Part time Postmaster pt ii.

Introduction

In response to a few requests, I've posted a copy of the document we use at work to define the postmaster duties and policies. This isn't a suggestion that your document should look anything like this, but if you want to use this as a starting point, feel free. The important thing is that whatever you decide is right for you, it should be written down somewhere and the people doing the job trained to follow whatever you've got written down.

Postmaster@<domain> is the Internet e-mail contact address for any serious problems with e-mail at an Internet domain. Error messages about problems sending or receiving e-mail to/from a domain are sent to this account. Administrative messages concerning e-mail are sent to this account. Finally, it's a common address for sites that ordinary users can e-mail for assistance in resolving the e-mail address of someone based at that site. Various RFCs (I can dig out which ones if you like) actually require anyone operating an e-mail server that faces the Internet to have an operating postmaster address.

Simply put, monitor the postmaster account at least once a day and review any messages that are in there and take appropriate action.

• A few error messages merely mean that someone has got an e-mail address wrong. It is generally OK to just ignore this, though if they persist in sending to the same wrong address it might be worth contacting the sender and pointing this out.

• A large amount of error messages may indicate a fault. If you see a large collection of error messages concerning incoming e-mail to an address or several addresses you know should be valid then this could be indicative of a fault in the e-mail system stopping it routing incoming messages to the correct recipient. At this point, a review of the mail server (Mimesweeper and exchange server) event logs would be in order.

• Requests for assistance. If someone asks you to help them locate a person working at the college, or who is a student at the college, then I would suggest forwarding the message to the person who they are trying to contact and let that person decide for his or herself whether or not to give out their e-mail address. We must be very careful about releasing contact details for anyone at the college, especially students, who does not want to be contacted, so the easiest way to ensure that we provide a service to the people who genuinely need to contact each other without violating privacy is to forward requests for someone's contact details to the person themselves and let them decide how and if to answer.

NB. This applies more so to cases where the request appears to be for personal rather than business reasons. I tend to forward such requests to the person being looked for when there is any doubt, to let them decide themselves whether to reply. The obvious exception is people who are looking for a generic business purpose (I.E. I am a brochure designer, can you please tell me whom I need to contact in your marketing department?) - It is usually ok to just answer these requests with the correct e-mail address, in the same way a telephone receptionist would put phone calls like this through to the right person.

• Complaints. One of the RFC requirements is that complaints to this mailbox should receive a response as soon as possible. If you get a complaint about an e-mail message sent from the college then reply acknowledging receipt of the message and assuring the sender that it will be looked into as soon as you read the message. You can then launch an investigation and e-mail them again as the investigation progresses. Obviously, in the event of a complaint we need to make sure that we follow any normal college procedures regarding complaints from outside the college; the fact that a complaint arrives by e-mail does not mean it should be treated any more or less severely than the same or similar complaint would be treated if it arrived at the college in a different way..

• Contact point. Postmaster is registered as the contact point for a considerable number of Internet/network related issues, and obviously for all e-mail issues. Both Janet security-CERT and the network abuse clearing house (http://www.abuse.net/) have postmaster@lutonsfc.ac.uk listed as a point of contact for any incidents. Please ensure that any correspondence related to either of these two organisations, or from people who have reached us via these organisations, is dealt with in a timely efficient manner - but still according to our rules and procedures. It is important that we present ourselves as a good member of the "Internet community".

Mimesweeper logs should only be checked by authorised postmasters (rim/dpn) - common problems and actions are listed below.

Oversize attachments - Mimesweeper will inform sender. Postmaster can normally ignore.

Words on banned list - Mimesweeper will inform sender, recipient, and postmaster. It's up to sender and recipient to work out a solution that does not involve the banned word; we will not release a captured e-mail unless it is captured in error. We don't release details of what words are or are not on this list to either sender or recipient, either.

Virus - Mail is checked for viruses. If found they are disinfected. If disinfected to the satisfaction of our two virus scanners, the email is released. If they cannot be disinfected the e-mail is blocked. We do not release these mails under any circumstances for obvious reasons.

VBS/WORM - If a suspected VBS script or worm is found, and it does not conform to one recognised by virus scanners, i.e. it is not dealt with by the virus rules, it is held pending examination by postmaster who will decide what action to take. IF IN ANY DOUBT, DO NOT RELEASE SUSPECT MESSAGES.

SPAM

• If we as a college or a user of an account here is being spammed we should take the following steps.
  • If the user enrolled on a newsletter but now wants to quit it, ensure any "unsubscribe" procedures are followed.
  • If the e-mail is completely unsolicited we should consider complaining to the postmaster at the apparent sending domain, and at the upstream provider for that domain.
  • If all else fails, block the sending domain from sending mail to our domains. This is a permanent ban until the case is reviewed by IT Support staff.
• If we have reason to believe we are being used to relay spam.
  • *Important*    If at any time during review, it appears that our servers have been compromised, disconnect the suspect server from the Internet until investigation is complete and any holes patched.
  • Review logs from suspected server to identify suspect activity.
  • Take any appropriate steps to block any one attempting to send spam via our systems.
  • Contact JANET-CERT and/or vendor support for assistance in closing security hole.
• If we receive complaints about a user here sending spam.
  • Suspend account in question and conduct full investigation.
  • Ask the person who complained for full e-mail headers (to tell if spam is forged or genuinely sent from here).
  • Permanently remove e-mail rights from anyone found to be sending spam.
  • Keep complainant advised of our actions and ensure they are happy with what we have done.
• If the college appears to be under attack from mail bombing/massed spam denial of service attempts.
  • Attempt to block domain(s) in question if viable.
  • Complain to ISPs hosting originating addresses for the attack (via phone if need be).
  • Consider contacting Janet-CERT for advice/ assistance in blocking the attack at a high level. (e.g. router at entry point onto Janet).

Top