ESMTP size violation
I've recently started seeing messages like this on my firewall (separating my internal mail server from my DMZ antispam device). I'm not sure if this is tied in to any firewall IOS upgrades I've recently completed (recently went from 8.2.x to 8.3.1 to 8.4.1).
In between these messages, I see plenty of traffic on port 25 and mail is being received/delivered. I can't say for sure *all* mail is being received/delivered and there does seem to be a longer delay on messages in the mailserver queue.
%ASA-7-108006: Detected ESMTP size violation from inside:192.168.4.22/11142 to dmz:192.168.2.77/25; declared size is: 3997, actual size is 4256
%ASA-7-108006: Detected ESMTP size violation from dmz:192.168.2.77/60462 to inside:192.168.4.21/25; declared size is: 19681, actual size is 19708
%ASA-7-108006: Detected ESMTP size violation from dmz:192.168.2.77/45901 to inside:192.168.4.21/25; declared size is: 9214, actual size is 9216
I'm not sure if the ASA is just complaining, or actually dropping these packets - how can I find out more information on what the firewall is actually doing and what can I do to remedy this error?
Thanks,
Greg
You can remove this log message with option mask in custom policy for esmtp:
match ehlo-reply-parameter size
mask
Full custom policy like this:
policy-map type inspect esmtp custom-smtp
parameters
no mask-banner
no mail-relay
no special-character
allow-tls
match cmd line length gt 512
drop-connection log
match cmd RCPT count gt 100
drop-connection log
match body line length gt 998
log
match header line length gt 998
drop-connection log
match sender-address length gt 320
drop-connection log
match MIME filename length gt 255
drop-connection log
match ehlo-reply-parameter size
mask
Similar Messages
-
ESMTP SIZE Support in Apple Mail?
There are currently no ESMTP settings in Apple Mail, but I wonder if there are plans for the future, or hidden settings somewhere. Since my mailservers - dovecot and pegasus mail - supports ESMTP SIZE and are set to not accept messages larger than 4 megs it's slightly annoying that the messages are plainly dropped if larger, with no warning. Same is true with for example Outlook, but both Thunderbird and Pegasus mail handles it like it should: the message isn't even sent if it's too big, since its size is included in the HELO, and the mail program warns that the server doesn't accept email over size so-and-so.
Any suggestions, or does anyone knows why ESMTP settings aren't included somewhere in Apple Mail?you're not alone. see a similar thread: http://discussions.apple.com/thread.jspa?threadID=2590118
i just tried this and for now, it seems to work. i'm waiting for feedback from other Win PC & Mac users.
Change Message font to Lucinda Grande 12 (seems to be the only font that works to solve this problem)
Signature - change font to 10
Uncheck "Always match..."
if it works for you, please let us know. -
HT4863 554 5.7.0 Message Size Violation
I'm trying to send an email with a 4.7MB attachment (zip file, with a single file within) which is getting bounced by iCloud.com (554 5.7.0 Message Size Violation).
Looking at the limits, I should be able to send/receive email with attachments up to 20MB? Why is this email being bounced because of its size?
Any help would be greatly appreciated.
CheersFrom our helpful member, Carolyn Samit...
From your Safari menu bar click Safari / Empty Cache.
Quit then relaunch Safari, login to iCloud.com.
See if you can open an attachment.
If that didn't help, go to Safari / Preferences then select the General tab.
At the bottom of that pane select: Open "safe" files after downloadiing
Quit then relaunch Safari. Try again. -
5.7.0 Message Size Violation
I've used mobile me for a few years now. I moved to iCloud when it was recently released. All has been working fine, but today it suddenly starts rejecting attachements in emails sent to me. Someone has been trying to send me a zip file that is under 500kb, but the me server keeps rejecting it with the error message 5.7.0 Message Size Violation.
Not sure why or how to fix it. Can anyone help?From your Safari menu bar click Safari / Empty Cache.
Quit then relaunch Safari, login to iCloud.com.
See if you can open an attachment.
If that didn't help, go to Safari / Preferences then select the General tab.
At the bottom of that pane select: Open "safe" files after downloadiing
Quit then relaunch Safari. Try again. -
ICloud email - Message Size Violation
Emails are rejected by the iCloud email server, apparently for the following reason: "5.7.0 Message Size Violation", however this happens at random, irrespective of the actual message size.
Seems to me that I'm getting same error when I'm sending a zipped file containing many folders and files inside...
It's only 2.8MB .ZIP.
No problems if I send an even bigger jpeg image.
Weird. -
ICloud email rejects 1.3MB attachment - message size violation
what's going on? Someone is trying to send me a pages document - 1.3MB file size - to my iCloud email, and it bounces back with "Message size violation". I have plenty of space left on iCloud account and this has never happened before.. **** poor Apple!!
Seems to me that I'm getting same error when I'm sending a zipped file containing many folders and files inside...
It's only 2.8MB .ZIP.
No problems if I send an even bigger jpeg image.
Weird. -
TS3276 554 5.7.0 Message Size Violation.
That's the message my friend got trying to send me a large file. What can I do on my end to fix it?
Colin Brunton wrote:
That's the message my friend got trying to send me a large file. What can I do on my end to fix it?
If it is being emailed, then it exceeding the maximum size allowed by your ISP. It is probably even larger than your mailbox. Or is she using some other method such as dropbox?
