Implementing MDaemon as an Email Security Gateway to

Exchange Server

Introduction

MDaemon is widely deployed as a very effective antispam/antivirus gateway to Exchange.

For optimum performance, we recommend that MDaemon be installed on a separate
physical machine. This document details the steps required to install and configure
MDaemon for use as an email security gateway.

NOTE: These instructions assume that Exchange users are utilizing either Outlook Web
Access (OWA) or an Exchange profile (not Internet Mail) in Outlook to connect to the
Exchange server.

Technical Overview

To implement MDaemon as an email security gateway, we need to force all inbound SMTP
traffic through MDaemon so that messages can be scanned for viruses, filtered for spam,
and subjected to content filter rules. To accomplish this, port 25 in the router/firewall needs
to be reconfigured to pass inbound traffic to MDaemon instead of to Exchange.

Inbound messages (from non-local to local domains) are received by MDaemon, scanned
and filtered, then passed over to Exchange for processing.

Internal messages (from local accounts to local accounts) are processed entirely by
Exchange.

Outbound messages (from local to non-local domains) are normally left to Exchange to
deliver. However, there are scenarios where for archival, logging, or security considerations,
administrators would like Exchange to route outbound email through MDaemon as well. If
this is the case, after completing the steps in this setup document, also make the changes
outlined in Appendix A – Configuration for Outbound Delivery Through MDaemon.

Licensing Considerations

MDaemon is licensed according to the number of email accounts and/or gateways that you
need to configure. When acting as a gateway, you need one user license for the gateway
domain itself. As no actual user mailboxes need to be configured in MDaemon, the smallest
MDaemon license size (6 User) is all that is required. The Standard version of MDaemon
does not include the antispam component, therefore MDaemon Pro is required.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

An integral component of the MDaemon email security solution is the SecurityPlus plugin.
SecurityPlus provides the antivirus scanning engine, as well as an extra layer of “real-time”
protection from new outbreaks of spam and viruses. The licensing for the SecurityPlus
Plugin requires that a user license be purchased for each mail account that is being
protected, meaning that you need a license size large enough to cover the number of
Exchange mailboxes.

For example, to license an MDaemon email security gateway to protect a 25 user Exchange
server, you would require a 6 User MDaemon Pro and a 25 User SecurityPlus license. For
pricing information, please visit our web site at www.ccsoftware.ca

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

MDaemon Installation
The current version of MDaemon can always be downloaded from on our web site at
www.ccsoftware.ca (follow the link to Products, then MDaemon | Download).

When you launch the MDaemon installation, after accepting the License Agreement and
selecting the installation folder, you are prompted for Registration Information. What you
enter in the “License name” and “Company or Distributor” fields is entirely up to you. If you
have already purchased MDaemon, enter your license key in the field provided. Leave this
field blank if you have not yet purchased an MDaemon license, and the installer will
automatically generate a trial license to allow you to fully evaluate MDaemon with no
restrictions for 30 days.

After the installer has copied the necessary files, you will be prompted to enter a domain
name. It is very important that you enter anything EXCEPT the “real” email domain name for
the messages that MDaemon will be processing. For example, if the Exchange server is
hosting mail for mycompany.com, you would want to set MDaemon’s domain name to
something different, such as mycompany.mail (this should not be a real domain).

You will be prompted to set up a first account, go ahead and do so. This account will be the
“postmaster” account, to which MDaemon will send certain notification and error messages.
You are “making up” the information you enter here, it does not need to match an existing
Exchange user account. We will configure this account to forward messages to an
Exchange administrator later in the configuration process.

Next you will be prompted to configure DNS. In most cases, the default “Use Windows DNS
settings” is acceptable. You would only want to change this if you know that the DNS
server(s) specified in Windows cannot resolve external domains. If that is the case, uncheck
the “Use Windows DNS settings” and enter in your ISP’s primary and secondary DNS
servers.

You are then prompted for which “mode” to run MDaemon in. Select “Run MDaemon in
Advanced mode”.

