Minutes of the 128th Mail and Directory Coordination meeting held on Wednesday, 21st September 2005

Date of next meeting: 2nd November 2005 at 11:15 in C304

1. Hermes and PPSW

Plaintext access to Hermes: The security restrictions are now in place on all services (including smtp.hermes, which was delayed a few weeks). Users have been having problems with Outlook XP; the solution is to upgrade to service pack 3. The list of insecure users will be made available to the help desk.

Directory support: A new version of Prayer is ready for release. It has improved addressbook support, including hooks into the Hermes finger database and the LDAP directory. It will be rolled out after lookup.cam enters service.

2. Cammail

The old interface will remain to support 2hermes until Engineering complete their migration, which they aim to do by the end of the month.

3. Operations support for postmaster@cam.ac.uk

RJD reports that he has spoken to Gerald Foster, who has in mind a second member of staff to handle postmaster queries.

4. Mail Domains known only to ppswitch

A draft policy for managed mail domain "escape routes" has been written, and will be passed to the documentation team for publication.

The private escape route domains have been secured by separating them out of the "special routes" table, which is now for public mail domains only. However the Exchange server in King's has been set up using an escape route rather than as a first-class mail server, and many of their users have redirects set up on Hermes which prevents us from securing their escape route. We are helping them to normalize their setup in line with the policy.

5. Directory

Development milestone 2 is due on Thursday 22nd September. After this point the database will be re-populated with clean data from Jackdaw. RJD will liaise with PS. Milestone 3 is due early in October, after which the service will go live. RJD is due to give a Techlinks talk on 12th October, and there will be a notice in the Reporter.

6. Rate-limiting outgoing email

There have been a couple of incidents where a compromised system inside the University has sent floods of email out via ppswitch, causing it to be blacklisted. We now have a system to limit the rate of email sent from a given user or machine, to protect against this problem in the future. It is now running on ppswitch in testing mode to gather data and check the provisional limits. We will start enforcing the limits after term has started and we have seen higher volumes of traffic.

PS asked about various mailings which may hit the limits, including those from user admin, cert, the probing suite, and CARET. FANF clarified that the system has an exception list of machines (such as mail servers) that have larger limits than standard, and he will ensure that it covers all the common high-volume senders.