1. E-mail Technical Coordinators Meeting Chris Bongaarts Steve Siirila July 13, 2005

2. Software Upgrades Lyris ListManager 8.8 Lyris ListManager 8.8 Procmail 3.22 Procmail 3.22 Apache 1.3.33 (deployment in progress) Apache 1.3.33 (deployment in progress)

3. E-mail Enhancements Auto-whitelisting of MTAs (effective 6/14) Auto-whitelisting of MTAs (effective 6/14) –Applies only to MTAs blocked due to rDNS –Requires at least 1 request/grant transaction –Does NOT exempt MTA from DNSBLs Autoreply: optional effective start date (effective 6/16) Autoreply: optional effective start date (effective 6/16)

4. E-mail Enhancements Blocked mail reporting option (July) Blocked mail reporting option (July) –User may select daily or weekly reports –Reports will be sent via e-mail at 6:15am –Covers previous 24 hour period (6am-6am) or 7 day period from Mon 6am - Mon 6am

9. New Blocking Options (proposed) Allow email from: Allow email from: –All MTAs (No false positives (FP)!) –All but insecure, known spammers, and dynamic IP ranges (Few FP) –All but insecure, known spammers, dynamic, and bad rDNS (current default) (Some FP) –All but insecure, known spammers, suspected spammers, dynamic, and bad rDNS (More FP) –Local ( umn.edu ) MTAs only (No FP!)

10. Inbox Auto-filing (proposed) Default selection criteria Default selection criteria –Messages older than 90 days –Only mailboxes larger than 20MB –Messages appended to folder named “Archive/YYYY” where YYYY is the year of the archived message User-selectable options User-selectable options –Retention term (14-365 days?) –Destination folder name/format

11. Departmental MTA Registration MTAs and other devices which are using the relay.tc.umn.edu service must register by 7/19 to guarantee uninterrupted service MTAs and other devices which are using the relay.tc.umn.edu service must register by 7/19 to guarantee uninterrupted service Send IP address, type of device, and contact information to isgroup@umn.edu Send IP address, type of device, and contact information to isgroup@umn.edu As of 7/13, 383 IP addresses have been registered by 42 different departments As of 7/13, 383 IP addresses have been registered by 42 different departments Cannot be used from dynamic IP addresses! Cannot be used from dynamic IP addresses!

12. Certificate-based SMTP Authentication (proposed) Would use client-side certificates to authenticate to the SMTP gateway ( smtp.umn.edu ) Would use client-side certificates to authenticate to the SMTP gateway ( smtp.umn.edu ) Would allow departments to utilize central SMTP server from multiple servers regardless of their IP addresses Would allow departments to utilize central SMTP server from multiple servers regardless of their IP addresses Dynamic IP addresses would be allowed! Dynamic IP addresses would be allowed! Certificates would be available from Internet Services free of charge or from commercial CAs for a fee Certificates would be available from Internet Services free of charge or from commercial CAs for a fee

13. Phase-out of clear-text passwords Working with technical coordinators to get users set up securely Working with technical coordinators to get users set up securely SSL roundtable discussions were held with technical coordinators on 7/7 SSL roundtable discussions were held with technical coordinators on 7/7 Non-SSL autoresponder available: Non-SSL autoresponder available: –Checks current outgoing SMTP settings –Checks for recent non-SSL IMAP and POP –Mail to: ssl-test@umn.edu

14. E-mail servers secured Pearl designated “warehouse” server Pearl designated “warehouse” server –Uses cheaper (slower) disks –Designated server for newly-created and inactive users Aquamarine designated “insecure” server Aquamarine designated “insecure” server –For users not yet converted to an SSL-only configuration –Will continue to allow non-SSL IMAP/POP/FTP access through at least Aug 2005 Garnet unchanged Garnet unchanged All others servers secured by 7/8 All others servers secured by 7/8

19. TELNET Usage 70 unique TELNET users since 6/17 70 unique TELNET users since 6/17 Access will be shut off soon! Access will be shut off soon!

20. Central Auth Hub for Apache 2 Mod_cookieauth2 3.0a1 available at www.umn.edu/cookieauth Mod_cookieauth2 3.0a1 available at www.umn.edu/cookieauth www.umn.edu/cookieauth ALPHA! Not actually tested, but compiles okay ALPHA! Not actually tested, but compiles okay Special thanks to Will, Adam, and Chad Special thanks to Will, Adam, and Chad

21. ‘Till next month… Steve Siirila Steve Siirila sfs@umn.edu sfs@umn.edu 612-626-0244 612-626-0244 Chris Bongaarts Chris Bongaarts cab@umn.edu cab@umn.edu 612-625-1809 612-625-1809