Pete -
JAEHYLEE (R11i GL) Journal Batch & Header Name 길이 변경
Purpose
Utf8 database character Set 변경작업등으로 Journal Batch와 header의 이름의 길이를 늘여야 할 경우에 Column Size 변경에 대한 문의에 대한 확인
Solution
아래와 같이 Bug3913769를 참고하여 batch와 header의 name column size를 변경하는 하는 것은 violation 문제가 없다고 하였습니다.
For the name columns in gl_je_batches, gl_je_headers you can change the size of name column using sql*plus.This will not cause any violation in relational integrity.
Reference
Bug3913769yes most of the times there are alot of customizations ...
If you are doing any customization to out of the box ETL job then you will do that in custom folders such as custom_sde or custom_sil. Now your modified etl job is in a new Informatica folder in order for this new etl job to run by DAC you need to create a new folder in DAC with the same name as in informatica and associate it with corresponding informatica folder.
Please refer to the DAC Guide Section 5 for more step by step information !!
Hope this helps !! -
Recurrent Mail error: "The server rejected the password"
I've gotten this error message in various versions of Mac OS X on different Macs.
Occasionally this dialog will pop up in Mail saying:
Enter Password for account _______
The server rejected the password for user [my email].
Enter your password again or cancel
Then at the bottom of the dialog there's a checkbox to "Remember this password in my keychain"
Even though I ALWAYS check that box when entering my password, when that error comes up, the box is always unchecked!!
Does the fact that the box is unchecked mean that Mail thinks the password is NOT stored, and if I fail to enter my password again, it will simply stop trying to access my mail?
Is there a way to tell Mail that, since I have stored the password already in the keychain, just keep trying and don't give me that annoying message?Pages 5.5.2
As I understand it a .5xx pages file (.pages) is actually a folder and is therefore compressed into a zip file when emailing. Certainly, when you email a .pages file (recent version), it arrives as a .Zip even though you don't compress it. I'm pretty sure this was NOT the case with earlier versions.
The key thing here however, is not so much sending a .pages file or any other.zip file - these can be sent by iCloud quite happily. It is about why iCloud won't receive them. If I send a .pages or .zip file from iCloud to my business email, it arrives without any problem. If I send to my iCloud address I get the message size violation - every time.
And just to re-iterate, I have tried sending Zips and Pages files to several other iCloud accounts and they ALL had the same issue. -
Os x mail new message generating many trash entries
In OS X 10.10, when I create a new Mail message, any backspaces or editing of the message causes Mail to put the old message in the trash and use the new one.
It's not causing a problem, but it's weird. Any ideas?Pages 5.5.2
As I understand it a .5xx pages file (.pages) is actually a folder and is therefore compressed into a zip file when emailing. Certainly, when you email a .pages file (recent version), it arrives as a .Zip even though you don't compress it. I'm pretty sure this was NOT the case with earlier versions.
The key thing here however, is not so much sending a .pages file or any other.zip file - these can be sent by iCloud quite happily. It is about why iCloud won't receive them. If I send a .pages or .zip file from iCloud to my business email, it arrives without any problem. If I send to my iCloud address I get the message size violation - every time.
And just to re-iterate, I have tried sending Zips and Pages files to several other iCloud accounts and they ALL had the same issue. -
GW7 SP2 on NW 6.5 SP8...
Hope I'm posting this in the appropriate place.
Our users get notices when a message is undeliverable (bad address, message size violations, etc), but they do not get notices when an email fails to transfer, beyond the info in the message properties in Sent Items. I'm sure I'm missing something very obvious, but any help would be appreciated. Thanks!apollner <[email protected]> wrote:
>
GW7 SP2 on NW 6.5 SP8...
>
> Hope I'm posting this in the appropriate place.
>
> Our users get notices when a message is undeliverable (bad address,
message size violations, etc), but they do not get notices when an email
fails to transfer, beyond the info in the message properties in Sent
Items. I'm sure I'm missing something very obvious, but any help would
be appreciated. Thanks!
That is normal with GW 7. The ability to generate transfer failed
notices was added in Gw 8.
apollner
apollner's Profile: http://forums.novell.com/member.php?userid=25279
View this thread: http://forums.novell.com/showthread.php?t=410748
>
Danita - http://www.caledonia.net.blog -
Security Violation Error while running schedule task from OIM.
Hi All,
I am getting this error while running a custom java schedule task from OIM:
*Thor.API.Exceptions.tcAPIException [EJB:010160] Security Violation: User '<anonymous>' has insufficient permission to access EJB:*
type=<ejb>,application=Xellerate,module=xlDataObjectBeans.jar,ejb=tcReconciliationoperations,method=createDeleteReconciliationEvent
at Thor.API.Operations.tcReconciliationOperationsClient.createDeleteReconciliationEvent(UnKnown Source).
I got this error as soon as my code start creating Delete Reconciliation Event.
Note: I have already protected the JNDI Namespace.
Please provide some pointers.
