Friday, July 27, 2012

Configure Two Ironport C-Series Devices Where the Backup Hosts the Quarantine

These steps come straight from Cisco and it works like a charm.  This allows the primary device to focus on email filtering and the second device to take care of the quarantine work.  I have another post on how to sync the SLBL on these two devices since users will be getting their information from the backup IronPort.


How to configure two C-Series devices where the backup hosts the Quarantine 
Question: How to configure two C-Series devices where the backup hosts the Quarantine Answer All-in-one-plus-one IronPort Spam Quarantine Configuration
Note: This approach will not work if using Centralized Management.

Many sites will run two IronPort appliances, one that is designated as the "Primary MX" server and processes the majority of mail, and a second appliance as a hot spare that is designated as the "Secondary MX."  If the Primary MX should become unavailable for any reason, then the normal SMTP protocol will redirect traffic to the Secondary MX until the primary is available again.  For sites that wish to deploy the IronPort Spam Quarantine feature for their end-users but do not have enough traffic to justify a dedicated M-Series appliance, we offer the below configuration hints to allow you to configure the Secondary MX system to act as a centralized quarantine for both appliances, and to tell the Primary MX that messages detected as spam should be sent to that central quarantine on the Secondary MX system.

Please note that this configuration should only be used by sites that are not at or near the peak performance throughput on their Primary MX server, or doing equal-weighted load balancing between two appliances, as the additional load of processing end-user quarantined messages could result in reduced throughput in the event of a Primary-to-Secondary fail-over.  For high-volume sites whose multiple appliances are running at or near peak throughput, we recommend deployment of the M-Series appliance to offload quarantine duties from your C-Series appliances.

The second IronPort MGA that will contain the IronPort Spam Quarantine, must be able to identify messages coming from the Primary MTA and force the messages to the Quarantine.  This can be accomplished by using an X-Header once a messages is identified as spam.
To avoid having two IronPort C-Series MGA's scanning the same message be sure to perform the following steps.

Procedure overview:


1. On the Primary

1. Ensure messages received from Primary MX MGA are scanned for Anti-Spam filtering
2. When Spam Positive and/or Suspect Positive, send to the IronPort Spam Quarantine and add X-Header: X-Ironport-Quarantine

2. On the Secondary

1. add a Mail Flow Policy which by-passes Anti-Spam scanning
2. Add a new Sender Group called "Quarantine_From_Primary", set the order # to 1.
3. Configure this Sender Group to accept messages from the Primary appliance
4. Configure this Sender Group to use the Mail Flow Policy created previously

5. Configure the local quarantine on the "secondary" MGA
6. Edit Log Global Settings to monitor the X-header: X-Ironport-Quarantine

3. Test




If this is not setup correctly one message will actually be scanned by both MGA’s before ending up in the quarantine.  
(The following example is using a Sender Group on the secondary MX MGA called "QUARANTINE_FromMail2")

Primary Server
Thu Apr 27 15:05:45 2006 Info: New SMTP ICID 1348 interface Mail (192.168.1.2) address 1.1.1.1 reverse dns host pproxy.gmail.com verified yes
Thu Apr 27 15:05:45 2006 Info: ICID 1348 ACCEPT SG SUSPECTLIST match sbrs[-2.0:-0.5] SBRS -1.4
Thu Apr 27 15:05:45 2006 Info: Start MID 1661 ICID 1348
Thu Apr 27 15:05:45 2006 Info: MID 1661 ICID 1348 From:
Thu Apr 27 15:05:45 2006 Info: MID 1661 ICID 1348 RID 0 To:
Thu Apr 27 15:05:45 2006 Info: Start MID 1661 ICID 1348
Thu Apr 27 15:05:45 2006 Info: MID 1661 ICID 1348 From:
Thu Apr 27 15:05:45 2006 Info: MID 1661 ICID 1348 RID 0 To:
Thu Apr 27 15:05:45 2006 Info: MID 1661 Message-ID '<16ac64320604271305o755483cdx28677153c5e4032@mail.spammer.com>'
Thu Apr 27 15:05:45 2006 Info: MID 1661 Subject 'Fwd: Impotenc-e hellp no doc visilt'
Thu Apr 27 15:05:45 2006 Info: MID 1661 ready 13559 bytes from
Thu Apr 27 15:05:45 2006 Info: MID 1661 matched all recipients for per-recipient policy DEFAULT in the inbound table
Thu Apr 27 15:05:51 2006 Info: MID 1661 using engine: CASE spam positive
Thu Apr 27 15:05:51 2006 Info: EUQ: Tagging MID 1661 for quarantine
Thu Apr 27 15:05:51 2006 Info: MID 1661 antivirus negative
Thu Apr 27 15:05:51 2006 Info: EUQ: Tagging MID 1661 for quarantine (X-Ironport-Quarantine)
Thu Apr 27 15:05:51 2006 Info: MID 1661 queued for delivery
Thu Apr 27 15:05:51 2006 Info: Delivery start DCID 4789 MID 1661 to RID [0] to offbox IronPort Spam Quarantine
Thu Apr 27 15:05:51 2006 Info: Message done DCID 4789 MID 1661 to RID [0]
Thu Apr 27 15:05:51 2006 Info: MID 1661 RID [0] Response 'ok:  Message 22017 accepted'
Thu Apr 27 15:05:51 2006 Info: Message finished MID 1661 done

Secondary Server
Thu Apr 27 15:05:50 2006 Info: New SMTP ICID 121070 interface Mail (192.168.1.2) address 192.168.1.2 reverse dns host unknown verified no
Thu Apr 27 15:05:50 2006 Info: ICID 121070 ACCEPT SG QUARANTINE_FromMail2 match 192.168.1.2 SBRS rfc1918
Thu Apr 27 15:05:50 2006 Info: Start MID 22017 ICID 121070
Thu Apr 27 15:05:50 2006 Info: MID 22017 ICID 121070 From:
Thu Apr 27 15:05:50 2006 Info: MID 22017 ICID 121070 RID 0 To:
Thu Apr 27 15:05:55 2006 Info: ICID 121070 close
Thu Apr 27 15:05:50 2006 Info: Start MID 22017 ICID 121070
Thu Apr 27 15:05:50 2006 Info: MID 22017 ICID 121070 From:
Thu Apr 27 15:05:50 2006 Info: MID 22017 ICID 121070 RID 0 To:
Thu Apr 27 15:05:50 2006 Info: MID 22017 Message-ID '<16ac64320604271305o755483cdx28677153c5e4032@mail.spammer.com>'
Thu Apr 27 15:05:50 2006 Info: MID 22017 Subject '[SPAM] Fwd: Impotenc-e hellp no doc visilt'
Thu Apr 27 15:05:50 2006 Info: MID 22017 ready 13907 bytes from
Thu Apr 27 15:05:50 2006 Info: MID 22017 matched all recipients for per-recipient policy DEFAULT in the inbound table
Thu Apr 27 15:05:50 2006 Info: EUQ: Tagging MID 22017 for quarantine (X-Ironport-Quarantine)
Thu Apr 27 15:05:50 2006 Info: MID 22017 queued for delivery
Thu Apr 27 15:05:54 2006 Info: RPC Delivery start RCID 10882 MID 22017 to local IronPort Spam Quarantine
Thu Apr 27 15:05:54 2006 Info: EUQ: Quarantined MID 22017
Thu Apr 27 15:05:54 2006 Info: RPC Message done RCID 10882 MID 22017
Thu Apr 27 15:05:54 2006 Info: Message finished MID 22017 done
Detailed Steps for Primary Server


1. Ensure messages received from Primary MX MGA are scanned for Anti-Spam filtering

1. Ensure that Anti-Spam scanning is enabled
2. Configure the appropriate Anti-Spam policies on the Incoming Mail Policies page to send Positive and/or Suspect spam to the IronPort Spam Quarantine (now hosted on the Secondary MX appliance)

1. (Mail Policies -> Email Security Manager -> Incoming Mail Policies)


2. Configure the default Mail Policies: Anti-Spam settings ; Positively-Identified Spam Settings actions also to include additional X-header:

1. Header Name: X-Ironport-Quarantine
2. header Text: offbox (any text value will work)

3. If desired, repeat the above for Suspected Spam Settings
4. Setup an External Quarantine

1. Designate the Secondary MX appliance as an External Quarantine host by navigating to Monitor -> Quarantines -> External Quarantines 
2. Click the "Add Quarantine..." button
3. Enter a descriptive name so you know you are routing to your Secondary MX appliance
4. Enter the IP address of the Secondary MX appliance
5. Change the default port from 6025 to 25
6. Submit
7. Commit changes





Detailed Steps for Secondary Server

1. On IronPort that will host the Quarantine (Secondary) add a Mail Flow Policy

1. Select the Mail Flow Policies, beneath the HAT Overview
2. Click the Add Policy, button
3. Name the policy, example: SpamQuarantine 
4. Connection Behavior set to Accept    
5. In the Security Features, turn off Virus Protection and Spam Protection
6. Turn Off Sender Verification
7. Select  Submit

2. Add a new Sender Group called "Quarantine_From_Primary", set the order # to 1.

1. Open the HAT Overview, add a new Sender Group
2. Click Add Sender Group
3. Name: Quarantine_From_Primary
4. Set Order to 1
5. Add comments
6. Select the new Policy created, example SpamQuarantine
7. Leave other fields, unchecked
8. Click the Submit and Add Senders, at the bottom right.
9. Enter the IP of the Primary IronPort.
10. Add comments
11. Check Submit
12. Configure Local Quarantine
13. Enable Local quarantines 
14. Monitor-> Quarantines-> Local Quarantines

3. Edit Log Settings

1. System Administration > Log Subscriptions -> "Global Settings" box,
2. click "Edit Settings..."
3. In the "Headers (Optional)" text box add: X-Ironport-Quarantine

4. Test 

1. Send messages that have spam (use X-header: X-Advertisement: spam)
2. Send messages that do not contain spam
3. Review the logs

Use BGInfo with Server 2008 R2


This is a great program to use if you work with a lot of different servers and you need to keep track of what you are connected to.  It also gives the ability to see the specifics of the box without the need to run all of that information down.

Here's the process:

1.  Create a text file named AutoRunBGInfo.reg and place it on your desktop.
2.  Enter the text in the file as follows - 

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BGInfo"="\"C:\\BGInfo\\Bginfo.exe\" \"C:\\BGInfo\\config.bgi\" /timer:0 /silent"

3.  Now place a folder on C:\ named BGInfo.  Inside there place the BGinfo.exe file and your config.bgi file.  The config.bgi file is created when you customize the information you want on your server's desktop.  Below I have a list of the ones I use and in the same order.

4.  Start BGInfo once manually, accept the programs question, and then load the config.bgi file to set the wallpaper.  

5.  That's all.

Now that you've done this process everytime you login to the server you will get a fresh update of the statistics.  Having things such as free drive space at a glance is great when doing network maintenance tasks.

My BGInfo config: (All text in white except for the colors below.  Change yours to match the wallpaper's contrast so you can see it easily)

**COMPANY  NAME**
                                                                                      
User and Computer Info

UserID:   
Host Name:   
OS Version:   
Edition:   
OS Bits:    bit
Hardware Bits:    bit
Service Pack:   
IE Version:   
Boot Time:   

CPU:   
Memory:   
Volumes:   
Free Space:   
                                                                                     
Network Settings

IP Address:   
Subnet Mask:   
Default Gateway:   
DNS Server:   
MAC Address:   
Network Speed:   
Machine Domain:   

                                                                                      
Virtual (or Physical)

Model:    * or * will show here.





AD User List Query

I found this script on the web some time ago and it's great to dump all of the users out of AD into an Excel file.  I've been asked to do this many times for a variety of reasons.  Just copy this text exactly, place the script on a DC and run.  That's all it takes.


Dim ObjWb
Dim ObjExcel
Dim x, zz
Set objRoot = GetObject("LDAP://RootDSE")
strDNC = objRoot.Get("DefaultNamingContext")
Set objDomain = GetObject("LDAP://" & strDNC) ' Bind to the top of the Domain using LDAP using ROotDSE
Call ExcelSetup("Sheet1") ' Sub to make Excel Document
x = 1
Call enummembers(objDomain)
Sub enumMembers(objDomain)
On Error Resume Next
Dim Secondary(20) ' Variable to store the Array of 2ndary email alias's
For Each objMember In objDomain ' go through the collection

