Spam filters in DMZ and Multiple Gateways

Similar Messages

• MomCertImport and multiple certificates

  I cannot find this information anywhere on the net. Here is the scenario.
  I have a fully deployed SCOM 2012 environment and multiple gateway servers that are functioning without any issues. Agents in the untrusted domains are reporting to the gateway servers as designed. The mutual authentication is working as designed as the
  certs use the same trusted Root Certificate Authority.
  Here is my question:
  I want to add another gateway server for a DMZ that doesnt use the same trusted Root Certificate Authority. In my lab I run the MomCertImport.exe on the gateway server. This works fine but when i run the MomCertImport.exe on the management server it replaces
  the current certificate int he registry which in turns breaks the other gateways. 
  What is the best supported approach to resolve this? Standing up more servers? Is this documented anywhere?

  I believe both the management server and gateway need to trust the same CA. However, theoretically, if these can both "see" each CA, you should be able to import the root ca chain on both machines and everything should pan out ok. If they cannot
  both see each CA, then I think you're out of luck - unless you opt for a internet trusted root ca, and that costs $.
  Jonathan Almquist | SCOMskills, LLC (http://scomskills.com)

• Excessive SPAM even with SPAM Filtering configured

  SPAM Filtering is configured and is checking email, however, its not catching SPAM email messages. The header on a sample message came in with SCL:0 and PCL:2. The AntispamReport says SenderIDStatus None. But its SPAM. Wondering if recently others are
  experiencing a lot of SPAM and how can the filters in Exchange be configured tighter but not block good email.

  Well, you can consider moving to some dedicated SPAM filtering solutions like Exchange Online Protection.
  http://technet.microsoft.com/en-us/library/jj723137(v=exchg.150).aspx
  OM (MCITP) | Blog

• Spam filtering solution for iPhone and a question.

  I've read a lot of posts about spam filtering for the iPhone and have yet another solution and a question. I use SpamSieve and I am not affiliated with them in any way. The nice thing about SpamSieve is that if it is the first rule in your Mail.app rule set any mail that follows has already been filtered. All you need to do then is create another rule that redirects email to what ever mail account you choose. Since my ISP allows multiple accounts, I will simply create an iPhone@myISP account.
  Now the question. Is it possible to write an applescript that will turn the redirect rule on or off so that I don't have to dig into the rules section of Mail to get this done?
  Thanks

  Is it possible to write an applescript that will turn the redirect rule on or off so that I don't have to dig into the rules section of Mail to get this done?
  not at present time

• Upgraded to 10.7.5, and my spam filtering doesn't appear to work well in Mail

  Sometimes it will put the spam in the Spam folder, and sometimes it won't.   Is there any way to force it to always put spam in the spam folder automatically?
  Is 10.8.5 or higher any better at spam filtering than 10.7.5?
  Yes, I have 10.9.2 on one machine, but have not had a chance to upgrade all the machines.

  It is desperately critical to delete all existing PSE preferences when you upgrade OS X. How did you do the upgrade? Did you just install it over your previous system, or did you do an erase install and then migrate back your programs and data?

• Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

  Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

  David,
  We've used Resonate (software) to load balance the gateways. It allows
  you to group all the gateways under 1 virtual URL and load balance the
  incoming connections over each gateway depending on the rules that you
  define in Resonate. Look in the SUN portal whitepapers there is one that
  talks about it specifically.
  As far as load balancing the calls to the portals, the gateways will
  automatically load balance across all the portals that they know about
  using a simple round-robin rotation. You may be able to use Resonate in
  front of the portals but you may need to activate persistance within
  Resonate to ensure that the user always ends up on the portal that he
  established his initial connection on (if you want that), check with Sun
  on this one.
  David Broeren wrote:
  Recommended configuration for load balanced Portal with load balancer,
  multiple gateways and multiple servers.
  Does anyone have a recommended network, hardware and software
  configuration guide for a Portal installation running with multiple
  gateways load balanced (ie one URL) that talk to multiple servers?
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• How do I make a wild card for spam filters

  I get a lot of spam and I am trying to create one daily filter to catch the domains that use multiple prefixes....... @comtaff.us.
  Do I add any values in front of the @ as a catch all? Is there any other reading on setting Mail's spam filters?
  Cheers.

