петък, декември 23, 2011
The Client
(Между другото, един съвет към всеки, който смята да ми е колега, било то дори конкурент. Компютри много, истински компютърджии малко – полето за сътрудничество е дори повече, отколкото за конкуренция… Не се опитвайте да “излъжете” клиента да сключи договор с вас – повярвайте ми, не работи. Или работи твърде кратко време. Ако той има реална нужда от компютърна поддръжка и работите съвестно и умело, той ще е щастлив от вас и ще ви плаща с удоволствие, дори ако е позакъсал финансово. Ако няма реална нужда от вас, или не се справяте добре, сътрудничеството ви няма да го бъде, дори ако той не знае какво да прави с парите си.
петък, декември 16, 2011
вторник, ноември 29, 2011
събота, ноември 19, 2011
Free DNS servers
Free Public DNS Server
=> Service provider: Google
Google public dns server IP address:
* 8.8.8.8
* 8.8.4.4
=> Service provider:Dnsadvantage
Dnsadvantage free dns server list:
* 156.154.70.1
* 156.154.71.1
=> Service provider:OpenDNS
OpenDNS free dns server list / IP address:
* 208.67.222.222
* 208.67.220.220
=> Service provider:Norton
Norton free dns server list / IP address:
* 198.153.192.1
* 198.153.194.1
=> Service provider: Verizon
Public Name server IP address:
* 4.2.2.1
* 4.2.2.2
* 4.2.2.3
* 4.2.2.4
* 4.2.2.5
* 4.2.2.6
=> Service provider: ScrubIt
Public dns server address:
* 67.138.54.100
* 207.225.209.66
събота, ноември 12, 2011
Cisco PPTP server - basic user management
Cisco router act as a PPTP server and provide remote conectivity to office resources
I. Show currently active pptp connections and see
1. remote address of dialed client
ar1.SOF10#sh vpdn tunnel pptp
PPTP Tunnel Information Total tunnels 1 sessions 1
LocID State Remote Address Port Sessions VPDN Group
698 estabd 85.187.36.7 53720 1 VPN
2. Username of remote dialer and localy assigned Virtual interface as well
ar1.SOF10#sh vpdn session pptp
PPTP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Intf Username State Last Chg Uniq ID
694 53720 698 Vi5 ipopov estabd 00:09:30 713
Local Interface: Vi5 (Virtual-Access5)
3. IP address assigned to remote user
ar1.SOF10#sh ip rou conn | i Virtual-Access5
C 194.12.234.22/32 is directly connected, Virtual-Access5
II. Disconect particular user
ar1.SOF10#clear vpdn tunnel pptp id 698
I. Show currently active pptp connections and see
1. remote address of dialed client
ar1.SOF10#sh vpdn tunnel pptp
PPTP Tunnel Information Total tunnels 1 sessions 1
LocID State Remote Address Port Sessions VPDN Group
698 estabd 85.187.36.7 53720 1 VPN
2. Username of remote dialer and localy assigned Virtual interface as well
ar1.SOF10#sh vpdn session pptp
PPTP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Intf Username State Last Chg Uniq ID
694 53720 698 Vi5 ipopov estabd 00:09:30 713
Local Interface: Vi5 (Virtual-Access5)
3. IP address assigned to remote user
ar1.SOF10#sh ip rou conn | i Virtual-Access5
C 194.12.234.22/32 is directly connected, Virtual-Access5
II. Disconect particular user
ar1.SOF10#clear vpdn tunnel pptp id 698
сряда, ноември 09, 2011
Last resort in troubleshooting guide
...Ако нищо от предишните препоръки не помага:
1. Отидете до най-близкият Multi-Mагазин (тип Била, Метро, Лидл, Кауфланд)
2. Купете 30 кутийки кибрит
3. Изстържете внимателно барута от клечката кибрит (главичката на клечката която е с различен цвят спрямо основата)
4. Натъпчете така изстърганият барут в ушите си
5. Ударете си главата във стената по начин предизвикващ възпламенителна искра
6. Ако все още нещо се случва (около вас) повторете точка 1-6 до постигане на траен краен резултат
1. Отидете до най-близкият Multi-Mагазин (тип Била, Метро, Лидл, Кауфланд)
2. Купете 30 кутийки кибрит
3. Изстържете внимателно барута от клечката кибрит (главичката на клечката която е с различен цвят спрямо основата)
4. Натъпчете така изстърганият барут в ушите си
5. Ударете си главата във стената по начин предизвикващ възпламенителна искра
6. Ако все още нещо се случва (около вас) повторете точка 1-6 до постигане на траен краен резултат
четвъртък, ноември 03, 2011
Basic DNS and Mail Troubleshooting
За следващото обучение/презентация
DNS Troubleshooting
DNS server - server who is answering on DNS queries
DNS query - major function: convert IP-to-NAME/NAME-to-IP
FQDN - Fully Qualified Domain Name (name=mail fqdn=mail.evolink.com)
DNS server types:
* Master/Primary - server which gets its zone data from a local source (zone/domain files are stored on a local storage)
* Secondary/Slave - hich gets its zone/domain data from an external source (from master for example)
* Cache - jsut caching results of DNS queries for a pre-defined time interval (depends of TTL)
* Forwarder - just redirect dns queries from client to another DNS
* SplitHorizont Server - ACL view/Geographic Mapping (Google DNS )
---------------------------------------------------------------------------------------------
* Iterative - only answer information they know or have cached (Master/Slave/Cache)
* Recursive - know how and who to ask for information (Master/Slave/Forwarder)
DNS types of record
* Host (A) -- This is the basic mapping of IP address to host name, the essential component for any domain name.
* Canonical Name (CNAME) -- This is an alias for your domain. Anyone accessing that alias will be automatically directed to the server indicated in the A record.
* Mail Exchanger (MX) -- This maps e-mail traffic to a specific server. It could indicate another host name or an IP.
* Name Server (NS) -- This contains the name server information for the zone. Server will let other DNS servers know that yours is the ultimate authority (SOA) for your domain when caching lookup information on your domain from other DNS servers around the world.
* Start of Authority (SOA) -- This is one larger record at the beginning of every zone file with the primary name server for the zone and some other information.
