SPA112 Provisioning - not working...

Hi,
We just purchased an SPA112 unit for testing before a large deployment.
There's a working provisioning setup in place for SPA303 devices using DHCP option 66 with an https URL. The provisioning of SPA303 phones wokrs just fine, SPA112 on the other hand simply won't parse DHCP 66 option properly.
The relevant sniffer output of the SPA112 unit provisioning attemtp with the DHCP 66 URL is attached here, it was tested with firmware 1.0.x (out of box) and after upgrade to 1.2.1 (004).
The clear conclusion is - ATA tries to use the full provisioning URL as a hostname (?!?!) of the provisioning server and resolve it via DNS... e.g. a DNS query for A record of "https://prov.server.com/devconf.cfg" is sent to the DNS server. Protocol name and path to file are not stripped, the whole string is treated as a hostname.
Is this a bug or behavior by design (which is hard to believe)?

Yes, I know it. It's great resource. Despite of it, it's hard to found information even in the case the administrator knows what he are looking for.
The main problem is - the documentation is spreaded over so many separate documents, application notes, technical notes, semi-official information in this forum and other resources. In most case, there is lack of information related to particular feature implementations. I wqant to use example to explain what I'm mean.
Have you configured sd+blf+cp function ? Are you interested to know when the button press will invoke 'sd' and when 'cp' ? Do you want to know if sd+blf (but no cp) combination of functions is possible ? Need to use vid= ? (where you can found such parameter like vid= exists at all ?) No answers avaiable in Admin Guide and no way to deduce answers by self as there are no implementation details. No reference to other document (not counting the reference to document specific for Broadsoft server). Yes, there may or may not be other document with such detailed description. The unfortunate customer need to read many and many documents and - there may but may not be the one with required description in such list.
The paragraph above show the example of problem only. And note the English is not my native language, so if it sounds so strong, then it's not intentional. I'm not trying to yell "it's crap" in any way. I'm trying to explain, using my poor language skills, the problem with 'task oriented' style of Cisco's documentation. I hope this comment will not be misunderstood.
I'm wishing to see a information-oriented style of documentation. Such kind of documentation is matter of course in the case of Cisco's switches. Especially I'm calling for index of all configuration keywords, with list of all possible values and their meaning, index of SIP NOTIFY Event, list of DHCP options recognized by device (can be time offset set by DHCP instead of provisioning or manual configuration ?) and so on ...

Similar Messages

Client provisioning not working on ISE after 1.2 Migration

Working on an initial piloted roleout of ISE with a customer. We initially had a single server setup as a pilot using 1.1.1.4 to pilot things like client supplicant provision, and then stood up a new VM as a secondary and upgraded that to 1.2. Today we tested client provisioning that work fine before, and it is failing for iOS (we haven't gotten to the other OS'es yet). What occurs is the user authenticates using PEAP and the client gets the request to install the root certificate. After this the client accepts the root certificate the connection drops. When you click the SSID to start the process again we see the redirect to the mydevices portal, but before you can click to register the client it redirected to accept the root certificate again, creating an endless loop. Has anyone else run into this bug?

Please update the patch useing the below details and try it.
To upload offline client provisioning resources, complete the following steps:
Step 1 Go to the Download Software web page at http://www.cisco.com/cisco/software/navigator.html?a=a&i=rpm. You may need to provide login credentials.
Step 2 Navigate to Products > Security > Access Control and Policy > Cisco Identity Services Engine > Cisco Identity Services Engine Software.
Choose from the following Off-Line Installation Packages available for download:
•win_spw--isebundle.zip— Off-Line SPW Installation Package for Windows
•mac-spw-.zip — Off-Line SPW Installation Package for Mac OS X
•compliancemodule--isebundle.zip — Off-Line Compliance Module Installation Package
•macagent--isebundle.zip — Off-Line Mac Agent Installation Package
•nacagent--isebundle.zip — Off-Line NAC Agent Installation Package
•webagent--isebundle.zip — Off-Line Web Agent Installation Package
Step 3 Click Download or Add to Cart.

AD provisioning not working.

hi,
i am trying to get the user provisioned in the AD, the connectors got installed correctly, and i followed the steps mentioned in the Oracle document to install Remote Manager on the target machine, but still i m not able to reflect the user in AD and the task status is till is "pending".
Please Help!
i m using OIM 9.1.0.1 on windows 2003.

i went thru the manual, but it is supporting the version 9.0.1, so i went thru the manual with no. E11197-12. In this we followed the setps to test the connection and then got the following error:
E:\Oracle\xellerate\test\scripts>runADTest.bat 2
Exception in thread "main" java.lang.NoClassDefFoundError: com/thortech/xl/integ
ration/ActiveDirectory/test/ADClient
Caused by: java.lang.ClassNotFoundException: com.thortech.xl.integration.ActiveD
irectory.test.ADClient
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
Could not find the main class: com.thortech.xl.integration.ActiveDirectory.test.
ADClient. Program will exit.
please help...

IOS 8.x Apple users and CISCO ISE native supplicant provisioning not working

Hi there guys ,
I was wondering if anybody else have the following problem:
Apple iOS 8.x users are not able to register their devices on the ISE portal (native supplicant provisioning).
After they receive the redirection from the WLC, they freeze. Apple 7.x users have no problem.
ISE is version 1.2.1.198 patch 2. WLC is running 8.0.102.14.
Anybody experienced the same?
MB

I am also running ISE 1.2.1.198 patch 2 with 8.0.100. I am testing with an iPad running IOS 8.1. The device will register in the registration portal, but is not being classified as an IOS device within client provisioning, I believe. It is getting profiled as a workstation even though all apple device profiles are enabled. I have an authorization policy for registered devices, and ipad, iphone, ios devices to gain access to the network without going through posture assessment. I then have my posture assessment authorization rules with apple IOS devices set for a ssid native supplicant profile. I keep getting an error page on the iPad when connecting to the ISE SSID saying "Client Provisioning Portal ISE is not able to apply an access policy to your log-in session at this time. Please close this browser, wait approximately one minute, and try to connect again". It gives this message over and over. If I turn off the posture checking authorization profiles, the IOS device is selected as a rule further down which tells me that ISE does not recognize it as an IOS device in the profiling or client provisioning.

Unix TelnetConnector provisioning not working

Hi,
I am trying to provison a user into AIX .Not using sudo.It is not connecting.I tried through putty it connects properly.Any idea?
TelnetProvisioning::createUser: TelnetException Error Message = Could not connect for 20000 milliseconds
com.jscape.inet.telnet.TelnetException: Could not connect for 20000 milliseconds
     at com.jscape.inet.telnet.Telnet.connect(Unknown Source)
     at com.jscape.inet.telnet.TelnetSession.connect(Unknown Source)
     at com.thortech.xl.integration.telnetssh.util.TelnetSSHConnectionUtil.getTelnetSession(Unknown Source)
     at com.thortech.xl.integration.telnetssh.helper.TelnetProvisioning.createUser(Unknown Source)
     at com.thortech.xl.integration.telnetssh.helper.TelnetSSHController.createUser(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpTELNETCREATEUSER.CREATEUSER(adpTELNETCREATEUSER.java:755)
     at com.thortech.xl.adapterGlue.ScheduleItemEvents.adpTELNETCREATEUSER.implementation(adpTELNETCREATEUSER.java:174)
     at com.thortech.xl.client.events.tcBaseEvent.run(Unknown Source)
     at com.thortech.xl.dataobj.tcDataObj.runEvent(Unknown Source)
     at com.thortech.xl.dataobj.tcScheduleItem.runMilestoneEvent(Unknown Source)
     at com.thortech.xl.dataobj.tcScheduleItem.eventPostInsert(Unknown Source)
     at com.thortech.xl.dataobj.tcDataObj.insert(Unknown Source)
     at com.thortech.xl.dataobj.tcDataObj.save(Unknown Source)
     at com.thortech.xl.ejb.beansimpl.tcProvisioningOperationsBean.retryTasks(Unknown Source)
     at com.thortech.xl.ejb.beans.tcProvisioningOperationsSession.retryTasks(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
     at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:237)
     at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:158)
     at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:169)
     at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
     at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
     at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:350)
     at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:181)
     at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
     at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
     at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:138)
     at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
     at org.jboss.ejb.Container.invoke(Container.java:960)
     at sun.reflect.GeneratedMethodAccessor130.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
     at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
     at org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
     at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
     at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
     at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
     at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
     at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
     at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:112)
     at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
     at $Proxy339.retryTasks(Unknown Source)
     at Thor.API.Operations.tcProvisioningOperationsClient.retryTasks(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at Thor.API.Base.SecurityInvocationHandler$1.run(Unknown Source)
     at Thor.API.Security.LoginHandler.jbossLoginSession.runAs(Unknown Source)
     at Thor.API.Base.SecurityInvocationHandler.invoke(Unknown Source)
     at $Proxy808.retryTasks(Unknown Source)
     at com.thortech.xl.webclient.actions.ResourceProfileProvisioningTasksAction.retryTasks(Unknown Source)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:597)
     at org.apache.struts.actions.DispatchAction.dispatchMethod(DispatchAction.java:280)
     at com.thortech.xl.webclient.actions.tcLookupDispatchAction.execute(Unknown Source)
     at com.thortech.xl.webclient.actions.tcActionBase.execute(Unknown Source)
     at com.thortech.xl.webclient.actions.tcAction.execute(Unknown Source)
     at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
     at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
     at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at com.thortech.xl.webclient.security.SecurityFilter.doFilter(Unknown Source)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
     at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
     at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
     at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
     at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
     at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
     at java.lang.Thread.run(Thread.java:619)
2009-10-20 15:39:13,739 DEBUG [OIMCP.TELNETSSH] TelnetProvisioning::createUser: result = TELNET_USER_NOTCONNECTED_FAIL
2009-10-20 15:39:13,739 INFO [OIMCP.TELNETSSH] TelnetProvisioning::createUser: FINISHED
2009-10-20 15:39:13,739 INFO [OIMCP.TELNETSSH] TelnetSSHController::createUser: result = TELNET_USER_NOTCONNECTED_FAIL
2009-10-20 15:39:13,740 INFO [OIMCP.TELNETSSH] TelnetSSHController::createUser: FINISHED

Make sure your IT Resource is configured with the correct 'Prompt char', otherwise connector will wait until timeout for the configured one.
Also you can enable debug to get more details than the stack trace.
thanks

Need Help - SPA112 suddenly not working

Bought the SPA112 a month ago, it worked fine freephoneline since day one, but today when people called and we answered the phone, we heard nothing. When I make outgoing calls, I hear nothing from the handset.    I tried calling my cell phone, my cell rings, but I don't hear any rings from the handset too.   I have tried reboot the ATA a few times, but no luck.   I then looked around on the interent and found an upgrade firmware, applied firmware upgrade, but the problem is still there.
Name
Value
Model:
SPA112, 2 FXS
Hardware Version:
1.0.0
Boot Version:
1.0.1 (Oct 6 2011 - 20:04:00)
Firmware Version:
1.3.2 (014) May 9 2013
Recovery Firmware:
1.0.2 (001)
WAN MAC Address:
E0:2F:6D:78:5E:E2
Host Name:
SPA112
Domain Name:
(none)
Serial Number:
CCQ16520XD5
Current Time:
Sun, 30 Jun 2013 00:14:53
Does any one hear have the same problem?   Can you please help to fix my problem?
Thank you,
tqlam

Here is the system log. But something strange that as said in my post that I bought the device a month ago, but the log show date in Jan 1st, and only the last few line dated July 1st
Jan 1 00:00:04 SPA112 syslog.notice syslog-ng[121]: syslog-ng version 1.6.12 starting
Jan 1 00:00:04 SPA112 kern.notice [    0.000000] Linux version 2.6.26.5 (jlai2@ubuntu) (gcc version 4.1.2) #1 PREEMPT Fri Dec 14 14:02:32 PST 2012
Jan 1 00:00:04 SPA112 kern.warning [    0.000000] CPU: ARM926EJ-S [41069265] revision 5 (ARMv5TEJ), cr=00053177
Jan 1 00:00:04 SPA112 kern.warning [    0.000000] Machine: NXP PNX8181
Jan 1 00:00:04 SPA112 kern.warning [    0.000000] Memory policy: ECC disabled, Data cache writeback
Jan 1 00:00:04 SPA112 kern.debug [    0.000000] On node 0 totalpages: 7936
Jan 1 00:00:04 SPA112 kern.debug [    0.000000]   DMA zone: 62 pages used for memmap
Jan 1 00:00:04 SPA112 kern.debug [    0.000000]   DMA zone: 0 pages reserved
Jan 1 00:00:04 SPA112 kern.debug [    0.000000]   DMA zone: 7874 pages, LIFO batch:0
Jan 1 00:00:04 SPA112 kern.debug [    0.000000]   Normal zone: 0 pages used for memmap
Jan 1 00:00:04 SPA112 kern.debug [    0.000000]   Movable zone: 0 pages used for memmap
Jan 1 00:00:04 SPA112 kern.warning [    0.000000] CPU0: D VIVT write-back cache
Jan 1 00:00:04 SPA112 kern.warning [    0.000000] CPU0: I cache: 32768 bytes, associativity 4, 32 byte lines, 256 sets
Jan 1 00:00:04 SPA112 kern.warning [    0.000000] CPU0: D cache: 32768 bytes, associativity 4, 32 byte lines, 256 sets
Jan 1 00:00:04 SPA112 kern.warning [17179569.184000] Built 1 zonelists in Zone order, mobility grouping on. Total pages: 7874
Jan 1 00:00:04 SPA112 kern.notice [17179569.184000] Kernel command line: console=ttyS1,115200n8 rootfstype=squashfs noalign half_image=0 verify=y Hw_Model=SPA112 Router_Mode=0
Jan 1 00:00:04 SPA112 kern.info [17179569.184000] PNX8181: Configured 66 Interrupts
Jan 1 00:00:04 SPA112 kern.warning [17179569.184000] PID hash table entries: 128 (order: 7, 512 bytes)
Jan 1 00:00:04 SPA112 kern.warning [17179569.184000] Console: colour dummy device 80x30
Jan 1 00:00:04 SPA112 kern.info [17179569.184000] Dentry cache hash table entries: 4096 (order: 2, 16384 bytes)
Jan 1 00:00:04 SPA112 kern.info [17179569.184000] Inode-cache hash table entries: 2048 (order: 1, 8192 bytes)
Jan 1 00:00:04 SPA112 kern.info [17179569.188000] Memory: 31MB = 31MB total
Jan 1 00:00:04 SPA112 kern.notice [17179569.188000] Memory: 28296KB available (2804K code, 197K data, 120K init)
Jan 1 00:00:04 SPA112 kern.debug [17179569.188000] Calibrating delay loop... 110.08 BogoMIPS (lpj=220160)
Jan 1 00:00:04 SPA112 kern.warning [17179569.260000] Mount-cache hash table entries: 512
Jan 1 00:00:04 SPA112 kern.info [17179569.260000] CPU: Testing write buffer coherency: ok
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] net_namespace: 484 bytes
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] NET: Registered protocol family 16
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] Board: found phy at 0x03, id 0x001cc815
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] Board: Vega_PNX8181_BaseStation low-cost version detected.
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [intc] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [sctu] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [uart1] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [uart2] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [sdi] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [ebi1] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [ebi2] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.264000] clock [gpio] enabled
Jan 1 00:00:04 SPA112 kern.notice [17179569.264000] gpio_init: Registered PNX818 GPIO device
Jan 1 00:00:04 SPA112 kern.warning [17179569.264000] Board HW MODEL : 0x3
Jan 1 00:00:04 SPA112 kern.info [17179569.268000] clock [extint] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.268000] External Interrupt Controller registered
Jan 1 00:00:04 SPA112 kern.info [17179569.284000] NET: Registered protocol family 2
Jan 1 00:00:04 SPA112 kern.info [17179569.320000] IP route cache hash table entries: 1024 (order: 0, 4096 bytes)
Jan 1 00:00:04 SPA112 kern.info [17179569.320000] TCP established hash table entries: 1024 (order: 1, 8192 bytes)
Jan 1 00:00:04 SPA112 kern.info [17179569.320000] TCP bind hash table entries: 1024 (order: 0, 4096 bytes)
Jan 1 00:00:04 SPA112 kern.info [17179569.320000] TCP: Hash tables configured (established 1024 bind 1024)
Jan 1 00:00:04 SPA112 kern.info [17179569.320000] TCP reno registered
Jan 1 00:00:04 SPA112 kern.info [17179569.332000] NET: Registered protocol family 1
Jan 1 00:00:04 SPA112 kern.info [17179569.332000] clock [dmau] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.332000] probe succeded
Jan 1 00:00:04 SPA112 kern.info [17179569.332000] clock [iic] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.336000] squashfs: version 3.4 (2008/08/26) Phillip Lougher
Jan 1 00:00:04 SPA112 kern.warning [17179569.336000] squashfs: LZMA suppport for slax.org by jro
Jan 1 00:00:04 SPA112 kern.info [17179569.336000] JFFS2 version 2.2. (NAND) © 2001-2006 Red Hat, Inc.
Jan 1 00:00:04 SPA112 kern.info [17179569.340000] msgmni has been set to 55
Jan 1 00:00:04 SPA112 kern.info [17179569.340000] io scheduler noop registered (default)
Jan 1 00:00:04 SPA112 kern.info [17179569.348000] HDLC line discipline: version $Revision: 1.1.1.1 $, maxframe=4096
Jan 1 00:00:04 SPA112 kern.info [17179569.348000] N_HDLC line discipline registered.
Jan 1 00:00:04 SPA112 kern.info [17179569.348000] Non-volatile memory driver v1.2
Jan 1 00:00:04 SPA112 kern.info [17179569.348000] Serial: 8250/16550 driver $Revision: 1.1.1.1 $ 2 ports, IRQ sharing disabled
Jan 1 00:00:04 SPA112 kern.info [17179569.348000] serial8250.0: ttyS0 at MMIO 0xc2004000 (irq = 24) is a 16550A
Jan 1 00:00:04 SPA112 kern.info [17179569.348000] serial8250.0: ttyS1 at MMIO 0xc2005000 (irq = 23) is a 16550A
Jan 1 00:00:04 SPA112 kern.info [17179569.352000] console [ttyS1] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.356000] DCC: JTAG1 Serial emulation driver driver $Revision: 1.1.1.1 $
Jan 1 00:00:04 SPA112 kern.info [17179569.360000] ttyJ0 at MMIO 0x12345678 (irq = 0) is a DCC
Jan 1 00:00:04 SPA112 kern.info [17179569.364000] brd: module loaded
Jan 1 00:00:04 SPA112 kern.info [17179569.368000] PPP generic driver version 2.4.2
Jan 1 00:00:04 SPA112 kern.info [17179569.372000] PPP MPPE Compression module registered
Jan 1 00:00:04 SPA112 kern.info [17179569.376000] NET: Registered protocol family 24
Jan 1 00:00:04 SPA112 kern.info [17179569.380000] PPPoL2TP kernel driver, V1.0
Jan 1 00:00:04 SPA112 kern.warning [17179569.384000] [ip3912] : Bridge Mode...
Jan 1 00:00:04 SPA112 kern.info [17179569.384000] clock [etn1] enabled
Jan 1 00:00:04 SPA112 kern.info [17179569.392000] ip3912_mii_bus: probed
Jan 1 00:00:04 SPA112 kern.info [17179569.396000] eth0: IP3912 at 0xc1600000 using 0:03 phy
Jan 1 00:00:04 SPA112 kern.info [17179569.400000] NFTL driver: nftlcore.c $Revision: 1.1.1.1 $, nftlmount.c $Revision: 1.1.1.1 $
Jan 1 00:00:04 SPA112 kern.notice [17179569.404000] physmap platform flash device: 02000000 at 80000000
Jan 1 00:00:04 SPA112 kern.debug [17179569.408000] CFI: Found no physmap-flash.0 device at location zero
Jan 1 00:00:04 SPA112 kern.err [17179569.408000] physmap-flash physmap-flash.0: map_probe failed
Jan 1 00:00:04 SPA112 kern.info [17179569.412000] NAND device: Manufacturer ID: 0xad, Chip ID: 0x75 (Hynix NAND 32MiB 3,3V 8-bit)
Jan 1 00:00:04 SPA112 kern.debug [17179569.416000] Bad block table found at page 65504, version 0x01
Jan 1 00:00:04 SPA112 kern.debug [17179569.416000] Bad block table found at page 65472, version 0x01
Jan 1 00:00:04 SPA112 kern.debug [17179569.416000] nand_read_bbt: Bad block at 0x001c4000
Jan 1 00:00:04 SPA112 kern.warning [17179569.416000] Using Full Image\'s RootFS
Jan 1 00:00:04 SPA112 kern.warning [17179569.420000] Using static partition definition
Jan 1 00:00:04 SPA112 kern.warning [17179569.424000] !!! do adler32 checksum !!!
Jan 1 00:00:04 SPA112 kern.warning [17179571.288000] File system image checksum OK
Jan 1 00:00:04 SPA112 kern.notice [17179571.292000] Creating 11 MTD partitions on \"gen_nand\":
Jan 1 00:00:04 SPA112 kern.notice [17179571.296000] 0x00000000-0x00060000 : \"u-boot\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.300000] 0x00060000-0x00080000 : \"u-bootenv\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.304000] 0x00080000-0x01460000 : \"ROMIMAGE\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.308000] 0x01460000-0x01b60000 : \"HALFIMAGE\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.316000] 0x001ec000-0x01460000 : \"LINUX_ROOTFS\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.324000] 0x01b60000-0x01d60000 : \"HS_FW\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.328000] 0x01d60000-0x01e60000 : \"FPAR\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.332000] 0x01e60000-0x01ee0000 : \"CISCO\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.340000] 0x01ee0000-0x01f00000 : \"EEPROM\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.344000] 0x01f00000-0x01f80000 : \"NVRAM\"
Jan 1 00:00:04 SPA112 kern.notice [17179571.348000] 0x01f80000-0x02000000 : \"CA_DATA\"
Jan 1 00:00:04 SPA112 kern.info [17179571.356000] clock [spi1] enabled
Jan 1 00:00:04 SPA112 kern.info [17179571.364000] spi-pnx8181 spi-pnx8181: probe succeded
Jan 1 00:00:04 SPA112 kern.info [17179571.368000] i2c /dev entries driver
Jan 1 00:00:04 SPA112 kern.err [17179571.376000] ksz8873 0-005f: failed with status -1
Jan 1 00:00:04 SPA112 kern.warning [17179571.380000] ksz8873: probe of 0-005f failed with error -1
Jan 1 00:00:04 SPA112 kern.warning [17179571.384000] PNX8181 watchdog timer: timer margin 16 sec
Jan 1 00:00:04 SPA112 kern.info [17179571.388000] Registered led device: led1
Jan 1 00:00:04 SPA112 kern.info [17179571.392000] Registered led device: led2
Jan 1 00:00:04 SPA112 kern.debug [17179571.396000] cordless: SCRAM mapped to 0xd0000000
Jan 1 00:00:04 SPA112 kern.info [17179571.396000] cordless: character device initialized (major=254)
Jan 1 00:00:04 SPA112 kern.info [17179571.400000] coma-debug: coma debug support enabled
Jan 1 00:00:04 SPA112 kern.warning [17179571.404000] GACT probability on
Jan 1 00:00:04 SPA112 kern.warning [17179571.408000] Mirror/redirect action on
Jan 1 00:00:04 SPA112 kern.warning [17179571.412000] u32 classifier
Jan 1 00:00:04 SPA112 kern.warning [17179571.412000]     Performance counters on
Jan 1 00:00:04 SPA112 kern.warning [17179571.416000]     input device check on
Jan 1 00:00:04 SPA112 kern.warning [17179571.420000]     Actions configured
Jan 1 00:00:04 SPA112 kern.warning [17179571.424000] Netfilter messages via NETLINK v0.30.
Jan 1 00:00:04 SPA112 kern.warning [17179571.428000] nf_conntrack version 0.5.0 (1024 buckets, 4096 max)
Jan 1 00:00:04 SPA112 kern.info [17179571.432000] ip_tables: (C) 2000-2006 Netfilter Core Team
Jan 1 00:00:04 SPA112 kern.warning [17179571.436000] ipt_time loading
Jan 1 00:00:04 SPA112 kern.info [17179571.436000] TCP cubic registered
Jan 1 00:00:04 SPA112 kern.info [17179571.440000] NET: Registered protocol family 17
Jan 1 00:00:04 SPA112 kern.notice [17179571.444000] Bridge firewalling registered
Jan 1 00:00:04 SPA112 kern.info [17179571.448000] Ebtables v2.0 registered
Jan 1 00:00:04 SPA112 kern.info [17179571.456000] RPC: Registered udp transport module.
Jan 1 00:00:04 SPA112 kern.info [17179571.460000] RPC: Registered tcp transport module.
Jan 1 00:00:04 SPA112 kern.info [17179571.464000] 802.1Q VLAN Support v1.8 Ben Greear
Jan 1 00:00:04 SPA112 kern.info [17179571.468000] All bugs added by David S. Miller
Jan 1 00:00:04 SPA112 kern.info [17179571.472000] LINUX_ROOTFS is 4
Jan 1 00:00:04 SPA112 kern.warning [17179571.484000] VFS: Mounted root (squashfs filesystem) readonly.
Jan 1 00:00:04 SPA112 kern.info [17179571.488000] Freeing init memory: 120K
Jan 1 00:00:04 SPA112 kern.info [17179572.356000] eth0: Link down
Jan 1 00:00:04 SPA112 kern.info [17179573.360000] ip3912: eth0 up, speed is 100 Mbps, Full Duplex.
Jan 1 00:00:04 SPA112 kern.info [17179575.796000] coma-config: netlink interface registered
Jan 1 00:00:04 SPA112 kern.info [17179575.844000] coma-cpi: netlink interface registered
Jan 1 00:00:04 SPA112 kern.info [17179575.892000] coma-ss7: netlink interface registered
Jan 1 00:00:04 SPA112 kern.info [17179576.000000] coma-voice: character device initialized (major=253)
Jan 1 00:00:04 SPA112 kern.info [17179576.104000] coma-dsr: netlink interface registered
Jan 1 00:00:04 SPA112 kern.warning [17179576.136000] ***** LED_DRV init *****
Jan 1 00:00:04 SPA112 kern.warning [17179576.140000] ***** LED_DRV end *****
Jan 1 00:00:04 SPA112 kern.warning [17179576.168000] *** sys event driver initialized ***
Jan 1 00:00:04 SPA112 kern.err [17179579.148000] br0: Dropping NETIF_F_UFO since no NETIF_F_HW_CSUM feature.
Jan 1 00:00:04 SPA112 kern.info [17179580.800000] device eth0 entered promiscuous mode
Jan 1 00:00:04 SPA112 kern.info [17179580.800000] br0: port 1(eth0) entering learning state
Jan 1 00:00:04 SPA112 kern.debug [17179580.808000] sysevt_comm_sendto: (52, rc)=>
Jan 1 00:00:04 SPA112 kern.debug [17179580.824000] sysevt_comm_sendto: (52, rc)=>
Jan 1 00:00:05 SPA112 kern.info [17179582.800000] br0: topology change detected, propagating
Jan 1 00:00:05 SPA112 kern.info [17179582.800000] br0: port 1(eth0) entering forwarding state
Jan 1 00:00:05 SPA112 daemon.info system[128]: httpd server started at port 80
Jan 1 00:00:05 SPA112 daemon.info dnsmasq[135]: started, version 1.10 cachesize 150
Jan 1 00:00:05 SPA112 daemon.err dnsmasq[135]: failed to load names from /etc/hosts: No such file or directory
Jan 1 00:00:05 SPA112 daemon.debug dnsmasq[135]: reading /tmp/dns_resolv.conf
Jan 1 00:00:05 SPA112 daemon.info dnsmasq[135]: using nameserver 1.1.1.1
Jan 1 00:00:05 SPA112 daemon.notice system[1]: Ethernet WAN br0 link up
Jan 1 00:00:05 SPA112 daemon.notice system[1]: Start WAN br0 DHCP connection
Jan 1 00:00:06 SPA112 kern.debug [17179583.848000] sysevt_comm_sendto: (25, rc)=>
Jan 1 00:00:06 SPA112 kern.debug [17179583.972000] sysevt_comm_sendto: (16, rc)=>
Jan 1 00:00:10 SPA112 kern.debug [17179587.800000] sysevt_comm_sendto: (90, rc)=>
Jan 1 00:00:10 SPA112 daemon.notice system[1]: WAN br0 connected
Jan 1 00:00:10 SPA112 daemon.notice system[1]: Link name=br0
Jan 1 00:00:10 SPA112 daemon.notice system[1]: IP address=192.168.0.189
Jan 1 00:00:10 SPA112 daemon.notice system[1]: Netmask=255.255.255.0
Jan 1 00:00:10 SPA112 daemon.notice system[1]: Gateway=192.168.0.1
Jan 1 00:00:10 SPA112 daemon.notice system[1]: hostname=
Jan 1 00:00:10 SPA112 kern.debug [17179587.836000] sysevt_comm_sendto: (16, rc)=>
Jan 1 00:00:10 SPA112 daemon.notice system[1]: domain=
Jan 1 00:00:10 SPA112 daemon.notice system[1]: dns_0=192.168.0.1
Jan 1 00:00:10 SPA112 kern.debug [17179587.980000] sysevt_comm_sendto: (480, rc)=>
Jan 1 00:00:10 SPA112 kern.debug [17179587.992000] sysevt_comm_sendto: (480, rc)=>
Jan 1 00:00:10 SPA112 kern.debug [17179588.012000] sysevt_comm_sendto: (25, rc)=>
Jan 1 00:00:10 SPA112 daemon.err dnsmasq[135]: failed to load names from /etc/hosts: No such file or directory
Jan 1 00:00:10 SPA112 daemon.debug system[1]: leave reload_dnsmasq_conf_default
Jan 1 00:00:10 SPA112 kern.debug [17179588.672000] sysevt_event_sendto: =>(0, B5817EF8, ledapp)
Jan 1 00:00:10 SPA112 kern.debug [17179588.672000] sysevt_event_sendto: =>type = 1048663
Jan 1 00:00:10 SPA112 kern.debug [17179588.672000] sysevt_event_sendto: =>size = 0
Jan 1 00:00:10 SPA112 kern.debug [17179588.672000] sysevt_comm_sendto: (12, ledapp)=>
Jul 1 11:27:43 SPA112 daemon.notice system[103]: NTP update successfully, Year:2013,Month:7,Day:1,Hour:11,Min:27,Sec:43
Jul 1 11:27:43 SPA112 syslog.notice syslog-ng[121]: STATS: dropped 0
Jul 1 12:27:43 SPA112 syslog.notice syslog-ng[121]: STATS: dropped 0
Jul 1 12:27:43 SPA112 daemon.notice system[103]: Adjust daylight saving time: Year:2013,Month:7,Day:1,Hour:12,Min:27,Sec:43
Jul 1 12:28:13 SPA112 kern.info [17179619.524000] cordless: loading synergy-2012-11-05
Jul 1 12:28:13 SPA112 kern.info [17179619.552000] cordless: init successful
Jul 1 12:28:15 SPA112 user.notice msgswitchd: MSGSWITCH fd_rtp fifo created 7
Jul 1 12:28:15 SPA112 user.notice msgswitchd: MSGSWITCH fd_ch fifo created 9
Jul 1 12:28:15 SPA112 user.notice msgswitchd: MSGSWITCH fd_gmep fifo created 10

User Provisioning not working from OIM to OID

Hi All,
I am trying to create new user from OIM to OID, am getting following error message on console...
Response: INVALID_NAMING_ERROR
Response Description: Naming exception encountered
Notes:
In logs files while creation am getting following message....
INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_ALIAS
INFO,09 Oct 2011 23:37:50,253,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_CUSTID
INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_IVRPIN
INFO,09 Oct 2011 23:37:50,254,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_USERAPPSTATUS
INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_CREATEDDATE
INFO,09 Oct 2011 23:37:50,255,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_OAMLOCKTIME
INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],retrieving object from cache key = xlCustomClienten_US
INFO,09 Oct 2011 23:37:50,256,[XELLERATE.WEBAPP],Key not found in Custom Resource Bundle: newKey = global.udf.USR_UDF_PASSWORD_EXPIRE
INFO,09 Oct 2011 23:37:50,257,[XELLERATE.WEBAPP],Writing Custom default resource bundle object to cache : Key = xlConnectorResourceBundleen_US
Please help me on this....
Thanks in Advance
YJR

That is not the log output of the OID connector. Check the connector docs, and enable the OID logging only. The INVALID_NAMING_ERROR means something is wrong with the naming of your object. Most likely there is an LDAP error output somewhere, but all the output you provided is info level, nothing wrong with it.
-Kevin

Auto provisioning for AD is not working in oim11gr2

Hi All,
I have current environment as OIM 11.1.2.0.7 and AD connector MSFT_AD_Base_11.1.1.5.0 with patch applied 14190610 and Connector_Server_111200
I configured an auto provisioning to AD
I created an access policy based on a role MSAD Users.
i am expecting when i assign this role user should provisioned to AD automatically but it is not done. I also ran the Evaluate User policies scheduler which in enable state.
i provisioned user manualy and its working fine. also i checked access policy with another target application R12 application it is also working fine.
but i dont y it not working for AD . I filled all required fields in process form lyk organisation and AD Server.
I ran in to same issue in DEV at that time i applied BP07 to oim and 14190610 patch to AD connector, after that it was worked
Now my UAT is in same environment still it is not working
Please suggest me some solution
Regards
$sid

Hi All,
I have current environment as OIM 11.1.2.0.7 and AD connector MSFT_AD_Base_11.1.1.5.0 with patch applied 14190610 and Connector_Server_111200
I configured an auto provisioning to AD
I created an access policy based on a role MSAD Users.
i am expecting when i assign this role user should provisioned to AD automatically but it is not done. I also ran the Evaluate User policies scheduler which in enable state.
i provisioned user manualy and its working fine. also i checked access policy with another target application R12 application it is also working fine.
but i dont y it not working for AD . I filled all required fields in process form lyk organisation and AD Server.
I ran in to same issue in DEV at that time i applied BP07 to oim and 14190610 patch to AD connector, after that it was worked
Now my UAT is in same environment still it is not working
Please suggest me some solution
Regards
$sid

ISE upgrade 1.2: Self-provisioning portal not working

Hi all,
I need help with Self-Provisioning portal flow not showing the agent installation page after upgrade from 1.1.1 to 1.2 on a couple of 3315. I've configured all the pieces as instructed by BYOD SBA guide at http://www.cisco.com/en/US/docs/solutions/SBA/February2013/Cisco_SBA_SLN_BYOD_InternalCorporateAccessDeploymentGuide-Feb2013.pdf
Screenshot of page is attached:
I've checked ise-console.log application log file and found two errors correponding to the first page:
[portal-http-84431][] SystemConsole -::c0a8a82a000000d7523c70f9::guest:- com.cisco.cpm.provisioning.exception.ProvisioningException: java.security.cert.CertificateException: Unable to initialize, java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.
[portal-http-84431][] SystemConsole -::c0a8a82a000000d7523c70f9::guest:- at com.cisco.cpm.provisioning.cert.CertProvisioningFactory.initialize(CertProvisioningFactory.java:333)
and the second (not working) one:
[portal-http-84431][] SystemConsole -:xxxxx@xxxxxxx:c0a8a82a000000d7523c70f9::guest:- java.lang.NullPointerException
[portal-http-84431][] SystemConsole -:xxxxx@xxxxxxx:c0a8a82a000000d7523c70f9::guest:- at com.cisco.cpm.provisioning.cache.FlowStateCacheManager.getFlowStateCache(FlowStateCacheManager.java:202)
Looks like something is wrong with a certification file, but I cannot find what is. I've exported and re-installed current server certificates (as instructed by upgrade guide for 1.2) and nothing changed.
Can somebody please help?
Thanks,
L

Errors When Adding Devices to My Devices Portal
Employees cannot add a device that is already added if another employee has previously added the device so that it already exists in the Cisco ISE endpoints database.
If employees are attempting to add a device that supports a native supplicant, recommend that they use that instead. That registration process will overwrite the original registration and switch ownership to the new user.
If the device is a MAC Authentication Bypass (MAB) device, such as a printer, then you must resolve ownership of the device, and if appropriate, remove the device from the endpoints database so that the new owner can successfully add the device.
For more information on self-provisioning.
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mydevices.html Errors When Adding Devices to My Devices Portal
Employees cannot add a device that is already added if another employee has previously added the device so that it already exists in the Cisco ISE endpoints database.
If employees are attempting to add a device that supports a native supplicant, recommend that they use that instead. That registration process will overwrite the original registration and switch ownership to the new user.
If the device is a MAC Authentication Bypass (MAB) device, such as a printer, then you must resolve ownership of the device, and if appropriate, remove the device from the endpoints database so that the new owner can successfully add the device.
For more information on self-provisioning.
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_mydevices.html

Enable User is not working for Provisioning

Hi,
I am trying to provision enable user to target system. For that, in my process definition, I have a task "Enable User" added with Task Effect as "Enables Process Or Access To Application" with Conditional, Required for Completion, Allow Cancellation while Pending, and Allow Multiple Instances selected. But somehow it's not working. I have checked, system property XL.EnableDisabledResources is set to TRUE. Can you please help me with this.
As an alternative solution, I have also tried adding "USR_STATUS" or "USR_DISABLED" code under Lookup.USR_PROCESS_TRIGGERS and having a task and having a task added in my process definition with same name as meaning of this code. But those are also not working. This is exactly like Change First Name meaning under Lookup.USR_PROCESS_TRIGGERS. So, I hoped change in USR_STATUS or USR_DISABLED will trigger my task, but no luck :-(
Can anybody please help with this? I have also read some that Enable User has some issues in OIM 11g R2. If that is the case, what's my alternatives?
BTW, scheduled job "Evaluate User Policies" is also enabled and running successful every 10 minutes.
Thanks,
Ashish

Hi Have you get to know what was cause of this issue yet? If yes, can you share of what have you found?
Thanks

Spa112 Synchronized Ring not working

Hi,
Does anyone have the feature 'Synchronized Ring' = Yes working?
(Voice, Regional, Ring and Call Waiting Tone Spec)
The idea is to have calls received on line one being picked up with phones on line 2. Line 2 is configured for a lower-cost voip provider while line 1 is configured for a voip provider that can serve incoming calls. I've got the different providers working properly, the last feature that is not working properly is this 'Synchronized Ring'. I would like to hide the more expensive line in a cupboard and have my wife use all lines on just one phone, the one connected to the cheaper outgoing line.
I've tested this feature in firmwares 1.3.2 (014) and 1.2.1 (004), but on both it failed to work.
Administration Guide, page 80:
Synronized Ring:
If this is set to Yes, when the ATA is called, all lines ring at the
same time (similar to a regular PSTN line) After one line
answers, the others stop ringing. Default setting: no
Greetings,
Gerben

Hi Gerben111 have you find a solution?? I'm looking everywhere without result. Thanks

Iphone 4 personal Hotspot not working after update to IOS 7.1 India BSNL cellular

Iphone 4 personal Hotspot not working after update to IOS 7.1 India BSNL cellular

BSNL is not a supported carrier. Personal Hotspot requires carrier support and provisioning of the account to enable it. iOS 7.1 disabled the ability to manually configure Personal Hotspot on unsupported carriers.