Regards,
SunnyHi Rajiv,
Check this:
package com.centrica.iam.scheduletask;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileFilter;
import java.io.FileNotFoundException;
import java.io.FileReader;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import oracle.iam.connectors.common.ConnectorLogger;
import com.thortech.xl.dataaccess.tcDataSet;
import com.thortech.xl.dataaccess.tcDataSetException;
import com.thortech.xl.dataobj.PreparedStatementUtil;
import com.thortech.xl.orb.dataaccess.tcDataAccessException;
import com.thortech.xl.scheduler.tasks.SchedulerBaseTask;
import Thor.API.tcResultSet;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcInvalidValueException;
import Thor.API.Operations.tcLookupOperationsIntf;
import Thor.API.Operations.tcReconciliationOperationsIntf;
import Thor.API.Operations.tcSchedulerOperationsIntf;
public class CustomFlatFile extends SchedulerBaseTask {
private static tcSchedulerOperationsIntf schedulerIntf;
private static tcLookupOperationsIntf lookupIntf;
private static tcReconciliationOperationsIntf reconIntf;
String sObjectName;
String LookupName;
String LookupName2;
String FileDirectory;
String FileName;
String File;
String delimeter;
String isDeleteTrue;
HashMap<String, String> attrMap = new HashMap();
HashMap<String, String> delMap = new HashMap();
HashMap<String, String> finalMap = new HashMap();
ArrayList list = new ArrayList();
public boolean isReconStopped;
public CustomFlatFile()
isReconStopped = false;
public void init()
LookupName = getAttribute("Attribute Lookup Name");
FileDirectory = getAttribute("Directory Path");
FileName = getAttribute("File Name");
delimeter = getAttribute("Delimeter");
sObjectName = getAttribute("Resource Object Name");
isDeleteTrue = getAttribute("Is Delete Allowed");
public void execute(){
try {
System.out.println("Start Exceute");
//Initiate lookupIntf
lookupIntf = (tcLookupOperationsIntf)getUtility("Thor.API.Operations.tcLookupOperationsIntf");
reconIntf=(tcReconciliationOperationsIntf)getUtility("Thor.API.Operations.tcReconciliationOperationsIntf");
catch (tcAPIException tcapiexception){
tcapiexception.printStackTrace();
//logger.error(classname, s, tcapiexception.toString());
//logger.setStackTrace(tcapiexception, classname, s, tcapiexception.getMessage());
catch (Exception excep){
excep.printStackTrace();
//logger.error(classname, s, excep.toString());
//logger.setStackTrace(excep, classname, s, excep.getMessage());
attrMap = readLookup(LookupName);
System.out.println(attrMap.toString());
readFile();
if (isDeleteTrue.equalsIgnoreCase("true"))
performDelete();
System.out.println("Finish Execute");
public void performDelete()
System.out.println("Start Perform delete");
int k = list.size();
System.out.println("list size " + list.size());
try
Thread.sleep(15000);
/* Hashtable ahashtable[] = new Hashtable[k];
Hashtable hashtable = new Hashtable();
for (int i=0;i<k;i++)
hashtable.put("User Id", list.get(i));
ahashtable[i] = hashtable;
System.out.println(list.get(i));
Set set = reconIntf.provideDeletionDetectionData(sObjectName, ahashtable);
System.out.println("Set--" + set.toString());
tcResultSet tcresultset = reconIntf.getMissingAccounts(sObjectName, set);
System.out.println("tcresultset - " + tcresultset.getRowCount());
if (!(tcresultset.isEmpty()))
long l[] = reconIntf.deleteDetectedAccounts(tcresultset);
for (int i1=0;i1<l.length;i1++)
System.out.println("delete recon key " + l[i1]);
//Get the existing list of Managed users
tcDataSet tcdataset = new tcDataSet();
tcDataSet tcdataset1 = new tcDataSet();
String query = "select orf.orf_fieldname,prf.prf_columnname, sdk.sdk_name from orf, sdk, pkg, tos, prf, obj " +
"where pkg.obj_key = obj.obj_key and pkg.pkg_key = tos.pkg_key and tos.sdk_key is not null " +
"and tos.sdk_key=sdk.sdk_key and tos.tos_key=prf.tos_key and prf.prf_iskey='1' and prf.orf_key=orf.orf_key " +
"and orf.orf_parent_orf_key is null and obj.obj_name='" + sObjectName + "'";
tcdataset.setQuery(getDataBase(), query);
tcdataset.executeQuery();
String FFName = tcdataset.getString("prf_columnname");
String FName = tcdataset.getString("sdk_name");
String ROFName = tcdataset.getString("orf_fieldname");
System.out.println("form- " + FName + " Field- " + FFName);
query = "select " + FFName + " from " + FName + " udtable, oiu a, ost b " +
"where udtable.orc_key=a.orc_key and a.ost_key=b.ost_key and b.ost_status!='Revoked'";
System.out.println(query);
tcdataset1.setQuery(getDataBase(), query);
tcdataset1.executeQuery();
int i = tcdataset1.getRowCount();
ArrayList list1 = new ArrayList();
String s1 = null;
System.out.println("N. of rows--" + i);
for (int j=0;j<i;j++)
tcdataset1.goToRow(j);
s1 = tcdataset1.getString(0);
System.out.println("s1---" + s1);
if (!(list.contains(s1)))
list1.add(s1);
System.out.println("under if--" + s1);
//Getting the existing list of unmanaged users
query = "select distinct (b.rcd_value) from rce a, rcd b, orf c, obj d where a.rce_key=b.rce_key and " +
"b.orf_key=c.orf_key and c.orf_fieldname='" + ROFName + "' and a.rce_status!='Event Linked' " +
"and a.obj_key = d.obj_key and d.obj_name='" + sObjectName + "'";
tcdataset1.setQuery(getDataBase(), query);
tcdataset1.executeQuery();
i = tcdataset1.getRowCount();
System.out.println("No. Of Unmanaged Users " + i);
for (int j=0;j<i;j++)
tcdataset1.goToRow(j);
s1 = tcdataset1.getString(0);
System.out.println("s1---" + s1);
if (!(list.contains(s1)))
list1.add(s1);
System.out.println("under if--" + s1);
int k1 = list1.size();
System.out.println("list1 size--" + k1);
for (int j1=0;j1<k1;j1++)
delMap.clear();
delMap.put(ROFName, (String)list1.get(j1));
System.out.println(delMap.toString());
long l = reconIntf.createDeleteReconciliationEvent(sObjectName, delMap);
System.out.println("delete recon key--- " + l);
catch (Exception exception)
exception.printStackTrace();
public void readFile(){
String s = "readFile()";
//logger.setMethodStartLog(classname, s);
HashMap map = new HashMap();
try {
File = getFile();
BufferedReader reader = new BufferedReader(new FileReader(new
File(File)));
String line = "";
int k = attrMap.size();
String value[] = new String[k];
String Header[]= new String[k];
if (delimeter.equalsIgnoreCase("|"))
delimeter = "\\" + delimeter;
line = reader.readLine();
Header = line.split(delimeter);
while((line = reader.readLine()) != null)
value = line.split(delimeter);
k = value.length;
for (int i = 0;i<k;i++){
finalMap.put(attrMap.get(Header), value[i]);
System.out.println(finalMap.toString());
System.out.println("Start Ignoring Event");
if (!(reconIntf.ignoreEvent(sObjectName, finalMap)))
System.out.println("Not Ignored");
long l1 = reconIntf.createReconciliationEvent(sObjectName, finalMap, true);
System.out.println("Recon Key--" + l1);
else
System.out.println("ignore event ---" + finalMap.toString());
list.add(finalMap.get("User Id"));
System.out.println(list.size() + "add--" +finalMap.get("User Id") );
finalMap.clear();
catch (Exception exception)
exception.printStackTrace();
public boolean stop(){
String s = "stop()";
//logger.setMethodStartLog(classname, s);
//logger.info(classname, s, "Stopping Reconciliation........");
isReconStopped = true;
//logger.setMethodFinishLog(classname, s);
return true;
FileFilter fileFilter = new FileFilter()
public boolean accept(File file)
String sFilePath = file.getName();
if( sFilePath.startsWith(FileName) )
return true;
else
return false;
public String getFile() throws FileNotFoundException, Exception{
String s = "getFile()";
//logger.setMethodStartLog(classname, s);
String s1;
File dir = new File(FileDirectory);
File[] files = dir.listFiles(fileFilter);
if (files.length ==0)
throw new FileNotFoundException();
if (files.length>1)
throw new Exception("Multiple Matches found for this file name");
s1 = files[0].toString();
//logger.setMethodFinishLog(classname, s);
return s1;
public HashMap readLookup(String s1){
String s = "readLookup()";
//logger.setMethodStartLog(classname, s);
HashMap map = new HashMap();
try {
tcResultSet tc1= lookupIntf.getLookupValues(s1);
int i = tc1.getRowCount();
for (int j = 0;j<i;j++){
tc1.goToRow(j);
map.put(tc1.getStringValue("Lookup Definition.Lookup Code Information.Code Key"), tc1.getStringValue("Lookup Definition.Lookup Code Information.Decode"));
catch (tcAPIException tcapiexception){
tcapiexception.printStackTrace();
//logger.error(classname, s, tcapiexception.toString());
//logger.setStackTrace(tcapiexception, classname, s, tcapiexception.getMessage());
catch (Exception excep){
excep.printStackTrace();
//logger.error(classname, s, excep.toString());
//logger.setStackTrace(excep, classname, s, excep.getMessage());
return map; -
Oracle Security : what do you think about the following policy violation ?
If you install OEM10, you will be able to see if you violate some security guidelines :
Interresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...
Take care about the failed login attempts. If you set it to 10 to the default profile, and if your DBSNMP password is NOT the default password, then Oracle will lock your account after node discovery!
In Solaris, you can disable execution of the user stack with the system parameters set noexec_user_stack=1
set noexec_user_stack_log=1. I did not find how to do it on AIX. However, those settings may have side effects.
About the ports, it complains about open ports, even if this is the port oracle listener is using! Simply ignore most of the violations there.
About JAccelerator (NCOMP), it is located on the "companion" CD.
Ok, Waiting for your feedback
Regards
Laurent
[High] Critical Patch Advisories for Oracle Homes Configuration Host Checks Oracle Homes for missing critical patches
[High] Insufficient Number of Control Files Configuration Database Checks for use of a single control file
[High] Open ports Security Host Check for open ports
[High] Remote OS role Security Database Check for insecure authentication of remote users (remote OS role)
[High] EXECUTE UTL_FILE privileges to PUBLIC Security Database Test for PUBLIC having EXECUTE privilege on the UTIL_FILE package
[High] Listener direct administration Security Listener Ensure that listeners cannot be administered directly
[High] Remote OS authentication Security Database Check for insecure authentication of remote users (remote OS authentication)
[High] Listener password Security Listener Test for password-protected listeners
[High] HTTP Server Access Logging Security HTTP Server Check that HTTP Server access logging is enabled
[High] Web Cache Access Logging Security Web Cache Check that Web Cache access logging is enabled
[High] Web Cache Dummy wallet Security Web Cache Check that dummy wallet is not used for production SSL load.
[High] HTTP Server Dummy wallet Security HTTP Server Check that dummy wallet is not used for production SSL load.
[High] Web Cache owner and setuid bit' Security Web Cache Check that webcached binary is not owned by root and setuid is not set
[High] HTTP Server Owner and setuid bit Security HTTP Server Check the httpd binary is not owned by root and setuid bit is not set.
