Monthly Archives: April 2011

Kerio Mac OS X Mac OS X Server Microsoft Exchange Server MobileMe Ubuntu Unix

Converting pst Files to mbox

Large scale mail migrations can be tricky. There is a shareware app that can be used to migrate pst files from the pst format into mbox, which can then be used with Mac OS X http://www.littlemachines.com.

If the migration process needs to be automated (they all seem to at scale) then a script could be written to crawl users, finds the pst files and then convert them. Or it could be done on the client side using a self-destructing launchd item. Conversion syntax for libpst would be something like the following:

readpst -o /output/folder /server/path/user.pst

Before you can use readpst, it needs to be built via libpst on the system that will run any scripts. Download libpst from http://alioth.debian.org/frs/?group_id=30390. This can be done with curl:

curl http://alioth.debian.org/frs/download.php/2492/libpst-0.5.3.tar.gz --O libpst-0.5.3.tar.gz

Next, extract the tar:

tar -zxvf libpst-0.5.3.tar.gz

Then cd into the new directory:

cd libpst-0.5.3

Then make libpst:

make

And now readpst should be available to convert mailboxes. This could be run from a centralized server or distributed to clients.

Windows Server

Setting FTP Banners in IIS

IIS is a pretty straight forward system to manage. One of the more common post-flight tasks for setups of IIS is to configure FTP banners. In Server 2003, this can be done by opening Internet Information Services (IIS) Manager from Start > Administrative Tools. Then, browse to the server name > FTP Sites > Default FTP Site (or the name of the one you would like to configure if you have multiple per server) and then click on the Properties for the site.

At the FTP Site Properties pane, click on the Messages tab. Here, you can provide a Banner to be shown to unauthorized users, a Welcome page, to be shown to authorized users, an Exit and define the maximum number of connections.

Click Apply to commit your changes and then restart the site (right-click on it in IIS Manager and click Stop, then Start).

In Server 2008 the process is pretty straight forward as well. Open Internet Information Services (IIS) Manager from Start > Administrative Tools. Then click on Connections > server name > name of the site > FTP Messages. Then uncheck the box to Suppress Default Banner. Check the box for Support User Variables. Then in the banner field, provide the message to be shown to FTP users that have not yet authenticated. Then in the Welcome Message field, provide a welcome message (you can use Windows variables here). For example, I like “Welcome %UserName% would you like to play a game”. At the Exit Message field you can provide a message to display authenticated users when they log out of the system. Click on Apply and restart the sites that are changed.

This can also be done via appcmd.exe or simply using the set command, setting a config to the site path and a message:

set config -section:system.applicationHost/sites /[name='ftp.krypted.com'].ftpServer.messages.bannerMessage:"Welcome to Krypted.com" /commit:apphost

set config -section:system.applicationHost/sites /[name='ftp.krypted.com'].ftpServer.messages.suppressDefaultBanner:"True" /commit:apphost

Articles and Books iPhone Mac Security Mass Deployment

Review of My iOS in the Enterprise Book

There is a nice review of my iOS in the Enterprise book up on MacDirectory. It is available at:

http://www.macdirectory.com/component/option,com_reviews/task,viewDetail/review_id,504

Overall the review was good. I understand not liking the font choice for the book. Luckily this type of thing isn’t something we authors have a choice about, so I take it as an overall good review!

personal

The Easter Bunny Conspiracy

As I rounded the corner of the kitchen, I saw it. The flash of a red light, going from eye to eye. “By your command” the animatronic hellcat said. It had seemed innocent enough. In fact, it was a present to my daughter from her eldest cousin. A present because the little girl felt so bad that my daughter didn’t have a sister (the cousin has 2 sisters) that she needed to give her favorite toy over, a robotic cat capable of cleaning itself, purring when you pet it and in future generations, someday attempt to wipe out humanity. Or maybe it was just too early in the morning.

Shaking my head I opened the refrigerator to pull out the milk. The carton was warm. Too warm. The compressor of a refrigerator that was less than two years old seemed to have failed. Then I heard a noise from upstairs…

“EASTER BUNNY!” Excited for my daughter to see the cornucopia of presents awaiting her (guarded by that infernal cat), I raced up the stairs and saw her sitting there, sweet, a small ray of early morning sunshine coming in through the wispy pink curtains lining her window. What followed was a perfect rendition of easter: hunting eggs, rifling through baskets and dinner at her grandmothers house. By 1pm it had been a perfect Easter and was time to go home and relax.

