Michael Brandonisio

Hello,

Moving the Email

In planning for my trip I needed to figure out how to get my email from my Mac to my wife’s Windows Vista laptop. I converted my email to Thunderbird around the new year due to Apple mail issues I could not figure out. So This is what I found.

Portableapps.com makes a portable windows version of Thunderbird that you can install on a flash drive. It turns out that Thunderbird uses the same data files for all platforms even for the email configuration. So all I had to do was copy the Thunderbird folder from my Mac OS user library folder to the flash drive. Go to my windows laptop. Install the portable Thunderbird from here

www.portableapps.com

Then mock up one email account with a local folder. Then replace:

flashdrive/ThunderbirdPortable/data/profile/localstore.rdf
flashdrive/ThunderbirdPortable/data/profile/mail

with the copy from my Mac OS Thunderbird profile. I opened portable Thunderbird in windows and all my mail was there. I’d have to test more to see if attachments are there too. I’m guessing they would be or maybe another file needs to be replaced. I’d also make the leap that you can move email from windows to Mac OS in a similar manor.

Test and test and test before working with real data. Create a new user on each computer to work with a copy of any data, NOT the live account.

Securing Your Email On Your Flash Drive

Now run back to the beginning. Email is sensitive and portable devised can get lost. Create an encrypted portable disk image on the flash drive prior to installing portable Thunderbird. Go here. It is a cross platform tool.

www.truecrypt.org

install and place data in encrypted portable disk image.

Now you can mount the disk image to run your email and should not have worry about loosing your flash drive if your email has sensitive data in it. Obviously you will want to backup your flash drive regularly.

AGAIN … YOU WILL WANT TO BACKUP YOUR FLASH DRIVE REGULARLY, honest your flash drive will die at some point. It’s only a matter of time.

Sincerely,
Mike

Hello,

I have a server that I run as a shared hosting server and host many small web sites for various clients. In an effort to provide better service, I have recently moved all of the accounts to private IP addresses so email will send from the account IP address instead of the primary server IP address. This is a cPanel / WHM server setup.

After doing all this I have checked the reputation of the domains and IP addresses using these tools:

TrustedSource: www.trustedsource.org
BarracudaCentral: www.barracudacentral.org
MailRadar: www.mailradar.com
DNSstuff: www.dnsstuff.com

It all come back neutral and I still have email sent from this server marked as spam or it lands in junk mail folders. The IP addresses are clean, the domain is clean, both neutral reputations.

What can I do to get email sent from my server to not be labeled as SPAM?

I did some research it turns out that just setting up the server and properly configuring it is not enough these days. You need to apply for certification through a 3rd party white listing company. I found this one:

http://www.senderscorecertified.com/about/

And I found this regarding hotmail recipients:

http://answers.google.com/answers/threadview?id=606426

I’m guessing that if I start with one provider like hotmail and can get email through to their customers by following their rules then that will also help with other SPAM and junk filters. Now the troublesome part.

They all have different requirements. So that means you need to chase entry into each provider from the top down large providers first then smaller ones e.g. hotmail, comcast, earthlink, AOL to name a few. I think this will give me a good start. It will also continue to develop has I move forward from provider to provider.

~~ Updated Tuesday, December 23rd, 2008

In my research it turns out that “www.senderscorecertified.com” is more for bulk email providers and not for email servers that are used mostly for one-to-one email. I found these additional resources:

DNS Whitelist - www.dnswl.org
Email Reach - www.emailreach.com

Add your IP to DNS Whitelist and then review their “Other Whitelists” page. There are few more lists that may pertain to you.

Now for the golden email deliver ability troubleshooting service, GEDATS ( I made that up), Email Reach.   Email Reach test systems include over 69 different platforms, which run over 10,000 discrete tests on your email. It is a hosted service and has a 24 hour free LIVE, no restrictions trial. It can be used to test your one-to-one email server or email marketing message. A test creates a report containing Reputation, Content Assessment, Inbox Monitor, and White list Audit. Inbox Monitor will tell you if you email is landing in the SPAM folder or Inbox. Content Assessment is great for email marketing as it puts your message through the major SPAM filters and will tell what is being flagged.

I have not affiliation to any of these web sites. I just knew how much a struggled to get good information on my email server and the 24 hour test gave me what I needed.

~~ Updated Thrusday, December 25rd, 2008

Since adding all of the IP addresses on my shared server to the www.dnswl.org white list, email from this server is now landing in the inbox instead of SPAM for Yahoo and Hotmail. Very cool!

Sincerely,
Mike

Hello,

There may come a time when your DNS server is the authoritative DNS for a client or customer that has secured an IP block from a 3rd party, perhaps for T1 or DSL service. They want to use one of the IP addresses for an email server located in their office and have asked you to setup rDNS or Reverse DNS for the IP address specified. Since the IP address did not come from your ISP you cannot ask them to setup the rDNS for you. You must accept IP delegation and configure your DNS server to give an authoritative response.

Here are 3 links that helped me figure this out:
http://www.dnsstuff.com
http://www.faqs.org/rfcs/rfc2317.html
http://www.fdcservers.net/vbulletin/archive/index.php/t-578.html

I’m going to illustrate this using 10.x.x.x IP address ranges. This setup is for Bind DNS servers. You will be creating a zone for x.x.x.x.in-addr.arpa on your DNS server.

The scenario is that the client secured a new T1 line and wanted to use IP 10.0.142.162 for an email server in their office.

On your DNS server, open a terminal window. Then edited /etc/named.conf and added this to the end:

zone “160/28.142.0.10.in-addr.arpa” {
type master;
file “/var/named/142.0.10.in-addr.arpa.db”;
};

I have to admit that I do not fully understand why some delegations may be looking for zone 160/28.142.0.10.in-addr.arpa and others 142.0.10.in-addr.arpa. Both can contain the IP 10.0.142.162. It may have something to do with this delegation being a /28 giving the client 16 IP addresses with 14 usable starting from 10.0.142.160.

Save your changes then create a new zone DB named /var/named/142.0.10.in-addr.arpa.db

You can do this like this:

touch /var/named/142.0.10.in-addr.arpa.db

Then open /var/named/142.0.10.in-addr.arpa.db and add:

; Zone file for 160/28.142.0.10.in-addr.arpa
$TTL 14400
@      86400    IN      SOA     ns1.yournameserver.net. support.example.com. (
2008092801      ; serial, todays date+todays
14400           ; refresh, seconds
7200            ; retry, seconds
1209600         ; expire, seconds
86400 )         ; minimum, seconds
160/28.142.0.10.in-addr.arpa.         IN      84600   NS      ns1.yournameserver.net.
160/28.142.0.10.in-addr.arpa.         IN      84600   NS      ns2.yournameserver.net.

162.142.0.102.in-addr.arpa.           IN      14400   CNAME   162.160/28.142.0.102.in-addr.arpa.
162.160/28.142.0.10.in-addr.arpa.     IN      14400   PTR     mail.example.com.

Save and restart Bind. You can test your results here:
http://www.dnsstuff.com

Sincerely,
Mike

This is a shameless plug for our newly launched managed online backup service for the technically challenged.  Begin Shameless plug.

Hard drives fail. Viruses can destroy data. Having a copy of your work, digital photographs, financial records and other important files is just one step in a thorough backup plan. Our secure online backup solution completes the backup process by placing a copy of your data off-site where it is safe from theft, fire and unauthorized access.

Losing your digital photos and financial information as a result would be devastating. Our secure online backup solution is a reliable and safe way to backup critical and important files. We realize that many businesses don’t backup properly because they may not be sure what needs to be backed up or how to do it reliably.

Our online backup solution is a full service managed solution. This means we do all of the setup, all of the configuring, all of the testing and all of the monitoring. As long as your computer is turned on, awake and connected to the internet our solution will back it up, even when traveling with your laptop.

Follow this link to place your order or for more details: www.JIKOmetrix.net

Special Offer
Tech one Illustration is making a special offer to the next 15 users to sign up who mention this blog when they order. The next 15 sign ups can order business class service for just $15 per month per computer. You will get 5GB of storage per computer as part of the base fee, expandable in 5GB increments. There are no caps your account will increase or decrease based on your usage. Additional storage is just $1 per 1GB per month. Plus we will waive the setup fee for your first 5 computers, up to a $150 value. Limited offer. Restrictions apply. Offer valid through March 1st, 2009.

Call Mike Brandonisio at Tech One Illustration, (630) 759-9283 x1001 to place your order or make an appointment to discuss your business’s backup needs. Mention this posting to receive discount.

It’s an insurance plan for your data, Call Today! (630) 759-9283 x1001

In November of 2007 I came to the conclusion that I needed a smart phone. I’m currently working on a Mac Mini and wanted to not only get email on my cell phone but also wanted to have my calendar, address book and task list. At the time when I asked the sales person in the Verizon store, I was told that they had 3 phones that were Mac compatible the BlackBerry Pearl 8130, BlackBerry 8830 and Palm Treo 755p. I previously owned a Palm tungsten E. It was nice but I opted for the BlackBerry Pearl 8130.

I was a little skeptical about just how compatible the phone would be with my Mac since it took some digging by the sales person to figure out that BlackBerry was Mac compatible. With that said I bought the BlackBerry Pearl 8130. It did not come with any software in the box I had to download it from the www.BlackBerry.com website. I downloaded PocketMac v4.0.20b. After installing it I was able to sync with iCal, Address Book and Mail. It supported other applications too, but those were the applications I was using.

Ireally like BlackBerry Pearl 8130. Some of the things I liked were the compact size and the way it guessed what I was typing. The keyboard was not a full QWERTY but a version with no more than 2 letters per button so typing was fairly easy and the BlackBerry Pearl 8130 seemed to learn from what you entered and got really good at guessing what you were going to type. The Map tool is pretty cool too. You can search for places and get directions. To be clear though it was not turn by turn GPS, though you could use Verizon’s VZ Navigator for that. I also liked the fact that the phone was smart enough to know when it saw a phone number in an email or when browsing the web. If you clicked on a phone number it would ask if you wanted to dial it. Very cool. It made www.yellowpages.com a very useful site on my phone.

I did run into 3 big issues that resulted in the return of my BlackBerry Pearl 8130.

The first issue was attempting to fix the calendar on the phone. Somehow the calendar on my BlackBerry Pearl 8130 was in triplicate. The Mac was fine. No one could figure out why it was in triplicate. What is worse no one from Verizon or BlackBerry could fix it. I was told by a BlackBerry tech if only I had a Windows computer they could correct the issue in minutes. I did not have a Windows computer. All I had was a Mac OS computer. Over a 2 day period I spoke with 2 BlackBerry technicians. After throwing many darts, the second tech I spoke with decided that a security erase was the only way to fix it. Then I would have to push the data from my computer down to the device. So I did.

That was in my first 30 days of owning the phone. I had to decide if I should keep it or return it to the store. I really liked the phone. When the sync was working it worked. The support for fixing issues was lacking but there was a solution. I kept the phone.

The second issue comes up in my 8th week of owning my BlackBerry Pearl 8130. I bought a new wireless keyboard and mouse from logitech, the Cordless wave. After installing the control console software on my Mac the PocketMac sync stopped working. It took 2.5 hours on the phone with support to trouble shoot this issue. Support had no idea what the issue was. Lucky me I was able to boot my Mac to a disk that did not have the keyboard control console installed on it. I tested PocketMac and it worked again. It looks like PocketMac is using the keyboard controller to make calls to helper applications to perform the sync of various items like calendar, address book and email.

All I can ask is, “Why would a programmer rely on something like the keyboard controller to communicate with other applications?” It makes no sense. I should be able to install a 3rd party keyboard and mouse without having it break my sync tool. I would not expect this kind of home grown programming from a commercial application like PocketMac. Ultimately I returned the logitech Cordless wave keyboard and mouse and bought a wired Mac keyboard and a Kensington wireless mouse. This combination of hardware worked fine.

Again I considered returning the BlackBerry Pearl 8130 but decided that the devil I knew was better than one I would have to get to know. Besides that the only other option from Verizon was a Palm Treo 755p. It just did not appeal to me. Once again I kept the phone knowing that there would always be this issue with 3rd party keyboards.

