Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Email blacklists blocking campus mail servers
From: "Michael J. Kenney" <m.kenney () USCIENCES EDU>
Date: Mon, 8 Apr 2013 11:06:22 -0400

Hi John,

If funding permits, you might want to look into a cloud-based anti-spam solution to direct your outbound mail through. 
This way if an account is compromised your email servers are never blacklisted. The vendor will give you a warning 
regarding the offending account. However you should put some checks into place, as Harry stated below, in order to stop 
the compromised account before getting a warning. We use Postini, but there are several other good options out there 
such as ProofPoint and EdgeWave.

Thanks,

Michael
--
Michael Kenney
Information Security Officer
IT Department
University of the Sciences 
600 S. 43rd St. Philadelphia, PA 19104
215-596-7403 Office
m.kenney () usciences edu | www.usciences.edu 

USciences:  Where healthcare and science converge



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Harry 
Hoffman
Sent: Thursday, April 04, 2013 12:57 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Email blacklists blocking campus mail servers

Hi John,

Lots of us have scripts in place to identify compromised accounts by the
frequency and volume at which mail is being sent.

Once a account meets that threshold you can take some action: reject
mail, change password, etc. Blacklisting usually doesn't happen on
"occasional" spam run with very low volume.

You'll need to implement the same thing in any webmail offerings.

Reach out to the service that blacklisted you and work with them to get
un-blacklisted (or is it de-blacklisted.. I never know).

If you use something like Nagios there's a plugin to check various
blacklist feeds and report/alert if a specific ip address is on the
blaclist. Implement this or something similiar so you know ASAP.

Cheers,
Harry

On 04/04/2013 12:40 PM, John Bambenek wrote:
I was wondering how many people had experience with this type of
incident where you campus mail servers got listed in email blacklists
for compromised accounts sending out spam.

How did you mitigate the problem once identified?

j



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault