Maintaining Secure Sites

With the recent push towards secure web browsing, all Connect IN sites will now be served over HTTPS.  Previously, HTTPS had been reserved either for user logins or for libraries who had already chosen to switch.  As concerns grow over sites’ authenticity, Connect IN is proactively taking this step towards a more secure experience.

At this time, HTTPS has already been enabled for all Connect IN sites.  Due to this, it is possible that some sites might need some touch ups if there are specific HTTP-sourced images, linked CSS or javascript, or other tags.  In most cases, this only requires changing the http in the source URL to https.  In addition, some browsers—such as Microsoft Edge—may even go so far as to say an HTTPS connection is not secure if some of the images use an HTTP source.

Any inquiries on how to make these changes can be sent to the Connect IN Heldpesk.

Thank you for helping us maintain secure browsing for our patrons.

Security Audit

In Dec 2016, we added required password rules for new Connect IN Email accounts and password resets.  At that time, however, we did not force users to change their existing passwords.

As part of a Security Audit of Connect IN services, we now ask that those who have not changed their Connect IN Email password since before Dec 2016 to please do so before February 1, 2018.

Any Connect IN Email accounts with passwords that have not been changed since before Dec 2016 will lose access on Feb 1, 2018, requiring your Email Administrator to change the password in order to regain access.

To change your Connect IN Email password, please visit the following site:

Thank you for your assistance in keeping Connect IN secure.

Password Resets

Given that Connect IN is run on free software, some additional steps are needed for certain password resets.  We ask that libraries using Connect IN keep the following in mind.

Password resets for a Connect IN Email address are to be handled by the appropriate Library’s designated contact for Connect IN, via the Connect IN Email Administration console.  In the event that the designated contact cannot access the Administration console, new passwords to the console will only be provided over the phone after a verification process.

Password resets for the Connect IN Web service are initially only allowed to be sent to existing Connect IN Email addresses.  In order to allow other email addresses to receive password reset requests, a plugin (such as WP Mail SMTP) must be installed and configured with an existing email account.

Connect IN Security

Since Connect IN hosts a large number of sites, it receives a significant number of attacks against it.  In order to mitigate these, we are continuously revising our security measures to prevent new methods of attack.

If a Connect IN site seems no longer to respond, it is possible that a security measure has been triggered.  (A common method of doing this is to continually guess a password within a short time frame.)  Thus, if this occurs, please provide your public IP address, obtainable through a site such as, to the Connect IN Helpdesk, and we will work to solve the issue for you.

Maintaining secure sites is an ongoing process, and we thank you for working with us towards providing better security for all who use Connect IN.

Dealing With Spam

Spam can be a problem for any email system as spam and/or phishing attacks attempt to find new ways to trick people into clicking their links or opening an attachment.  Connect IN uses multiple methods to prevent spam, but these methods may not always be successful.

The best practice for handling spam while using Connect IN is to keep spam in the Spam folder while keeping any non-spam out of the Spam folder.  Keep in mind it is still possible some false positives may occur.  Checking the Spam folder regularly to remove any false positives should correct this.  By following these guidelines, the system should correctly learn what is and is not spam.

Unable to Send Mail 7am to 10am May 25, 2016

It has been discovered that a recent automatic security update caused an issue where mail was unable to be sent between 7am and 10am on Wednesday, May 25, 2016.  Only attempting to send mail during this time was affected.

If you experience a problem using webmail, please inform the Helpdesk.

Also, please keep in mind that Connect IN currently limits the size of attachments to 5 megabytes and the size of mail accounts to 5 gigabytes.

Webmail Maintenance

Connect IN Webmail was updated between 9pm and 10pm on March 9, 2016.  The new version of the software has slight cosmetic changes, but functionality should remain mostly the same.

Please keep in mind that viewing attached Office files will now upload the file to (Microsoft) to display them.

Should there be any issues with using the new update, please contact the Helpdesk.

Let’s Encrypt!

Now that Let’s Encrypt ( is available, Connect IN supports HTTPS (secure) connections!  Also, for your protection, all Connect IN logins are now forced to use these secure connections.  For best use of HTTPS (receiving the green “https” lock icon in Chrome), all images linked on a page should also be linked via HTTPS.  This proves that the image was not changed somewhere between its original location and the browser viewing it.

Let’s Encrypt also stops the need to accept the previously self-signed certificate when configuring Connect IN Mail for iPhone or Outlook, as long as the server is set to

Merry Christmas!