hMailServer Anti Spam Settings

Antispam->General
Spam Mark Threshold = 6
Spam Delete Threshold = 9
Max Message Size to Scan = 1024
All tickboxes selected.

Antispam->Spam Tests
Use SPF = 3
Check host in HELO = 2
Check DNS MX = 2
Verify DKIM = 5

Antispam->Tarpitting
Count 0
Delay 15

Antispam->DNS Blacklists
zen.spamhaus.org | 127.0.0.* | Server rejected by http://www.spamhaus.org/zen/ | Score = 5 | (Old Settings 127.0.0.2-8|127.0.0.10-11)
psbl.surriel.com | 127.0.0.* | Server rejected by surriel.com | Score = 1
b.barracudacentral.org | 127.0.0.* | Server rejected by barracuda | Score = 4
bl.spamcop.net | 127.0.0.* | Server rejected by SpamCop.net | Score = 4
dnsbl.sorbs.net | 127.0.0.* | Server rejected by Sorbs.net | Score = 1

Antispam->SURBL Servers
multi.surbl.org | Rejected by SURBL | Score = 4

Antispam->Greylisting
Minutes to Defer = 1
Days to remove unused = 1
Days to remove used = 72
Tick Bypass on SPF

WordPress Force Login WP-Cron & BackWPup Not Working

When using the Force Login plugin for wordpress by Kevin Vess, you will notice that WP-Cron and external links to launch backups for BackWPup no longer work.

The developer wrote some fixes for this thankfully, however it can be confusing for non technical people if you have no programming experience.

To enable XMLRPC, edit wp-force-login.php in the plugin directory, and replace the second function in the file from the one on his GitHub.

For my particular use case, I needed to be able to call a backup job for BackWPup from one of my other servers with CURL.  I used his fix for WP-Cron, but edited it to not require authentication from my home server’s public IP address.  There was also a small syntax error that needed correcting.  Again, we will be replacing the second function in the plugin.

Original Plugin file:

< ?php
/*
Plugin Name: Force Login
Plugin URI: http://vess.me/
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
Version: 2.1
Author: Kevin Vess
Author URI: http://vess.me/
License: GPLv2 or later
*/

/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

function v_getUrl() {
  $url  = isset( $_SERVER['HTTPS'] ) &amp;&amp; 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
  $url .= '://' . $_SERVER['SERVER_NAME'];
  $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
  $url .= $_SERVER['REQUEST_URI'];
  return $url;
}
function v_forcelogin() {
  $url = v_getUrl();
  if( !is_user_logged_in() &amp;&amp; preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) ) {
    wp_safe_redirect( wp_login_url( $url ), 302 ); exit();
  }
}
add_action('init', 'v_forcelogin');

Edited plugin to allow WP-Cron to function (Link Here):

< ?php
/*
Plugin Name: Force Login
Plugin URI: http://vess.me/
Description: Easily hide your WordPress site from public viewing by requiring visitors to log in first. Activate to turn on.
Version: 2.1
Author: Kevin Vess
Author URI: http://vess.me/
License: GPLv2 or later
*/

/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/

function v_getUrl() {
  $url  = isset( $_SERVER['HTTPS'] ) &amp;&amp; 'on' === $_SERVER['HTTPS'] ? 'https' : 'http';
  $url .= '://' . $_SERVER['SERVER_NAME'];
  $url .= in_array( $_SERVER['SERVER_PORT'], array('80', '443') ) ? '' : ':' . $_SERVER['SERVER_PORT'];
  $url .= $_SERVER['REQUEST_URI'];
  return $url;
}
function v_forcelogin() {
  $url = v_getUrl();
  if( !is_user_logged_in() &amp;&amp; preg_replace('/\?.*/', '', $url) != preg_replace('/\?.*/', '', wp_login_url()) ) {
    if( $_SERVER['REMOTE_ADDR'] != 'xxx.xxx.xxx.xxx' ) {
      wp_safe_redirect( wp_login_url( $url ), 302 ); exit();
    }
  }
}
add_action('init', 'v_forcelogin');

Make sure that you wrap the IP address from which you need to connect without authentication is wrapped in apostrophies EX:

 != '127.0.0.1'

Change WordPress URLs

These SQL statements update the site URL in common database locations:

UPDATE wp_options SET option_value = replace(option_value, 'http://current-url.com', 'http://new-url.com') WHERE option_name = 'home' OR option_name = 'siteurl';
UPDATE wp_posts SET guid = replace(guid, 'http://current-url.com', 'http://new-url.com');
UPDATE wp_posts SET post_content = replace(post_content, 'http://current-url.com', 'http://new-url.com');
UPDATE wp_postmeta SET meta_value = replace(meta_value,'http://current-url.com', 'http://new-url.com');

SSH Authentication Key Setup Ubuntu

Here is how to set up key based authentication for OpenSSH server on Ubuntu 14.04

First, generate your keypair for the account.  You can leave the private key password blank if you do not want to enter one every time.

cperson@WEB:~/.ssh$ ssh-keygen -t rsa

Copy your private key to your computer.  You may need to use PuTTYgen to convert it for use with PuTTY.

Enable your account for logon with the private key by adding your public  key to the authorized_keys file.

cperson@WEB:~/.ssh$ cat id_rsa.pub >> authorized_keys

Free up Disk Space on /boot

Occasionally you will need to free up some disk space on the /boot partition after updating your kernel several times.  Here are a few commands to list all installed kernels on your Ubuntu system, except the running one.

kernelver=$(uname -r | sed -r 's/-[a-z]+//')
dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve $kernelver

List all installed kernels:

dpkg -l linux-image-\* | grep ^ii

Then, you can remove the un needed kernels with this command:

sudo apt-get purge $(dpkg -l linux-{image,headers}-"[0-9]*" | awk '/ii/{print $2}' | grep -ve "$(uname -r | sed -r 's/-[a-z]+//')")

NetApp OnCommand System Manager 500 Connection Refused

I recently upgraded my NetApp OnCommand System Manager and upon trying to login I was presented with the error: “500 Connection Refused”.

500_Refused

This can occur if TLS is not enabled in DataONTAP.  In this particular scenario, the only SSL protocol available was SSLv3, which most browsers now have disabled by default, or if your SSL certificate on the filer has expired.

To enable TLS in DataONTAP, login to the filer via SSH and issue the following command:

options tls.enable on

If you have a high availability setup with multiple controllers, ensure that you issue the command on both nodes.

Outlook Password Prompt On NetMotion Mobility

When connected to NetMotion Mobility on Windows 8.1, Outlook 2013 frequently has connectivity problems.  When attempting to open Outlook you are presented with a password dialog box, but no username format or password combination works.  When you click cancel you receive an error stating the attempt to log onto Microsoft exchange has failed.  This behavior can also be intermittent.  The majority of the time Outlook will not work, but occasionally it will.

This happens because Outlook is attempting to bind to the physical network adapter and not the NetMotion virtual adapter.  As such, Mobility blocks all non encrypted traffic out of the physical network adapter, so the logon attempts are never actually sent.  This problem can be rectified by creating or modifying one of the policies on the Mobility server.

In my case, I created a rule called “Exchange Routing” and added it to my existing global client policy in the Mobility server console.

Below is a screen shot of the rule setup:
NMRule

What this tells the Mobility client is to add a route for traffic destined to 10.12.201.250 (this would be the internal IP address of your exchange server), to send it via the nmvnic (NetMotion Virtual Network Interface).  This way Outlook is forced to bind to the correct NIC and there are no connectivity issues.

Excessive Non VM Space in Datastore on NetApp

Recently I started to get alarms from a vCenter server stating one of its datastores was exceeding 75% capacity.  I noticed that the datastore in question had less space consumed and less free space than the other datatstore in the cluster of the same size.  I also had roughly 285GB of space consumed in the first datastore listed as “Non VM Space”.

datastores

Using SSH to one of the ESXi hosts revealed different outcomes of the df and du commands to check the space.

df -h - 1.1TB consumed on the datastore volume in question
	du -h - 875GB used on datastore in question

I took into account the thin provisioned VMs, and removed all snapshots but things still didn’t add up.  I eventually found this bug report from NetApp (657692) affecting DataONTAP 8.1.2.  Fortunately the workaround is easy until you can upgrade your filer to a version of ONTAP that has the bug fixed.  Run the deduplication job (after hours, its IO intensive) with the -s switch to force it to scan the stale fingerprint metadata (sis start -s /vol/volname).  After the deduplication job finished all of the missing space had been reclaimed.