Thursday, 30 November 2017

Migrating emails from one server to another without Server access

Imapcopy:
There are many tools available for this mail to mail migration, here we are going to use “Imapcopy”, which I believe to be the best and easy command line tool. It does support both Imap and Imaps protocols.
Since this tool only uses ‘imap’ protocol to copy emails, not much of server resources will be used and also you do not need the admin/root login details of the server.
Requirements:
  • Login details of email accounts from both source server and destination server
  • Both servers hostnames and working imap port number (Be default it is 143 for http and 993 for https)
  • A linux machine, either a server or local machine with internet connectivity.
Procedure to install Imapcopy:
We need to install imapcopy in the linux machine, since there is no default repo available, we need to use wget to download the setup zip/tar file and install in manually. I have below pasted the steps to download and install imapcopy from a currently working repository.
  • Downloading imapcopy binary from know repository
  • Extract the downloaded .tar file
  • Enter the extracted directory and create a copy of the existing conf file for future use.
  • Note:  
    We can install this imapcopy tool  in ‘exe’ version and use it in windows based machine too.  You just need to download the respective version.
    The URL for Windows version :
  • Steps to proceed with migration:
    Go to imapcopy directory and open the configuration file in any known text editor and update the source and destination server hostname and port number details. 
    Under the user section, just add the old server and new server email account login details respectively.
    Screen Shot of conf file before editing
  • Once you edited the configuration with all the necessary details, you are good to go. You just need to execute the binary file which you have downloaded.
    • If you wish to test the connection before copying, you can use the ‘-t ’ option. This will check the login details updated in the “imapcopy.cfg” and paste the status.
    ./imapcopy -t
    • If you get no errors in the login, you can now simply run the imapcopy binary to proceed the migration.
    ./imapcopy
    At the end of the migration, Imapcopy will show all the details about the total number of folders/emails copied to the server.
    You can now save this configuration to use it for this domain again in future. If you wish to proceed with a different domains, you just need to edit the configuration.
    You can copy multiple accounts in a single run, you just need to enter the respective account login details in the imapcopy configuration file.

MEGACLI Commands to check Hardware RAID config and Setup

To know the Hardware RAID controller and other information use lspci command.
lspci | grep -i raid
O/P:
01:00.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID SAS 2108 [Liberator] (rev 05)
The above command shows the RAID controller vendor details.
Installation of Megacli in Centos:
RAID commands:
MegaCli64 commands are formed as given below:
MegaCli64 –command –arguments/directives -a adapter info
View information about the RAID adapter:
/opt/MegaRAID/MegaCli/MegaCli64 -AdpAllinfo -aALL
Results:
Adapter #0
Versions
  • Product Name : LSI MegaRAID SAS 9260-8i
  • Serial No : SV31519225
  • FW Package Build: 12.12.0-0111
Mfg. Data
  • Mfg. Date : 04/10/13
  • Rework Date : 00/00/00
  • Revision No : 85B
  • Battery FRU : N/A
Image Versions in Flash:
  • FW Version : 2.130.353-1663
  • BIOS Version : 3.24.00_4.12.05.00_0x05160000
  • Preboot CLI Version: 04.04-020:#009
  • WebBIOS Version : 6.0-49-e_45-Rel
  • NVDATA Version : 2.09.03-0032
  • Boot Block Version : 2.02.00.00-0000
  • BOOT Version : 09.250.01.219
To Know information in PDrives:
/opt/MegaRAID/MegaCli/MegaCli64 -PDList -aALL
Output:
  • Adapter #0
  • Enclosure Device ID: 252
  • Slot Number: 0
  • Drive’s position: DiskGroup: 0, Span: 0, Arm: 0
  • Enclosure position: N/A
  • Device Id: 10
  • WWN: 5000c5005c34c105
  • Sequence Number: 2
  • Media Error Count: 0
  • Other Error Count: 0
  • Predictive Failure Count: 0
  • Last Predictive Failure Event Seq Number: 0
  • PD Type: SATA
To know the PATROL read which explore disk error and the patrol read state and the delay between patrol read runs:
/opt/MegaRAID/MegaCli/MegaCli64 -AdpPR -Info -aALL
Output:
  • Adapter 0: Patrol Read Information:
  • Patrol Read Mode: Auto
  • Patrol Read Execution Delay: 168 hours
  • Number of iterations completed: 78
  • Next start time: 05/02/2015, 03:00:00
  • Current State: Stopped
  • Patrol Read on SSD Devices: Disabled
To check Current patrol read rate:
/opt/MegaRAID/MegaCli/MegaCli64 -AdpGetProp PatrolReadRate -aALL
Adapter 0: Patrol Read Rate = 30%
Get the Number of Virtual Drives Configured on Each Adapter
/opt/MegaRAID/MegaCli/MegaCli64 -LdGetNum -aAll
Number of Virtual Drives Configured on Adapter 0: 2
To know Battery backup information
/opt/MegaRAID/MegaCli/MegaCli64 -AdpBbuCmd -aALL
BBU status for Adapter: 0
  • BatteryType: iBBU
  • Voltage: 4085 mV
  • Current: 0 mA
  • Temperature: 29 C
  • Battery State: Optimal
  • BBU Firmware Status:
Display configuration:
/opt/MegaRAID/MegaCli/MegaCli64 -CfgDsply -aAll
  • Adapter: 0
  • Product Name: LSI MegaRAID SAS 9260-8i
  • Memory: 512MB
  • BBU: Present
  • Serial No: SV31519225
Number of DISK GROUPS: 2
  • SPANNED DISK GROUP: 0
  • Number of Spans: 2
  • SPAN: 0
  • Span Reference: 0x00
  • Number of PDs: 2
  • Number of VDs: 1
  • Number of dedicated Hotspares: 0
  • Virtual Drive Information:
  • Virtual Drive: 0 (Target Id: 0)
Enable Forced Write Back Cache:
/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -ForcedWB -Immediate -Lall -aAll
To disable cache with a bad BBU with MegaCLI
/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -NoCachedBadBBU -Immediate -Lall -aAll
To Enable Drive Caches with MegaCLI
/opt/MegaRAID/MegaCli/MegaCli64 -LDSetProp -EnDskCache -Immediate -Lall -aAll

Open VPN Server Configuration on Linux

  1. Install Open VPN RPM.
Dependencies
  1. openssl
  2. lzo
  3. pkcs11-helper
Download openvpn-<version>.rpm , And install using this command rpm -ivh openvpn-<version>.rpm
  1. It will create folder under /etc/openvpn and /usr/share/doc/openvpn-2.1.1 
    cp -r /usr/share/doc/openvpn-<version>/easy-rsa /etc/openvpn 
    cp -r /usr/share/doc/openvpn-<version>/sample-config-files/server.conf /etc/openvpn 
    we have to copy the “easy-rsa” folder and “server.conf” file from /user/share/doc/openvpn-<version>… to…. /etc/openvpn
  2. Then go to /etc/openvpn
    cd /etc/openvpn
  3. Then go to easy-rsa/2.0
    cd easy-rsa/2.0
  4. Edit “vars” file modify values in last 5 lines. 
    export KEY_COUNTRY="YOURCOUNTRY"

    export KEY_PROVINCE="YOURSTATE"

    export KEY_CITY="YOURCITY"

    export KEY_ORG="YOURORG"

