Download VMware OVF Tool from here : http://communities.vmware.com/community/vmtn/vsphere/automationtools/ovf

Install the OVF tool

Run the OVF tool with the following options

ovftool /yourjumbox/JumpBox.vmx /folder/foryourovf

Just wait for the transfer to be done and you will be ready to import your Jumbox in vSphere or VirtualBox.

To see all option use :
ovftool --help

dig.exe
libbind9.dll
libdns.dll
libeay32.dll
libisc.dll
libisccc.dll
libisccfg.dll
liblwres.dll

If you intend to use dig alot I suggest that you add it’s folder to your path for more convenience.

Open a command prompt and go to c:\dig and type “dig www.google.com”. You should see something like this :

C:\dig>dig www.google.com

; <<>> DiG 9.4.2 <<>> www.google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 470
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         10182   IN      CNAME   www.l.google.com.
www.l.google.com.       193     IN      A       72.14.205.147
www.l.google.com.       193     IN      A       72.14.205.99
www.l.google.com.       193     IN      A       72.14.205.103
www.l.google.com.       193     IN      A       72.14.205.104

;; Query time: 15 msec
;; SERVER: 10.150.250.1#53(10.150.250.1)
;; WHEN: Sun Mar 02 00:28:44 2008
;; MSG SIZE  rcvd: 116

C:\dig>

This is the basic syntax to make basic queries:
dig [domain] [query type] @[nameserver]

Here is a small list of sample query you can give to dig in your everyday use.

When no query type is specified dig will return the “a” record(s) for the domain from your configured name server
dig google.com

This return the mx records for google.com and the “a” records for each mx from your configured name server
dig google.com mx

This will query the name server 198.235.216.130 for “a” records of the domain google.com
dig google.com a @198.235.216.130

Here is the definition of domain spoofing from answers.com :

The unauthorized use of a third-party domain name as the sender’s name in an e-mail message. Most often used by spammers, spoofing the name of a popular retailer or organization entices the recipient to read the full message.

Some negative effect of email spoofing of your domain are bad publicity, flood of bounce notification for emails you did not send, possibly phishing of your e-commerce site and spam getting to your end users because of white listing of you own domain in your spam filter.

There are 3 main methods of preventing spoofing :

• Sender Policy Framework (SPF records)
• Sender ID Framework (SIDF) (Microsoft’s implementation of SPF)
• DomainKeys Identified Mail (DKIM)

In this post I will explain how to use SPF records since it is the easiest to setup and the most widely adopted of the three mechanism. This goal of this post is to get you started with SPF records and help you start design a record for your domain and is far from covering the whole complexities of mail servers and authentication mechanism. For more advanced information I encourage you to read trough the links posted at the end of this post.

A SPF record is a text record for your domain name specifying which servers are allowed to send mail for the domain. This is why it is important to do a good evaluation of your network for all the possible sources of email for your domain. This includes but is not limited to website confirmation mail, mobile devices (BlackBerrys, Palm, etc) and Internet load balancer (more on that later).

Once you have defined all the sources of email (IP and DNS name) you can start creating the SPF record. I will be using example.com with the following records.

example.com MX 10 mx1.example.com
example.com MX 20 mx2.example.com
mx1.example.com A 111.111.111.25
mx1.example.com A 111.111.111.26
www.example.com A 111.111.111.80


Considering that mx1.example.com, mx2.example.com and www.example.com send email from example.com we would create the following spf record :

"v=spf1 mx ip4:111.111.111.80 -all"

v=spf1
All SPF record should begin with this

mx
This is a alias including all the servers in mx records (in this case mx1.example.com and mx2.example.com)

ip4
This specify another valid outgoing server by IP, we can also add the mask to this so if we wanted to allow the whole 111.111.111.0 subnet to send mail we would have written ip4:111.111.111.0/24.

-all
The “-” means that the following host is denied to send mail for our domain. “all” will match everything

A receiving server looking up the spf record will try to match the conditions from left to right, this is why we put -all at the end, to make sure any host not specifically mentioned before is denied.

Now our records would look like this :
example.com MX 10 mx1.example.com
example.com MX 20 mx2.example.com
mx1.example.com A 111.111.111.25
mx1.example.com A 111.111.111.26
www.example.com A 111.111.111.80
example.com TXT "v=spf1 mx ip4:111.111.111.80 -all"

When using a Internet load balancer, outgoing mail may pass trough different IP when leaving your internal network and if only one of the wan IP is in the SPF record then you may experience mail bouncing back because of SPF failure (Trust me, I learned it the hard way). In this situation you can either put all your wan IPs in the SPF record or use only one and force outgoing smtp traffic to pass through the allowed IP.

If you are using your ISP’s smtp server as a smarthost for you mail server make sure to add it to the spf record too since the smart host will be considered the sending server.

You can read the links below for more information on email authentication and the different mechanism available. On www.openspf.org you will find tools to help you design you record, a full page describing the SPF syntax and tools to test your SPF records. I also included links to SenderID and DKIM sites.

Links

http://en.wikipedia.org/wiki/E-mail_authentication

SPF

http://www.openspf.org/
http://en.wikipedia.org/wiki/Sender_Policy_Framework

DKIM

http://www.dkim.org/

SenderID

http://en.wikipedia.org/wiki/Sender_ID
Implementation Tips for the Sender ID Framework—Creating Your SPF Record