[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: spam

--On Friday, September 16, 2005 11:41 AM -0400 Mark Montague <markmont@xxxxxxxxx> wrote:

Putting DSPAM (or a comparable filter) on the gateway will not
completely  solve this problem.  As long as the FootPrints server
accepts mail from  off-campus, it will get unfiltered SPAM.

Yes. But that is easily fixed. The problem is that there's little upside in making this change now, from an end-user's point of view. And note that this concern is also not unique to FootPrints -- no campus service that accepts email should accept it from anywhere except the gateway servers in order for anti-spam tagging to be effective.

The solution to this dilemma is to adopt a scheme like ctools uses, where the MX record for request.umich.edu points to itself and a pool of machines (call it antipsam.itd.umich.edu for sake of discussion) at a lower priority. request.umich.edu would be firewalled so that only antispam.itd.umich.edu and the gateway machines have access to submit mail, forcing all other machines to submit mail via antispam.itd.umich.edu. antispam.itd.umich.edu would implement Do Not SPAM and DSPAM.

Or if we can't push DPSAM all the way up to the UM gateway (for political or technical reasons,) we could firewall request.umich.edu so that it only accepts mail from antispam.itd.umich.edu, forcing the gateways machines to deliver mail via the pool, causing it to be tagged.

Adam Wilkinson              awilkins@xxxxxxxxx              734/936-8368
   University  of Michigan - Information Technology Central Services
                           UMCE User Services

       Consulting Tools Project Leader, Footprints Administrator
                   Expert Consultant and Virus Buster