The time has come to start a long awaited project!
Madmin is my codename, until someone has a better name for it.
Madmin is short of Mailserver Administrator.
All the way back from 2000 we've administered our Mercury installations through a web interface, with a SQL-database and a separate program called MercurySynch.
Madmin's objective is to replace MercurySynch.
As such, it will be:
1. a webservice
2. utilizing IIS
3. directly manipulate one or more Mercury/32 Mailservers.
Our old MercurySynch polls the database at 20 minute intervals, but a webservice with direct access will do its work directly when called upon.
A webservice has the benefit that it is a stand alone application, and can just as Rolfs HTTPServer start, stop, pause, reload any instance via Windows Messaging. Designing a webservice also has the benefit that it is fairly easy to create administrational modules for that can be integrated into larger packages, or created as a stand-alone Mail Administrator web-site.
How do we begin?
Well, the only way to start is to iron out the relational data model. I have a few requisites:
1. Multiple Mercury installations has to be supported
2. Multiple domains
3. Local users, tied to organizational entity
4. Domains, tied to organizational entity
5. Alias handling
6. Relay
7. Autoresponders
Anything missed?
If you feel you want to be part of this, or if you have expectations or valuable input - now is the time to put that forth in the notes to this post.
Tool and reporting.
As I go along, I'll post my thoughts here - and I'll also update this space regularly as I make progress. When there is something to test I'll share it in the downloads section here at the community. I know we will later get into design issues, as well as PDA support for a proper and sleek Mail Server Administration web site. The tool I use is Visual Studio 2008 and the language will be C#.
Automatic updates of software are good - aren't they? Well I'd answer yes in normal cases, but anything that is automatic can behave in ways the creators never imagined. So it is with fire alarms, burglar alarms, and of course with computing. This patch tuesday from Microsoft contains quite a number of fixes. Some that are very important to servers, regarding name resolution. However smart we are, automatic updates are not enabled on our servers - we consider them too dangerous - since in the past some driver updates have caused machines never to start again.
And so it happens - again. And now, with virtual servers running on top of the base server - when updates fail, you render three-four five or even eight machines stranded.
What happened then, why doesn't the server start as it should? - well it does, but just barely. I've never seen windows so inoperable that not even a task monitor is accessible, not even in safe mode. A small clue exists on sys\windows in the file WindowsUpdate.log - that is accessible over the network. It states
2008-08-17 10:19:44:472 4328 1594 AUClnt WARNING: Shell_NotifyIcon failed (dwMessage=0x0, uFlags=0x3, hr=0x80070002)
2008-08-17 10:19:44:472 4328 1594 CltUI FATAL: Failed to show client UI, directive=5, hr=80070002
Aha, something in the windows shell isn't starting as it should. And with the debate of removing Media Player from windows, since explorer is so tightly integrated, led me to investigate - what changes were made to explorer this time. Within KB953838-IE7.log I found it. It says:
6.937: DoInstallation:AnalyzeDiskUsage failed
Aha - so the sys volume ran out of disk space during the install - and let's not bother with the why or how at the moment. The reason I state that Windows Update is flawed, is that it requires a re-boot for some operations. This Patch Tuesday's pack of files required a re-start, and between the update and the restart, that continues the installation - disk space ran out. Sure, yes it probably did - but when updating really cruical files, shouldn't this be checked before? In fact it does, but the limit of free space is too tight - and there you have the result - a server heavily depended upon - needs to be re-installed.
Well, then, why wasn't 16 GB of system space enough? Because of all darned copies that Windows generates. In the Windows directory there are hidden KB directories. Besides these you have another directory called ServicePackFiles and another directory with files. Only the Windows directory contains more than 8 GB of files today, on a server that was installed december 2006. That is insane. To the downfall, we support many systems, older than some of my boys. When they we're installed with RAID controllers and high speed SCSI drives disk space was quite expensive and a total 32GB server system was considered more than enough. Some of the directories are safe to delete, some are not - and I haven't found any official information from Microsoft on how to conserve system volume space. If anyone has, please let me know.
So for the time being, take this advice if you run cruical machines:
Make sure you have plenty of free space on you system volume before running Windows Update aka Microsoft Update.
....
and now on to the task of backing up all drives (just about a terabyte of data.... - sigh)
Writing apps for the webb is a challenging task. What takes a normal hour when creating "normal" apps takes four times when working a three tier webb-app. There are simply so many pits you can fall in.
In any case I thought I'd share some very interesting read-up.
First of all, creating forms: Read up on Rick Strahl's excellent piece at msdn: http://msdn.microsoft.com/sv-se/magazine/cc163505(en-us).aspx
Then dwelve down into his weblog and you'll find an absolute excellent tool on how to create the windows classes directly from your database: http://www.west-wind.com/WebLog/posts/147.aspx.
