string>


Purpose:

This entry specifies the directory where eMMS (E-mail Path Monitoring
Process) stores its files.

46 Registry Entries of AMS

AMS Technical Documentation

Default:

<SENTINEL_DIR>\EMMS

Example:

C:\AMS\SENTINEL\EMMS

HTTP AMSPath = <string>


Purpose:

This directory contains all the subdirectories for each outbound workflow.

Default:

<SENTINEL_DIR>\MSGS

Example:

C:\AMS\SENTINEL\MSGS

MIM Path = <string>


Purpose:

This directory contains all the subdirectories for each inbound workflow.

Default:

<SENTINEL_DIR>\EMIM

Example:

C:\AMS\SENTINEL\EMIM

Pop3Path = <string>
Purpose:

This entry specifies the directory where the POP3 mailboxes are stored.

Default:

<SENTINEL_DIR>\POP3

Example:

C:\AMS\SENTINEL\POP3

SpoolDrv = <string>
Purpose:

The SMTP part of the sentinel stores all mail to the outside in this directory.

Default:

<SENTINEL_DIR>\SPOOL

Example:

C:\AMS\SENTINEL\SPOOL

WireSpoolDrv = <string>
Purpose:

This directory is used for storing all mail to the inside.

Default:

<SENTINEL_DIR>\WIRE

Example:

C:\AMS\SENTINEL\WIRE

UndefSpoolDrv = <string>
Purpose:

This directory is used for storing all mail coming from a computer belonging
to the IP addresses specified in [Sentinel\Undef Network\].

Default:

<SENTINEL_DIR>\UNDEF

Example:

C:\AMS\SENTINEL\UNDEF

AMS Technical Documentation

Registry Entries of AMS 47

[Sentinel\Access SMTP\]
<string> = <string>
This key defines which IP addresses are allowed to establish an SMTP connection to the
sentinel.
The syntax of each entry is
<network name> = <IP address> <subnet mask>
The meaning of the parts is the same as in [Sentinel\Internal Network\].
There is a special entry called Anyone. If it does not exist, the sentinel creates one with
the value 0.0.0.0 0.0.0.0. This means any computer may establish an SMTP connection
to the sentinel, as any IP address which is logically associated with the subnet mask
0.0.0.0 results in 0.0.0.0. You cannot delete the Anyone entry because it is
automatically recreated. If you do not want anybody to connect to the sentinel, you can
set the entry to a value that never matches, e.g. 255.255.255.255 0.0.0.0.

Examples
Anyone = 255.255.255.255 0.0.0.0
Net 1 = 192.168.17.0 255.255.255.0
Meaning:

In this example, every computer belonging to Net 1, i.e. having an IP


address between 192.168.17.0 and 192.168.17.255, may connect to the
sentinel. The Anyone entry has no effect, but must exist nevertheless.

[Sentinel\AddressRouting\]
<string> = <string>
This key contains a number of rules that translate the message recipient address of
inside and outside messages by changing the To field of the message header. In
addition, the sentinel adds information about the change in the header of the MIME part.
The rules defined here are applied if no other address translation rules match (see
[Sentinel\AddressRouting from inside/outside\] and [Sentinel\AddressRouting from
Undef\] below.
Each entry (rule) has the following syntax:
<destination address> = [<value>,]<destination address>
It is possible to use wildcards on the left side and insert the content of these wildcards
again on the right side. However, the @ cannot be part of a wildcard, e.g. *1 never
matches abc@something.com. The universal e-mail address is *1@*2.
If no value is specified the default value (=50) is used. If two entries match the message
address the rule with the highest value wins. The registry is passed using the standard
Windows NT registry enumeration functions. If more than one entry matches and the
values are the same, the result is unpredictable.
48 Registry Entries of AMS

AMS Technical Documentation

Examples
*1@somewhere.com = someone@somewhere.com
Meaning:

The destination address of a message to @somewhere.com is translated into


someone@somewhere.com. No value is specified, consequently this
translation has the default value 50.

special@*1 = someonespecial@*1
Meaning:

The address special@*1 is translated into someonespecial@*1, e.g.


special@company.com results in someonespecial@company.com. This
translation has the default value 50, too, so there is a problem with the
above definition if a message to special@somewhere.com arrives.

*1.*2@anywhere.net = *2.*1@anywhere.net
Meaning:

This entry expects the left side of the @ to have a dot. A.B@anywhere.net is
translated into B.A@anywhere.net. Again, the default value (=50) is applied.

*1@*2.*3 = 30,*1.*2.*3@router.net
Meaning:

This translation has a value of 30. If a message to


special@somewhere.com arrives, this rule has no effect, as it is overridden
by the first rule *1@somewhere.com, which has the default value 50 and is
stronger.

[Sentinel\AddressRouting from inside\],


[Sentinel\AddressRouting from outside\],
[Sentinel\AddressRouting from Undef\]
<string> = <string>
These keys contain address routing rules with the same syntax as the global rules
defined in the key above [Sentinel\AddressRouting\]. These keys enable you to override
the global address routing rules for messages coming from a certain direction:
If the SMTP part of the sentinel receives a message from a host belonging to the
undef network [Sentinel\Undef Network\], the rules in [Sentinel\AddressRouting
from Undef\] are checked.
If the SMTP part of the sentinel receives a message from a host belonging to the
internal network [Sentinel\Internal Network\] but not to the undef network, the
rules in [Sentinel\AddressRouting from inside\] are checked.
Otherwise, the rules in [Sentinel\AddressRouting from outside\] are checked.
In each case, the rule that matches best is applied to the recipients address. The global
rules in [Sentinel\AddressRouting\] arent checked, unless no rule matches.

[Sentinel\AMS Check\]
AMS Technical Documentation

Registry Entries of AMS 49

This is the place in the registry where the workflow engine finds its custom settings.
Allow Authorizer reattach after timeout = <boolean>
Purpose:

If a timeout has occurred for an authorizer but no other authorizer has


started work, is the skipped authorizer to be allowed to reattach to the
workflow?

Default:

Allow quick skip if OOO = <boolean>


Purpose:

If this entry is set to 1, the timeout values of an authorizer that has


reported out of the office are treated as zero, which means the workflow
skips the authorizer as quickly as possible. Nevertheless s/he is notified as
usual.

Default:

AMS Answers = <string>


Purpose:

The file specified by this entry contains customisable messages and


information templates.

Default:

<SENTINEL_DIR>\WWW\ANSWERS.INI

Example:

C:\AMS\SENTINEL\WWW\ANSWERS.INI

AMS Data = <string>


Purpose:

This template file contains the format in which archived messages are sent
to the logging address.

Default:

<SENTINEL_DIR>\WWW\AMSDATA.TXT

Example:

C:\AMS\SENTINEL\WWW\AMSDATA.TXT

AMSproc GetAuthorizerList = <string>


AMSproc GetNewAuthorizer = <string>
Purpose:

(reserved)

Autodefine Default Authorizers = <string>


Purpose:

If set to 1: if the originator selects authorizers and does not yet have default
authorizers defined, the selected authorizers are saved as default
authorizers.
If set to 2: the authorizers selected last are saved as default authorizers.

Default:

Do Authorizer Circling = <boolean>

50 Registry Entries of AMS

AMS Technical Documentation

Purpose:

After all possible authorizers have timed out, is the workflow to abort (0) or
start again with the first authorizer of the list (1)?

Default:

Do Send Directly Level

= <Dword>

Purpose:

A weight for the user property Send Directly=1. If Send Directly=1, this
value is compared with the weight of From/To Deliver Immediately (defined
in eGateway). The setting with the higher weight determines whether or not
the workflow is started.

Default:

0xffffffff

Do Not Send Directly Level

= <dword>

Purpose:

A weight for the user property Send Directly=-1 (minus 1). If Send
Directly=-1, this value is compared with the weight of From/To Call
Outbound Workflow (defined in eGateway). The setting with the higher
weight determines whether or not the workflow is started.

Default:

0xffffffff

Mention Authorizer within X-Message-Flag = <boolean>


Purpose:

If you check the Mention Authorizer within the X-Message-Flag box all
messages which have been authorized by at least one person different from
the sender get an X-message-flag, cf. Show Authorizers to Recipient on page
25.

Default:

Reject If No Authorizers Specified = <boolean>


Purpose:

If this entry is set to 1, messages having no authorizer are rejected


automatically.

Default:

Remove after Use: Expiry-Date = <boolean>


Purpose:

If set to 1 eGuard removes the expiration date from the message before
sending out the message, i.e. the expiration date is used to trigger the
interim notifications only, and not to make the message unavailable after a
specific date.

Default:

Private Allowed = <boolean>


Purpose:

If the status of a message is the same as the string in Status Private, the
message passes AMS without a filter and a workflow, unless this setting is
set to 0.

Default:

AMS Technical Documentation

Registry Entries of AMS 51

Scheduler Wait Timeout = <number>


Purpose:

This entry specifies how many seconds the workflow is to wait for a locking
condition of a single instance.

Default:

Serial Authorization = <boolean>


Purpose:

(reserved)

Default:

Work with Multi TO = <boolean>


Purpose:

This entry specifies whether messages to more than one recipient are to be
summarised to only one workflow (0) or whether several workflows are to be
created for each recipient (1).

Default:

HTML File Names


These entries define file names that are used by the HTTP part of the workflow engine.
They contain some parts of the user interface visible to the originator or authorizer via
the web browser.
AMS Info = <string>
Change Authorizer HTML = <string>
EGuardian Page = <string>
Purpose:

(reserved)

Meaning:

These hidden settings unintentionally reveal a glimpse of future


enhancements of the sentinel. This secret has been kept very well during the
past few months, so please leave these settings unchanged and do not tell
anybody about them.

Default:

/EPORTAL.AMS

Get Authorizer HTML = <string>


Purpose:

The page which lets the author of a message select two authorizers.

Default:

<SENTINEL_DIR>\WWW\CHOOSEAUTHORIZER.HTM

Example:

C:\AMS\SENTINEL\WWW\CHOOSEAUTHORIZER.HTM

Get Status HTML = <string>


Purpose:

This is the message details page which gives tracking information about a
message.

Default:

<SENTINEL_DIR>\WWW\DETAILS.AMS

52 Registry Entries of AMS

AMS Technical Documentation

Example:

C:\AMS\SENTINEL\WWW\DETAILS.AMS

Get Approve1 HTML = <string>


Get Approve2 HTML = <string>
Purpose:

The pages which let the first/second authorizer accept or reject the message.

Default:

<SENTINEL_DIR>\WWW\APPROVE1.HTM and
<SENTINEL_DIR>\WWW\APPROVE2.HTM

Example:

C:\AMS\SENTINEL\WWW\APPROVE1.HTM and
C:\AMS\SENTINEL\WWW\APPROVE2.HTM

Get Approve1 Status HTML = <string>


Get Approve2 Status HTML = <string>
Purpose:

This is the page an authorizer sees after s/he has accepted or rejected the
message.

Default:

<SENTINEL_DIR>\WWW\STATUS.HTM (for both entries)

Example:

C:\AMS\SENTINEL\WWW\DETAILS.AMS (for both entries)

Get AMS Logo GIF = <string>


Purpose:

The AMS/eGuard logo picture which is displayed on all AMS web pages. It
can be in GIF, JPG or any image format supported by the web browser.

Default:

<SENTINEL_DIR>\WWW\IMAGES\AMSLOGO.GIF

Example:

C:\AMS\SENTINEL\WWW\IMAGES\AMSLOGO.JPG

Get EMMS Page = <string>


Purpose:

The eMMS Portal page containing information about problems found by


eMMS.

Default:

/emms.ams

Get Homepage = <string>


Purpose:

The portal page for each user. The path has to be given in relation to the
HTTP base path.

Default:

/PORTAL.AMS

Timeout Settings
Timeout Cleanup = <number>
Purpose:

If a workflow instance is finished all available information is summarised and


sent as a message to the logging address. It also remains in the system for
the number of minutes specified here.

AMS Technical Documentation

Registry Entries of AMS 53

Default:

1440 (one day)

Timeout Choose = <number>


Purpose:

If 0: ignore. Otherwise: when this number of minutes has elapsed since a


notification to select authorizers was sent out, the default authorizers (if
available) are used. Note: this entry can be set using the AMS Management
tool (Tools menu, System Workflow Properties command, Choose authorizer
(originator) field).

Default:

Timeout Cleanup Cached = <number>


Purpose:

The final cleanup date of workflow instances is computed and stored per
instance in order to prevent finished workflow instances from consuming too
much CPU power. If the Timeout Cleanup value is changed these instance
values are recomputed. This value allows AMS to notice a change in the
Timeout Cleanup value. Note: Never change this value manually.

Default:

Timeout EMIM Cleanup = <number>


Purpose:

When an eMIM workflow instance is finished all available information is


summarised and sent as a message to the logging address. It also remains
in the system for the number of minutes specified here.

Example:

5760 (minutes, i.e. 4 days)

Timeout EMIM Overall = <number>


Purpose:

When this number of minutes has elapsed since a message was added to an
eMIM queue and if the message has not been acted on within this time, the
workflow is finished. The value of SendMail EMIM Notify determines whether
the originator of the message is informed about the timeout. Note: this entry
can be set using the AMS Management tool (Tools menu, System Workflow
Properties command, eMIM timeout global field).

Example:

10080 (minutes, i.e. 7 days)

Timeout EMIM Work = <number>


Purpose:

If a message in the eMIM queue is not fetched, forwarded or delegate within


the time frame specified here (minutes), a notification is sent to the superior
of the owner of the eMIM queue. Note: this entry can be set using the AMS
Management tool (Tools menu, System Workflow Properties command,
eMIM time to fetch field).

Example:

60

Timeout Expiry-Date minimum minutes = <number>

54 Registry Entries of AMS

AMS Technical Documentation

Purpose:

The minimum time frame to be used for expiry timeouts, i.e. eGuard ignores
any expiration dates (specified in Outlook) which are less than this entry,
cf. Expiration Date for more information.

Example:

10

Timeout Notify Standard = <number>


Purpose:

If a message to be authorized is still pending within the time frame specified


here, a warning is sent to the originator of the message. Note: this entry can
be set using the AMS Management tool (Tools menu, System Workflow
Properties command, Timeout warning standard field).

Example:

30

Timeout Notify Urgent = <number>


Purpose:

Same as above for messages having the mime flag Importance High. This
flag can be set in Outlook using the Options dialog box. Note: this entry can
be set using the AMS Management tool (Tools menu, System Workflow
Properties command, Timeout warning urgent field).

Example:

15

Timeout Warning of Expiration Time (percent) = <number>


Purpose:

Providing Use Expiry-Date (cf. below) is set to 1 and a message has the
option Expires after set (in Outlook, View/Options): the originator of the
message gets a notification if the percentage specified here of the expiry
time has elapsed and the message has not yet been authorized and thus not
yet been sent out. Actually, eGuard uses the minimum of the value
calculated on the basis of this setting and the value specified under Timeout
Notify Standard / Urgent, cf. Expiration Date for more information.

Example:

50

Timeout Overall = <number>


Purpose:

When this number of minutes has elapsed since a message was sent and if
the message has not been authorized within this time, the workflow is
finished. The value of SendMail TimeOut determines whether the originator
of the message is informed about the timeout.

Default:

2880 (two days)

Timeout Start Work = <number>


Purpose:

This entry specifies how long (minutes) the workflow is to wait for the
authorizer to start work before it hands the job over to another authorizer.

Default:

60

Timeout Work completed = <number>

AMS Technical Documentation

Registry Entries of AMS 55

Purpose:

If an authorizer does not finish authorization within this time another


authorizer is chosen by AMS. This also applies if the authorizer has started
work and is interrupted.

Default:

300

Use Expiry-Date = <boolean>


Purpose:

Set to 1 to enable the Expiry-Date feature, cf. Expiration Date for more
information.

Default:

Sensitivity Settings
Each message can have a certain sensitivity level which can be set in the mail client
program. The settings are Private, Personal, Company-Confidential and (normal).
The [Sentinel\AMS Check\] key contains entries with the following syntax:
Sensitivity:<level> = <status>
These settings define what AMS status a message with a certain sensitivity level is to get
when it is received. If the sensitivity level status of a received messages is not specified,
the default status ? is taken.
See Private Allowed for an example showing what happens to mail with a certain
status.

Default Classification
Default Classification = <string>
Purpose:

If a message has no special sensitivity (normal), it gets the status specified


in this entry.

Default:

Examples
Default Classification = ?
Sensitivity:Company-Confidential = Private
Sensitivity:Private = Private
Meaning:

If a message with no sensitivity level (normal) is received, the status of the


message is ?. If the level is Company-Confidential or Private, the
message gets the status Private. If the level is Personal, a new entry
Sensitivity:Personal with the status ? is created.

Notification Settings
There are several events where the workflow may or may not send a notification to the
author or the authorizers. There are two types of notification:
56 Registry Entries of AMS

AMS Technical Documentation

The user may get the notification via ordinary e-mail. The following entries starting
with SendMail define for which event such a message is sent. If the value is -1, no
notification message is sent at all, 0 means a message is sent, and 1 means a
message is sent containing the original message which raised the workflow as an
attachment.
The user may get the notification by eGuardian, which pops up a dialog box (see
Notifications and eGuardian on page 22). The following entries starting with
SendUDP define for which event such a dialog box is shown. If the value is 1, a
popup window is shown, if it is 0, nothing is shown.
SendMail Approve = <number>
SendUDP Approve = <boolean>
Purpose:

This sends a notification asking an authorizer to authorize the original


message.

Default:

1 for both entries

SendMail Choose = <number>


SendUDP Choose = <boolean>
Purpose:

The originator receives a notification asking him or her to select authorizers.

Default:

0 for SendMail, 1 for SendUDP

SendMail During OOO = <number>


SendUDP During OOO = <boolean>
Purpose:

Defines whether eGuard is to send notifications during out-of-office times.

Default:

0 for SendMail, 1 for SendUDP

SendMail EMIM Notify = <number>


SendUDP EMIM Notify = <boolean>
Purpose:

If the eMIM process receives a new message, the user receives a


notification.

Default:

1 for both entries

SendMail EMMS Notify = <number>


SendUDP EMMS Notify = <boolean>
Purpose:

If the eMMS process detects a problem, the user receives a notification.

Default:

1 for both entries

SendMail Rejected = <number>


SendUDP Rejected = <boolean>
Purpose:

A notification informs the originator that his or her message has been
rejected.

Default:

1 for both entries

AMS Technical Documentation

Registry Entries of AMS 57

SendMail Submitted = <number>


SendUDP Submitted = <boolean>
Purpose:

Tells the originator that his or her message has been submitted.

Default:

0 for both entries

SendMail TimeOut = <number>


SendUDP TimeOut = <boolean>
Purpose:

The originator is informed that the authorization process of his or her


message has timed out.

Default:

1 for both entries

SendMail TimeOutWarning = <number>


SendUDP TimeOutWarning = <boolean>
Purpose:

The originator is informed that the authorization process of his or her


message is still pending. This is an interim warning which is sent out after a
certain time calculated on the basis of various registry settings (e.g. Timeout
Notify Standard, Timeout Notify Urgent, Use Expiry Date, etc.).

Default:

1 for both entries

SendMail View Status = <number>


SendUDP View Status = <boolean>
Purpose:

If an authorization workflow is created and the authorizers are selected


automatically, the originator gets a notification containing a link to the
details page of the message.

Default:

0 for both entries

SendMail Withdrawn = <number>


SendUDP Withdrawn = <boolean>
Purpose:

If the workflow is withdrawn from the system the author receives a


notification.

Default:

0 for both entries

Use Expiry-Date on Notifications = <boolean>


Purpose:

If this setting is set to 1, each notification sent by the sentinel gets an


Expires: field in the mail header. The message expires after Timeout
overall has passed.

Default:

Use Message Importance also on Notifications = <boolean>


Purpose:

If this setting is set to 1, each notification sent by the sentinel gets an


Importance: field in the mail header. The importance of the notification is
the same as the importance of the original message.

58 Registry Entries of AMS

AMS Technical Documentation

Default:

Status Strings
Each message processed by AMS gets an internal status. The following entries associate
a string with each status. This string is used in the workflow databases and in log files.
Status Accepted = <string>
Purpose:

String value with the meaning message accepted.

Default:

Accepted

Status OutOfOffice = <string>


Purpose:

String value with the meaning out of office. Authorizers marked as being
out of the office are marked this way when selected.

Default:

Out Of Office

Status Private = <string>


Purpose:

String value with the meaning private message.

Default:

Private

Status Rejected = <string>


Purpose:

String value with the meaning message rejected.

Default:

Rejected

Status Timeout = <string>


Purpose:

String value with the meaning message timeout.

Default:

Timeout

Status Withdrawn = <string>


Purpose:

String value with the meaning message withdrawn.

Default:

Withdrawn

Registry Backup Settings


Update Sentinel REG (per hour) = <number>
Purpose:

All keys and entries below the registry key


[HKEY_LOCALMACHINE\Software\DIaLOGIKa\AMS\] are stored in the backup
file COPY_OF_AMS.REG on the hour. The hour when the last backup was
made is stored here (0-23). The registry key is stored as soon as the current
hour no longer matches this value. This value should not be changed.

AMS Technical Documentation

Registry Entries of AMS 59

Default:

(none)

Update User REG (per day) = <number>


Purpose:

All registry values below the key [HKEY_USERS\.AMSUser\] are stored in the
backup file COPY_OF_USER.REG at the beginning of the day. The day when
the last backup was made is stored here (1-31). The registry key is stored as
soon as the current day no longer matches this value. This value should not
be changed.

Default:

(none)

[Sentinel\AMS Check\Accept Mail From\],


[Sentinel\AMS Check\Accept Mail To\],
[Sentinel\AMS Check\Proof Mail From\],
[Sentinel\AMS Check\Proof Mail To\],
[Sentinel\AMS Check\Reject Mail From\],
[Sentinel\AMS Check\Reject Mail To\]
<string> = <dword_number>
By default, all messages coming into the AMS workflow have to be authorized,
consequently no configuration is needed. However, this can be configured more
precisely.
Each of these keys contains a number of rules. The rules of the Accept Mail From/To
keys define which messages from or to a specific address are always accepted and need
no authorization. The rules of the Proof Mail From/To keys define which messages
always need to be authorized, and the rules of the Reject Mail From/To keys define
which messages are always rejected. This enables messages to or from specific
addresses to be rejected by default or accepted automatically. In any case, the messages
are stored in the AMS system and, after the cleanup time [Sentinel\AMS Check\Timeout
Cleanup] has elapsed, they are sent to the logging address [Sentinel\LoggingAddress].
Each entry (rule) has the following syntax:
<address> = <value>
It is possible to use wildcards on the left side. However, the @ cannot be part of a
wildcard, e.g. *1 never matches abc@something.com. The universal e-mail address is
*1@*2. Note: the value on the right side must be a DWORD value.
If two or more rules in these keys match an address, the rule with the highest value is
applied. If the values are equal, reject is stronger than proof and proof is stronger than
accept.

Examples
[Accept Mail To\]
*1@something.com = 0x00000032 (50)
[Proof Mail From\]
someone@something.com = 0x00000064 (100)
60 Registry Entries of AMS

AMS Technical Documentation

[Reject Mail To\]


*1@something.com = 0x00000032 (50)
Meaning:

Any message going to something.com is rejected, as reject rules are


stronger than accept rules. However, if the message comes from
someone@something.com, it enters the normal authorization workflow, as
the middle rule has a higher value than the first and last ones.

[Sentinel\CGI Scripts\]
<string> = <string>
Using this registry key it is possible to define for which requested files the HTTP part of
the sentinel service starts a program on the AMS server instead of simply delivering the
file.
The syntax of each entry in this key is
<filename> = [<MIME type>,]<command>
<filename> is the name of the requested file for which the CGI program is started. It
may contain file name wildcards (*). <command> is the name of the program including
parameters. The <MIME type> defines the MIME type of the output generated by the
program. If this is specified, the sentinel creates the MIME header by itself, otherwise
this has to be done by the CGI program.

Examples
/sample.htm = text/plain,cmd.exe /c dir c:\*
Meaning:

Instead of delivering the requested file /sample.htm, the HTTP part of the
sentinel service supplies the output of the specified command as plain text.
In this example, the client receives a directory listing of C:\.

[Sentinel\Crypt]
CerPath = <string>
Purpose:

The path used by eCrypt to store the public certificates (*.cer files).

Default:

C:\\ams\\sentinel\\keys\\cer\\

Clear signing = <boolean>


Purpose:

Set to 1 if you want recipients who don't have S/MIME security to be able to
read the message. Note: this entry can be set using the eCrypt Management
Tool (Options menu, Settings command, Send clear text signed mail when
sending signed messages option).

Possible Values:

0 or 1

AMS Technical Documentation

Registry Entries of AMS 61

Critical difference = <number>


Critical if is higher than = <boolean>
Purpose:

Example 1: You want to classify certificates as critical if their usage has not
been valid at least once: Set the Critical if is higher than entry to 1 and set
the Critical difference percentage to 100.
Example 2: You want to classify certificates as critical if their usage has not
been valid more than 50% of the time: Set the Critical if is higher than entry
to 1 and set the Critical difference percentage to 50.
Note: this entry can be set using the eCrypt Management Tool (Options
menu, Settings command, the percentage of the actual access count and
the successful access count is lower than % option).

Critical if expired = <boolean>


Purpose:

Set to 1 if expired certificates are to be classified as critical. Note: this entry


can be set using the eCrypt Management Tool (Options menu, Settings
command, if it has expired option).

Possible Values:

0 or 1

Crypt After Spool = <boolean>


Crypt After Wire = <boolean>
Purpose:

These entries specify whether messages are to be encrypted and signed. If


not zero, the message is moved to the encode directory in order to be
encrypted and signed.

Possible Values:

0 or 1

DecodePath = <string>
Purpose:

The path used by eCrypt to look for messages to be decoded (i.e. decrypted
and validated).

Default:

C:\\ams\\sentinel\\decode\\

Decrypt Before Spool = <boolean>


Decrypt Before Undef = <boolean>
Decrypt Before Wire = <boolean>
Purpose:

These entries specify whether messages are to be decrypted and unsigned.


If not zero, the message is moved to the decode directory in order to be
decrypted and validated.

Possible Values:

0 or 1

EncodePath = <string>
Purpose:

The path used by eCrypt to look for messages to be encoded (i.e. encrypted
and signed).

Default:

C:\\ams\\sentinel\\encode\\

Handle outgoing = <number>


62 Registry Entries of AMS

AMS Technical Documentation

Purpose:

This entry stores which of the following options have been set using the
eCrypt Management Tool (Options menu, Settings command, Outgoing mail
handling frame):
1. Add digital signature to outgoing messages
2. Encrypt all content for outgoing messages
(the 3rd option Send clear text signed mail when sending signed messages is
stored by the entry Clear-signing, cf. above)
To get the value for this entry, add 1 if the first option is checked, add 2 for
the second. Cf. eCrypt Administrators Guide for more information on these
settings.

Example:

3 (which means that 1 and 2 are checked)

MainPath = <string>
Purpose:

The path where eCrypt and the sentinel are installed.

Default:

C:\\ams\\sentinel\\

Password = <string>
Purpose:

This entry stores the password which has been set using the eCrypt
Management Tool (Options menu, Password command). Cf. eCrypt
Administrators Guide for more information on this entry.

Example:

U4pP42Xfoy+Z3hZcGc27UTEJ

PfxPath = <string>
Purpose:

The path used by eCrypt to store full certificates (*.pfx Personal Information
Exchange files).

Default:

C:\\ams\\sentinel\\keys\\pfx\\

Set new Pending active = <boolean>


Purpose:

Set to 1 if new pending certificates are to get the Active status even if there
is already an existing active certificate for the respective user. Note: this
entry can be set using the eCrypt Management Tool (Options menu,
Settings command, Set new pending certificates as active certificates
option).

Possible Values:

0 or 1

Use Critical = <number>


Purpose:

This entry stores which of the following options have been set using the
eCrypt Management Tool (Options menu, Settings command, Critical
certificates frame):
1. Use critical certificates to sign outgoing messages
2. Use critical certificates to encrypt outgoing messages
3. No notification when critical certificates verify incoming messages
4. No notification when critical certificates decrypt incoming messages
Cf. eCrypt Administrators Guide for more information on these settings.

AMS Technical Documentation

Registry Entries of AMS 63

Example:

12 (which means that the third and fourth option (4+8) are checked)

Use Pending = <number>


Purpose:

This entry stores which of the following options have been set using the
eCrypt Management Tool (Options menu, Settings command, Use pending
certificates to options):
1. Use pending certificates to verify incoming messages
2. Use pending certificates to encrypt outgoing messages
Cf. eCrypt Administrators Guide for more information on these settings.

Example:

3 (which means that the first and second option (1+2) are checked)

Wait Timeout = <number>


Purpose:

This entry specifies in which time intervals (minutes) eCrypt checks the
decode and encode directory to see whether there is work to do.

Default:

10

[Sentinel\Crypt\eCrypt Management Tool Display]


These entries are used to store the size and location of the various user interface
elements of eCrypts workbench.

[Sentinel\Crypt\Encrypt Content Type]


These entries specify what eCrypt adds as the content type to the message header when
signing or encrypting the message.
Clear signing = <string>
Purpose:

This entry specifies what eCrypt adds to the message header when clearsigning the message.

Default:

application/x-pkcs7-signature;name=\"smime.p7s\"

Encrypting = <string>
Purpose:

This entry specifies what eCrypt adds to the message header when
encrpyting the message.

Default:

application/x-pkcs7-mime;name=\"smime.p7m\";smime-type=envelopeddata

Signing = <string>
Purpose:

This entry specifies what eCrypt adds to the message header when signing
the message.

