00:00:00 <nirik> #startmeeting E-mail: server types, transport agents, spam and configuration
00:00:00 <zodbot> Meeting started Mon Nov 16 00:00:00 2009 UTC.  The chair is nirik. Information about MeetBot at http://wiki.debian.org/MeetBot.
00:00:00 <zodbot> Useful Commands: #action #agreed #halp #info #idea #link #topic.
00:00:08 <nirik> Welcome to Fedora classroom everyone.
00:00:20 <DiscordianUK> Thank you nirik
00:00:26 <nirik> Today I will be talking about Email servers and related topic.
00:00:57 <nirik> Feel free to chime in with questions as we go at any time... or save them for the end. (I will do a Q&A at the end)
00:01:18 <nirik> This class will be logged and archived for later if you are unable to attend the entire thing.
00:01:38 <nirik> Anyone have any general questions on the Classroom or how it works? Or shall we get started?
00:02:00 <hammergod> we can start
00:02:05 * sniffit nods
00:02:06 <bmusson> cont.
00:02:14 <nirik> ok, great. :)
00:02:24 <lnxten> good morning, kevin
00:02:31 <nirik> #topic What is a MTA? MUA? MDA?
00:02:40 <nirik> First some background...
00:02:56 <nirik> Folks talk about MTA's and MDA's and MUA's. What do all those mean?
00:03:08 <nirik> MUA is a Mail user Agent.
00:03:21 <nirik> This is a client an end user would run to read and send their email.
00:03:44 <nirik> Examples would be: evolution, mutt, alpine, claws-mail, Mail, etc.
00:03:59 <nirik> MTA is a Mail Transport Agent.
00:04:19 <nirik> This is a package that transports email between servers and around the internet.
00:04:33 <nirik> Examples here would be sendmail, exim, postfix.
00:04:50 <nirik> MDA's are Mail Delivery Agents.
00:05:02 <nirik> These are things called by the MTA to deliver email to the end user.
00:05:16 <nirik> Some examples would be: postdrop, procmail.
00:05:32 <nirik> Today we will mostly be talking about MTA's.
00:05:44 <nirik> Possibly later sections we will look at the other parts.
00:06:12 <nirik> Any questions on that?
00:06:53 <bmusson> nope
00:06:55 <sniffit> none so far
00:07:00 <nirik> #topic Do I need a MTA?
00:07:06 <Padhu> no
00:07:18 <nirik> The first thing to consider is if you need to run a local MTA.
00:07:46 <nirik> In many cases folks these days have a IT department, or use a external service such as gmail or yahoo or hotmail to handle their email needs.
00:08:11 <nirik> If you are happy with those setups, there is little reason to run your own server. ;)
00:08:35 <nirik> By default Fedora comes with sendmail installed so it can send system emails...
00:08:48 <nirik> this may meet most people's needs.
00:09:21 <nirik> Lets go on to a overview of MTAs available in fedora.
00:09:28 <nirik> #topic MTA overview
00:09:46 <nirik> Fedora has a number of possible MTA's you can install and use.
00:10:03 <nirik> The first and most simple is ssmtp
00:10:13 <nirik> ssmtp is a very small and bare bones MTA.
00:10:37 <nirik> It doesn't do local delivery of any kind, so if you want to use it you need another system setup to accept emails it can send to.
00:10:53 <nirik> If you just want local system emails (logrotate, cron jobs), this may be a good solution.
00:11:21 <nirik> You can setup what accounts it accepts email for and where they forward in /etc/ssmtp/ssmtp.conf
00:11:48 <nirik> Note that if you just install and don't configure it, your mail may be silently dropped.
00:12:03 <nirik> any general questions on ssmtp?
00:12:34 <nirik> ok, moving on to the next...
00:13:03 <nirik> Next up we have exim. exim is a small well setup, full featured MTA.
00:13:16 <nirik> debian variants use exim as default MTA.
00:13:38 <nirik> it has a pretty simple config available under /etc/exim/
00:14:19 <nirik> exim has some advanced features none of the other MTA's have... you can do some pretty cool stuff with it.
00:14:52 <nirik> Next we have postfix. Another MTA that has a lot of features and is very popular with a lot of people.
00:15:19 <nirik> Both exim and postfix are setup to seperate things out into different processes for security, and both have a pretty good security track record.
