4.5.2.23. 20200929 – Delays relaying email through mail.voipstra.com.au
NOTICETIMEZONE
Brisbane GMT+10
STATUS (Open/Closed)
Open
INCIDENTSTARTDATE
2020929
INCIDENTSTARTTIME (HH:MM)
Approx: 08:15
ESTIMATEDTIME TO RESOLUTION
N/A
INCIDENTENDDATE
20200929
INCIDENTENDTIME (HH:MM)
23:59
OUTAGEDURATION
16hrs
INCIDENTCAUSED BY A 3RD PARTY?
No
IF YES, NAME OF 3RD PARTY
XCRMTICKETNUMBER
N/A
BRAND
XNET
INTERNALPRIORITY
N/A
CUSTOMERSAFFECTED
ALL
SITESAFFECTED
ALL
DESCRIPTION OF INCIDENT
Some users receiving notifications informing them of delays sending to domains such as hotmail.com, outlook.com and live.com due to mail.voipstra.com.au being on email blacklists
PRIMARYIMPACTEFFECT
Users may have delays sending emails
SECONDARYIMPACTEFFECT
None
EVENTTIMELINE
TUESDAY 29TH SEPTEMBER 2020
08:15
XSTRA identified a large backlog of emails on mail server
08:30
XSTRA confirmed mail.voipstra.com.au was blacklisted
08:41
XSTRA identified cause of blacklisting due to large quantity of spam emails being relayed through server
09:00
XSTRA identified source of relay and immediately blocked all connectivity to the mail server from that network
09:03
XSTRA commenced clearing backlog of spam emails
09:45
XSTRA submitted request to be delisted from the blacklists
10:15
XSTRA forced email to route via alternative IP address temporarily to ensure delayed email still transmitted
RECOVERY & RESOLUTION
Removed spam server’s ability to relay through the mail server and additionally blocked at the router level. Cleared all remaining spam email from queue and submitted requests to be delisted
ROOTCAUSE
A subnet mask that is reserved for private ip addresses was declared too large allowing public addresses to use the mail server as a relay
CORRECTIVE & PREVENTATIVEMEASURES
Confirm all IP addresses in the list are only private subnets and\or customer specific ip addresses
RESIDUALEFFECT
Some email may be required to be resent if it exceeds the 2 day delay window
Post your comment on this topic.