[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: just saying hello



Matt Mencel said:
> We're running BES and Zimbra ZCB for our Blackberry users, but it's
> a PITA.  Partly due probably to ZCB still being beta.

I've heard similar from other .edu Zimbra users; one even went back to third party partners. Carleton is fortunate in having been largely successful in discouraging BlackBerry use in the past, so we have no demand for a BES beta. Our struggles has been with old, non-networked Palms.

If you've told management that Zimbra is a good solution because it can handle BlackBerries... um, don't do that. Zimbra *does* have good support for every other modern mobile device, except for intermittent Palm sync issues that are supposed to be fixed in 5.0.9. We currently recommend WM6 or iPhone (iPhone 2.0 should be set up for scheduled, not "Push," mail due to battery drain/looping bug to be addressed in 5.0.9).

> [Ironport endorsement] Our MTAs are never busy anymore, even when
> administration injects a message to be delivered to all users.

I wouldn't say no to an IronPort -- if you aren't running SA in-house, I would definitely recommend either Postini or IronPort, nearly every other commercial solution being garbage -- but Zimbra antispam (with some pre-screening by scam-grey and clamav/sanesecurity) is so much better than our old Barracuda (ask me offline how spectacularly it failed, and how it would have takin 13,000 email messages with it if I hadn't been smart enough to override Barracuda "support") that people aren't currently demanding anything else. I did add a sa-local-carl.cf to SpamAssassin with some rules to deal with the .edu phishing attacks that started last November and got a lot of press around April.

Here's how I'm bypassing spam/virus checks for emergency and "emergency" broadcasts. 3000 recipients delivered in 15 seconds, and yes, forwards and filters are still heeded on LMTP injection. It would be nicer to use a real program, but the cheesy proof of concept blatting out via netcat worked well enough...

#!/bin/sh
unknown_mailer() {
  date | mail -s "$1" page-rgraves@carleton.edu
  exit 1
}
TMPFILE=`mktemp` || unknown_mailer "mktemp failed in /etc/smrsh/omnilert"
# The below email address doesn't actually exist
printf "To: emergency-all@carleton.edu\r\n" > $TMPFILE
printf "From: Carleton Emergency Alert <postmaster@carleton.edu>\r\n" >> $TMPFIL
E
printf "Reply-To: no-reply-to-emergency-alert\@carleton.edu\r\n";
printf "Precedence: List\r\n" >> $TMPFILE
printf "X-Priority: 1\r\n" >> $TMPFILE
printf "List-Id: emergency-all@carleton.edu\r\n" >> $TMPFILE
printf "X-Mailer: /etc/smrsh/$0 on `hostname`\r\n" >> $TMPFILE

# Do various "secret" things to validate that this is a legitimate emergency spam
various_things  || unknown_mailer "apparently bogus emergency message $TMPFILE"

OUTFILE=`mktemp` || unknown_mailer "mktemp failed in /etc/smrsh/omnilert"
(printf "LHLO `hostname`\r\nMAIL FROM: <>\r\n"
 usleep 1000
 for i in `grep @carleton.edu /etc/mail/emergency-all`; do
   printf "RCPT TO:<$i>\r\n"
   usleep 1000
 done
 printf "DATA\r\n"
 usleep 1000
 cat $TMPFILE
 printf "\r\n.\r\n") | nc mail.carleton.edu 7025 > $OUTFILE
RCPT=`grep -c @carleton.edu /etc/mail/emergency-all`
GOODRCPT=`grep -c '250 2.1.5 Recipient OK' $OUTFILE`
test $RCPT -eq $GOODRCPT || mail -s "omnilert errors $GOODRCPT of $RCPT $TMPFILE
 $OUTFILE" page-rgraves@carleton.edu < $TMPFILE
test $RCPT -eq $GOODRCPT && mail -s "sent emergency broadcast to $GOODRCPT addre
sses $TMPFILE $OUTFILE" page-rgraves@carleton.edu < $TMPFILE && rm -f $TMPFILE $
OUTFILE
exit 0
-- 
Rich Graves http://claimid.com/rcgraves
Carleton.edu Sr UNIX and Security Admin
CMC135: 507-222-7079 Cell: 952-292-6529