HackeD By TeaM_CC :: sec_d@rK WAS HERE

January 23rd, 2013 by heribertuswp No comments »

Hacked By TeaM_CC :: sec_d@rK WAS HERE

Your Security breached ….
No security is perfect
Facebook.com/cyber.command0s

[+]Team_CC[+]

No comments »

Posted in Windows

Active Directory Domain Services(AD DS)

January 23rd, 2013 by heribertuswp No comments »

Sebagian dari teman-teman pasti sudah mengetahui apa itu Active Directory Domain Services yang ada pada Windows

Server 2008, dikarenakan di portal kita ini, sudah ada yang pernah menuliskan mengenai blogs ini, yang akan saya bagikan juga

adalah perbandingannya dengan Windows Server 2003. Apabila pada windows Server 2003 ketika kita dcpromo atau ingin

menjadikan sebuah server sebagai Domain Controller, kita tinggal mengetikan dcpromo dan menjalankannya pada run.

Sebenarnya di Windows Server 2008 sama saja kita juga installasi active directory dengan mengetik dcpromo kemudian

terinstall active directory, akan tetapi di Windows Server 2008 akan menginstall terlebih dahulu Active Directory Domain and

Services yang kemudian apabila setelah install server role ini, kita cancel wizard nya maka akan terdapat AD User and

Computer, AD Sites and Services, AD Domain and Trusts dan AD Schema pada Administrative tools, berbeda dengan

Windows Server 2003 ketika kita jalankan dcpromo maka akan langsung masuk ke wizards tidak installasi Server Roles

seperti ini terlebih dahulu.

Dengan adanya AD DS client komputer juga bisa menggunakan user account yang sudah di create untuk melakukan

authentikasi ke AD DS, untuk akses ke network resource seperti file server atau print server juga authenticate nya melalui

AD DS. Misalnya apakah user ini terdaftar dalam group tertentu, atau secara individu user tersebut diperbolehkan akses ke

folder tertentu. Server roles(AD FS, AD RMS dan AD CS) yang lain tergantung kepada AD DS untuk provide informasi

mengenai user dan network resource yang ada dalam Active Directory. Adapun juga beberapa fungsi baru dari AD DS, yaitu

Read Only Domain Controller yang selama ini sering kita bahas diportal wss-id kita ini, ketika mendefrag domain controller

nya tanpa harus menstop service dari AD nya, tidak seperti DC 2003 kita harus menstop service nya terlebih dahulu.

Secara konsep Active Directory 2003 dengan AD 2008 hampir sama, inti dari Active Directory adalah Active Directory

Domain and Services, karena tanpa adanya ini, maka Server Roles yang lain tidak akan berfungsi dengan sempurna. Disini

kita mengerjakan semua tentang Active Directory.

Adapun beberapa wizard Active Directory Domain and Services sendiri sama saja seperti pada Windows Server

2003 sebelumnya :

1. Active Directory User and Computer digunakan untuk me-manage(create, modify ataupun remove) objek-objek(OU, User,

computer, Group, printer dan lain-lain) yang ada pada Active Directory dengan menggunakan GUI(Graphics User Interface),

2. Active DIrectory Site and Services digunakan untuk membuat site dan mengatur replikasi antar Domain Controller.

3. Active Directory Domain and Trusts digunakan untuk membuat trust antar domain dan untuk me-raise forest functional level

dan domain functional level, terdapat salah satu FSMO roles yang bisa kita pindahkan dari satu DC ke DC yang lainnya.

4. Active Directory Schema digunakan untuk menambahkan, mengubah ataupun juga menghapus class atau attribut yang

ada pada Active Directory.

Selain Fungsi diatas Active Directory Domain and Services juga mempunyai beberapa fitur, antara lain :

1. Centralized Directory memudahkan Network admin untuk mengatur jaringannya dengan menggunakan single Directory

yang terpusat.

2. Single Sign On Access bisa mengakses beberapa resources dengan menggunakan satu buah user account saja,

contohnya User bobby bisa mengakses file server, print server dan fax server.

3. Integrated Security AD DS berkolaborasi dengan Windows Server 2008 security bisa mengecek langsung security permission

yang ada pada setiap client yang join baik itu merupakan, Windows NT, 98, 2000, XP dan Vista.

4. Scalability kita bisa menambahkan server AD DS yang baru apabila pada Windows Server 2003 kita namakan Additional

Domain Controller(ADC). AD DS Server baru akan melakukan replikasi dari AD DS yang lama, sehingga user bisa login ke

AD DS yang paling dengan wilayah mereka.

5. Common Management Interface, Microsoft Management Console(MMC) yang digunakan untuk mendeploy AD DS dan

melakukan maintenance terhadap Active Directory yang sudah ada.

AD DS terbentuk dari 2 bagian, yaitu Physical Component dan Logical Component

Physical Component AD DS :

1. Data Store : tempat dimana data itu tersimpan(dimana kita install Active Directory disitulah data store nya).

contohnya : ntds.dit file yang tersimpan di %SystemRoot%\NTDS folder

2. Domain Controller : sebuah Server yang kita install Active Directory, maka kita sebut sebagai Domain Controller

didalamnya juga menyediakan Authentication dan authorization access ke resources tertentu, replikasi update antar

Domain Controller.

3. Global Catalog Server : yang didalamnya terdapat global catalog, global catalog sendiri bisa berisi query yang

paling sering digunakan oleh objek, misalnya user login, menyimpan trust antar domain dalam satu forest. tempat

dimana kita mengaktifkan global catalog disebut global catalog server.

4. Read Only Domain Controller : Domain Controller yang kita hanya bisa read only, tanpa bisa melakukan perubahan

di dalamnya.

5. Sites : penempatan Domain controller, yang ditujukan untuk replikasi antar Domain Controller tersebut. Apabila beda

site kita bisa melakukan scheduling, apabila satu site maka bisa langsung replikasi, kita juga bisa membagikan ip-subnet

pada setiap Domain Controller.

AD DS Replication : mengkopi semua update yang ada AD DS database ke semua Domain Controller yang lainnya bisa

dalam satu domain atau dalam satu forest. AD Replication juga memastikan semua DC mempunyai informasi yang sama,

menggunakan Multimaster Replication Model(bisa diubah di setiap DC yang writeable dan updatenya dikirim ke DC yang lain).

Replikasi bisa di manage dengan membuat Site.

Logical Component dari AD DS :

1. AD DS Schema : terdiri dari 2 bagian, yaitu class objek : mendefinisikan objek baru yang bisa kita buat pada Active

Directory (contohnya computer class dan user class), attribut objek : Informasi apa saja yang bisa disimpan pada setiap

class objek (contohnya pada user class terdapat display name, email address, dll).\

2. AD DS objek : merupakan bagian terkecil dari AD DS, yang didalamnya terdapat user, computer, printer, group(digunakan

untuk pengelompokan dan memberikan permission), dan lainnya.

3. Organizational Unit(OU) : merupakan Object container atau tempat penampungan objek, setiap objek yang ada dalam AD DS

bisa kita letakkan dalam 1 OU, OU juga berisi OU lainnya.

4. Domain : digunakan mengelompokan untuk memanage Active Directory objek dalam satu organisasi. Bisa juga untuk

memberikan policy tertentu pada satu OU yang didalamnya bisa terdapat objek-objek yang lain,

Pada satu(1) Domain pasti ada minimal 1 Domain Controller yang terinstall, dalam satu DC hanya bisa ada satu Domain.

5. Domain Tree : Susunan Hirarki dari domain-domain dalam satu forest, yang penulisan namanya contiguous dengan parent

nya(contohnya parent nya contoso.com, childnya as.contoso.com).

6. Forest : merupakan keseluruhan dari AD DS, termasuk didalamnya domain, domain tree, schema, objek maupun OU.

No comments »

Posted in Windows

How to Backup and Restore Windows 2003 Server DC

January 23rd, 2013 by heribertuswp No comments »

How to Backup the Domain Controller(s)

Obviously, before you can restore your domain, you have to back it up first. Mainly what we’re interested in backing up is the System State of a Domain Controller. So what is the System State?

The System State of your server includes the Registry, the Boot files, some System files, the Active Directory service, and other components. (Read more about it here.) You can not pick and choose between which components are backed up during a System State backup. It’s an all or nothing situation.

Since this includes the whole of your Registry, you have to understand that this includes the information about the original System’s installed hardware. This may complicate the restore process somewhat. If you backed the System State from DC on an HP Proliant DL380 G5 series server… and attempt to restore it on a Dell PowerEdge T100… you will most likely have issues with booting up the OS afterwards because the hardware set is significantly different.

As part of your DR plan, I recommend making a point of documenting the hostname, IP address, Operating System, Service Pack level, and the hardware make/model of each of your domain controllers. You may find this information useful when the time comes.

These instructions are going to use the hostname “DC123” as name of the domain controller, and assume that you want to run your System State backup every day at 3:00am.

Create a C:\Backup\ folder.
Click Start — All Programs — Accessories — System Tools — Backup.
Click [Next] — Select Backup Files and Settings — [Next].
Select Let me choose what to back up — [Next].
Expand My Computer — Check System State — [Next].
Set the location of the backup file to C:\Backup\ folder. Set the Name of the Backup to “DC123 System State”.
Click [Next] — [Advanced] — Select Normal — [Next].
Check the Verify Data after Backup box — [Next].
Select Replace the existing backups — [Next].
Select Later — Set the Job Name to “DC123 System State”.
Click [Set Schedule] — Schedule the job to run Daily at 3:00am.
Click [OK] — Enter a set of user credentials — [OK].
Click [Next] — Enter a set of the user credentials — [OK] — [OK] — [Finish].

The actual backup job itself will probably take somewhere between 15 – 30 minutes to run. Then, you can backup the C:\Backup\ folder to tape. Personally, I had preferred to schedule another task that would launch at 4:00am to “robocopy” (which can be found as part of the Windows Server 2003 Resource Kit Tools download) each of the backup files to another server where they were all dumped to tape a few hours later.

You only really need to backup 1 domain controller for this to work, but then your pretty much locked into a single hardware set when it comes time to do the restore. Since I was never sure what kind of hardware I would have available to me when it came time to do the restores, I tried to make a practice of housing each domain controller on a different model of server… and backing each of them up individually. Each backup ran me somewhere between 600 – 800 MB of disk space (which is rather a small pittance by today’s standards).

Yes, this was probably a significant amount of overkill on my part. However, I find that the more paranoid you are, the better prepared you tend to find yourself. And I tend to be rather paranoid about things like DR.

How to Restore the Domain Controller(s)

Now let’s pretend that a disaster has struck!

You’ve retrieved your tapes from off-site storage and acquired your target hardware, so let’s get to work! (Remember that matching the hardware to the DC restore would be best, but you can make substitutions. It’s not an exact science, so some experimentation may be required.)

Note: These instructions are written with a few assumptions in mind.

We assume that your entire domain has been leveled by some catastrophic event.

We assume that your domain controllers are running a Windows 2003 operating system.

We assume that whomever is doing the work knows the login credentials (from the original domain) to the domain’s Administrator account or a user account that is a member of both the domain’s “Domain Admins” and “Schema Admins” groups.

Build a stand-alone Windows 2003 server, and bring it up to the same Service Pack level as the original DC.
Name the server with the same hostname as your original DC.
Restore your System State backup files from tape, and copy them to the new server’s local hard disk.
Reboot the server.
After POST, hit [F8] and select to boot into “Directory Services Restore Mode (Windows domain controllers only)”.
Click Start — All Programs — Accessories — System Tools — Backup.
Click [Next] — Select Restore files and settings — [Next] — Browse to the location of the backup file — [Next].
Expand File – System State Backup — Check the System State box — [Next].
Click [Advanced] — Select Original Location — [Next] — [OK] — Select Leave existing files (Recommended) — [Next].
Check the boxes for:* Restore Security Settings * Restore junction points, but not the folder and file data * Preserve existing volume mount points * When restoring replicated data sets, mark the restored data as the primary data for all replicas
Click [Next] — [Finish].
After the restore is completed, click [Close] — [Yes] to reboot the system.

If your server hardware is significantly different from the original DC, then you may experience difficulty with the boot to the GUI. If this is the case, then you might be able to still recover the OS by booting into Safe Mode or by booting to an original Windows 2003 OS CD to perform a Repair.

Once you get into the GUI, you will need to login using the local Administrator password from the original DC.

Now you will be able to seize the FSMO roles. (Note: After each “seize” command, click [Yes] and allow 3-5 minutes for the task to complete.)

Click Start — Run — NTDSUTIL — [OK].
Type the following commands into NTDSUTIL.roles connections connect to server DC123 q seize domain naming master seize infrastructure master seize PDC seize RID master seize schema master q q

Next, confirm that your DC is a Global Catalog server.

