We Fix Windows & Other Teky Stuff Too.
Archive for September, 2010
Congress punts net neutrality back to FCC
Sep 30th
Net neutrality ball is in FCC Chair Genachowski’s court
Somewhat predictably, Congress has decided to not do anything about net neutrality.
Despite garnering some industry support, the net neutrality legislation being drafted by Rep. Henry Waxman (D-Calif.) got shot down yesterday when Congressional Republicans said they would not support it. Waxman had been holding meetings with both consumer groups and telecom companies while drafting legislation aimed at bridging the gap between proponents and opponents of net neutrality.
However, now that negotiations have fallen apart, Waxman has signaled to the Federal Communications Commission that it should act to reclassify broadband services as telecommunications services. In essence, then, we’re back to the same point we were at earlier this year when the U.S. Court of Appeals for the District of Columbia Circuit ruled that the FCC lacked the authority to stop Comcast from throttling peer-to-peer Internet traffic.
ZeuS trojan bank-theft scheme extends to the U.S.
Sep 30th
More than 60 people face U.S. charges in a ZeuS case that started in the U .K.
More than 60 people will be charged in the U.S. with using the Zeus trojan to steal millions of dollars from U.S. banks as part of a scheme that resulted in similar charges in the U.K. earlier this week.
Security quiz: How well do you know the insider threat?
The U.S. Attorney and Manhattan District attorney are expected to announce the charges today at 1 p.m., according to a Wall Street Journal story.
Some of those charged have already been arrested, and some live outside the U.S., the story says.
On Tuesday, police in London arrested 19 people in connection with thefts that totaled more than $9.4 million over a three month period.
They allegedly used features of the ZeuS trojan to break into customer accounts and steal funds by transferring it to other accounts held by accomplices who then delivered it to the masterminds via untraceable means like Western Union, says Mickey Boodaei, CEO of browser security vendor Trusteer.
Those involved were apparently careless with their own security, leaving cracks where investigators could peer inside the operation and track who was involved, he says.
In some cases Trusteer has managed to find the command and control servers used to run the operation, the company claims. Once investigators track down the command and control servers, they can follow transactions to the server and so trace the criminals, Boodaei says.
Similarly, investigators can trace the accounts set up by the money mules – the people whose accounts receive the stolen funds then transfer them to the criminals. Once they are found, investigators can trace how they were recruited and perhaps by whom, he says.
Read more about security in Network World’s Security section.
How to Uninstall Internet Explorer 9
Sep 25th
Social Sharing Sponsored by:
By: Michael Muchmore
If you’ve installed the Internet Explorer 9 Beta browser, you’ll know that it replaces Internet Explorer 8, and that the two cannot run side by side. The new browser does offer plenty of advantages over its predecessors-speed, uncluttered design, and more standard support-but there are still some reasons you may want IE8 back. For example, a favorite site doesn’t look quite right (Flickr slideshows are a good example). Or maybe you have work web apps that require an earlier version. (Ironically, our content management system works better in IE9 than it did in IE8).
Unlike the IE9 Platform Preview (which you could run side by side with a previous version), IE9 is installed as a Windows Update, rather than a separate app. This means it won’t show up in Control Panel’s Programs\Programs and Features list unless you click
the “View installed updates” link at the top left of the Control Panel.
View Slideshow See all (20) slides
After this, the easiest way to find the IE9 update is to type “Explorer” (without the quoatation marks) in the Control Panel’s search bar at top right, and the IE9 update will appear as the only showing entry. Double click this, and a confirmation dialog will ask if you want to uninstall the browser. You don’t have to download and install IE8-it will magically reappear as your IE version.
The same process works for both Windows 7 and Vista, but in the latter you’ll see entries for both IE8 and IE9 in list in Programs and Features.
Businesses gobbling up Google Android smartphones, ChangeWave finds
Sep 23rd
Some 1,600 corporate IT buyers were asked which mobile operating system they currently provide, and while RIM BlackBerry dominated in August with 66%, that was down 3% since May. Google Android, meanwhile, jumped from 10% to 16%, and was only at 3% back in November. (Read a story on people who have switched from BlackBerry to Android.) In other words, 60% more corporate IT buyers said they’re going with Android smartphones.
HTC and Motorola are among the hardware manufacturers enjoying Android’s success, with both experiencing considerable demand increases since May. For example, roughly 10% of ChangeWave survey respondents in May said they planned to buy HTC smartphones (such as the Droid Incredible and EVO 4G) during the next quarter, while 16% said in August they expect to do so over the next quarter.
10 Free Android Apps For Staying In The Know
Android has also been riding a momentum wave of positive survey results and new product rollouts.
ComScore’s latest numbers show that Android has surpassed Windows Mobile in the U.S. market to rank third among smartphone operating systems. Separately, Gartner issued a report stating Android will beat out the BlackBerry and Apple’s iOS for second best selling mobile operating system worldwide only behind Nokia’s Symbian.(Speaking of which, an outgoing Nokia exec had some choice words about Android this week, saying Android handset makers are like kids peeing in their pants for temporary warmth in the winter.)
Google recently reported that Android adopters are (not surprisingly) increasingly using its newer operating systems, including the 2.2 version dubbed Froyo. Version 2.2 is becoming available on more phones, including the new Droid X as of today.
Back to ChangeWave’s survey, Apple iPhone rose from 30% to 31% and Windows Mobile, which is soon to be replaced by Windows Phone 7, fell from10% to 9%.
Andrew Jaquith, a Forrester Research senior analyst, said in a recent interview with Network World that he thinks Android is still largely at the point where it is being brought into companies from the bottom up, as opposed to through CEOs and other high-level executives, as has been the case with Apple iPhones. Questions remain over whether Android has the security chops big companies will require, though more and more third-party services are emerging to address such needs.
Overall, 35% of respondents told ChangeWave they plan to buy smartphones next quarter, down 1% from the May survey.
Follow Bob Brown on Twitter at www.twitter.com/alphadoggs
Read more about wireless & mobile in Network World’s Wireless & Mobile section.
SPF Record Syntax
Sep 23rd
Home | Sitemap | Recent Changes | Login
Sender Policy Framework
SPF Record Syntax
Note: This page serves as an introduction and quick overview of SPF mechanism syntax. For the complete and definitive picture, please see the specification.
Domains define zero or more mechanisms. Mechanisms can be used to describe the set of hosts which are designated outbound mailers for the domain.
all | ip4 | ip6 | a | mx | ptr | exists | include
Domains may also define modifiers. Each modifier can appear only once.
redirect | exp
Mechanisms
Mechanisms can be prefixed with one of four qualifiers:
“+” Pass
“-” Fail
“~” SoftFail
“?” Neutral
If a mechanism results in a hit, its qualifier value is used. The default qualifier is “+”, i.e. “Pass”. For example:
“v=spf1 -all”
“v=spf1 a -all”
“v=spf1 a mx -all”
“v=spf1 +a +mx -all”
Mechanisms are evaluated in order. If no mechanism or modifier matches, the default result is “Neutral”.
If a domain has no SPF record at all, the result is “None”. If a domain has a temporary error during DNS processing, you get the result “TempError” (called “error” in earlier drafts). If some kind of syntax or evaluation error occurs (eg. the domain specifies an unrecognized mechanism) the result is “PermError” (formerly “unknown”).
Evaluation of an SPF record can return any of these results:
Result Explanation Intended action
Pass The SPF record designates the host to be allowed to send accept
Fail The SPF record has designated the host as NOT being allowed to send reject
SoftFail The SPF record has designated the host as NOT being allowed to send but is in transition accept but mark
Neutral The SPF record specifies explicitly that nothing can be said about validity accept
None The domain does not have an SPF record or the SPF record does not evaluate to a result accept
PermError A permanent error has occured (eg. badly formatted SPF record) unspecified
TempError A transient error has occured accept or reject
The “all” mechanism (edit)
all
This mechanism always matches. It usually goes at the end of the SPF record.
Examples:
“v=spf1 mx -all”
Allow domain’s MXes to send mail for the domain, prohibit all others.
“v=spf1 -all”
The domain sends no mail at all.
“v=spf1 +all”
The domain owner thinks that SPF is useless and/or doesn’t care.
The “ip4″ mechanism (edit)
ip4:
ip4:/
The argument to the “ip4:” mechanism is an IPv4 network range. If no prefix-length is given, /32 is assumed (singling out an individual host address).
Examples:
“v=spf1 ip4:192.168.0.1/16 -all”
Allow any IP address between 192.168.0.1 and 192.168.255.255.
The “ip6″ mechanism (edit)
ip6:
ip6:/
The argument to the “ip6:” mechanism is an IPv6 network range. If no prefix-length is given, /128 is assumed (singling out an individual host address).
Examples:
“v=spf1 ip6:1080::8:800:200C:417A/96 -all”
Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF.
“v=spf1 ip6:1080::8:800:68.0.3.1/96 -all”
Allow any IPv6 address between 1080::8:800:0000:0000 and 1080::8:800:FFFF:FFFF.
The “a” mechanism (edit)
a
a/
a:
a:/
All the A records for domain are tested. If the client IP is found among them, this mechanism matches.
If domain is not specified, the current-domain is used.
The A records have to match the client IP exactly, unless a prefix-length is provided, in which case each IP address returned by the A lookup will be expanded to its corresponding CIDR prefix, and the client IP will be sought within that subnet.
“v=spf1 a -all”
The current-domain is used.
“v=spf1 a:example.com -all”
Equivalent if the current-domain is example.com.
“v=spf1 a:mailers.example.com -all”
Perhaps example.com has chosen to explicitly list all the outbound mailers in a special A record under mailers.example.com.
“v=spf1 a/24 a:offsite.example.com/24 -all”
If example.com resolves to 192.0.2.1, the entire class C of 192.0.2.0/24 would be searched for the client IP. Similarly for offsite.example.com. If more than one A record were returned, each one would be expanded to a CIDR subnet.
The “mx” mechanism (edit)
mx
mx/
mx:
mx:/
All the A records for all the MX records for domain are tested in order of MX priority. If the client IP is found among them, this mechanism matches.
If domain is not specified, the current-domain is used.
The A records have to match the client IP exactly, unless a prefix-length is provided, in which case each IP address returned by the A lookup will be expanded to its corresponding CIDR prefix, and the client IP will be sought within that subnet.
Examples:
“v=spf1 mx mx:deferrals.domain.com -all”
Perhaps a domain sends mail through its MX servers plus another set of servers whose job is to retry mail for deferring domains.
“v=spf1 mx/24 mx:offsite.domain.com/24 -all”
Perhaps a domain’s MX servers receive mail on one IP address, but send mail on a different but nearby IP address.
The “ptr” mechanism (edit)
ptr
ptr:The hostname or hostnames for the client IP are looked up using PTR queries. The hostnames are then validated: at least one of the A records for a PTR hostname must match the original client IP. Invalid hostnames are discarded. If a valid hostname ends in domain, this mechanism matches.
If domain is not specified, the current-domain is used.
If at all possible, you should avoid using this mechanism in your SPF record, because it will result in a larger number of expensive DNS lookups.
Examples:
“v=spf1 ptr -all”
A domain which directly controls all its machines (unlike a dialup or broadband ISP) allows all its servers to send mail. For example, hotmail.com or paypal.com might do this.
“v=spf1 ptr:otherdomain.com -all”
Any server whose hostname ends in otherdomain.com is designated.
The “exists” mechanism (edit)
exists:Perform an A query on the provided domain. If a result is found, this constitutes a match. It doesn’t matter what the lookup result is – it could be 127.0.0.2.
When you use macros with this mechanism, you can perform RBL-style reversed-IP lookups, or set up per-user exceptions.
Examples:
In the following example, the client IP is 1.2.3.4 and the current-domain is example.com.
“v=spf1 exists:example.com -all”
If example.com does not resolve, the result is fail. If it does resolve, this mechanism results in a match.
The “include” mechanism (edit)
include:The specified domain is searched for a match. If the lookup does not return a match or an error, processing proceeds to the next directive. Warning: If the domain does not have a valid SPF record, the result is a permanent error. Some mail receivers will reject based on a PermError.
Examples:
In the following example, the client IP is 1.2.3.4 and the current-domain is example.com.
“v=spf1 include:example.com -all”
If example.com has no SPF record, the result is PermError.
Suppose example.com’s SPF record were “v=spf1 a -all”.
Look up the A record for example.com. If it matches 1.2.3.4, return Pass.
If there is no match, other than the included domain’s “-all”, the include as a whole fails to match; the eventual result is still Fail from the outer directive set in this example.Trust relationships — The “include:” mechanism is meant to cross administrative boundaries. Great care is needed to ensure that “include:” mechanisms do not place domains at risk for giving SPF Pass results to messages that result from cross user forgery. Unless technical mechanisms are in place at the specified otherdomain to prevent cross user forgery, “include:” mechanisms should give a Neutral rather than Pass result. This is done by adding “?” in front of “include:”. The example above would be:
“v=spf1 ?include:example.com -all”
In hindsight, the name “include” was poorly chosen. Only the evaluated result of the referenced SPF record is used, rather than acting as if the referenced SPF record was literally included in the first. For example, evaluating a “-all” directive in the referenced record does not terminate the overall processing and does not necessarily result in an overall Fail. (Better names for this mechanism would have been “if-pass”, “on-pass”, etc.)
Modifiers
Modifiers are optional. A modifier may appear only once per record. Unknown modifiers are ignored.
The “redirect” modifier (edit)
redirect=The SPF record for domain replace the current record. The macro-expanded domain is also substituted for the current-domain in those look-ups.
Examples:
In the following example, the client IP is 1.2.3.4 and the current-domain is example.com.
“v=spf1 redirect=example.com”
If example.com has no SPF record, that is an error; the result is unknown.
Suppose example.com’s SPF record was “v=spf1 a -all”.
Look up the A record for example.com. If it matches 1.2.3.4, return Pass.
If there is no match, the exec fails to match, and the -all value is used.
The “exp” modifier (edit)
exp=If an SMTP receiver rejects a message, it can include an explanation. An SPF publisher can specify the explanation string that senders see. This way, an ISP can direct nonconforming users to a web page that provides further instructions about how to configure SASL.
The domain is expanded; a TXT lookup is performed. The result of the TXT query is then macro-expanded and shown to the sender. Other macros can be used to provide an customized explanation.
——————————————————————————–
Edit text of this page | View other revisions
Last edited 2008-06-29 12:49 (UTC) by Julian Mehnle (diff)
——————————————————————————–
Unless noted otherwise, all content on this website is dual-licensed under the GNU GPL v2 and the Creative Commons CC BY-SA 2.5.
The openspf.org domain name was donated by James Couzens, and related domain names by John Pinkerton. Thanks!
The SPF Project
News
Press Releases
Project Agenda
About Us
The SPF Council
Contact Us
Documentation
FAQ
SPF Record Syntax
Hosted Software
Specifications
Implementations
Support
Forums
Tools
GFI MailArchiver 6 (Build 20081107) patch summary
Sep 22nd
The information in this article applies to:
- GFI MailArchiver for Exchange 6
Article ID: KBID003461
Query keywords: patch, patches
The following patches have been released for GFI MailArchiver 6 Build 20081107.
Notes:
- Unless otherwise specified, all patches listed in this article will be included in newer builds of GFI MailArchiver.
- Installation instructions are included with the download.
Patch: MARC6_OC_PATCH_20081031_01
Description: This patch fixes an issue whereby under certain conditions Microsoft Outlook will crash giving an error similar to “Microsoft Visual C++ runtime error!”
Download Link: MARC6_OC_PATCH_20081031_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20081212_01
Description: This patch fixes an issue whereby after installing GFI MailArchiver 6 build 20081107, the main page of the GFI MailArchiver Web UI would not be loaded correctly in Firefox or Safari web browsers.
Download Link: MARC6_PATCH_20081212_01
____________________________________________________________________________________________________________
Patch: MARC6_EEWIZ_20081219_01
Description: You are unable to export e-mails using the GFI PST-Exchange Email Export (eewiz.exe) utility when a folder name contains one of the following characters:
- / (forward slash)
- \ (backslash)
- ? (question mark)
- . (period)
- ” ” (blank space)
This would result in a “An error occurred while enumerating folders” or “Access Denied” error message.
Download Link: MARC6_EEWIZ_20081219_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20081219_01
Description: When forwarding an e-mail from the GFI MailArchiver Inbox (Outlook Connector) a Non Delivery Report (NDR) is generated by Microsoft Exchange and the message is not received by the recipient. This issue only happens in a Microsoft Exchange 2007 environment.
Download Link: MARC6_PATCH_20081219_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20081222_01
Description: Malformed “To” fields present in an e-mail’s header cause the e-mail not to be archived. An example of a malformed “To” field would be:
jsm[email protected] (Smith, John)�
�
Where the comma (,) will be considered as a separator.
An Event with ID 7105 and the following description will be logged in the Application Event Log:
�
Plugin Enveloping plugin reports exception.
ERROR.ADA.DirectoryFailed.
Additional info: The (|(proxyaddresses=smtp: )(mail= ))
search filter is invalid.
Download Link: MARC6_PATCH_20081222_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20090130_01
Description: The GFI MailArchiver 2 Email Export utility terminates unexpectedly after you select a GFI MailArchiver 2 database to export from and press “Next”.
Download Link: MARC6_PATCH_20090130_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20090115_01
Description: When a mailbox contains an e-mail with a Message ID greater than 255 characters, the User Mailbox Folder Synchronization may halt and as a result, no other mailboxes will be synchronized.
Download Link: MARC6_PATCH_20090115_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20090203_01
Description: This patch fixes the following issues:
- When forwarding an e-mail from the GFI MailArchiver Inbox (Outlook Connector) to an external e-mail address, the recipient receives the e-mail without the attachment.
- Microsoft Outlook 2007 (installed on Windows Vista) crashes when opening an e-mail containing an attachment from the GFI MailArchiver Inbox (Outlook Connector).
Download Link: MARC6_PATCH_20090203_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20090219_01
Description: After installing Microsoft .NET Framework 3.5 Service Pack 1, you receive an e-mail notification stating that “GFI MailArchiver failed to transfer emails into the backend database”. However, e-mails are still transferred successfully to the Archive Store.
At the same time, an event with the following properties is logged in the Application event log:
Type: Warning �
Source: MARC6Core
Category: None �
Event ID: 6310
�
Description:
Plugin LogScheduler reports exception.
Logging: Submit failed.
Additional info: Port is Busy. All pipe instances are busy.
Download Link: MARC6_PATCH_20090219_01
____________________________________________________________________________________________________________
Patch: MARC6_PATCH_20090220_01
Description: You receive a Windows Authentication dialog box when you select the RECEIVED DATE or SENT DATE condition from the Advanced Search option of the GFI MailArchiver search page, within the Outlook Connector.
Download Link: MARC6_PATCH_20090220_01
Last Updated: 2nd March 2009
GFI MailArchiver is not polling emails
Sep 22nd
The information in this article applies to:
- GFI MailArchiver for Exchange 3
- GFI MailArchiver for Exchange 4
- GFI MailArchiver for Exchange 5
- GFI MailArchiver for Exchange 6
- GFI MailSecurity for Exchange/SMTP 10
- GFI MailSecurity for Exchange/SMTP 9
Article ID: KBID002695
Query keywords: IMAP, poll, VS API
Issue encountered:
GFI MailArchiver is not polling the journaling mailbox when configured to poll emails via IMAP. The items remain in the journaling mailbox.
More information:
This issue can occur for the following two reasons:
- Anti-virus or backup software may interfere with the IMAP protocol and thus render GFI MailArchiver unable to pull the messages from the server. Upon checking the event logs on the Microsoft Exchange server machine you notice events from the source IMAP4SVC (ID: 1023).
- GFI MailArchiver, configured to poll emails via IMAP, is not able to poll encrypted and digitally signed messages. These same emails do not show up when the mailbox is accessed through Outlook Web Access. This occurs when a virus scanner is scanning the Microsoft Exchange Information Store using VS API. This applies to Microsoft Exchange server 2003 Service Pack 1.
Solution for issue one:
Exclude the Microsoft Exchange information store and related folders and sub-folders from Anti-Virus or backup software. Visit the following Microsoft KB Article for more information and a full list of recommended exclusions: http://support.microsoft.com/kb/328841/
Additionally you may wish to research the IMAP4SVC related event logs or contact Microsoft Product Support Services.
Solution for issue two:
To resolve this issue, the latest Microsoft Exchange 2003 service pack is required. More information about this issue can be found at: http://support.microsoft.com/kb/892397/EN-US/
Note:
- If after performing the above, the issues encountered persist, we recommend that you contact the GFI support team.
Registered customers are kindly requested to use the form found at http://customers.gfi.com
Customers currently evaluating the product should use the online web form found at http://support.gfi.com/supportrequestform.asp.
Send the files as described in the knowledge base article KBID001062