* Pointer record (PTR) -- Responsible for reverse DNS resolution (rDNS) - determination of a domain name that is associated with a given IP address
Durty (but not right) way to check Is DNS server working
telnet DNS.IP.ADD.RESS 53
nmap DNS.IP.ADD.RESS
Ask specific server
dig @DNS.IP.ADD.RESS mail.evolink.com
nslookup
server DNS.IP.ADD.RESS
mail.evolink.com
Ask specific server for certain type of RR
dig @DNS.IP.ADD.RESS -t [NS/MX/A/CNAME/TXT/...ALL] mail.evolink.com
nslookup
server DNS.IP.ADD.RESS
set type=[NS/MX/CNAME/etc]
mail.evolink.com
Ask for PTR RR
dig -x 194.12.255.146 +short
nslookup
set type=PTR
194.12.255.146
ping -a 194.12.255.146
Trace DNS communication
dig @8.8.8.8 mail.evolink.com +trace
Recomended resources:
Understanding DNS - http://technet.microsoft.com/en-us/library/cc728412%28WS.10%29.aspx
DNS for Rocket Scientist : http://www.zytrax.com/books/dns/
Mail Troubleshooting
e-mail servers function : nothing more than sends piece of text over the Internet
Major Steps : MUA > MSA > MTA > … > MTA > MDA >> MRA >> MUA
MUA - Mail User Agent - end user's mail client (MS Outlook, Thunderbird, WEB Browser, etc)
MSA - Mail submission agent - complicated, but treat it like a borderline MTA (kind of SMTP proxy or smart host for example)
MTA - Mail Transfer Agent - A true mail server (exim, postfix, qmail, exchange)
MDA - Mail Delivery Agent - performs the actual delivery including process "filtering" (auto-replay, white/black lists, spamassassin, amavis, AV, etc)
MRA - Mail Retrival Agent - POP(s)/IMAP(s) services (cyrus, courier, dovecot, qmail)
What's realy happen after hitting SEND button:
1. MUA looks in their settings and find outgoing mail server entry
2. MUA perform DNS lookup to convert NAM-IP
3. MUA perform route/arp/etc lookup to find route out to outgoing mail server destination
4. SEnding MTA perform DNS lookup to find MX record (respect MX priority), ask Receiving MTA to accept message and send that message
5. Receiving MTA perform initial check and accept/reject mail (message format check, WL/BL check, AV check etc)
6. MDA perform some additional checks and manipulations and deliver mail to users home foleders (SPAM check and classification, rewrite, re-route, etc)
7. MRA is waiting for connections via well-known protocols/ports
8. MUA authenticate/connect to MRA and get mails
Troubleshooting tools: nmap, telnet, mail-message source
MTA SMTP - tcp/25
SMTPs - tcp/465
MRA POP3 - tcp/110
POP3s - tcp/995
IMAP - tcp/143
IMAPs - tcp/993
Successful communication (MTA service is working)
telnet mail.example.com 25
Trying 11.12.13.14...
Connected to mail.example.com.
Escape character is '^]'.
220 ESMTP
ehlo privet
250-
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221
Connection closed by foreign host.
Unsuccessful communication (no running MTA service or firewall issue)
telnet mail.example.net 25
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
SMTP command
* HELO - introduce yourself
* EHLO - introduce yourself and request extended mode
* MAIL FROM: - specify the sender
* RCPT TO: - specify the recipient
* DATA - specify the body of the message (To, From and Subject should be the first three lines.)
* RSET - reset
* QUIT - quit the session
* HELP - get help on commands
* VRFY - verify an address
* EXPN - expand an address
* VERB - verbose
POP3 commands
* USER - enter your user ID
* PASS - enter your password
* QUIT - quit the POP3 server
* LIST - list the messages and their size
* RETR - retrieve a message, pass it a message number
* DELE - delete a message, pass it a message number
* TOP - show the top x lines of a message, pass it a message number and the number of lines
Sending mail via telnet
telnet example.com 25
ehlo example.com
mail from: username@example.com
rcpt to: friend@hotmail.com, friend2@yahoo.com
data
Subject: Send mail via telnet
I was here!
.
Check or read email with telnet
user username@example.com
pass passwordgoeshere
list
retr 2
dele 1
quit
Reading mail-message source
Full mail-message header example: (spammer's mail address and IP intentionaly leaved as is)
Return-Path: <0-chinomi@akita-pu.ac.jp>
X-Original-To: mailinglist_or_mail.alias@example.com
Delivered-To: me@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 9872A8221A2
for <mailinglist_or_mail.alias@example.com>; Thu, 3 Nov 2011 12:31:01 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at mail.example.com
X-Spam-Flag: NO
X-Spam-Score: 9.372
X-Spam-Level: *********
X-Spam-Status: No, score=9.372 tagged_above=2 required=14.31
tests=[BAYES_99=3.5, DCC_CHECK=2.17, DIGEST_MULTIPLE=0.001,
PYZOR_CHECK=3.7, UNPARSEABLE_RELAY=0.001]
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Fm+2o1grwwo5 for <mailinglist_or_mail.alias@example.com>;
Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received: by mail.example.com (Postfix, from userid 5001)
id 0A1948221A6; Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received-SPF: none (akita-pu.ac.jp: No applicable sender policy available) receiver=mail.example.com;
identity=mailfrom; envelope-from="0-chinomi@akita-pu.ac.jp"; helo="[59.94.251.160]"; client-ip=59.94.251.160
Received: from [59.94.251.160] (unknown [59.94.251.160])
by mail.example.com (Postfix) with ESMTP id 95C9382219D
for <mailinglist_or_mail.alias@example.com>; Thu, 3 Nov 2011 12:30:28 +0300 (EEST)
Received: from 59.94.251.160 (account <mailinglist_or_mail.alias@example.com> HELO example.com)
by example.com (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 168978161 for <mailinglist_or_mail.alias@example.com>; Thu, 3 Nov 2011 15:00:27 +0530
From: <something@somewhere.xxl>
To: <mailinglist_or_mail.alias@example.com>
Subject: Administrative Assistant Vacancy
Date: Thu, 3 Nov 2011 15:00:27 +0530
Return-Path: - contains FQDN of originating sender. Cannot be forged. From where realy mail comes
X-Original-To: - original send-to destination
Delivered-To: - to wich mailbox this email was delivered
Received: - added to the envelope header for each step of the host-to-host delivery process. Include address of sending MTA, local (for MTA) date and time of message transfer and type of used application
X-Virus/X-SPAM/Received-SPF - some additional checks with basic information about who-chek-what
From: - can be anything including google@boiko.borisov.yes
To: - content in TO field on sending MUA
Subject: - can be re-writed by MDA, corporate policy, etc
Date: - this field is set by originating (sending) host [realy clever way to place your message on-top of received messages in recipient's mailbox]
Basic DNS & Mail troubleshooting
За следващото обучение/презентация
MAIL TROUBLESHOOTING
e-mail servers function : nothing more than sends piece of text over the Internet
Major Steps : MUA > MSA > MTA > … > MTA > MDA >> MRA >> MUA
MUA - Mail User Agent - end user's mail client (MS Outlook, Thunderbird, WEB Browser, etc)
MSA - Mail submission agent - complicated, but treat it like a borderline MTA (kind of SMTP proxy or smart host for example)
MTA - Mail Transfer Agent - A true mail server (exim, postfix, qmail, exchange)
MDA - Mail Delivery Agent - performs the actual delivery including process "filtering" (auto-replay, white/black lists, spamassassin, amavis, AV, etc)
MRA - Mail Retrival Agent - POP(s)/IMAP(s) services (cyrus, courier, dovecot, qmail)
What's realy happen after hitting SEND button:
1. MUA looks in their settings and find outgoing mail server entry
2. MUA perform DNS lookup to convert NAM-IP
3. MUA perform route/arp/etc lookup to find route out to outgoing mail server destination
4. SEnding MTA perform DNS lookup to find MX record (respect MX priority), ask Receiving MTA to accept message and send that message
5. Receiving MTA perform initial check and accept/reject mail (message format check, WL/BL check, AV check etc)
6. MDA perform some additional checks and manipulations and deliver mail to users home foleders (SPAM check and classification, rewrite, re-route, etc)
7. MRA is waiting for connections via well-known protocols/ports
8. MUA authenticate/connect to MRA and get mails
Troubleshooting tools: nmap, telnet, mail-message source
MTA SMTP - tcp/25
SMTPs - tcp/465
MRA POP3 - tcp/110
POP3s - tcp/995
IMAP - tcp/143
IMAPs - tcp/993
Successful communication (MTA service is working)
telnet mail.evolink.com 25
Trying 194.12.255.146...
Connected to mail.evolink.com.
Escape character is '^]'.
220 ESMTP
ehlo privet
250-
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221
Connection closed by foreign host.
Unsuccessful communication (no running MTA service or firewall issue)
telnet linkstat.evolink.net 25
Trying 85.14.44.7...
telnet: Unable to connect to remote host: Connection refused
SMTP command
* HELO - introduce yourself
* EHLO - introduce yourself and request extended mode
* MAIL FROM: - specify the sender
* RCPT TO: - specify the recipient
* DATA - specify the body of the message (To, From and Subject should be the first three lines.)
* RSET - reset
* QUIT - quit the session
* HELP - get help on commands
* VRFY - verify an address
* EXPN - expand an address
* VERB - verbose
POP3 commands
* USER - enter your user ID
* PASS - enter your password
* QUIT - quit the POP3 server
* LIST - list the messages and their size
* RETR - retrieve a message, pass it a message number
* DELE - delete a message, pass it a message number
* TOP - show the top x lines of a message, pass it a message number and the number of lines
Sending mail via telnet
telnet example.com 25
ehlo example.com
mail from: username@example.com
rcpt to: friend@hotmail.com, friend2@yahoo.com
data
Subject: Send mail via telnet
I was here!
.
Check or read email with telnet
user username@example.com
pass passwordgoeshere
list
retr 2
dele 1
quit
Reading mail-message source
Full mail-message header example: (spammer's mail address and IP intentionaly leaved as is)
Return-Path: <0-chinomi akita-pu.ac.jp="">
X-Original-To: mailinglist_or_mail.alias@example.com
Delivered-To: me@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 9872A8221A2
for; Thu, 3 Nov 2011 12:31:01 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at mail.example.com
X-Spam-Flag: NO
X-Spam-Score: 9.372
X-Spam-Level: *********
X-Spam-Status: No, score=9.372 tagged_above=2 required=14.31
tests=[BAYES_99=3.5, DCC_CHECK=2.17, DIGEST_MULTIPLE=0.001,
PYZOR_CHECK=3.7, UNPARSEABLE_RELAY=0.001]
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Fm+2o1grwwo5 for;
Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received: by mail.example.com (Postfix, from userid 5001)
id 0A1948221A6; Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received-SPF: none (akita-pu.ac.jp: No applicable sender policy available) receiver=mail.example.com;
identity=mailfrom; envelope-from="0-chinomi@akita-pu.ac.jp"; helo="[59.94.251.160]"; client-ip=59.94.251.160
Received: from [59.94.251.160] (unknown [59.94.251.160])
by mail.example.com (Postfix) with ESMTP id 95C9382219D
for; Thu, 3 Nov 2011 12:30:28 +0300 (EEST)
Received: from 59.94.251.160 (account HELO example.com)
by example.com (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 168978161 for; Thu, 3 Nov 2011 15:00:27 +0530
From:
To:
Subject: Administrative Assistant Vacancy
Date: Thu, 3 Nov 2011 15:00:27 +0530
Return-Path: - contains FQDN of originating sender. Cannot be forged. From where realy mail comes
X-Original-To: - original send-to destination
Delivered-To: - to wich mailbox this email was delivered
Received: - added to the envelope header for each step of the host-to-host delivery process. Include address of sending MTA, local (for MTA) date and time of message transfer and type of used application
X-Virus/X-SPAM/Received-SPF - some additional checks with basic information about who-chek-what
From: - can be anything including google@boiko.borisov.yes
To: - content in TO field on sending MUA
Subject: - can be re-writed by MDA, corporate policy, etc
Date: - this field is set by originating (sending) host [realy clever way to place your message on-top of received messages in recipient's mailbox]
e-mail servers function : nothing more than sends piece of text over the Internet
Major Steps : MUA > MSA > MTA > … > MTA > MDA >> MRA >> MUA
MUA - Mail User Agent - end user's mail client (MS Outlook, Thunderbird, WEB Browser, etc)
MSA - Mail submission agent - complicated, but treat it like a borderline MTA (kind of SMTP proxy or smart host for example)
MTA - Mail Transfer Agent - A true mail server (exim, postfix, qmail, exchange)
MDA - Mail Delivery Agent - performs the actual delivery including process "filtering" (auto-replay, white/black lists, spamassassin, amavis, AV, etc)
MRA - Mail Retrival Agent - POP(s)/IMAP(s) services (cyrus, courier, dovecot, qmail)
What's realy happen after hitting SEND button:
1. MUA looks in their settings and find outgoing mail server entry
2. MUA perform DNS lookup to convert NAM-IP
3. MUA perform route/arp/etc lookup to find route out to outgoing mail server destination
4. SEnding MTA perform DNS lookup to find MX record (respect MX priority), ask Receiving MTA to accept message and send that message
5. Receiving MTA perform initial check and accept/reject mail (message format check, WL/BL check, AV check etc)
6. MDA perform some additional checks and manipulations and deliver mail to users home foleders (SPAM check and classification, rewrite, re-route, etc)
7. MRA is waiting for connections via well-known protocols/ports
8. MUA authenticate/connect to MRA and get mails
Troubleshooting tools: nmap, telnet, mail-message source
MTA SMTP - tcp/25
SMTPs - tcp/465
MRA POP3 - tcp/110
POP3s - tcp/995
IMAP - tcp/143
IMAPs - tcp/993
Successful communication (MTA service is working)
telnet mail.evolink.com 25
Trying 194.12.255.146...
Connected to mail.evolink.com.
Escape character is '^]'.
220 ESMTP
ehlo privet
250-
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221
Connection closed by foreign host.
Unsuccessful communication (no running MTA service or firewall issue)
telnet linkstat.evolink.net 25
Trying 85.14.44.7...
telnet: Unable to connect to remote host: Connection refused
SMTP command
* HELO - introduce yourself
* EHLO - introduce yourself and request extended mode
* MAIL FROM: - specify the sender
* RCPT TO: - specify the recipient
* DATA - specify the body of the message (To, From and Subject should be the first three lines.)
* RSET - reset
* QUIT - quit the session
* HELP - get help on commands
* VRFY - verify an address
* EXPN - expand an address
* VERB - verbose
POP3 commands
* USER - enter your user ID
* PASS - enter your password
* QUIT - quit the POP3 server
* LIST - list the messages and their size
* RETR - retrieve a message, pass it a message number
* DELE - delete a message, pass it a message number
* TOP - show the top x lines of a message, pass it a message number and the number of lines
Sending mail via telnet
telnet example.com 25
ehlo example.com
mail from: username@example.com
rcpt to: friend@hotmail.com, friend2@yahoo.com
data
Subject: Send mail via telnet
I was here!
.
Check or read email with telnet
user username@example.com
pass passwordgoeshere
list
retr 2
dele 1
quit
Reading mail-message source
Full mail-message header example: (spammer's mail address and IP intentionaly leaved as is)
Return-Path: <0-chinomi akita-pu.ac.jp="">
X-Original-To: mailinglist_or_mail.alias@example.com
Delivered-To: me@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 9872A8221A2
for
X-Virus-Scanned: Debian amavisd-new at mail.example.com
X-Spam-Flag: NO
X-Spam-Score: 9.372
X-Spam-Level: *********
X-Spam-Status: No, score=9.372 tagged_above=2 required=14.31
tests=[BAYES_99=3.5, DCC_CHECK=2.17, DIGEST_MULTIPLE=0.001,
PYZOR_CHECK=3.7, UNPARSEABLE_RELAY=0.001]
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Fm+2o1grwwo5 for
Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received: by mail.example.com (Postfix, from userid 5001)
id 0A1948221A6; Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received-SPF: none (akita-pu.ac.jp: No applicable sender policy available) receiver=mail.example.com;
identity=mailfrom; envelope-from="0-chinomi@akita-pu.ac.jp"; helo="[59.94.251.160]"; client-ip=59.94.251.160
Received: from [59.94.251.160] (unknown [59.94.251.160])
by mail.example.com (Postfix) with ESMTP id 95C9382219D
for
Received: from 59.94.251.160 (account
by example.com (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 168978161 for
From:
To:
Subject: Administrative Assistant Vacancy
Date: Thu, 3 Nov 2011 15:00:27 +0530
Return-Path: - contains FQDN of originating sender. Cannot be forged. From where realy mail comes
X-Original-To: - original send-to destination
Delivered-To: - to wich mailbox this email was delivered
Received: - added to the envelope header for each step of the host-to-host delivery process. Include address of sending MTA, local (for MTA) date and time of message transfer and type of used application
X-Virus/X-SPAM/Received-SPF - some additional checks with basic information about who-chek-what
From: - can be anything including google@boiko.borisov.yes
To: - content in TO field on sending MUA
Subject: - can be re-writed by MDA, corporate policy, etc
Date: - this field is set by originating (sending) host [realy clever way to place your message on-top of received messages in recipient's mailbox]
четвъртък, октомври 13, 2011
Books online
Малко out-of-date ама на едно място
http://www.iphelp.ru/index.php?aux_page=aux6&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101
<http://www.iphelp.ru/index.php?aux_page=aux6&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101>
http://www.iphelp.ru/index.php?aux_page=aux5&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101
<http://www.iphelp.ru/index.php?aux_page=aux5&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101>
http://www.iphelp.ru/online/index.html?PHPSESSID=624548f0e65a1ba958d3c27bdaed5101
http://www.iphelp.ru/index.php?aux_page=aux6&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101
<http://www.iphelp.ru/index.php?aux_page=aux6&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101>
http://www.iphelp.ru/index.php?aux_page=aux5&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101
<http://www.iphelp.ru/index.php?aux_page=aux5&PHPSESSID=624548f0e65a1ba958d3c27bdaed5101>
http://www.iphelp.ru/online/index.html?PHPSESSID=624548f0e65a1ba958d3c27bdaed5101
понеделник, октомври 10, 2011
Cisco packet switching
Here is the short description of what happens at physical level with those three switching methods:
There are the following components in shared memory router:
1. Central CPU - RISC processor in older routers or custom ASIC in newer.
2. Interface ASIC - responsible for receiving/sending packets from/to physical media.
3. Memory - Divided between main memory accessible by central CPU and iomem accessible by interface ASICs.
Process switching:
1. Packet arrives at ingress interface.
2. Ingress ASIC puts packet to iomem and interrrupts main CPU.
3. Main CPU copy packet from iomem to main memory.
4. IOS routing process checks routing table and decides which interface is egress.
5. Packet's L3 and L2 headers are modified and packet is copied to iomem into egress interface output queue.
6. Egress ASIC gets packet from the queue and sends.
Fast switching:
1. Packet arrives at ingress interface.
2. Ingress ASIC puts packet to iomem and interrrupts main CPU.
3. Main CPU copy packet from iomem to main memory.
4. IOS checks if this dest is already in cache-memory. If so all L3 and L2 information is there. If not IOS routing process is invoked and result is copied into fast cache.
5. Packet's L3 and L2 headers are modified and packet is copied to iomem into egress interface output queue.
6. Egress ASIC gets packet from the queue and sends.
CEF switching
1. Packet arrives at ingress interface.
2. Ingress ASIC puts packet to iomem, checks FIB and determines next-hop entry in adjacency table.
3. If packet is CEF-switchable modify L3 header and replace L2 header with the header from adjacency table. If not CEF switchable fallback to fast switching or process switching.
4. iomem area that contains packet is linked to the output queue of egress ASIC.
5. Egress ASIC gets packet from the queue and sends.
There are some nuances but above is basic idea of what happens. Notice that with CEF central CPU and main memory don't get involved in the switching process.
High-end routers work in the similar way but instead of central CPU and memory line-card's CPU and memory are used for the dCEF.
source: https://learningnetwork.cisco.com/message/22503#22503
There are the following components in shared memory router:
1. Central CPU - RISC processor in older routers or custom ASIC in newer.
2. Interface ASIC - responsible for receiving/sending packets from/to physical media.
3. Memory - Divided between main memory accessible by central CPU and iomem accessible by interface ASICs.
Process switching:
1. Packet arrives at ingress interface.
2. Ingress ASIC puts packet to iomem and interrrupts main CPU.
3. Main CPU copy packet from iomem to main memory.
4. IOS routing process checks routing table and decides which interface is egress.
5. Packet's L3 and L2 headers are modified and packet is copied to iomem into egress interface output queue.
6. Egress ASIC gets packet from the queue and sends.
Fast switching:
1. Packet arrives at ingress interface.
2. Ingress ASIC puts packet to iomem and interrrupts main CPU.
3. Main CPU copy packet from iomem to main memory.
4. IOS checks if this dest is already in cache-memory. If so all L3 and L2 information is there. If not IOS routing process is invoked and result is copied into fast cache.
5. Packet's L3 and L2 headers are modified and packet is copied to iomem into egress interface output queue.
6. Egress ASIC gets packet from the queue and sends.
CEF switching
1. Packet arrives at ingress interface.
2. Ingress ASIC puts packet to iomem, checks FIB and determines next-hop entry in adjacency table.
3. If packet is CEF-switchable modify L3 header and replace L2 header with the header from adjacency table. If not CEF switchable fallback to fast switching or process switching.
4. iomem area that contains packet is linked to the output queue of egress ASIC.
5. Egress ASIC gets packet from the queue and sends.
There are some nuances but above is basic idea of what happens. Notice that with CEF central CPU and main memory don't get involved in the switching process.
High-end routers work in the similar way but instead of central CPU and memory line-card's CPU and memory are used for the dCEF.
source: https://learningnetwork.cisco.com/message/22503#22503
четвъртък, октомври 06, 2011
Console
Това което променям на Linux console [debian and derivates](глезотийка ама красотата ще промени света)
/etc/update-motd.d
/etc/update-motd.d$ diff 00-header ../update-motd.d.orig/00-header
< printf "%s\n" < printf "%s\n" "$(hostname -f) $(lsb_release -s -d)" < printf "%s\n" --- > uname -a
> printf "%s\n" "$(lsb_release -s -d)"
Manualy edit ~/.bashrc
timestamp in history
export HISTTIMEFORMAT="%F %T ""
Да се записват в history и дупликатите
#export HISTCONTROL=ignoredups
fancy colors on man-pages
export PAGER="/usr/bin/most -s"
(apt-get install most)
fancy epigram on login
fortune /usr/share/games/fortunes/bg | cowsay -b -f /usr/share/cowsay/cows/tux.cow -n
(apt-get install fortune-mod fortunes-bg cowsay)
Color promt
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"';;
*) ;;
esac
Aliases:
alias ls='ls -alh --color=auto'
alias grep='grep -i --color=auto' # -i ignore case
alias rm='rm -i' # interactive -> ask before delete can be overrode with -f(orce)
alias mv='mv -i' # interactive -> ask before delete can be overrode with -f(orce)
Junos
edit
set system login message "\n Thinking doesn't hurt anyone! \n"
commit and-quit
[sho ver and haiku]
Mikrotik RouterOS
file edit sys-note.txt
paste от тук нещо по избор примерно
ToDo: да си довърша research-a за cmd replacement и въобще shell change
/etc/update-motd.d
/etc/update-motd.d$ diff 00-header ../update-motd.d.orig/00-header
< printf "%s\n" < printf "%s\n" "$(hostname -f) $(lsb_release -s -d)" < printf "%s\n" --- > uname -a
> printf "%s\n" "$(lsb_release -s -d)"
Manualy edit ~/.bashrc
timestamp in history
export HISTTIMEFORMAT="%F %T ""
Да се записват в history и дупликатите
#export HISTCONTROL=ignoredups
fancy colors on man-pages
export PAGER="/usr/bin/most -s"
(apt-get install most)
fancy epigram on login
fortune /usr/share/games/fortunes/bg | cowsay -b -f /usr/share/cowsay/cows/tux.cow -n
(apt-get install fortune-mod fortunes-bg cowsay)
Color promt
case "$TERM" in
xterm*|rxvt*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD/$HOME/~}\007"';;
*) ;;
esac
Aliases:
alias ls='ls -alh --color=auto'
alias grep='grep -i --color=auto' # -i ignore case
alias rm='rm -i' # interactive -> ask before delete can be overrode with -f(orce)
alias mv='mv -i' # interactive -> ask before delete can be overrode with -f(orce)
Junos
edit
set system login message "\n Thinking doesn't hurt anyone! \n"
commit and-quit
[sho ver and haiku]
Mikrotik RouterOS
file edit sys-note.txt
paste от тук нещо по избор примерно
ToDo: да си довърша research-a за cmd replacement и въобще shell change
вторник, септември 27, 2011
Жизнь в 100 словах:
В стил Александър Блок или Безглаголното стихотворение на Радой Ралин но пък ми харесва
Колыбель. Пеленки. Плач.
Слово. Шаг. Простуда. Врач.
Беготня. Игрушки. Брат .
Двор. Качели. Детский сад.
Школа. Двойка. Тройка. Пять.
Мяч. Подножкам. Гипс. Кровать.
Драка. Кровь. Разбитый нос.
Двор. Друзья. Тусовка. Форс.
Институт. Весна. Кусты.
Лето. Сессия. Хвосты.
Пиво. Водка. Джин со льдом.
Кофе. Сессия. Диплом .
Романтизм. Любовь. Звезда.
Руки. Губы. Ночь без сна.
Свадьба. Теща. Тесть. Капкан.
Ссора. Клуб. Друзья. Стакан.
Дом. Работа.
Дом. Семья.
Солнце. Лето.
Снег. Зима.
Сын. Пеленки. Колыбель.
Стресс. Любовница. Постель.
Бизнес. Деньги. План. Аврал.
Телевизор. Сериал.
Дача. Вишни. Кабачки.
Седина. Мигрень. Очки.
Внук. Пеленки. Колыбель.
Стресс. Давление. Постель.
Сердце. Почки. Кости. Врач.
Речи. Гроб. Прощанье. Плач
Колыбель. Пеленки. Плач.
Слово. Шаг. Простуда. Врач.
Беготня. Игрушки. Брат .
Двор. Качели. Детский сад.
Школа. Двойка. Тройка. Пять.
Мяч. Подножкам. Гипс. Кровать.
Драка. Кровь. Разбитый нос.
Двор. Друзья. Тусовка. Форс.
Институт. Весна. Кусты.
Лето. Сессия. Хвосты.
Пиво. Водка. Джин со льдом.
Кофе. Сессия. Диплом .
Романтизм. Любовь. Звезда.
Руки. Губы. Ночь без сна.
Свадьба. Теща. Тесть. Капкан.
Ссора. Клуб. Друзья. Стакан.
Дом. Работа.
Дом. Семья.
Солнце. Лето.
Снег. Зима.
Сын. Пеленки. Колыбель.
Стресс. Любовница. Постель.
Бизнес. Деньги. План. Аврал.
Телевизор. Сериал.
Дача. Вишни. Кабачки.
Седина. Мигрень. Очки.
Внук. Пеленки. Колыбель.
Стресс. Давление. Постель.
Сердце. Почки. Кости. Врач.
Речи. Гроб. Прощанье. Плач
събота, август 20, 2011
CentOS yum
Някакъв наличен сървър с MySQL който трябва да се мигрира към PostgreSQL
cat /etc/issue.net
CentOS release 5.5 (Final)
Kernel \r on an \m
Драмата:
[root@db ~]# yum list postgres
Traceback (most recent call last):
File "/usr/bin/yum", line 28, in ?
import yummain
ImportError: No module named yummain
[root@db ~]# yum search postgresql
Traceback (most recent call last):
File "/usr/bin/yum", line 28, in ?
import yummain
ImportError: No module named yummain
Проверката:
ls -lh /usr/share/yum-cli/
total 552K
-rw-r--r-- 1 root root 8.4K Feb 1 2011 callback.py
-rw-r--r-- 1 root root 6.1K Feb 1 2011 callback.pyc
-rw-r--r-- 1 root root 6.1K Feb 1 2011 callback.pyo
-rw-r--r-- 1 root root 58K Feb 1 2011 cli.py
-rw-r--r-- 1 root root 43K Feb 1 2011 cli.pyc
-rw-r--r-- 1 root root 43K Feb 1 2011 cli.pyo
-rw-r--r-- 1 root root 53K Feb 1 2011 output.py
-rw-r--r-- 1 root root 45K Feb 1 2011 output.pyc
-rw-r--r-- 1 root root 45K Feb 1 2011 output.pyo
-rw-r--r-- 1 root root 13K Feb 1 2011 shell.py
-rw-r--r-- 1 root root 9.9K Feb 1 2011 shell.pyc
-rw-r--r-- 1 root root 9.9K Feb 1 2011 shell.pyo
-rw-r--r-- 1 root root 4.8K Feb 1 2011 utils.py
-rw-r--r-- 1 root root 4.4K Feb 1 2011 utils.pyc
-rw-r--r-- 1 root root 4.4K Feb 1 2011 utils.pyo
======> липсват
yummain.* & yumcommands.*
Dirty fix:
RPM Advanced Search
wget ftp://ftp.muug.mb.ca/mirror/centos/5.6/os/i386/CentOS/yum-3.2.22-33.el5.centos.noarch.rpm
rpm -Uv yum-3.2.22-33.el5.centos.noarch.rpm
yum update
--------------
Transaction Summary
================================================================================
Install 4 Package(s)
Upgrade 158 Package(s)
Total download size: 211 M
Is this ok [y/N]: y
cat /etc/issue.net
CentOS release 5.5 (Final)
Kernel \r on an \m
Драмата:
[root@db ~]# yum list postgres
Traceback (most recent call last):
File "/usr/bin/yum", line 28, in ?
import yummain
ImportError: No module named yummain
[root@db ~]# yum search postgresql
Traceback (most recent call last):
File "/usr/bin/yum", line 28, in ?
import yummain
ImportError: No module named yummain
Проверката:
ls -lh /usr/share/yum-cli/
total 552K
-rw-r--r-- 1 root root 8.4K Feb 1 2011 callback.py
-rw-r--r-- 1 root root 6.1K Feb 1 2011 callback.pyc
-rw-r--r-- 1 root root 6.1K Feb 1 2011 callback.pyo
-rw-r--r-- 1 root root 58K Feb 1 2011 cli.py
-rw-r--r-- 1 root root 43K Feb 1 2011 cli.pyc
-rw-r--r-- 1 root root 43K Feb 1 2011 cli.pyo
-rw-r--r-- 1 root root 53K Feb 1 2011 output.py
-rw-r--r-- 1 root root 45K Feb 1 2011 output.pyc
-rw-r--r-- 1 root root 45K Feb 1 2011 output.pyo
-rw-r--r-- 1 root root 13K Feb 1 2011 shell.py
-rw-r--r-- 1 root root 9.9K Feb 1 2011 shell.pyc
-rw-r--r-- 1 root root 9.9K Feb 1 2011 shell.pyo
-rw-r--r-- 1 root root 4.8K Feb 1 2011 utils.py
-rw-r--r-- 1 root root 4.4K Feb 1 2011 utils.pyc
-rw-r--r-- 1 root root 4.4K Feb 1 2011 utils.pyo
======> липсват
yummain.* & yumcommands.*
Dirty fix:
RPM Advanced Search
wget ftp://ftp.muug.mb.ca/mirror/centos/5.6/os/i386/CentOS/yum-3.2.22-33.el5.centos.noarch.rpm
rpm -Uv yum-3.2.22-33.el5.centos.noarch.rpm
yum update
--------------
Transaction Summary
================================================================================
Install 4 Package(s)
Upgrade 158 Package(s)
Total download size: 211 M
Is this ok [y/N]: y
понеделник, август 08, 2011
ESXi on Dell PowerEdge T710
+ iDRAC 6 Enterprise - големи гадове са тезиот Dell ... стандартният iDRAC модул без enterprise лиценз за 350$ никаква работа не върши. През него можеш само да рестартираш сървъра
Инсталация на 64b OS - ала-бала this host is VT-capable but VT disabled. Още ала-бала; For detailed information see http://vmware.com/info?id=152.
Там нищо интересно не пише ама пък то си е ясно
Restart през iDRAC-a; F2; BIOS; Processor Settings; Virtualization Technology - от Disabled на Enabled
Интересно защо инсталацията на 32b OS не се оплаква за изключено VT, а тази за 64b реве?
Инсталация на 64b OS - ала-бала this host is VT-capable but VT disabled. Още ала-бала; For detailed information see http://vmware.com/info?id=152.
Там нищо интересно не пише ама пък то си е ясно
Restart през iDRAC-a; F2; BIOS; Processor Settings; Virtualization Technology - от Disabled на Enabled
Интересно защо инсталацията на 32b OS не се оплаква за изключено VT, а тази за 64b реве?
сряда, юли 13, 2011
Zimbra OpenSource + LDAP (MS AD DS) integration
Setup:
Windows 2008 RC (NIC: private IP), Ubuntu LTS 10.04.2 (eth1:public routable IP, eth2:private IP), Zimbra CS Open Source (zmcontrol -v Release 7.1.1_GA_3196.UBUNTU10_64 UBUNTU10_64 FOSS edition.)
Windows 2008 up and running MS Active Directory Domain Services
Ubuntu - virtual machine on ESXi 4.1 (4x CPU core + 4G of RAM) --> start install - next-next - finish. Това което трябва да се има предвид е:
1. Освен /etc/hosts; /etc/hostname == FQDN; /etc/mailname валиден MX запис за домейна е задължителен
2. apt-get remove --purge --umri_v_kofite_s_bokluk apparmor
3. rm -f /bin/sh и ln -s /bin/bash /bin/sh --> иначе умира slapd и оставаш без коса (или перчем) от скубане
Zimbra install - ./install.sh - YES/ENTER - finish.Инсталира си self signed certificates освен за всичко останало и за криптиране/аутентифициране на комуникацията м/у процесите си - ако имам някой multi cluster / cloud където имам по машина за процес ОК ама иначе ...
Ще изреве за някой и друг пакет ама apt-get/aptitude ги има
https://zimbra.domain.com:7071/zimbraAdmin
AD (ldap) integration -
1. zimbra user в АД-то - не пише, че трябва ама ... направих си и не съжалявам
2. http://wiki.zimbra.com/wiki/LDAP_Authentication#Configuring_external_LDAP_authentication - помага... LDAP over SSL = 3 дни борба м/у MS AD integrated CA/Zimbra self-signed/Other bulshits и няма EndUser authentication via MS Active Directory и го зарязах (L2 tunnel ще е по-лесно или да си живеят в LAN-a)
Пръчка: в Open Source версията няма автоматичен импорт на AD users (* CN=users,dn=domain,dn=com) в другите - незнам
Преди това: Admin Console: mail.domain.com:7071/zimbraAdmin - domains - needed domain - Configure Authentication - Active Directory - магьосника си знае работата
3. Manualy add users from AD to Zimbra
a) zmprov -l ca Pencho@domain.com Pencho's_(LDAP)Pass displayName "Pencho e Pich" -- Мъка за повечко хора - не съм го пробвал
б) http://wiki.zimbra.com/wiki/User_Migration - IMAP migrationa работи- за друго незнам
в) http://wiki.zimbra.com/index.php?title=Bulk_Provisioning#LDAP_Users_to_Zimbra_Accounts -- ldap2zm -h adserver -u administrator -p s3cr3t -b "DC=example,DC=com" -f '(memberOf=CN=Zimbra Users,OU=Employees,DC=example,DC=com)' имаше някакви малки драми ама... яде се... иначе е като Лада Нива - работи
Сертификатите - ако е до self signed - няма драма; по manual - ако сам си направя CSR от сървъра и го пратя да го подпишат и да ми върнат истински - пак трябва да сме ОК, но ако имам пратен по мейл от GlobalSign CEDS%date%SN.pfx --
Средна пръчка:
Convert to PEM: openssl pkcs12 -in filename.pfx -clcerts -nokeys -out commercial.crt
Export private key: openssl pkcs12 -in filename.pfx -nocerts -out commercial.key
Removepassphrase: openssl rsa -in commercial.key -out commercial.key
правилният manual: http://wiki.zimbra.com/index.php?title=Preexisting_Certifcate_Installation_for_Zimbra_6.0&oldid=24499
Голяма пръчка:
при # /opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt
Получавам:
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial.crt to CACERTS as zcs-user-commercial...failed.
XXXXX ERROR: failed to import certficate.
keytool error: java.lang.Exception: Input not an X.509 certificate
И нищо не се стартира /тръгва като хората (добре че ESXi има Snapshots иначе тази игра не ми се играе)
Solution:
cat /opt/zimbra/ssl/zimbra/commercial/commercial.crt
Bag Attributes
localKeyID: ala-bala
subject=ala-bala
issuer=neshto_drugo
-----BEGIN CERTIFICATE-----
drun-drun
-----END CERTIFICATE-----
Изтрих всичко преди -----BEGIN CERTIFICATE----- и вече # /opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt светна!
$ zmtlsctl redirect
$ zmcontrol restart --> красота!
Другото е тук: http://www.zimbra.com/support/
Windows 2008 RC (NIC: private IP), Ubuntu LTS 10.04.2 (eth1:public routable IP, eth2:private IP), Zimbra CS Open Source (zmcontrol -v Release 7.1.1_GA_3196.UBUNTU10_64 UBUNTU10_64 FOSS edition.)
Windows 2008 up and running MS Active Directory Domain Services
Ubuntu - virtual machine on ESXi 4.1 (4x CPU core + 4G of RAM) --> start install - next-next - finish. Това което трябва да се има предвид е:
1. Освен /etc/hosts; /etc/hostname == FQDN; /etc/mailname валиден MX запис за домейна е задължителен
2. apt-get remove --purge --umri_v_kofite_s_bokluk apparmor
3. rm -f /bin/sh и ln -s /bin/bash /bin/sh --> иначе умира slapd и оставаш без коса (или перчем) от скубане
Zimbra install - ./install.sh - YES/ENTER - finish.Инсталира си self signed certificates освен за всичко останало и за криптиране/аутентифициране на комуникацията м/у процесите си - ако имам някой multi cluster / cloud където имам по машина за процес ОК ама иначе ...
Ще изреве за някой и друг пакет ама apt-get/aptitude ги има
https://zimbra.domain.com:7071/zimbraAdmin
AD (ldap) integration -
1. zimbra user в АД-то - не пише, че трябва ама ... направих си и не съжалявам
2. http://wiki.zimbra.com/wiki/LDAP_Authentication#Configuring_external_LDAP_authentication - помага... LDAP over SSL = 3 дни борба м/у MS AD integrated CA/Zimbra self-signed/Other bulshits и няма EndUser authentication via MS Active Directory и го зарязах (L2 tunnel ще е по-лесно или да си живеят в LAN-a)
Пръчка: в Open Source версията няма автоматичен импорт на AD users (* CN=users,dn=domain,dn=com) в другите - незнам
Преди това: Admin Console: mail.domain.com:7071/zimbraAdmin - domains - needed domain - Configure Authentication - Active Directory - магьосника си знае работата
3. Manualy add users from AD to Zimbra
a) zmprov -l ca Pencho@domain.com Pencho's_(LDAP)Pass displayName "Pencho e Pich" -- Мъка за повечко хора - не съм го пробвал
б) http://wiki.zimbra.com/wiki/User_Migration - IMAP migrationa работи- за друго незнам
в) http://wiki.zimbra.com/index.php?title=Bulk_Provisioning#LDAP_Users_to_Zimbra_Accounts -- ldap2zm -h adserver -u administrator -p s3cr3t -b "DC=example,DC=com" -f '(memberOf=CN=Zimbra Users,OU=Employees,DC=example,DC=com)' имаше някакви малки драми ама... яде се... иначе е като Лада Нива - работи
Сертификатите - ако е до self signed - няма драма; по manual - ако сам си направя CSR от сървъра и го пратя да го подпишат и да ми върнат истински - пак трябва да сме ОК, но ако имам пратен по мейл от GlobalSign CEDS%date%SN.pfx --
Средна пръчка:
Convert to PEM: openssl pkcs12 -in filename.pfx -clcerts -nokeys -out commercial.crt
Export private key: openssl pkcs12 -in filename.pfx -nocerts -out commercial.key
Removepassphrase: openssl rsa -in commercial.key -out commercial.key
правилният manual: http://wiki.zimbra.com/index.php?title=Preexisting_Certifcate_Installation_for_Zimbra_6.0&oldid=24499
Голяма пръчка:
при # /opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt
Получавам:
** Importing certificate /opt/zimbra/ssl/zimbra/commercial/commercial.crt to CACERTS as zcs-user-commercial...failed.
XXXXX ERROR: failed to import certficate.
keytool error: java.lang.Exception: Input not an X.509 certificate
И нищо не се стартира /тръгва като хората (добре че ESXi има Snapshots иначе тази игра не ми се играе)
Solution:
cat /opt/zimbra/ssl/zimbra/commercial/commercial.crt
Bag Attributes
localKeyID: ala-bala
subject=ala-bala
issuer=neshto_drugo
-----BEGIN CERTIFICATE-----
drun-drun
-----END CERTIFICATE-----
Изтрих всичко преди -----BEGIN CERTIFICATE----- и вече # /opt/zimbra/bin/zmcertmgr addcacert /opt/zimbra/ssl/zimbra/commercial/commercial.crt светна!
$ zmtlsctl redirect
$ zmcontrol restart --> красота!
Другото е тук: http://www.zimbra.com/support/
вторник, юни 14, 2011
mikrotik SAFE mode
CTRL+X - enter in Safe Mode
повторно CTRL+X излиза от Safe Mode (и apply-ва направените промени !)
Промените направени в Safe mode се изтриват при reboot (ако не сме излезнали от Safe Mode преди рестарт-а)
повторно CTRL+X излиза от Safe Mode (и apply-ва направените промени !)
Промените направени в Safe mode се изтриват при reboot (ако не сме излезнали от Safe Mode преди рестарт-а)
събота, май 28, 2011
Ubuntu natty
Brand new Ubuntu Server Natty
apt-get update
W: GPG error: http://extras.ubuntu.com natty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 16126D3A3E5C1192
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 16126D3A3E5C1192
gpg: requesting key 3E5C1192 from hkp server keyserver.ubuntu.com
gpg: key 3E5C1192: public key "Ubuntu Extras Archive Automatic Signing Key <ftpmaster@ubuntu.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
apt-get update
Fetched 73 B in 1s (55 B/s)
Reading package lists... Done
apt-get update
W: GPG error: http://extras.ubuntu.com natty Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 16126D3A3E5C1192
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 16126D3A3E5C1192
Executing: gpg --ignore-time-conflict --no-options --no-default-keyring --secret-keyring /etc/apt/secring.gpg --trustdb-name /etc/apt/trustdb.gpg --keyring /etc/apt/trusted.gpg --primary-keyring /etc/apt/trusted.gpg --keyserver keyserver.ubuntu.com --recv-keys 16126D3A3E5C1192
gpg: requesting key 3E5C1192 from hkp server keyserver.ubuntu.com
gpg: key 3E5C1192: public key "Ubuntu Extras Archive Automatic Signing Key <ftpmaster@ubuntu.com>" imported
gpg: Total number processed: 1
gpg: imported: 1
apt-get update
Fetched 73 B in 1s (55 B/s)
Reading package lists... Done
петък, май 27, 2011
makefs.ext3
This filesystem will be automatically checked every 38 mounts or
180 days, whichever comes first. Use tune2fs -c or -i to override.
Кое ли ще настъпи първо - 38 месеца или 180 дни.
P.S. аз съм глупавият защото mount не е баш същото като month
180 days, whichever comes first. Use tune2fs -c or -i to override.
Кое ли ще настъпи първо - 38 месеца или 180 дни.
P.S. аз съм глупавият защото mount не е баш същото като month
вторник, май 24, 2011
Robocopy
Задача: да се мигрират redirected user folders(Desktop & My Documents) на друг сървър и storage.
Варианти: rsync for Windows, но това искаше иснталации и на двете машини (source & destination) и native за Windows - robocopy.
