Educause Security Discussion mailing list archives
Re: AOL email concerns for nodak.edu (fwd)
From: Paul Russell <prussell () ND EDU>
Date: Thu, 28 Apr 2005 15:43:08 -0500
On 4/28/2005 9:01 AM, Dick Jacobson wrote:
I know we send our share for garbage from compromised computers, but most of the complaints regarding thos incidents include timestamps or email headers so they can be tracked. This email simply says we are being naughty (without any documentation) and they are going block us if we do not clean up our act.
You should consider taking the following steps: 1. Block outbound SMTP (port 25) connection requests to external IP addresses from all but known mail servers in your network; and, 2. Implement mandatory SMTP authentication. There is, after all, no legitimate reason for Joe Student's personal computer to spew 1,000 messages per hour, either via a direct-to-MX connection to an external site, or through your mail server. These steps will, at least for now, prevent zombies in your network from spewing garbage at the rest of us. After you've taken these steps, you may want to set up a script to periodically scan your mail server logs for local systems that are encountering unusally high numbers of SMTP rejects. The output can help you identify infected and/or compromised systems in your network. Before we took these steps, we were frequently inundated with legitimate spam complaints from AOL. These changes reduced the flood to a trickle. -- Paul Russell Senior Systems Administrator OIT Messaging Services Team University of Notre Dame ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: AOL email concerns for nodak.edu (fwd), (continued)
- Re: AOL email concerns for nodak.edu (fwd) Daniel Medina (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Larry Jennings (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Brian Smith-Sweeney (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Joe St Sauver (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Daniel Medina (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Mark T. Nardone (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Cal Frye (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Paul Russell (Apr 28)