Lenovo SR650 Corrupt GPT & ESXi install failure

Recently one of our Lenovo SR650’s disk got faulty. It had 14 x 1.2 TB 10k SAS disks. As a long term solution & to avoid any urgency, we decided to remove 2 disks (faulty one for replacement & one for cold spare backup to be used by same or other similar servers).

Once we re-created new Raid.-10 & rebooted the server , boot screen was showing below error

We tried to follow the Lenovo Note which instructed to go into Setup->System Settings->Recovery->Disk GPT Recovery and set to “Automatic.” but still the error didn’t sorted. To settle it on Server Bios level, we performed following steps

• Update SR650 UEFI Firmware ( Lenovo Download Link )
• Removed Raid Config, Re-create Raid Config with Full Initialization
• Full power cycle the server once above is done.

This sorted the Bios screen error regarding GPT.

But once we started the Vmware ESXI 6.5.x installation , it was failing (between 5% and 8%) with the following error …

“partedUtil failed with message: Error: The primary GPT table states that the backup GPT is located beyond the end of disk. This may happen if the disk has shrunk or partition table is corrupted. … Error: Can’t have a partition outside the disk!  BLAH BLAH BLAH …”

---

Solution # 1

Boot with any windows ISO ( Must have the RAID controller driver or the OS should have in-built drivers, in my case, windows server 2019 had the raid drivers). You can also use Linux base Boot OS .

Re-create the partition , Format & Booom. Afterwards just boot from ESXI ISO/CD/USB/Networkboot , and the ESXI will install fine.

---

Solution # 2 (Quick & Recommended for admins)

During ESXi installer at anywhere ,

Press Alt-F1 (which will bring you to shell window asking for credentials)

Use following credentials

• ID: root
• Password: No password. Just press enter & you can use the CMD’s to sort the issue

Issue the below CMD which will show you list of disk device names that can be managed by partedUtil

ls -ltrh /vmfs/devices/disks

** Note the disk ‘identifier’ that we want to fix. In my case it was 6.5 TB partition in which we wanted to install the esxi.

Now issue the below cmd

partedUtil mklabel /dev/disks/naa.600062b2031e00402a165add7ff9c3ac msdos

This overwrited the brooked partition table. Now return to the installer screen and continue.

This time, esxi installation went fine without errors.

---

Regard’s
Syed Jahanzaib

Restricting Lotus Domino Email Flow for Local Groups

We are using Lotus Domino 8.5.3.xxx series mail server which have many local groups along with associated members in it. Yesterday an valid external user sent annoying email to some of local groups like dept1@mydomain.com & the email got delivered to all members associated with this group despite there was no email/internet address defined for it. This happened for the first time & we were surprised as it was not in our knowledge before that external user can send email to local groups as well despite not having internet addresses created for it exclusively.

After doing some R&D and posting to lotus domino groups, it was revealed that under Server Document / Configuration Setting / Router/SMTP / Basics  , there was a setting named ADDRESS LOOKUP set to FULLNAME THEN LOCAL PART , which was responsible for accepting email for the local group even though there was no internet address associated with it.

Some explanation :

FULLNAME THEN LOCAL PART (default):

The Router first searches the Domino Directory for a match for the full Internet address (localpart@domain.com). If no match is found, it searches the directory again, looking for a match for the local part of the address only.

After setting it to FULLNAME ONLY, [followed by tell router update / tell adminp p all / sh nlcache reset] the issue got resolved & now when external user sends email to DEPT1@mydomain.com , he gets ‘Recipient could not be found’ NDR report.

[0B60:000A-18F4] 02/28/2020 08:45:26 AM SMTP Server: Mail for dept1@mydomain.com rejected for policy reasons. Recipient could not be found in the Domino Directory.

NOTE: Full Name Only in conjunction with not having an Internet Address specified for the Group will work.

