date:20120515

Re: Help w/DNS MX records

2012-05-15 Thread Micheal Espinola Jr

I believe you are correct.  IIRC, MIPs (Mapped IPs) and VIPs (Virtual IPs)
are variations for IP forwarding related jargon on Juniper's.

--
Espi




On Tue, May 15, 2012 at 7:39 PM, Ben Scott  wrote:

> What does "MIP" mean?  Port forwarding?  Something fancier?

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Personal Gmail and Blocking user from attaching documents.

2012-05-15 Thread Ben Scott

On Tue, May 15, 2012 at 11:30 PM, Mack Bolan  wrote:
>> Dropbox google drive sky drive owa when at home pc?
>
> SCSI, UART, Taliban, War on drugs, Watergate, snakes on a plane?

  Super Punk Octo Pudding Gas Mark Seven.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Help w/DNS MX records

2012-05-15 Thread Ben Scott

  Back here now...

On Tue, May 15, 2012 at 8:53 AM, Richard McClary
wrote:

> The external FQDN for the gateway is “faxcore1.mwro.aspca.org”.
>

  I see this from here.

> There is an MX record for “faxcore1.mwro.” with the data entry
> “faxcore1.mwro.aspca.org.”  (priority of 10).
>

  I believe I just beat this issue to death in my previous message.

 This is MIP’d in through our firewall to the IP address for
> “faxcore1.aspca.local”.
>

  What does "MIP" mean?  Port forwarding?  Something fancier?

  What is the IP address for .  (I realize it's
probabbly an RFC-1918 private address, but to figure out what's wrong we're
going to need to understand your network topology.)

> There is an MX record “faxcore1.aspca.local”.
>

  Explain this more, please.  You can't have a DNS record with just one
piece of information.

> However, with the internet connection “broken”, all our MIP’d DNS entries
> had no way back into our firewall.
>

  Please explain "our MIP’d DNS entries had no way back into our
firewall".  Keep in mind that I don't know your firewall configuration,
network topology, or (in all likelihood) the vendor-specific terminology
your firewall vendor uses.

>  faxcore2.mwro A 38.96.187231
>

  I presume this really means:

faxcore2.mwro.aspca.org.A   38.96.187.231

> faxcore1.mwro.MX  20  faxcore2.mwro.aspca.org.
>

  Again, if that trailing dot really is there, that DNS record is doing
nothing useful.  That could be your problem right there.  Since you're
trying to tell the world that  is reachable by
two different mail exchangers, the A record behavior I explained previously
is no longer sufficient.

>  The NYC firewall has the 38.x.x.x address MIP’d and has the same policy
> settings as the Illinois firewall.
>

  That's really unclear.

  Are you trying to say the firewall at 38.96.187.231 has a port forwarding
rule, such that inbound traffic on TCP/25 is forwarded from your NYC
firewall to your Illinois fax server's private IP address, routed via your
WAN cloud?  (It might help if you gave us IP addresses here, too.)

> 
> (FWIW, I’ve also added an MX record, priority 25, for
> faxcore2.aspca.local. .)
>

  See previous remark on explaining MX records.  :)

 -- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Help w/DNS MX records

2012-05-15 Thread Ben Scott

On Tue, May 15, 2012 at 9:44 AM, Richard McClary 
wrote:
> The trailing dots on the LHS were there from when records including
> Faxcore were imported first from AT&T (which may have put them in
> somewhat automatically in their web interface) to Internap, and then
> from Internap to Cogent.

 That seems to translate as, "We have no idea why those records are there."
 :)

> SO, to summarize, before my next test, I should:

 I don't have enough information to tell you what you "should" do.

 But I suspect your DNS records aren't doing what you think they are.

 In standard notation, a fully-qualified domain name (FQDN) ends in a dot.
 If there is no dot, it's assumed to be a relative domain name.  For
relative domain names, the origin and/or search path can/will get involved.

  is an FQDN.   is an FQDN.   is
an FQDN.  <.> is an FQDN.

  is an FQDN.

  is *not* an FQDN.

  is *not* an FQDN.

  *is* an FQDN.

 So when you see:

faxcore1.mwro A   63.85.204.151
faxcore1.mwro.MX  10  faxcore1.mwro.aspca.org.

