the recent spam attack

[merlin]

how is it possible (without being too technical) for a massive spam attack to bring down idnet.
i would expect they have plenty of protection, so when id's protection system detected an attack why didn't it imediatly shut down ,and thereby minimise the attack, before the whole system came down ??

i am not getting at idnet, who i think are very good , i,m just curious to know why the protection system appears to have failed 

[Simon]

I think that's what everyone, including IDNet, want to know, Merlin, and I'm sure there will be an investigation once things are up and running again.

[sobranie]

Can't really see that the protection system failed .... if anything it seems to have been too efficient in this instance

[Malc]

Just curious, but what happens to email's waiting? Do they back up and come through later, or are they rejected?

[kinmel]

Just curious, but what happens to email's waiting? Do they back up and come through later, or are they rejected?

The sender's server will keep trying to deliver, usually for 24 hours or more. After that the mail should be returned to the sender as undelivered.

[Malc]

The sender's server will keep trying to deliver, usually for 24 hours or more. After that the mail should be returned to the sender as undelivered.

Thanks

[Sebby]

I wonder if, once the server was rebooted, it was accepting emails, but wasn't able to deliver them to the mailboxes, or whether they would be rejected...

[Simon]

Last time there was a problem, Simon & Co managed to rescue things with zero data loss, so hopefully the same will happen here, but of course, until the systems are up and running again, I suppose there's no guarantees.

[Rik]

Especially as, when I last was able to contact Simon D, he was still watching the server try to re-build itself.

From what I can make out, the spam being held back by the grey-list servers was released in an effort to clear the delays. Pat, the idnet.co.uk server, has a premium spam package on it and was able to cope. Trevor, the idnet.com server - which also carries the webspace and, I understand some hosted sites, was not, as it has a lower-grade protection package. It's been manually re-started at lunchtime and has been trying to reconstruct itself since then.

[Sebby]

I see. Like I mentioned earlier, I don't think the spam system on Trevor is so great if IDNet are having to make a decision to manually release messages. Theoretically, it shouldn't be causing delays in the first place.

[Rik]

Not of that sort, certainly.

[Simon]

It seems to me that an investment is required to upgrade Trevor.  Email is a core component of any residential broadband package, and should be as reliable as the ADSL service itself.  Three major email failures in 12 months is too many, in my book, and one thing I have to concede to Pipex is that their email service was rock solid, and never let me down in 5 years.

[Sebby]

I agree, Simon, but then Pipex had no spam filtering whatsoever...

[Simon]

No, but I got no spam either. 

[Sebby]

Really? That's impressive! All of our Pipex addresses were complete and utter spam magnets, despite us being very careful.

[Ann]

Tiscali's email was down every week  

[Gary]

I pay £12 a year which is not a lot to have my email hosted by IDNet, mainly because I get no spam and their system works, I was told that would give me antivirus, phishing and spam protection but it seems the .co.uk addresses get that in a better package, so am I paying for something that would still work for free as I had the email addresses set up anyway before I left IDNet I thought last time Trevor went down they should invest and not have webspace and suchlike all on one server, and even paying only £12 a year I do kind of expect a more resilient email package

[Gary]

Tiscali's email was down every week  

Oranges never worked well, and actually gave you spam 

[Rik]

I thought last time Trevor went down they should invest and not have webspace and suchlike all on one server, and even paying only £12 a year I do kind of expect a more resilient email package

Can't argue with that, Gary, I pay 1&1 much less and they've been very good this year.

[Sebby]

Can't argue with that, Gary, I pay 1&1 much less and they've been very good this year.

I second that.

[Gary]

Can't argue with that, Gary, I pay 1&1 much less and they've been very good this year.

So how much is the .co.uk hosting package Rik? or do they not do that I like the email addresses I have on IDNet its short sweet simple and as having these grey servers stopping spam i decided paying was worth it, I wonder though would my email addresses still be working if I just carried on using them and I have wasted £12 I feel kind of cheated at the moment, and yes 1&1 is cheaper by a lot

[Sebby]

I thought it was £4/month, but I can't find the details on their site.

[Rik]

It's about £8pa iirc, Gary (£0.69pm - checked the site. Domain registration is £14(?) for 2 years)).

http://order.1and1.co.uk/xml/order/Home;jsessionid=C648C242A0B112935C1672581082F36A.TC32b?__frame=_top

[Gary]

I thought it was £4/month, but I can't find the details on their site.

That would be £48 a month for proper email protection on IDNet on a reliable server, thats way over the top

[Gary]

It's about £8pa iirc, Gary (£0.69pm - checked the site. Domain registration is £14(?) for 2 years)).

http://order.1and1.co.uk/xml/order/Home;jsessionid=C648C242A0B112935C1672581082F36A.TC32b?__frame=_top

Cheers Rik, right now I just hope they get this all working again so  can see if I got any of the mail I was expecting, as many are i'm sure

[Simon]

Really? That's impressive! All of our Pipex addresses were complete and utter spam magnets, despite us being very careful.

