[unisog] sendmail vulnerability / impact

Russell Fulton r.fulton at auckland.ac.nz
Sat Mar 8 20:45:28 GMT 2003


On Sat, 2003-03-08 at 06:25, Mitch Collinsworth wrote:
> 
> On Fri, 7 Mar 2003, H. Morrow Long wrote:
> 
> > We have a plan to block all TCP port 25 traffic into our campus network
> > beginning this summer.  We are just in the planning stage.  We plan to
> > offer MX records for any hosts/departments who insist that they need to
> > run their own Email servers and receive email on them.  The MX records
> > would provide for automatic relaying via our main campus email relays.
> 
> Just an observation but as a departmental admin I would hate being
> forced into this model.  Maybe your central mail servers are more
> stable than they are here but our central mail service has a LOT
> more downtime events than our departmental mail server.  I know the
> folks that run our central service and they're good competent folks,
> so it's not merely an issue of sysadmin incompetence.
> 
> My best guess is it's more of a scaling issue than anything else.
> Running a mail service for several tens of thousands of users has
> got to be a lot harder than running one for 500 users.  Making the
> higher reliability service dependent on the lower reliability service
> is poor engineering.


I'd suggest that it is more likely to be an issue of resourcing.  

We have operated on a model that closely resembles what Morrow describes
for 10 years.  When we first implemented it several departments declined
to participate but over the years all have joined in.  We handle mail
for over 30,000 users in a reliable professional way.  The only outage
over the last few years occurred when a new manager *insisted* that we
shut the system down during the Goner worm outbreak (after we had
filters in place :(  ).

We encourage faculty sized email delivery servers (as well as providing
central POP and IMAP) but a few departments (mostly in Science who don't
have a faculty server) still run their own.

-- 
Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand

"It aint necessarily so"  - Gershwin



More information about the unisog mailing list