вторник, ноември 29, 2011
събота, ноември 19, 2011
Free DNS servers
=> Service provider: Google
Google public dns server IP address:
* 8.8.8.8
* 8.8.4.4
=> Service provider:Dnsadvantage
Dnsadvantage free dns server list:
* 156.154.70.1
* 156.154.71.1
=> Service provider:OpenDNS
OpenDNS free dns server list / IP address:
* 208.67.222.222
* 208.67.220.220
=> Service provider:Norton
Norton free dns server list / IP address:
* 198.153.192.1
* 198.153.194.1
=> Service provider: Verizon
Public Name server IP address:
* 4.2.2.1
* 4.2.2.2
* 4.2.2.3
* 4.2.2.4
* 4.2.2.5
* 4.2.2.6
=> Service provider: ScrubIt
Public dns server address:
* 67.138.54.100
* 207.225.209.66
събота, ноември 12, 2011
Cisco PPTP server - basic user management
I. Show currently active pptp connections and see
1. remote address of dialed client
ar1.SOF10#sh vpdn tunnel pptp
PPTP Tunnel Information Total tunnels 1 sessions 1
LocID State Remote Address Port Sessions VPDN Group
698 estabd 85.187.36.7 53720 1 VPN
2. Username of remote dialer and localy assigned Virtual interface as well
ar1.SOF10#sh vpdn session pptp
PPTP Session Information Total tunnels 1 sessions 1
LocID RemID TunID Intf Username State Last Chg Uniq ID
694 53720 698 Vi5 ipopov estabd 00:09:30 713
Local Interface: Vi5 (Virtual-Access5)
3. IP address assigned to remote user
ar1.SOF10#sh ip rou conn | i Virtual-Access5
C 194.12.234.22/32 is directly connected, Virtual-Access5
II. Disconect particular user
ar1.SOF10#clear vpdn tunnel pptp id 698
сряда, ноември 09, 2011
Last resort in troubleshooting guide
1. Отидете до най-близкият Multi-Mагазин (тип Била, Метро, Лидл, Кауфланд)
2. Купете 30 кутийки кибрит
3. Изстържете внимателно барута от клечката кибрит (главичката на клечката която е с различен цвят спрямо основата)
4. Натъпчете така изстърганият барут в ушите си
5. Ударете си главата във стената по начин предизвикващ възпламенителна искра
6. Ако все още нещо се случва (около вас) повторете точка 1-6 до постигане на траен краен резултат
четвъртък, ноември 03, 2011
Basic DNS and Mail Troubleshooting
За следващото обучение/презентация
DNS Troubleshooting
DNS server - server who is answering on DNS queries
DNS query - major function: convert IP-to-NAME/NAME-to-IP
FQDN - Fully Qualified Domain Name (name=mail fqdn=mail.evolink.com)
DNS server types:
* Master/Primary - server which gets its zone data from a local source (zone/domain files are stored on a local storage)
* Secondary/Slave - hich gets its zone/domain data from an external source (from master for example)
* Cache - jsut caching results of DNS queries for a pre-defined time interval (depends of TTL)
* Forwarder - just redirect dns queries from client to another DNS
* SplitHorizont Server - ACL view/Geographic Mapping (Google DNS )
---------------------------------------------------------------------------------------------
* Iterative - only answer information they know or have cached (Master/Slave/Cache)
* Recursive - know how and who to ask for information (Master/Slave/Forwarder)
DNS types of record
* Host (A) -- This is the basic mapping of IP address to host name, the essential component for any domain name.
* Canonical Name (CNAME) -- This is an alias for your domain. Anyone accessing that alias will be automatically directed to the server indicated in the A record.
* Mail Exchanger (MX) -- This maps e-mail traffic to a specific server. It could indicate another host name or an IP.
* Name Server (NS) -- This contains the name server information for the zone. Server will let other DNS servers know that yours is the ultimate authority (SOA) for your domain when caching lookup information on your domain from other DNS servers around the world.
* Start of Authority (SOA) -- This is one larger record at the beginning of every zone file with the primary name server for the zone and some other information.
* Pointer record (PTR) -- Responsible for reverse DNS resolution (rDNS) - determination of a domain name that is associated with a given IP address
Durty (but not right) way to check Is DNS server working
telnet DNS.IP.ADD.RESS 53
nmap DNS.IP.ADD.RESS
Ask specific server
dig @DNS.IP.ADD.RESS mail.evolink.com
nslookup
server DNS.IP.ADD.RESS
mail.evolink.com
Ask specific server for certain type of RR
dig @DNS.IP.ADD.RESS -t [NS/MX/A/CNAME/TXT/...ALL] mail.evolink.com
nslookup
server DNS.IP.ADD.RESS
set type=[NS/MX/CNAME/etc]
mail.evolink.com
Ask for PTR RR
dig -x 194.12.255.146 +short
nslookup
set type=PTR
194.12.255.146
ping -a 194.12.255.146
Trace DNS communication
dig @8.8.8.8 mail.evolink.com +trace
Recomended resources:
Understanding DNS - http://technet.microsoft.com/en-us/library/cc728412%28WS.10%29.aspx
DNS for Rocket Scientist : http://www.zytrax.com/books/dns/
Mail Troubleshooting
e-mail servers function : nothing more than sends piece of text over the Internet
Major Steps : MUA > MSA > MTA > … > MTA > MDA >> MRA >> MUA
MUA - Mail User Agent - end user's mail client (MS Outlook, Thunderbird, WEB Browser, etc)
MSA - Mail submission agent - complicated, but treat it like a borderline MTA (kind of SMTP proxy or smart host for example)
MTA - Mail Transfer Agent - A true mail server (exim, postfix, qmail, exchange)
MDA - Mail Delivery Agent - performs the actual delivery including process "filtering" (auto-replay, white/black lists, spamassassin, amavis, AV, etc)
MRA - Mail Retrival Agent - POP(s)/IMAP(s) services (cyrus, courier, dovecot, qmail)
What's realy happen after hitting SEND button:
1. MUA looks in their settings and find outgoing mail server entry
2. MUA perform DNS lookup to convert NAM-IP
3. MUA perform route/arp/etc lookup to find route out to outgoing mail server destination
4. SEnding MTA perform DNS lookup to find MX record (respect MX priority), ask Receiving MTA to accept message and send that message
5. Receiving MTA perform initial check and accept/reject mail (message format check, WL/BL check, AV check etc)
6. MDA perform some additional checks and manipulations and deliver mail to users home foleders (SPAM check and classification, rewrite, re-route, etc)
7. MRA is waiting for connections via well-known protocols/ports
8. MUA authenticate/connect to MRA and get mails
Troubleshooting tools: nmap, telnet, mail-message source
MTA SMTP - tcp/25
SMTPs - tcp/465
MRA POP3 - tcp/110
POP3s - tcp/995
IMAP - tcp/143
IMAPs - tcp/993
Successful communication (MTA service is working)
telnet mail.example.com 25
Trying 11.12.13.14...
Connected to mail.example.com.
Escape character is '^]'.
220 ESMTP
ehlo privet
250-
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221
Connection closed by foreign host.
Unsuccessful communication (no running MTA service or firewall issue)
telnet mail.example.net 25
Trying 1.2.3.4...
telnet: Unable to connect to remote host: Connection refused
SMTP command
* HELO - introduce yourself
* EHLO - introduce yourself and request extended mode
* MAIL FROM: - specify the sender
* RCPT TO: - specify the recipient
* DATA - specify the body of the message (To, From and Subject should be the first three lines.)
* RSET - reset
* QUIT - quit the session
* HELP - get help on commands
* VRFY - verify an address
* EXPN - expand an address
* VERB - verbose
POP3 commands
* USER - enter your user ID
* PASS - enter your password
* QUIT - quit the POP3 server
* LIST - list the messages and their size
* RETR - retrieve a message, pass it a message number
* DELE - delete a message, pass it a message number
* TOP - show the top x lines of a message, pass it a message number and the number of lines
Sending mail via telnet
telnet example.com 25
ehlo example.com
mail from: username@example.com
rcpt to: friend@hotmail.com, friend2@yahoo.com
data
Subject: Send mail via telnet
I was here!
.
Check or read email with telnet
user username@example.com
pass passwordgoeshere
list
retr 2
dele 1
quit
Reading mail-message source
Full mail-message header example: (spammer's mail address and IP intentionaly leaved as is)
Return-Path: <0-chinomi@akita-pu.ac.jp>
X-Original-To: mailinglist_or_mail.alias@example.com
Delivered-To: me@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 9872A8221A2
for <mailinglist_or_mail.alias@example.com>; Thu, 3 Nov 2011 12:31:01 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at mail.example.com
X-Spam-Flag: NO
X-Spam-Score: 9.372
X-Spam-Level: *********
X-Spam-Status: No, score=9.372 tagged_above=2 required=14.31
tests=[BAYES_99=3.5, DCC_CHECK=2.17, DIGEST_MULTIPLE=0.001,
PYZOR_CHECK=3.7, UNPARSEABLE_RELAY=0.001]
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Fm+2o1grwwo5 for <mailinglist_or_mail.alias@example.com>;
Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received: by mail.example.com (Postfix, from userid 5001)
id 0A1948221A6; Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received-SPF: none (akita-pu.ac.jp: No applicable sender policy available) receiver=mail.example.com;
identity=mailfrom; envelope-from="0-chinomi@akita-pu.ac.jp"; helo="[59.94.251.160]"; client-ip=59.94.251.160
Received: from [59.94.251.160] (unknown [59.94.251.160])
by mail.example.com (Postfix) with ESMTP id 95C9382219D
for <mailinglist_or_mail.alias@example.com>; Thu, 3 Nov 2011 12:30:28 +0300 (EEST)
Received: from 59.94.251.160 (account <mailinglist_or_mail.alias@example.com> HELO example.com)
by example.com (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 168978161 for <mailinglist_or_mail.alias@example.com>; Thu, 3 Nov 2011 15:00:27 +0530
From: <something@somewhere.xxl>
To: <mailinglist_or_mail.alias@example.com>
Subject: Administrative Assistant Vacancy
Date: Thu, 3 Nov 2011 15:00:27 +0530
Return-Path: - contains FQDN of originating sender. Cannot be forged. From where realy mail comes
X-Original-To: - original send-to destination
Delivered-To: - to wich mailbox this email was delivered
Received: - added to the envelope header for each step of the host-to-host delivery process. Include address of sending MTA, local (for MTA) date and time of message transfer and type of used application
X-Virus/X-SPAM/Received-SPF - some additional checks with basic information about who-chek-what
From: - can be anything including google@boiko.borisov.yes
To: - content in TO field on sending MUA
Subject: - can be re-writed by MDA, corporate policy, etc
Date: - this field is set by originating (sending) host [realy clever way to place your message on-top of received messages in recipient's mailbox]
Basic DNS & Mail troubleshooting
e-mail servers function : nothing more than sends piece of text over the Internet
Major Steps : MUA > MSA > MTA > … > MTA > MDA >> MRA >> MUA
MUA - Mail User Agent - end user's mail client (MS Outlook, Thunderbird, WEB Browser, etc)
MSA - Mail submission agent - complicated, but treat it like a borderline MTA (kind of SMTP proxy or smart host for example)
MTA - Mail Transfer Agent - A true mail server (exim, postfix, qmail, exchange)
MDA - Mail Delivery Agent - performs the actual delivery including process "filtering" (auto-replay, white/black lists, spamassassin, amavis, AV, etc)
MRA - Mail Retrival Agent - POP(s)/IMAP(s) services (cyrus, courier, dovecot, qmail)
What's realy happen after hitting SEND button:
1. MUA looks in their settings and find outgoing mail server entry
2. MUA perform DNS lookup to convert NAM-IP
3. MUA perform route/arp/etc lookup to find route out to outgoing mail server destination
4. SEnding MTA perform DNS lookup to find MX record (respect MX priority), ask Receiving MTA to accept message and send that message
5. Receiving MTA perform initial check and accept/reject mail (message format check, WL/BL check, AV check etc)
6. MDA perform some additional checks and manipulations and deliver mail to users home foleders (SPAM check and classification, rewrite, re-route, etc)
7. MRA is waiting for connections via well-known protocols/ports
8. MUA authenticate/connect to MRA and get mails
Troubleshooting tools: nmap, telnet, mail-message source
MTA SMTP - tcp/25
SMTPs - tcp/465
MRA POP3 - tcp/110
POP3s - tcp/995
IMAP - tcp/143
IMAPs - tcp/993
Successful communication (MTA service is working)
telnet mail.evolink.com 25
Trying 194.12.255.146...