---

Other workarounds:

Initially we restricted flow email destined to local group by using two methods

1) MAIL RULES

Under Server Document / Configuration Setting / Router/SMTP / Restrictions & Control / Rules , add a new rule like following

dont forgot to Move this rule on TOP

I have also added my id in exception so that I can send email This is example for EXCEPTION.

2. Group based ACL 

Second method is by putting ACL on each group so that only particular user can see the group , list members, or send email to that particular group. Use the reader attributes of the group being used to email to (open the document properties of the group and click on the tab with the key). Set who can read the group to a limited group of people who are authorized to send such broadcasts. Be sure to include localdomainservers as well as the names of the people who maintain the group. Now they can put it into the TO field without concern for someone replying to all since only someone who can see the group can use it. This works for external users as well because smtp messages are treated as anonymous. Unless you give anonymous access to the group, they can’t use it either.

This is briefly described here

https://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_restrictingusersfromsendingmailtogroupsinthedomi_t.html

---

Regard’s
Syed Jahanzaib

24.913295 67.003542

DENIED Notes users are still able to access mails through IBM Notes Traveler

This post is about a case study regarding “Denied access Notes users are still able to access mails through IBM Notes Traveler“.

We are using IBM lotus Domino server as per following

• – Lotus Domino – Primary Mail Server [For Lotus Notes/Webmail]
• – Lotus Domino – Traveler Role [For Mobile Devices like Android/iPhone]

 

Case Study:

Today, It was brought to our knowledge that one of company’s employee resigned on 28th June 2019) have sent emails to HR Dept on ndex day. while his account was under DENY group, but still he was able to sent emails. We tried settings from IBm document referenced “Denied access Notes users are still able to access mails through IBM Notes Traveler” from https://www-01.ibm.com/support/docview.wss?uid=swg21634205 but still no luck. Traveler users who were under NO ACCESS GROUP under Primary LOTUS server were still able to sync emails.

Our Blocking Practice:
As per our practice , when any user resigned from the company, we add him under DENY GROUP under Lotus Domino Server for few days, which blocks the Notes/Webmail Access access for that particular user. Later if user withdraw resignation we just remove his name from this list, Else we remove his profiles and save his email in Archive for ever.

Findings:
If the user have IBM Verse installed on there mobile device, he can still access the email because his access is blocked primarily on Lotus Email Server, but since mobile devices does not communicate with the Primary server directly instead they access it via separate TRAVELER server (by proxying through LOTUS TRAVELER server), and communication between Primary Server & Lotus traveler server is being done through server to server basis thus they could access the emails.

Solution:

Adding the NO ACCESS list in the traveler server document under security DID THE TRICK !

[13FC:000A-1574] 07/01/2019 12:45:02 PM XXXXX Web Server: Access Denied Exception [/traveler?action=sync&orig=sp&deviceId=Android_a41df4vf3fe46a8e3a] CN=MY USER/O=MYCOMP

This list will be updated via Primary Lotus server after every 10 minutes (using replication connection) & it will act as additional level of permissions filtering. Now if any user will be added under DENY GROUP under Lotus Mail Server, this list will be propagated to Lotus Traveler server as well which will deny the user request if his name is under DENY GROUP.

Thanks to FB group “IBM Lotus Domino Administrators” for pointing in the right direction.

---

Some addition Tip:

to flush DB cache

sh nlcache reset

https://www.novell.com/coolsolutions/tip/17050.html

Regard’s
Syed Jahanzaib

 

Forced routing of selective emails to ISP SMTP via Mikrotik Routing

---

Scenario:

We have a LAN environment with our own email server [IBM Lotus Domino] hosted locally. Mikrotik router is acting as our gateway router with /29 public pool & port forwarding from mikrotik public ip to email server is configured. Barracuda Antispam gateway is in place as well.

Problem & Challenges :

Sometimes there are few email servers on the internet that does not accept our emails, either they bounce back or silently drop our emails despite our public IP is not listed in any of blacklisting on the internet[It happens commonly with microsoft hosted email servers as they silently drop our emails without informing any reason]. If we use our ISP SMTP as relay in the DOMINO configuration, then the emails delivers to those particular servers without problem. But we cannot use ISP SMTP for all emails routing/relaying as they have per day sending limit, and we donot get proper reports for delivered or hold emails.

Another BIG problem is that sometimes ISP’s SMTP server IP gets ban/added in the spamhaus or likewise SPAM blacklist database & when this happens 80-90% emails bounces back.

So we needed a solution where we should not use ISP SMTP relay all the time but only particular destination email server’s mails should be routed to ISP smtp. & it should all be controlled by our Mikrotik RouterOS dynamically/centrally.

---

Solution:

First created a address list which should contain IP addresses of remote email servers [that donot accept our emails directly]

/ip firewall address-list
add address=smtp.remotemail.server.com comment="remote company mail server X IP" list=few_mails_routing_2_primary_ISP_smtp

Now using NAT rule, we will forcefully route all emails [port 25 traffic] going to above address list, will be routed to ISP SMTP , with below rule …

# 1.2.3.4 is the ISP SMTP IP

/ip firewall nat
add action=dst-nat chain=dstnat comment="Few Mails Routing 2 primary ISP smtp" dst-address-list=few_mails_routing_2_primary_ISP_smtp dst-port=25 protocol=tcp to-addresses=1.2.3.4 to-ports=25

It’s done.

BUT next challenge is to overcome issue when ISP changes it’s SMTP IP address for whatsoever reason, so we need to schedule a script that will keep checking the ISP SMTP IP by resolving it via google dns, and update the ISP SMTP IP in the NAT rule. [As per my knowledge we cannot put DNS name in TO-ADDRESS field, this is why putting IP is necessary, & update it dynamically is also essential to avoid bouncing email dueot blacklisting for ISP old SMTP IP]

the Script !

or workaround I suggest for very particular problem?

# Mikrotik routerOS script to resolve ISP SMTP, and add it to variables & in NAT rules
# Useful in scneario where ISP change its smtp IP frequently (to avoid SMTP Blacklisting)
# Script by Syed Jahanzaib / aacable at hotmail dot com / https : // aacable . wordpress . com
# 31-January-2019
# Find rule with following comments
:local COMMENT "few_mails_routing_2_primary_ISP_smtp";
# DNS Name of SMTP for resolving
:local ISP1SMTPDNSNAME "smtp.multi.net.pk";
# Which DNS server to be used for resolving
:local DNSSERVER "8.8.8.8";
# Below is Default IP of SMTP Server, so that if resolving cannot be done for what so ever reason, set this IP as DEFAULT SMTP
:local DEFAULTSMTP "202.141.224.89";
# Destination port that need to be redirected
:local DSTPORT "25";
# Dat time variables
:local i 0;
:local F 0;
:local date;
:local time;
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get time])
:local sub3 ([/system clock get date])
:set date [/system clock get date];
:set time [/system clock get time];
# Set script last execution date time
:global SMTPLastCheckTime;
:set SMTPLastCheckTime ($time . " " . $date);

# Set global variables to store for ISP SMTP & its last resolved status
:global ISP1ACTIVEIP4SMTP;
:global ISP1SMTPLASTRESOLVERESULT;

# Check if resolving is doable, then act accordingly
:local RESOLVELIST {"$ISP1SMTPDNSNAME"}
:foreach addr in $RESOLVELIST do={
:do {:resolve server=$DNSSERVER $addr} on-error={
:set ISP1ACTIVEIP4SMTP "$DEFAULTSMTP";
:set ISP1SMTPLASTRESOLVERESULT "FAILED";
:log error "$ISP1SMTPDNSNAME resolved result: FAILED @ $date $time !";
/ip firewall nat set to-addresses=$DEFAULTSMTP to-ports=$DSTPORT [find comment="$COMMENT"] }}