  That's not really a Firefox issue; but here's a list of birthday car websites: http://email.about.com/od/birthdaygreetingcards/tp/birthday_e_card.htm

• Static NAT and multiple WAN (DSL) ports

  Hi,
  we have a hardware router with 3 ADSL/SDSL lines. The SDSL has a range of public IP addresses.
  We assigned these public IP adresses as DMZ to the hardware router, and added some of the IP's as secondary IP addresses on the BM's public interface. Filters have been disabled for testing, and we could ping the secondary IP's from the internet.
  In the next step, we set up a static NAT to a server in the private LAN, which should be reached from travelling users. Pinging the natted address from the internet reached the server (seen with etherreal), but BM did not set the public IP as the source of the ping reply.
  For testing, we set a static route on the BM to the PC on the internet, using the DMZ as default gateway, which was used for testing, and that worked fine.
  Is there a chance to get the reply from the natted Server back to the DMZ, where the request came from? Setting static routes isnt possible, because users come with changing IP addresses.
  Detlef

  In article <[email protected]>, Pinkel wrote:
  > Is there a chance to get the reply from the natted Server back to the
  > DMZ, where the request came from? Setting static routes isnt possible,
  > because users come with changing IP addresses.
  >
  This is a routing issue, with a possible workaround.
  When the BMgr server gets a packet it needs to route, it's going to look
  in its routing tables to know which interface to send it from, and which
  IP address will be the next hop. Traffic coming inbound will naturally
  leave the private interface and route normally to the internal address.
  Traffic going back to the internet is another matter.
  Traffic from the internet is, naturally, going to have a public IP
  address that will not be in the BMgr server's routing tables, unless you
  put in a static route. If the destination address for a packet is not
  in the BMgr routing table, it will send the packet to the only choice it
  has: the default route. Thus, all outbound non-static-nat'd traffic
  will end up going out the default route.
  I have used, on occasion, a workaround that forces traffic coming in
  from one link to go back out that link. If you think of how BMgr
  (NetWare) is routing replies to these packets, you realize that the only
  way it is going to go back out link B (if link A is the default) is if
  the packet actually comes from the address for link B. The way I've
  made this happen is to enable dynamic NAT on the link B address. (For
  instance, Cisco router with link B, totally different subnet - due to
  isp changeover - from link A. Link A was the default. Enabled NAT with
  overload on link B LAN address, and BMgr then saw all packets coming in
  from that router as local packets simply coming from the link B LAN
  address. So it replied to link B. However, all outbound (non-reply)
  traffic to the internet still went out link A. I've also configured a
  second internet link for VPN only usage, but that was no more than a
  static route entry.)
  Craig Johnson
  Novell Support Connection SysOp
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to http://www.craigjconsulting.com ***

• Multiple gateway on the same network with VPN

  Dear all,
  i have problem of multiple gateway with VPN, please refer to the attached pics:
  PC B cannot ping PC A if PC A's gateway is not pointing to the VPN Router
  if i change the PC A default gateway to 192.168.1.2 ( VPN router) , then PC B can ping it. but the fact is we have to keep the default gateway stick to 192.168.1.1 . is the any way to make it happen ?
  Thx

  Hi,
  Can you add static route on Linksys router 'ip route 192.168.2.0 255.255.255.0 192.168.1.2' and give a try..?
  hth
  MS
  **Rate helpful posts**

• Emails from my Blackberry are getting trapped by spam filtering

  It's not a consistent thing, which makes this more aggravating, but I have my work email set up on my Storm (9530), and many times, when I reply to an email that involves my co-workers, my emails get trapped by our online spam filtering.  Both my work email, as well as the "bis" Blackberry information has been added to the "whitelist", but these emails still have occasion to be trapped.
  Can someone please help me get to the bottom of what is being embedded in the source header information from these emails that might be causing this problem?
  I've noticed this is true of other emails originating from BlackBerry phones, regardless of the carrier.
  Thank you.

  Hi and Welcome to the Forums!
  I'm thinking that you need to work with your SPAM filtration vendor...all of the header information is fully visible to an administrator who traps one of the captured emails. They need to compare that trapped email to the rules they have in their SPAM filter. I pretty much doubt that anyone "out here" could possibly have the level of access required to do any meaningful diagnostics. Unless I misunderstand your request...
  Good luck!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Mapping Runtime with multiple gateway registration