[High] HTTP Server Directory Indexing Security HTTP Server Check that Directory Indexing is disabled on this HTTP Server
[High] Insufficient Redo Log Size Storage Database Checks for redo log files less than 1 Mb
[Medium] Insufficient Number of Redo Logs Configuration Database Checks for use of less than three redo logs
[Medium] Invalid Objects Objects Database Checks for invalid objects
[Medium] Insecure services Security Host Check for insecure services
[Medium] DBSNMP privileges Security Database Check that DBSNMP account has sufficient privileges to conduct all security tests
[Medium] Remote password file Security Database Check for insecure authentication of remote users (remote password file)
[Medium] Default passwords Security Database Test for known accounts having default passwords
[Medium] Unlimited login attempts Security Database Check for limits on the number of failed logging attempts
[Medium] Web Cache Writable files Security Web Cache Check that there are no group or world writable files in the Document Root directory.
[Medium] HTTP Server Writable files Security HTTP Server Check that there are no group or world writable files in the Document Root directory
[Medium] Excessive PUBLIC EXECUTE privileges Security Database Check for PUBLIC having EXECUTE privileges on powerful packages
[Medium] SYSTEM privileges to PUBLIC Security Database Check for SYSTEM privileges granted to PUBLIC
[Medium] Well-known accounts Security Database Test for accessibility of well-known accounts
[Medium] Execute Stack Security Host Check for OS config parameter which enables execution of code on the user stack
[Medium] Use of Unlimited Autoextension Storage Database Checks for tablespaces with at least one datafile whose size is unlimited
[Informational] Force Logging Disabled Configuration Database When Data Guard Broker is being used, checks primary database for disabled force logging
[Informational] Not Using Spfile Configuration Database Checks for spfile not being used
[Informational] Use of Non-Standard Initialization Parameters Configuration Database Checks for use of non-standard initialization parameters
[Informational] Flash Recovery Area Location Not Set Configuration Database Checks for flash recovery area not set
[Informational] Installation of JAccelerator (NCOMP) Installation Database Checks for installation of JAccelerator (NCOMP) that improves Java Virtual Machine performance by running natively compiled (NCOMP) classes
[Informational] Listener logging status Security Listener Test for logging status of listener instances
[Informational] Non-uniform Default Extent Size Storage Database Checks for tablespaces with non-uniform default extent size
[Informational] Not Using Undo Space Management Storage Database Checks for undo space management not being used
[Informational] Users with Permanent Tablespace as Temporary Tablespace Storage Database Checks for users using a permanent tablespace as the temporary tablespace
[Informational] Rollback in SYSTEM Tablespace Storage Database Checks for rollback segments in SYSTEM tablespace
[Informational] Non-System Data Segments in System Tablespaces Storage Database Checks for data segments owned by non-system users located in tablespaces SYSTEM and SYSAUX
[Informational] Users with System Tablespace as Default Tablespace Storage Database Checks for non-system users using SYSTEM or SYSAUX as the default tablespace
[Informational] Dictionary Managed Tablespaces Storage Database Checks for dictionary managed tablespaces (other than SYSTEM and SYSAUX)
[Informational] Tablespaces Containing Rollback and Data Segments Storage Database Checks for tablespaces containing both rollback (other than SYSTEM) and data segments
[Informational] Segments with Extent Growth Policy Violation Storage Database Checks for segments in dictionary managed tablespaces (other than SYSTEM and SYSAUX) having irregular extent sizes and/or non-zero Percent Increase settingsInterresting is revoking UTL_FILE from public, which is critical. Also revoke UTL_TCP and UTL_SMTP. This is going to upset an expert I know...Okay, as this is (I think) aimed at me, I'll fall for it ;)
What is the point of revoking UTL_FILE from PUBLIC? Yes I know what you think the point is, but without rights on an Oracle DIRECTORY being able to execute UTL_FILE is useless. Unless of course you're still using the init.ora parameter
UTL_FILE_DIR=*which I sincerely hope you're not.
As for UTL_SMTP and UTL_TCP, I think whether a program is allowed to send e-mail to a given SMTP server is really in the remit of the e-mail adminstrator rather than the DBA.
Look, DBAs are kings of their realm and can set their own rules. The rest of us have to live with them. A couple of years ago I worked a project where I was not allowed access to the USER_DUMP_DEST directory. So every time I generated a TRC file I had to phone up the DBA and a couple of hours later I got an e-mail with an attachment. Secure yes, but not very productive when I was trying to debug a Row Level Security implementation.
I have worked on both sides of the DBA/Developer fence and I understand both sides of the argument. I think it is important for developers to document all the privileges necessary to make their app run. Maybe you don't have a better way of doing that than revoking privileges from PUBLIC. Or maybe you just want to generate additional communication with developers. That's fine. I know sometimes even DBAs get lonely.
Cheers, APC -
MTU Size Problem Loading Certain Webpages
Hello Colleagues,
I'm having a strange problem dealing with MTU sizes and loading certain webpages. I am aware of the default Microsoft MTU of 1500 and also using GRE IPSEC Tunnels recommended at MTU size 1400. I have since manually set some users PC's to MTU of 1400 and most of those users are experiencing no issues. However, there are a few users who still experience website loading issues even though I have manually changed their MTU size to 1400.
These are domain accounts will the same image loads on their machines, so all have the same permissions, rights, firewall settings, etc. They all use the same LAN, switches, and routers.