If ObjMember.Class = "user" Then ' if not User object, move on.
x = x +1 ' counter used to increment the cells in Excel

    objwb.Cells(x, 1).Value = objMember.Class
    ' I set AD properties to variables so if needed you could do Null checks or add if/then's to this code
    ' this was done so the script could be modified easier.
SamAccountName = ObjMember.samAccountName
Cn = ObjMember.CN
FirstName = objMember.GivenName
LastName = objMember.sn
initials = objMember.initials
Descrip = objMember.description
Office = objMember.physicalDeliveryOfficeName
Telephone = objMember.telephonenumber
EmailAddr = objMember.mail
WebPage = objMember.wwwHomePage
Addr1 = objMember.streetAddress
City = objMember.l
State = objMember.st
ZipCode = objMember.postalCode
Title = ObjMember.Title
Department = objMember.Department
Company = objMember.Company
Manager = ObjMember.Manager
Profile = objMember.profilePath
LoginScript = objMember.scriptpath
HomeDirectory = ObjMember.HomeDirectory
HomeDrive = ObjMember.homeDrive
AdsPath = Objmember.Adspath
LastLogin = objMember.LastLogin

zz = 1 ' Counter for array of 2ndary email addresses
For each email in ObjMember.proxyAddresses
     If Left (email,5) = "SMTP:" Then
Primary = Mid (email,6) ' if SMTP is all caps, then it's the Primary
     ElseIf Left (email,5) = "smtp:" Then
        Secondary(zz) = Mid (email,6) ' load the list of 2ndary SMTP emails into Array.
        zz = zz + 1
     End If
Next
' Write the values to Excel, using the X counter to increment the rows.

objwb.Cells(x, 2).Value = SamAccountName
objwb.Cells(x, 3).Value = CN
objwb.Cells(x, 4).Value = FirstName
objwb.Cells(x, 5).Value = LastName
objwb.Cells(x, 6).Value = Initials
objwb.Cells(x, 7).Value = Descrip
objwb.Cells(x, 8).Value = Office
objwb.Cells(x, 9).Value = Telephone
objwb.Cells(x, 10).Value = EmailAddr
objwb.Cells(x, 11).Value = WebPage
objwb.Cells(x, 12).Value = Addr1
objwb.Cells(x, 13).Value = City
objwb.Cells(x, 14).Value = State
objwb.Cells(x, 15).Value = ZipCode
objwb.Cells(x, 16).Value = Title
objwb.Cells(x, 17).Value = Department
objwb.Cells(x, 18).Value = Company
objwb.Cells(x, 19).Value = Manager
objwb.Cells(x, 20).Value = Profile
objwb.Cells(x, 21).Value = LoginScript
objwb.Cells(x, 22).Value = HomeDirectory
objwb.Cells(x, 23).Value = HomeDrive
objwb.Cells(x, 24).Value = Adspath
objwb.Cells(x, 25).Value = LastLogin
objwb.Cells(x,26).Value = Primary

' Write out the Array for the 2ndary email addresses.
For ll = 1 To 20
objwb.Cells(x,26+ll).Value = Secondary(ll)
Next
' Blank out Variables in case the next object doesn't have a value for the property
SamAccountName = "-"
Cn = "-"
FirstName = "-"
LastName = "-"
initials = "-"
Descrip = "-"
Office = "-"
Telephone = "-"
EmailAddr = "-"
WebPage = "-"
Addr1 = "-"
City = "-"
State = "-"
ZipCode = "-"
Title = "-"
Department = "-"
Company = "-"
Manager = "-"
Profile = "-"
LoginScript = "-"
HomeDirectory = "-"
HomeDrive = "-"
Primary = "-"
For ll = 1 To 20
Secondary(ll) = ""
Next
    End If
 
