Service Alert

1. Due COVID-19 Outbreak, support team is working from home so kindly contact us on Logix support numbers: 7208042012, 7208042011, 8657583920, 8657583919, 022-41024545
Notification 17 January 2022:

Dear Valued Customer,


Due to the unprecedented fibre cut at various areas in Europe and between India and Middle east, lot of email traffic has been delayed subsequently from those regions and hit us in morning in bulk which resulted in delay in our MX side. Now we have taken care of the issue and issue has been resolved, entire things will be under control within next one hour.

In case any query, please let us know.

Contact: 7208042012, 7208042011, 8657583920, 8657583919, 022-41024545
Notification 8 January 2022:

Dear Valued Customer,


This is to inform you that this Link upgrade activity at IDC has been rescheduled on Sunday 9 January 1 AM to 4 AM.

During this period, access to email services will remain intermittent.

In case any query, please let us know.

Contact: 7208042012, 7208042011, 8657583920, 8657583919, 022-41024545
Notification 29 December 2021:

Logix Implementing SMTP-AUTH STRICT-MODE Policy to Prevent Email Spoofing / Phishing

Dear Valued Customer,

Greetings!!! Thank you for patronizing Logix service.

As a part of continuous improvement and enhancement considered for securing email communication for both incoming & outgoing, we have decided to implement STRICT-SMTP-AUTH policy on all outbound smtp mail gateways that are being used in email client. With this policy, only those emails will be allowed where the SMTP USER-AUTHENTICATION exactly matches with MAIL-FROM & ENVELOPE-SENDER. In case any of the parameters are not matched the mail will be blocked with action.

The objective of implementing this policy is to secure the outbound mail flow and restrict any spam/phish sent in by a compromised user id using its authentication with different mail-from/envelope-sender email address. This will be an additional protection for outbound that we are extending with spam/virus scanning to stop such incident.

Furthermore, with this policy there are possible changes of any mail which is sent via application/service using different from and auth id will be blocked with action. In case your organization is sending emails with single authentication and different mail-from/envelope-sender address as a part of your business process then requesting you to contact Logix Support desk ( Here you must be required to share MAIL-FROM email address which is being used for sending outbound mails via application/service. This id will be subsequently allowed to send mails accordingly .

These changes are planned for securing communication and avoiding repetition of any IP blacklisting incident like the one happened on 1st December ,2021.

This policy will be implementing in next two weeks for all LOGIX hosted customers.

Thank you for the support and cooperation extended as always.
11 December 2021 : Cyber Security Advisory – Apache Log4J Remote Code Execution Vulnerability (CVE-2021-44228)

Who Is Impacted?

Many cloud services are vulnerable to this exploit. Please read below article for more details about
the impact:

• CVE-2021-44228

FortiGuard Labs is aware of a remote code execution vulnerability in Apache Log4j. Log4j is a Java
based logging audit framework within Apache. Apache Log4j2 2.14.1 and below are susceptible to a
remote code execution vulnerability where a remote attacker can leverage this vulnerability to take
full control of a vulnerable machine.

This vulnerability is also known as Log4shell and has the CVE assignment (CVE-2021-44228).

FortiGuard Labs will be monitoring this issue for any further developments.

What are the technical details?
Apache Log4j2 versions 2.14.1 and below Java Naming and Directory Interface (JNDI) features do not
protect against attacker controlled LDAP and other JNDI related endpoints. A remote code execution
vulnerability exists where attacker controlled log messages or log message parameters are able to
execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

What versions or Software are affected?
Apache Log4J versions 2.0-beta9 to 2.14.1 are affected.

Is there a Patch or Security Update Available?
Yes, moving to version 2.15.0 mitigates this issue. Further mitigation steps are available from Apache
as well. Please refer to the "Apache Log4j Security Vulnerabilities" in the APPENDIX for details.

What is the CVSS Score?

What is Exactly Apache Log4j?
According to Apache:
Log4j is a tool to help the programmer output log statements to a variety of output targets. In case
of problems with an application, it is helpful to enable logging so that the problem can be located.
With log4j it is possible to enable logging at runtime without modifying the application binary. The
log4j package is designed so that log statements can remain in shipped code without incurring a high
performance cost. It follows that the speed of logging (or rather not logging) is capital.
At the same time, log output can be so voluminous that it quickly becomes overwhelming. One of
the distinctive features of log4j is the notion of hierarchical loggers. Using loggers it is possible to
selectively control which log statements are output at arbitrary granularity.

