Databases, Systems & Networks

ISPConfig 3 + Squeeze – SSL/TLS 465 SMTP Fail

21/01/2024 Comments off

Hi there.

New install of ISPConfig 3 on Debian Squeeze [previously on Lenny]

Created using: http://www.ispconfig.org/news/tutorial-the-perfect-server-debian-squeeze-debian-6-0-with-bind-courier-ispconfig-3/

Previous server used:

Port: 465
Connection security: SSL/TLS
Authentication method: normal password

If I try to use these setting on this fresh install [complete format with previous back up files stored on a seperate drive] I get the following error:

Sending of message failed.

The message could not be sent because connecting to SMTP server mail.myserver.com (changed from real name – error has correct name) failed. The server may be unavailable or is refusing SMTP connections. Please verify that your SMTP server settings are correct and try again, or contact the server administrator.

I can send using:

Port: 25
Connection security: STARTTLS
Authentication method: normal password

No errors appear in mail.log or mail.err

I’ve compared the master.cf pre/post [original/current]

Differing section appears to be:

Original

smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o milter_macro_daemon_name=ORIGINATING
smtps inet n - - - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticate d,reject
-o milter_macro_daemon_name=ORIGINATING

Current

smtp inet n - - - - smtpd
#submission inet n - - - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING
#smtps inet n - - - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticate d,reject
# -o milter_macro_daemon_name=ORIGINATING

main.cf has a couple of minor differences

Original

smtpd_tls_CAfile = /etc/postfix/cert.pem

*This line is missing in the current main.cf

Current

smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth

*These lines do not appear in the original main.cf

No firewall rules are set to block ports.

hopefully I’ve provided enough detail.

Categories: Logiciel Tags: Mail, Postfix

Create DNS Service Location (SRV) records for the Exchange Autodiscover service

20/01/2024 Comments off

Source: Upwards with SBS

In earlier blog posts I’ve discussed other DNS records such as the TXT SPF record. This is a new but very important record that you will want in place for your domain.

Here’s a list of great resources that describe this in detail and include guidance to manually create and publish the record to whomever is hosting your DNS records for the domain.

Sean Daniels very good explanation with examples
Both of those will fail in the default SBS case as the info is actually at https://remote.contoso.com/autodiscover. With Outlook 2007 SP1 and above, outlook adds a third check. It checks a SRV record, or service. When you run the Internet Address Management wizard with a partner, this SRV record is automatically set. It looks like:
_autodiscover._tcp IN SRV 0 0 443 remote.contoso.com
This blog post goes into what the syntax means piece by piece …a tech deep dive meant to tie in their chat client software to Google Apps. They do have a tester there too. Realize that in the GoDaddy record wizard that for SBS you enter @ for the Name field which represents your domain name.
Susan Bradley post on the same including a Go Daddy creation guide
Microsoft KB 940881- A new feature is available that enables Outlook 2007 to use DNS Service Location (SRV) records to locate the Exchange Autodiscover service
Test your record here – https://www.testexchangeconnectivity.com/
double-check to ensure that it was correctly published by those hosting your domain’s DNS records – my fav http://www.intodns.com (but I don’t see SRV record reported) – tech sent me to http://network-tools.com but none of the tests there seemed to fit

Categories: Logiciel, Réseau Tags: administration, Mail

Récupérer le zoom dans OS X Mountain Lion

20/01/2024 Comments off

La dernière mouture en date d’OSX désactive une fonction assez pratique : le zoom.

Son utilisation est possible sur les versions précédentes en maintenant la touche CTRL + scroll.

Pour la réactiver sous OSX Mountain Lion, il suffit d’aller dans les préférences :

Préférences système…
Accessibilité
Réduite/agrandir

Il suffit ensuite de cocher « Pour effectuer un zoom, utilisez le geste de défilement avec les touches de modification : »

Categories: Logiciel Tags: Apple, Mac OS X

psad: Linux Detect And Block Port Scan Attacks In Real Time

15/01/2024 Comments off

Source: NixCraft

Q. How do I detect port scan attacks by analyzing Debian Linux firewall log files and block port scans in real time? How do I detect suspicious network traffic under Linux?

A. A port scanner (such as nmap) is a piece of software designed to search a network host for open ports. Cracker can use nmap to scan your network before starting attack. You can always see scan patterns by visiting /var/log/messages. But, I recommend the automated tool called psad – the port scan attack detector under Linux which is a collection of lightweight system daemons that run on Linux machines and analyze iptables log messages to detect port scans and other suspicious traffic.

psad makes use of Netfilter log messages to detect, alert, and (optionally) block port scans and other suspect traffic. For tcp scans psad analyzes tcp flags to determine the scan type (syn, fin, xmas, etc.) and corresponding command line options that could be supplied to nmap to generate such a scan. In addition, psad makes use of many tcp, udp, and icmp signatures contained within the Snort intrusion detection system.

Install psad under Debian / Ubuntu Linux

Type the following command to install psad, enter:
$ sudo apt-get update $ sudo apt-get install psad

Categories: Logiciel, Réseau, Sécurité Tags: administration, firewall, iptables, netfilter

MySQL – éviter les doublons dans un SELECT

15/01/2024 Comments off

Il suffit d’utiliser la clause DISTINCT entre SELECT et les champs.

Exemple :

SELECT DISTINCT id,nom,prenom FROM matable

Categories: Bases de données, Logiciel Tags: database, MySQL

Entrées récentes Anciennes entrées

Databases, Systems & Networks

Archive

ISPConfig 3 + Squeeze – SSL/TLS 465 SMTP Fail

Create DNS Service Location (SRV) records for the Exchange Autodiscover service

Récupérer le zoom dans OS X Mountain Lion

psad: Linux Detect And Block Port Scan Attacks In Real Time

Install psad under Debian / Ubuntu Linux

MySQL – éviter les doublons dans un SELECT

Tags

Archives

Articles récents

Catégories

Categories

Blogroll

Archives

Meta