Here are the router configs, router 1 and router 2
Router 1
Current configuration : 9006 bytes
version 15.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname R-US-RS-WVPN1
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.153-1.T1.bin
boot system flash:c1900-universalk9-mz.SPA.151-3.T1.bin
boot-end-marker
logging buffered 64000
enable secret 5 *removed*
no aaa new-model
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause rootguard
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery interval 303
ip cef
ip domain name corp.com
ip name-server 10.###.8.21
ip name-server 10.###.8.96
ip inspect dns-timeout 90
ip inspect tcp idle-time 60
ip inspect name fw smtp timeout 120
ip inspect name fw ftp timeout 120
ip inspect name fw realaudio
ip inspect name fw tftp timeout 30
ip inspect name fw udp timeout 30
ip inspect name fw tcp timeout 60
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-316595902
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-316595902
revocation-check none
rsakeypair TP-self-signed-316595902
crypto pki certificate chain TP-self-signed-316595902
certificate self-signed 01
*removed*
quit
license udi pid CISCO1921/K9 sn FTX153182M8
spanning-tree vlan 229 priority 8192
redundancy
ip ssh version 2
crypto isakmp policy 10
hash md5
authentication pre-share
lifetime 3600
crypto isakmp key *removed* address 70.###.172.142
crypto isakmp key *removed* address 184.###.###.254
crypto isakmp keepalive 35 11
crypto ipsec transform-set FY-WVPN-Tunnel esp-aes esp-md5-hmac
mode tunnel
crypto map vpn 10 ipsec-isakmp
set peer 70.###.172.142
set peer 184.###.###.254
set transform-set FY-WVPN-Tunnel
match address gre-tunnel-list
interface Loopback0
ip address 10.###.0.10 255.255.255.255
interface Tunnel2291
description Primary-TimewarnerTelecom-Ral-FayWVPN1
ip address 10.###.99.26 255.255.255.252
no ip redirects
cdp enable
tunnel source 66.###.161.126
tunnel destination 184.###.###.254
crypto map vpn
interface Tunnel2293
description Primary-TimewarnerTelecom-Ral-FayWVPN2
ip address 10.###.99.154 255.255.255.252
no ip redirects
cdp enable
tunnel source 66.###.161.126
tunnel destination 70.###.172.142
crypto map vpn
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description TW Telecom/DMVPN1
ip address 66.###.161.126 255.255.255.252
ip access-group Block-Internet in
ip access-group Block-Internet out
duplex auto
speed auto
no cdp enable
crypto map vpn
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/0/0
switchport access vlan 229
no ip address
interface GigabitEthernet0/0/1
switchport access vlan 229
no ip address
interface GigabitEthernet0/0/2
switchport access vlan 229
no ip address
interface GigabitEthernet0/0/3
description PBX Eth1
switchport access vlan 229
no ip address
interface Vlan1
no ip address
shutdown
interface Vlan229
ip address 10.###.229.253 255.255.255.0
ip helper-address 10.###.231.201
standby 229 ip 10.###.229.254
standby 229 priority 105
standby 229 preempt
router eigrp 100
network 10.0.0.0
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 70.###.172.142 255.255.255.255 66.###.161.125
ip route 184.###.###.254 255.255.255.255 66.###.161.125
ip route 205.###.96.180 255.255.255.252 66.###.161.125
ip access-list extended Block-Internet
permit esp host 66.###.161.126 host 184.###.###.254
permit esp host 184.###.###.254 host 66.###.161.126
permit udp host 66.###.161.126 host 184.###.###.254 eq isakmp
permit udp host 184.###.###.254 host 66.###.161.126 eq isakmp
permit esp host 66.###.161.126 host 70.###.172.142
permit esp host 70.###.172.142 host 66.###.161.126
permit udp host 66.###.161.126 host 70.###.172.142 eq isakmp
permit udp host 70.###.172.142 host 66.###.161.126 eq isakmp
permit icmp host 66.###.161.126 host 184.###.###.254
permit icmp host 184.###.###.254 host 66.###.161.126
permit icmp host 66.###.161.126 host 70.###.172.142
permit icmp host 70.###.172.142 host 66.###.161.126
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any packet-too-big
permit icmp any any traceroute
permit icmp any any unreachable
deny ip any any
deny icmp any any
ip access-list extended gre-tunnel-list
permit gre host 66.###.161.126 host 184.###.###.254
permit gre host 66.###.161.126 host 70.###.172.142
logging host 10.100.###.254
logging host 10.100.###.246
snmp-server community a RW 20
snmp-server community r RO 20
snmp-server community a RW 20
snmp-server community r RO 20
snmp-server community P_RW RW
snmp-server community P_RO RO
snmp-server enable traps entity-sensor threshold
snmp-server host 10.100.###.246 public
snmp-server host 10.100.###.254 public
access-list 20 permit 10.###.9.3
access-list 20 permit 10.###.8.16
access-list 20 permit 10.100.###.249
access-list 20 permit 10.100.###.254
access-list 20 permit 10.100.###.246
control-plane
banner motd ^CCCCCCC
****************** Warning! Warning! Warning! ********************
This system is restricted to authorized users for business
purposes. Unauthorized access is a violation of the law. This
service may be monitored for administrative and security reasons.
By proceeding, you consent to this monitoring
****************** Warning! Warning! Warning! ********************
^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 60 0
password 7 *removed*
login local
transport input ssh
line vty 5 15
exec-timeout 60 0
password 7 *removed*
login local
transport input ssh
scheduler allocate 20000 1000
ntp server 10.###.8.8 prefer
ntp server 10.###.231.200 prefer
ntp server 10.###.8.69
ntp server 10.###.1.6 prefer
end
Router 2
Current configuration : 9013 bytes
version 15.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
hostname R-US-RS-WVPN2
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.153-1.T1.bin
boot system flash:c1900-universalk9-mz.SPA.151-3.T1.bin
boot-end-marker
logging buffered 64000
logging console critical
enable secret 5 *removed*
no aaa new-model
clock timezone CET 1 0
clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause rootguard
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery interval 303
ip cef
ip domain name corp.mann-hummel.com
ip name-server 10.###.8.21
ip name-server 10.###.8.96
ip inspect dns-timeout 90
ip inspect tcp idle-time 60
ip inspect name fw smtp timeout 120
ip inspect name fw ftp timeout 120
ip inspect name fw realaudio
ip inspect name fw tftp timeout 30
ip inspect name fw udp timeout 30
ip inspect name fw tcp timeout 60
ipv6 multicast rpf use-bgp
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-3179596086
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3179596086
revocation-check none
rsakeypair TP-self-signed-3179596086
crypto pki certificate chain TP-self-signed-3179596086
certificate self-signed 01
*removed*
quit
license udi pid CISCO1921/K9 sn FTX153182M2
spanning-tree vlan 229 priority 1###84
redundancy
ip ssh version 2
crypto isakmp policy 10
hash md5
authentication pre-share
lifetime 3600
crypto isakmp key *removed* address 70.###.172.142
crypto isakmp key *removed* address 184.###.###.254
crypto isakmp keepalive 35 11
crypto ipsec transform-set Fay-Ral-WVPN-Tunnel esp-aes esp-md5-hmac
mode tunnel
crypto map vpn 10 ipsec-isakmp
set peer 184.###.###.254
set peer 70.###.172.142
set transform-set Fay-Ral-WVPN-Tunnel
match address gre-tunnel-list
interface Loopback0
ip address 10.###.0.12 255.255.255.255
interface Tunnel2292
description Failover-TimewarnerCable-Ral-Fay-WVPN2
ip address 10.###.99.30 255.255.255.252
no ip redirects
cdp enable
tunnel source 96.###.25.226
tunnel destination 184.###.###.254
crypto map vpn
interface Tunnel2294
description Failover-TimewarnerCable-Ral-Fay-WVPN2
ip address 10.###.99.158 255.255.255.252
no ip redirects
cdp enable
tunnel source 96.###.25.226
tunnel destination 70.###.172.142
crypto map vpn
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Fay-Ral WVPN
ip address 96.###.25.226 255.255.255.252
ip access-group Block-Internet in
ip access-group Block-Internet out
duplex auto
speed auto
no cdp enable
crypto map vpn
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
interface GigabitEthernet0/0/0
switchport access vlan 229
no ip address
interface GigabitEthernet0/0/1
switchport access vlan 229
no ip address
interface GigabitEthernet0/0/2
switchport access vlan 229
no ip address
interface GigabitEthernet0/0/3
description PBX Eth2
switchport access vlan 229
no ip address
interface Vlan1
no ip address
shutdown
interface Vlan229
ip address 10.###.229.252 255.255.255.0
ip helper-address 10.###.231.201
standby 229 ip 10.###.229.254
standby 229 preempt
router eigrp 100
network 10.0.0.0
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 70.###.172.142 255.255.255.255 96.###.25.225
ip route 184.###.###.254 255.255.255.255 96.###.25.225
ip route 205.###.96.180 255.255.255.252 66.###.161.125
ip access-list extended Block-Internet
permit esp host 96.###.25.226 host 184.###.###.254
permit esp host 184.###.###.254 host 96.###.25.226
permit udp host 96.###.25.226 host 184.###.###.254 eq isakmp
permit udp host 184.###.###.254 host 96.###.25.226 eq isakmp
permit esp host 96.###.25.226 host 70.###.172.142
permit esp host 70.###.172.142 host 96.###.25.226
permit udp host 96.###.25.226 host 70.###.172.142 eq isakmp
permit udp host 70.###.172.142 host 96.###.25.226 eq isakmp
permit icmp host 96.###.25.226 host 184.###.###.254
permit icmp host 184.###.###.254 host 96.###.25.226
permit icmp host 96.###.25.226 host 70.###.172.142
permit icmp host 70.###.172.142 host 96.###.25.226
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any packet-too-big
permit icmp any any traceroute
permit icmp any any unreachable
deny ip any any
deny icmp any any
ip access-list extended gre-tunnel-list
permit gre host 96.###.25.226 host 184.###.###.254
permit gre host 96.###.25.226 host 70.###.172.142
logging host 10.100.###.254
logging host 10.100.###.246
snmp-server community P_RW RW
snmp-server community P_RO RO
snmp-server community a RW 20
snmp-server community r RO 20
snmp-server community a RW 20
snmp-server community r RO 20
snmp-server enable traps entity-sensor threshold
snmp-server host 10.100.###.246 public
snmp-server host 10.100.###.254 public
access-list 20 permit 10.###.9.3
access-list 20 permit 10.###.8.16
access-list 20 permit 10.100.###.249
access-list 20 permit 10.100.###.254
access-list 20 permit 10.100.###.246
control-plane
banner motd ^CCCCCC
****************** Warning! Warning! Warning! ********************
This system is restricted to authorized users for business
purposes. Unauthorized access is a violation of the law. This
service may be monitored for administrative and security reasons.