    export KEY_EMAIL="exuser@host.yourdomain.com"
  5. Run the “vars” file 
    . ./vars (note there is two dots)
  6. To clear old keys run the “clear-all” file. If the folder does not exist it will create the folder. 
    ./clear-all (here one dot is enough)
  7. Then run “bulid-ca” and “bulid-dh” files. 
    ./bulid-ca 
    (While running this command just enter for all options. But you have to answer for common_name option Give the Server’s Host Name or Any Name).
    ./build-dh
    It will generate “ca.crt”, “ca.key” and “dh1024.pem” files under “keys” folder.
  8. Then run “bulid-key-server” to generate server key. 
    ./build-key-server <“Server-Name”>
    While running the above command it will prompt you to get input just give enter for every prompt. 
    It will generate “Server-Name.crt” , “Server-Name.csr” and “Server-Name.key” under “keys” folder.
  9. Then go to /etc/openvpn folder
    cd /etc/openvpn
  10. Now we have to edit the “server.conf” file. 
    vi server.conf
    #This is sample configuration file
    1. local 192.168.1.101
    2. port 1194
    3. proto udp
    4. dev tun
    5. ca ca.crt
    6. cert host.yourdomain.com.crt
    7. key host.yourdomain.com.key # This file should be kept secret
    8. dh dh1024.pem
    9. server 192.168.11.0 255.255.255.248
    10. ifconfig-pool-persist ipp.txt
    11. push "route 172.23.0.0 255.255.0.0" # YOURORG LOCAL Network
    12. client-config-dir ccd
    13. route 192.168.12.0 255.255.255.0 # For Individual Clients
    14. client-to-client
    15. keepalive 10 120
    16. comp-lzo
    17. user nobody
    18. group nobody
    19. persist-key
    20. persist-tun
    21. status openvpn-status.log
    22. log-append openvpn.log
    23. verb 3
    • Line 1 : local 192.168.1.101
      Which IP address “openvpn” has to look in the system.
    • Line 2 : port 1194
      Which Port number “openvpn” has to run in the system.
    • Line 3 : proto udp
      Which Protocol “openvpn” has to use. 
      (tcp/udp) udp is best.
    • Line 4 : dev tun
      Which device it has to use to assign “Virtual IP”
      (tap/tun) tun is best.
    • Line 5 : ca ca.crt
    • Line 6 : cert <Server-Name>.crt
    • Line 7 : key <Server-Name>.key # This file should be kept secret
    • Line 8 : dh dh1024.pem
      For Line number 5 to 8 we have to say the path of the files. So we have to copy the “ca.crt “ , “<Server-Name>.crt” ,”<Server-Name>.key” and “dh1024.pem” in the same folder is good. Otherwise we can give the path where these files present.
    • Line 9 : server 192.168.11.0 255.255.255.248
      This line is to assign IP address for the server. Here I have planed to assign 192.168.11.1 – 192.168.11.2 to server and different IP ranges for clients.
    • Line 10 : ifconfig-pool-persist ipp.txt
      This line contains the IP pool list of clients. But here we are going to use static IP for each clients. So It is not necessary for us.
    • Line 11 : push "route 172.23.0.0 255.255.0.0" 
      These Line : 11 for routing the local network to clients. Then only clients can access these networks. It will take effect on all VPN-CLIENTS.
    • Line 12: client-config-dir ccd
      These line is for We can customize the client configuration. So we have to create a directory named “ccd” under “/etc/openvpn” and inside the “ccd” directory we have to create client customized file.
    • Line 13 : route 192.168.12.0 255.255.255.0 for Individual vpn network.
    • Line 14 : client-to-client
      This is for clients can access the each other clients.
    • Line 15 : keepalive 10 120
      To refresh the connection
    • Line 16 : comp-lzo
    • Line 17 : user nobody
    • Line 18 : group nobody
      These above two lines only useful for Linux server.
    • Line 19 : persist-key
    • Line 20 : persist-tun
    • Line 21 : status openvpn-status.log
      It is to view the current status of the connection.
    • Line 22 : log-append openvpn.log
      It is to append the status of the server in a log file.
    • Line 23 : verb 3
      It is for verbose level.
    1. Now we are going to start the VPN Server. Before that we have to verify that we have copied every thing in the current folder “/etc/openvpn”.
    • File 1. ca.crt
    • File 2. dh1024.pem
    • File 3. <Server-Name>.crt
    • File 4. <Server-Name>.csr
    • File 5. <Server-Name>.key
    Start the service using the command service openvpn start command.
    For Auto start the service when booting the machine type the command chkconfig openvpn on