... I suspect the computer sees:

faxcore1.mwro.aspca.org.A   63.85.204.151
faxcore1.mwro.  MX  10  faxcore1.mwro.aspca.org.

  While the name  is valid according to the DNS protocol,
in the public DNS structure, it's not delegated from the root, so nobody
will find it.  To wit:

> *dig +noall +ans ANY faxcore1.mwro.aspca.org. @auth1.dns.cogentco.com.*
faxcore1.mwro.aspca.org. 600IN  A   63.85.204.151
> *dig +noall +ans ANY faxcore1.mwro. @auth1.dns.cogentco.com.*
>

  I have no idea if this is related to your other issues.  But you should
prolly get a handle on your DNS even if this is unrelated.

  Oh, I bet I know what's going on.  The RFCs say that in the absence of an
MX record, an SMTP implementation should try for an A record, and if it
gets one, assume that is the mail exchanger.  So when DNS clients try for
an MX record for , they don't get one, but then
try for an A record, and succeed.  The bogus  record never
gets involved.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Personal Gmail and Blocking user from attaching documents.

2012-05-15 Thread Gary Slinger

Anytime you want to write a sentence rather than throwing random words in to an 
email while waiting for people to do your job for you would be fine. 

-Original Message-
From: justino garcia 
Date: Tue, 15 May 2012 19:39:25 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Re: Personal Gmail and Blocking 
user from attaching documents.

Dropbox google drive sky drive owa when at home pc?

On Tuesday, May 15, 2012, James Rankin  wrote:
> Just use a web filter to block all web-based email sites?
>
> On 15 May 2012 19:58, justino garcia  wrote:
>>
>> Are anyone here in the group blocking access to Gmail, or other webmail
beside work realted, and how are we dealing with blocking work documents
from being uploaded / attached to personal inbox?
>>
>> Thanks,
>>
>>
>> --
>> Justin
>> IT-TECH
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>
>
> --
> http://appsensebigot.blogspot.co.uk
>
> IMPORTANT INFORMATION/DISCLAIMER
>
> I certainly don't have time to monitor the content of e-mail sent and
received via this account for the purposes of ensuring compliance with
anyone's policies and procedures. I am pretty sure that somewhere in UK
legislation there is some politically-correct drivel that stipulates I must
never send or store e-mails or attachments that are obscene, indecent,
sexist, racist, defamatory, abusive, in breach of copyright, encrypted,
amusing, overly long, slightly opinionated, anonymous, likely to harm
animals or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent
minority (such as extraterrestrial eggplants). Emails of this nature sent
in or out of this account may be intercepted and stopped by the system, but
it's a long shot. This being the UK, even if I was prosecuted for breach of
said email guidelines, I'd probably walk with a suspended sentence anyway,
but if I'd forgotten to pay my car insurance, I'd most certainly be hung,
drawn and quartered.
>
> I am not responsible for any changes made to the message after it has
been sent, in more or less the same way that cyclozine manufacturers aren't
responsible for drug addicts mixing it with methadone and overdosing, so
I'm glad I cleared the confusion up there nice and early. Where opinions
are expressed, they are not necessarily mine. However, I don't make a habit
of expressing other people's opinions for them, so you shouldn't take that
statement as an indication that I am in the business of providing an
opinion-expressing service. In the event that I did, this discourse would
provide no guarantee that I would do it anyway, but I don't, so I won't.
>
> This e-mail and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. If you are not the intended addressee, or the person responsible
for delivering it to them, aside from the fact that you've clearly got some
level of unauthorised access to their account or are at least engaged in
some sort of fraud, I'm obliged to tell you that may not copy, forward
disclose or otherwise use it or any part of it in any way. To do so may be
unlawful, and as you're already breaking the law, I am sure that bombshell
makes you quake in your boots and turn yourself over to law enforcement
immediately. If you receive this e-mail by mistake, please advise the
sender immediately. That would be me, and as I am clearly prone to sending
emails to completely the wrong person, I should instantly be stripped of my
status as a technical consultant and sent to do something more becoming of
my stupidity, such as appearing on Big Brother, the X Factor or "insert
country name here"'s Got Talent.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

-- 
Justin
IT-TECH

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Personal Gmail and Blocking user from attaching documents.

2012-05-15 Thread Lora Cates

Do you currently use any web filtering products?  We block Gmail/Hotmail/Yahoo 
at the proxies.