# If resolving is ok from above results then set resolved address as default SMTP ip
:if ($SP1SMTPLASTRESOLVERESULT !="FAILED") do={
:log warning "$ISP1SMTPDNSNAME resolved result: SUCCESS @ $date $time !";
:set ISP1ACTIVEIP4SMTP [:resolve "$ISP1SMTPDNSNAME"];
:set ISP1SMTPLASTRESOLVERESULT "SUCCESS";
/ip firewall nat set to-addresses=$ISP1ACTIVEIP4SMTP to-ports=$DSTPORT [find comment="$COMMENT"]
}

We can add dynamic names in the ISP SMTP address list.

---

Regard’s
SYED JAHANZAIB

 

 

 

24.918426 67.004826

IBM Lotus Domino/Notes Related Short Notes

We are using IBM Lotus Domino 8.5.3 / FP6 (Yep its decade old version, but we are still using it). Following are some short notes for personal reference.

---

Lotus Notes Client USER ID file location

Sometimes when we RESET user Lotus notes password on domino server, we have to delete user.id file on user computer so that he can login instantly using new password. To delete user id file , goto

• C:\Users\XXXXUSERXXX\AppData\Local\Lotus\Notes\Data

or Goto run and type

%userprofile%

& enter , now goto APPDATA , Local , Lotus  , Notes  , Data , & here you can see user.id file.

---

Delete mail.box

From domino administrator console issue following

# to exit domino
q 

# Move mail boxes files (I had 2 mailbox to hold more mails)

Move mail1.box & mail2.box out of notes data dir via OS file explorer

Now start domino

Open old mail boxes and copy (valid) held messages into new one ….. if required

---

Reconfigure Lotus Notes Client (Old installation)

Method #1  [Quick]

Close Lotus Notes & rename the Lotus folder following located at

C:\Users\YOURUSER\AppData\Local\Lotus

[Make sure to backup your ID file, sometimes it is required when you do reconfiguration of Notes Client & backup if file will come in handy]. In new lotus notes version starting from 8.5.3, there is no need for ID file, it auto copy from the server

Now start Lotus notes, and it will start the configuration wizard.

---

Cannot find external name: NAMESORTVIEWPO

1. Open your inbox
2. Select Actions – Folder – Upgrade folder design
3. Choose “Automatic” and complete the process.
4. Close/reopen mail.

This should fix your problem.

---

Lotus Notes TEMP location for opened saved files

Goto Start / type

%temp%

and press ENTER. it will show you few folders. Look for folder name starting with “notesxxxxx” this folder contains all the temporary files.

---

Block extensions with Domino server builtin configuration …

Make sure if you are checking for different types of attachments that you use OR and not AND to build your list of rules.

• i.e., When Attachment name contains .exe
• OR When Attachment name contains .zip
• OR When Attachment name contains .bat

You need to review the rule for exemple:

If your rule have:

(Block *.exe AND *.pif AND *.com) the rule will block only mails that have these 3 files in the same time.

but if you create the rule as:

(Block *.exe OR *.pif OR *.com) the mail rule will block any mails that have anyone of the file extensions specified.

I was not aware of it 😮  , damm

---

Set Lotus Notes as Default Mail Client in 8.5.x series

To set Lotus Notes as default email client, Open Notes Client click on

• File
• Preferences
• Mail
• Internet and check “Use Lotus Notes as my default e-mail program“

 

Lotus Notes Default Browser Setting

For

• IBM Lotus Notes – Release 8.5.3
• Revision 20110916.0921 (Release 8.5.3)
• Standard Version

Use Following

1. Goto Files
2. Preferences
3. Web Browser
4. & select ‘Use the Browser I have set as the default for this operating system’. Make sure to set default browser for the system in default apps.

For

• IBM Lotus Notes – Release 8.5.3
• Revision 20110916.0921 (Release 8.5.3)
• Basic Version

use following

Open Lotus Notes, Edit your ONLINE location (You can do it , Goto Internet Browser, Select Other, and then browse it to chrome file location example

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

---

Fixing Lotus Notes so the inbox opens by default

Ever opened up your mailbox in Lotus Notes and for some reason it opens up by default one of your sub-folders instead of your inbox?

Someone at work had this issue and I felt like banging my head against the wall trying to find a resolution. Anyone who has to help maintain Lotus Notes knows my pain. Considering that Notes is used by so many companies, the amount of help resources online is surprisingly few.

After much searching, I found the answer though on a vaguely worded post on IBM’s Lotus Notes forums that was over 3-years old. It really sounded like a last gasp guess by someone, but with no reply saying if it actually worked.

Which it did!

All you need to do is delete, move, or rename your bookmarks.nsf file from your local Notes client Data folder. The next time Lotus Notes starts up, the bookmarks.nsf file will be recreated and Notes will once again default to your inbox when your mailbox is opened.

Warning: Keep in mind that any other settings made to the bookmarks.nsf file will be lost. For example, any changes to the vertical toolbar on the left side will be gone. That is why the best policy is to backup bookmarks.nsf first. You have been warned.

---

IBM Sametime Does not Open ! (v7.5)

Fist try to upgrade with latest release, it will solve many issues !

Case # 1

Symptom:
Sametime Connect displays the splash screen but does not start.

Resolution:
Before performing an unnecessary re-installation of the Sametime client, try to resolve the issue by following these steps:

1. Close the Sametime application.

2. Locate the file C:\Documents and Settings\Administrator\IBM\RCP\Sametime\.metadata\plugins\com.ibm.collaboration.realtime.imhub\shelfmemento.xml.

3. Delete the file C:\Documents and Settings\Administrator\IBM\RCP\Sametime\.metadata\plugins\com.ibm.collaboration.realtime.imhub\shelfmemento.xml.

4. Restart the Sametime application.

5. If that does not help, delete or rename C:\Documents and Settings\Administrators\IBM\RCP\Sametime or
C:\Documents and Settings\”Username”\IBM\RCP\Sametime

If nothing works, remove same time, delete its leftover folders, restart, and re install the sametime client.

Case#2

Lotus SameTime doesn’t start when launched

Short Description: Attempting to launch Lotus Sametime results in the application being highlighted in the taskbar but not getting to the splash screen or subsequently launching.

Problem:  In my case, TaskManager will show multiple copies of “rcplauncher.exe” are running but Sametime.exe is not. It appears to be a copy of the file %APPDATA%\Lotus\Sametime\.rcp.lock is…well…locked and preventing the application from launching.

To fix step by step:

Kill all instances of rcplauncher.exe

Remove the hidden attribute from %APPDATA%\Lotus\Sametime\.rcp.lock
delete or rename .rcp.lock (I’m not sure there are a lot of situations in which you would need to back up this file, but if you’re concerned, back it up).

Or run this from command line/as a cmd file:

Taskkill /F /IM rcplauncher.exe (for earlier versions of windows kill.exe may be necessary instead of taskkill)

attrib -a -h %APPDATA%\Lotus\Sametime\.rcp.lock

del /q %APPDATA%\Lotus\Sametime\.rcp.lock

if the file isn’t found and shows in explorer, check that the APPDATA environment variable is set correctly

“set |findstr APPDATA” should return

<users>\<your username>\AppData\Roaming

---

Lotus Traveler

After the inreasing usage of Android back in year 2013, I installed Lotus traveler (in 2014) so that android users can use IBM Verse mail app in there mobile to sync with office server.

Case#1 ,

JVM: Traveler: Lotus Traveler task did not respond within the allotted time frame (55,000 milliseconds) for action nameLookup and operation key

There is a database or connectivity issue on the server side. If you haven’t run the defrag on the Traveler (load traveler -defrag), do so now !

---

rvv bucket error

The error “RRV bucket is corrupt” can’t be repaired. RRV bucket means “Record Relocation Vector” table, and if this is damaged, then it can’t be repaired. Fixup, compact, updall and replace design all will fail and will throw the same error. The only solution is to replace with the last back up copy of database. RRV bucket becomes corrupt if the OS hangs, crashes or restarted at the moment when the Record Relocation Vector table is being updated.

---

Lotus Notes Sent emails are not saving under SENT folder [Added 08-January-2019]

Version: Lotus Notes 8.5.3 (FP6)

Fix:

Goto

File | Preferences | User Preferences | Mail | Sending & Receiving

& look for option “Save copied of mail that I send”, It’s a DROP down menu, select ALWAYS , & ok

---

Lotus Notes Set Default Font/Size/Color for New Email Composing

• Compose new email, , now change the text font and size you want to use as Default,
• From the top menu, Select the text.
• Open the Text menu and select Set Current Font as Mail Default.

Note:
Your new default font will appear in the next email you compose. It will not effect the current email composition.

---

Lotus Domino Server LOGGING level for console/mail routing

Set Config Log_Sessions=2

Set Config Log_MailRouting=40

• If you set the Router log level to 40 (maximum output), you get everything. Server Connected, IP Address, Sender, Recipient, SMTP session
• If you increase the Session log level to the option introduced back with 8.5.1, you get all of the information about a server/users connection: Name, Client Version Number, IP address and access type (eg: C=native client),

---

---

Lotus Notes Create FOLLOW UP

Create Follow Up Flags

Sometimes you may view a message and then want to flag it for further (or special) attention.  To remind yourself to return to the e-mail later, you may mark it with a follow up flag, which places an indicator next to the message in the Inbox.  In addition to the flag indicator, you may also set a reminder alarm to pop up at the time and date of your choosing.

Here are the steps for setting a follow up flag and alarm:

1. Select the message or open it.
2. Click the down arrow on the Flag button on the toolbar.
3. Select Add or Edit Flag.
4. Choose either Urgent Priority  , Normal Priority  , and Low Priority  .
5.  This will determine the color of the flag indicator next to the message.
6. Type a follow up action or note for yourself.
7. Set a follow up date and time (if desired).
8. Turn on the alarm if you want a pop-up reminder before the time and date set.
9. Click OK.

There is a follow up column in your Inbox view by which you may sort your follow up flags.  Lotus Notes will place all messages with follow up flags at the top of the list.

When you are finished with a follow up task and want to clear the follow up flag, select the message, click the down arrow on the Flag button again, and select Remove Flag.

---

Lotus Traveler on iPhone 7

https://smallbusiness.chron.com/connect-iphone-lotus-notes-7-75665.html

---

Lotus EXPORT all users details

Goto File > Open > Lotus Notes Application

A new browser window will open, in LOOK IN , seelct your server, & select names.nsf (your Company Directory, ex: XYZ Direcotry), & click OPEN

Now your DIRECOTRY will be displayed,

From file Menu, goto CREATE > VIEW,
A new window will appear,
in VIEW NAME, type any name like XYZ_ALL_EMAIL_ADDRESSESS,
in VIEW TYPE, select PRIVATE, & click “SAVE & CUSTOMZIE”,
new View windows will appear, in this view , click on return ARROW icon, (left side), and directory contact with some info will appear,

Right click on column window , and select APPEND NEW COLUMN

From Lower Right Window, Select FIELD,
You will lot of options, find and select INTERNETADDRESS
and click on Return Arrow on top left ,
You will see all Users Internet Email Addresses,
From this view you can delete any unnecessary column you dont want to see / export

Now to export them in file, Goto FILE / EXPORT, Enter file name, and select TABULAR TEXT in SAVE AS option,
, it will then ask you to select options for Export, do the needful and click OK

---

IBM v3700 – Noisy PSU Problem

 

---

We have IBM v3700 SAN system along with expansion unit as well. From past 2 weeks, there was loud noise generating from the SAN PSU like its running on full capacity. After some research it was found out that its a known bug in the v3700 series SAN and following actions should be taken to sort it.

