1 / 21

E-mail Technical Coordinators Meeting

E-mail Technical Coordinators Meeting. Chris Bongaarts Steve Siirila July 13, 2005. Software Upgrades. Lyris ListManager 8.8 Procmail 3.22 Apache 1.3.33 (deployment in progress). E-mail Enhancements. Auto-whitelisting of MTAs (effective 6/14) Applies only to MTAs blocked due to rDNS

karik
Download Presentation

E-mail Technical Coordinators Meeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. E-mail Technical Coordinators Meeting Chris Bongaarts Steve Siirila July 13, 2005

  2. Software Upgrades • Lyris ListManager 8.8 • Procmail 3.22 • Apache 1.3.33 (deployment in progress)

  3. E-mail Enhancements • Auto-whitelisting of MTAs (effective 6/14) • Applies only to MTAs blocked due to rDNS • Requires at least 1 request/grant transaction • Does NOT exempt MTA from DNSBLs • Autoreply: optional effective start date (effective 6/16)

  4. E-mail Enhancements • Blocked mail reporting option (July) • User may select daily or weekly reports • Reports will be sent via e-mail at 6:15am • Covers previous 24 hour period (6am-6am) or 7 day period from Mon 6am - Mon 6am

  5. New Blocking Options (proposed) • Allow email from: • All MTAs (No false positives (FP)!) • All but insecure, known spammers, and dynamic IP ranges (Few FP) • All but insecure, known spammers, dynamic, and bad rDNS (current default) (Some FP) • All but insecure, known spammers, suspected spammers, dynamic, and bad rDNS (More FP) • Local (umn.edu) MTAs only (No FP!)

  6. Inbox Auto-filing (proposed) • Default selection criteria • Messages older than 90 days • Only mailboxes larger than 20MB • Messages appended to folder named “Archive/YYYY” where YYYY is the year of the archived message • User-selectable options • Retention term (14-365 days?) • Destination folder name/format

  7. Departmental MTA Registration • MTAs and other devices which are using the relay.tc.umn.edu service must register by 7/19 to guarantee uninterrupted service • Send IP address, type of device, and contact information to isgroup@umn.edu • As of 7/13, 383 IP addresses have been registered by 42 different departments • Cannot be used from dynamic IP addresses!

  8. Certificate-based SMTP Authentication (proposed) • Would use client-side certificates to authenticate to the SMTP gateway (smtp.umn.edu) • Would allow departments to utilize central SMTP server from multiple servers regardless of their IP addresses • Dynamic IP addresses would be allowed! • Certificates would be available from Internet Services free of charge or from commercial CAs for a fee

  9. Phase-out of clear-text passwords • Working with technical coordinators to get users set up securely • SSL roundtable discussions were held with technical coordinators on 7/7 • Non-SSL autoresponder available: • Checks current outgoing SMTP settings • Checks for recent non-SSL IMAP and POP • Mail to: ssl-test@umn.edu

  10. E-mail servers secured • Pearl designated “warehouse” server • Uses cheaper (slower) disks • Designated server for newly-created and inactive users • Aquamarine designated “insecure” server • For users not yet converted to an SSL-only configuration • Will continue to allow non-SSL IMAP/POP/FTP access through at least Aug 2005 • Garnet unchanged • All others servers secured by 7/8

  11. TELNET Usage • 70 unique TELNET users since 6/17 • Access will be shut off soon!

  12. Central Auth Hub for Apache 2 • Mod_cookieauth2 3.0a1 available at www.umn.edu/cookieauth • ALPHA! Not actually tested, but compiles okay • Special thanks to Will, Adam, and Chad

  13. Steve Siirila sfs@umn.edu 612-626-0244 Chris Bongaarts cab@umn.edu 612-625-1809 ‘Till next month…

More Related