 |
 |
 |
Caha Mail Description Document
With the present document, we try to describe how a so important service, as it is the Mail System, works within the Centro Astronómico Hispano-Alemán (CAHA) computer infraestructure. We hope the information given here will be useful for all users using this service. Anyway, if you have any problem or doubt, the Computer Department is at your disposal for any question.
Let's describe the main features of the Mail System at CAHA, starting with this document index:
For any problem or suggestion, you can contact any of the Computer Department personnel at:
If you are calling from outside CAHA, the main telephone is: 950632500. If you want to contact any of the above personnel directly, just swap the last 500 by the extension given up there.
You have also the normal account abuse (abuse on mail) and postmaster (problems), for any kind of situation you have to use them.
You can see here the main Computer Departmen web page.
The Computer Department will always try, if possible, offering an uninterrupted mail service. Anyway, if there is a need for stopping it, this need will be communicated as soon as possible. However, the potential problems that could arise, could prevent this notice. We will try, as well, to avoid, always if possible, any kind of mail attack. Although we are taking such security measures, we have to say that in today's world, the only way of being away of hacker attaks is to be not connected. So, our security measures will have a compromise between security and system useability, giving, of course a main importance to the security. This is valid, not only for Mail System, but also for the whole CAHA Computer System.
Speaking about guarantee of delivery, we have to say that, although a big percent of the cases mail messages will reach quickly their destination, the Mail Service will never guarantee any message delivery. There could be lots of circumstances that could affect the delivery: sudden cuts on communication lines (internal and/or external to CAHA), message limits exceeded, messages refused, etc... Lots of these situation are external to CAHA.
For more information, please, see point 5 of present document, where you can find the basic rules of the whole Calar Alto Computer System (CACS).
Speaking about guarantee of delivery, we have to say that, although a big percent of the cases mail messages will reach quickly their destination, the Mail Service will never guarantee any message delivery. There could be lots of circumstances that could affect the delivery: sudden cuts on communication lines (internal and/or external to CAHA), message limits exceeded, messages refused, etc... Lots of these situation are external to CAHA.
For more information, please, see point 5 of present document, where you can find the basic rules of the whole Calar Alto Computer System (CACS).
Mail System Service will be offered only for domain caha.es
Port 25 (SMTP) is filtered in both sides, incoming and outgoing. There is only an authorized machine that can receive and send mails. This means that any mail arraiving CAHA network with an address like: This email address is being protected from spambots. You need JavaScript enabled to view it. will be inmediately refused. The correct address type is like: This email address is being protected from spambots. You need JavaScript enabled to view it.
Any computer that sends electronic mails outside CAHA, must use as mail server caserv.caha.es (150.214.222.10) If someone sends a mail directly from its own personal computer, without using the mail server, the mail will not be delivered
Port 25 (SMTP) is filtered in both sides, incoming and outgoing. There is only an authorized machine that can receive and send mails. This means that any mail arraiving CAHA network with an address like: This email address is being protected from spambots. You need JavaScript enabled to view it. will be inmediately refused. The correct address type is like: This email address is being protected from spambots. You need JavaScript enabled to view it.
Any computer that sends electronic mails outside CAHA, must use as mail server caserv.caha.es (150.214.222.10) If someone sends a mail directly from its own personal computer, without using the mail server, the mail will not be delivered
Click on the figure on the left to see the CAHA Mail main structure.
From within our network, you can access the Mail System using POP3s (Secure POP3) at port 995 or IMAPs (secure IMAP at port 993) if using clients as Outlook or Netscape; or you can use our Webmail System (find here a complete description of our Webmail System - only for CAHA allowed users); or, finally, you can use, if on a Linux/Unix computer, the mailx program. About the Webmail system, we have to mention that all the transactions (in fact all te Webmail system) are done under secure SSL connection.
As you can see, normal POP3 or IMAP (not secure ones) are not allowed on both internal and external connections.
As you can see, normal POP3 or IMAP (not secure ones) are not allowed on both internal and external connections.
