Lotus Protector – the first hickup (1/16/2010)


This is going to be a real quick one, since it is just a day before Lotusphere® and I actually have other things to do than to fiddle with Lotus Protector and blog about it – but if I don’t write it down now, I will forget about it soon.

Today I had my first hick-up with Lotus Protector. We had a power outage this morning and it lasted longer than my UPS system was able to keep the servers up and running. I was out of the house and could not bring the servers down gracefully so I had a hard crash of the VMWare server that hosts LP. It came back up but for some reason something was not initializing correctly. It would not start the http stack so I could not connect to the admin interface and logging in via the console took me into the setup routine (passwords, host name, ip address, etc.)  but would never let me go to the actual prompt after that so I could have a look at the guts of the beast and figure out what is causing the indigestion.

Being that this is the day before I am leaving for LS10 and I have zero time to waste, I simply went back to a VMWare snap shot I had taken and restarted the instance …and voila, there she goes. The system downloaded the latest spam and AV definitions in about 3 minutes, updated it’s time and date and I received my first mails within 2 minutes of the system starting.

Now, this is impressive, though I regret not having the time to spend on dissecting the server, looking into log files etc. to find out exactly what was wrong and fix the actual issue. I am not hoping that this happens again, but if it does, I hope I can find the time to spend on trouble-shooting.

In any case, having a snapshot of a clean setup is a great was to go and restore in the case of a catastrophic failure. As long as you update that snapshot after any configuration change, you should be alright.

See y’all at Lotusphere!!!

Lotus Protector – Good technology still needs “athinking” (1/13/2010)


Another tale in the life of a Lotus Protector admin.

The system is humming along in the background and rarely needs looking at. In my idle moments (I have none right now) I look at statistics etc., but other than that … nothing. Until this last weekend. I was getting used to the fact that I now have less mail, or so I thought. It was still after the new year, things are less busy, even the spammers are still waking up from their new years party comas and send out less garbage.

Last week I was briefly in touch with a buddy of mine, and we loosely agreed to get together on the weekend and we were moving the conversation to e-mail. Then over the weekend he fell silent .. no response to some of my mails. Well, he gets busy now and then and has not responded at other occasions so it did not alarm me. Too bad, we wanted to grab lunch and watch the movie “The book of Eli”.

Turns out he did answer … but Lotus Protector tagged it as spam. Specifically I had it set up to tag the subject line with the [SPAM] and guess what … I had an older mail rule that I had not looked at for a while that kicked in … yeah – my buddy has been sent directly into the Junk Mail folder in my mail file. I found his mails (he frantically answered 3 times) and allot of other mails I had been missing in there.

So, what does this highlight? That systems will do what you tell them. Good systems will do EXACLTLY what you tell them and it is up to you to act accordingly. So this acts as a cautionary tale to check settings and review things. Especially when you notice “lite mail volume” – something is up! You have to check where all that stuff went to.

I just want to mention once more – this is not a Protector issue, it is a stupid admin issue. Imagine this in an environment with a few thousand users …. I would be running around the clock right now to check people’s mail files for mail rules AND changing the rules on Protector to change that [SPAM] prefix to something else.

Lotus Protector – Notifications (1/6/2010)


Time for a new update.

A) The system is working really well, this is truly a fire-and-forget-missile type device. No blips, no blurps, and no jiggles either.

B) Error reporting is great! I just got a Delivery Status Notification / Failure report on a mail I sent. Normally in Domino these can be rather bland. They will give you an RFC error code, but not much else. I turned on all reporting and set it up to send all reports to an internal account in my mail system. I had ot given it much thought until today when I got my first one:

I just received a failure report from my LP device and it is really good (this is me being geeklily excited) . I have added an edited version further below. Please notice section [<2>] – it gives you the actual output from the rejecting mail server. As I mentioned before, Domino will usually just give you a RFC code and a generic line but this is really helpful. It shows that even thoughs I went by the book, I did not take care of all details – I never updated my external internet DNS with the name for my Lotus Protector device. Somewhat embarrassing, but with the help of clear error messages like this I can actually deal with it right away.

Here is the actual (edited) message:

[<00>] XMail bounce: Rcpt=[john.doe@noplace.com];Error=[550-Inconsistent or no rDNS record for 71.88.57.14 (see RFC1912 2.1)
550-http://www.ietf.org/rfc/rfc1912.txt
550-Reverse DNS record and matching forward entry must exist.
550 => wrong configuration at sending server 71.88.57.14]

[<01>] Error sending message [1262715029329.2561924000.c2d.lprotector] from [lprotector.toalsys.com].

ID:        <10010518-3072-0000-0000-0000000014F3>
Mail From: <victor@toalsys.com>
Rcpt To:   <john.doe@noplace.com>
Server:    <mx.inode.at> [213.229.60.100]

[<02>] The reason of the delivery failure was:

550-Inconsistent or no rDNS record for xxx.xxx.xxx.xxx (see RFC1912 2.1)
550-http://www.ietf.org/rfc/rfc1912.txt
550-Reverse DNS record and matching forward entry must exist.
550 => wrong configuration at sending server xxx.xxx.xxx.xxx

[<05>] Here is listed the initial part of the message:

Received: from /spool/local
by lprotector.toalsys.com with XMail ESMTP
for <john.doe@noplace.com> from <victor@toalsys.com>;
Tue, 5 Jan 2010 13:10:29 -0500
Received: from serveryyyy ([xxx.xxx.xxx.xxx])
by lprotector.toalsys.com ([xxx.xxx.xxx.xxx]) with XMail ESMTP;
Tue, 5 Jan 2010 13:10:26 -0500
Subject: Re: xxxx
From: victor@toalsys.com
Date: Tue, 5 Jan 2010 13:04:47 -0500
To: “John Doe” <john.doe@noplace.com>
Importance: Normal
MIME-Version: 1.0
Message-ID: <OFDB1C99BB.1B47753E-ON852576A2.006350DE@toalsys.com>
X-MIMETrack: Serialize by Router on serveryyyy at 01/05/2010 01:04:49 PM,
Serialize complete at 01/05/2010 01:04:49 PM
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary=”—-_=_NextPart_001_01CA8E30.EAB72282″
x-cbid: 10010518-3072-0000-0000-0000000014F3

This is a multi-part message in MIME format.

——_=_NextPart_001_01CA8E30.EAB72282
xxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxx
xx (text removed) xxxx
xxxxxxxxxxxxxxxxxxxxxx

—– Original Message —–

Lotus Protector – On Line! (1/1/2010)


Finally, I got it done – it is alive!

Just a short note on my progress with Lotus Protector V 2.5. I did not want to bring it on-line just before New Year, I wanted a clear head to set it up and be able to troubleshoot if I find an issue. Luckily, I have to say there are no issues so far.

I had putzed around with the first install I had to the point where I did not feel I could get it clean again so I removed the VMWare image and started again from scratch. Following the ‘Getting Started Guide” and using the install/config Wizard I had Protector up, configured and running within about 60 minutes (give or take a few minutes for a tea brake). I had some experience with the information I would need from my earlier testing so I believe a real “fresh” install might take a bit longer when you include the preparation time for relay host settings, accounts to access LDAP on your Domino server, lists of mail domains you will be receiving mail for, etc.

I now have Protector set up so that I route all incoming and outgoing mail through it. So far my testing has not shown any problems, all mail seems to make it through and so far I am not getting anything caught by Symantec that I am still running on the Domino servers. I plan to take a closer look at the logs in a few days to see if anything that got through Protector was subsequently snagged by Symantec. I also intend to compare an average week of mail logs between the two so see what gets caught and what got through.
I am also especially interested on the integration of Protector with the client via policies … that is going to be a really interesting part that I plan to spend some time on blogging about after I have had some time to look at it in more detail.

Stay tuned for more information soon …

Lotus Protector – The story beginns (12/28/2009)


ust a short update – I thought I could use a few days of not-so-busy-time to see what the new Lotus Protector 2.5 is all about. Since it can be downloaded as a VMWare image and thrown on a simple VMWare server, this is an ideal device for me – or at least this is the premise I started this under.

Download – unfortunately the VMWare image is only available as a self-extracting WINDOWS .exe file – since my VMWare servers are all Red Hat or CentOS I had to download that file to my PX, unpack it and then copy the files onto the Linux server. My request to Lotus (if you guys are reading) create a [xx.tar.gz] file for us Linux users please!
Especially since the first download of the 1.8 GB file would not unpack, it always failed on my at 46% so I had to download it a second time – then it worked. I personally don’t like self-extracting files, they can be a mess and are REALLY susceptible to that one bad bit in a download …

Other than that, man is this easy. Throw the VMWare image into the folders your server knows about, add it and … PRESTO! I have been testing it since yesterday and it looks pretty solid. Configuration is rather easy, I did also download the documentation : Adminsitrator Guide Version 2.5 and Getting Started Guide Version 2.5 which you will both need to read to get it up and running. The configuration was so easy, I thought I must have done it wrong and skipped things as I am used to so much more to do from working with devices like IronPort etc. turns out – it is pretty easy. I am going to throw it into the mail stream later today and see how it does. I also run Symantec AV/Anti-spam on my servers so I am curious to see if they catch anything that Protector might miss.

The next step is then the integration with Domino 8.5.1 and the mail files. Flipping on a policy adds the quarantine and rules etc. for each mail user into their navigation bar on the left. I personally use eProductivity’s mail template for my personal mail file, but i will see how it does and also check with some bogus accounts and my prime testers – my kids (I like to call them my little lab-hamsters … lol).

I’ll share the outcome of my mail testing sometime by the end of the week or maybe next week, depending on how things go.

Victor

PS: Lotus Protector is free for 2 MONTHS – full functionality. If you want to test it, it is a free download and you pay nothing for 2 MONTHS. Did I stress the fact that you get full functionality for 2 MONTHS yet? If this works the way I hope it will, I can drop my Symantec premium Anti-Spam license which is quite costly. That would be NICE!