Search Results

Search found 500 results on 20 pages for 'reject'.

Page 11/20 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • How to add exception for backup MX to tumgreyspf?

    - by Waleed Hamra
    I have an Ubuntu raring server running postfix/dovecot as an email server, with tumgreyspf doing greylisting and SPF checks. My problem is that I also have a backup MX server, that is supposed to store my emails temporarily, should my main server ever fails. It usually rejects receiving emails if it finds the main server online and functional. The problem is when it does need to do its job, tumgreyspf rejects all emails from the backup MX with an error like this: Jun 27 16:18:13 hamra postfix/smtpd[28732]: NOQUEUE: reject: RCPT from mxbackup.mydomain.com[x.x.x.x]: 550 5.7.1 <[email protected]>: Recipient address rejected: QUEUE_ID="" SPF Reports: 'SPF fail - not authorized'; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<mxbackup.mydomain.com> any ideas?

    Read the article

  • Limit maximum incoming connections to a port using iptables

    - by Harley
    I have a server that has apache listening on a number of ports. Some ports are used for configuring the server, and another is used to download large files. My problem is that when I have a large number of clients downloading files, the web interface is uncontactable. I would like to limit the number of clients connecting on the "large file" port so that apache always has available connections to configure the server. A REJECT is fine, the client trying to download the file will back off and retry later. Each client only has one connection open to the server at a time, so limiting by IP won't work. I know I could put something in front of apache to manage this, but I'd really like to do it in iptables, without adding more software.

    Read the article

  • How to deal with a CEO making all technical decision but with little technical knowledge ?

    - by anonymous
    Hi, Question posted anonymously for obvious reasons. I am working in a company with a dev group of 5-6 developers, and I am in a situation which I have a hard time dealing with. Every technical choice (language, framework, database, database scheme, configuration scheme, etc...) is decided by the CEO, often without much rationale. It is very hard to modify those choices, and his main argument consists in "I don't like this", even though we propose several alternative with detailed pros/cons. He will also decide to rewrite from scratch our core product without giving a reason why, and he never participates to dev meetings because he considers it makes things slower... I am already looking at alternative job opportunities, but I was wondering if there anything we (the developers) could do to improve the situation. Two examples which shocked me: he will ask us to implement something akin to configuration management, but he reject any existing framework because they are not written in the language he likes (even though the implementation language is irrelevant). He also expects us to be able to write those systems in a couple of days, "because it is very simple". he keeps rewriting from scratch on his own our core product because the current codebase is too bad (codebase whose design was his). We are at our third rewrite in one year, each rewrite worse than the previous one. Things I have tried so far is doing elaborate benchmarks on our product (he keeps complaining that our software is too slow, and justifies rewrites to make it faster), implement solutions with existing products as working proof instead of just making pros/cons charts, etc... But still 90 % of those efforts go to the trashbox (never with any kind of rationale behind he does not like it, again), and often get reprimanded because I don't do exactly as he wants (not realizing that what he wants is impossible).

    Read the article

  • Obscure SPUtility.SendMail Behavior When Manually Passing in Mail Headers

    - by Damon
    There are two ways to send mail in SharePoint: you can either use the mail components from the System.Net namespace, or you can send email using SharePoint's SPUtility.SendMail method.  One of the benefits of the SPUtility.SendMail method is that it uses the mail configuration from SharePoint, so you can manage settings in Central Administration instead of having to go through and modify your web.config file.  SPUtility.SendMail can get the job done, but it's defiantly not as developer friendly as the components from the System.Net namespace.  If you want to CC someone on an email, for example, you do NOT have a nice CC parameter - you have to manually add the CC mail header and pass it into the SPUtility.SendMail method.  I had to do this the other day, and ran into a really obscure issue. If you do NOT pass the headers into the method then SharePoint sends the email using the From Address configured in the Outgoing Mail settings in Central Admin.  If you pass headers into the method, but do not include the from header, then SharePoint sends the mail using the email address of the current user. This can be an issue if your mail server is setup to reject an email from an invalid email address or an email address that is not on your domain.  The way to fix this issue is to always pass in the from header.  If you want to use the configured From address, then you can do the following: SPWebApplication webApp = SPWebApplication.Lookup(new Uri(SPContext.Current.Site.Url)); StringDictionary headers = new StringDictionary(); headers.Add("from", webApp.OutboundMailSenderAddress);

    Read the article

  • postfix-dovecot email sending works with squirrel mail but not with Thunderbird?

    - by Mark S.
    I have setup an intranet email system using postfix, dovecot and squirrel mail, Which is working fine, I can send and receive mail to all users on the system. I presume that the issue is in the postfix configuration, because when I configure Thunderbird to send mail I am getting the following error: An error occurred while sending mail. The mail server responded: 4.1.8 <[email protected]>: Sender address rejected: Domain not found. Please check the message recipient [email protected] and try again. Also here is the relevant syslog entries: NOQUEUE: reject: RCPT from host1.intranetdomain.com [More Information] [192.168.11.1 [More Information] ]: 450 4.1.8 <[email protected]>: Sender address rejected: Domain not found; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<[127.0.0.1 [More Information] ]> I have configured MX records on the DNS server and they respond appropriately when I query them for those MX records, so I do not think that is the issue. I think that my issue is caused by the default configuration of: smtpd_recipient_restrictions = reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination smtpd_sender_restrictions = reject_unknown_sender_domain Since this is on an internal network and it will not be exposed to the internet as a whole which options can I remove safely?

    Read the article

  • Postfix/dovecot remove LDAP user

    - by dove221
    I have to remove or blacklist an LDAP/dovecot user. The authentication is setup from active directory what I cannot manage so I thought there should be a way at least to disable this specific user on the mailserver locally. # Virtual Accoutns - LDAP - MS AD virtual_mailbox_maps = ldap:/etc/postfix/ldap_mailbox_maps.cf virtual_alias_maps = ldap:/etc/postfix/ldap_alias_maps_redirect_true.cf ldap:/etc/postfix/ldap_alias_maps_redirect_false.cf ldap:/etc/postfix/ldap_mailbox _groups.cf virtual_mailbox_domains = domain.com virtual_uid_maps = static:1000 virtual_gid_maps = static:1000 virtual_transport = dovecot dovecot_destination_recipient_limit = 1 Anybody knows how to do it? I followed this guide for disabling 1 user through postfixes access file: http://www.cyberciti.biz/faq/howto-blacklist-reject-sender-email-address/ Unfortunately it doesn't work. It's like the settings stored in LDAP are overruling the access rule. Instead of postfix rejecting the mail it keeps accepting it. Thanks!

    Read the article

  • Forcing the from address when postfix relays over smtp

    - by John Whitlock
    I'm trying to get email reports from our AWS EC2 instances. We're using Exchange Online (part of Microsoft Online Services). I've setup a user account specifically for SMTP relaying, and I've setup Postfix to meet all the requirements to relay messages through this server. However, Exchange Online's SMTP server will reject messages unless the From address exactly matches the authentication address (the error message is 550 5.7.1 Client does not have permissions to send as this sender). With careful configuration, I can setup my services to send as this user. But I'm not a huge fan of being careful - I'd rather have postfix force the issue. Is there a way to do this?

    Read the article

  • sshd: How to enable PAM authentication for specific users under

    - by Brad
    I am using sshd, and allow logins with public key authentication. I want to allow select users to log in with a PAM two-factor authentication module. Is there any way I can allow PAM two-factor authentication for a specifc user? I don't want users - By the same token - I only want to enable password authentication for specific accounts. I want my SSH daemon to reject the password authentication attempts to thwart would-be hackers into thinking that I will not accept password authentication - except for the case in which someone knows my heavily guarded secret account, which is password enabled. I want to do this for cases in which my SSH clients will not let me do either secret key, or two-factor authentication.

    Read the article

  • IPtables rate-limit, What are the differences between modules? Recent, Limit

    - by TechZilla
    I am doing some rate-limiting with IPtables, and i'm not sure if I should use "Recent" or "Limit" What are the differences between the two? If they both achieve the same result, which one has better performance? I would like to know, regardless if any difference would be perceivable. I am looking to ACCEPT if under limit, and REJECT if over. I'm not interested in thus bandwidth throttling, I don't want a queue. I don't need any syntax examples, both have ample use examples online. I have also used Limit in the past. I appreciate any responses.

    Read the article

  • how limit the number of open TCP streams from same IP to a local port?

