Archive for April, 2006

Thunderbird 101

Saturday, April 29th, 2006

<p “=”">Email Setup

The primary feature of Thunderbird is the email client, here we will setup a new email account step by step.

  1. Open Thunderbird and from the menu bar choose the File menu. From there select New, and Mail Account…
  2. You will then be provided with a drop down sheet that allows you to fill in the information fields Your Name, Email Address and Password. Press Continue. This will start an email set up wizard that will parse the domain information from the provided email address and look up the MX server.
  3. If it can isolate that information it will set the incoming and outgoing server. If it cannot find that information it will place its best guess in front of the email domain. Success or fail Thunderbird will show its information in an expanded section of the sheet and allow you to correct its information. TAKE NOTE This is the section where you pick whether the incoming mail is POP or IMAP. Under most circumstances we will wish to choose IMAP. POP is limited in its features and is usually not chosen. Once the settings have been correct you need to press the Re-Test button in order to Complete the setup.

Manual Setup. If you don’t want to make use of the set up wizard you can press the manual setup button and it will bypass the auto configure tool and allow whatever settings you specify.

Advanced Setup. Choosing advanced set up button will yield the same sheet as choosing Tools and Account Settings then Server Settings

<p “=”">Settings Specific to Google Mail.

Google mail does not provide true IMAP connections. Meaning that an email application with an IMAP connection sends commands to the IMAP server and expects the server to move messages to different mbox files that represent folders. In Google Mail the server holds the messages in a different data base and provides an IMAP interface for convenience, BUT this also means there can be complications when a mail program tries to do operations that don’t make sense for google. Disable Sent Mail Storage. Modern IMAP capable mail programs have an automated process that will copy a message when it is sent to a folder either on the server or on a local drive. Google Mail does not require this because the message is held in a database and simply acquires the flag Sent Message. If you do not disable this feature on the mail client you will get multiple copies of each sent message and fill up the database faster.

Disable Drafts storage on the server. Google mail will make save copies of each draft message as you add text to it. This can cause an issue where your email program sees these saved versions and will attempt to download them. This creates some confusion on the part of the program and you can get a lot of duplicate drafts. Folders vs. Labels. Google mail does not have folders, it has labels. These are database tags that allow you to filter the mail store. When you click on a label in the web interface for google mail you are filtering through all of the mail messages to display the messages that meet your filter. This means that single message can have more than one tag and there fore show up in more than one filtered search. IMAP mail clients only understand folders so you can have situations where you have one or more email messages that show up in more than one folder. This is still one message but the mail client doesn’t know how to handle it. Some clients have made the mistake of throwing out the message in one “folder” and expecting it to stay in the other “folder” when the delete operation has removed it from the database and it disappears.

<p “=”">Exchange Setup

Thunderbird has no specific settings for exchange. You must have the IMAP connector and SMTP connector active in Exchange to even set up the account. The auto setup program will query the exchange server and will likely get the exchange set up information in stead of the imap address. So it is prudent to review the information or manually setup. So it is prudent to review the information or manually setup

Custom Function to Determine if a Windows Exists in FileMaker

Tuesday, April 11th, 2006

Name: f_winExists

Parameter: WindName

Code:

Position ( ¶ & WindowNames & ¶ ; ¶ & WindName & ¶ ;1 ; 1 ) > 0

This will return a boolean value

For the parameter, you can pass it the window name you’re looking for in a script paramter.

Use of this function will prevent you from opening more than one window from the same file when used with good navigational scripting.

Blocking Outbound AIM/iChat Clients

Tuesday, April 11th, 2006

NOTE: The principles outlined here can be applied for other chat services such as MSN and Yahoo.

Requirements
* SonicOS Enhanced (can also be done with SonicOS Standard, but this article only speaks to the Enhanced configurations).
* Internal DNS server

Blocking iChat
First, determine the range of IP addresses that login.oscar.aol.com resolves to,
and add them as Address Objects in the SonicWALL. You can combine them into an Address Object Group called “AIM Servers”. Here are the known IP addresses as of this article’s writing:

64.12.161.153
64.12.161.185
64.12.200.89
205.188.153.121
205.188.179.233

For good measure, you can block the entire block of IPs just to be sure.

Add a Deny firewall rule to the SonicWALL, preventing traffic from the
LAN Subnet to the AIM Servers Address Object Group.

If your LAN clients use a local server for DNS, you can create an entry on the DNS server for login.oscar.aol.com, forcing logins to go through a specific IP address that is in the AIM Servers group.

Exceptions
Inevitably, there will be executives and other users who need to use the AIM service. It is possible to configure the router and other systems to accommodate these privileged users. Be sure to see the Caveats section below, however.

Add a static IP address for the AIM-allowed users’ computer’s MAC addresses (AirPort and Ethernet) and group them all into an address object group called AIM-Allowed IPs.

Add an Allow firewall rule to the SonicWALL, allowing traffic from the
group of AIM-Allowed IPs to the AIM Servers group, making sure that this rule has a higher priority than the Deny rule.

Caveats
This is far from unbreakable as you might imagine. Most of them would
require more technical knowledge than the users possess. Some possible
problems with this approach:

1. Connect via a remote proxy server. This is probably the most obvious choice since these settings are configurable in iChat and other AIM clients.
2. If AOL changes the server IP for processing logins, permitted AIM users may no longer be unable to connect, or users may be able to type an IP address that is not restricted and gain a connection.
3. If permitted AIM users change computers, you will need to change the MAC address in the static DHCP rule for those users.
4. If somebody spoofs a permitted AIM user’s MAC address, they will be able to gain AIM access.
5. If e-mail is hosted in-house, you will need to take care to manage the MX records accurately for the aol.com domain, and change them when necessary.

Choosing the Right Web Host

Monday, April 10th, 2006

Managing Your Hosting Environment

When you start a new hosting environment, you will probably handle many of the tasks that you will likely want your clients to handle later down the road. There are many products that help to ease the administrative burden of a shared hosting environment. These products empower users of your services to create their own accounts and perform other administrative tasks using easy to navigate web portals.

• cPanel and Plesk are server management software solutions designed to allow administrators to create Reseller accounts, Domain accounts and email features. Administrators have the ability to assign users rights to various aspects of their hosting environment. This saves time for the hosting provider and allows for clients to receive a wider variety of features without the hosting provider having to set these up for each individual client. These include web support, adding features to web sites, domain control, DNS control, email account control, spam filtering, virus filtering and other features. While cPanel and Plesk are not the only products that allow for these types of functions they have risen to be what most sites now use.
• Webmin is an open source solution that allows for managing web sites, DNS, email, spam filtering and virus filtering from a web portal. Webmin is not meant specifically to be used in a web hosting environment but can be used to obtain some of the features that are available in the commercial packages, cPanel and Plesk.

One of the main reasons that many web-hosting ventures don’t work out is support. When we think of supporting clients in a web-hosting environment we typically think of the phone calls where we help the clients troubleshoot FTP, Mail and web issues. But the overall level of support that you provide for your clients also includes setting up email accounts, web features and other settings that they can setup themselves. The first time they need to do this they may call, but if you have a support department that is dedicated to helping them use the tools that you can provide them then you can drastically cut down the support calls you receive.

Rather than just offer tools that help users on a technical level, the makers of Plesk also offers tools to help run your entire web hosting company. HSPcomplete integrates billing, provisioning and marketing using control panels that integrate with their Plesk control panel. If you are planning on moving from simple web hosting and into colocation for clients, you can use PEM to manage an entire data center.

Network Bandwidth Monitoring enables network administrators to identify how their network is being used. This allows for the optimization or blocking of certain network services that are creating bottlenecks. By monitoring bandwidth, web hosts are also able to plan for the future development of their network services.

Securing Your Hosting Environment
Many hosting environments are started using a single server that is plugged directly into a network port provided by a colocation company. Over time, new servers are added but the need for a firewall to protect these servers is often overlooked. Many administrators will choose to use the firewall that is built into their servers rather than a physical firewall. Once you have a multi-server environment it is going to become important to start considering your network architecture and the security of this network. This includes patch management, firewalling, intrusion detection and security audits.

A network security system designed to identify intrusive or malicious behavior via monitoring of network activity. The Network Intrusion Detection Systems (NIDS) identify suspicious patterns that may indicate an attempt to attack, break in to, or otherwise compromise a system. Many networks have a hard exterior that is tough to penetrate. Many companies have invested time and manpower to make the perimeter of their network as secure as possible using firewalls. In this scenario, if a single system is compromised, it is often easy for attackers to exploit other systems on the network. Host based Intrusion Detection Systems (IDS) help to mitigate this by scanning network traffic for known attacks.

If you are processing credit card transactions then at some point you are likely to go through an automated security audit using an application like Nessus, so the bank can limit their risk to legal ramifications of data theft. Whether required or not, security audits can help organizations ensure that they are meeting security best practice minimums.

Contingency planning is a critical aspect of security. Implementing industry standard tiered storage and backup procedures help ensure that your data is fully redundant. Disaster recovery goes beyond backup and requires you to ask many questions about what you would do in certain situations. Many organizations have redundant hardware, the software required to restore in case of a failure, and redundant locations that ensure their clients the 99.999% uptime that many organizations now require in their Service Level Agreements.

Whether you are just getting started, adding new servers to your hosting environment, switching to a new colocation facility or bringing your servers in house, Three18 can help you. You are not alone. We have been there many times over and can work with you to define the systems and procedures that will get your hosting environment profitable, secure and stable.