Educause Security Discussion mailing list archives
Outbound spam control
From: Andy Hooper <hooper () POST QUEENSU CA>
Date: Tue, 13 Jun 2006 12:09:42 -0400
We have inbound spam reasonably well controlled with Barracuda "appliances", but have had a couple of incidents recently where compromised PCs used our a central mail server to distribute outgoing spam. This resulted in the mail server being put on a black list used by some large residential service providers. We were able to get it unlisted within a day, but there was a good bit of effort taken in responding to complaints about rejected mail. We are also concerned about the potential for more severe incidents in the future -- with about 14,000 active machines on our network, including ResNet, another compromise is virtually a certainty. The options we have come up with are: - Use a Barracuda unit to scan outbound mail. This would need a process to deal with false positives, such as quarantining. We currently use tagging, not quarantining, on inbound, so this would be a new process to introduce and explain. - Use submission rate limiting on the mail server. - Prepare an emergency mail relay server through which outbound mail could be rerouted in the event the main server IP address is black listed. There is a long reaction time with this. If you have done something to address this problem, we would appreciate hearing what you have done. - Andy Hooper - Queen's University at Kingston -
Current thread:
- Outbound spam control Andy Hooper (Jun 13)
- <Possible follow-ups>
- Re: Outbound spam control Brad Judy (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Joe St Sauver (Jun 13)
- Re: Outbound spam control Mark Borrie (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Chris Edwards (Jun 14)
- Re: Outbound spam control Hoffman, Michael (Jun 14)