Barracuda Spam Firewall Attachment Filtering

Perhaps the single biggest hamartia of the Barracuda Spam Firewall’s Attachment Filtering is that it omits filtering any whitelisted messages. Based on this comment in the user forum, this has apparently been an issue for at least 9 years.

To review your Attachment Filename Filters (only visible when managing the overall system): BLOCK/ACCEPT > Attachment Filters

If you are interested in changing this behavior, you should add your name to Feature Request ID BNSF-8261.

Can’t Print In osTicket On Synology

When using the Print button embedded in a ticket, I receive the following error:

Server error

500

The website encountered an error while retrieving https://<my server’s path>/tickets.php?id=274&a=print&notes=1. It may be down for maintenance or configured incorrectly.

The root cause was evident when reviewing /var/log/httpd/user-error_log:

FastCGI: server “/php-fpm-handler” stderr: PHP message: PHP Fatal error:  Unsupported operand types in /volume1/web/osticket/upload/include/mpdf/config_fonts.php on line 307, referer: https://<my server’s path>/tickets.php?id=274

The resolution is to enable PHAR

Go to Control Panel > Web Services > PHP Settings > Select PHP extension

Then select “phar” and click ok.

 

Standalone IBM Traveler Maintenance Post-9.0.1.7

Beginning with IBM Traveler 9.0.1.8, the NTS_DEFRAG_INTERVAL_DAYS= ini setting is no longer valid.

If the setting is still present in the Traveler server’s ini, you will see the following warning on the server console (and/or in the log) when Traveler starts:

Traveler: WARNING *system Unrecognized IBM Traveler parameter in notes.ini: NTS_DEFRAG_INTERVAL_DAYS

If the server was upgraded with the NTS_DEFRAG_INTERVAL_DAYS= in place, the upgrade process appears to transfer the previously set interval. The same result can be achieved by issuing: tell traveler dbmaint set interval 30

You can then verify the set interval using: tell traveler dbmaint show

Don’t forget to remove the NTS_DEFRAG_INTERVAL_DAYS= setting from your post-9.0.1.7 server’s ini.

In a standalone DB situation where you want to trigger Traveler database maintenance, you can issue the following command at the console: tell traveler DBMaint run

This will set the ini parameter NTS_DEFRAG_ONCE=1 which will trigger defrag at the next Traveler restart. The server will automatically remove the NTS_DEFRAG_ONCE=1 setting after the triggered defrag completes.

Again, in a standalone DB situation, you could automate regularly scheduled defrags to run by:

  1. Using the “tell traveler DBMaint set” commands to set the desired interval, time, day
  2. Creating a Program document that issues the server command, restart task traveler, just after the time set in the command above

TLS For Domino SMTP

Those that are already using or considering enabling secure SMTP sessions using STARTTLS for Domino should either disable it / wait for now (until SPR# MKENA4SQ7R is resolved in an IF or 9.0.1 FP6), obtain hotfix(es) directly from IBM, or risk the inability to deliver/receive TLS with (at least) some @outlook.com addresses.

For those using (or planning to use) TLS, you should also look at adding the SSL_SESSION_SIZE notes.ini setting. When the setting is not used, the value defaults to 5000 and this is too low to prevent errors like:

02/25/2016 12:23:52 PM New SSL session data length of 5121 bytes is larger than the current size of 5000 bytes.
02/25/2016 12:23:52 PM You may want to set the Notes.ini variable SSL_SESSION_SIZE to at least 5121 bytes.

Note that the server suggested the 5121 value in this example (presumably based upon the handshake with the external server) and I’ve been unable, as yet, to find any other scientific method for determining what other value might be better.

Logitech Harmony Remote Sync Hangs At 99%

I recently encountered an issue where my Logitech Harmony 650 Remote sync hung at 99%. I found a few other users mention the same issue in the support forum and found that I was able to get past the issue by continually pressing the center button (a.k.a the “OK” button) beginning at around 95%. Although the remote goes into safe mode, the sync process successfully completes at 100%. I then close the sync as normal and remove the batteries from the remote to get back out of safe mode.

Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks

Sometimes setting up a system to allow password authentication is less secure.

Ever notice activity like this on your SMTP-enabled Domino server?

SMTP Server: Authentication failed for user guest ; connecting host 46.137.108.26
SMTP Server: Authentication failed for user backup ; connecting host 46.137.108.26
etc.

Guess what…  In this case, I am not happy that ec2-46-137-108-26.eu-west-1.compute.amazonaws.com (Amazon Web Services, Ireland) thinks they need to relay SMTP through my Domino server.

If this hacker is able to guess a user login and password combo, they can relay whatever they want.

There is a quick fix that prevents these hacking attempts from ever succeeding at circumventing SMTP relay restrictions:

If you are NOT using Internet Site documents, set the following field(s) to “No” in the corresponding server’s Server Document:

2016-02-09_21-45-04

If you ARE using Internet Site documents, just change the following field(s) to “No”:

2016-02-09_21-49-56

Want more info? Read more here.

Happy hacker snubbing!