9:00 AM 4/22/2012: mail.his.com has developed a problem and is temporarily offline for repairs.
9:55 AM 4/22/2012: performing file-system checks.
10:30 AM 4/22/2012: mail.his.com operation normal, incoming mail that arrived during the outage was spooled on standby servers and is being delivered now.
We’re seeing a significant increase in the number of ‘phishing’ and malware email messages.
Most of these are being stopped by Postini’s spam/virus filters, but some are getting through, and some are getting past our own spam/virus filters that we use to supplement Postini.
These messages are well crafted and look like legitimate email from an entity that you might be doing business with (AT&T, USPS, an airline, FedEx, UPS, your bank). They tell you that a check has bounced or that you’re being billed for some outrageous amount, or something similar – the idea is to get you to click on the links in the messages. If you do that, you’ll go to the bad guys’ web sites, where you’ll either be exposed to malware or there will be a login page that’s designed to trick you into entering login information that you use with your bank, airline, etc.
These messages appear to come from legitimate email addresses (which are forged) and have subject lines like:
US Airways online check-in. Please confirm your US Airways online registration. Fwd: Wire Transfer Confirmation (FED 5405TG032) Your USPS postage labels charge. USPS postage labels receipt. USPS postage labels invoice. USPS: DELIVER CONFIRMATION - FAILED 636382 Your USPS shipment postage labels receipt. Your USPS delivery. Confirmation of email address change. Your AT&T wireless bill is ready to view
Before you click on any links in email that you receive, hover your mouse pointer over the link and check to see where the link really points – most browsers will show this at the bottom of the page. If they point to something that looks bogus, don’t click.
Forward messages like this to spam@postini.com – this will help Postini recognize the tricks that these bad guys are using to get past their filters. Once you’ve done that, delete them.
There was a routing glitch that impacted sites hosted at our Sterling, VA facility for about 5 minutes starting at 7:25 AM EDT today, 3/22/2012. The problem was fully resolved by 7:30 AM EDT.
Over the past few months we’ve seen an enormous jump in the number of password-guessing attacks on our mail servers. The attackers are spammers who are trying to get access to legitimate accounts so they can send spam.
We have software in place that identifies and blocks these attacks, but if a password is too easy to guess the attacker can guess it before the ‘this is an attack’ threshold is reached. When this happens, the victim gets a flood of bounce messages for email they never sent, and when we detect the hijacking we have to lock the account and coordinate with the victim to set a new password, an inconvenience for everybody.
There’s a somewhat geeky but appropriate cartoon that describes a technique for generating passwords that are hard to guess but easy for you to remember at http://xkcd.com/936/.
If your account is on mail.his.com or one of our other Zimbra servers, you can change your password by logging on to webmail and clicking the ‘Preferences’ tab.
Many his.com and hers.com users have received email with a subject similar to:
Re: Fwd: Your Flight Order N977-1214807
… that supposedly came from American Airlines, but the return address (forged) is support@his.com.
If you have received one of these messages, delete it, an definitely do not click on the link provided to “download your ticket.” The link looks as if it goes to www.aa.com, but if you click on it you are actually sent to a server in Colorado that will attempt to put malware on your computer.
We are able to stop nearly all junk like this before it gets to you, but spammers are clever and this one came up with a trick that allowed the messages to slip by 3 separate layers of spam and virus filtering.
mail.his.com developed a problem at about 6:25 EST Tuesday evening. We are working on it and will post an update here shortly.
Update, 8:45 PM EST: still working on the problem. Mail that has arrived since the server went down at 6:25 PM is queueing on backup servers and will be delivered as soon as the server is back up.
Update, 9:20 PM EST: mail.his.com has been restored and incoming mail queued for delivery is being delivered.
All Zimbra servers have been updated to the latest release, 7.1.3p1.
The mail.his.com upgrade on Sunday was successful, and we’re getting a lot of compliments on the new server, especially the new webmail (https://webmail.his.com).
The most common problem has been the need to turn on SMTP authentication in mail clients (Outlook, Thunderbird, etc.) – when this isn’t set the symptom is that you can receive mail but you can only send to his.com or hers.com addresses. There’s more information on this at https://support.his.com/kb/kb/browse/001840
FYI, if you have an account on mail.his.com, your email address will work as either username@his.com or username@hers.com – use whichever you prefer.
We switched mail.his.com over to a much faster platform at 11 AM today, Sunday, 11/13/2011.
The transition has been pretty smooth considering that this is a major upgrade.
We have compiled a list of frequently asked questions at https://support.his.com/kb/kb/browse/001840
If you’re having problems, open a support ticket at https://support.his.com – if you’re unable to receive mail, include your name and phone number so we can call you.
mail.his.com experienced a problem today (10/31/2011) that caused some incoming mail to be delayed (incoming mail should be delivered within about 1 second). We have diagnosed the problem and the backlog of queued incoming messages is being delivered now. Outgoing mail was not affected.