What is Heartbleed?

Here is a link that should help explain
what the Heartbleed bug is:

Are my users affected?

Any service or website that is
connected to the internet and uses SSL encryption is
potentially vulnerable to the Heartbleed bug.

Did you fix the issue?

Yes, upon receiving the news that
Heartbleed existed and a patch was made available, we
immediately patched our services to remediate any
potential vulnerability. We also re-issued our SSL certificates.

If it’s been patched, then why
should I change passwords?

While we have applied the patch earlier
this week, there is still a potential that your password
could have been previously exposed and extorted as it
passed through the internet via the encrypted SSL tunnel.
Again, we have no confirmed reports of suspicious
activity or hijacked passwords, but in the spirit of
security we strongly urge users to proactively update
their passwords. We urge you to do your diligence
and change any online passwords you may have and confirm
with your other providers (hosting, banking, social media,
etc) that their SSL protocols have been patched.

Will you force a password

Since we have no confirmed compromise
and do not assume there was any with the Heartbleed bug,
we are simply notifying our customers and strongly urging
them to change their passwords.

Can you setup a policy to force
users to change passwords on next login?

Unfortunately, we cannot provide this
service at this time.

Is there a way to mass change

  1. Administrators can change passwords
    on individual mailboxes via the control panel at admin.thexyz.com.
  2. Email users can change their
    own passwords via the Webmail portal at webmail.thexyz.com.

How can I send a message to
email all of my users?

You can send an email to everyone on your domain.
To email everyone, log into the control panel, and
perform the following steps:

  1. Mouse over the Go to section
    drop-down menu and select Domains.
  2. In the Tools section, click
    the Email Everyone link.
  3. If you have multiple domains, select the
    appropriate domain name. Or, to change domains
    at any time, click the change domain
  4. Click the Email Everyone
  5. Enter the
    following information in the spaces provided:

    • Sender’s Name—Enter the first and last
      name of the sender.
    • Sender’s Email Address—Enter the email
      address of the person sending the email.
    • Subject—Enter a subject for the email.
    • Message Body—Enter the message for your
  6. Click the Send button.

I have changed passwords for my
users and now they are reporting various password
issues, what happened?

  • Check to see if that mailbox is currently
    by looking in the Control Panel for
    that specific user mailbox.
  • Check what devices they’re using to connect to
    their HEX mailbox
    ! PC at work, iMac at home,
    work-issued iPhone, personal iPad, etc. Why? If they’re
    Exchange account is set up on any of these devices AND
    they updated the password recently, they’re going to
    need to update all of their devices for that new
    password. Meaning, any one of these could be locking out
    the mailbox.
  • Unlock the mailbox through the
    Control Panel. Once it shows that it’s no longer locked
    using the aforementioned tools, have your user log into
    Outlook Web App (webmail.thexy.com)
    to verify that they are, in fact, using the correct
  • Clear out remembered passwords.
    Particularly on Windows or Macs, we see issues with the
    Credential Manager (Windows) or Keychain Access (Mac)
    remembering the “old” password.

    • Once this is cleared out, have them open their
      email client again. Since you just had them clear
      the Credential Manager for this account, they should
      be prompted for the email address and password
    • Have them re-enter that information correctly. It
      would be safe for them to “remember” the password.
      This, in turn, will create a new entry in the
      credential manager.