The two attached files are a sample checklist and a sample backup calculator
to be used in conjunction with the talk I’m giving at MacSysAdmin
, which has been moved up to 10:45 in the morning today.
krypted September 18th, 2009
Posted In: Business, Consulting, Kerio, Mac OS X, Mac OS X Server, Mac Security, Mass Deployment
backup, backup calculator, backup checklist, enterprise backup, Mac OS X, sample
For those who have been waiting for a time when Entourage uses less bandwidth, has enhanced support for EWS features and well, works better, the time has come. The beta came and went and we waiting. And the wait is now over. Entourage Web Services Edition is now available for download
. You only really need this if you have an Exchange Server 2007 environment and can support EWS
krypted August 13th, 2009
Posted In: Kerio, Mac OS X, Microsoft Exchange Server, Windows Server
entourage, EWS, Exchange 2007, MAC, Mac OS X
IcyDock makes a 4 port chassis for SATA drives that allows you to build your own RAID out of large and inexpensive drives. The resultant JBOD can then be formatted into RAID0 or RAID1 (software RAID) and presented to backup applications (ie – Retrospect) as offline storage. Amazon sells an IcyDock, populated with 1.5TB
drives for a total of 6TB, which is how I’m now snapshotting my VMs in my lab. I’m also using it as the backup destination for my home Kerio server. Works nicely so far.
You can also buy the IcyDock with no drives
and likely populate them with 2TB drives, although I haven’t tested this yet (aka – requires confirmation). The IcyDock connects to Mac, Windows and Linux machines over eSATA and the drive hot swappable modules are eSATA. If you don’t already have an eSATA card for your Mac then then you can get one of those at Amazon as well
. If you would rather roll with the 2TB drives then you can get those at Amazon too!
krypted July 29th, 2009
Posted In: Kerio, Mac OS X, Mac OS X Server, Xsan
8tb, eSATA, hot swappable, icydock, raid, sata
The good people at Kerio have been kind enough to distribute their mail server software bundled into a CentOS installation on a Virtual Machine
. You can just snap it into Fusion very easily, if you want to take the Kerio Mail Server (KMS) for a ride. I can’t say I would recommend running it full time in Fusion on Mac hardware though, you might be better served installing the package installer that Kerio distributes in that case..
There is a second nice thing about the VM in that it does most of the work in setting up Kerio for you. When you download and run the VM, it immediately fires up into a wizard
To Install Kerio?
At this step, you can really just type yes to get started going through the interactive shell script. Next, you’ll be asked to read and accept the EULA for KMS, read it, use the down arrow (or space bar) to scroll down the screen and type yes to accept the agreement (assuming you accept it).
Accept the EULA
Now KMS will install all the various parts and components. When it’s done and prompts you, hit enter to start the funny LILO looking configuration wizard (at this point it’s installed, we’re just going to config it). At the Welcome screen, click Next and you will find yourself at the Mail Hostname and Internet Domain screen. Here, type the domain that you’ll be accepting mail for (eg – krypted.com) and the name of the host that will accept mail for that domain. When you’re satisfied with your settings, tab to the Next button and press enter.
Kerio Domain and Host Name
Next, you will be prompted to configure an administrative account, here enter the username and password you’d like to use to log into either the web administration console or the GUI administration console to access this server. When you are satisfied with your selections, select Next.
Kerio Admin Account
Next, select where Kerio will store its data. You can leave it at a default, but Kerio makes it easy by putting this into the configuration wizard to use your iSCSI SAN or some other path outside of the VM. This data can then be interchangeable with a Kerio install on, let’s say Mac OS X. When you have the path just as you’d like it, hit Finish.
Next, the KMS documentation will fire up in Firefox on your VM. Go ahead and type http://127.0.0.1/ into a new browser window and verify that the webmail screen opens up. Now would also be a good time for you to test localhost mail flow by sending a message to the server admin account you created earlier.
You should also fire up the Kerio Administration Console, from the CentOS desktop. Once you authenticate you can use the Kerio Administration Console to perform most of the standard administrative tasks. Since we’re using a trial in this demo, the most important might be finding the expiration date of the trial. To find this, simply click on Kerio Mail Server at the root level of the configuration screens. Here, you can also register your software if you have a serial number.
KMS Administration Console
You can, and should, also check the logs, configure message hygiene and setup any required users before you go further… Anyway, more on Kerio later (like AD/OD integration). But this quick tutorial should have you serving mail, sharing mailboxes, contacts and calendars and in general collaborating in 10 minutes or less (minus the download of course) – just think of that next time you’re pulling an all-nighter with Exchange 2007…
krypted February 16th, 2009
Posted In: Kerio, Unix
Kerio, Kerio Mail Server, kms
Exchange/iPhone users, you’ve finally gotten the Google hookup. ActiveSync has been added to the Google repertoire allowing gmail users to sync their contacts and calendars in the same fashion that Exchange and Kerio users can, although mail will still need to go through IMAP, which is fairly straight forward to configure. This means that Google Mail is finally in serious competition with a few other players in the messaging market. At this point, Google has finally knocked down one of the serious barriers I had with gmail adoption for companies. I am glad to see that they realize (and I’m sure have realized but just got the kinks worked out) that no one cares about just a mail server any more. They also want the anti-spam, which Google already added and the mobility features to go along with it. With Gears for Mac OS X and the ability to take Google Apps offline I’m starting to see a comprehensive strategy coming together and I’m liking what I see.
For more information on ActiveSync for the iPhone, click here
krypted February 9th, 2009
Posted In: Business, Consulting, Kerio
ActiveSync, Exchange Support, gmail, Google Mail
Ever wonder if there’s something else out there other than Exchange? Well, if you are a company with less than 400 accounts and you don’t need some of the more advanced features of Exchange, like site replication then Kerio might just be the app for you:
krypted May 11th, 2008
Posted In: Kerio
Exchange, Kerio, Mac OS X
To setup an Out of Office message with Kerio Mail Server, log into the web portal to access your mail. Then click on Settings and select Out of Office. Move the bulleted option to I am out of office now and then type in the our of office message you’d like to use. When finished, click on the OK button.
krypted January 20th, 2008
Posted In: Kerio
Kerio, kms, out of office
Sometimes when you’re setting up permissions for certain folders using Microsoft Entourage, the process will fail. If it does you can still set permissions using the web portal. To do so, log into your webmail. Then control-click the folder in question and click on the Access Rights… button. Here, you will be able to define who can read, write or delete items. Make sure that if you’re giving someone access to a folder that you don’t forget to give access to the parent folder (eg – the parent folder to INBOX is the root of your email hierarchy). This is one of the more common mistakes we see there.
krypted January 14th, 2008
Posted In: Kerio
Kerio, kms, permissions
« Previous Page
Various Spam Issues and the Appropriate Steps to Resolve Them:
Symptom: Users of the domain are getting a large amount of spam
Problem: Spam sucksâ€¦
Resolution: Outsource spam to MXLogic, Postini, Katharion, etc., limit incoming traffic over port 25 to the IP scheme of the outsourced service and use whatever form of message hygiene is built into the server for a layered approach (eg â€“ Intelligent Messaging Filter in Exchange, Spam Assassin in Mac OS X Mail Server, Kerio Spam rules, etc.
Symptom: An IP or domain name is getting flagged as being a spammer although the users do not send spam.
Problem: The mail server potentially does not have all the required aspects for a modern mail server.
Resolution: Verify that there is a reverse DNS record (PTR) for the domain, implement an SPF record for the domain and review the outgoing logs to verify that the users are not sending bulk mail from the domain. Review dnsstuff to see which RBLs might have marked the domain as spam and request removal. telnet into the server over port 25 and attempt to do an ehlo command, to verify that some random IP cannot communicate directly with the server over port 25.
Symptom: The mail server is getting a large amount of traffic in the queue for mail that cannot be delivered to addresses on your domain that do not exist.
Problem: The server is being hit with a directory harvest attack.
Resolution: Limit the hosts that can communicate with the server over port 25 to an outsourced mail provider. Throttle the number of messages that can be sent through the server over a given span of time to email addresses not on the server. Block emails coming to the server if there is no account on the server.
Symptom: The mail server is getting a large amount of traffic in the queue for mail that cannot be delivered, although the headers do not show that the mail is coming from or heading to any accounts on the server.
Problem: Someone is trying to relay mail through the server. Whether the relay attempts are successful or not they are still taking up resources on the server and should be stopped.
Resolution: Limit the hosts that can communicate with the server over port 25 to an outsourced mail provider. Verify the server requires SMTP authentication for outgoing mail. Throttle the number of messages that can be sent through the server over a given span of time. Throttle the number of messages that can be sent through the server over a given span of time to email addresses not on the server.
Symptom: One user of a domain is getting a large amount of Non-Delivery Reports (NDRs). The user is not sending bulk mail but the number of NDRs are enough to bog the server down with the queue trying to process them all. The queue does not shows a large amount of outgoing mail.
Problem: A password of the users account on the server has likely been compromised.
Resolution: Change the users password, consider blocking NDRs using the spam filter service (if one is used) for 72 hours, until all receiving queueâ€™s have timed the messages out.
Symptom: One user of a domain is getting a large amount of Non-Delivery Reports (NDRs). The user is not sending bulk mail but the number of NDRs are enough to bog the server down with the queue trying to process them all. The queue does not show much outgoing mail.
Problem: Someone is masquerading as the user.
Resolution(s): Change the users password, just in case (highly unlikely that any accounts have become compromised). If you are using an outsourced service such as MXLogic, Postini, Katharion, etc then request they enable NDR blocking temporarily. This will reduce the load of traffic coming into the server. After 72 hours call the outsourced service and see how much traffic in NDRs the organization is getting. Still expect 1/10 to come into the mail server queue given the way NDRs are indicated in mail headers, but anticipate a much lower volume. Also make sure they have an SPF record for the server, which will reduce the number of NDRs slightly
All mail servers should have the following:
A reverse DNS record for the IP(s) of the mail server
An SPF record (www.openspf.org
). SPF is not as widely used as it should be, but it can help a lot.
Regular checks of dnsstuff to verify they are not marked as spammers by any of the major RBL services (spamcop, spamhaus, etc)
Local message hygiene (eg â€“ Intelligent Filtering, RBLs, Spam Assassin, SPF, etc)
SMTP (port 25) traffic limited to a mail filtering solution if possible
krypted December 14th, 2007
Posted In: Consulting, Kerio, Mac OS X Server, Microsoft Exchange Server
blocking, directory harvest attack, limit port 25, spam
— Next Page »