| Present: |
P. Hazel,
D.P. Carter,
R.J. Dowling,
F.A.N. Finch,
K.M. Jeary,
R.A.W. Mee, P. Stewart, C.E. Thompson, J.M. Wilkins |
| Apologies: | B.K. Omotani |
Date of next meeting: 14th December 2005 at 11:15 in C304
One of the new Cyrus SATA systems had some hardware problems at the start of October (it was immediately relegated to the role of replica system). The supplier came in three days in a row to replace motherboards (twice) and a RAID controller card, and the system appears to be fine now. The partner SATA system also hung once on the morning of November 1st: it is not clear yet whether this is a hardware or software problem.
The syslog daemon on Canvas (the mail cluster install server, also responsible for Hermes user and password maps) had an amusing habit of hanging every few weeks. This caused any program on the system which calls syslog (including SSH, cron and Exim) to hang. A similar problem was seen less frequently on the PPSW systems. In both cases the syslog daemon receives a great deal of traffic because of statistics gathering scripts. The cause is a bug involving a timer in the syslog daemon which does nothing more exciting than generate log entries every 20 minutes if no other activity is recorded. This is not useful on big multiuser systems and has been disabled on Canvas and PPSW.
hermes-1 (the live Webmail and SSH server) was running rather tight on memory, mostly because people do not log out from Webmail when they have finished despite the constant encouragement to do so. Session timeouts have been reduced from 20 to 15 minutes on most screens, and from 4 hours to 3 hours on the compose screen. A better long term solution is probably to add more memory to the Webmail server system.
Interfaces to the LDAP directory and Hermes finger database were added to the Webmail system over the summer. The interface to the finger database was released just before the start of term, the release of the LDAP interface was deferred for a couple of weeks to allow for the official announcement of the pilot LDAP service.
The replacement @lists mailing lists system will be based on Mailman. Some time was spent looking at the only obvious alternative to Mailman (Sympa) over the summer. Both programs have a number of serious problems, particularly when large numbers of mailing lists are involved. Mailman appears to be the better choice at the current time, although it is certainly not perfect. The new @lists system will need careful documentation.
FANF has written a document explaining the use of the two SMTP smarthost services smtp.hermes.cam.ac.uk and ppsw.cam.ac.uk, with particular regard to the move to encrypted and authenticated SMTP on smtp.hermes.cam.ac.uk. These have been sent to the Help Desk and Information Provision Group for review.
We are accumulating lists of users who are making insecure IMAP/POP or SMTP access to Hermes. At the moment there are 7,700 users making insecure connections from the University Network and 2,600 users making insecure connections from outside the CUDN, a total of 9,100 users with some crossover. There are also 500 people sending mail through smtp.hermes with no obvious connection to a Hermes account. It would seem sensible to try and deal with the internal users one institution at a time in consultation with the relevant college or department computer officers.
It is unknown whether Engineering completed their migration to Hermes by the end of September as they planned.
Cover for the single member of operations staff who was fielding queries to postmaster@cam.ac.uk has been arranged.
It will take a few months for Kings to rationalise the use of the special route name which was intended for purely internal use within PPSW.
Milestone 2 has been released and Milestone 3 is due soon. RJD gave two lengthy presentations to the Techlinks. The current quality of data imported into the directory is not good: individuals and institutions will need to check their data. Engineering have supplied 1400 email addresses which have been integrated, after some teething problems.
Further work is required to deal with the cancellation of both individual users and entire institution nodes. This will require proper integration with Jackdaw.
The exception list of legitimate hosts that are generating bulk email is still being generated. FANF proposes to contact the alumni offices directly as they are the main cause of legitimate bulk email.
Cyrusoft International have filed for Chapter 7 bankruptcy, so Mulberry is now effectively end of life. We expect that it will continue to be used widely within the University for a couple of years. Unfortunately the source code cannot be released (allowing us to fix security problems directly ourselves) because of various licensing issues.
Apple Mail on MacOS and Outlook on Windows are both reasonable IMAP user agents which can be used as replacements for Mulberry. In contrast, Outlook Express and Entourage are designed as POP clients and are known to have problems with IMAP. Thunderbird is the one cross platform user agent which is available on Windows, MacOS and Linux platforms. Its use should be investigated, particularly on the PWF where we need to support all three platforms.
DPC 2005-11-07