So, after that we're on to Ajax. The resource for that is naturally http://asp.net.
There's a lot more. One needs to familiarize one self with css (zen-garden is excellent), sql calls, stored procedures, java-script, cookies, performance issues and not to forget loose binding. A web-app is always in a "new" state - there is very little you can do to compensate for the round-trips to the server side.
In the future I hope to share code when I get to hacking a Mercury web-service.
cheers for now / Peter
Imagine doing whatever you love most, 24 hours a day - how long would you be able to stay awake? My body and mind defenitely needed a good rest. Summer 2007 was the WORST summer I can remember. The first day my Wife (who has an ordinary job as a mech. constructor) got off for vacation was nice, but the following five weeks - the rain was pouring down. So I worked.... - This winter wasn't any better. The WARMEST winter ever in Sweden overall. Meaning, instead of snow we got .. - you guessed it - RAIN.
The day we left was finally a day of snow. Winter has normally passed by march 17th, but not this year. So on slippery summer tires, the car drove slowly at 0300h towards Copenhagen Airport. We we're going to Tenerife!
Of course the flight was delayed! What do you do with three small children (2,5,9 & ½all), and a wife who is terrified of flying, in an airport, when they are over-tired from having gotten up at 2.30 am - when your flight is delayed until lunch?
Yep: You let them sleep on the floor !!! - at the gate!
Well, once we got there it took a good week for us all to unwind, and another to recharge. One can say a lot about going on a charter trip, with Coco the clown entertaining the kids at 2000h - it is relaxing - especially since the TV is dubbed in a completely incomprehensible language (Spanish). What you do is fall asleep with the kids, in the middle of a bed time story, a long long time ago, in a galaxy far faaaaar aaaahhhh.....
At the firm we're not too many people, and my responsibility lies with the servers. Compared to the early 90s properly configured servers aren't likely to crash from hardware issues. It certainly pays off to get fault tolerant memory, redundant disks and redundant networking. Above all, is to stray off from wanting to put too much into one single server. Therefore on our E-Mail servers we tend to put nothing else, than just Windows, Windows Firewall, and an Antiviral program (currently NOD32). We also limit the rights of the auto-login account, so that it can't do any harm to the rest. Besides this we have a separate inbound email server that does all the anti-spam and anti-viral treatment. By far the Mercury/32 we run today is the steadiest software I know.
However getting a Windows Mobile phone to work IMAP over GPRS wasn't all that easy, I can see that as a pro on the road a lot. It will be convenient to work the Mercury/32 server with a simple web interface. Currently our add-on system lets me configure nearly all aspects, but I can't do the more server based tasks - like adding or altering a filter for both local delivery and forward to a customer in China. Nor can I work IMAP if something goes wrong. So in a Mobile world a lot remains to be done.
The creative side finally started to work again and I don't know if you guys think it is a good idea to have a specialized IMAP forum - sinze I believe this will be the key most important issue as the world goes more and more mobile. I had a number of problems, mostly due to that Microsoft Mobile Outlook 6 doesn't behave well. When f.ex. "standard" folders aren't there, the folders are not created - and to know this - when you're thousands of miles away - and only get a "Synchronization error" - there isn't much to do about it.
Finally if you have ideas on how we should develop the community, please let me know what you think. Also, if you have the chance to get some free time - take time off - it is truly vitalizing!
Cheers / Peter S.
ps - Thanks dad for celebrating your birthday by a pool side, sorry I beat you in Golf though... - ds
A fault occured last night, occupying the server at a 100% - thus making responses so slow that browsers timed out.
The problem wasn't all easy to locate, but eventually we found that the server logs, and database transaction logs had grown beyond reasonable sizes. Once we managed to shrink the transaction logs and the database, all was back to normal again.
I apologize for any inconvenience this caused.
cheers / Peter S.
No Fire, just a wall - or another brick ...
True Firewall Appliances are fine, complicated and feature rich. Some have a feature called DNS Doctoring, which means that a DNS A request is translated from one IP into another. This is very useful, when you have a private network but with only some public IP-addresses. F.ex. 192.168.0.2 could be translated into 84.20.9.2 as a DNS service. But this translation is done at the cost of also translating the originating caller IP.
Problems can turmoil quickly, since you can have a DMZ (De Militarized Zone) and a VPN-Tunnel. We have both!. If you have a VPN tunnel, you want the traffic to flow from one internal net to the other, without any restrictions or address translations. The problem arises when you combine these two, meaning DNS-Doctoring and a VPN-Tunnel - from two sites. When you do DNS-Doctoring from just one site, then there are no real hurdles. The actual obstacle lies in f.ex. DNS-redundancy.