Launch AD Sites and Services (C:\Windows\System32\dssite.msc)
Expand Sites – Default-First-Site-Name – Servers – DC123.
Right-click and select NTDS Settings — On the General tab, verify that the Global Catalog box is checked.
Perform a clean reboot of the system.

Now we’ll clean the old domain controllers out of the AD database.

Click Start — Run — NTDSUTIL — [OK].
Type the following commands into NTDSUTIL.metadata cleanup connections connect to server DC123 quit select operation target list domains select domain <#> list sites select site <#> list servers in site select server <# of bad DC> quit remove selected server quit
Launch Active Directory Sites and Services(C:\Windows\System32\dssite.msc).
Expand Sites – Default-First-Site-Name – Servers.
Right-click on <bad DC hostname> — Select Delete.
Launch Active Directory Users and Computers (C:\Windows\System32\dsa.msc).
Expand the domain — Open the Domain Controllers container.
Right-click on <bad DC hostname> — Select Delete.
Select The domain controller is permanently offline and can no longer be demoted using Active Directory Installation Wizard (DCPROMO).
Click [Delete] — [Yes] to confirm.

Your domain should now be successfully restored, but don’t consider yourself finished at this point. This restored server should be considered hinky at best, and should not be kept as a long-term solution.

Before doing anything else, I recommend that you build a 2nd “clean” domain controller alongside this restored 1st DC. Then, transfer the FSMO roles to the 2nd DC. Finally, demote the 1st DC to a member server and retire it from the domain. That will hopefully ensure that your domain is running on a clean and stable DC that you can rely upon. Then, build a new 2nd DC to ensure some redundancy.

Congratulations! Your domain is restored. Now get to work on restoring everything else.

No comments »

Posted in Windows

Reset Directory Services Restore Mode (DSRM) Password

January 23rd, 2013 by heribertuswp No comments »

This article describes how to reset the Directory Services Restore Mode (DSRM) administrator password for any server in your domain without restarting the server in DSRM. Microsoft Windows 2000 uses the Setpwd utility to reset the DSRM password. In Microsoft Windows Server 2003, that functionality has been integrated into the NTDSUTIL tool. Note that you cannot use the procedure that is described in this article if the target server is running in DSRM. A member of the Domain Administrators group sets the DSRM administrator password during the promotion process for the domain controller. You can use Ntdsutil.exe to reset this password for the server on which you are working, or for another domain controller in the domain.

To Reset the DSRM Administrator Password

Click, Start, click Run, type ntdsutil, and then click OK.
At the Ntdsutil command prompt, type set dsrm password.
At the DSRM command prompt, type one of the following lines:
- To reset the password on the server on which you are working, type reset password on server null. The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.
  -or-
- To reset the password for another server, type reset password on server servername, where servername is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.
At the DSRM command prompt, type q.
At the Ntdsutil command prompt, type q to exit.

No comments »

Posted in Windows

Create AD Query for All User with “Password Never Expired” checked

January 18th, 2013 by heribertuswp No comments »

open ADUC and do the following.

Right-click Saved Queries and click the New-Query option Type in a name for your saved query, such as Find all Non expiring PW Users Click the Define Query button Under the Find drop-down list, select Custom Search Click the Advanced tab Type in (objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=65536) Click the OK button to save the custom entry, then click on the OK button to save the query Now you should see all users with the flage pw never expires

Click the Export List button from the top of the ADUC windows and save to txt file.

No comments »

Posted in Windows

User-Account-Control attribute untuk Queries AD

January 18th, 2013 by heribertuswp No comments »

User-Account-Control attribute

17 out of 52 rated this helpful – Rate this topic

Flags that control the behavior of the user account.

CN	User-Account-Control
Ldap-Display-Name	userAccountControl
Size	4 bytes.
Update Privilege	This value is set by the system.
Update Frequency	Each time the account policy changes.
Attribute-Id	1.2.840.113556.1.4.8
System-Id-Guid	bf967a68-0de6-11d0-a285-00aa003049e2
Syntax	Enumeration

Implementations

Windows 2000 Server

Link-Id	–
MAPI-Id	–
System-Only	False
Is-Single-Valued	True
Is Indexed	True
In Global Catalog	True
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	–
Range-Upper	–
Search-Flags	0x00000019
System-Flags	0x00000012
Classes used in	User

Windows Server 2003

Link-Id	–
MAPI-Id	–
System-Only	False
Is-Single-Valued	True
Is Indexed	True
In Global Catalog	True
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	–
Range-Upper	–
Search-Flags	0x00000019
System-Flags	0x00000012
Classes used in	User

Windows Server 2003 R2

Link-Id	–
MAPI-Id	–
System-Only	False
Is-Single-Valued	True
Is Indexed	True
In Global Catalog	True
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	–
Range-Upper	–
Search-Flags	0x00000019
System-Flags	0x00000012
Classes used in	User

Windows Server 2008

Link-Id	–
MAPI-Id	–
System-Only	False
Is-Single-Valued	True
Is Indexed	True
In Global Catalog	True
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	–
Range-Upper	–
Search-Flags	0x00000019
System-Flags	0x00000012
Classes used in	User

Windows Server 2008 R2

Link-Id	–
MAPI-Id	–
System-Only	False
Is-Single-Valued	True
Is Indexed	True
In Global Catalog	True
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	–
Range-Upper	–
Search-Flags	0x00000019
System-Flags	0x00000012
Classes used in	User

Windows Server 2012

Link-Id	–
MAPI-Id	–
System-Only	False
Is-Single-Valued	True
Is Indexed	True
In Global Catalog	True
NT-Security-Descriptor	O:BAG:BAD:S:
Range-Lower	–
Range-Upper	–
Search-Flags	0x00000019
System-Flags	0x00000012
Classes used in	User

Remarks

This attribute value can be zero or a combination of one or more of the following values.

Hexadecimal value	Identifier (defined in iads.h)	Description
0x00000001	ADS_UF_SCRIPT	The logon script is executed.
0x00000002	ADS_UF_ACCOUNTDISABLE	The user account is disabled.
0x00000008	ADS_UF_HOMEDIR_REQUIRED	The home directory is required.
0x00000010	ADS_UF_LOCKOUT	The account is currently locked out.
0x00000020	ADS_UF_PASSWD_NOTREQD	No password is required.
0x00000040	ADS_UF_PASSWD_CANT_CHANGE	The user cannot change the password.Note You cannot assign the permission settings of PASSWD_CANT_CHANGE by directly modifying the UserAccountControl attribute. For more information and a code example that shows how to prevent a user from changing the password, see User Cannot Change Password. :
0x00000080	ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED	The user can send an encrypted password.
0x00000100	ADS_UF_TEMP_DUPLICATE_ACCOUNT	This is an account for users whose primary account is in another domain. This account provides user access to this domain, but not to any domain that trusts this domain. Also known as a local user account.
0x00000200	ADS_UF_NORMAL_ACCOUNT	This is a default account type that represents a typical user.
0x00000800	ADS_UF_INTERDOMAIN_TRUST_ACCOUNT	This is a permit to trust account for a system domain that trusts other domains.
0x00001000	ADS_UF_WORKSTATION_TRUST_ACCOUNT	This is a computer account for a computer that is a member of this domain.
0x00002000	ADS_UF_SERVER_TRUST_ACCOUNT	This is a computer account for a system backup domain controller that is a member of this domain.
0x00004000	N/A	Not used.
0x00008000	N/A	Not used.
0x00010000	ADS_UF_DONT_EXPIRE_PASSWD	The password for this account will never expire.
0x00020000	ADS_UF_MNS_LOGON_ACCOUNT	This is an MNS logon account.
0x00040000	ADS_UF_SMARTCARD_REQUIRED	The user must log on using a smart card.
0x00080000	ADS_UF_TRUSTED_FOR_DELEGATION	The service account (user or computer account), under which a service runs, is trusted for Kerberos delegation. Any such service can impersonate a client requesting the service.
0x00100000	ADS_UF_NOT_DELEGATED	The security context of the user will not be delegated to a service even if the service account is set as trusted for Kerberos delegation.
0x00200000	ADS_UF_USE_DES_KEY_ONLY	Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
0x00400000	ADS_UF_DONT_REQUIRE_PREAUTH	This account does not require Kerberos pre-authentication for logon.
0x00800000	ADS_UF_PASSWORD_EXPIRED	The user password has expired. This flag is created by the system using data from the Pwd-Last-Set attribute and the domain policy.
0x01000000	ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION	The account is enabled for delegation. This is a security-sensitive setting; accounts with this option enabled should be strictly controlled. This setting enables a service running under the account to assume a client identity and authenticate as that user to other remote servers on the network.

No comments »

Posted in Windows

Create Bulk AD User Account using script

January 9th, 2013 by heribertuswp No comments »

Create batch file :

for /F “tokens=1,2,3,4 delims=,” %%i in (freshmen09.csv) do dsadd user “cn=%%j %%i,ou=2013,ou=students,dc=[domain],dc=org” -samid %%k -pwd “%%l” -upn %%k@[domain].org -fn “%%j” -ln “%%i” -display “%%j %%i” -memberof “cn=GL 2013,ou=2013,ou=students,dc=[domain],dc=org” -disabled no -mustchpwd yes -hmdrv U: -hmdir “\\[network home directory]\2013\%%k”

Create .csv file contain 4 columns : Last Name, First Name, Username, Password

Creates a user for each row in the file,
Puts them into the desired OU,
Sets the password,
Adds them as a member of a group,
Enforces that the password must be changed when the user first logs in,
Sets the home directory to the appropriate place on our network share.

No comments »

Posted in Windows

Cek CPanel & WHM sudah Automatically Update

December 5th, 2012 by heribertuswp No comments »

Untuk mengetahui apakah CPanel dan WHM yang kita miliki sudah terupdate otomatis, dapat dilihat dari menu : Server Configuration – Update Preferences , cek apakah sudah terpilih Daily Update Automatic.

No comments »

Posted in Linux

November 28th, 2012 by heribertuswp No comments »

Instalasi Postfix di Debian

Postfix is a secure Mail Transfer Agent

Contents

Postfix

Installing and Configuring Postfix on Debian

Install postfix (this will remove exim since there can’t be two mail systems). (If you have a website, choose “Internet Site” if the configuration prompts ask for it.):

apt-get install postfix

Check the log mail.log, mail.err, mail.info, mail.warn to see if postfix runs.

cat /var/log/mail.log

Add your domain to the config files, so others can’t abuse your mailsystem:

postconf -e "myorigin = example.com"

Add your hostname (computer name). (Use command “hostname” at the command-line to display your hostname if not sure.)

postconf -e "myhostname=server1.example.com"

Now add the domain names that your system will handle.

postconf -e "relay_domains = example.com, example2.com, example3.com"

Reload Postfix Server:

postfix reload

Test the mailserver. Type

telnet localhost 25

You should see:

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
220 server1.example.com ESMTP Postfix (Debian/GNU)

Send an email to yourself:

mail from:<you@youremail.com>
rcpt to:<user@example.com>
data
To: user@example.com
From: you@youremail.com
Subject: Hey my first email
This is my first email on debian postfix after installing configuring it.
It was easy.

To end data hit enter, type in a dot, and hit enter again:

Then

quit

You’re done. Type “mail” in the command-line terminal and see if you have some.
- Now let’s go to the next step:
- If you have a router with firewall, enable port 25 and forward that port to your computer.
- Enter your MX records in your domain provider. (e.g. godaddy.com or dnspark.com)
- Check your mx records: go to http://www.iptools.com/ locate “DNS lookup”. From pulldown menu select “MX”. Type in your domain name (ex. example.com). You should see some records there. If you don’t see any MX records go back to previous step. You have to have MX record otherwise other computers won’t be able to see you when sending emails.
- Useful commands:

qshape
mailq
qshape deferred
postsuper
postsuper -r ALL   (requeue all emails)

You should be set. If your isp is blocking the traffic then you might need to login to their smtp services. See Postfix and sbcglobal/yahoo/att below.

anti-spam: smtp restrictions

The first fight starts at your server so this should be added to any email server that you setup. This makes sure that any computer that tries to send an email to you has a valid domain name. (spammers use ex. myhomepc as a domain name. This will stop them from spamming you.)
Insert this in your /etc/postfix/main.cf:

smtpd_recipient_restrictions = reject_invalid_hostname,
        reject_unknown_recipient_domain,
        reject_unauth_destination,
        reject_rbl_client sbl.spamhaus.org,
        permit

smtpd_helo_restrictions = reject_invalid_helo_hostname,
        reject_non_fqdn_helo_hostname,
        reject_unknown_helo_hostname

anti-spam: Using RBL Lists

RBL list is a list of domains which says whether they are spammers or not.

Insert this in your /etc/postfix/main.cf:

smtpd_client_restrictions = reject_rbl_client dnsbl.sorbs.net

See what rbl is about: http://www.us.sorbs.net/mailsystems/postfix.shtml

and avoid such blacklists

Debian Anti-Spam Anti-Virus Gateway Email Server

If you are building anti spam system that will act as a gateway. Read below. If you want to add more anti-spam restrictions this is worth reading.Debian Anti-Spam Anti-Virus Gateway Email Server

Postfix and sbcglobal/yahoo/att

SBC global block port 25 on its DSL users:http://help.sbcglobal.net/article.php?item=4640
We will use sbc smtp server via authentication to send emails. Do this:

apt-get install libsasl2-modules

ADD to main.cf by using postconf. Just type (smtp.att.yahoo.com requires the port 587 otherwise you don’t need it):

postconf -e "relayhost = [smtp.sbcglobal.yahoo.com]:587"
postconf -e "smtp_sasl_auth_enable = yes"
postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
postconf -e "smtp_sasl_security_options = noanonymous"

Create a file called sasl_passwd in /etc/postfix/sasl_passwd. Inside type in

[smtp.sbcglobal.yahoo.com]:587 username@sbcglobal.net:mypassword

Now change permissions so others can’t read it:

chmod 600 /etc/postfix/sasl_passwd

Now postmap it. (It creates a database-like file so postfix can read it.)

postmap /etc/postfix/sasl_passwd

Restart postfix

postfix reload

Done. You can use “mutt” to send emails outside. Check /var/log/mail.log to see if everything is working.
After a switch from sbcglobal to att you need to verify you email address in your yahoo email options. If you have 100s of mailing lists you will need to unblock your port 25 since it is impossible to use att yahoo smtp servers without verifying each email address.
To opt out of your port 25 (get it unfiltered) leave a request here:Unfilter port 25 on smtp.att.yahoo.com

Forward Emails

Forwarding emails can be done via alias file located in /etc/aliases
Run this command to add alias maps:

postconf -e "alias_maps = hash:/etc/aliases"

You can now add your user to /etc/aliases like this:

root: lucas

You can forward your emails to a different email address

lucas: myemail@example.com

Or you could forward your email while still getting a copy in your local mailbox

lucas: lucas myemail@example.com

When done adding aliases run this command which will create a database like file.

newaliases

Reload postfix

/etc/init.d/postfix reload

Virtual Emails

If you want virtual emails such as abuse or postmaster you can do the following.
Run this command to add virtual alias maps:

postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"

Create a /etc/postfix/virtual file

vi /etc/postfix/virtual

And add your virtual emails

postmaster info@example.com
abuse info@example.com
someemail lucas

Create a database like file out of it

postmap /etc/postfix/virtual

Reload postfix

/etc/init.d/postfix reload

Maildir

To use maildir format in your mailbox which creates separate files for each email you can use the following commands:
Maildir has few advantages over mbox format. (It keeps emails in separate files, allows for multiple applications to read mail, etc.)
Issue these commands:

postconf -e "home_mailbox = Maildir/"
postconf -e "mailbox_command ="

You are done. Now your mail goes to Maildir format.

Mutt

If you want to read your new maildir format you have to tell mutt to use it as well. Edit this file:

vi /etc/Muttrc

Add these lines to the bottom of the file:

set folder="~/Maildir"
set mask="!^\\.[^.]"
set mbox="~/Maildir"
set record="+.Sent"
set postponed="+.Drafts"
set spoolfile="~/Maildir"

Now start mutt and send an email to yourself to see if it all works.

Postfix and mailing lists

Mailman with Postfix

The instructions below are WRONG! You should not postfix-to-mailman.py and alias at the same time. Please read /etc/mailman/postfix-to-mailman.py instead.

Install mailman:

apt-get install mailman

When done type:

newlist mailman

Start mailman

/etc/init.d/mailman start

You should be able to see mailman running now. Visit:http://www.yourwebsite.com/cgi-bin/mailman/admin or
http://localhost/cgi-bin/mailman/admin
Because postfix is a secondary choice for Debian we need to add:
Edit /etc/postfix/main.cf; where you see “relay_domains” add lists.yourdomain.com. You would get something like this:

relay_domains = example.com, lists.example.com

In same file add ,hash:/var/lib/mailman/data/aliases after alias_maps

alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases

Now type:

postconf -e "transport_maps = hash:/etc/postfix/transport"
postconf -e "mailman_destination_recipient_limit = 1"

In /etc/postfix/master.cf add:

mailman unix  -       n       n       -       -       pipe
   flags=FR user=list
   argv=/var/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

Edit or create /etc/postfix/transport. Add this line:

lists.example.com    mailman:

Then postmap it:

postmap /etc/postfix/transport

Now edit /etc/mailman/mm_cfg.py and add:

MTA = 'Postfix'
DEB_LISTMASTER = 'postmaster@example.com'
POSTFIX_STYLE_VIRTUAL_DOMAIN = ['lists.example.com']

Done. Now restart postfix, mailman

/etc/init.d/postfix reload
/etc/init.d/mailman restart

Create a mailing list:

newlist list_name

If you want archives add this to /etc/apache2/apache2.conf

Alias /pipermail/ /var/lib/mailman/archives/public/
Alias /images/mailman/ /usr/share/images/mailman/

Done. Go to

http://lists.yourwebsite.com/cgi-bin/mailman/listinfo/list_name/

Mailman Troubleshooting

Connection refused

Assuming your postfix is running and listening on localhost, another possible problem is that postfix is not configured to run in IPv6 mode, but your /etc/hosts file specifies ::1 as localhost. In that case mailman tries to send mails to ::1 which has no postfix listening, thus resulting in a (111, ‘connection refused’) error.

Advanced options

SPF and multiple external ip addresses

Explanation

I have some systems that are networked on an internal private ip address subnet (192.168.0.0/16). For a few reasons I email reports and such to <user>@mail.internalwhere user is an address that is not valid for receiving mail via the external interfaces. These systems also share a public ip address subnet so they could email each other that way, but I’d prefer they didn’t for local addresses. I have published SPF records for the public mail servers because all of our mail routes through those servers so if others care to check they can ignore email claiming to be from us but being delivered from other servers as per our SPF record.

Recently I have expanded the ip addresses these systems are using externally to support multiple instances of port-based services like https (adding :oddport doesn’t impress the customers.) I could have expanded or added more liberal SPF record values, or added more forward and reverse DNS records but I wanted to stick with less ip addresses.

So to recap my system has:

eth1 <public ip with spf published>
eth1:1 <public ip for extra port-based services>
eth0 <private ip on>

By using the settings in /etc/postfix/master.cf, /etc/postfix/main.cf and /etc/postfix/transport as outlined above I was able to get my outgoing smtp traffic to use my SPF published ip address once again.

Make SPF and multiple external ip addresses

If you are trying to implement SPF records while binding to one external ip address and still working with dual-homed multiple ip aliased systems, or have any other reason to support multi-homed systems with multiple ip addresses but want to limit postfix to use only two of them try this.

/etc/postfix/master.cf
- clone the smtp (not smtpd) service. Set the first one to use <spf published ip address> Rename the second to smtpinternal and use <internal ip address>

 smtp      unix  -       -       -       -       -       smtp
        -o smtp_bind_address=<spf published ip address>
 smtpinternal      unix  -       -       -       -       -       smtp
        -o smtp_bind_address=<internal ip address>

/etc/postfix/main.cf
- Use transport_maps for routing

 transport_maps = hash:/etc/postfix/transport

/etc/postfix/transport
- Map a transport for your internal domain.

 .internal smtpinternal:

Just postmap /etc/postfix/transport, invoke-rc.d postfix stop and invoke-rc.d postfix start and you should be in business. Email to <user>@<system>.internal will be delivered via the internal interface/ip address all other email will be delivered via default methods which means internet mail will go out the the spf published ip address.

Optional:

/etc/postfix/main.cf
- Use the inet_interfaces setting to only listen on the ip addresses you want to.
```
 inet_interfaces = 127.0.0.1, <internal ip>, <spf published external ip>
```

No comments »

Posted in Linux

Microsoft Log Parser Studio

November 13th, 2012 by heribertuswp No comments »

LogParser Studio has recently been released and is a long awaited release at that. It now provides a GUI interface for LogParser utility with Windows server and Windows desktop systems.

Log Parser Studio is a utility that allows you to search through and create reports from your IIS, Event, EXADB and others types of logs. It builds on top of Log Parser 2.2 and has a full user interface for easy creation and management of related SQL queries.

You can download LogParser Studio from Microsoft site: http://gallery.technet.microsoft.com/Log-Parser-Studio-cd458765

No comments »

Posted in Windows

« Older Entries