RESOLVED: Ongoing mail server issues

 

First of all, please let us apologize for the recent havoc ensued on our mail servers, and thank you to all our loyal customers who reported the issues and helped us in identifying the issue.  After two weeks of going blind from looking at log files, we found no trace of what was breaking our server until we saw there was a botnet relaying spam from our server. The infection has been removed and prevention measures put in place to avoid a future infection with regular virus scanning of known exploits.

This was the nefarious EITEST infection, which has compromised over 50,000 servers around the world, a botnet running for over 10 years.  In April, some clever security boffins sinkholed the entire command and control system for the botnet, however the knockon effect of this is blacklisting all mail servers that have been used to send C&C requests outwards to receive instructions from the botnet.

Needless to say, the entire software industry is scrambling to get all systems operational again and removal of vital servers from the CBL blacklist, which will not allow an infected server to relay any mail until the infection is removed.  CBL themselves have been most helpful in providing information on resolution, however they do have strict unlisting, All traces of the infection have been successfully removed we expect all mail to fully operational shortly once our servers are clear from EITEST activity for over 24 hours on the C&C sinkhole nodes.

We would recommend all our users run a malware scan with Windows Defender or AntiMalware Bytes, if you used our blog or used the login with google or facebook features, we highly recommend scanning your PC as this is where we eventually found all traces of the virus.