NinerNet Communications™
System Status

Server and System Status

Email migration: Update 14

29 October 2013 08:57:36 +0000

This is the last post that we’ll refer to as an “update” regarding the email migration that was largely completed three weeks ago … if only so that we don’t end on number 13. It addresses three issues:

  • Outlook 2003,
  • Anti-spam blacklists, and
  • Mail box quotas.

Outlook 2003: During the migration we learnt that Outlook 2003 does not support TLS. This is software that is over a decade old, and Microsoft will stop supporting it in less than six months. Now would be a good time to upgrade. However, apparently a 2004 “hotfix” available from Microsoft will add TLS support to Outlook 2003, but we cannot vouch for this personally, nor are we aware of any clients who have used this.

The anti-spam blacklists used on the old server were not immediately implemented on the new server. They have been now. The amount of spam you receive should drop significantly as a result.

Finally, we have increased mail box quotas across the board, as we try to keep up with the growing number of people using smart phones and tablets who store significant amounts of mail on the server.

As always, if you have any questions, pleaseĀ contact support and we’ll be happy to assist.

Email migration: Update 13

16 October 2013 10:09:43 +0000

Since the migration of many email accounts to the new server, we’ve had reports of email from some regular correspondents (with email hosted outside of NinerNet) to domains hosted on the new server bouncing back to those senders as undeliverable. All of these reports, so far, are about the same improper configuration of Microsoft Exchange mail servers.

A person sending you an email through a mis-configured mail server will receive a bounce message that includes an explanation for the bounce that looks like this:

you@yourdomain.com
nc027.ninernet.net #554 5.7.1 <senderdomain.local>: Helo command rejected: Go away, bad guy (.local).

The problem is the “senderdomain.local” string. In this case “senderdomain” stands in for an actual name — e.g., something that looks like it might be a domain — followed by “.local”. A properly configured mail server that connects to the public Internet is supposed to advertise a “fully-qualified domain name” (FQDN) through the “HELO” (or “EHLO”) command rather than “something.local”, which is not a real domain. Many mail servers, including ours, reject attempts to deliver mail from improperly configured mail servers advertising a “domain” that does not (or cannot) exist. The reason for this is that much spam comes from machines that are improperly configured in this manner. More technical details about this can be read in theĀ Best Practises for Email and Network Operators – Valid HELO domain article.

Your correspondents will likely think that we are blocking their domain specifically (very likely that we are NOT) or that something is otherwise wrong on our mail server. However, it is the other way around; your correspondents experiencing this problem need to talk to their own IT people, perhaps pointing them to this post, as their mail server needs to be reconfigured correctly.

The article Exchange DNS Configuration for Email Delivery includes a number of helpful hints for the Exchange server administrator about how to properly configure an Exchange server to work correctly on the Internet with respect to domains and DNS. About half way down the page are sections entitled SMTP Banner – Exchange 2003 and SMTP Banner – Exchange 2007 that explain how to set the SMTP banner — i.e., the domain that is advertised by the Exchange server when it connects to another mail server to attempt to deliver email. As mentioned previously, this needs to be a proper domain that is resolvable on the Internet, not something that doesn’t exist like “senderdomain.local”.

Our experience is that when an Exchange server is correctly reconfigured, email from that server starts getting through again immediately, and deliveries to other servers that do not block based on this incorrect behaviour are not affected.

Another possible solution to this problem is for the Exchange server to use a smart host, through which all outbound email is delivered to the public Internet. This has a number of advantages, including not having to reconfigure the SMTP banner and the fact that the server administrator doesn’t have to be concerned about their own IP address being added to a block list if (again as a result of mis-configuration) the server inadvertently becomes the source of spam. NinerNet provides this service (relay server / smart host) for USD30 / CAD36 / ZMW165 per month.

Or you could send Microsoft Exchange Server 2007 For Dummies to the sending domain’s server administrator!


Update, 2022-01-24: The information above applies to any domain or sub-domain used in a mail server’s HELO command, not just the specific nonsense sub-domain “senderdomain.local”. If the maintainer of the sending mail server makes up a sub-domain like “mailserver.mydomain.com”, but doesn’t actually create an A record for “mailserver.mydomain.com”, then the effect will be the same, their email will not get through.

Additionally, these days the error message is different. It is as follows:

450 4.7.1 <mailserver.mydomain.com>: Helo command rejected: Host not found

Mail server admins are still making this mistake today, in 2022!

