Computing Service Mail Support

Cyrus message store

The storage overhead is due to RAID on each of the servers, plus paired replicated servers, plus a backup server. In the event of a live server failing we can switch over to its hot spare with little down-time. For example, at the start of the Michaelmas term we lost power to all the live Cyrus machines at once. We switched over to the hot spares so that service could continue while we checked the downed machines for signs of damage.

The oldest machines have been in use since summer 2003, and are soon to be replaced.

Quotas

We are planning to increase quotas from year to year. There was a stall last year owing to compatibility problems with the RAID controllers on the newest computers.

Users with larger-than-normal quotas can fall foul of the system-wide mailbox size limit, and unfortunately (unlike the overall quota) we provide little feedback about when they are at risk of this happening. We intend to fix this or possibly remove the limit entirely. (It was crucial for performance on the old (pre-2004) Hermes system but is less of an issue now.)

Useful links:

http://www.cam.ac.uk/cs/email/limits.html

http://www.cam.ac.uk/cs/request/quota.html

Downloading

POP fails to support multiple clients both because it is designed to delete email from the server (making it inaccessible to other clients) and because it does not allow concurrent access - your account is locked to other clients (including webmail) while you are using POP.

The "keep mail on server" setting for POP is a hack that is not necessary for servers that support IMAP. If users get their POP settings wrong when setting up a new computer they can accidentally lose all their email.

Our stats indicate we have about half as many POP users as we did last year, probably as a result of the reconfiguration for mandatory secure access to Hermes. I haven't counted, but there do seem to be fewer problem reports of email lost because of POP.

A caveat about "push" notifications: this depends on client support.

Correct email software settings:

http://www.cam.ac.uk/cs/email/muasettings.html

Any Q's?

Sending

Almost all use of smtp.hermes is now securely authenticated - fewer than 50 people remain to be fixed.

The reason for preferring that people use smtp.hermes is future improvements. Anti-spam and anti-forgery mechanisms are much easier to implement for authenticated email. We may wish to tighten access to ppsw in the future, and this will be less painful if things are configured correctly in the first place.

Roaming use is subject to firewall restrictions on foreign networks. Ports 587 and 465 are most likely to work.

Configuration advice for sending email:

http://www.cam.ac.uk/cs/email/sending.html

Users without Hermes accounts should send email via their home SMTP server, just as Hermes users should send email via smtp.hermes.

ppsw is generally not recommended for use by MUAs

Mailshots

Many are sent to alumni...

Large mailshots cause spikes in load which can take a while for the virus scanners to digest, which may delay other email.

We prefer people to use lists.cam.ac.uk since it uses BCC to reduce load on ppswitch.

rate limiting

Last year we were planning to introduce rate limiting of outgoing email. This turned out to be more difficult than expected, since we need to develop a quarantining system to avoid causing problems for the bad SMTP implementations in many MUAs. This project is still stalled, though we are continuing to monitor sending rates without intervention.

Any Q's?

Addresses

Shared accounts on Hermes do not have an equivalent @cam address.

Many @cam addresses do not redirect to Hermes accounts, e.g. users @admin or @mole.

Hermes redirections changed via webmail -> manage -> redirect.

CUS is to be shut down. @cus email addresses will be transferred to a managed mail domain. The 2hermes tool on CUS helps with transferring email to Hermes.

@cam redirections changed via https://jackdaw.cam.ac.uk/cammail/.

We will set up managed mail domain for any University-related domain.

Related services linked from http://www.cam.ac.uk/cs/instadmin/.

Most department and college email servers receive email through our MX service to benefit from our anti-spam and anti-virus filtering, about which more later. We can also provide a backup MX for departments that run their own primary MX.

Long form domains work with managed mail domains and department-hosted domains.

Mailing lists

Only a few comments about mailman since proper coverage would require a whole talk of its own.

To move a list from the old system to Mailman, go to https://lists.cam.ac.uk/mailman/migrate

The "posting status" feature is derived from standard Mailman features so

Mailman is mostly self-documenting, though there is a fairly bewildering variety of options. You can usually find the option you want after some browsing through the various pages.

This screen is under "Privacy options" -> "Spam filters"

Any Q's?

Spam and virus filtering

Junk vs legitimate email

A common support question at the moment is why people are receiving spam aparrently "To:" someone else. Spammers are sending a lot of email BCCed to 10-20 people with email addresses close to each other in the alphabet, but with only the first address in the message header.

The percentages are relative to all email.

If you reduce your SpamAssassin threshold below 5 you should expect legitimate email to be mis-classified.

Spamhaus ZEN

JANET MAPS RBL+

Any last Q's?

Tony Finch <fanf2@cam.ac.uk> 21 Feb 2007: Central email services overview