October 19, 2017
MEMBERS-ONLY SECTION UPDATES
A new Crypto/Cipher Scan utility was added to the Member Login area. This does the same old, boring, web-based stuff that others do, but we can also scan all Email services, FTP services, and Secure Shell (SSH) services as well. If you’re a COMSEC/INFOSEC nerd, this tool’s for you! Don’t be a POODLE; use your noodle.
October 18, 2017
MEMBERS-ONLY SECTION UPDATES
We’ve added a bunch of third-party diagnostic tools in the Member Login area. We also put our own WHOIS lookup (used to determine domain and IP address ownership details) utility online. Enjoy!
October 17, 2017
We’ve added a Member Login area to the site. If you have an Email account on this system (@tbi.net or other domain Email hosted here), simply login with your Email address and your Email password.
Since we are network-centric, this will be most useful for DIY Network Administrators and Managers. It is a little sparse; with only a few utilities at the moment, but it is a good start. Content and Utility updates in this section will be updated here.
October 16, 2017
WEBMAIL PASSWORD CHANGE UTILITY
Corrected the Change Password function in Webmail->Settings. This was broken on 8/24/2017 with the packages installed to support the Microsoft ActiveSync protocol.
October 15, 2017
DNS AND MAIL SERVER UPDATES
Upgraded DNS server to support the new CAA certificate records. Certificate Authority Authorization (CAA) records are used as an additional sanity check specifying who can issue valid SSL certificates for a domain. This standard went into effect in September 2017. The CAA has a RR type of 257. Currently, there are no DNS client tools that can evaluate these records. Google’s Public DNS Tool can do it: https://dns.google.com/. So can their G-Suite Toolbox: https://toolbox.googleapps.com/apps/dig/.
Also, enabled DMARC forensic and XML reporting. We’re very happy with the reporting therein, especially from Google’s mail servers. A useful site for testing various mail server and DNS attributes is the MX Toolbox here: https://mxtoolbox.com/NetworkTools.aspx.
Upgraded the Postfix SMTP server to fix a couple of logging problems.
October 14, 2017
AUTO-SSL CERTIFICATE RENEWAL PROBLEM
Corrected a problem with the auto-renewal of certificates that affected mail.tbi.net, imap.tbi.net, and pop3.tbi.net. The invalid SSL certificates were causing the web server processes to hang and eventually fail. This occurred the morning of 10/14/2017.
October 7, 2017
Software updates installed encompassing PHP and Apache webserver components. There was a new security patch for DNSMASQ. On this system, the program is hand-compiled to avoid the bloat associated with the O/S package. Recompiled and installed OK.
October 5, 2017
EMAIL HEADERS & PRIVACY
For users that authenticate to this mail system to send Email, additional privacy controls have been implemented where your client details, including your local IP address, are suppressed; these are not exposed to the remote Email addressee. This is important from a privacy standpoint.
September 28, 2017
EMAIL TLS/SSL AUTORESPONDER TEST
You can Email an autoresponder here that will reply to your Email with the TLS/SSL encryption details of your message. This way, you can tell if messages being sent here are being properly encrypted and handled securely. To check it out, send a blank Email to: firstname.lastname@example.org.
September 24, 2017
EXCHANGE ACTIVE-SYNC EMAIL UPDATE
It is now possible to sync your email to your mobile phone by simply entering your Email address and password – nothing else is needed! Works fine on both Android and Apple mobile devices.
September 15, 2017
BOTHERSOME IRMA AND SITE NOTES
The outage during Hurricane Irma was troubling. We will be implementing some cloud capabilities, especially for DNS services. We are sticklers regarding Email security, so the simple cloud solutions are not suitable for us. We will migrate to a mail server mirroring technique using private cloud APIs.
Jared over at https://www.jaredsec.com is going to dust off an old Florida disaster plan he wrote and publish it. Lot’s of great, cool, informative tips for small businesses; complete with an analysis of telecom during Hurricane Irma. What is your biggest risk here in Florida? You’d be surprised! You’ll have to check that out later next week.
September 11, 2017
SSL WEBSITE CHANGES
SSL Certificates for our WordPress clients have been provided at the low, low, cost of FREE! We made some changes to improve the redirection of websites via a REDIRECT initiative rather than URL REWRITING, as had been implemented earlier.
August 24, 2017
MICROSOFT EXCHANGE ACTIVESYNC
Mobile and MS-Office users can now use ActiveSync to synchronize their Email. Simply setup an Exchange Account on your mobile device with your Email Address, Domain (blank), and Username (Email Address). The Exchange Server field should be: mail.tbi.net. Example:
- Email Address: email@example.com
- Domain/Username: \firstname.lastname@example.org
- Password: <your password>
- Exchange Server: mail.tbi.net
To maintain our good security, the ActiveSync protocol is secured with SSL. At present, only Emails can be synchronized (No Contacts or Calendars).
August 1, 2017
PHYSICAL SERVER MOVES
DNS, Web, and Email servers were moved from Palm Harbor to Clearwater. This move increases our total efficiency and ensures continued operations.
July 18, 2017
POP3/IMAP/SMTP SECURITY ENHANCEMENTS
Core Email components were also given security enhancements as well. These are our SMTP (Ports 25, 465, and 587), POP3 (Port 995), and IMAP (Port 993) servers. Low-grade ciphers were removed. Only High-strength ciphers are allowed, along with secure, ephemeral Key Exchange mechanisms; like Elliptical Curve Diffie-Hellman (ECDH/ECDHE). We grade an A on these services, with PCI/DSS compliance.
We are just a wee bit better than Gmail. The only thing stopping us from an A+ rating, and full HIPAA and NIST compliance is the lack of a feature called OCSP (Online Certificate Status Protocol). This is a Certificate Revocation check with the Certificate Authority. To prevent over-burdening of a CA’s servers, and prevent leakage of client referral information, OCSP allows the server to do these checks and return the header to the client. This also mitigates problems that can occur if the Certificate Authority’s servers are attacked. The High-Tech Bridge tests are a real “Ball-Buster”. Currently, there are no Email clients or Servers that support OCSP. This function is mostly used in modern web-servers.
July 17, 2017
The Webmail system security has been greatly enhanced. Only high-strength and compliant ciphers are used. We also use Perfect Forward Secrecy (PFS) ephemeral key-exchange mechanisms, like Elliptical Curve Diffie-Hellman (ECDH/ECDHE), We are secure against DDoS attacks and protection from the latest (2016) SSL/TLS exploits, like Sweet32. Tests from the High-Tech Bridge SSL Test Site give us a A+. We meet all compliance and guidance objectives for:
This ensures that all data between your browser and our server is safe and secure.