Thursday, September 27, 2012
No dial-up for VPN
If the SonicWall VPN client suddenly asks for a PhoneBook number that could be cured. Go to the properties and under the Peer tab choose "LAN only".
From here.
Saturday, September 22, 2012
Dynamic DNS
To prevent windows' DNS server from creating A records on all other interfaces the server might have (such as OpenVPN) to the dynamic DNS list, go to the DNS server's properties and exclude all the interfaces you don't need.
Wednesday, September 19, 2012
Exchange mail filter
MS Exchange 2K3 IMF does not have a senders white list feature, but the IMF has a GUI-less ability to apply additional simple filter to modify the message's SCL rating as described in this article.
In simple words, you need to create an XML file named MSExchange.UceContentFilter.xml and put it to the folder where MSExchange.UceContentFilter.dll is located (there's more then one, I'm not sure which is active just placed to all of them)
A sample of such file:
To see, what actually SCL is assigned, add a custom form-field to MS Outlook, as described in this article.
Also, another good site about this.
It's probably possible to make Exchange IMF to add that SCL field to the message headers, so it could be viewed by a third party mail client.
In simple words, you need to create an XML file named MSExchange.UceContentFilter.xml and put it to the folder where MSExchange.UceContentFilter.dll is located (there's more then one, I'm not sure which is active just placed to all of them)
A sample of such file:
<?xml version="1.0" encoding="UTF-16"?&rt;
<CustomWeightEntries xmlns="http://schemas.microsoft.com/2005/CustomWeight"&rt;
<CustomWeightEntry Type="BODY" Change="-9" Text="important client's name"/&rt;
<CustomWeightEntry Type="BOTH" Change="MIN" Text="important subject or name"/&rt;
<CustomWeightEntry Type="SUBJECT" Change="MAX" Text="spam offer"/&rt;
</CustomWeightEntries&rt;
To see, what actually SCL is assigned, add a custom form-field to MS Outlook, as described in this article.
Also, another good site about this.
It's probably possible to make Exchange IMF to add that SCL field to the message headers, so it could be viewed by a third party mail client.
Monday, September 17, 2012
Exchange's IMF and DNSBL
MS Exchange server has a feature which allows it to filter out spam email by asking special DNSBL services if the sender is not blacklisted.
Those services can be added via Exchange's GUI. In the version of 2003 it will be: "Exchange System Manager -> Global Settings -> Message Delivery -> Properties -> Connection Filtering". There's the list.
Open this site http://mxtoolbox.com/blacklists.aspx in a browser and enter that discovered IP from the headers in the query.
If the sender IP is listed on a DNSBL it knows, that will be shown.
Open the DNSBL web site and look for the DNSBL URI request suffix (can be tricky, but if the service is free it should be there somewhere).
For example, for the DNSBL service WPBL the URI will be db.wpbl.info
Using the Exchange GUI settings add this URI to the list.
Repeat those steps some more times to add the most efficient DNSBL filters to the list
Good DNSBL servers are: PSBL (psbl.surriel.com), Barracuda (b.barracudacentral.org), Spamhous (zen.spamhaus.org), MailSpike (bl.mailspike.net), etc.
These two services often give false positive blocking: Backscatterer (ips.backscatterer.org), Sorbs (spam.dnsbl.sorbs.net)
First, create a PTR-like notation of the IP address, i.e. reverse all the numbers. In this case it will be 221.2.232.173
Add it to the DNSBL URI suffix. Together it will be
221.2.232.173.db.wpbl.info
Issue a DNS A request, like:
host 221.2.232.173.db.wpbl.info
If the IP is listed, the result will be like
If it's not, the request will return an error.
Some DNSBL servers could also code different meanings in the returned fictional address (i.e. the last number in the returned IP address tells the story). Look in server's home site for descriptions and more info.
Those services can be added via Exchange's GUI. In the version of 2003 it will be: "Exchange System Manager -> Global Settings -> Message Delivery -> Properties -> Connection Filtering". There's the list.
To know which server to add
In an email client open a spam email source code and/or look for the email's headers. Locate a "Received:" header line which contents the IP of the last SMTP node which sent this email to your server (usually it's one of the top header rows).Open this site http://mxtoolbox.com/blacklists.aspx in a browser and enter that discovered IP from the headers in the query.
If the sender IP is listed on a DNSBL it knows, that will be shown.
Open the DNSBL web site and look for the DNSBL URI request suffix (can be tricky, but if the service is free it should be there somewhere).
For example, for the DNSBL service WPBL the URI will be db.wpbl.info
Using the Exchange GUI settings add this URI to the list.
Repeat those steps some more times to add the most efficient DNSBL filters to the list
Good DNSBL servers are: PSBL (psbl.surriel.com), Barracuda (b.barracudacentral.org), Spamhous (zen.spamhaus.org), MailSpike (bl.mailspike.net), etc.
False positive
Beware, if a DNSBL server lists a ligit SMTP service. Try to do the steps above, using some valid email senders IP. If you found a server is listed on a DNSBL, exclude that DNSBL from adding to the Exchange list.These two services often give false positive blocking: Backscatterer (ips.backscatterer.org), Sorbs (spam.dnsbl.sorbs.net)
How to made a request manually.
Say, we want to check, is a sender with this IP 173.232.2.221 is blacklisted using the DNSBL service WPBL.
First, create a PTR-like notation of the IP address, i.e. reverse all the numbers. In this case it will be 221.2.232.173
Add it to the DNSBL URI suffix. Together it will be
221.2.232.173.db.wpbl.info
Issue a DNS A request, like:
host 221.2.232.173.db.wpbl.info
If the IP is listed, the result will be like
221.2.232.173.db.wpbl.info has address 127.0.0.2
If it's not, the request will return an error.
Some DNSBL servers could also code different meanings in the returned fictional address (i.e. the last number in the returned IP address tells the story). Look in server's home site for descriptions and more info.
Thursday, September 13, 2012
Association of file extensions in the registry
HKCR\.ext def. value refers to a HKCR\Appl.DocType
which could have key CurVer which refers to Appl.DocType.version
In this case look for HKCR\Appl.DocType.version
To let the ShellExecute() system call find the associated executable when called with the document name, the following key should exist and be valid:
HKEY_CLASSES_ROOT\Appl.DocType[.version]\Shell\Open
which could have key CurVer which refers to Appl.DocType.version
In this case look for HKCR\Appl.DocType.version
To let the ShellExecute() system call find the associated executable when called with the document name, the following key should exist and be valid:
HKEY_CLASSES_ROOT\Appl.DocType[.version]\Shell\Open
XT
Spent a whole bunch of time trying to revive old DELL LATITUDE XT ultrabook.
Gosh, what a piece of crapy hardware...
The defected hard drive was replaces, but the memory test also showed an error. On the top of it, the performance is dramatically slowed down after the system temperature rises a little higher and never restores back to normal.
XT is the name, duh!
It has an Intel's CPU but AMD's chipset... Don't think that is a felicitous combination.
Gosh, what a piece of crapy hardware...
The defected hard drive was replaces, but the memory test also showed an error. On the top of it, the performance is dramatically slowed down after the system temperature rises a little higher and never restores back to normal.
XT is the name, duh!
It has an Intel's CPU but AMD's chipset... Don't think that is a felicitous combination.
Subscribe to:
Posts (Atom)