Educause Security Discussion mailing list archives

Re: Outbound spam control

From: Mark Borrie <mark.borrie () OTAGO AC NZ>
Date: Wed, 14 Jun 2006 09:05:44 +1200

We have largely (totally?) avoided this issue by not allowing outbound
smtp, except for a few designated mailhubs.  All mail servers on
campus are registered with the mailhubs and relay outbound email
through them.

All client systems/desktops send email via their host mail servers.

This system was introduced partially to avoid being blacklisted due to
open relays many years ago and we are are now avoiding contributing
to the spambot traffic.

Mark.


On 13 Jun 2006 at 12:09, Andy Hooper wrote:

We have inbound spam reasonably well controlled with Barracuda "appliances", but have had a couple of incidents 
recently where compromised PCs used our a central mail server to distribute outgoing spam. This resulted in the mail 
server being put on a black list used by some large residential service providers. We were able to get it unlisted 
within a day, but there was a good bit of effort taken in responding to complaints about rejected mail. We are also 
concerned about the potential for more severe incidents

in the future -- with about 14,000 active machines on our network, including ResNet, another compromise is virtually a 
certainty.


The options we have come up with are:

- Use a Barracuda unit to scan outbound mail. This would need a process to deal with false positives, such as 
quarantining. We currently use tagging, not quarantining, on inbound, so this would be a new process to introduce and 
explain.

- Use submission rate limiting on the mail server.

- Prepare an emergency mail relay server through which outbound mail could be rerouted in the event the main server 
IP address is black listed. There is a long reaction time with this.

If you have done something to address this problem, we would appreciate hearing what you have done.

- Andy Hooper - Queen's University at Kingston -




--
Mark Borrie
Information Security Manager,
Information Technology Services, University of Otago,
Dunedin, N.Z.
Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409

Current thread:

Outbound spam control Andy Hooper (Jun 13)
- <Possible follow-ups>
- Re: Outbound spam control Brad Judy (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Joe St Sauver (Jun 13)
- Re: Outbound spam control Mark Borrie (Jun 13)
- Re: Outbound spam control Graham Toal (Jun 13)
- Re: Outbound spam control Chris Edwards (Jun 14)
- Re: Outbound spam control Hoffman, Michael (Jun 14)