Synopsis | |
---|---|
Begin | 2023-05-31 06:30:00 |
End | 2023-06-28 11:00:00 |
Affected | users of Science mail |
Our smtp mailservers were under attack. In order to prevemt other problems, our configuration limits the number of connections that can be kept open at the same time. We cannot easily distinguish between connections by the attacker(s) and by regular users. When this limit is reached, no new connections can be made.
Therefore sending e-mail using our mailservers can take a long time or will not work at all. There’s a good chance that your IP address will be blocked (max. 1 hour), e.g. if you use loginname@science.ru.nl after June 8, 16:25.
As a workaround, for use on campus or after starting VPN, the servers are now configured to mostly service internal clients.
Update 2023-06-01 - 14:00
We are now throttling certain connections and have increased the server’s capacity. This has mitigated the issue, so you should be able to send email again. The DDOS is still ongoing.
Update 2023-06-03 - 11:30
The attack is now using more ports, as we try to mitigate this, it will be harder to send e-mail, unless you are using VPN.
Update 2023-06-08 - 16:25
Because the attackers use loginname@machinename.science.ru.nl and we always recommended to use only login name, we have terminated the authentication with loginname@… . Some users will be inconvenienced by this, but it is easy to remedy by adjusting the settings.
Update 2023-06-23 - 16:19
As the attacks continue, they still impair normal service. Using VPN or mail from the campus will get through easily, but basic authenticated SMTP will likely fail.
Update 2023-06-28 - 11:40
The attack continues. We are now blocking “bad” IPs for longer, this seems to help and makes the service usable again.