Today I have spent most of the day trying to get my scenario to work. What it gives is actually a DMZ with private addresses, since you have to configure inbound and outbound rule sets for all the external addresses you want to use in both ends, and all explicit traffic - which is alot in an AD environment. The best solution would have been to separate the DNS A request translation from the actual traffic translation - but I guess that is too simple to ask.
Sorry for the technicality in this post, just wanted to write this off my chest.
Networking is sometimes a real mind job - sigh
Wish you all a nice couple of days off.
Cheers / Peter
First of all, thank you all - for making the community work the way it works. I think it works very well, and I am very pleased to see that we have passed 700 registered users. This sunday we had over 200 visitors simultaneously, searching and browsing information. Very seldom I or other moderators have to delete or edit content in violation of the rules. When browsing deleted posts, I see that you who have deleted a post you have made, have indeed written a proper explanation - some even make me laugh.
My aim with the site was to make Pegasus Mail and Mercury much more visible. Now searching some of popular search sites on the internet for keywords of f.ex. "Pegasus Mail" or "Mercury" / "Mercury/32" the community is listed among the top results. I know the SEO can be a lot better, but I'm very pleased to see that many others are referring to the site for answers.
And the site has only been live for 2 months.
Statistics
For those of you who are interested in stats of the site, what it takes to run it here are some figures:
- The first week of may, some 83000 pages were served. Every week the pages served is increasing. Last week 150' pages were sent out.
- Time of the day difference isn't that big though UTC 0200 - 0500 are somewhat less intense
- Sundays the traffic is lower than the other 6 days in a week.
- Search engines that show any significance in traffic are Google, Live and Yahoo.
- Among the search words are the most obvious ones most frequent, mail, mail server, Pegasus, Pegasus Mail, Mercury, Mercury Mail, SMTP and so on .
- Web browser use, in order: Firefox, Netscape compatible, MSIE, Opera, ShopWiki and others
- 52% of the traffic is coming from Windows clients
- Majority of the page size is less than 100K, with a steep access curve down to 10K
- An absolute majority is being served pages under half a second and only exceptional page requests are served longer than 2 seconds. (This is due to caching, and most likely lies under the administration pages that are not that frequented than the site in general)
Future
But, now is not the time to rest - What do you think should be improved? Should the site be available in other languages than English? Should there be nationalized forums? Make your opinion heard at the "about this site" forum!
During the summer I will start the transition to CS2007 and multi-language support of the site. I'm not making any promises about when the release is to be made. For the time being I'm coding what I hope will be the license handler for Mercury - it all depends on if David will approve of it once he sees it.
Time certainly flies, so fast it's hard to recall what I did this month:
- Got community.pmail.com working
- Added lots of info to community.pmail.com
- Added overview pages, even editable content
- Added forms for feedback and ads-interests
- Bought CS-2007, that includes knowledgebase and much better theming (will hopefully upgrade the community during late summer.
- Closed the 2006 financials for many clients
- Got down to hacking user controls and a common library for all my webapps
- Managed to create dual vpn and dynamic tunnels with the cisco-pix501 devices.
- Created my own pilot dyndns app.
- Helped an client that got infested by backdoors from China
Viruses and Trojans
As it seems more and more threats are so sofisticated that it is getting difficult to fight the rootkits off. Especially when it comes to virtual servers and terminal servers the load on a technician is heavier than before. You do need more knowledge to be better at closing down an installation before the sh... hits the fan.
A larger server farm called for help. They had gotten infested through their terminal servers, spreading backdoors and keystroke loggers over mIRC and shares. Most likely is that the badware was indeed installed by the users themselves. We traced the traffic using protocol analyzers down to servers in China. They communicated passwords and files using port 80 and tcp port 888.
When traffic is routed over port 80, used for www traffic, not much can be done to block this. However normally in a firewall installation not many restrict the outbound channels. Meaning NAT initated traffic from inside the wall is limitless, opening up all sorts of botnets, chat clients etc. As I see it, there is not much to do than to restrict outbound traffic to well known ports - for now...
Mercury-Testing...
Lots of new beta releases has come this month. We've tested nearly all, and have started testing the possibilities to do relaying - meaning to have a front end, or multiple front ends of Mercury, that then relays the email into the DMZ. 'Seems that it may be possible to do a rewrite of the incoming files into the Pegasus Mail native .101 format, and then have the email relayed off to a specific host without alteration of the original recipient mail headers.
Mods of the community
I've added to the buttons that do work inside the community. Thanks to that aspx-pages can be interpreted on the fly at the server-side almost anything is possible. For anyone interested in how the tweaks has been done, pls contact me directly.
Spring is in the air
Sweden is now in its most beautiful state. Temperature is much higher this year than last year. About 4 weeks ahead of "normal" time. This year I'm really looking forward to summer-break. It'll give me more time to do many of the smaller tasks that complete my projects, job- or private related the same....
See ya,
Yesterday I installed a newer version to a software I've trusted for a longer period of time. With the update from version 2.5 to 2.8 of FTP-Master I got as a bonus NDotNet. It's an adware, pretty harmless according to all leading antivirus experts. Well to me it wasn't!
The darn thing got my tcp/ip stack to completely go bonkers. Up the wall, and wouldn't come back in place.
During my attempts at getting back on line (I'm glad I've got more than one computer and a USB-Vault) I learned that MS-System Restore is a total waste on an HP-Laptop. This since it monitors the HP_Recovery partition, which can't be restored so that system restore back in time fails.... Really smart HP !!!
I also learned that one of the leading vendors of antivirus software in fact doesn't do that good a job. Sure it detected the risk, and stopped it. But didn't mend the side-effects, and yes a full system scan is not a full scan - since the restore points are not searched... Great going Symantec!!! - and also missed out on a number of deeply hidden directories that was scanned when doing a rootkit search by RootKitRevealer.
So how did I loose the darned thing?
- Remove the network cord
- Run RootKitRevealer, and have your antiviral software block out any adware it finds. (takes 1 hour)
- Reboot, and do it again. Research all other messy stuff, and get rid of the mess. You shouldn't have more than 5-10 rows of non important or known differences listed.
- Repair WS2_32.dll manually. You have to get the correct version and insert it by a small software InUse.Exe.
- Reboot, and repair the registry points at hkey_local_machine\system\currentcontrolset\services\winsock2\parameters\
- Reboot, and try RootKitRevealer again, and you should be back in business.
Summary
- In about 20 seconds I ruined my PC.
- It took me 9 hours to search and destroy the infection.
- I saved a week of grieving and reinstallation.
In case email isn't quick enough here is my cell-no:
CellPhone: +46.705556771
Fax: +46.418664087
We live in the countryside in a big old school built about 1896, and the hobby is to re-model this house.
The servers are placed at our facility in Lund, south of Sweden, with backups off-site through a permanent VPN-tunnel.
cheers / Peter
A couple of nights now I have test driven this site. Have taken nearly all content from the official site onto different forums, articles and downloads and I'm getting pleased. I also managed to alter post dates so that files and posts can resemble the actual publish date. Knowledgebase articles are missing, except for the top most recent postings. I can add this content later...
The FAQ-sections has gotten an initial overhaul. They are now divided into FAQs and added threads. My purpose for this is that the added threads can very well later be integrated into a summarized FAQ, as the old ones are.
According to Sven Henzes' wish I've added an international forum to the Pegasus Mail tree. This is for allowing people to discuss matters in their native tounge, hopefully this will be used and not abused.
The downloads section has also gotten a lot of content, and a somewhat clearer structure.
Together with the two new main navigational buttons for Pegasus Mail and Mercury Mail, I do feel that this site doesn't need much more alteration to be a public poster for these two excellent products.
Tonite I went thru the css for the site, and altered how the forum threads are displayed. Previously the user, along with the title was placed at top of each post. Now I've put the user info to the left, which results in thread pages not being longer than necessary. It also makes the reading of a complete thread a lot easier since there isn't that big gaps between posts.
I did at the same time alter a few settings regarding member rating, thread rating (was individual post), so that threads better can be the initial search of knowledge. I started out with user rating as well, but this has to be a community issue. Who will be what, and what image should each rating be. The first attempt here is set at Member, has done a few posts, Participant, Contributor, Star and All-Star.
The member rating is not to be confused with the role membership, which has other icons. BetaTeam will be one, SupportMember another, and Moderator a third.
I figured out how to alter displayed time stamps on files and posts, so that I now am ready to fill upp with reference information, and can have each by the correct original release time. Now all that actually remains is copy and post...
Tonite I installed the beta. Meaning I upgraded our current install with the the updates. Everything went just fine.
After this I read about the new daemon extensions. This looks very promising to build a web administration around. My big hopes are that the deamon interface later will allow nearly all sorts of normal user integration needed. Now I didn't do any thorough search, but builiding a clean front end for users where they can log in and add their own aliases would be nic.e
/Peter
Finally getting this sample of Community Server on the run.
Installation was a smack, setting up permissions and testing is a bit tricky, but content grouping is not always that logical. Too differentiated will result in too few posts.
/Peter