E-mail Service Change (Feb 2014)

From ECE Information Technology Services
Revision as of 16:06, 31 January 2014 by Mberdan (talk | contribs) (Created page with ''''What is this change and when will it occur?''' The ECE E-mail Service will undergo maintenance on Wednesday, February 5th from 8:00pm-8:30pm to introduce a security-enhanced m…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

What is this change and when will it occur? The ECE E-mail Service will undergo maintenance on Wednesday, February 5th from 8:00pm-8:30pm to introduce a security-enhanced mail relay.

Will the service remain available during the change? Yes; the E-mail Service will continue to function during this change.

What can I expect after the change? You should note a marked decrease in the volume of spam and phishing messages arriving to your Inbox.

Do I need to do anything on or before the service change? No; as this change occurs on backend systems, you are not required to make any changes on your mail-enabled device(s).

Post-change Support ECE IT staff are available to assist you with any difficulties you may experience. If you need technical assistance, please follow the instructions found at How_To_Report_A_Problem or, if e-mail is unavailable, please visit us in MacLeod 105.

Additional Background Information for the Change

This change places ECE’s mail server behind UBC’s mail relay server. Inbound mail addressed to @ece.ubc.ca addresses will be handled by UBC’s mail relay, which will scan for viruses and spam, and forward "good" messages to ECE’s mail server. We are doing this to address concerns that ECE’s current spam filtering is inadequate to deal with modern threat levels. The decision to use UBC’s mail relay is independent of ECE’s eventual migration to UBC’s FASmail service (for which we have not yet made any firm plans, though such a migration is likely as part of the ECE IT Transition Project).

The Situation Today

ECE's mail server currently performs some filtering:

1. Mail from servers on real-time block lists is rejected before our server ever acknowledges receipt. This rejection likely produces a bounce, with the sender receiving a notification that the message was not delivered. Our server logs the delivery attempt but not the message contents. 2. Mail that fails a virus scan is rejected before our server ever acknowledges receipt. Such a rejection would also result in a bounce. Our server would log the attempt but not the message contents. 3. When our mail server acknowledges receipt, the message is passed to the ECE recipient’s procmail filter, as configured in the user’s ~/.procmailrc file. The default procmailrc uses SpamAssassin to give the message a spam score, which is recorded in the e-mail headers; messages with a high spam score are delivered to the user’s “spam” folder by default.

Note that the filtering in step (3) is just the default behaviour for most accounts. The ECE mail server either never acknowledges receipt (in which case the sender should receive a bounce), or it passes responsibility to your procmail filter. Thus, the ECE mail server should never be a black hole where messages disappear without explanation. If you choose to configure your filter to automatically delete anything, it’s your personal choice.

Change Impact

The UBC mail relay will add a layer of virus and spam filtering not currently available at ECE. The UBC mail relay will either relay the mail to the recipient, or discard and retain a log of the discard (but not the message contents). A key change for ECE is that all mail addressed to any @ece.ubc.ca address will be subject to the same spam filtering standards.

The mail management threshold is defined by message parsing and Sophos-trusted real-time block lists. Only messages that fall into a "99% spam" category are discarded. If not discarded, suspect mail may be tagged as "likely spam", in which case the subject header is modified to simply flag the message before it travels to the ECE mail servers. Non-suspect mail is relayed to the ECE mail servers; your personal procmail filter (if configured) would then apply as it does today.

Should a user wish to trace the unexplained non-delivery of mail, we must look to both the UBC mail relay logs and the ECE mail server logs. Considering the problems we have experienced with spam in general, and phishing in the past year, we favour the UBC mail relay solution over the ability to trace missing messages easily.