Friday, June 21, 2013

Snall Business Is Still a Hacker's Main Target




Recent reports still show that the hacking community is still targeting small business for their lack of regularly updated security practices in IT. So if you are operating a small business and have not taken your computer security seriously, you should.



Saturday, June 8, 2013

Rackspace Hosted Exchange SMTP Changes



Rackspace has decided to improve their email security for their clients and resellers. This means SOME people who have been using their SMTP servers (secure.emailsrvr.com) as CRAM-MD5, will have to reconfigure their email clients to new outgoing email server settings.

This update will only effect users of the following email clients:
 - Mozilla Thunderbird
 - Apple Mail Client (Apple Mail app on iMac's)
 - Older Apple iPad's, iPhones and iPod's that have not upgraded to iOS 6.x


Here is the official announcement and details:


On June 26, 2013, Rackspace will be performing a maintenance on the Rackspace Email and Microsoft Hosted Exchange environments which will remove the ability for mail clients to send mail using the legacy authentication protocol, CRAM-MD5. Once removed, a very small portion of our customers may lose the ability to send mail until their mail client's SMTP authentication method is changed.

Why is Rackspace making this change? Rackspace is continually striving to improve the quality, usability, and security of our mail offering. While CRAM-MD5 is a secure authentication protocol, the industry as a whole has been migrating away from using this mechanism. The recommended method for sending mail today is to use PLAIN/PASSWORD authentication over an SSL or TLS connection.

Will I be impacted? Our extensive testing in preparation for this maintenance has proven that the vast majority of mail clients do not use CRAM-MD5 by default. It is very difficult to pinpoint each and every mail client, version, device, etc that could be impacted, although we do know that if you are running one of the following configurations you could be impacted by this change:

- Thunderbird
- Apple Mail (Mac Mail)
- Apple devices still running legacy iOS versions (prior to IOS 6.x)

* NOTE: Customers using iPhones with Mobile Sync enabled will NOT be impacted.

I'm impacted / will be impacted... How do I fix this? If you feel you may be impacted, or after the maintenance is complete you are no longer able to send mail from your client, you can resolve this issue using one of the following means:

1) Re-configure your mail client so it does not use CRAM-MD5 authentication for SMTP (sending). We also suggest connecting to our system via SSL or TLS when sending mail. Instructions for setting up your mail client can be found at https://help.emailsrvr.com. Please refer to this article http://www.rackspace.com/knowledge_center/article/end-of-support-for-smtp-authentication-using-cram-md5 for instructions on changing the SMTP authentication method.

2) Of course, Fanatical Support is always an option! You can call or chat with a member of our support team and we can walk you through the process.

Is there a workaround while I'm trying to set this up properly? Absolutely! You can always login to webmail to access and send email like normal should you experience issues and need to send something quickly. The webmail login can be accessed here: https://apps.rackspace.com/. You may also read the frequently asked questions below.

...

Frequently Asked Questions

Q: Can you tell if I’m affected?

A: Unfortunately, we have no way of identifying which users specifically are connecting with CRAM-MD5 authentication.

As long as your users are connected with PLAIN/PASSWORD authentication over an SSL or TLS connection, they will not see an impact.  It's always best to double check on the mail clients in question.

Q: Why are only certain clients affected?

A: While we do not know for sure every email client and/or version that could be affected, email clients will be affected if configured using CRAM-MD5.  We have put together instructions for the most common clients and devices that we are aware of that could be configured using CRAM-MD5. As far as we can tell, outlook users will not have any issues. Please refer to this article http://www.rackspace.com/knowledge_center/article/end-of-support-for-smtp-authentication-using-cram-md5 for instructions on changing the SMTP authentication method.

Q: What will happen if I do nothing and I’m affected?
A: Your incoming emails will still be delivered as normal.  You will receive an error, however, when attempting to send emails using SMTP.  As a work-around, you can always use webmail to send/receive at apps.rackspace.com