1. If you have IBM warranty/SLA, call the support, they will rectify the issue as IBM support is very good & quick in most cases. MAke sure you get the San Machine Type / Serial numbers before calling.

---

If you are managing the SAN on your own, then follow these instructions

(this doesnt requires any downtime, the process was non-destructive)

1. The first thing to try is to ‘reseat the PSU cable’ of the PSU that is running high.
2. If reseating the cable did not work, try reseating the PSU. After a few seconds, then fan speed should start to fall.
3. Make sure you are running the latest firmware. I was running 7.1.0.5 (build 80.4.1309270000) that was very old (as of Sep,2017). A fix for this issue has been included from code level 7.6 onward. This fix works for V3700, V5000 and V7000 Gen2 so an upgrade will fix the problem. The new firmware is 7.8 as of current date.
4. Finally the issue should be resolved by resetting the entire canister. Connect to the SAN controller using PUTTY, & issue following command [This point#3 solved my problem]

chenclosurecanister -reset -canister <can> <encl>

You need to find out which canister PSU is making noise. Example

chenclosurecanister -reset -canister 1 1

If you have additional canister, then you may use (wait half hour before applying command to 2nd canister)

chenclosurecanister -reset -canister 2 1

As showed in below image …

Wait for few minutes & the PSU sound should come back to normal.

---

24-October- 2017 Update:

More then one month have been passed & the SAN PS are working fine with normal sound level. So the command really worked (at least in my case)

---

Regard’s
Syed Jahanzaib

 

IBM Lotus Domino: Layman’s approach to move Archive’s to new partition

---

Scenario:

We are using IBM’s Lotus Domino 8.x on Windows 2008 R2 with following folders structure.

• D:\LOTUS\DOMINO\DATA\MAIL   > 500 GB , users inbox
• D:\LOTUS\DOMINO\DATA\MAIL\ARCHIVE > 1000 GB , users archived mails

Archiving policy is enabled on the server-end which runs on a weekly basis, It moves One year old email from the inbox folder to ARCHIVE folder with a_username structure. Disk Space was getting low in D: partition therefore I had added new drive (E:) and wanted to move user ARCHIVE(s) to new partition E:\ARCHIVE

There were few solutions to perform the operation, Online & Offline.

With Online approach we could use the Domino’s builtin MOVE operation (via domino admin client) in which we dont have to take any shutdown, but then we would need to get the timing right. If the mailfiles are not moved into the new folder before our  scheduled , server archive runs then new archive files will be created which may complicate things.

But since I was able to afford 2 hours down time I took the OS cut/paste option.

---

I did following

1. Quit the Domino via Admin Client, then Stop the Domino Services via SERVICES.
2. Moved (Cut n Paste) ARCHIVE folder from D to E: drive (e:\archive2 folder)
3. In D:\LOTUS\DOMINO\DATA\MAIL folder , I created a text file called ARCHIVE.DIR
   In text file put I added path E:\ARCHIVE).
4. Start Domino Server service (Or better to restart the server).

& all went fine.

I am big fan of Domino’s own MOVE operation, but after few months, I will be replacing this machine with new server, then it would be a problem to move the archives again. there fore above Operation was a good choice from Layman’s management perspective 🙂

Hope it will help someone with same situation.

---

Regard's
~Syed Jahanzaib~

Lotus Notes / Copy – Duplicating prohibtited

---

In our company, we have IBM Lotus Domino Mail Server which i managed myself. Getting Lotus Domino support is quite a tough job, especially if you dont have any support SLA with the IBM, which generally costs heavy amount in $. Therefore I have to manage things on my own mostly using google and with some common sense lol.

