Lotus Protector – the first hickup (1/16/2010)

This is going to be a real quick one, since it is just a day before Lotusphere® and I actually have other things to do than to fiddle with Lotus Protector and blog about it – but if I don’t write it down now, I will forget about it soon.

Today I had my first hick-up with Lotus Protector. We had a power outage this morning and it lasted longer than my UPS system was able to keep the servers up and running. I was out of the house and could not bring the servers down gracefully so I had a hard crash of the VMWare server that hosts LP. It came back up but for some reason something was not initializing correctly. It would not start the http stack so I could not connect to the admin interface and logging in via the console took me into the setup routine (passwords, host name, ip address, etc.)  but would never let me go to the actual prompt after that so I could have a look at the guts of the beast and figure out what is causing the indigestion.

Being that this is the day before I am leaving for LS10 and I have zero time to waste, I simply went back to a VMWare snap shot I had taken and restarted the instance …and voila, there she goes. The system downloaded the latest spam and AV definitions in about 3 minutes, updated it’s time and date and I received my first mails within 2 minutes of the system starting.

Now, this is impressive, though I regret not having the time to spend on dissecting the server, looking into log files etc. to find out exactly what was wrong and fix the actual issue. I am not hoping that this happens again, but if it does, I hope I can find the time to spend on trouble-shooting.

In any case, having a snapshot of a clean setup is a great was to go and restore in the case of a catastrophic failure. As long as you update that snapshot after any configuration change, you should be alright.

See y’all at Lotusphere!!!

Lotus Protector – Good technology still needs “athinking” (1/13/2010)

Another tale in the life of a Lotus Protector admin.

The system is humming along in the background and rarely needs looking at. In my idle moments (I have none right now) I look at statistics etc., but other than that … nothing. Until this last weekend. I was getting used to the fact that I now have less mail, or so I thought. It was still after the new year, things are less busy, even the spammers are still waking up from their new years party comas and send out less garbage.

Last week I was briefly in touch with a buddy of mine, and we loosely agreed to get together on the weekend and we were moving the conversation to e-mail. Then over the weekend he fell silent .. no response to some of my mails. Well, he gets busy now and then and has not responded at other occasions so it did not alarm me. Too bad, we wanted to grab lunch and watch the movie “The book of Eli”.

Turns out he did answer … but Lotus Protector tagged it as spam. Specifically I had it set up to tag the subject line with the [SPAM] and guess what … I had an older mail rule that I had not looked at for a while that kicked in … yeah – my buddy has been sent directly into the Junk Mail folder in my mail file. I found his mails (he frantically answered 3 times) and allot of other mails I had been missing in there.

So, what does this highlight? That systems will do what you tell them. Good systems will do EXACLTLY what you tell them and it is up to you to act accordingly. So this acts as a cautionary tale to check settings and review things. Especially when you notice “lite mail volume” – something is up! You have to check where all that stuff went to.

I just want to mention once more – this is not a Protector issue, it is a stupid admin issue. Imagine this in an environment with a few thousand users …. I would be running around the clock right now to check people’s mail files for mail rules AND changing the rules on Protector to change that [SPAM] prefix to something else.

Lotus Protector – Notifications (1/6/2010)

Time for a new update.

A) The system is working really well, this is truly a fire-and-forget-missile type device. No blips, no blurps, and no jiggles either.

B) Error reporting is great! I just got a Delivery Status Notification / Failure report on a mail I sent. Normally in Domino these can be rather bland. They will give you an RFC error code, but not much else. I turned on all reporting and set it up to send all reports to an internal account in my mail system. I had ot given it much thought until today when I got my first one:

I just received a failure report from my LP device and it is really good (this is me being geeklily excited) . I have added an edited version further below. Please notice section [<2>] – it gives you the actual output from the rejecting mail server. As I mentioned before, Domino will usually just give you a RFC code and a generic line but this is really helpful. It shows that even thoughs I went by the book, I did not take care of all details – I never updated my external internet DNS with the name for my Lotus Protector device. Somewhat embarrassing, but with the help of clear error messages like this I can actually deal with it right away.

Here is the actual (edited) message:

[<00>] XMail bounce: Rcpt=[john.doe@noplace.com];Error=[550-Inconsistent or no rDNS record for (see RFC1912 2.1)
550-Reverse DNS record and matching forward entry must exist.
550 => wrong configuration at sending server]

[<01>] Error sending message [1262715029329.2561924000.c2d.lprotector] from [lprotector.toalsys.com].

ID:        <10010518-3072-0000-0000-0000000014F3>
Mail From: <victor@toalsys.com>
Rcpt To:   <john.doe@noplace.com>
Server:    <mx.inode.at> []

[<02>] The reason of the delivery failure was:

550-Inconsistent or no rDNS record for xxx.xxx.xxx.xxx (see RFC1912 2.1)
550-Reverse DNS record and matching forward entry must exist.
550 => wrong configuration at sending server xxx.xxx.xxx.xxx

[<05>] Here is listed the initial part of the message:

Received: from /spool/local
by lprotector.toalsys.com with XMail ESMTP
for <john.doe@noplace.com> from <victor@toalsys.com>;
Tue, 5 Jan 2010 13:10:29 -0500
Received: from serveryyyy ([xxx.xxx.xxx.xxx])
by lprotector.toalsys.com ([xxx.xxx.xxx.xxx]) with XMail ESMTP;
Tue, 5 Jan 2010 13:10:26 -0500
Subject: Re: xxxx
From: victor@toalsys.com
Date: Tue, 5 Jan 2010 13:04:47 -0500
To: “John Doe” <john.doe@noplace.com>
Importance: Normal
MIME-Version: 1.0
Message-ID: <OFDB1C99BB.1B47753E-ON852576A2.006350DE@toalsys.com>
X-MIMETrack: Serialize by Router on serveryyyy at 01/05/2010 01:04:49 PM,
Serialize complete at 01/05/2010 01:04:49 PM
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
x-cbid: 10010518-3072-0000-0000-0000000014F3

This is a multi-part message in MIME format.

xx (text removed) xxxx

—– Original Message —–

Lotusphere Idol! and what Groucho Marx would have had to say about it (1/5/2010)

Now, most people who know me know I am not a very picky person. Easy to please, not very argumentative, just don’t put any water in that fine glass of Bourbon or I’ll break your arm – ice only will be perfectly fine. Other than that, I am rather easy to get along with and other than being a bit of a chatterbox I am usually admitted to parties as long as I promise in writing not to spontaneously burst into song.

Now, Groucho – Man-oh-man – he was always my favorite Marx brother. Chico and Harpo had their moments, but nobody had that witty crack and was as good with the ladies as Groucho. On top of that he knew what a good cigar was worth and one of my favorite quotes of his is : “There is no such thing as a sanity clause in my contract.”.

(I plagiarize it now and then in meetings with project managers when they frantically ask me for the fifth time “Why, Victor, why … ?”)

Well, to get back on topic – Groucho had another quote I like ” I don’t care to belong to a club that accepts people like me as members.”

Usually I would follow my idol Groucho’s lead on allot of things, but this time I will have to deviate from his path of reason and sanity. It appears the people behind Lotusphere Idol! decided to seriously lower their standards and accepted the abstract I sent in at the last minute. I don’t usually look a gift horse in the mouth so I gracefully accepted this honor.
(Anyway, asking questions such as whether there were no other mails than mine to be recovered from that corrupted mail-in dB might send Ed Brill and Mr Mooney off to the look for the back-up tapes)

So, Tuesday afternoon I will be there, all bright-eyed and bushy tailed – with my hair as it was engineered by NASA (a Bill Buchan quote) and do my best to make sure that the people don’t leave the room with another one of Groucho’s quotes on their lips:

“I have had a perfectly wonderful evening, but this wasn’t it.” …

See y’all there!

Lotus Protector – On Line! (1/1/2010)

Finally, I got it done – it is alive!

Just a short note on my progress with Lotus Protector V 2.5. I did not want to bring it on-line just before New Year, I wanted a clear head to set it up and be able to troubleshoot if I find an issue. Luckily, I have to say there are no issues so far.

