If you want to access your university email account via a client application (e.g. Outlook, Thunderbird, Apple Mail, etc. using IMAP or POP3) or send emails via it (SMTP), this will only be possible within the campus network as of September 15, 2025. When working from home or on the go, you will therefore need to use a VPN (virtual private network). Below, we outline which users are affected and explain what they need to do. Finally, we explain the reasons for this security measure.
Am I affected?
You are not affected if
- your email inbox is located on the Exchange server (these measures have already been in place since the end of 2023),
- you read and send your emails via SOGo Webmail.
If you access your email using programs such as Outlook, Thunderbird, Apple Mail, or an app via IMAP/POP3/SMTP from devices outside the campus network, you are affected by this measure. You are usually outside the campus network if:
- Your smartphone is connected to the internet via a mobile data connection,
- You are working on your home Wi-Fi,
- You are on a business trip or working remotely.
In these cases, you must take the steps described below in order to continue using the email service.
What do I need to do?
In order to continue using the email service from outside the campus network as usual, your device must activate a VPN connection to Chemnitz University of Technology. This requires a VPN client. The setup of VPN access is described on the corresponding help pages of the URZ. Please set up the appropriate VPN access on your devices as soon as possible – by September 15, 2025, at the latest – in order to continue to have unrestricted access to your mailbox.
For new setups, we recommend eduVPN. The “Groupware only” profile is particularly suitable for sending/receiving emails on smartphones, as only data traffic to the mail servers is routed via the university’s IT infrastructure, but not the retrieval of websites. The same applies to PCs and laptops. If you have already set up VPN access with the “Cisco Anyconnect” software, you can continue to use it without any problems.
No changes are necessary to the settings of your email program or apps on your devices.
Why are these adjustments necessary?
In recent years, the security situation in the IT environment has deteriorated dramatically. For services that are accessible from the entire Internet, password protection alone is no longer sufficient. We are confronted with three acute dangers for the email service:
- Danger to the reputation and functionality of TU Chemnitz: Stolen access data is used to send massive amounts of spam and phishing emails via our servers (nine incidents in 2024, five major incidents so far in 2025). This results in Chemnitz University of Technology being placed on international blacklists. The immediate consequence: Important emails from researchers, employees, and students to external partners are rejected by their systems and do not arrive. The effort required to get our email service back to normal is enormous and affects operations for everyone.
- Risk to data and privacy: Unauthorized persons can not only send emails, but also read entire mailboxes. This jeopardizes personal data, confidential research information, and sensitive business secrets of the university.
- Constant attacks: Our servers register up to 300,000 automated login attempts from the internet every day in an attempt to guess passwords. Despite countermeasures, it is only a matter of time before a weak password is cracked.
These risks are so serious that we must take action to maintain the email service as a reliable means of communication for the entire university. These measures were already implemented in December 2023 for mailboxes on the Exchange server and in March 2025 for webmail. From September 15, 2025, the protective measures for IMAP and POP3 (email retrieval) and SMTP (email sending) for mail.tu-chemnitz.de will come into effect.
With a VPN connection, you place your device virtually in the campus network. This is the established industry standard for ensuring secure remote access. At the same time, this also activates the multi-factor authentication (MFA) introduced at the university in mid-2024. External attacks on the TU Chemnitz email servers are thereby completely prevented.
Important: Webmail SOGo is not affected! Here, we have already achieved a high security standard through login via the Web Trust Center with MFA, which does not require a VPN.
We have also examined technical alternatives such as app-specific passwords or OAUTH2. Unfortunately, these either involve even greater hurdles for all users or cannot be implemented in a standardized manner in the decentralized email world. The VPN solution is therefore the most secure and, at the same time, the most practical option.
By taking this measure, we are all contributing to the protection of our university’s IT infrastructure. We would like to thank all users for their understanding of this security measure. The URZ is of course available to answer any questions and help resolve any issues.
Leave a Reply
You must be logged in to post a comment.