Monday, 22 August 2011

Configure DSCC To Run On Oracle Application Server and Glassfish

#/opt/SUNWdsee/dscc6/bin/dsccsetup war-file-create

#/opt/SUNWdsee/dscc6/bin/dsccsetup ads-create

#/opt/SUNWdsee/dscc6/bin/dsccsetup cacao-reg

#/opt/SUNWdsee/dscc6/bin/dsccsetup status

#cd /opt/SUNWapp/domains/domain1/config    /////my application server path

#vi server.policy , add:

// Permissions for Directory Service Control Center
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/dscc/-" 
{
    permission java.security.AllPermission;
}



#cp /opt/SUNWdsee/var/dscc6/dscc.war  /opt/SUNWappserver/domains/domain1/autodeploy


go to application server adminstrattion console and deploy dscc in web application tab, using the dscc.war as deployment war file.
Posted by at No comments:
Labels:
Location: Jordan

Arabic DNS

     we can use Arabic domain name in web browser to access Arabic web sites, and this is called from the ISP's as Arabic DNS, even i believe it is not Arabic DNS as much it is an Arabic Browser Address Bar from Web Browser, like IE. and Mozilla.

for my example i am going to let  الاردن.سمير  points to IP 172.22.10.49

to do this we need do the following:

1- #vi /etc/named.conf

zone    "xn--wgbd8cua"        in      {
        type    master;
        file    "forward.zone1";
};

2- in /var/named dirctory, add:

vi  forward.zone1

$TTL    86400

@               IN      SOA     mail.sun.jo     root.mail.sun.jo        (     //// this is the name of my DNS server ////
                                                200905092
                                                3600
                                                1800
                                                6048000
                                                86400   );
                IN      NS      172.22.10.49
xn--igbhzh7gpa          IN      A       172.22.10.49

3- pkill -HUP named

4- in mozilla:

    a- open new tab write in it (about:config)
    b- right click -> new -> boolean
    c- network.IDN.whitelist.xn‐‐mgbayh7gpa in the name.
    d- false


and now when i right الأردن.سمير every thing work fine







Posted by at No comments:
Labels:
Location: Jordan

block email using SUN messaging server

This summary is not available. Please click here to view the post.
Posted by at No comments:
Labels:
Location: Jordan

Configure Apache to Use HTTPS in one page only

      if we need to set up Apache to use SSL (HTTPS) in only one  page, and let the other pages accessed using HTTP (we need this to force users log in to our web site using SSL, but the other pages using ordinary HTTP, the thing that speed the web site up and keep it secure), we can do the following:

 1- first thing you need to configure Apache to use HTTPS ( I am not covering this issue now).

2- in the http.conf file, in the root domain not the Virtual HTTPS domain put the following:

RewriteEngine on
RewriteRule "^/test/test2.php*" "https://172.22.10.170/test/test2.php" [R=301,L]

whre /test/test2.php : is the path of the page that we need to use in https
and 172.22.10.170 : is the IP of my web server (if you use DNS you can put the name of the web server instead of IP)

3- restart Apache.

and now all the pages are accessed using HTTP except test2.php page.

Posted by at No comments:
Labels:
Location: Jordan

Monday, 23 May 2011

Secure Mail System

Secure Mail System

If we started by using messaging server alone without any kind of anti-spam solution, we can decrease the spam email that can be sent or received from our mail system by using feature built in within messaging server like MeterMaid, SMTP AUTH, SMTPS, block IP’s known to be spam sender using mapping file, RBL lookup and many others.
But the problem with all of those solutions is they all can not scan the content of email to decide weather the email is spam or not, they are not User friendly (no GUI) and they are not enough to protect our environment from spam attacks which they are now increasing rapidly.
To solve this problem we need to use anti-spam, and besides using anti-spam we need to use all previously mentioned features to protect out environment.

Needed Software

  • Sun Messaging Server
  • Sun LDAP
  • Anti-spam and Anti-virus Software

Steps Needed

After a lot of experiments I have found that the most secure setup goes like this:
1-    Use two servers:
        a-      one contain only the anti-spam ,that will receive external emails and scan them before arrive to our mail system, this is better than receiving email direct by messaging server, because Some Anti-spam can check with global database if the received email come from blacklisted IP or domain and drop the connection directly.
        b-     and the other contain messaging server and anti-spam channeled with messaging server, used to receive emails from the Anti-spam server, and send emails to all the users using different port than (25) (because we need this server to send emails only and not to receive any email from outside,and because most of spam sender use automatic software with default ports).
2-    Force users to use complex password: you can do this from LDAP using password policy.
A lot of attacks start by using a weak password set by the client, like 123, the password same as username…, and start sending emails to thousands of users and this will make your IP blacklisted.
When hacker know username and password from your domain , he can use this data to send a lot of emails to other users using fake email and fake destination domain the thing that called backscatter, which make your IP listed as blacklisted.
3-    SMTP AUTH, which is a great feature that prevent users who do not have password, from sending emails using our mail systemTo force all users to use this feature then you need to set only the IP of the server in the (mappings) file with subnet (/32), and change channels from (maysaslserver  to mustsaslserver ) in (imta.cnf) file.
4-    Now we need to set our anti-spam in the front-end edge (the software that will receive the emails in port 25), and configure messaging server to work with this anti-spam as a back-end ,read this for an example
[http://wikis.sun.com/display/CommSuite/Configure+TrendMicro+IMSS+To+Work+With+Messaging+Server+On+The+Same+Server\|display/CommSuite/Configure+TrendMicro+IMSS+To+Work+With+Messaging+Server+On+The+Same+Server|]
6- as anti-spam will receive the emails and send them back to messaging server, then there is no need to keep port (25) working in messaging server ( to prevent any body from using it to send emails) so in dispatcher.cnf   file you need to change:
[SERVICE=SMTP]
PORT=25
To
[SERVICE=SMTP]
PORT=2525
And add to dispatcher.cnf:
[SERVICE=SMTP_SUBMIT]
PORT=444
IMAGE=IMTA_BIN:tcp_smtp_server
LOGFILE=IMTA_LOG:tcp_submit_server.log
PARAMETER=CHANNEL=tcp_submit
STACKSIZE=2048000
Which  will used by local client to send emails.

Now every user want to send email, then he have to set his mail client (outlook, incredimail )to send emails using outgoing server with the IP of  the messaging server with port 444, and all the received emails to our domain will be received and scanned with our Anti-spam software and then forwarded to our messaging server.
Posted by at No comments:
Labels:

Wednesday, 18 May 2011

Configure TrendMicro IMSS To Work With Messaging Server On The Same Server

If you going to use a mail system you need of course an anti-spam and anti-virus software to complete your mission and one of that software’s that I had worked with is IMSS (Internet Messaging Security Suite) from TrendMicro Company.
As imss include optionally in the time of installation postfix software, and different feature depends in the intended usage, there will be more than one method to use imss with Messaging server.

Scenarios to connect IMSS with Messaging Server:

  • use imss as front-end (the software that will receive emails, specifically the software is Postfix), and forward the emails automatically to Messaging server in the case that the email is inteted to be for local domain, or forward the email to outside if the email intended to be for outside destination.
  • Use messaging server as front-end, and forward the emails to imss using messaging server channel.
To accomplish this you need:
  1. Decide weather to use imss as front-end or back-end.
  2. Install imss with Postfix (imss is front-end) or not (imss is back-end) depending in your usage.
  3. Connect imss to Messaging server.

Configure IMSS as front-end:

to install imss as front-end , you need to install Postfix also, (because Messaging server is not supported as MTA for IMSS), and from the administration Port of imss you need to modify imss to relay emails to your local domain which is served by Messaging server:
First thing you need is to do is to configure messaging server to listin to port other than 25, as imss going to listen to this port:
1- cp -p /opt/sun/comms/messaging64/config/dispatcher.cnf  /opt/sun/comms/messaging64/config/dispatcher.cnf.ORG 
2- vi /opt/sun/comms/messaging64/config/dispatcher.cnf:
And change:
[SERVICE=SMTP]
PORT=25
To
[SERVICE=SMTP]
PORT=2525
3- /opt/sun/comms/messaging64/sbin/imsimta cnbuild
4- /opt/sun/comms/messaging64/sbin/stop-msg
5- /opt/sun/comms/messaging64/sbin/start-msg
6- Go to the management of IMSS software:
https://server_ip:8445
And configure postfix to work in port 25,then configure emails forwarding to your local domain:
Administration -> IMSS configuration -> SMTP Routing -> Domain-based delivery -> add :
In the shown box enter the name of your local domain and enter the ip of the Messaging server ip and the port SMTP listening to.
Now the received emails should be received by postfix , scanned by imss, and forwarded to messaging server.

Configure IMSS as Backend :

To set imss as back-end, then you do not need to install postfix and therefore you will lose ipfilter feature of imss, which provide you with more advanced spam and virus protection solution, and to accomplish this:
1- Install imss only (when you are asked to install postfix chose no ).
2- Open new channel in messaging server to send emails to imss ( upstream and downstream connection methodology)
cp -p /opt/sun/comms/messaging64/config/imta.cnf /opt/sun/comms/messaging64/config/imta.cnf.ORG
vi /opt/sun/comms/messaging64/config/imta.cnf
add this new channel:
!
! tcp_scanner
tcp_scanner SMTP nomx single_sys identnonenumeric subdirs 20 maxjobs 7 daemon 127.0.0.1 port 10025 enqueue_r
emoveroute
tcp_scanner-daemon
And in every channel you need to scan emails in add:
aliasdetourhost tcp_scanner-daemon
3- make messaging server receive emails in port 10026 ( the emails that already scanned by imss and sent back to messaging server )
cp -p /opt/sun/comms/messaging64/config/dispatcher.cnf /opt/sun/comms/messaging64/config/dispatcher.cnf.ORG
vi /opt/sun/comms/messaging64/config/dispatcher.cnf
add :
[SERVICE=SMTP_SCANNING]
PORT=10026
IMAGE=IMTA_BIN:tcp_smtp_server
INTERFACE_ADDRESS=127.0.0.1
!LOGFILE=IMTA_LOG:tcp_scanner_server.log
PARAMETER=CHANNEL=tcp_scanner
STACKSIZE=2048000
4- make channel conversions:
cp -p /opt/sun/comms/messaging64/config/mappings /opt/sun/comms/messaging64/config/mappings.ORG
vi /opt/sun/comms/messaging64/config/mappings
add:
CONVERSIONS
   IN-CHAN=tcp_scanner;OUT-CHAN=*;CONVERT   No
   IN-CHAN=tcp_;OUT-CHAN=;CONVERT   Yes,Channel=tcp_scanner
5- /opt/sun/comms/messaging64/sbin/imsimta cnbuild
6- /opt/sun/comms/messaging64/sbin/stop-msg
7- /opt/sun/comms/messaging64/sbin/start-msg
now the emails that are sent are received by messaging server, scanned by imss.
Posted by at No comments:
Labels:
Subscribe to: Comments (Atom)