General Router Commands


Router Modes:
Router> User mode
Router# Privilege mode
Router(config)# Configuration mode
Router(config-if)# Interface configuration mode
Router(config-subif) Sub Interface configuration mode
Router(config-line)# Line mode
Router(config-router)# Router configuration mode
Global configuration mode in detail:
Router> Can see Router config, but cannot change any settings
Router# Can see Router config and move to config make changes
Router#conf t // configure terminal is shortly used as “conf t”
Router(config)# // Always try to use tab which will reduce time as well as gives the correct command
#Moves to global config mode, here you can do any changes with router
Configuring a Router name
Router(config)# hostname Area1-router
Area1-router(config)# // See the router name changed once new hostname is set
Configuring Passwords
Area1-Router(config)#
Area1-Router(config)#enable password cisco //Sets enable password
Area1-Router(config)#enable secret class //Sets enable secret password
Area1-Router(config)#line con 0 //Enters console-line mode
Area1-Router(config-line)#password console //Sets console-line mode password to console
Area1-Router(config-line)#login //Enables password checking at login
Area1-Router(config)#line vty 0 4 //Enters vty line mode for all 5 vty lines
Area1-Router(config-line)#password telnet //Sets vty password to telnet
Area1-Router(config-line)#login //Enables password checking at login
Area1-Router(config)#line aux 0 //Enters auxiliary line mode
Router(config-line)#password auxillary //Sets auxiliary line mode password to auxillary
Router(config-line)#login //Enables password checking at login
HINT:
Enable secret password is encrypted by default.
You cannot set both enable secret and enable password to the same password.
Password Encryption
Area1-Router(config)#service password encryption //Applies a weak encryption to passwords
Area1-Router(config)#no service password encryption //Turns off password encryption
HINT:
If you have turned on service password encryption, used it, and then turned it off, any passwords that you have encrypted will stay encrypted.
New passwords will remain unencrypted
Show Commands
Area1-Router#show ? //Lists all show commands available
Area1-Router#show interfaces //Displays statistics for all interfaces
Area1-Router#show interface serial 0/1 //Displays statistics for a specific interface, in this case Serial 0/1
Area1-Router#show ip interface brief //Displays a summary of all interfaces, including status and IP address assigned
Area1-Router#show controllers serial 0 //Displays statistics for interface hardware. Statistics display if the clock rate is set and if the cable is DCE, DTE, or not attached
Area1-Router#show clock //Displays time set on device
Area1-Router#show hosts //Displays local host-to-IP address cache. These are the names and addresses of hosts on the network to which you can connect
Area1-Router#show users //Displays all users connected to device
Area1-Router#show history //Displays history of commands used
Area1-Router#show flash //Displays info about Flash memory
Area1-Router#show version //Displays info about loaded software version
Area1-Router#show arp //Displays the ARP table
Area1-Router#show protocols //Displays status of configured Layer 3 protocols
Area1-Router#show startup-config //Displays configuration saved in NVRAM
Area1-Router#show running-config //Displays configuration currently running in RAM
HINT:
The clock rate command is used only on a serial interface that has a DCE cable plugged into it. There must be a clock rate set on every serial link between routers.
It does not matter which router has the DCE cable plugged into it, or which interface the cable is plugged into. Serial0/0 on one router can be plugged into Serial0/1 on another router.
Configuring an Ethernet/Fast Ethernet Interface
Area1-Router(config)#int s0/1 // Moves to interface S0/1 mode
Area1-Router(config-if)#exit
Area1-Router(config-if)#
Area1-Router(config-if)#int S0/1
Area1-Router(config-if)#int e0/1 In int S0/1 // move to E0/1
//Prompt will not change, you have to be careful
Area1-Router(config-if)#description Link to ISP //Optional descriptor of the link is locally significant
Area1-Router(config-if)#ip address 192.168.10.1 255.255.255.0 //Assigns address and subnet mask to interface
Area1-Router(config-if)#clock rate 56000 //Assigns a clock rate for the interface
Area1-Router(config-if)#no shut //Turns interface on
Creating a banner:
Area1-Router(config)#banner motd # This is a secure system. Authorized Personnel Only! # //Start and end message with #
HINT:
# is known as a delimiting character. The delimiting character must surround the banner message and can be any character so long as it is not a character used within the body of the message
Setting Time-Zone:
Area1-Router(config)#clock timezone EST –5 //Sets the time zone for display purposes. Based on coordinated universal time (Eastern Standard Time is 5 hours behind UTC)
Area1-Router(config)#ip host India-router 172.16.1.3 //Assigns a host name to the IP address. After this assignment, you can use the host name instead of an IP address when trying to Telnet or ping to that address
Area1-Router#ping India-router
=
Area1-Router#ping 172.16.1.3
HINT:
The default port number in the ip host command is 23, or Telnet. If you want to Telnet to a device, just enter the IP host name itself:
Router helpers/speeders:
Area1-router(config#)exec-timeout Command 23
Area1-router(config#)no ip domain-lookup Command
HINT:
Every time you type a command incorrectly you have to wait for a minute or two as the router tries to translate your command to a domain server of
255.255.255.255? The router is set by default to try to resolve any word that is not a command to a DNS server at address 255.255.255.255.
If you are not going to set up DNS, turn this feature off to save you time.
logging synchronous Command
Area1-Router(config)#line con 0
Area1-Router(config-line)#logging synchronous //Turns on synchronous logging. Information items sent to console will not interrupt the command you are typing. The command will be moved to a new line
Area1-Router(config)#line con 0
Area1-Router(config-line)#exec-timeout 0 0 //Sets time limit when console automatically logs off. Set to 0 0 (minutes seconds) means console never logs off
Area1-Router(config-line)#
HINT:
exec-timeout 0 0 //It is a great for a lab because the console never logs out. This is very dangerous in the real world (bad security).
Saving and Erasing Configurations
Running-config is still in dynamic memory. Reload the router to clear the running-config.
Area1-Router#copy run start //Saves the running-config to local NVRAM
Area1-Router#copy run tftp //Saves the running-config remotely to TFTP server
Area1-Router#erase start //Deletes the startup-config file from NVRAM