Email migration: Update 12

10 October 2013 12:41:09 +0000

A few things have become apparent over the last few days, and noting them here might help others who may still be having issues:

  • Outlook: First, we did correct the Outlook instructions on Monday to state that the encryption setting for sending needed to be set to TLS, not SSL. Some people missed that, and it has accounted for the majority of problems with sending email via Outlook.
  • Almost all of the rest of the problems were caused by one or two missed settings or spelling mistakes. We can’t overstress that the settings we have provided need to be set exactly. When configuring email settings, there is no such thing as “close enough”.
  • Eudora: The “Secure Sockets when Sending” field on the “Generic Properties” tab needs to be set to “Required, STARTTLS”, and the “Secure Sockets when Receiving” field on the “Incoming Mail” tab needs to be set to “Required, Alternate Port”.
  • Blackberry: One client was unable to configure their older Blackberry (the operating system on which can’t be upgraded any further past OS5) — even with assistance from their phone company — and ended up buying a new phone and having no problems.
  • iPhone: It seems that the iPhone does not turn on SSL by default, so you have to go out of your way to find this under “advanced” settings and turn it on. Please also ensure that the port is set correctly for incoming mail: 993 for IMAPS (IMAP over SSL).
  • Android: Contrary to the iPhone, we’ve had a report from a client using an Android-based phone that port 993 did not work, but 143 did.
  • Firewalls: We spent a significant amount of time dealing with a firewall issue with one client, after being assured that the firewall had been opened by the network management company managing their firewall. It turned out that the firewall was not open, or at least not sufficiently for the type of connection that was required. After it was properly configured, email miraculously flowed with no problem. Please check your firewalls!
  • Email-sending applications: Another fairly unique situation was encountered with a client who uses a “localhost” web and mail server installed on their computer to run a reservations system. This was unable to connect to the mail server, and the vendor of the software was also unable to determine the problem with their software. We had to provide a workaround for the client in this situation.

If you’re still having issues with sending or receiving email, please double and triple check everything, check the above notes for anything that may apply to you and help you get things working, and then contact us if none of that helps.

Thanks for your patience. As frustrating as this migration has been for some of you due to the exactness of the settings required, your mail is on a better, faster, more secure server that is much closer to many of you than the old server was.

Email migration: Update 11

8 October 2013 10:34:09 +0000

After talking with a client who is a customer of MTN in Zambia, it appears there may be some MTN customers with a unique SMTP set-up that requires them to use MTN settings, not ours. This client was unable to use our settings for SMTP, and had to use an MTN IP address for the outgoing server, with port 25 and no authentication or SSL.

If you’re an MTN customer, this may apply to you if you already have an MTN IP address in the outgoing (SMTP) server field in your email’s settings. If that is the case, it’s probably best to leave your SMTP settings as they are. However, the incoming (POP) server settings need to be as described in our configuration documentation.

Just because you are an MTN customer does not necessarily mean that this applies to you, but it’s something to keep in mind if you are.

Email migration: Update 10

8 October 2013 06:18:09 +0000

The aforementioned sweep of all migrated email accounts on the old server has been completed, and all mail accounts on the old server have been deactivated.

If you are having problems sending email, please double and triple check your email configuration against the instructions you’ve been given. We’ll be making phone calls today to check with clients individually to ensure that everything is working.

Email migration: Update 9

7 October 2013 18:52:22 +0000

Please ensure that you correctly follow the instructions you have received for configuring your email program. All problems we have encountered so far are all related to missing a tick, setting the wrong encryption method, spelling mistakes, etc. These are the correct settings:

  • User name: you@yourdomain.com
  • Password: Your Password
  • Password type: Plain
  • Incoming (POP) mail server: pop27.niner.net
  • Incoming mail server port: 995
  • Outgoing (SMTP) mail server: smtp27.niner.net
  • Outgoing mail server port: 587
  • Authentication: Turned on for SMTP
  • Encrypted connection: TLS (if it’s an option in your email program) or SSL (if TLS is not shown as an option)

All of the above settings are important and required. None are optional. Your password has not changed, so if you’re not sure that you remember your password, please don’t edit it in your email program.

Using the above settings you can configure any email program on any computer, phone or tablet, even ones for which we have not provided unique instructions.

However, if you are having problems, please contact us. We are happy to help.

Please also note that the settings for the old server will stop working early in the morning of Tuesday, 8 October, UTC, so please do your best to get the new settings working today.

Email migration: Update 8

7 October 2013 18:20:24 +0000

The migration has completed. After midnight UTC we will perform the sweep mentioned earlier, and then disable migrated domains on the old server.

Email migration: Update 7

7 October 2013 10:53:23 +0000

One more note, in case it wasn’t made clear earlier. All new email to migrating and migrated domains is being delivered to your accounts on the new server, unless it is sent by someone using the old server. This means that email from contacts not hosted with NinerNet will arrive in your account on the new server. However, email from clients still hosted on the old server — and from people on migrating/migrated domains who are still using old email settings to send email — is being delivered to the accounts on the old server. Avoiding this overlap is why we had hoped to complete this migration on the weekend, but it will be rectified by the sweep we will make at the end of the day today.

As always, we’re here to help if any of this is confusing. Please contact support if you have questions.

Email migration: Update 6

7 October 2013 10:43:28 +0000

Due to a mis-configuration in a script managing the migration, no email was transferred from the old server to the new, so we have restarted the migration. This means it may not complete until approximately 15:00 UTC on 7 October. At this time email is definitely transferring, and domains starting with “G” have just started migrating. As the day goes on you will notice email from the old server (if you had mail stored there) appear in your mail boxes on the new server.

Because the migrating domains are still active on the old server — they need to be for their mail boxes to be accessed from and transferred to the new server — we’ll be doing a sweep at the end of the day to make sure we transfer over any recently arrived mail. After that all migrated domains will be disabled on the old server, and only the new configuration settings for your email program will work.

Speaking of that, we have had some feedback on the new settings, mostly reports of success. Those where there have been problems were solved by making sure that the settings we have provided to you via email were set EXACTLY. When configuring email settings, there is no such thing as “close enough”. All of the settings are there for a reason and need to be set exactly as they are shown in the configuration instructions — with the one correction we made earlier to set TLS in Outlook rather than SSL. Please keep this in mind if things are not working, and compare your settings very carefully with those we have provided.

Thank-you for working with us to move your email to a new, faster more secure server.

Email migration: Update 5

7 October 2013 03:03:05 +0000

The migration has been in progress for over hour. At this time all new email sent to those domains being migrated is being delivered to the new server. Please follow the instructions you received in your email last week to reconfigure your email program NOW.

As the start of the business day approaches in some times zones please note that, if you were expecting to find old messages in your mail box, they may not be there yet. They will appear over the next few hours.

After the last migration we had some reports that Outlook was downloading multiple copies of old messages. Please note that this is an issue with Outlook, and we have no control over it.

There is also a correction to the instructions you have received: If setting SSL on the outgoing (SMTP) server does not work for you, please use TLS. We had reports that some versions of Outlook only worked with TLS set instead of SSL.

Please contact us if you are having any problems. Please see the email you received with our email address, phone number and Skype user name. If you are not our contact for your company, please deal with the person who is our contact, and we will assist them. If they are unable to help you, they will refer us to you.

NinerNet home page

Systems at a Glance:


Loc.SystemStatusPing
Server NC023, London, United Kingdom (Relay server), INTERNAL.NC023InternalUp?
Server NC028, Vancouver, Canada (Monitoring server), INTERNAL.NC028InternalUp?
Server NC031, New York, United States of America (Web server), INTERNAL.NC031InternalUp?
Server NC033, Toronto, Canada (Primary nameserver), OPERATIONAL.NC033OperationalUp?
Server NC034, Lusaka, Zambia (Phone server), INTERNAL.NC034InternalUp?
Server NC035, Sydney, Australia (Secondary nameserver), OPERATIONAL.NC035OperationalUp?
Server NC036, Amsterdam, Netherlands (Mail server), OPERATIONAL.NC036OperationalUp?
Server NC040, Toronto, Canada (Web server), INTERNAL.NC040InternalUp?
Server NC041, New York, United States of America (Web server), OPERATIONAL.NC041OperationalUp?
Server NC042, Seattle, United States of America (Status website), OPERATIONAL.NC042OperationalUp?

Subscriptions:

RSS icon. RSS

Twitter icon. Twitter

Search:

 

Recent Posts:

Archives:

Categories:

Links

Tags:

.co.zm domains .com.zm domains .zam.co domains back-up bounce messages browser warnings connection issues control panel database dns dos attack dot-zm domains down time email email delivery error messages ftp hardware imap mail mailing lists mail relay mail server microsoft migration nameservers network networking performance php phplist pop reboot shaw shaw communications inc. smtp spam spamassassin ssl ssl certificate tls tls certificate viruses webmail web server

Resources:

On NinerNet: