Minutes of the 118th Mail and Directory Coordination meeting held on Wednesday, 21st July 2004.

Date of next meeting: 1st September 2004 at 11:15 in Au310

1. Hermes and PPSW

hermes.cam.ac.uk (the telnet/SSH service) is now a pair of Linux boxes running SuSE 9.1. Hermes useradmin scripts have been transplanted from the old Hermes admin server prism to the new admin server canvas, which is another Linux server.

The PPSW systems have all now been renumbered into the reserved address range 131.111.8.128/27. SMTP callouts to verify sender addresses and tighter conformance to the SMTP protocol appear to have made a substantial difference to the amount of spam and viruses that PPSW accepts (before spam scoring and virus scanning kick in), and the amount of junk stuck on PPSW mail queues. These additional checks are causing a steady trickle of support queries to postmaster@hermes regarding legitimate mail (although less than expected). We need to review the situation at the next MDCM.

2. Decommissioning IMAP and POP on CUS

Around 216 people are left using IMAP and POP against CUS (in the week leading up to 19th July). A final warning will be sent to remaining IMAP and POP users mid August; this will be preceeded by a message to the ucam-itsupport list. imap.cus.cam.ac.uk and pop.cus.cam.ac.uk will both be removed on September 1st. smtp.cus.cam.ac.uk (currently pointing at PPSW) will probably be removed at the same time: this will be discussed at the next CUS planning meeting on 23rd July.

3. Purging spam folders

The automatic spam purge facility has been rolled out on Hermes and is enabled by default for all users. Most users can change the spam purge timeout (or disable the purge entirely) using the Webmail interface; this is not currently available for users with manual Sieve filters.

4. Mailing lists

The MDCM reviewed the current wishlist for the @lists system. It was concluded that a test installation of one of the popular mailing list managers (Mailman or Majordomo 2) would provide practical experience and a feel for the features which are typically available compared the features the current system provides and the additional features that we desire.

5. Email forgery protection

FANF presented a possible scheme which would prevent forgery of Hermes sender addresses on the CUDN (and also for remote sites which implement sender callouts to verify sender addresses against PPSW), using cryptographically secure signatures within the address. This would eliminate collateral spam bounces and could be an effective solution to the general spam forgery problem if it was widely implemented at other sites. The two major stumbling blocks to this scheme are mailing lists which use the envelope sender address for authorisation ("RESTRICTED" in @lists parlance), and automatic filtering of messages by envelope sender.