Kindly contact us on Logix support numbers: 8655681884, 8976766159,8657856112, 7208042012, 8657583920, 7208042011, 022-41024545, 8657583919, 8655806451
=============================================================

Important Information: Limited Support Availability from October 25 to 27, 2024

Dear Valued Customer,

Greetings! Thank you for patronizing Logix services.

We are excited to inform you that our organization will be celebrating its 25th anniversary from Friday, October 25th, 2024, to Sunday, October 27th, 2024. As we mark this important milestone, we want to extend our heartfelt thanks to you for your trust and continued partnership.

During this time, we will have limited support availability due to our celebrations. Please note the following important details regarding our support services:

Limited Support Availability:

- Dates: Friday, October 25th, 2024, to Sunday, October 27th, 2024
- Availability: Critical support only 
- For non-urgent queries, please feel free to raise a ticket through our usual support channels, and we will respond promptly after the event on Monday, October 28th, 2024.

Contact Information for Critical Support:

- Phone: 8655681884, 8976766159,8657856112, 7208042012, 8657583920, 7208042011, 022-41024545, 8657583919, 8655806451
- Email: support@logix.in

We truly appreciate your understanding and cooperation during this period. If you anticipate any immediate needs or changes before our event, please dont hesitate to contact us beforehand.

Thank you once again for being a valued customer. We look forward to continuing our partnership and providing you with the best services possible. =================================================================

Dear Valued Customer

Thank you for your patience and cooperation.

The security appliance issue of BKC IDC has been resolved and is closely under observation.

Please note that due to this issue, on https mail access service was affected intermittently. However, Pop/IMAP service was and is up and running seamlessly.

We request you to check now https mail services are working up and running, same has been tested at our end and is successful.

We thank you for your patience and cooperation.

=================================================================

Notification 25 July 2024:

Dear Valued Customer

Due to Network outage issue at one of our IDC (BKC, Mumbai data center), there is temporary issue in mail access. We are working on this issue to resolve on top priority.

Approximate ETA would be 4 to 6 hours. However if issue gets resolved earlier than estimated time, we will update you.

We Thank you for your patience and cooperation.

=================================================================

Notification 4 April 2024: Volume Mail Service (SendGrid OEM) Maintenance Activity: Sunday, April 21th from 4:30AM to 6:30AM IST

Dear Valued Customer,

Greetings!

This activity is applicable only for Volume mail service (Sendgrid).

In order to increase the stability and scalability of our systems, (SendGrid OEM) is performing scheduled maintenance on SendGrid services, April 20th, 2024 from 4:00PM to 6:00PM PST (Sunday, April 20th from 4:30AM to 6:30PM IST. - 21 April 2024 )

During this time, customers may experience impacts to email sends, new signups, and upgrades.

Thank you for your patience through this maintenance.

Start time: Apr 20, 04:00 PDT

Estimated duration: 2 hours

Components affected:

Mail Sending - API v3

Mail Sending - SMTP

Mail Sending - API v2

API

Billing

View full scheduled maintenance details

Note: Incase you are not using the volume mail service at present then please ignore this email. Incase any other person from your team is checking the volume mail service, please forward this email to them.

Logix Support

=================================================================

Notification 2: Important Update: SMTP Port Change from 465 to 587 TLS

Dear Valued Customer,

Greetings!!!

Thank you for patronizing the Logix Volume Mail service.

We are writing to inform you of an important update regarding our email services. In our ongoing efforts to enhance security and comply with industry standards, we are going to enable SMTP 587 TLS Port 1.2 version which is upgraded SMTP port, and we are disabling 465-port SSL encryption, which is end-of-life.

This change is scheduled to take effect on 15 April 2024. As a result, any applications, devices, or email clients currently configured to use SMTP port 465 with SSL will no longer be able to send emails through our servers after this date.

To ensure uninterrupted access to our email services, we kindly request that you update your SMTP settings to use port 587 with TLS encryption. Making this change will help maintain the security and integrity of your email communications while ensuring compatibility with our updated server configurations.

Here are the updated SMTP settings you will need to configure:

Server: SMTP server

Port: 587

Encryption: TLS

We understand that adjusting your SMTP settings may require some coordination and effort on your part. However, we are committed to assisting you throughout this transition process. Should you encounter any difficulties or require assistance in updating your settings, please do not hesitate to reach out to our technical support team. We will be more than happy to provide guidance and support to ensure a smooth transition.

Thank you for your attention to this matter and for your cooperation in implementing these necessary security measures. We greatly value your business and remain committed to providing you with reliable and secure email services.

If you have any questions or concerns regarding this update, please feel free to contact us at support@logix.in. We are here to help.

Logix Support

=================================================================

Notification 3: Urgent Action Required: Change Your Logix SupportDesk Portal Password by February 29th 2024

Dear Valued Customers,

Greetings!!! We hope this message finds you well. As part of our ongoing commitment to the security and privacy of your services, we are reaching out to inform you about an important update required for your SupportDesk Portal password.

Upon our routine security review, we have identified that your SupportDesk Portal password has not been changed for an extended period. To ensure the continued protection of your account and sensitive information, we kindly request that you update your password as soon as possible. Please find Supportdesk Guideline document link here: Logix Supportdesk Portal Guideline Document

Action Required:

Please follow these steps to change your SupportDesk Portal https://supportdesk.logix.in password using attached helpful document guideline manuals for Logix supportdesk portal as well as cpanel.logix.in, also find helpdesk guideline video link shared in notepad.

Deadline:

To ensure the security of your account, we request that you complete this password change by February 29th, 2024.

Why the Change?

Regular password updates are a crucial part of maintaining a secure online environment. This proactive measure helps safeguard your Supportdesk portal against potential unauthorized access and ensures that your sensitive information of supportdesk portal remains protected.

Thank you for your cooperation in enhancing the security of your SupportDesk Portal account.

Logix Support

=================================================================

Notification 4:

Volume mail service (SendGrid SMTP) requires Stricter implementation for Google & Yahoo mailboxes delivery

Dear Valued Customer,

Greetings!!!

Thank you for patronizing the Logix Volume Mail service.

As informed by previous multiple email notifications as per the mail trail, this is a 4th reminder to inform you that, we received SendGrid OEM\s communication, This is to inform you that beginning February 1st 2024, Google and Yahoo inboxes will implement stricter requirements for the type of mail they accept.

Please review and reverify your sender authentication to ensure it contains valid SPF and DKIM records, as well as a DMARC policy such as v=DMARC1; p=none or stricter.

If you have already updated the DMARC record, please ignore this notice.

Considering the new Gmail and Yahoo sender requirements, we strongly recommend setting up the DMARC records as described in this article to ensure maximum deliverability and the best results.

https://sendgrid.com/en-us/blog/new-sending-requirements-for-gmail-yahoo

https://docs.sendgrid.com/ui/sending-email/how-to-implement-dmarc?_gl=1*15krj7f*_ga*MjA3NjcxOTI1NC4xNzA2NTkyODY1*_ga_8W5LR442LD*MTcwNjYwMTE2NS4yLjEuMTcwNjYwMjIxNy4wLjAuMA..

Kindly take the necessary actions to comply with these requirements.

If you have already taken action, kindly ignore the mail.

Logix Support

=================================================================

Notification 4: Security Advisory | Logix Volume Mail service | TLS Handshake Failure: TLS 1.0 Deprecation: Twilio SendGrid will support TLS connections using only TLS 1.2 and high

Dear Valued Customer,

Greetings! Thank you for patronizing Logix volume mail service.

This email is regarding Logix Volume Mail service (smtp.sendgrid.net).OEM Twilio SendGrid will support TLS connections using only TLS 1.2 and higher beginning TLS. Handshake Failure: TLS 1.0 Deprecation: Twilio SendGrid will support TLS connections using only TLS 1.2 and higher beginning June 5, 2023.

For more details, Please find below Support for TLS 1.2 Guide. https://docs.sendgrid.com/for-developers/sending-email/support-for-tls-12

You can also try below options try with alternative SMTP configuration as below: SMTP server: smtp.sendgrid.net Username: apikey Password: alphanumeric multicharacter apikey code Port: 25 without encryption or 2525 without encryption or 465 SSL encryption (untick option "Use Secure Connection ").

We ensure you best of support as always.

Note: In case you are already using TLS 1.2 and higher and your volume mail service is working smoothly or you are not using Logix volume mail service then please ignore this email.

=================================================================

Notification 5:

Alert Dated 5th APril 2023: Urgent and Important Security Advisory | Changing password for user mailbox security before 15 April 2023

Dear Valued Customer,

Thank you for patronizing Logix mail service.

As a part of security importance, the password change activity is very urgent and important. Mailbox Passwords are an important aspect of email security. In current difficult times, we have observed increase in attacks on email services across globe. Normally attacks have been seen on user email accounts so that to compromise the same to gain the access of email services. To over come this issue, It is being observed that many of your email users are still not changed their email account password for 360 days or more. We expect you to immediately get password changed for all users before 15 April 2023 whose passwords are not changed for 360 days or more. They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of user mailbox or entire domain. As such, all your employees (including contractors and vendors and applications) with access to email services are responsible for taking the appropriate steps to change the password timely so that secure the access to their mailbox.

To ensure such protection we expect an Organization should opt for password policy for its mail services where Organization can setup a time line for password change which is recommended be any time between 30 days to 90 days based upon Organization’s security Policy.

Being service provider we have highly recommend to have not only password policy but to change the password with complexity in case the same has been not change for long time as a part of securing your email access.

To implement the same, we have decided to enable password policy across all domains hosted with Logix if the same has not been opted by customer. In addition to this we also want all your end users who all using email service must change their password with renewed complexity to implement highly secure access.

The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change.

The complexity password will be remained strong which is as below:

At least one Uppercase letter. At least one LowerCase letter.

At least one Number. At least one Special Character # @ % ! ^ * = - + ; . :

At least 8 characters long.Three or more Consecutive Alphabets or Numbers can not be used in a Password. e.g. 123, abc

Firstname/LastName/Domain Name/Common

Post this update any Customer domain without password policy will be requested to opt the password policy as a must have requirement to manage its access security effectively Logix support team will be available 24x7 incase of any help required.

Note: If your domain is already having the password policy enabled then please ignore this email. This is a followup reminder that your password for your email user accounts for mail services ( mailboxes hosted on Logix Mailsetup) which are expired and needs to be changed before 15th April 2023. It is mandatory & compulsory because In current difficult times, we have observed an increase in attacks on email services across globe.

Normally attacks have been seen on user email accounts so that to compromise the same to gain the access of email services. It is being observed that many of your email users are still not changed their email account password for 360 days or more.

We expect you to immediately get password changed for all users before 15 April 2023 whose passwords are not changed for 360 days or more.

Below are the very easy & admin friendly as well as user-friendly steps to change the Password.

How ADMIN USER can change the password from Admin Login Log in to your admin account https://cpanel.logix.in/home.php Click on the Users >> POP USERS >> Select your domain >> Click on GO Select the Password Expired User >> & navigate to Password tab. Create a new password that meets our password policy requirements. Click on Update How END-USER can change password from User CP ( if Existing password not Expired)      

1.Log in to your admin account User Control Panel (logix.in)      

2.Click on user Profile >> & navigate to Change Password tab.      

3.Create a new password that meets our password policy requirements.      

4.Click on Change Password If you require our assitnace to change the passwords for all your users in Mass we can do from our side for same kindly share below required details.       

1. Share list of all email ids along with Complex password(one per line) who\s password is not changed for 360 days or more.             Email Id:                     2.New password must be at least 8 characters long and contain a combination of atleast 1 uppercase and lowercase letters, numbers, and special characters(# @ % ! ^ * = - + ; . : )       

Do not use the same password for all the users, and avoid using common words or phrases so that employees will not access each other mailbox.

Post this update any Customer domain without password policy will be requested to opt the password policy as a must have requirement to manage its access security effectively.

Note: * If your domain is already having the password policy enabled then please ignore this email.     

Please note this is not applcaitble if use mailbox is on Micrososft O365 or Gsuite

=================================================================

Notification 6: 25 January 2023: Title: Users may be unable to access multiple Microsoft 365 services

Dear Valued Customers,

There is incident reported by Microsoft Users may be unable to access multiple Microsoft 365 services. Last Update ; January 25, 2023 1:21 PM

User Impact: Users may be unable to access multiple Microsoft 365 services.

Current status: Microsoft is investigating a potential issue and checking for impact to your organization. We\ll provide an update within 2 hours.

More info: We \ve received reports that the following services are impacted:

-Microsoft Teams -Exchange Online -Outlook -SharePoint Online -OneDrive for Business -Microsoft Graph Current status: We \ve identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps.

Scope of impact: Any user serviced by the affected infrastructure may be unable to access multiple Microsoft 365 services.

Next update by: Wednesday, January 25, 2023, 2:30 PM (9:00 AM UTC)

=================================================================

Notification 7: 25 October 2022: Incoming emails quarantined false positive incident:

Dear Valued Customer,

Greetings!

As we have identified that due to misbehavior of domain age lookup policy from Cisco\s TALOS (CISCO RBL repository), many of your incoming emails were falsely detected as suspicious and quarantined as spam digest. This issue has been already identified and currently being worked upon by CISCO TAC. As a temporary solution, we have disabled the policy so that all the incoming mails should get delivered. As of now, we disabled the policy filter for the time being. Post validating with Cisco TAC, we will enable it. As per our observation, early latenight yesterday mails were quarantined, so you may please release them from the spam/quarantine.

Kindly be assured that your new emails will be received without any issue.

Our team is working on it we will keep you posted.

Thank you for your understanding ! Sorry for the inconvenience caused!

=================================================================

Notification 8:9 October 2022:

Please find the below vulnerability identified in OS i. e. RHEL and CentOS which is affecting Zimbra services.

Please find vulnerability details as below: https://securityaffairs.co/wordpress/136800/hacking/zimbra-collaboration-suite-rce.html

We are performing needful action for updating necessary patch hence there will be around 10 minutes service interruption in mail services.

=================================================================

Notification 9:

5 October 2022: Microsoft Advisory: Basic Authentication in MS Exchange Online is being turned off - Starting October 1, 2022 

Dear Valued Customer!

Greetings! Thank you for patronizing Logix services.

If you are using Microsoft O365 services, the information below is applicable to you otherwise you please ignore the same.

Starting October 1st 2022, Microsoft has started to randomly select tenants and disable basic authentication access for MAPI, RPC, Offline Address Book (OAB), Exchange Web Services (EWS), POP, IMAP, Exchange ActiveSync (EAS), and Remote PowerShell. They have posted a message to the Message Center and have posted Service Health Dashboard notifications to each tenant.

Please find the disadvantages of disabling basic authentication and customers will be able to use the self-service diagnostic to re-enable basic auth for any protocols they need: POP and IMAP will no longer be supported in MS outlook mail client. IMAP and POP do not support Modern authentication. You will need to use other applications to access POP and IMAP. POP and IMAP use modern authentication by setting up OAuth and Outlook doesn’t support OAuth with POP and IMAP. MS recommends moving to MAPI for KIOSK users and leave IMAP & POP behind as these are legacy protocols. There will be impact for KIOSK if Basic Auth POP/IMAP are disabled but you would be given one time re-enablement. Customers will be able to use the self-service diagnostic to re-enable basic auth for any protocols they need, once per protocol until end of December 2022. During the first week of calendar year 2023, those protocols will be disabled for basic auth use permanently and there will be no possibility of using basic auth after that. In case any query, please reach out to us on support.o365@logix.in.

=================================================================

Notification 10:Notification 2 September 2022 at 8:15 PM IST :

Urgent Zimbra Version/ Patch upgrade activity to safeguard Zimbra mail setup

Dear Valued Customer,

Greetings! Thank you for patronizing Logix services.

This is to inform you, there is a major vulnerability identified in existing as well as old version of Zimbra hence to safeguard Zimbra setup we need to update or upgrade Zimbra version and install the latest patch provided by Zimbra on urgent basis. So we have initiated patch update or Upgrade activity for our setup. This is very crucial activity so we can’t delay it any further and it must be done immediately hence we are performing this activity for all the Zimbra mail servers.

Please refer below link for more details about this outbreak. https://nvd.nist.gov/vuln/detail/CVE-2020-12846

1. During this activity access to email services will be intermittently unavailable.  

2. There will not be any mail loss during the activity as we will hold the incoming mails on our setup during the activity and will release them once the activity is completed.   Note: End users having older Windows OS (below OS-7) and email client (MS Outlook 2007 and below) & old browsers may face issue in connecting to server as all these products are end of life by respective OEMs more than 5 years. Please let us know in case of any query.

=================================================================

Notification 11: Notification 26 August 2022 at 1:11 PM IST :

Dear Valued Customer,

Greetings! We have postponed this activity, we will shortly update you next schedule as soon as planned.

Thank you for your cooperation, sorry for the inconvenience caused.

=================================================================

Notification 12: Notification 23 August 2022 at 2:47 PM IST :

Dear Valued Customer,

Greetings! Thank you for patronizing Logix services.

As a part of the betterment of services, we are planning to upgrade the email server OS.

Applicable for customers who are using below server settings:

IMAP: zpop.hybridzimbra.com POP: zpop.hybridzimbra.com

SMTP: zsmtp.hybridzimbra.com Webmail:https://zmail.hybridzimbra.com (webmail.logix.in.)

MX: hostzimbra01.logix.in & hostzimbra02.logix.in.

The schedule for activity is Saturday 27th Aug. 2022 Start time 8 PM IST to End time 6 AM IST

1. During this activity access to email services will be completely unavailable.  

2. There will not be any mail loss during the activity as we will hold the incoming mails on our setup during the activity and will release them once the activity is completed.

=================================================================

Notification 13: 3 August 2022 at 11:45 Am :: Due to set up issue in one of the Logix data center, few customer may experience service degradation, Logix team is working on this, further udpdate will be informed after one hour.

=================================================================

Notification 14:Notification 24 June 2022 ::

Security Advisory | Enabling Two Factor Authentication on https://cpanel.logix.in will be compulsory after 15th July 2022.

Dear Valued Customer,

Greetings!! In current difficult times, we have observed increase in attacks on email services across globe.

Normally attacks have been seen on Admin accounts so that to compromise the same to gain the access of email services.

To overcome this issue, we have already extended two factor authentication for admin authentication used for https://cpanel.logix.in long back. It is been observed that many admins are still not registered for two factor authentication. Two-factor authentication is the mechanism which is an additional layer of authentication addition to password. The two components of two-factor authentication are: Something you know (e.g., password/PIN, etc) Something you have (a token, cell phone, etc)To ensure security of your email services, we expect you to immediately register for two factor authentication. In case you have already did the same, please ignore this notification. The current option of bypassing the Two-Factor step will be available till 15th July 2022 and after that two factor registration will become must have requirement for logging into https://cpanel.logix.in Kindly acknowledge the same and register for two factor asap. In case of any help required Logix support is available 24x7.

=================================================================

Notification 15: 03 March 2022 :: Logix Upstream ISP Planned Work Notification | Schedule : Saturday 5 March 2022 3 AM to 6:30 AM

Dear Valued Customers,

Greetings! Thank you for patronizing Logix services!!

Our upstream ISP Tata Communications is in receipt of maintenance activity at one of the IDC scheduled on Saturday 5 March 2022 3 AM to 6:30 AM.

The details of maintenance activity are as below.

Your below mentioned service would experience an outage of “3.5 Hours” during the activity window.

We ensure you that this activity is being performed for the purpose of betterment and upgradation of services we provide you.

TATA COMMUNICATIONS Activity Window (IST): 2022-03-05 03:00:00 IST to 2022-03-05 06:30:00 IST Expected Impact Duration(DD:HH:MM) : 3 Hours 30 Minutes Activity Description TCL Service Affecting Planned Event for JUNOS upgradation of mu-bkc-t2-icr01 at Mumbai.

We request you to reschedule sensitive operations at your end accordingly.

We apologize for any inconvenience due to this event and resulting downtime.

If you have any queries with respect to this activity, feel free to contact us.

=================================================================

Notification 16:01 February 2022 ::

MS Outlook compatibility with M365 portal Please find below new minimum Outlook for Windows version requirements for Microsoft 365.

After November 1, 2021, only Outlook 2013 Service Pack 1 (with latest fixes) and later will be able to connect to Microsoft 365 services. It’s worth noting here that Outlook 2007, 2010, and Office 2013 versions earlier than 15.0.4971.1000 *and Office 2016 versions earlier than 16.0.4600.1000 aren’t supported now.

=================================================================

Notification 17: 17 January 2022 :: International Fiber Cut

Dear Valued Customer, Greetings!!!

Due to the unprecedented fibre cut at various areas in Europe and between India and Middle east, lot of email traffic has been delayed subsequently from those regions and hit us in morning in bulk which resulted in delay in our MX side.

=================================================================

Notification 18:Notification 8 January 2022:

Dear Valued Customer,

Greetings!!!

This is to inform you that this Link upgrade activity at IDC has been rescheduled on Sunday 9 January 1 AM to 4 AM.

During this period, access to email services will remain intermittent. In case any query, please let us know.

=================================================================

Notification 19: Notification 29 December 2021: Logix Implementing SMTP-AUTH STRICT-MODE Policy to Prevent Email Spoofing / Phishing

Dear Valued Customer,

Greetings!!! Thank you for patronizing Logix service.

As a part of continuous improvement and enhancement considered for securing email communication for both incoming & outgoing, we have decided to implement STRICT-SMTP-AUTH policy on all outbound smtp mail gateways that are being used in email client. With this policy, only those emails will be allowed where the SMTP USER-AUTHENTICATION exactly matches with MAIL-FROM & ENVELOPE-SENDER. In case any of the parameters are not matched the mail will be blocked with action. The objective of implementing this policy is to secure the outbound mail flow and restrict any spam/phish sent in by a compromised user id using its authentication with different mail-from/envelope-sender email address. This will be an additional protection for outbound that we are extending with spam/virus scanning to stop such incident. Furthermore, with this policy there are possible changes of any mail which is sent via application/service using different from and auth id will be blocked with action. In case your organization is sending emails with single authentication and different mail-from/envelope-sender address as a part of your business process then requesting you to contact Logix Support desk (support@logix.in). Here you must be required to share MAIL-FROM email address which is being used for sending outbound mails via application/service. This id will be subsequently allowed to send mails accordingly. These changes are planned for securing communication and avoiding repetition of any IP blacklisting incident like the one happened on 1st December ,2021. This policy will be implementing in next two weeks for all LOGIX hosted customers. Thank you for the support and cooperation extended as always.

=================================================================

Notification 20: 11 December 2021 : Cyber Security Advisory – Apache Log4J Remote Code Execution Vulnerability (CVE-2021-44228) Who Is Impacted? Many cloud services are vulnerable to this exploit.

Please read below article for more details about the impact:

• https://www.lunasec.io/docs/blog/log4j-zero-day/

• CVE-2021-44228

• https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

Description:- FortiGuard Labs is aware of a remote code execution vulnerability in Apache Log4j. Log4j is a Java based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a remote code execution vulnerability where a remote attacker can leverage this vulnerability to take full control of a vulnerable machine.

This vulnerability is also known as Log4shell and has the CVE assignment (CVE-2021-44228). FortiGuard Labs will be monitoring this issue for any further developments. What are the technical details? Apache Log4j2 versions 2.14.1 and below Java Naming and Directory Interface (JNDI) features do not protect against attacker controlled LDAP and other JNDI related endpoints. A remote code execution vulnerability exists where attacker controlled log messages or log message parameters are able to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. What versions or Software are affected? Apache Log4J versions 2.0-beta9 to 2.14.1 are affected. Is there a Patch or Security Update Available? Yes, moving to version 2.15.0 mitigates this issue. Further mitigation steps are available from Apache as well. Please refer to the "Apache Log4j Security Vulnerabilities " in the APPENDIX for details. What is the CVSS Score? 10 (CRITICAL) What is Exactly Apache Log4j? According to Apache: Log4j is a tool to help the programmer output log statements to a variety of output targets. In case of problems with an application, it is helpful to enable logging so that the problem can be located. With log4j it is possible to enable logging at runtime without modifying the application binary. The log4j package is designed so that log statements can remain in shipped code without incurring a high performance cost. It follows that the speed of logging (or rather not logging) is capital. At the same time, log output can be so voluminous that it quickly becomes overwhelming. One of the distinctive features of log4j is the notion of hierarchical loggers. Using loggers it is possible to selectively control which log statements are output at arbitrary granularity. What is the Status of Protections? FortiGuard Labs has IPS coverage in place for this issue as (version 19.215): Apache.Log4j.Error.Log.Remote.Code.Execution Please note that, since this is an emergency release, the default action for this signature is set to pass. Please modify the action according to your need on a few test policies before rolling out to all policies protecting your Server segment. Any Suggested Mitigation? According to Apache, the specific following mitigation steps are available: In releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to "true. " For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class FortiGuard Labs recommends organizations affected by CVE-2021-44228 to update to the latest version of 2.15.0 immediately. Apache also recommends that users running versions 1.0 or lower install version 2.0 or higher as 1.0 has reached end of life in August 2015 for Log4j to obtain security updates. Binary patches are never provided and must be compiled. For further details, refer to the "Apache Log4j Security Vulnerabilities " in the APPENDIX. If this is not possible, various counter measures such as isolating machines behind a firewall or VPN that are public facing is recommended Appendix Apache Log4j Security Vulnerabilities (Apache) Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation (US CERT) CVE-2021-44228 (MITRE) https://www.fortiguard.com/threat-signal-report/4335/apache-log4j-remote-code-execution vulnerability-cve-2021-4422 =================================================================

Notification 21: Notification 2 July 2021 Security Advisory :

[Postponement update] TLS 1.2 will put in force from 31 December, 2021 & TLS 1.0 / 1.1 is be being discontinued for security reason

Dear Valued customer, Greetings!

This is to inform you that, the upcoming change of blocking TLS 1.0 and 1.1 protocol over smtp in our setup has been postponed.

The decision was taken with the consideration that due to ongoing Covid pandemic many customers were facing difficulties for complying with change requested as most of the users were still working from home. The activity will be postponed till 31December ,2021.

Meanwhile we are requesting you all to upgrade to TLS 1.2 supported OS,Browser and Email client as mentioned below : O/S - Windows-10 with SP1 and above Email Client - Outlook 2010 SP2 and above. Browsers - Latest available versions. In case any query, feel free to contact us.

=================================================================

Notification 22: 14 June 2021 Security Advisory : Retiring TLS1.0 and 1.1 for SMTP service

Dear Valued Customer, Greetings!

Thank you for patronizing Logix services.

As a part of security enhancement, we are performing activity of retiring TLS1.0 and 1.1.

Please find below details about this activity.

Description: LOGIX is discontinuing the use of TLS 1.0 and 1.1. Customers will be required to use TLS 1.2 and above for all communications with their instances.

What is the risk?: Among other weaknesses, TLS 1.0 is vulnerable to man-in-the-middle attacks, risking the integrity and authentication of data sent between a client and smtp/webmail servers.

Impact: Any services that currently rely on TLS 1.1 or older will no longer be available. The two most likely reasons LOGIX customers see TLS 1.1 traffic or older is due to customer usage of older web browsers, older customized integrations.

Why: The use of TLS 1.2 is a recommended security best practice that provides a higher degree of privacy and data integrity over previous versions and to maintain compliance with the latest industry standards.

Reference Links: https://www.venafi.com/blog/why-its-dangerous-use-outdated-tls-security-protocols

https://www.digicert.com/blog/depreciating-tls-1-0-and-1-1 TLS 1.0 has several flaws.

An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS).

Websites using TLS 1.0 are considered non-compliant by PCI since 30 June 2018.

The existence of TLS 1.0 and 1.1 on the internet acts as a security risk. Clients using these versions are suffering from their shortcomings, while the rest of the internet is vulnerable to various attacks exploiting known vulnerabilities, for almost no practical benefit.

When: LOGIX will stop by Wednesday 7 July 2021 6:30 PM IST without any exception. This is the schedule of the upcoming bulk changes:

Required Action: LOGIX is monitoring customer usage of TLS 1.1 and older in our environment. If you are using anything older than TLS 1.2. Please review this information and update any relevant services to use TLS 1.2 or higher. Below are the supported products: O/S - Windows-10 with SP1 and above Email Client - Outlook 2010 SP2 and above. Browsers - Latest available versions.

=================================================================

Notification 23:

Dear Valued Customer, We thank you for your association with us.

This email intends a general communication to our customers especially using the Net4India Services for Domain Registration and or DNS. Recently & also in past, we received reports from several customers about unable to receive emails & also their website being down. It was observed that the domain name of these customers are either with Net4India OR the nameservers are registered with Net4India. There are/were instances where Net4India Nameservers were not reachable due to which the domain DNS resolution fails thus leading to issues such as not receiving emails, websites or applications running on FQDN are impacted. There are also issues where Customers are unable to renew their domain name leading to domain expiration We request to kindly go through the procedures as which are listed on NIXI & ICANN Website to resolve the issue since Logix do not hold control on Domain Registration/Nameservers services being provided by Net4India https://www.registry.in/registry/images/page/Email_Net4_29012021.pdf

https://www.icann.org/en/blogs/details/icann-support-for-registrants-and-those-impacted-by-net-4-india-limited-17-11-2020-en

If you are experiencing issue in receiving emails from external domains, please check whether your domain/DNS service is with Net4india which is down due to which this issue is observed.

1.You can lookup your domain/DNS from below links to check who is your domain registrar and who is DNS service provider: https://www.dnswatch.info/dns https://www.drwhois.com/

2. Issue is not with mail server at Logix end.

3. We have no scope to shift it to us unless Net4 is sharing us domain auth key for domain name transfer

4. For dns shifting also, domain name control must b up where we have to update NS records

5. please find below details helpful to shift domain/dns from Net4: Regarding domain names transfer, auth key is not available in Net4portal, you will have to request for auth key from your Net4portal by clicking on retrieve option then you will receive mail on your registered email address from Net4system.

In case you are experiencing difficulties contacting Net4 to get auth keys, then below are Customer Support details on which you may send email from your registered and authorized email address: transfer-compliance@net4.com renewals@net4.in bajaj.vikram@gmail.com corporatesupport@net4.in icannresolutions@net4.com pankaj.s@net4.in pankaj.s@net4.com update@net4.in Below are few contact details we managed to gather helpful for customers who want domain name transfer from Net4 to us: +9196508 21618 - Mr. Pankaj (available both by phone and whatsapp) Ms. Shailee Arora (Net4 renewal department Head) is 8368981559. =================================================================

Notification 24:Volume mail service (Sendgrid) security advisory:

Over the past several months we have attempted to inform you of the requirement to update your authentication method with Twilio SendGrid to API keys exclusively by March 24th, 2021.

What action is required? Follow these steps to identify and replace your authentication method to API Keys and then implement Two-Factor Authentication (2FA) for all users to enhance security. If you do not take action, those API and SMTP requests (including any applicable mail/send requests and expected email delivery) will be rejected on March 24th, 2021. If you have already updated your authentication to API Keys exclusively, or plan to prior to this deadline, please reply to this email to let us know you acknowledged these requirements and the deadline. If you require further discussion or would like to request an extension to this deadline, please email us with (1) your reason for requesting an extension and (2) the date you could meet these requirements. If you do not know or do not manage your SendGrid integration, please forward this information to someone at your organization who is likely to and include us in your email. We’d like to thank you in advance for your prompt attention to these requirements.

For more information about how you can enhance the security of your account, view https://secure-web.cisco.com/1bnzB9EdWzOh99KE2TdYY1CHNgEl-enBvSboWUwo1CedUz_YTiYRBFpf4eL6aNr438pUFoy9kvc8vgXIAwm-sTjbb4iW7WheSoUAtPwM83ExGhcj03jIAQYjNgVB_qTeuK4sFq2VaDswD9Grg9bozmlprh2aSjSI9AsgksisdPvlyALI_EYQs6w5Bu78FZXXij9UAZpk1p7zw6Cv1qEsRpAqxLb-U3hYIccHi75AJzWxYblRL3yUVLSj9ARi6l4CIBugIrBlTK-XSWA6vZKZ7QjHEUS7yLdLx8CpfOCnw4wwnavplBFwla7MX35EWGzl4pCc5t7TRK6hj73MzG3wmaBF714surjTEUfsdXm2fSkE8E9o-Xgg0-WNpv5ql-sfB7IChO38caBce-BTsdL2lKXGIDwsY-ZCN04dnM-Qfzi8T45XWHloesgqKv7m2Uz-AQIS3tN7Q3dCDmpOtbealbD55VCWc3ahuGJclxxw0LAo/https%3A%2F%2Fsendgrid.com%2Fblog%2F7-best-practices-to-protect-your-twilo-sendgrid-account-and-sending-reputation%2F.

=================================================================

Notification 25: Launch of Logix Supportdesk portal update with customer friendly ticketing options:

Dear Valued Customer, Wish you a very happy and safe new year from Logix!!! Thank you for patronizing Logix services and association with us.

To serve you always in a better way, we have made certain changes in Logix support desk portal https://supportdesk.logix.in with more option to specify your query/issue in moderated manner.

Please find attached document guidelines with support desk changes which are recently incorporated.

We have introduced 4 new dropdown options while raising a Support Ticket, these newly added options are as below:

A. Service Under this option we request you select the kind of service availed by your esteemed organization. Multiple options are provided for ease of selection

B. Type of Complaint Request you to provide if you are having a problem, question/query or a sales inquiry

C. Type of Issue Multiple options shall be provided here. Please select the option which describes your requirement in a best possible way. In case a suitable option is not found, then please select the option “Other” and provide details in the subject line. Under description, please state your requirement in as details as possible.

D. Impact of the Issue Under this there only 3 options available: More than 50% Users impacted Less than 50% Users impacted Specific Users Based on your selection of above four fields, Severity and Priority of the said problem will be automatically calculated. Also be informed that, if your issue is marked critical by the ticketing system, we will attend it on priority.

We are always delighted to assist you to make sure your business processes run seamlessly.

In case you have any query submitting the ticket, please feel free to reach to us. Assuring you our best of support as always!!!

=================================================================

Notification 26:Update on 28 October 2020:

Security Advisory !!! Enabling Two factor authentication and API authentication for your volume mail account

Dear Valued Customer, Thank you for patronizing Logix volume mail service.

As a part of security importance, there is an important change Volume mail service OEM is implementing for the security of your volume mail account.

As of December 9th, 2020, OEM will be making two changes: Will accept only API key authentication for all endpoints in order to improve the security of your volume mail account. Will also require enablement of Two-Factor authentication for your volume mail account and Teammates. Currently system accepts Basic Authentication on the following: SMTP All v2 API endpoints v3 API Non-Mail/Send endpoints v3 API mail/send accepts API Keys only and does not allow Basic Authentication If a customer enables 2FA without having activated the new API keys, all API requests using username/password will be rejected. Therefore, we recommend prioritizing the update of your authentication methods to API Keys before enabling 2FA in order to avoid breaking your integrations. Here is what you need to do: Upgrade your integration to authentication with API Keys (link: https://sendgrid.com/docs/for-developers/sending-email/upgrade-your-authentication-method-to-api-keys/ ) – This should be done on both Mail Send and Non-Mail Send accounts.

NOTE: This step is critical to complete before the December 9, 2020 deadline. API requests that do not contain an API key after that date will fail without being processed. Set up 2FA access (link: https://sendgrid.com/docs/ui/account-and-settings/two-factor-authentication/) for all Subusers and Teammates within your accounts.

NOTE: If you aren’t able to complete step two in advance of the deadline, users will be asked to set-up 2FA when they log-in to their Twilio SendGrid account. FAQs and answer for your easy reference:

1. Please confirm whether smtp.sendgrid.net will be in service and live with username and password of sendgrid UI credentials ? Starting December 9th, SMTP will continue to be available but we recommend setting up API Keys with SMP so there is no break in integration. Please let us know if this will be possible. Linked here (https://sendgrid.com/docs/API_Reference/SMTP_API/integrating_with_the_smtp_api.html#-Integrating-with-Sendgrid) is the integration guide for SMTP with API Key instructions.

2. What if user is using smtp.sendgrid.net, Mail client such as MS Outlook or Mozilla Thunderbird supports only smtp server hostname or IP for outgoing, how API will be used in such cases ? The customer will still be able to use SMTP.sendgrid.net but we recommend setting up API Keys with SMP so there is no break in integration. Please let us know if this will be possible. Linked here (https://sendgrid.com/docs/API_Reference/SMTP_API/integrating_with_the_smtp_api.html#-Integrating-with-Sendgrid) is the integration guide for SMTP with API Key instructions.

3. Two Factor authentication must be only for Sendgrid.com UI and not for SMTP authentication or API, our customers have faced issue in SMTP authentication due to 2 FA enabled reasons. What will be solution on this? This is true. 2FA is only going to be prompted when you try to sign into the SendGrid UI after December 9th. However, we will no longer be accepting Basic Authentication (username and password) as well. That being said, we are recommending changing all mail send integrations (SMTP, API v2, API v3) to the use of API Keys. Documentation linked here https://sendgrid.com/docs/for-developers/sending-email/upgrade-your-authentication-method-to-api-keys/ Here is what you need to do: Upgrade your integration to authentication with API Keys – This should be done on both Mail Send and Non-Mail Send accounts. NOTE: This step is critical to complete before the December 9, 2020 deadline. API requests that do not contain an API key after that date will fail without being processed. Setup 2FA access (link: https://sendgrid.com/docs/ui/account-and-settings/two-factor-authentication/) for all Subusers and Teammates within your accounts.

NOTE: If you aren’t able to complete step two in advance of the deadline, users will be asked to set-up 2FA when they log-in to their volume mail account. Do let us know if you have any query regarding this security advisory.

=================================================================

Notification 27: Security Advisory!! Update Logix SPF in your DNS

Dear Valued customer, Greetings from Logix !!!

Please ensure that Logix s SPF record is included in your existing SPF record (applicable only in case you are using our SMTP services). SPF allows receiving mail server to check during mail delivery that a mail is received from a your genuine domain. Below is the SPF record to be included in your existing SPF record. Domain Type TTL Record Domain name TXT 86400 v=spf1 include:_spfnew.logix.in ~all Kindly ignore the given SPF record if it is already updated for your domain; also ignore this if you are not using Logix smtp service. How to check and read a SPF record for a domain: Method 1: The SPF record is stored within a DNS database and is bundled with the DNS lookup information. You can manually check the Sender Policy Framework (SPF) record for a domain by using NS lookup as follows:Open Command prompt (Start > Run > cmd): 1.Type "nslookup -type=txt " a space, and then the domain/host name. e.g. "nslookup -type=txt logix.in " 2.If an SPF record exists, the result would be similar to: "v=spf1 include:_spfnew.logix.in ~all 3.If there are no results or if there is no "v=spf1 " property, then there is a problem retrieving the record for the domain, or one does not exist. Method 2: 1.Open https://www.dnswatch.info DNS Lookup tool, Reverse DNS lookup tool - www.DNSWatch.info