Recently we replaced our 7 years old IBM TS3200 Tape Library with the new TS3100 FC. For about a week, It worked fine , but when yesterday, our support personnel changed the tape cartridges, and tried to login to the WEBGUI of library to manage and move the tape to drive, it showed following error on screen.

and the tape library showed this “Scanning” message on its panel and none of any function worked properly

I tried every possible method of re installing drivers, pulling magazines manually from back using Access hole (small hatches, facing rear of the library) with pin, but no use.

After carefully deep inspection, I found out that the support personnel remove the MAGAZINE FIDUCIALS by mistake (plastic part attached with the every level of magazine where the cartridge is placed) , the support personnel thought it was some sort of un necessary packing ☻

As showed in the image below . . .

After placing the Magazine Fiducials back to its place, every thing worked fine.
Also make sure that you are using the latest Firmware, it helps too

Magazine Fiducials  are location sensors utilized by the library accessors.

Possibly it may help some one else too, because in my personal experience, If you don’t have SLA or service contract with the IBM or there vendors, you won’t gonna find much support over the web or in local market.

Regard’s
Syed Jahanzaib

One of our Lotus notes users received following error while opening TO DO mail

Field: ‘tmpRepeatsText’: Array index out of bound

I fixed it by using

load convert mail\[maildatabase] * mail85.ntf

Regard’s
Syed Jahanzaib

Today, One of our user faced problem that when he tried to open certain emails , it gives option to open it in my web browser, rather than within Notes itself. it showed all of the html formatting characters in the notes, rendering it almost unreadable. I applied fresh install of Notes but no use. The client was using Lotus notes 8.5.2

This is how I solved it.

Open Lotus Notes Client

Goto Files / Preferences

In the right window, click on ADDITION OPTIONS, Tick on DISABLE EMBEDDED BROWSER FOR MIME FORMAT“

As showed in the example below , , ,

Now restart Notes Client, and the problem solved

Regard’s

Syed Jahanzaib

Today morning, When one of our user opened Lotus Notes client, no email was showing in INBOX, but all appearing in ALL DOCUMENTS folder. To fix this I issued following command and problem went away and INBOX showed all emails.

load updall -r mail\usermailfile.nsf

This problem also occurs if you have corrupted INBXO view , dual of them. To check this you ahve to open user mail file in Domino Designer, and lookfor two inbox view. If there are two inbox view, first create a temporary folder, and move all the inbox mails to this temp folder, now create both inbxo folder, and replace design, this will create inbox view, now move all mails from temp folder to inbox , simple is that :p

Tip: If the problem remains still, then try to replace the FOLDER DESIGN.

Also read this thread, it really have some very good information to solve this problem.

http://community.spiceworks.com/topic/231092-lotus-notes-no-emails-showing-up-in-inbox-but-are-in-all-documents-folder

http://www-01.ibm.com/support/docview.wss?uid=swg21093841

↓

Regard’s
Syed Jahanzaib

It’s not a new story, but today I had to do it again to restore our email relay successfully. so I am writing this just as a reference.

Recently we were having some issues in sending emails to various domains , in some particular case, our Public IP was blacklisted at one or two spam lists. To sort it out, we used our ISP’s SMTP (example: smtp.yoursip.com.pk)to relay mails successfully. Here is how you can add/change the relay host.

• From the Domino Administrator, click the Configuration tab and then expand the Messaging section.
• Choose Configurations.
• Select the Configuration Settings document and then click Edit Configuration.
• Click the Router/SMTP - Basics tab.
• Complete this field, and then click Save & Close:

▼

As showed in the image below . . .

.

To take changes take effect immediately, issue this command at domino admin client

tell router update config

To remove relay host, simply remove the smtp entry and reload config.

.

Regard’s
Syed Jahanzaib

Few days back, I was upgrading Lotus Domino 8.5.3 Fix pack 4 to Fix Pack 6, and during upgrade, I encountered following error …

↓

.

To solve it, Make sure that

• Lotus DOMINO is stopped by using QUITE command in domino console,
• Lotus Services are STOPPED in services before running the upgrade package
• Any Lotus CONSOLE is closed
  [I forgot to close the console which resulted in wastage of precious 15 minutes on Live Production Server, anyway this is how you learn things in real life,]

http://www-10.lotus.com/ldd%5Cfixlist.nsf/WhatsNew/2ca7aa993e50ba8285257c1d006472bd?OpenDocument

8.5.3 Fix Pack 6 Preliminary Fix List descriptions:

Client

• SPR# TSHI8SD538(LO68047) – Fixed an intermittent Notes client crash when opening a corrupted Notes document.
• +SPR# MLAT99RKAG(LO76668) – Improved javascript disablement and disabled for HTML Email messages (body field and memo form) only. This regression was introduced in 8.5.3 FP5.
• SPR# ACHG8STC6T(LO68380) – Fixes intermittent Notes Client crash when the user hits “send” on a large email (also the email is lost).
• SPR# MCHZ8R4HPK(LO67040) – “Search Directory For” results in Typeahead are displayed in Alphabetical Order. (technote 1580001)

Server

• SPR# KBRN8Q6JXC(LO71360) – Performance and reliability fix to network session code.Prior to this fix, many users accessing a Domino server simultaneously could cause a performance bottleneck resulting in slow server response or timeouts attempting to connect to the server. The error ‘Unable to redirect failover from <SERVERNAME>’ could also appear where SERVERNAME is the same name of the server encountering the issue.
• SPR# JPAI94HR3N(LO75003) – Fixes potential deadlock on process startup between LkMgr locker and semaphore locker(Directory manager queue semaphore). (technote 1644240)
• SPR# MYAA8LV385(LO64012) – Fixes an issue where an incorrect warning for a database over quota threshold could be generated.
• +SPR# RMAA94WKMG(LO73956) – Fixes intermittent Domino Server crash when closing a database. This regression was introduced in 8.5.2. (technote 1644232)
• SPR# VPRS8YBRZ6(LO71728) – Fixes Domino Server mail relay host crash on router on Jonah::asn_sorted::encode_value
• +SPR# AJMO8NVM8F(LO66491) – Prevent Directory Assistance on Domino 64-bit servers from doing unnecessary search references and referrals which were leading to “81″ LDAP timeout errors. This regression was introduced in 8.5.
• SPR# JPMS8KZLLC(LO63217) – Fixes Domino Server crash during database cache maintenance with PANIC: ERROR – LockMemHandle() Handle 0xF0259F47 is not allocated
• SPR# PPET98CPBN(LO7562) – Security enhancement to scrub query strings causing search to fail; work around is to add the following notes.ini: HTTP_QUERY_STRING_SCRUB=0. This fix changes the default to be off instead of being on and adds new code to prevent security X-Site script attacks against search urls.
• SPR# AJAS8WSB9B(LO70861) – Prior to this fix multiple “Received” headers could be overwritten by one when retrieving e-Mails with IMAP client.
• SPR# KHAN87ZUTS(LO55991) – Prevents excessive InsertPermutations recursion that can lead to a Domino Server crash. The new notes.ini variable MAX_PERMUTE_RECURSE=<number>, where <number> limits the number of hierarchical responses that can be added to a given collection, is recommended to be set to 200. (technote 1600317)
• +SPR# PHEY8UDJYW(LO65911) – Fixes ACL corruption with: “ACL Corrupt in database <Database_Name> creating new ACL with default set to no access”. Now we block unintended deletion of ACL Note that would leave to a DB set to no access.This was a regression introduced in 8.5.3.

iNotes

• SPR# WRAY8QKLTQ(LO66604) – Fixed issue where when opening messages in iNotes Ultra Light Mode, that have mixed case mail file names specified in the URL, the mail message fails to open.
• SPR# KRAU8Y2MX6(LO71593) – Fixes issue where the iNotes UI window shrinks to a small size when the iNotes UI is resized several times.
• SPR# HKOA7T4DN5(LO49113) – Notes web: Fixed an issue where the web browser could hang if a window is resized to or from a very small size.
• SPR# PTHN96NRTP(LO45468) – Notes web: Fixed an issue where the unread count on a folder is not updated automatically when new messages were transferred into it via a mail rule. Clicking on the folder or using F5 to refresh would update the count.
• +SPR# HSKM8TN39T(LO68949) – Fixed problem which caused a custom sized table to be inserted in the wrong place in the Rich Text Editor. This is a regression in 8.5.3.

Regard’s
Syed Jahanzaib

Recently one of our newly acquired IBM xSeries 3650 M4 [7915] Server start sending email regarding Predictive Failure (PD,PAF) alerts. and on panel, we get amber light on HDD,

To receive support from the IBM or vendor, we have to send DSA Logs. this DSA report contains each and every detail regarding all the hardware components of the machine. In the past we used DSA logs to generate html base outputs on previous 3650 or 346 series servers, but we were unable to found any installable DSA package. Only PORTABLE or PRE-BOOT versions were available. Since it was a production live server so we cannot take downtime to boot from dsa pre-boot cd, and the portable version produce single XML file which is not human friendly or readable. So I used following trick to make its HTML output , (provided by vendor and GOOGLE)

(Make a new folder where you dsa will generate its HTML output , in any location, e.g: c:\dsa_output)

ibm_utl_dsa_dsytd3l-9.52_portable_windows_x86-64.exe -v -d c:\dsa_output

Output Sample:

.

.

Regard’s
Syed Jahanzaib

Just for reference purpose:

Recently I was testing some disaster recovery scenario of restoring Server A to Server B with identical hardware using Symantec Backup EXEC 2014 Simplified Disaster Recovery [SDR]CD. The hardware specs were as follows …

IBM Xseries 3650 M4, with RAID1
Dual Q.Logic Fiber Channel cards Mode: QLE2560 connected with two FC switches for multi path and failover
32 GB RAM,
IBM v3700 storewize SAN Storage

The restore went fine , system boot fine for the first time with everything intact, but when I rebooted it again , it failed to boot and shows only cursor blinking,  As showed in the image below …

I tried to boot it several times but with no results. I then removed the FC cables from the server’s Qlogic FC cards, and this time windows booted fine.

Solution:

I started the server without FC cables attached, then I removed the Windows MPIO features from ADD REMOVE FEATURES, and rebooted again with FC cables attached, and this time it works fine but showed duplicate SAN partitions. Then I applied IBM’s SSDM MPIO driver (MPIO_Win2008_x64_SDDDSM_64_2434-4_130816 for v3700 storewize)  and everything went fine :)

You may also want to read the IBM’s article.

http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5081613

.

Regard’s
Syed Jahanzaib

Today one of our company user faced strange issue in his lotus notes clients {8.5.3 FP6}.

When they just open the Inbox without any sorting, there is no problem and all mail shown. Once they try to sort the mails by ‘Date‘,  all emails in inbox view disappears.

After trying various things like refresh/replace design etc, we finally managed to sort the issue by running UPDALL on that specific db.

From the Domino Server Console  , Issue following command

load updall -R mail/USERDB.nsf

( -R : Rebuild All used views)

Fixed !

Jz!

From the Diary / 12th July, 2016

We are using Symantec IBM lotus Domino as our mailing system for inbound/outbound emails & Symantec Mail Security as anti-spam mechanism. Managing heavily used production email server & fighting with the spam is a really tough job to do and requires continuous monitoring and most times requires additional work to do on regular basis.

From past few days, our email users were receiving lot of spoofed (faked advertisement / malware) emails pretending to be coming from there own email address and sometimes other legitimate users as well.. Subject was different every time , and source was dynamic too in the header. It was really annoying as user does not wants to block his email address in filters.

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Example you can receive email pretending to be coming from your own email address, strange and annoying as well too.

Adding SPF record is a good idea and every mail server mx record should have it. However I took another route which is a kind of workaround BUT at least it’s working amazingly good for me !.

Just to share my story. / z@ib

I made following rule in SMSDOM Content Filter Rules Section.

Description: BLOCK SPOOFED EMAILS RULE

Classification: Compliance Rule

This rule is for: Email Routing

Flow: Inbound

This rule is applied: Conditionally

Condition: Unless

Attributes: Sender/Author > myself@mycompany.com
[Exempt my few local servers email ids that are used to send backup/alerts emails to admin via using batch scripts]

Rule Expression: if Internet Domain Contains MYCOMAPNY.COM

Action: QUARANTINE the Document

Save the rule.

Images of rules,

End Results:

:) & now I can see many spoofed emails dropping in  the quarantine box and user’s inbox is clean and shiny.

TIPS:

Test Spoofing

To test sending spoofed email, you can use following web site to do so ..

https://www.wormly.com/test_smtp_server

SPF RECORD: / zaib

To make SPF record on the DNS server, you can use following syntax

v=spf1 mx ip4:1.2.3.4 -all

Above record will allow all your MX records + IP 1.2.3.4 to send email from your domain, everything else is prohibited. But the mail servers or relays must support SPF protocol.

Or if you have two ISP links for primary and secondary mx, (two ip addresses), You can use following

v=spf1 mx ip4:1.2.3.4 ip4:5.6.7.8 -all

whereas 1.2.3.4 , 5.6.7.8 are the Public ip address of your email server.

OR something like

In above image, 1.2.3.4 is primary internet link IP for email server, and 5.6.7.8 is seconday backup internet link IP , so I added both in the record.

Regard’s

Syed Jahanzaib

In our company, we have IBM Lotus Domino Mail Server which i managed myself. Getting Lotus Domino support is quite a tough job, especially if you dont have any support SLA with the IBM, which generally costs heavy amount in $. Therefore I have to manage things on my own mostly using google and with some common sense lol.

Today we received an email from a valid client, and when we tried to copy or reply him with history, we receive following error.

It also happens if user have selected following in mail delivery options.

Without going in much details (which is already available in greater details on the internet), here is how I managed to sort it.

Requirements: Domino Admin Client.

Open user mail file via Domino Admin Client.
Goto Create / Agent,

As showed in the image below …

Make sure you select FORMULA as shown above, and copy paste following code …

FIELD $KeepPrivate := @DeleteField;

Save it with any name like “remove keep private” and exit.

Lotus Notes Client:

Now open Lotus Notes Client , goto inbox and open the affected email,

Now goto Action / and you will see the newly created agent name. click on it.

As showed in the image below …

it may take just a second or two most, and will remove the restriction

Enjoy !

Syed Jahanzaib

Scenario:

We are using IBM’s Lotus Domino 8.x on Windows 2008 R2 with following folders structure.

• D:\LOTUS\DOMINO\DATA\MAIL   > 500 GB , users inbox
• D:\LOTUS\DOMINO\DATA\MAIL\ARCHIVE > 1000 GB , users archived mails

Archiving policy is enabled on the server-end which runs on a weekly basis, It moves One year old email from the inbox folder to ARCHIVE folder with a_username structure. Disk Space was getting low in D: partition therefore I had added new drive (E:) and wanted to move user ARCHIVE(s) to new partition E:\ARCHIVE

There were few solutions to perform the operation, Online & Offline.

With Online approach we could use the Domino’s builtin MOVE operation (via domino admin client) in which we dont have to take any shutdown, but then we would need to get the timing right. If the mailfiles are not moved into the new folder before our  scheduled , server archive runs then new archive files will be created which may complicate things.

But since I was able to afford 2 hours down time I took the OS cut/paste option.

I did following

1. Quit the Domino via Admin Client, then Stop the Domino Services via SERVICES.
2. Moved (Cut n Paste) ARCHIVE folder from D to E: drive (e:\archive2 folder)
3. In D:\LOTUS\DOMINO\DATA\MAIL folder , I created a text file called ARCHIVE.DIR
   In text file put I added path E:\ARCHIVE).
4. Start Domino Server service (Or better to restart the server).

& all went fine.

I am big fan of Domino’s own MOVE operation, but after few months, I will be replacing this machine with new server, then it would be a problem to move the archives again. there fore above Operation was a good choice from Layman’s management perspective

Hope it will help someone with same situation.

Regard's
~Syed Jahanzaib~

We have IBM v3700 SAN system along with expansion unit as well. From past 2 weeks, there was loud noise generating from the SAN PSU like its running on full capacity. After some research it was found out that its a known bug in the v3700 series SAN and following actions should be taken to sort it.

1. If you have IBM warranty/SLA, call the support, they will rectify the issue as IBM support is very good & quick in most cases. MAke sure you get the San Machine Type / Serial numbers before calling.

If you are managing the SAN on your own, then follow these instructions

1. The first thing to try is to ‘reseat the PSU cable’ of the PSU that is running high.
2. If reseating the cable did not work, try reseating the PSU. After a few seconds, then fan speed should start to fall.
3. Make sure you are running the latest firmware. I was running 7.1.0.5 (build 80.4.1309270000) that was very old (as of Sep,2017). A fix for this issue has been included from code level 7.6 onward. This fix works for V3700, V5000 and V7000 Gen2 so an upgrade will fix the problem. The new firmware is 7.8 as of current date.
4. Finally the issue should be resolved by resetting the entire canister. Connect to the SAN controller using PUTTY, & issue following command [This point#3 solved my problem]

chenclosurecanister -reset -canister <can> <encl>

You need to find out which canister PSU is making noise. Example

chenclosurecanister -reset -canister 1 1

If you have additional canister, then you may use (wait half hour before applying command to 2nd canister)

chenclosurecanister -reset -canister 2 1

As showed in below image …

Wait for few minutes & the PSU sound should come back to normal.

Regard’s
Syed Jahanzaib

We are using IBM Lotus Domino 8.5.3 / FP6 (Yep its decade old version, but we are still using it). Following are some short notes for personnel reference.

Delete mail.box

tell router quit
tell smtp quit
VIEW
# quit domino
q
# Move mail boxes files (I had 2 mailbox to hold more mails)
# Move mail1.box & mail2.box out of notesdata dir via OS file explorer
# Now start domino
# Open old mail boxes and copy (valid) held messages into new one .....

Reconfigure Lotus Notes Client (Old installation)

Use the steps below to recreate the core configuration files.

1. Move the following files out of the \data directory to a backup directory.

names.nsf
desktop8.ndk
bookmark.nsf
cache.ndk

2. Copy the original notes.ini from the Notes program directory to the backup directory.

3. Delete all but the first three lines in the notes.ini in the Notes program directory and save it. The edited notes.ini should look like this:

[Notes]
KitType=1
Directory=C:\program files\notes\data

4. Launch the Notes client to run the setup program again. Notes recreates each of the files listed above and re-populates the notes.ini file.

Cannot find external name: NAMESORTVIEWPO

1. Open your inbox
2. Select Actions – Folder – Upgrade folder design
3. Choose “Automatic” and complete the process.
4. Close/reopen mail.

This should fix your problem.

Lotus Notes TEMP location for opened saved files

Goto Start / type

%temp%

and press ENTER. it will show you few folders. Look for folder name starting with “notesxxxxx” this folder contains all the temporary files.

Lotus Notes Default Browser Setting

For

IBM Lotus Notes 8.5 / Release 8.5.3FP6
Revision 20131126.1400-FP6 (Release 8.5.3FP6)
Standard Configuration

1. Goto Files
2. Preferences
3. Web Browser
4. & select ‘Use the Browser I have set as the default for this operating system’

Fixing Lotus Notes so the inbox opens by default

Ever opened up your mailbox in Lotus Notes and for some reason it opens up by default one of your sub-folders instead of your inbox?

Someone at work had this issue and I felt like banging my head against the wall trying to find a resolution. Anyone who has to help maintain Lotus Notes knows my pain. Considering that Notes is used by so many companies, the amount of help resources online is surprisingly few.

After much searching, I found the answer though on a vaguely worded post on IBM’s Lotus Notes forums that was over 3-years old. It really sounded like a last gasp guess by someone, but with no reply saying if it actually worked.

Which it did!

All you need to do is delete, move, or rename your bookmarks.nsf file from your local Notes client Data folder. The next time Lotus Notes starts up, the bookmarks.nsf file will be recreated and Notes will once again default to your inbox when your mailbox is opened.

Warning: Keep in mind that any other settings made to the bookmarks.nsf file will be lost. For example, any changes to the vertical toolbar on the left side will be gone. That is why the best policy is to backup bookmarks.nsf first. You have been warned.

IBM Same-time Does not Open ! (v7.5)

Fist try to upgrade with latest release, it will solve many issues !

Case # 1

Symptom:
Sametime Connect displays the splash screen but does not start.

Resolution:
Before performing an unnecessary re-installation of the Sametime client, try to resolve the issue by following these steps:

1. Close the Sametime application.

2. Locate the file C:\Documents and Settings\Administrator\IBM\RCP\Sametime\.metadata\plugins\com.ibm.collaboration.realtime.imhub\shelfmemento.xml.

3. Delete the file C:\Documents and Settings\Administrator\IBM\RCP\Sametime\.metadata\plugins\com.ibm.collaboration.realtime.imhub\shelfmemento.xml.

4. Restart the Sametime application.

5. If that does not help, delete or rename C:\Documents and Settings\Administrators\IBM\RCP\Sametime or
C:\Documents and Settings\”Username”\IBM\RCP\Sametime

If nothing works, remove same time, delete its leftover folders, restart, and re install the sametime client.

Case#2

Lotus SameTime doesn’t start when launched

Short Description: Attempting to launch Lotus Sametime results in the application being highlighted in the taskbar but not getting to the splash screen or subsequently launching.

Problem:  In my case, TaskManager will show multiple copies of “rcplauncher.exe” are running but Sametime.exe is not. It appears to be a copy of the file %APPDATA%\Lotus\Sametime\.rcp.lock is…well…locked and preventing the application from launching.

To fix step by step:

Kill all instances of rcplauncher.exe

Remove the hidden attribute from %APPDATA%\Lotus\Sametime\.rcp.lock
delete or rename .rcp.lock (I’m not sure there are a lot of situations in which you would need to back up this file, but if you’re concerned, back it up).

Or run this from command line/as a cmd file:

Taskkill /F /IM rcplauncher.exe (for earlier versions of windows kill.exe may be necessary instead of taskkill)

attrib -a -h %APPDATA%\Lotus\Sametime\.rcp.lock

del /q %APPDATA%\Lotus\Sametime\.rcp.lock

if the file isn’t found and shows in explorer, check that the APPDATA environment variable is set correctly

“set |findstr APPDATA” should return

<users>\<your username>\AppData\Roaming

Lotus Traveler

After the inreasing usage of Android back in year 2013, I installed Lotus traveler (in 2014) so that android users can use IBM Verse mail app in there mobile to sync with office server.

Case#1 ,

JVM: Traveler: Lotus Traveler task did not respond within the allotted time frame (55,000 milliseconds) for action nameLookup and operation key

There is a database or connectivity issue on the server side. If you haven’t run the defrag on the Traveler (load traveler -defrag), do so now !

rvv bucket error

The error “RRV bucket is corrupt” can’t be repaired. RRV bucket means “Record Relocation Vector” table, and if this is damaged, then it can’t be repaired. Fixup, compact, updall and replace design all will fail and will throw the same error. The only solution is to replace with the last back up copy of database. RRV bucket becomes corrupt if the OS hangs, crashes or restarted at the moment when the Record Relocation Vector table is being updated.

Scenario:

We have a LAN environment with our own email server [IBM Lotus Domino] hosted locally. Mikrotik router is acting as our gateway router with /29 public pool & port forwarding from mikrotik public ip to email server is configured. Barracuda Antispam gateway is in place as well.

Problem & Challenges :

Sometimes there are few email servers on the internet that does not accept our emails, either they bounce back or silently drop our emails despite our public IP is not listed in any of blacklisting on the internet[It happens commonly with microsoft hosted email servers as they silently drop our emails without informing any reason]. If we use our ISP SMTP as relay in the DOMINO configuration, then the emails delivers to those particular servers without problem. But we cannot use ISP SMTP for all emails routing/relaying as they have per day sending limit, and we donot get proper reports for delivered or hold emails.

Another BIG problem is that sometimes ISP’s SMTP server IP gets ban/added in the spamhaus or likewise SPAM blacklist database & when this happens 80-90% emails bounces back.

So we needed a solution where we should not use ISP SMTP relay all the time but only particular destination email server’s mails should be routed to ISP smtp. & it should all be controlled by our Mikrotik RouterOS dynamically/centrally.

Solution:

First created a address list which should contain IP addresses of remote email servers [that donot accept our emails directly]

/ip firewall address-list
add address=smtp.remotemail.server.com comment="remote company mail server X IP" list=few_mails_routing_2_primary_ISP_smtp

Now using NAT rule, we will forcefully route all emails [port 25 traffic] going to above address list, will be routed to ISP SMTP , with below rule …

# 1.2.3.4 is the ISP SMTP IP

/ip firewall nat
add action=dst-nat chain=dstnat comment="Few Mails Routing 2 primary ISP smtp" dst-address-list=few_mails_routing_2_primary_ISP_smtp dst-port=25 protocol=tcp to-addresses=1.2.3.4 to-ports=25

It’s done.

BUT next challenge is to overcome issue when ISP changes it’s SMTP IP address for whatsoever reason, so we need to schedule a script that will keep checking the ISP SMTP IP by resolving it via google dns, and update the ISP SMTP IP in the NAT rule. [As per my knowledge we cannot put DNS name in TO-ADDRESS field, this is why putting IP is necessary, & update it dynamically is also essential to avoid bouncing email dueot blacklisting for ISP old SMTP IP]

the Script !

or workaround I suggest for very particular problem?

# Mikrotik routerOS script to resolve ISP SMTP, and add it to variables & in NAT rules
# Useful in scneario where ISP change its smtp IP frequently (to avoid SMTP Blacklisting)
# Script by Syed Jahanzaib / aacable at hotmail dot com / https : // aacable . wordpress . com
# 31-January-2019
# Find rule with following comments
:local COMMENT "few_mails_routing_2_primary_ISP_smtp";
# DNS Name of SMTP for resolving
:local ISP1SMTPDNSNAME "smtp.multi.net.pk";
# Which DNS server to be used for resolving
:local DNSSERVER "8.8.8.8";
# Below is Default IP of SMTP Server, so that if resolving cannot be done for what so ever reason, set this IP as DEFAULT SMTP
:local DEFAULTSMTP "202.141.224.89";
# Destination port that need to be redirected
:local DSTPORT "25";
# Dat time variables
:local i 0;
:local F 0;
:local date;
:local time;
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get time])
:local sub3 ([/system clock get date])
:set date [/system clock get date];
:set time [/system clock get time];
# Set script last execution date time
:global SMTPLastCheckTime;
:set SMTPLastCheckTime ($time . " " . $date);

# Set global variables to store for ISP SMTP & its last resolved status
:global ISP1ACTIVEIP4SMTP;
:global ISP1SMTPLASTRESOLVERESULT;

# Check if resolving is doable, then act accordingly
:local RESOLVELIST {"$ISP1SMTPDNSNAME"}
:foreach addr in $RESOLVELIST do={
:do {:resolve server=$DNSSERVER $addr} on-error={
:set ISP1ACTIVEIP4SMTP "$DEFAULTSMTP";
:set ISP1SMTPLASTRESOLVERESULT "FAILED";
:log error "$ISP1SMTPDNSNAME resolved result: FAILED @ $date $time !";
/ip firewall nat set to-addresses=$DEFAULTSMTP to-ports=$DSTPORT [find comment="$COMMENT"] }}

# If resolving is ok from above results then set resolved address as default SMTP ip
:if ($SP1SMTPLASTRESOLVERESULT !="FAILED") do={
:log warning "$ISP1SMTPDNSNAME resolved result: SUCCESS @ $date $time !";
:set ISP1ACTIVEIP4SMTP [:resolve "$ISP1SMTPDNSNAME"];
:set ISP1SMTPLASTRESOLVERESULT "SUCCESS";
/ip firewall nat set to-addresses=$ISP1ACTIVEIP4SMTP to-ports=$DSTPORT [find comment="$COMMENT"]
}

We can add dynamic names in the ISP SMTP address list.

Regard’s
SYED JAHANZAIB

This post is about a case study regarding “Denied access Notes users are still able to access mails through IBM Notes Traveler“.

We are using IBM lotus Domino server as per following

[13FC:000A-1574] 07/01/2019 12:45:02 PM XXXXX Web Server: Access Denied Exception [/traveler?action=sync&orig=sp&deviceId=Android_a41df4vf3fe46a8e3a] CN=MY USER/O=MYCOMP

We are using Lotus Domino 8.5.3.xxx series mail server which have many local groups along with associated members in it. Yesterday an valid external user sent annoying email to some of local groups like dept1@mydomain.com & the email got delivered to all members associated with this group despite there was no email/internet address defined for it. This happened for the first time & we were surprised as it was not in our knowledge before that external user can send email to local groups as well despite not having internet addresses created for it exclusively.

After doing some R&D and posting to lotus domino groups, it was revealed that under Server Document / Configuration Setting / Router/SMTP / Basics  , there was a setting named ADDRESS LOOKUP set to FULLNAME THEN LOCAL PART , which was responsible for accepting email for the local group even though there was no internet address associated with it.

Some explanation :

FULLNAME THEN LOCAL PART (default):

The Router first searches the Domino Directory for a match for the full Internet address (localpart@domain.com). If no match is found, it searches the directory again, looking for a match for the local part of the address only.

After setting it to FULLNAME ONLY, [followed by tell router update / tell adminp p all / sh nlcache reset] the issue got resolved & now when external user sends email to DEPT1@mydomain.com , he gets ‘Recipient could not be found’ NDR report.

[0B60:000A-18F4] 02/28/2020 08:45:26 AM SMTP Server: Mail for dept1@mydomain.com rejected for policy reasons. Recipient could not be found in the Domino Directory.

NOTE: Full Name Only in conjunction with not having an Internet Address specified for the Group will work.

Other workarounds:

Initially we restricted flow email destined to local group by using two methods

1) MAIL RULES

Under Server Document / Configuration Setting / Router/SMTP / Restrictions & Control / Rules , add a new rule like following

dont forgot to Move this rule on TOP

I have also added my id in exception so that I can send email This is example for EXCEPTION.

2. Group based ACL 

Second method is by putting ACL on each group so that only particular user can see the group , list members, or send email to that particular group. Use the reader attributes of the group being used to email to (open the document properties of the group and click on the tab with the key). Set who can read the group to a limited group of people who are authorized to send such broadcasts. Be sure to include localdomainservers as well as the names of the people who maintain the group. Now they can put it into the TO field without concern for someone replying to all since only someone who can see the group can use it. This works for external users as well because smtp messages are treated as anonymous. Unless you give anonymous access to the group, they can’t use it either.

This is briefly described here

https://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_restrictingusersfromsendingmailtogroupsinthedomi_t.html

Regard’s
Syed Jahanzaib

Recently one of our Lenovo SR650’s disk got faulty. It had 14 x 1.2 TB 10k SAS disks. As a long term solution & to avoid any urgency, we decided to remove 2 disks (faulty one for replacement & one for cold spare backup to be used by same or other similar servers).

Once we re-created new Raid.-10 & rebooted the server , boot screen was showing below error

We tried to follow the Lenovo Note which instructed to go into Setup->System Settings->Recovery->Disk GPT Recovery and set to “Automatic.” but still the error didn’t sorted. To settle it on Server Bios level, we performed following steps

• Update SR650 UEFI Firmware ( Lenovo Download Link )
• Removed Raid Config, Re-create Raid Config with Full Initialization
• Full power cycle the server once above is done.

This sorted the Bios screen error regarding GPT.

But once we started the Vmware ESXI 6.5.x installation , it was failing (between 5% and 8%) with the following error …

“partedUtil failed with message: Error: The primary GPT table states that the backup GPT is located beyond the end of disk. This may happen if the disk has shrunk or partition table is corrupted. … Error: Can’t have a partition outside the disk!  BLAH BLAH BLAH …”

Solution # 1

Boot with any windows ISO ( Must have the RAID controller driver or the OS should have in-built drivers, in my case, windows server 2019 had the raid drivers). You can also use Linux base Boot OS .

Re-create the partition , Format & Booom. Afterwards just boot from ESXI ISO/CD/USB/Networkboot , and the ESXI will install fine.

Solution # 2 (Quick & Recommended for admins)

During ESXi installer at anywhere ,

Press Alt-F1 (which will bring you to shell window asking for credentials)

Use following credentials

• ID: root
• Password: No password. Just press enter & you can use the CMD’s to sort the issue

Issue the below CMD which will show you list of disk device names that can be managed by partedUtil

ls -ltrh /vmfs/devices/disks

** Note the disk ‘identifier’ that we want to fix. In my case it was 6.5 TB partition in which we wanted to install the esxi.

Now issue the below cmd

partedUtil mklabel /dev/disks/naa.600062b2031e00402a165add7ff9c3ac msdos

This overwrited the brooked partition table. Now return to the installer screen and continue.

This time, esxi installation went fine without errors.

Regard’s
Syed Jahanzaib