When accessing Mail System from an external to CAHA network (click on the left image to see full size), you have two possibilities. First option consists on using our Webmail system. This is the recommended way, as it is a very comfortable procedure for accessing your mail when you're not at CAHA network. All things happen, as said above, under a secure SSL connection. The second option, starting on April 2006, is using a normal mail client as Outlook or Netscape. For receiving mail, POP3s or IMAPs is allowed. For sending mail using our CAHA server as relay, SMTP-AUTH over TLS connection is required. We'd like also to mention that we have a Distribution List Service based on the Mailman application.
Finally, and for internal purposes, we have several mail lists that can be used. If you are allowed, you can see them here
The recommended agents are Netscape and Mozilla. We cannot forget, anyway, that there is a big computer park with Outlook.
For all of them, the normal configuration within CAHA network should be:
For all of them, the normal configuration within CAHA network should be:
| POP3s Server Name | caserv.caha.es |
| (Optional) IMAPs Server Name | caserv.caha.es |
| SMTP Server Name | caserv.caha.es |
| POP3s Port | 995 |
| (Optional) IMAPs Port | 993 |
| SMTP Port | 25 |
When outside CAHA network, the recommended system is our Webmail. But, if you want to use agents like Outlook or Netscape, here are the correct values:
| POP3s Server Name | caserv.caha.es |
| (Optional) IMAPs Server Name | caserv.caha.es |
| POP3s Port | 995 |
| (Optional) IMAPs Port | 993 |
| SMTP Server Name | caserv.caha.es |
| Server requires authentication | si |
| User and Password | Same as for POPs/IMAPs |
| Server requires secure TLS/SSL conn. | si |
| Outlook: SMTP Port | 465 |
| Rest of agents: SMTP Port | 587 |
We should also mention that the user must have always configured a client not only for downloading mails, but for deleting tehem from the server too. Normally this could be our main client at work. This is very important, as if not doing so, the mail file will grow unnecessary and the user will be advertised.
Log files are stored in gzip format, as soon as they grow. We keep these gzipped files during one year. After that they will be deleted.
At present, all CAHA employee can have an Electronic Mail account. He/she only has to contact Computer Department personnel for that purpose. However, we are working on some user regulations for all CACS. That regulation will give some user rules that everybody having a normal account, and/or an Elecrtronic Mail account, will have to follow. When the regulation is finished, any user that will like having any type of account (or a user that will like to maintain with his actual account) will be required to fill a special form. As soon as the regulation document is finished, we'll put here a link to it.
All acounts are centralized on a server with NIS maps. An account can be general, which will be valid for using computers at CACS, or used only for Electronic Mail. Of course, if it is used only for mail, the rest of CACS facilities couldn't be used. We have to mention here that, if the user wants to send mail from outside CAHA using the SMTP-AUTH and TLS facility for relying on our server, he/she has to ask for it.
All acounts are centralized on a server with NIS maps. An account can be general, which will be valid for using computers at CACS, or used only for Electronic Mail. Of course, if it is used only for mail, the rest of CACS facilities couldn't be used. We have to mention here that, if the user wants to send mail from outside CAHA using the SMTP-AUTH and TLS facility for relying on our server, he/she has to ask for it.
Anti-virus checks are done on both incoming and outgoing mails through the use of two anti-virus engines.
Speaking about incoming mails, if a mail is coming with a virus inside, it is not inmediately eliminated. It is saved on a quarantine directory, and the receiver user is notified that the mail has a virus inside and it is quarantined. The user is also asked to contact Computer Department if he thinks the mail is good. And also he/she is told that if he/she is not telling anything to the Computer Department, the mail will be deleted after two weeks.
For outgoing mails, everything is similar. If an outgoing mail is detected with a virus inside, it is quarantined, and, inmediately, the postmaster will receive a mail informing about the incidence, with references to the sender, the receiver of the infected mail, and finally, the type of the virus. Again, the virus message will be deleted from the system two weeks after it is received.
In any case, the sender is not notified about the virus. It will be the postmaster the one who will decide if the sender has to be notified or not. Normally, this kind of warning will be done only if the virus is coming from a local user.
Computer Department has stablished, as well, a vigilance tasks concenring anti-virus installation on personal computers. This is another protection level.
