Educause Security Discussion mailing list archives
Re: ND Status of SMTPAuth and SSL'ed e-mail
From: Karen Eft <kareneft () BERKELEY EDU>
Date: Wed, 13 Apr 2005 08:04:50 -0700
DeWitt: See info re UC Berkeley "CalMail" system's new security requirements due to our impending enforcement of "Minimum Standards for Security of Networked Devices": http://istpub.berkeley.edu:4201/bcc/Spring2005/calmailsecurity.html ("Secure connections to CalMail required beginning March 1") Not all our email users are on this central system, but it is attracting more small "satellite" systems to convert, rather than continue maintaining their local services. The implementation was very work intensive, including the user assistance, but it seems to be going well now. -Karen At 7:48 AM -0500 4/13/05, Dewitt Latimer wrote:
Thread-Index: AcVAJx2HV8T4FFFRQE+/OXphdVr+Ow== X-ND-MTA-Date: Wed, 13 Apr 2005 07:48:32 -0500 (EST) X-ND-Virus-Scan: engine v4.3.20; dat v4467 Date: Wed, 13 Apr 2005 07:48:39 -0500Reply-To: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Sender: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>From: Dewitt Latimer <dewitt () ND EDU> Subject: [SECURITY] ND Status of SMTPAuth and SSL'ed e-mail Comments: To: The EDUCAUSE CIO Constituent Group Listserv <CIO () LISTSERV EDUCAUSE EDU> To: SECURITY () LISTSERV EDUCAUSE EDU (Apologies for the cross post)Colleagues - Approximately a year ago, Notre Dame started an initiative to stop sending passwords in the clear by our largest offender (e-mail) as well as cut down on the amount of spam sent from hijacked campus machines. This e-mail is nothing more than a status update for those attempting similar feats or curious how things are going.In August 04, we made SMTPAuth mandatory for all users in our ResNet and blocked in/out traffic on port 25 except for smtp.nd.edu and other registered departmental MTAs. SMTPAuth was also made mandatory for everyone using smtp.nd.edu from off-campus. Moreover, we started a communications program to strongly encourage SMTPAuth for all on-campus (non ResNet) users of smtp.nd.edu and the configuration of SSL/IMAP or SSL/POP. The SMTPAuth & SSL requirement will be come mandatory for on-campus (non ResNet) users very shortly. As a side note, we turned off non-SSL Webmail.Without passing commentary as to whether we are where we want to be, for a typical day (April 11, 2005):SMTPAuth Messages submitted from local systems via SMTPAuth, excluding Webmail 41642 49% Messages submitted via SSL-Webmail 32622 38%Messages submitted WITHOUT SMTPAuth including messages from white-listed systems10997 13% SSL-enabled clients (excluding Webmail logins) Number of systems using secure POP/IMAP logins 2,493 57% Number of systems using insecure POP/IMAP logins 1,867 43% Number of SSL-enabled POP/IMAP connections 206,356 53% Number of insecure POP/IMAP connections 182,324 47%So we're doing pretty well on the SMTPAuth (87%) which, when coupled with Port 25 blocks has helped immensely on the amount of SPAM originating from nd.edu. The normal summer upgrade of desktops & images will put a large dent in the 1900 machines not yet configured for SSL IMAP/POP. Kudos to our Messaging, InfoSec, and desktop support teams for their diligence.Thus the path to any long journey begins with a first stepĀ -d ----------------------------------------- Dewitt Latimer, Ph.D. Deputy CIO and Chief Technology Officer The University of Notre Dame dewitt () nd edu********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
-- ========================================================= Karen E. Eft Information Technology Policy Manager UC Berkeley (510)642-4095 http://itpolicy.berkeley.edu ========================================================= ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- ND Status of SMTPAuth and SSL'ed e-mail Dewitt Latimer (Apr 13)
- <Possible follow-ups>
- Re: ND Status of SMTPAuth and SSL'ed e-mail Kay Sommers (Apr 13)
- Re: ND Status of SMTPAuth and SSL'ed e-mail Karen Eft (Apr 13)