    ' If the AD enumeration runs into an OU object, call the Sub again to itinerate
 
    If objMember.Class = "organizationalUnit" or OBjMember.Class = "container" Then
        enumMembers (objMember)
    End If
Next
End Sub
Sub ExcelSetup(shtName) ' This sub creates an Excel worksheet and adds Column heads to the 1st row
Set objExcel = CreateObject("Excel.Application")
Set objwb = objExcel.Workbooks.Add
Set objwb = objExcel.ActiveWorkbook.Worksheets(shtName)
Objwb.Name = "Active Directory Users" ' name the sheet
objwb.Activate
objExcel.Visible = True
objwb.Cells(1, 2).Value = "SamAccountName"
objwb.Cells(1, 3).Value = "CN"
objwb.Cells(1, 4).Value = "FirstName"
objwb.Cells(1, 5).Value = "LastName"
objwb.Cells(1, 6).Value = "Initials"
objwb.Cells(1, 7).Value = "Descrip"
objwb.Cells(1, 8).Value = "Office"
objwb.Cells(1, 9).Value = "Telephone"
objwb.Cells(1, 10).Value = "Email"
objwb.Cells(1, 11).Value = "WebPage"
objwb.Cells(1, 12).Value = "Addr1"
objwb.Cells(1, 13).Value = "City"
objwb.Cells(1, 14).Value = "State"
objwb.Cells(1, 15).Value = "ZipCode"
objwb.Cells(1, 16).Value = "Title"
objwb.Cells(1, 17).Value = "Department"
objwb.Cells(1, 18).Value = "Company"
objwb.Cells(1, 19).Value = "Manager"
objwb.Cells(1, 20).Value = "Profile"
objwb.Cells(1, 21).Value = "LoginScript"
objwb.Cells(1, 22).Value = "HomeDirectory"
objwb.Cells(1, 23).Value = "HomeDrive"
objwb.Cells(1, 24).Value = "Adspath"
objwb.Cells(1, 25).Value = "LastLogin"
objwb.Cells(1, 26).Value = "Primary SMTP"
End Sub
MsgBox "Done" ' show that script is complete 

Monday, July 09, 2012

How to Create a USB install disc from ESXi ISO file.

I had to setup ESXi on some brand new Gen 8 HP ProLiant servers that had two hard drive cages and no optical drive.  Since I never carry a USB optical drive this was the best way to go.

I've outline a few very simple steps below to make your USB key bootable with ESXi so just boot from the USB drive and you're good to go.

Good luck!

1. Download UNetbootin and run the software.  Here are links to the different versions you may need. (WindowsMac OS XLinux).

2. Download the VMware vSphere ISO file.  Note to use the newest 5.0.0 update 1 as of this writing. -> VMware Download Center.

3. Start the UNetbootin application and choose Diskimage (ISO) and browse to the downloaded ISO file.  There are several options of top for many operating systems and applications if you happen you want to make one of those as well.

4. Choose Type: USB Drive and choose the correct USB drive letter that you want the bootable installer to be installed to.

5. Let the program run and you are finished.  Make sure you edit the boot sequence in your BIOS (UEFI mode on some systems) to boot from USB instead of CD/DVD-ROM or HDD.

The vSphere 5 documentation can be found online here.

Friday, July 06, 2012

HP Compaq 6200 Pro DownGrade to XP AHCI Driver

I ran into this one recently where a customer wanted to downgrade these new machines to Windows XP since their company currently does not have any plans to migrate from it.  Below are the steps I had to take in order to install Windows XP and then setup the AHCI driver afterwards

The main thing I had to do was to put the SATA controller in IDE mode first in order to get Windows XP to install.  The can be done by pressing ESC or F9 on the PC when it first boots. 

Here is the step by step process to do that:

1. After Windows XP is installed, install the chipset driver first & reboot:

http://h20000.www2.hp.com/bizsupport/TechSupport/S​oftwareDescription.jsp?lang=en&cc=us&prodTypeId=1...

The following steps are used for installing AHCI drivers in Windows XP operating system installed using the IDE mode.

2. Download AHCI driver from the HP Driver site.


3. Right-click the My Computer icon, click Manage, select Device Manager

4. Click the + symbol beside IDE ATA/ATAPI controllers so see all of the hardware devices.

5. You will find the Intel native SATA storage controller driver installed.

6. Right-click  the Serial ATA storage 4 Port controller listed, and click Update Driver .

7. In Welcome to the Hardware Update Wizard, select No, not this time. Click Next .

8. Select Install from a list or specific location (Advanced) . Click Next

9. Select Don't search I will choose the driver to install . Click Next

10. Click Have Disk

11. Click Browse

12. Select location where you saved ACHI drivers.

13. Select iaAHCI.inf

14. Click Open

15. This will list several SATA AHCI Controllers. From this list, select the Intel(R) Desktop/Workstation/Server Express Chipset SATA AHCI Controller. Click Next.

16. The Update Driver Warning will be shown. Click Yes.

17. The driver will install, and completing the Hardware update Wizard appears. Click Finish

18. You can find the updated controller in the device manager.

19. During restart boot to the BIOS setup utility . Go back to your device configurations sub menu and change the SATA Mode back to ACHI, save settings there (F10) and upon exit, save changes and reboot.

Now, the SATA driver is successfully installed and the desktop will boot into Windows with SATA Device Mode set to AHCI.