December 6th, 2005


UKUUG abstract

The UKUUG is holding its Winter Spring Conference in Durham in March, and the Call for Participation closes in a couple of weeks. I've been preparing an abstract for a paper and talk about the ratelimit feature I implemented for Exim, and our experiences of deploying it in Cambridge.

Any comments on the following?

Cambridge University has pretty good email security, but even so we have a couple of incidents each year when a security breach results in a flood of spam from our network. In order to protect against this in the future, we needed a system for throttling these floods before they cause damage, such as Cambridge being blacklisted by AOL.

I implemented a general-purpose rate-limiting facility for Exim 4.52. It is extremely flexible and allows you to specify almost any policy you want. It can measure the rate of messages, recipients, SMTP commands, or bytes of data from a particular sender; and senders can be identified by IP address, authenticated username, or almost anything else.

I deployed this facility on the central email systems in Cambridge. It ran in logging-only mode for several weeks while I tuned the policy to mimimize the disruption to legitimate email. This exposed the slightly surprising extent of bulk email usage in the University, and a number of particularly problematic cases. An important task was to communicate the change in policy to less technical users.

I will describe Exim's ratelimit facility and report on our deployment experiences.




Bob presented a revised version of my proposal to the SMT today, which included some changes as a result of the previous attempt - essentially, upgrading the perfunctory "oh, and maybe we could do these things" paragraphs to "we will do these". In particular, the web front-end and MSN gateway.

The main result was that I have the go-ahead!

I will have to write a paper for the IT Syndicate (which oversees the Computing Service) to get full approval for a significant new service. I will also have to get it working by the summer, complete with MUC, MSN, web, etc.

The oddest thing was some quibbling about the usability of the MSN gateway, based on no practical experience at all. Sigh. Still, no harm done.

If anyone wants to be added to my ineterst list, please email <>. If anyone knows of other Universities in the UK which have Jabber services, I would be interested - I know of Portsmouth and Cardiff.