Funnily enough, the only spam I used to get from Pipex was to the PC Pals account, when it was hosted with WebFusion, then I used to get bucket loads.  Since we moved to IDNet, it's practically vanished altogether.  

[Rik]

Cheers Rik, right now I just hope they get this all working again so  can see if I got any of the mail I was expecting, as many are i'm sure

I just don't like to have all my eggs in one basket, Gary...

[Gary]

I just don't like to have all my eggs in one basket, Gary...

I agree I have google and yahoo, hotmail and o2 etc but its just frustrating to see all the webspace etc was still on one server along with email, in my book thats a big mistake, the email should be better protected and after trevors last crash I had hoped they would have thought about this,any way night all im feeling lousy and its off to bed for me

[psp83]

Tiscali's email was down every week  

Did it ever work

[Dopamine]

I agree, Simon, but then Pipex had no spam filtering whatsoever...

I'm a Pipex refugee, and I too stand in defence of their email. Spam can be pretty easily managed by the end user and I'd much rather know that I get everything sent to me than always wonder, as I do with IDNet, how much legitimate email is blocked or delayed by over zealous (and, it would appear, not very reliable) ISP spam management.

All the suggestions that we should invest in private domains with their own email accounts (which I do) are misguided: IDNet advertise their Home Max package as featuring "Unlimited POP3 mail-boxes (@idnet.com)". If it's advertised as part of a service it should be as robust as the internet connection itself, with appropriate investment.

[Rik]

All the suggestions that we should invest in private domains with their own email accounts (which I do) are misguided: IDNet advertise their Home Max package as featuring "Unlimited POP3 mail-boxes (@idnet.com)". If it's advertised as part of a service it should be as robust as the internet connection itself, with appropriate investment.

I couldn't agree more, we've had too many email failures in the past year. My advice has merely been that of the pragmatist - if it matters, have a backup.

[Pez]

Damn Rik, you're a machine! Do you ever sleep? 

Conspiracy Theory - Rik is an auto-bot with automated responses that agree with everything! 

[Rik]

I came back specially tonight, Pez, both to check what was happening and because Simon had promised to update me - unfortunately I haven't heard from him.

[cs]

This is really poor, all I need the damn mail server for is authenticated smtp whilst I am on the road   They should provide a seperate smtp server, there is no need for this to be down because of some silly spam filtering service dumped on the server. I think a good many of us would rather they got rid of that all together, or at least made it opt-in and on a different service platform, so those that do not need it are not affected by the problems.

They obviously don't have proper backup/DR in place, mail services are essential and there are plenty of easy ways to get them into a high availability environment. (I am current working on an IT project where downtime is charged to my company at £64k/hour  )

Sorry rant over... I guess i'm just dissapointed, i've had nothing but excellent service from IDnet since I joined a few months ago so I am shocked the email isn't up to the standard of the rest of the service

[Malc]

My pipex email still works, both in and out, 9 months after I left them.

This is not a good situation now, after the price we pay, this should really not be happening  I too am waiting for a email, with a few hours left before 24 hours are up, I just hope they get it sorted soon.

Up untill now I have been completly happy with IDnet, but this knocks the confidence a bit to know the protection on our emails insn't that great.

[chrisga]

My pipex email still works, both in and out, 9 months after I left them.

This is not a good situation now, after the price we pay, this should really not be happening  I too am waiting for a email, with a few hours left before 24 hours are up, I just hope they get it sorted soon.

Up untill now I have been completely happy with IDnet, but this knocks the confidence a bit to know the protection on our emails isn't that great.

Yep I'd echo  that - Sorry as a newbie,  a whine  is my first post on this forum !



I would agree with what has been written about  alternative email accounts, and I have one.  However, that doesn't help  mails that are stuck  / maybe lost -  The latter, if it proves to be the case,   is  a cardinal sin for an ISPs,  and something that should ring alarm bells  about the competence of  IDnet, even for those that  don't use their mail service. !

Also, why has this gone on for so long ?? -  The only reason I moved from a cheaper  ISP to IDnet was  their brilliant past service levels.  I have to be honest, this has knocked my confidence   

[Steve]

I think the smtp server is functioning as I am able to send mail.

[Malc]

Same here, sending reports no errors.

[Arathorn]

No luck sending here. I get the following error message:

"An error occurred sending mail. The mail server sent an incorrect greeting. Remote server connection error"

I'm now getting a trickle of mails through via email forwarding but there's a load of emails sitting in Trevor's queue that i can't get at.

Looks like it's going to be a long day!

Arathorn

[JB]

Firstly, please don't think that I am knocking IDNet, because I am not. I think they are a brilliant ISP.

Unfortunately, since I joined about six months ago there have been two occasions where the email system has been 'attacked'. I rely on my email probably no more or no less than other members so I have no gripe. More a need to understand what has gone wrong and why?

My wife regularly corresponds by email with an old English girl friend living in the USA. For quite a time during the last few months, email sent by my wife has been bounced by her friends ISP (Verizon) stating that IDNet is on their blacklist as being the gateway by which spam emails have entered the Internet. This has resulted in my wife having to use a Gmail account to communicate with her friend. Just recently the Verizon ban had been lifted and my wife was able to resume normal email from IDNet. I hope yesterdays problems don't mean that this ban will be reinstated again.

This may seem a simplistic view but if IDNet's outgoing mail server only accepts email from true IDNet accounts and only passes incoming email to bona fide IDNet customers, I wonder how the problem is occurring. Was the spam targeted at just IDNet customers or was a web site co-hosted on 'Trevor' hacked and made to feed copious amounts of spam directly into the server.

Anyway, as I said this is not a dig at IDNet but I would like to know (in due course) exactly what has caused IDNet all these headaches, with which I do sympathise sincerely.

I do have my own domains and therefore my incoming email has been largely unaffected, however it is the loss of the outgoing smtp server which is causing me the biggest headache.

I do hope IDNet manage to recover everybody's email and are able to take steps to prevent this sort of thing from occurring again.

PS. Sorry if the guys at IDNet didn't get much sleep last night 

JB.

[Gary]

Well lets hope all goes well today, while i understand issues occur, as echoed in other posts email needs to be on dedicated servers with a backup facility, and not on one hosting webspace etc, we have had to many email issues in the last year. I wish the guys good luck but can see kissing any email sent to my and my wifes idnet account goodbye as 24 hours get closer 

[Rik]

This may seem a simplistic view but if IDNet's outgoing mail server only accepts email from true IDNet accounts and only passes incoming email to bona fide IDNet customers, I wonder how the problem is occurring. Was the spam targeted at just IDNet customers or was a web site co-hosted on 'Trevor' hacked and made to feed copious amounts of spam directly into the server.

TBH, JB, I can't give you a good answer as I don't have the information. There are two mail servers, Pat, which seems very robust, and Trevor, which has been rather more fragile. I'm sure IDNet will be holding an inquest once they restore service, and I have made sure that they have seen all relevant comments from the forum.

You can, of course, send your idnet.com mail using your domain's SMTP server, but getting replies would still be problematic.

[JB]

You can, of course, send your idnet.com mail using your domain's SMTP server, but getting replies would still be problematic.

Hi Rik,

Yes I can, but when sending attachments it is much faster via the IDNet server because I am already on 'their network', so to speak.

I just wonder if there was a certain venerability that spammers have exploited. In the two years that I was with Newnet I don't recall such a problem with the mail system.

Having said that, IDNet is 10 times the ISP that my previous one was, in many ways.

Cheers,

JB.

[Rik]

ATM, I don't have any answers, JB. I'm sure IDNet will be holding an inquest as soon as they have the service restored.

[Den]

I most likely require my emails more than most as the central monitoring station I use send me emails to let me know what activations my monitored alarms have sent in the last few hours and as such help me to respond correctly. But things can go wrong with electronics so have pity on Idnet they are doing their best and at least admit when the have a problem. 

[Rik]

The problem is, Den, that this has happened several times in the past year. Things do go wrong, but when the server failed, they had us back up and running in a few hours, it's now been 26 hours, and we have no idea when service will be restored or if there will be data loss.

[Malc]

First time, and hopefully the only time, but I have to say this is poor service. Surely with premium prices it should be a premium service. (Which, for me, until now, it was) Why is there no backup server?

I hope they learn from this mess.

We praise them all the time, and rightly so, but it is only fair to say this now

[Rik]

Unfortunately, Malc, a backup server in email is hard to implement as files are, literally, changing by the second.

[Malc]

So how does the .net work?

I assume that hasn't been attacked, and can .com not use the same system.

[Simon]

The problem at the moment, as I understand it, is that Trevor is still on the file system check, and nothing can proceed until this has completed, and there is no indication as to how far it's got, so if they stop it, they risk stopping it at 99%, in which case it would have to start all over again.  Rock and hard place spring to mind.

[Rik]

It would be like going to Sky News rather than BBC News, Malc. The outgoing server can be changed easily by the user, but the incoming mail is already addressed. If you try and force it to go somewhere else, it has no idea where that somewhere else is.

[Gary]

26 hours is a long time for a backbone service to be down but as simon said, rock and hard place do spring to mind, if hosting on the mail server and the spam attack caused this that to me says do no host other services on that server so this will not occur email is more important than blogspace etc, and normally I would not moan but as stated, its happened too many times now, Idnet mail works well the spam filter system is excellent but I think its time that the mail side is made more robust. All in all Its frustrating and annoying, I pay for hosted mail, and most peeps on here pay for IDNet as their ISP, IDNet are good at what they do, but this crash was waiting to happen and really after the last one no remedial action to make the .com mail system more secure has been taken it appears, seems like its all lumped together on Trevor for the wrong reasons.

[Malc]

I was thinking for the future to be transfered there


I suspect Richard Branson has done this, to sabotage every other IPS, so that when all his customers get there threatening letters about having downloaded one MP3, (instead of buying it from Virgin megastores) they don't jump ship.

Either that, or it's Gordon Browns fault.

[Rik]

TBH, the two mail systems work to a very different standard, Malc. One costs £4pm if you buy it, our one costs £1pm.

I'm sure there will be a post-mortem once things are working again - IDNet don't want this any more than we do.

[kinmel]

The outgoing server can be changed easily by the user, but the incoming mail is already addressed. If you try and force it to go somewhere else, it has no idea where that somewhere else is.

that is only because no standby arrangement is in place.

My mail server is right next to me at home and as such is liable to all sorts of interruptions and so I have arrangements in place.  My web and email servers are duplicated at another address piggybacked in someone else's machine.

In an emergency anyone of us with net access can go to EveryDNS and change my primary server IP address to the standby IP address, the change is instantaneous. and all email is then handled by the standby.

We tidy up the stray emails by manually forwarding them afterwards from the standby to the primary server.

All our web and email arrangements are done by amateurs using free-ware and free-web utilities, so how hard is it for a specialist provider to achieve that and more.

[Rik]

I can't argue with you, Alan. OTOH, maybe the volumes involved here make it more complex?

[somanyholes]

a few thoughts....

If the idnet mail servers where under attack, changing the dns would make no difference. All you would be doing is transferring the load from one box to another, guess what would happen next....

Smtp authentication is all well and good, but if a client gets infected it will just act as a mail relay using the clients settings to send outbound mail through the idnet mail servers, this seems to be happening more and more.... I hope idnet have maximum connections from clients set

Trying to sort out mailservers with massive ques is a complete nightware, mad and I had this issue before, 3 mailservers with over 700,000 emails on each box, it took three days for normal service to resume.

Will be interesting to see what happens.

Have to concur with a few peeps on here, multiple public services on two box's is not a good idea...

Hope its sorted for you all soon.

so

[LesD]

My wife regularly corresponds by email with an old English girl friend living in the USA. For quite a time during the last few months, email sent by my wife has been bounced by her friends ISP (Verizon) stating that IDNet is on their blacklist as being the gateway by which spam emails have entered the Internet.

Your wife JB is not alone with this experience as the same fate befell my wife a week or three ago when the same thing happened to emails she was sending to her sister. This was to an address she had been using for months!

This is what came back:

Undelivered Mail Returned to Sender

This is the mail system at host lda.idnet.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                   The mail system

<XXX@totalpeople.co.uk>: host
    icms-g1-1.keele.netcentral.co.uk[212.57.252.nnn] said: 554 5.7.nnn This
    message has been blocked because it is from a FortiGuard - AntiSpam black
    IP address.(connection black ip 212.69.36.nnn) (in reply to RCPT TO
    command)

(some changes to preserve anonymity)

I sent the above to IDNet Support and had this reply:

Hi Les
>
> It would appear that the mail server at netcentral.co.uk has blocked
> the
> email. However, FortiGuard themselves do not view our mail server as
> being
> on a "black list":
> http://www.fortiguardcenter.com/antispam/antispam.html
>
> I would recommend that your sister-in-law reports this to her email
> provider.
>
> regards
> Simon


So I advised my sister-in-law to do just that.

More recently, before the current outage, mail did appear to be getting through to her again but from what I gather it was a bit hit and miss. In between times we resorted to my old virgin.net dial-up account to send her emails.

I did not bother posting here because I thought the problem would be unique to us!

[JB]

I did not bother posting here because I thought the problem would be unique to us!

Hi Les,

No not unique at all. It is exactly what we experienced. In fact I thought our experience was unique.

As she could 'get around' the problem by using a Gmail account I didn't bother posting the experience until now.

I think IDNet is the best ISP I have used (out of about six over the last ten years) but I _do_ wish they would get their email services up to scratch.

Cheers,

JB.

[pup]

  Get well soon Trevor

[Rik]

Nice of you to say that, LinLin, we're all feeling a bit battered by now.