4.5.2.28. 20200929 – Delays relaying email through mail.voipstra.com.au
NOTICE TIME ZONE
Brisbane GMT+10
STATUS (Open/Closed)
Open
INCIDENT START DATE
2020929
INCIDENT START TIME (HH:MM)
Approx: 08:15
ESTIMATED TIME TO RESOLUTION
N/A
INCIDENT END DATE
20200929
INCIDENT END TIME (HH:MM)
23:59
OUTAGE DURATION
16hrs
INCIDENT CAUSED BY A 3RD PARTY?
No
IF YES, NAME OF 3RD PARTY
XCRM TICKET NUMBER
N/A
BRAND
XNET
INTERNAL PRIORITY
N/A
CUSTOMERS AFFECTED
ALL
SITES AFFECTED
ALL
DESCRIPTION OF INCIDENT
Some users receiving notifications informing them of delays sending to domains such as hotmail.com, outlook.com and live.com due to mail.voipstra.com.au being on email blacklists
PRIMARY IMPACT EFFECT
Users may have delays sending emails
SECONDARY IMPACT EFFECT
None
EVENT TIMELINE
TUESDAY 29TH SEPTEMBER 2020
08:15
XSTRA identified a large backlog of emails on mail server
08:30
XSTRA confirmed mail.voipstra.com.au was blacklisted
08:41
XSTRA identified cause of blacklisting due to large quantity of spam emails being relayed through server
09:00
XSTRA identified source of relay and immediately blocked all connectivity to the mail server from that network
09:03
XSTRA commenced clearing backlog of spam emails
09:45
XSTRA submitted request to be delisted from the blacklists
10:15
XSTRA forced email to route via alternative IP address temporarily to ensure delayed email still transmitted
RECOVERY & RESOLUTION
Removed spam server’s ability to relay through the mail server and additionally blocked at the router level. Cleared all remaining spam email from queue and submitted requests to be delisted
ROOT CAUSE
A subnet mask that is reserved for private ip addresses was declared too large allowing public addresses to use the mail server as a relay
CORRECTIVE & PREVENTATIVE MEASURES
Confirm all IP addresses in the list are only private subnets and\or customer specific ip addresses
RESIDUAL EFFECT
Some email may be required to be resent if it exceeds the 2 day delay window
Post your comment on this topic.