Email problems - March 31, 2009

[Rik]

For those who don't take the RSS feed or who haven't checked the network status page, IDNet were hit by a deluge of spam overnight, and this is causing delay to incoming mail to idnet.com addresses. Martin is manually clearing the queue as far as is possible, and normal service should return shortly.

[Tacitus]

For those who don't take the RSS feed or who haven't checked the network status page, IDNet were hit by a deluge of spam overnight....

Is it my imagination or does iDNet get hit by massive spam attacks more than other ISPs?  Or, are they less good at handling it since email problems due to spam attacks seem to be a pretty regular occurrence?

[Rik]

Yes, but I don't know for sure whether that's to the first or second part of the question.

[Rik]

On this occasion, a customer was infected with a virus, which sent the mail overnight. Unfortunately, it's difficult to do much about that, because once the server starts processing the mail, emptying the queue will also delete legitimate mail. That customer has had his service suspended until he resolves the problem. The previous issue was caused by a customer carrying out a mass mailing despite having been told he could not, he too was suspended. Putting a faster or larger mail server on would, in both cases, just allow the number of mails sent to be greater.

[Simon]

Hopefully, some measures will be taken, as if one customer can cause such problems, be it by accident or design, what happens if two customers happen to get viruses at the same time?

[Rik]

The delays will be even longer.

[davej99]

Sorry, you are all wrong. The problem was caused by Pescalli customers trying to migrate to IDNET.

[Rik]

[zappaDPJ]

If I can connect and negotiate with the mail server (which I can) does this mean the problem is resolved?

A client insists he's twice sent me some copy I need for this afternoon but he's failure to operate anything more basic than a toast rack is legendary so I'm wondering if it was sent at all.

[Simon]

There may still be legitimate mail queueing on the server, Zap.  Have you tried sending yourself a test email?

[Rik]

Not necessarily, the backlog is now clear, so the mail should have got through - but it's possible that it's hit the grey-listing servers and your client's SMTP server isn't responding correctly.

[zappaDPJ]

Test mails are coming through instantly but I'd forgotten about grey-listing. It's more likely I'll have to take a drive to my clients premises to collect what I need which wouldn't be the first time.

Thanks for your replies.

[Rik]

Do you have a non-IDNet address you could try? If it's not too confidential, I could receive it for you on my domain, then forward it from idnet.com.

[zappaDPJ]

That's a very kind offer Rik 

We decided to meet for lunch so problem solved providing he can copy the files onto a USB flash drive. I'm fairly convinced it's a problem at his end and at least I get a free lunch out of it! 

Thanks again 

[Rik]

NP.

[Colin Burns]

Got to love mail servers.  This is the mail reason i dont ever use Idnets email service.

[Rik]

 

Wonderful slip of the keyboard, Colin.

[Colin Burns]

thanks rik i think i should go to bed.  im rather tired and starting to think of hitting my web server or the creators of Cpanel with a hammer

[Rik]

I know the feeling, I've been up since 3:30. 

[Tacitus]

On this occasion, a customer was infected with a virus, which sent the mail overnight. Unfortunately, it's difficult to do much about that....

Can't the servers be set to drop the connection if more than a set number of emails come from that IP in a given space of time?  Wouldn't stop it completely, but it might slow it up to give Simon and co more time to respond.  They can't be the only ISP that gets hit with this sort of thing.

[Rik]

I don't know, tbh, Tac. I'll ask.

[Colin Burns]

I know the feeling, I've been up since 3:30. 

I know the feeling i woke up at 10pm yesterday.  I really need to sort out my sleeping patern.

[Tacitus]

Be intersting to know what they're using Rik.. I imagine it's Linux servers with one of the standard emailing programmes. 

[Rik]

They do do what you suggest, Tac, but it looks like the IP address was in a new range and slipped through - that's being looked into now.

[Dopamine]

On this occasion, a customer was infected with a virus, which sent the mail overnight. Unfortunately, it's difficult to do much about that, because once the server starts processing the mail, emptying the queue will also delete legitimate mail. That customer has had his service suspended until he resolves the problem. The previous issue was caused by a customer carrying out a mass mailing despite having been told he could not, he too was suspended. Putting a faster or larger mail server on would, in both cases, just allow the number of mails sent to be greater.

Just ONE customer can cause this much havoc? Are we sure IDNet even have a mail server, and not someone in a back room somewhere manually sorting email, because my one remaining IDNet email account is still showing delays of around 10 minutes.

It doesn't take a genius to look back through this forum and see regular reports of email problems, specifically those caused by spam. IDNet still has a good reputation, but email is so fundamental to many people's use of the internet that recurring problems like this need to be addressed urgently if that reputation is to remain intact. I've moved to a paid email service elsewhere, but not everyone wants or can afford to do so, nor should they need to given the prices IDNet charge for their email inclusive broadband packages.

[Rik]

They have a number of servers, iirc, smtp is on one machine, pop & imap on a second, webmail on a third, then there are the background and grey-listing servers.

[Simon_idnet]

Hi Dopamine,

There are no mail delays at all this afternoon. If you can please email us the address that you're having trouble with then we can investigate.

The problem overnight was caused by a customer who has access to one of our secondary servers (hosted-domain mail) which then feeds into the main processing servers. That secondary server does indeed have tarpitting rules that are designed to track and block excessive traffic from source IP addresses. It seems that this customer (or rather his virus) managed to circumvent those rules. Now we just have to work out how that happened and adjust the rules accordingly.

Regards
Simon



Post edited by Simon, due to privacy concerns.

[Dopamine]

Hi Dopamine

There are no mail delays at all this afternoon. If you can please email us the address that you're having trouble with then we can investigate.

The problem overnight was caused by a customer who has access to one of our secondary servers (hosted-domain mail) which then feeds into the main processing servers. That secondary server does indeed have tarpitting rules that are designed to track and block excessive traffic from source IP addresses. It seems that this customer (or rather his virus) managed to circumvent those rules. Now we just have to work out how that happened and adjust the rules accordingly.

Regards
Simon

Thank you for your reply, although I'm not at all happy that you address me on this forum with personally identifiable and confidential information that I've never made public. (It's the principle that wrankles, not the actual information that's given away)

There are delays. I've experienced one, which is why I posted. I had also telephoned support prior to your post here. I discussed your grey listing, my domain and the email problem. I had a partial reply, but your support representative was unable to answer my question completely.

My question regarding grey-listing was: Are greylists reset periodically, and if so how often?
The answer I received was : Yes they are, but I don't know how frequently. I believe it might be monthly.

I asked, because an email sent to my IDNet address from my own domain was delayed by grey-listing, something I believed should not happen as I regularly receive emails from this domain to my IDNet address. It was further explained to me that grey-listing covers IP addresses and some other parameters, and that as my domain host is a large organisation (GoDaddy) with many IP addresses and mail servers, it's quite likely that emails will often be delayed by IDNet's grey-listing.

Personally I find IDNet's grey-listing problematic. The occasional delay is acceptable for an initial email, but when it repeatedly kicks in it becomes a nuisance. I don't suffer this problem with any other email service, be it free ones like hotmail and yahoo, or when using my own domain's email or the email services of other ISPs.




Post edited by Simon to address privacy concern.

[Tacitus]

.....I've moved to a paid email service elsewhere, but not everyone wants or can afford to do so, nor should they need to given the prices IDNet charge for their email inclusive broadband packages.

The main reason I would use a separate email service is for ease of changing ISP - the address moves with you.  TBH 'all" ISPs can get hit with this sort of thing from time to time and an independent service is no guarantee.  If you use shared hosting, a hit on one domain on the server can take the rest down with it.

In the end it comes down to how good the ISP/hosting co are at blocking this stuff.  Sadly, none of them are immune.