Zimbra - Distribution list control by Milter server

Enable Milter server

from web admin console:
Configure - Global Settings - MTA
check Enable milter server

by command:
[root@mail ~]$ su - zimbra
[zimbra@mail ~]$ zmprov ms `zmhostname` zimbraMilterServerEnabled TRUE
[zimbra@mail ~]$ zmmailboxdctl restart
Stopping mailboxd...done.
Starting mailboxd...done.

[zimbra@mail ~]$ zmmtactl restart
Rewriting configuration files...done.
postfix/postfix-script: refreshing the Postfix mail system Stopping saslauthd...done.
Starting saslauthd...done.
Stopping opendkim... done.
Started opendkim: pid 12355

[zimbra@mail ~]$ zmmilterctl start Starting milter server...done.
[zimbra@mail ~]$ zmmilterctl status Milter server is running.

Specific senders for a distribution list
zmprov grr dl distributionlist@yourdomain.dom usr user@yourdomain.dom SendToDistList

Allow specific domain to send to a distribution list 
zmprov grr dl distributionlist@yourdomain.dom dom thedomain.dom SendToDistList

Deny specific domain to send to a distribution list 
zmprov grr dl distributionlist@yourdomain.dom dom thedomain.dom -SendToDistList

VMware virtual disk operation with vmkfstools

Extend virtual disk
vmkfstools -X 30G /vmfs/volumes/datastore_name/vm_name/vm_name.vmdk
here 30G is not extra space, which is the total space finally.
to see the detail please check http://kb.vmware.com/kb/1007266 

Juniper screen OS debug transaction flow

Capturing Debug flow basic:

Cl db

Set ff src-ip x.x.x.x dst-ip y.y.y.y

Set ff src-ip y.y.y.y dst-ip x.x.x.x

(where

x.x.x.x== client ip which is accessing the server y.y.y.y==public ip of server i.e VIP ip of the server)

debug flow basic

(Then initiate the concerned traffic from source x.x.x.x to y.y.y.y)

Get db str

Undebug all

Cl db

Capturing snoop detail

Cl db

Snoop filter ip src-ip x.x.x.x dst-ip y.y.y.y direction both Snoop detail len 1514 Snoop (and then press `y?)

(Then initiate the concerned traffic from source x.x.x.x to y.y.y.y)

Get db str

Snoop off

RHEL6 disable ipv6

Edit /etc/sysconfig/network
Change the following:
NETWORKING_IPV6=yes to NETWORKING_IPV6=no

Add a new file /etc/modprobe.d/ECS.conf containing
alias net-pf-10 off
alias ipv6 off

Stop the ipv6tables service
service ip6tables stop

Disable the ipv6tables service
chkconfig ip6tables off

After these changes, IPv6 will be disabled after the next reboot of your system.

verify ipv6 is disable
lsmod | grep ipv6
ifconfig

netstat

ref.: http://linuxnet.ch/groups/linuxnet/revisions/5b3a1/6/

use esxcli kill stunk vm in ESXi 4.1

Find world ID
# esxcli vms vm list
Soft kill vm
#esxcli vms vm kill -w 81238123 -t soft     <---here 81238123 is world ID

Delete comment using grep

grep -v ^\# myfile.conf | grep . > nocommentfile.conf

Samba join domain win2008 + squid authentication with ntlm_auth

Step:

1. upgrade samba to 3.5 (for win2008)
2. edit /etc/samba/smb.conf
3. edit /etc/krb5.conf
4. edit /etc/pam.d/system-auth
5. add winbind option in /etc/nsswitch.conf
6. config iptables to allow 139,445,389 port, or allow all for testing
7. change selinux to permissive or disable just for testing
8. setup time, ensure no more than 5 min different with your DC 
9. startup smb, winbind, oddjobd
10. join domain
11. test with wbinfo, kinit, ntlm_auth, check if your linux host appear in AD\computer ou
12. edit /etc/squid/squid.conf
13. make sure squid group have permission to access /var/lib/samba/winbindd_privilege folder
14. Startup squid
15. client pc proxy config
16. client pc edit group policy, change Network security: LAN Manager authentication level:Send LM & NTLM - use NTLMv2 
17. client pc test to access internet with user authentication

For detail please check here:

EtherChannel config

==========PAgP Config:=============
Switch(config)# interface type mod/num
Switch(config-if)# channel-protocol pagp
Switch(config-if)# channel-group number mode {on | {{auto | desirable} [non-silent]}}

Example:
Switch(config)# port-channel load-balance src-dst-port
Switch(config)# interface range gig 3/1 – 4
Switch(config-if)# channel-protocol pagp
Switch(config-if)# channel-group 1 mode desirable non-silent
================================

=========LACP Config==============
Switch(config)# lacp system-priority priority
Switch(config)# interface type mod/num
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group number mode {on | passive | active}
Switch(config-if)# lacp port-priority priority

Example:
Switch(config)# lacp system-priority 100
Switch(config)# interface range gig 2/1 – 4 , gig 3/1 – 4
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group 1 mode active
Switch(config-if)# lacp port-priority 100
Switch(config-if)# exit
Switch(config)# interface range gig 2/5 – 8 , gig 3/5 – 8
Switch(config-if)# channel-protocol lacp
Switch(config-if)# channel-group 1 mode active
=================================

vmware esx update command

0.1. Suppose ssh is ready; patch is download from http://www.vmware.com/patch/download/

0.2 Upload patch file to esx server with scp or using viclient browse datastore and upload

1. Enter maintain mode
ESX:
vimsh -n -e /hostsvc/maintenance_mode_enter
ESXi:
vim-cmd /hostsvc/maintenance_mode_enter

2. Execute update
esxcli software vib intall -d /path/to/patch/esxi_update_patch.zip

3. Exit maintenance mode
ESX:
vimsh -n -e /hostsvc/maintenance_mode_exit
ESXi:
vim-cmd /hostsvc/maintenance_mode_exit

4. System reboot

vmware-vmrc example

Directly connect to ESX

vmware-vmrc -h 192.168.1.123 -m "[datastore1] rayvm/rayvm.vmx"

or

vmware-vmrc -h 192.168.1.123 -u "administrator" -p "yourpassword" -m "[datastore1] rayvm/rayvm.vmx"

Directly connect to VMware Server

vmware-vmrc.exe -h 192.168.1.246:8333 -m "[datastore1] rayvm/rayvm.vmx"