Minutes of the 127th Mail and Directory Coordination meeting held on Wednesday, 10th August 2005

Date of next meeting: 21st September 2005 at 11:15 in C304

1. Hermes and PPSW

All systems running SuSE 9.0 have been upgraded to SLES 9. An SSL certificate was purchased from Globalsign for testing purposes as our existing certificates from Thawte are rather expensive when large clusters of machines are involved. Most Web browsers and mail user agents recognise Globalsign as a signing authority. Unfortunately Eudora on Windows does not (the user has to accept the certificate). Neither do mail user agents such as PINE which use the standard OpenSSL certificate bundle on SuSE.

2. Plaintext access to Hermes

Telnet, rlogin and FTP access to Hermes was removed on 4th July. We are now ready to start phasing out support for insecure IMAP, POP and SMTP access (and also backwards compatibility for ~/mail/). Newly created accounts and recently created accounts which are not yet active will be blocked as soon as an announcement is made. The Macintosh version of Mulberry version 4 has some problems with SSL connections. For the time being people will be encouraged to use version 3.

3. Cammail

The old interface is now shut down, apart from a vestigial service for the 2hermes command.

4. Operation support for Postmaster@cam.ac.uk

Concern was expressed about the lack of holiday cover for the single operator who is fielding queries to postmaster@cam.ac.uk. RJD is investigating.

5. Mail domains known only to PPSW

A number of mail domain names intended for internal use are implemented on PPSW but (deliberately) have no MX record in the DNS. These names are used by certain managed mail domains as an escape route to forward mail onto systems running some form of autoresponder or ticket tracking system. At the moment any mail message routed through PPSW can reference these special names: this needs to be tightened up using access control rules. The use of and restrictions on these escape routes also needs to be properly documented in leaflet G14.

6. Directory

The new directory system is currently being reimplemented.

7. Shared accounts on Hermes

Webmail derives the default "From:" address for a user from the global setting "default_domain", which is set to cam.ac.uk. This is correct for most Hermes users, but must be changed to hermes.cam.ac.uk for shared Hermes accounts. The documentation for shared accounts needs to draw more attention to this disparity.