What is the Status of Protections?
FortiGuard Labs has IPS coverage in place for this issue as (version 19.215):
Please note that, since this is an emergency release, the default action for this signature is set to
pass. Please modify the action according to your need on a few test policies before rolling out to all
policies protecting your Server segment.

Any Suggested Mitigation?
According to Apache, the specific following mitigation steps are available:
In releases >=2.10, this behavior can be mitigated by setting either the system property
log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to
"true." For releases from 2.0-beta9 to 2.10.0, the mitigation is to remove the JndiLookup class from
the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
FortiGuard Labs recommends organizations affected by CVE-2021-44228 to update to the latest
version of 2.15.0 immediately. Apache also recommends that users running versions 1.0 or lower
install version 2.0 or higher as 1.0 has reached end of life in August 2015 for Log4j to obtain security
updates. Binary patches are never provided and must be compiled. For further details, refer to the
"Apache Log4j Security Vulnerabilities" in the APPENDIX.
If this is not possible, various counter measures such as isolating machines behind a firewall or VPN
that are public facing is recommended

Apache Log4j Security Vulnerabilities (Apache)
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation (USCERT)
CVE-2021-44228 (MITRE)
2 July 2021

Security Advisory : [Postponement update] TLS 1.2 will put in force from 31 December, 2021 & TLS 1.0 / 1.1 is be being discontinued for security reason

Dear Valued customer,


This is to inform you that, the upcoming change of blocking TLS 1.0 and 1.1 protocol over smtp in our setup has been postponed. The decision was taken with the consideration that due to ongoing Covid pandemic many customers were facing difficulties for complying with change requested as most of the users were still working from home.

The activity will be postponed till 31December ,2021. Meanwhile we are requesting you all to upgrade to TLS 1.2 supported OS,Browser and Email client as mentioned below :

O/S - Windows-10 with SP1 and above
Email Client - Outlook 2010 SP2 and above.
Browsers - Latest available versions.

In case any query, feel free to contact us.
14 June 2021

Security Advisory : Retiring TLS1.0 and 1.1 for SMTP service

Dear Valued Customer,


Thank you for patronizing Logix services.

As a part of security enhancement, we are performing activity of retiring TLS1.0 and 1.1. Please find below details about this activity.

LOGIX is discontinuing the use of TLS 1.0 and 1.1. Customers will be required to use TLS 1.2 and above for all communications with their instances.

What is the risk?:
Among other weaknesses, TLS 1.0 is vulnerable to man-in-the-middle attacks, risking the integrity and authentication of data sent between a client and smtp/webmail servers.

Any services that currently rely on TLS 1.1 or older will no longer be available. The two most likely reasons LOGIX customers see TLS 1.1 traffic or older is due to customer usage of older web browsers, older customized integrations.

The use of TLS 1.2 is a recommended security best practice that provides a higher degree of privacy and data integrity over previous versions and to maintain compliance with the latest industry standards.

Reference Links:

TLS 1.0 has several flaws. An attacker can cause connection failures and they can trigger the use of TLS 1.0 to exploit vulnerabilities like BEAST (Browser Exploit Against SSL/TLS). Websites using TLS 1.0 are considered non-compliant by PCI since 30 June 2018.
The existence of TLS 1.0 and 1.1 on the internet acts as a security risk. Clients using these versions are suffering from their shortcomings, while the rest of the internet is vulnerable to various attacks exploiting known vulnerabilities, for almost no practical benefit.

LOGIX will stop by Wednesday 7 July 2021 6:30 PM IST without any exception. This is the schedule of the upcoming bulk changes:

Required Action:
LOGIX is monitoring customer usage of TLS 1.1 and older in our environment. If you are using anything older than TLS 1.2. Please review this information and update any relevant services to use TLS 1.2 or higher.

Below are the supported products:
O/S - Windows-10 with SP1 and above
Email Client - Outlook 2010 SP2 and above.
Browsers - Latest available versions.

In case any query, feel free to contact us.
Dear Valued Customer,

We thank you for your association with us. This email intends a general communication to our customers especially using the Net4India Services for Domain Registration and or DNS.

Recently & also in past, we received reports from several customers about unable to receive emails & also their website being down. It was observed that the domain name of these customers are either with Net4India OR the nameservers are registered with Net4India.

There are/were instances where Net4India Nameservers were not reachable due to which the domain DNS resolution fails thus leading to issues such as not receiving emails, websites or applications running on FQDN are impacted. There are also issues where Customers are unable to renew their domain name leading to domain expiration

We request to kindly go through the procedures as which are listed on NIXI & ICANN Website to resolve the issue since Logix do not hold control on Domain Registration/Nameservers services being provided by Net4India

If you are experiencing issue in receiving emails from external domains, please check whether your domain/DNS service is with Net4india which is down due to which this issue is observed.

1.You can lookup your domain/DNS from below links to check who is your domain registrar and who is DNS service provider:

2. Issue is not with mail server at Logix end.
3. We have no scope to shift it to us unless Net4 is sharing us domain auth key for domain name transfer
4. For dns shifting also, domain name control must b up where we have to update NS records
5. please find below details helpful to shift domain/dns from Net4:

Regarding domain names transfer, auth key is not available in Net4portal, you will have to request for auth key from your Net4portal by clicking on retrieve option then you will receive mail on your registered email address from Net4system.

In case you are experiencing difficulties contacting Net4 to get auth keys, then below are Customer Support details on which you may send email from your registered and authorized email address:

Below are few contact details we managed to gather helpful for customers who want domain name transfer from Net4 to us:

+9196508 21618 - Mr. Pankaj (available both by phone and whatsapp)
Ms. Shailee Arora (Net4 renewal department Head) is 8368981559.
Volume mail service (Sendgrid) security advisory:

Over the past several months we have attempted to inform you of the requirement to update your authentication method with Twilio SendGrid to API keys exclusively by March 24th, 2021.

What action is required?

Follow these steps to identify and replace your authentication method to API Keys and then implement Two-Factor Authentication (2FA) for all users to enhance security.

If you do not take action, those API and SMTP requests (including any applicable mail/send requests and expected email delivery) will be rejected on March 24th, 2021.

If you have already updated your authentication to API Keys exclusively, or plan to prior to this deadline, please reply to this email to let us know you acknowledged these requirements and the deadline.

If you require further discussion or would like to request an extension to this deadline, please email us with (1) your reason for requesting an extension and (2) the date you could meet these requirements.

If you do not know or do not manage your SendGrid integration, please forward this information to someone at your organization who is likely to and include us in your email.

We’d like to thank you in advance for your prompt attention to these requirements. For more information about how you can enhance the security of your account, view

Launch of Logix Supportdesk portal update with customer friendly ticketing options:

Dear Valued Customer,

Wish you a very happy and safe new year from Logix!!! Thank you for patronizing Logix services and association with us.

To serve you always in a better way, we have made certain changes in Logix support desk portal with more option to specify your query/issue in moderated manner. Please find attached document guidelines with support desk changes which are recently incorporated.

We have introduced 4 new dropdown options while raising a Support Ticket, these newly added options are as below:

A. Service

Under this option we request you select the kind of service availed by your esteemed organization. Multiple options are provided for ease of selection

B. Type of Complaint

Request you to provide if you are having a problem, question/query or a sales inquiry
C. Type of Issue

Multiple options shall be provided here. Please select the option which describes your requirement in a best possible way. In case a suitable option is not found, then please select the option “Other” and provide details in the subject line. Under description, please state your requirement in as details as possible.

D. Impact of the Issue

Under this there only 3 options available:

More than 50% Users impacted
Less than 50% Users impacted
Specific Users

Based on your selection of above four fields, Severity and Priority of the said problem will be automatically calculated.

Also be informed that, if your issue is marked critical by the ticketing system, we will attend it on priority. We are always delighted to assist you to make sure your business processes run seamlessly.

In case you have any query submitting the ticket, please feel free to reach to us.

Assuring you our best of support as always!!!
Update on 28 October 2020:

Security Advisory !!! Enabling Two factor authentication and API authentication for your volume mail account

Dear Valued Customer,
Thank you for patronizing Logix volume mail service.
As a part of security importance, there is an important change Volume mail service OEM is implementing for the security of your volume mail account. As of December 9th, 2020, OEM will be making two changes: Will accept only API key authentication for all endpoints in order to improve the security of your volume mail account.
Will also require enablement of Two-Factor authentication for your volume mail account and Teammates.

Currently system accepts Basic Authentication on the following: SMTP All v2 API endpoints v3 API Non-Mail/Send endpoints v3 API mail/send accepts API Keys only and does not allow Basic Authentication If a customer enables 2FA without having activated the new API keys, all API requests using username/password will be rejected. Therefore, we recommend prioritizing the update of your authentication methods to API Keys before enabling 2FA in order to avoid breaking your integrations. Here is what you need to do: Upgrade your integration to authentication with API Keys (link: ) – This should be done on both Mail Send and Non-Mail Send accounts.

NOTE: This step is critical to complete before the December 9, 2020 deadline. API requests that do not contain an API key after that date will fail without being processed.

Set up 2FA access (link: for all Subusers and Teammates within your accounts.

NOTE: If you aren’t able to complete step two in advance of the deadline, users will be asked to set-up 2FA when they log-in to their Twilio SendGrid account.

FAQs and answer for your easy reference:

1. Please confirm whether will be in service and live with username and password of sendgrid UI credentials ?
Starting December 9th, SMTP will continue to be available but we recommend setting up API Keys with SMP so there is no break in integration. Please let us know if this will be possible. Linked here ( is the integration guide for SMTP with API Key instructions.

2. What if user is using, Mail client such as MS Outlook or Mozilla Thunderbird supports only smtp server hostname or IP for outgoing, how API will be used in such cases ?
The customer will still be able to use but we recommend setting up API Keys with SMP so there is no break in integration. Please let us know if this will be possible. Linked here ( is the integration guide for SMTP with API Key instructions.

3. Two Factor authentication must be only for UI and not for SMTP authentication or API, our customers have faced issue in SMTP authentication due to 2 FA enabled reasons. What will be solution on this?

This is true. 2FA is only going to be prompted when you try to sign into the SendGrid UI after December 9th. However, we will no longer be accepting Basic Authentication (username and password) as well. That being said, we are recommending changing all mail send integrations (SMTP, API v2, API v3) to the use of API Keys.

Documentation linked here

Here is what you need to do: Upgrade your integration to authentication with API Keys – This should be done on both Mail Send and Non-Mail Send accounts.

NOTE: This step is critical to complete before the December 9, 2020 deadline. API requests that do not contain an API key after that date will fail without being processed. Setup 2FA access (link: for all Subusers and Teammates within your accounts.

NOTE: If you aren’t able to complete step two in advance of the deadline, users will be asked to set-up 2FA when they log-in to their volume mail account. Do let us know if you have any query regarding this security advisory.

Security Advisory!! Update Logix SPF in your DNS

Dear Valued customer,

Greetings from Logix !!! Please ensure that Logix\\\\\\\\\\\\\\\'s SPF record is included in your existing SPF record (applicable only in case you are using our SMTP services). SPF allows receiving mail server to check during mail delivery that a mail is received from a your genuine domain.

Below is the SPF record to be included in your existing SPF record.

Domain Type TTL Record Domain name TXT 86400 v=spf1 ~all

Kindly ignore the given SPF record if it is already updated for your domain; also ignore this if you are not using Logix smtp service.

How to check and read a SPF record for a domain:

Method 1: The SPF record is stored within a DNS database and is bundled with the DNS lookup information.

You can manually check the Sender Policy Framework (SPF) record for a domain by using NS lookup as follows:Open Command prompt (Start > Run > cmd):

1.Type "nslookup -type=txt" a space, and then the domain/host name. e.g. "nslookup -type=txt"
2.If an SPF record exists, the result would be similar to:"v=spf1 ~all
3.If there are no results or if there is no "v=spf1" property, then there is a problem retrieving the record for the domain, or one does not exist.

Method 2: 1.Open DNS Lookup tool, Reverse DNS lookup tool - is available to anybody for free.

This is only possible since we display ads to cover our expenses. An ad blocker installed on your browser is blocking ads on

2.Enter your domain in Hostname or IP field, select type as TXT and click on Resolve

3. If an SPF record exists, the result would be similar to: "v=spf1 ~all

4. If there are no results or if there is no "v=spf1" property, then there is a problem retrieving the record for the domain, or one does not exist.

Security Advisory | possible threat of cyber attacks with subject of COVID

In a wake of potential cyber offensive, as per Certified advisory, in the guise of a free Covid test phishing attack, we have set necessary policy at our antispam gateway so that such threat alike mails will get quarantine as spam. Preventive Measures at user level

1. Don\\\\\\\\\\\\\\\'t open or click on attachment in unsolicited E-mail, SMS or messages through Social Media
2. Exercise caution in opening attachments, even if the sender appears to be known
3. Beware of e-mail addresses, spelling errors in e-mails, websites and unfamiliar e-mail senders
4. Do not submit personal financial details on unfamiliar or unknown websites / links
5. Beware of e-mails, links providing special offers like Covid-19 testing, Aid, Winning prize, Rewards, Cashback offers


Security Advisory | Quarantined dangerous file extensions via email. Due to security reasons, we have quarantined below dangerous file extensions, hence if any mail is having these extensions, the attachments will be blocked by Logix security gateway.

exe java iso bat msi scr dll ade adp chm cab cmd cpl hta ins isp jar jse docm lib lnk mde msc msp mst vxd wsc wsf wsh js ws pif sct shb vb vbe vbs app asp aspx asx bas cer cnt com crt csh der diagcab fxp gadget grp hlp hpj htc inf its jnlp ksh mad maf mag mam maq mar mas mat mau mav maw mcf mda mdb mdt mdw mdz msh msh1 msh2 mshxml msh1xml msh2xml msu ops osd pcd pl plg prf prg printerexport ps1 ps1xml ps2 ps2xml psc1 psc2 psd1 psdm1 pst py pyc pyo pyw pyz pyzw reg scf shs theme tmp url vbp vhd vhdx vsmacros vsw webpnp website xbap xll xnk 7z

Security Advisory | Enabling Two Factor Authentication on

Dear Valued Customer,


In current difficult times, we have observed increase in attacks on email services across globe. Normally attacks have been seen on Admin accounts so that to compromise the same to gain the access of email services.

To over come this issue, we have already extended two factor authentication for admin authentication used for long back. It was observed that many admins are still not registered for two factor authentication. Two-factor authentication is the mechanism which is an additional layer of authentication addition to password. The two components of two-factor authentication are: Something you know (e.g., password/PIN, etc) Something you have (a token, cell phone, etc)To ensure security of your email services, we expect you to immediately register for two factor authentication.

In case you have already did the same, please ignore this email. The current option of bypassing the two factor step will be available till 31st July 2020 hence upon two factor registration will become must have requirement for logging into Kindly acknowledge the same and register for two factor asap.

In case of any help required Logix support is available 24x7.

Security Advisory | Enabling password policy for user mailbox security

Dear Valued Customer,

Mailbox Passwords are an important aspect of email security.

They are the front line of protection for user accounts. A poorly chosen password may result in a compromise of user mailbox or entire domain. As such, all your employees (including contractors and vendors) with access to email services are responsible for taking the appropriate steps to change the password timely so that secure the access to their mailbox.

To ensure such protection we expect an Organisation should opt for password policy for its mail services where Organisation can setup a time line for password change which is recommended be any time between 30 days to 90 days based upon Organisation’s security Policy. Being service provider we have highly recommend to have not only password policy but to change the password with complexity in case the same has been not change for long time as a part of securing your email access.

To implement the same we have decided to enable password policy across all domains hosted with Logix if the same has not been opted by customer.
In addition to this we also want all your end users who all using email service must change their password with renewed complexity to implement highly secure access. The purpose of this policy is to establish a standard for the creation of strong passwords, the protection of those passwords, and the frequency of change. The complexity password will be remain strong which is as below:

At least one UpperCase letter.
At least one LowerCase letter.
At least one Number.
At least one Special Character # @ % ! ^ * = - + ; . :
At least 8 characters long.Three or more Consecutive Alphabets or Numbers can not be used in a Password. e.g. 123, abc Firstname/LastName/Domain Name/Common

Password can not be used in a Password.

Post this update any Customer domain without password policy will be requested to opt the password policy as a must have requirement to manage its access security effectively Logix support team will be available 24x7 incase of any help required.

Note: If your domain is already having the password policy enabled then please ignore this email.

Email Security Advisory : Bulk mail blocking at Email Security Gateway:

Dear Valued Customers,

It has been observed that all major ISPs and ESPs across globe has been blacklisting bulk mail sender’ as well as spam sender’s IP frequently. Based on our monitoring and analysis, it was identified that bulk mails were being sent to various users by Logix various customers.

Due to multiple bulk mail instances where few customers are regularly sending bulk mails using Logix email gateways and exploiting Logix email security services which in tern posing challenges for Logix email security gateways where Logix IPs are getting blacklisted. Going ahead Logix has decided to opt zero tolerance towards bulk mail sending via Logix email gateway to outside world. With this change any attempt of sending bulk mail will block at email security gateway itself since Logix has implemented bulk mail blocking policy within its outbound email security gateways.

In case of requirement for sending bulk mails, we are suggesting our customers to opt Logix Volume mail services.
To avail the services, please contact our sales team accordingly.
Let’s maintain the email hygiene and avoid sending bulk mail in future to have hassle free email services.