Present: | P. Hazel, B.K. Omotani, P. Stewart, R. Stratford, J.M. Wilkins, R.J. Dowling, P. Stewart, D.P. Carter, F.A.N. Finch, C.J. Jardine, C.E. Thompson, K.M. Jeary. |
Date of next meeting: 27th August 2003 at 11:15 in C304
A number of the large free Webmail providers (e.g: Yahoo) provide the option of downloading messages from a nominated POP server. More recently we have become aware of an organisation which provides spam filtering and scoring on mail downloaded from a nominated POP server. In both cases the user is handing over their CUS or Hermes password to an untrusted third party. This is particularly unfortunate in the case of CUS where a username/password combination provides shell access to the system. This is clearly a security concern and it contravenes the IT Syndicate guidelines regarding privacy of passwords for CS systems. A suitable warning will be made in the next CS newsletter.
At the moment Hermes and PPSW are configured to send out a single warning message if a message is queued for more than 24 hours. In contrast CUS sends out a warning message after 4 hours and a second warning after 24 hours. This difference in behaviour reflects the large numbers of messages which sit on queues for a few hours because of short term quota problems caused by the very tight quota regime on Hermes. Hopefully this situation will improve with the next generation of Hermes.
The use of the IMAP and POP protocols against CUS (and mail only use of CUS) has long been discouraged with the long term aim of removing the protocols entirely. A schedule is being put together for the proposed withdrawal of IMAP and POP services in summer 2004, contingent on a successful roll out for the next generation Hermes system. New users will be blocked from using IMAP and POP on CUS immediately. The current procedure that TUS recommend for transferring mail from CUS to Hermes will not work against the Cyrus mailstore: a new procedure or automatic transfer tools will be required.
The CUS and Hermes/PPSW mail administrators all agree that adding a second URL to the bounce message (which will itself be a reference to a third URL) is rather redundant and that a better approach would be to update the document which is currently referenced by the bounce message.
DPC will liaise with SP.
Virus scanning is about to be rolled out on PPSW: documentation is currently being written to explain the policy issues.
A contiguous range of addresses has been reserved on subnet 8 for future use of PPSW. The existing PPSW systems will be moved into this range as time permits: various people who currently have fixed ideas about the set of IP addresses will need to be informed.
Work on the next generation Hermes system is proceeding satisfactorily. At the moment we have one live system (and one replica system) with 30 active users who are receiving around 6,000 messages a day. The second batch of hardware is due for delivery on June 23rd: this will provide a total of 16 live systems and one spare system. A third block of systems may be ordered later in the year: the Cyrus system (a file per message store with index and cache files, two phase expunge system and replication) has a slightly higher space overhead than expected. A dedicated backup spooling engine will be required before we can store substantial numbers of users (more than a few thousand) in the Cyrus store: the existing DLT tapes will rapidly run out of space with the expanded quotas.
The modified Cyrus mailstore provides very good compatibility with existing user agents (in particular user agents that we encourage people to use: PINE, Mulberry and Prayer).
One problem case is Outlook Express which has some particularly daft behaviour involving concurrent connections to a single mail folder which causes inconsistent cached state at the client end and causes read messages to reappear intermittently as unread. An unofficial patch does exist for Cyrus which works around this broken behaviour at the cost of additional disk and network I/O at the server end. This patch has not been accepted by the Cyrus developers as they consider this issue to be a bug in Outlook Express. The consensus of the MDCM was that we should not have to waste time and server resources supporting broken user agents and that this patch should be removed: this conclusion will be taken to the SMT meeting for approval.
Cyrus does not provide a useful implementation of the POP3 LAST extension: an obsolete command which was removed in RFC 1725. We will need to contact people who are currently using this command (typically Eudora users running in certain leave mail on server modes) in order to tell them to switch to the alternate and supported UIDL command. This is a trivial preferences change in Eudora.
A campaign will be required to deal with the unfortunately large number of people who have currently configured user agents to talk IMAP and POP to the incorrect name hermes.cam.ac.uk.
CUS has been subjected to a collateral-style spam attack for the last few weeks: on average around 100,000 bounce messages a day have been sent to random (and invalid) @cus.cam.ac.uk addresses. These messages have been rejected by CUS and ended up on the PPSW mail queues. Filtering at the PPSW end for obviously false addresses blocked out about 2/3rds of these messages.
DPC 2003-07-16