1. E-mail Technical Coordinators Meeting Chris Bongaarts Steve Siirila June 8, 2005

2. Internet Services Directory Lookup Directory Lookup Directory Management Directory Management Authentication Authentication E-mail E-mail World Wide Web Hosting World Wide Web Hosting Calendaring Calendaring U Card U Card Many others! Many others!

3. Directory Lookup Services Web Lookup (www.umn.edu/lookup) Web Lookup (www.umn.edu/lookup)www.umn.edu/lookup LDAP ( ldap.umn.edu ) LDAP ( ldap.umn.edu ) PH PH Finger Finger Gopher Gopher Whois Whois

4. Directory Management Directory Update Tools (www.umn.edu/dirtools) Directory Update Tools (www.umn.edu/dirtools)www.umn.edu/dirtools –Account Information –Credentials Management –E-mail Settings –E-mail Storage Usage –Blocked E-mail Display/Management –Other (URL, U Card, Modem Pool, UMCal) Departmental Directory Population (e.g. AD) Departmental Directory Population (e.g. AD)

5. Authentication Services CAH (Central Authentication Hub) CAH (Central Authentication Hub) Radius (Modem Pool, Wireless, etc.) Radius (Modem Pool, Wireless, etc.) Kerberos Kerberos Authen (Internal) Authen (Internal) Shibboleth (Future) Shibboleth (Future)

6. E-mail Services E-mail Services ( user@umn.edu ) E-mail Services ( user@umn.edu ) –Inbound (IMAP/POP) ( username.email.umn.edu ) –Outbound (SMTP) Authenticated ( smtp.umn.edu ) Authenticated ( smtp.umn.edu ) Smart Relay, IP-based permission ( relay.tc.umn.edu ) Smart Relay, IP-based permission ( relay.tc.umn.edu )

7. Bulk/List E-mail Services Listserv ( lists.umn.edu ) Listserv ( lists.umn.edu ) –Traditional discussion list service Lyris ( ecommunication.umn.edu ) Lyris ( ecommunication.umn.edu ) –Announcements –Marketing Campaigns –Link click-through tracking

8. World Wide Web Hosting Services Web Hotel ( www1.umn.edu) Web Hotel ( www1.umn.edu) –Lightweight service (HTML, CGI, PHP) –Fee for service –Free virtual host redirection –JAWS offers more advanced hosting Personal Web ( www.tc.umn.edu ) Personal Web ( www.tc.umn.edu ) –CGI for interactive users, HTML only for non- interactive –Free with all central accounts

9. Other Services Calendaring (UMCal) ( umcal.umn.edu ) Calendaring (UMCal) ( umcal.umn.edu ) U Card Issuance U Card Issuance SSL Server Certificates SSL Server Certificates USENET Newsgroups ( news.umn.edu ) USENET Newsgroups ( news.umn.edu ) Internet Relay Chat (IRC) ( irc.umn.edu ) Internet Relay Chat (IRC) ( irc.umn.edu )

10. Now, on with the show…

11. Virus Detection Virus definition updates missed for some inbound and outbound servers Virus definition updates missed for some inbound and outbound servers Affected 1 of 3 inbound servers from April 16 th to June 6 th (Note: spam blocking generally blocks most viruses) Affected 1 of 3 inbound servers from April 16 th to June 6 th (Note: spam blocking generally blocks most viruses) Affected 2 of 3 outbound servers from April 16 th to June 6 th Affected 2 of 3 outbound servers from April 16 th to June 6 th Problem has been corrected Problem has been corrected

12. Hardware Upgrades E-mail servers E-mail servers –Two Sun V890’s will replace four V440’s –Phased in over summer Directory servers Directory servers –Four Dual-CPU Sun V210 servers to support new Aphelion directory –Will eventually handle load of current single-CPU V210’s

13. Inbox Auto-filing (proposed) Default selection criteria Default selection criteria –Messages older than 90 days –Only mailboxes larger than 20MB User-selectable options User-selectable options –Retention term (14-365 days?) –Tool to archive on-demand by message age and/or size

