Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

isode.com / about /

Media Resources

• One of only 10 Accredited ISPs for Education.
• Service over 110,000 users at 350+ sites.
• Use M-Switch for boundary message switching and anti-virus filtering.
• Extensive M-Switch Anti-Spam pilot resulted in full roll-out.

Leeds Learning Network

As one of only 10 accredited Internet Service Providers for Education in the UK, Leeds Learning (LLN) provides crucial secure two-way communications for and between schools.

Sponsored by Leeds City Council, developed in partnership with BT and launched in March 2000, LLN acts as an ISP for schools and also provides internet and email access to libraries, museums and other educational establishments in the Leeds area with the intention of meeting and exceeding the national targets for the National Grid for Learning. LLN's content targets include:

• Access to locally developed content, produced by schools, libraries, museums, galleries and the LEA.
• Access to regionally developed content created by LLN and neighbouring authorities.
• Access to commercially produced content either on an authority-wide basis or through a subscription service.
• Access to exemplar materials and the sharing of good practise within Leeds and across the region.
• Signposts to useful resources on the Internet that have been validated by subject specialists drawn from the teaching community.
• Web space for all schools, pupils and staff.

The most ambitious of LLN's aims was to provide all pupils from the age of 8 with their own e-mail address, one which can stay with them when they leave for another school, training centre or college within the Leeds Education Authority area.

E-Mail Security

With so many school age children amongst LLN's 110,000 users at over 350 sites city-wide, the integrity of their messaging system has always been a crucial concern. Preventing inappropriate emails, containing viruses or unwelcome content, from reaching LLN's school-age users is a priority.

LLN are now utilising four copies of M-Switch to provide external email switching services, anti-virus and anti-spam protection to all users and sites.

The services underlying LLN are operated by Isode's partner BT Global Services. This service includes provision of data connection and underlying IP (Internet Protocol) and security services, as well as Web and email applications, where Isode's M-Switch product is used.

The email service provided by BT Global Services includes external email connectivity, address and configuration management, and anti-virus checking. Mailboxes for students are hosted on a Web mail system, and mailboxes for teaching and library staff are hosted on Microsoft Exchange.

Solution Architecture

The diagram below shows the overall message switch architecture provided by M-Switch. Message storage and access is provided in two ways, for two different sets of Leeds Learning users:

• Students are provided with Web mail accounts, using the Mailgear product from Symantec. This is achieved using two Web mail servers.
• Staff and other (adult) Leeds Learning customers, use email accounts provided using Microsoft Exchange. This service is supplied by using two Microsoft Exchange servers.

The entire solution is provided by BT Global Services as a managed service for Leeds Learning, with all of the servers and Internet provision hosted in Leeds. Service monitoring is provided by BT staff in Leeds and Thurso.

The message switching service makes use of four copies of M-Switch, two for inbound traffic and two for outbound. This structure provides a redundant service, which will continue to operate in the event of hardware failure. The systems are all configured to balance load, so that processing load is shared. The services provided by M-Switch include:

• Boundary message switching. M-Switch sits in a demilitarised zone (DMZ), routing inbound and outbound messages to separate internal and external messaging systems.
• Routing all inbound messages to the recipient's server.
• Supporting functional aliases for each participating school, which are routed to an appropriate administrator.
• Checking all messages for viruses, making use of the Sophos anti-virus package.
• Checking all messages for Spam, using the M-Switch Anti-Spam product

The M-Switch configuration which supports this service uses tables. Some of these are manually edited and others automatically derived from the Microsoft Exchange and Mailgear configurations, where end user accounts are managed.

Each of the M-Switch servers operates on a single processor 500MHz Compaq Proliant server.

Operational Data

The service is being provided to 300 schools in the Leeds area, and for 50+ other institutions. It supports around 110,000 users in total. Changes to the account details for over 30% of the users occur each year as pupils start, leave or change schools.

Each of the four M-Switch servers, records detailed statistical information on messages handled. These are processed each week to give detailed statistical information on the number of messages processed, errors, viruses and spam.

A wide range of viruses and other messages which may contain damaging content are blocked. A summary from one server gives a sense of the range of things that are stopped:

Detected 2 instances of Identity Virus W32/Mimail-I Detected 10 instances of Identity Virus W32/Bugbear-Dam Detected 3 instances of Identity Virus W32/Mimail-J Detected 9 instances of Identity Virus App/SBrowse-A Detected 1 instances of Identity Virus W32/Ganda-A Detected 14 instances of Identity Virus W32/Mimail-K Detected 184 instances of Identity Virus W32/Klez-H Detected 1 instances of Identity Virus W32/Magistr-A Detected 1 instances of Identity Virus W32/Bugbear-A Detected 1 instances of Identity Virus W32/Sobig-F Detected 8 instances of Identity Virus W32/Bugbear-B Detected 3 instances of Identity Virus W95/Spaces Detected 1 instances of Identity Virus W32/Sober-A Detected 435 instances of Identity Virus W32/Gibe-F Detected 1 instances of Identity Virus VBS/Kakworm Detected 1 instances of Identity Virus W32/Flcss Detected 4 instances of Identity Virus W32/Holar-I Detected 50 instances of Identity Virus W32/Dumaru-A Rejected 811 messages because contents are blocked Rejected 323 messages because message contains script in HTML Rejected 1 messages because message contains blocked attachment type

Typical overall daily volumes for the M-Switch service are:

• 7,000 messages per day received from the Internet (spam and virus processing)
• 26,000 messages per day processed by the outbound switches (virus processing), which includes traffic to the Internet and traffic between internal servers.

Currently about 20% of the total traffic is being identified as spam and deleted.

Operational Experience

M-Switch has operated as a part of the Leeds Learning Network service, over a number of years. Mark Valentine, Senior Solutions Designer at BT, who has been responsible for design and overall operation of the service said "M-Switch has been a very solid product, and has been an effective component of the service we offer at Leeds Learning".

The Future for M-Switch & LLN

Leeds Learning used M-Switch's boundary messaging and anti-virus capability for several years, before beginning an extensive pilot of M-Switch Anti-Spam. This was configured to operated initially for a reduced set of users, following which the pilot project was extended to include all recipients. Key functions in the initial deployment were:

• Checking messages to see if they are spam, and then marking at three levels (0-10, 10-20, and 20+). This is done using subject line annotation, so that recipients can easily measure the effect of the spam checking. Once a suitable comfort level has been gained, it is expected that spam will be discarded at the switch.
• Content filtering, based on an extensive list of "rude words" developed by LLN staff. The goal of this list was to protect recipients from offensive messages, which may or may not be spam. Although this worked mechanically, it was found to be operationally impractical, as too many words were also present in valid messages.

Patrick Kirk, Lifelong Learning Infrastructure Manager for Leeds City Council IT Services (who have overall responsibility for the service) said "Our experience so far with M-Switch Anti-Spam is excellent. We have not seen any real mail with a 'spam' score of greater than 20 points and virtually none with between 10 and 20 points, we are impressed with M-Switch's accuracy in detecting spam".

The pilot has now been extended as an operational service to all users, with all messages having a score of more than 20 points being discarded. Messages are not being annotated for the general community, to avoid confusion. Messages with scores in the range of 0-20 are being annotated for a monitoring group, and the experience of this group will be used to fine tune the general policy.  It is anticipated that an SMTP reject will ultimately be issued for messages with scores in the region of 10 to 20 points. The operational service does not currently include word blocking as this already exists as part of the mail offering to students.