Since the first two issues could not sway me to return this phone a third issue came up to test my patients. I wanted to update the firmware on my phone. The updater would not run on my Mac OS computer. It required a Windows computer. This was my breaking point. After an hour on the phone with Verizon support I was told I can take my phone to any corporate store and they could update the firmware for me. So I did. I drove to the Verizon store near me. At first I was told no they could not update smart phones. They could only handsets. Then after another hour at the store they reluctantly offered to try something they have never done before. They would use one of their windows computers to run the firmware update for me. Then came the clincher, this operation would reset the phone to factory setting erasing my settings and possible some data. I knew I had my calendar and my address book on my Mac but I did not have my bookmarks and I was sure that I would loose something that was not backed up since PocketMac was only a sync tool it did not backup the entire phone and it’s settings. It only synced data. I did not allow them to update the firmware on the phone.

At this point it was painfully clear that this was not a Mac OS compatible smart phone. Yes it could sync but it was not fully compatible with the maintenance tools needed to own and operate the phone as a Mac user. Sure a firmware update works flawlessly on a windows computer, according a a Verizon support technician, even restoring all the correct settings, but not on a Mac. The following day I called customer service. They were very understanding allowing me to port my phone number to another provider and giving me a full refund.

I now have my eye on the 8GB iPhone. I’m thinking this should be compatible with my Mac OS computer … Right?

Additional Note:
The PocketMac installation does not install PocketMac for multiple users on a Mac that share the computer with separate logins. When PocketMac installs it places files that are meant for general use, like plugins, in the users library folder instead of the computers library folder. This means that PocketMac must be installed for each user with a login on the computer that will need to sync their phone. Now this gets even better. You cannot install PocketMac unless you are an admin user. So you need change all the user accounts to have admin privileges, install PocketMac, then change them back to simple users. This is completely stupid.

Sincerely,
Mike

Hello,

If you are running a web site resource usage and performance can play a big part in your site visitors experience, namely their experience in how long it takes your web site’s pages to load. There are modules called GZip and mod_deflate for Apache web servers that will compress the data requested by a web browser using Zip compression to create a compress stream that is decompressed at the browsers end. This is server wide and effects all web services on the server. The result is less data sent from the server to the browser. This has two huge affects one, it can reduce bandwidth usage by as much as 75% and two, decrease page load times by a factor of 4. Here is some data on this BLOG:

URL: http://mbrando.com

File Size Comparison (in bytes):
Original size: 61964 bytes
Compressed size: 19077 bytes
Savings: 42887 bytes
Percentage saved by
compression: 70.0%
Transfer speed
improvement: 3.2 X

Dial-up Modem 56.0 Kbps - 8.645s vs. 2.661s
DSL/Cable Modem 256.0 Kbps - 1.891s vs. 0.582s

( Above data by: port80software.com )

Here are some links with additional information

GZip works with Apache 1.3x and Apache 2.x.
GZip Site Home
Compressing Web Output Using mod_gzip for Apache 1.3.x and 2.0.x

Apache 2.x comes with a module called mod_deflate.
Apahce 2.x documentation
Compressing Web Content with mod_gzip and mod_deflate

Sincerely,
Mike

Hello,

I run a few cPanel servers and run Munin as my resource monitor. At the time I wrote this the version included with cPanel was munin 1.24. Ever since I have installed the plugin from cPanel it would monitor MySQL upon first install and then stop if the server was reboot. Uninstalling and reinstalling would once again get Munin to monitor MySQL but having to uninstall and reinstall just for a reboot, just did not seem like something that you should have to do. After many months of on and off testing this is the fix I have come up with.

1. Create a MySQL user with a password that is NOT granted privilege to any DB. Simply create the user.
2. Create a file called /etc/munin/plugin-conf.d/munin-node
3. In the file /etc/munin/plugin-conf.d/munin-node put this:
   [mysql*]
   user root
   group wheel
   env.mysqladmin /usr/bin/mysqladmin
   env.mysqlopts -u [MySQL_usr] -p[MySQL_usrpassword]
4. Then Save. Where [MySQL_usr] is a valid MySQL user and [MySQL_usrpassword] is it’s password. Note that there is NO space between -p and the password. This is critical.

Now what about 30 minutes to an hour to allow the munin-node to gather enough info to have something to graph. Then go view your Munin graphs. All of your MySQL graphs should have something in them.

Sincerely,
Mike

Hello,

I’m sure the internet has changed quite a bit since you first unveiled your web site to the world. The technologies used to build web sites and internet presentations have also changed too. You may be thinking that the time is right to redesign your web site. A new look/ feel and fresh content will go far to better reflect your business services today. Make sure you have someone who understands search engine optimization involved with your project. This is very important for a web site redesign.

In the past it was possible to simply write code to display your pages properly in the few browsers available. Today if your web site enjoys any traffic that comes from the search engines, you want to keep it. This means that your REDESIGNED web site cannot have broken links that come from the search engines or dump all of your old site links to the home page. Doing so will impact your search engine ranking. This will cause your rank to drop. For some business this could have a serious financial impact.

You need to redirect all of your old pages to the new pages that have similar content. Often a web site is transitioned from a static HTML web site to a dynamically scripted web site like those coded with ASP, PHP, .net, Cold Fusion, Java to name a few server side scripting languages. Your old web site may have had links that looked like this:

http://www.example.com/folder/products.htm

or something similar. Your new site may simply have restructured how the pages are stored by changing the folder names or your web site is now dynamic. Either way you want your old web page links to be redirected to the new web page links. If you are running apache server you can use an htaccess file in the root of your public folder to preform the redirect of OLD to NEW. This is just one way to make use of htaccess files. Feel free to use your favorite search engine to find other htaccess tutorials for password protected folders or event URL rewriting.

How to use htaccess files with apache server for URL redirect

Create a plain text file named: .htaccess

in the root of your public folder. In this file you will use the following structure to create a redirect that tells the search engines that a permanent change to the old link has been made, meaning the old link is being redirected permanently. The format is action, error code, OLD URL, NEW URL. Each redirect is on its own line like this:

Redirect 301 /your_file_name.html http://www.example.com/index.php?a=12&b=39
Redirect 301 /file_name.htm http://www.example.com/index.php?a=657&b=354&c=234

If your OLD URL happened to have a space, %20, in the file name or folder name put the entire URL in double quotes like this:

Redirect 301 “/folder name/file name.htm” http://www.example.com/content/view/215/27/

This will allow the directive to be performed properly. With out double quote around the URL with a space it can cause an internal error 500 on the server. Often this error is associated with htaccess files the have invalid syntax.

Note:

1. 301 is the error code for a permanent redirect
2. The OLD URL starts with a forward slash
3. The NEW URL is a fully qualified URL
4. The new URL can also be on a different domain too.

That is all there is to it. Save your htaccess file and test it by access an old URL. It should redirect your browser without incident. Using the 301 error tells the search engines to update their index with the new URL.

Sincerely,
Mike

Hello,

I recently upgraded my servers to the cpanel 11 when I received a notice from cpanel that stated, “Unable to automaticlly update the mailer config…”. So I manually performed the upgrade only to discover that email was being handled very differently after the upgrade. No email that was marked as SPAM was was being delivered. Instead it was being dropped. This meant that there would be no way to check for a false positive email marked as SPAM. Normally spammy email has it’s subject rewritten to prefixed with, “[spam]“. This allowed the user to then use a filter in their email client to filter email with “[spam]” in the subject to a folder for later review. This would keep the inbox clean.

I did some research and found that this was a common issue with the new cPanel 11. After many hours of thinking that I may have to downgrade the server to cPanel 10, I found my answer in WHM. When you log into WHM as root there is a section called, “Service Configuration”. In this section you will find, “Exim Configuration Editor”.

In the “Exim Configuration Editor” page in the, “Mail” section just above the the buttons marked, “Visualized ACLs and Save” is an option to use the old old transport, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)”. When I first saw this and it said it was not recommended I looked for an alternative. I could not find one. I need my email spammy or not to be delivered to each users inbox for their review.

Check this option, “Use the old transport based spamassassin system instead of the new acl style one. (not recommended, slow)” and click the save button. If you were previously using subject rewrites SPAM Assassin will again rewrite your subjects. You can also make use tof the X-Spam-Flag header for filtering this is a YES or NO value.

At least by doing this you can continue to make use of the NEW cPanel 11 features while monitoring the cPanel forums to see of the Exim ACL’s have been fixed to allow subject rewrites and delivery of email marked as SPAM.

Sincerely,
Mike

Hello,

This is a re-write with a few additions of a solution that I found on 2 BLOG’s and in the cPanel Forum. My sources are: johnhesch.com, yamzy.net and forums.cpanel.net.

I was having some issues with a few clients and their email. A client would call me and say, “A vendor says that they cannot send email to me. What’s going on?”

I’d chime back, “Did they give you any more information? If you can ask them to fax you the bounce message or email it to my comcast account I will look into it.”

Eventually I’d receive the error the message. It would read something like:

Error 451: Deferred sender callout cannot be verified.
or
Error 550: Verify sender callout failed.

If you look in your exim Logs /var/log/exim_mainlog you might find something like:

could not complete sender verify callout

Exim by default, will check the senders email address and send a callback to the sending server to check and see if the users email address actually exists. In this case the senders email server was not verifying the email address actually exists and so the email was being rejected. In some cases the sending server does not wait long enough for the check to complete. Most of the time this is an issue with the sending servers configuration. It is not RFC compliant. It is not always possible to contact the senders server admin to alert them of their server issue. You may want to just make a concession on your end.

In cPanel or more specifically “WHM -> Service Configuration -> Exim Configuration Editor” there are 2 setting that help keep SPAM down “Verify the existence of email senders.” and “Use callouts to verify the existence of email senders.” These Exim directives tell Exim to perform the checks. I tried to turn them off for about 4 months. My server mail queue was loaded with over 3000 emails. The queue ages 7 days then deletes but still something was wrong. Then I got on an RBL list and that was the straw that started the search for a solution. I enabled both “Verify the existence of email senders.” and “Use callouts to verify the existence of email senders.” while I looked for a solution. In 7 days my queue dropped to just 40 emails. Now I still had a clients that needed to communicate with their vendors.

After Googling I found my solution on johnhesch.com. I nearly lost it. When I finally confirmed that what was posted there was worth trying the link was broken. I contacted John via email to ask about it and he sent me back the info I needed. I later found what looks like a copy of John’s posting here yamzy.net.

So it turns out what I needed was a white list. Now Starts the “How To” Create a file that will be the actual white list. In this example it is /etc/exim_whitelist_senders - the addresses need to be listed one entry per line, either the email address or use the wildcard to do an entire domain. The Following supports cPanel 10.

1. SSH into your server and as root or using SUDO or SU run this command:
   touch /etc/exim_whitelist_senders
2. In WHM, got to “WHM -> Service Configuration -> Exim Configuration Editor.”
   In the top most edit box add (if there is anything else in the text box add this bellow it):
   addresslist whitelist_senders = wildlsearch;/etc/exim_whitelist_senders
3. Still in WHM. scroll down to where there are three text boxes together. This is the begin ACL section. In the middle box scroll down until you find:
   #sender verifications are required for all messages that are not sent to lists
   require verify = sender/callout
   accept domains = +local_domains
   endpassIn

   cPanel 11 look for:
   [% ACL_RBL_BLOCK %]
   require verify = sender/callout=60s

4. and change it to:
   #sender verifications are required for all messages that are not sent to lists
   deny
   !verify = sender/callout=30s,defer_ok,maxwait=60s
   !senders = +whitelist_senders
   accept domains = +local_domains
   endpass
5. Save and exit. Now try to send and receive email to make sure everything is still working. If all is ok add the address in question to the white list and see if it works.
6. Put the sender addresses in the file /etc/exim_whitelist_senders, one per line, e.g. someone@domain1.tld
   *@domain2.tld

If you do not want an RFC compliant email server make this change too. When I made this change it broke my setup. Verifying the header can cause valid email to fail this check since some valid email does not come from users but is created by the automated systems, like a server. I WOULD NOT MAKE THIS CHANGE. It took me 5 day to figure out this was the part that broke the above setup.

1. Still in the middle box scroll down to the end and change:
   #!!# ACL that is used after the DATA command
   check_message:
   # Enabling this will make the server non-rfc compliant
   #require verify = header_sender
   accept
2. and change it to:
   #!!# ACL that is used after the DATA command
   check_message:
   deny
   !verify = header_sender
   !senders = +whitelist_senders
   accept

It did not really break it but for some reason beyond me it was not working with this section active. Disabling it made my white list work like a charm.

Sincerely,
Mike