Today we received an email from a valid client, and when we tried to copy or reply him with history, we receive following error.

It also happens if user have selected following in mail delivery options.

Without going in much details (which is already available in greater details on the internet), here is how I managed to sort it.

---

Requirements: Domino Admin Client.

Open user mail file via Domino Admin Client.
Goto Create / Agent,

As showed in the image below …

 

Make sure you select FORMULA as shown above, and copy paste following code …

FIELD $KeepPrivate := @DeleteField;

Save it with any name like “remove keep private” and exit.

---

Lotus Notes Client:

Now open Lotus Notes Client , goto inbox and open the affected email,

Now goto Action / and you will see the newly created agent name. click on it.

As showed in the image below …

it may take just a second or two most, and will remove the restriction 🙂

Enjoy !

Syed Jahanzaib

 

Fighting with Spoofed Emails in IBM Lotus Domino using Symantec SMSDOM

From the Diary / 12th July, 2016

---

We are using Symantec IBM lotus Domino as our mailing system for inbound/outbound emails & Symantec Mail Security as anti-spam mechanism. Managing heavily used production email server & fighting with the spam is a really tough job to do and requires continuous monitoring and most times requires additional work to do on regular basis.

From past few days, our email users were receiving lot of spoofed (faked advertisement / malware) emails pretending to be coming from there own email address and sometimes other legitimate users as well.. Subject was different every time , and source was dynamic too in the header. It was really annoying as user does not wants to block his email address in filters.

E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Example you can receive email pretending to be coming from your own email address, strange and annoying as well too.

Adding SPF record is a good idea and every mail server mx record should have it. However I took another route which is a kind of workaround BUT at least it’s working amazingly good for me !.

Just to share my story. / z@ib

 

I made following rule in SMSDOM Content Filter Rules Section.

---

Description: BLOCK SPOOFED EMAILS RULE

Classification: Compliance Rule

This rule is for: Email Routing

Flow: Inbound

This rule is applied: Conditionally

Condition: Unless

Attributes: Sender/Author > myself@mycompany.com
[Exempt my few local servers email ids that are used to send backup/alerts emails to admin via using batch scripts]

Rule Expression: if Internet Domain Contains MYCOMAPNY.COM

Action: QUARANTINE the Document

---

Save the rule.

 

Images of rules,

 

---

End Results:

🙂 & now I can see many spoofed emails dropping in  the quarantine box and user’s inbox is clean and shiny.

 

---

TIPS:

Test Spoofing

To test sending spoofed email, you can use following web site to do so ..

https://www.wormly.com/test_smtp_server

 

SPF RECORD: / zaib

To make SPF record on the DNS server, you can use following syntax

v=spf1 mx ip4:1.2.3.4 -all

Above record will allow all your MX records + IP 1.2.3.4 to send email from your domain, everything else is prohibited. But the mail servers or relays must support SPF protocol.

Or if you have two ISP links for primary and secondary mx, (two ip addresses), You can use following

v=spf1 mx ip4:1.2.3.4 ip4:5.6.7.8 -all

whereas 1.2.3.4 , 5.6.7.8 are the Public ip address of your email server.

OR something like

In above image, 1.2.3.4 is primary internet link IP for email server, and 5.6.7.8 is seconday backup internet link IP , so I added both in the record.

---

Regard’s

Syed Jahanzaib

 

IBM Lotus Notes: Inbox Emails disappears when sort by DATE

Today one of our company user faced strange issue in his lotus notes clients {8.5.3 FP6}.

When they just open the Inbox without any sorting, there is no problem and all mail shown. Once they try to sort the mails by ‘Date‘,  all emails in inbox view disappears.

After trying various things like refresh/replace design etc, we finally managed to sort the issue by running UPDALL on that specific db.

From the Domino Server Console  , Issue following command

load updall -R mail/USERDB.nsf

( -R : Rebuild All used views)

Fixed !

Jz!