And then it happened. Unbeknownst to me, my daughter had been hitting the chocolate all day long. To mix things up, she would occasionally eat a skittle, bite the head off a peep or impale a bunny shaped easter cake looking for the jelly beans hidden within. The chocolate had practically covered her beautiful Easter dress and the “grass” that lines Easter baskets had stuck to it. With her being 3 and therefore about the right size, she looked a bit like a brown spinning devil even before I said no to having more candy.

But no I said and that was the moment that things started to get a bit on the crazy side. The first creepy thing that happened was when I took the candy away. In a deep mephisto-like voice, she said “GIVE ME BACK MY CANDY.” I held my ground. Again I said no. Then her head began to turn. After about 720 degrees, I pulled down some baby wipes and started to try and wipe some of the chocolate from her face. That’s when she levitated towards the top of the refrigerator. I grabbed the candy and ran to the basement, hiding it under the stairs. But still she came, relentless, screaming “CANDYCANDYCANDYCANDY.”

One word seemed to settle her in similar encounters, so I tried my best to fight back the fear and just said “Dora.” As luck would have it, she floated back gently to the floor, wiped that sweet curl back from her face and darted up the stairs and plopped down, cross-legged in front of the television. A couple of quick taps on what she calls the “tiny remote” and after clearing away family pictures on the Apple TV we were watching Benny the Bull have the hiccups in no time!

Then it dawned on me: I needed to use the restroom. I told her I would be right back and went into the bathroom. After catching my breath for a moment, I emerged from the bathroom and she was gone. I raced down to the basement, but the candy was still locked away in the closet. I ran up to the top floor, but she wasn’t there. Then I ran back downstairs and found her, sitting in the middle of the dining room floor, under the table, with a handful of Hershey’s kisses.  Or rather with the metallic wrappers lining the floor and molten chocolate lining her face. She smiled.

We went to the kitchen to wash her hands and I noticed a blue ooze coming out of the bottom of the refrigerator. I opened the freezer and noticed that the frozen blueberries had thawed and were leaking, along with a box of popsicles, through the slot where the ice comes out and creating a nice puddle at the base of the freezer. The freezer looked like Sonic the Hedgehog and Max Rebo accidentally got taken down Sonny Corleone style. Of course, when you’ve had about 12 pounds of chocolate (approximately half your body weight), what sounds better than jumping up and down in a puddle of blueberry and popsicle goo in fresh white tights and rubbing your molten chocolate mouth all over your pretty Easter dress? Er, nothing of course!

I reached for a washcloth, but she bolted for her favorite toys, the marbles, which she loaded up into Easter eggs and shook, the sound practically shaking the whole house. She loaded them up into a pan (one of those nice sturdy Calphalon kinda’ pans) and she put the lid on it. She then began to shake it wildly. The sound was deafening, like the Irish mutant Banshee could produce (like in the X-men, you could literally see the sound waves coming off these pots and pans – and they looked kinda’ like the AirPort menu item in Mac OS X).

It had then been at least a minute since the last taste of chocolate. As the candy withdrawals began, I could see the pain in her eyes. Frantic, the pace picked up and she ran into the living room. She shoved poor potato head’s arm in his eye socket and threw him at me, extracting a Reese’s peanut butter cup in one fluid motion. Before I could stop her, she dove back into the blueberry entrails, then rose, looking like Gleek from Super Friends (tail included) and ran screaming into the freshly painted white walls, rolling so as to seemingly maximize her unloading of what seemed like the blood of Avatar creatures.

The blue version of Rorschach’s face aside, things were getting to a point of no return. She was moving so fast that the friction seemed to cause sparks from the bottoms of her previously white good shoes. The curls were now as dangerous as a cat o’ nine tails and I am pretty sure that the carpet looked a little bit like a tie-dye of chocolate, blueberry and white Godiva (oh crap, where did the white chocolate come from). She bolted under her bed. I dropped to the floor and looked under there. Oh look, I thought, my 64 gig jump drive, cool. Back on track, I reached both hands under and pulled her out. I poured a nice warm bath and tossed her in. It seemed to stem the withdrawals that were back.

Then came her mom and all was calm.

I walked down the stairs to clean the kitchen. The cat looked over and said “meow.”  That’s when it occurred to me that it wasn’t Sonic the Hedgehog in the fridge, those were cat prints. And as the cat sat and toyed with the Zhu-Zhu pet, torturing the poor robotic hamster and making it scream, it occurred to me that the compressor in the refrigerator had claw marks on it. The hidden chocolate that my daughter had uncovered was hidden below the cat. The cat, clearly the Supreme Leader of Hamster torture was behind it all. The red light passed from eye to eye and that’s when I knew, it wasn’t her. Like when Count Iblis messes with Sheba’s head, in the end, my girl came back to me. By the time mom came downstairs, the little angel was asleep, sweet as the candy the cat had used to lure her into such a frantic state.

The cat looked up at me and seemed to have a grin on his face. By then my wife was back downstairs and he was safe. Until tomorrow then, because you see evil cat, they are supposed to get crazy and take great pictures. That’s one of the things that makes Easter so much fun, especially when you’re almost 3! So bring on SkyNet. ‘Cause things today happened exactly as they should, with or without

Microsoft Exchange Server Windows Server

Building Exchange 2010 Signatures En Masse

There are a lot of environments that standardize mail signatures. In Exchange 2010 you can now automatically assign users a signature based on a user’s Active Directory information, thus allowing en masse standardization of signatures. To do so is pretty straight forward, first open the Exchange Management Console and browse to the Organization Configuration. Then click on Hub Transport and then on Transport Rules. Next, click New to create a new transport rule. Here you can build an organizational signature based on user’s Active Directory attributes.

You can provide some text and then any of the attributes that you see fit by wrapping them in the standard double percentage signs (%%). In the following, we provide displayName, Title and Department:

Thank you,<br>

%%displayName%% %%Title%%<br>

 

%%Department%%

Or, if display names are not correctly formatted (in some organizations they aren’t), you can use first name followed by last name and then a line with the email address (%%mail%%):

Thank you,<br>

%%givenName%% %%sn%%<br>

 

%%mail%%

To see a list of all of the attributes available, use ADSI Edit. You can access ADSI Edit by opening adsiedit.msc (Start > Run > adsiedit.msc). In 2008, ADSI Edit is installed automatically when the Active Directory Domain Services role is installed, so simply run it from any existing domain controller. Once open, browse to the domain and then to CN=Users. From here, you’ll see the attributes defined in the schema.

Microsoft Exchange Server

Exchange 2010 and Archive-Only Mailboxes

Once upon a time, in a dark and dreary place, Exchange administrators (an already downtrodden lot mind you) had to let users archive their mail to pst files. These files, open while Outlook was open and distributed across the enterprise file servers, caused the poor Exchange administrators great pain and suffering as they were uncontrollable. The pst files roamed, causing great pains to SMB/CIFS, switching and other admins and these pst files worse of all had no policies applied to them.

Then came a bright knight in shining armor. He brought with him Exchange 2010 and stories of mailboxes that could be used for archival to replace the monstrosity pst files that had been in use for decades (ok, maybe just a decade, or a tad more, but close enough).

For environments running Exchange 2010, he explained that to configure archive mailboxes:

  • Click on Start > Administrative Tools
  • Open the Exchange Management Console
  • Click on Recipient Configuration
  • Click on the user who you would like to configure
  • Using the action pane, click on Enable Archive
  • To see an archive, log in to Outlook Web App with the user. You can then drag and drop some items into the online archive and change its name.

Then everyone realized that Microsoft, in their infinite wisdom, invented online archiving because it requires a CAL of its own. Each of the Exchange Admins then realized that the cost of said CAL would come from their own allotment of porridge!

Health: such a small price to pay for online archiving!

Ubuntu Unix

Customizing vsftpd Banners

vsftpd supports custom welcome banners. By default the vsftpd configuration files are stored in /etc/vsftpd. The main config file is /etc/vsftpd/vsftpd.conf. In this file there are two ways to display a banner. The banner_file parameter will allow you to build nice spiffy banners with multiple lines and paragraphs even (ASCII pr0n if you roll like that):

banner_file=/etc/vsftpd/welcome.banner

Or for simple setups (most are), the ftpd_banner parameter lets you configure a single line welcome string for unauthenticated users. Make sure this doesn’t wrap to the next line or the daemon won’t start.

ftpd_banner=Welcome to krypted.com.

The daemon will need to get restarted once changed. The easiest way to do this is to use /etc/init.d/vsftpd:

sudo /etc/init.d/vsftpd restart

Ubuntu Unix

Setting Up Multiple IPs in Ubuntu

A standard network interface will look similar to the following in /etc/network/interfaces:

auto eth0
iface eth0 inet static
address 192.168.210.100
netmask 255.255.255.0
broadcast 192.168.210.255
gateway 192.168.210.1

Adding more IP addresses to those interfaces is as simple as creating an alias, done by duplicating the information for the initial interface and appending a colon followed by 0,1,2,3,etc according to how many aliases are needed, minus the gateway (the initial IPs gateway will be used):

auto eth0:0
iface eth0:0 inet static
address 192.168.210.101
netmask 255.255.255.0
broadcast 192.168.210.255

auto eth0:1
iface eth0:1 inet static
address 192.168.210.102
netmask 255.255.255.0
broadcast 192.168.210.255

When finished, run an ifconfig to verify that the new interfaces are up and then ping them from a client system.

Ubuntu Unix

Link Aggregation in Ubuntu 10

Ifenslave is an open source package that can be used to bond interfaces in Ubuntu 10. To install ifenslave, we can use apt-get:

apt-get install ifenslave

Once installed, we will need to take down our existing eth interfaces. Presumably these are eth0 and eth1, but you can use ifconfig to verify:

ifconfig eth0
ifconfig eth1

Once you’ve verified the interfaces you want to bond, bring them down:

ifdown eth0
ifdown eth1

Next, locate the entries in /etc/network/interfaces and comment out the corresponding lines:

vi /etc/network/interfaces

You will then need to add information for the link aggregated bond. Bond levels in ifenslave include:

  • bond0: Round Robin with all interfaces active (likely the most common).
  • bond1: Fault Tolerance with only one slave to the bond active at a time. The backup kicks in if the active slave fails.
  • bond2: XOR with bond policy defined using xmit_hash_policy.
  • bond3: Transmits all traffic on all slaves.
  • bond4: 802.3ad or dynamic link aggregation. Similar but more robust to bond0, although has more prerequisites.
  • bond5: Doesn’t require special switch configuration, but has incoming traffic on one slave and balanced outgoing traffic.
  • bond6: Also doesn’t require special switch configuration (although you may need to configure updelay on the switch), otherwise similar to bond4 but more friendly to more members.

Let’s assume we’re going to go with a vanilla round robin bond (bond0). Let’s add the following (which includes the IP address, netmask and gateway as well as the bonding information):

auto bond0
iface bond0 inet static
address 192.168.210.100
netmask 255.255.255.0
gateway 192.168.210.1
slaves all
bond-mode 0
bond-miimon 100

These variables:

  • iface: defines the interface (similar to a standard interface)
  • address: IP address
  • netmask: Defines the subnet/netmask
  • gateway: Defines the router, or default gateway
  • slaves: Defines which adapters will be a part of the bond (also can use master/primary in addition to slaves according to bond type)
  • bond-mode: mode of the bond (corresponds to bond*)
  • bond-miimon: An integer from 0 to 100 that defines the number of milliseconds between link monitors
  • updelay and downdelay: milliseconds to delay bringing links up and down when failures and additions are detected
  • arp_interval and arp_target: The number of milliseconds to test arp connectivity and the address to use for testing

Finally, we can bring the bond online using ifup followed by the bond name:

ifup bond0

You should then be able to ping, use iftop, netperf, etc to test the performance of the bond.

Mac OS X Ubuntu Unix

Using a Colon As A Bash Null Operator

I was recently talking with someone that was constructing an If/Then and they wanted a simple echo to match only if a condition was not met. Given their other requirements it seemed a great use for a null operator, which in bash can be a colon (:). This has the equivalent of /dev/null, but with less typing.

One example of populating something with null is if you have a case where you want to create a file where there may or may not be a file already, and you want your new file to be empty (or start empty so you can write lines into it). Here, you could have a line in a script that simply sent null to the file. Here, we’ll use this to create a file called seldon:

: > /temp/seldon

You might expect to see a colon in the above created /temp/seldon file, but you don’t because : was interpreted as null. You could also run it without the colon and end up with the same thing.

> /temp/seldon

If you echo :, you will see a colon echo’d to the screen. This renders the colon unnecessary, but it is just an example, leading up to another where you would need something, as the payload of an If/Then. In the following case, let’s say that we are checking to see if variable $A is 1 and if it isn’t we’ll create an empty file called seldon

if [ "$A" = "1" ];
then
:
else
: > /temp/seldon
fi

To test whether a string hasn’t yet been declared, you can use -n:

if [ -n $a ]

But you can also use the colon to shorten or eliminate the need for certain If/Then blocks entirely. To quote the bash reference (from http://www.gnu.org/software/bash/manual/bashref.html):

When not performing substring expansion, using the form described below, Bash tests for a parameter that is unset or null. Omitting the colon results in a test only for a parameter that is unset. Put another way, if the colon is included, the operator tests for both parameter’s existence and that its value is not null; if the colon is omitted, the operator tests only for existence.

This means that in the following, if $A has nothing to expand set to 1, otherwise leave it alone:

${A:=1}

But, if you wanted to do the opposite and say that if it has nothing to expand leave it and if it has something, reset that something to 1:

${A:+1}

There are a bunch of other uses in the link provided for the bash manual as well, but overall, you can cut out a lot of typing using a little old colon…