| CAHA Mail Description Document |
|
With the present document, we try to describe how a so important service, as it
is the Mail System, works within the Centro Astronómico Hispano-Alemán (CAHA)
computer infraestructure. We hope the information given here will be useful for
all users using this service. Anyway, if you have any problem or doubt, the
Computer Department is at your disposal for any question.
For any problem or suggestion, you can contact any of the Computer Department personnel at:
If you are calling from outside CAHA, the main telephone is: 950632500. If you
want to contact any of the above personnel directly, just swap the last 500 by
the extension given up there.
You have also the normal account
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
(abuse on mail) and
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
(problems), for any kind of
situation you have to use them.
You can see here the main Computer Departmen web page.
The Computer Department will always try, if possible,
offering an uninterrupted mail service. Anyway, if there is a need for stopping
it, this need will be communicated as soon as possible. However, the potential
problems that could arise, could prevent this notice. We will try, as well, to
avoid, always if possible, any kind of mail attack. Although we are taking such
security measures, we have to say that in today's world, the only way of being
away of hacker attaks is to be not connected. So, our security measures will
have a compromise between security and system useability, giving, of course a
main importance to the security. This is valid, not only for Mail System, but
also for the whole CAHA Computer System.
Speaking about guarantee of delivery, we have to say that, although a big percent of the cases mail messages will reach quickly their destination, the Mail Service will never guarantee any message delivery. There could be lots of circumstances that could affect the delivery: sudden cuts on communication lines (internal and/or external to CAHA), message limits exceeded, messages refused, etc... Lots of these situation are external to CAHA. For more information, please, see point 5 of present document, where you can find the basic rules of the whole Calar Alto Computer System (CACS).
Mail System Service will be offered only for domain caha.es
Port 25 (SMTP) is filtered in both sides, incoming and outgoing. There is only an authorized machine that can receive and send mails. This means that any mail arraiving CAHA network with an address like: This e-mail address is being protected from spambots. You need JavaScript enabled to view it will be inmediately refused. The correct address type is like: This e-mail address is being protected from spambots. You need JavaScript enabled to view it Any computer that sends electronic mails outside CAHA, must use as mail server caserv.caha.es (150.214.222.10) If someone sends a mail directly from its own personal computer, without using the mail server, the mail will not be delivered
Click on the figure on the left to see the CAHA Mail main structure.
From within our network, you can access the Mail System using POP3s (Secure
POP3) at port 995 or IMAPs (secure IMAP at port 993) if using clients as Outlook
or Netscape; or you can use our Webmail System (find here a
complete description of our Webmail System - only for CAHA allowed users); or,
finally, you can use, if on a Linux/Unix computer, the mailx program. About the
Webmail system, we have to mention that all the transactions (in fact all te
Webmail system) are done under secure SSL connection.
As you can see, normal POP3 or IMAP (not secure ones) are not allowed on both internal and external connections.  When accessing Mail System from an external to CAHA network (click on the left image to see full size), you have two
possibilities. First option consists on using our Webmail
system. This is the recommended way, as it is a very comfortable procedure for
accessing your mail when you're not at CAHA network. All things happen, as said
above, under a secure SSL connection. The second option, starting on April
2006, is using a normal mail client as Outlook or Netscape. For receiving mail,
POP3s or IMAPs is allowed. For sending mail using our CAHA server as relay,
SMTP-AUTH over TLS connection is required.
We'd like also to mention that we have a Distribution List Service. If you want to have some help on how it works,
please, send a mail to
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
with the only
word help on the body of the messages (not on the Subject field).
Instead of the above word, use lists to know which lists are now
active.
Finally, and for internal purposes, we have several mail lists that can be used. If you are allowed, you can see them here
The recommended agents are Netscape and Mozilla. We cannot
forget, anyway, that there is a big computer park with Outlook.
For all of them, the normal configuration within CAHA network should be:
When outside CAHA network, the recommended system is our Webmail. But, if you
want to use agents like Outlook or Netscape, here are the correct values:
We should also mention that the user must have always configured a client not
only for downloading mails, but for deleting tehem from the server too. Normally
this could be our main client at work. This is very important, as if not doing
so, the mail file will grow unnecessary and the user will be advertised.
At present, all CAHA employee can have an Electronic Mail account. He/she only
has to contact Computer Department personnel for that purpose. However, we are
working on some user regulations for all CACS. That regulation will give some
user rules that everybody having a normal account, and/or an Elecrtronic Mail
account, will have to follow. When the regulation is finished, any user that
will like having any type of account (or a user that will like to maintain with
his actual account) will be required to fill a special form. As soon as the
regulation document is finished, we'll put here a link to it.
All acounts are centralized on a server with NIS maps. An account can be general, which will be valid for using computers at CACS, or used only for Electronic Mail. Of course, if it is used only for mail, the rest of CACS facilities couldn't be used. We have to mention here that, if the user wants to send mail from outside CAHA using the SMTP-AUTH and TLS facility for relying on our server, he/she has to ask for it.
Anti-virus checks are done on both incoming and outgoing mails through the use
of two anti-virus engines.
Speaking about incoming mails, if a mail is coming with a virus inside, it is not inmediately eliminated. It is saved on a quarantine directory, and the receiver user is notified that the mail has a virus inside and it is quarantined. The user is also asked to contact Computer Department if he thinks the mail is good. And also he/she is told that if he/she is not telling anything to the Computer Department, the mail will be deleted after two weeks. For outgoing mails, everything is similar. If an outgoing mail is detected with a virus inside, it is quarantined, and, inmediately, the This e-mail address is being protected from spambots. You need JavaScript enabled to view it will receive a mail informing about the incidence, with references to the sender, the receiver of the infected mail, and finally, the type of the virus. Again, the virus message will be deleted from the system two weeks after it is received. In any case, the sender is not notified about the virus. It will be the This e-mail address is being protected from spambots. You need JavaScript enabled to view it the one who will decide if the sender has to be notified or not. Normally, this kind of warning will be done only if the virus is coming from a local user. Computer Department has stablished, as well, a vigilance tasks concenring anti-virus installation on personal computers. This is another protection level.
Concerning spam there is a
similar policy, as that for viruses. If a user receives a spam mail, and this
is identified by the anti-spam system, he/she will receive a mail with its
Subject starting with words "***** SPAM *****". The rest of the field
will remain untouched. But on the body, there will be an explanation on why that
mail was considered spam. Also, the original mail body is present on the mail,
but on an attachment. With this treatment, the user is responsible for deleting
or moving spammed mails. He/she can stablish some rules on the mail reader, so
the mail can be automatically deleted or moved as soon as the field Subject
starts with the words above explained.
Apart from the anti-spam programs use, since february 2005, CAHA Mail Service is running SPF (Sender Policy Framework). With this system, mail servers are guarantee for delivering mails from a determinate domain. Although it is still not a very wide system, we hope it will be on the future, so it will help to eliminate some spam.
We have two kind of log files.
First of them is the usual mail log file. The information saved is not sensible. It is saved only the normal smtp transactions fields, as date, hour, sender, receiver, source IP and several messages concering SPF. The second file, saves the information about a client accessing the system with POP3s. The data saved is the user name, source IP and timings of the transaction. Log files are stored in gzip format, as soon as they grow. These gzipped files are stored during one year, after that they will be deleted. We have also a special directory where an empty file is created for each user using POP3s. In that way, we can know very quickly what is the last time/date a user did use POP3s. The last control measure is the Statistic Service. However, this statistics are only accesible for authorized personnel. If you are one of such users, you can see them here
The limit is situated on 100Mb. We decided this size as the main activity done
at the Observatory is related to take big images. However, this size can vary in
the future. Any change will be informed here.
The first recommendation is simple: make a correctly and consistent use of all
the System, not only the mail. As we exposed on point 5, there will be a
regulatory document that will have all the rules for the users of CACS. Those
rules will be mandatory and, as soon as the mentioned text is finished, a link
to it will be present on point 5 of this document.
Anyway, speaking about Electronic Mail, we can put here some advices that will help preventing problems. Let's see some of them:
- Users are totally responsible for all those activity done with their mail
account and its related mail file.
- It is unlawful, and will be punished, to falsificate electronic mail headers.
- It is very bad to offer/give the own mail account to not authorized people.
- Users have to take into account the virus problem, and being conscious of
the differences of using CAHA addresses and those others given by other Internet
Service Providers.
- The mail system is a tool that will not be used for personal use.
- If you need to send massive information, please, contact first with Computer
Department.
- Please, do not participate on chain messages or other similar things.
- Do not distribute virus information given by non trustworthy people.
- Use the mail service with common sense and coherency.
- Computer Department is here to help you with the problems or doubts you
could have.
|