Default:

application/x-pkcs7-mime;name=\"smime.p7m\";smime-type=signed-data

[Sentinel\Crypt\Global Error]
64 Registry Entries of AMS

AMS Technical Documentation

[Sentinel\Crypt\Spool Error (to outside)]


[Sentinel\Crypt\Undef Error]
[Sentinel\Crypt\Wire Error (to inside)]
These settings are documented in the eCrypt Administrator's Guide section The Result of
the Encryption Process, and in the eGateway Administrator's Guide section Crypt Error.

[Sentinel\Crypt\Mail Mime Type]


These entries specify which Content-Type message header fields trigger eCrypt. By
default the following three settings are set to 1 when AMS is installed:
"application/pkcs7-mime"="1"
"application/x-pkcs7-mime"="1"
"application/x-pkcs7-signature"="1"
Any other content types received by AMS are added to the registry with a value of 0.
The administrator may change the value to 1 in order to specify that this content type
is to be handled by eCrypt.

[Sentinel\eBusy]
With eBusy you can define certain working times that prevent AMS from requesting a
reply while nobody is at work. This part of the sentinel is described in detail in the
introductory section The eBusy Database on page 27.
All defined intervals are stored in the eBusy database file. A cache file is used to speed
up work time computation. The following registry settings mainly define the cache size
and the directory where both files are stored.
Cache Days Generate Before = <number>
Cache Days Generate After = <number>
Purpose:

The cache size is always updated so that it at least covers the time range of
the last eBusy request, plus a number of days before and after that range
specified by these registry entries.

Default:

5 (for both entries)

Cache Days Init Size = <number>


Purpose:

Specifies how many days the cache covers when it is created.

Default:

Default interval type = <number>


Purpose:

When no working time intervals are specified for a weekday, eBusy assumes
people work the entire day with a working level described by this entry.

AMS Technical Documentation

Registry Entries of AMS 65

Default:

100

eBusy File Directory = <string>


Purpose:

Specifies the directory where the eBusy database file (ebusy.dat) and the
eBusy cache file (ebusy.ecf) are stored.

Default:

(use the directory where the ebusy.dll is situated)

[Sentinel\eMIM]
Default Rotation = <number>
Purpose:

Incoming faxes are rotated by this factor before entering the eMIM
workflow.

Possible Values: 0, 90, 180, 270


Default:

Dispatch Extra Time = <number>


Purpose:

Providing Keep start time during dispatch (cf. below) is set to 1: If a


message in the eMIM queue is not fetched, forwarded or delegate within the
time frame specified by the registry entry Timeout EMIM Work, a notification
is sent to the superior of the owner of the eMIM queue. If the message has
been delegated the new individual responsible gets the remaining time from
the person who delegated the message plus the time frame specified in this
entry.
Example: A has 60 minutes to handle a message and delegates this message
after 20 minutes to B. Then B has the remaining 40 minutes plus 10 minutes
specified by this registry entry to handle the message.

Default:

10

Keep start time during dispatch = <boolean>


Purpose:

1 enables the registry entry Dispatch Extra Time. If 0 the new individual
responsible gets his own value of Timeout EMIM Work.
Example: The system value for Timeout EMIM Work is 60 minutes. There are
no user-specific entries for Timeout EMIM Work. A delegates a message after
20 minutes to B. Then B has another 60 minutes to handle the message.

Default:

Max Tiff Page Count = <number>


Purpose:

Specifies the maximum number of fax preview pages generated by eMIM. If


the fax is longer than the number of pages specified here only the first pages
are shown in the preview. However, the complete fax is included in the
message and all pages can be printed or viewed (after receiving the original
message via fetch or forward).

66 Registry Entries of AMS

AMS Technical Documentation

Default:

16

Maximum Notifications at a time = <number>


Purpose:

The inbound hierarchy is used by eMIM to construct a list of possible


inbound workers, i.e. to find out who is to receive notification as soon as
there is a new message in an eMIM queue. This registry entry specifies the
maximum number of users getting a notification for a new message at a
time. If there are more users (for one level) specified in the inbound
hierarchy, the remaining users will get a notification only if the message has
not been handled by the first group of workers.

Default:

64

Notify Superior and its Substitutes at once = <boolean>


Purpose:

If this entry is set to 1 a superior and all his/her substitutes are notified
simultaneously. If it is set to 0 substitutes are notified only if the superior did
not handle the message in time.

Default:

Urgent Message = <string>


Purpose:

You can flag a message as important, meaning that it may not leave eMIM
monitoring (i.e. the message may be fetched or delegated but not
forwarded). The entry may contain a formula. The result of the formula
should be 1 or 0, indicating that the message is important or not important
(cf. AMS Management Guide, section Message May Not Leave eMIM
Monitoring for more information).

Default:

[Sentinel\eMIM\From call eMIM]


[Sentinel\eMIM\From deliver immediately]
[Sentinel\eMIM\To call eMIM]
[Sentinel\eMIM\To deliver immediately]
These settings are defined using the eGateway Configurator. Please refer to the section
Inbound Routing in eGateway Configurator Administrators Guide for more information.

[Sentinel\eMIM\WWW-Settings]
Max User in SelectList = <string>
Purpose:

Number of entries in the address book displayed on one page.

Default:

30

[Sentinel\EMMS\]
Clean Finished Timeout = <number>
AMS Technical Documentation

Registry Entries of AMS 67

Purpose:

Problems encountered by eMMS and solved by an administrator are moved


to the Finished list on the eMMS portal page and stay there for the number
of minutes specified by this entry.

Default:

60

Delete temporary EMMS StdOut Files = <number>


Purpose:

Used when debugging eMMS.

Default:

eMMS only = <string>


Purpose:

By default, eGuards Entrance page is the portal page accessed by the


various links provided by AMS. If this entry is set to 1, eMMSs portal page
is used instead.

Default:

Maximum Revision Count = <number>


Purpose:

If a problem is not resolved within a specified time of period (cf. Workflow


Timeout entry below) administrators are notified again about the problem.
The notification count is increased by one. When the notification count
reaches the value specified by this registry entry, the problem is deleted
from the list of problems.

Default:

12

Notification Program = <string>


Purpose:

By default, eMMS uses the AMS user level to determine who should receive
a notification in case eMMS detects a problem. Alternatively, this entry can
be used to define a program or batch file name to be launched if eMMS
detects a problem.

Default:

Omit double Errors = <number>


Purpose:

If this entry is set to 1, when detecting a new problem eMMS checks


whether the same problem is already contained on the list of active
problems. It is added to the list only if is not yet available.

Default:

Scheduler = <string>
Purpose:

Program call to launch the eMMS process.

Default:

doemms.exe default

WorkFlow Timeout = <number>

68 Registry Entries of AMS

AMS Technical Documentation

Purpose:

This entry enables you to configure how long problems may remain
unresolved before administrators are notified again. For example, if a
problem is not resolved within 60 minutes administrators are notified again
about the problem.

Default:

60

[Sentinel\Environment\]
<string> = <string>
It is possible to use this part to define global environment settings for all AMS processes.
It should be used, for example, to redefine TMP and TEMP to the cache subdirectory.
The syntax of each entry is
<environment variable> = <value>
Names of environment variables are case-insensitive.

[Sentinel\External Config\]
<string> = <string>
This key contains several commands that are executed when the sentinel service is
started. Usually, various AMS applications are run to initialise themselves.
The syntax of each entry is
<program name> = <command with params>
<program name> is an identifier designed to make recognising the program easier for
the administrator; it is ignored by the sentinel. <command with params> is the
command that is executed from the sentinel directory.

[Sentinel\IMAP]
The settings below this key control the behaviour of the external IMAP server, thus
providing an alternative way to access the POP3 mailboxes. Please refer to IMAP Server
on page 9 for further information on the IMAP server.
Allow plain authentication = <boolean>
Purpose:

The server provides for two types of authentication: CRAM-MD5, where user
names and passwords are encrypted, and plain authentication, where the
credentials are transmitted as readable text. If you use Microsoft Outlook or
Outlook Express for IMAP access, you need to enable plain authentication,
since these clients do not support CRAM-MD5.

Default:

Check for new mail every = <number>


AMS Technical Documentation

Registry Entries of AMS 69

Purpose:

Specifies (in seconds) how often the server is to check the currently selected
folder for new messages and notify the client accordingly. If the setting is 0
(zero), automatic notification is disabled.

Default:

15

IMAP Port = <number>


Purpose:

The port number on which the IMAP server listens for incoming client
connections.

Default:

143

IMAP RCVBUF Buff = <number>


IMAP SNDBUF Buff = <number>
Purpose:

This entry defines the IMAP receive and send buffer size. The requests to the
IMAP server and the responses are received and sent in TCP/IP packets up to
this maximum size. A negative number means that the default buffer size is
used.

Default:

-1 (for both settings)

IMAP Recv TimeOut = <number>


IMAP Send TimeOut = <number>
Purpose:

Specifies the period in seconds during which the server attempts to receive
an expected command continuation or to send a response to the client
before it cancels the current operation. Note: The server never unilaterally
shuts down a connection to a client unless it is closed.

Default:

60 (for both settings)

Map INBOX to root = <boolean>


Purpose:

An IMAP mailbox can contain folders and subfolders, each of which may
contain messages except for the root folder. Also, a folder named INBOX
always has to be present. With this setting enabled, the messages appearing
in the INBOX are actually stored in the POP (root) folder so that these
messages are accessible via POP3 and IMAP. If this setting is disabled, the
IMAP server copies new messages from the root to the INBOX folder, thus
preventing a POP3 client from altering the messages in the IMAP INBOX.

Default:

Max number of messages per folder = <number>


Purpose:

Specifies the maximum number of messages in a folder that are made visible
to the client. If the number is 0 (zero), all messages are considered.

Default:

4096

MDN Notifier = <string>

70 Registry Entries of AMS

AMS Technical Documentation

Purpose:

If the recipient has read a message (i.e. if the Seen flag of the message is
set for the first time) and if a request for a read receipt is found in the
message header, the server sends this receipt to the originator of the
message by calling the application specified in this entry, with the message
file name as argument.

Default:

filter.exe mdnnotify

Show Protocol = <boolean>


Purpose:

If this entry is set to 1, all client-server communication via the IMAP


protocol is also written to the sentinel log.

Default:

use DNS to resolve IMAP client ip addresses = <boolean>


Purpose:

If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of the client computer sending an IMAP request. The resolved name is only
used in the log files.

Default:

Use MDN Notifier Requests = <boolean>


Purpose:

Generally enables or disables the sending of read receipts.

Default:

[Sentinel\Information\]
This key contains several strings that appear in AMS messages. These messages can be
adapted to other languages by changing these strings.
Append the Authorizer to X-Message-Flag
Purpose:

Specifies the text to be displayed in the X-message flag. Use variables


'%%Authorizer1CurrentNice%%' and '%%Authorizer2CurrentNice%%' (in
single quotes) as placeholders for the names of the authorizers, cf. Show
Authorizers to Recipient on page 25.

Default:

This message has been authorized by '%%Authorizer1CurrentNice%%' and


'%%Authorizer2CurrentNice%%'

Delivery aborted = <string>


Default:

delivery aborted

Delivery Problem = <string>


Default:

Temporary delivery problem

Delivery Problem Body = <string>


AMS Technical Documentation

Registry Entries of AMS 71

Default:

Your message did not reach some or all of the intended recipients.

Delivery Problem Body Aborted = <string>


Default:

No further attempts will be made to deliver the message.

Delivery Problem Body Keep on trying = <string>


Default:

Attempts to deliver the message will continue. No further action is required


by you.

HTTP_BadRequest = <string>
Default:

<html><head><title>Bad Request</title></head><body><h1>Bad
Request</h1>Sorry, I do not understand what you want.</body></html>

HTTP_FileNotFound = <string>
Default:

<html><head><title>File Not Found</title></head><body><h1>File Not


Found</h1>Try another filename.</body></html>

HTTP_TooManyConnects = <string>
Default:

<html><head><title>Too many
connections</title></head><body><h1>Access Denied, Too Many
Connections</h1>Try again later.</body></html>

[Sentinel\Internal Network\]
<string> = <string>
The SMTP part of the sentinel service distinguishes between messages from the inside,
from the outside and from an undefined location. By default, a message from any source
is treated as from the outside. Only messages from the IP address of the wire host
[Sentinel\SMTPWire] are treated as coming from the inside. If you logically connect more
than one device to the sentinel it may be necessary to define more inside IP addresses.
This registry key defines other inside sources for messages.
The syntax of each entry is
<name> = <network address> <subnet mask>
The name on the left side is designed to make identification of the network easier for the
administrator; the sentinel ignores the name. The network address and the subnet mask,
separated by a space, specify the range of IP addresses belonging to the internal
network. To determine whether a specific IP address belongs to a network, the sentinel
combines the IP address and the subnet mask with a logical AND and compares the
result with the network address.

Examples

72 Registry Entries of AMS

AMS Technical Documentation

Net 1 = 10.10.1.0 255.255.255.0


Net 2 = 196.17.1.17 255.255.255.255
DIaLOGIKa = 192.54.36.0 255.255.255.0
Meaning:

In this example, a net called Net 1 containing hosts from 10.10.1.0 to


10.10.1.255, a special host Net 2 with the IP address 196.17.1.17, and a
net called DIaLOGIKa with hosts from 192.54.36.0 to 192.54.36.255
belong to the internal network. All messages from these IP addresses (and
from the wire host) are considered to be from the inside.

[Sentinel\Logfiles]
The logging information produced by the different AMS processes can be easily accessed
via the Log files web interface. This key contains information about how the interface
should treat the data and fields in the AMS log files. To find out how to access these
registry settings via the Log file interface of the Diasepa Server Pages, please read Log
Files Interface on page 103.
To distinguish between the different types of logging information (log types), each log
file name has a four-letter prefix, e.g. HTTP is used for files that log accesses to the
web server. For more information on that topic, please refer to AMS Web-based Admin
Tools , AMS Log section.
The [Sentinel\Logfiles] key contains no entries, but instead several sub keys. Each sub
key must have a name of a log type, and only the sub keys defined here are displayed in
the log type selection box of the web interface.
Each of these log type keys may contain the following entries:
Display Name = <string>
Purpose:

This entry defines the name of the log type as it is display in the log type
selection box of the web interface.

Default:

The short name of the log type (i.e. the four-letter prefix)

Column Order = <string>


Purpose:

This entry specifies in which order the columns in the file are displayed in the
table of the web interface. The entry must be a comma-separated list of
column numbers (see below). You can leave out certain columns or display
them more than once.

Example:

0,1,5,4,2

Default:

0,1,2,n where n is the number of the last column (i.e., all columns are
shown in the order they appear in the file)

Column Settings
Each line in a log file is separated into several fields. You can specify how each field
should be treated by the web interface.

AMS Technical Documentation

Registry Entries of AMS 73

Each of the log type keys mentioned above may contain several sub keys, one for each
data field in the file. The name of each key must be the number of a field/column,
starting from 0. The first field (0) usually contains a time value. Each sub key contains
entries to describe the column. Please note that the next section contains an example to
show how to use all these settings.
Filter = <string>
Purpose:

Specifies a filter for the field, which must be a regular expression. If the data
in the field matches the filter, the whole line/row will not be displayed.

