[Dshield] Extreme increase in spam attempts... any one elseseeing similar event?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Aug 22 18:43:47 GMT 2007

On Mon, 20 Aug 2007 17:44:25 +0200, Tony Earnshaw said:

> Seeing as both Desknow and Zimbra run on a provenly stable, 
> security-proven freeware OS (CentOS, you may pay for Red Hat licenses if 
> you wish), I don't see why people are still clinging to MS Exchange. 
> Unless it's a severe case of the chronic PHBs, or pure FUD.

If you ignore for a moment that we're a .edu, and think of it this way...

We're an organization with almost 7,000 employees and an annual budget fast
approaching a billion dollars.  Of those 7,000, some 3,000 are actively using
Exchange.  Lot of important data moving through all those exchange servers.

Now re-do your calculations, working in the deployment and retraining costs,
remembering to allow for lost productivity unless the new software is an
almost-exact clone - an amazing number of people have incredible "muscle
memory", and will click whatever that button that's 3rd from the top on the 2nd
menu from the left, because that's where XYZ *used* to be.

Oh yeah - did you want a flag-day change for all 3,000 people, or are you going
to be doing phased roll-outs, and did you consider the fun when some conference
room schedules are being done by Exchange, and some by the replacement, and
what happens when there's conflicts etc?

Meanwhile, we're *also* trying to deploy other security initiatives, a massive
upgrade to our network storage and backup systems (which ended up necessitating
a complete overhaul of UPS and HVAC for a remote server room, so we could stick
about 100T of disk in there so it wasn't in the same building as the *first*
copy, etc etc), a new spam manager for our *other* 100K or so mailboxes that
aren't on Exchange (which depends on the storage upgrade), and we keep getting
requests from Legal regarding data preservation requirements for litigation
(which I'd rather not talk about, except to note that due to an incredibly bad
timing interaction with the above-mentioned upgrades, we ended up having to buy
several hundred thousand dollars of computer tapes. Oh, and an upgrade for the
tape robot, and procedures for dealing with the tapes - even with an entire
quarter acre of machine room, there's limited places to *put* that many
tapes).  And that's just *my* group of 5 staff, the other groups here are
similarly busy with their own stuff...

Now explain to me again why we want to take funding away from this other stuff
that *needs* doing, just to replace the current Exchange service that's
actually more or less working for us?  Maybe if Exchange was the single biggest
thorn in our side - but I wish I was that lucky. :)

Or we can even go check Zimbra's website, and their top "success story":


"On July 21st and 22nd, Carleton successfully migrated 2,019 student accounts
(300 gigabytes of mail, about 4.5 million messages) from Cyrus to Zimbra with
less than 30 minutes' downtime and only about a dozen calls to the student help

Sounds good so far - although our mailstore has about 50 times as many
maiboxes and a lot more than 300G of mail, so we'll skip over the scaling
issues, but...

"Administrative staff are staying in their previous system for now because of
(currently) limited Outlook 2007 support and data conversion issues from Novell
GroupWise, but we hope to..."

Exactly.  Those issues usually totally swamp the issues of converting the

Now, are you *still* unable to see why some places are still running Exchange? :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070822/a1ff1ae2/attachment.bin 

More information about the list mailing list