Force Outlook to open all email in plain text

For reference.

Strip HTML email in Outlook into plain text Content: First, this is secure as many of the worms and bugs rely on HTML script code. One good example could be the needless advertisements or images sent inside spam (junk) emails. When you so much as view an email inside your email software, the senders webserver gets a timestamp of you having accessed the image. This of course does not happen with plain text, because there's no image, so there is no inadvertent access.

Second, it is also a bit faster to download and view email that doesn't have all the unnecessary frills of HTML email (tables, bold, italics etc).

Start | Run | regedit Find this key: HKEY_CURRENT_USER\Software\Microsoft\Office\ 10.0\Outlook\Options\Mail On the Edit menu, point to New, and then click DWord Value. With the new Dword value selected, type ReadAsPlain. Double-click the new value to open it. In the Value Data box, type 1, and then click OK. Click OK, and then quit Registry Editor. Just to be sure, close Outlook and restart it. From now on, all your HTML email messages will show up as simple text. After you turn on the Read as Plain Text feature, users notice the following changes:

The changes are applied to the preview pane and open messages. Pictures become attachments to avoid loss. Digitally signed messages are not affected.

Disable fast user switching on Vista

Getting Started Save all your work before switching. If the other user shuts down the computer or logs you off, Windows won’t save your open files automatically.

In Vista (unlike Windows XP), Fast User Switching works if you’re on a network domain. To turn off Fast User Switching, choose Start, type gpedit.msc in the Search box, and then press Enter. (If a security prompt appears, type an administrator password or confirm the action.) In the Group Policy Object Editor, choose

Local Computer Policy >
Computer Configuration >
Administrative Templates >
System >
Logon >
enable Hide Entry Points for Fast User Switching > OK.

To find out who else is logged on to your computer: 1. Right-click an empty area of the taskbar and choose Task Manager. or Press Ctrl+Shift+Esc. 2. Click the Users tab to view users and their status

Kicking a user off of a system (linux)

Quick reference would 'NOT' recommend using these:

last -i1 baduser | awk '{print $3;exit}' | xargs -p --replace iptables -A INPUT -s {} -j drop 

if [ "`who | grep $1`" != "" ] ; then sid=`ps -jU $1 | awk '{print $3}' | tail -1`" kill -HUP $sid echo "$1 was logged in. Just booted $1 out." fi 

ps -u username | grep -v PID | awk '{print $1}' | xargs kill 

kill $(ps -u username | grep -v PID | awk '{print $1}')  

Authenicating kerberos against active directory

Your /etc/pam.d/system-auth is created with the command "authconfig" on a RHEL5 machine though you may have to manually edit it with other distributions:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so broken_shadow
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     [default=bad success=ok user_unknown=ignore] /lib/security/$ISA/pam_krb5.so
account     required      /lib/security/$ISA/pam_permit.so
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_krb5.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_krb5.so

Your /etc/krb5.conf should look something like this. Your system time must be accurate or else it will not work correctly.

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 default_realm = AD.DOMAIN.EDU
clockskew = 300
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes
[realms]
UFL.EDU = {
 kdc = DC01.AD.DOMAIN.EDU
 default_domain = DOMAIN.EDU
 }
AD.DOMAIN.EDU = {
  kdc = ad.domain.edu
  admin_server = ad.domain.edu
 }
[domain_realm]
        .domain.edu = DOMAIN.EDU
        domain.edu = DOMAIN.EDU
[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf
[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }

Next you need run kinit to make sure that you can contact the kerberos server, if it returns nothing then you should be good.

$ kinit
Password for rsreese@AD.DOMAIN.EDU: 
blahblah

Next setup two cron entries to keep the time up to date and kinit alive:
$ sudo crontab -e

0 23 * * 1,3,5 /usr/sbin/ntpdate time.nrc.ca
0 */4 * * * kinit -R

The /etc/samba/smb.conf file needs to be setup.

