Syed Jahanzaib Personal Blog to Share Knowledge !

July 28, 2016

Lotus Notes / Copy – Duplicating prohibtited

Filed under: IBM Related, Uncategorized — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 5:02 PM

pmail.jpg


In our company, we have IBM Lotus Domino Mail Server which i managed myself. Getting Lotus Domino support is quite a tough job, especially if you dont have any support SLA with the IBM, which generally costs heavy amount in $. Therefore I have to manage things on my own mostly using google and with some common sense lol.

Today we received an email from a valid client, and when we tried to copy or reply him with history, we receive following error.

w2.PNG

It also happens if user have selected following in mail delivery options.

w1.PNG

Without going in much details (which is already available in greater details on the internet), here is how I managed to sort it.


Requirements: Domino Admin Client.

Open user mail file via Domino Admin Client.
Goto Create / Agent,

As showed in the image below …

formula.PNG

 

Make sure you select FORMULA as shown above, and copy paste following code …

FIELD $KeepPrivate := @DeleteField;

Save it with any name like “remove keep private” and exit.


Lotus Notes Client:

Now open Lotus Notes Client , goto inbox and open the affected email,

Now goto Action / and you will see the newly created agent name. click on it.

As showed in the image below …

agent.png

it may take just a second or two most, and will remove the restriction:)

Enjoy !

Syed Jahanzaib

 

July 20, 2016

Mikrotik reboot alert with false detection checks

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:05 PM

reboot

Scenario:

We have a routerboard which have 2 wan pppoe-outX dialers. Gmail account is configured to send alerts. On the same LAN we have KANNEL sms gateway server which acts as a central sms gateway for sending receiving sms.

Disclaimer:
The script is designed for some specific network, it may not fit general public requirements, but still its a good idea to collect various scripting ideas for learning purposes and it may help in other tasks as well.


Requirements:

  • If the Router is rebooted , it should send us Email and SMS with the new WAN ip addresses.
  • It should check for both WAN connections status before acquiring IP addresses, if it won’t check for interface status and the dialer aren’t connected, the script will terminate, therefore this check must be added
  • It should check for UPTIME , if the UPTIME is less than X Minutes, then it should consider the RB is actually rebooted, this check was required to prevent false detection of reboot. In some ROS, it was a bug that the RB doesn’t gets rebooted but reload the OS and the scripts consider that the RB got rebooted while it actually dont. so this check need to be added.
  • Make sure you have already configured the /tools/emails section in RB to make email alerts work.

the SCRIPT !

use the following script, modify it as required. schedule it to run on system reboot only,

# Mikrotik reboot alert / UPTIME CHECK SCRIPT, with prevention of sending FALSE ALARM with optional Email and SMS Alert
# We are using local KANNEL as SMS gateway and GMAIL as mail relay server
# By Syed Jahanzaib
# https://aacable.wordpress.com
# Email : aacable at hotmail dot com
# Script Last Modified : 20th-JUL-2016 / 1100 Hours

# Get Uptime
:local UPTIME [/system resource get uptime]

# Set UPTIME Limit
:local UPTIMELIMIT "00:05:00"

# SET DATE TIME
:local date;
:local time;
:set date [/system clock get date];
:set time [/system clock get time];

# if uptime is less then uptime limit threshold value, then consider router is actually rebooted, and take action / zaib
:if ($UPTIME<$UPTIMELIMIT) do={
:log error "ALERT: Router was rebooted just before $UPTIMELIMIT Minutes therefore sending Reboot SMS / Email Alert";

# Sleep , this is added so that RB and the KANNEL services may start properly / zaib
:delay 180s

# GMAIL Setup
:local gmailid "YOUR-GMAIL-ID@gmail.com"
:local GMAILPASS "YOUR-GMAIL-PAS"
:global gmailsmtp
:set gmailsmtp [:resolve "smtp.gmail.com"];
:local COMPANY "ZAIB"

# KANNEL SMS Configuration
#If you dont have kannel sms gateway ignore this.
:local KURL "192.168.100.1"
:local KID "kannel"
:local KPASS "kannelpassword"

#Mobile numbers of Admin
:local cell1 "03333021909"
:local cell2 "0333xxxxxxx"

:global WAN1IP
:global WAN2IP

# in this RB,we have two pppoe-outx wan dialers, Check if dialer is present and connected,
# this check is added because if dialer is not connected script was terminating, so this check is added now

if ([/interface get pppoe-out1 disabled] = yes) do={ :log error "pppoe-out1 Interface disabled" }\
else={[:global WAN1IP [/ip address get [find where interface=pppoe-out1] address];]}

if ([/interface get pppoe-out2 disabled] = yes) do={ :log error "pppoe-out2 Interface disabled" }\
else={[:global WAN2IP [/ip address get [find where interface=pppoe-out2] address];]}

# email recipients, Set your email where you want to receive the alert
:local mailsendto
:set mailsendto aacableAThotmailDOTcom

:local mailsendto2
:set mailsendto2 secondadmin@gmailDOTcom
# Set Email Subject
:local es "$[/system identity get name] $[/system clock get date] $[/system clock get time] $COMPANY MIKROTIK got rebooted ! new ips $WAN1IP $WAN2IP and Uptime is $UPTIME"

# Set Email Body
:local eb "$[/system identity get name] $[/system clock get date] $[/system clock get time] $COMPANY MIKROTIK got rebooted ! \nNew ip address are \n WAN1IP = $WAN1IP \n WAN2IP = $WAN2IP \n\n Current Uptime is $UPTIME \n\n This script is powered by SYED JAHANZAIB !"

# Finally send email to both amind email addresses
/tool e-mail send to=$mailsendto subject=$es start-tls=yes body=$eb password=$GMAILPASS
/tool e-mail send to=$mailsendto2 subject=$es body=$eb start-tls=yes password=$GMAILPASS

:log warning "Email Done! for REBOOT ..."

:log warning "SENDING SMS FOR REBOOT ALERT VIA KANNEL RADIUS GATEWAY ."

# Send SMS using local KANNEL sms gateway
/tool fetch url="http://$KHOST:13013/cgi-bin/sendsms\?username=$KID&password=$KPASS&to=$cell1+$cell2&text=$COMPANY+MIKROTIK+Router+was+rebooted+and+now+restored+at+$date+$time+and+new+ips+are+$WAN1IP+$WAN2IP+++++++[$COMPANY+Pvt+Ltd]"

# if uptime is above then uptime limit threshold value, then no need to send SMS, this is to prevent false alarm.
} else={
:log error "System is above then $UPTIMELIMIT, so no need to send reboot sms/email alert!"
}

# Script , Ends Here
# Syed Jahanzaib
# aacable [at] hotmail.com


Results~

Screenshot_2016-07-20-11-52-17

 

rebootmail

 


Regard’s
Syed Jahanzaib~

July 13, 2016

Fighting with Spoofed Emails in IBM Lotus Domino using Symantec SMSDOM

Filed under: IBM Related — Tags: , , , , , — Syed Jahanzaib / Pinochio~:) @ 9:30 AM

s1

From the Diary / 12th July, 2016


We are using Symantec IBM lotus Domino as our mailing system for inbound/outbound emails & Symantec Mail Security as anti-spam mechanism. Managing heavily used production email server & fighting with the spam is a really tough job to do and requires continuous monitoring and most times requires additional work to do on regular basis.

From past few days, our email users were receiving lot of spoofed (faked advertisement / malware) emails pretending to be coming from there own email address and sometimes other legitimate users as well.. Subject was different every time , and source was dynamic too in the header. It was really annoying as user does not wants to block his email address in filters.

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Example you can receive email pretending to be coming from your own email address, strange and annoying as well too.

Adding SPF record is a good idea and every mail server mx record should have it. However I took another route which is a kind of workaround BUT at least it’s working amazingly good for me !.

Just to share my story. / z@ib

 

I made following rule in SMSDOM Content Filter Rules Section.


Description: BLOCK SPOOFED EMAILS RULE

Classification: Compliance Rule

This rule is for: Email Routing

Flow: Inbound

This rule is applied: Conditionally

Condition: Unless

Attributes: Sender/Author > myself@mycompany.com
[Exempt my few local servers email ids that are used to send backup/alerts emails to admin via using batch scripts]

Rule Expression: if Internet Domain Contains MYCOMAPNY.COM

Action: QUARANTINE the Document


Save the rule.

 

Images of rules,

1

2

3

4

 


End Results:

:) & now I can see many spoofed emails dropping in  the quarantine box and user’s inbox is clean and shiny.

spoofed_results_in_smsdom_quarantine

 


TIPS:

Test Spoofing

To test sending spoofed email, you can use following web site to do so ..

https://www.wormly.com/test_smtp_server

 

SPF RECORD: / zaib

To make SPF record on the DNS server, you can use following syntax

v=spf1 mx ip4:1.2.3.4 -all

Above record will allow all your MX records + IP 1.2.3.4 to send email from your domain, everything else is prohibited. But the mail servers or relays must support SPF protocol.

Or if you have two ISP links for primary and secondary mx, (two ip addresses), You can use following

v=spf1 mx ip4:1.2.3.4 ip4:5.6.7.8 -all

whereas 1.2.3.4 , 5.6.7.8 are the Public ip address of your email server.

OR something like

spf1

In above image, 1.2.3.4 is primary internet link IP for email server, and 5.6.7.8 is seconday backup internet link IP , so I added both in the record.


Regard’s

Syed Jahanzaib

 

July 1, 2016

Postfix as GMAIL relay to send email

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 1:45 PM

postfix-logo


This post was made to illustrate howto send emails via postfix mail server using Gmail. Previously I was using sendmail with gmail in combination but few times sendmail made troubles in new installation, therefore i switched to postfix which is quite simple as compared to sendmail complexity. I have tested it at various networks and so far found it reliable.

It can be used by other mail applications like mail utility, radius manager web bulk mail function, or any other you like.  We will use GMAIL as relay to send our emails using our gmail account. You need functional gmail account for this purpose, and make sure ‘allow less secure application’ is turned on to availe this function.

TIP:
We can also use this as centralized email server gateway so that all of our devices on the LAN like Mikrotik Router, Cisco Switches, Mobile Devices and others can send via this email gateway so that we can get rid of configuring email services at each system separately.

That’s why in some specific situation, I say “Work Smarter, Not Harder” / Za!b


Software Used:

OS : Ubuntu 12.4 / 32bit
Email Server : POSTFIX 2.9.6

Let’s Start …

First we need to update ubuntu apt-get and then install the postfix mail server application

Step#1

apt-get update && apt-get install postfix mailutils libsasl2-modules

When prompted for “General type of mail configuration” choose Internet Site.
When prompted for a “Mail name,” you can use default name.

Once above installation is done,

Create and edit new file which will store the Gmail ID and Password

touch /etc/postfix/sasl_passwd
nano /etc/postfix/sasl_passwd

and paste following [Make sure you replace YOURGMAILID+YOURPASS with valid gmail credentials.

[smtp.gmail.com]:587 YOURGMAILID@gmail.com:YOURPASS

Save & Exit.

Step#2

Now Make it accessible for root

chmod 600 /etc/postfix/sasl_passwd

Step#3

Edit postfix main configuration File by

nano /etc/postfix/main.cf

Remove all previous lines and paste following ….

#Postfix main configuration file / Syed Jahanzaib / aacable at hotmail dot com / http:// aacable . wordpress . com 
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
myhostname = radius.localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = radius.localhost, localhost.localhost, , localhost
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_sasl_auth_enable = yes
smtp_sasl_security_options =
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

Save & Exit.

Step#4

Use postmap command to compile and hash the contents of sasl_passwd. The results will be stored in your Postfix configuration directory in the file sasl_passwd.db.

postmap /etc/postfix/sasl_passwd

Step#5

Create folder to hold mails

mkfifo /var/spool/postfix/public/pickup

Step#6

Change the FROM address. It will be displayed at user inbox.

chfn -f 'YOUR COMPANY NAME' root

Step#7

Make sure you have Enable “Less Secure Apps” In Gmail
https://www.google.com/settings/security/lesssecureapps

Step#8

If sendmail was previously installed, then remove it and stop its service

apt-get remove sendmail
service sendmail stop

Step#9

Finally Restart POSTFIX service

sudo /etc/init.d/postfix restart

FINAL Step#10 / TESTiNG the Ride !

Now try to send email by using command in the terminal, change the email address to your email address

mail -s "Test subject from postfix by Syed.Jahanzaib" aacable@hotmail.com

After this it will ask cc: , just press enter
it will show blank cursor where you can type the email body, type it any text or leave it blank , then press press CTRL+D to finally send the email

Now at the same time in other window, Check mail log for any error

tail -f /var/log/mail.log

psotfix log

 

Result:

3

June 28, 2016

RM: Auto Renew User if Deposit available

Filed under: Radius Manager — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:04 AM

AutoRenewal

Revision History:
24-Jun-2015 / Added Base Script
29-Jun-2016 / Added Invoice function / Fixed bug if user quote is under 1 GB limit / few minor tweaks

As requested by an Valenzuela client.

In radius manager, there are few options to purchase credits via online payment gateways like paypal or others. If the user account is expired and he purchase service online, it adds the deposit into user account but it does not auto renew the service (as per my assumption, as paypal doesn’t works here in pakistan, so i have very little to no knowledge on it).

Example:

err

 

To make a workaround for this issue, I made a script that does the following.

  1. Scheduled to run after every 10 minutes
  2. Fetch users lists from rm_users table who have DEPOSIT available (credits above then 0)
  3. Check user account status , if Active Ignore it ,
  4. Else if expires, check the current service price and match it with the available deposit/credits,
  5. If deposit is not sufficient, then print error and exit,
  6. if deposit is enough, renew the service , add 30 days to service, add quota if any and sends email/sms to user about the renewal done by deposit : )

Disclaimer: The script can further be customized according to the requirements. No part of this script is copied from anywhere. You are free to use it, modify it as you like.This is my own idea Just to share with anyone who is in similar need or just for learning purposes !


SCRIPT!

#!/bin/bash
# Script to renew user account via check deposit and act accordingly
# For Radius Manager 4.1.x
# Created by Syed Jahanzaib
# https://aacable.wordpress.com / aacable@hotmail.com
# 24th Jun, 2016 , 18 Ramazan, 1437 Hijri
#set -x
# Colors Config . . . [[ JZ . . . ]]
ESC_SEQ="\x1b["
COL_RESET=$ESC_SEQ"39;49;00m"
COL_RED=$ESC_SEQ"31;01m"
COL_YELLOW=$ESC_SEQ"33;01m"
COL_GREEN=$ESC_SEQ"32;01m"
SQLUSER="root"
SQLPASS="zaib1234"
USERLIST="/tmp/deposituserlist.txt"
#Create list of users which ahve deposite more then 0.00 value, means valid deposite
mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; SELECT username, credits FROM rm_users where credits > '0.00';" > $USERLIST
#LOOK FOR VALID USER IN FILE, IF EMPTY THEN EXIT
USRVALID=`cat $USERLIST`
if [ -z "$USRVALID" ]; then
echo -e "ERROR: NO USER FOUND for matching ... exiting!"
exit 0
fi
# Apply Formula to read the file in which users list and act accordingly.
num=0
cat $USERLIST | while read users
do
num=$[$num+1]
USR=`echo $users | awk '{print $1}'`
DEPOSIT=`echo $users | awk '{print $2}' | sed 's/\..*$//'`
######################
# ACCOUNT EXPIRY CHECK and other variables
######################
TODAY=$(date +"%Y-%m-%d")
TODAYDIGIT=`echo $TODAY | sed -e 's/-//g'`
MONTH=$(date +"-%m")
CMONTH=`echo $MONTH | sed -e 's/-//g'`
MONTHYEAR=$(date +"%B-%Y")
ALPHAMONTHYEAR=`echo $MONTHYEAR #| sed -e 's/-//g'`
SRVEXPIRYFULL=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
FULLNAME=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT firstname, lastname FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
MOBILE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT mobile FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
COUNTRY=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT country FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
STATE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT state FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
ADDRESS=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT address FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2'`
SRVEXPIRYFULLD=`mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk '{print $1}' | sed 's/expiration//'`
SRVEXPIRY=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT expiration FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2' | sed -e 's/-//g' | sed 's/00:.*//'`
NEXTEXPIRYADD=$(date +"%Y-%m-%d" -d "+30 days")
LOGOFFDATE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT lastlogoff FROM radius.rm_users WHERE username = '$USR';" |awk 'FNR == 2 {print $1,$2}'`
SRVID=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvid FROM radius.rm_users WHERE rm_users.username = '$USR';" |awk 'FNR == 2 {print $1}'`
SRVPRICE=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT unitprice FROM radius.rm_services WHERE rm_services.srvid = $SRVID;" |awk 'FNR == 2 {print $1}' | cut -f1 -d"."`
#LOOK FOR USER ACTUAL SERVICE NAME
PKGNAME=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT srvname FROM radius.rm_services WHERE rm_services.srvid = '$SRVID';" |awk 'FNR == 2'`
# Look for Pakacge Quota trafficunitcomb
PKGQUOTA=`mysql -u$SQLUSER -p$SQLPASS -e "use radius; SELECT trafficunitcomb FROM rm_services WHERE srvid= '$SRVID';" |awk 'FNR == 2'`
PKGQUOTAB=$(($PKGQUOTA / 1024))
PKGQUOTABYTES=$(($PKGQUOTA * 1024 * 1024))
LASTUSRBAL=$(($DEPOSIT - $SRVPRICE))

TIMEUNITEXP=`mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; SELECT timeunitexp FROM radius.rm_services WHERE srvid = '$SRVID';"`
TIMEBASEEXP=`mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; SELECT timebaseexp FROM radius.rm_services WHERE srvid = '$SRVID';"`

if [ "$TIMEBASEEXP" == "2" ]; then
EXPERIOD="$TIMEUNITEXP Days"
#echo "$EXPERIOD"
fi
# Set Quota Limit variable which will be used in the end
if [ "$TIMEBASEEXP" == "3" ]; then
EXPERIOD="$TIMEUNITEXP Month"
#echo "$EXPERIOD"
fi

#######zzzzzzzz#timebaseexp
# Set Expiry Date/Month Unit
if [ $PKGQUOTA -eq 0 ]
then
QT="UNLIMITED"
else
QT="$PKGQUOTA MB"
fi


# Check Service Expiry Date, if Active then ignore
if [ $SRVEXPIRY -gt $TODAYDIGIT ]; then
echo -e "$COL_GREEN User Account = $USR | ALREADY ACTIVE | TIMEUNIT = $EXPERIOD | Expiry Date = $SRVEXPIRYFULLD | User Deposit Available = $DEPOSIT | Pacakge Price = $SRVPRICE PKR | Next Expiry = $NEXTEXPIRYADD | Quota = $QT $COL_RESET
"
else
########### ACCOUNT STATUS EXPIRED BUT NOT ENOUGH DEPOSIT to RENEW ACTION ############
if [ "$DEPOSIT" -lt "$SRVPRICE" ]; then
echo -e "$COL_RED User Account = $USR | TIMEUNIT = $EXPERIOD | ERROR: Account was expired on $SRVEXPIRYFULLD but user $USR DOES NOT HAVE ENOUGH DEPOSIT IN USER ACCOUNT! Current Deposite is $DEPOSIT and Required is $SRVPRICE $COL_RESET
"
else
########### ACCOUNT STATUS EXPIRED and DEPOSIT IS ENOUGH TO RENEW ACTION ############
if [ $SRVEXPIRY -lt $TODAYDIGIT ] || [$SRVEXPIRY -eq $TODAYDIGIT ]; then

