Re: Outbound spam control

[Brad Judy <Brad.Judy () COLORADO EDU>]

What about enforcing SMTP authentication on your mail servers?

BTW: You may wish to also pose your question to the Higher Ed e-mail
admin list: http://listserv.nd.edu/archives/hied-emailadmin.html

Brad Judy 

> -----Original Message-----
> From: Andy Hooper [mailto:hooper () POST QUEENSU CA] 
> Sent: Tuesday, June 13, 2006 10:10 AM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Outbound spam control
>
> We have inbound spam reasonably well controlled with 
> Barracuda "appliances", but have had a couple of incidents 
> recently where compromised PCs used our a central mail server 
> to distribute outgoing spam. This resulted in the mail server 
> being put on a black list used by some large residential 
> service providers. We were able to get it unlisted within a 
> day, but there was a good bit of effort taken in responding 
> to complaints about rejected mail. We are also concerned 
> about the potential for more severe incidents in the future 
> -- with about 14,000 active machines on our network, 
> including ResNet, another compromise is virtually a certainty.
>
> The options we have come up with are:
>
> - Use a Barracuda unit to scan outbound mail. This would need 
> a process to deal with false positives, such as quarantining. 
> We currently use tagging, not quarantining, on inbound, so 
> this would be a new process to introduce and explain.
>
> - Use submission rate limiting on the mail server.
>
> - Prepare an emergency mail relay server through which 
> outbound mail could be rerouted in the event the main server 
> IP address is black listed. There is a long reaction time with this.
>
> If you have done something to address this problem, we would 
> appreciate hearing what you have done.
>
> - Andy Hooper - Queen's University at Kingston -