The last step in the installation is to configure MDaemon to run as a service. When running
as a service MDaemon will start automatically at system restart, this is normally
recommended.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

MDaemon Configuration

Create & Configure the Gateway

Under the Gateways menu, select New Gateway

Gateway Tab
• in the Domain Name Field, enter the Internet domain name for the Exchange users
mail that will be passing through the server (ie. mycompany.com)

Forwarding Tab

• click the “Forward mail to this domain” box and enter the Exchange server’s internal
LAN IP address
• check the box for “Don’t send forwarded mail to smart host on errors”.

Options Tab
• verify that the “Enable Antivirus” and “Enable Antispam” boxes are checked

The above settings are all that are required for a basic gateway configuration. MDaemon will
accept all mail for the domain you specify, filter the messages for viruses and spam, then
pass them over to the Exchange server for delivery to a local account.
It is recommended that you go a step further than this by configuring MDaemon to verify that
the recipient addresses on incoming messages are valid before accepting the message.
This ensures that mail addressed to non-existent accounts is rejected, and therefore does
not have to be processed by either MDaemon or Exchange. If you would like to set up Active
Directory verification, please refer to the steps outlined in Appendix B – Verifying
Addresses by Querying Active Directory.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Configure Anti-Spam

While achieving the absolute optimum spam-filtering results may require some occasional
tweaking by the administrator, the following instructions will provide you with a good starting
point. You are encouraged to learn more about each spam component so that you can
customize these generalized settings to your particular environment.

Under the Security menu, select Spam Filter.

Spam Filtering Tab

• On this tab you have three choices for how you want spam dealt with:
1. Just delete the message completely – with this option selected, any message that
MDaemon determines to be spam will simply be deleted. No notification will be sent
to either the sender or recipient.
2. Put the message in the spam trap public folder – with this option selected, all spam
will be moved into MDaemon’s Spam Trap. This spam trap can be accessed using
several methods, the most convenient being WebAdmin, the built-in web-based
administration tool for MDaemon. For more information on managing the spam trap

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

 through WebAdmin, please refer to Appendix C – Using WebAdmin to Manage the
Spam Trap.
3. Flag the message but let it continue down the delivery path – with this option
selected, MDaemon will “mark” spam by putting a note in the subject, then go ahead
and deliver it to Exchange. It is possible to reroute all spam-marked messages to a
single mailbox on the Exchange server, if you would like to do this please refer to
Appendix D – Routing all Spam to a Single Exchange Mailbox.

• Increase the setting for “Don’t filter messages larger than” to 350 KB. What we are
setting here is the maximum size of a message that the spam filter will examine. We do
not want to pass large messages with attachments through the filter as these are rarely
spam and would be a waste of resources, but we need this setting to be large enough to
include messages which may be spam.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Heuristics Tab

• Ensure that the “Enable Heuristic message scoring system” box is checked. The default
score for spam is set to 5.0, we recommend lowering this slightly to 4.8. This will catch
more spam without resulting in increased false positives. The second number on this
screen, “SMTP rejects messages.....”, is a way to minimize the amount of obvious spam
that is either being placed in the Spam Trap, or flagged and sent to Exchange.
MDaemon’s spam filter performs two scans on each incoming message. The first
“preliminary” scan is done during the SMTP session as a message is arriving. The
second “full” scan is done after the message has been accepted. A setting of 12 here
means that if a message receives more than 12 points during the preliminary, MDaemon
will simply refuse to accept it. If the message receives less than 12 points, it will be
accepted and processed as usual by the spam filter. At that point, if the message
receives more points that your spam score (i.e. 4.8), then it will be dealt with according to
your “how to deal with spam” setting.
• If you have elected to flag spam, you may want to modify the Subject tag field to
something shorter that will make the original subject of the email message easier to read
in the email client software (i.e. **SPAM**).

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Step 3: Forward System Messages to Exchange Admin

During the installation, you had created one MDaemon account. This account is aliased to
“postmaster”, and this is where MDaemon will send system messages such as AV and Spam
Filter update notifications, license renewal notices, etc. Because no one is normally
monitoring this account, we want these system messages forwarded to an Exchange user
account.
To forward the Postmaster mail to an Exchange account, follow these steps:
• under the Accounts menu select Account Manager
• double-click on the account you created to open the Account Editor screen
• click on the Forwarding tab
• check the box for “This account is currently forwarding mail” and enter a valid
Exchange email address
• uncheck the box for “Retain a local copy of forwarded mail”
• OK out to save your changes

Step 4: SecurityPlus Installation & Setup

SecurityPlus is an integral tool in MDaemon’s antispam arsenal, and it is highly

recommended that this component be implemented.
The current version of SecurityPlus can always be downloaded from our web site at
www.ccsoftware.ca.
To install, simply launch the installation program and follow the prompts. The installer will
shut down MDaemon and restart it once the installation is complete.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Step 5: Configure Updater and Delivery Schedules

Under the Setup menu, select Event Scheduling.

Send & Collect Mail Tab

• uncheck the box “Send mail at this interval”, and check the boxes for “Send mail
immediately after getting queued” and “including mail stored for gateway domains”.

Antivirus Updates Tab

• in the Antivirus Updates section, configure this to “Wait 240 minutes after the last
antivirus update before conducting another one.”

Antispam Updates Tab

• check the box to “Activate spam filter updates”

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Step 6: Going Live

Once you have everything configured, you can now make the router changes necessary to
bring MDaemon on-line.

Currently, port 25 on your router/firewall will be configured to pass inbound traffic to the
Exchange server. You want to change this so that inbound SMTP traffic is passed to the
MDaemon server’s internal IP address.

The setup is now complete, congratulations! MDaemon will begin accepting inbound
messages, processing them according to your spam filter and antivirus settings, then passing
them over to Exchange for delivery to local mailboxes.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

APPENDIX A – Configuration for Outbound Email Through MDaemon

Exchange Configuration

If you would like Exchange to send all outbound email through MDaemon, you must
configure the Exchange SMTP Connector to use a Smart Host in place of DNS for external
mail delivery.

Exchange 2000/2003
If you have no SMTP connector, in the Exchange System Manager select "Servers" | [Your
Server] | Protocols | SMTP. Select "Default SMTP Virtual Server" and choose Properties. In
this dialog select the Delivery tab, then Advanced. Enter the MDaemon server’s internal IP
address in the Smart host field. You must restart Exchange for this change to take effect.

If you have an SMTP connector, in the Exchange System Manager select “Connectors” |
[Your SMTP Connector] | Properties. On the General tab select “Forward all mail through
this connector to the following smart hosts” and enter the MDaemon server’s internal IP
address.
You must restart Exchange for this change to take effect.

Exchange 5.5
In the Exchange Administrator, select the IMS (Internet Mail Service) and click on the
Connections tab. Enable “Forward all messages to host” and enter the MDaemon server’s
internal IP address as the host address.
You must restart the IMS for this change to take effect.

MDaemon Configuration

[1] Under the Setup menu select Primary Domain.

Domain Tab
• ensure that the entry in the "FQDN for this server" is a valid domain that will
correctly resolve to the public IP of the mail server. Normally the FQDN matches
the MX record (i.e. mail.mycompany.com).
• check the box for “Always use the above FQDN value in SMTP 220 greeting”

Delivery Tab
• select the first option - "Always send all outbound email directly to the recipient's
mail server"

DNS Tab
• in the "A and MX record processing" section you will see 5 checkboxes, check all
of them except the last one

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

[2] Under the Gateways menu select Edit Gateway. Select your Gateway and click OK.

Options Tab
• uncheck the box for "Authentication is required when sending mail as a user of
this gateway"

[3] Under the Security menu, select IP Shielding/Auth/POP Before SMTP

IP Shield Tab
• enter the Internet mail domain for the gateway in the Domain field (ie.
mycompany.com), enter the Exchange server’s internal IP in the IP Address field,
then click Add (this is ensuring that MDaemon will only send mail out on behalf of
gateway users if the message is coming from the Exchange server)

[4] Under the Security menu, select Relay/Trusts...

Relay Settings Tab

• check the boxes in the top "Mail relaying" section for "unless sent from a trusted
host or IP" and "unless sent from a gateway user"

Trusts Tab
• enter the Exchange server's IP as a new Trusted IP

[5] Under the Security menu, select Spam Filter

Spam Filtering Tab

• ensure that the 2 boxes in the middle are checked - "Don't filter messages sent
from local sources" and "Don't filter messages from trusted or authenticated
sources"

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

APPENDIX B – Verifying Addresses by Querying Active Directory

To ensure that only mail for valid Exchange users is accepted by MDaemon, it is possible to
configure MDaemon to perform an LDAP query of the Active Directory to test the validity of
recipient email addresses.
If the LDAP query reports that the incoming email address is valid, then the message is
processed by MDaemon and delivered to Exchange.
If the LDAP query reports that the incoming email address does not exist in the Active
Directory, MDaemon returns a “550 <e-mail address>, Recipient unknown” error and the
SMTP session is ended. Legitimate senders will receive notification from their own mail
servers that the message was not delivered.

From the main MDaemon window, click on the Gateways menu and select Edit Gateway.
Double-click on the Gateway that you want to set up address verification for, then click the
LDAP Verify tab.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

On this tab, we are configuring the location of the LDAP server to query (in this case, the
Active Directory), supplying credentials and parameters specifying where in the AD to search
(Base and Bind DN’s), and what to search for (Search filter).

NOTE: The following settings work for the vast majority of configurations. If you have
multiple Active Directory domains, or a configuration that these settings don’t seem to
address, please email us at support@ccsoftware.ca, we’ll be happy to help.

Click the Verify accounts using an LDAP server checkbox, then complete the fields on this
tab as follows:

Host name or IP: enter the IP address of the server that holds the Active Directory
(in most instances, this will be the Exchange server)

Port: enter 389 (unless the Active Directory Service is running on a different port)

Base entry DN: This entry is constructed using domain information displayed in the
Active Directory Users and Computers window. If your AD domain is
“mycompany.local”, then the Base entry DN would be:
DC=mycompany, dc=local

If your AD domain is “mycompany.com”, then the Base entry DN would be:

DC=mycompany, dc=com

If your domain does not have an extension (i.e. It is only “mycompany”), then your
Base entry DN would be:
DC=mycompany

Bind DN: Here we supply the account name portion of the credentials that we will
pass to the AD when we request the search, a context for the search, and the domain
information.

For example, if you are using the Windows Administrator account to authenticate, and
your Base entry DN is :”DC=mycompany, dc=local”, then your Bind DN would be:
cn=Administrator, cn=users, DC=mycompany, dc=local

The “cn=users” portion always remains the same, so the syntax is:
cn=account_for_verification, cn=users, <the base DN>

Bind Password: for the LDAP query to be successful, you need to supply the
credentials of an account that has Administrator level access to the Active Directory.
Enter here the password for the admin-level account that you specified in the Bind
DN.

Search Filter: In most cases, the following search filter works perfectly. It will pick up
email addresses, aliases and mail-enabled public folders:

(&(objectclass=Top)(|(mail=$EMAIL$)(mail=SMTP:$EMAIL$)(ProxyAddresses=SMTP
:$EMAIL$)))

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Test the LDAP Connection

Once you have completed the required fields on the LDAP Verification tab, you can test the
connection by clicking the Test button.
If the information has been entered correctly, a window similar to the following will be
displayed:

Don’t concern yourself with the “* is not a valid account”, the important thing to look for is the
“Looks like it’s working”.