Issue with spamassassin, now mail not working

Hi ! I installed spamtrainer almost two months ago. Been feeding the [email protected] for several weeks now , 700 emails each day at least .
There was very little improvement if none at all. Tried to add "@local_domains_maps = (1)" to amavisd.conf last night thinking it might be the problem , though no virtual domain exist. This was one of the issue on the default Amavisd config. The other one is adding the symbolic link which I already done.
Computer froze while adding the parameter "@local_domains_maps = (1)", so I manually turn off the Power Mac, then mail stopped altogether. The mails are filing up but the clients couldn't send or receive since this incidence .
FF is the maincf. and amavis.conf
All help are greatly appreciated.
mail:/Users/sysadmin root# postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,mail.cpplaw.com,cpplaw.com
mydomain = cpplaw.com
mydomain_fallback = localhost
myhostname = mail.cpplaw.com
mynetworks = 127.0.0.1/32,192.168.1.0/24,127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains =
virtual_transport = virtual
mail:/Users/sysadmin root# postconf -n
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
always_bcc =
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
html_directory = no
inet_interfaces = all
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
luser_relay =
mail_owner = postfix
mailbox_size_limit = 0
mailbox_transport = cyrus
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
message_size_limit = 31457280
mydestination = $myhostname,localhost.$mydomain,localhost,mail.cpplaw.com,cpplaw.com
mydomain = cpplaw.com
mydomain_fallback = localhost
myhostname = mail.cpplaw.com
mynetworks = 127.0.0.1/32,192.168.1.0/24,127.0.0.1
mynetworks_style = host
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/postfix
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
relayhost =
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = postdrop
smtpd_client_restrictions = permit_mynetworks permit
smtpd_tls_key_file =
unknown_local_recipient_reject_code = 550
virtual_mailbox_domains =
virtual_transport = virtual
mail:/Users/sysadmin root#
_______________________Amavisd.cof_________________________
use strict;
# Configuration file for amavisd-new
# This software is licensed under the GNU General Public License (GPL).
# See comments at the start of amavisd-new for the whole license text.
#Sections:
# Section I - Essential daemon and MTA settings
# Section II - MTA specific
# Section III - Logging
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# Section VI - Resource limits
# Section VII - External programs, virus scanners, SpamAssassin
# Section VIII - Debugging
#GENERAL NOTES:
# This file is a normal Perl code, interpreted by Perl itself.
# - make sure this file (or directory where it resides) is NOT WRITABLE
# by mere mortals, otherwise it represents a severe security risk!
# - for values which are interpreted as booleans, it is recommended
# to use 1 for true, and 0 or undef or '' for false.
# THIS IS DIFFERENT FROM OLDER AMAVIS VERSIONS where "no" also meant false,
# now it means true, like any nonempty string does!
# - Perl syntax applies. Most notably: strings in "" may include variables
# (which start with $ or @); to include characters @ and $ in double
# quoted strings, precede them by a backslash; in single-quoted strings
# the $ and @ lose their special meaning, so it is usually easier to use
# single quoted strings. Still, in both cases a backslash need to be doubled
# - variables with names starting with a '@' are lists, the values assigned
# to them should be lists as well, e.g. ('one@foo', $mydomain, "three");
# note the comma-separation and parenthesis. If strings in the list
# do not contain spaces nor variables, a Perl operator qw() may be used
# as a shorthand to split its argument on whitespace and produce a list
# of strings, e.g. qw( one@foo example.com three ); Note that the argument
# to qw is quoted implicitly and no variable interpretation is done within
# (no '$' variable evaluations). The #-initiated comments can not be used
# within the string. In other words, $ and # lose their special meaning
# withing a qw argument, just like within '...' strings.
# - all e-mail addresses in this file and as used internally by the daemon
# are in their raw (rfc2821-unquoted and nonbracketed) form, i.e.
# Bob "Funny" [email protected], not: "Bob \"Funny\" Dude"@example.com
# and not <"@example.com>; also: '' and not ''.
# Section I - Essential daemon and MTA settings
# $MYHOME serves as a quick default for some other configuration settings.
# More refined control is available with each individual setting further down.
# $MYHOME is not used directly by the program. No trailing slash!
#$MYHOME = '/var/lib/amavis'; # (default is '/var/amavis')
# : $mydomain serves as a quick default for some other configuration settings.
# : More refined control is available with each individual setting further down.
# : $mydomain is never used directly by the program.
$mydomain = 'cpplaw.com'; aol.com'; # (no useful default)
# Set the user and group to which the daemon will change if started as root
# (otherwise just keep the UID unchanged, and these settings have no effect):
$daemon_user = 'clamav'; # (no default; customary: vscan or amavis)
$daemon_group = 'clamav'; # (no default; customary: vscan or amavis)
# Runtime working directory (cwd), and a place where
# temporary directories for unpacking mail are created.
# (no trailing slash, may be a scratch file system)
$TEMPBASE = $MYHOME; # (must be set if other config vars use is)
#$TEMPBASE = "$MYHOME/tmp"; # prefer to keep home dir /var/amavis clean?
# $helpers_home sets environment variable HOME, and is passed as option
# 'home_dir_for_helpers' to Mail::SpamAssassin::new. It should be a directory
# on a normal persistent file system, not a scratch or temporary file system
#$helpers_home = $MYHOME; # (defaults to $MYHOME)
#$daemon_chroot_dir = $MYHOME; # (default is undef, meaning: do not chroot)
#$pid_file = "$MYHOME/amavisd.pid"; # (default is "$MYHOME/amavisd.pid")
#$lock_file = "$MYHOME/amavisd.lock"; # (default is "$MYHOME/amavisd.lock")
# set environment variables if you want (no defaults):
$ENV{TMPDIR} = $TEMPBASE; # wise, but usually not necessary
# MTA SETTINGS, UNCOMMENT AS APPROPRIATE,
# both $forward_method and $notify_method default to 'smtp:127.0.0.1:10025'
# POSTFIX, or SENDMAIL in dual-MTA setup, or EXIM V4
# (set host and port number as required; host can be specified
# as IP address or DNS name (A or CNAME, but MX is ignored)
#$forward_method = 'smtp:127.0.0.1:10025'; # where to forward checked mail
#$notify_method = $forward_method; # where to submit notifications
# NOTE: The defaults (above) are good for Postfix or dual-sendmail. You MUST
# uncomment the approprate settings below if using other setups!
# SENDMAIL MILTER, using amavis-milter.c helper program:
#$forward_method = undef; # no explicit forwarding, sendmail does it by itself
# milter; option -odd is needed to avoid deadlocks
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -odd -f ${sender} -- ${recipient}';
# just a thought: can we use use -Am instead of -odd ?
# SENDMAIL (old non-milter setup, as relay):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/sendmail -C/etc/sendmail.orig.cf -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# SENDMAIL (old non-milter setup, amavis.c calls local delivery agent):
#$forward_method = undef; # no explicit forwarding, amavis.c will call LDA
#$notify_method = 'pipe:flags=q argv=/usr/sbin/sendmail -Ac -i -f ${sender} -- ${recipient}';
# EXIM v3 (not recommended with v4 or later, which can use SMTP setup instead):
#$forward_method = 'pipe:flags=q argv=/usr/sbin/exim -oMr scanned-ok -i -f ${sender} -- ${recipient}';
#$notify_method = $forward_method;
# prefer to collect mail for forwarding as BSMTP files?
#$forward_method = "bsmtp:$MYHOME/out-%i-%n.bsmtp";
#$notify_method = $forward_method;
# Net::Server pre-forking settings
# You may want $max_servers to match the width of your MTA pipe
# feeding amavisd, e.g. with Postfix the 'Max procs' field in the
# master.cf file, like the '2' in the: smtp-amavis unix - - n - 2 smtp
$max_servers = 2; # number of pre-forked children (default 2)
$max_requests = 10; # retire a child after that many accepts (default 10)
$child_timeout=5*60; # abort child if it does not complete each task in n sec
# (default: 8*60 seconds)
# Check also the settings of @av_scanners at the end if you want to use
# virus scanners. If not, you may want to delete the whole long assignment
# to the variable @av_scanners, which will also remove the virus checking
# code (e.g. if you only want to do spam scanning).
# Here is a QUICK WAY to completely DISABLE some sections of code
# that WE DO NOT WANT (it won't even be compiled-in).
# For more refined controls leave the following two lines commented out,
# and see further down what these two lookup lists really mean.
#@bypass_virus_checks_acl = qw( . ); # uncomment to DISABLE anti-virus code
#@bypass_spam_checks_acl = qw( . ); # uncomment to DISABLE anti-spam code
# Any setting can be changed with a new assignment, so make sure
# you do not unintentionally override these settings further down!
# Lookup list of local domains (see README.lookups for syntax details)
# NOTE:
# For backwards compatibility the variable names @local_domains (old) and
# @local_domains_acl (new) are synonyms. For consistency with other lookups
# the name @local_domains_acl is now preferred. It also makes it more
# obviously distinct from the new %local_domains hash lookup table.
# local_domains* lookup tables are used in deciding whether a recipient
# is local or not, or in other words, if the message is outgoing or not.
# This affects inserting spam-related headers for local recipients,
# limiting recipient virus notifications (if enabled) to local recipients,
# in deciding if address extension may be appended, and in SQL lookups
# for non-fqdn addresses. Set it up correctly if you need features
# that rely on this setting (or just leave empty otherwise).
# With Postfix (2.0) a quick reminder on what local domains normally are:
# a union of domains spacified in: $mydestination, $virtual_alias_domains,
# $virtual_mailbox_domains, and $relay_domains.
@local_domains_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# @local_domains_acl = qw(); # default is empty, no recipient treated as local
# @local_domains_acl = qw( .example.com );
# @local_domains_acl = qw( .example.com !host.sub.example.net .sub.example.net );
# @local_domains_acl = ( ".$mydomain", '.example.com', 'sub.example.net' );
# or alternatively(A), using a Perl hash lookup table, which may be assigned
# directly, or read from a file, one domain per line; comments and empty lines
# are ignored, a dot before a domain name implies its subdomains:
#read_hash(\%local_domains, '/var/amavis/local_domains');
#or alternatively(B), using a list of regular expressions:
# $local_domains_re = new_RE( qr'[@.]example\.com$'i );
# see README.lookups for syntax and semantics
# Section II - MTA specific (defaults should be ok)
# if $relayhost_is_client is true, IP address in $notify_method and
# $forward_method is dynamically overridden with SMTP client peer address
# if available, which makes possible for several hosts to share one daemon
#$relayhost_is_client = 1; # (defaults to false)
#$insert_received_line = 1; # behave like MTA: insert 'Received:' header
# (does not apply to sendmail/milter)
# (default is true)
# AMAVIS-CLIENT PROTOCOL INPUT SETTINGS (e.g. with sendmail milter)
# (used with amavis helper clients like amavis-milter.c and amavis.c,
# NOT needed for Postfix and Exim)
$unix_socketname = "$MYHOME/amavisd.sock"; # amavis helper protocol socket
#$unix_socketname = undef; # disable listening on a unix socket
# (default is undef, i.e. disabled)
# (usual setting is $MYHOME/amavisd.sock)
# Do we receive quoted or raw addresses from the helper program?
# (does not apply to SMTP; defaults to true)
#$gets_addr_in_quoted_form = 1; # "Bob \"Funny\" Dude"@example.com
#$gets_addr_in_quoted_form = 0; # Bob "Funny" [email protected]
# SMTP SERVER (INPUT) PROTOCOL SETTINGS (e.g. with Postfix, Exim v4, ...)
# (used when MTA is configured to pass mail to amavisd via SMTP or LMTP)
$inet_socket_port = 10024; # accept SMTP on this local TCP port
# (default is undef, i.e. disabled)
# multiple ports may be provided: $inet_socket_port = [10024, 10026, 10028];
# SMTP SERVER (INPUT) access control
# - do not allow free access to the amavisd SMTP port !!!
# when MTA is at the same host, use the following (one or the other or both):
#$inet_socket_bind = '127.0.0.1'; # limit socket bind to loopback interface
# (default is '127.0.0.1')
@inet_acl = qw( 127.0.0.1 ); # allow SMTP access only from localhost IP
# (default is qw( 127.0.0.1 ) )
# when MTA (one or more) is on a different host, use the following:
#@inet_acl = qw(127/8 10.1.0.1 10.1.0.2); # adjust the list as appropriate
#$inet_socket_bind = undef; # bind to all IP interfaces
# Example1:
# @inet_acl = qw( 127/8 10/8 172.16/12 192.168/16 );
# permit only SMTP access from loopback and rfc1918 private address space
# Example2:
# @inet_acl = qw( !192.168.1.12 172.16.3.3 !172.16.3/255.255.255.0
# 127.0.0.1 10/8 172.16/12 192.168/16 );
# matches loopback and rfc1918 private address space except host 192.168.1.12
# and net 172.16.3/24 (but host 172.16.3.3 within 172.16.3/24 still matches)
# Example3:
# @inet_acl = qw( 127/8
# !172.16.3.0 !172.16.3.127 172.16.3.0/25
# !172.16.3.128 !172.16.3.255 172.16.3.128/25 );
# matches loopback and both halves of the 172.16.3/24 C-class,
# split into two subnets, except all four broadcast addresses
# for these subnets
# See README.lookups for details on specifying access control lists.
# Section III - Logging
# true (e.g. 1) => syslog; false (e.g. 0) => logging to file
$DO_SYSLOG = 0; # (defaults to false)
#$SYSLOG_LEVEL = 'user.info'; # (defaults to 'mail.info')
# Log file (if not using syslog)
$LOGFILE = "/var/log/amavis.log"; # (defaults to empty, no log)
#NOTE: levels are not strictly observed and are somewhat arbitrary
# 0: startup/exit/failure messages, viruses detected
# 1: args passed from client, some more interesting messages
# 2: virus scanner output, timing
# 3: server, client
# 4: decompose parts
# 5: more debug details
$log_level = 4; # (defaults to 0)
# Customizeable template for the most interesting log file entry (e.g. with
# $log_level=0) (take care to properly quote Perl special characters like '\')
# For a list of available macros see README.customize .
# only log infected messages (useful with log level 0):
# $log_templ = '[? %#V |[? %#F ||banned filename ([%F|,])]|infected ([%V|,])]#
# [? %#V |[? %#F ||, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]#
# |, from=<%o>, to=[<%R>|,][? %i ||, quarantine %i]]';
# log both infected and noninfected messages (default):
$log_templ = '[? %#V |[? %#F |[?%#D|Not-Delivered|Passed]|BANNED name/type (%F)]|INFECTED (%V)], #
<%o> -> [<%R>|,][? %i ||, quarantine %i], Message-ID: %m, Hits: %c';
# Section IV - Notifications/DSN, BOUNCE/REJECT/DROP/PASS destiny, quarantine
# Select notifications text encoding when Unicode-aware Perl is converting
# text from internal character representation to external encoding (charset
# in MIME terminology)
# to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
#$hdr_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# to be used in notification body text: its encoding and Content-type.charset
#$bdy_encoding = 'iso-8859-1'; # (default: 'iso-8859-1')
# Default template texts for notifications may be overruled by directly
# assigning new text to template variables, or by reading template text
# from files. A second argument may be specified in a call to read_text(),
# specifying character encoding layer to be used when reading from the
# external file, e.g. 'utf8', 'iso-8859-1', or often just $bdy_encoding.
# Text will be converted to internal character representation by Perl 5.8.0
# or later; second argument is ignored otherwise. See PerlIO::encoding,
# Encode::PerlIO and perluniintro man pages.
# $notify_sender_templ = read_text('/var/amavis/notify_sender.txt');
# $notify_virus_sender_templ= read_text('/var/amavis/notify_virus_sender.txt');
# $notify_virus_admin_templ = read_text('/var/amavis/notify_virus_admin.txt');
# $notify_virus_recips_templ= read_text('/var/amavis/notify_virus_recips.txt');
# $notify_spam_sender_templ = read_text('/var/amavis/notify_spam_sender.txt');
# $notify_spam_admin_templ = read_text('/var/amavis/notify_spam_admin.txt');
# If notification template files are collectively available in some directory,
# use read_l10n_templates which calls read_text for each known template.
# read_l10n_templates('/etc/amavis/en_US');
# Here is an overall picture (sequence of events) of how pieces fit together
# (only virus controls are shown, spam controls work the same way):
# bypass_virus_checks set for all recipients? ==> PASS
# no viruses? ==> PASS
# log virus if $log_templ is nonempty
# quarantine if $virus_quarantine_to is nonempty
# notify admin if $virus_admin (lookup) nonempty
# notify recips if $warnvirusrecip and (recipient is local or $warn_offsite)
# add address extensions for local recipients (when enabled)
# send (non-)delivery notifications
# to sender if DSN needed (BOUNCE) or ($warnvirussender and D_PASS)
# virus_lovers or final_destiny==D_PASS ==> PASS
# DISCARD (2xx) or REJECT (5xx) (depending on final_*_destiny)
# Equivalent flow diagram applies for spam checks.
# If a virus is detected, spam checking is skipped entirely.
# The following symbolic constants can be used in *destiny settings:
# D_PASS mail will pass to recipients, regardless of bad contents;
# D_DISCARD mail will not be delivered to its recipients, sender will NOT be
# notified. Effectively we lose mail (but will be quarantined
# unless disabled). Not a decent thing to do for a mailer.
# D_BOUNCE mail will not be delivered to its recipients, a non-delivery
# notification (bounce) will be sent to the sender by amavisd-new;
# Exception: bounce (DSN) will not be sent if a virus name matches
# $viruses_that_fake_sender_re, or to messages from mailing lists
# (Precedence: bulk|list|junk);
# D_REJECT mail will not be delivered to its recipients, sender should
# preferably get a reject, e.g. SMTP permanent reject response
# (e.g. with milter), or non-delivery notification from MTA
# (e.g. Postfix). If this is not possible (e.g. different recipients
# have different tolerances to bad mail contents and not using LMTP)
# amavisd-new sends a bounce by itself (same as D_BOUNCE).
# Notes:
# D_REJECT and D_BOUNCE are similar, the difference is in who is responsible
# for informing the sender about non-delivery, and how informative
# the notification can be (amavisd-new knows more than MTA);
# With D_REJECT, MTA may reject original SMTP, or send DSN (delivery status
# notification, colloquially called 'bounce') - depending on MTA;
# Best suited for sendmail milter, especially for spam.
# With D_BOUNCE, amavisd-new (not MTA) sends DSN (can better explain the
# reason for mail non-delivery, but unable to reject the original
# SMTP session). Best suited to reporting viruses, and for Postfix
# and other dual-MTA setups, which can't reject original client SMTP
# session, as the mail has already been enqueued.
$final_virus_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_banned_destiny = D_BOUNCE; # (defaults to D_BOUNCE)