14. E-mail Enhancements (mid-June) Auto-whitelisting of MTAs Auto-whitelisting of MTAs –Applies only to MTAs blocked due to rDNS –Requires at least 1 request/grant transaction –Does NOT exempt MTA from DNSBLs Blocked mail reporting option Blocked mail reporting option –User may select daily or weekly reports –Reports will be sent via e-mail at 6:15am –Covers previous 24 hour period (6am-6am) or 7 day period from Mon 6am - Mon 6am Autoreply: optional effective start date Autoreply: optional effective start date

19. Departmental MTA Registration MTAs and other devices which are using the relay.tc.umn.edu service must register to guarantee uninterrupted service MTAs and other devices which are using the relay.tc.umn.edu service must register to guarantee uninterrupted service Send IP address, type of device, and contact information to isgroup@umn.edu Send IP address, type of device, and contact information to isgroup@umn.edu As of 6/7, 259 IP addresses have been registered by 24 different departments As of 6/7, 259 IP addresses have been registered by 24 different departments Cannot be used from dynamic IP addresses! Cannot be used from dynamic IP addresses!

20. Phase-out of clear-text passwords General mailings went out over the past 3 weeks to about 15,000 users General mailings went out over the past 3 weeks to about 15,000 users Mailings to technical coordinators went out prior to the general mailings Mailings to technical coordinators went out prior to the general mailings Non-SSL autoresponder available: Non-SSL autoresponder available: –Checks current outgoing SMTP settings –Checks for recent non-SSL IMAP and POP –Mail to: ssl-test@umn.edu

21. Clear-text password phase-out timeline June 8 th June 8 th –Pearl becomes “warehouse” server Uses cheaper (slower) disks Uses cheaper (slower) disks Designated server for inactive users Designated server for inactive users Allows secure IMAP/POP/FTP access only Allows secure IMAP/POP/FTP access only –Move inactive users to Pearl daily –Move newly-active users off Pearl daily

22. Clear-text password phase-out timeline (cont) June 10 th June 10 th –Aquamarine becomes “insecure” server Designated server for users not yet converted to an SSL-only configuration Designated server for users not yet converted to an SSL-only configuration Will continue to allow non-SSL IMAP/POP/FTP access through at least Aug 2005 Will continue to allow non-SSL IMAP/POP/FTP access through at least Aug 2005 –Begin moving “secure” users off (ongoing) –Begin moving “insecure” users on –New users NOT created on Aquamarine

23. Clear-text password phase-out timeline (cont) Mid-July 2005 Mid-July 2005 –All servers (except Aquamarine) no longer allow insecure IMAP/POP/FTP access August 2005 August 2005 –Aquamarine becomes secure-only and is no longer special-cased

30. Kerberos Authentication Service Now in production use by the new Active Directory project Now in production use by the new Active Directory project Contact isgroup@umn.edu if you are interested in exploring use of Kerberos for authentication Contact isgroup@umn.edu if you are interested in exploring use of Kerberos for authentication isgroup@umn.edu

31. Listserv Upgrade Listserv upgraded to version 14.3 Listserv upgraded to version 14.3 –Security fixes for Web interface –Web interface performance improvements –Anti-spam: Lists can be made to require confirmation for non-member messages –72 new "message templates“ allow for more customization of system messages –http://www.lsoft.com/manuals/1.8e/relno tes/LISTSERV14.3-Release-Notes.html http://www.lsoft.com/manuals/1.8e/relno tes/LISTSERV14.3-Release-Notes.htmlhttp://www.lsoft.com/manuals/1.8e/relno tes/LISTSERV14.3-Release-Notes.html

32. Message Management Platform (MMP) 1.1 Upgrade Test Aphelion Directory fully populated and updated in real-time Test Aphelion Directory fully populated and updated in real-time Testing of directory and messaging components continues Testing of directory and messaging components continues New directory will run in parallel with existing directory for several months New directory will run in parallel with existing directory for several months Finalizing licensing with vendor (BT) Finalizing licensing with vendor (BT)

33. ‘Till next month… Steve Siirila Steve Siirila sfs@umn.edu sfs@umn.edu 612-626-0244 612-626-0244 Chris Bongaarts Chris Bongaarts cab@umn.edu cab@umn.edu 612-625-1809 612-625-1809