If you are not able to get a “looks like it’s working” successful test, review your settings. If
your settings appear to match the examples above but the lookup continues to fail, it could
be that your Active Directory setup is more complex than normal and different Base and Bind
DN’s need to be configured. If that is the case, contact our support team at
support@ccsoftware.ca and we’ll be glad to help.

Watching the Verification in Action

As mail arrives for the Gateway, you will be able to see the results of the LDAP lookup in the
inbound SMTP session as in the following example:

Thu 2007-01-18 13:36:07: ----------

Thu 2007-01-18 13:36:41: Session 15; child 1; thread 932
Thu 2007-01-18 13:36:38: Accepting SMTP connection from [205.145.8.25 : 3880]
Thu 2007-01-18 13:36:38: --> 220 mail.mycompany.com ESMTP MDaemon 9.5.4; Thu, 18
Jan 2007 13:36:38 -0500
Thu 2007-01-18 13:36:38: <-- EHLO mdbathlon
Thu 2007-01-18 13:36:38: --> 250-mail.mycompany.com Hello mdbathlon, pleased to meet
you
Thu 2007-01-18 13:36:38: --> 250-ETRN
Thu 2007-01-18 13:36:38: --> 250-AUTH=LOGIN
Thu 2007-01-18 13:36:38: --> 250-AUTH LOGIN CRAM-MD5
Thu 2007-01-18 13:36:38: --> 250-8BITMIME
Thu 2007-01-18 13:36:38: --> 250 SIZE 0
Thu 2007-01-18 13:36:38: <-- MAIL FROM: <mberg@shaw.ca>
Thu 2007-01-18 13:36:38: --> 250 <mberg@shaw.ca>, Sender ok
Thu 2007-01-18 13:36:38: <-- RCPT TO: <foofoo@mycompany.com>
Thu 2007-01-18 13:36:38: LDAP lookup - 192.168.1.10:389 - mail,
proxyAddresses:foofoo@mycompany.com
Thu 2007-01-18 13:36:38: LDAP server says foofoo@mycompany.com is not a valid
account
Thu 2007-01-18 13:36:38: --> 550 <foofoo@mycompany.com>, Recipient unknown
Thu 2007-01-18 13:36:41: <-- QUIT

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

Thu 2007-01-18 13:36:41: --> 221 See ya in cyberspace
Thu 2007-01-18 13:36:41: SMTP session successful (Bytes in/out: 91/351)
Thu 2007-01-18 13:36:41: ----------

The bolded sections above show the LDAP lookup taking place. In this case, the Active
Directory responds that the recipient address is invalid. MDaemon then returns a 550 error
and the session is ended.

Following is another example showing a message arriving that is addressed to a valid

recipient:

Thu 2007-01-18 13:36:41: ----------

Thu 2007-01-18 13:38:25: Session 16; child 1; thread 960
Thu 2007-01-18 13:38:19: Accepting SMTP connection from [205.145.8.25 : 3904]
Thu 2007-01-18 13:38:19: --> 220 mail.mycompany.com ESMTP MDaemon 9.5.4; Thu, 18
Jan 2007 13:38:19 -0500
Thu 2007-01-18 13:38:19: <-- EHLO mdbathlon
Thu 2007-01-18 13:38:19: --> 250-mail.mycompany.com Hello mdbathlon, pleased to meet
you
Thu 2007-01-18 13:38:19: --> 250-ETRN
Thu 2007-01-18 13:38:19: --> 250-AUTH=LOGIN
Thu 2007-01-18 13:38:19: --> 250-AUTH LOGIN CRAM-MD5
Thu 2007-01-18 13:38:19: --> 250-8BITMIME
Thu 2007-01-18 13:38:19: --> 250 SIZE 0
Thu 2007-01-18 13:38:19: <-- MAIL FROM: <mberg@shaw.ca>
Thu 2007-01-18 13:38:19: --> 250 <mdberg@shaw.ca>, Sender ok
Thu 2007-01-18 13:38:19: <-- RCPT TO: <bsmith@mycompany.com>
Thu 2007-01-18 13:38:19: LDAP lookup - 192.168.1.1:389 - mail,
proxyAddresses:bsmith@mycompany.com
Thu 2007-01-18 13:38:19: LDAP server says bsmith@mycompany.com is a valid
account
Thu 2007-01-18 13:38:19: --> 250 <bsmith@mycompany.com>, Recipient ok
Thu 2007-01-18 13:38:22: <-- DATA
Thu 2007-01-18 13:38:22: Creating temp file (SMTP):
c:\mdaemon\temp\md50000000003.tmp
Thu 2007-01-18 13:38:22: --> 354 Enter mail, end with <CRLF>.<CRLF>
Thu 2007-01-18 13:38:22: Message creation successful:
c:\mdaemon\inbound\md50000000004.msg
Thu 2007-01-18 13:38:22: --> 250 Ok, message saved <Message-ID: >
Thu 2007-01-18 13:38:25: <-- QUIT
Thu 2007-01-18 13:38:25: --> 221 See ya in cyberspace
Thu 2007-01-18 13:38:25: SMTP session successful (Bytes in/out: 4296/430)
Thu 2007-01-18 13:38:25: ----------

TIP: One thing to keep in mind during testing is that MDaemon keeps a cache of LDAP
lookup results. This cache is held in the \mdaemon\app\ldapcache.dat file. If you test and
find that your search filter is not working, after making changes to your settings you will need
to delete the ldapcache.dat file and restart MDaemon before retesting. If you do not, then
MDaemon will simply look in the cache, see that it had already rejected that address, and will
not attempt to perform another lookup.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

APPENDIX C – Using WebAdmin to Manage the Spam Trap
If you have configured MDaemon’s spam filter to place messages marked as spam into the
public Spam Trap folder, you need some method to manage the contents of this folder.
There are a number of ways that the administrator can access and manage spam that has
been filtered into MDaemon’s Spam Trap folder. These include using an IMAP client (i.e.
Outlook or Outlook Express), from the MDaemon interface itself, or using a browser and
accessing WebAdmin (our recommended method).
WebAdmin is a built-in browser-based administration tool for MDaemon. In addition to
allowing you to access most of MDaemon’s settings remotely, WebAdmin is an excellent tool
for managing MDaemon’s Spam Trap.

WebAdmin is accessed using a web browser by entering http://your_server_ip:1000.

For example, if the IP address of your MDaemon machine is 192.168.0.1, you would access
WebAdmin from the internal network using this URL:

http://192.168.0.1:1000

Log into WebAdmin using the credentials for the ‘postmaster’ user that you had created
during the MDaemon install.

Once logged in, the Spam Trap management page can be accessed by selecting Security -
Spam Trap Folder as shown here:

This screen will show you all of the messages that MDaemon has determined to be spam
and placed into the Spam Trap. If you see any legitimate messages that should not be
marked as spam, simply highlight the message and click the ‘Release + Copy to non spam
folder’ button as shown here:

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

This will remove the “SPAM” tag from the subject and forward the message to the intended
recipient. It will also cause a copy of the message to be examined by the Spam Filter’s
Bayesian learning engine to reduce the possibility of a similar message being incorrectly
tagged as spam in the future.

Once you have released any messages that were incorrectly classified as spam, you can
simply highlight and Delete those that remain.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca

APPENDIX D – Routing Spam to a Single Exchange Mailbox
If you would like all messages tagged as spam to be forwarded to a single mailbox on the
Exchange server, you can easily accomplish this with the use of a Content Filter rule as
follows:

Under the Security menu, select Content Filter

Create a new rule that watches the REMOTE queue for messages that contain your spam
flag in the Subject Header (i.e. **SPAM**), copies the message to the appropriate Exchange
account, then deletes the (original) message.

PHONE: (519) 633-9551 EMAIL: sales@ccsoftware.ca WEB SITE: www.ccsoftware.ca