TLS For Domino SMTP

Those that are already using or considering enabling secure SMTP sessions using STARTTLS for Domino should either disable it / wait for now (until SPR# MKENA4SQ7R is resolved in an IF or 9.0.1 FP6), obtain hotfix(es) directly from IBM, or risk the inability to deliver/receive TLS with (at least) some @outlook.com addresses.

For those using (or planning to use) TLS, you should also look at adding the SSL_SESSION_SIZE notes.ini setting. When the setting is not used, the value defaults to 5000 and this is too low to prevent errors like:

02/25/2016 12:23:52 PM New SSL session data length of 5121 bytes is larger than the current size of 5000 bytes.
02/25/2016 12:23:52 PM You may want to set the Notes.ini variable SSL_SESSION_SIZE to at least 5121 bytes.

Note that the server suggested the 5121 value in this example (presumably based upon the handshake with the external server) and I’ve been unable, as yet, to find any other scientific method for determining what other value might be better.

Logitech Harmony Remote Sync Hangs At 99%

I recently encountered an issue where my Logitech Harmony 650 Remote sync hung at 99%. I found a few other users mention the same issue in the support forum and found that I was able to get past the issue by continually pressing the center button (a.k.a the “OK” button) beginning at around 95%. Although the remote goes into safe mode, the sync process successfully completes at 100%. I then close the sync as normal and remove the batteries from the remote to get back out of safe mode.

Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks

Sometimes setting up a system to allow password authentication is less secure.

Ever notice activity like this on your SMTP-enabled Domino server?

SMTP Server: Authentication failed for user guest ; connecting host 46.137.108.26
SMTP Server: Authentication failed for user backup ; connecting host 46.137.108.26
etc.

Guess what…  In this case, I am not happy that ec2-46-137-108-26.eu-west-1.compute.amazonaws.com (Amazon Web Services, Ireland) thinks they need to relay SMTP through my Domino server.

If this hacker is able to guess a user login and password combo, they can relay whatever they want.

There is a quick fix that prevents these hacking attempts from ever succeeding at circumventing SMTP relay restrictions:

If you are NOT using Internet Site documents, set the following field(s) to “No” in the corresponding server’s Server Document:

2016-02-09_21-45-04

If you ARE using Internet Site documents, just change the following field(s) to “No”:

2016-02-09_21-49-56

Want more info? Read more here.

Happy hacker snubbing!

 

The Difference Between An ESXi Patch, Express Patch, and Update

ESXi patches, express patches, and updates can be obtained from: https://my.vmware.com/group/vmware/patch

Understanding the difference between an ESXi patch, express patch, and update:

  • An update is a service pack with many fixes included.
  • An express patch is a small service pack with a few dozen updates.
  • A patch is a single update.

So, essentially, there is nothing significantly different between the three.

Review the following blog entry to understand the cumulative capabilities of the update files: https://blogs.vmware.com/vsphere/2013/10/are-esxi-patches-cumulative.html

In short, every ESXi update/express patch/patch is cumulative as long as you apply it as such. To achieve this when patching from the command line, use the “esxcli software vib update -d <patch archive>” command, where <patch archive> is the path to the ESXi file that you downloaded from my.vmware.com and then uploaded to your ESXi server’s datastore.

Circumventing the DCT Loop

Domino Configuration Tuner is one of many oft overlooked Domino Administration and assessment tools. Another obstacle to its use is the annoying, “Lotus Notes has automatically updated some require files for this application. Before you can use the DCT you need to restart your Notes Client.” message. The problem is that restarting the Notes Client does not improve the situation. You may also notice the following on the status bar: “Unable to deploy 1 updated file (probably locked and in use)”.

One way to resolve the issue:

  1. Shut down all Notes programs running on your workstation.
  2. Delete your local dct.nsf and dct.ntf
  3. Download the “latest” dct.ntf version: http://www-01.ibm.com/support/docview.wss?uid=swg24019358&rs=0&cs=utf-8&context=SWA00&dc=D400&q1=dct
  4. Put dct.ntf in your Notes data directory.
  5. Restart Windows in Safe Mode (press F8 while restarting)
  6. Launch Notes and start Domino Configuration Tuner
  7. If prompted to restart Notes, restart Notes and try launching DCT again.