Category Archives: Observations

Security Changes for 2014

2013 has been one of the most “interesting” and volatile for computing security for many years. The technical revelations regarding protocol issues with secure handshakes and the designed-in weaknesses in Elliptic Curve Random Number Generator, and Edward Snowden’s exposure of the NSA and other nations’ intelligence services behaviour in massive data gathering of anything they could tap into will have technical, social and political repercussions for many years to come.

The most immediate effect is the realisation that we should all be encrypting whatever we can.

At Tidymail we have always encouraged the use of secured connections. When we started the service more than 10 years ago we offered and encouraged the use of secured connections. Our web interface has only ever been offered via a secure connection and whilst for traditional email clients there were valid reasons at the time to allow insecure connections we no longer feel it is appropriate to allow these anymore.  A year ago we added the facility to specify that an email client should only be allowed to connect securely. Now we feel it is appropriate to improve matters further.

From 1st April 2014 we will no longer permit insecure access for sending or receiving mail.  All email clients will need to be configured to connect either via an SSL connection, or via a STARTTLS negotiated connection.

Details of the hostnames/ports that should be connected to are available on the Tidymail Services and Port Numbers page. But the summary is that any existing insecure configuration should be adjusted to require SSL or TLS.

Most of our client configuration guides contain details on how to configure securely and we can advise for other client software not listed; just email us at helpdesk@tidymail.co.uk

This is not the only measure we are taking to improve the security of your email but it is the most visible to you.  We continue to work on improving the parts of the system that are not immediately visible and we expect to improve the security of various aspects, both visible and not, over the next year and onwards.

Disk problem

We’re having a disk problem on the main system, resulting in an
apparent heavy load. This results in 400-class errors reported
(451, etc) meaning “temporary error; please try again”.

As a temporary measure, reconfiguring your mail client to send
outbound via relay2.tidymail.co.uk will help. Unfortunately we
can’t do the same for accessing inbound mail.

More details when we have them.

We’re going for a reboot – but the disk is being recalcitrant.

We seem to be back.  Inbound mail has stacked up in the queue on our secondary server; it will be passed to the primary shortly.

WARNING – Phishing attempts

We have noted that some of our customers are receiving email purporting to be from ourselves claiming they are over their storage limit and that they need to reply with their account details including password to resolve the storage issue.

These emails are not from us and should be deleted.

We will not ask for your email passwords, ever.

Subject: Your mailbox has exceeded the storage limit.
Date: Tue, 10 Nov 2009 08:43:42 -0800
From: ServiceHelp Desk <admin@webmail.org>
Reply-To: adminwebct@tmail.tv
To: undisclosed-recipients:;

Dear Webmail Account User,

This message was sent automatically by a program on Webmail admin center
which periodically checks the size of inbox, The program is run
automatically to ensure no user inbox grows too large. If your inbox
becomes too large, you will be unable to receive new emails. Just before
this message was sent, you are currently running on 20.9 GB, You have has
exceeded the storage limit which is 20GB.

To help us re-set your Account SPACE on our database prior to maintain
your INBOX, you must reply to this e-mail providing us your the Below
information:

E-mail ( ... ...... ...  ... ... ... ...  ... ... ... ...  ... ... ... ... )
Username/ID ( .all.. ... ... ... ... ...  )
Current Password ( ... ...... ... ) Retype Password: ( ... ...... ... )

From this point you will be unable to receive new email as it will be
returned to the sender, Provide the above information to enable us help
reset your webmail immediately.

NOTE: Your Webmail Account Expire in Three (3) Days. After you read this
message, it is best to REPLY with the required information to upgrade
MailBox. Reply to this message immediately to Re activate your Account.

Thank you for your cooperation.
Webmail Help Desk. System Administrator
-------------------------------------------------

Drop-off

The number of connections to both our primary and (mainly) secondary MX’s dropped by about 50% about 11pm local on Friday.  Perhaps a major spammer has been knocked off?  The effect is quite clear on the front-page graph – we’re accepting mails from a far higher percentage of connections now, merely because the total is less.

Update, Monday:

Hah!  They were trying to fool us.  7:30 this morning, back they come,

Here we go again

Number of connections doubled over the last week….. they’ve found us again.  We do seem to be keeping most of the extra load out, which is good.

Falloff

All of our metered rates have been dropping steadily this week,

bar the “accepted mails”, to maybe two-thirds of the previous week.

This follows the expected steady ramp-up post new-year.

Maybe we fallen off some spammer’s radar?

I’m not complaining.

New player

Behaviour change in the incoming connections this week; dumb and easily detected (and rejected).

I smell some new junkware out there, which hasn’t had the rough edges knocked off it yet.

The ramp-up continues, but it’s nowhere near back to the autumn rate yet.

Spammers restart

So it looks like our weekend holiday from spam is over –

connections are back to where they were last week, a slowly rising trend after

the takeout of the major Californian operator a couple of weeks back.

Ho hum.

The feel is different too, more russian sources and poor-quality bot-software

with easy patterns of HELO names to spot visually.

css.php