00:15:50 <nirik> Finally to round things out, we have sendmail. Sendmail can do very complex things, but has a somewhat complicated config setup.
00:16:02 <bmusson> #agree
00:16:07 <nirik> It's also had many security issues over the years. It was designed long long ago...
00:16:30 <nirik> So, those are the major MTA's available. Anyone have questions on that or one I missed?
00:16:47 <hammergod> can u plz tell some features which are not present in any other MTA except exim
00:17:24 <nirik> hammergod: it can do some things like check back to the sending smtp server to confirm the sending user exists before accepting the email
00:17:41 <nirik> so, some advanced cases.
00:17:50 <hammergod> okay to stop spamming
00:17:53 <nirik> For most general needs all three of postfix/sendmail/exim will work fine.
00:18:56 <nirik> ok, let me touch a bit on MDA's before moving on to talking about spam. ;)
00:18:56 <hammergod> in industry which one companies uses  most popular?
00:19:29 <nirik> hammergod: it's hard to say. sendmail has been around for a long time, so it's got a lot of market share.
00:19:45 <DiscordianUK> The elephant in the room of course is qmail
00:19:49 <hammergod> thanx nirik  :)
00:19:56 <nirik> indeed. I suppose I should touch on qmail...
00:20:28 <sniffit_> yes please nirik i have been reading quite a fair bit on it, could you please elaborate on it?
00:20:29 <nirik> qmail isn't available in Fedora... (Although it could be). It's another MTA that was built to be secure and modular like postfix/exim.
00:21:05 <nirik> it has a lot of nice features... it's config for example is single files instead of a large single config like the others.
00:21:11 <nirik> and it's fast and secure.
00:21:24 <nirik> However, it wasn't maintained very actively for a long time...
00:21:48 <nirik> it was released into the public domain a year or two ago, but lack of having it available made many people move on to postfix/exim.
00:22:20 <nirik> I would not recommend it these days, as it's not packaged for Fedora and is pretty behind the times of current MTAs
00:22:39 <DiscordianUK> seems a fair summary to me re qmail
00:22:53 <nirik> also it requires a number of related packages... daemontools/supervise which are not available.
00:23:30 <nirik> ok, shall we move on to MDA's
00:23:49 <hammergod> yes
00:23:53 <sniffit> yes please
00:23:59 <nirik> #topic MDAs - Mail Delivery Agents
00:24:26 <nirik> So, the two popular ones here are procmail and maildrop. Both are available in fedora.
00:24:48 <nirik> Many MTA's just do the local delivery themselves. (with the exception of ssmtp)
00:25:01 <nirik> but they allow you to use a seperate MDA if you like.
00:25:18 <nirik> This allows you to do per user filtering and mail handling.
00:25:37 <nirik> Many people use procmail for this for example... to filter mails from some list into a folder, or forward emails somewhere else.
00:26:02 <nirik> both maildrop and procmail have their own 'language' for filtering.
00:26:25 <nirik> In these filters you can also call external programs. Some people use this to scan for spam or the like as well.
00:26:43 <nirik> Although it's becoming more common to do that kind of thing at the MTA or MUA level.
00:27:10 <nirik> In any case it's easy to plugin one if you like.
00:27:16 <nirik> Any general questions on MDA's?
00:28:24 <sniffit> no
00:28:26 <hammergod> nopes
00:28:40 <nirik> ok, moving along.
00:28:47 <nirik> #topic Alternatives
00:29:06 <nirik> If you try out various MTAs in fedora, you will need to work with the 'alternatives' system
00:29:27 <nirik> basically that is a setup to allow you to have multiple MTA's installed, but one is active/primary/used.
00:29:47 <nirik> The very easiest way to deal with this is the 'system-switch-mail' package.
00:30:10 <nirik> if you install this it will let you switch between any installed MTA's.
00:30:38 <nirik> Note also that you cannot easily remove all MTAs. If you want to switch to a new one, install that one, switch to it, then remove the old inactive one.
00:30:56 <nirik> (there are dependencies on a MTA... cron being the most base one)
00:31:40 <nirik> When you set one as active/primary, it becomes the one called from common links like /usr/sbin/sendmail and man pages, etc.
00:32:13 <nirik> Any questions on alternatives for mtas?
00:32:52 <sniffit> nothing yet
00:33:00 <nirik> ok, moving on to everyones favorate topic: spam.
00:33:04 <nirik> #topic Spam
00:33:29 <nirik> If you are running a MTA and it's connected to the internet, sadly you will have to deal with spam. ;(
00:34:06 <Silent_Dream> my favorite thing!
00:34:08 <nirik> The very first thing to make sure before putting your server on the net is to make sure it's not what is called a 'open relay'
00:34:37 <nirik> by default MTA's these days only relay (ie, accept and send on) emails for a limited list of networks or only authenticated users.
00:34:57 <nirik> you should make sure you have limited that before bringing your MTA up on the net.
00:35:22 <nirik> spammers can find open relays really quickly. ;(
00:35:35 <nirik> and will start spewing spam through your server...
00:35:42 <sniffit> question?
00:35:47 <nirik> sure, shoot...
00:36:17 <sniffit> is there anyway to quickly identify if any of the servers in my network is acting as an open relay
00:36:34 <nirik> there are some on-line places that will check...
00:36:50 <nirik> http://www.abuse.net/relay.html
00:36:52 <nirik> for example.
00:37:31 <sniffit> ah i see. nothing that i can do with cli?
00:37:34 <nirik> You can test easily yourself if you have a remote server to test from too.
00:37:58 <nirik> Yes. 'nc your-ip 25' and then fake a smtp transaction that would relay.
00:38:11 <nirik> which would be something like:
00:39:56 <nirik> (whipping one up, just a sec)
00:41:56 <nirik> ok, paste here:
00:41:59 <nirik> 220 XXXXXXX ESMTP Postfix
00:41:59 <nirik> ehlo MYHOST
00:42:00 <nirik> 250-XXXXXXX
00:42:00 <nirik> 250-PIPELINING
00:42:00 <nirik> 250-SIZE 10240000
00:42:01 <nirik> 250-ETRN
00:42:03 <nirik> 250-STARTTLS
00:42:05 <nirik> 250-ENHANCEDSTATUSCODES
00:42:07 <nirik> 250-8BITMIME
00:42:09 <nirik> 250 DSN
00:42:11 <nirik> mail From: kevin@example.com
00:42:13 <nirik> 250 2.1.0 Ok
00:42:15 <nirik> rcpt To: kevin@example.com
00:42:17 <nirik> 554 5.7.1 <kevin@example.com>: Relay access denied
00:42:19 <nirik> quit
00:42:21 <nirik> 221 2.0.0 Bye
00:42:23 <nirik> so, this transaction shows you connecting to server on XXXXXX
00:42:39 <nirik> I tried to send an email from kevin@example.com to kevin@example.com
00:42:45 <nirik> and it denied the relay.
00:43:35 <sniffit> i see, meaning that server XXXXXX only accepts limited or authenticated users.
00:43:38 <sniffit> thanks nirik
00:44:24 <nirik> ok, so thats open relay testing...
00:45:03 <nirik> so, back to spam. ;)
00:45:24 <nirik> There are a bunch of methods for spam control, not sure how many we will get to today, but lets see.
00:45:33 <nirik> #topic Spam throttling
00:45:49 <nirik> several of the MTA's have built in throttling of connections that can limit spam.
00:46:13 <nirik> so, they will delay or drop connections from one server when too many are connecting.
00:46:42 <nirik> or block connections when the sending mta does something wrong or doesn't resolve correctly.
00:47:00 <hammergod> but it can slow performance will it not ??
00:47:04 <nirik> postfix is the MTA I use most these days, and it has a nice webpage on this:
00:47:39 <nirik> (except they seem to have deprecitated the link I use): http://www.postfix.org/uce.html
00:47:49 <nirik> hammergod: for those machines, yes.
00:48:11 <hammergod> i am askin abt our email server
00:48:13 <nirik> so for example, if you have a legit need to send 10,000 emails from one machine to another, it would likely be delayed a lot by these measures.
00:48:47 <Silent_Dream> does sendmail by default limit spam
00:48:51 <nirik> this is true of most any spam filtering...
00:49:03 <nirik> Silent_Dream: sendmail also has limits like this... to limit connections, etc.
00:49:10 <Silent_Dream> ok
00:49:26 <nirik> http://acme.com/mail_filtering/sendmail_config.html for example.
00:49:58 <nirik> there are lots of settings you can adjust for this kind of thing in all the MTAs
00:50:18 <nirik> #topic Spam Greylisting
00:50:28 <nirik> I'd like to touch on greylisting a bit...
00:50:47 <nirik> greylisting is another spam prevention method thats become popular recently.
00:51:04 <nirik> http://www.greylisting.org/ has a overview and more info.
00:51:28 <nirik> Basically this method takes advantage of the fact that most spammers never retry email sends.
00:51:41 <nirik> If it fails for some reason, they just don't bother to retry. They have too many to send to do that.
00:52:06 <nirik> so, greylisting rejects emails on the first attempt. Later attempts work.
00:52:18 <Silent_Dream> has that proven to be useful or have spammers adapted?
00:52:21 <nirik> For legit email, this is just a short delay until retry.
00:52:54 <nirik> it's quite usefull. They don't want to retry emails... they want to spew as many as they can and move on.
00:53:33 <RongMin> cannot they just create a script that if the sending failed re-add the address to the last queue?
00:53:51 <nirik> It's handy as a first line as well, because then you don't have to process the email with more expensive spam filtering methods.
00:54:11 <sniffit> RongMin, possible ... but some spammers are just fire and forget creatures
00:54:22 <JasonY2> RongMin, they could, but usually they're not that sophisticated.  But it's just a first-line of defense, and very low-cpu for mail servers.
00:54:27 <nirik> RongMin: indeed they could. Possibly some do. However many spammers just use infected bot machines... there is no queue, they are just sending as fast as they can to a long list of addresses.
00:54:48 <Silent_Dream> i suppose it would not be an efficient use of their time if they can't easily tell the difference between a greylisted and an nonexistent addres
00:55:18 <nirik> Silent_Dream: greylisting rejects the email with a temp failure. For a non existant user it would be a perm failure.
00:55:27 <Silent_Dream> oh
00:55:32 <nirik> But it could be a down mail server, or anything that could cause a temp failure.
00:55:48 <Silent_Dream> i see
00:56:21 <nirik> So, downsides of greylisting: slight delay for legit users (at least until you learn they are legit) and also some places have farms of servers so you need to whitelist them.
00:56:28 <Silent_Dream> is there any way to apply greylisting to gmail, or is that outside the topic of this course
00:56:33 <nirik> There are several greylisting packages available in fedora.
00:57:00 <nirik> Silent_Dream: using gmail as a user? nope. That is something that would need to be done at the MTA level at google.
00:57:23 <Silent_Dream> ah ok
00:57:25 <nirik> sqlgrey, postgrey and milter-greylist are all available in fedora.
00:57:37 * nirik uses sqlgrey here. It's pretty easy to setup.
00:57:58 <nirik> any further questions on greylisting?
00:58:07 <Discordian> milter-greylist sounds specific to sendmail
00:58:19 <nirik> Discordian: yes, it is.
00:58:26 <nirik> well, postfix can use sendmail milters too.
00:58:40 <Discordian> i didn't know that
00:58:42 <JasonY2> One advantage to milter-greylist is if you run multiple MTAs, it will sync their databases up.
00:58:48 <nirik> yeah, they added that not too long back.
00:58:50 <Discordian> I'm a fan of sendmail anyway
00:59:28 <JasonY2> (As a legic MTA will try the first MX, if it temp failures, it will go to the next MX... which is fine to receive if it hit the first MX as most spammers won't try a second MX)
00:59:31 <nirik> sqlgrey also includes a script to pull a whitelist of networks that use multiple machines to send out.
00:59:41 <JasonY2> s/legic/legit
01:00:22 <nirik> yeah, blocking spam is an arms race. :( Sometimes new things come up and then are bypassed by spammers, then the next thing, etc.
01:00:36 * nirik sees we are at an hour now...
01:00:43 <Silent_Dream> all security indeed is a never ending battle
01:00:52 <sniffit> +1 Silent_Dream
01:01:10 <nirik> yep. it's a process... not a checkmark. ;)
01:01:23 <nirik> ok, anything more on greylisting?
01:01:33 <sniffit> last one nirik
01:01:38 <nirik> sure, go ahead.
01:01:53 <sniffit> sqlgrey should be able to plugin to some if not most MTA's
01:01:59 <sniffit> am i correct?
01:02:22 <nirik> I'm not sure about exim, but it should work with postfix and sendmail at least.
01:02:51 <sniffit> and how about performance wise, any degradation to legit users?
01:03:13 <sniffit> in terms of delivery time, mail retrieval etc.
01:03:20 <nirik> yes, they will see emails delayed the first time from someone new... how long depends on how long it takes their MTA to retry.
01:03:30 <nirik> most of these solutions use a database.
01:03:43 <nirik> that will keep track of the sending ip and from/to addresses.
01:03:57 <JasonY2> That is where tuning is good.  You can tell it to whitelist any mail that comes in from an MTA that successfully retries. Then it can be whitelisted for a given time (that's how milter-greylist works).
01:04:02 <nirik> so, the next time they send an emai with that same to/from and ip it will just get allowed.
01:04:09 * JasonY2 nods at nirik
01:04:10 <nirik> yep.
01:04:17 <sniffit> i see. thank you.
01:04:39 <nirik> so, it's really only a first time delay usually.
01:04:53 <nirik> #topic Spam - clamav
01:05:19 <nirik> Another thing that folks who especially have people using MUA's on other oses is to run a virus scanner on emails.
01:05:40 <nirik> none of those payloads can affect the mail server, but the end users could see a problem from them.
01:05:54 <nirik> In Fedora we have clamav for this sort of thing.
01:06:03 <nirik> There are a number of ways to tie it into the MTA.
01:06:14 <nirik> You could use a MDA to just call it and discard emails that are infected.
01:06:42 <nirik> Some MTA's have a ability to just call a transport filter and drop the email if it's infected. (Postfix and exim can do that... I think sendmail can as well)
01:07:02 <Discordian> yeah sendmail can
01:07:12 <Silent_Dream> any solutions for false positves?
01:07:15 <nirik> I'm not sure how high a % of emails are virus laden these days, but if you have people on another os you may want to do this.
01:07:30 <nirik> Silent_Dream: they are very low in my experence.
01:07:44 <Silent_Dream> if it happens though, how will you recover the email
01:07:45 <nirik> clamav uses a database where they fingerprint the specific malware.
01:07:45 <Discordian> what does clamav use for anti-virus detection?
01:08:16 <Discordian> ahhh
01:08:20 <Silent_Dream> do they fingerprint it differently from other vendors?
01:08:21 <nirik> Silent_Dream: it depends on how you have it setup. If thats a concern you will want to stick the infected emails in a quarenteene dir to examine later.
01:08:31 <Silent_Dream> ah, i see
01:08:41 <nirik> some people just reject them at receive time, so they never accept the email.
01:08:51 <nirik> some people drop them after accepted at delivery time.
01:09:03 <nirik> They work with other vendors on naming and such...
01:09:19 <nirik> http://clamav.net/
01:09:47 <nirik> They keep pretty up to date. You can look on their site for specific ones.
01:10:00 * sniffit nods
01:10:14 <Silent_Dream> ok
01:10:21 <nirik> anything else on clamav?
01:10:50 <nirik> ok, moving on then...
01:11:01 <nirik> #topic Spam - amavisd-new
01:11:25 <nirik> Another spam filtering / one stop shop application is amavisd-new.
01:11:45 <nirik> This is a process/package that ties into the MTA and runs various filtering on emails for you.
01:11:49 <nirik> I can handle calling clamav
01:12:01 <nirik> and spamassassin and various other filters and such.
01:12:13 <nirik> If you want to have just one place to manage and change things, it's nice.
01:12:27 <nirik> it should be able to tie into any of the major MTAs
01:12:57 <nirik> http://www.ijs.si/software/amavisd/ is it's website.
01:13:35 <nirik> It can also handle things like quarenteening emails for a time or the like.
01:13:55 <nirik> Any questions on amavisd-new?
01:14:34 <nirik> ok, one more thing I would like to touch on, and then we can do Q&A.
01:14:42 <nirik> #topic Spam - Spamassassin
01:15:25 <nirik> One of the most popular ways to filter spam these days is spamassasin.
01:15:41 <nirik> http://spamassassin.apache.org/
01:15:58 <nirik> it's a perl package that runs a bunch of tests on an email and tries to figure out if it's spam or not.
01:16:12 <nirik> It does this by running tests and adding up a 'score' for each email.
01:16:25 <nirik> If the score is over the spam threshold, it marks it as spam.
01:16:50 <nirik> Note that it's not a MTA or MDA or anything like them... The most it does it mark the email spam/not spam in the header.
01:17:05 <nirik> It's up to you to use something else to filter on this information (an MDA or the like)
01:17:32 <nirik> Spamassassin has a ton of tests and does get rule updates, but it's also very computationally intensive.
01:17:53 <nirik> So, it's best to use something like greylisting to weed out most of the incoming emails before trying to process them with spamassassin.
01:18:12 <JasonY2> (and after RBLs as well)
01:18:21 <sniffit> ?
01:18:25 <sniffit> RBLs?
01:18:34 <JasonY2> real-time blacklists, which are low-cpu (dns queries)
01:18:39 <nirik> sniffit: haven't gotten to those yet... but yeah...
01:19:04 <nirik> those are blacklists of hosts/ips. If you trust them you can reject incoming emails from those hosts/ips.
01:19:18 <nirik> There are a number of them, some better than others.
01:19:59 <nirik> spamassassin looks up a bunch of those and weights them according to how effective they think each is.
01:20:11 <sniffit> any personal recommendations?
01:20:35 <nirik> spamassassin can also use a bayes db. Basically you can tell it what you think is spam and not spam and 'train' it to learn what spam is like for you.
01:21:13 <nirik> sniffit: I don't use any here anymore... not sure which are good these days. I would however recommend AGAINST the spamcop one.
01:21:35 <nirik> Anyone have questions on spamassassin?
01:22:04 <sniffit> last one from me: when it says computationally intensive
01:22:20 <sniffit> is it significantly obvious to the end user?
01:22:31 <nirik> sniffit: nope. It's all before it's delivered to the end user.
01:22:48 <nirik> But it's 2-10seconds an email on a regular box when delivering.
01:23:08 <nirik> so, if you have a busy server with lots of people on it, that could make you get behind delivering emails.
01:23:30 <sniffit> good ;) i'll just plug in it so that the other OS wont need so much maintenance
01:23:49 <nirik> it looks at things like whats in the headers, where did the mail come from. Does it have lots of CAPS letters in it. Does it mention things that are spammy... etc.
01:24:05 <sniffit> like viagra ?
01:24:13 <nirik> yeah. ;)
01:24:45 <nirik> ok, we are running low on time... I'm going to look at doing a part 2 soon, since there were many things I couldn't get to this time.
01:24:50 <nirik> #topic Q&A
01:25:12 <nirik> any general questions from anyone on anything Email related?
01:26:14 <sniffit> i believe mine is a bit off tangent
01:26:35 <nirik> well, feel free... if it's too off topic we can take it off line after the class.
01:26:42 <sniffit> but i am currently working on getting out a fedora remix built for netbooks
01:27:03 <sniffit> i disabled sendmail into the image
01:27:11 <sniffit> but somehow exim managed to get in
01:27:27 <nirik> yeah, some MTA is required.
01:27:34 <nirik> if you don't pick one you get exim
01:27:42 <nirik> (shortest name)
01:27:47 <JasonY2> In that case, would ssmtp work?
01:27:52 <sniffit> and i found a particular case where an asus EEE pc froze on boot
01:28:21 <nirik> it could... however note that it's not a full MTA... you MUST set a email address for it to forward to, or your emails for root will just get dropped.
01:28:33 <nirik> sniffit: that seems unrelated to the mta issue.
01:29:03 <sniffit> i know ... i was just wondering if it does
01:29:16 <sniffit> because it froze while starting up exim
01:29:24 <nirik> Hopefully down the road here we will remove the last of the MTA dependencies in the base package set and you won't need one.
01:29:57 <nirik> sniffit: might have been some exim config issue... not sure.
01:29:58 <sniffit> my workaround it just do a chkconfig on it
01:30:28 <nirik> yeah.
01:30:47 <nirik> ok, I think we are out of time here... any last questions, or shall I wrap things up?
01:30:51 <sniffit> i'll just work on it a bit more then ;)
01:30:56 <sniffit> thank you nirik
01:31:07 <nirik> I will setup a time for part2 soon... should be on the classroom page as soon as I figure out when.
01:31:51 <nirik> Thanks for coming everyone and the great questions!
01:31:54 <nirik> #endmeeting