[unisog] Any Canadian Universities on here ?

Sylvain Robitaille syl at alcor.concordia.ca
Thu May 5 15:28:01 GMT 2005


On Wed, 4 May 2005, Pete Hickey wrote:

> it is EXTREMELY useful to be able to come into our mail machines for
> debugging.

Oh, I agree, but does that cost outweight the benefit?

> And the spammers will then have their zombie machines go through the
> ISP's SMTP relay.

Of course, but then the ISP is in a much better position to a) detect
the problem as it is happening, and b) deal with it much sooner.

We had an example of that exact scenario happen here a few months back:
a system that had been compromised was being used for sending spam,
but we block outbound port 25, so outbound mail goes only through our
sanctioned mail servers.

I noticed the load average on one of the mail servers was staying
unusually high for a rather long time, and when I looked more closely,
sure enough it was in the process of trying to deliver a bunch of queued
up spam.  I probably would not have "detected" this happening with the
old direct spamming method until the complaints started coming in, but
in this case I was able to put a stop to it after "only" a few thousand
messages had gotten out.

It's obviously not perfect, but it does help.  It also permits us to
apply virus-detection to outbound as well as inbound mail, helping also
at that level.

> Starting off, we would tell them.  Configure your mailer to use
> xxx as your mailbox server, and yyy as your mail relay/SMTP-out.
> Use that whether you are at home or in the office.

I would argue that was a mistake.  Our mail servers were refusing
third-party relaying many years ago.  We've been telling our users
pretty much all along, though certainly since the larger ISPs have been
in place that they should configure mail software on computers connected
to our network to use our mail servers for relaying, and on ISP-connected
computers to use the ISP's mail servers.

If the user is having trouble with the ISP's mail server, they're
directed to the ISP's support service.

> Oh yes.. There was one ISP who would not accept mail for relay
> unless it had THEIR domain in the From:

I don't feel we should make concessions for ISPs who misunderstand the
protocols.  If we had a user with that problem, I would recommend to the
user (cc: postmaster at the ISP) to find a better ISP (and I have done
that in some cases, though not yet for this reason).

-- 
----------------------------------------------------------------------
Sylvain Robitaille                              syl at alcor.concordia.ca

Systems analyst / Postmaster                      Concordia University
Instructional & Information Technology        Montreal, Quebec, Canada
----------------------------------------------------------------------



More information about the unisog mailing list