[unisog] sendmail vulnerability / impact

Mitch Collinsworth mitch at ccmr.cornell.edu
Fri Mar 7 17:25:32 GMT 2003


On Fri, 7 Mar 2003, H. Morrow Long wrote:

> We have a plan to block all TCP port 25 traffic into our campus network
> beginning this summer.  We are just in the planning stage.  We plan to
> offer MX records for any hosts/departments who insist that they need to
> run their own Email servers and receive email on them.  The MX records
> would provide for automatic relaying via our main campus email relays.

Just an observation but as a departmental admin I would hate being
forced into this model.  Maybe your central mail servers are more
stable than they are here but our central mail service has a LOT
more downtime events than our departmental mail server.  I know the
folks that run our central service and they're good competent folks,
so it's not merely an issue of sysadmin incompetence.

My best guess is it's more of a scaling issue than anything else.
Running a mail service for several tens of thousands of users has
got to be a lot harder than running one for 500 users.  Making the
higher reliability service dependent on the lower reliability service
is poor engineering.

-Mitch



More information about the unisog mailing list