[unisog] Port 25 blocking - on the
r.fulton at auckland.ac.nz
Sat Apr 30 15:40:43 GMT 2005
On Fri, 2005-04-29 at 16:12 -0400, marchany at vt.edu wrote:
> Ouch. When we were hit with MyDoom and our central mail servers were clogged
> for 60 hours, the only way to get email amongst CIRT members was by using good
> ol' sendmail on individual workstations that did NOT connect to the clogged
> central servers. A port block would have seriously impacted our response.
We have centralised mail servers and have experience this problem in the
past. Our response was to set up a separate "emergency mail server"
which has full external SMTP access and also IMAP/POP accounts for all
critical IT staff. We bring in all the usual security mailing lists on
to the box too.
The ideal is that if our central system melts (for whatever reason) we
can still send mail both internally and externally. Unfortunately (or
not ;) it has never been tested with real fire.
Aside: the only time our central system collapsed was when a new, over
zealous manager who had once run a mail system for a law firm with about
100 users (yes you can guess which software ;) insisted that we shut the
system down during a mild virus outbreak (we were actually filtering the
virus on the server on our servers at the time, sigh...). Of course
various exchange server around campus were stone dead but our central
sendmail system was working fine and was *not* contributing to the
Russell Fulton, Information Security Officer, The University of Auckland
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050501/044d41d3/smime.bin
More information about the unisog