http://channel9.msdn.com/ShowPost.aspx?PostID=258392
In web development , the website design will remain void only if the web hosting deal is actually a dedicated hosting.
S to zadevo se včasih srečam na Windows server 2003 SBS – ponavadi zato, ker je nanj instaliran Outlook 2003 – Microsoft instalacijo Outlook-a 2003 na strežnik odsvetuje / ni podprta. Outlook zamenja datoteko c:WindowsSystem32mapi32.dll – ce nanjo kliknemo z desnim miškinim gumbom in izberemo Properties lahko pregledamo različico. Za pravilno delovanje potrebujemo 1.0.2536.0. Datoteko lahko v nasprotnem primeru prepišete s kateregakoli drugega Windows 2003 server sistema.
I get by this problem on some Windows server 2003 SBS servers – mostly becouse there is Outlook 2003 installed on the system – this is not racommended and even not supported by Microsoft. You can check c:WindowsSystem32mapi32.dll by clicking right mouse button and then select properties. The version of the file should be 1.0.253.6.0. If you have different version you can replace this file from any other Windows 2003 server.
http://dast.nlanr.net/Projects/Iperf/ – official site
http://www.noc.ucf.edu/Tools/Iperf/default.htm – win32 port
Osnovna pravilna konfiguracija DNS zapisa in njegovo testiranje. / Correct basic configuration of DNS records and testing.
Pri konfiguraciji DNS strežnika moramo upoštevati nekaj osnovnih navodil. There are some basic rules that should be folowed when configuring DNS servers.
Vzemimo primer, da imamo domeno company.com za katero bi radi naredili DNS zapis: Let say that we have domain company.com and we would like to create DNS record for it:
1. naredimo primarno forward cono company.com / create forward zone for company.com
2. popravimo SOA zapis: / correct SOA record:
2.1 oštevilčimo po principu LETOMESECDAN01 – primer: 2007020701 / enumerate it with YYYYMMDDnn
2.2 vpišemo ime primarnega DNS streznika ter e-mail skrbnika domene – pozor v obliki ime.domena.končnica – brez afne – @ / enter the name of primary DNS server for domain company.com and its hostmaster without “at” sign – @ example. hosmaster.company.com
2.3 po potrebi popravimo časovne vrednosti zapisa / if it is needed fix the time values of the record
2.4 vpišemo DNS strežnike / enter your DNS servers
3. naredimo zapis gostitelja – A zapis strežnika, ki bo gostil storitve / create a HOST or A record for a computer that will host services
4. naredimo psevdonim – CNAME zapis, ki bo “kazal” na gostitelja. / create alias – CNAME record for aliases that will point to HOST.
5. naredimo MX zapis za domeno company.com / create MX record for domain company.com
6. testiramo delovanje z uporabo / testing:
ping
nslookup
http://www.dnsreport.com – preverite nastavitve svoje domen / check your domain name configuration
http://www.dnsstuff.com – dodatna orodja za pregled DNS zapisov / additional tools for checking DNS records
Izdelava forward cone z nekaj zapisi / Creating forward zone with some records
(wink source)
Konfiguracija Exchange 2003 SP2 strežnika za filtriranje proti črnim listam, uporaba Intelligent message filter-ja ter Sender ID procesiranje / Configuration of Exchange 2003 SP2 to filter mail using black lists, usage of Intelligent message filter and Sender ID processing
Nekaj zlatih pravil na katere moramo biti pozorni pri konfiguraciji poštnih strežnikov. / Some rules to be aware of when configuring mail servers.
DNS nivo / DNS layer
1. MX zapis mora obstajati / MX record must exist
Za test lahko v ukazni vrstici vpišete ukaz / For testing you can try to get the MX record using nslookup command:
nslookup
set type=MX
company.com
Kot rezultat bi morali dobiti / As result you should get:
company.com MX preference = 10, mail exchanger = mail.company.com
2. Forward in reverse DNS zapis se morata ujemati / Forward and reverse DNS record must be the same
Primer / Example:
Recimo, da MX zapis za domeno company.com kaže na poddomeno domene company.com in sicer na mail.company.com. V primeru, da izvršimo ukaz ping v ukazni vrstici dobimo rezultat: / Let say, that MX record for domain name company.com points to subdomain of company.com – mail.company.com. In this case you can check by pinging hostname and get the result:
C:>ping mail.company.com
Pinging mail.company.com [123.123.123.123] with 32 bytes of data:
Reply from 123.123.123.123: bytes=32 time=119ms TTL=238 …
Ce pa izvršimo ukaz, ki nam iz IP naslova razreši DNS zapis moramo dobiti rezultat: / If we try to make a reverse lookup we should get the same result:
C:>ping -a 123.123.123.123
Pinging mail.company.com [123.123.123.123] with 32 bytes of data:
Reply from 123.123.123.123: bytes=32 time=111ms TTL=238
…
Nivo poštnega strežnika (SMTP strežnika) / Mail server layer (SMTP server)
SMTP strežnik se mora oglasiti z istim imenom, kot je vpisan v MX zapisu – v našem primeru: mail.company.com. To pa lahko preizkušamo tako, da se z uporabo programa telnet povezemo na poštni strežnik na portu 25. / SMTP server should present with the same name as a name in MX record. In our case this is mail.company.com. This can be tested using telnet program connecting to port 25 of our mail server.
Kot rezultat bi morali dobiti: / As a result you should get:
220 mail.company.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.1830 ready at Mon, 5 Feb 2007 23:07:34 +0100
http://www.dnsreport.com – preverite nastavitve svoje domen / check your domain name configuration
http://www.dnsstuff.com – dodatna orodja za pregled DNS zapisov / additional tools for checking DNS records
http://www.microsoft.com/mscorp/safety/content/technologies/senderid/wizard/ – Sender policy framework – generator TXT zapisa / Sender policy framework TXT record generator
I. del / Part I. – Message delivery properties – general
(wink source)
II. del / Part II. – Message delivery properties – Connection filtering
(wink source)
III. del / Part III. – Message delivery properties – IMFv2 / Sender ID filtering
(wink source)
IV. del / Part IV. – Activate filters on SMTP server
(wink source)
Vohljanje paketov z brezžičnimi omrežnimi karticami, ki v Windows okolju tega ne omogočajo / Sniffing packets with wi-fi network cards that do not support that in Windows environment
Večkrat sem zasledil, da se z vgrajenimi wi-fi mrežnimi karticami ne da “prisluškovati” vsemu prometu, ki ga kartica dejansko “vidi”. Moj Dell Latitude 110L ima na primer vgrajeno Intel PRO/Wireless 2200 BG kartico, ki v Windows sistemu “vohljanja paketov” ne omogoča.
Zagato se da rešiti tako, da v Windows okolju instaliramo Microsoftov generični Loopback adapter, ki se manifestira kot dodatna mrežna kartica na kateri skupaj z brezžično kartico naredimo bridge. S poljubnim programom za analizo mrežnega prometa lahko potem “vohljamo” za paketi kar preko mostičenega vmesnika. S tem načinom se izognemo instalaciji spremenjenih gonilnikov, ki imajo lahko druge slabe lastnosti – izkoristimo izključno elemente, ki so že prisotni v operacijskem sistemu. Kot primer programa za analizo paketov priporočam Wireshark / http://www.wireshark.org/
There is a problem sniffing the traffic that wireless network card can “see” using default drivers in Windows environment. My laptop’s card Intel PRO/Wireless 2200 BG adapter does not allow me to sniff wi-fi packets that are not directly sent to my adapter.
The solution is that we install Microsoft loopback adapter and then create Network bridge using Wi-Fi adapter and Loopback adapter. After reboot of the system we will be able to use prefered network analyser to “sniff” traffic on Bridge adapter which can “see” all traffic the Wi-Fi card can see.
I suggest you to try Wireshark – network analyzer: http://www.wireshark.org/
I. del – Predstavitev problema / Part I. – The problem
(wink source)
II. del – Instalacija Microsoft omrežni adapter s povratno zanko / Part II. – Installing Microsoft loopback adapter
(wink source)
III. del – Mrežni most / Part III. – Network bridge
(wink source)
VI. del – “Vohljanje” paketov / Part IV. – Sniffin’
(wink source)
Windows XP VPN odjemalec / Windows XP VPN client
Privzete nastavitve / Default settings
(wink source)
Brez uporabe privzetega prehoda na oddaljenem omrežju / Without using default gateway on remote network
(wink source)
Uporabi privzeti prehod na oddaljenem omrežju? Da? Ne? / Using default gateway on remote network? Yes or no?
Kje je razlika? / What’s the difference?
Z uporabo prehoda na oddaljenem omrežju se vsi paketi, ki niso naslovljeni v vaše trenutno lokalno omrežje posredujejo skozi VPN in nato v npr. internet. Celoten promet v internet gre preko oddaljenega VPN strežnika. To je privzeta nastavitev, ker omogoča večjo varnost – ob enem pa je ponavadi dostop do interneta upočasnjen še posebej, če ima VPN strežnik majhno izhodno hitrost (dober primer so ADSL povezave v Sloveniji, kjer je izhodna hitrost znatno manjša od vhodne). Z izključitivjo parametra “Use default gateway on remote network” vsa promet poteka normalno, preko VPN povezave potuje samo promet, ki je dejansko namenjen v omrežje na drugi strani VPN tunela.
If you use default settings all packets that are not addressed to your current local area network are sent through VPN tunel and only after that for example in internet. This is Microsoft default settings when you configure VPN connection becouse it is more secure, but in other hand there are practical reasons for not using this parameter. Internet connection on our machine will get slower becouse it will be routed over VPN server at the other side of VPN (a good example are servers which are on ADSL connections here in Slovenia – we have fast download but slow upload speed). By removing parameter: “Use default gateway on remote network” only traffic directed to the other side of VPN tunel is router through VPN. Everything else is working normaly.
Luka Manojlovic 
