We have recently made two related changes regarding passwords for AcceptIO.com.

First, we have disabled the password change feature of SquirrelMail and enabled the password change feature of Roundcube webmail. See HowTo: Change your password using Roundcube. The reason for this change, besides the coming demise of support for SquirrelMail (SquirrelMail's days are numbered here, EOL 31 Dec 19), is that the password change feature of SquirrelMail was not easily able to support out second change.

Second, we have strengthened the protection we use for storing passwords within the AcceptIO infrastructure. Read on if you are interested in details about that.

At approximately 4am PT / 7am ET, the AcceptIO email and web services experienced an outage due to a DNS failure. Service was fully restored at approximately 10:30am PT / 1:30pm ET.

During that time, IP addresses for most AcceptIO services could not be resolved. That affected users' abilities to log in to check or send email as well as email deliveries from external parties. The normal process for those external email servers would be to try again later, in which case messages for AcceptIO users would merely be delayed and not lost. It is possible, though rare, that some email servers would completely give up during the outage period, in which case on would expect them to return a failure notice to the sender.

We believe we have identified and corrected the conditions that led to the outage. We will be monitoring that situation more closely for the next few days.

Apologies for any inconvenience, of course.

 

The AcceptIO servers have been continuously running for over 2 years. It's finally time for some downtime, and it will be happening on 29 June (with a fallback date of 30 June) at 11am Pacific time, 2pm Eastern time. We are scheduling the downtime for 1 hour, but we expect it to take less than 15 minutes.

The purpose of this maintenance is to perform operating system and equipment upgrades. If all goes as planned, you probably will not notice any significant difference between before and after. The maintenance will include IP address changes on the server side. That should be transparent to you, but if you have trouble connecting you may have to close and restart email applications.

Image result for sign

SquirrelMail used to be one of the most popular open source webmail packages around. It was the first webmail package we installed on AcceptIO. That was many years ago, when woolly mammoths roamed the earth. SquirrelMail has not had even a minor release since July 2011. It is written in the PHP programming language, and PHP has had many releases over those intervening years. Our recent operating system and infrastructure upgrade has highlighted the fact that SquirrelMail is increasingly difficult to operate in a modern environment. It has many problems in a current PHP environment, some of which can lead to serious security problems for our site and for you.

Unless something changes in the SquirrelMail development project, we will stop supporting SquirrelMail and remove it from our web site at the end of this year, 31 December 2019. As we have done for quite a while, we recommend that anyone wanting to use a webmail interface should switch to Roundcube (https://www.AcceptIO.com/rc). Roundcube is actively maintained and has many user interface advantages compared to SquirrelMail.

 

Most of you know that web addresses beginning with "https" use secure connections. The original protocol name for those secure connections was Secure Sockets Layer (SSL). Over the years, that has evolved into Transport Layer Security (TLS). Many people still call it SSL even though all versions of SSL are obsolete.

TLS and SSL represent a family of protocols, and each protocol has several variations. When your web browser contacts a server using TLS, the browser sends a list of protocols and variations that it supports. The server picks the best combination that it also supports. All of that happens in an instant, and the web browser and the server begin their secure conversation.

We have recently made a few enhancements related to TLS for all AcceptIO-hosted web sites, including AcceptIO.com. If you control or influence the operation of any other web sites, we encourage you to do the same things.

Over the years, many protocol versions and variations have become obsolete, either  because they had technical problems or because of discoveries of weaknesses in encryption algorithms. We have changed the AcceptIO web server configuration so that it no longer supports those obsolete versions. (For the technically inclined, that means the server will not support protocols older than TLS 1.2, we don't support low-security algorithms, and we specifically disallow some encryption families that have known weaknesses.)

All connections to all AcceptIO-hosted web sites is now secure. If you connect using an "http" web address, the server will automatically redirect you to the equivalent "https" web address. This is part of a world-wide movement to secure all web connections on the Internet. 

We have switched to using security certificates from the non-profit Let's Encrypt project. Those certificates are trusted by recent versions of all popular web browsers. We took the opportunity to use a matching certificate for all AcceptIO-hosted web sites. Previously, all of those sites used the AcceptIO.com certificate, which meant that web browsers gave warnings about mis-matched server names. You should not see any certificate warnings in your browser now.
   
© 2009-2019 AcceptIO. All Rights Reserved.
Site Terms and Conditions of Use
feed-image RSS Feed for This Page