Service Alert: Server upgrade – zimbra004 – tomorrow (Wed 17th)

Reminder

We will be upgrading our zimbra004 server to Zimbra 8.7 tomorrow night, with work commencing at 10pm.

We will endeavour to minimise any disruption to service, and any inbound email received whilst each server is offline will be queued until the relevant server is live again.

Service Alert: Zimbra Upgrades

Important – Zimbra Upgrades

As part of our ongoing programme of service enhancements, we will be performing upgrade work on our Zimbra servers during the month of January.

This work will be undertaken outside of normal working hours (in the evening) and will involve a period of downtime for each server.

We will endeavour to minimise any disruption to service and any inbound email received whilst each server is offline will be queued until the relevant server is live again.

The dates will be as follows – we will be sending reminders beforehand.

Wednesday 17th Jan: Zimbra004 – upgrade to Zimbra 8.7

Wednesday 24th Jan: Zimbra003 – upgrade to Zimbra 8.7

Wednesday 31st Jan: Zimbra002 – upgrade to Zimbra 8.7

Whilst Zimbra 8.8 has just been released, we want to monitor it over the coming months to ensure stability. Once satisfied that it will be reliable we will upgrade to that version.We haven’t forgotten Zimbra001 and will contact customers on this server about moving users in the New Year.

If you have any questions please let us know.

Service Alert: Major Proxy Server Issues

It looks like we’ve suffered from some sort of attack against our proxy servers, which has unfortunately resulted in the need to reboot them.

This process is underway at the moment, and we hope to have services restored shortly. We are currently blocking some POP3S services, as this is the source of the attack, we believe, and we will look to restore these as soon as we can.

Please accept our apologies and be assured we’re working hard to restore service and figure out how we can prevent a recurrence.

Update – 14:15

Everything should now be back up and running properly.

We’ve managed to patch some software to control the connections coming in on POP3 over SSL so that another attack on that port shouldn’t overload the servers.

We will, of course, continue to watch closely!

Service Alert: Zimbra004 Server – PSU Issue (Continued)

From approximately 7pm tomorrow evening (Wednesday 18th October) we will be performing a cold reboot of the server, as we perform further work to fix ongoing issues with the Power Supply Units (PSUs).

This will impact all users of Zimbra mailboxes on this server as there will be up to 10 minutes of downtime.

We will endeavour to keep downtime to an absolute minimum, but the work is required to ensure that zimbra004 remains a robust performer going forward.

Any inbound mail will be queued and everything should return to normal, without intervention, following the reboot.

Service Alert: Zimbra004 Server – PSU Change

From approximately 7pm this evening (or shortly thereafter) we will be swapping out a faulty Power Supply Unit (PSU) on our Zimbra004 server.

We do not expect any impact, or outage, to the service.

Service Alert: CEO Spam

We’ve seen an influx of what is known as ‘CEO Spam’, where an email is supposedly sent from the boss’ iPhone asking the recipient to urgently send some money to a bank account.

Please be on the alert for this, and help your users not to fall for what is quite a clever scam.

Meanwhile, we are just in the process of adding a rule to our anti-spam software to hopefully block all of these – this will only work if your users are using our anti-spam system, of course!

Service Alert: verygoodemail.com SSL Certificate Renewal

We’re just renewing the SSL certificate for verygoodemail.com

This will be rolled out onto the Zimbra servers on Monday evening (10/07).

Based on our recent experience with renewing apm-internet.net certificate, any partners using their own domain and pointing at a Zimbra server might have issues with iPhone users and SSL.

There are only two possible solutions to this.

1) Change the config to point at verygoodemail.com instead of your own domain, and

2) De-configure and re-configure the mail client on the iPhone.

Apologies for any inconvenience that may be caused by this Apple bug.

Service Alert: SSL Issue With iPhones

Following the disruption yesterday with the expiry of the *.apm-internet.net SSL certificate, we renewed the certificate last night.

However, for partners who are using their own domain but don’t have their own SSL certificate set up, this appears to be causing problems for iPhone users. Because the domain of the certificate does not match the domain the users are connecting to, the iPhone is complaining.

In the past, iPhones allowed you to accept this, but it would appear that Apple have removed this functionality and they are now complaining.

The simplest route around this is for the users to change their server settings to point at mail.overssl.net – this works for POP3, IMAP and SMTP.

EDIT: An update on this. It can be fixed by deleting the account on the iPhone/iPad etc, and re-adding it. That will keep things running for approx 3 years – at which time we’ll need to renew the certificate again and it’ll all break once more – unless Apple have fixed something by then.

Please accept our apologies for the inconvenience caused by all of this!

Service Alert: Password Security

Password Security

We are seeing a significant rise in customers’ email accounts being used to distribute spam, having had their account credentials compromised.

In many cases this has been purely down to simple, fairly obvious, passwords being used. Would you believe that we have 276 mailboxes that use ‘password’ as their password? Or 73 with the password 123456?

It’s important for all our customers that we minimise the potential of our mail servers becoming blacklisted, so where patterns of outbound sending indicate a compromised mailbox and the distribution of spam, we will block the account from sending out any further email until the password is changed and a virus scan on the end users equipment performed if required.

This helps mitigate against blacklisting, but isn’t perfect by any means as it’s reactive in nature.

Whilst we can’t improve on the way we identify compromised mailboxes, we can improve the tools we give Partners to re-enable outbound SMTP immediately following a block.

Currently we send out an alert when an account is locked and rely on you contacting us to re-enable. Add to that, any blocking we’ve done has been at account level, rather than individual mailboxes, so one compromised mailbox can lead to outbound emails being blocked for the whole account.

As of Tuesday 27th June we are implementing a new process for dealing with compromised accounts:

  • Blocks can now be applied at individual mailbox level, rather than account level. This means that only the affected mailbox will be restricted from sending, rather than all users on that account.
  • Our systems will now automatically unlock any affected mailboxes once the user, or administrator, has changed the password.
  • Next Tuesday all mailboxes with passwords we deem to be easily compromised (for example, using part of the email address) will be blocked from sending outbound email until their password has been changed. This will only affect a relatively small proportion of our overall customer base, but needs to be implemented as the issue of compromised email boxes is on the rise.

We very much hope you’ll welcome the changes we’ve made which, as well as giving more control to customers in the event their email credentials are compromised, it also encourages everyone to think a little more seriously about the security of their email!

Service Alert: WannaCrypt

I’m sure you’ve all heard the news over the weekend about this ransomware and the damage it has done to the NHS.

You’ll be pleased to know that both our AV engines were updated pretty promptly to block this virus. However, no-one seems entirely sure whether it was spread via email in the first place, or simply over the internet via SMB connections.

We also expect other people to get hold of this virus and start modifying it, so there may be some variants appearing over the coming days, and our AV engines will both be trying to update themselves as soon as new variants appear.

The best advice we can pass on is for users to continue to be vigilant, and if in doubt, don’t attempt to open an attachment. Also, get those Windows boxes updated asap. Please note this doesn’t affect Windows 10 or Mac users.

Adrian