As for preventing documents, are you talking about preventing emailing 
documents to personal accounts, or to something else like Dropbox?
 
-lc


>
> From: justino garcia 
>To: NT System Admin Issues  
>Sent: Tuesday, May 15, 2012 1:58 PM
>Subject: Personal Gmail and Blocking user from attaching documents.
> 
>
>Are anyone here in the group blocking access to Gmail, or other webmail beside 
>work realted, and how are we dealing with blocking work documents from being 
>uploaded / attached to personal inbox?
> 
>Thanks,
> 
>
>
>-- 
>Justin
>IT-TECH
>
>~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>~   ~
>
>---
>To manage subscriptions click here: 
>http://lyris.sunbelt-software.com/read/my_forums/
>or send an email to listmana...@lyris.sunbeltsoftware.com
>with the body: unsubscribe ntsysadmin
>
>
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Personal Gmail and Blocking user from attaching documents.

2012-05-15 Thread James Rankin

Just use a web filter to block all web-based email sites?

On 15 May 2012 19:58, justino garcia  wrote:

> Are anyone here in the group blocking access to Gmail, or other webmail
> beside work realted, and how are we dealing with blocking work documents
> from being uploaded / attached to personal inbox?
>
> Thanks,
>
>
>
> --
> Justin
> IT-TECH
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

-- 
http://appsensebigot.blogspot.co.uk

IMPORTANT INFORMATION/DISCLAIMER

I certainly don't have time to monitor the content of e-mail sent and
received via this account for the purposes of ensuring compliance with
anyone's policies and procedures. I am pretty sure that somewhere in UK
legislation there is some politically-correct drivel that stipulates I must
never send or store e-mails or attachments that are obscene, indecent,
sexist, racist, defamatory, abusive, in breach of copyright, encrypted,
amusing, overly long, slightly opinionated, anonymous, likely to harm
animals or hurt the feelings of an as-yet-unspecified or as-yet-nonexistent
minority (such as extraterrestrial eggplants). Emails of this nature sent
in or out of this account may be intercepted and stopped by the system, but
it's a long shot. This being the UK, even if I was prosecuted for breach of
said email guidelines, I'd probably walk with a suspended sentence anyway,
but if I'd forgotten to pay my car insurance, I'd most certainly be hung,
drawn and quartered.

I am not responsible for any changes made to the message after it has been
sent, in more or less the same way that cyclozine manufacturers aren't
responsible for drug addicts mixing it with methadone and overdosing, so
I'm glad I cleared the confusion up there nice and early. Where opinions
are expressed, they are not necessarily mine. However, I don't make a habit
of expressing other people's opinions for them, so you shouldn't take that
statement as an indication that I am in the business of providing an
opinion-expressing service. In the event that I did, this discourse would
provide no guarantee that I would do it anyway, but I don't, so I won't.

This e-mail and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you are not the intended addressee, or the person responsible for
delivering it to them, aside from the fact that you've clearly got some
level of unauthorised access to their account or are at least engaged in
some sort of fraud, I'm obliged to tell you that may not copy, forward
disclose or otherwise use it or any part of it in any way. To do so may be
unlawful, and as you're already breaking the law, I am sure that bombshell
makes you quake in your boots and turn yourself over to law enforcement
immediately. If you receive this e-mail by mistake, please advise the
sender immediately. That would be me, and as I am clearly prone to sending
emails to completely the wrong person, I should instantly be stripped of my
status as a technical consultant and sent to do something more becoming of
my stupidity, such as appearing on Big Brother, the X Factor or "insert
country name here"'s Got Talent.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: ICACLS question

2012-05-15 Thread Michael Leone

Once I took ownership, I was able to reset inheritance with
"/inheritance:e /T /C". No need for "/reset". I *did* have to take
ownership, before I could reset it.

On Tue, May 15, 2012 at 10:18 AM, Michael Leone  wrote:
> Dunno why I seem to be having so much trouble with this. I want to
> turn on inheritance on a user home folder. It already has all the
> permissions I want it to have, the only problems is that inheritance
> is turned off, so new files/folders aren't getting those permissions.
>
> I thought that
>
> icacls  /I:e /T
>
> would do it, based on what I found on web searches.  But what happens
> is that the permissions are doubled - one set listing as "not
> inherited", and then the same permissions again, this time listed as
> properly inheriting from above.
>
> So what am I doing wrong? I've tried without the /T, to no effect. Do
> I need to "/reset /T /C", to remove all explicit permissions, then
> "/I:e /T" to have it inherit? because then I would need to add in the
> user explicitly again, and set the user to be owner.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

ICACLS question

2012-05-15 Thread Michael Leone

Dunno why I seem to be having so much trouble with this. I want to
turn on inheritance on a user home folder. It already has all the
permissions I want it to have, the only problems is that inheritance
is turned off, so new files/folders aren't getting those permissions.

I thought that

icacls  /I:e /T

would do it, based on what I found on web searches.  But what happens
is that the permissions are doubled - one set listing as "not
inherited", and then the same permissions again, this time listed as
properly inheriting from above.

So what am I doing wrong? I've tried without the /T, to no effect. Do
I need to "/reset /T /C", to remove all explicit permissions, then
"/I:e /T" to have it inherit? because then I would need to add in the
user explicitly again, and set the user to be owner.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Help w/DNS MX records

2012-05-15 Thread Richard McClary

Thank you...

Well, there is a mix of things...  The first record should have been (I left 
out a trailing dot on the RHS for MX):

faxcore1.mwro.  MX 10   faxcore1.mwro.aspca.org.

The trailing dots on the LHS were there from when records including Faxcore 
were imported first from AT&T (which may have put them in somewhat 
automatically in their web interface) to Internap, and then from Internap to 
Cogent.

On the second record, since the trailing dots were there for MX records for 
faxcore1.mwro, I added one for the faxcore2.mwro record.

SO, to summarize, before my next test, I should:

1. Leave the trailing dot on the RHS for the MX record data, and

2. Delete the trailing dot on the LHS for both MX records (although all was 
working despite the LHS trailing dot when there was only one record)?

Once verified that the LHS dots are indeed a problem, I'll make the DNS changes 
and try again.  I'll then let you know.

Thanks again!
--
richard

-Original Message-
From: Ben Scott [mailto:mailvor...@gmail.com] 
Sent: Tuesday, May 15, 2012 8:23 AM
To: NT System Admin Issues
Subject: Re: Help w/DNS MX records

On Tue, May 15, 2012 at 8:53 AM, Richard McClary
 wrote:
> Currently, we have these DNS entries with Cogent:
> faxcore1.mwro A 63.85.204.151
> faxcore1.mwro.    MX  10  faxcore1.mwro.aspca.org

  What's with the trailing dot at the end of the LHS (left hand side)
of the second record?

  The above two records -- as given -- likely describe two different
domain names.

  The first record's LHS is a relative name .  You
don't give the origin, but if the origin is , then the
FQDN would be 

  The second record's LHS is an FQDN .  Full stop,
nothing more.  So the top-level domain (akin to ) would be
, which is not registered.  It's very unusual to have that in a
public-facing DNS server.  It generally doesn't work.

  Is that dot really there?  Or is it a typo in your transcription?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to AnimalsÂ® (ASPCAÂ®) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Help w/DNS MX records

2012-05-15 Thread Ben Scott

On Tue, May 15, 2012 at 8:53 AM, Richard McClary
 wrote:
> Currently, we have these DNS entries with Cogent:
> faxcore1.mwro A 63.85.204.151
> faxcore1.mwro.    MX  10  faxcore1.mwro.aspca.org

  What's with the trailing dot at the end of the LHS (left hand side)
of the second record?

  The above two records -- as given -- likely describe two different
domain names.

  The first record's LHS is a relative name .  You
don't give the origin, but if the origin is , then the
FQDN would be 

  The second record's LHS is an FQDN .  Full stop,
nothing more.  So the top-level domain (akin to ) would be
, which is not registered.  It's very unusual to have that in a
public-facing DNS server.  It generally doesn't work.

  Is that dot really there?  Or is it a typo in your transcription?

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Help w/DNS MX records

2012-05-15 Thread Richard McClary

Something I later figured out might not work (last few lines below)...

I simply disabled the firewall policy enabling mail traffic through the 
Illinois firewall.  My guess is, since there was an internet connection to 
Illinois, and the policy was disabled for fewer than, say, 10 minutes (more 
like 5), it was a poor test as DNS was still directing mail to the higher 
priority address.

Thanks!
--
richard

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Tuesday, May 15, 2012 8:01 AM
To: NT System Admin Issues
Subject: RE: Help w/DNS MX records

What did you do to test the pathway into NYC?

From: Richard McClary [mailto:richard.mccl...@aspca.org]
Sent: Tuesday, May 15, 2012 8:53 AM
To: NT System Admin Issues
Subject: Help w/DNS MX records

Greetings!

We have an email-to fax gateway (Faxcore).  Our email system is hosted Exchange 
(Perimeter), and our external DNS is hosted by Cogent.

The external FQDN for the gateway is "faxcore1.mwro.aspca.org".  There is an MX 
record for "faxcore1.mwro." with the data entry "faxcore1.mwro.aspca.org."  
(priority of 10).  This is MIP'd in through our firewall to the IP address for 
"faxcore1.aspca.local".  There is an MX record "faxcore1.aspca.local".

We send faxes, either through the user's Exchange client or through a scripted 
reports system, to "[Phone_Number]@faxcore1.mwro.aspca.org".  Mail leaves our 
network, is processed by the Perimeter system, and mail meant for faxcore1 is 
delivered to the gateway through the MIP'd port in the firewall.  The gateway 
then processes the mail, digitized it, dials the recipient's fax machine , and 
all is well (barring other problems).

We are in Illinois.  We have a WAN cloud to our NYC offices.

Now, regarding "other problems"...   We had a 25 hour internet outage a month 
ago.  Internet traffic was re-routed into the WAN cloud, so much of what we 
needed from the internet was available.  However, with the internet connection 
"broken", all our MIP'd DNS entries had no way back into our firewall.

We are trying to alter things so that, if the Illinois firewall is down, 
Faxcore traffic is re-directed to an NYC firewall and come to Illinois via the 
WAN cloud.

Currently, we have these DNS entries with Cogent:

faxcore1.mwro A 63.85.204.151
faxcore1.mwro.MX  10  faxcore1.mwro.aspca.org

(this works when the Illinois internet connection is up)
I've added:

faxcore2.mwro A 38.96.187231
faxcore1.mwro.MX  20  faxcore2.mwro.aspca.org.

The NYC firewall has the 38.x.x.x address MIP'd and has the same policy 
settings as the Illinois firewall.

Now to test...
I disable the Faxcore policy in the Illinois firewall.  I'd like to think that 
mail routing would then use the MX record with the lower priority and try 
sending it through NYC.  NOPE!  Messages do not make it to Faxcore to be 
processed.  I see no traffic through the NYC firewall.  (FWIW, I've also added 
an MX record, priority 25, for faxcore2.aspca.local. .)

After 5 minutes or so (as Faxcore is a production machine sending out about 100 
or so medical records per day), I re-enable the Faxcore policy on the Illinois 
firewall.  The test faxes soon arrive once Illinois is back accepting traffic.

So, if I could get some assistance, I figure at least one of the following:


1.   I do not have MX records set properly

2.   Mail traffic is not going to NYC because the Illinois firewall is 
accepting internet traffic (but is blocking mail)

Anything else?  That 25-hour internet outage made for a really bad back-log for 
our Client Services group to sort through, re-send, contacting clients, etc...

Thanks!
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL 61802
richard.mccl...@aspca.org
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com

Re: Cisco PBXs

2012-05-15 Thread Ben Scott

On Tue, May 15, 2012 at 8:33 AM, Ben Scott  wrote:
>> Does anybody know if there are various models of the
>> same pbx for various countries ?
>
>  I have zero experience with Cisco in particular, but I know in
> general, phone hardware varies a lot from country to country.

  I should probably qualify that to say that it is possible for a
manufacturer to produce hardware that works with more than one
country's telephone system.  So while Cisco may produce different
equipment for England vs Italy, it is also possible they produce
equipment that works in both.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Help w/DNS MX records

2012-05-15 Thread Michael B. Smith

What did you do to test the pathway into NYC?

From: Richard McClary [mailto:richard.mccl...@aspca.org]
Sent: Tuesday, May 15, 2012 8:53 AM
To: NT System Admin Issues
Subject: Help w/DNS MX records

Greetings!

We have an email-to fax gateway (Faxcore).  Our email system is hosted Exchange 
(Perimeter), and our external DNS is hosted by Cogent.

The external FQDN for the gateway is "faxcore1.mwro.aspca.org".  There is an MX 
record for "faxcore1.mwro." with the data entry "faxcore1.mwro.aspca.org."  
(priority of 10).  This is MIP'd in through our firewall to the IP address for 
"faxcore1.aspca.local".  There is an MX record "faxcore1.aspca.local".

We send faxes, either through the user's Exchange client or through a scripted 
reports system, to "[Phone_Number]@faxcore1.mwro.aspca.org".  Mail leaves our 
network, is processed by the Perimeter system, and mail meant for faxcore1 is 
delivered to the gateway through the MIP'd port in the firewall.  The gateway 
then processes the mail, digitized it, dials the recipient's fax machine , and 
all is well (barring other problems).

We are in Illinois.  We have a WAN cloud to our NYC offices.

Now, regarding "other problems"...   We had a 25 hour internet outage a month 
ago.  Internet traffic was re-routed into the WAN cloud, so much of what we 
needed from the internet was available.  However, with the internet connection 
"broken", all our MIP'd DNS entries had no way back into our firewall.

We are trying to alter things so that, if the Illinois firewall is down, 
Faxcore traffic is re-directed to an NYC firewall and come to Illinois via the 
WAN cloud.

Currently, we have these DNS entries with Cogent:

faxcore1.mwro A 63.85.204.151
faxcore1.mwro.MX  10  faxcore1.mwro.aspca.org

(this works when the Illinois internet connection is up)
I've added:

faxcore2.mwro A 38.96.187231
faxcore1.mwro.MX  20  faxcore2.mwro.aspca.org.

The NYC firewall has the 38.x.x.x address MIP'd and has the same policy 
settings as the Illinois firewall.

Now to test...
I disable the Faxcore policy in the Illinois firewall.  I'd like to think that 
mail routing would then use the MX record with the lower priority and try 
sending it through NYC.  NOPE!  Messages do not make it to Faxcore to be 
processed.  I see no traffic through the NYC firewall.  (FWIW, I've also added 
an MX record, priority 25, for faxcore2.aspca.local. .)

After 5 minutes or so (as Faxcore is a production machine sending out about 100 
or so medical records per day), I re-enable the Faxcore policy on the Illinois 
firewall.  The test faxes soon arrive once Illinois is back accepting traffic.

So, if I could get some assistance, I figure at least one of the following:

1.   I do not have MX records set properly

2.   Mail traffic is not going to NYC because the Illinois firewall is 
accepting internet traffic (but is blocking mail)

Anything else?  That 25-hour internet outage made for a really bad back-log for 
our Client Services group to sort through, re-send, contacting clients, etc...

Thanks!
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL 61802
richard.mccl...@aspca.org
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org

The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to Animals(r) (ASPCA(r)) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Exchange Dag mailbox issue

2012-05-15 Thread Michael B. Smith

My initial guess would be that it has something to do with your configuration 
of Send connectors and Receive connectors OR that you don't have AD Sites fully 
configured in AD Sites & Services.

From: Greg Olson [mailto:gol...@markettools.com]
Sent: Monday, May 14, 2012 8:36 PM
To: NT System Admin Issues
Subject: Exchange Dag mailbox issue

HI All,
I've got a small issue I've been working on with no luck in resolving so far. I 
have two Exchange servers setup in a dag group. One server is in Site A in SF, 
the other server in Site B in San Jose. Both sites have a cas server (Separate 
in SF, added on the same Exchange box in SJ as its DR only). When I fail over a 
mailbox store from SF to SJ, it appears to go fine, and all the Outlook clients 
get re-homes, and the client can send to each other and outside, but all 
incoming mail which is still coming inbound to the Cas server in SF, is just 
backup up in the Exchange que, and not being redirected over. Is there 
something I have to do manually? I though as long as the CAs server was up it 
would handle the switch over on its own? When I fail it back, everything gets 
delivered ok.

All servers are Exchange 2010 SP 1 with CU6

Thanks for any help in advance.
-Greg

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Help w/DNS MX records

2012-05-15 Thread Richard McClary

Greetings!

We have an email-to fax gateway (Faxcore).  Our email system is hosted Exchange 
(Perimeter), and our external DNS is hosted by Cogent.

The external FQDN for the gateway is "faxcore1.mwro.aspca.org".  There is an MX 
record for "faxcore1.mwro." with the data entry "faxcore1.mwro.aspca.org."  
(priority of 10).  This is MIP'd in through our firewall to the IP address for 
"faxcore1.aspca.local".  There is an MX record "faxcore1.aspca.local".

We send faxes, either through the user's Exchange client or through a scripted 
reports system, to "[Phone_Number]@faxcore1.mwro.aspca.org".  Mail leaves our 
network, is processed by the Perimeter system, and mail meant for faxcore1 is 
delivered to the gateway through the MIP'd port in the firewall.  The gateway 
then processes the mail, digitized it, dials the recipient's fax machine , and 
all is well (barring other problems).

We are in Illinois.  We have a WAN cloud to our NYC offices.

Now, regarding "other problems"...   We had a 25 hour internet outage a month 
ago.  Internet traffic was re-routed into the WAN cloud, so much of what we 
needed from the internet was available.  However, with the internet connection 
"broken", all our MIP'd DNS entries had no way back into our firewall.

We are trying to alter things so that, if the Illinois firewall is down, 
Faxcore traffic is re-directed to an NYC firewall and come to Illinois via the 
WAN cloud.

Currently, we have these DNS entries with Cogent:

faxcore1.mwro A 63.85.204.151
faxcore1.mwro.MX  10  faxcore1.mwro.aspca.org

(this works when the Illinois internet connection is up)
I've added:

faxcore2.mwro A 38.96.187231
faxcore1.mwro.MX  20  faxcore2.mwro.aspca.org.

The NYC firewall has the 38.x.x.x address MIP'd and has the same policy 
settings as the Illinois firewall.

Now to test...
I disable the Faxcore policy in the Illinois firewall.  I'd like to think that 
mail routing would then use the MX record with the lower priority and try 
sending it through NYC.  NOPE!  Messages do not make it to Faxcore to be 
processed.  I see no traffic through the NYC firewall.  (FWIW, I've also added 
an MX record, priority 25, for faxcore2.aspca.local. .)

After 5 minutes or so (as Faxcore is a production machine sending out about 100 
or so medical records per day), I re-enable the Faxcore policy on the Illinois 
firewall.  The test faxes soon arrive once Illinois is back accepting traffic.

So, if I could get some assistance, I figure at least one of the following:


1.   I do not have MX records set properly

2.   Mail traffic is not going to NYC because the Illinois firewall is 
accepting internet traffic (but is blocking mail)

Anything else?  That 25-hour internet outage made for a really bad back-log for 
our Client Services group to sort through, re-send, contacting clients, etc...

Thanks!
--
Richard D. McClary
Jr Infrastructure Architect, Information Technology Group
ASPCA(r)
1717 S. Philo Rd, Ste 36
Urbana, IL 61802
richard.mccl...@aspca.org
P: 217-337-9761
C: 217-417-1182
F: 217-337-9761
www.aspca.org



The information contained in this e-mail, and any attachments hereto, is from 
The American Society for the Prevention of Cruelty to AnimalsÂ® (ASPCAÂ®) and 
is intended only for use by the addressee(s) named herein and may contain 
legally privileged and/or confidential information. If you are not the intended 
recipient of this e-mail, you are hereby notified that any dissemination, 
distribution, copying or use of the contents of this e-mail, and any 
attachments hereto, is strictly prohibited. If you have received this e-mail in 
error, please immediately notify me by reply email and permanently delete the 
original and any copy of this e-mail and any printout thereof.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cisco PBXs

2012-05-15 Thread Ben Scott

On Tue, May 15, 2012 at 1:51 AM, HELP_PC  wrote:
> Does anybody know if there are various models of the
> same pbx for various countries ?
>
> I received one from a Corporate (sent from USA or
> England to Italy) but I get all non-digital calls rejected.

  I have zero experience with Cisco in particular, but I know in
general, phone hardware varies a lot from country to country.
Sometimes manufacturers produce entirely different models of PBX for
different countries.  Sometimes manufacturers produce one universal
model of PBX, but different option cards to go in them.

> I don’t know if it is a matter of configuration or other

  Could be both.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cisco PBXs

2012-05-15 Thread Graeme Carstairs

Ok,


That will be running CME and those are beyond my level of expertise.

But what I do know about them is that if you are on an ISDN input the ISDN
has to be confiured correclty on the the ISR to match your countries ISDN
(not all ISDNS are equal)

the units we work with the UC500 series are basically a bundled ISR with
Call Manager Express (CME) and Unity Expres (CUE) running on them, and sold
as an appliance.

I know that there are specific config steps on the ISDN2 Versions and the
T1/E1 versions depending on which country you are in.

the software used to config the UC system is supposed to set the country
specific ISDN stuff up when you tell it what country you are in, but with
the ISR, the CME config will be done from CLI.

You will need someone who is trained on these units to config them via CLI,
and Cisco would suggest you get a local authorised partner to do it for you.

Your parent company in the US should have appropraitely trained staff on
board, or access to a partner who should be able to help.

Graeme


On 15 May 2012 10:58, HELP_PC  wrote:

>  I am asking details to my IT in Genova and I'll let you know
>
> Is a 2951 Integrated service router
>
> The problem is that a call from outside ,if not coming from a pure digital
> source gets fast busy as response
>
> (i.e analog phone from a ISDN line)
>
>
>
>
>  --
> *Da:* Graeme Carstairs [loonyto...@gmail.com]
> *Inviato:* martedì 15 maggio 2012 10.07
> *A:* NT System Admin Issues
> *Oggetto:* Re: Cisco PBXs
>
>  hi There,
>
>  We sell and support cisco Small Business PBX systems the UC500 series
> adn Business Eddition 3000 series.
>
>  With these units the basic unit is the same no matter which country, the
> difference in the country code on the part code is down to the power supply
> or power cable you get.
>
>
>  What unit is it you have and what interface are you using to connect to
> the telephone network. ISDN, POTS, T1/E1 or SIP
>
>  Graeme
>
>
> On 15 May 2012 06:51, HELP_PC  wrote:
>
>> **
>>
>> Does anybody know if there are various models of the same pbx for various
>> countries ?
>>
>> 
>>
>> I received one from a Corporate (sent from **USA** or **England** to 
>> Italy)  but I get all non-digital calls rejected.
>>
>> I don’t know if it is a matter of configuration or other
>>
>> 
>>
>> TIA
>>
>> 
>>
>> *Guido Elia*
>>
>> *HELPPC - HELPPC SERVICE***
>>
>> 
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>
>
>  --
> Good news everyone, you have just received an e-mail from me!
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Good news everyone, you have just received an e-mail from me!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Cisco PBXs

2012-05-15 Thread Graeme Carstairs

hi There,

We sell and support cisco Small Business PBX systems the UC500 series adn
Business Eddition 3000 series.

With these units the basic unit is the same no matter which country, the
difference in the country code on the part code is down to the power supply
or power cable you get.


What unit is it you have and what interface are you using to connect to
the telephone network. ISDN, POTS, T1/E1 or SIP

Graeme


On 15 May 2012 06:51, HELP_PC  wrote:

> **
>
> Does anybody know if there are various models of the same pbx for various
> countries ?
>
> ** **
>
> I received one from a Corporate (sent from **USA** or ** England** to 
> Italy)  but I get all non-digital calls rejected.
>
> I don’t know if it is a matter of configuration or other
>
> ** **
>
> TIA
>
> ** **
>
> *Guido Elia*
>
> *HELPPC - HELPPC SERVICE***
>
> ** **
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Good news everyone, you have just received an e-mail from me!

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Help w/DNS MX records

Re: Personal Gmail and Blocking user from attaching documents.

Re: Help w/DNS MX records

Re: Help w/DNS MX records

Re: Personal Gmail and Blocking user from attaching documents.

Re: Personal Gmail and Blocking user from attaching documents.

Re: Personal Gmail and Blocking user from attaching documents.

Re: ICACLS question

ICACLS question

RE: Help w/DNS MX records

Re: Help w/DNS MX records

RE: Help w/DNS MX records

Re: Cisco PBXs

RE: Help w/DNS MX records

RE: Exchange Dag mailbox issue

Help w/DNS MX records

Re: Cisco PBXs

Re: Cisco PBXs

Re: Cisco PBXs

19 matches

Site Navigation

Mail list logo

Footer information