Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: .edu email phishing

From: "Jeffrey I. Schiller" <jis () MIT EDU>
Date: Wed, 2 Apr 2008 15:13:06 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Another approach, which we have taken at MIT, is to install a rate
limit filter within our webmail infrastructure. At the moment we only
permit one message per minute per login session (with a 15 deep token
bucket, so the messages are averaged over 15 minutes).

Unfortunately the spammers open up many sessions (coming from several
different IP addresses), so when an account is compromised more then
15 messages are sent. But it does help.

Our implementation is for the HORDE/IMP webmail system and is
implemented within IMP.

We are also working on a sendmail milter that will have the same
effect, but will be per server instead of per login session. Still
should help more!

Hopefully this will make our webmail system a less favorable target.

                        -Jeff

- --
 =======================================================================
Jeffrey I. Schiller
MIT Network Manager
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue  Room W92-190
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
 =======================================================================

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH8+il8CBzV/QUlSsRAtUPAKD1y3ojr5hc91cPHvTx2n4FP4J8pQCgoss5
AF1Mw8vIStsmJNaIQwaYlwI=
=z0oO
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: