Over the past week we have seen a huge number of 'bots' trying to guess customer email credentials in order to try to send email through our outbound email servers: smtp.aa.net.uk.
The attempts were being blocked due to wrong passwords being used, but this caused significant load on our severs due to all the database lookups involved. To address this, we are blocking IP addresses that are listed on the Spamhaus 'Exploits Blocklist (XBL)' and the Spamhaus 'Combined Spam Sources (CSS)' lists. -These are typically IP address known to have hijacked in some way or known spam senders.
This has reduced the load on the email servers significantly, however we are are still blocking around 1.5 million unique IP addresses each day.
We have had a small number of legitimate customers affected by this as their IP address is on these blocklists. (IPs can be looked up on https://check.spamhaus.org). In these cases, please do contact support and we can discuss workarounds.
This notification is for customers who run their own authoritative DNS servers and use our secondary-dns.co.uk as secondary (slave).
As part of our DNS infrastructure project we will start to initiate Zone Transfers from an additional set of IP addresses.
You will still send your NOTIFY to secondary-dns.co.uk but you will start to see AXFR requests from an additional set of IP addresses.
Therefore, please update your ACLs to allow the following addresses in addition to what you have at the moment:
Please update your ACLs by March 11th.
We will have an overlap of using the existing DNS servers and the new DNS servers. As part of our testing we will start to use the new IP addresses from February 17th
We'll be performing routine overnight software upgrades on our pool of LNSs and BGP routers, starting Thursday 9th October. One LNS will be done per night, and this involves moving lines between the LNSs and upgrading when lines have been moved off. Customers may see a PPP drop and reconnect in the early hours of the morning as this work is carried out.
Upgrades to our BGP routers will also happen overnight but should have little to no impact. Resolution: This work has been completed.
Between 5AM and 5:30AM we saw a reasonable number of BT SoGEA lines drop for around 100 seconds and reconnect.
They only dropped off once, but over a period of around 30 minutes we saw a few hundred drop and reconnect. As far as we can see the only common factor is that they are BT SoGEA lines. We don't have any planned work notifications for work on this scale, and the sites are dotted around the country.