By proceeding, you consent to this monitoring
****************** Warning! Warning! Warning! ********************
^C
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 60 0
password 7 *removed*
login local
transport input ssh
line vty 5 15
exec-timeout 60 0
password 7 *removed*
login local
transport input ssh
scheduler allocate 20000 1000
ntp server 10.###.8.8 prefer
ntp server 10.###.231.200 prefer
ntp server 10.###.8.69
ntp server 10.###.1.6 prefer
endUPDATE
I have since applied the following config to the tunnel interfaces:
ip mtu 1400
ip tcp adjust-mss 1400
tunnel path-mtu-discovery
This worked and I was able to reset each users PC to default MTU size of 1500, but only until just now. I got a call from a user who explained that he wasn't able to reach some websites, again.
Sure enough, I've just confirmed that all of the users are unable to access the websites any longer.
This is crazy, does anyone have any ideas? -
Runtime Error # DBIF_RSQL_INVALID_RSQL for large size BOMs
Hi All,
I am facing problem running a custom report for Routing summary. When Executing the report gives the above runtime error.
ShrtText: Error in RSQL module of database interface.
Error analysis :
An exception occurred. This exception is dealt with in more detail below
. The exception, which is assigned to the class 'CX_SY_OPEN_SQL_DB', was neither caught nor passed along using a RAISING clause, in the procedure
"CP_SC_MTK_LOAD_COMPLEX_BY_TSK" "(FUNCTION)"
Since the caller of the procedure could not have expected this to occur, the running program was terminated.
The reason for the exception is: The SQL statement generated from the SAP Open SQL Statement violates restriction imposed by the database system used in R/3.
Possible errors:
o The maximum size of an SQL statement has been exceeded.
o The statement contains too many input variables.
o The space needed for the input data exceeds the available memory.
How to correct the error
The SAP Open SQL statement must be divided into several smaller units.
If the problem occurred due to the use of an excessively large in an IN itab construct, you can use the addition FOR ALL ENTRIES
instead. When you use this addition, the statement is split into smaller according to the restrictions of the database system used.
You may able to find an interim solution to the problem in the SAP note system. If you have access to the note system yourself,
use the following search criteria:
"DBIF_RSQL_INVALID_RSQL" CX_SY_OPEN_SQL_DBC
"SAPLCPSC" or "LCPSCU03"
"CP_SC_MTK_LOAD_COMPLEX_BY_TSK"
This report uses SAP standard Function module "CP_SC_MTK_LOAD_COMPLEX_BY_TSK" in the select statement.
When Analysed, We found that since the BOM size for routing is large(More than 2000 components), this dump is coming. for rest of the routings, the report works fine.
I could not found any SAP note relevant for this.
This is definitely related to large BOM size, if anybody of you came across such problem and how to correct it now.Hi,
We did solve this problem. This problem usually comes when there is very large records in internal table (More than 2000 Approx).
We need to split that select statement and make multiple statements so that the memory overflow doesn't happen. refer SAP note: 13607.
We modified the coding as follows by splitting the SELECT statementu2026
SELECT DISTINCT MANDT PLNTY PLNNR PLNAL MATNR WERKS VBELN POSNR
INTO CORRESPONDING FIELDS OF TABLE E_MTK_IDENT
FROM MAPL FOR ALL ENTRIES IN I_TSK_IDENT
WHERE PLNTY = I_TSK_IDENT-PLNTY AND
PLNNR = I_TSK_IDENT-PLNNR AND
PLNAL = I_TSK_IDENT-PLNAL AND
MATNR IN I_CPSC_MTK_SEL-MATNR AND
WERKS IN I_CPSC_MTK_SEL-WERKS AND
VBELN IN I_CPSC_MTK_SEL-VBELN AND
POSNR IN I_CPSC_MTK_SEL-POSNR AND
(FREE_WHERE-WHERE_TAB).
SELECT MANDT PLNTY PLNNR PLNAL MATNR WERKS VBELN POSNR
INTO CORRESPONDING FIELDS OF TABLE E_MTK_IDENT
FROM MAPL FOR ALL ENTRIES IN I_TSK_IDENT
WHERE PLNTY = I_TSK_IDENT-PLNTY AND
PLNNR = I_TSK_IDENT-PLNNR AND
PLNAL = I_TSK_IDENT-PLNAL AND
(FREE_WHERE-WHERE_TAB).
Delete E_MTK_IDENT where matnr NOT in I_CPSC_MTK_SEL-MATNR.
Delete E_MTK_IDENT where werks NOT in I_CPSC_MTK_SEL-WERKS.
Delete E_MTK_IDENT where VBELN NOT in I_CPSC_MTK_SEL-VBELN.
Delete E_MTK_IDENT where POSNR NOT in I_CPSC_MTK_SEL-POSNR.
Hope this helps you.
Regards, Madhu
Maybe you are looking for
-
How to retrict the number of object that a class can have...
hi i m just writing a banking program and each customer can only have 2 accounts,,,so i need to restrict the number of account object that a customer can have,, so i need to count object? or something like that so that when a customer try to create m
-
How to know profit centre due balance?
Dear friends At my client place we are implementing ECC 6.0 with document splitting. Total Company code is divided into 6 profit centres. The issue is there are so many transactions between profit centres like > Payment of vendor balances by one prof
-
i have troublesome to export of the 1st line from output from the below script This script basically lists all SIDs and ORACLE_HOMEs and echo for selection. I want to automatically to set to line 1 for +ASM instances without prompting. As part of my
-
hi one week i'm trying to figure this problem out, and i'm quite desperate... i'm trying to delete files that i extracted from a ZIP archive. But i have an error message saying they can't be erased. Is there a way to find which variables are locking
-
AE cc2104 won't open after update
just updated AE cc 2104 and now I get this message: After Effects warning: Cound not create the file '/Users/Jen/Library/Preferences/Adobe/After Efects/13.2/dummy'