|
Hello all. I wanted to repost this with some more info that will hopefully help understand my question a little better. Please see screenshots links a the bottom of post.
Our email program needs to connect and send mail using MS O365 accounts and the TLS protocol for security reasons with port 587. For testing, I used TELNET to the O365 STMP server using port 587, the EHLO command and starting TLS using the STARTTLS command but that is far as I can get. After that, anything I do just sits there and no more responses from the server. I am trying to figure login commands at this point, which I researched from Google but didn't seem to work, much less anything else. A set of connection rules I found about TLS here on Code Project is the list below. If I need to, I can send a screenshot of what the TELNET session looks like to help out. Any help would be very appreciated. Thanks!
1. The client connects to the server using TCP.
2. The server sends a welcome message using the un-encrypted connection to the client.
3. The client sends a EHLO command using the un-encrypted connection to the server.
4. The server responds to the EHLO command using the un-encrypted connection.
5. The client sends a STARTTLS command using the un-encrypted connection to the server.
6. The server responds to the STARTTLS command using the un-encrypted connection.
7. The client negotiates an encrypted connection with the server.
8. The client sends a EHLO command using the encrypted connection to the server.
9. The server responds to the EHLO command using the encrypted connection.
A) This first image is how I TELNET to email server for testing purposes. In the program, we use SMTP sockets to do the same thing: Image 3
B) This next one is a normal SMTP screen using port 25 (NO TLS) and connects successfully: Image 1
C) Last screenshot is my TELNET attempt to TLS protocol in which I am stuck on what to do next after successfully starting the TLS sever: Image 4
modified 31-Oct-19 14:09pm.
|
|
|
|
|
If you are going to be running this from your main office or even several offices/places that have a Static IP or FQDN that uses Dynamic DNS, why not add a Receive Connector to your Office 365 Portal.
Login to Office 365 Portal[^] with your Admin Credentials -
Click Admin -> Admin centers -> Exchange -> mail flow -> connectors.
Click + (New) -> From: Partner organization To: Office 365 -> Next -> Name: Bruce (what ever) -> Next -> Use the sender's IP address -> Next -> + (Add IP) 1.2.3.4 -> OK -> Next -> Select Security restrictions and click your way through.
You should be able to side step TLS and still be somewhat secured through the connector.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
Hi
We have using Essl K20 BioMetric System.
And device is connected Using TCP LAN and maintain data in Access DB, The Data transfer more difficult from device.
Each Time we download from etimetrack Desktop App.
And now we need to transfer data automatically to PC with out manual download.
Any possible way for this?
|
|
|
|
|
You're going to need to check the documentation on the device API to find out if that's possible.
I would suggest that you also contact the manufacturer; they may have different firmware builds that do what you want, even if it's not normally possible with the mass-production build.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Our DHCP servers are in dire need of the names of the Scopes to be updated with a new "naming convention".
I've exported the entire thing as XML (via PS).
If I edit the Scope names, can I import the newly edited XML to change nothing but the names? Everything else is remaining the same.
Or will it balk and say the Scope already exists (I assume it checks via the ScopeID) and do nothing?
Yes, I could probably just delete everything, and import the whole kitnkaboodle, but I'm wondering if just a name update is possible.
EDIT: In case anyone ever needs to know, importing scopes will NOT just update existing scopes. It will skip them as already existing, and just add any new ones.
modified 25-Sep-19 4:14am.
|
|
|
|
|
Due to peer pressure and lack of time.. I installed "hide.me" VPN on my machine... break the networking..
Then I unsinstalled it...
Now every second time I reboot I got no network... can't even contact my router on 192.168.0.1...
I check all the adapter properties, everything is on autodetect...
What could be wrong? Any idea?! :'(
I might have limited my router to accept only some MAC address... but wy would it work every second time?!
I googled Hide.me. They seem legit.. Dunno why it didn't wok on my pc...
[Moved - Ed.]
modified 26-May-19 13:21pm.
|
|
|
|
|
Have a look at the services running.
There may still be a proxy DNS running that was not removed when you removed hide.me(not a piece of software I am familiar with).
Also do you have Acrylic running on your machine? If so this also uses a proxy DNS which can cause issues.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
Thanks, good tip, I am going to take a look!
|
|
|
|
|
|
cool tip too! thanks
|
|
|
|
|
This sometimes works:
Open a CMD prompt as administrator
At the prompt type this:
netsh winsock reset
You'll need to restart after this.
|
|
|
|
|
I'll try tonight when I get home, thanks!
|
|
|
|
|
You installed dishonest software and then complained that things aren't working right?
Social Media - A platform that makes it easier for the crazies to find each other.
Everyone is born right handed. Only the strongest overcome it.
Fight for left-handed rights and hand equality.
|
|
|
|
|
We have a numbered directory for every project, set up automatically when the project is accepted. There is a standard subdirectory tree.
I am constantly finding project directories missing and eventually find them under another directory - someone has carelessly dragged and dropped them. I'm trying to find a solution to stop them (short of committing a major crime).
So far I have thought of changing permissions on the project directory so that only the Administrator can move them, and then changing permissions on all subdirectories so that they are not inherited but Everyone has RW rights.
This will be complicated to do, as staff must, on occasions, be able to create special purpose subdirectories and they will default to inheriting the folder properties.
Is there a better way to lock down directories but allow access to everything below them?
|
|
|
|
|
This is where you need to be using some sort of version control software/system.
By using version control, your directory structure and contents will be versioned which means that it will be easy to trace and restore when anything changes or moves.
I have seen others struggle with the same issue you are describing and they never came to a solution, however as soon as I started working in tightly version controlled environments what you describe was no longer an issue.
You could create one main repository or a repository for each second level directory - the only downside is that it will take a bit to educate people and set it up but it will allow you control and transparency over actions taken of individual files.
“That which can be asserted without evidence, can be dismissed without evidence.”
― Christopher Hitchens
|
|
|
|
|
How many project directories are we talking about? Are these on a Windows Server?
Make each Project Directory a share that is mapped as a separate drive for each user, that will stop the top level directories bsing moved.
Subdirectories can still be faarrrkkkked, but you can use Share/NTFS permissions to limit what users can screw up.
Michael Martin
Australia
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible."
- Mr.Prakash One Fine Saturday. 24/04/2004
|
|
|
|
|
The high-mucky-mucks want people to provide a PIN when printing. Binging (I don't like Googling) shows me how to do it on the desktop on a per-job basis, but we have like 400 printers in the network and they want every one of them to require the user to enter a pin at the printer before the job prints.
Semi-easy, right? But they don't want the user to set up a PIN for each job, they want them to have to use their SmartCard at the printer to kick off the job, i.e. it doesn't start until they are physically at the printer. (Basically, they'd have to "log in" via AD for the job to print.)
Is this possible to configure at the Print Server? Or will we have to configure each printer to require it (like it already does for scanning)?
|
|
|
|
|
Usually you make an inventory of what is possible, instead of making it up and checking if it is at all feasible.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
"If you just follow the bacon Eddy, wherever it leads you, then you won't have to think about politics." -- Some Bell.
|
|
|
|
|
Not in the Government!
|
|
|
|
|
We use a solution from Nuance (NSI) called Output Manager to achieve exactly this, for a similar number of MFPs. We optioned it as part of our MFP contract, it might be worthwhile talking to whomever handles the printer contracting to see if you have access to a tool like that as a part of the contract itself.
If you guys use Scan to Folder, you might already have a tool that can be configured for this purpose.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
I wish. I think they're crazy not to have the printers under contract, like every sensible organization in the world.
But NOooooo. Not contracted; just bought.
|
|
|
|
|
I'am a sysadmin beginner
I need to install some applications like Mailtrain , WordPress and Vtiger CRM.
I want to know :
What are all the services needed (apache ...)?
I want to use MySQL , Can all applications use the same mysql server ?
What is the best linux server that I need (ubuntu vps , other ...) ?
How to secure this new server and it's applications ?
Thanks
|
|
|
|
|
Wow.
Member 14292504 wrote: What are all the services needed (apache ...)?
So, for starters, basically any application that you install should provide a list of dependencies. Most distros will attempt to auto-resolve dependencies, but there might be some (such as your SQL instance or, as you mention httpd) that you want to directly manage.
Member 14292504 wrote: I want to use MySQL , Can all applications use the same mysql server ?
Yes, that's part of the point. The concern is partially capacity, but mostly utilization.
Member 14292504 wrote: What is the best linux server that I need (ubuntu vps , other ...) ?
I suggest CentOS for these purposes. Opinions will obviously vary.
Member 14292504 wrote: How to secure this new server and it's applications ?
I have a one week class that I teach that covers about 1/3 of what it could/should for DoD RMF security compliance for Linux. You're not going to get an adequate summary in a forum post.
But, this being the interwebs and knowing you're unlikely to buy a book:
Assign file/folder permissions based on Least Privilege
Password complexity via PAM Cracklib
Learn to use iptables or firewalld and close everything you aren't actively using
Lock down root, utilize sudoers, and require passwords for sudo
Don't switch SELinux to permissive; learn to use semanage instead
Get a real TLS cert and enforce strong standards (TLS 1.1+, AES256, etc)
Setup an update script with a post-update notification for systemctl --failed
Extra Credit:
If at all possible, containerize all apps
Use a jump box and limit ssh access to that box (no VNC or DM, that's for plebs)
Do not let apps run as root, segment permissions
Learn to leverage AIDE
Encrypted data partitions to avoid side-channel exfiltration
Backup strategy
Logs...dear god don't forget the logs...
By no means take this list as comprehensive; it's the baseline for what I'd consider a "security attentive" system that is exposed to the public internet today.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
|
|
|
|
|
Use should be using nginx on Ubuntu with iptables for security
|
|
|
|
|
How can we verify Email addresses before sending emails?. Generally we can verify email address through Email verify tools. But Im asking it should be done automatically through Mail server or smtp server means it should verify emails addresses automatically before sending email to them .which to avoid sending emails to junk and invalid and blacklisted ..
Please help me ASAP
|
|
|
|