e-mail technical coordinators meeting chris bongaarts steve siirila june 8, 2005
Post on 22-Dec-2015
215 views
TRANSCRIPT
E-mail Technical E-mail Technical Coordinators MeetingCoordinators Meeting
Chris BongaartsChris Bongaarts
Steve SiirilaSteve Siirila
June 8, 2005
Internet ServicesInternet Services
Directory LookupDirectory Lookup Directory ManagementDirectory Management AuthenticationAuthentication E-mailE-mail World Wide Web HostingWorld Wide Web Hosting CalendaringCalendaring U CardU Card Many others!Many others!
Directory Lookup Directory Lookup ServicesServices Web Lookup (Web Lookup (
www.umn.edu/lookupwww.umn.edu/lookup)) LDAP (LDAP (ldap.umn.eduldap.umn.edu)) PHPH FingerFinger GopherGopher WhoisWhois
Directory ManagementDirectory Management
Directory Update Tools (Directory Update Tools (www.umn.edu/dirtoolswww.umn.edu/dirtools))– Account InformationAccount Information– Credentials ManagementCredentials Management– E-mail SettingsE-mail Settings– E-mail Storage UsageE-mail Storage Usage– Blocked E-mail Display/ManagementBlocked E-mail Display/Management– Other (URL, U Card, Modem Pool, UMCal)Other (URL, U Card, Modem Pool, UMCal)
Departmental Directory Population (e.g. Departmental Directory Population (e.g. AD)AD)
Authentication Authentication ServicesServices CAH (Central Authentication Hub)CAH (Central Authentication Hub) Radius (Modem Pool, Wireless, Radius (Modem Pool, Wireless,
etc.)etc.) KerberosKerberos Authen (Internal)Authen (Internal) Shibboleth (Future)Shibboleth (Future)
E-mail ServicesE-mail Services
E-mail Services (E-mail Services ([email protected]@umn.edu))– Inbound (IMAP/POP) Inbound (IMAP/POP)
((username.email.umn.eduusername.email.umn.edu))– Outbound (SMTP)Outbound (SMTP)
Authenticated (Authenticated (smtp.umn.edusmtp.umn.edu)) Smart Relay, IP-based permission Smart Relay, IP-based permission
((relay.tc.umn.edurelay.tc.umn.edu))
Bulk/List E-mail Bulk/List E-mail ServicesServices Listserv (Listserv (lists.umn.edulists.umn.edu))
– Traditional discussion list serviceTraditional discussion list service Lyris (Lyris (ecommunication.umn.eduecommunication.umn.edu))
– AnnouncementsAnnouncements– Marketing CampaignsMarketing Campaigns– Link click-through trackingLink click-through tracking
World Wide Web World Wide Web Hosting ServicesHosting Services Web Hotel (Web Hotel (www1.umn.edu)www1.umn.edu)
– Lightweight service (HTML, CGI, PHP)Lightweight service (HTML, CGI, PHP)– Fee for serviceFee for service– Free virtual host redirectionFree virtual host redirection– JAWS offers more advanced hostingJAWS offers more advanced hosting
Personal Web (Personal Web (www.tc.umn.eduwww.tc.umn.edu))– CGI for interactive users, HTML only for CGI for interactive users, HTML only for
non-interactivenon-interactive– Free with all central accountsFree with all central accounts
Other ServicesOther Services
Calendaring (UMCal) Calendaring (UMCal) ((umcal.umn.eduumcal.umn.edu))
U Card IssuanceU Card Issuance SSL Server CertificatesSSL Server Certificates USENET Newsgroups USENET Newsgroups
((news.umn.edunews.umn.edu)) Internet Relay Chat (IRC) Internet Relay Chat (IRC)
((irc.umn.eduirc.umn.edu))
Now, on with the Now, on with the show…show…
Virus DetectionVirus Detection
Virus definition updates missed for Virus definition updates missed for some inbound and outbound serverssome inbound and outbound servers
Affected 1 of 3 inbound servers from Affected 1 of 3 inbound servers from April 16April 16thth to June 6 to June 6thth (Note: spam (Note: spam blocking generally blocks most blocking generally blocks most viruses) viruses)