  I need a help about increase mapping performance.
  I have add new Java server on new server(I mean HW).
  I wonder if ABAP(I mean RFC Gateway with JCo) can recognize this "New" Java server.
  I reference following...
  http://help.sap.com/saphelp_nw04/helpdata/en/1c/ba295ee20fcd41b6804f1bc602de68/content.htm
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/xi/3.0/sap exchange infrastructure tuning guide xi 3.0.pdf
  -->See section "Mapping Runtime"
  I have a following XI3.0 system.
  EOne central Instance(ABAP and Java) on one server(HW).
    Java have one J2EE Dispatcher and one Server.
  EOne dialog Instance(ABAP and Java) on one server(HW)
    Java have one J2EE Dispatcher and one Server.
  So "Java" have two Server processes on each hardware.
  You know when mapping, ABAP connect to Java with JCo.
  In ABAP side, I defined as AI_RUNTIME_JCO_SERVER(SM59).
  In Java side, I defined as AI_RUNTIME_XI1(visual admin)
  They have set same "Program ID" and test connection well.
  Now I add new Java server node.
  I can see "New" Java server tree in visual administrator.
  Can I defined RFC Destination "AI_RUNTIME_XI1" to this New one? (This is same destination.)
  Tunning Guide said, "load distribution by multiple gateway registration".
  What's mean?? I have only one Gayteway(I mean AI_RUNTIME_JCOSERVER)...
  Help.sap.com said, "The RFC Engine service can register under one name to one particular gateway. To register to another gateway, another name has to be used. ".
  What's mean?? Can XI ABAP Gateway recognize "another name"?
  I confuse a bit...
  regards,

  Hi All,
  In addition to the above, if mapping is tested within ESR there is no issue. The problem is happening only during runtime.
  BTW, When we applied the note 1838921 we upgraded the Adapter Framework from SP09 to SP12.
  Could this be an issue?
  Regards,
  Sudheer

• [SOLVED]How to add multiple gateways in Arch

  Hi, can someone please advise how to add multiple gateway address for multiple interfaces.
  In my case I have two wired LAN cards. I use Arch network daemon to manage my NIC's.
  I know in Gentoo it could be done through : 'gateway_ethX=( "default gw xx.xx.xx.xx dev ethX" )'
  but doing so in arch wont connect to router/gateway.
  Also in rc.conf it says :
  # Routes to start at boot-up (in this order)
  # Declare each route then list in ROUTES
  #   - prefix an entry in ROUTES with a ! to disable it
  How to declare each route, and then how to list it in ROUTES?
  I read the following thread:
  http://bbs.archlinux.org/viewtopic.php?id=52992, but after adding the suggested lines in rc.conf and restarting the network it fails and says hostname not found.
  Thanks.
  Last edited by kapz (2009-10-08 18:53:39)

  In that case, your routing table should look something like this:
  Kernel IP routing table
  Destination Gateway Genmask Flags Metric Ref Use Iface
  192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
  192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
  0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
  rc.conf:
  eth0="eth0 192.168.1.14 netmask 255.255.255.0 broadcast 192.168.1.255"
  eth1="eth1 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255"
  INTERFACES=(eth0 eth1)
  # You may need to add 'dev eth1' to the end of this after '.1.1'
  gateway="default gw 192.168.1.1"
  ROUTES=(gateway)
  Last edited by fukawi2 (2009-10-06 21:55:49)

• Multiple gateway Instance Abort

  I have a Process Instance(say name ="A") with Multiple gateway which has Join includes ACTION= RELEASE.
  In multiple gateway it will assign task for multiple participants depends on the logic.
  I want to grab all this by using the name of "A".
  instance.grab(grabActivity : "GrabInst");
  instance.runTask(activity : "GrabInst");
  I do following and work. But if I do instance.abort(), it gives following exception?
  Do I need to release before abort()? How do I do that?
  The task could not be successfully executed.
  Reason: 'fuego.papi.exception.InstancesException: The batch operation could not be executed for all selected instances.
  Internal Exceptions:
  /ExpenseManagement#Default-1.2/161125/1:Instance '/ExpenseManagement#Default-1.2/161125/1' is not available.'.
  Caused by: The batch operation could not be executed for all selected instances.
  Internal Exceptions:
  /ExpenseManagement#Default-1.2/161125/1:Instance '/ExpenseManagement#Default-1.2/161125/1' is not available.
  fuego.lang.ComponentExecutionException: The task could not be successfully executed.
  Reason: 'fuego.papi.exception.InstancesException: The batch operation could not be executed for all selected instances.
  Internal Exceptions:

  I have a Process Instance(say name ="A") with Multiple gateway which has Join includes ACTION= RELEASE.
  In multiple gateway it will assign task for multiple participants depends on the logic.
  I want to grab all this by using the name of "A".
  instance.grab(grabActivity : "GrabInst");
  instance.runTask(activity : "GrabInst");
  I do following and work. But if I do instance.abort(), it gives following exception?
  Do I need to release before abort()? How do I do that?
  The task could not be successfully executed.
  Reason: 'fuego.papi.exception.InstancesException: The batch operation could not be executed for all selected instances.
  Internal Exceptions:
  /ExpenseManagement#Default-1.2/161125/1:Instance '/ExpenseManagement#Default-1.2/161125/1' is not available.'.
  Caused by: The batch operation could not be executed for all selected instances.
  Internal Exceptions:
  /ExpenseManagement#Default-1.2/161125/1:Instance '/ExpenseManagement#Default-1.2/161125/1' is not available.
  fuego.lang.ComponentExecutionException: The task could not be successfully executed.
  Reason: 'fuego.papi.exception.InstancesException: The batch operation could not be executed for all selected instances.
  Internal Exceptions:

• Multiple gateway & split gateway

  Simple question.
  Is the multiple gateway used when the same copies must be passed to different users in the same time. And each user cannot view the copy or result modified by other users.
  Is the split gateway used when same copies will be sent to different branches. Users in the same role can view the copy?
  Oracle BPM 10.3 Help Studio Reference does not give very detail information
  Edited by: YE on Apr 22, 2009 2:33 PM

  Hi Ye,
  Yes that's one scenario.
  A Multiple activity (called "Split-N" in releases before Oracle BPM 10g) is used in three scenarios:
  (1) Voting design pattern - It's fairly common to want to form a committee at runtime of participants. The size of the committee can be a decision made at runtime. A copy of the work item instance is assigned to each of the people on the committee. Each participant has a "vote", but cannot act on the other committee member's work item instances votes since the instance is assigned to each person specifically using participant.next for the copied instance.
  (2) RFP design pattern - The companies responding to the proposal are assigned the instance typically as the copied instance flows into an activity that is inside a parametric role. The parametric role in this example would be based on the supplier's name so only people in that supplier's company can respond the the proposal.
  (3) Changing granularity of a work item instance. Although not suggested for work item instances that can break down into hundreds of individual work items, it is a simple technique to have a single batch job (e.g. batch of claims coming in) and breaking this down into its invidual components (e.g. each individual claim would become a separate work item instance inside the Multiple / Join).
  In the first two patterns above, the end user participants involved would not have access to instances in other copies spawned by the Multiple activity.
  Use Multiple when you're using any of these patterns and the number of copies spawned is determined at runtime.
  A Split activity on the other hand is used when you do not need to determine the number of copies spawned at runtime. There is always more than one transition coming out of a Split activity. A copy of the instance variable flows through each of the unconditional transition leaving the Split and through each of the conditional transitions that evaluate as true coming out of the Split.
  Whether you decide to assign a specific copy of a work item instance coming out of either a Multiple or Split to a specific end user is based on your need inside the process. Assigning a work item instance to a specific participant can be incredibly useful, but it is an option that can be used anywhere inside a process. It is not a requirement of either the Multiple or Split activity.
  Hope this helps,
  Dan

• Multiple Gateways servers - any issues?

  I am being asked to monitor multiple untrusted domains through gateway servers. We already have one gateway server setup, are there any issues I should beware of when setting up a second or third one for different domains? Do they all talk back through
  port 5723 happliy without any contention?

  Not really - the individual servers can become the bottle-neck should there be a large number of agents reporting to them but this would be for relatively large deployments. But in terms of contention you shouldn't have any problems, there's a good article
  here which has details of the process (similar content
  here as well) .
  I'd also take a look at the SCOM sizing tool as this will give you some details on server spec, etc
  http://blogs.technet.com/b/momteam/archive/2012/04/02/operations-manager-2012-sizing-helper-tool.aspx
  Extract from the SCOM2012 deployment guide:
  "Gateway servers are used to enable agent-management of computers that are outside the Kerberos trust boundary of management groups, such as in a domain that is not trusted. The gateway server acts as a concentration point for agent-to-management server
  communication. Agents in domains that are not trusted communicate with the gateway server and the gateway server communicates with one or more management servers. Because communication between the gateway server and
  the management servers occurs over only one port (TCP 5723), that port is the only one that has to be opened on any intervening firewalls to enable management of multiple agent-managed computers. Multiple gateway servers can be placed in a single domain so
  that the agents can failover from one to the other if they lose communication with one of the gateway servers. Similarly, a single gateway server can be configured to failover between management servers so that no single point of failure exists in the
  communication chain.
  Because the gateway server resides in a domain that is not trusted by the domain that the management group is in, certificates must be used to establish each computer's identity, agent, gateway server, and management server. This arrangement satisfies
  the requirement of Operations Manager for mutual authentication."