Example:

clock\.js

Default:

(no filtering is done)

Header = <string>
Purpose:

Specifies the header of the column displayed in the table.

Replace<x> = <string>
Replace<x>With = <string>
Purpose:

The data in the field can be modified according to these settings. If the data
matches Replace<x>, it is replaced with Replace<x>With, where <x> is a
digit between 0 and 9. At first, Replace0 and Replace0With are checked, then
Replace1 and Replace1With, and so on. This way, you can define up to ten
replacing rules.

Type = <string>
Purpose:

Specifies the data type of the current field. This can be Time for time
values, IP for IP addresses, Number for numbers and for no special
types. The type influences the way user-defined filter ranges are treated.
Example: If the user defines a filter range from 1 to 4, a lexicographic
comparison is performed, thus not filtering fields containing 12. This can be
avoided by giving the field the Number type, in which case the comparison
is done numerically.

Width = <string>
Purpose:

Specifies the width of the column when displayed. This can be a relative
value like 40% or an absolute value like 200px. In fact, the width string
given here is used as the WIDTH attribute of the TD tags in the table.

Example
[Sentinel\Logfiles\HTTP]
Column Order = 0,2,1
Display Name = HTTP - requests to the web server
[Sentinel\Logfiles\HTTP\0]
Header = Time
Type = Time

74 Registry Entries of AMS

AMS Technical Documentation

[Sentinel\Logfiles\HTTP\1]
Header = User agent
Replace0 = .*(MSIE[^;]*).*
Replace0With = $1
[Sentinel\Logfiles\HTTP\2]
Header = Requested file
Width = 100%
Meaning:

This example defines just one log type, HTTP. In the web interface, it will be
displayed as HTTP requested to the web server. The files contain at least
three columns, which are displayed in the order 0,2,1. The first column (0)
contains a time value. The second column (1) contains information about the
user agent. Via the Replace0 and Replace0With entries, the whole user agent
identification line will be replaced with the extracted browser name and
version number. The third column (2) contains the names of the requested
files. This column gets all the space on the screen not needed by the other
columns.

[Sentinel\MAIL from call AMS\],


[Sentinel\MAIL from deliver immediately\],
[Sentinel\MAIL to call AMS\],
[Sentinel\MAIL to deliver immediately\]
<string> = <dword_number>
These keys define whether or not to start the workflow for messages coming from or
going to specific addresses. By default, the workflow is started for each message from
the inside going to the outside. In MAIL from/to deliver immediately, it is possible to
specify addresses for which the workflow is not to be started. These messages pass
through the workflow completely. They are not stored in the workflow and no copy of
them is sent to the logging address. In MAIL from/to call AMS, it is possible to specify
addresses for which the workflow is to always be started.
Each entry (rule) has the following syntax:
<address> = <value>
It is possible to use wildcards on the left side. However, the @ cannot be part of a
wildcard, e.g. *1 never matches abc@something.com. The universal e-mail address is
*1@*2.
The value on the right side must be a DWORD value. If two or more entries in any of
these keys match the message address, the rule with the highest value is applied. If the
values of the matching rules are equal, the behaviour is undefined.

Examples
[MAIL to deliver immediately\]
*1@something.com = 0x00001000
[MAIL to call AMS\]
someone@something.com = 0x00002000
AMS Technical Documentation

Registry Entries of AMS 75

Meaning:

If an e-mail is going to any address at something.com, no workflow is


created and the mail is sent immediately. However, if an e-mail is sent to
someone@something.com, a workflow is started, as the second rule has a
higher value than the first.

[Sentinel\MiMail\]
Convert text plain2html = <boolean >
Purpose:

Plain text is converted to HTML (by default) to look nicer. Set this entry to 0
to prevent plain text from being converted to HTML.

Default:

Authorizer 1 is able to change message = <boolean>


Authorizer 2 is able to change message = <boolean>
Originator is able to change message = <boolean>
Purpose:

These entries belong to the Modify submitted messages feature (still under
development and not yet ready for use).
These entries specify whether the first authorizer, the second authorizer and
the originator are allowed to change the content and attachments of a
message in a workflow.

Default:

0 (for all entries)

[Sentinel\MiMail\Icons\]
<string> = <string>
The Message Details Page shows the user a list of all the files attached to the message.
Each file name has an icon next to it in keeping with the file type. This section specifies
which icon is to be used for which file type.
Icons can be specified via the extension of the file name or via the MIME type, the syntax
of each entry being respectively
<file extension> = <icon file>
or
<MIME type> = <icon file>,
The file name of the icon has to include the full path in relation to the HTTP base path. If
both the MIME type and the file extension are specified for a specific file type, the icon
file name given via the MIME type is taken.

Examples
application/msword = /images/icon_winword.gif
.doc = /images/icon_wordpad.gif

76 Registry Entries of AMS

AMS Technical Documentation

Meaning:

Files with the MIME type application/msword are indicated by the icon in
icon_winword.gif. Files with the extension .doc are indicated by the icon
in icon_wordpad.gif. The MIME type entry has a higher priority,
consequently MS Word documents are displayed with icon_winword.gif.

Special Entries
Default = <string>
Purpose:

If neither the MIME type nor the file extension is specified for a specific file
type, the icon file name given in this entry is taken.

Example:

/images/icon_attach.gif

Message = <string>
Purpose:

This entry specifies the icon for an e-mail message which is attached to the
message.

Default:

/images/icon_mail.gif

PutFile = <string>
Purpose:

This entry specifies the icon the user can click on to put an attached file on
the server. The icon is displayed in addition to the file type icon.

Default:

/images/putfile.gif

GetFile = <string>
Purpose:

This entry specifies the icon the user can click on to get an attached file from
the server. This icon is displayed in addition to the file type icon.

Default:

/images/getfile.gif

[Sentinel\MiMail\Edit\]
<string> = <boolean>
The settings in [Sentinel\MiMail\] determine whether certain persons may be able to
change the content of message attachments. By default, any type of attachment can be
changed. In this section you can specify which file types cannot be edited. The syntax of
each entry is
<MIME type> = <boolean>
Normally, only application/ms-tnef (Microsoft rich text format which may contain other
files) is set to zero, as MimeMail cannot extract the files in these containers.
If a specific MIME type cannot be found in this list, a new entry with that MIME type is
created and the Boolean value is set to 1 (= can be edited).

AMS Technical Documentation

Registry Entries of AMS 77

[Sentinel\MiMail\Mime Type\]
This key has no entries, but it may contain several subkeys. Each subkey has the name
of a weak MIME type, which is described in [Sentinel\MiMail\Mime Type\Weak\]. The
entries in each subkey all have the syntax
<extension> = <MIME type>
These associations enable MimeMail to easily determine the real MIME type of a weak
MIME type (see [Sentinel\MiMail\Mime Type\Weak\]).

[Sentinel\MiMail\Mime Type\Weak\]
<string> = <boolean>
This key contains a list of weak MIME types. For example, application/octet-stream is
weak, as it refers to any binary data, regardless of whether it is an image, a document,
etc. When MimeMail encounters an attachment with a weak MIME type in the header, it
tries to determine the real MIME type, e.g. image/jpeg, via the extension of the
attached file. It first asks the operating system, i.e. the Microsoft Class Registry, which
MIME type belongs to the extension. If the OS has no answer it reads from the general
AMS MIME type table in [Sentinel\MIME Types\]. The MIME type of the header remains
unchanged only if the extension is not listed there either.
Each entry in this key has the following syntax:
<MIME type> = <is weak>
If <is weak> is 1, the <MIME type> is treated as weak.

[Sentinel\MIME Types\]
<string> = <string>
When a browser requests a file, the HTTP part of the sentinel uses the standard Microsoft
Class Registry to derive the MIME type of that file from its extension. MimeMail, on the
other hand, uses the Class Registry to derive the real MIME type of a weak
attachment type (see [Sentinel\MiMail\Mime Type\Weak\]).
If you use special file extensions which are not supported by any software on the AMS
server or which only have a meaning in the AMS workflow, you can specify additional
MIME types here without changing the standard class registry key as changing the
standard class registry key may have undesirable side effects.
Note: this key does not override the MIME types in the class registry key, but is only
looked up when the class registry key does not know the MIME type.
Each entry has the syntax
<extension> = <MIME type>
where a file with a certain <extension> has the specified <MIME type>.

78 Registry Entries of AMS

AMS Technical Documentation

Examples
.txt = text/plain
.html = text/html
Meaning:

These settings define the MIME types of .txt and .html files.

[Sentinel\POP3\]
POP3 Port = <number>
Purpose:

This entry specifies the port number where the POP3 part of the sentinel
listens for connection requests.

Default:

110

POP3 Recv TimeOut = <number>


Purpose:

This entry defines how many seconds the reception of POP3 data may take
until the sentinel diagnoses a connection timeout.

Default:

60

POP3 Send TimeOut = <number>


Purpose:

This entry defines how many seconds the sending of POP3 data may take
until the sentinel diagnoses a connection timeout.

Default:

60

Send Buffer Size = <number>


Purpose:

This entry defines the POP3 send buffer size. The responses to a POP3
request are split into TCP/IP packets up to this maximum size.

Default:

512

use DNS to resolve HTTP client ip addresses = <boolean>


Purpose:

If this entry is set to 1, the sentinel uses the DNS to resolve the IP address
of the client computer sending a POP3 request. The resolved name is only
used in the log files.

Default:

[Sentinel\POP3\User\]
This key has no entries. It contains subkeys for each POP3 mailbox on the AMS server.
The name of each subkey is the mail address of the mailbox.
Each subkey contains the following entries:

AMS Technical Documentation

Registry Entries of AMS 79

GUID = <string>
Purpose:

This is the (unencrypted) password used to access the POP3 mailbox.

Path = <string>
Purpose:

The path in which the messages of the POP3 mailbox are stored.

Default:

<pop3path>\<address> where <pop3path> is defined in


[Sentinel\Pop3Path] and <address> is the mail address.

Example:

C:\AMS\SENTINEL\POP3\SOMEONE@COMPANY.COM

[Sentinel\RegistryWatch\]
The settings below this key control the behaviour of RegistryWatch, an optional utility
which monitors and logs changes made to the registry. Please refer to the description of
regwatch.exe for further information. The key does not exist if RegistryWatch is not
installed.
Monitor Key = <string>
Purpose:

This is the root key of the registry tree that is being monitored, along with
included and excluded subkeys. The syntax is identical to the command-line
syntax of regwatch.exe.

Default:

HKLM\Software\DIaLOGIKa\AMS\Sentinel -"Transfer Failures"

Example:

HKCU\Software\Microsoft\Office Word +Word\Addins

RegistryWatch Hive = <string>


Purpose:

The name of the file where the [HKEY_USERS\.AMSUser\] hive of the


registry is stored. It is used when the hive is created for the first time, and
should not be changed while RegistryWatch is running.

Default:

<SENTINEL_DIR>\REGWATCH_HIVE

Example:

C:\AMS\SENTINEL\REGWATCH_HIVE

[Sentinel\Relay for Global (any side)\],


[Sentinel\Relay for Spool (outside)\],
[Sentinel\Relay for Wire (inside)\]
<string> = <string>
When using an internal network with several mail servers, it may be necessary to
dispatch different addresses to different servers for messages leaving the sentinel.
These sections define where the sentinel is to send a message after it has been
processed, i.e. after the message has passed the address routing, filter and workflow
steps. Here, too, it is possible to set up different definitions for messages from the inside,
80 Registry Entries of AMS

AMS Technical Documentation

from the outside or from undef. (The key [Sentinel\Relay for Undef\] is described in the
next section.)
The syntax of an entry in each of these keys is
<destination address> = <hostname>[:<port>]
The sentinel checks whether the To field of the message matches the destination
address. The destination address may contain wildcards (*1, *2, ) in order to specify a
range of addresses. However, the @ cannot be part of a wildcard, e.g. *1 never matches
abc@something.com. The universal e-mail address is *1@*2.
The host name is the name of the host where the message is sent via SMTP. It can be an
IP address or a DNS name. If the port number is not specified, the sentinel assumes the
default SMTP port (25).
For messages in the wire directory (incoming), the sentinel tries to apply the rules in
[Sentinel\Relay for Wire (inside)\], for messages in the spool directory (outgoing), the
sentinel tries to apply the rules in [Sentinel\Relay for Spool (outside)\]. The sentinel
checks the rules in [Sentinel\Relay for Global (any side)\], too, only if none of the rules
match.
If none of the rules match, the sentinel sends incoming messages to the WireHost
[Sentinel\SMTPWire] and outgoing messages to the SMTPHost [Sentinel\SMTPHost].
If two or more rules match, the result is undefined.

Examples
[Sentinel\Relay for Spool (outside)\]
*1@subsidiary.com = mail.subsidiary.com
Meaning:

A subsidiary exists in this example. All mail going to subsidiary.com is sent


directly to its mail server, mail.subsidiary.com. All other mail is sent to the
SMTPHost.

[Sentinel\Relay for Wire (inside)\]


*1@exchange.mycompany.com = 196.7.7.14
*1@lotus.mycompany.com = 196.7.9.27:26
Meaning:

In this example, the company has the global e-mail address


@mycompany.com, but inside the company Lotus and Exchange servers are
used side by side. The Lotus Domino server also has its SMTP server defined
on a non-default SMTP port (here: 26). Using the above definition, the
sentinel is able to dispatch incoming messages. It is also possible for Lotus
users to authorize Exchange authors and vice versa.

[Sentinel\Relay for Undef\]


<string> = <string>
Note: Use eGateway to configure this setting and the setting Relay for Undef 2 (cf.
eGateway Administrator's Guide).

AMS Technical Documentation

Registry Entries of AMS 81

If a message is classified as from undef, the sentinel dispatches the message in


accordance with the rules defined in this key. This happens after AddressRouting from
Undef has taken place.
The syntax of each rule (entry) is:
<destination address>@<hostname1>[@<hostname2>[@<hostname3>]] =
[<value>,]{TO_INSIDE|TO_OUTSIDE|<hostname>}
The sentinel checks whether the To field of the message matches the destination
address. The destination address may contain wildcards (*1, *2, ) in order to specify a
range of addresses. However, the @ cannot be part of a wildcard, e.g. *1 never matches
abc@something.com. The universal e-mail address is *1@*2.
<hostname1> specifies the host that sent the message to the sentinel (i.e. the host
where the message originated), <hostname2> is the host which sent the message to
<hostname1>, and so on. A rule matches if the destination address matches and if the
message was routed along the path specified in the rule. All <hostnames> have to be IP
addresses.
The <value> is the weight of the rule. If it is omitted, the default value of 50 is
assumed.
The last part defines what is done with the message. The keyword TO_INSIDE means
the message is put into the wire directory, thus being treated as an incoming message.
Message handling continues with the application of the filter. Similarly, the keyword
TO_OUTSIDE means the message is put into the spool directory and treated as an
outgoing message. If a <hostname> is given instead, the sentinel sends the message
directly to this host. The host name can be a DNS name or an IP address.
Refer to Undef Network on page 7 for further information.
If two or more rules match, the rule with the most host names on the left side is taken. If
there are still two or more rules that match, the rule with the highest <value> is applied.

