New Email Gateways Stop Spam
Email is vital at NAU. We depend on reliable and timely delivery of every message we send. Email is also one of the most exploited services on the Internet. NAU processes over two million pieces of email per day through our mail gateways, and the vast majority of this mail comes from outside NAU. Most of it is unsolicited spam.
Over the years, NAU has deployed several countermeasures to fight this onslaught. A rate limiter that regulates the amount of mail we will accept from any one source over a period of time. A subscription to a spam reporting service is maintained, and connections from listed hosts are refused. Viruses are discarded, and attachments that could contain viruses are quarantined before delivery. Spam filtering is done prior to delivery to our inboxes. These measures use a fair amount of both computer resources and staff time to maintain.
Despite our efforts, the spammers still get the better of us from time to time. The latest problem for NAU is daily spam attacks where thousands of computers are used simultaneously to deliver mail to our gateways. These “tsunamis of spam” overwhelm our gateways, causing mail delivery problems for us all.
Prior to August 2007, NAU’s mail gateways were built using commercial mail transport software. The software and the computers it runs on are expensive. This has stood in the way of rapid deployment of additional gateways to handle ever increasing email volume. But this summer ITS began a pilot project to build a mail gateway entirely out of open source software. The benefit of using open source is more flexibility in operating system and server hardware, which translates to lower costs. ITS deployed two open source email gateways just before the start of the fall semester. These gateways use the popular Postfix open source mail transport agent together with other open source software that provides virus checking, quarantine of dangerous attachments, and rate limiting. The new gateways are inward-facing, which means that they accept connections only from computers on NAU’s network. The four legacy email gateways are now outward-facing, used to handle traffic coming in from the Internet. Eventually NAU will replace our legacy gateways with open source equivalents. It is likely we will continue to maintain separate server farms for on- and off-campus email clients.
The biggest change the campus should notice is that mail sent from Thunderbird, Outlook, or other desktop clients is quickly and reliably accepted by one of the new gateways. Dedicated internal mail gateways allow campus users to avoid suffering connectivity problems when the external gateways are flooded by excessive amounts of connections. Another change that may become evident is that there is a different procedure for retrieving quarantined attachments. Recipients must contact the email postmaster to receive their attachments. ITS is working on a self-service methodology that integrates with the new gateways.
