Messagelabs Mail Servers for Firewall Rules

May 18, 2010 by Paul Morgan-Roach 1 Comment

In case you should need the Messagelabs IP’s to permit inbound traffic in firewall rules, an up-to-date list is below:

Subnet IP Subnet mask Net mask IP Range
62.173.108.0 255.255.255.0 /24 62.173.108.0 - 62.173.108.255
62.231.128.0 255.255.224.0 /19 62.231.128.0 - 62.231.159.255
195.216.0.0 255.255.224.0 /19 195.216.0.0 - 195.216.31.255
212.125.64.0 255.255.224.0 /19 212.125.64.0 - 212.125.95.255
216.82.240.0 255.255.240.0 /20 216.82.240.0 - 216.82.255.255
67.219.240.0 255.255.240.0 /20 67.219.240.0 - 67.219.255.255
85.158.136.0 255.255.248.0 /21 85.158.136.0 - 85.158.143.255
95.131.104.0 255.255.248.0 /21 95.131.104.0 - 95.131.111.255
117.120.16.0 255.255.248.0 /21 117.120.16.0 - 117.120.23.255
193.109.254.0 255.255.254.0 /23 193.109.254.0 - 193.109.255.255
194.106.220.0 255.255.254.0 /23 194.106.220.0 - 194.106.221.255
195.245.230.0 255.255.254.0 /23 195.245.230.0 - 195.245.231.255

Hope this is useful to someone :)

Filed under Uncategorized

Logmein Client using 64-bit Linux

December 15, 2009 by Paul Morgan-Roach Leave a Comment

It is now possible to connect to a Windows machine running Logmein from Linux using a Java browser plugin…..unfortunately if you are using a 64-bit kernel on Ubuntu Karmic, then the java version from the Ubuntu repos is incompatible with the plugin.

To work around this, download https://secure.logmein.com/activex/logmein-client-1.0.387-1.tar.gz, and extract to ~/.mozilla/plugins/ then download and install nspluginwrapper from the repos (sudo apt-get install nspluginwrapper).  Nspluginwrapper is a tool to create a layer of compatibility for non-native browser plugins.

You can then use nspluginwrapper by using:

sudo nspluginwrapper -i ~/.mozilla/plugins/libractrl.so

Restart firefox and navigate to the logmein website again and it should work…

Filed under Uncategorized

Trixbox – “All Circuits are Busy Now” when Dialling Off-Hook

May 11, 2009 by Paul Morgan-Roach 7 Comments

We have some Polycom IP 330 SIP handsets connected to a Trixbox.  Unfortunately, when using the default SIP.cfg that is downloaded via TFTP to the handsets, if the phone was off the hook (ie. a dial tone was already audible) the handsets would appear to time-out and give the message “All Circuits are Busy Now”. On looking at the call in the CLI (asterisk -rvvvv) it was apparent that only the first 9 digits were being dialled.

The solution was to edit the the /tftpboot/sip.cfg and look for the line that says:

<digitmap dialplan.digitmap=”[2-9]11|0T|011xxx.T|[0-1][2-9]xxxxxxxxx|[2-9]xxxxxxxxx|[2-9]xxxT” dialplan.digitmap.timeOut=”3|3|3|3|3|3″/>

and replace with the correct number of digits for calls in your country…

<digitmap dialplan.digitmap=”[2-9]11|0T|011xxx.T|[0-1][2-9]xxxxxxxxxxx|[2-9]xxxxxxxxxxx|[2-9]xxxT” dialplan.digitmap.timeOut=”3|3|3|3|3|3″/>

You then need to restart the handsets in order for this to work.

Filed under Uncategorized Tagged with ,

I’ve sooo done this….

January 14, 2009 by Paul Morgan-Roach 2 Comments


Filed under Uncategorized Tagged with

Evolution Woes

November 25, 2008 by Paul Morgan-Roach 3 Comments

Following a reboot (which is rare) I had problems connecting to our Exch 2003 server via Evolution in Intrepid – it simply wouldn’t authenticate. I deleted the mailbox account and tried to recreate, populating all the fields…..to be greeted with an “Exchange Account is Offline” message.

Following this I ran evolution from the command line – the output of which was:

e-data-server-ui-Message: Unable to find password(s) in keyring (Keyring reports: No matching results)
e-data-server-ui-Message: Key file does not have group ‘Passwords-Exchange’

I checked available keys in my keychain and the correct keys were there – along with appropriate passwords….

The I stumbled across the following bug report:

https://bugs.launchpad.net/ubuntu/+source/evolution-exchange/+bug/207723

Where I found this comment from Timothy Alexander:

“Something that worked for me was clearing the “mailbox name” under exchange settings, and reauthenticating on that page. The auth went through fine, and it filled out the mailbox again (exactly the same way) but after a restart of evolution it worked fine.”

I tried removing the mailbox name and clicking authenticate, was greeted with the usual errors, but following a restart of evolution it worked!

Filed under Exchange, Mobile, Ubuntu, Uncategorized

Google vs. Cuil as a Password cracker

July 31, 2008 by Paul Morgan-Roach Leave a Comment

Well, Google is effectively an amazingly powerful data gatherer and indexing tool – check out this article on how Google can be used to check for previously indexed MD5 hashes:

http://www.lightbluetouchpaper.org/2007/11/16/google-as-a-password-cracker/

I thought I’d put Cuil to the test, to see whether they can offer the same “service”….given their bold claims about their number of indexed pages ;)

Step 1 – think of a password – for the sake of this test I’ll choose the weak password, gringo

Step 2 – hash the password (if you’re lazy, like me, this can be done here)

Step 3 – Google it!

Step 4 – Cuil it!

Cuils MD5 Search....

Filed under Security, Uncategorized Tagged with , , , , ,

Steps to Enable Blackberry Internet Service on O2

June 26, 2008 by Paul Morgan-Roach Leave a Comment

It seems whenever we order a new Blackberry handset there is some form of failure – services aren’t fully applied or done in a timely fashion resulting in the Blackberry being out of sync or not accepting all services.  I’ve documented the steps here that can be used to get the 8310 Curve working:

1) Ensure the service provider has enabled all services on the device – this is the most common problem for me….

2) Ensure that GPRS is functioning correctly.  The GPRS text at the top right hand sign should be in CAPS

3) Go to Options -> Mobile Network ->Data Services and ensure that Data services are switched on.

4) Go to Advanced Options ->Host Routing Table.  There should be a list of Routes.  select the top route and click “Register Now”

5) Set up an email address at O2email.co.uk

6) Go into the EMail setup wizard on the handset and create a user account.  This is a container for the email address.

7) When all steps are complete, if the handset is still not receiving email, log into the o2email.co.uk website from a PC browser.  Send a new service book.

Hope this helps someone….

Filed under Uncategorized Tagged with ,

Nine Inch Nails Albums released under the Creative Commons Licence

May 8, 2008 by Paul Morgan-Roach Leave a Comment

Ok,  so I must have not been paying attention for the last few months…..but apparently the nice Mr Reznor has released a couple of albums under a CC licence….

http://creativecommons.org/weblog/entry/8267

This is a pretty bold step forward for the music industry…..

:D

Filed under Uncategorized

Enabling RPC over HTTPS on SBS2003

April 7, 2008 by Paul Morgan-Roach 2 Comments

Thanks go to Simon Butler for this (aka. Sembee on Experts-Exchange or http://www.amset.info).  His resources on this helped me iron out the problems and get this working beautifully!

I’d struggled getting RPC/HTTPS working for ages using a self -signed certificate, and while it’s still recommended using a purchased certificate, I needed to get a particular user working extremely quickly – within about 4 hours.  Waiting for appropriate DNS to propogate to get the cert approved wasn’t an option so the existing self signed cert I used for OWA was the only option…

NOTE:  THIS SOLUTION INVOLVES EDITING THE REGISTRY ON YOUR SBS SERVER – USE AT YOUR OWN RISK!

First things first, the certificate needed to be installed in the Root Certification Authorities store on the client machine.  Note that adding the cert to the default store WILL NOT work.

Then create split DNS by adding the corresponding external DNS zone to your internal DNS server, and a host record for the SBS server.  Remember, if your external web site is hosted externally you need to ensure that there is an A record that points to the web servers IP address.

Next, a couple of Registry keys needed to be added (I would have never have sussed this if it wasn’t for the resources on Amset!). A reg key needs to be created on the SBS server as follows:

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters]
“NSPI Interface protocol sequences”=hex(7):6e,00,63,00,61,00,63,00,6e,00,5f,00,\ 68,00,74,00,74,00,70,00,3a,00,36,00,30,00,30,00,34,00,00,00,00,00

Copy and paste the above into notepad and save with a .reg extension, then run.  This will create a key that looks like:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters Type REG_MULTI_SZ Name: NSPI Interface protocol sequences Value: ncacn_http:6004

Next on the Exchange server (this will be the same machine if using SBS) a different registry key needs to be created:

NOTE: THIS NEEDS TO BE ON A SINGLE LINE AND EDITED TO SHOW SERVER SETTINGS FOR YOUR SERVER

Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\RpcProxy]
“ValidPorts”=”server:100-5000; server:6001-6002; server:6004;server.domain.local:6001-6002; server.domain.local:6004; mail.external.com:6001-6002; mail.external.com:6004;”

Save as a .reg file and run.

Then simply configure Outlook to use RPC over HTTPS and specify the FQDN of the server.  You can test the connection by holding CTRL and right-clicking the Outlook icon, then looking at the Connection Status in the taskbar.  If it is trying to resolve the external FQDN of the server then Outlook is configured correctly. Then just ensure that port 443 on your firewall is forwarded to the SBS server….

….sorted :)

Filed under Active Directory, Exchange, Microsoft, SSL, Samba, Security, Windows Tagged with , , , ,

Gnome-Do

March 19, 2008 by Paul Morgan-Roach Leave a Comment

I’ve been trialling Ubuntu Hardy and been loving it.  It just seems quicker and more responsive.  Maybe thats just wishful thinking, but the boot times seem to have decreased as well….

As an add-on, I’ve installed Gnome-Do, an application that finds other applications based on a few keystokes.  Just press the “windows” key and the space bar and then type part of the name of the app you wish to launch…..

Pure Genius! :)

To install:

sudo apt-get install gnome-do

Then add it as a session using the string gnome-do-quiet to get it to launch at startup :)

Filed under Uncategorized

Older posts