About Us

List Server

The other day we had a client who needed a list server set up under NT. List servers are those wonderful pieces of software that enable you to post one email to, and for this email to be forwarded to all the email accounts stored on a list on the server.

These list servers can of course be used for, in many peoples views, that most heinous of Internet crimes, spamming. However this server of ours was to be set up to provide a news service to a selected and regulated list of subscribers, honest! Previously we had used Microsoft's Exchange Server for this task. However the mechanism this provides, called distribution lists, whilst working fine, is difficult to maintain. Setting up a distribution list in Exchange Server needs to be done whilst sitting at the server or via remote controlling software. Whilst doing this, the whole email server configuration is visible and could accidentally be changed. For this reason you would not let a client have access to changing the list details. So we needed some way of running an email list server which would enable it's lists to be maintained externally, preferably by sending it email messages.

You have probably seen the type of thing where you put 'join list ' in the body of your email and send it to newslist@babetv.co.uk or something similar. A product that we had heard good reports about was NTMail by Internet Shopper (www.net-shopper.co.uk). NTMail has a mail server (POP3, SMTP, and IMAP4), list server, proxy server, web server, anti spamming engine (called Juice), finger server , Virus protection and a password server. All this runs under NT, the install is extremely simple and quick, with pricing starting at £40 for a two-user email server and £100 for a list server capable of handling up to 5 lists. The setup and configuring of Ver 4 is done via a web browser, whilst some of the configuring of the list server, which is still version 3.5, is done via the control panel.

The list server administration will be changed to a web front end in the next version of list server, which should be available in January 1999. Just to be awkward we did not want to use NTMail for the email on this client's domain as Exchange Server was handling this well, and we were using some features in Exchange Server in other projects for this client. The list server needs NTMail to be running for it to work, so after a call to Brian Dorricott, the guy who originally wrote NTMail and the MD of Internet Shopper. We decided to put NTMail on a different box to the Exchange Server. Then the DNS records were configured so that this mail server was sitting in a sub domain. So for example an email account on the exchange server would have an address like fred@company.co.uk and an account on the NTMail server would have an address like sam@list.company.co.uk. When, with a little help from INS (www.insnet.net) over the DNS records, this was all set up, every thing worked first time.

DNS RECORD for Sub Domain:list.company.co.uk

@ IN SOA ns0.insnet.net. hostmaster.insnet.net. (

1998092603 ; Serial

28800 ; Refresh

7200 ; Retry

604800 ; Expire

86400 ) ; Minimum

IN NS ns0.insnet.net.

IN NS ns1.insnet.net.

IN MX 10 mail.list.company.co.uk.

IN MX 20 mail.insnet.net.

mail IN A 192.203.153.212

IN MX 10 mail.list.company.co.uk.

IN MX 20 mail.insnet.net.

Internet Shopper claim considerable performance for their products, they apparently have list servers running with 600,000 addresses and in a test of 19,117 email messages they claim that "99% of all the mail was delivered within an average time of 11 minutes". Whilst we can't verify this, we shall be reporting back as to how well this product performs as a list server.

Certainly the install and setup was very easy and there are a host of extra facilities, such as being able to run Bots on the mail server to execute tasks when certain email arrives, routing of messages within the server without having to use rules in the email client. The 'JUICE' engine uses Artificial intelligence to help prevent spamming to your server. It detects patterns of email usage and should there be a large increase then it will start to restrict access to that email account, all the whilst being ready to take the restrictions off should the danger pass.

This technology could reduce the problem of a mail server being brought to it's knees by a denial of service attack. Or as one of the PcPro contributors found, a spammer using your server to send email. One of the little 'gotchas' that can trip you up with this and other list servers is that the email messages that you send to it to control membership of the list, must be sent as clear text and not mime or HTML which is the default of Outlook. In the next release this January the ability to take commands from email in formats other than plain text, will be added.

Interface

We mentioned that the administrative interface to NTMail is web based. When we were given a demonstration of this product by, Brian Dorricott. One of the major issues that came up was the look of this interface. Now regular readers of this magazine will probably remember Jon Honeyball's Epilog article in the June 98 issue. Here he took issue with web designs in general, but particularly where they were designing what was supposed to be a front end to an application, rather than an advertising site.

More and more products seem to be using web technology for the user interface or help files. Well unfortunately for the guys from NTMail, Jon Honeyball and Dave Moss were also at this demonstration, these two had a field day, pulling the user interface of NTMail apart. They argued that as it is a web page that is 'pretending' to be an application, it should look and behave like an application, with buttons to be pushed when a button should be pushed and not some hyperlink instead. There were many areas which it was felt that could be improved.

To their credit the NTMail guys took this criticism 'on the chin' and whilst they were a bit puzzled that no one else that they had shown the product to, had raised this issue, they did agree that some improvements could, and should be made. As we write this article, these changes are being done, and according to Brian Dorricott, this exercise has forced them to look at the whole structure of the user interface. The screen shots show before and after the changes to the GUI. We think you will agree that the improvement is considerable. Whilst we do not agree with all the views of Mr Honeyball on this issue, there is a strong case when a web page has to take the place of an application, that the temptation to use flashy graphics is resisted and an application look and feel is adopted. This design whilst not being so pretty, should make it easier for the user to use the product, and lets face it that is supposed to be the reasoning behind a GUI.

BH (Before Honeyball)

AH (After Honeyball)

No Service

We often heard of denial of service attacks perpetrated on company web servers or mail servers. This is where a server is brought to a standstill either because of some security loophole or by a sudden increase in the volume of traffic. We came across another much simpler form of a denial of service attack the other day. This company has an internal email server, which has a dial up connection to gather the Internet email. The logon name and passwords were built into scripts to automate this process. All worked fine until one day when all the external email stopped. After some examination it was discovered that an employee had rung the ISP and requested the logon password to be changed, which they duly did. The internal Email server could now no longer log on to collect the Internet mail as the passwords had changed. The ISP was at fault in this case, not requiring formal authorization before changing user setting such as passwords.

E-Commerce

In a previous article we talked about the overwhelming advantage American Companies have when it comes to E-Commerce and how slow our government is being at encouraging this important area. Well, the other day Trade and Industry secretary Mr Mandelson stated that " by 2001 90 per cent of government purchases will be made electronically" and he also promised that "by the end of this parliament , I want the UK to be globally recognized as the best environment in which to trade electronically" on regulation of e-commerce he stated that "this risks stifling rather than stimulating innovation". So if we believe him, and why shouldn't we believe a politician? The UK is set for an explosion in e-commerce. Within a week of this announcement came the news that Compaq has obtained a bulk license from the U S Government that will let it export 128-bit public -key encryption technology to the banking industry outside the US and Canada. The whole arena of e-commerce is rapidly changing and solutions are becoming available for even the smallest of companies. Some of these solutions we shall be covering in next months issue.