Friday, 15 November 2013

NTFS permissions , Read-Write-Modify but can't delete .

We had a situation where we had to provide read/write permission on root folder but full permission on sub-folders and its content.
Here is the game begun :-

Scenerio :-
User can read/write root folder but can't modify it however he/she has delete rights to perform read/write/modify/delete action on subfolders and files.

Challenge :-
These permissions were easy to provide but if the user perform delete action on root folder then nothing happen with root folder (as user has only read/write permission on it) but subfolders and files immedietly get deleted automatically. try it and you will be stunned !

Fix :-
There is no way to stop this process with NTFS permission but there is always a way to finish .. unfinished job that too with elegant manner. Here is what i did.
i created a file inside this root folder and named it (!donotdelete.txt) and removed all access rights from it.. you see the file name starts with ! and this is wildcard character, so now, whenever any user perform delete action on root folder .. a command execute to delete all subfolders and files but stuck at !donotdelete.txt because this file can't be deleted by anyone and delete command stop here itself.

Catch :- You can create any file/folder with initial letter ! to stop automatic deletion,it will work Guaranteed !.

Wednesday, 24 April 2013

SMTP Tarpitting !!

Some of you may have heard it before and some of you are asking yourself what is it ?
SMTP Tarpitting is a concept to avoid illegitimate email traffic . Now your are struggling with your mind what is an illegitimate traffic ? Illegitimate email traffic means when spammers send emails to your domain for the purpose of Directory harvest and NDR attacks.

Directory Harvest Attack :- Spammers send lots of bogus email to your domain to know the right email address. If they get NDR (550 5.1.1 User unknown) then they are sure email address does not exist and for those they don't get NDR, they start sending spam to them directly.

NDR Attacks :-  Due to non exit email in your domain , your mail server is victim of Denial of service and mail server queue starts getting filled with thousands of email and server starts responding slow.

To avoid this situation, Microsoft represent SMTP tarpitting feature which starts delay responding on spammers email and Spammers give up and go somewhere else to do same thing for another domain.

How to do this in Exchange 2003 :- You can do it on Exchange 2003 sp2 with the help of registry key.
How to do this in Exchange 2007/2010 :- By default SMTP tarpitting is enabled in both version and can be    checked through powershell command which is                                                                                       Get-ReceiveConnector | select name,tarpitinterval .
And by default 5 sec is set on both servers' Receive connector.  If you set this value 0 sec , tarpitting will be disabled automatically. 

PS:- Recipient filtering is must to be enabled, Else SMTP tarpitting is not going to work.

View Amit Rawat's profile on LinkedIn

Wednesday, 20 March 2013

Do we really need internal MX record to receive e-mail ?

Answer is NO.
There is no need to configure internal MX record to route the email because internal email traffic controlled by Active Directory.
Let’s say your domain name is and you want to know how email is getting delivered from outside world to internal mailbox. Here is the clarification
When somebody send email from internet to .first this query goes to internet DNS to resolve the domain name space and its MX record. If MX record is not exist then email will be bounced (however thru A record you can also get the email but that is no recommended and 99 % times it is not going to work) .
If MX record do exist then DNS query will resolve the name with respective A record and traffic will now move ahead to pointed IP address which is your email server ip.
Once email packet is reached to your Email server, it will get delivered to respective mailbox.
In nutshell, there is no need to configure internal MX record, simply because internal email traffic is controlled by Active Directory. MX record is recommended on External or Public DNS to speed up the DNS query.

Amit Rawat
View Amit Rawat's profile on LinkedIn