Connected to mail.evolink.com.
Escape character is '^]'.
220 ESMTP
ehlo privet
250-
250-STARTTLS
250-PIPELINING
250-8BITMIME
250-SIZE 20971520
250 AUTH LOGIN PLAIN CRAM-MD5
quit
221
Connection closed by foreign host.
Unsuccessful communication (no running MTA service or firewall issue)
telnet linkstat.evolink.net 25
Trying 85.14.44.7...
telnet: Unable to connect to remote host: Connection refused
SMTP command
* HELO - introduce yourself
* EHLO - introduce yourself and request extended mode
* MAIL FROM: - specify the sender
* RCPT TO: - specify the recipient
* DATA - specify the body of the message (To, From and Subject should be the first three lines.)
* RSET - reset
* QUIT - quit the session
* HELP - get help on commands
* VRFY - verify an address
* EXPN - expand an address
* VERB - verbose
POP3 commands
* USER - enter your user ID
* PASS - enter your password
* QUIT - quit the POP3 server
* LIST - list the messages and their size
* RETR - retrieve a message, pass it a message number
* DELE - delete a message, pass it a message number
* TOP - show the top x lines of a message, pass it a message number and the number of lines
Sending mail via telnet
telnet example.com 25
ehlo example.com
mail from: username@example.com
rcpt to: friend@hotmail.com, friend2@yahoo.com
data
Subject: Send mail via telnet
I was here!
.
Check or read email with telnet
user username@example.com
pass passwordgoeshere
list
retr 2
dele 1
quit
Reading mail-message source
Full mail-message header example: (spammer's mail address and IP intentionaly leaved as is)
Return-Path: <0-chinomi akita-pu.ac.jp="">
X-Original-To: mailinglist_or_mail.alias@example.com
Delivered-To: me@example.com
Received: from localhost (localhost [127.0.0.1])
by mail.example.com (Postfix) with ESMTP id 9872A8221A2
for
X-Virus-Scanned: Debian amavisd-new at mail.example.com
X-Spam-Flag: NO
X-Spam-Score: 9.372
X-Spam-Level: *********
X-Spam-Status: No, score=9.372 tagged_above=2 required=14.31
tests=[BAYES_99=3.5, DCC_CHECK=2.17, DIGEST_MULTIPLE=0.001,
PYZOR_CHECK=3.7, UNPARSEABLE_RELAY=0.001]
Received: from mail.example.com ([127.0.0.1])
by localhost (mail.example.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Fm+2o1grwwo5 for
Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received: by mail.example.com (Postfix, from userid 5001)
id 0A1948221A6; Thu, 3 Nov 2011 12:30:29 +0300 (EEST)
Received-SPF: none (akita-pu.ac.jp: No applicable sender policy available) receiver=mail.example.com;
identity=mailfrom; envelope-from="0-chinomi@akita-pu.ac.jp"; helo="[59.94.251.160]"; client-ip=59.94.251.160
Received: from [59.94.251.160] (unknown [59.94.251.160])
by mail.example.com (Postfix) with ESMTP id 95C9382219D
for
Received: from 59.94.251.160 (account
by example.com (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 168978161 for
From:
To:
Subject: Administrative Assistant Vacancy
Date: Thu, 3 Nov 2011 15:00:27 +0530
Return-Path: - contains FQDN of originating sender. Cannot be forged. From where realy mail comes
X-Original-To: - original send-to destination
Delivered-To: - to wich mailbox this email was delivered
Received: - added to the envelope header for each step of the host-to-host delivery process. Include address of sending MTA, local (for MTA) date and time of message transfer and type of used application
X-Virus/X-SPAM/Received-SPF - some additional checks with basic information about who-chek-what
From: - can be anything including google@boiko.borisov.yes
To: - content in TO field on sending MUA
Subject: - can be re-writed by MDA, corporate policy, etc
Date: - this field is set by originating (sending) host [realy clever way to place your message on-top of received messages in recipient's mailbox]