$final_spam_destiny = D_PASS; # (defaults to D_REJECT)
$final_bad_header_destiny = D_PASS; # (defaults to D_PASS), D_BOUNCE suggested
# Alternatives to consider for spam:
# - use D_PASS if clients will do filtering based on inserted mail headers;
# - use D_DISCARD, if kill_level is set safely high;
# - use D_BOUNCE instead of D_REJECT if not using milter;
# There are no sensible alternatives to D_BOUNCE for viruses, but consider:
# - use D_PASS (or virus_lovers) and $warnvirussender=1 to deliver viruses;
# - use D_REJECT instead of D_BOUNCE if using milter and under heavy
# virus storm;
# Don't bother to set both D_DISCARD and $warn*sender=1, it will get mapped
# to D_BOUNCE.
# The separation of *_destiny values into D_BOUNCE, D_REJECT, D_DISCARD
# and D_PASS made settings $warnvirussender and $warnspamsender only still
# useful with D_PASS.
# The following $warn*sender settings are ONLY used when mail is
# actually passed to recipients ($final_*_destiny=D_PASS, or *_lovers*).
# Bounces or rejects produce non-delivery status notification anyway.
# Notify virus sender?
#$warnvirussender = 1; # (defaults to false (undef))
# Notify spam sender?
#$warnspamsender = 1; # (defaults to false (undef))
# Notify sender of banned files?
#$warnbannedsender = 1; # (defaults to false (undef))
# Notify sender of syntactically invalid header containing non-ASCII characters?
#$warnbadhsender = 1; # (defaults to false (undef))
# Notify virus (or banned files) RECIPIENT?
# (not very useful, but some policies demand it)
#$warnvirusrecip = 1; # (defaults to false (undef))
#$warnbannedrecip = 1; # (defaults to false (undef))
# Notify also non-local virus/banned recipients if $warn*recip is true?
# (including those not matching local_domains*)
#$warn_offsite = 1; # (defaults to false (undef), i.e. only notify locals)
# Treat envelope sender address as unreliable and don't send sender
# notification / bounces if name(s) of detected virus(es) match the list.
# Note that virus names are supplied by external virus scanner(s) and are
# not standardized, so virus names may need to be adjusted.
# See README.lookups for syntax.
$viruses_that_fake_sender_re = new_RE(
qr'nimda|hybris|klez|bugbear|yaha|braid|sobig|fizzer|palyh|peido|holar'i );
# where to send ADMIN VIRUS NOTIFICATIONS (should be a fully qualified address)
# - the administrator address may be a simple fixed e-mail address (a scalar),
# or may depend on the SENDER address (e.g. its domain), in which case
# a ref to a hash table can be specified (specify lower-cased keys,
# dot is a catchall, see README.lookups).
# Empty or undef lookup disables virus admin notifications.
$virus_admin = '[email protected]';
# $virus_admin = undef; # do not send virus admin notifications (default)
# $virus_admin = {'not.example.com' => '', '.' => '[email protected]'};
# $virus_admin = '[email protected]';
# equivalent to $virus_admin, but for spam admin notifications:
#$spam_admin = '[email protected]';# $spam_admin = undef; # do not send spam admin notifications (default)
# $spam_admin = {'not.example.com' => '', '.' => '[email protected]'};
#advanced example, using a hash lookup table:
# - $virus_admin = {
# '[email protected]' => '[email protected]',
# '.sub1.example.com' => '[email protected]',
# '.sub2.example.com' => '', # don't send admin notifications
# 'a.sub3.example.com' => '[email protected]',
# '.sub3.example.com' => '[email protected]',
# '.example.com' => '[email protected]', # catchall for our virus senders
# '.' => '[email protected]', # catchall for the rest
# whom notification reports are sent from (ENVELOPE SENDER);
# may be a null reverse path, or a fully qualified address:
# (admin and recip sender addresses default to $mailfrom
# for compatibility, which in turn defaults to undef (empty) )
# If using strings in double quotes, don't forget to quote @, i.e. \@
$mailfrom_notify_admin = "virusalert\@$mydomain";
$mailfrom_notify_recip = "virusalert\@$mydomain";
$mailfrom_notify_spamadmin = "spam.police\@$mydomain";
# 'From' HEADER FIELD for sender and admin notifications.
# This should be a replyable address, see rfc1894. Not to be confused
# with $mailfrom_notify_sender, which is the envelope address and
# should be empty (null reverse path) according to rfc2821.
# $hdrfrom_notify_sender = "amavisd-new <postmaster\@$mydomain>";
# $hdrfrom_notify_sender = 'amavisd-new <[email protected]>';
# (defaults to: "amavisd-new <postmaster\@$myhostname>")
# $hdrfrom_notify_admin = $mailfrom_notify_admin;
# (defaults to: $mailfrom_notify_admin)
# $hdrfrom_notify_spamadmin = $mailfrom_notify_spamadmin;
# (defaults to: $mailfrom_notify_spamadmin)
# whom quarantined messages appear to be sent from (envelope sender)
$mailfrom_to_quarantine = undef; # original sender if undef, or set explicitly
# (default is undef)
# Location to put infected mail into: (applies to 'local:' quarantine method)
# empty for not quarantining, may be a file (mailbox),
# or a directory (no trailing slash)
# (the default value is undef, meaning no quarantine)
$QUARANTINEDIR = '/var/virusmails';
#$virus_quarantine_method = "local:virus-%i-%n"; # default
#$spam_quarantine_method = "local:spam-%b-%i-%n"; # default
#use the new 'bsmtp:' method as an alternative to the default 'local:'
#$virus_quarantine_method = "bsmtp:$QUARANTINEDIR/virus-%i-%n.bsmtp";
#$spam_quarantine_method = "bsmtp:$QUARANTINEDIR/spam-%b-%i-%n.bsmtp";
# When using the 'local:' quarantine method (default), the following applies:
# A finer control of quarantining is available through variable
# $virus_quarantine_to/$spam_quarantine_to. It may be a simple scalar string,
# or a ref to a hash lookup table, or a regexp lookup table object,
# which makes possible to set up per-recipient quarantine addresses.
# The value of scalar $virus_quarantine_to/$spam_quarantine_to (or a
# per-recipient lookup result from the hash table %$virus_quarantine_to)
# is/are interpreted as follows:
# VARIANT 1:
# empty or undef disables quarantine;
# VARIANT 2:
# a string NOT containg an '@';
# amavisd will behave as a local delivery agent (LDA) and will quarantine
# viruses to local files according to hash %local_delivery_aliases (pseudo
# aliases map) - see subroutine mail_to_local_mailbox() for details.
# Some of the predefined aliases are 'virus-quarantine' and 'spam-quarantine'.
# Setting $virus_quarantine_to ($spam_quarantine_to) to this string will:
# * if $QUARANTINEDIR is a directory, each quarantined virus will go
# to a separate file in the $QUARANTINEDIR directory (traditional
# amavis style, similar to maildir mailbox format);
# * otherwise $QUARANTINEDIR is treated as a file name of a Unix-style
# mailbox. All quarantined messages will be appended to this file.
# Amavisd child process must obtain an exclusive lock on the file during
# delivery, so this may be less efficient than using individual files
# or forwarding to MTA, and it may not work across NFS or other non-local
# file systems (but may be handy for pickup of quarantined files via IMAP
# for example);
# VARIANT 3:
# any email address (must contain '@').
# The e-mail messages to be quarantined will be handed to MTA
# for delivery to the specified address. If a recipient address local to MTA
# is desired, you may leave the domain part empty, e.g. 'infected@', but the
# '@' character must nevertheless be included to distinguish it from variant 2.
# This method enables more refined delivery control made available by MTA
# (e.g. its aliases file, other local delivery agents, dealing with
# privileges and file locking when delivering to user's mailbox, nonlocal
# delivery and forwarding, fan-out lists). Make sure the mail-to-be-quarantined
# will not be handed back to amavisd for checking, as this will cause a loop
# (hopefully broken at some stage)! If this can be assured, notifications
# will benefit too from not being unecessarily virus-scanned.
# By default this is safe to do with Postfix and Exim v4 and dual-sendmail
# setup, but probably not safe with sendmail milter interface without
# precaution.
# (the default value is undef, meaning no quarantine)
#$virus_quarantine_to = '[email protected]'; # traditional local quarantine
#$virus_quarantine_to = 'infected@'; # forward to MTA for delivery
#$virus_quarantine_to = "virus-quarantine\@$mydomain"; # similar
#$virus_quarantine_to = '[email protected]'; # similar
#$virus_quarantine_to = undef; # no quarantine
#$virus_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^user@example\.com$'i => 'infected@'],
# [qr'^(.*)@example\.com$'i => 'virus-${1}@example.com'],
# [qr'^(.*)(@[^@])?$'i => 'virus-${1}${2}'],
# [qr/.*/ => 'virus-quarantine'] );
# similar for spam
# (the default value is undef, meaning no quarantine)
#$spam_quarantine_to = '[email protected]';
#$spam_quarantine_to = "spam-quarantine\@$mydomain";
#$spam_quarantine_to = new_RE( # per-recip multiple quarantines
# [qr'^(.*)@example\.com$'i => 'spam-${1}@example.com'],
# [qr/.*/ => 'spam-quarantine'] );
# In addition to per-recip quarantine, a by-sender lookup is possible. It is
# similar to $spam_quarantine_to, but the lookup key is the sender address:
#$spam_quarantine_bysender_to = undef; # dflt: no by-sender spam quarantine
# Add X-Virus-Scanned header field to mail?
$X_HEADER_TAG = 'X-Virus-Scanned'; # (default: undef)
# Leave empty to add no header field # (default: undef)
$X_HEADER_LINE = "by amavisd-new at $mydomain";
$remove_existing_x_scanned_headers = 0; # leave existing X-Virus-Scanned alone
#$remove_existing_x_scanned_headers= 1; # remove existing headers
# (defaults to false)
$remove_existing_spam_headers = 0; # leave existing X-Spam* headers alone
#$remove_existing_spam_headers = 1; # remove existing spam headers if
# spam scanning is enabled (default)
# set $bypass_decode_parts to true if you only do spam scanning, or if you
# have a good virus scanner that can deal with compression and recursively
# unpacking archives by itself, and save amavisd the trouble.
# Disabling decoding also causes banned_files checking to only see
# MIME names and MIME content types, not the content classification types
# as provided by the file(1) utility.
# It is a double-edged sword, make sure you know what you are doing!
#$bypass_decode_parts = 1; # (defaults to false)
# don't trust this file type or corresponding unpacker for this file type,
# keep both the original and the unpacked file
# (lookup key is what file(1) utility returned):
$keep_decoded_original_re = new_RE(
qr'^(ASCII|text|uuencoded|xxencoded|binhex)'i,
# Checking for banned MIME types and names. If any mail part matches,
# the whole mail is rejected, much like the way viruses are handled.
# A list in object $banned_filename_re can be defined to provide a list
# of Perl regular expressions to be matched against each part's:
# * Content-Type value (both declared and effective mime-type),
# including the possible security risk content types
# message/partial and message/external-body, as specified by rfc2046;
# * declared (recommended) file names as specified by MIME subfields
# Content-Disposition.filename and Content-Type.name, both in their
# raw (encoded) form and in rfc2047-decoded form if applicable;
# * file content type as guessed by 'file(1)' utility, both the raw result
# from file(1), as well as short type name, classified into names such as
# .asc, .txt, .html, .doc, .jpg, .pdf, .zip, .exe, ..., which is always
# beginning with a dot - see subroutine determine_file_types().
# This step is done only if $bypass_decode_parts is not true.
# * leave $banned_filename_re undefined to disable these checks
# (giving an empty list to new_RE() will also always return false)
$banned_filename_re = new_RE(
qr'\.[a-zA-Z][a-zA-Z0-9]{0,3}\.(vbs|pif|scr|bat|com|exe|dll)$'i, # double extension
# qr'.\.(exe|vbs|pif|scr|bat|com)$'i, # banned extension - basic
# qr'.\.(ade|adp|bas|bat|chm|cmd|com|cpl|crt|exe|hlp|hta|inf|ins|isp|js|
# jse|lnk|mdb|mde|msc|msi|msp|mst|pcd|pif|reg|scr|sct|shs|shb|vb|
# vbe|vbs|wsc|wsf|wsh)$'ix, # banned extension - long
# qr'^\.(exe|zip|lha|tnef)$'i, # banned file(1) types
# qr'^application/x-msdownload$'i, # banned MIME types
# qr'^message/partial$'i, qr'^message/external-body$'i, # rfc2046
# See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q262631
# and http://www.cknow.com/vtutor/vtextensions.htm
# A little trick: a pattern qr'\.exe$' matches both a short type name '.exe',
# as well as any file name which happens to end with .exe. If only matching
# a file name is desired, but not the short name, a pattern qr'.\.exe$'i
# or similar may be used, which requires that at least one character preceeds
# the '.exe', and so it will never match short file types, which always start
# with a dot.
# Section V - Per-recipient and per-sender handling, whitelisting, etc.
# %virus_lovers, @virus_lovers_acl and $virus_lovers_re lookup tables:
# (these should be considered policy options, they do not disable checks,
# see bypas*checks for that!)
# Exclude certain RECIPIENTS from virus filtering by adding their lower-cased
# envelope e-mail address (or domain only) to the hash %virus_lovers, or to
# the access list @virus_lovers_acl - see README.lookups and examples.
# Make sure the appropriate form (e.g. external/internal) of address
# is used in case of virtual domains, or when mapping external to internal
# addresses, etc. - this is MTA-specific.
# Notifications would still be generated however (see the overall
# picture above), and infected mail (if passed) gets additional header:
# X-AMaViS-Alert: INFECTED, message contains virus: ...
# (header not inserted with milter interface!)
# NOTE (milter interface only): in case of multiple recipients,
# it is only possible to drop or accept the message in its entirety - for all
# recipients. If all of them are virus lovers, we'll accept mail, but if
# at least one recipient is not a virus lover, we'll discard the message.
# %bypass_virus_checks, @bypass_virus_checks_acl and $bypass_virus_checks_re
# lookup tables:
# (this is mainly a time-saving option, unlike virus_lovers* !)
# Similar in concept to %virus_lovers, a hash %bypass_virus_checks,
# access list @bypass_virus_checks_acl and regexp list $bypass_virus_checks_re
# are used to skip entirely the decoding, unpacking and virus checking,
# but only if ALL recipients match the lookup.
# %bypass_virus_checks/@bypass_virus_checks_acl/$bypass_virus_checks_re
# do NOT GUARANTEE the message will NOT be checked for viruses - this may
# still happen when there is more than one recipient for a message, and
# not all of them match these lookup tables. To guarantee virus delivery,
# a recipient must also match %virus_lovers/@virus_lovers_acl lookups
# (but see milter limitations above),
# NOTE: it would not be clever to base virus checks on SENDER address,
# since there are no guarantees that it is genuine. Many viruses
# and spam messages fake sender address. To achieve selective filtering
# based on the source of the mail (e.g. IP address, MTA port number, ...),
# use mechanisms provided by MTA if available.
# Similar to lookup tables controlling virus checking, there exist
# spam scanning, banned names/types, and headers_checks control counterparts:
# %spam_lovers, @spam_lovers_acl, $spam_lovers_re
# %banned_files_lovers, @banned_files_lovers_acl, $banned_files_lovers_re
# %bad_header_lovers, @bad_header_lovers_acl, $bad_header_lovers_re
# and:
# %bypass_spam_checks/@bypass_spam_checks_acl/$bypass_spam_checks_re
# %bypass_banned_checks/@bypass_banned_checks_acl/$bypass_banned_checks_re
# %bypass_header_checks/@bypass_header_checks_acl/$bypass_header_checks_re
# See README.lookups for details about the syntax.
# The following example disables spam checking altogether,
# since it matches any recipient e-mail address (any address
# is a subdomain of the top-level root DNS domain):
# @bypass_spam_checks_acl = qw( . );
# @bypass_header_checks_acl = qw( [email protected] );
# @bad_header_lovers_acl = qw( [email protected] );
# See README.lookups for further detail, and examples below.
# $virus_lovers{lc("postmaster\@$mydomain")} = 1;
# $virus_lovers{lc('[email protected]')} = 1;
# $virus_lovers{lc('[email protected]')} = 1;
# $virus_lovers{lc('some.user@')} = 1; # this recipient, regardless of domain
# $virus_lovers{lc('[email protected]')} = 0; # never, even if domain matches
# $virus_lovers{lc('example.com')} = 1; # this domain, but not its subdomains
# $virus_lovers{lc('.example.com')}= 1; # this domain, including its subdomains
#or:
# @virus_lovers_acl = qw( [email protected] !lab.xxx.com .xxx.com yyy.org );
# $bypass_virus_checks{lc('[email protected]')} = 1;
# @bypass_virus_checks_acl = qw( some.ddd !butnot.example.com .example.com );
# @virus_lovers_acl = qw( [email protected] );
# $virus_lovers_re = new_RE( qr'(helpdesk|postmaster)@example\.com$'i );
# $spam_lovers{lc("postmaster\@$mydomain")} = 1;
# $spam_lovers{lc('[email protected]')} = 1;
# $spam_lovers{lc('[email protected]')} = 1;
# @spam_lovers_acl = qw( !.example.com );
# $spam_lovers_re = new_RE( qr'^user@example\.com$'i );
# don't run spam check for these RECIPIENT domains:
# @bypass_spam_checks_acl = qw( d1.com .d2.com a.d3.com );
# or the other way around (bypass check for all BUT these):
# @bypass_spam_checks_acl = qw( !d1.com !.d2.com !a.d3.com . );
# a practical application: don't check outgoing mail for spam:
# @bypass_spam_checks_acl = ( "!.$mydomain", "." );
# (a downside of which is that such mail will not count as ham in SA bayes db)
# Where to find SQL server(s) and database to support SQL lookups?
# A list of triples: (dsn,user,passw). (dsn = data source name)
# Specify more than one for multiple (backup) SQL servers.
# See 'man DBI', 'man DBD::mysql', 'DBD::Pg', ... for details.
# @lookup_sql_dsn =
# ( ['DBI:mysql:mail:host1', 'some-username1', 'some-password1'],
# ['DBI:mysql:mail:host2', 'some-username2', 'some-password2'] );
# ('mail' in the example is the database name, choose what you like)
# With PostgreSQL the dsn (first element of the triple) may look like:
# 'DBI:Pg:host=host1;dbname=mail'
# The SQL select clause to fetch per-recipient policy settings.
# The %k will be replaced by a comma-separated list of query addresses
# (e.g. full address, domain only, catchall). Use ORDER, if there
# is a chance that multiple records will match - the first match wins.
# If field names are not unique (e.g. 'id'), the later field overwrites the
# earlier in a hash returned by lookup, which is why we use '*,users.id'.
# No need to uncomment the following assignment if the default is ok.
# $sql_select_policy = 'SELECT *,users.id FROM users,policy'.
# ' WHERE (users.policy_id=policy.id) AND (users.email IN (%k))'.
# ' ORDER BY users.priority DESC';
# The SQL select clause to check sender in per-recipient whitelist/blacklist
# The first SELECT argument '?' will be users.id from recipient SQL lookup,
# the %k will be sender addresses (e.g. full address, domain only, catchall).
# The default value is:
# $sql_select_white_black_list = 'SELECT wb FROM wblist,mailaddr'.
# ' WHERE (rid=?) AND (sid=mailaddr.id) AND (mailaddr.email IN (%k))'.
# ' ORDER BY mailaddr.priority DESC';
# To disable SQL white/black list, set to undef (otherwise comment-out
# the following statement, leaving it at the default value):
$sql_select_white_black_list = undef; # undef disables SQL white/blacklisting
# If you decide to pass viruses (or spam) to certain recipients using the
# above lookup tables or using $final_virus_destiny=1, you can set
# the variable $addr_extension_virus ($addr_extension_spam) to some
# string, and the recipient address will have this string appended
# as an address extension to the local-part of the address. This extension
# can be used by final local delivery agent to place such mail in different
# folders. Leave these two variables undefined or empty strings to prevent
# appending address extensions. Setting has no effect on recipient which will
# not be receiving viruses/spam. Recipients who do not match lookup tables
# local_domains* are not affected.
# LDAs usually default to stripping away address extension if no special
# handling is specified, so having this option enabled normally does no harm,
# provided the $recipients_delimiter matches the setting on the final
# MTA's LDA.
# $addr_extension_virus = 'virus'; # (default is undef, same as empty)
# $addr_extension_spam = 'spam'; # (default is undef, same as empty)
# $addr_extension_banned = 'banned'; # (default is undef, same as empty)
# Delimiter between local part of the recipient address and address extension
# (which can optionally be added, see variables $addr_extension_virus and
# $addr_extension_spam). E.g. recipient address <[email protected]> gets changed
# to <[email protected]>.
# Delimiter should match equivalent (final) MTA delimiter setting.
# (e.g. for Postfix add 'recipient_delimiter = +' to main.cf)
# Setting it to an empty string or to undef disables this feature
# regardless of $addr_extension_virus and $addr_extension_spam settings.
$recipient_delimiter = '+'; # (default is '+')
# true: replace extension; false: append extension
# $replace_existing_extension = 1; # (default is false)
# Affects matching of localpart of e-mail addresses (left of '@')
# in lookups: true = case sensitive, false = case insensitive
$localpart_is_case_sensitive = 0; # (default is false)
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - GLOBAL (RECIPIENT-INDEPENDENT)
# WHITELISTING: use ENVELOPE SENDER lookups to ENSURE DELIVERY from whitelisted
# senders even if the message is recognized as spam. Effectively, for the
# specified senders, message RECIPIENTS temporarily become 'spam_lovers', with
# further processing being the same as otherwise specified for spam lovers.
# It does not turn off inserting spam-related headers, if they are enabled.
# BLACKLISTING: messages from specified SENDERS are DECLARED SPAM.
# Effectively, for messages from blacklisted senders, spam level
# is artificially pushed high, and the normal spam processing applies,
# resulting in 'X-Spam-Flag: YES', high 'X-Spam-Level' bar and other usual
# reactions to spam, including possible rejection. If the message nevertheless
# still passes (e.g. for spam loving recipients), it is tagged as BLACKLISTED
# in the 'X-Spam-Status' header field, but the reported spam value and
# set of tests in this report header field (if available from SpamAssassin,
# which may have not been called) is not adjusted.
# A sender may be both white- and blacklisted at the same time,
# settings are independent. For example, being both white- and blacklisted,
# message is delivered to recipients, but is tagged as spam.
# If ALL recipients of the message either white- or blacklist the sender,
# spam scanning (calling the SpamAssassin) is bypassed, saving on time.
# The following variables (lookup tables) are available, with the semantics
# and syntax as specified in README.lookups:
# %whitelist_sender, @whitelist_sender_acl, $whitelist_sender_re
# %blacklist_sender, @blacklist_sender_acl, $blacklist_sender_re
# SOME EXAMPLES:
#ACL:
# @whitelist_sender_acl = qw( .example.com );
# @whitelist_sender_acl = ( ".$mydomain" ); # $mydomain and its subdomains
# NOTE: This is not a reliable way of turning off spam checks for
# locally-originating mail, as sender address can easily be faked.
# To reliably avoid spam-scanning outgoing mail,
# use @bypass_spam_checks_acl .
#RE:
# $whitelist_sender_re = new_RE(
# qr'^postmaster@.*\bexample\.com$'i,
# qr'^owner-[^@]*@'i, qr'-request@'i,
# qr'\.example\.com$'i );
$blacklist_sender_re = new_RE(
qr'^(bulkmail|offers|cheapbenefits|earnmoney|foryou|greatcasino)@'i,
qr'^(investments|lose_weight_today|market.alert|money2you|MyGreenCard)@'i,
qr'^(new\.tld\.registry|opt-out|opt-in|optin|saveonlsmoking2002k)@'i,
qr'^(specialoffer|specialoffers|stockalert|stopsnoring|wantsome)@'i,
qr'^(workathome|yesitsfree|your_friend|greatoffers)@'i,
qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i,
#HASH lookup variant:
# NOTE: Perl operator qw splits its argument string by whitespace
# and produces a list. This means that addresses can not contain
# whitespace, and there is no provision for comments within the string.
# You can use the normal Perl list syntax if you have special requirements,
# e.g. map {...} ('one user@bla', '.second.com'), or use read_hash to read
# addresses from a file.
# a hash lookup table can be read from a file,
# one address per line, comments and empty lines are permitted:
# read_hash(\%whitelist_sender, '/var/amavis/whitelist_sender');
# ... or set directly:
# $whitelist_sender{''} = 1; # don't spam-check MTA bounces
map { $whitelist_sender{lc($_)}=1 } (qw(
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
returns.groups.yahoo.com
# ENVELOPE SENDER WHITELISTING / BLACKLISTING - PER-RECIPIENT
# The same semantics as for global white/blacklisting applies, but this
# time each recipient (or its domain, or subdomain, ...) can be given
# an individual lookup table for matching senders. The per-recipient lookups
# override the global lookups, which serve as a fallback default.
# Specify a two-level lookup table: the key for the outer table is recipient,
# and the result should be an inner lookup table (hash or ACL or RE),
# where the key used will be the sender.
#$per_recip_blacklist_sender_lookup_tables = {
# '[email protected]'=>new_RE(qr'^(inkjetplanet|marketopt|MakeMoney)\d*@'i),
# '[email protected]'=>[qw( [email protected],org .d2.example,org )],
#$per_recip_whitelist_sender_lookup_tables = {
# '[email protected]' => [qw( [email protected] .other.example.org )],
# '.my1.example.com' => [qw( !foe.other.example,org .other.example,org )],
# '.my2.example.com' => read_hash('/var/amavis/my2-wl.dat'),
# 'abuse@' => { 'postmaster@'=>1,
# '[email protected]'=>1, '[email protected]'=>1 },
# Section VI - Resource limits
# Sanity limit to the number of allowed recipients per SMTP transaction
# $smtpd_recipient_limit = 1000; # (default is 1000)
# Resource limitations to protect against mail bombs (e.g. 42.zip)
# Maximum recursion level for extraction/decoding (0 or undef disables limit)
$MAXLEVELS = 14; # (default is undef, no limit)
# Maximum number of extracted files (0 or undef disables the limit)
$MAXFILES = 1500; # (default is undef, no limit)
# For the cumulative total of all decoded mail parts we set max storage size
# to defend against mail bombs. Even though parts may be deleted (replaced
# by decoded text) during decoding, the size they occupied is _not_ returned
# to the quota pool.
# Parameters to storage quota formula for unpacking/decoding/decompressing
# Formula:
# quota = max($MIN_EXPANSION_QUOTA,
# $mail_size*$MIN_EXPANSION_FACTOR,
# min($MAX_EXPANSION_QUOTA, $mail_size*$MAX_EXPANSION_FACTOR))
# In plain words (later condition overrules previous ones):
# allow MAX_EXPANSION_FACTOR times initial mail size,
# but not more than MAX_EXPANSION_QUOTA,
# but not less than MIN_EXPANSION_FACTOR times initial mail size,
# but never less than MIN_EXPANSION_QUOTA
$MIN_EXPANSION_QUOTA = 100*1024; # bytes (default undef, not enforced)
$MAX_EXPANSION_QUOTA = 300*1024*1024; # bytes (default undef, not enforced)
$MIN_EXPANSION_FACTOR = 5; # times original mail size (must be specified)
$MAX_EXPANSION_FACTOR = 500; # times original mail size (must be specified)
# Section VII - External programs, virus scanners
# Specify a path string, which is a colon-separated string of directories
# (no trailing slashes!) to be assigned to the environment variable PATH
# and to serve for locating external programs below.
# NOTE: if $daemon_chroot_dir is nonempty, the directories will be
# relative to the chroot directory specified;
$path = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/sbin:/usr/bin:/bin';
# Specify one string or a search list of strings (first match wins).
# The string (or: each string in a list) may be an absolute path,
# or just a program name, to be located via $path;
# Empty string or undef (=default) disables the use of that external program.
# Optionally command arguments may be specified - only the first substring
# up to the whitespace is used for file searching.
$file = 'file'; # file(1) utility; use 3.41 or later to avoid vulnerability
$gzip = 'gzip';
$bzip2 = 'bzip2';
$lzop = 'lzop';
$uncompress = ['uncompress', 'gzip -d', 'zcat'];
$unfreeze = ['unfreeze', 'freeze -d', 'melt', 'fcat'];
$arc = ['nomarch', 'arc'];
$unarj = ['arj', 'unarj']; # both can extract, same options
$unrar = ['rar', 'unrar']; # both can extract, same options
$zoo = 'zoo';
$lha = 'lha';
$cpio = 'cpio';
# SpamAssassin settings
# $sa_local_tests_only is passed to Mail::SpamAssassin::new as a value
# of the option local_tests_only. See Mail::SpamAssassin man page.
# If set to 1, no tests that require internet access will be performed.
$sa_local_tests_only = 1; # (default: false)
#$sa_auto_whitelist = 1; # turn on AWL (default: false)
$sa_mail_body_size_limit = 64*1024; # don't waste time on SA if mail is larger
# (less than 1% of spam is > 64k)
# default: undef, no limitations
# default values, can be overridden by more specific lookups, e.g. SQL
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 3.0; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 22.0;
#$sa_kill_level_deflt = $sa_tag2_level_deflt; # triggers spam evasive actions
# at or above that level: bounce/reject/drop,
# quarantine, and adding mail address extension
# The $sa_tag_level_deflt, $sa_tag2_level_deflt and $sa_kill_level_deflt
# may also be hashrefs to hash lookup tables, to make static per-recipient
# settings possible without having to resort to SQL or LDAP lookups.
# a quick reference:
# tag_level controls adding the X-Spam-Status and X-Spam-Level headers,
# tag2_level controls adding 'X-Spam-Flag: YES', and editing Subject,
# kill_level controls 'evasive actions' (reject, quarantine, extensions);
# it only makes sense to maintain the relationship:
# tag_level <= tag2_level <= kill_level
# string to prepend to Subject header field when message exceeds tag2 level
$sa_spam_subject_tag = '*** JUNK MAIL ***'; # (defaults to undef, disables)
# (only seen when spam is not to be rejected
# and recipient is in local_domains*)
$sa_spam_modifies_subj = 1; # may be a ref to a lookup table, default is true
# Example: modify Subject for all local recipients except [email protected]
#$sa_spam_modifies_subj = [qw( [email protected] . )];
# @av_scanners is a list of n-tuples, where fields semantics is:
# 1. av scanner plain name, to be used in log and reports;
# 2. scanner program name; this string will be submitted to subroutine
# find_external_programs(), which will try to find the full program
# path name; if program is not found, this scanner is disabled.
# Besides a simple string (full program path name or just the basename
# to be looked for in PATH), this may be an array ref of alternative
# program names or full paths - the first match in the list will be used;
# As a special case for more complex scanners, this field may be
# a subroutine reference, and the whole n-tuple is passed to it as args.
# 3. command arguments to be given to the scanner program;
# a substring {} will be replaced by the directory name to be scanned,
# i.e. "$tempdir/parts"
# 4. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating NO VIRUSES found;
# 5. an array ref of av scanner exit status values, or a regexp (to be
# matched against scanner output), indicating VIRUSES WERE FOUND;
# Note: the virus match prevails over a 'not found' match, so it is safe
# even if 4. matches for viruses too;
# 6. a regexp (to be matched against scanner output), returning a list
# of virus names found.
# 7. and 8.: (optional) subroutines to be executed before and after scanner
# (e.g. to set environment or current directory);
# see examples for these at KasperskyLab AVP and Sophos sweep.
# NOTES:
# - NOT DEFINING @av_scanners (e.g. setting it to empty list, or deleting the
# whole assignment) TURNS OFF LOADING AND COMPILING OF THE ANTIVIRUS CODE
# (which can be handy if all you want to do is spam scanning);
# - the order matters: although _all_ available entries from the list are
# always tried regardless of their verdict, scanners are run in the order
# specified: the report from the first one detecting a virus will be used
# (providing virus names and scanner output); REARRANGE THE ORDER TO WILL;
# - it doesn't hurt to keep an unused command line scanner entry in the list
# if the program can not be found; the path search is only performed once
# during the program startup;
# CORROLARY: to disable a scanner that _does_ exist on your system,
# comment out its entry or use undef or '' as its program name/path
# (second parameter). An example where this is almost a must: disable
# Sophos 'sweep' if you have its daemonized version Sophie or SAVI-Perl
# (same for Trophie/vscan, and clamd/clamscan), or if another unrelated
# program happens to have a name matching one of the entries ('sweep'
# again comes to mind);
# - it DOES HURT to keep unwanted entries which use INTERNAL SUBROUTINES
# for interfacing (where the second parameter starts with \&).
# Keeping such entry and not having a corresponding virus scanner daemon
# causes an unnecessary connection attempt (which eventually times out,
# but it wastes precious time). For this reason the daemonized entries
# are commented in the distribution - just remove the '#' where needed.
@av_scanners = (
# ### http://www.vanja.com/tools/sophie/
# ['Sophie',
# \&ask_daemon, ["{}/\n", '/var/run/sophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],
# ### http://clamav.elektrapro.com/
# ['Clam Antivirus-clamd',
# \&ask_daemon, ["CONTSCAN {}\n", '/var/amavis/clamd'],
# qr/\bOK$/, qr/\bFOUND$/,
# qr/^.*?: (?!Infected Archive)(.*) FOUND$/ ],
# # NOTE: run clamd under the same user as amavisd,
# # match the socket name in clamav.conf to the socket name in this entry
# ### http://www.openantivirus.org/
# ['OpenAntiVirus ScannerDaemon (OAV)',
# \&ask_daemon, ["SCAN {}\n", '127.0.0.1:8127'],
# qr/^OK/, qr/^FOUND: /, qr/^FOUND: (.+)/ ],
# ### http://www.vanja.com/tools/trophie/
# ['Trophie',
# \&ask_daemon, ["{}/\n", '/var/run/trophie'],
# qr/(?x)^ 0+ ( : | [\000\r\n]* $)/, qr/(?x)^ 1 ( : | [\000\r\n]* $)/,
# qr/(?x)^ [-+]? \d+ : (.*?) [\000\r\n]* $/ ],
# ### http://www.f-prot.com/
# ['FRISK F-Prot Daemon',
# \&ask_daemon,
# ["GET {}/*?-dumb%20-archive HTTP/1.0\r\n\r\n",
# ['127.0.0.1:10200','127.0.0.1:10201','127.0.0.1:10202',
# '127.0.0.1:10203','127.0.0.1:10204'] ],
# qr/(?i)<summary[^>]*>clean<\/summary>/,
# qr/(?i)<summary[^>]*>infected<\/summary>/,
# qr/(?i)<name>(.+)<\/name>/ ],
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp','kavscanner'],
"-* -P -B -Y -O- {}", [0,3,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
'{}', [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/ ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-I0 -Y -* /var/amavis"
# adjusting /var/amavis above to match your $TEMPBASE.
# NOTE: cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
### http://www.hbedv.com/ or http://www.centralcommand.com/
['H+BEDV AntiVir or CentralCommand Vexira Antivirus',
['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/ ],
# NOTE: remove the -z if you only have a demo version
### http://www.commandsoftware.com/
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/ ],
### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
['cscmdline','savsecls'],
'-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/Files Infected: 0/, qr/^Infected: /,
qr/Info:\s+(.+)/ ],
### http://drweb.imshop.de/
['DrWeb Antivirus for Linux/FreeBSD/Solaris', 'drweb',
'-al -ar -fm -go -ha -ml -ot -sd -up {}',
[0], [1], sub {('no-name')} ],
### http://www.f-secure.com/products/anti-virus/
['F-Secure Antivirus', 'fsav',
'--dumb --archive {}', [0], [3,8],
qr/(?:infection|Infected): (.+)/ ],
['CAI InoculateIT', 'inocucmd',
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/ ],
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/ ],
['MkS_Vir daemon',
'mksscan', '-s -q {}', [0], [1..7],
qr/^... (\S+)/ ],
### http://www.nod32.com/
['ESET Software NOD32', 'nod32',
'-all -subdir+ {}', [0], [1,2],
qr/^.+? - (.+?)\s*(?:backdoor|joke|trojan|virus|worm)/ ],
### http://www.nod32.com/
['ESET Software NOD32 - Client/Server Version', 'nod32cli',
'-a -r -d recurse --heur standard {}', [0], [10,11],
qr/^\S+\s+infected:\s+(.+)/ ],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvccmd',
'-c -l:0 -s -u {}', [0], [1],
qr/(?i).* virus in .* -> \'(.+)\'/ ],
### http://www.pandasoftware.com/
['Panda Antivirus for Linux', ['pavcl','pavc'],
'-aut -aex -heu -cmp -nor -nso -eng {}',
qr/Number of files infected\.*: 0(?!\d)/,
qr/Number of files infected\.*: 0*[1-9]/,
qr/Found virus :\s*(\S+)/ ],
# Check your RAV license terms before fiddling with the following two lines!
# ['GeCAD RAV AntiVirus 8', 'ravav',
# '--all --archive --mail {}', [1], [2,3,4,

