Educause Security Discussion mailing list archives
Re: the importance of security
From: Rich Graves <rcgraves () BRANDEIS EDU>
Date: Wed, 11 Aug 2004 13:52:45 -0400
Wow, I'm surprised to see smtp auth being required on more than a handful of campuses, given the poor client support (especially in embedded devices). Hopefully the added usage will help get the client issues ironed out soon. We do not require smtp auth for on-campus use, but do support it for off-campus relaying, and have other measures in place: * We really haven't had more than a handful of users receiving and opening email worms in the last year. Email server-side protection and user education help a lot. Yes, trojans/open proxies installed on student computers by other means remain a problem. * New sendmail 8.13 FEATURE(`greet_pause') seems to defeat open proxies and the smtp engines of all current worms, even if you only pause a few milliseconds. Of course this arms race will continue... * We meter and drop smtp connectivity if any ip address that isn't known to be an email server sends more than 150 messages per day. This has stopped other antisocial behavior, including "legitimate" internal spammers we have since moved from huge, unmaintained Eudora aliases to a centrally supported list server. * Port 25 will be blocked in dorms and in admin subnets we "know" will "never" have legitimate mail servers. -- Rich Graves <rcgraves () brandeis edu> UNet Systems Administrator ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: the importance of security, (continued)
- Re: the importance of security Scott Genung (Aug 11)
- Re: the importance of security Jere Retzer (Aug 11)
- Re: the importance of security Dewitt Latimer (Aug 11)
- Re: the importance of security Scott Genung (Aug 11)
- Re: the importance of security Cal Frye (Aug 11)
- Re: the importance of security Jon Mitchiner (Aug 11)
- Re: the importance of security Gary Flynn (Aug 11)
- Re: the importance of security Gary Flynn (Aug 11)
- Re: the importance of security Jon Mitchiner (Aug 11)
- Re: the importance of security Buz Dale (Aug 11)
- Re: the importance of security Rich Graves (Aug 11)
- Re: the importance of security Paul Russell (Aug 11)
- Re: the importance of security Mike Iglesias (Aug 11)
- Re: the importance of security Scott Weeks (Aug 12)