Сериозните опции са /mir и /copyall
Същественната разлика м/у /mir и /copyall, е че /mir изтрива съдръжанието на destination folder-a и го замества със съдържанието на source folder-a, докато при /copyall ако има промени в source folder-a при стартирането ще се отразят в destination folder-a без да се загубят промените които м/у временно са възникнали в destination folder-a
Примерно:
Robo_source : file1, dir1
Robo_dest: file2, dir2
след robocopy \\server1\Robo_source \\server2\Robo_dest /mir /e /tee съдържанието на Robo_dest == file1, dir1;
докато след robocopy \\server1\Robo_source \\server2\Robo_dest /copyall /e /tee съдържанието на Robo_dest == file2, dir2, file1, dir1;
Useful switches:
/z - restartable mode
/save:job.file - run and save command + swtiches in job.file.rcj (/save:job.file.rcj трабва да е най-накрая в списъка с допълнителните ключове - т.е. записва се всичко до /save:xxx, но не и след него). Създава се файл: job.file.RCJ
/save:job.file /quit - just save command + switches (do not run anything)
/job:job.file - read from job.file.rcj and run what you read
/mon:N - monitor for N changes in Source_dir
/mot:N - monitor in N min for changes in Source_dir
Examples:
1. full mirror
robocopy \\server1\Robo_source \\server2\Robo_dest /mir /e /tee
2. Update Robo_dest with changes in Robo_source (e.g. differential)
\\server1\Robo_source \\server2\Robo_dest /copyall /e /tee
3. Just monitor for 3 changes every 3 minutes
\\server1\Robo_source \\server2\Robo_dest /mon:3 /mot:3 (?!)- на теория трябва само да следи за промени ама май направо си ъпдейтва Robo_dest с промените в Robo_source
П.С. версиите до W2k8 не "реагират" при промяна на атрибутите за NTFS permissions, но във Vista и Windows 2008 (R2) вече има допълнителен ключ - /secfix
MS графичен фронт-енд
Robocopy записва в EventViewer-a какво се случва, но по-юзъбъл за мен е mail notification
Варианти: rsync for Windows, но това искаше иснталации и на двете машини (source & destination) и native за Windows - robocopy.
Сериозните опции са /mir и /copyall
Същественната разлика м/у /mir и /copyall, е че /mir изтрива съдръжанието на destination folder-a и го замества със съдържанието на source folder-a, докато при /copyall ако има промени в source folder-a при стартирането ще се отразят в destination folder-a без да се загубят промените които м/у временно са възникнали в destination folder-a
Примерно:
Robo_source : file1, dir1
Robo_dest: file2, dir2
след robocopy \\server1\Robo_source \\server2\Robo_dest /mir /e /tee съдържанието на Robo_dest == file1, dir1;
докато след robocopy \\server1\Robo_source \\server2\Robo_dest /copyall /e /tee съдържанието на Robo_dest == file2, dir2, file1, dir1;
Useful switches:
/z - restartable mode
/save:job.file - run and save command + swtiches in job.file.rcj (/save:job.file.rcj трабва да е най-накрая в списъка с допълнителните ключове - т.е. записва се всичко до /save:xxx, но не и след него). Създава се файл: job.file.RCJ
/save:job.file /quit - just save command + switches (do not run anything)
/job:job.file - read from job.file.rcj and run what you read
/mon:N - monitor for N changes in Source_dir
/mot:N - monitor in N min for changes in Source_dir
Examples:
1. full mirror
robocopy \\server1\Robo_source \\server2\Robo_dest /mir /e /tee
2. Update Robo_dest with changes in Robo_source (e.g. differential)
\\server1\Robo_source \\server2\Robo_dest /copyall /e /tee
3. Just monitor for 3 changes every 3 minutes
\\server1\Robo_source \\server2\Robo_dest /mon:3 /mot:3 (?!)- на теория трябва само да следи за промени ама май направо си ъпдейтва Robo_dest с промените в Robo_source
П.С. версиите до W2k8 не "реагират" при промяна на атрибутите за NTFS permissions, но във Vista и Windows 2008 (R2) вече има допълнителен ключ - /secfix
MS графичен фронт-енд
Robocopy записва в EventViewer-a какво се случва, но по-юзъбъл за мен е mail notification
петък, май 20, 2011
Mikrotik change TTL
Голяма глупост е set-ването на TTL=1 от страна на доставчика (opticom AS42555) с
цел да се ограничи броя на устройствата per account. На Микротик нещата се
байпасват така:
/ip firewall mangle print where
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Change TTL
chain=prerouting action=change-ttl new-ttl=set:155 in-interface=pppoe-out1
цел да се ограничи броя на устройствата per account. На Микротик нещата се
байпасват така:
/ip firewall mangle print where
Flags: X - disabled, I - invalid, D - dynamic
0 ;;; Change TTL
chain=prerouting action=change-ttl new-ttl=set:155 in-interface=pppoe-out1
P.S. колкото повече ги гледам толкова повече стигам до извода, че няма да ги
използвам
четвъртък, май 19, 2011
Add Windows 2008R2 DomainController in existing 2003 AD Domain
1. Raise functional domain functional level to Windows Server 2003
2. Preparing AD DS for a new domain controller (W2k8)
Стартираме на infrastructure master from Windows 2008 Install CD\support\adprep\:
adprep32 /forestprep
adprep32 /domainprep /gpprep
By default се стартира adprep64!
3. Promote new W2k8 Server to a Domain Controller
2. Preparing AD DS for a new domain controller (W2k8)
Стартираме на infrastructure master from Windows 2008 Install CD\support\adprep\:
adprep32 /forestprep
adprep32 /domainprep /gpprep
By default се стартира adprep64!
3. Promote new W2k8 Server to a Domain Controller
сряда, май 11, 2011
... wisdom ...
с времето ще открием, че самият акт на заспиването (навреме), а и на събуждането след това (сух) са си постижения :
source: http://yovko.net/blog/5673#comments
author: Дончо
source: http://yovko.net/blog/5673#comments
author: Дончо
вторник, май 03, 2011
Mikrotik firewall
N.B. Mikrotik firewall (/ip firewall filter) работи на принципа на последното
съвпадение (last match) - т.е. при дублирани или сходни правила ще сработи
последното.
съвпадение (last match) - т.е. при дублирани или сходни правила ще сработи
последното.
/ip firewall filter
add action=log chain=input comment="Telnet logging" disabled=no dst-port=23
log-prefix="" protocol=tcp
add action=drop chain=input comment="disabe telnet except My_IP" disabled=no
dst-port=23 protocol=tcp src-address=!192.168.234.83
add action=drop chain=input comment="disable all" disabled=no dst-port=23
protocol=tcp
Заради последното правило телнет връзката ми ще бъде дропната
петък, март 18, 2011
daily wisdom
Глупостта е безкрайна. Тя може да сътвори повече, отколкото знанието може да опровергае.
вторник, март 15, 2011
понеделник, януари 31, 2011
online wisdom
[14:14:35] nuke: "Човек сам се ражда и сам умира, а през останалото време някакви хора непрекъснато се опитват да му досаждат"
петък, януари 21, 2011
DD-WRT poor software design
DD-WRT: http://192.168.1.1/cgi-bin/;reboot -- completely reboot without any authentication.
неделя, януари 16, 2011
вторник, януари 04, 2011
Remotely Terminate and Disconnect Remote Desktop
qwinsta /server:<sServer.IP.or.NetBIOS> -- > list of active and connecting Remote Desktop or Terminal Services sessions
rwinsta <ID> /server:<Server.IP.or.NetBIOS> --> reset and disconnect the Remote Desktop connections or sessions
qwinsta = Query Window Station
rwinsta = Reset Window Station
Абонамент за:
Публикации (Atom)