Email at MSU
On March 3, 2008, ITS implemented configuration changes that have improved security of the central MSU email environment. Users of Outlook Express and Thunderbird, as well as other IMAP/POP client software, need
to update their local configuration prior to the implementation date. Systems impacted by the new configurations are GroupWise, ra.msstate.edu, and
msstate.edu. The specific changes being made on March 3 are:
- Disable clear-text Telnet for ra.msstate.edu, allowing remote client access only via SSH.
- Disable unencrypted IMAP/POP, requiring SSL encryption for these protocols.
- Allow SMTP access directly to the Internet only for registered email servers, and disable email relaying through all systems.
The first two changes are fairly straight-forward. Free remote client applications such as putty.exe eliminate the need to support unencrypted
applications like telnet, and any relatively up-to-date email client will support SSL encryption of IMAP/POP sessions. The third change is just as critical, if
less clear. Practically speaking, it simply means that the "outgoing mail server" for email client applications will need to be configured to point to an
authenticated and secure email relay that has been established: smtps.msstate.edu. Previously, configuring the outgoing mail server as ra.msstate.edu,
mail.msstate.edu, msstate.edu, mailhost.groupwise.msstate.edu, or any number of other such variants would work. After March 3, the only
centrally-supported outgoing mail server will be smtps.msstate.edu. This server will require authentication with NetID/NetPassword as well as SSL encryption.
Instructions on how to properly configure Thunderbird and Outlook Express are below. This configuration information may be generalized to other
applications, as well. Also below is a link to a free SSH client for Ra users still using clear-text Telnet.
|