I had putzed around with the first install I had to the point where I did not feel I could get it clean again so I removed the VMWare image and started again from scratch. Following the ‘Getting Started Guide” and using the install/config Wizard I had Protector up, configured and running within about 60 minutes (give or take a few minutes for a tea brake). I had some experience with the information I would need from my earlier testing so I believe a real “fresh” install might take a bit longer when you include the preparation time for relay host settings, accounts to access LDAP on your Domino server, lists of mail domains you will be receiving mail for, etc.

I now have Protector set up so that I route all incoming and outgoing mail through it. So far my testing has not shown any problems, all mail seems to make it through and so far I am not getting anything caught by Symantec that I am still running on the Domino servers. I plan to take a closer look at the logs in a few days to see if anything that got through Protector was subsequently snagged by Symantec. I also intend to compare an average week of mail logs between the two so see what gets caught and what got through.
I am also especially interested on the integration of Protector with the client via policies … that is going to be a really interesting part that I plan to spend some time on blogging about after I have had some time to look at it in more detail.

Stay tuned for more information soon …

Lotus Protector – The story beginns (12/28/2009)

ust a short update – I thought I could use a few days of not-so-busy-time to see what the new Lotus Protector 2.5 is all about. Since it can be downloaded as a VMWare image and thrown on a simple VMWare server, this is an ideal device for me – or at least this is the premise I started this under.

Download – unfortunately the VMWare image is only available as a self-extracting WINDOWS .exe file – since my VMWare servers are all Red Hat or CentOS I had to download that file to my PX, unpack it and then copy the files onto the Linux server. My request to Lotus (if you guys are reading) create a [xx.tar.gz] file for us Linux users please!
Especially since the first download of the 1.8 GB file would not unpack, it always failed on my at 46% so I had to download it a second time – then it worked. I personally don’t like self-extracting files, they can be a mess and are REALLY susceptible to that one bad bit in a download …

Other than that, man is this easy. Throw the VMWare image into the folders your server knows about, add it and … PRESTO! I have been testing it since yesterday and it looks pretty solid. Configuration is rather easy, I did also download the documentation : Adminsitrator Guide Version 2.5 and Getting Started Guide Version 2.5 which you will both need to read to get it up and running. The configuration was so easy, I thought I must have done it wrong and skipped things as I am used to so much more to do from working with devices like IronPort etc. turns out – it is pretty easy. I am going to throw it into the mail stream later today and see how it does. I also run Symantec AV/Anti-spam on my servers so I am curious to see if they catch anything that Protector might miss.

The next step is then the integration with Domino 8.5.1 and the mail files. Flipping on a policy adds the quarantine and rules etc. for each mail user into their navigation bar on the left. I personally use eProductivity’s mail template for my personal mail file, but i will see how it does and also check with some bogus accounts and my prime testers – my kids (I like to call them my little lab-hamsters … lol).

I’ll share the outcome of my mail testing sometime by the end of the week or maybe next week, depending on how things go.


PS: Lotus Protector is free for 2 MONTHS – full functionality. If you want to test it, it is a free download and you pay nothing for 2 MONTHS. Did I stress the fact that you get full functionality for 2 MONTHS yet? If this works the way I hope it will, I can drop my Symantec premium Anti-Spam license which is quite costly. That would be NICE!

What do Techies do on Christmas day? (12/25/2009)

So, what do techies do on Christmas day? Something technical, hence the word “techie”.

Get up in the morning, make yourself presentable because mom will look at that beard stubble with that look you so well know …. real gentlemen, after all, don’t appear unshaven in public. Make coffee for all (who drink it) and then make sure all the Christmas Cards and presents are under the tree and ready. The son wants his new Blackberry, so you gotta steel his phone while he is in the bathroom and take out the SIM card. The daughter is easy, nothing for now, just an IOU that promises to pay for all ballet auditions and necessary stays overnight .. and somehow that promise for the tickets to Broadway’s “Billy Elliott” got scribbled in there. Gee, that handwriting looks an awful lot like .. yeah, her handwriting for sure.
The Empress is not up yet, so off into the daughter’s room where we stashed the loot that was for her. Grandma is simple, that has all been under the tree for a while, she does not peak out of turn like the rest.

Opening and all that stuff to “Classic Christmas songs” – Nat King Cole, Bing Crosby, Frank, Dean, Roy … just like I like it.

Then, right after the Empress decides it is time to start the cooking – the Techie might mention something about “work … a self employed guy never has vacation … grumble, grumble, grumble …” and off to the home office by way of the cookie platter. There is a new CentOS VMWare server to set up and we need to get DB2 going by this afternoon for a new Lotus Connection install. I also have to make enough room for the new Sametime 8.5 environment I will be building later this week.
Maybe the techie is also editing an article for an on-line publication, something like the UCView perhaps? Yeah, that needs to be done as well – especialy since he thingks he has been on drugs when he first handed it in, it is awful and needs allot of re-writing.

But before that .. wine, cousins coming over, alllllot of finger food and .. well, that CentOS serve is only half done, I guess it will have to wait. After all, a good glass of red wine can be way more important that a VMWare server.

A techie’s Christmas can change at a moments notice I guess. Not that I would know from first person experience, but I have heard, it can transform ….

Merry Christmas!

Lotusphere coming up (12/22/2009)

Aaaahh, it’s that time of the year again! All the normal people in this world are looking forward to Christmas, Hanukkah, Kwanzaa or some even to Saturnalia or other year-end festivities. We in the Lotus geek community though, we are our mental preparedness for the soon to happen ascension to the Lotusphere. Until recently I had actually not planned to attend this year because of work as the company I am currently parking my car in front of is going live nationwide with a large Lotus Connections deployment the week after Lotusphere. We went pre-live (soft-live? soft launch? lukewarm semi-live launch? I never get that terminology right) last week and things are running well so far. So well actually, that I decided it was worth the conversation with the PM to argue for time off. As it turns out, it was not much of an argument. The PM is awesome and I am not the big lead on the project anyway (in plain speak: I ain’t that important – other people are) so Lotusphere here I come.

Also, I have been asked by a vendor to speak at one of their side shows and foolish me also decided to throw my hat into the ring and submit for Lotusphere Idol. Well, let’s wait and see if I even pass the first hurdle on that one and get a shot at speaking. Fingers crossed! In any case – nothing ventured, nothing gained. So now my peaceful and relaxing Christmas break just turned into a writing frenzy as I have to work on the presentation for the Vendor (more details later, I don’t want to spoil it) and also prepare should I make Lotusphere Idol – pus I have to study to take advantage of the reduced rates for certification tests at Lotusphere. I also have to finish editing the second article I have going out for The UC View soon – that one is rather involved and I will have to do some serious hunkering down to get it done just right. On top of all of that holiday cheer I have my mother in the house over the holidays and promised to take her around a bit as well as sitting in the house all day is rather boring. I guess I have to ask Santa for that time machine I was reading about, so I can get it all done on time. Or maybe I need to ask him to kook me up with a really good ghost writer, that would work as well.

So, happy Lotusphere everybody!

Published again – What a nice Christmas present! (12/16/2009)

Sipping a cup of tea at a Starbucks in New York City and what do I see in my in-box? A mail from the friendly editors at The View’s UC View Online – they are about to publish my second article today and my third one is on the works and in the final stages of editing.

This two article “series” (I like to think big .. for me two articles are a series) is about Lotus Connections and how to correctly implement a Pilot using the pilot installation (Article I) and then how to take that pilot to production. Lotus Connections is popping up more and more all over the place, especially since release of version 2.5 in August. I am actually currently working as part of a team that is rolling out a Lotus Connections deployment in a very large US corporation and I have to say – every day is a day of learning something new. Large deployments have their own sets of challenges as the infrastructure you will have to fit into is naturally going to be more complex and pose a new, unique challenge every day. Just wait until you have clients that have CA’s SiteMinder … the words” unique challenge” will take on a whole new meaning then! (I am not trying to put SM down, I actually like it, but it can be difficult to figure out because most SM people are not used to integrating with WebSphere). Well, that is it for today, I am off to the airport in a few hours to pick up some family that is flying in for the holidays – oh joy!!