[unisog] sendmail vulnerability / impact
mitch at ccmr.cornell.edu
Fri Mar 7 17:25:32 GMT 2003
On Fri, 7 Mar 2003, H. Morrow Long wrote:
> We have a plan to block all TCP port 25 traffic into our campus network
> beginning this summer. We are just in the planning stage. We plan to
> offer MX records for any hosts/departments who insist that they need to
> run their own Email servers and receive email on them. The MX records
> would provide for automatic relaying via our main campus email relays.
Just an observation but as a departmental admin I would hate being
forced into this model. Maybe your central mail servers are more
stable than they are here but our central mail service has a LOT
more downtime events than our departmental mail server. I know the
folks that run our central service and they're good competent folks,
so it's not merely an issue of sysadmin incompetence.
My best guess is it's more of a scaling issue than anything else.
Running a mail service for several tens of thousands of users has
got to be a lot harder than running one for 500 users. Making the
higher reliability service dependent on the lower reliability service
is poor engineering.
More information about the unisog