Lotus Protector and the endless search

I have been helping a client with a new Lotus Protector setup and I ran into a new problem for the first time myself and as I can’t find anything on the web or in the documentation this is a prime candidate for a blog entry:

By default Lotus protector is accessible by two ports: https on port 443 for the admin interface and over https on port 4443 for the client access (e.g. the Notes client displaying your spam queue). I had never felt it necessary to change this before but my current client wanted it the other way around as they felt it would be easier on clients to not have to have them add a [:4443] port to the end of the url to look at their spam queue in a browser. Sensible – I totally agree. Not a difficult thing if you follow this Forum entry on how to do it.

Unfortunately there is not really good technote on how to do this and make sure you cross all your T’s and dot your I’s. What we found out is that you can change the ports (easy peasy) but now when we looked at the spam queues for users they never updated and we just got an endless search loop. Otherwise the system was functional and there were no errors in logs or anything.

One of my colleagues opened a PMR and this is what we got back:

Indeed the problem occurs because the customer changed the ports
between admin user interface (default = 443) and end user interface
(default = 4443). In order to make sure that browsing the message store
does properly work although the ports are changed the following needs
to be done:

and set the proper ports:

Well, now we know how to do it for the future. Hopefully this helps somebody else out there as well. I really like the Protector device, especially the integration with the Notes client which is really great. I like giving end users the power to look and decide themselves WITHOUT having to open another interface outside of their mail client. Here is a link to a presentation I did a while back on the Consultantinyourpocket.com site. It is for an older version  of Protector but the basics are still the same.


Lotus Protector – So I was not imagining it after all …. the disappearing toolbar


Just came across this one – finally proof that I was not imagining things.

While doing some testing for the Lotus Protector presentation I gave last month for Chris Miller’sConsultant in your Pocket webcast series I had noticed some inconsistencies in the Lotus Protector tool bar appearing and not appearing. I wrote it off to the thrown together, garbage test environment I set up (remote access, VPN, VMWare clients with fixed IPs, etc.) so I was not concerned and did not investigate further when it re-appeared after restarting the client and the Lotus Protector box .. I conveniently swept that one out of y concious train of thought and prayed that it would not happen during the presentation.

This tech-note sets me fee and now I can feel *a bit* more innocent again … I have found someone else to blame, my image as No-Stick-Teflon-Vic is re-established and untarnished.

IamLUG: What comes next? Consultant in your Pocket

This is a place for a shameless plug: IamLUG is free, you most likely did not come because you are so cheap, free is still to expensive as it includes travel expenses. Or, maybe – if you are lucky, you can deflect blame to your company that they are too cheap. In any case, you are missing out on good education and a chance to learn something new and drink allot in the evening.

So, now you are in the hunt fo the next best thing: free webinars …. enter the “Consultant in your pocket” series.You can sit in front of your computer, wear your fluffy bunny slippers and do not need to shave or brush your teeth – it does not get any better than that.

Here the shameless lug: I will be hosting one of those on Sept. 1st about Lotus Protector. Almost as good as IamLUG – maybe better as you will not have to look at my but only will need to listen.

Lotus Protector – the first hickup (1/16/2010)

This is going to be a real quick one, since it is just a day before Lotusphere® and I actually have other things to do than to fiddle with Lotus Protector and blog about it – but if I don’t write it down now, I will forget about it soon.

Today I had my first hick-up with Lotus Protector. We had a power outage this morning and it lasted longer than my UPS system was able to keep the servers up and running. I was out of the house and could not bring the servers down gracefully so I had a hard crash of the VMWare server that hosts LP. It came back up but for some reason something was not initializing correctly. It would not start the http stack so I could not connect to the admin interface and logging in via the console took me into the setup routine (passwords, host name, ip address, etc.)  but would never let me go to the actual prompt after that so I could have a look at the guts of the beast and figure out what is causing the indigestion.

Being that this is the day before I am leaving for LS10 and I have zero time to waste, I simply went back to a VMWare snap shot I had taken and restarted the instance …and voila, there she goes. The system downloaded the latest spam and AV definitions in about 3 minutes, updated it’s time and date and I received my first mails within 2 minutes of the system starting.

Now, this is impressive, though I regret not having the time to spend on dissecting the server, looking into log files etc. to find out exactly what was wrong and fix the actual issue. I am not hoping that this happens again, but if it does, I hope I can find the time to spend on trouble-shooting.

In any case, having a snapshot of a clean setup is a great was to go and restore in the case of a catastrophic failure. As long as you update that snapshot after any configuration change, you should be alright.

See y’all at Lotusphere!!!

Lotus Protector – Good technology still needs “athinking” (1/13/2010)

Another tale in the life of a Lotus Protector admin.

The system is humming along in the background and rarely needs looking at. In my idle moments (I have none right now) I look at statistics etc., but other than that … nothing. Until this last weekend. I was getting used to the fact that I now have less mail, or so I thought. It was still after the new year, things are less busy, even the spammers are still waking up from their new years party comas and send out less garbage.

Last week I was briefly in touch with a buddy of mine, and we loosely agreed to get together on the weekend and we were moving the conversation to e-mail. Then over the weekend he fell silent .. no response to some of my mails. Well, he gets busy now and then and has not responded at other occasions so it did not alarm me. Too bad, we wanted to grab lunch and watch the movie “The book of Eli”.

Turns out he did answer … but Lotus Protector tagged it as spam. Specifically I had it set up to tag the subject line with the [SPAM] and guess what … I had an older mail rule that I had not looked at for a while that kicked in … yeah – my buddy has been sent directly into the Junk Mail folder in my mail file. I found his mails (he frantically answered 3 times) and allot of other mails I had been missing in there.

So, what does this highlight? That systems will do what you tell them. Good systems will do EXACLTLY what you tell them and it is up to you to act accordingly. So this acts as a cautionary tale to check settings and review things. Especially when you notice “lite mail volume” – something is up! You have to check where all that stuff went to.

I just want to mention once more – this is not a Protector issue, it is a stupid admin issue. Imagine this in an environment with a few thousand users …. I would be running around the clock right now to check people’s mail files for mail rules AND changing the rules on Protector to change that [SPAM] prefix to something else.

Lotus Protector – Notifications (1/6/2010)

Time for a new update.

A) The system is working really well, this is truly a fire-and-forget-missile type device. No blips, no blurps, and no jiggles either.

B) Error reporting is great! I just got a Delivery Status Notification / Failure report on a mail I sent. Normally in Domino these can be rather bland. They will give you an RFC error code, but not much else. I turned on all reporting and set it up to send all reports to an internal account in my mail system. I had ot given it much thought until today when I got my first one:

I just received a failure report from my LP device and it is really good (this is me being geeklily excited) . I have added an edited version further below. Please notice section [<2>] – it gives you the actual output from the rejecting mail server. As I mentioned before, Domino will usually just give you a RFC code and a generic line but this is really helpful. It shows that even thoughs I went by the book, I did not take care of all details – I never updated my external internet DNS with the name for my Lotus Protector device. Somewhat embarrassing, but with the help of clear error messages like this I can actually deal with it right away.

Here is the actual (edited) message:

[<00>] XMail bounce: Rcpt=[john.doe@noplace.com];Error=[550-Inconsistent or no rDNS record for (see RFC1912 2.1)
550-Reverse DNS record and matching forward entry must exist.
550 => wrong configuration at sending server]

[<01>] Error sending message [1262715029329.2561924000.c2d.lprotector] from [lprotector.toalsys.com].

ID:        <10010518-3072-0000-0000-0000000014F3>
Mail From: <victor@toalsys.com>
Rcpt To:   <john.doe@noplace.com>
Server:    <mx.inode.at> []

[<02>] The reason of the delivery failure was:

550-Inconsistent or no rDNS record for xxx.xxx.xxx.xxx (see RFC1912 2.1)
550-Reverse DNS record and matching forward entry must exist.
550 => wrong configuration at sending server xxx.xxx.xxx.xxx

[<05>] Here is listed the initial part of the message:

Received: from /spool/local
by lprotector.toalsys.com with XMail ESMTP
for <john.doe@noplace.com> from <victor@toalsys.com>;
Tue, 5 Jan 2010 13:10:29 -0500
Received: from serveryyyy ([xxx.xxx.xxx.xxx])
by lprotector.toalsys.com ([xxx.xxx.xxx.xxx]) with XMail ESMTP;
Tue, 5 Jan 2010 13:10:26 -0500
Subject: Re: xxxx
From: victor@toalsys.com
Date: Tue, 5 Jan 2010 13:04:47 -0500
To: “John Doe” <john.doe@noplace.com>
Importance: Normal
MIME-Version: 1.0
Message-ID: <OFDB1C99BB.1B47753E-ON852576A2.006350DE@toalsys.com>
X-MIMETrack: Serialize by Router on serveryyyy at 01/05/2010 01:04:49 PM,
Serialize complete at 01/05/2010 01:04:49 PM
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
x-cbid: 10010518-3072-0000-0000-0000000014F3

This is a multi-part message in MIME format.

xx (text removed) xxxx

—– Original Message —–

Lotus Protector – On Line! (1/1/2010)

Finally, I got it done – it is alive!

Just a short note on my progress with Lotus Protector V 2.5. I did not want to bring it on-line just before New Year, I wanted a clear head to set it up and be able to troubleshoot if I find an issue. Luckily, I have to say there are no issues so far.

I had putzed around with the first install I had to the point where I did not feel I could get it clean again so I removed the VMWare image and started again from scratch. Following the ‘Getting Started Guide” and using the install/config Wizard I had Protector up, configured and running within about 60 minutes (give or take a few minutes for a tea brake). I had some experience with the information I would need from my earlier testing so I believe a real “fresh” install might take a bit longer when you include the preparation time for relay host settings, accounts to access LDAP on your Domino server, lists of mail domains you will be receiving mail for, etc.

I now have Protector set up so that I route all incoming and outgoing mail through it. So far my testing has not shown any problems, all mail seems to make it through and so far I am not getting anything caught by Symantec that I am still running on the Domino servers. I plan to take a closer look at the logs in a few days to see if anything that got through Protector was subsequently snagged by Symantec. I also intend to compare an average week of mail logs between the two so see what gets caught and what got through.
I am also especially interested on the integration of Protector with the client via policies … that is going to be a really interesting part that I plan to spend some time on blogging about after I have had some time to look at it in more detail.

Stay tuned for more information soon …