NinerNet Communications™
System Status

Server and System Status

NC036: Email to shaw.ca delayed

7 June 2021 04:15:13 +0000

As of Sunday 6 June 2021 (Pacific Time), emails to shaw.ca are being delayed. This problem may also be affecting other domains owned by Shaw Communications Inc., but at this point we’re only aware of the issue affecting email to shaw.ca

The problem appears to be that Shaw has changed their MX record to point to a new, external mail filtering company. (The change is new; the mail filtering company is not new.) All emails to shaw.ca are being temporarily deferred, rather than hard-bounced. It’s unclear why this is, as our mail server’s IP address is not in any major blacklists of the approximately 250 that we regularly monitor. There is also no notice on Shaw’s “Service Updates & Outages” page, and no notification was received by Shaw customers of a planned outage.

We will continue to monitor this situation and, if we can, take any action to work around Shaw’s action and the unavailability of their mail system at the moment. If you have any questions in the meantime, please contact NinerNet support. If you yourself are a Shaw customer, we strongly recommend you contact them and voice your displeasure at your email being delayed and/or blocked.


Update, 2021-06-07 15:00 (PDT): We submitted two support requests to the company to which Shaw outsources their email, but they have been no help, suggesting that we have to contact Shaw directly. However, since they’re blocking our email and they don’t seem to have any kind of a corporate website, that’s rather difficult.

After our last reply to a ticket at 14:23 we checked the mail server to confirm that the copies to Shaw were blocked, and we found that almost all of the queued emails to shaw.ca addresses had been cleared; a few moments later all had been cleared and delivered.

So it seems that this issue has been resolved. However, we have had no contact from Shaw, so without an explanation for why their email stopped working we can’t be sure this won’t happen again.

NC036: Maintenance complete

30 May 2021 23:03:44 +0000

The scheduled maintenance on server NC036 is complete. The ability to send and receive email was not available between 22:47 and 22:53 on 30 May UTC. The new disk space has been tested and all is running normally.

Thank-you for your patience. If you have any questions or concerns, please contact NinerNet support. Thank-you.

NC036: Scheduled mail server maintenance

30 May 2021 22:44:06 +0000

During this weekend’s maintenance window we will be adding hard drive storage to server NC036 to continue to provide more storage space for a growing number of growing email accounts. This maintenance is scheduled to start in a few minutes, it will conclude in less than half an hour.

During the maintenance the ability to send and receive email will not be available, both via standalone email programs (e.g., Outlook, Thunderbird, etc.) and the webmail. Incoming email will be queued on the sending servers until our server is back online again, after which it will then be delivered to our server and your email account. This may result in a delay longer than the planned length of the maintenance though.

Please monitor this status page to be notified of the end of the maintenance. If you have any questions or concerns, please contact NinerNet support.

Thank-you for your patience as we continue to work to improve our services to you.

Emails to Microsoft domains delayed

12 March 2021 04:16:41 +0000

Since about 05:00 UTC on 11 March we have noticed that emails to Microsoft’s free email domains — hotmail.com, outlook.com, msn.com, live.com and various other domains in various other TLDs — have been and are being significantly delayed, sometimes by twelve hours or more. This is not a problem with our mail servers; it is Microsoft that are deferring and refusing deliveries. If you look at their “service health” page, they claim that “Everything is up and running”, but this is not accurate — or true.

We are monitoring the situation, but there is little to nothing that we can do. We ask you to have patience when communicating with people who use this free email service, and if Microsoft cared to communicate with the public, we’re sure they’d ask that too.

All servers: SSL certificates updated

14 January 2021 11:30:33 +0000

The *.niner.net SSL certificate was renewed today and updated on all servers.

If you get any certificate errors in either your web browser or email program, please close down all programs, restart your computer, and try again. This should clear the cache of the programs in question and force them to download the new certificate information.

If you have any problems, please contact support. Thank-you.

NC036: Post-mortem

21 September 2020 08:42:47 +0000

As noted in the previous two posts, there was a virus outbreak on server NC036 (the primary mail server) this morning. Apparently the machines associated with five email accounts on three domains were compromised, allowing criminals to use those accounts to send thousands of viruses. These were intercepted by our anti-virus scanner, but due to the volume of activity on the server we had to shut down the SMTP side of the mail server while we determined which email accounts were compromised, suspended them and removed their messages from the mail queue.

Please note that what happens in almost all cases when email accounts are compromised is that the computer (or one of the machines or devices on which those accounts are configured) is what is actually compromised; it is not the server. The account owner’s machine is usually infected with a virus or other malware, and the account’s password is then transmitted to the criminals behind the virus. They then launch an attack via the legitimate and correct password. It’s as if your car was stolen and the thief used it to commit a crime; the car behaved as it was told by the guy with the key, but is not responsible for the crime. On the other hand, the owner of the car may have left the key in their car and the door unlocked, contributing to the compromise. This is why it is vitally important that you have anti-virus software installed on your computer, and kept up-to-date.

If you have any questions about this, please feel free to contact NinerNet support, and we’ll be happy to answer your questions or concerns. Our apologies for the interruption.

NC036: Mail server is back online

21 September 2020 07:26:54 +0000

Our apologies. The sending side of the mail server (NC036) is back up. It was down for 21 minutes between 06:56 and 07:17 UTC. The ability to check your email account was not down.

We will post additional information and contact the affected clients shortly.

NC036: Mail server paused while we clean up a spam outbreak

21 September 2020 07:05:48 +0000

Server NC036 (the primary mail server) is temporarily paused while we clean up a huge virus outbreak. I will be back online as soon as possible.

Virus update 3

12 August 2020 05:41:35 +0000

As we approach a week with this issue, we are forced to make a decision. We continue to evaluate a number of options, and we’ll implement more than one, but the bottom line for us is a usable email system for our clients, or at least the vast majority of you.

In order to allow the vast majority of our clients to carry on business as usual, at 04:15 UTC today, 12 August 2020, we removed the attachment restriction we put in place late last week. According to reports, this will result in difficulty for one, or possibly two clients who have been overwhelmed recently by spam email that contained these attachments. On the other hand, we have heard those clients that have told us that their businesses have been stalled by these restrictions.

However, that isn’t the last or only action we have taken or will take on this matter. These are others:

  • The lack of speed with which our anti-virus vendor (ClamAV) has picked up this virus means we will be looking at options for either internal or external secondary virus scanning of our incoming and outgoing email streams. If this was something we already had in place, this disruption would have been hardly noticed by more than a few clients. This is the priority with which we are currently seized.
  • We continue to look into ways to apply certain restrictions to some domains and not others in a virtual-hosting environment.
  • Virus samples have been submitted to ClamAV and we anticipate that they will add the recently received viruses to their virus-detection database in due course.
  • We will make an offer to the client most affected by this virus outbreak to move their hosting to a virtual private server of their own.
  • We have blocked several thousand IP addresses that have been the sources of the problem attachments over the last week, and we will block more.
  • Server NC036 is approaching its scheduled replacement time frame. Had our plans been further along when this happened we’d have executed them immediately. However, there are always potential issues when implementing half-baked plans too far ahead of schedule, so we didn’t.

There are potential issues that you need to be aware of:

  • Some anti-virus scanners, not the least of which is ClamAV, are not detecting some of the recent viruses we have seen. You must ensure that you have anti-virus software installed on all of your machines and devices, and you must ensure that this software is automatically updated at least daily. Please remember that the responsibility for the safety of your computer(s) and your data is ultimately yours.
  • You and your employees need to be aware of the risks of opening attachments, and need to be aware of how to evaluate that risk. The risks are to both your machines and devices, and to your organisation and employees.

What have we learned from this experience? Other than our surprise at the degree to which some businesses rely significantly on Microsoft Word documents flying around the Internet, we have learned that the anti-virus vendor on which we have relied without issue for about a decade is not, in fact, infallible. We need, and will obtain, redundancy in this area.

Something else we have decided to act on is SPF (Sender Policy Framework) records. All domains we host have SPF records that tell all mail servers on the Internet that they should accept email only from our servers. The records have all ended with “~all”, but this weekend we will update all records to read “-all”. The difference is that the old records with the tilde (~) allowed receiving servers to act with some leeway, a so-called softfail; the hyphen (-) will enforce that all mail received from domains we host must come from our servers, or any others that are designated in the domain’s SPF record. What will this accomplish? One of the things we have seen is the domain of one of our clients being extensively and aggressively “spoofed”. This is when emails are sent purporting to come from a domain other than their real origin. SPF is designed to prevent this, but the directive with the tilde allows leeway that, it seems, can be too easily abused.

If you believe this may be an issue for you, or if you have any questions at all, please contact NinerNet support and we will assist.

Thank-you very much for your patience.

Virus update

10 August 2020 09:53:46 +0000

After three updates to the virus database on NC036 since Thursday we expected that the anti-virus scanner would detect and block the trojan that is currently overwhelming some of our clients. However, that is not the case.

For that reason we are once again blocking the attachments that are the cause of this problem. We sincerely apologise for this situation.

Again though, if you need to send a blocked attachment type, you can still do so if you compress the file into a .zip document. Your correspondents can also do the same.

If you are getting an error message when trying to send email, the first thing you need to do is check to see if you have attached a file to your message. If you have, and it is one of Microsoft’s typical Word documents, please remove it, compress it, attach the compressed .zip file, and then send that attachment.

If you have any questions or concerns, please contact NinerNet support. Thank-you.

NinerNet home page

Systems at a Glance:


Loc.SystemStatusPing
Server NC023, London, United Kingdom (Relay server), INTERNAL.NC023InternalUp?
Server NC028, Vancouver, Canada (Monitoring server), INTERNAL.NC028InternalUp?
Server NC031, New York, United States of America (Web server), INTERNAL.NC031InternalUp?
Server NC033, Toronto, Canada (Primary nameserver), OPERATIONAL.NC033OperationalUp?
Server NC034, Lusaka, Zambia (Phone server), INTERNAL.NC034InternalUp?
Server NC035, Sydney, Australia (Secondary nameserver), OPERATIONAL.NC035OperationalUp?
Server NC036, Amsterdam, Netherlands (Mail server), OPERATIONAL.NC036OperationalUp?
Server NC040, Toronto, Canada (Web server), INTERNAL.NC040InternalUp?
Server NC041, New York, United States of America (Web server), OPERATIONAL.NC041OperationalUp?
Server NC042, Seattle, United States of America (Status website), OPERATIONAL.NC042OperationalUp?

Subscriptions:

RSS icon. RSS

Twitter icon. Twitter

Search:

 

Recent Posts:

Archives:

Categories:

Links

Tags:

.co.zm domains .com.zm domains .zam.co domains back-up bounce messages browser warnings connection issues control panel database dns dos attack dot-zm domains down time email email delivery error messages ftp hardware imap mail mailing lists mail relay mail server microsoft migration nameservers network networking performance php phplist pop reboot shaw shaw communications inc. smtp spam spamassassin ssl ssl certificate tls tls certificate viruses webmail web server

Resources:

On NinerNet: