Category Archives: MxWatch

This blog is dedicated to our Server Monitoring product. Monitor your server for Blacklists, Up/Down SMTP, HTTP, TCP, MailFlow performance and more! http://mxtoolbox.com/services_servermonitoring.aspx

August Newsletter – All New Crazy Good MxWatch Server Monitoring

Our Engineers have been working double time to release a slew of new features for our Mxwatch Monitoring tool. This tool is designed to take the guessing out of server management we understand that if something is wrong with your email server, you need to know right away! The core features of the tool have always been to send alerts if there is a problem with server performance, availability or if your server has been Blacklisted. Here at MxToolBox we like to think outside the box and this time our Engineers have outdone themselves. Here are all the new features we have released:
MailFlow Monitor
The feature we are the most excited about is our MailFlow Monitoring service. Our Engineers specifically built this one of a kind tool to go beyond just monitoring SMTP, it provides real-time daily, weekly and/or monthly statistics by monitoring the status of all mail in and out of your server. Our system sends a message to your server every 5 minutes, to which your system auto-replies or sends a forward back to us.  This allows you to get a true picture of the Up/Down status and performance of your mail-server!  
 

We built this service so we could monitor the status of our own many mail servers and we didn’t feel that any current solutions on the market could tackle this request in an efficient and awesome way.

TCP Monitoring
If you have your own email server in-house, chances are you may also be running other servers or have other IP Addresses that you may want to keep an eye on; such as your website!  If so, you need to know the status of both at all times so you can react quickly in the event of problems.  We can monitor the status of your website and all other servers (anything operating on the TCP Port Level.)  

Mobile Web App
We know that oftentimes you aren’t sitting in front of your computer when something breaks. That’s why we created a mobile web app that gives you a “Status Board” which quickly identifies if services are up or down with color coding for ease. In the screenshot below the red bar indicates that 127.0.0.2 is currently blacklisted and the clear indication next to http:mxtoolbox.com indicates that the website is up!

Tags & Simple Dashboard
When a service is down or having issues you need to be able to quickly identify the service. Our simple dashboard allows you to quickly see where the problem is by color coding alerts. Red means it is down and green is up…its that simple. To make it even easier you can “tag” your alerts for easy recognition, think of it as a labeling system for your servers, customers etc.

Alert Summaries & Verification
When you monitor many things, your phone beeps MANY times. Who needs the added pressure of their phone vibrating off the table? We eliminate those nerves by checking all related items and then send out a single, concise summary of the entire event.

Snooze Button
When you have already diagnosed the service that is having an issue the last thing you need is continued reminders of the problem. Simply hit the snooze button and our service will quit bugging you temporarily. You can even enable the snooze from your phone!

More Frequent Monitoring
The Professional Monitoring package also does more frequent monitoring of the things you need to take care of.

Summary
In short, we challenge you to find another provider that is offering all of these features in one easy convenient and awesome tool. Here at MxToolBox we are always working to make things easier for you and we feel that our Monitoring tools do just that. Call us directly with any questions to learn more or to get started on a Trial of MxWatch or one of our other Email & Web Security Services!

 

 

 

Blog Email Security Blog

 

Copyright 2011 MxToolbox Inc. 12710 Research Blvd. Austin, TX 78759 

Telnet Test – A Great Troubleshooting Tool & Technique

Oftentimes it is very helpful to remove your mail server from the equation to see if there is an underlying network / reputation problem blocking mail flow. Here’s how you can manually send a test message using the telnet command built into every operating system. You’ll need to determine the name or address of your recipeints mail server. You can do this by looking up their MX record at http://mxtoolbox.com. In my example the MX record is a1.mx-route.com. Your commands are in bold below and the responses I got are in italic. Be careful, on Windows if you typo you cannot backspace and correct yourself. Just hit enter and retype the entire command.

telnet a1.mx-route.com 25
Trying 208.123.79.41…
Connected to a1.mx-route.com (208.123.79.41).
Escape character is ‘^]’.
220 a1-1.mx-route.com ESMTP

helo mxtoolbox.com
250 a1-1.mx-route.com
mail from: <peter@mxtoolbox.com>
250 sender <peter@mxtoolbox.com> ok
rcpt to: <support@mxtoolbox.com>
250 recipient <support@mxtoolbox.com> ok
data
354 go ahead
Subject: Test Message
This is a test message.
.

250 ok:  Message 156715331 accepted
quit
221 a1-1.mx-route.com
Connection closed by foreign host.

Here you can see that the sender, recipient and message were accepted by the 250 responses from the recieving mail server. If there are problems you will see them reflected with 4xx or 5xx responses that can be very helpful for figuring out the problem.

A few of our readers had asked for an explanation of the above commands, here ya go!

telnet a1.mx-route.com 25 Use the telnet command to connect to a1.mx-route.com on port 25
Trying 208.123.79.41… Trying to connect
Connected to a1.mx-route.com (208.123.79.41). Connection was successful
Escape character is ‘^]’. The server is telling you how to hang up. In this case you press Control-]
220 a1-1.mx-route.com ESMTP This is called the banner. The server is telling you some more about itself and letting you know that it is your turn to talk. In this case the 220 means that it’s a good connection, the machine’s name is a1-1.mx-route.com and it can talk using the ESMTP protocol.

helo mxtoolbox.com We are saying hello to the machine and telling it our domain name. I can use the domain name to reverse lookup our IP and make try to make sure we aren’t spoofing somebody else and that we are reputable.
250 a1-1.mx-route.com The server is saying okay (250 means good) and again telling us it’s name.
mail from: <peter@mxtoolbox.com> I would like to send you a message from <peter@mxtoolbox.com>.
250 sender <peter@mxtoolbox.com> ok The server seems to be agreeable to this idea (again 250 means good). It can use several methods to decide if it wants to accept a message from you.
rcpt to: <support@mxtoolbox.com> I would like to send the message to <support@mxtoolbox.com>.
250 recipient <support@mxtoolbox.com> ok The server again is okay with this transaction so far.
data I am ready to send you the message data.
354 go ahead Server says okie dokie.
Subject: Test Message The message subject.
This is a test message.
Some text.
.
The period all by itself is the signal that we are done sending message data.
250 ok: Message 156715331 accepted The server has successfully (250 again) accepted the message and assigned it ID 156715331.
quit We are done now. You can close the connection.
221 a1-1.mx-route.com The server agrees. . Good bye.
Connection closed by foreign host. The server has closed the connection.

SMTP Diagnostic Tools Updated

I have added some additional information to the SMTP Diagnostic test tool so that we can better troubleshoot Server Down alerts when customers are puzzled because they saw no outage.

I have added the full SMTP transaction transcripts to the SMTP Diag Alert emails. I also configured it to include the actual timeouts for “Timeout occurred due to inactivity” alerts which are what cause the SMTP Diag Failed emails.

Remember that just because we issue a SMTP failed does not mean that they were down or offline, just that they were unable to respond to our connection request within 15 seconds. They should have our testing networks whitelisted on their Firewalls and SMTP Defense mechanisms.

Thanks,


Peter LeBlond
Product Development Engineer
MxToolBox

Update 8/5/2010 11:55 CDT:We have made additional changes to the SMTP Monitoring code to try to alleviate the lingering false Down alerts. Please continue to give us feedback if you continue to experience them.

MxWatch Monitor Service Upgrade Announcement

MxWatch Service Upgrade Announcement

In order to keep your Monitoring Service account active you must log in to MxWatch before August 31, 2010. There you can use the migration wizard to move your service over to the new version.

Earlier this year we updated the MxToolBox website with a new look, some new tools, and a new back end engine that provides our look up results. This new engine was put in place to power MxWatch, our free Server Monitoring Service, and this was done quietly and smoothly, behind the scenes without any fanfare.

While we were updating the free tools and new website design, we were also hard at work on a new interface for MxWatch. The new interface makes it easily to mange monitoring many servers on the new dashboard and and is ready to grow as we add new monitoring types in the future. New users signing up for monitoring have been using this new interface for some time and we are pleased to announce that our updated version of is now ready for prime time.

We have set up a Self Migration Tool which has been in place on a voluntary basis for some time now and many people have been moving themselves over to the new version of the monitor. We are sending out this email to let you know of all the changes that have been made and to let you know that you need to log in to MxWatch and migrate your service over to the new version if you would like for your monitoring service to be continued. Any accounts not migrated by August 31, 2010 will be deleted when the old servers are shut down.

We would like to hear your feedback about the MxWatch upgrade or about the website and tools in general. Please send us an email to feedback@mxtoolbox.com or post a note on the new MxWatch forum section of the MxToolBox Forums. You can keep up to date on any changes we are making and other MxToolBox news on our Blog. We also post updates and various tidbits and tasty morsels on Twitter and Facebook.

Thanks,

The MxToolbox Development Team

Forums Find updates on our BLOG
Twitter Join us on our FORUMS
Blog Follow us on TWITTER Facebook Become our fan on FACEBOOK

What does the Bounce Message – “Unable to Relay” Mean?

If your customers are receiving an error message like below, there are 2 settings that may need to be adjusted.

‘name@domain.com’ on 9/15/2006 11:11 AM
550 5.7.1 Unable to relay for name@domain.com

Configure your Exchange Server to accept mail anonymously for your domain

The directions below are for Exchange 2007, but most mail servers should have similar settings.
  1. Please confirm that your Send Connector has Anonymous Users allowed under Permission Groups.
  2. Open your Exchange Management Console and access Server Configuration > Hub Transport > Receive Connectors

  3. Right Click on the Default (or any other Receive Connector your company uses) and choose Properties.
  4. Select the Permission Groups tab and ensure that Anonymous Users is checked.

    NOTE: This does NOT allow anonymous users to send mail through your server, this would configure the server as an Open Relay; that would be bad. This allows anonymous users to  have access to the Receive Connector so they can send mail addressed to your domain(s).
Configure your Email Client to authenticate when it connects to your SMTP server
To resolve this issue please adjust their email client to require ‘My Outgoing Server SMTP Requires Authentication’. The directions below are for Outlook 2007, but most mail clients should have similar settings.
  1. Open Outlook
  2. Go to Tools > Email Account > Change
  3. Click More Settings > Select Outgoing Server tab and ensure that check box next to My Outgoing Server SMTP Requires authentication is enabled.
  4. Click Ok and Next and Finish.

Spam and Virus Trends from Google Postini

Editor’s note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which processes more than 3 billion email connections per day in the course of providing email security to more than 50,000 businesses and 18 million business users.

In 2009, the security community started seeing diminishing returns from the takedown of malicious ISPs. After the ISP 3FN was taken down, spam levels rebounded in less than a month, and after Real Host went down, spam volumes recovered after only two days. In response, the anti-spam community turned its attention toward taking botnets offline instead.

Toward the end of 2009, Mega-D, a top-10 botnet – responsible for infecting more than 250,000 computers worldwide – was severely crippled through a carefully orchestrated campaign designed to isolate the command-and-control servers spammers were using to support the botnet. In early 2010, security professionals, along with government agencies, successfully mounted a campaign against several more targets: major botnets such as Waledac, Mariposa, and Zeus were either shut down or had their operations significantly curtailed.

However, this recent spate of botnet takedowns has not had a dramatic impact on spam levels. Although spam and virus levels did fall below Q4’09 highs, reports from Google’s global analytics show that spam levels held relatively steady over the course of Q1’10.

This suggests that there’s no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns.

Spam by the numbers
Overall, spam volume fell 12% from Q4’09 to Q1’10, which follows a trend of quarterly decreases in overall spam levels that started after the surge in Q2’09. This may be attributed to some of the recent takedowns, but spam volume was still 6% higher this quarter than it was during the same period in 2009, and spam volume as a percentage of total email messages is holding steady.

Recently, our data centers showed a 30% increase in the size of individual spam messages (measured in bytes) that occurred toward the end of March, as shown below.

This spike points to a resurgence of image spam, similar to what we reported in Q2’09. This is likely due to the fact that reusing image templates makes it easier and faster for spammers to start new campaigns.

As always, spammers tend to make use of predictable topics – cheap pharmaceuticals, celebrity gossip, breaking news – to encourage user clicks. In January, spammers hastened to exploit the Haiti earthquake crisis, sending pleas for donations that appeared to have been sent by reputable charitable organizations, politicians, and celebrities.

The frequency and variety of post-earthquake spam illustrates an unpleasant reality: spammers will exploit any means – even tragedies – to accomplish their objectives.

Virus levels fall after Q4’09 surge
During 2009, spam with attached viruses increased tenfold, with levels rising from 0.3% of total spam in the first half of the year to 3.7% in the second. Postini filters blocked more than 100 million virus-bearing messages per day during the worst of the attack.

Since then, spam with attached viruses leveled off to around 1.1% in Q1’10, and dropped as low as 0.7% in March. It’s good news that virus levels are currently trending down – but Q1’10 levels are still 12-fold higher than they were in Q1’09.

In fact, this virus surge may be part of the reason that there hasn’t been a significant impact on spam volume after the recent takedown of major botnets. With a host of new machines now infected and part of a botnet, it is unlikely that there would be a dip in spam proliferation.

Benefits of security in the cloud
Although the botnets that distribute spam are mindless drones, the spammers that take advantage of these botnets are a highly active and adaptable group. This is evidenced by the varied techniques and tactics that they employ in an ongoing effort to evade spam filters and deliver messages to their targets.

2010 is likely to see more botnets taken offline, but the question remains – will that have a long-term impact on spam volumes overall? So far in 2010, the effect has been limited, and the security community may begin to turn to other tactics that yield a more substantial impact on global spam volumes.

As long as the threat is there, however, Google is committed to using the power of the cloud to protect your enterprise from spam and viruses. Outsourcing message security to Google enables you to leverage our technical expertise and massive infrastructure to keep spammers from your inbox.

For more details on Google Apps and all of the protection it includes, go here.

Ping Tool Reporting Wrong IP

This morning we released our April Newsletter and let everyone know about one of our favorite tools. Unfortunately for about 30 minutes if you sent an email to ping@mxtoolbox.com it was not returning the correct Outbound IP. This has been corrected and we apologize for any problems this may have caused.

UPDATE: This issue was resolved approximately 20 minutes after it was reported. Thank you to all of the users that quickly let us know we had an issue!