Monthly Archives: February 2012

Automatic updates using windows

How to automatically updates  window client systems?;here is a document sow how

Automatic updates using windows

Dovecot installations and configurations

Dovecot is an open source IMAP and POP3 email server for Linux/UNIX systems

Installing and configuring dovecot
__________________________________
yum -y install dovecot
vim /etc/dovecot.conf

disable_plaintext_auth = no
mail_location = maildir:%hMaildir
prefix = INBOX
inbox = yes
protocols = pop3 pop3s imap imaps

disable_plaintext_auth =no
auth_mechanisms = plain login
mail_location = maildir:~/Maildir
pop3_uidl_format = %08Xu%08Xv
imap_client_workarounds = delay-newmail outlook-idle netscape-eoh
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
unix_listener /var/spool/postfix/private/auth {
mode = 0666

user = postfix
# add

group = postfix
# add

PAM based
————

}
/etc/rc.d/init.d/dovecot start
chkconfig dovecot on
NOTE:passdb auth for PAM and Virtual users
passdb pam {
  # use /etc/pam.d/imap and /etc/pam.d/pop3
  args = *
}

passdb pam {
  # use /etc/pam.d/mail
  args = mail
}
passdb pam {
  args = session=yes dovecot
}

Virtual user based
——————
mail_location = maildir:/home/%d/%n/Maildir
userdb passwd-file {
  args = /home/%d/etc/passwd
}
passdb passwd-file {
  args = /home/%d/etc/shadow
}

mail_location = maildir:~/Maildir
passdb pam {
}
userdb static {
  args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n
}

More read from
http://dovecot.org/ and
http://wiki.dovecot.org/MailServerOverview

 

Easy postfix install using yum on fedora

Postfix is a free and open-source mail transfer agent (MTA) that routes and delivers electronic mail. It is intended as a fast, easier-to-administer, and secure alternative to the widely-used Sendmail MTA.

#service stop sendmail
#yum install postfix 
and edit main.conf file
#vim /etc/postfix/main.cf

the configurations can be check using command postconf
[root@localhost ~]# postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
html_directory = no
inet_interfaces = localhost
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
mydestination = $myhostname, localhost.$mydomain, localhost
newaliases_path = /usr/bin/newaliases.postfix
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.5.5/README_FILES
sample_directory = /usr/share/doc/postfix-2.5.5/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
unknown_local_recipient_reject_code = 550

NOTE:for virtual domains maps to sql
____________________________________
myhostname  = hostname.something.net
mydomain  = something.net
relay_domains = mysql:/etc/postfix/mysql_relay_domains_maps.cf
virtual_alias_maps      = mysql:/etc/postfix/mysql_virtual_alias_maps.cf
virtual_mailbox_base    = /home/vmail
virtual_mailbox_domains = mysql:/etc/postfix/mysql_virtual_domains_maps.cf
virtual_mailbox_limit   = 51200000
virtual_mailbox_maps    = mysql:/etc/postfix/mysql_virtual_mailbox_maps.cf
virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf

add    vim /etc/postfix /mysql_virtual_alias_maps.cf  

user                    = postfix
password                = postfix
dbname                  = postfix
hosts                  = 127.0.0.1:3306
table                   = alias
select_field            = goto
where_field             = address

 vim /etc/postfix /mysql_virtual_domains_maps.cf

user                    = postfix
password                = postfix
dbname                  = postfix
hosts                  = 127.0.0.1:3306
table                   = domain
select_field            = transport
where_field             = domain
additional_conditions   = AND backupmx=’0′ AND active=’1′

  vim /etc/postfix /mysql_virtual_mailbox_maps.cf

user                    = postfix
password                = postfix
dbname                  = postfix
hosts                  = 127.0.0.1:3306
table                   = mailbox
select_field            = maildir
where_field             = username
additional_conditions   = AND active=’1′

This is only configuring for a relay host
________________________________________
mydomain = example.com
myorigin = $mydomain
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
smtpd_sasl_auth_enable = yes
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/saslpass
smtpd_sasl_local_domain = $myhostname
smtp_sasl_security_options = noanonymous
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated, reject_unauth_destination
broken_sasl_auth_clients = yes
#smtp_sasl_tls_security_options = noanonymous
smtpd_sasl_application_name = smtpd
relayhost = mx0.example.com
mailbox_size_limit = 0

few commands
postalias     postdrop      postkick      postmap
postcat       postfix       postlock      postqueue
postconf      post-grohtml  postlog       postsuper

mail            mailq.postfix   mailstat        mailx
mailq           mailq.sendmail  mailstats

usages
________
    * The postfix command controls the operation of the mail system. It is the interface for starting and stopping the mail system(start/stop/flush/check/reload/status), and for some other administrative operations. This command is reserved to the super-user.