# grep -Ev '#|;|^$' /etc/samba/smb.conf
[global]
   workgroup = UFAD
   realm = AD.DOMAIN.EDU
   server string = SRVV-SERV
   hosts allow = 10.242. 10.228.
   load printers = no
 log file = /var/log/samba/%m.log
   max log size = 50
   security = ads
   idmap uid = 10000 - 20000
   idmap gid = 10000 - 20000
winbind enum users=yes
winbind enum groups=yes
   template homedir = /home/%U
   template shell = /bin/bash
client use spnego = yes
  winbind use default domain = no
  encrypt passwords = yes
  smb passwd file = /etc/samba/smbpasswd
   socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
   local master = no
   dns proxy = no
[homes]
   comment = %U Home Directory
   browseable = no
   path = %H
   valid users = %U
  writable = yes
   create mode = 0664
   directory mode = 0775
[printers]
   comment = All Printers
   path = /var/spool/samba
   browseable = no
   guest ok = no
   writable = no
   printable = yes

Now add the computer object to the domain via the Active directory "Users and Computers"

You need to join the linux machine to the domain. First create an account on the domain for the machine as mentioned in the beginning or this will fail.
# net ads join -U administrator

SElinux needs to be told to let Samba play nicely
# setsebool -P samba_enable_home_dirs=1


~~~~~~~~~~~~~~~~~~~NOT NEEDED~~~~~~~~~~~~~~~~~~~~~~~~
The /etc/ldap.conf looks like this:

host 10.241.28.100
base dc=domain,dc=edu
uri ldap://ad.domain.edu/
binddn rsreese@domain.edu
bindpw
scope sub
pam_filter objectclass=User
pam_login_attribute sAMAccountName
pam_lookup_policy yes
nss_base_passwd dc=edu?sub
nss_base_shadow dc=edu?sub
nss_base_group dc=edu?sub
nss_map_objectclass posixAccount user
nss_map_objectclass shadowAccount user
nss_map_attribute uid sAMAccountName
nss_map_attribute homeDirectory unixHomeDirectory
nss_map_attribute shadowLastChange pwdLastSet
nss_map_objectclass posixGroup group
nss_map_attribute uniqueMember member
pam_login_attribute sAMAccountName
pam_filter objectclass=User
pam_password ad
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5


~~~~~~~~~~~~~~~~~~~NOT NEEDED~~~~~~~~~~~~~~~~~~~~~~~~
Next I edit the /etc/nsswitch.conf to add ldap support:

passwd: files ldap
shadow: files
group: files ldap
hosts: files dns
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files
publickey: nisplus
automount: files
aliases: files nisplus

Configuring sendmail to accept mail

if you get ( doing a netstat -an more )

tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN

Then your sendmail server is configured to accept connections from the localhost only.

To change this behavior, you usually need to edit /etc/mail/sendmail.mc

Find the line that starts with DAEMON_OPTIONS ( suggest vi +/DAEMON_OPTIONS sendmail.mc ) and edit the field Addr= to change it to read your IP Address.

Then go down approx. 7 lines and comment out the line that reads....
FEATURE(`accept_unresolveable_domains')dnl

Next, exit vi (or whatever editor you use ) and do...

m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

Then restart sendmail, and you should be able to recieve mail from other machines.

Edit group policy on remote computer

Want to open up the MMC of a local Group Policy on a remote machine?

Simply go to Start Run and type:

gpedit.msc /gpcomputer: Computername

Running processes in the background (linux)

If you just want your program to simply run in the background, launch it with a "&" at the end of the command from the shell. However, if it expects to use stdout, stdin, or stderr, it will stop -- so these must all be redirected to files or pipes.

This will still leave it attached to the terminal and process group of the shell, however. Thus you will not be able to log out of the command prompt with the background jobs unless you detach them. To get around this you can use the "nohup" and/or "setsid" commands when launching it.

If you want your program to daemonize itself (rather than relying on the user to do it when invoking it), then you will have to read some unix programming books about the steps involved. For example, Perl's Proc::Daemon does the following:

1. Fork a child and exit the parent process.

2. Become a session leader (which detaches the program from the controlling terminal).

3. Fork another child process and exit first child. This prevents the potential of acquiring a controlling terminal.

4. Change the current working directory to "/".

5. Clear the file creation mask.

6. Close all open file descriptors.

Adding a character to a line using Perl

perl -p -i -e 's/(.)$/$1$1/g' filename 

This changed my nonsense file: 

ghggk 
dethaks 
gjfkdld 
fyduftsdu 
flkgjd kflgjlk flkgjl f 

into a slightly different nonsense file: 

ghggkk 
dethakss 
gjfkdldd 
fyduftsduu 
flkgjd kflgjlk flkgjl ff  

Getting Samba to play nicely with SELinux on RHEL

This helpful bit was written by Don Meyer.

I'm a little too stubborn for a quick fix like this, so I went the
route of adding the specific rules needed to allow SMB/Winbindd to
run without throwing AVC errors. I'm doing this on RHEL4 boxes,
which install with SElinux enforcing targeted by default -- this
allows me to leave SElinux active for its additional protections.

Doing it this way requires a little extra work, though...

First, you need to install the selinux-policy-targeted-sources
package, if not already installed.

When I build the RPMs from the source tarball, the first upgrade from
the default RHEL4 packages changes the tdb directory from
/var/cache/samba/ to /var/lib/samba/. This is accomplished by
creating /var/lib/samba/ -- Naturally, this royally mucks up the
SElinux labelings/permissions. So, immediately after the first
upgrade from RHEL4 samba packages, (before starting either smb or
winbind) I need to do the following:

#chcon -Rt samba_var_t /var/lib/samba
#mkdir /var/lib/samba/winbindd_privileged/
#chcon -t winbind_var_run_t /var/lib/samba/winbindd_privileged/

Then, I drop the following file into the directory
/etc/selinux/targeted/src/policy/domains/misc/:

winbind_add.te:

allow winbind_t etc_runtime_t:file read;
allow winbind_t proc_t:file read;
allow winbind_t etc_t:file write;
allow winbind_t samba_etc_t:file write;
allow winbind_t initrc_t:process { signal signull };
allow winbind_t initrc_var_run_t:file { lock read };
allow winbind_t var_lib_t:dir { search getattr };
allow winbind_t var_lib_t:dir search;
allow winbind_t samba_log_t:dir { create setattr };
allow winbind_t unconfined_t:fifo_file read;
allow winbind_t var_lib_t:dir search;

This file is what I currently need to add to the default SElinux
configuration to get Samba 3.0.23pre1 to work. What is needed seems
to change with each new version of Samba... (The default SElinux
ruleset for 3.0.10-1.3E.6 can be found in
"/etc/selinux/targeted/src/policy/domains/program/winbind.te".)

Finally, after this "extra" policy file is in place, you should chdir
to "/etc/selinux/targeted/src/policy/", and run the following command:

#make load

After this, you should be able to start/restart the smb & winbind
services without complaints.

Now, some might ask "How do you derive these additional rules?"

On a clean install, I install the packages, make the necessary mods,
and then set SElinux to non-enforcing:

#setenforce 0

I then start "tail -f /var/log/messages > /tmp/samba_avc.log" in a
separate console.

Next, I start the smb & winbind services and get the running
properly. Running in non-enforcing mode allows all the error
messages to be generated in the logs, but the operations are allowed
to complete successfully. Once the services are running, I do a
couple user queries to prime the winbind system and have it sync with
the AD, etc. I then terminate the tail in the other console, and run
the following command:

#audit2allow -i /tmp/samba_avc.log

This outputs (to stdout) the additional rules necessary to allow all
of the operations that generated AVC error messages in the log
excerpt. This should be what is necessary to get everything running
-- I copy these rules into the file I call winbind_add.te in
"/etc/selinux/targeted/src/domains/misc/", and run the "make load"
command to force the system to reload the SElinux rules.

Finally, I can shut down the smb & winbind services, run "setenforce
1" to re-enable SElinux enforcing mode, and then restart smb &
winbind. If all goes well, this should not generate any AVC errors...

