Hermes and ppsw Migration to new Hermes The migration of users to the new Hermes message store is almost complete. Over 30,000 people have been moved and only a few hundred tricky cases remain, mostly users with misconfigured software. There remains a fair amount of work to do on this project, in particular completing the replacement of old infrastructure such as the user administration software. This is by-and-large not visible to users. New smtp.hermes service One significant part of Hermes that we are working on but which has not yet moved to the new infrastructure is the message submission service, smtp.hermes.cam.ac.uk. One effect of this is that there is still a 4MB limit on the size of individual outgoing messages. Incoming messages have a more generous 10MB limit, which will also apply to outgoing messages when smtp.hermes has been upgraded. The new smtp.hermes will also have greatly improved support for users working at home or who are travelling. By configuring your email software to use secure SMTP (encryption and authentication) you will be able to use the same settings anywhere. The service will be listening on the standard ports 25 (SMTP) and 587 (message submission) and the nonstandard 465 (SMTPS). These options allow you to use smtp.hermes even if your ISP blocks or intercepts port 25, or if your MUA software does TLS negotiation immediately after connecting instead of after a STARTTLS command. Anti-spam and anti-virus changes The new smtp.hermes is part of the upgrade to our central email hub, ppsw. As well as routing email around the University, ppsw does anti-spam scanning and anti-virus filtering. The upgrade will include a more recent version of SpamAssassin which will improve the spam scoring system. We are also making a clearer distinction between internal email and email coming in from outside the University, to give us a wider choice of anti-spam technology. We are also making improvements to the anti-virus filter. We are now running two AV engines, the commercial McAfee software from NAI labs (for which the University has a site licence) and the open source ClamAV software (which tends to be updated do deal with new viruses faster than McAfee). The filter is also providing CERT with information about infected computers within the University. Email service IP addresses We are also rationalizing the IP addresses assigned to ppsw, to make it easier for departments and colleges to configure their firewalls and email access controls in a way that is much less sensitive to operational changes made by the Computing Service. In the past, any change we have made to the set of ppsw machines has required co-ordination with computer officers who have strictly configured firewalls etc; we hope this won't be necessary in the future. The address range 131.111.8.128/27 has been assigned for the sole use of ppsw, and we are in the process of moving the machines from their old addresses into this range. When this is finished, institutions with "hubbed" email servers may restrict connections to come from this range only. Because of the regrettable quantity of bad software in use on the CUDN that cannot be configured with a hostname (ppsw.cam.ac.uk) as the destination for all email, we have also assigned a stable IP address 131.111.8.129 to be used instead. This will be available when the renumbering is complete. There is a brief overview of ppsw's various functions, names, and addresses as is planned for mid-2004 on the web at: http://www.cus.cam.ac.uk/~fanf2/hermes/doc/misc/ppsw.txt $Cambridge: hermes/doc/newsletter/2004-04-ppsw.txt,v 1.2 2004/03/30 17:12:51 fanf2 Exp $