Mathieu Dallaire

If after installing VMware Workstation 6.5 on your Ubuntu workstation you have problems with keymaps inside your virtual machines (arrows not working or binded to other keys) you have to add the following lines at the end of /etc/vmware/config

xkeymap.keycode.108 = 0x138 # Alt_R
xkeymap.keycode.106 = 0x135 # KP_Divide
xkeymap.keycode.104 = 0x11c # KP_Enter
xkeymap.keycode.111 = 0x148 # Up
xkeymap.keycode.116 = 0x150 # Down
xkeymap.keycode.113 = 0x14b # Left
xkeymap.keycode.114 = 0x14d # Right
xkeymap.keycode.105 = 0x11d # Control_R
xkeymap.keycode.118 = 0x152 # Insert
xkeymap.keycode.119 = 0x153 # Delete
xkeymap.keycode.110 = 0x147 # Home
xkeymap.keycode.115 = 0x14f # End
xkeymap.keycode.112 = 0x149 # Prior
xkeymap.keycode.117 = 0x151 # Next
xkeymap.keycode.78 = 0x46 # Scroll_Lock
xkeymap.keycode.127 = 0x100 # Pause
xkeymap.keycode.133 = 0x15b # Meta_L
xkeymap.keycode.134 = 0x15c # Meta_R
xkeymap.keycode.135 = 0x15d # Menu

Some articles suggests adding the lines to /home/user/.vmware/config but in my experience it breaks the Unity function.

Mathieu Dallaire Ubuntu, VMware

SlickRun is a floating command line tool for windows. It allows you to run custom command defined by yourself and built-in Windows commands. For example I can create a command that points to UltraVNC viewer executable and call it vnc. Now to connect to a remote computer I only have to call SlickRun, type “vnc computername” and I’m connected to the computer. The next time you have to connect to that same computer you just type in “vnc com” and if you have auto-complete enabled SlickRun will fill in the rest of the word for you.

You can use SlickRun to call and provide parameters to batch files or tools like RemCom and NirCmd to execute complex operations on remote computers using simple commands. The possibilities are almost infinite.

www.bayden.com/SlickRun

Mathieu Dallaire Free Tools

Dig is a nice linux/unix tool to query dns servers which is included by default in most linux distribution. You can get dig from BIND which is provided by the ISC ftp://ftp.isc.org/isc/bind/. Just grab the zip file for the latest version and extract the following files to c:\dig (or any folder that suits your need)

dig.exe
libbind9.dll
libdns.dll
libeay32.dll
libisc.dll
libisccc.dll
libisccfg.dll
liblwres.dll

If you intend to use dig alot I suggest that you add it’s folder to your path for more convenience.

Open a command prompt and go to c:\dig and type “dig www.google.com”. You should see something like this :

C:\dig>dig www.google.com

; <<>> DiG 9.4.2 <<>> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 470
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         10182   IN      CNAME   www.l.google.com.
www.l.google.com.       193     IN      A       72.14.205.147
www.l.google.com.       193     IN      A       72.14.205.99
www.l.google.com.       193     IN      A       72.14.205.103
www.l.google.com.       193     IN      A       72.14.205.104

;; Query time: 15 msec
;; SERVER: 10.150.250.1#53(10.150.250.1)
;; WHEN: Sun Mar 02 00:28:44 2008
;; MSG SIZE  rcvd: 116

C:\dig>

This is the basic syntax to make basic queries:
dig [domain] [query type] @[nameserver]

Here is a small list of sample query you can give to dig in your everyday use.

When no query type is specified dig will return the “a” record(s) for the domain from your configured name server
dig google.com

This return the mx records for google.com and the “a” records for each mx from your configured name server
dig google.com mx

This will query the name server 198.235.216.130 for “a” records of the domain google.com
dig google.com a @198.235.216.130

Mathieu Dallaire DNS, How to

Spam going trough you mail system to your end users is only part of the spam problem. There is another part called domain or email spoofing.

Here is the definition of domain spoofing from answers.com :

The unauthorized use of a third-party domain name as the sender’s name in an e-mail message. Most often used by spammers, spoofing the name of a popular retailer or organization entices the recipient to read the full message.

Some negative effect of email spoofing of your domain are bad publicity, flood of bounce notification for emails you did not send, possibly phishing of your e-commerce site and spam getting to your end users because of white listing of you own domain in your spam filter.

There are 3 main methods of preventing spoofing :

• Sender Policy Framework (SPF records)
• Sender ID Framework (SIDF) (Microsoft’s implementation of SPF)
• DomainKeys Identified Mail (DKIM)

In this post I will explain how to use SPF records since it is the easiest to setup and the most widely adopted of the three mechanism. This goal of this post is to get you started with SPF records and help you start design a record for your domain and is far from covering the whole complexities of mail servers and authentication mechanism. For more advanced information I encourage you to read trough the links posted at the end of this post.

A SPF record is a text record for your domain name specifying which servers are allowed to send mail for the domain. This is why it is important to do a good evaluation of your network for all the possible sources of email for your domain. This includes but is not limited to website confirmation mail, mobile devices (BlackBerrys, Palm, etc) and Internet load balancer (more on that later).

Once you have defined all the sources of email (IP and DNS name) you can start creating the SPF record. I will be using example.com with the following records.

example.com MX 10 mx1.example.com
example.com MX 20 mx2.example.com
mx1.example.com A 111.111.111.25
mx1.example.com A 111.111.111.26
www.example.com A 111.111.111.80


Considering that mx1.example.com, mx2.example.com and www.example.com send email from example.com we would create the following spf record :

"v=spf1 mx ip4:111.111.111.80 -all"

v=spf1
All SPF record should begin with this

mx
This is a alias including all the servers in mx records (in this case mx1.example.com and mx2.example.com)

ip4
This specify another valid outgoing server by IP, we can also add the mask to this so if we wanted to allow the whole 111.111.111.0 subnet to send mail we would have written ip4:111.111.111.0/24.

-all
The “-” means that the following host is denied to send mail for our domain. “all” will match everything

A receiving server looking up the spf record will try to match the conditions from left to right, this is why we put -all at the end, to make sure any host not specifically mentioned before is denied.

Now our records would look like this :
example.com MX 10 mx1.example.com
example.com MX 20 mx2.example.com
mx1.example.com A 111.111.111.25
mx1.example.com A 111.111.111.26
www.example.com A 111.111.111.80
example.com TXT "v=spf1 mx ip4:111.111.111.80 -all"

When using a Internet load balancer, outgoing mail may pass trough different IP when leaving your internal network and if only one of the wan IP is in the SPF record then you may experience mail bouncing back because of SPF failure (Trust me, I learned it the hard way). In this situation you can either put all your wan IPs in the SPF record or use only one and force outgoing smtp traffic to pass through the allowed IP.

If you are using your ISP’s smtp server as a smarthost for you mail server make sure to add it to the spf record too since the smart host will be considered the sending server.

You can read the links below for more information on email authentication and the different mechanism available. On www.openspf.org you will find tools to help you design you record, a full page describing the SPF syntax and tools to test your SPF records. I also included links to SenderID and DKIM sites.

Links

http://en.wikipedia.org/wiki/E-mail_authentication

SPF

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

DKIM

http://www.dkim.org/

SenderID

http://en.wikipedia.org/wiki/Sender_ID
Implementation Tips for the Sender ID Framework—Creating Your SPF Record

Mathieu Dallaire DNS, How to, Spam Filter

Quick Sound Switch is a great tool for people using USB headphones and one or multiple sound card. It’s a taskbar icon that allow you to quickly switch the default sound device between your available sound cards. The change only applies to newly opened process so just make sure to switch to the desired device before launching the application that will be using it.

http://www.quicksoundswitch.toflo.de/

Mathieu Dallaire Free Tools