    - by JMW
    Hi, i would like to limit the number of concurrent open TCP streams from the the same IP to the server's (local) port. Let's say 4 concurrent conncetions. How can this be done with ip tables? the closest thing, that i've found was: In Apache, is there a way to limit the number of new connections per second/hour/day? iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 86400 --hitcount 100 -j REJECT But this limitation just messures the number of new connections over the time. This might be good for controlling HTTP traffic. But this is not a good solution for me, since my TCP streams usually have a lifetime between 5 minutes and 2 hours. thanks a lot in advance for any reply :)

    Read the article

  • Rejecting new HTTP requests when server reaches a certain throughput

    - by Sam
    I have a requirement to run an HTTP server that rejects new HTTP requests (with a 503, or similar) when the global transfer rate of current HTTP responses exceeds a certain level. For example, if the web server is transferring at 98Mbps, and a new HTTP request arrives, we would want to reject this (as we couldn't guarantee a good speed). I've had a look at mod_cband for Apache, limit_req for nginx, and lighttpd's rate limiting features, but none of them seem to handle my (rather contrived, granted) use case. I should add that I'm open to using pretty much any web server, and am open to implementing this in iptables rules if someone can craft such a rule! (Refusing the TCP connection is fine, it doesn't have to respond with an HTTP 503). Any suggestions?

    Read the article

  • How to Structure a Trinary state in DB and Application

    - by ABMagil
    How should I structure, in the DB especially, but also in the application, a trinary state? For instance, I have user feedback records which need to be reviewed before they are presented to the general public. This means a feedback reviewer must see the unreviewed feedback, then approve or reject them. I can think of a couple ways to represent this: Two boolean flags: Seen/Unseen and Approved/Rejected. This is the simplest and probably the smallest database solution (presumably boolean fields are simple bits). The downside is that there are really only three states I care about (unseen/approved/rejected) and this creates four states, including one I don't care about (a record which is seen but not approved or rejected is essentially unseen). String column in the DB with constants/enum in application. Using Rating::APPROVED_STATE within the application and letting it equal whatever it wants in the DB. This is a larger column in the db and I'm concerned about doing string comparisons whenever I need these records. Perhaps mitigatable with an index? Single boolean column, but allow nulls. A true is approved, a false is rejected. A null is unseen. Not sure the pros/cons of this solution. What are the rules I should use to guide my choice? I'm already thinking in terms of DB size and the cost of finding records based on state, as well as the readability of code the ends up using this structure.

    Read the article

  • What Kind of Spam is This? Testing Blog Comment Limits

    - by Yar
    I received this comment on one of my blogs today (on blogger.com): Easily I agree but I about the post should acquire more info then it has. It's the third in a series. Before there was: I will not acquiesce in on it. I over precise post. Expressly the title attracted me to be familiar with the sound story. and before that Your blog keeps getting better and better! Your older articles are not as good as newer ones you have a lot more creativity and originality now keep it up! It is obviously computer-generated (well, not this last one). The comments are from Anonymous, so they're not trying to legitimate a user on Blogger. Is this a spam attack? What might its goal be? Or are they just testing my blog to see if I reject or not? Does this kind of "attack" have a name?

    Read the article

  • rsync server side limit bandwidth/connection

    - by c2h2
    In a VOIP application, I have upto 3000 clients rsync audio files from there linux server in a daily, server is placed at a data center (10Mbps in/out bound), the server works as a VOIP sip server running FreeSWITCH (low ping latency should be ensured.) Therefore I would like to have server side control of rsync which controls: Limit total outbound bandwidth. Limit total number of connections. (Reject clients while at max number of connection and let it retry after a specific time frame.) OPTIONAL: list/kill individual connections. Normally I would use ssh + rsync + pem_keys with some extra options, but above requirements are not feasible by simple command lines. Can anyone point me some direction. or show some scripts/tools? I would also probably integrate them and release on github. Thanks!

