######################################################################## # # Overview of the central email services # Wednesday 2004-10-13 # # $Cambridge: hermes/doc/talks/2004-10-techlinks/talk.mgp,v 1.9 2004/10/13 14:16:49 fanf2 Exp $ # ######################################################################## # %deffont "standard" tfont "standard.ttf", size 5 %deffont "thick" tfont "thick.ttf" %deffont "typewriter" tfont "typewriter.ttf" # %default 1 area 90 90, leftfill, size 2, fore "black", back "white", font "thick" %default 2 size 7, vgap 10, prefix " " %default 3 size 2, bar "gray70", vgap 10 %default 4 fore "black", vgap 30, prefix " ", font "standard", size 6 # %tab 1 prefix " ", icon box "gray30" 50 %tab 2 prefix " ", icon delta3 "grey30" 50 %tab note icon dia "grey30" 50 # ######################################################################## %page %nodefault, center, fore "black", back "white", font "thick", size 8 An overview of the central email services %size 6 TechLinks 2004-10-13 %font "standard", size 5 Tony Finch Mail Support University of Cambridge Computing Service # # Lots of changes over the last year. # Most of the talks we have given have been quite technical. # This will be a quick overview of the services we provide, # with particular attention to best practices. # ######################################################################## %page Hermes %center %newimage "hermes-shuttle.jpg" # # Picture of the ESA shuttle proposed by the French. # # The main email service to which # everyone is given an account by default. # ######################################################################## %page Hermes features %size 5 Large central message store Fetch messages using IMAP or POP Send messages using SMTP No reconfiguration for roaming users secure settings are required Centrally-provided MUAs webmail + Pine Shared accounts # # The list on this slide is also a table of contents # for this part of the talk. # # I'm going to be talking about recommended configurations # for the various parts of the service, # and recent improvements and other notable things. # ######################################################################## %page New Hermes quotas 250 MB storage per user more available when justified 25 MB maximum message size 250 MB maximum mailbox size 100 MB filestore quota for Pine users # # Everything is based on the message store # but in itself it is mostly invisible to users # so I won't say very much about it. # # It provides a good point to mention the current standard quotas. # # Note that in addition to the above we also keep a limited amount # of deleted email for a limited period of time, to make it possible # to recover from accidents. # ######################################################################## %page POP %center %newimage "vimto.png" ######################################################################## %page Don't use POP Easy to accidentally lose email Very inefficient to keep mail on server Does not work well with webmail No concurrent access Security is optional # # POP is designed to download all your email from the server to a # workstation and delete it from the server. Most people want to keep # their email on the server (e.g. they want to be able to use webmail # sometimes); POP does not support this but can be abused to do so. # # RFC 1939 has a summary of the performance problems with POP. # # Many of the requests we get for recovery of email are caused # by people misconfiguring a POP client which unexpectedly # deletes all their email. They often have to hunt around to find # the machine responsible before we can recover their email # without it being immediately deleted again. # # There are some other minor problems. # # If people run two POP clients at the same time they often clash # with each other because only one POP download can happen at a time. # # POP does not keep track of information like whether a message # is New/Important/Answered etc. # ######################################################################## %page POP settings Server: pop.hermes.cam.ac.uk Port: (STLS or insecure) 110 Port: (TLS-on-connect aka SSL) 995 %size 5 http://www.cam.ac.uk/cs/email/muasettings.html # # For completeness. # # There are two ways of adding security to a protocol: # # The old way is to use a different port and run the whole thing over # TLS. In those days TLS was known as SSL, so SSL is often used to # refer to this mode, but TLS-on-connect is a more accurate name. # # The more modern way is to save port numbers by adding a command # (such as STARTTLS) to the protocol which allows you to restart the # conversation on top of TLS inside the same connection. The # disadvantage of this mode is that it's less obvious that you have # the security settings correct. # # Make sure you say "this server requires a secure connection" # ######################################################################## %page IMAP %center %newimage "eye-map.png" # # Use IMAP not POP. # ######################################################################## %page