# RENEW USERS IF ALL CONDITIONS MATCHED / PRINT FETCHED VALUES , JUST FOR INFO / ZAIB
echo -e "$COL_YELLOW User Account = $USR ** RENEWING NOW ** | TIMEUNIT = $EXPERIOD | Expiry Date = $SRVEXPIRYFULLD | User Deposite Available = $DEPOSIT | Pacakge Price = $SRVPRICE PKR | Next Expiry = $NEXTEXPIRYADD | Quota = $QT $COL_RESET
Now Balance is = $LASTUSRBAL PKR"

# ADD 30 DAYS VALUE TO EXPIRED USER ACCOUNT
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET expiration = '$NEXTEXPIRYADD' WHERE username = '$USR';"
# ADD COMMENTS
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET comment = 'This account was last refresh from DEPOSIT $DATE' WHERE username = '$USR';"
# ADD SYSLOG ENTRY
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_syslog (datetime, ip, name, eventid, data1) VALUES (NOW(), 'n/a', 'DEPOSIT_$USR', '$USR', '$USR renewd service > $PKGNAME');"
# UPDATE User Balance
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET credits = '$LASTUSRBAL' WHERE username = '$USR';"
# ADD INVOICE
mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, date, bytesdl, bytesul, bytescomb, downlimit, uplimit, comblimit, time, uptimelimit,
 days, expiration, capdl, capul, captotal, captime, capdate, service, comment, transid, amount, invnum,
 address, city, zip, country, state, fullname, taxid, paymentopt, paymode, invtype, paid, price, tax, remark,
 balance, gwtransid, phone, mobile, vatpercent )
 VALUES
 ('admin', '$USR', NOW(), '0', '0', '$PKGQUOTABYTES', '0', '0', '$PKGQUOTABYTES', '0', '0', '30', '$NEXTEXPIRYADD', '0', '0', '1', '0', '1', '$PKGNAME', 'This user service renewed by Deposit/Payment', '577343812eee0', '1', '2016-0021', '$ADDRESS', '$CITY', '00000', '$COUNTRY', '$STATE', '$FULLNAME', 'n/a',
 DATE_ADD(CURDATE(), INTERVAL '10' DAY), '0', '0', '$TODAY', '$SRVPRICE', '0.000000', '', '$LASTUSRBAL', '', '$MOBILE', '$MOBILE', '0.00' );"

mysql -u$SQLUSER -p$SQLPASS -e "use radius; INSERT INTO rm_invoices (managername, username, amount, price, tax, vatpercent, balance,
 date, service, paymode, invgroup, paymentopt, transid)
 VALUES ('admin', 'admin', 1, '-$SRVPRICE', '0', '0.00',
 '', NOW(), 'Ref.: C-$TODAY', '2', '1', DATE_ADD(CURDATE(), INTERVAL '10' DAY),
 '577343812eee0' );"

# UPDATE Quota limitations if any, else ignore
if [ "$PKGQUOTA" -ne 0 ]; then
echo "Adding $PKGQUOTA MB Quota Limit for $USR as well
"
mysql -u$SQLUSER -p$SQLPASS -e "use radius; UPDATE rm_users SET comblimit = '$PKGQUOTABYTES' WHERE username = '$USR';"
else
echo "No need to add quota"
fi
fi
fi
fi
done
# THE END SCRIPT ENDS HERE #
# SYED JAHANZAIB

RESULT!

1


 

June 22, 2016

Retrieve User Old/Original Password in RM

Filed under: Radius Manager — Tags: — Syed Jahanzaib / Pinochio~:) @ 10:44 AM

lostpass

Please beware that this post is just for Example purpose Only. In real production environment you must be very careful for providing such option. Make it tightly secure, add captcha code & provide this feature to requesting users only. AVOID using bash, RELY on PHP !


As requested by an client, Following is an script that can retrieve user’s current current password from 'radcheck' table. This method is useful in some situation where operator dont want to change the password for user, but to provide them there old/original password.

