Useful exim_mainlog Spam Analysis

A great list of useful utilities to analyze your exim_mainlog file for spammers.

Locating multiple IP address logins for mail accounts

grep “A=courier_login” /var/log/exim_mainlog | sed -e ‘s#H=.* \[##’ -e ‘s#\]:[0-9]*##’ | awk ‘{print $5,$6}’ | sort | uniq | awk ‘{print $1}’ | uniq -c | awk ‘{ if ($1 > 1) print $0}’

If you see that you have a lot of users that have mail logins from multiple unique IP addresses you can run the following command to get a look at exactly what IPs they’re connecting from:

grep “A=courier_login” /var/log/exim_mainlog | sed -e ‘s#H=.* \[##’ -e ‘s#\]:[0-9]*##’ | awk ‘{print $5,$6}’ | sort | uniq -c

http://www.inmotionhosting.com/support/email/email-troubleshooting/locate-email-accounts-being-used-to-spam
=======
Locate 535 incorrect authentication errors

grep “535 Incorrect” /var/log/exim_mainlog | awk -F”set_id=” ‘{print $2}’ | sort | uniq -c | sort -n

Find IP address causing incorrect logins

grep “535 Incorrect” /var/log/exim_mainlog | grep user@example.com | awk ‘{print $1,substr($9,2)}’ | cut -d] -f1 | uniq -c

Block IP address at server’s firewall

apf -d 123.123.123.123 “Failed mail logins to user@example.com”

http://www.inmotionhosting.com/support/email/bounceback-errors/535-incorrect-authentication
=======
Locate duplicate subjects in Exim mail log

awk -F”T=\”” ‘/<=/ {print $2}' /var/log/exim_mainlog | cut -d\" -f1 | sort | uniq -c | sort -n If you see that you have a lot of users that have mail logins from multiple unique IP addresses you can run the following command to get a look at exactly what IPs they're connecting from: grep "A=courier_login" /var/log/exim_mainlog | sed -e 's#H=.* \[##' -e 's#\]:[0-9]*##' | awk '{print $5,$6}' | sort | uniq -c You can now locate all of the IP addresses the user01@example.com account has been sending mail from, and possibly block them at your server's firewall if the activity looks malicious to you. Use the following command to find all the IP addresses the account has been relaying mail with: grep "<= user01@example.com" /var/log/exim_mainlog | grep "Melt Fat Naturally" | grep -o "\[[0-9.]*\]" | sort -n | uniq -c | sort -n http://www.inmotionhosting.com/support/email/exim/locate-spam-activity-by-subject-with-exim

Reset SC543 Error on Ricoh Aficio SP C320DN Printer

This SC543 error is typically related to the fuser. To reset the error you need to follow these steps:

Fix: Hold UP and Down arrow key for 7 seconds then press OK
Scroll down to Engine –> OK
Right arrow to 5
Left arrow to 810 (SC Reset)
OK –> OK –> Execute –> Execute –> Exit
Turn printer off and back on

For more information see:

http://www.helpowl.com/q/Ricoh/AficioSPC320DN/Troubleshooting/service-code-543/379818

If you need to replace the fuser on the Ricoh Aficio SP C320DN, see this link:

http://www.manualslib.com/manual/361308/Ricoh-Aficio-Sp-C320dn.html?page=174

Share Windows 7 32 Bit Printer With a Windows 7 64 Bit PC

Had to get a Window 7 64 bit computer on the network to use an HP printer that was connected to a Windows 7 32 bit computer.

Trick is to set up a new local port and specify the computer and printer name directly.

1. Select: Control Panel, Printers, Add Printer
2. Choose Add Local Printer.
3. Uncheck the box marked :Automatically detect my PnP printer.
4. Click Next
5. Select Create a New Port and leave the default in the drop down selection as Local Port.
6. Click Next
7. Windows displays a small dialogue box asking a port name.
8. Key in: \\ computer_name \ printer_name
9. Click OK

Fix Cannot Edit Windows Update For Windows 7 Pro

Ran into a weird situation where Windows 7 Pro did not allow me to change the Windows Update schedule.

Turns out you need to edit the group policy.

Go to Start > gpedit.msc then follow in the left pane:

User Configuration
Administrative Templates
Windows Components
Windows Update

In the right pane select Remove Access to use All Windows Update features.

You can enable to disable the feature according to your preference.

More info here:

http://www.sevenforums.com/tutorials/88554-windows-update-enable-disable-access.html

Fix DNS on Windows Server 2008

If you run into a situation where you can access your network drives yet are unable to get onto the internet, then you may have a problem with your DNS.

Your DNS is controlled by the DHCP server which you can find on the Windows Server 2008 by going to Server Manager > Roles > DHCP Server. Be sure that DHCP service is running.

VBA Program To Save XLS Files From Excel 2010 Makes File Corrupt

For VBA Excel programmers: If you are running Excel 2010 and want to programmatically save a file as an XLS, you need to be explicit about the format. Otherwise the file format will default to XLSX and if you save it as an XLS it may be tagged as a corrupt file when you open it later.

To specify the XLS format type, specify the Fileformatnum as 56. Here is a short coding example:

Dim wb As Workbook
Application.DisplayAlerts = False

Worksheets(sheetname).Copy
Set wb = ActiveWorkbook
‘ Fileformat 56 is for the older XLS file types
wb.SaveAs filename, 56
wb.Saved = True
wb.Close True
Application.DisplayAlerts = True

Here are some other formats.

51 = xlOpenXMLWorkbook (without macro’s in 2007-2013, xlsx)
52 = xlOpenXMLWorkbookMacroEnabled (with or without macro’s in 2007-2013, xlsm)
50 = xlExcel12 (Excel Binary Workbook in 2007-2013 with or without macro’s, xlsb)
56 = xlExcel8 (97-2003 format in Excel 2007-2013, xls)

More coding examples can be found here: http://www.rondebruin.nl/win/s5/win001.htm

Resetting Highlight Dialogue Box on Adobe 7

This is a fix for ancient versions of Adobe Reader 7.x. When highlighting a scanned document, Adobe will pop up Scanned Page Alert dialogue box asking if it’s OK to perform OCR on the document first.

If you check the Do Not Show Again box, the only way to get the dialogue box back again is to edit the registry.

This key can be found at: HCU\Software\Adobe\Adobe Acrobat\7.0\AVAlert\cCheckbox\

If you remove the iPaperCaptureOfferToRunOCR key then you can get the dialogue box back again.

Missing Profile On Windows 7 Home

When clicking on the user account the error message “User profile service failed” appears.

1) Log into safe mode. Luckily this allowed access to the account with the missing profile.
a) If the above fails, use at the DOS prompt: net user administrator /active:yes
This will enable the hidden administrator account. From there you can create a new account.

2) Restored the profile by navigating to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList in RegEdit.

3) Found the missing profile with a .bak extension. Removed the .bak and the profile loaded OK.

More information can be found here: http://support.microsoft.com/kb/947215

Windows 7 Repair / Rescue Disk

Most of us forget to create rescue disks until it’s too late. Your Windows 7 won’t boot and since you don’t have a rescue disk it’s Catch-22.

Here are two sites that allows you to download ISO images of various Windows 7 versions so you can create run some repairs.

http://www.techfleece.com/2012/10/18/download-windows-7-install-disks-legally-for-free/

http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/windows-7-sp1-iso-file-for-repair-install/5a500a5b-ac70-4c6d-8cad-57e73f1936d0

Enabling Administrator Account In Windows 7

To enable the hidden administrator account, log into a normal admin account and open a DOS window in administrator mode.

Type in: net use administrator /active:yes

To disable the account, type in: net use administrator /active:no

Check this link for more information:

http://www.howtogeek.com/howto/windows-vista/enable-the-hidden-administrator-account-on-windows-vista/

« Previous Page — Next Page »