Systems Status

Announce? RSS Feed RSS

Blog?RSS Feed RSS

Help Topics

Deschutes Facilities

Campus Facilities

User Account Info

Roundcube Mail

Contact Systems

ipv6 ready

Misc

Anti-virus/Malware Handling

Our mail server uses a variety of techniques to prevent users from receiving viruses or worms via email. We use a three pronged attack. First, is to prevent likely malware providers from sending to our server. Second, we examine all incoming email for viruses. Third, we rename any executable attachments to prevent their automatic execution by a users mail client.

We use a technique called gray-listing to prevent suspected spammers from sending us mail. This applies to well known spam sites, and known dial-up access points. Using grey-listing, the first time one of these sites attempts to deliver a message to a specific user on our server, they are told to try again sometime later. If they retry after the required delay, the mail is delivered, and the sender is white-listed for a while. Most spammers just drop their message instead of trying again.

Clamav provides the second layer of protection. All incoming messages are subjected to examination by clamav, and if it detects a virus, or other malware the message is rejected. The database of known viruses is updated approximately every 2 hours.

Finally, all remaining messages are screened for executable attachments. If any are found, they are renamed, and their Content-Type: header are changed to be non-executable. So, email clients will not automatically execute them. To be run, they must be downloaded, and renamed by the user.

It would also be possible for a user to add additional protection via their .procmailrc file.

Mail Delivery

We use the procmail program for email delivery. This allows users to create rules to sort their email into different folders based on virtually any criteria. We provide a basic configuration that separates out SPAM into a separate file, handles vacation messages, and allows users to forward the remaining email to an offsite account. It also controls the logging of received email.

SpamAssassin

As part of our default delivery of incoming email, each message is run through SpamAssassin™. This program uses a variety of techniques to classify a message as SPAM, or not-SPAM (ham).

Mailbox Access Protocol

The IMAP server is located on mail.cs.uoregon.edu. If it is accessed on the standard port (143) the user is required to use TLS encryption. It can also be accessed on the SSL encrypted port (993).

See Also
Edited: July 22, 2015, at 10:40 am
Copyright © 2024, University of Oregon, All rights reserved
Privacy Policy