This page describes how to configure your mail gateway to periodically get a list of valid recipient email addresses from your Exchange system. By doing this, you can configure your server to automatically reject any email addressed to invalid addresses. This will reduce the load on your exchange server, since it no longer has to process non-delivery reports, and it will reduce the load on your postfix server since it won’t have to perform spam and virus scanning on the message.

BTW, the directions and script are courtesy Chris Covington – malth@umich.edu.

Install the perl module Net::LDAP:

perl -MCPAN -e shell

install Net::LDAP

You do not need to install the SSL optional module (I had issues installing it, but I went ahead and installed all the other optional modules when asked).

Next you will want to create and edit the script:

vi /usr/local/sbin/getadsmtp.pl

Copy and paste the code below into this new file.

#!/usr/bin/perl -T -w

# This script will pull all users’ SMTP addresses from your Active Directory
# (including primary and secondary email addresses) and list them in the
# format “user@example.com OK” which Postfix uses with relay_recipient_maps.
# Be sure to double-check the path to perl above.

# This requires Net::LDAP to be installed.  To install Net::LDAP, at a shell
# type “perl -MCPAN -e shell” and then “install Net::LDAP”

use Net::LDAP;
use Net::LDAP::Control::Paged;
use Net::LDAP::Constant ( “LDAP_CONTROL_PAGED” );

# Enter the path/file for the output
$VALID = “/etc/postfix/relay_recipients”;
open VALID, “>$VALID” or die “CANNOT OPEN $VALID $!”;

# Enter the FQDN of your Active Directory domain controllers below
$dc1=”domaincontroller1.example.com”;
$dc2=”domaincontroller2.example.com”;

# Enter the LDAP container for your userbase.
# The syntax is CN=Users,dc=example,dc=com
# This can be found by installing the Windows 2000 Support Tools
# then running ADSI Edit.
# In ADSI Edit, expand the “Domain NC [domaincontroller1.example.com]” &
# you will see, for example, DC=example,DC=com (this is your base).
# The Users Container will be specified in the right pane as
# CN=Users depending on your schema (this is your container).
# You can double-check this by clicking “Properties” of your user
# folder in ADSI Edit and examining the “Path” value, such as:
# LDAP://domaincontroller1.example.com/CN=Users,DC=example,DC=com
# which would be $hqbase=”cn=Users,dc=example,dc=com”
# Note:  You can also use just $hqbase=”dc=example,dc=com”
$hqbase=”cn=Users,dc=example,dc=com”;

# Enter the username & password for a valid user in your Active Directory
# with username in the form cn=username,cn=Users,dc=example,dc=com
# Make sure the user’s password does not expire.  Note that this user
# does not require any special privileges.
# You can double-check this by clicking “Properties” of your user in
# ADSI Edit and examining the “Path” value, such as:
# LDAP://domaincontroller1.example.com/CN=user,CN=Users,DC=example,DC=com
# which would be $user=”cn=user,cn=Users,dc=example,dc=com”
# Note: You can also use the UPN login: “user@example.com”
$user=”cn=user,cn=Users,dc=example,dc=com”;
$passwd=”password”;

# Connecting to Active Directory domain controllers
$noldapserver=0;
$ldap = Net::LDAP->new($dc1) or
$noldapserver=1;
if ($noldapserver == 1)  {
$ldap = Net::LDAP->new($dc2) or
die “Error connecting to specified domain controllers $@ n”;
}

$mesg = $ldap->bind ( dn => $user,
password =>$passwd);
if ( $mesg->code()) {
die (“error:”, $mesg->error_text((),”n”));
}

# How many LDAP query results to grab for each paged round
# Set to under 1000 for Active Directory
$page = Net::LDAP::Control::Paged->new( size => 990 );

@args = ( base     => $hqbase,
# Play around with this to grab objects such as Contacts, Public Folders, etc.
# A minimal filter for just users with email would be:
# filter => “(&(sAMAccountName=*)(mail=*))”
filter => “(& (mailnickname=*) (| (&(objectCategory=person)
(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))
(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)
(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))
(objectCategory=group)(objectCategory=publicFolder) ))”,
control  => [ $page ],
attrs  => “proxyAddresses”,
);

my $cookie;
while(1) {
# Perform search
my $mesg = $ldap->search( @args );

# Filtering results for proxyAddresses attributes
foreach my $entry ( $mesg->entries ) {
my $name = $entry->get_value( “cn” );
# LDAP Attributes are multi-valued, so we have to print each one.
foreach my $mail ( $entry->get_value( “proxyAddresses” ) ) {
# Test if the Line starts with one of the following lines:
# proxyAddresses: [smtp|SMTP]:
# and also discard this starting string, so that $mail is only the
# address without any other characters…
if ( $mail =~ s/^(smtp|SMTP)://gs ) {
print VALID $mail.” OKn”;
}
}
}

# Only continue on LDAP_SUCCESS
$mesg->code and last;

# Get cookie from paged control
my($resp)  = $mesg->control( LDAP_CONTROL_PAGED ) or last;
$cookie    = $resp->cookie or last;

# Set cookie in paged control
$page->cookie($cookie);
}

if ($cookie) {
# We had an abnormal exit, so let the server know we do not want any more
$page->cookie($cookie);
$page->size(0);
$ldap->search( @args );
# Also would be a good idea to die unhappily and inform OP at this point
die(“LDAP query unsuccessful”);
}
# Add additional restrictions, users, etc. to the output file below.
#print VALID “user@domain1.com OKn”;
#print VALID “user@domain2.com 550 User unknown.n”;
#print VALID “domain3.com 550 User does not exist.n”;

close VALID;

Next set the permissions on the file to allow it to be executed:

chmod 500 /usr/local/sbin/getadsmtp.pl

Edit the file to customize it for your specific domain. Since the file is read only, you will need to use :w! to save the file in vi.

1. Set $dc1 and $dc2 to the fully qualified domain names or IP addresses of 2 of your domain controllers.
2. Set $hqbase equal to the LDAP path to the container or organizational unit which holds the email accounts for which you wish to get the email addresses.
3. Set $user and $passwd to indicate which user account should be used to access this information. This account only needs to be a member of the domain, so it would be a good idea to setup an account specifically for this.

Try running the script. If it works correctly, it will create /etc/postfix/relay_recipients Note that if your postfix server is separated from your active directory controllers by a firewall, you will need to open TCP port 389 from the postfix server to the ADCs. At this point, you can update your /etc/postfix/main.cf to relay_recipient_maps and uncomment show_user_unknown_table_name (See Installing and Configuring Postfix).

Finally, you will want to setup a cron job to periodically update and build the /etc/postfix/relay_recipients.db file. In my case, I setup a script called /usr/local/sbin/update-relay-recipients.sh:

#!/bin/sh

/usr/local/sbin/getadsmtp.pl
cd /etc/postfix
postmap relay_recipients

Run crontab to add this script to the scheduled jobs:

crontab -e

Now add the following lines to the bottom of the file. Note that this cron job will run every day at 2:30 AM to update the database file. You may want to run yours more frequently depending on how often you add new email users to your system.

# syncronize relay_recipients with Active Directory addresses

30 2 * * * /usr/local/sbin/update-relay-recipients.sh

Solution:
two virtual machines
two datastore
two san
two sites
mirror data volume

Schema:

“hardware” configuration:

VMs settings:
Add VMware RDM Lun Volumes to Vms, as images before
Melio installation:
prerequisites (from MelioFs 4 User Guide)
Installation Checklist:

* Using an account with local administrator privileges, log on to the system in which Melio is going to be installed. → create a Domain Users in Active Directory, then it will be a local machine Administrator
* Verify that the Windows Management Instrumentation (WMI) service is running.
* Verify that the system has IP connectivity to the network that will be used for Melio
communications. → VM has two nic VMXNET3, one in LAN, one is a separated not routed LAN, where multicast can “run”; remember to set, in Windows, preference in advanced option for nic LAN before the “MelioLan”
* Using the instructions provided by the manufacturer of your storage hardware, install and
connect your storage hardware to the servers that will be running Melio. Once you’ve
confirmed the storage hardware is operating correctly, create one or more LUNs and map
them to the servers. Check the event logs on the servers for any storage connection-related
error messages and resolve all reported errors prior to installing Melio.
* Verify that the LUN(s) to be formatted with Melio FS is seen by Windows. To accomplish this, open a DOS prompt and enter the following commands: → do not disable autmount; then verify they are not offline
o diskpart <enter>
o list disk <enter>
You should see the LUN(s) in the list of disks. If not, check the connection(s) between the
server(s) and the storage and confirm that the LUN(s) has been mapped to the server(s) from
the storage.
Verify that the LUN(s) to be formatted with Melio FS is not configured for “Read-only” mode.
To accomplish this, enter the following commands in diskpart:
o select disk # <enter> (# equals the number assigned to the LUN)
o attributes disk <enter>
If the LUN(s) is set to “Read-only” mode, enter the following commands:
o attributes disk clear readonly <enter>
o attributes disk <enter>
The LUN(s) should now appear with “Read-only” set to “No”.

Installation
From pag.8 MelioFS 4 User Guide pdf
Make a custom installation with only Melio and MelioFs volume Manager

Advanced Setting (tuning MelioFS)
See pag. 21 MelioFS 4 User Guide
Additional parameters can be configured within the Melio Configuration utility (Start > All Programs > Sanbolic > Melio Configuration).
Important note: The default parameters and values for Melio are designed to work under the majority of configurations. Modifications made to any of the parameters described below should not be made without first conferring with Sanbolic Technical Support.
Configuring TCP/IP settings for Melio
Melio uses both TCP and UDP protocols for communications between Melio instances running on all machines participating in a Melio cluster.
The subnets that appear under the Network settings (“View > Driver Settings > Network”) in the Melio Volume Manger console are used to select the subnet ranges (network interfaces) on which Melio will listen. This ensures that Melio is compatible with DHCP servers that may assign a computer different IP addresses.
If a machine has more than one IP address (active network interface), a subnet range address should be selected. Selecting a subnet range for Melio is done on a per machine basis by opening the Melio Volume Manager, selecting a computer on the left-hand side of the console and selecting “View > Driver Settings > Network” from the toolbar at the top of the console. If a machine has only one IP address, you can leave the default subnet range setting “0.0.0.0/0”.
Melio uses the specified multicast address to find other cluster members. Each Melio instance listens on the multicast address at the port specified under the Network settings. In order for Melio to form a cluster with machines located on different subnets, all intermediate routers must be configured to forward multicast packets between subnets.
MelioFS Volume Configuration
See pag. 14 MelioFS 4 User Guide
Note: Prior to managing a disk with Melio Volume Manager, at least one partition (LUN) on your SAN storage must be provisioned and presented (mapped) to every computer running the Melio software.
Launch the Melio Volume Manager (Start > All Programs > Sanbolic > Melio Volume Manager).
By default, the local computer running Melio will be displayed on the left-hand side of the Melio Volume Manager console.
Right-click on the disk label (where it says “Empty”) in the center window pane and select “Manage” to manage a single disk or “Manage Multiple” to manage multiple disks.
A pop-up window will appear asking you to select the disk(s) that you want Melio Volume Manager to manage.
Note: Unless advised by Sanbolic Technical Support, you should NOT make any changes to the values of the parameters listed under the “Timings” section. The default values are designed to work under the majority of use cases. (Descriptions for these parameters are provided later in this manual.)
Select the disk(s) to manage and click “OK.”
Note: If you are going to use the entire capacity of the disk(s) to create your Melio shared volume, you can select the option “Automatically create full-size basic partition on each disk”. Additionally, if you are going to create a stripe set using the selected disks, you can select the option “And stripe them”.
If you are going to use only a portion of the disk(s) or plan to use the disk(s) to create a volume set or mirror set, simply click “OK”.
Note: After clicking “OK” to manage the selected disk(s), a message will appear informing the user that the process of managing the disk(s) will take approximately five minutes.
It is important to note that the process of managing a disk can take as long as 10 minutes due to the number of tasks involved, regardless of the number of disks selected or the size of the disk(s).
Please do not attempt to cancel this process until it has completed successfully.
After the process of managing the disk(s) has completed, the following screen is displayed.
To create a partition on a managed disk, right-click on the disk (where it shows “Empty”) and select “New.”
Leave the size as it appears to create a partition using the entire available disk space or specify the desired partition size by entering numbers in the “Size” field or using the red slider bar.
Enter a label for the partition. (Optional)
When you are ready to create the partition, click “OK”.
Once this step is completed, the new partition will appear in blue in the upper center window pane. A blue partition indicates that the partition is ready to be created. (See illustration on following page.)
To create the partition, select “Action > Apply Changes” from the toolbar or press F3.
A pop-up window will be displayed asking for confirmation. Click “Yes”.
Once the changes are committed to the disk, the color of the partition will change to black, indicating that the partition has been created.
Now the partition can be converted to a logical drive (volume) that can be mounted and accessed by multiple computers simultaneously.
Right-click on the partition in the upper center window pane and select “Create Logical Drive…”
A dialog window will appear asking you to assign a drive letter to the new volume. The setting “Try to set this letter, if available, on each machine that has access to the volume” means the Melio Volume Manager will attempt to supply Windows with the same drive letter for this volume on all machines that will be sharing access to the volume. If the drive letter is already in use by a machine, Melio Volume Manager will assign the volume the next available drive letter on that particular machine. It is also possible to mount a Melio volume on an empty Melio FS or NTFS folder using mount points. To mount a volume on an empty folder, check the radio button labeled “Mount to an empty folder” and enter the path to the folder.
Under “Initial Security,” leave the option “Give everyone full control” (default).
Under “File System,” leave the option to format the volume with “Melio FS” (default).
Enter a label for the volume in the “Volume Label:” field. (Optional)
Click “OK” to create the volume. A window containing messages about the volume creation process will appear.
Note: During the volume creation process, if Windows prompts you to format the volume, click “Cancel” as the volume is already being formatted with Melio FS.
Note: If Windows prompts you to restart the machine, click “Cancel”. Restarting the machine is not necessary.
If you receive a warning message about a non-signed driver being installed, click “Continue Anyway” to proceed with the driver installation.
Once the volume has been created, a message will appear in the window stating that all steps have completed successfully. Click “OK” to close the window and return to the Melio Volume Manager.
Notice: A disk that cannot be managed by the Melio Volume Manager is displayed as “Unknown” or “Foreign”. This indicates that another volume manager is actively managing the disk. To manage the disk with the Melio Volume Manager, it must first be unmanaged by the other volume manager. To accomplish this, you need to delete all partitions on the disk. If the disk is “dynamic,” you must convert it to a “basic” disk using Windows Disk Manager. Note that deleting partitions on a disk or converting a disk from dynamic to basic will delete all data stored on the associated volume. Make sure that any data you need is backed up to another volume PRIOR to deleting partitions or converting disks.
MelioFS Mirrod Raid1 Configuration
See pag. 21 MelioFS 4 User Guide
Follow the instructions provided earlier to create at least two partitions managed by the Melio Volume Manager.
Note: The partitions making up a mirror set must be exactly the same size.
Right-click on one of the partitions and choose “Mirror” > “Create…”
In the “Make Mirror” window, select the other partition that will be used for the mirror and click “OK”.
The mirror will appear in blue.
From the toolbar, select “Action” > “Apply Changes” to create the mirror set.
The mirror will appear in orange, indicating that it is synchronizing.
Once synchronization has completed, the mirror will appear in green.
You can now create a logical drive (volume) on the mirror set.
To make the mirror set visible to Windows as a logical drive (volume), follow the steps described previously to create a logical drive.
Once the logical drive has been created, the mirror will resynchronize.
After synchronization has completed, the logical drive (and its partitions) will appear in green, indicating it is ready for use
Results:

Windows DFS Configuration:
Done MelioFS configuration, it’s time to make a share (or more) using Microsoft features:

http://technet.microsoft.com/en-us/library/bb727150.aspx

http://technet.microsoft.com/en-us/library/cc732863%28WS.10%29.aspx

Disable proxy use (or settings) in Tools–>Options!

Why ? In ver 11.1 I  have i already nstalled all necessary Ca Root certificates (do you remember ?  /keystore/cacerts… a well known problem!) and all was ok! So I hoped an upgrade should have kept all ok…mmm no!

After some trying I found that the new Receiver default directory is/opt/Citrix/ICAClient/ (see http://support.citrix.com/proddocs/topic/receiver-linux-12-0/linux-install.html ) and not anymore /usr/lib/ICACliet (see http://support.citrix.com/proddocs/topic/receiver-linux-blackfoot/linux-deploy-install-from-cd.html )

So I have (re)copied Ca Root in /opt/Citrix/ICAClient/keystore/cacerts/ and all have gone OK again! WOW!

 Citrix Datastream is a new Citrix technology to obtain advatanges about MySQL and MSSQL, it is used by the best (for me) Citrix appliance, Netscaler!

Rif: http://www.citrix.com/English/NE/news/news.asp?newsID=2309691

Some docs are available at Citrix site: http://support.citrix.com/proddocs/topic/netscaler/ns-dbproxy-wrapper-con.html, but you can also see some info at CitrixTV, they are very interesting: http://www.citrix.com/tv/#search/netscaler

Docs could be better, more complete and seems based only on MySQL; it’s too early also for forum and users, very very little I have found about Datastream.

 So, I tried to test Datastream in a test enviroment, with two MSSQL with database servers.

Goal was to verify how Citrix Datastream works and what are the benefits, combined also with a XenApp farm and pubblished applications.

Some steps we did for this:

First of all, we had to understand what MSSQL database scenario was useful for us: replica, mirror, cluster… In eDocs Citrix always is written about two dbs to read from and two db to write from, balanced and with content switching to redirect read or write to the correct group of servers.

We had only two db servers, in our scenario they were read and also write!

 Then the problem was to understand how MSSQL works to write data in db. Using MSSQL in clusterd mode was not useful for us, it’s not our dedicated scenario; MSSQL in mirror mode could have been useful, but it works in active-passive, so it’s very distance from the scenario presented in eDocs (with two write dbs balanced, etc); MSSQL in replica mode seemed very near at our goal, but, reading from web, could have taken to conflict problems. To resolve this problem we decided not to balance 50-50 the servers, but to define (load balacing on Netscaler) balancing to a server with the other in backup mode. So we have redundancy and monitor would correct some crash from the online db.

Then we had analyzed how read requests works with MSSQL, also here replica was the best solution: we can read from the first db or the second, they are replicated in synchronous mode, we get the sames and up to date data, no problem with conflicts.

NetScaler configuration and steps:

• configure two NetScalers in HA, better! So configure also MIP, ntp, license, and so on

• then configure in “Load Balancing” menu ip and name of db servers, then monitor (preferibly MSSQL-ECV);

• in virtual server, as said, we configure a vserver, in not addressable-mode, to balance 50-50 on two db servers;

• and also a vserver, always in not addressable-mode, for db dedicated for writing and a sql-write only for backup if the first fails;

• Now we configure content switch, to distinguish between read (MSSQL “select”) and all SQL other commands

   

That’s all

Try some test, and also you can see some report, to clarify how application works, so how much is the rate for read and write.

Some other references:

 Mirror mirror on the wall who’s the best SQL Server of all ?

http://blogs.citrix.com/2011/07/24/mirror-mirror-on-the-wall-whos-the-best-sql-server-of-all/

nel “fortunato” caso, come il mio, in cui il vostro pc di fiducia è Ubuntu, su cui notoriamente non esiste il client VMware da poter installare, ed avete appena messo in manutenzione per qualche motivo l’host ESX (l’unico, per via di potergli installare i driver delle NIC aggiuntive) e la VM con lo stesso client VMware è locale ad esso…. ma che essendo in manutenzione non si può accendere automaticamente all’avvio si può procedere in questo modo:

1- far uscire l’host dalla modalità di manutenzione:

• For ESX: vimsh -n -e /hostsvc/hostsummary | grep inMaintenanceMode <-- per verificarne lo stato, l'output sarà simile a questo: inMaintenanceMode = true,

• For ESX: vimsh -n -e /hostsvc/maintenance_mode_exit <– per far uscire l’host dalla modalità
  
• For ESX: vimsh -n -e /hostsvc/hostsummary | grep inMaintenanceMode <-- per verificarne lo stato post comando,  ed il nuovo stato sarà: inMaintenanceMode = false,

2- a questo punto “trovare” il vmid della VM in questione ed avviarla:

- accedere alla console (o tramite vMA CLI) e dare il seguente comando per “scovare”  il vmid: vim-cmd vmsvc/getallvms

- a questo punto avviare la vm: vim-cmd vmsvc/power.on XX

Riferimenti:

Exiting hung maintenance mode on an ESX/ESXi host
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=9639912

Power ON/OFF VMware VM from CLI
http://www.petri.co.il/forums/showthread.php?t=39926

/etc/ssh/sshd_conf

with

UseDNS no

restard ssh server!

Download Kaspersky, I use Ks Workstation, on your linux box (I use SuSE SLES10, so I have to download .rpm file).

Then configure MailScanner wrapper for Kaspersky :
/etc/MailScanner/virus.scanners.conf
with this option:
kaspersky-4.5    /usr/lib/MailScanner/kaspersky-wrapper    /opt/kaspersky/kav4ws

and set correct link for wrapper:
cd /opt/kaspersky/kav4ws/bin
ln -s kav4ws-kavscanner kavscanner
ln -s kav4ws-keepup2date keepup2date

In /etc/MailScanner/MailScanner.conf
set
Virus Scanners = kaspersky-4.5

And, to verify all is ok try:
# MailScanner  –lint
output should be
[...]
MailScanner.conf says “Virus Scanners = clamav antivir kaspersky-4.5″
[…[

1. Close the vRanger application
2. Stop all of the vRanger services.
3. Connect to the ESX host on which the backup is failing via SSH.
4. Delete the vRanger binary files by issuing the following command: rm -rf /tmp/.vzbin
5. Check the directory has been removed by issuing the following command (Note: the .vzbin directory is hidden): ls -lah
6. Restart the vRanger services.
7. Try the backup again through vRanger. The .vzbin directory should be re-created once the job starts running.

To allow a user to access the ESX host through a command shell, select Grant shell access to this user.

NOTE To be granted shell access, users must also have an Administrator role for an inventory object on the host.

enjoy.