You are welcome. I'm glad you got it back up.
(1) You say you did the symbolic link. I will assume this is set correctly; it's very important that it is.
(2) I don't know what you mean by "Been feeding the [email protected] for several weeks now, 700 emails each day at least." After the initial training period, SpamAssassin doesn't learn from mail it has already processed correctly. At this point, you only need to teach SpamAssassin when it is wrong. [email protected] should only be getting spam that is being passed as clean. Likewise, [email protected] should only be getting legitimate mail that is being flagged as junk. You are redirecting mail to both [email protected] and [email protected] ... right? SpamAssassin needs both.
(3) Next, as I said before, you need to implement those "Frontline spam defense for Mac OS X Server." Once you have that done and issue "postfix reload" you can look at your SMTP log in Server Admin and watch as Postfix blocks one piece of junk mail after another. It's kind of cool.
(4) Add some SARE rules:
Visit http://www.rulesemporium.com/rules.htm and download the following rules:
70sareadult.cf
70saregenlsubj0.cf
70sareheader0.cf
70sarehtml0.cf
70sareobfu0.cf
70sareoem.cf
70sarespoof.cf
70sarestocks.cf
70sareunsub.cf
72sare_redirectpost
Visit http://www.rulesemporium.com/other-rules.htm and download the following rules:
backhair.cf
bogus-virus-warnings.cf
chickenpox.cf
weeds.cf
Copy these rules to /etc/mail/spamassassin/
Then stop and restart mail services.
There are other things you can do, and you'll find differing opinions about such things. In general, I think implementing the "Frontline spam defense for Mac OS X Server" and adding the SARE rules will help a lot. Good luck!

Agent (10.2.0.5.0) on OEL is running, upload is not working

Hello,
I am installing boot/stage server for provisioning on Oracle Enterprise Linux, so I need to install Management Agent.
Agent is installed and running. But upload XML files is not working (last successful heartbeat to OMS: unknown).
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Agent Version : 10.2.0.5.0
OMS Version : 10.2.0.5.0
Protocol Version : 10.2.0.5.0
Agent Home : /home/oracle/OracleHomes/agent10g
Agent binaries : /home/oracle/OracleHomes/agent10g
Agent Process ID : 3141
Parent Process ID : 3122
Agent URL : https://localhost.localdomain:3872/emd/main/
Repository URL : https://xxx.xx.xx:1159/em/upload
Started at : 2009-12-10 11:00:13
Started by user : oracle
Last Reload : 2009-12-10 11:00:13
Last successful upload : (none)
Last attempted upload : (none)
Total Megabytes of XML files uploaded so far : 0.00
Number of XML files pending upload : 123
Size of XML files pending upload(MB) : 3.37
Available disk space on upload filesystem : 71.78%
Last attempted heartbeat to OMS : 2009-12-10 11:44:05
Last successful heartbeat to OMS : unknown
Agent is Running and Ready
When issuing emctl upload agent receiving error:
EMD upload error: uploadXMLFiles skipped :: OMS version not checked yet..
When trying to secure, everything is fine:
Enter Agent Registration Password Agent successfully restarted... Done. Securing agent... Successful.
When trying to unsecure then getting:
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Checking Agent for HTTP... Done.
Agent successfully stopped... Done.
Unsecuring agent... Started.
OMS Upload URL - http://xxx.xx.xx:4889/em/upload/ is locked or unavailable.
Unsecuring Agent... Failed.
Agent successfully restarted... Done.
when trying to connect with telnet:
Trying 192.168.8.59...
Connected to xxx.xx.xx (192.168.8.59).
Escape character is '^]'.
then issued
^]
and received:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>501 Method Not Implemented</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
^] to /index.html not supported.<P>
Invalid method in request ^]<P>
<HR>
<ADDRESS>Oracle-Application-Server-10g/10.1.2.2.0 Oracle-HTTP-Server Server at xxx.xx.xx Port 4889</ADDRESS>
</BODY></HTML>
Connection closed by foreign host.
And sample of emagent.trc imho regarding this situation:
2009-12-10 11:00:13,661 Thread-1173184 ERROR pingManager: nmepm_pingReposURL: Did not receive a response header from repository
Help needed! What should I check? I am very new to Linux, maybe I missed something?
Waiting for any response,
Best regards,
Nikolajus
Edited by: Nikolajus on Dec 10, 2009 6:48 AM

Thanks for answering, Rob
My activity was:
On OMS:
[oracle@gc bin]$ ./emctl secure unlock
Oracle Enterprise Manager 10g Release 5 Grid Control
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
OMS Console is unlocked. HTTP ports too can be used to access console.
Agent Upload is unlocked. Unsecure Agents may upload over HTTP.
Then on boot_test:
./emctl unsecure agent (all completed without errors)
Then:
./emctl secure agent
Securing agent... Successful.
Then back to OMS:
[oracle@gc bin]$ ./emctl secure lock
Oracle Enterprise Manager 10g Release 5 Grid Control
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
OMS Console is locked. Access the console over HTTPS ports.
Agent Upload is locked. Agents must be secure and upload over HTTPS port.
Then on boot_test:
[oracle@boot_test bin]$ ./emctl stop agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Stopping agent ... stopped.
[oracle@boot_test bin]$ ./emctl start agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Starting agent ..... started.
[oracle@boot_test bin]$ ./emctl clearstate agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
EMD clearstate completed successfully
[oracle@boot_test bin]$ ./emctl upload agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
EMD upload error: uploadXMLFiles skipped :: OMS version not checked yet..
And the status is:
[oracle@boot_test bin]$ ./emctl status agent
Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0.
Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved.
Agent Version : 10.2.0.5.0
OMS Version : 10.2.0.5.0
Protocol Version : 10.2.0.5.0
Agent Home : /home/oracle/OracleHomes/agent10g
Agent binaries : /home/oracle/OracleHomes/agent10g
Agent Process ID : 29610
Parent Process ID : 29594
Agent URL : https://localhost.localdomain:3872/emd/main/
Repository URL : https://xxx.xx.xx:1159/em/upload
Started at : 2009-12-11 09:42:54
Started by user : oracle
Last Reload : 2009-12-11 09:42:54
Last successful upload : (none)
Last attempted upload : (none)
Total Megabytes of XML files uploaded so far : 0.00
Number of XML files pending upload : 78
Size of XML files pending upload(MB) : 3.84
Available disk space on upload filesystem : 71.95%
Last attempted heartbeat to OMS : 2009-12-11 09:51:01
Last successful heartbeat to OMS : unknown
Agent is Running and Ready
So, it seems nothing changed. Am I missing something? Waiting for any help!
Best regards,
Nikolajus

Self Registration and Attestation is not working in OIM 9.1.0.4

Hi,
i have setup a new OIM environment using OC4J. I am able to create users and provision IT resource but self registration and attestation is not working. not sure it is OC4J issue or OIM issue. For self registration it says request is submitted but when I login as xelsysadm and dlon't see any pending request and same thing happens for attestation. It dowsn't display any error but never gets completed and don't see this also in pending request list. If anybody has idea to debug the issue then let me know and thanks for help.
Thanks,
HC

As per given bug it is looking for jars which is missing
have you install connector using deployment manager?? if yes it copy required jars at target location. verify if not there copy jars in Scheduled Task folder.
Check the document if any external jars required and same put at ThirdParty folder

SPA112 Provisioning - not working...

Similar Messages

Maybe you are looking for