    Read the article

  • Multiplayer approach for tablets on wi-fi (FPS/TPS)? Server authority, etc

    - by Fraggle
    Looking for some guidance or what has worked well for others in implementing a multiplayer FPS/TPS type game on tablets (probably just 2-6 players at a time). The main issue being that tablets/phones are typically "less" connected than say a console or pc might be. And therefore, my thought is that to have complete Server authority of everything is not going to work. But maybe I'm off base on that. So I guess I'm struggling with what (if anything) should happen on a central server and what should happen locally. Or is centralized approach even needed? Some approaches I might do: Player movement : my thought is to control this locally (player-owner) and update server with positon (which then sends out to other clients). Use client side prediction for opponent players so that connection loss will not show a plane for example stop in mid air. Server will send update and try to smoothly correct an opponent player position to server updated one.But don't update owners position on owners device from server. Powerups (health kit/ammo/coins/etc) : need to see them disappear immediately, so do it locally. Add the health locally, but perhaps allow for server correction. If server doesn't see player near that powerup, reject the powerup and adjust server health for player. Fire weapons: Have to see it happen right away, so fire locally, create local bullet and send on its way. Send rpc to server so that this player on other clients also fires. Hit detection: Get's trickier. Make bullet/projectile disappear locally, and perhaps perform local hit animations (shaking, whatever). non-authoritative approach= take the damage locally and send rpc to server or others to update health and inform of hit. Authoritative approach-Don't take the damage, or adjust health. Server will do that if it detects a hit. Anyway that's my current thought stream. Let me know what you think of the above or what has worked for you.

    Read the article

  • Web service access fails when users password is in warning period

    - by uSlackr
    We have a number of locally installed .Net apps that communicate via web services. Authentication in IIS is handled by Windows Authentication so no additional login is required. We recently began seeing a problem where users are getting a application 403 error when there password is 14 days (or less) from expiring. As this sometime happens in the the middle of the day (login in the morning OK, but password reaches <14 days during the day), this comes as a surprise as they haven't been warned to change their password. Of course, one would expect they should be able to work until the password is expired. Any idea on what could be happening here? Why would IIS reject a login if the passsword hasn't actually expired? Can we change that behaviour? Thanks \\Greg

    Read the article

  • How to make TortoiseHg pull certain branch only?

    - by mark
    I have cloned the default branch of a big repository and now I wish to pull from the server using the TortoiseHg client. However, TortoiseHg proposes to pull from all the branches. Is it possible to instruct it to pull from the current branch only? So far I have seen suggestions to: Setup a hook on the client side to reject pulls from unwanted branches Check incoming revisions in TortoiseHg and only pull the ones belonging to the current branch Use the Mercurial ACL extension to deny access to all the branches, but the current one. I dislike all of these solutions, since all of them are client based. In all of them TortoiseHg actually pulls all of the branches (even in the second, where the pulled revisions are arranged into a bundle presented in the incoming revisions view) Is there an hg pull -b BRANCH equivalent in TortoiseHg? Thanks. EDIT I know how to do all of this using the Mercurial command line client - hg.exe. This question is specifically about the TortoiseHg GUI client.

    Read the article

  • handling multiple interviews / offers [closed]

    - by farble1670
    What's the best way to handle a situation where you have, or expect to have multiple offers? The ideal situation is that your several offers come in about the same time, and you make a choice. this is not how it happens though. You may have an offer, and several near-final interviews lined up for the following days or weeks. One way to handle it would be to ask for a longer time to decide on the first offers you receive. 2 weeks? This gives time to rush the rest of the things you have going through to an end. i question whether asking for 2 weeks to decide is reasonable though. My guess is that an employer would see through that and force your hand. Another way to handle it would be to accept the first offer, and ask for a reasonable period before your start date, then simply "quit" the first position before you ever start if something better comes along. On one hand, employment is at-will, and employers exercise this fact regularly. On the other hand, it seems morally the wrong thing, and has the potential to burn some bridges. And of course the last option is to simply evaluate each offer in isolation, and accept or reject within the given time frame. any thoughts?

    Read the article

  • Is possible to arbitrarily register names to the same public IP?

    - by Alex. S.
    I registered a domain, lets say mysite.com (for example), then, results that somebody else has an A record from anotheraddress.com pointing to the same IP address of mine (in a VPS in linode.com) What can I do to avoid this???, I mean, I would prefer reject accesses from anotheraddress.com to my site. I just know only by casualty putting my genuine domain name on this http://www.domaintools.com/reverse-ip/ My DNS server is name.com, and the DNS server pointing to the my public IP is from GoDaddy. Is possible to register arbitrarily names to the same public IP? Can I use my DNS record with mysite.com to point to 209.85.133.147 (google.com), for example?

    Read the article

  • How to allow a single domain name with iptables

    - by Claw
    I am looking for a way to make iptables only accept requests for my domain name and reject the others. Lately I misconfigured my apache proxy, it is now fixed, but I keep receiving a load of requests looking like that : xxxx.xx:80 142.54.184.226 - - [12/Sep/2012:15:25:14 +0200] "GET http://ad.bharatstudent.com/st?ad_type=iframe&ad_size=700x300&section=3011105&pub_url=${PUB_URL} HTTP/1.0" 200 4985 "http://www.gethealthbank.com/category/medicine/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)" xxxx.xx:80 199.116.113.149 - - [12/Sep/2012:15:25:14 +0200] "GET http://mobile1.login.vip.ird.yahoo.com/config/pwtoken_get?login=heaven_12_&src=ntverifyint&passwd=7698ca276acaf6070487899ad2ee2cb9&challenge=wTBYIo2AEdMFr6LtdyQZPqYw9FS9&md5=1 HTTP/1.0" 200 425 "-" "MobileRunner-J2ME" which I would like to block. How can I manage this ?

    Read the article

  • basic help for Nat configuration needed

    - by Klaes S.
    I have a server with a IP 1.0.0.5/24. This is the main IP address of the server, and now I have two other IP addresses for the server, they are 1.0.2.30/24 and 1.0.2.31/24. I want to make a VirtualBox running another OS accessible through the Internet, and only allow the specified IP to reach the virtual box. I'm new to iptables and therefore I need some basic help and getting started information about this. The hosting provider does not allow more than on MAC address per switch port, which means that I'm not able to make bridge as far as I know. Futhermore I want the host, to reject the extra IPs so its only the VirtualBox / virtual machine that accepts the request's on the extra IPS.

    Read the article

  • ESX Firewall Command Troubles

    - by John
    Hi, I am working on creating some firewall rules to stop some of the SSH brute-force attacks that we have seen recently on our ESX server hosts. I have tried the following rules from the CLI to first block all SSH traffic and then allow the two ranges that I am interested in: esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH" esxcfg-firewall --ipruleAdd 11.130.0.0/16,22,tcp,ACCEPT,"Allow_PUBLIC_SSH" esxcfg-firewall --ipruleAdd 10.130.0.0/16,22,tcp,ACCEPT,"Allow_PRIVATE_SSH" However, these rules are not working as intended. I know that if you do not enter the block rule first, then the allow rule will not be processed. We are now having the issue where the first entered allow rule is being ignored such that the block rule works and the last entered allow rule works. I was curious if anyone had any ideas on how I could allow a few different ranges of IP's with the esxcfg-firewall --ipruleAdd command? I am at a loss and am having a hard time locating examples or further documentation about this. Thanks in advance for your help with this.

    Read the article

  • Windows 8.1 keeps prompting for Network Share Credentials after every log on or restart

    - by Peret del Trunfa
    I have a Network drive Shared in a Workgroup with 3 clients. Two clients with Windows 7 have persistent connections to the Share. No issues with those two. My windows 8.1 client keeps prompting for credentials at every restart / log on. I spent hours looking around for a solution: I have stored cred in cred manager, and tried every possible combination (WORKGROUP\user , COMPUTERNAME\user, user, .. and so on). I have changed NT and NTLM negotiation in policy manager. I've compared the settings under GPO network security with a working win 7 computer, everything is pretty much the same. -I've captured Wireshark to see SMB negotiation process, honestly I see the messages flowing around, and the share sending AUTH DENIED.. which means is how the 8.1 client formats the request.... that makes the share reject it.. Now I still don't really know why. Any ideas would be appreciated.

    Read the article

  • How to restrict all services to single domain in Ubuntu?

    - by harold
    Someone has pointed an unknown domain to my server's IP address likely via A records. I would like to reject access to ALL services (httpd, ssh, mail, etc.) from this domain and only allow requests from my domain. I want to make it so when I connect to that domain it's completely rejected from my server. I can disallow access from HTTP by changing my web server settings, but I want to do this for every single type of connection. How can I do this?

    Read the article

  • Rejecting new HTTP requests when server reaches a certain throughput

    - by user56221
    I have a requirement to run an HTTP server that rejects new HTTP requests (with a 503, or similar) when the global transfer rate of current HTTP responses exceeds a certain level. For example, if the web server is transferring at 98Mbps, and a new HTTP request arrives, we would want to reject this (as we couldn't guarantee a good speed). I've had a look at mod_cband for Apache, limit_req for nginx, and lighttpd's rate limiting features, but none of them seem to handle my (rather contrived, granted) use case. I should add that I'm open to using pretty much any web server, and am open to implementing this in iptables rules if someone can craft such a rule! (Refusing the TCP connection is fine, it doesn't have to respond with an HTTP 503). Any suggestions?

    Read the article

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >