In case the IPMI system on a Supermicro system is unresponsive, but you are still able to log into the main server, you can issue the following command(s) to reset the IPMI: # load the necessary modules (optional) sudo modprobe ipmi_si sudo modprobe ipmi_devintf # reset the IPMI sudo ipmitool mc reset cold # remove all the modules sudo rmmod ipmi_devintf sudo rmmod ipmi_si

In case you are a CLI junkie as myself and want to restore some files from a time maschine backup manually with the CLI (or using the finder), you will notice that the restored files cannot be changed. The restored files are copied with an ACL on the time machine backup witch prevents changes to those files. You need to remove the ACL from the restored files: chmod -R -N restored-files/

This is an update to the checklist to create a prefect mailout server: Original Checklist Setup DMARC DNS Record to receive mail delivery reports https://www.unlocktheinbox.com/dmarcwizard/ btw: I Just started adding all those settings to my own domain too. Google DKIM signing is still waiting for DNS propagation.

We are currently trying out the cloudflare service to protect one of our company service. In front of this service we are using haproxy as SSL endpoint and loadbalancer. Cloudflare adds a number of custom headers((http://www.linuxorz.com/2014/10/cloudflare-haproxy-get-real-ip/)): _SERVER["HTTP_CF_IPCOUNTRY"] CN _SERVER["HTTP_CF_RAY"] 17da8155355b0520-SEA _SERVER["HTTP_CF_VISITOR"] {"scheme":"http"} _SERVER["HTTP_CF_CONNECTING_IP"] XX.YY.ZZ.00 In order to extract the original client IP in the X_FORWARDD_FOR header, you need to use the following configuration((http://permalink.gmane.org/gmane.comp.web.haproxy/12019)) in haproxy: acl FROM_CLOUDFLARE src -f /etc/haproxy/cf-ips-v4 reqidel ^X-Forwarded-For:.

If you come across the situation, that your java programs are not able to connect to ssl encrypted services, it might be most likely that the java cacerts keystore is empty or not uptodate. This might also be due to a bug in the java (or ca-certificate-java) package ((https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1396760)). In order to fix the issue, you can run: sudo /var/lib/dpkg/info/ca-certificates-java.postinst configure

If you are using Cisco ASA, you most likely will also have certificate(s) installed. This is what you need to pay attention to (Version 9.1, higher versions might behave differently):

Create the DKIM DNS Record: http://www.dnswatch.info/dkim/create-dns-record Create the SPF Record: http://www.spfwizard.net/ Do not forget to add a PTR record at your provider! Verify the settings: Authentication Checker Use this command: mail -r xyz@domainthatshouldbeverified.com -s 'testerl vom roman' check-auth-myname=domain.at@verifier.port25.com< And some more information if your domain is hosting email at Google: https://support.google.com/a/answer/178723?hl=en https://support.google.com/a/answer/174124?hl=en Update 2018-01-25: Update port25 authentication checker URL

Update: 2014/01/17: Again a few weeks have past without finishing the article. So I’m going to publish it anyway even it it is unfinished work yet. I also disabled OCSP Stapling again. I’m using StartSSL and I’ve had some issues with their OCSP website. Also the nginx implementation is still not “mature” (see: http://nginx.org/patches/attic/ocsp-stapling/README.txt). There are some limitations for less used sites e.g. the OCSP stapling information is stored for each worker.

In the last week I was tweaking the logging setup of our Cisco ASA firewalls at work and find out why it didn’t work in the first place and how to disable “unneeded” messages. Again this post is nothing you won’t somewhere on the Internet or in the Cisco Documentation or by cafefully looking the ASDM interface. First you need to setup to which server you are want to log. The settings should be pretty straight forward.