There is increasing interesting against hosting service for mail servers in a university network, in order to reduce security risks caused by unskilled administrators. This paper explains a mail hosting system which has two features. The first feature is a delegation mechanism based on the tree structure of the authentication database and its access control list, which makes a domain administrator use his/her own password for authentication and allows administration actions to administrators based on the list of their account names. The second feature is that no mail spool is prepared for domains but mail boxes for users are only prepared. The second feature minimises privileges of domain administrators and makes the mail hosting system secure.
We proposed a new method to block SPAM mail by selecting throttling and droping smtp connections using some blacklist and the argument of HELO command sent by a remote server. We implemented the method to the mail gateway server of Niigata university. In this paper, we describe how our method blocks SPAM mail and the blocking, false-positive/negative rate observed at our server. In the present method, server adminstrator does not need to manage the whitelist of mail servers. Instead of the whitelist, we use some of the well-maintaind public lists. Furthermore, we can reduce the number of the concurrent connections by selecting throttling connections using the argment of HELO command and some blacklist. After implementing our method to the mail gateway server, we do not recieved any false-positive report from our user. The arrived mails to our server and arrived SPAM mails to the paticular mail address are reduced by approximately 30% and 90 %, respectively.
Kanazawa University has participated in the "Experiment of single sign-on based on the associated authentication infrastructure of UPKI", which is a part of "Cyber Science Infrastructure Project" conducted by the National Institute of Informatics and collaborative information technology centers. In the collaborative project, we have constructed two systems, "File Transfer Service" and "Opens Digital Contents Service", in order to handle data files and digital contents safely making use of the advantages of UPKI. We also took into account the several issues to be solved in the actual operations of these systems. In the present paper, we introduce configuration of the systems and discuss the prospects of technical solutions.