  • In RM, user’s password are encrypted with MD5. which is a Digest algorithm. Think of it as converting a cow into a steak. Now try to reverse that:)
  • There are some online MD5 decrypter, but they can decrypt general or common words. If you have something complex password, it wont be able to decrypted.

So rather then getting into MD5 decryption mess, why not retrieve it under the table😉 by getting it from radcheck table.

There are few methods we can provide ‘current password retrieval’ funcion to user.

  1. We can configure playSMS to receive incoming SMS from user with specific command and username, then the system can retrieve user current password and sms to his Registered mobile number.
  2. Or we can make a simple PHP page where user can enter his user ID and then the system can send password to his Registered Mobile No. and Email address.

the Script ! [SAMPLE]

#!/bin/sh
#set -x
SQLUSER="SQL_USER"
SQLPASS="SQL_PASSWORD"
COMPANY="MyCompany"
CURDATE=$(date +"%Y-%m-%d")
echo $1 > /tmp/rawdata.txt
USERNAME=`cat /tmp/rawdata.txt |awk '{print $1}'`
echo ""
PASS=`mysql -u$SQLUSER -p$SQLPASS --skip-column-names -e "use radius; select value from radcheck where username = '$USERNAME';" | awk 'FNR == 1'`
echo "Dear $USERNAME,

Your Password is $PASS

Regard's
$COMPANY"

Execute the script and see the result.

shpass


PHP Form base method using Shell Script !

f1

f2

 

Sample php/shell files uploaded to

https://drive.google.com/folderview?id=0B8B_P2ljEc2xSndud0hDV29HT2s&usp=sharing&tid=0B8B_P2ljEc2xcEdkd2ttV1ZmNFU

Make sure you add good security measurements first !

 

Regard’s
Syed Jahanzaib

 

June 20, 2016

Routing & Natting with Failover ! Brothers in Arms

Filed under: Mikrotik Related — Tags: — Syed Jahanzaib / Pinochio~:) @ 1:39 PM

natro

~ Mikrotik CCR.1036 Performance Statistics ~

ccrload

 

mrtg


Reference Notes:

Mikrotik is a very powerful router that can perform variety of functions in one box. Sometimes It’s fun to do complex configuration with customized scriptings to achieve our desired results. I just wanted to share some thoughts on one scenario where I configured multiple WAN links with PCC config plus public ips routing for users in single CCR RB. Routing+Natting+Firewalling+QOS+Scriptings and much more all together. Later we added failover so that if pcc wan links fails it should switch to fiber link, and if fiber link fails, it should failover to dsl by blending public ips into PCC.

  • Mikrotik have 4 DSL links which are configured in PCC (Load balancing) and serving local pppoe clients.
  • We have added another WAN Link via Fiber which is 1 STM (155mbps) and have acquire another large public pool for users which is routed to our /29 ip on mikrotik.
  • We have configured services in such a way that normal users gets private ip upon pppoe connectivity, and goes via PCC/Natting. and few services are configured in such a way that user gets public ip and goes to internet via public ip Routing, (bypass natting, preserving his public ip)
  • We have configured VLANs to isolate the different areas/networks to minimize the broadcast and for better network management. Also some corporate clients are connected to separate vlans to provide them public ip pool to be used in there routers.
  • We connected some corporate clients, which of course should not be connected via pppoe method, they wanted direct public ip so they can configure it in there own router/system. So we did it by connecting that client on our vlan switch,TAG there port traffic, and on mikrotik we added new vlan interface (accordingly ) and assign public ip (as required like /30) and assigned it to this new vlan interface, and gave appropriate ip to the client.
  • We have configured FAILOVER by using following techniques
  • 4 vdsl links are configured as PCC. For fail over we are using script that monitor 2 internet hosts for each wan link. we have also created forced route for those hosts with black holes as well to make sure the hosts goes via specific wan link only. once the script failed to ping those 2 hosts, it will simply enable rule in (ip/route/rules) TABLE to lookup the speciifc wan marked packets via main table where fiber link have distance value of 1 which will be default rule. thus traffic for that failed dsl link will start natting via fiber link. of course there are various other measurements need to be done, like proper natting rules, etc.
  • For fiber fail over (public ips) to dsl, we have script that checks for 2 hosts, if it fails, it will simply add the public ip pool to pcc pool as well, so the public pool also starts mixing with the pcc quern😀
  • CCR performed amazingly good with complex configuration , lots of dynamic queues, and CPU usage usually remains under 10%. We can use PCQ base queues to lower the cpu usage in specific circumstances.
  • QOS is dynamically Done by the radius billing system. In this case DMASOFTLAB Radius Manager.
  • FTP are in DMZ, controlled by Mikrotik Firewall and separate QOS are setup to provide each user with 4 MB of downloads from local media server. This is done to prevent over utilization by each user. I used Queue type and then tag it with the simple queue for FTP. I also marked packets in mangle going to FTP, then later used in queues.
  • There are few other scripts configured like daily backup script, wan monitoring scripts, etc.
  • DDNS is also configured to access mikrotik and other servers/devices behind the MT, to pass through via PCC. port forwarding with the PCC is a bit tricky, and it requires additional rules in mangle and routes. I wrote about it in details in other posts.
  • Lot of port forwarding:)
  • Filter rules to block DDOSER, Block PING access ,Port Scanning etc…