    * The postalias command maintains Postfix alias databases. This is the program behind the newaliases command.

    * The postcat command displays the contents of Postfix queue files. This is a limited, preliminary utility. This program is likely to be superseded by something more powerful that can also edit Postfix queue files.

    * The postconf command displays Postfix main.cf parameters: actual values, default values, or parameters that have non-default settings. This is a limited, preliminary utility. This program is likely to be superseded by something more powerful that can not only list but also edit the main.cf file.

    * The postdrop command is the mail posting utility that is run by the sendmail command in order to deposit mail into the maildrop queue directory.

    * The postkick command makes some internal communication channels available for use in, for example, shell scripts.

    * The postlock command provides Postfix-compatible mailbox locking for use in, for example, shell scripts.

    * The postlog command provides Postfix-compatible logging for shell scripts.

    * The postmap command maintains Postfix lookup tables such as canonical, virtual and others. It is a cousin of the UNIX makemap command.

    * The postqueue command is the utility that is run by the sendmail command in order to flush or list the mail queue.

    * The postsuper command maintains the Postfix queue. It removes old temporary files, and moves queue files into the right directory after a change in the hashing depth of queue directories. This command is run at mail system startup time.

Read more for Postfix Architecture : http://www.postfix.org/OVERVIEW.html

Installing and configuring 2003 mail server

Here is a document how to set up windows 2003 based pop3/smtp server for small office setup.

Installing and configuring 2003 mail server

Why need to patch or update windows

Windows Update is a service provided by Microsoft that provides updates for the Microsoft Windows operating system and its installed components.
There are different kinds of updates. Security updates or critical updates protect against vulnerabilities to malware and security exploits

A patch is a piece of software designed to fix problems with, or update a computer program or its supporting data. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance.
Programmers publish and apply patches in various forms. Because proprietary software authors withhold their source code, their patches are distributed as binary executables instead of source.

Patch management is the process of using a strategy and plan of what patches should be applied to which systems at a specified time.
Security updates are routinely provided on the second Tuesday of each month, Patch Tuesday(Patch Tuesday begins at 17:00 or 18:00 UTC. Sometimes there is an extraordinary Patch Tuesday, 14 days after the regular Patch Tuesday), but can be provided whenever a new update is urgently required to prevent a newly discovered or prevalent exploit targeting Windows users. Windows Update can be configured to install critical updates automatically so long as the computer is connected to the Internet,without the user needing to install them manually, or even be aware that an update is required.

Patch Management keeps your Windows Clients current with the latest security updates from Microsoft.

Updating

Microsoft web site to update
http://www.update.microsoft.com/windowsupdate/v6/vistadefault.aspx?ln=en-us

Critical Update Notification Tool/Utility
Shortly after the release of Windows 98, Microsoft released a Critical Update Notification Tool (later called Critical Update Notification Utility) through Windows Update, which installed a background tool on the user’s computer that checked the Windows Update web site on a regular schedule for new updates that have been marked as “Critical”. By default, this check occurred every five minutes, and when Internet Explorer was started, though the user could configure the next check to occur only at certain times of the day or on certain days of the week.

Automatic Updates
With the release of Windows Me in 2000, Microsoft introduced Automatic Updates as a replacement for the Critical Update Notification tool. Unlike its predecessor, Automatic Updates includes the ability to download and install updates without using a web browser. Instead of the five minute schedule used by its predecessor, the Automatic Updates client checks the Windows Update servers once a day. The user is given the option to download available updates then prompt the user to install them, or to notify the user prior to downloading any available updates.

In Windows Vista, Windows Server 2008, and Windows 7, the web site is no longer used to provide a user interface for selecting and downloading updates. In its place, the Automatic Updates control panel has been expanded to provide similar functionality. Support for Microsoft Update is also built into the operating system, but is turned off by default. The revised Windows Update can also be set to automatically download and install both Important and Recommended updates. In prior versions of Windows,such updates were only available through the Windows Update web site.

Group Policy Modeling

Read document her

Group policy Modeling

Active directory quota

Windows Server 2003 introduced AD object quotas to limit the number of objects users or group members can create in an AD.You can use Active Directory (AD)and Active Directory Domain Services (AD DS) to implement limitations on the number of objects that a security principal (user,computer,group) can create in a directory node to prevent an attack against Active Directory(if there is no limit,can create object until the NTDS.dit run out of space).

You can specify quotas for security principals on each directory partition. These partitions include application partitions, domain partitions, and configuration partitions except Schema partitions also Domain Admins and Enterprise Admins groups are also exempt from quota limitations.

Quota objects are stored in the NTDS Quotas container under the domain, application, and configuration naming contexts. To view the NTDS Quotas container in the Active Directory Users and Computers snap-in, you must enable Advanced Features on the View menu.
The NTDS Quotas container is of the object class msDS-QuotaContainer.

Creating quotas
dsadd quota -part dc=example,dc=com -qlimit 10 -acct cn=admin,ou=it,dc=example,dc=com

Means user admin is limited to creating 10 objects in the example.com directory partition

Determining quota limits
dsget user cn=admin,ou=it,dc=example,dc=com –part dc=example,dc=com –qlimit –qused

Note:Same parameters can use with the dsget computer and dsget group commands to find the quota limit for those objects.

dsquery quota domainroot -qlimit “>=10” | dsget quota -acct -qlimit

It means entries with a limit of more than 10

Modify Quotas
dsmod quota “CN=it,CN=NTDS Quotas,DC=example,DC=com” -qlimit 50

2003 AD quota table integrity check

Reboot the domain controller in Directory Restore Services Mode (DRSM)
Type ntdsutil in command window
Type semantic database analysis, and ENTER
Type check quota, and ENTER

2008 AD quota table integrity check

first need to Stop the Active Directory database process
Type net stop ntds, and ENTER at the command prompt
Type ntdsutil, and ENTER
Type activate instance NTDS, and ENTER
Type semantic database analysis, and ENTER
Type check quota, and ENTER

Kaspersky internet security12

Installations and usages of kaspersky read from here.
Kaspersky internet security12

Disk Quota in windows

Disk quotas were introduced in Windows 2000, and are applied to specific users and limit the amount of disk space that user can use on a particular volume.
Windows 2000 disk quotas track and control disk storage usage on a per-user, per-volume basis. Windows 2000 tracks disk quotas for each volume, even if the volumes are on the same hard disk.

Directory quotas are applied to all users and limit the amount of disk space that users can use in a particular folder and its subfolders. Directory quotas were introduced in Windows Server 2003 R2 with the new File Server Resource Manager.

Note : You need NTFS volume for setting Quotas

How to set disk quota in 2000
—————————–
Mycomputer > select disk volume and right click > Properties > Quota
check the box Enable quta management
Limit disk space to :Configure the amount of disk space that users can use and
Set warning level to:Amount of disk space that a user can fill before Windows 2000 logs an event
Also Deny Disk Space To Users Exceeding Quota Limit check box

Setting Quotas for Per-User

Right click a drive letter > properties > Quota tab > Quota Entries > select user

Import and Export Quotas

Right click a drive letter > properties > Quota tab > Quota Entries > select Quota from top left > select the quota > import/export

Additional Quota options
————————
Log Event When a User Exceeds the Quota Limit – If quotas are enabled, an event is written to the system log on the local computer whenever users exceed their quota limit. Administrators can view these events in Event Viewer, filtering for disk event types.
Log Event When a User Exceeds the Warning Level – If quotas are enabled, an event is written to the system log on the local computer whenever users exceed their quota warning level. Administrators can view these events in Event Viewer, filtering for disk event types.

Configure and use disk quota in 2003
————————————
In Windows Server 2003 R2, just as in Windows Small Business Server 2003, the fsutil command provides a quick shortcut to quickly changing a specific user’s disk quota limits and warning levels.

Traditional Windows disk quotas are calculated using files’ logical size and are based on the user owning a file, not necessarily the user maintaining or storing the file.Windows Server 2003 R2 also includes a new feature that addresses several disk quota issues that is called File Server Resource Manager(FSRM).

Using Group policy
——————
Open the Group Policy Object Editor (gpedit.msc) and navigate to Computer Configuration > Administrative Templates > System > Disk Quotas > Enable
you can select 3 settings there
Allow processing across a slow network connection
Do not apply during periodic backgroun processing
Process even if the group policy object have not changed

Installing the File Server Resource Manager in 2008
—————————————————
Note:This feature is available in all editions of Windows Server 2008 except Server Core.

Server Manager > Roles > Add Roles > install the File Server role
After the file server role is installed
Server Manager > Features > Add Features > Remote Server Administration Tools Role Administration Tools > File Services Tools > File Server Resource Manager Tools. Select the File Server Resource Manager Tools check box, and then click the Install button.

Instead of specifying custom Quotas folder by folder, you can use standard FSRM Quota templates or define your own templates.
File Server Resource Manager > Quota Management > Quota Templates > Edit Template Properties

%d bloggers like this: