Educause Security Discussion mailing list archives
Re: Outbound spam control
From: Mark Borrie <mark.borrie () OTAGO AC NZ>
Date: Wed, 14 Jun 2006 09:05:44 +1200
We have largely (totally?) avoided this issue by not allowing outbound smtp, except for a few designated mailhubs. All mail servers on campus are registered with the mailhubs and relay outbound email through them. All client systems/desktops send email via their host mail servers. This system was introduced partially to avoid being blacklisted due to open relays many years ago and we are are now avoiding contributing to the spambot traffic. Mark. On 13 Jun 2006 at 12:09, Andy Hooper wrote:
We have inbound spam reasonably well controlled with Barracuda "appliances", but have had a couple of incidents recently where compromised PCs used our a central mail server to distribute outgoing spam. This resulted in the mail server being put on a black list used by some large residential service providers. We were able to get it unlisted within a day, but there was a good bit of effort taken in responding to complaints about rejected mail. We are also concerned about the potential for more severe incidents
in the future -- with about 14,000 active machines on our network, including ResNet, another compromise is virtually a certainty.
The options we have come up with are: - Use a Barracuda unit to scan outbound mail. This would need a process to deal with false positives, such as quarantining. We currently use tagging, not quarantining, on inbound, so this would be a new process to introduce and explain. - Use submission rate limiting on the mail server. - Prepare an emergency mail relay server through which outbound mail could be rerouted in the event the main server IP address is black listed. There is a long reaction time with this. If you have done something to address this problem, we would appreciate hearing what you have done. - Andy Hooper - Queen's University at Kingston -
-- Mark Borrie Information Security Manager, Information Technology Services, University of Otago, Dunedin, N.Z. Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409
Current thread:
- Outbound spam control Andy Hooper (Jun 13)
- <Possible follow-ups>
- Re: Outbound spam control Brad Judy (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Joe St Sauver (Jun 13)
- Re: Outbound spam control Mark Borrie (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Chris Edwards (Jun 14)
- Re: Outbound spam control Hoffman, Michael (Jun 14)