Prior to 1998, SMTP was completely open through the firewall and any machine capable of accepting SMTP had nothing between it and the internet at large.
When spammers and other mail server abusers began identifying and using open-relays to handle their out-going mail queues for them, Texas A&M started receiving many complaints from the end recipients of the unwanted mail. In some cases an open-relay server on campus was then sending its outgoing through Texas A&M IT mail servers causing end-sites to begin blocking Texas A&M IT mail machines and threaten legal action.
At the time, there were nearly 5,000 mail servers on campus that would individually pop up as an abused open-relay, to be manually closed at the firewall after a problem appeared. After months of attempting to deal with the problem in that manner, it became obvious that a more encompassing approach would have to be made.
The answer was a combination of systems being put into place that could securely handle the entire mail load of Texas A&M University, add DNS entries so that the new servers could forward for all hosts in the tamu.edu network, and block SMTP for all hosts at the firewall.
A similar watershed event took place in 2002 with the outbreak of certain e-mail viruses. Since a major vector of transmission is email and the current state of desktop and small-server virus scanning was not stopping them, it was deemed necessary to add virus scanning to the SMTP relay infrastructure. At the same time, the software could perform checks for spam, so potential spam messages were tagged, but no blocking was performed based on the spam scan due to the subjective nature of spam.
In August 2009, both the smtp-relay.tamu.edu and tamu-relay.tamu.edu complexes were moved to IronPort mail relay appliances. Changes were also made in the anti-virus and anti-spam software. Previously, the relays used anti-virus software by the ClamAV project and anti-spam software by the Apache SpamAssassin project. With the migration to the IronPorts, the relays use Sophos anti-virus software and the IronPort proprietary anti-spam engine. The handling of spam was also modified to discard spam with a score greater than 90 and quarantine spam with a score between 50 and 90.
The IronPort appliances were very effective at reducing the amount of spam reaching campus, but were less effective at fighting phishing emails. To address this issue, the IronPort appliances were replaced with Proofpoint appliances in May 2014. The Proofpoint appliances use F-Secure anti-virus software and Proofpoint proprietary anti-spam and anti-phishing software.
Maximum message size
This limits the size of messages that the relays will accept to 50MB.
Maximum number of recipients
The relays will accept messages with up to 100 recipients.
Outbound message processing
The Proofpoint appliances used for smtp-relay.tamu.edu do regular garbage collection on the anti-spam/anti-virus processes. When a node is doing housekeeping, SMTP is still running, but because the anti-spam/anti-virus processes are not available, the SMTP service responds with SMTP "421 4.7.0" I'm busy, try again later messages. Many applications and appliances do not handle an SMTP 4xx gracefully and most end up losing the message.
While the neo.tamu.edu mail servers lived on campus, it was common for these applications and appliances to hand off messages to those servers. As part of decommissioning of the neo.tamu.edu email complex, relay.tamu.edu was set up for use by applications and devices to hand off email without having to meet the formal correctness requirements of the actual, internet-facing relays.
If you have devices that need to email but have problems talking to smtp-relay.tamu.edu, please point them to relay.tamu.edu port 25.
SMTP Authentication (SMTP AUTH)
All Texas A&M NetID account holders can configure a single out-going SMTP server using SMTP Authentication (AUTH), regardless of being on- or off-campus or their Internet Service Providers SMTP servers. The username and password for AUTH are a user's NetID and respective password. As with all areas where NetID use is possible, the connection MUST be encrypted (the option to use will be listed as "TLS" or "STARTTLS").
If your client supports it, please use the mail submission (MSA) port 587.
Available SMTP AUTH ports on smtp-relay.tamu.edu are:
- support AUTH via STARTTLS on port 587
- support AUTH via SMTPS on port 465
- support AUTH via STARTTLS on port 25 (not recommended)
We are not yet publishing SPF or DKIM records, but we are considering them in the SPAM scoring process.
- The relays use F-Secure Anti-Virus technology.
- Incoming or outgoing email that tests positive for a virus is discarded.
- The relays use Proofpoint's MLX machine learning technology to score messages.
- Email with a spam score greater than or equal to 50 is quarantined.
The spam quarantine is https://devnull.tamu.edu.
- Digests are sent at 9:00 am and 3:00 pm, daily, to the message recipient.
- The digest provides links to the quaratine so that the message recipient can view and/or release messages.
- Additional options, such as message deletion, sender safe-lists, and sender block-lists, are available from the link to view an individual's spam quarantine.
- Quarantined messages will be held for 14 days defore being deleted.
Overrides to Spam Filtering
An override that cannot be handled by a personal safe-list, such as a PDR or MLX override, can be overridden by Texas A&M IT. This safe-lists all email from that server and so will be implemented only after due consideration. Email email@example.com or call Help Desk Central (979.845.8300) to request administrative intervention.
A computer virus is a program than can copy itself and infect a computer without the permission or knowledge of the owner. The term is often used as a catch-all phrase to refer to all types of malware, including computer viruses, worms, trojan horses, and other malicious and unwanted software. Viruses may cause harm to either a computer system's hosted data, functional performance, or networking throughput. Given the destructive nature of viruses, email entering the Texas A&M network will be scanned for viruses and rejected without being accepted or delivered locally.
All virus scanning companies will need time to construct a proper signature for a newly discovered virus though they all do respond fairly rapidly after a new threat is identified. Unfortunately, no scanning process is perfect and slight variances can cause the occasional message to slip by. The possibility of viruses reaching an end mail host or desktop without passing through the filter means that there is still a need to have virus scanning software on your desktop.
To make sure that the virus definitions on the SMTP relay machines are as up-to-date as possible, an automated process fetches a new list every five minutes.
The mail relays have the ability to detect suspected virus outbreaks. Messages that correspond to a suspected virus outbreak will be quarantined for 2 hours to allow anti-virus vendors time to issue a new signature. After 2 hours, suspect messages are re-scanned and, if no virus is found, the mesage is released to the original recipients.
The relays utilize two layers of protection against spam: reputation filtering and anti-spam filters.
The Proofpoint Dynamic Reputation service (PDR) is a cloud-based engine that identifies suspicious email senders and stop incoming spam at the connection level or rate limit the senders. This technology eliminates 83% of incoming spam.
There are many rules that are considered for deciding whether it is likely that any given message is spam or not. Powered by patent-pending Proofpoint MLX machine learning technology, Proofpoint Spam Detection solution examines and filters millions of possible spam attributes in every email -- including message envelope headers and structure, email images, email sender reputation as well as unstructured content in the message body -- to prevent spam emails, attachment-based spam (including PDF and image-based spam), while automatically filtering and adapting to new spam attacks as they appear.
The relays' email spam prevention and protection solution is automatically kept up-to-date via Proofpoint's cloud-based Dynamic Update Service, ensuring maximum email spam detection and protection at all times.
Proofpoint Spam Detection solution is an anti-spam filter that is multi-lingual and offers outstanding accuracy and protection against spam emails in any language, including hard-to-analyze, multi-byte character languages such as Japanese and Chinese.
Messages with a spam score equal to or greater than 50 will be quarantined. The spam quarantine is https://devnull.tamu.edu.
The spam quarantine provided by Proofpoint is a self-service system which provides end-users with their own safe holding area for spam messages and a Web or email-based interface for end-users to access emails flagged by the appliances, as well as the ability to configure personal safe- and block-lists.
A usedful Web site for information on this topic is IT Security's documentation on spam.