Advantages of IMAP Email is kept on the server Webmail and Pine are IMAP clients Concurrent access works STARTTLS support is required # # More difficult to delete email accidentally. # Servers have better backups than workstations. # # People can switch between webmail and Pine and the MUA on their # workstation without problems. # # The standard requires support for secure connections, which # implies more widespread support from implementations. # ######################################################################## %page IMAP settings Server: imap.hermes.cam.ac.uk Port: (STARTTLS or insecure) 143 Port: (TLS-on-connect aka SSL) 993 %size 5 http://www.cam.ac.uk/cs/email/muasettings.html # # Similar to the settings for POP. # # Make sure you say "this server requires a secure connection" # ######################################################################## %page Sending email %center %newimage "post-box.jpg" # # The main news is that roaming users are now properly supported. # # Configure your email software once and use it anywhere! # ######################################################################## %page Roaming message submission Port 25 is often blocked Cambridge .... or intercepted Freeserve & heavily restricted for foreign hosts Email from MUAs may need fix-ups Message-ID:, Sender: # # We used to authorize message submission based on IP address -- you # could only use smtp.hermes if you were inside the University. Now we # support authentication based on username and password, so you are # authorized to send email from anywhere. # # In order for this to work properly it has to bypass anti-spam # protections which assume email is transported on port 25. So the new # recommended settings use different port numbers. # ######################################################################## %page SMTP settings Server: smtp.hermes.cam.ac.uk Port: (STARTTLS or insecure) 587 Port: (TLS-on-connect aka SSL) 465 %size 5 http://www.cam.ac.uk/cs/email/muasettings.html # # Again it's similar to POP and IMAP. # However the port numbers are unfamiliar -- # port 25 is now discouraged, although it still works. # # Unlike for POP and IMAP you often have to dig through "Advanced" # panels to make all of the correct settings. # # Good software will generally work with port 587, so try that first. # Microsoft software will need port 465. If you choose port 465 with # software that uses STARTTLS rather than TLS-on-connect it will hang! # # Make sure you say "this server requires a secure connection" # if you don't you may encounter some of the problems I was just # talking about. # ######################################################################## %page MUAs: webmail and Pine %center %newimage "moo.jpg" # # Advantage: no configuration necessary # Disadvantages: # webmail is lowest-common-denominator # Pine is retro # ######################################################################## %page Webmail - https %center %newimage "webmail-login.png" # # Note the use of httpS in the URL, for security. # # I'm not going to say much about webmail because little has changed. # ######################################################################## %page Webmail - account management %center %newimage "webmail-manage.png" # # Webmail is now the only way to change your Hermes password # and email filtering options. # # Management facilities are generally becoming more and more webby. # More about that in a moment. # ######################################################################## %page Pine - ssh %center %newimage "putty.png" # # One thing particularly worth noting about Pine is that everyone # should be encouraged to use the secure shell to access it. # PuTTY is easy to install and use. # ######################################################################## %page Pine - files %center %newimage "ms-files.png" # # The Hermes file store which you can access with option 3 # of the menu system is now basically vestigial -- it's # just for storing, uploading, downloading attachments from Pine. # You can no longer use scp or ftp to access your folders: # you have to use webmail, or some other IMAP client. # ######################################################################## %page @cam email routing %center %newimage "camshaftlobe.jpg" # # Another example of webification of management tools is the new # facility for configuring the destination of email sent to your # @cam address. In the past @cam email could only go to one of # a small number of other systems, but now it's more general. # # Most people's @cam email goes to Hermes, # but @cam does not imply @hermes or vice versa. # This is liable to cause confusion. # # The process is self-explanatory. # There's also an item in the current newsletter. # ######################################################################## %page @cam email routing %center %newimage "cammail-jackdaw.png" ######################################################################## %page @cam email routing %center %newimage "cammail-raven.png" ######################################################################## %page @cam email routing %center %newimage "cammail-jackdaw-2.png" ######################################################################## %page @cam email routing %center %newimage "cammail-jackdaw-3.png" # # Note the warning text. If you direct your @cam email to a system # outside the University we will be much less able to help if there # are problems. # ######################################################################## %page @cam email routing %center %newimage "cammail-jackdaw-4.png" ######################################################################## %page @cam email routing %center %newimage "cammail-jackdaw-5.png" ######################################################################## %page @cam email routing %center %newimage "cammail-jackdaw-6.png" ######################################################################## %page @cam email routing %center %newimage "cammail-hermes.png" # # If you have a Hermes account you should avoid confusion # by configuring it to redirect to the same place # via the webmail manage screen. # ######################################################################## %page Junk email %center %newimage "junk.jpg" # # In other news: We've made a number of improvements to the # University's anti-spam setup over the summer. # # Most notably we're doing stricter email address validity checking. # # Upgraded to SpamAssassin 3 before the start of term. # ######################################################################## %page Spam statistics %center %newimage "spamgraph.png" # # We've also been collecting more detailed perfomance data. # # 80% junk # Rejecting over a million messages each day. # About 15% of the email we accept is spam according to SpamAssassin. # # There's some more detail in the current newsletter. # ######################################################################## %page Configuring spam filtering %center %newimage "webmail-spam.png" # # Filtering spam is still done via webmail as before. # # You should not use a threshold less than 5 unless you are really # sure. The new SpamAssassin is rather better at identifying spam so # if you have a low threshold you should try raising it. # ######################################################################## %page Lists and Domains %center %newimage "ms-top.png" # # Not webified yet -- managed through the Hermes menu system. # Use ssh! # # Just to make sure you know where to find out more. # ######################################################################## %page Mailing lists %center %newimage "list.jpg" # # About 4000 mailing lists. # # for university societies announcements and discussion # for keeping students informed # for contact addresses (e.g. administrative staff) # ######################################################################## %page Mailing lists Documentation %size 5 http://www.cam.ac.uk/cs/docs/leaflets/g90/ %size 6 Announcement lists moderated Discussion lists closed Contact lists open # # Using lists for contact addresses is good, because if there's a # delivery problem the failure reports go to the list manager rather # than the person who sent the message, which helps to keep a # professional appearance. Works well with managed mail domains. # ######################################################################## %page Managed mail domains %center %newimage -zoom 150 "mains.jpg" # # Over 150 managed mail domains, including ucs.cam.ac.uk. # Much simpler than running your own email server! # ######################################################################## %page Managed mail domains Documentation %size 5 http://www.cam.ac.uk/cs/docs/eleaflets/g25/ %size 6 Friendly name addresses tony.finch@ucs.cam.ac.uk Role addresses mail-support@ucs.cam.ac.uk Friendly list aliases institution-liaison@ucs -> cs-il@lists # # Institution liaison is a good example of using a mailing list as a # contact address. # ######################################################################## %page Miscellaneous things %center %newimage "bits.jpg" # # Finally the last few services that we provide # ######################################################################## %page Miscellaneous things Incoming and outgoing relays mx.cam.ac.uk / ppsw.cam.ac.uk Support for email sysadmins mail-support@ucs.cam.ac.uk Re-organized email documentation http://www.cam.ac.uk/cs/email # # Many departmental and college email servers receive incoming email # vi mx.cam.ac.uk, in order to benefit from the anti-spam and # anti-virus protection. # # Outgoing email should in general be sent via ppsw.cam.ac.uk # This includes email from department and college email servers, # or from web servers, or any other server that may emit email. # smtp.hermes should only be used for email from MUAs. # # ######################################################################## %page That's all, folks %center %newimage -zoom 75 "hermes.jpg" http://www.cus.cam.ac.uk/~fanf2/ mail-support@ucs.cam.ac.uk # ########################################################################