Educause Security Discussion mailing list archives
Re: Outbound spam control
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Tue, 13 Jun 2006 10:19:34 -0600
What about enforcing SMTP authentication on your mail servers? BTW: You may wish to also pose your question to the Higher Ed e-mail admin list: http://listserv.nd.edu/archives/hied-emailadmin.html Brad Judy
-----Original Message----- From: Andy Hooper [mailto:hooper () POST QUEENSU CA] Sent: Tuesday, June 13, 2006 10:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Outbound spam control We have inbound spam reasonably well controlled with Barracuda "appliances", but have had a couple of incidents recently where compromised PCs used our a central mail server to distribute outgoing spam. This resulted in the mail server being put on a black list used by some large residential service providers. We were able to get it unlisted within a day, but there was a good bit of effort taken in responding to complaints about rejected mail. We are also concerned about the potential for more severe incidents in the future -- with about 14,000 active machines on our network, including ResNet, another compromise is virtually a certainty. The options we have come up with are: - Use a Barracuda unit to scan outbound mail. This would need a process to deal with false positives, such as quarantining. We currently use tagging, not quarantining, on inbound, so this would be a new process to introduce and explain. - Use submission rate limiting on the mail server. - Prepare an emergency mail relay server through which outbound mail could be rerouted in the event the main server IP address is black listed. There is a long reaction time with this. If you have done something to address this problem, we would appreciate hearing what you have done. - Andy Hooper - Queen's University at Kingston -
Current thread:
- Outbound spam control Andy Hooper (Jun 13)
- <Possible follow-ups>
- Re: Outbound spam control Brad Judy (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Joe St Sauver (Jun 13)
- Re: Outbound spam control Mark Borrie (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Chris Edwards (Jun 14)
- Re: Outbound spam control Hoffman, Michael (Jun 14)