Remove index.php from wiki URL

In httpd.conf: 

   Alias /wiki/index.php /home/rsreese/richardsreese/htdocs/w/index.php
   Alias /wiki /home/rsreese/richardsreese/htdocs/w/index.php

In Localsetting.php: 

   $wgScriptPath       = "/w";
   $wgScript           = "$wgScriptPath/index.php";
   $wgRedirectScript   = "$wgScriptPath/redirect.php";

   ## For more information on customizing the URLs please see:
   ## http://meta.wikimedia.org/wiki/Eliminating_index.php_from_the_url
   ## If using PHP as a CGI module, the ?title= style usually must be used.
   #$wgArticlePath      = "$wgScript/$1";
   $wgArticlePath      = "/wiki/$1";

Courier Maildrop Setup

Before I get into the maildrop here's a few notes to myself for setting up Courier.

Before running ./configure you should add ssl bin directory to your path
To receive local mail indifferent of caps touch {your/etc/courier/dir}locallowercase

Account postmaster@ HAS to be set up as well in the /usr/lib/courier/etc/aliases/system file

To tell courier about hosted domains,

add domain to, /etc/courier/hosteddomains

then,as root, run makehosteddomains

and to tell courier to accept esmtp connections for the domain

add domains to /etc/courier/esmtpacceptmailfor.dir/domains

then,as root, run makeacceptmailfor

Also, the email account postmaster@ HAS to be set up as well.


Here's the maildrop stuff:

1. Edit the "/usr/lib/courier/etc/maildroprc" to have "| /usr/lib/courier/bin/maildrop" as your delivery method

2. Create a "$HOME/.mailfilter" file to be read by maildrop, there is no need for the most part of a ".courier" since mail drop is already being used!


3. Make sure your "/usr/lib/courier/etc/maildroprc" doesn't kill the install IE:


#attempt at a maildroprc file...
if ( $SIZE < 26144 )
{
exception {
xfilter "/usr/bin/spamassassin"
}
}
if (/^X-Spam-Flag: *YES/)
{
exception {
to "$HOME/Maildir/.Trash/"
}
}
#else
#{
# exception {
# to "$HOME/Maildir/"
# }
#}

The commented out part is no good since your ".mailfilter" will never be read so DON'T specifiy the default delivery since no matter what unless specified other wise by an exit command will courier deliver to the default "$HOME/Maildir" also goes for the .mailfilter, no matter where u send the mail to there is no need to send it to the default location unless you have some crazy kaos going on that is beyond my lame howto =)

4. The contents of your ".mailfilter should be something like the following:

"| /usr/lib/courier/bin/mailbot -t autoresponse -s 'AutoGoAwayMessage' -A 'From: test@prcdigital.com' /usr/sbin/sendmail -f "

A "autoresponse" file should be created and placed in the same $HOME directory as the ".mailfilter" is located, though a universal file can be created from multiple users to access if desired.

5. "chmod 600 .mailfilter autoresponse"

Also the same user:group that is owner of the Maildir should also own these two files so "chown user:group .mailfilter autoresponse"

or Once you get to maildrop, you don't want to bounce it. Your best bet is to just drop it. Also, I would suggest using spamc/spamd if at all possible. This is what I would do:

  if ( $SIZE < 204800 )
  {
      exception {
          xfilter "/usr/bin/spamc"
      }
  }

  if ((/^X-Spam-Flag: YES/))
  {
      if ((/^X-Spam-Level: \*\*\*\*\*\*\*\*\*\*\*\*\*\*\*/))
      {
          echo "***** Dropping 15+ Spam *****"
          EXITCODE = 0
          exit
      }
      else
      {
          to "$HOME/Maildir/.Trash/"
      }
  }
  to "$HOME/Maildir/"

You can get rid of the echo if you don't want an entry in the log when it drops an email.

if ((/^X-Spam-Flag: YES/))

Why double parentheses? This is what I am using and it is not working, though it seemed to work until recently:

if (/^X-Spam-Level: *\*\*\*\*\*\*\*/)
{
      exception {
              to "/dev/null"
      }
}

Courier Vacation Notice

cc "| /usr/lib/courier/bin/mailbot -t autoresponse -s 'AutoAwayMessage' -A 'From: test@somedomain.com' /usr/sbin/sendmail -f ''"
cc "!user@somedomain.edu"
cc "./Maildir"
EXITCODE = 0
exit