Speaking about incoming mails, if a mail is coming with a virus inside, it is not inmediately eliminated. It is saved on a quarantine directory, and the receiver user is notified that the mail has a virus inside and it is quarantined. The user is also asked to contact Computer Department if he thinks the mail is good. And also he/she is told that if he/she is not telling anything to the Computer Department, the mail will be deleted after two weeks.
For outgoing mails, everything is similar. If an outgoing mail is detected with a virus inside, it is quarantined, and, inmediately, the postmaster will receive a mail informing about the incidence, with references to the sender, the receiver of the infected mail, and finally, the type of the virus. Again, the virus message will be deleted from the system two weeks after it is received.
In any case, the sender is not notified about the virus. It will be the postmaster the one who will decide if the sender has to be notified or not. Normally, this kind of warning will be done only if the virus is coming from a local user.
Computer Department has stablished, as well, a vigilance tasks concenring anti-virus installation on personal computers. This is another protection level.
Concerning spam there is a similar policy, as that for viruses. If a user receives a spam mail, and this is identified by the anti-spam system, he/she will receive a mail with its Subject starting with words "***** SPAM *****". The rest of the field will remain untouched. But on the body, there will be an explanation on why that mail was considered spam. Also, the original mail body is present on the mail, but on an attachment. With this treatment, the user is responsible for deleting or moving spammed mails. He/she can stablish some rules on the mail reader, so the mail can be automatically deleted or moved as soon as the field Subject starts with the words above explained.
Apart from the anti-spam programs use, since february 2005, CAHA Mail Service is running SPF (Sender Policy Framework). With this system, mail servers are guarantee for delivering mails from a determinate domain. Although it is still not a very wide system, we hope it will be on the future, so it will help to eliminate some spam.
Apart from the anti-spam programs use, since february 2005, CAHA Mail Service is running SPF (Sender Policy Framework). With this system, mail servers are guarantee for delivering mails from a determinate domain. Although it is still not a very wide system, we hope it will be on the future, so it will help to eliminate some spam.
Together with the above measures, we use black and white lists. Black lists we are using are spamhaus and spamcop. We have to say we are testing also RedIRIS black list, and it will be probably our main black list in the future. White lists are from two sources: first one is our own white list. Second one is RedIRIS white list
Other measures for avoiding unwanted mail are those concerning Inverse MTAs Resolution and nolisting methods.
The information saved on the log file is not sensible. It is saved only the normal smtp transactions fields, as date, hour, sender, receiver, source IP and several messages concering SPF or black lists.
Log files are stored in gzip format, as soon as they grow. We keep these gzipped files during one year. After that they will be deleted.
We have also a special directory where an empty file is created for each user using POP3s. In that way, we can know very quickly what is the last time/date a user did use POP3s.
The last control measure is the Statistic Service. However, this statistics are only accesible for authorized personnel. If you are one of such users, you can see them here
Two limits have to be taken into account: the message size limit and the maximum number of recipients per e-mail.
The message sizel imit is placed on 100Mb. We decided this size as the main activity done at the Observatory is related to take big images.
The maximum number of recipient per e-mail is 150.
Both values can vary in the future. Any change will be informed here.
The first recommendation is simple: make a correctly and consistent use of all the System, not only the mail. As we exposed on point 5, there will be a regulatory document that will have all the rules for the users of CACS. Those rules will be mandatory and, as soon as the mentioned text is finished, a link to it will be present on point 5 of this document.
Anyway, speaking about Electronic Mail, we can put here some advices that will help preventing problems. Let's see some of them:
Anyway, speaking about Electronic Mail, we can put here some advices that will help preventing problems. Let's see some of them:
- Users are totally responsible for all those activity done with their mail account and its related mail file.
- It is unlawful, and will be punished, to falsificate electronic mail headers.
- It is very bad to offer/give the own mail account to not authorized people.
- Users have to take into account the virus problem, and being conscious of the differences of using CAHA addresses and those others given by other Internet Service Providers.
- The mail system is a tool that will not be used for personal use.
- If you need to send massive information, please, contact first with Computer Department.
- Please, do not participate on chain messages or other similar things.
- Do not distribute virus information given by non trustworthy people.
- Use the mail service with common sense and coherency.
- Computer Department is here to help you with the problems or doubts you could have.
