open relay

Marcel Kunath kunathma@pilot.msu.edu
Fri, 9 Mar 2001 15:10:45 -0500 (EST)
Previous message: Gotta love linux...
Next message: Thankful for job security...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Received: from pilot04.cl.msu.edu ([35.9.5.24]) by aismail.ais.msu.edu with
SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13)
    id 17SR8H6W; Thu, 8 Mar 2001 11:11:51 -0500
Received: (from root@localhost)
    by pilot04.cl.msu.edu (8.10.2/8.10.2) id f28GBqf18416
    for sdmcgill; Thu, 8 Mar 2001 11:11:52 -0500
Date: Thu, 8 Mar 2001 11:11:52 -0500
Message-Id: <200103081611.f28GBqf18416@pilot04.cl.msu.edu>
X-Sybari-Trust: e58971bf 050014de 00000000
From: Vice Provost Hunt <pmhunt@msu.edu>
Subject: Open relay mail update
MIME-Version: 1.0
Content-Type: text/plain; charset=unknown-8bit
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by pilot04.cl.msu.edu id
f28GBqf18416


OPEN RELAY MAIL UPDATE

On the weekend, AOL blocked e-mail from MSU sites because
MSU's Pilot e-mail system supported SMTP "open relay".  This
message describes the issue, the initial problem and its solution,
a resulting secondary problem, and steps that have been taken to
address it.


INITIAL PROBLEM

Open relay permitted users of Internet Service Providers other
than MSU to use MSU's SMTP server to route their mail,
instead of depending on their Internet Service Provider.  Open
relay support was in active use by MSU-affiliated personnel in
several relatively remote off-campus locations, across Michigan,
the U.S., and various international outreach and research locales.

Unfortunately, open relay services at many institutions sometimes
are exploited in massive "denial of service" attacks.  As a result,
some network providers have moved to block mail passing through
such services, as a preventive measure.  This appears to have
been the case with the AOL block of Pilot last weekend.  As far
as can be determined, the block was implemented without either
prior or concurrent warning to Michigan State University.

At approximately 3 PM Monday, open relay support was dropped
from Pilot, and Pilot "passed" an automated test maintained by
AOL immediately thereafter.  AOL apparently did not unblock
MSU e-mail until early Tuesday evening.

The decision to drop open relay support from Pilot reflected the
immediate need to restore campus e-mail communications with
student families, admission prospects, and alumni who use AOL.


SECONDARY PROBLEM

Because open relay support was serving the very legitimate needs
of off-campus programs affiliated with MSU, the steps necessary
to respond to AOL's unilateral block created a secondary problem:
MSU e-mail traffic from off-campus sites *not served by Merit*
can no longer be relayed via Pilot.  Mail to Pilot is accepted.
(This could affect remote users of Netscape Messenger, Microsoft
Outlook, and Eudora, among other mail clients.)

Affected users now have several choices:

1) The outgoing SMTP server configuration in the users=92 e-mail
client can be aimed at their local non-MSU, non-Merit service
provider, while keeping the incoming mail set to Pilot.  This must
be done within the preferences of the e-mail client.  In North
America, users can gain assistance with this preferred option by
calling the 24-hour help line, 1-800-500-1554.

2) Users with good connection speeds may wish to use MSU=92s
web-based email system, Twig, to generate outgoing mail that
originates at MSU.  (Please see:  http://pilot.msu.edu/twig)

3) Users may use a telnet interface to reach Pilot and originate
e-mail at MSU.  This can be a satisfactory solution so long as
attachments are not needed.

4) Merit 800 and Merit Global dialup services are available to
reach Pilot and originate e-mail at MSU.  (Please see:
http://www.msu.edu/user/cic/dialup/mich800.html)

5) Late Wednesday, MSU established a new system that supports
open relay.  Users may at their discretion wish to point their
outgoing SMTP service at this new system, which is called
openrelay.msu.edu -- HOWEVER, this system likely will be
blocked under AOL=92s current open relay guidelines, so that
e-mail addressed to AOL, Compuserv, and other AOL affiliate
e-mail addresses will be, or will soon become, undeliverable
through this service.

Additional remedial options are being explored.

Consultants are available to assist members of the MSU
community who have questions about how to configure their
e-mail clients or how the changes in MSU=92s relay configurations
may affect them.  Please call 1-800-500-1554 for assistance.

Libraries, Computing & Technology regrets the inconvenience
these rapid and externally constrained changes have created,
initially for all campus Pilot users and subsequently to legitimate
off-campus users of open relay services.  Instances of hardship
or programmatic disruption caused by these circumstances may
be reported to abuse@msu.edu , or by calling 517-353-0722.
Previous message: Gotta love linux...
Next message: Thankful for job security...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]