Troubleshooting “Recipient address rejected: Intentional policy rejection, please try again later”

I once told alibaba.com the email of one of the servers with iRedMail, but the letters for some reason did not come.
In the logs /var/log/mail.log saw the following message:

postfix/smtpd[15026]: NOQUEUE: reject: RCPT from out171-234.dm.aliyun.com[106.11.171.234]: 451 4.7.1 <info@example.com>: Recipient address rejected: Intentional policy rejection, please try again later; from=<service@notice.alibaba.com> to=<info@example.com> proto=ESMTP helo=<out171-234.dm.aliyun.com>

In the MySQL database “iredapd”, in the table “greylisting_tracking” saw many entries with alibaba.com.

If you wish, you can disable the greylisting plug-in by opening the configuration file:

nano /opt/iredapd/settings.py

And removing “greylisting” in the line:

plugins = []

You will need to reboot iredapd to apply the changes:

sudo service iredapd restart

But I added the alibaba.com domain to the “greylisting_whitelist_domains” table and the letters immediately began to come up, the SQL example:

INSERT INTO `greylisting_whitelist_domains` (`id`, `domain`) VALUES (NULL, 'alibaba.com');

To view the list of domains in the white list, use the command:

cd /opt/iredapd/tools/
python greylisting_admin.py --list-whitelist-domains

See also:
White and black list iRedAdmin

Firmware Update HikVision DS-7716NI-ST

For the test, I will update the firmware on the HikVision DS-7716NI-ST with firmware 3.1.1.

First of all we download the newest firmware from the official site http://www.hikvisioneurope.com/portal/?dir=portal/Product%20Firmware/Back-ends/Recorder/NVR/DS-76%2677%2686%2685%2696-ST%20-SP%20-XT-RT

I downloaded the version 3.4.4 (170526) multilingual.

We will proceed with the update. Let’s go to the web interface of the DVR by typing its IP address in the address bar, I opened it via Internet Explorer, because Mozilla Firefox did not let me specify the firmware file.
Enter username and password (standard admin/12345)
Open the “Settings” tab, then “Service”.
Where the line “remote software update” is clicked “Browse” and specify the firmware file (unpacked from the previously downloaded archive), in my case was “digicap.mav”, click the “Update” button and wait for the process to finish about 5 minutes.
During firmware, you can not turn off the power of the device, otherwise it can be damaged.

This completes the firmware update procedure.

See also:
Update firmware on HikVision devices

How to upgrade the firmware of Netis WF2411

I will describe the steps:
1) Download the new firmware from the official website http://www.netis-systems.com/Suppory/de_details/id/1/de/29.html

2) Open the router settings by typing in the browser address http://192.168.1.1 (can be 192.168.0.1) and enter the login/password.

3) In the opened interface, open the menu “System Tools“, choose “Firmware Upgrade“, in the opened window, click “Browse” and select the previously downloaded firmware, click “Upgrade” to start the upgrade process. We are waiting for the completion of the process for about 2-5 minutes.

Done.

Automatically installing Mikbill in Debian 7

For the test, I will perform the automatic installation of Mikbill in Debian 7 and describe the process.

See also my article – How to make a bootable USB flash drive with Debian

Switch directly to the root user:

su -

Download the archive from Mikbill and unpack it:

wget http://www.mikbill.ru/mikbill.tar.gz
tar xzvf mikbill.tar.gz

Run the installation script in Debian 7:

cd DISTR/Debian7x
./install_debian7x

During the installation process, we answer the questions, the IP address of the billing page (where it will be opened), the billing domain, MySQL passwords.

After installing the billing did not open in the browser, there was an error:

502 bad gateway

To solve it, in the text editor opened the configuration:

nano /etc/php5/fpm/pool.d/www.conf

Found the string:

listen = /var/run/php5-fpm.sock

And replaced it with:

listen = /var/run/php-worker-socket

After rebooting the system, everything worked.

Check if Mikbill and radius are working with commands:

netstat -anp|grep 0.0.0.0:2007
netstat -anp|grep 0.0.0.0:1812
netstat -anp|grep 0.0.0.0:1813

The standard login and password to admin panel is admin/admin.

How to make a bootable USB flash drive with Debian

To make a bootable USB flash drive with Debian, perform several actions:

1) Download the image of Debian from the official site https://www.debian.org/CD/
Old versions can be downloaded here http://cdimage.debian.org/cdimage/archive/

2) Download installer Universal USB Installer

3) We connect the USB flash drive to the computer and run the Universal USB Installer. In it, we agree with the license agreement by clicking “I Agree“, in the second window where “Step 1:” choose “Debian Live” or “Debian Netinst” depending on the downloaded image, where “Step 2” click “Browse” and point to the downloaded Debian image. In “Step 3:” select the letter of the flash drive, tick the “Format” (this will re-partition the file system table and erase all the data on the USB flash drive).
Step 4:” you can not touch it if you only want to install Debian from the USB flash drive. If you change it (this will slightly prolong the process of creating a bootable USB flash drive), you can use the specified space on the USB flash drive to save user data, for example, if you boot from a USB flash drive and run Debian instead of installing it, all the settings made in the system will be saved to the USB flash drive (for example, bookmarks in the browser, installed components).

4) Click “Create” and we are waiting for the completion of the process.

Monitoring nf_conntrack in Zabbix

I fixed an error on one server once, read my article about it How to fix the error “nf_conntrack: table full, dropping package”
And there was an idea to control nf_conntrack in Zabbix.

View the current value and the maximum can be commands:

cat /proc/sys/net/netfilter/nf_conntrack_count
cat /proc/sys/net/netfilter/nf_conntrack_max

Opened the configuration file Zabbix agent in a text editor:

nano /etc/zabbix/zabbix_agentd.conf

And he added a couple of lines at the end:

UserParameter=nf_conntrack_count, cat /proc/sys/net/netfilter/nf_conntrack_count
UserParameter=nf_conntrack_max, cat /proc/sys/net/netfilter/nf_conntrack_max

Restart the Zabbix agent to apply the changes:

sudo /etc/init.d/zabbix-agent restart

Now you can create a template on the Zabbix server (for example, with the name “TemplateName”), create the data elements in it: nf_conntrack_count and nf_conntrack_max.
Create a graph for the created data items.
You can create a trigger such as an expression (it will work when the current value of nf_conntrack exceeds 3100000):

{TemplateName:nf_conntrack_count.last(0)}>3100000

Apply the template to the desired nodes of the network.

Done.

Reset password on HikVision cameras and DVRs

On the test, I reset the password on the DVR DS-7204HQHI-SH with the firmware version 3.1.3.
Since to him probably some schoolboy picked up a password, changed it and wrote mucks in the names of the cameras :)

The first step is to download the SADP utility from the official site – http://www.hikvision.com/europe/tools_82.html

Run the utility, connect the device to the same network as the computer or a direct cable to the computer.
The utility displays the connected device, as well as its serial number, in my case:

DS-7204HQHI-SH0420150505AAWR516895417WCVU

We copy this serial number, removing the model of the device in the beginning, in my case it turned out:

0420150505AAWR516895417WCVU

Open the security key generator, enter this serial number, specify the date that is set on the device and generate the code.

Open SADP again, select the connected device in the list, click on the “Forgot Password” on the right, enter the code, then enter the new password in the “Admin Password” line.
Now you can enter under the admin login and the specified password in the web interface of the device.
If the device was hacked, it is desirable to immediately reset the settings and update the firmware to the latest.

Code generators can be found on the Internet, for example, here are a couple of online generators:
http://hikkvisionpasswordreset.github.io/
https://ipcamtalk.com/pages/hikvision-password-reset-tool/

Also, the code can be requested from HikVision technical support or the store in which the device was purchased.

See also:
Update firmware on HikVision devices
Reset password in Dahua DVRs

Update firmware on HikVision devices

For the test, I will update the firmware on the DVR DS-7204HQHI-SH with the firmware version 3.1.3.

Download the new version of the firmware from the official site http://www.hikvisioneurope.com/portal/?dir=portal/Product%20Firmware/Back-ends/Recorder, also they can be found on the Internet on third-party sites, for example here https://magazun.com/centr-zagruzki/proshivki-dlya-videokamer-i-registratorov-hikvison/
I used this – 3.3.2 (151123)
It should approach such devices: DS-7204HGHI-SH, DS-7204HQHI-SH, DS-7208HGHI-SH, DS-7208HQHI-SH, DS-7216HGHI-SH, DS-7216HQHI-SH, DS-7304HGHI-SH, DS-7304HQHI-SH, DS-7308HGHI-SH, DS-7308HQHI-SH, DS-7316HGHI-SH, DS-7316HQHI-SH, DS-7324HGHI-SH, DS-8104HQHI-SH, DS-7332HGHI-SH, DS-8108HQHI-SH, DS-8104HGHI-SH, DS-8116HQHI-SH, DS-8108HGHI-SH, DS-9004HQHI-SH, DS-8116HGHI-SH, DS-9008HQHI-SH, DS-8124HGHI-SH, DS-9016HQHI-SH, DS-8132HGHI-SH

Let’s go to the web interface of the DVR by typing its IP address in the address bar, I opened it via Internet Explorer, because Mozilla Firefox did not let me specify the firmware file.
Enter username and password (standard admin/12345)
Open the “Settings” tab, then “Service”.
Where the line “remote software update” is clicked “Browse” and we indicate the firmware file (unpacked from the previously downloaded archive), in my case was “digicap.dav”, press the “Update” button and wait for the process to finish about 5 minutes.
During firmware, you can not turn off the power of the device, otherwise it can be damaged.

This completes the firmware update procedure.

By the way, on the old firmware, the IP address of the device was obtained by DHCP, and if it did not, it was 192.0.0.64, in the new firmware, IP is obtained only by DHCP, or it can be specified manually by connecting the monitor to the DVR.

See also:
Firmware Update HikVision DS-7716NI-ST

Remote Wake-up of the computer (Wake On LAN)

To remotely turn on the computer, you need to have an ATX power supply, a motherboard with Wake On LAN and BIOS enabled, a Wake On LAN network adapter.

When Wake On LAN is supported, the shut down computer powers the AC adapter that is in low power mode and listens to all packets going to its MAC address without answering them. If a Magic Packet comes, the network adapter sends a signal to turn on the power of the computer.

View active network adapters:

ifconfig

You will need the ethtool package, if it is not installed on the system, you must perform the installation:

sudo apt-get install ethtool

Check for WOL support:

sudo ethtool eth0 | grep Wake

The result of the command if the network card is working with WOL and it is enabled:

Supports Wake-on: g
Wake-on: g

The result of the command when WOL is off:

Wake-on:d

Possible result letters (taken from man ethtool information):

p Wake on PHY activity
u Wake on unicast messages
m Wake on multicast messages
b Wake on broadcast messages
a Wake on ARP
g Wake on MagicPacket™
s Enable SecureOn™ password for MagicPacket™
d Disable (wake on nothing). This option clears all previous options.

To turn on WOL:

sudo ethtool -s интерфейс wol g

Turning on the computer:

apt-get install wakeonlan
wakeonlan -p 50000 00:01:02:03:04:05

-p indicates the UDP port number.

On the Internet, there are also many sites and applications for phones that allow you to send a package to a remote computer.

See also:
Using ethtool

Using ethtool

ethtool – a utility for configuring network interfaces in Linux.

You can install ethtool in Ubuntu / Debian using the command:

sudo apt-get install ethtool

Let’s look at the names of network interfaces:

ifconfig -a

Switch to root, as some commands require elevated privileges:

sudo su

Example of viewing eth0 settings:

ethtool eth0

Example of viewing information about the network interface driver:

ethtool -i eth0

Viewing Network Interface Statistics:

ethtool -S eth0

View auto-negotiation settings:

ethtool -a eth0

The LED blinks for 3 seconds on the specified network interface:

ethtool -p eth0 3

Network Interface Test:

ethtool -t eth0 online/offline

View the current and maximum size of TX and RX buffers:

ethtool -g eth0

Manual speed setting of 100 Mb Full Duplex on the specified network interface (the specified parameters will be reset after the system restart):

ethtool -s eth0 speed 100 duplex full

Viewing help about ethtool:

ethtool -h

See also:
Configuring the Network in Linux
Changing TX and RX network interface buffers in Linux
Remote Wake-up of the computer (Wake On LAN)