Thursday, September 27, 2012

No dial-up for VPN

If the SonicWall VPN client suddenly asks for a PhoneBook number that could be cured. Go to the properties and under the Peer tab choose "LAN only". From here.

Saturday, September 22, 2012

Dynamic DNS

To prevent windows' DNS server from creating A records on all other interfaces the server might have (such as OpenVPN) to the dynamic DNS list, go to the DNS server's properties and exclude all the interfaces you don't need.

Wednesday, September 19, 2012

Exchange mail filter

MS Exchange 2K3 IMF does not have a senders white list feature, but the IMF has a GUI-less ability to apply additional simple filter to modify the message's SCL rating as described in this article.


In simple words, you need to create an XML file named MSExchange.UceContentFilter.xml and put it to the folder where MSExchange.UceContentFilter.dll is located (there's more then one, I'm not sure which is active just placed to all of them)

A sample of such file:
<?xml version="1.0" encoding="UTF-16"?&rt;
<CustomWeightEntries xmlns="http://schemas.microsoft.com/2005/CustomWeight"&rt;
     <CustomWeightEntry Type="BODY" Change="-9" Text="important  client's name"/&rt;
     <CustomWeightEntry Type="BOTH" Change="MIN" Text="important subject or name"/&rt;
     <CustomWeightEntry Type="SUBJECT" Change="MAX" Text="spam offer"/&rt;
</CustomWeightEntries&rt;




To see, what actually SCL is assigned, add a custom form-field to MS Outlook, as described in this article.

Also, another good site about this.
It's probably possible to make Exchange IMF to add that SCL field to the message headers, so it could be viewed by a third party mail client.

Monday, September 17, 2012

Exchange's IMF and DNSBL

MS Exchange server has a feature which allows it to filter out spam email by asking special DNSBL services if the sender is not blacklisted.

Those services can be added via Exchange's GUI. In the version of 2003 it will be: "Exchange System Manager -> Global Settings -> Message Delivery -> Properties -> Connection Filtering". There's the list.

To know which server to add

In an email client open a spam email source code and/or look for the email's headers. Locate a "Received:" header line which contents the IP of the last SMTP node which sent this email to your server (usually it's one of the top header rows).

Open this site http://mxtoolbox.com/blacklists.aspx in a browser and enter that discovered IP from the headers in the query.

If the sender IP is listed on a DNSBL it knows, that will be shown.

Open the DNSBL web site and look for the DNSBL URI request suffix (can be tricky, but if the service is free it should be there somewhere).

For example, for the DNSBL service WPBL the URI will be db.wpbl.info

Using the Exchange GUI settings add this URI to the list.

Repeat  those steps some more times to add the most efficient DNSBL filters to the list

Good DNSBL servers are: PSBL (psbl.surriel.com), Barracuda (b.barracudacentral.org), Spamhous (zen.spamhaus.org), MailSpike (bl.mailspike.net), etc.

False positive

Beware, if a DNSBL server lists a ligit SMTP service. Try to do the steps above, using some valid email senders IP. If you found a server is listed on a DNSBL, exclude that DNSBL from adding to the Exchange list.

These two services often give false positive blocking: Backscatterer (ips.backscatterer.org), Sorbs (spam.dnsbl.sorbs.net)

How to made a request manually.

Say, we want to check, is a sender with this IP 173.232.2.221 is blacklisted using the DNSBL service WPBL.

First, create a PTR-like notation of the IP address, i.e. reverse all the numbers. In this case it will be 221.2.232.173

Add it to the DNSBL URI suffix. Together it will be
221.2.232.173.db.wpbl.info

Issue a DNS A request, like:
host 221.2.232.173.db.wpbl.info
If the IP is listed, the result will be like
221.2.232.173.db.wpbl.info has address 127.0.0.2

If it's not, the request will return an error.

Some DNSBL servers could also code different meanings in the returned fictional address (i.e. the last number in the returned IP address tells the story). Look in server's home site for descriptions and more info.


Thursday, September 13, 2012

Association of file extensions in the registry

HKCR\.ext  def. value refers to a HKCR\Appl.DocType
which could have key  CurVer which refers to Appl.DocType.version

In this case look for HKCR\Appl.DocType.version

To let the ShellExecute() system call find the associated executable when called with the document name, the following key should exist and be valid:
HKEY_CLASSES_ROOT\Appl.DocType[.version]\Shell\Open

XT

Spent a whole bunch of time trying to revive old DELL LATITUDE XT ultrabook.
Gosh, what a piece of crapy hardware...

The defected hard drive was replaces, but the memory test also showed an error. On the top of it, the performance is dramatically slowed down after the system temperature rises a little higher and never restores back to normal.

XT is the name, duh!

It has an Intel's CPU but AMD's chipset... Don't think that is a felicitous combination.