 


Regard’s

Syed Jahanzaib

MRTG graph 120M Limitation

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 11:00 AM

mrtg


If you are using MRTG and have gigabit network, you may notice that mrtg graphs will not show you traffic above then 120mb.  This is a common problem caused by 16-bit counter rollover. By default MRTG polls the device every 5min using SNMPv1, then a traffic greater than 120 Mbps will cause the 16 bit counter to wraparound in this time window.

therefore , MRTG only displays the lower traffic as it cannot tell how many times the counter has rolled over.

There are two workarounds to over come this issue.

  1. SNMP V2
  2. RRD

Quick Workaround:

I used SNMPv2. This is the best option, if your device supports it (Mikrotik do support SNMP v2). If using SNMPv2, then you can use the 64bit counters, which will not wrap around.

To do this, add

:::::2

(5 semicolons and 2) as a suffix to your Target definition to specify SNMPv2.


Working Example:

To edit existing configuration file.

Target[10.0.0.1_eth0]: #eth0:public@10.0.0.1:::::2

or with cfgmaker

cfgmaker public@10.0.0.1:::::2

I will write on RRD later which is the best option in my opinion , specially for heavy networks.

Regard’s
Syed Jahanzaib

June 13, 2016

CRON examples ! Focus and save yourself from embarrassment !

Filed under: Linux Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 3:07 PM

cron examples

 

To add scheduled job in linux/ubuntu, use

crontab -e

To view installed cron

crontab -l

Examples:

Run Script at Every 1st day of Month.

@monthly /temp/script.sh

Run Script Daily at 00:00 hours (midnight)

@daily /temp/script.sh

Run Script every hour 

@hourly /temp/script.sh

Run Script every minute

* * * * * /temp/script.sh

Run Script after every 5 minutes

*/5 * * * * /temp/script.sh

Run Script on Specific Timings And Date of Months, Example run script on 10am and 11am  on 12th of every month.

00 10,11 12 * * /temp/script.sh

Run Script on Specific Hours of Every Month, Example run script on 9am of every month.

00 9 10 * * /temp/script.sh

Run Script on Specific Hours RANGES , Example run script on 10am to 8pm , means every hour from 10am-8pm

00 10-20 * * * /temp/script.sh


Shortcuts in CRON

         
@reboot        Run once, at startup.
@yearly        Run once a year, "0 0 1 1 *".
@annually      (same as @yearly)
@monthly       Run once a month, "0 0 1 * *".
@weekly        Run once a week, "0 0 * * 0".
@daily         Run once a day, "0 0 * * *".
@midnight      (same as @daily)
@hourly        Run once an hour, "0 * * * *".


 

Older Posts »

The Silver is the New Black Theme. Blog at WordPress.com.

Follow

Get every new post delivered to your Inbox.

Join 3,471 other followers