Monday, March 8, 2010

Sendmail disabling help, vrfy, expn and version information.

We have a security audit and auditor asked me to disable the help, VRFY and EXPN  command  and  disable the version information displayed while login on the sendmail server.

1) To disable the version information from displaying, edit the sendmail.cf file. Make a backup copy of the file.

# vi /etc/mail/sendmail.cf
look for the line " GreetingMessage"
remove the " Sendmail $v/$Z " after $j. After editing the line looks like below.

O SmtpGreetingMessage=$j  $b

Restart the service

2) To disable the VRFY and EXPN ,look for  "PrivacyOptions" line in the /etc/mail/sendmail.cf file. Edit the PrivacyOptions line and append "novrfy,noexpn" to the line as below. Make sure you made a backup copy of the file before editing.

# privacy flags
O PrivacyOptions=authwarnings,novrfy,noexpn

Restart the service

3) To disable the help, go to /etc/mail/ , move the helpfile to helpfile.old and touch an empty helpfile

#pwd
/etc/mail
# mv helpfile helpfile.old
# touch helpfile

Restart the service
# /etc/init.d/sendmail restart
or
# svcadm refresh sendmail

After editing the configuration file telnet to port 25 will give the result as below
------------------------------------------------------------------------------
# telnet myhost 25
220 myhost ESMTP Mon, 8 Mar 2010 09:15:21 +0300 (AST)
help
214 2.0.0 End of HELP info
vrfy
252 2.5.2 Cannot VRFY user; try RCPT to attempt delivery (or try finger)
expn
502 5.7.0 Sorry, we do not allow this operation
quit
221 2.0.0 myhost closing connection
Connection to host lost.
----------------------------------------------------------------------
Posted by Jibby George at 12:00 PM 1 Dont forget to leave a comment

Sunday, March 7, 2010

vSphere iommu error on dell optiplex 760

Once the installation of the vSphere is completed I got the following error on the console.
While loading its shows "Failed to load iommu driver"

cpu1:....: Initialization for vtd failed with -1"

To fix this disable the VT for Direct I/O from the BIOS

1) Reboot the esx host, press F12 and go to BIOS

disable "Virtualization support --VT for Direct I/O"

save and reboot
Posted by Jibby George at 8:48 AM 1 Dont forget to leave a comment

vSphere on dell optiplex 760, Not enough memory to load vmkernel

vSphere required minimum 2GB of memory ti install. I had a dell optiplex 760 with 2GB installed. While installing vSphere the installer stops and throws errors like
" vmnix...
 there is not enough memory to load vmkernel. 2040384 KB of RAM
was detected. We require at least 2064384 KB of RAM to boot.
Aborting boot "

I swapped 1GB from other server and installed the vphere. Once the installation is completed you can edit the memory required meory value to desired value.

1) Login to the esx server through console or via putty and edit the below file

# vi /etc/vmware/init/init.d/00.vmnix

2) Find the below line and edit with required value

RequiredMemory=2064384

3) Shutdown the server and remove the extra 1gb memory added and boot the esx host

I'm yet to try on ESXi host. This is my test environment to study vSphere. I'm not sure about any other workaround.
Posted by Jibby George at 8:08 AM 0 Dont forget to leave a comment
Subscribe to: Posts (Atom)