General Switch commands


Switch Commands
Initial configuration of Switch1 with ip 172.16.10.16
>en
#config t
(config)#enable password cisco
(config)#enable secret cisco
(config)#hostname India-switch1
(config)#ip address 172.16.10.16 255.255.255.0
(config)#ip default-gateway 172.16.10.1
(config)#int f0/1
(config-if)#description Finance
(config-if)#int f0/26
(config-if)#description Trunk
(config-if)#exit
(config)#
Initial Configuration of 2950 Switch with ip 172.16.10.17 255.255.255.0
>en
#config t
(config)#hostame India-switch2
(config)#enable password cisco
(config)#enable password cisco(For better security enable and enable secret password should be different)
(config)#line vty 0 15
(config-line)#login
(config-line)#password telnet
(config-line)#line con 0
(config-line)#login
(config-line)#password console
(config-line)#exit
(config)#int vlan 1
(config-if)#ip address 172.16.10.17 255.255.255.0
(config-if)#no shut
(config-if)#int f0/1
(config-if)#description sales_printer
(config-if)#int f0/12
(config-if)description connection to backbone
(config-if)#exit
(config)#ip default-gateway 172.16.10.1
(config)#
Erasing Switching Configuration 1900
#delete nvram
yes
Erasing Switching Configuration 2950
#erase startup-config
HINT:
verify with command “sh run”
Configuring VLAN
>en
#vlan database
(vlan)#vlan 2 name Cisco
(vlan)#vlan 3 name Microsoft
(vlan)#vlan 4 name Comptia
(vlan)#^c
HINT:
verify with command “sh vlan brief”
verify with sh vlan
Assigning Switch Ports to VLAN
(config)#int f0/2
(config-if)#switchport access vlan 2
(config-if)#int f0/3
(config-t)#switchport access vlan 3
(config-if)#int f0/4
(config-if)#switchport access vlan 4
(config-if)#
HINT:
verify with sh vlan brief
Configuring Trunks ports
(config)#int f0/12
(config-if)#switchport mode trunk
(config-if)#^z
HINT:
To disable Trunk use- switchport mode access
To verify Trunking use sh running config
Configuring Inter-vlan Routing for 2950 connecting to 2600
(config)#int f0/0.1
(config-if)#encapsulation dot1q vlan (d number)
Configuring VTP
(config)#vtp mode server
(config)#vtp mode server
(config)#vtp domain routersim
(config)#^z
HINT:
verify with sh vtp status
By default VTP mode is server in all switch

5 Tips to Ensure Your Email Stays Out of the Spam Folder

Email is today’s number one mode of communication, and with the rise in mail flow across the globe, email providers are constantly tightening security. The ‘spam filter’ is one such security measure.
Even with all the tweaks, however, it very often happens that a genuine email ends up in a recipients spam folder. There are some measures you as a sender can take to ensure your important email always ends up in the recipient’s inbox.
Tip 1: What you Say Matters
Every spam filter scans the email body looking for trigger words. Filters are tuned to flag promotional emails by looking for words like ‘lottery’, ‘free’, etc. Limiting these words will improve the chances of your email landing in the recipient’s inbox.
Double check and ensure every link mentioned in the email body is genuine, and all images are of acceptable size. Finally, ensure that the text to image ratio is always high.
Tip 2: Don’t Attempt to Trick the Filter
When spammers first realised their emails were being flagged, they devised tricks to fool spam filters that many years ago actually worked. Filters failed to recognize triggers words that were masked with interrupters, like Fr3e or W!n M0ney.
Today, however, spam filters are much smarter. Trying these tactics will definitely flag your email, which will lead to blacklisting of your email address. This will definitely affect all future emails.
Tip 3: Send From a Trusted Source
The chances of a filter marking an email coming from a unique, personalised domain as spam is higher than an email from a known domain. A spam filter will trust a popular mail extension like gmail.com, but not a personal xyz.com, until the user expressly informs the filter by marking the email as trusted.
A way around this problem is to use a trusted mail service provider to route your emails, or ensure your personal email servers have all the required certificates. When sending newsletters directly from a CMS platform it is best to use a trusted email delivery service.
Tip 4: Use Double Opt-In Subscription
Double Opt-In is a two-step verification process every new subscriber must go through before receiving your emails. They receive a confirmation email on subscribing which they have to click in order to confirm subscription.
If they receive this email and open it, their email server understands it’s not spam and never blocks any future emails. But if the email does end up in the spam folder, you can instruct subscribers to check for the email in the spam bin and authorise it.
Tip 5: Make Unsubscribing Easy
I know what you’re thinking, but hear me out. You are never going to retain a hundred percent of all your subscribers forever. If your company sells cheese in Canada, and a subscriber moves to Japan, they night no longer need your newsletters and updates.
In such a scenario, if you do not provide an easy way to unsubscribe, the only option the reader will have to avoid your emails is to mark one as spam. This will lead to flagging and eventual blocking of your email address, and you definitely do not want that. Give subscribers a clear way out and don’t risk giving them a reason to mark your email as spam.