English (UK)
 |
 |
 |
Mail Description Document for Centro Astronómico Hispano en Andalucía (CAHA)
With the present document, we try to describe how a so important service, as it is the Mail System, works within the Centro Astronómico Hispano en Andalucía (CAHA) computer infraestructure. We hope the information given here will be useful for all users using this service. Anyway, if you have any problem or doubt, the Computer Department is at your disposal for any question.
Let's describe the main features of the Mail System at CAHA, starting with this document index:
For any problem or suggestion, you can contact any of the Computer Department personnel at:
If you are calling from outside CAHA, the main telephone is: 950632500. If you want to contact any of the above personnel directly, just swap the last 500 by the extension given up there.
You have also the normal account abuse (abuse on mail) and postmaster (problems), for any kind of situation you have to use them.
The Computer Department will always try, if possible, offering an uninterrupted mail service. Anyway, if there is a need for stopping it, this need will be communicated as soon as possible. However, the potential problems that could arise, could prevent this notice. We will try, as well, to avoid, always if possible, any kind of mail attack. Although we are taking such security measures, we have to say that in today's world, the only way of being away of hacker attaks is to be not connected. So, our security measures will have a compromise between security and system useability, giving, of course a main importance to the security. This is valid, not only for Mail System, but also for the whole CAHA Computer System.
Speaking about guarantee of delivery, we have to say that, although a big percent of the cases mail messages will reach quickly their destination, the Mail Service will never guarantee any message delivery. There could be lots of circumstances that could affect the delivery: sudden cuts on communication lines (internal and/or external to CAHA), message limits exceeded, messages refused, etc... Lots of these situation are external to CAHA.
Speaking about guarantee of delivery, we have to say that, although a big percent of the cases mail messages will reach quickly their destination, the Mail Service will never guarantee any message delivery. There could be lots of circumstances that could affect the delivery: sudden cuts on communication lines (internal and/or external to CAHA), message limits exceeded, messages refused, etc... Lots of these situation are external to CAHA.
Mail System Service will be offered only for domain caha.es
Port 25 (SMTP) is filtered in both sides, incoming and outgoing. There is only an authorized machine that can receive and send mails. This means that any mail arraiving CAHA network with an address like:This email address is being protected from spambots. You need JavaScript enabled to view it. will be inmediately refused. The correct address type is like: This email address is being protected from spambots. You need JavaScript enabled to view it.
Any computer that sends electronic mails outside CAHA, must use as mail server: caserv.caha.es (150.214.222.10) If someone sends a mail directly from its own personal computer, without using the mail server, the mail will not be delivered
Port 25 (SMTP) is filtered in both sides, incoming and outgoing. There is only an authorized machine that can receive and send mails. This means that any mail arraiving CAHA network with an address like:
Any computer that sends electronic mails outside CAHA, must use as mail server: caserv.caha.es (150.214.222.10) If someone sends a mail directly from its own personal computer, without using the mail server, the mail will not be delivered
Relay is also strictly forbidden from outside CAHA network, except for correctly authenticated users using TLS.
From within our network, you can access the Mail System using only IMAPs (secure IMAP at port 143 with STARTTLS) if using clients as Outlook or Netscape; or you can use our Webmail System. About the Webmail system, we have to mention that all the transactions (in fact all te Webmail system) are done under secure SSL connection.
As you can see, normal IMAP (not secure one) is not allowed on both internal and external connections.
As you can see, normal IMAP (not secure one) is not allowed on both internal and external connections.
When accessing Mail System from an external to CAHA network, you have two possibilities. First option consists on using our Webmail system. This is the recommended way, as it is a very comfortable procedure for accessing your mail when you're not at CAHA network. All things happen, as said above, under a secure SSL connection. The second option is using a normal mail client as Outlook or Netscape. For receiving mail, only IMAPs is allowed. For sending mail using our CAHA server as relay, SMTP-AUTH over TLS connection is required.
We'd like also to mention that we have a Distribution List Service based on the Mailman application.
Finally, and for internal purposes, we have several mail lists that can be used. If you are allowed, you can see them here
The configuration parameters are:
| IMAP Server Name | caserv.caha.es (150.214.222.10) |
| IMAP Port | 143 |
| Connection security | STARTTLS |
| Identification Method | Normal passowrd (account credentials) |
| SMTP Server Name | caserv.caha.es (150.214.222.10) |
| SMTP Port | 587 |
| Connection Security | STARTTLS |
| Identification Method | Normal password (account credentials) |
At present, all CAHA employee can have an Electronic Mail account. He/she only has to contact Computer Department personnel for that purpose. The normal account credentials will be used for the mail account.
All acounts are centralized on a server with NIS maps.
All acounts are centralized on a server with NIS maps.
Anti-virus checks are done on both incoming and outgoing mails through the use of two anti-virus engines.
Speaking about incoming mails, if a mail is coming with a virus inside, it is not inmediately eliminated. It is saved on a quarantine directory, and the receiver user is notified that the mail has a virus inside and it is quarantined. The user is also asked to contact Computer Department if he thinks the mail is good. And also he/she is told that if he/she is not telling anything to the Computer Department, the mail will be deleted after two weeks.
For outgoing mails, everything is similar. If an outgoing mail is detected with a virus inside, it is quarantined, and, inmediately, the postmaster will receive a mail informing about the incidence, with references to the sender, the receiver of the infected mail, and finally, the type of the virus. Again, the virus message will be deleted from the system two weeks after it is received.
In any case, the sender is not notified about the virus. It will be the postmaster the one who will decide if the sender has to be notified or not. Normally, this kind of warning will be done only if the virus is coming from a local user.
Computer Department has stablished, as well, a vigilance tasks concenring anti-virus installation on personal computers. This is another protection level.
Speaking about incoming mails, if a mail is coming with a virus inside, it is not inmediately eliminated. It is saved on a quarantine directory, and the receiver user is notified that the mail has a virus inside and it is quarantined. The user is also asked to contact Computer Department if he thinks the mail is good. And also he/she is told that if he/she is not telling anything to the Computer Department, the mail will be deleted after two weeks.
For outgoing mails, everything is similar. If an outgoing mail is detected with a virus inside, it is quarantined, and, inmediately, the postmaster will receive a mail informing about the incidence, with references to the sender, the receiver of the infected mail, and finally, the type of the virus. Again, the virus message will be deleted from the system two weeks after it is received.
In any case, the sender is not notified about the virus. It will be the postmaster the one who will decide if the sender has to be notified or not. Normally, this kind of warning will be done only if the virus is coming from a local user.
Computer Department has stablished, as well, a vigilance tasks concenring anti-virus installation on personal computers. This is another protection level.
Concerning spam there is a similar policy, as that for viruses. If a user receives a spam mail, and this is identified by the anti-spam system, he/she will receive a mail with its Subject starting with words "***** SPAM *****". The rest of the field will remain untouched. But on the body, there will be an explanation on why that mail was considered spam. Also, the original mail body is present on the mail, but on an attachment. With this treatment, the user is responsible for deleting or moving spammed mails. He/she can stablish some rules on the mail reader, so the mail can be automatically deleted or moved as soon as the field Subject starts with the words above explained.
Apart from the anti-spam programs use, since february 2005, CAHA Mail Service is running SPF (Sender Policy Framework) and DKIM.
Apart from the anti-spam programs use, since february 2005, CAHA Mail Service is running SPF (Sender Policy Framework) and DKIM.
Together with the above measures, we use black and white lists. Black lists we are using are spamhaus and spamcop. We have also RedIRIS black lists. White lists are from two sources: first one is our own white list. Second one is RedIRIS white list
Other measures for avoiding unwanted mail are those concerning Inverse MTAs Resolution and nolisting methods.
The information saved on the log file is not sensible. It is saved only the normal smtp transactions fields, as date, hour, sender, receiver, source IP and several messages concering SPF or black lists.
Log files are stored in gzip format, as soon as they grow. We keep these gzipped files during one year. After that they will be deleted.
Two limits have to be taken into account: the message size limit and the maximum number of recipients per e-mail.
The message sizel imit is placed on 100Mb. We decided this size as the main activity done at the Observatory is related to take big images.
The maximum number of recipient per e-mail is 150.
Both values can vary in the future.
The first recommendation is simple: make a correctly and consistent use of all the System, not only the mail.
Anyway, speaking about Electronic Mail, we can put here some advices that will help preventing problems. Let's see some of them:
Anyway, speaking about Electronic Mail, we can put here some advices that will help preventing problems. Let's see some of them:
- Users are totally responsible for all those activity done with their mail account and its related mail file.
- It is unlawful, and will be punished, to falsificate electronic mail headers.
- It is very bad to offer/give the own mail account to not authorized people.
- Users have to take into account the virus problem, and being conscious of the differences of using CAHA addresses and those others given by other ISPs.
- The mail system is a tool that will not be used for personal use.
- Be aware of the phishing practices and NEVER give your credentials to someone asking for them by e-mail.
- If you need to send massive information, please, contact first with Computer Department.
- Please, do not participate on chain messages or other similar things.
- Do not distribute virus information given by non trustworthy people.
- Use the mail service with common sense and coherency.
- Computer Department is here to help you with the problems or doubts you could have.