NinerNet Communications™
System Status

Server and System Status

Email migration: Update 14

29 October 2013 08:57:36 +0000

This is the last post that we’ll refer to as an “update” regarding the email migration that was largely completed three weeks ago … if only so that we don’t end on number 13. It addresses three issues:

  • Outlook 2003,
  • Anti-spam blacklists, and
  • Mail box quotas.

Outlook 2003: During the migration we learnt that Outlook 2003 does not support TLS. This is software that is over a decade old, and Microsoft will stop supporting it in less than six months. Now would be a good time to upgrade. However, apparently a 2004 “hotfix” available from Microsoft will add TLS support to Outlook 2003, but we cannot vouch for this personally, nor are we aware of any clients who have used this.

The anti-spam blacklists used on the old server were not immediately implemented on the new server. They have been now. The amount of spam you receive should drop significantly as a result.

Finally, we have increased mail box quotas across the board, as we try to keep up with the growing number of people using smart phones and tablets who store significant amounts of mail on the server.

As always, if you have any questions, pleaseĀ contact support and we’ll be happy to assist.

Email migration: Update 13

16 October 2013 10:09:43 +0000

Since the migration of many email accounts to the new server, we’ve had reports of email from some regular correspondents (with email hosted outside of NinerNet) to domains hosted on the new server bouncing back to those senders as undeliverable. All of these reports, so far, are about the same improper configuration of Microsoft Exchange mail servers.

A person sending you an email through a mis-configured mail server will receive a bounce message that includes an explanation for the bounce that looks like this:

you@yourdomain.com
nc027.ninernet.net #554 5.7.1 <senderdomain.local>: Helo command rejected: Go away, bad guy (.local).

The problem is the “senderdomain.local” string. In this case “senderdomain” stands in for an actual name — e.g., something that looks like it might be a domain — followed by “.local”. A properly configured mail server that connects to the public Internet is supposed to advertise a “fully-qualified domain name” (FQDN) through the “HELO” (or “EHLO”) command rather than “something.local”, which is not a real domain. Many mail servers, including ours, reject attempts to deliver mail from improperly configured mail servers advertising a “domain” that does not (or cannot) exist. The reason for this is that much spam comes from machines that are improperly configured in this manner. More technical details about this can be read in theĀ Best Practises for Email and Network Operators – Valid HELO domain article.

Your correspondents will likely think that we are blocking their domain specifically (very likely that we are NOT) or that something is otherwise wrong on our mail server. However, it is the other way around; your correspondents experiencing this problem need to talk to their own IT people, perhaps pointing them to this post, as their mail server needs to be reconfigured correctly.

The article Exchange DNS Configuration for Email Delivery includes a number of helpful hints for the Exchange server administrator about how to properly configure an Exchange server to work correctly on the Internet with respect to domains and DNS. About half way down the page are sections entitled SMTP Banner – Exchange 2003 and SMTP Banner – Exchange 2007 that explain how to set the SMTP banner — i.e., the domain that is advertised by the Exchange server when it connects to another mail server to attempt to deliver email. As mentioned previously, this needs to be a proper domain that is resolvable on the Internet, not something that doesn’t exist like “senderdomain.local”.

Our experience is that when an Exchange server is correctly reconfigured, email from that server starts getting through again immediately, and deliveries to other servers that do not block based on this incorrect behaviour are not affected.

Another possible solution to this problem is for the Exchange server to use a smart host, through which all outbound email is delivered to the public Internet. This has a number of advantages, including not having to reconfigure the SMTP banner and the fact that the server administrator doesn’t have to be concerned about their own IP address being added to a block list if (again as a result of mis-configuration) the server inadvertently becomes the source of spam. NinerNet provides this service (relay server / smart host) for USD30 / CAD36 / ZMW165 per month.

Or you could send Microsoft Exchange Server 2007 For Dummies to the sending domain’s server administrator!

Spam defences on server NC018

9 June 2013 10:58:16 +0000

Contrary to the last update on this topic, spam defences on server NC018 are indeed active most of the time. We monitor the server load and turn them off if the load gets too high. However, most of the time the spam defences are up 24 hours a day, 7 days a week.

Spam defences on server NC018

20 May 2013 06:43:46 +0000

We have disabled the spam defences on server NC018. We re-enabled them over the weekend as server loads are down over the weekends.

Spam defences on server NC018

18 May 2013 02:46:22 +0000

We have re-enabled the most effective spam defences on server NC018.

Server NC018 replacement: Update 6

3 May 2013 07:11:33 +0000

We are ready to begin the process of migrating accounts from server NC018 to NC026. We will start with websites on Friday, 3 May at 19:00 UTC.

Once the websites have been migrated, we anticipate that the reduced load on server NC018 will permit re-enabling anti-spam measures. This, I’m sure, will be a welcome relief for all.

Server NC018 replacement: Update 1

19 March 2013 23:32:01 +0000

A contributory cause of the performance issues on server NC018 is one of the anti-spam systems on that server. Unfortunately, we have had to deactivate part of the anti-spam system, and we’re already seeing the results in the form of spam that would normally be blocked reaching mail boxes. We apologise for this temporary issue. On the plus side, the anti-spam systems on the new server will be an improvement over the one on the old server.

SMTP on server NC018 restarted

27 July 2012 22:20:51 +0000

We’ve cleaned up the spam and restarted SMTP on server NC018 at 22:13 UTC. You can now send email again.

We continue to work against the spam, and are escalating the defences. We’ve seen a huge increase in spam the last couple of days from multiple sources, including from throwaway domains registered through a single, reputable registrar. Once we determine the IP addresses of that registrar’s mail servers, we’ll be blocking them until they stop hosting and doing business with spammers.

Once again we apologise for the inconvenience.

SMTP on NC018 shut down

27 July 2012 21:39:27 +0000

We are once again dealing with a spam problem on NC018 and have shut down the SMTP server. This means that you will not be able to send email for now. We are working on this issue as fast as we can.

SMTP on server NC018 restarted

26 July 2012 18:58:12 +0000

SMTP (the outgoing mail server) on NC018 was restarted at 18:20 UTC after the spam problem was cleaned up. We apologise again for the inconvenience.

 

NinerNet home page

Systems at a Glance:


SystemStatusPing
NC020OperationalPing
NC023OperationalPing
NC024InternalPing
NC027OperationalPing
NC028InternalPing
NC031OperationalPing
NC033OperationalPing

Subscriptions:

RSS icon. RSS

Twitter icon. Twitter

General Information:

This blog provides information about the status of NinerNet Communications systems. Dates and times of posts to this blog are in the UTC time zone, and dates and times given for events are also in the UTC time zone, although conversions may be offered for some time zones common to our clients. Please use the World Time Server to ensure accurate conversion of dates and times to your own time zone.

Search:

 

Recent Posts:

Archives:

Categories:

Links

Tags:

.co.zm domains .com.zm domains .zam.co domains browser warnings connection issues database dns dos attack dot-zm domains down time email delivery ftp hardware mailing lists mail relay migration nameservers performance phplist reboot smtp spam spamassassin ssl ssl certificate tls tls certificate web server

Resources:

On NinerNet: