We have cleaned up the mail server (NC027) after yet another email account was compromised. This necessitated shutting down the mail server between 22:39 and 22:52 UTC yesterday (27 September) while we cleaned up the mess.
This has resulted in the mail server being blacklisted by at least one large mail provider and restrictions put in place by others. The email account in question has been disabled pending resolution of the root cause of this issue, and we are diverting outgoing email to some major mail providers via our relay server until restrictions on our primary mail server’s IP address expire. However, it may still be a few hours more until some outgoing mail is delivered normally without delay.
These incidents usually arise after a client’s computer has been infected with a virus. The virus then sends the email password back to the person or organisation controlling the virus, and they then use that information to compromise that email account on the mail server, using it to send thousands of spams from the account. Please ensure that you install, use and update an anti-virus program on your computers and any other devices to ensure that this doesn’t happen to your email account.
At this time NC027’s IP address is not listed in any of the major blacklists (which operate on an automated basis to remove blacklisted IP addresses once no spam is seen from them), but we will (as always) monitor this and, where necessary, make manual submissions to the smaller, niche blacklists and to ISPs and other mail providers to have our IP address de-listed where that is possible. Manual processes like these can take a couple of days, however.
