New Security Measures for Central and Departmental Email Servers 

Introduction

Electronic mail is now the most popular means of communication over the network in modern offices, schools and homes. It is so convenient that you can communicate with or distribute messages to colleagues and friends on the Internet within seconds.  However,  the evils that come with the convenience are security risks and the nuisance of receiving email viruses and spam (unsolicited emails).

To reduce the security risks to our email servers and your frustrations at seeing spam emails, the Computer Centre has already implemented virus filtering for emails sent to central email servers.  To minimise the chances of spammers using one of our University's email servers for relaying spam emails, the Computer Centre will also institute the registration of departmental email servers from 1 February 2002 to help us identify the real email servers from those not intended to be used as email servers.

Virus filtering for emails sent to the central email servers

Many users have encountered the problem of receiving emails infected with virus in recent months. To reduce the undesirable impact that comes with virus contamination, the Computer Centre has installed the Anomy Sanitizer and Sophos AntiVirus software to serve as automatic virus filtering mechanisms on our HKUCC, HKUSUA/HKUSUB and GRADUATE email servers in the past few months. 

Email attachments that are detected to be carrying a computer virus will be deleted by the anti-virus software. The original email message will be delivered to the user's account along with a warning message from the Computer Centre.  If you know the sender of the email containing the virus, you are advised to inform him.

This virus filtering facility is effective in warding off the computer viruses as seen from the following figures on the number of viruses filtered out:
 
No. of email virus filtered (% of total email) on hkucc.hku.hk on hkusua.hku.hk on graduate.hku.hk
October 2001 N/A N/A 2869 (0.261%)
November 2001  6151 (0.356%)  11036 (0.192%)
(22nd Nov - 30th Nov)		 3013 (0.267%)

Important note: virus filtering may be by-passed (i.e. not carried out)

Please note that two types of email settings in your server account can cause the virus filtering function to be by-passed:

  1. Setting "forward" for your incoming email to another email address. (If the final receiving email server is either hkucc or hkusua or graduate.hku.hk, then virus filtering will take place on that mail server.  However, if it is forwarded to any other email server, our virus filtering software will not act on the email.)
  2. Using the elm email filter in your server account.  The server-based anti-virus software requires the use of the PROCMAIL filter (if you set up an email filter in your own server account).  Please refer to the Computer Centre's FAQ at http://www.itservices.hku.hk/faq/email.htm#q16 on setting up the PROCMAIL filter. For further information about the PROCMAIL filter, please refer to Timo's procmail tips and Procmail FAQ.

Registration of departmental email servers

Spam mails are mainly advertisements sent by spammers of unknown or fraudulent identity. In many cases, the spammers make use of open mail relay hosts to hide their own identity.  An open mail relay host allows anyone to send out large amounts of mail via their server. The influx of spam mails via a relay host would put a heavy burden on the network and slow down the normal email traffic. 

In order to minimise the chance of one of our University's servers being used as an open relay host, the Computer Centre will require the mandatory registration of departmental mail servers.  Starting from 1 February 2002, only registered mail servers in HKU will be allowed to send and receive emails directly to and from the Internet.  A registration form will be sent to all departments for the registration of their departments' mail servers.

The aims of the registration are:

  1. To ensure that all registered email servers directly accessible from the Internet are not open relay hosts.  All email relay requests will be filtered at the HKU network's firewall. This eliminates the loading on the individual registered email servers to process and reject the email relay requests.
  2. To stop unregistered email servers from becoming relay hosts.  We have encountered cases where staff or students have unknowingly installed mail servers on their own computers which were exploited by spammers as relay hosts.  An example is when the Linux operating system is installed on a PC, the mail service is automatically installed and started by default.
Note that those departmental mail servers which are not registered with the Computer Centre can continue to send and receive mails inside the HKU network, including sending or receiving mail through a registered mail server. 

Be careful in using your email address

Even though the Computer Centre is spending a lot of effort on protecting our computer resources, there is no simple way to totally eliminate viruses and spam mails.  Users are advised to be cautious when using their email addresses, e.g. by avoiding registering their email addresses at untrustworthy sites or joining Internet chat rooms which do not have a policy against re-distributing their users' email addresses.
 


If you have any queries, please contact the undersigned or send your questions to ithelp@hku.hk .
 
Kenneth Yip
Tel: 2859 7973
E-mail: kenty@cc.hku.hk		 Mr. Frankie Cheung 
Tel: 2859 2489
E-mail: frankie@cc.hku.hk

[Previous][Contents][Next