Affected 2 of 3 outbound servers Affected 2 of 3 outbound servers from April 16from April 16thth to June 6 to June 6thth
Problem has been correctedProblem has been corrected
Hardware UpgradesHardware Upgrades
E-mail serversE-mail servers– Two Sun V890’s will replace four Two Sun V890’s will replace four
V440’sV440’s– Phased in over summerPhased in over summer
Directory serversDirectory servers– Four Dual-CPU Sun V210 servers to Four Dual-CPU Sun V210 servers to
support new Aphelion directorysupport new Aphelion directory– Will eventually handle load of current Will eventually handle load of current
single-CPU V210’ssingle-CPU V210’s
Inbox Auto-filing Inbox Auto-filing (proposed)(proposed) Default selection criteriaDefault selection criteria
– Messages older than 90 daysMessages older than 90 days– Only mailboxes larger than 20MBOnly mailboxes larger than 20MB
User-selectable optionsUser-selectable options– Retention term (14-365 days?)Retention term (14-365 days?)– Tool to archive on-demand by Tool to archive on-demand by
message age and/or sizemessage age and/or size
E-mail Enhancements E-mail Enhancements (mid-June)(mid-June) Auto-whitelisting of MTAsAuto-whitelisting of MTAs
– Applies only to MTAs blocked due to rDNSApplies only to MTAs blocked due to rDNS– Requires at least 1 request/grant Requires at least 1 request/grant
transactiontransaction– Does NOT exempt MTA from DNSBLsDoes NOT exempt MTA from DNSBLs
Blocked mail reporting optionBlocked mail reporting option– User may select daily or weekly reportsUser may select daily or weekly reports– Reports will be sent via e-mail at 6:15amReports will be sent via e-mail at 6:15am– Covers previous 24 hour period (6am-6am) Covers previous 24 hour period (6am-6am)
or 7 day period from Mon 6am - Mon 6am or 7 day period from Mon 6am - Mon 6am Autoreply: optional effective start dateAutoreply: optional effective start date
Messages Blocked By Reason (Past 12 Months)
0
2,000,000
4,000,000
6,000,000
8,000,000
10,000,000
12,000,000
5/3
5/24
6/14
7/05
7/26
8/16
9/06
9/27
10/1
811
/08
11/2
912
/20
01/1
001
/31
02/2
103
/14
04/0
404
/25
05/1
606
/06
Week Ending
Nu
mb
er
of
Me
ss
ag
es
Blo
ck
ed
Spamsource
Dynamic
Insecure
DNS
Bad mailfrom
Spam/Virus Blocking by Reason (May 9 - June 5)
3,033,17515.59%
4,1920.02%
12,789,96265.76%
1,142,7905.88%
2,479,97312.75%
Spam source
Dynamic
Insecure
DNS
Bad mail from
Incoming Email Statistics (Past 12 Months)
0
500,000
1,000,000
1,500,000
2,000,000
2,500,000
3,000,000
3,500,000
4,000,000
4,500,000
5,000,000
2004
0503
2004
0531
2004
0628
2004
0726
2004
0823
2004
0920
2004
1018
2004
1115
2004
1213
2005
0110
2005
0207
2005
0307
2005
0404
2005
0502
2005
0530
Week Ending
Nu
mb
er
of
Me
ss
ag
es
Accepted
User allows allemailPermitted
perm local only
Blocked
Blocked local
Relay denied
Unknown user
User inactive
Pre-init user
Temporary error
Incoming Email Statistics (May 9 - June 5)
User allows all email1%
Other1%
Temporary error1%
Accepted23%
Unknown user34%
Blocked40%
Departmental MTA Departmental MTA RegistrationRegistration MTAs and other devices which are using MTAs and other devices which are using
the the relay.tc.umn.edurelay.tc.umn.edu service must service must register to guarantee uninterrupted register to guarantee uninterrupted serviceservice
Send IP address, type of device, and Send IP address, type of device, and contact information to contact information to [email protected]@umn.edu
As of 6/7, 259 IP addresses have been As of 6/7, 259 IP addresses have been registered by 24 different departmentsregistered by 24 different departments
Cannot be used from dynamic IP Cannot be used from dynamic IP addresses!addresses!
Phase-out of clear-text Phase-out of clear-text passwordspasswords General mailings went out over the General mailings went out over the
past 3 weeks to about 15,000 userspast 3 weeks to about 15,000 users Mailings to technical coordinators Mailings to technical coordinators
went out prior to the general mailingswent out prior to the general mailings Non-SSL autoresponder available:Non-SSL autoresponder available:
– Checks current outgoing SMTP settingsChecks current outgoing SMTP settings– Checks for recent non-SSL IMAP and POPChecks for recent non-SSL IMAP and POP– Mail to: Mail to: [email protected]@umn.edu
Clear-text password Clear-text password phase-out timelinephase-out timeline June 8June 8thth
– Pearl becomes “warehouse” serverPearl becomes “warehouse” server Uses cheaper (slower) disksUses cheaper (slower) disks Designated server for inactive usersDesignated server for inactive users Allows secure IMAP/POP/FTP access onlyAllows secure IMAP/POP/FTP access only
– Move inactive users to Pearl dailyMove inactive users to Pearl daily– Move newly-active users off Pearl Move newly-active users off Pearl
dailydaily
Clear-text password Clear-text password phase-out timeline phase-out timeline (cont)(cont) June 10June 10thth
– Aquamarine becomes “insecure” serverAquamarine becomes “insecure” server Designated server for users not yet converted Designated server for users not yet converted
to an SSL-only configurationto an SSL-only configuration Will continue to allow non-SSL IMAP/POP/FTP Will continue to allow non-SSL IMAP/POP/FTP
access through at least Aug 2005access through at least Aug 2005
– Begin moving “secure” users off (ongoing)Begin moving “secure” users off (ongoing)– Begin moving “insecure” users onBegin moving “insecure” users on– New users NOT created on AquamarineNew users NOT created on Aquamarine
Clear-text password Clear-text password phase-out timeline phase-out timeline (cont)(cont) Mid-July 2005Mid-July 2005
– All servers (except Aquamarine) no All servers (except Aquamarine) no longer allow insecure IMAP/POP/FTP longer allow insecure IMAP/POP/FTP accessaccess
August 2005August 2005– Aquamarine becomes secure-only Aquamarine becomes secure-only
and is no longer special-casedand is no longer special-cased
POP users (Apr 4 - May 1)
Non-SSL11,445
59%
SSL8,08141%
POP users (May 9 - June 5)
SSL9,09747%Non-SSL
10,23053%
IMAP users (Apr 4 - May 1)
Non-SSL3,39826%
SSL9,73674%
IMAP Users (May 9 - June 5)
Non-SSL3,06423%
SSL10,018
77%
SMTP Gateway Usage (Jan 1 - Jun 5)
0
5,000
10,000
15,000
20,000
25,0001
/3
1/1
0
1/1
7
1/2
4
1/3
1
2/7
2/1
4
2/2
1
2/2
8
3/7
3/1
4
3/2
1
3/2
8
4/4
4/1
1
4/1
8
4/2
5
5/2
5/9
5/1
6
5/2
3
5/3
0
6/6
Week Ending
Nu
mb
er
of
Us
ers
Non-Auth
Auth
FTP Users (Jan 1 - June 6)
0
100
200
300
400
500
600
700
800
900
20050103
20050117
20050131
20050214
20050228
20050314
20050328
20050411
20050425
20050509
20050523
20050606
Week Ending
Nu
mb
er
of
Us
ers
Kerberos Kerberos Authentication ServiceAuthentication Service Now in production use by the new Now in production use by the new
Active Directory projectActive Directory project Contact Contact [email protected]@umn.edu if you if you
are interested in exploring use of are interested in exploring use of Kerberos for authenticationKerberos for authentication
Listserv UpgradeListserv Upgrade
Listserv upgraded to version 14.3Listserv upgraded to version 14.3– Security fixes for Web interfaceSecurity fixes for Web interface– Web interface performance Web interface performance
improvementsimprovements– Anti-spam: Lists can be made to require Anti-spam: Lists can be made to require
confirmation for non-member messagesconfirmation for non-member messages– 72 new "message templates“ allow for 72 new "message templates“ allow for
more customization of system more customization of system messagesmessages
– http://www.lsoft.com/manuals/1.8e/relnhttp://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.3-Release-Notes.htmlotes/LISTSERV14.3-Release-Notes.html
Message Management Message Management Platform (MMP) 1.1 Platform (MMP) 1.1 UpgradeUpgrade Test Aphelion Directory fully Test Aphelion Directory fully
populated and updated in real-timepopulated and updated in real-time Testing of directory and messaging Testing of directory and messaging
components continuescomponents continues New directory will run in parallel with New directory will run in parallel with
existing directory for several monthsexisting directory for several months Finalizing licensing with vendor (BT)Finalizing licensing with vendor (BT)
‘‘Till next month…Till next month…
Steve SiirilaSteve Siirila [email protected]@umn.edu 612-626-0244612-626-0244
Chris BongaartsChris Bongaarts [email protected]@umn.edu 612-625-1809612-625-1809