The Road Ahead

Last night, we performed maintenance and upgrade to our core mail services. As a result, there are some changes to our mail services.

Service Upgrade

The core part of the work undertaken last night was the upgrading the software of our mail servers. The software upgrade was successful and all mail services resumed normal operation at around 23:00 last night.

E-mail Virus Scanning

All messages that pass through our servers are automatically scanned for viruses. Any message that contains in which a virus is detected is automatically deleted. We cannot guarantee our virus scanning to be foolproof, so we alway recommend that all of our customer utilises Antivirus protection on their computers as well.

Blocked E-mail Attachments

We automatically block e-mail attachments with particular filename extensions. In most cases, the blocked extensions are files that can cause harm if they are opened or downloaded. We've recently updated and expanded the list of blocked file extensions which take immediate effect.

Forthcoming Work

In the near future (date to be decided), we will be upgrading our webmail software. As with nearly all software upgrades there will be a short period period when webmail will be offline as we switch to the new software.

We will be undertaking routine maintenance and upgrade work to our standard mail servers between 22:00 and 00:00 today (30th April 2014). Availability of mail services during time period may be erratic as we stop and restart key services.

This work only affects our standard mail account holders. Users of Hosted Exchange will not be affected.

There has been a lot of widespread attention to the Heartbleed vulnerabilty in OpenSSL. Unfortunately, some mainstream news outlets have over-simplified descriptions of Heartbleed that imply it is a pandemic vulnerability. It is not.

We are not impacted by the vulnerability as we do not use OpenSSL. All of our SSL services are delivered using Microsoft technologies that are not impacted by the OpenSSL vulnerability. Additionally, Microsoft has issued a statement stating that the implementation of SSL within Windows is not impacted either.

Although we are not directly impacted, we do recommend that our customers follow the general advice of changing their passwords of all online accounts. Many of our customers use the same username/password combination for all online accounts, and it would only take one of these online services to be exploited for their passwords to be potentially exposed.

That said, there is an argument against changing the password of an online account until that service has been patched or updated with a fix to Heartbleed. Otherwise, you might run this risk of either having to change the password twice, or even more worrying, your new password being potentially exposed.

There are a couple of online tools available to check whether a site is vulnerable to Heartbleed.

https://lastpass.com/heartbleed/

http://filippo.io/Heartbleed/

Caution: As some technical news sites have noted, using these test tools may be illegal under both UK and US law. Our advice is only to use them if you have permission and/or you are testing your own systems.

A final note: this vulnerability is not restricted to websites. OpenSSL is used in a multitude of applications from VPNs to firewalls to embedded systems. Even though its' existence has been known for 2 years, corrective patches and their installation may not occur immediately.

Changing your Calzada account password

If any customers wish to change their Calzada Media account password, this may be done through My Account. Click on the Account Security tab to access the change password facility.

Updated 19:05 11/04/2014

Additional note about legal implications of testing.

You can now check the status of our services and websites using the new Service Status page. This displays realtime status information taken from our monitoring systems.

https://status.calzadamedia.com/

In addition to displaying the individual statuses, this page will also display the uptime for each service or website.

We do perform regular maintenance work, and this may involve some periods of downtime. Announcements of maintenance work and any ongoing issues may be found on our blog and Twitter feed.

Edited: 2nd October 2015 to fix broken links.

In the last few days we've upgraded our free URL shortening service LeafURL. As before, LeafURL is completely free to use, and if you register for an account, you are able to manage and monitor the performance of your shortened URLs.

In the next couple of months we will be enhancing LeafURL with improved and enhanced reporting and management capabilities for registered users. If you have any suggestion or ideas, get in touch.