Examples
*1@*2@192.168.99.10 = 192.168.99.13
*1@*2@192.168.99.13@192.168.99.10 = TO_OUTSIDE
Meaning:

This is an example of a company which runs a server that checks incoming


mail for viruses, offensive language etc. and returns the mail to the sender
as needed. The rules in this example show how the sentinel can be
configured to work with these servers, assuming the mail server (SMTPWire)
has the IP address 192.168.99.10 and the mail-checking server has the IP
address 192.168.99.13.
The first rule says: Send any mail coming from the inside (the mail server)
to the mail-checking server.
The second rule says: Treat any mail from the inside (the mail server) that
has been through the mail-checking server as outgoing mail.

*1@*2@192.168.99.10 = 192.168.99.13
*1@*2@192.168.99.13@192.168.99.10 = 30,TO_OUTSIDE
log@company.com@192.168.99.13@192.168.99.10 = 60,TO_INSIDE

82 Registry Entries of AMS

AMS Technical Documentation

Meaning:

This example extends the above example. The mail-checking server may be
configured to send mail with viruses, offensive language etc. to the address
log@company.com. In this case the third rule matches, as it has a higher
value than the second rule. Mail from the mail-checking server to an inhouse address is treated as incoming mail, is put into the wire directory
etc.

[Sentinel\Rules\]
Do Default if Remove not specified = <boolean>
Purpose:

If a filter rule matches but no remove action is defined in that rule, the
default action (i.e. sending the message to the recipient) is performed unless
this entry is set to 0.

Default:

Filter Final Time = <number>


Purpose:

If a message has been waiting in the filter directory for more than the
number of seconds specified here, it is sent to the address defined in
Unfiltered SMTP Address (cf. below). If this address is not specified, the
message remains in the filter directory and is not filtered any more.

Default:

86400 (one day)

Filter Recheck Time = <number>


Purpose:

The filter schedule program continuously checks the filter directory for
messages that have been waiting there for more than the number of seconds
specified in this entry. If the schedule program finds such a message, it tries
to filter it again.

Default:

1200 (twenty minutes)

Remove breaks Default = <boolean>


Purpose:

If a filter rule matches and a remove action is defined in that rule, the
default action (i.e. sending the message to the recipient) is not performed
unless this entry is set to 0.

Default:

Remove is global and breaks all rules = <boolean>


Purpose:

If a filter rule matches and a remove action is defined in that rule, the
message is deleted and all other actions are ignored unless this entry is set
to 0.

Default:

Unfiltered SMTP Address = <string>

AMS Technical Documentation

Registry Entries of AMS 83

Purpose:

If a message cannot be filtered until the Filter Final Time has been reached
and if this entry contains an e-mail address, the message is sent to this
address. Otherwise, the message remains in the filter directory and is not
filtered anymore.

Default:

[Sentinel\Rules\Content\]
Cf. Content Handler.

[Sentinel\Rules\From Inside\],
[Sentinel\Rules\From Outside\],
[Sentinel\Rules\Global\]
These keys contain the filter rules for messages coming from the inside and from the
outside. These rules may also be defined and changed via the web interface. First, the
rules in [Rules\Global\] are checked. Then the rules in [Rules\From Inside\] or in
[Rules\From Outside\] are checked to determine if the message respectively comes from
the inside or the outside.
Each rule is saved in a registry key which has the same name as the rule itself. Each key
has the two entries Condition and Importance as well as a number of entries for the
actions to be performed.
Condition = <string>
Purpose:

This entry specifies a condition that the message must fulfil so that the filter
rule can be applied. The syntax of the expression is described in eCrypt
Administrator's Guide, Filter Rules section.

Default:

Importance = <number>
Purpose:

Among all the rules that match, the rule with the highest importance is
applied. This entry defines the importance for a rule.

Default:

Filter Actions
Each filter action entry has the following syntax:
{IF|ELSE} <remove|reply|send> <number> = <address>
An entry beginning with IF defines an action which is executed if the filter condition
matches, while an entry beginning with ELSE defines an action which is executed if the
filter condition does not match.
Note: ELSE branches are not yet supported by the web interface, however another rule
with the negated condition (NOT command) can be defined to achieve the same effect.
84 Registry Entries of AMS

AMS Technical Documentation

The next word refers to the type of action:


remove means the message is not sent to the default recipient.
reply means the message is sent in-house if it came from the inside or it is sent out
if it came from the outside (it may be returned to the sender). In this case, the
message changes its direction.
send means the message is sent in-house if it came from the outside or it is sent
out if it came from the inside. In this case, the message keeps in the same direction.
The number defines the order in which the actions are displayed on the rules page and
executed.
The address is the address to which the message is sent. It is a filter expression which
has to evaluate to a string. For example, pre-defined variables and conditions can be
used to determine the destination address. The original message and all copies of the
messages created by filter actions are not filtered again.

Examples of Filter Actions


IF remove 1 =
IF reply 2 = From$
IF send 3 = log@company.com
Meaning:

If the filter condition matches, the default recipient does not get the
message. It is returned to the sender, and then a copy is sent to an internal
address log@company.com. Note that there are double quotes: The inner
quotes are needed because the address is a string literal (see also Filter
Rules in the eCrypt Administrator's Guide).

[Sentinel\Scheduler\]
<string> = <string>
This key defines additional programs that are regularly run by the sentinel. These entries
can be edited using the AMS management tool (Rdexpo ).
The syntax of each entry is
<program> = <minutes>,<command with params>
<program> is an identifier for the program and is needed in [Sentinel\Security\]. The
<command with params> is invoked every <minutes> minutes.

Examples
Test Program every 5 minutes (Sample)=5,test.exe
Meaning:

The program test.exe will be launched every 5 minutes.

[Sentinel\Security\]
AMS Technical Documentation

Registry Entries of AMS 85

<string> = <string>
By default, the sentinel runs in the system context. This causes problems when the
sentinel service tries to perform the following actions:
The sentinel starts a scheduling program [Sentinel\Scheduler\] that requires certain
rights in order to be run.
The sentinel needs to access shared directories.
This key defines the names and passwords of users who have permission to access
shared directories and to launch programs.
The passwords are encrypted, consequently there is no use in modifying these settings
manually: use the AMS management tool (Rdexpo) instead.

[Sentinel\Server Page Extensions\]


<string> = <string>
This key defines which files the HTTP part of the sentinel should pre-process by running
the scripting engine.
The syntax of each entry is
<extension> = <value>
<extension> is a file type. Files of that type are not pre-processed unless <value> is set
to 1. A special <extension> NULL stands for all extensions not listed here.

Examples
.ams = 1
.css =
.dcss = 1
NULL =
Meaning:

In this example, whenever a file with the extension .ams or .dcss is


requested, the HTTP part of the sentinel pre-processes it before delivering it.
Files with .css and all other extensions are delivered immediately.

[Sentinel\Transfer Failures\]
<string> = <dword_number>
In this section the sentinel creates an entry for each message that could not be sent. The
left side of the entry specifies the file name of the message, including the full path. The
right side contains a counter which is incremented each time the sentinel retries sending
the message. Refer to Mail Transfer Failure Settings on page 43 for more information.

[Sentinel\Translation\]
86 Registry Entries of AMS

AMS Technical Documentation

<string> = <string>
This key is obsolete. It contains rules for simple 1:1 translations of a recipients
addresses. Each entry (rule) has the following syntax:
<old address> = <new address>
When receiving a message with the <old address> in the To: field, the SMTP part of
the sentinel changes the field to the respective <new address>.
Use the address routing rules instead [Sentinel\AddressRouting\], as they provide a
much more flexible way to change the recipients address.

[Sentinel\Undef Network\]
<string> = <string>
The sentinel distinguishes between messages from the inside, from the outside and from
an undefined location. By default, all messages are considered to be from the outside.
Only messages from the wire host [Sentinel\SMTPWire] and from the hosts defined in
[Sentinel\Internal Network\] are treated as messages from the inside. In this section,
you can define hosts or networks which belong to the undef network.
These settings affect address routing and message relaying (see Undef Network on page
7, [Sentinel\AddressRouting from Undef\] and [Sentinel\Relay for Undef\]).
The syntax of each entry is
<network name> = <IP address> <subnet mask>
Refer to [Sentinel\Internal Network\] for more information about the meaning of
<network name>, <IP address> and <subnet mask>.

[Sentinel\User\]
The settings in this key and its subkeys contain general settings defining how to manage
the user database as a whole.

[Sentinel\User\Exchange\]
Edit Periods = <boolean>
Purpose:

Set to 1 in order to enable the editing of unavailability periods. Set to 0 to


hide the unavailability periods frame on the Unavailability Settings page.

Example:

[Sentinel\User\Settings\]
AMSUser Hive = <string>

AMS Technical Documentation

Registry Entries of AMS 87

Purpose:

The name of the file where the [HKEY_USERS\.AMSUser\] hive of the


registry is stored. It is used when the hive is created for the first time, and
should not be changed.

Default:

<SENTINEL_DIR>\GLOBAL_USER

Example:

C:\AMS\SENTINEL\GLOBAL_USER

[Sentinel\User\Import\], [Sentinel\User\Export\]
It is possible to keep the AMS user database synchronized with the user database of the
home message system. (This can only be an Exchange server at this time.) Refer to
AMS User Database and Other Message Systems on page 18 for more information.
One way to do this is to export the user database in Exchange as a text file (.csv), and
then import this file using the Exchange command-line option of the AMS management
tool (Rdexpo). For further information about the usage of this command-line option, refer
to the AMS Management Guide.
The AMS management tool then uses the settings in [Sentinel\User\Import\Exchange\]
to translate Exchange user property names in the text file to AMS user property names.
Each entry of this key has the following syntax:
<Exchange field name> = <AMS field name>
Additionally, there are some entries which have a special meaning:
_Field Separator = <number>
_Quote = <number>
_Separator = <number>
Purpose:

These entries define the ASCII values of special characters in the text file
used for quoting strings (_Quote), separating fields (_Field Separator), and
separating properties in a field (_Separator).

The [Sentinel\User\Export\] key comes into play when users are exported from the AMS
user database into a text file (.csv) from the AMS management tool (Rdexpo). The key
contains the above settings in the opposite direction (export), i.e. each entry has the
following syntax:
<AMS field name> = <Exchange field name>
Again, special characters used for quoting and separating can be defined in the same way
as above.

User Registry Settings


AMS stores its user database in the [HKEY_USERS\.AMSUser\] hive of the registry and is
regularly backed up [Sentinel\AMS Check\Update User REG (per day)].
Refer to the introductory section User Database and AMS Management and to the AMS
Management Guide for a detailed explanation on authorizer trees, groups and database
synchronization.

88 User Registry Settings

AMS Technical Documentation

This section describes all the registry entries below the [HKEY_USERS\.AMSUser\] key.
Note: all of these entries can be conveniently edited using the AMS management tool
(Rdexpo).

[HKEY_USERS\.AMSUser\]
Eguardian valid for min = <number>
Purpose:

The regular requests of eGuardian can be used to determine if a user is out


of the office. If no request is received within the number of minutes specified
in this entry, AMS Sentinel assumes that the user has turned off eGuardian
and automatically stops trying to detect the users out of office status.

Default:

10080 (one week)

Exchange Server = <string>


Purpose:

(reserved)

Default:

(empty string)

Show All Authorizers As Default = <boolean>


Purpose:

This entry enables you to control what is to happen if a user has no


substitutes and no superior. 1 means all users having an authorization level
are put on the authorization list. 0 means no user is put on the authorization
list.

Default:

Use Eguardian = <boolean>


Purpose:

eGuardian regularly sends requests to the AMS server. If this entry is set to
1, these requests are used to determine whether a user has shut down his
computer, thus being treated as out of the office.

Default:

Use OutOfOffice from Exchange = <boolean>


Purpose:

(reserved)

Default:

Use Substitutes directly = <boolean>


Purpose:

If this entry is set to 1, the authorizer list of a user starts with the user
himself, continues with his substitutes, then with the users superior, etc. If
this entry is set to 0, the authorizer list of a user begins with the user
himself and then immediately continues with the users superior (the
substitutes are left out).

Default:

AMS Technical Documentation

User Registry Settings 89

Single User
The rights and properties of each user are stored in a subkey of
[HKEY_USERS\.AMSUser]. The name of the subkey is the AMS user name, which is
always the users e-mail address. The default value of the following settings is always
(empty string).

System Data
Alias = <string>
Purpose:

This entry contains the unique value of the user in the message system from
where the users data has been imported. This entry should not be changed.

AMS User Level = <string>


Purpose:

This entry may contain the strings _USER and/or _ADMIN. If a user is
_ADMIN, s/he is allowed to administer the server. If the user is _USER, s/he
is allowed to administer the user entries.

Changed Date = <number>


Purpose:

This is the date (minutes since 01/01/1900) of the changes last made to the
user data in the home message system (e.g. Exchange). This entry should
not be changed.

Container = <string>
Purpose:

This entry contains the container where the user is located in the home
message system (e.g. Exchange). This entry should not be changed.

Creation Date = <number>


Purpose:

This is the creation date (minutes since 01/01/1900) of the user data in the
home message system (e.g. Exchange). This entry should not be changed.

deleted = <boolean>
Purpose:

If a user is deleted in the home message system (e.g. Exchange), s/he is not
deleted from the AMS user database in order to keep the current
authorization tree up to date. Instead, this flag is set to 1, and the user
level is set to an empty string so that the user can no longer authorize any
messages. (The administrator has to rearrange the authorization tree
manually, as this cannot be done by the system.)

EMail = <string>
Purpose:

If the user properties have been imported from another system, this entry
contains the users e-mail address according to this system.

First Authorizer = <string>

90 User Registry Settings

AMS Technical Documentation

Purpose:

This is the user name (e-mail address) of the first default authorizer. The
user can modify this value in his or her Personal Settings, therefore this
value should not be altered via the AMS management tool.

GUID = <string>
Purpose:

This is a unique value comprised of the user name and the user password.
When the user performs a workflow action (e.g. clicking on the accept link)
the GUID is sent instead of the user name and password being sent to the
HTTP server. The server can extract the user name and password from this
value to verify the permission to perform the action. The GUID is stored
locally in a browser cookie. The user can always force AMS to generate a
new value and send it to him/her in a message.

Head = <string>
Purpose:

The user name (e-mail address) of the users superior.

Home Server = <string>


Purpose:

This is the server where the user has his or her mailbox, point of presence
etc. AMS uses this entry for user-specific out-of-office solutions or LDAP
queries. This entry should not be changed.

Level = <string>
Purpose:

This is the authorizer level of AMS. Currently the following levels are
configured: a single letter A, B or C, or an empty string if the user has
no authorization level.

NiceName = <string>
Purpose:

This entry contains the name of the user in a user-readable way. It is used
on the pages of the web interface, e.g. on the portal page or in the select
authorizers list.

NTAccount = <string>
Purpose:

This is the unique name of the users NT account. This entry should not be
changed.

Out of Office = <string>


Purpose:

This value (minutes since 01/01/1900) indicates until when the user will be
out of the office. Notifications of the AMS system are sent to this user,
however the system does not wait for a timeout to look for a substitute.

