January 3-6, 2021
CLOUD SERVER MIGRATION
Well, we had done many cloud migrations before but this one was particularly troublesome. We had some bad memory in the old Dell so what should’ve been easy, breezy, file copying was anything but; especially considering the need to meet HIPAA data transit requirements.
All mail and ActiveSync functions are back up and running!
January 29, 2020
BLOCKING RICH TEXT FORMAT (RTF) DOCUMENTS
We will no longer support sending or receiving RTF files as attachments. These files continue to have the least amount of protection within Microsoft Office, and it is Microsoft’s recommendation to block their transmission by Email.
November 15, 2019
ANTI-PHISHING RULES UPDATED
New rules developed, and existing rules updated. to better detect and combat phishing Emails. These modifications targeted Shipping and Banking companies.
October 22, 2019
CALENDAR SYNC DISPLAY WITH OUTLOOK BUG
Fixed an aesthetic bug to correct colors used to display event titles in WebMail when calendars were generated using Outlook 2013 and 2016 at the client.
August 30, 2019
ANTI-SPAM “SEXTORTION” BUG FIXED
We found a bug with one of our anti-spam vendors that broke our locally-developed “sextortion” (a.k.a “Aaron Smith” Spam) rulesets. A workaround for this bug has been implemented.
August 15, 2019
ANTI-SPAM E-MAIL ATTACHMENT PROCESSING
Made changes to our local anti-spam rulesets to better determine file attachment types. We use to rely on the MIME header information, but now use the filename as well.
August 11, 2019
E-MAIL PHISHING RULE UPDATES
Added a couple of new banks and a file transfer service to our local phishing rulesets. Also added new checks to determine valid content from banking institutions.
July 25, 2019
E-MAIL PHISHING ENHANCEMENTS
Now getting direct feeds from OpenPhish and PhishTank and have incorporated their programming APIs into our anti-spam system.
June 28, 2019
MAIL SYSTEM UPGRADE
Installed new vendor updates for the POP3/IMAP server processes. This corrected intermittent login problems/password prompts for clients that connect from the local server (“localhost“).
This problem only affected Windows and Android Microsoft Outlook and other mobile devices that use ActiveSync connectivity.
June 27, 2019
SYSTEM OUTAGE/OFFICE MOVE
Physical office move. All services were unavailable from 15:10 to 15:58 EDT.
April 27, 2019
MAIL SYSTEM UPGRADE
Another vendor update was available for the POP3/IMAP server processes. This corrects a problem broken in the last release where all members could no longer change their passwords. All up and OK.
April 19, 2019
MAIL SYSTEM UPGRADES (CONTINUED)
The new mail system software requires a lot of configuration file changes. This is because variables (parameters) have been split into “local” and “global” contexts. This is a continuation of last night’s updates, correcting an issue with per-user “filters”, responsible for Vacation, Auto-Responder, Auto-Filing, Forwarding and Copies (to name just a few functions available).
April 18, 2019
MAIL SYSTEM UPGRADES
The mail system components responsible for POP3/IMAP access have been upgraded. This fixes problems with index and quota files for those companies who use optional encrypted file-system storage.
March 21, 2019
NEW WEBMAIL HELP
Webmail now has a built-in HELP function. It is still a work-in-progress. The “search” doesn’t function properly and there are a lot of custom features that need documenting, but it is pretty good right now. Enjoy!
March 7, 2019
NEW WEBMAIL CONTACT LIST
Within Webmail, all users will see a new Contact database called “Automatically Collected“. Every time you compose an Email in Webmail, the recipient(s) will be added here. In so doing, this provides the functionality of Outlook’s “Nickname” or Thunderbird’s “Autocomplete” database.
March 7, 2019
NEW SPAM IP BLACKLIST RECORD!
Holy Guacamole! I was just looking at the number of IP addresses tracked in our anti-spam database: “Total Blocked IPs: 751410714”. That’s 750 Million, or 3/4 Billion addresses. Wow!
February 20, 2019
VARIOUS SYSTEM UPDATES
System updates were installed in the late evening hours.
All ActiveSync components handling Email, Contacts, Tasks, and Calendars were also upgraded.
February 20, 2019
ACTIVESYNC COMPONENT FAILURE
One the the three Unix ActiveSync authentication servers failed at 07:30AM. It was restored at 09:25AM. This affected customers using ActiveSync Email devices. Webmail or traditional Email protocols were not affected.
January 12, 2019
ANTI-SPAM AND FIREWALL INTEGRATION
Integrated anti-spam handlers with our reactive firewall to block the more abusive spammers.
January 9, 2019
Improvements to the anti-phish rules. Development of new “meta” rules for better categorization of spam. Developments of new rules based upon attachment time. Development of new rules to better support Unicode characters.
November 9, 2018
We’ve been evaluating a new spam-control platform that looks promising, at least in terms of CPU efficiency. Added a lot of rules to combat Phishing, particularly from Credit Card companies and some local Credit Unions, like Navy Federal.
We currently operate one of the world’s largest private IP blacklists; tracking over half a billion spam sources and more than 1.4 million “spamvertized” hyperlinks. We use 900 locally-developed rulesets supporting over 30,000 spam signatures.
October 14, 2018
ACTIVESYNC E-MAIL CHANGE
Not all ActiveSync devices will set the client’s “Display Name” properly. More common than not, only the client’s Email address is used. When sending Email through an ActiveSync client, we now set the “Display Name” to that listed in the Webmail database (“Identity” section).
For those users that use multiple identities, the information from the first identity is used for this purpose.
October 3, 2018
COOL CHANGE TO ACTIVESYNC & THE WINDOWS 10 MAIL APP
When using the native Windows 10 Mail and Calendar App, the Calendar inserts XML code into the Event’s “Description/Notes” field. This makes entries difficult to read on mobile devices or other Calendaring programs, such as Outlook 2013/2016.
Never fearing change, we developed a “HTML_Detox” feature to make things readable. Now you can enjoy Windows 10 to its fullest!
September 15, 2018
We changed the ActiveSync Calendar function to properly reflect All-Day appointments. Other changes include full support for BCC addresses over ActiveSync connections and correction of the Message-ID (for those systems that do not set it properly).
August 29, 2018
SPAM CONTROL CHANGES
Moved much of our unique spam handling functions to cloud servers. This better distributes the load on our servers.
June 15, 2018
EMAIL CONNECTIVITY OVERVIEW
The following illustration depicts the connectivity options available for use when connecting to our services!
January 25, 2018
Six new commercial themes were added to the WebMail Interface. These are all “Responsive” themes designed to look good on any device. Enjoy!
January 23, 2018
New server updates installed affecting a total of 109 software packages. These includes fixes for the Intel CPU fiasco with Meltdown and Spectre.
January 16, 2018
CALENDAR COLOR SUPPORT
The first of it’s kind, we now support Microsoft Outlook’s standard Event Colors: Red, Blue, Green, Yellow, Orange, and Purple. This is compatible with all versions of Outlook including the ActiveSync versions (Outlook 2013 and 2016).
January 8, 2018
We now support the CATEGORIES calendar attribute. We merged the Category parameters from Thunderbird, Rainlendar, and Outlook into an easy-to-use drop-down selection box:
December 22, 2018
EMAIL SIZE CONSTRAINTS
To accommodate new ActiveSync clients using Outlook 2013/2016, we made changes to allow support for Email attachments up to 50MB in total size. We also improved the constraint on the total number of attachments per Email, which is now 20.
December 22, 2018
COMPLETE MOBILE DEVICE SYNCHRONIZATION SUPPORT
We now offer complete support for ActiveSync (“Exchange Account“), including Email, Calendar (SyncCalendar), and Contacts (SyncContacts). These are all available on the WebMail interface!
On your Android device, simply setup a Microsoft Exchange account with your Email address and password.
On Apple devices, Outlook 2013/2016, and the Microsoft Outlook4Android App, you may also need to supply an Exchange Server name. Use: mail.tbi.net
Older systems without ActiveSync support can achieve the same synchronization using the CalDAV and CardDAV protocols. The Outlook CalDav Synchronizer will work just fine on older versions of Outlook.
For a business professional or the consummate “Road Warrior“, this is the place to be!
December 1, 2017
New test tools and links have been added to the Member’s Only section.
October 28, 2017
SITE CONTENT UPDATES
You can now pay your invoice from the home page, via PayPal/Credit Card. Also, added Microsoft Exchange/Active-Sync test suite to the Member’s Only section.
October 25, 2017
SPAM CONTROL UPDATE
Made a change in DNS listing to properly handle URIs that contain IP addresses for hostnames. As we are using SpamAssassin now for this function, we have had to change the listings for Reverse Dotted-Quad Format (e.g. 127.0.0.1 gets listed as 22.214.171.124). This will improve spam control, but just a little bit.
October 19, 2017
MEMBERS-ONLY SECTION UPDATES
A new Crypto/Cipher Scan utility was added to the Member Login area. This does the same old, boring, web-based stuff that others do, but we can also scan all Email services, FTP services, and Secure Shell (SSH) services as well. If you’re a COMSEC/INFOSEC nerd, this tool’s for you! Don’t be a POODLE; use your noodle.
October 18, 2017
MEMBERS-ONLY SECTION UPDATES
We’ve added a bunch of third-party diagnostic tools in the Member Login area. We also put our own WHOIS lookup (used to determine domain and IP address ownership details) utility online. Enjoy!
October 17, 2017
We’ve added a Member Login area to the site. If you have an Email account on this system (@tbi.net or other domain Email hosted here), simply login with your Email address and your Email password.
Since we are network-centric, this will be most useful for DIY Network Administrators and Managers. It is a little sparse; with only a few utilities at the moment, but it is a good start. Content and Utility updates in this section will be updated here.
October 16, 2017
WEBMAIL PASSWORD CHANGE UTILITY
Corrected the Change Password function in Webmail->Settings. This was broken on 8/24/2017 with the packages installed to support the Microsoft ActiveSync protocol.
October 15, 2017
DNS AND MAIL SERVER UPDATES
Upgraded DNS server to support the new CAA certificate records. Certificate Authority Authorization (CAA) records are used as an additional sanity check specifying who can issue valid SSL certificates for a domain. This standard went into effect in September 2017. The CAA has a RR type of 257. Currently, there are no DNS client tools that can evaluate these records. Google’s Public DNS Tool can do it: https://dns.google.com/. So can their G-Suite Toolbox: https://toolbox.googleapps.com/apps/dig/.
Also, enabled DMARC forensic and XML reporting. We’re very happy with the reporting therein, especially from Google’s mail servers. A useful site for testing various mail server and DNS attributes is the MX Toolbox here: https://mxtoolbox.com/NetworkTools.aspx.
Upgraded the Postfix SMTP server to fix a couple of logging problems.
October 14, 2017
AUTO-SSL CERTIFICATE RENEWAL PROBLEM
Corrected a problem with the auto-renewal of certificates that affected mail.tbi.net, imap.tbi.net, and pop3.tbi.net. The invalid SSL certificates were causing the web server processes to hang and eventually fail. This occurred the morning of 10/14/2017.
October 7, 2017
Software updates installed encompassing PHP and Apache webserver components. There was a new security patch for DNSMASQ. On this system, the program is hand-compiled to avoid the bloat associated with the O/S package. Recompiled and installed OK.
October 5, 2017
EMAIL HEADERS & PRIVACY
For users that authenticate to this mail system to send Email, additional privacy controls have been implemented where your client details, including your local IP address, are suppressed; these are not exposed to the remote Email addressee. This is important from a privacy standpoint.
September 28, 2017
EMAIL TLS/SSL AUTORESPONDER TEST
You can Email an autoresponder here that will reply to your Email with the TLS/SSL encryption details of your message. This way, you can tell if messages being sent here are being properly encrypted and handled securely. To check it out, send a blank Email to: firstname.lastname@example.org.
September 24, 2017
EXCHANGE ACTIVE-SYNC EMAIL UPDATE
It is now possible to sync your email to your mobile phone by simply entering your Email address and password – nothing else is needed! Works fine on both Android and Apple mobile devices.
September 15, 2017
BOTHERSOME IRMA AND SITE NOTES
The outage during Hurricane Irma was troubling. We will be implementing some cloud capabilities, especially for DNS services. We are sticklers regarding Email security, so the simple cloud solutions are not suitable for us. We will migrate to a mail server mirroring technique using private cloud APIs.
Jared over at https://www.jaredsec.com is going to dust off an old Florida disaster plan he wrote and publish it. Lot’s of great, cool, informative tips for small businesses; complete with an analysis of telecom during Hurricane Irma. What is your biggest risk here in Florida? You’d be surprised! You’ll have to check that out later next week.
September 11, 2017
SSL WEBSITE CHANGES
SSL Certificates for our WordPress clients have been provided at the low, low, cost of FREE! We made some changes to improve the redirection of websites via a REDIRECT initiative rather than URL REWRITING, as had been implemented earlier.
August 24, 2017
MICROSOFT EXCHANGE ACTIVESYNC
Mobile and MS-Office users can now use ActiveSync to synchronize their Email. Simply setup an Exchange Account on your mobile device with your Email Address, Domain (blank), and Username (Email Address). The Exchange Server field should be: mail.tbi.net. Example:
- Email Address: email@example.com
- Domain/Username: \firstname.lastname@example.org
- Password: <your password>
- Exchange Server: mail.tbi.net
To maintain our good security, the ActiveSync protocol is secured with SSL. At present, only Emails can be synchronized (No Contacts or Calendars).
August 1, 2017
PHYSICAL SERVER MOVES
DNS, Web, and Email servers were moved from Palm Harbor to Clearwater. This move increases our total efficiency and ensures continued operations.
July 18, 2017
POP3/IMAP/SMTP SECURITY ENHANCEMENTS
Core Email components were also given security enhancements as well. These are our SMTP (Ports 25, 465, and 587), POP3 (Port 995), and IMAP (Port 993) servers. Low-grade ciphers were removed. Only High-strength ciphers are allowed, along with secure, ephemeral Key Exchange mechanisms; like Elliptical Curve Diffie-Hellman (ECDH/ECDHE). We grade an A on these services, with PCI/DSS compliance.
We are just a wee bit better than Gmail. The only thing stopping us from an A+ rating, and full HIPAA and NIST compliance is the lack of a feature called OCSP (Online Certificate Status Protocol). This is a Certificate Revocation check with the Certificate Authority. To prevent over-burdening of a CA’s servers, and prevent leakage of client referral information, OCSP allows the server to do these checks and return the header to the client. This also mitigates problems that can occur if the Certificate Authority’s servers are attacked. The High-Tech Bridge tests are a real “Ball-Buster”. Currently, there are no Email clients or Servers that support OCSP. This function is mostly used in modern web-servers.
July 17, 2017
The Webmail system security has been greatly enhanced. Only high-strength and compliant ciphers are used. We also use Perfect Forward Secrecy (PFS) ephemeral key-exchange mechanisms, like Elliptical Curve Diffie-Hellman (ECDH/ECDHE), We are secure against DDoS attacks and protection from the latest (2016) SSL/TLS exploits, like Sweet32. Tests from the High-Tech Bridge SSL Test Site give us a A+. We meet all compliance and guidance objectives for:
This ensures that all data between your browser and our server is safe and secure.