Minutes of the 98th Mail and Directory Coordination meeting held on Wednesday, 17th October 2001

Date of next meeting: Wednesday 28th November at 11:15 in Au310

1. Finger on Hermes and the DPA

The finger program on Hermes does not currently have any interface to the list of people who have elected to be ex-directory. Consequently the "search by name" feature can be used to bypass the opt-out mechanism which exists for the Jackdaw search page. While this is not necessarily incompatible with the DPA, given the blocks on finger which exist at the CUDN router boundary, it would have to be advertised widely. After some discussion it was decided to replace the "search by name" feature with a message which points people at the Jackdaw search page. If this causes significant inconvenience it may prove necessary to put together some kind of interface to the directory opt-out mechanism on Jackdaw.

2. Use of the Janet RBL Slave

It was proposed that we start to use the RSS component of the Janet RBL slave service to block potential spam rather than just adding X-RBL-Warning headers to messages which trigger the RSS list. CET presented some analysis that suggested that this might block as much as 50% of the spam that he receives. It is far more difficult to gauge just how many false positives the RSS list is likely to throw up. The RBL list maintainers do appear to be rather more responsible that the maintainers of the (now-defunct) ORBS list. However the only real way to find out will be to try blocking for a short time and see who complains.

3. Webmail interface

Development work on Prayer is taking a little longer than we had hoped. There are two main reasons for this.

• TUS picked up on a number of subtle problems with the user interface, which have been fixed or at least alleviated.
• There are some intermittent and still unresolved problems using the OpenSSL library in some of the more exotic modes of operation. However there is a safe mode of operation which appears to work just fine, if a little less efficiently than the optimum cases.

4. W32/SirCam and anti-virus attachment blocking

We are still seeing large numbers of SirCam and similar double extension viruses on CS mail systems. Consequently the block on executable attachments is still in place on Hermes, although we hope to be able to remove it soon. In the three months that the filter has been in place mail-support have only received a single complaint about the blocks. This was about the imprecise nature of the blocks (implemented using Exim system filter files) rather than the blocks themselves. There have also been a number of complaints that CUS does not implement a similar blocking regime. This indicates that there might be quite a lot of user support for implementing some more complete and correct form of attachment sweeping and virus detection.

5. User Agents

Pine 4.40 has been released, complete with support for SSL and TLS, but also a number of bugs. Pine 4.41 should be released shortly. There was a short discussion about problems with repeat message sending in Mulberry v2. It is believed that this problem is fixed in the latest version.

6. A.O.B

6.1 Phone Book

The University Telecoms Office have a special script written by Phil Radden to expand their internal representations of University institutions into mail domain names. John Line has been in communication with them about ways in which this script can be improved. DPC has volunteered to run simple sanity checks to make sure that @cam and similar addresses which appear in the phone book listing correspond to at least valid, allocated CRSids.

6.2 Password reset

1051 passwords were reset on Hermes, 112 on CUS and 35 on Thor at 11am on 19th October following security incidents in Trinity and Emmanuel colleges.

6.3 Cambridge mail servers blocked by Freeserve

Mail systems in Cambridge including everything on subnet 8 (Hermes, PPSW, CUS and Thor) and probably other mail systems ended up on a manually maintained block list used by one of the two mail exchangers used by Freeserve. It is likely that this was simply operator error on the part of Freeserve, however no explanation has been forecoming.

6.4 csl.pschol.cam.ac.uk mail relay attack

The mail server for "csl.psychol.cam.ac.uk" ended up running as an open mail relay after an operating system upgrade. The open relay was discovered and exploited over the weekend of 12th to 14th October with many thousands of messages. Janet CERT received at least 60 complaints. The mail server was placed behind an SMTP block on the morning of 14th October and is now setup for mail hubbing. The system administrators have been pointed towards Exim.