The recent attempts to combat spam sent from Exchange servers as a result of compromised accounts have not proven as effective as we would have liked. Therefore, additional steps have been taken to protect our enviroment and maintain mail delivery.
Prevent authenticated users off-campus from sending mail through smtp.umkc.edu. POP and IMAP email clients such as Thunderbird, Eudora, Mac Mail and others rely on SMTP to send mail. However, we are not able to effectively manage mail sent using this service from these clients.
What this means for Home Customers:
Customers who currently use POP or IMAP email clients will need to use Outlook Web Access (OWA) from a web browser, or an Outlook email client. UMKC faculty and staff who would like Outlook on a personally-owned computer are able to purchase one copy of either Office 2010 for Windows or Office 2011 for Macintosh, via the Microsoft Home Use Program (HUP) for $9.95. Customers can also use Remote Desktop to connect to their on-campus computer, or our Remote Labs system.
What this means for Mobile Device Customers:
Devices configured with our current mobile device configuration instructions will not be affected by this change. If you have problems with your mobile device following this change, please refer to the instructions for your particular device, or work with your service provider to enter in the Quick Settings from our instructions.
What this means for On-Campus Customers:
Outlook or Outlook Web Access users on campus will not be affected by this change.
Again, we apologize for the urgency of this change but believe this is the best approach to keep the University off various black lists and help us better manage situation.
Original Post – 10/10/2012:
The increase in phishing attacks and compromised accounts over the past two months have resulted in several million spam messages being sent on behalf of University of Missouri users. This issue has resulted in our email system being listed on numerous blacklists, and has impacted our ability to deliver email to external recipients.
To combat these attacks we have identified two actions that must be taken to protect the environment and maintain mail delivery:
- Prevent authenticated users from relaying on the default port 25 connector. In our environment, authenticated users have traditionally been allowed to use port 25 to support legacy processes. The default port 25 connector is also used for primary communication between the Exchange servers and is not throttled. Leaving this port open for client use represents a security exposure that is currently being exploited. As such, user access to port 25 will be discontinued. The result of this change will be that users connecting to the Exchange 2010 client relays must use port 587 rather than port 25.
- Set the Default Client Throttling policy for Outlook Web Access (OWA)/Outlook clients. The OWA/Outlook Default Client Throttling policy will be set to the same value as the existing port 587 client relay and throttle (550 messages per hour, 9 messages per minute). This limit is already in effect for most devices and client configurations.
The combined result of these two actions will be that all client connections will be securely authenticated and throttled. Exchange Administrators plan to make these changes on the morning of Wednesday, October 10th.
UMKC has been taking steps over the last year to move closer to the settings outlined above and, as such, do not anticipate that these changes will affect most customers in our environment. However, legacy and manually configurable email clients (Eudora, Thunderbird, etc.) or older applications or processes may need to be reconfigured to use port 587 to send mail. For assistance with this, please contact the UMKC IS Call Center or your departmental IT Liaison as appropriate.
Please let us know if you have any questions about this planned change, or if your devices or processes have problems because of this change.
We apologize for the urgency of this change but believe this is the best approach to keep the University off various black lists and help us better manage situation.