Second Authorizer = <string>


Purpose:

This is the user name (e-mail address) of the second default authorizer. The
user can modify this value in his or her Personal Settings, therefore this
entry should not be changed via the AMS management tool.

Send directly = <boolean>


AMS Technical Documentation

User Registry Settings 91

Purpose:

Messages from this user pass the AMS system without needing any further
authorization.

Sign Of Life = <number>


Purpose:

This number includes several data items: The IP address of the user which is
needed to send UDP notifications; the time of the last connect to the AMS
server used to determine whether the user is to be treated as being out of
the office (e.g. due to the client computer crashing); and the version number
of the client used to check for client updates.

Substitutes = <string>
Purpose:

This entry contains a comma-separated list of the user names (e-mail


address) of the users substitutes.

Timeout Global EMIM


Purpose:

= <number>

If this entry is not empty, it overrides the [Sentinel\AMS Check\Timeout


EMIM Overall] entry for this user.

Timeout Notify Standard = <number>


Purpose:

If this entry is not empty, it overrides the [Sentinel\AMS Check\Timeout


Notify Standard] entry for this user.

Timeout Notify Urgent = <number>


Purpose:

If this entry is not empty, it overrides the [Sentinel\AMS Check\Timeout


Notify Urgent] entry for this user.

Timeout Start Work = <number>


Purpose:

If this entry is not empty, it overrides the [Sentinel\AMS Check\Timeout


Start Work] entry for this user.

Timeout Work EMIM = <number>


Purpose:

If this entry is not empty, it overrides the [Sentinel\AMS Check\Timeout


EMIM Work] entry for this user.

Timeout Work completed = <number>


Purpose:

If this entry is not empty, it overrides the [Sentinel\AMS Check\Timeout


Work completed] entry for this user.

Use Default Authorizer = <number>


Purpose:

The possible values in this entry are 0, 1 and 2. If this value is 0, the
AMS system always asks the originator for the authorizers of each message.
If this value is 1, the automatic authorizers or the above-specified first and
second authorizers are automatically selected as the authorizers of each
message. If this value is 2, the system resets this value to 1 for the
users next message and asks for authorizers only once. Each user can set

92 User Registry Settings

AMS Technical Documentation

this entry in his or her Personal Settings, therefore this entry should not be
changed via the AMS management tool.
User Proof Hash = <string>
Purpose:

(reserved)

Personal Data
The following entries can be left empty:
GivenName = <string>
Surname = <string>
Title = <string>
Purpose:

These entries specify the users given name, surname and title.

Address = <string>
City = <string>
Country = <string>
State = <string>
Zip = <string>
Purpose:

These entries specify the users postal address.

Company = <string>
Department = <string>
Purpose:

These entries specify the company and the department where the user
works/is employed.

Groups
The settings of each group are to be found in a subkey of [HKEY_USERS\.AMSUser\].
Each group subkey has the special name <group_name>@group.ams. This name is not
really an e-mail address. Instead, the group.ams domain indicates that the subkey
contains settings for a group. The default value for the following settings is always
(empty string).
NiceName = <string>
Purpose:

The group name in a user-readable version.

Substitutes = <string>
Purpose:

A comma-separated list of the user names (e-mail addresses) of all group


members.

Diasepa Server Page Extension


As mentioned in the introduction, the Diasepa Server Page Extension is an ActiveX
control that is used in the VBScript sections of the Diasepa files in order to display
AMS Technical Documentation

Diasepa Server Page Extension 93

dynamic content. (Refer to Diasepa Server Page Extension on page 93 for an explanation
of how the Diasepa engine works.)
This ActiveX control has four interfaces that give the programmer access to different
parts of the system:
The Session Interface offers basic functions for defining values, reading environment
variables, changing registry settings, etc. In addition, it is used to read and write
values from the user and workflow databases.
The MimeMail Interface provides access to the content and the attachments of a
message.
The Rules Interface is use to read and write the filter rules in the registry.
The Equation Interface is used to check and evaluate filter rule conditions.
This section describes the functions (methods) and properties of the interfaces.
Functions (methods)
The following notation is used for the function headers:
<returntype> <functionname>(<argtype1> <arg1>, <argtype2> <arg2>, )
Example:

string GetDefaultAuthorizerByIndex(string User, long Index)

Meaning:

The function (method) with the name GetDefaultAuthorizerByIndex takes


two arguments: a string User and a long integer Index. The function
returns a string.

Functions only use the three types: string, long and integer, corresponding to the Visual
Basic data types String, Long and Integer. If no return type is given, the function doesnt
return anything.
Properties
Properties can be regarded as functions to which a value can be assigned. They are
notated with the keyword property.
Example:

property long SignOfLife(string User, string SignName)

Meaning:

The property with the name SignOfLife has two string parameters: User
and SignName. Calling SignOfLife returns the value of the property in
accordance with the parameters specified. In addition, values can be
assigned to the property, e.g. SignOfLife(strUser, strSignName) = 1

Using Diasepa elsewhere


The ActiveX control can be used in other programming languages, but there may be
differences in accessing the functions. The complete C function header for the above
function example would be:
HRESULT GetDefaultAuthorizerByIndex([in] BSTR User, [in] long Index, [out,
retval] BSTR *Result);

94 Diasepa Server Page Extension

AMS Technical Documentation

The return type is always HRESULT. The real return value of the function is always
passed via the last parameter, which must be a pointer. BSTR is the Visual Basic String
data type.
The complete C function header for the above property example would be:
HRESULT SignOfLife([in]BSTR User,string SignName,[out,retval]long *PVal);
HRESULT SignOfLife([in] BSTR User, [in] BSTR SignName, [in] long NewVal);
SignOfLife actually consists of two functions: The first one reads the property and returns
the value via the last argument, the second one sets the property to the value given in
the last argument.

Session Interface
The Session Interface can be accessed in VBScript via:
Set AMS = CreateObject(DIASEPA.Session)
The functions can then be accessed via AMS.Init(), etc.

Initialisation and Value-Defining Functions


Init(integer Sessionkey)
Initialises the Diasepa Session Object with the Sessionkey, which is the window handle of
the script interpreter running. In an AMS file, you should use <<!!>> as the window
handle. This special placeholder is replaced with the actual window handle before the
script is executed.
DefineValue(string Valuename, string Value)
Defines a new value in the value file. All occurrences of %%<Valuename>%% in the
HTML form are replaced by the specified Value (string).
DefineValueQuote(string Valuename, string Value)
Like DefineValue, however the character is converted into .
DefineValueQuote2(string Valuename, string Value)
Like DefineValue, however two consecutive single quotes are converted into one
double quote .

Environment Variable Functions


ReadFileIntoEnvironment(string Filename)
If an HTML form with ENCTYPE=application/x-www-form-urlencoded has been POSTed,
this function can read the environment. Afterwards the environment can be accessed as
if the form had been submitted by GET. Advantage: The URL isnt ruined.
(e.g. AMS.ReadFileIntoEnvironment AMS.GetEnv(SENTINEL_TMPFILE))
string GetValueFromPost(string Postfile, string Name)
AMS Technical Documentation

Diasepa Server Page Extension 95

Reads the entry with the specified Name from a Postfile. (If long strings or strings with
CRLF have been POSTed, they cannot be accessed via ReadFileIntoEnvironment.)
string Getenv(string Varname)
Returns the value of the environment variable Varname.
Setenv(string Varname, string Varvalue)
Sets the environment variable Varname to Varvalue.

Database and Snapshot Functions


string CreateANewDB(string DBName, string Name, string Value)
Create a new database which is derived from the database DBName or from the main
database if DBName is . All entries (records) that fulfil the condition Name=Value are
written to this database. The result is a name key to the new database. Databases have
a limited lifetime. Nevertheless, they should be deleted manually.
string CombineTwoDBs(string SourceDB1, string SourceDB2)
This command combines two databases: SourceDB1 and SourceDB2. It ensures that no
records with the same Idnr are created. The result is a key to the new database.
DeleteDB(string DBName)
The database with the key DBName is deleted.
CreateSnapShot(string Name, string Value)
An internal snapshot of the database is generated. It contains all the entries (records) for
which Name=Value is true. See also GetUniqueWhere.
CreateSnapShotFromDB(string DBName, string Name, string Value)
Like CreateSnapShot, however this derives a snapshot from a specific database DBName.
long GetSnapShotCount()
Returns the number of entries (records) in the snapshot.
string GetSnapShotValueByIndex(long Index, string Name)
Returns the value of the Index-th entry (record) in the snapshot with the Name specified.

Workflow Database Functions


string GetUniqueWhere(string Name, string Value, long Index)
Returns the workflow ID (unique) for the Index-th AMS object fulfilling the condition
Name=Value. Name must be Idnr, Originator, Authorizer1, Result1, Authorizer2,
Result2, MailID. If Value is ***, the condition is always true.
string GetINIData(string Unique, string What)

96 Diasepa Server Page Extension

AMS Technical Documentation

Returns the value in the What field of the AMS object with the Unique specified (workflow
ID).
SetINIData(string Unique, string What, string Value);
This function sets the What field to the Value given for the AMS object with the workflow
ID Unique. Opposite of GetINIData. This function may fail! To access an AMS object,
Unique has to be known. If the AMS file is called directly from the HTTP server, the
function will probably work. If the AMS file is called from AMSCheck (CGI entry, creation
of a status), the AMS object is already being used for this Unique. That is why
SetINIData should always be used with On Error.

User Database Functions


property string UserProperty(string Username, string Property);
Reads or writes a user property. Generally speaking, Property can be anything. Several
user properties (like NiceName) have a defined meaning. Refer to User Registry
Settings on page 88 for a detailed explanation of these properties.
string GetUserByNumber(long Number)
Returns the name of the Number-th user, where Number=0 is the first user. If there is
no Number-th user, this function returns an empty string.
property long SignOfLife(string User, string SignName)
Reads and writes the SignName part of the user property SignOfLife. SignName can be:
ClientTime (time when eGuardian last sent a request to the server)
ClientMaxTime (time by which the next request has to be sent if the client is
running)
ClientNetIP (IP address of the client)
ClientVersion (version number of the eGuardian client software)
ClientGUID (unique number to identify the client)
string GetPassword(string Username)
Returns the password of the user Username. Username is an e-mail address.
SetPassword(string Username, string Password)
Sets the password of the user Username. Username is an e-mail address.
SetNicename(string Username, string Nicename)
Defines a nice name for the user Username. Username is an e-mail address.
string GetNicename(string Username)
Returns the nice name of the user Username. Username is an e-mail address.
string GetAuthorizer(string Group, long Index)
AMS Technical Documentation

Diasepa Server Page Extension 97

Returns the Index-th authorizer in the Group specified.


string GetAuthorizerByIndex(string User, long Index)
Returns the user name (e-mail address) of the Index-th authorizer for the user User. If
there is no Index-th authorizer, an empty string is returned.
string GetAuthorizerSequenz(string Username, string PreviousAuthorizer)
Returns the authorizer following PreviousAuthorizer in the authorizer list of user
Username.
string GetDefaultAuthorizerByIndex(string User, long Index)
Returns the first (Index=0) or second (Index=1) default authorizer of the User specified.
long CheckIfAuthorizer(string User, string PossibleAuthorizer)
Checks whether PossibleAuthorizer could be an authorizer for user User.
long OutOfOffice(string User)
Returns how many minutes the User will still be out of the office.

SortArray Functions
CreateSortArray(long XSize, long YSize)
Generates a SortArray of size XSize*YSize.
long GetSortArrayXSize()
long GetSortArrayYSize()
Respectively return XSize or YSize of the SortArray generated.
property string SAValue(long X, long Y)
Reads and writes the property SAValue used to get and set values in SortArray at
position X/Y.
DoSortArray(string Indexlist)
SortArray is sorted according to the sort string Indexlist. Example: if SortArray has XSize
5 and Indexlist is 2,3,4,1,0, the array is sorted by the second column, then by the
third, etc.
DoSortArrayUp(string Indexlist)
Like DoSortArray, however the order is inverted.
string SaveSortArray()
Saves SortArray temporarily. The result is a key which can be used to reload the array.
LoadSortArray(string SortID)
98 Diasepa Server Page Extension

AMS Technical Documentation

Loads a saved SortArray with a key returned by SaveSortArray. Caution: Saved


SortArrays have a limited lifetime.

Date and Time Functions


string NiceDate(long Minutes, string Format)
Extracts the date from Minutes (minutes since 01/01/1900) and applies Format to it.
string NiceTime(long Minutes, string Format)
Extracts the time from Minutes (minutes since 01/01/1900) and applies Format to it.
long GetMinutesSince1900()
Returns the minutes since 01/01/1900.
long SetMin1900(long Org, string What, long Value)
Changes part of the date and time represented by Org (minutes since 01/01/1900) to
Value, according to What. What can be YY (year), MM (month), DD (day), hh
(hour), mm (minute).

Registry Functions
property string RegistryValue(string Key, string Name)
Reads or sets a registry value of Key and the entry Name.
string RegistryBrowseKey(string Key, long Index)
Returns the name of the Index-th subkey to be found below Key, where Index=0 returns
the first subkey. If there is no Index-th subkey, this function returns an empty string.
string RegistryBrowseValue(string Key, long Index)
Returns the name of the Index-th entry to be found in Key, where Index=0 returns the
first entry name. If there is no Index-th entry, the function returns an empty string.

Miscellaneous Functions
string MakeHTML(string Plaintext)
Converts Plaintext to HTML.
string MakePRE(string Plaintext)
Converts Plaintext to PRE.
long CValue(string str)
Converts a string into a number (atoi). (For some obscure reason, VBScript does not
provide this functionality.)
string GetCreateUserAccountAddress()
AMS Technical Documentation

Diasepa Server Page Extension 99

Returns the e-mail address to which a message must be sent in order to create a portal
for a user.
long GetHashValue(string String)
Returns a (long) hash value for a given string.
integer GetRandom()
Returns a random number.
Trace(string Tracemessage)
Writes Tracemessage to the log file of the sentinel (sentinel.log).

MimeMail Interface
The MimeMail Interface can be accessed in VBScript via:
Set MIME = CreateObject(DIASEPA.MimeMail)
The functions can then be accessed via MIME.Init(), etc.
When using the MimeMail Interface, the environment variables User, Password,
Upassword and GUID should have been set to reasonable values. If an AMS file is
started via MIMAIL.EXE, these values are normally set to useful values.
In this case, there are three additional environment variables: ChangesAllowed
indicates whether the current user may change the message, and WorkFlowFinished
indicates whether the current workflow has been finished. Both variables can have the
values yes or no; they can also be read out via the functions of the same name. The
third variable, MimeUnique, identifies the current MIME part of the message. It is
needed during initialisation.
Init(string Unique, string MimeUnique)
Initialises the MIME object. Both parameters can be read out from the corresponding
environment variables.
string GetHeaderEntry(string Name)
Reads the header value Name from the message (subject, to, cc, from, date, etc.).
Caution: should be prepared with MakeHTML before use.
property string PlainTextBody()
Reads and writes the message body. Note: The MimeMail object has to be re-initialised
after the body is written.
string GetAttachmentKind(long Index)
Returns the type of the Index-th attachment of a message. Possible types: Attachment
or Message.
string GetAttachmentName(long Index)

100 Diasepa Server Page Extension

AMS Technical Documentation

Returns the nice name of the Index-th attachment.


GetAttachmentIcon(long Index, [out, retval]BSTR *Result);
Returns the link to the icon belonging to the file type of the Index-th attachment, e.g.
/images/icon_mail.gif. The icon file names are defined in the registry.
string GetAttachmentAHREF(long Index)
Returns the complete A HREF HTML code for the Index-th attachment.
string GetAttachmentAccess(long Index)
Returns the complete HTML phrase to edit the Index-th attachment. Depending on the
registry, this happens via HTML Upload or via file access.
long ChangesAllowed()
Is the user identified by User, Password, Upassword and GUID allowed to change
anything? Returns 1 if the variable ChangesAllowed is yes, otherwise 0.
long WorkflowFinished()
Has the workflow finished? Returns 0 if the variable WorkflowFinished is yes,
otherwise 0.

Rules Interface
The Rules Interface can be accessed in VBScript via:
Set Rule = CreateObject(DIASEPA.Rules)
The functions can then be accessed via Rule.SetKey(), etc.
SetKey(string Regkey)
Initialises the rules interface with a registry key Regkey. Regkey can be From Outside,
From Inside or Global, depending on which rules are to be used.
long Count()
How many rules belong to the key?
string Name(long Index)
Returns the name of the Index-th rule.
Read(long Index)
Reads the Index-th rule.
ReadByName(string Name)
Reads the rule with Name.
property string Condition()
AMS Technical Documentation

Diasepa Server Page Extension 101

Reads and writes the condition of the read rule.


property string Importance()
Reads and writes the importance of the read rule.
long ActionCount()
Returns the number of actions in the read rule.
property string Command(long Index)
Reads and writes the command of the Index-th action (SEND, REPLY, etc.).
property string Parameter(long index)
Reads and writes the parameter of the Index-th action.
property string Case(long index)
Reads and writes the case of the Index-th action (IF or ELSE).
AddAction(string Case, string Command, string Parameter)
Adds a new action to the read rule.
DeleteAction(long index)
Deletes the Index-th action.
Write()
Writes the changed rule back to the registry.
Add(string Name)
Creates a new rule below the key Name.
Delete(long Index)
Removes the Index-th rule.
DeleteByName(string Name)
Removes the rule with Name.

Equation Interface
The Equation Interface can be accessed in VBScript via:
Set Equ = CreateObject(DIASEPA.Equation)
The functions can then be accessed via Equ.Compile(), etc.
Compile(string Formula);

102 Diasepa Server Page Extension

AMS Technical Documentation

Compiles Formula. Afterwards, CompileError and ErrorInfo might have to be checked. If


no error has occurred, VarCount and VarName are defined, and variables can be set to
values via the Value property.
long CompileError()
Has the formula been compiled successfully?
string ErrorInfo()
Which errors have occurred?
long VarCount()
Returns the number of variables found in the formula.
string VarName(long Index)
Returns the names of the variables found.
property string Value(string Name)
Reads and writes the value of the variable Name.
string Compute()
Computes the formula according to the variable values set. The result is always a string.
If necessary, it can be converted to a number via CValue (cf. Session Interface on page
95).

Log Files Interface


The Log Files Interface can be accessed in VBScript via:
Set LOSP = CreateObject(LOSP.logfile)
The functions can then be accessed via LOSP.GetLogFileName(), etc.
Most of the following functions provide an interface to the log files settings in the
registry. Please refer to [Sentinel\Logfiles] for a detailed description of these settings.
Further information on the different log file types can be found in AMS Web-based Admin
Tools , AMS Log section.
GetLogType(long Number)
Returns the (short) name of the Number-th log file type in the registry. If there is no
Number-th log file type, the function returns an empty string.
GetLogTypeNiceName(string Prefix)
Returns the display name of a given log file type. If there is no such name defined, the
function returns Prefix, i.e. the short name.
GetColOrder(string Prefix)

AMS Technical Documentation

Diasepa Server Page Extension 103

Returns the column order of the given log type. If no column order was defined, the
function returns 0,1,2,n where n is the number of the last column, resulting in a table
where all columns are displayed in the order they appear in the log file.
string GetLogFileName(string Prefix, long Min1900)
Computes the full name of the log file that contains logging information of the date given
in minutes since 1900. Prefix specifies the log type, e.g. HTTP.
long GetColCount(string Prefix)
Returns the number of columns that were defined for the given log type (Prefix).
string GetHeader(string Prefix, long Column)
string GetWidth(string Prefix, long Column)
string GetColType(string Prefix, long Column)
string GetFilter(string Prefix, long Column)
Returns the header, width, type or filter of the specified Column and log type Prefix.
The column type is returned in lower case. If the specific entry is not found, an empty
string is returned, and the registry remains unchanged.
string GetReplace(string Prefix, long Column, long Number)
string GetReplaceWith(string Prefix, long Column, long Number)
Each column may contain several replace expressions. These functions return the
Number-th replace pattern or replaced-with pattern, respectively, of the specified Column
and log type Prefix.
string GetInternalFormat(string Prefix, long Column, string Data)
Returns the internal representation of the given Data string according to the given log
type Prefix and the Column. The internal format is needed for handling the user-defined
from/to filter interval correctly.
string GetDisplayFormat(string Prefix, long Column, string Data)
Reverts a string in the internal format back into a displayable form.

eBusy Interface
The eBusy interface can be accessed in VBScript via:
Set EBUSY = CreateObject(LOSP.ebusy)
The functions can then be accessed via EBUSY.GetHolidayCount(), etc.
The following functions provide an interface for reading and writing the eBusy database.
Section The eBusy Database on page 27 contains more information on eBusy, and
[Sentinel\eBusy] explains how to configure database access.
104 Diasepa Server Page Extension

AMS Technical Documentation

Note: Actual database access is effected by the eBusy C library (EBUSY.DLL), which is not
dealt with further here. The eBusy interface described here is merely an ActiveX wrapper
for this library. The interface is situated in LOSP.DLL for efficiency reasons, hence the
"LOSP.ebusy" identifier in the example above.
long GetHolidayCount()
Returns the number of holidays in the database.
long GetHolidayDate(long Number)
Returns the date of the Number-th holiday in the database, counting from zero. The date
is given in minutes since 1900. If there is no Number-th holiday, 0 is returned.
string GetHolidayName(long Date)
Returns the name of a holiday. If there is no holiday at the specified Date, an empty
string is returned.
string GetHolidayIntervals(long Date)
SetHolidayIntervals(long Date, string Intervals)
Gets or sets the interval list of a holiday specified by Date. Each interval is described by a
string of the format "from;to;type;". 'from' and 'to' are the start and end points, given in
minutes since midnight, and 'type' is the interval type. The interval list is the
concatenation of all interval description strings. An empty Intervals string denotes an
empty interval list. When using the SetHolidayIntervals function, it is important to stick
to this format.
Examples: "480;960;50;600;860;100;" means "from 8:00 to 16:00 (50%) and from
10:00 to 14:00 (100%)".
string GetIntervals(long Day)
SetIntervals(long Day, string Intervals)
These functions work like the Get/SetHolidayIntervals functions described above, but for
normal weekdays. Day has to be a number between 0 (Monday) and 6 (Sunday).
AddHoliday(long Date, string Name)
RemoveHoliday(long Date)
RemoveAllHolidays()
These functions add or remove holidays from the database.
ImportOutlookDates(string Filename, string Country)
This function imports a list of holidays that has been exported from Microsoft Outlook.
Filename specifies the name of the text file containing the holiday data. Country is the
name of the country whose holidays are imported, e.g. a Country value of "Argentina"
imports all holidays in the "[Argentina]" section of the file.
DataFileAsText(string Filename)
CacheFileAsText(string Filename)
These functions are for debugging purposes only. They dump the database or cache file
contents, respectively, into a human-readable text file specified by Filename.

AMS Technical Documentation

Diasepa Server Page Extension 105

A. Programs
A.1

Main Programs

sentinel.exe <parameter>
Description:
Controls the sentinel service.
Options:

<parameter> can be:


log=<logfile> Starts the sentinel as a console application and logs in to the
specified <logfile>.

start Starts the sentinel service.


stop Stops the sentinel service.
install Registers the service in the system.
remove Unregisters the service from the system.
Return values:
(none)
rdexpo.exe <parameter>
Description:
Rdexpo is the AMS Management tool. Read the AMS Management Guide for a
more detailed description of the command-line options.

A.2

Programs Used with eMMS

This section provides a brief description of the purpose of programs which are used
internally by eMMS. A detailed knowledge of their command-line options is not needed
to administer the system.
chkduty.exe <duty INI file>
Description:
Reads out the duty INI file to determine whether it is time to send test messages
out.
Options:

106

AMS Technical Documentation

<duty INI file> File name and full path of the duty INI file, e.g.

C:\AMS\SENTINEL\DUTYTIME.INI. It is important to include


at least one backslash in the complete file name. If no
backslash is included, Windows assumes that the .INI file is
located in the WINNT subfolder.

Return values (errorlevels):

0 It is time to send test messages out.


1 Nothing needs doing as the current hour is not a working
hour.

2 Nothing needs doing as eMMS is temporarily deactivated.


chkpml.exe <event.send filename> <pop3 filename> <minutes>
Description:
Checks whether messages were replied to in a timely manner.
Options:

<event.send filename> The EVENT.SEND file generated by Doemms.exe.


<pop3 filename> The pop3 file generated by AMS.
<minutes> If there is no response within this number of minutes after
the message has been sent out, an error is generated.

Return values (errorlevels):

0 No error is reported, the message that has been sent out has
been replied to.

1 The message has been sent out and hasnt yet been replied to,
and the timeout has been exceeded.

2 The message has been sent out and hasnt yet been replied to,
and the timeout has not been exceeded.

crterr.exe <path for INI files> <Description> <Notify Bat file>


Description:
Creates an eMMS error INI file.
Options:

<path for INI files> The path where the INI file is created. Should be
[Sentinel\EMMS INI Files].

AMS Technical Documentation

107

<Description> A short description of the error presented on the eMMS portal


page.

<Notify Bat file> A batch file called by crterr to send a notification.


Return values:
(none)
chkcln.exe <path for INI files> <Valid Time> [<Max. Revision>]
Description:
Checks whether there are still errors which have not been corrected.
Options:

<path for INI files> The path where the eMMS INI files are stored. Should be
[Sentinel\EMMS INI Files].

<Valid time> Timeout in minutes. After this period, notification is sent out
again that a problem has not yet been attended to.

<Max. Revision> An optional number specifying how often the administrators


are to be notified at most.

Return values:
(none)
chkerr.exe <Error Var> <Error Code>
Description:
Checks whether an environment variable contains a string.
Options:

<Error Var> An environment variable


<Error Code> A string
Return values:

0 The variable does not contain the string


1 The variable contains the string
stopfor <duty INI file> <Minutes>
Description:
108

AMS Technical Documentation

Used to set the global section in a duty INI file.


Options:

<duty INI file> The duty INI file, e.g. C:\AMS\SENTINEL\DUTYTIME.INI.


<minutes> The number of minutes the eMMS process is to be stopped.
Return values:
(none)
amscheck.exe emmsnotify <username>
Description:
AMSCheck is mainly responsible for workflow tasks. However, when called with
the emmsnotify parameter, it sends out an eMMS notification to a user.
Options:

<username> The user name (e-mail address) of the administrator to whom


the notification is to be sent.

Return values:
(none)
mail.exe <to> [<options>]
mail.exe <pop3username> /h <pop3host> /p <pop3password> [-r]
Description:
This program sends a message via SMTP, or checks mail on a POP3 account.
Options for sending mail via SMTP:

<to> Destination address of the message (is written on the SMTP


envelope and in the mail header).

<options> can be:

/s <subject> The subject of the message.


/f <from> The senders address of the message (is written on the SMTP
envelope and in the header).

/t <nice to> The name of the recipient, e.g. John Doe (is written in the
header).

/n <nice from> The name of the sender (is written in the header).

AMS Technical Documentation

109

/n <filename> The file name containing the message. The mail header is

created or modified in accordance with the above options,


unless /b is specified. The file name can be nul to send a
message with an empty body. The standard input is read if this
option is omitted.

-q or /q Do not display any output (quiet).


-v or /v Display a lot of extra information (verbose).
-g or /g Forces mail to use the gateway specified in the environment
variable MAIL_SERVER.

-b or /b Takes mail DATA completely from the header in the message


file specified by /m, thus overriding /s, /f, /t and /n. (The file
has to include a complete header.)

-d or /d Talk to at directly.
The environment variable MAIL_SERVER specifies the destination SMTP server.
The environment variable MY_NSNAME specifies the local DNS name.
Options for retrieving mail via POP3:

<pop3username> The complete POP3 username.


/h <pophost> The POP3 server name.
/p <pop3password> The password for the POP3 account.
-r or /r Remove mail from server after pop.
Return values:
(none)
logmsg.exe <log output 1> [<log output 2> ]
tracemsg.exe <log output 1> [<log output 2>]
Description:
Writes logging information to an EMMS log file or to the sentinel log file.
logmsg.exe writes the information to an EMMS_* log file in the logging directory
(see AMS Web-based Admin Tools , AMS Log section). The log outputs are
separated by a tab character and time-stamped.
tracemsg.exe writes the information to the sentinel log file (SENTINEL.LOG). Each
log output appears on a line of its own.
Return values:
(none)
110

AMS Technical Documentation

A.3

Utility Programs

regwatch.exe {HKLM|HKU|HKCU|HKCR|HCC}\key [-excludepath]... [+includepath]...


regwatch.exe
Description:
RegistryWatch monitors the specified registry key and all of its subkeys, and logs
any changes made to them. Changes are: adding and deleting subkeys, as well as
adding, changing and deleting values. The prefixes HKLM, HKU etc. abbreviate the
registry's base keys (HKEY_LOCAL_MACHINE etc.) Additional -/+ paths can be
specified to exclude/re-include certain areas below the key.
If RegistryWatch is started without any parameters, the options are read from
[Sentinel\RegistryWatch\]. It is possible to run several instances of RegistryWatch
simultaneously, however they cannot monitor the same keys.
RegistryWatch usually runs side by side with the sentinel service and logs changes
to the entire AMS\Sentinel key.
Example options:
HKLM\SOFTWARE\DIaLOGIKa\AMS\Sentinel -EMMS -MiMail +MiMail\Edit
watches the Sentinel key (and subkeys), but not its EMMS and MiMail subkeys,
however it does watch MiMail\Edit.
Return values:
Returns zero if RegistryWatch exited successfully, otherwise non-zero.

A.4

More Programs

There are other executables which are used internally in the AMS system. This section
provides a brief description of the purpose of these programs. A detailed knowledge of
their command-line options is not needed to administer the system.
amscheck.exe
AMSCheck is the main program which keeps track of all the workflows within the system
and maintains the workflow database. Refer to Workflow Engine on page 19 for further
information on AMSCheck.
filter.exe
The filter program is called a) explicitly for each message to be filtered, and b) regularly
with the -schedule option. Refer to Filter Program on page 11 for further information on
filters, filter scheduling etc.
mimail.exe
MimeMail is a CGI program that analyses the MIME parts of a specific message, and
returns HTML code to display and edit the content on the message details page.

AMS Technical Documentation

111

servstat.exe
ServStat is a universal service control tool that can install, start, stop, list and configure
any NT service.

112

AMS Technical Documentation

Index
A
Accept/Proof/Reject Mail From/To 60
Access SMTP 48
ActionCount (Diasepa) 102
Add (Diasepa) 102
AddAction (Diasepa) 102
AddHoliday (Diasepa) 105
Address (user property) 93
Address Translation 87
AddressRouting
from inside, outside and undef 49
global 48
Alias (user property) 90
Allow Authorizer reattach after timeout 50
Allow direct Delivery Notification to inside 45
Allow direct Delivery Notification to outside 45
Allow quick skip if OOO 50
AMS Answers 50
AMS Cache 40
AMS Clear Cache 40
AMS Data 50
AMS Logfiles 46
AMS Script Parameters 43
AMS Script Program 43
AMS User Level (user property) 90
AMSCheck 19, 50
amscheck.exe 111
amscheck.exe -emmsnotify 109
Scheduling program 20
Web interface 20
AMSUser Hive 87
Authorizer 1 is able to change message 76
Authorizer 2 is able to change message 76
Authorizer Program 45

C
CacheFileAsText (Diasepa) 105
Case (Diasepa) 102
CerPath 61
CGI Scripts 61
Changed Date (user property) 90
ChangesAllowed (Diasepa) 101
CheckIfAuthorizer (Diasepa) 98
City (user property) 93
Clear signing 61, 64
Cluster 30
AMS Technical Documentation

Clustui.exe 32
ColType (Diasepa) 104
CombineTwoDBs (Diasepa) 96
Command (Diasepa) 102
Company (user property) 93
Compile (Diasepa) 103
CompileError (Diasepa) 103
Compute (Diasepa) 103
Condition (Diasepa) 102
Condition (Filter rules) 84
Container (user property) 90
Content Handler 12
Admin tool 12
Convert text plain2html 76
CookieLifetime 40
Count (Diasepa) 101
Country (user property) 93
CreateANewDB (Diasepa) 96
CreateSnapShot (Diasepa) 96
CreateSnapShotFromDB (Diasepa) 96
CreateSortArray (Diasepa) 98
CreateUserAccountAddress 36
Creation Date (user property) 90
Critical difference 62
Critical if expired 62
Critical if is higher than 62
CValue (Diasepa) 99

D
DataFileAsText (Diasepa) 105
DB Lock Timeout 37
DecodePath 62
Decrypt After Spool 62
Decrypt After Wire 62
Decrypt Before Spool 62
Decrypt Before Undef 62
Decrypt Before Wire 62
Default Write Interval State 27
DefineValue (Diasepa) 95
DefineValueQuote (Diasepa) 95
DefineValueQuote2 (Diasepa) 95
Delete (Diasepa) 102
Delete temporary Post Files 41
Delete temporary StdOut Files 41
Delete temporary VBS Errorfiles 43
Delete temporary VBS files 43
Delete temporary VBS Value files 43
DeleteAction (Diasepa) 102
113

DeleteByName (Diasepa) 102


Deleted (user property) 90
DeleteDB (Diasepa) 96
Deliver spool (to outside) to local POP accounts 46
Deliver undef to local POP accounts 46
Deliver wire (to inside) to local POP accounts 46
Department (user property) 93
Diasepa Server Page Extension 10, 93
Diasepa Server Page Extensions 86
Do Authorizer Circling 50
Do Default if Remove not specified 83
Do Not Send Directly Level 51
Do Send Directly Level 51
DoRelay 37
DoSortArray (Diasepa) 98
DoSortArrayUp (Diasepa) 98
Dynamic create answer 41

E
eBusy 65, 66
Cache Days Generate After 65
Cache Days Generate Before 65
Cache Days Init Size 65
Default interval type 65
eBusy File Directory 66
eCluster 30
eGuardian 22
eMIM 66, 67
Default Rotation 66
Dispatch Extra Time 66
Keep start time during dispatch 66
Max Tiff Page Count 66
Max User in SelectList 67
Maximum Notifications at a time 67
Notify Superior and its Substitutes at once 67
Urgent Message 67
eMMS 26, 67, 68
amscheck.exe -emmsnotify 109
chkcln.exe 108
chkduty.exe 106
chkerr.exe 108
chkpml.exe 107
Clean Finished Timeout 67
crterr.exe 107
Delete temporary EMMS StdOut Files 68
eMMS only 68
logmsg.exe 110
mail.exe 109
Maximum Revision Count 68
Notification Program 68
Omit double Errors 68
Scheduler 68
stopfor.exe 108
tracemsg.exe 110
WorkFlow Timeout 68
Edit Periods 87
114

Eguard Domain 37
Eguardian valid for min (user database) 89
EMail (user property) 90
EMMS INI Files 46
EncodePath 62
Encrypting 64
Environment variables 69
ErrorInfo (Diasepa) 103
External Config 69

F
File Event Timeout 37
Filter 11
actions 84
filter.exe 111
rules 83, 84
scheduling program 12
Web interface for rules 11
Filter Clean Program 44
Filter Final Time 83
Filter Program 44
Filter Recheck Time 83
Filter Usage from inside 45
Filter Usage from outside 45
FilterPath 45
First Authorizer (user property) 90
FixGateway 37
FreeSpace Shutdown MByte 37

G
Get AMS Logo GIF 53
Get Approve1 HTML 53
Get Approve1 Status HTML 53
Get Approve2 Status HTML 53
Get Authorizer HTML 52
Get EMMS Page 53
Get Homepage 53
Get Status HTML 52
GetAttachmentAccess (Diasepa) 101
GetAttachmentAHREF (Diasepa) 101
GetAttachmentIcon (Diasepa) 101
GetAttachmentKind (Diasepa) 100
GetAttachmentName (Diasepa) 101
GetAuthorizer (Diasepa) 98
GetAuthorizerByIndex (Diasepa) 98
GetAuthorizerSequenz (Diasepa) 98
GetColCount (Diasepa) 104
GetColOrder (Diasepa) 104
GetCreateUserAccountAddress (Diasepa) 100
GetDefaultAuthorizerByIndex (Diasepa) 98
GetDisplayFormat (Diasepa) 104
Getenv (Diasepa) 96
GetFilter (Diasepa) 104
GetHashValue (Diasepa) 100
AMS Technical Documentation

GetHeader (Diasepa) 104


GetHeaderEntry (Diasepa) 100
GetHolidayCount (Diasepa) 105
GetHolidayDate (Diasepa) 105
GetHolidayIntervals (Diasepa) 105
GetHolidayName (Diasepa) 105
GetINIData (Diasepa) 97
GetInternalFormat (Diasepa) 104
GetIntervals (Diasepa) 105
GetLogFileName (Diasepa) 104
GetLogType (Diasepa) 103
GetLogTypeNiceName (Diasepa) 103
GetMinutesSince1900(Diasepa) 99
GetNicename (Diasepa) 97
GetPassword (Diasepa) 97
GetRandom (Diasepa) 100
GetReplace (Diasepa) 104
GetReplaceWith (Diasepa) 104
GetSnapShotCount (Diasepa) 96
GetSnapShotValueByIndex (Diasepa) 96
GetSortArrayXSize, GetSortArrayYSize (Diasepa) 98
GetUniqueWhere (Diasepa) 96
GetUserByNumber (Diasepa) 97
GetValueFromPost (Diasepa) 96
GetWidth (Diasepa) 104
GivenName (user property) 93
GUID (user property) 91

H
Handle outgoing 62
Head (user property) 91
HELO Server Name 39
Home Server (user property) 91
HTTP AMSPath 47
HTTP BasePath 41
HTTP Default 41
HTTP Domain 41
HTTP Expiration Time Of Created Files 41
HTTP Expiration Time Of Files 42
HTTP Port 42
HTTP Recv Timeout 42
HTTP Send Buffer Size 42
HTTP Send Timeout 42
HTTP Server 9, 42

I
Importance (Diasepa) 102
Importance (Filter rules) 84
ImportOutlookDates (Diasepa) 105
Information strings 71
Delivery aborted 71
Delivery Problem 71
Delivery Problem Body 71
Delivery Problem Body Aborted 72
AMS Technical Documentation

Delivery Problem Body Keep on trying 72


HTTP_BadRequest 72
HTTP_FileNotFound 72
HTTP_TooManyConnects 72
Init (Diasepa MimeMail Interface) 100
Init (Diasepa Session Interface) 95
Internal Network 72
IPV 30

L
Level (user property) 91
LoadSortArray (Diasepa) 99
Log file settings
Column Order 73
Display Name 73
Filter 74
Header 74
Replace<x> 74
Replace<x>With 74
Type 74
Width 74
Logfile count 38
LoggingAddress 38

M
Mail Schedule Timeout 38
MAIL to/from call AMS/deliver immediately 75
Mail Transfer Failures 86
MainPath 63
MakeHTML (Diasepa) 99
MakePRE (Diasepa) 99
Master 35
Max Mail Thread 38
Max Thread 38
Maximum Files in Wire 46
Maximum Mail Error Counter 44
Mention Authorizer within X-Message-Flag 51
MIM Path 47
Mimail
Edit settings 77
Icons 76
mimail.exe 111
MIME Types 78
Mimail 78
weak 78

N
Name (Diasepa) 101
NiceDate (Diasepa) 99
NiceName (group property) 93
NiceName (user property) 91
NiceTime (Diasepa) 99
115

Notifications 22, 56
SendMail Approve 57
SendMail Choose 57
SendMail During OOO 57
SendMail EMIM Notify 57
SendMail EMMS Notify 57
SendMail Rejected 57
SendMail Submitted 58
SendMail TimeOut 58
SendMail TimeOutWarning 58
SendMail View Status 58
SendMail Withdrawn 58
SendUDP Approve 57
SendUDP Choose 57
SendUDP During OOO 57
SendUDP EMIM Notify 57
SendUDP EMMS Notify 57
SendUDP Rejected 57
SendUDP Submitted 58
SendUDP TimeOut 58
SendUDP TimeOutWarning 58
SendUDP View Status 58
SendUDP Withdrawn 58
Notify Mail Error Counter 44
NTAccount (user property) 91

O
Originator is able to change message 76
Out of Office 26
Out of Office (user property) 91
OutOfOffice (Diasepa) 98

P
Parameter (Diasepa) 102
Parse for Environment 42
Password 63
PfxPath 63
PlainTextBody (Diasepa) 100
POP3 79
GUID 80
Path 80
POP3 Port 79
POP3 Recv TimeOut 79
POP3 Send TimeOut 79
POP3 Server 8
Pop3Path 47
Send Buffer Size 79
Use DNS to resolve HTTP client ip addresses 79
Private Allowed 51

R
Read (Diasepa) 101
116

Read OutOfOffice 26
ReadByName (Diasepa) 101
ReadFileIntoEnvironment (Diasepa) 95
Registry Backup 59
RegistryBrowseKey (Diasepa) 99
RegistryBrowseValue (Diasepa) 99
RegistryValue (Diasepa) 99
RegistryWatch
Monitor Key 80
RegistryWatch Hive 80
regwatch.exe 111
Reject If No Authorizers Specified 51
Relay
for Spool, Wire and Global 80
for Undef 81
Remove after Use
Expiry-Date 51
Remove breaks Default 83
Remove is global and breaks all rules 83
RemoveAllHolidays (Diasepa) 105
RemoveHoliday (Diasepa) 105
Repeat failed send after minutes 44
ReRouteFromAddress 38

S
SAValue (Diasepa) 98
SaveSortArray (Diasepa) 98
Schedule Program (AMSCheck) 46
Schedule programs 11, 85
Scheduler Wait Timeout 52
Second Authorizer (user property) 91
Security 86
Send directly (user property) 91
Sensitivity 56
Default Classification 56
Sentinel
HTTP Server 9
POP3 Server 8
sentinel.exe 106
SMTP Server 3
Server Fails 35
Server IP Address 39
servstat.exe 112
Set new Pending active 63
Setenv (Diasepa) 96
SetHolidayIntervals (Diasepa) 105
SetINIData (Diasepa) 97
SetIntervals (Diasepa) 105
SetKey (Diasepa) 101
SetMin1900(Diasepa) 99
SetNicename (Diasepa) 97
SetPassword (Diasepa) 97
Sign Of Life (user property) 92
Signing 64
SignOfLife (Diasepa) 97
Slave 35
AMS Technical Documentation

SMTP Check Domainname 39


SMTP Domain Chars 39
SMTP Listen Port 39
SMTP Server 3
Smtphost 40
SMTPWire 40
SpoolDrv 47
State (user property) 93
Status strings
Accepted 59
OutOfOffice 59
Private 59
Rejected 59
Timeout 59
Withdrawn 59
Substitutes (group property) 93
Substitutes (user property) 92
Support RFC 1891 40
Surname (user property) 93
Sync Interval Available 27
Sync Interval Unavailable 27

UndefSpoolDrv 47
Unfiltered SMTP Address 83
Update Sentinel REG (per hour) 59
Update User REG (per day) 60
Use Critical 63
Use Default Authorizer (user property) 92
Use DNS to resolve HTTP client ip addresses 43
Use DNS to resolve SMTP client ip addresses 40
Use Eguardian (user database) 89
Use Expiry-Date 56
Use Expiry-Date on Notifications 58
Use HTTP IF-MODIFIED-SINCE 42
Use Message Importance also on Notifications 58
Use Pending 64
Use Substitutes directly (user database) 89
UseDNS 39
User 87
User database 17, 88
Authorizer tree 17
Import and export 18, 88
rdexpo.exe 106
UserProperty (Diasepa) 97

T
V
Timeout Choose 54
Timeout Cleanup 53
Timeout Cleanup Cached 54
Timeout EMIM Cleanup 54
Timeout EMIM Overall 54
Timeout EMIM Work 54
Timeout Expiry-Date minimum minutes 54
Timeout Global EMIM 92
Timeout Notify Standard 55, 92
Timeout Notify Urgent 55, 92
Timeout Overall 55
Timeout Start Work 55
Timeout Start Work (user property) 92
Timeout Warning of Expiration Time (percent) 55
Timeout Work completed 55
Timeout Work completed (user property) 92
Timeout Work EMIM 92
Timeouts 53
Title (user property) 93
Trace (Diasepa) 100

Value (Diasepa) 103


VarCount (Diasepa) 103
VarName (Diasepa) 103

W
Wait Timeout 64
WireSpoolDrv 47
Work with Multi TO 52
Workflow 18
Database 19
WorkflowFinished (Diasepa) 101
Write (Diasepa) 102
Write OutOfOffice 27

Z
Zip (user property) 93

U
Undef Network 7, 87

AMS Technical Documentation

117