@scottalanmiller said in Unable to send emails to Gmail from my domain:

@Pete-S said in Unable to send emails to Gmail from my domain:

Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.
If you haven't checked your IP against blacklists you must do so as well.

That implies that you are running your own email server which isn't exactly forbidden, but it's a "no no". If you are running your own email server, it's expected that you will proxy through a big sender with clean IPs that have been cleared already.

For all intents and purposes, the modern email frameworks are built around limiting email sending from big senders (Amazon, MS, Google, Zoho) only and all others are suspect and/or blocked outright. Even people running their own email servers typically (without knowing) block or restrict receiving emails from anyone but the giant carriers.

Yeah, I agree. But since we are looking at SPF records with IPs then that is what the OP is doing (sending emails from their own IPs).

But it's better to use an email service to send stuff out and have them worry about IP reputation, blacklist etc.

@scottalanmiller said in Unable to send emails to Gmail from my domain:

@Pete-S said in Unable to send emails to Gmail from my domain:

@Mr-Jones said in Unable to send emails to Gmail from my domain:

GoDaddy TXT Record:
v=spf1 a:mail.contoso.com ip4: 104.200.130.82 -all

This is invalid. There should be no space between ip4: and the ip address.

Also it's common to do ~all instead of -all when starting out.
~ will cause a soft fail on SPF failure while - will cause a hard fail.

We did that this week, too! This thread is like "yesterday's project" line for line, basically.

Yeah, I've done it a couple of times as well, but not this week

The only thing I don't have a clue about is how you set up DKIM on on-prem Exchange so all messages are signed.

@Mr-Jones said in Unable to send emails to Gmail from my domain:

Error:
"mx.google.com gave this error:
Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked. "

This doesn't say anything about SPF, DKIM or DMARC failure, but the fact that you don't have them is a sign that your message is spam.

Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.

If you haven't checked your IP against blacklists you must do so as well.

@Mr-Jones said in Unable to send emails to Gmail from my domain:

GoDaddy TXT Record:
v=spf1 a:mail.contoso.com ip4: 104.200.130.82 -all

This is invalid. There should be no space between ip4: and the ip address.

Also it's common to do ~all instead of -all when starting out.
~ will cause a soft fail on SPF failure while - will cause a hard fail.

@Mr-Jones said in Unable to send emails to Gmail from my domain:

*I'm still waiting for Budget approval/acquisition for the DMARC stuff.

There is nothing you need to buy to implement it.

You should implement SPF, DKIM and DMARC.

The only thing you might want to buy is a service that will watch your DMARC reports and generate notifications if there is a problem.

I think this is very good and good value as well:
https://www.uriports.com/pricing

Use their awesome free service to test your email setup and learn more about DMARC.
https://www.learndmarc.com/

@Saba said in Windows 10 and RHEL 9 Dual Boot help.:

@Pete-S When i rebooted from Linux, I actually selected Windows 10 from the list of available operating systems

Sorry, I can't help you. I stopped trying to get Windows and Linux to coexist on the same drive with dual boot because Windows would often cause some problem even when it's suppose to work.

So when I need windows and linux on the same machine I do one of three things:

• run the secondary OS in a VM and then both OSes can run at the same time
• install each OS on it's own drive and swap drives as needed
• have windows installed but boot linux from a USB drive without actually installing it

@scottalanmiller said in Windows 10 and RHEL 9 Dual Boot help.:

@Saba said in Windows 10 and RHEL 9 Dual Boot help.:

I used the RHEL installation for a few hours then rebooted to Windows 10.

Was this starting from a boot? Is it possible that you hadn't installed yet and were just running live?

My thought as well.

@scottalanmiller said in Ubuntu Ethernet before WiFi:

@hobbit666 said in Ubuntu Ethernet before WiFi:

@scottalanmiller said in Ubuntu Ethernet before WiFi:

Terminal should just be using OpenSSH.

This might be the issue. Will have a play after my holidays

In theory, Window's OpenSSH implementation is completely identical to the one on Linux and BSD. I can't way I've tested much in Windows 11, but on 10, it's definitely identical.

"Completely identical" is a bit of a stretch since it's a fork, so it has additions and changes and might not support everything the main project does. It's likely lagging behind the main project too.

But "works the same" or "practically the same" or "has the same code base"...

Microsoft only has one fork, so windows version shouldn't make any noticeable difference.
https://github.com/PowerShell/openssh-portable

PS. In OP's case he has probably hasn't the right key in openssh. OpenSSH and Putty don't share their ssh keys. They are in different folders.

@scottalanmiller said in Ubuntu Ethernet before WiFi:

@hobbit666 said in Ubuntu Ethernet before WiFi:

@Pete-S said in Ubuntu Ethernet before WiFi:

@Pete-S said in Ubuntu Ethernet before WiFi:

So I would look at:

changing the NIC the software binds to (configuration files?)

A quick search seems to indicate that Minecraft Server have config file called server.properties .

Inside that there is a setting called server-ip.

Set that to the static IP of the computer's IP on the LAN and I'm guessing it will bind to your LAN port every time.

Yeah will give that a try.
For some reason you can't "bind" to a specific port. It's been a requested feature with M$ for a while now.

Such an easy thing to do, too.

With "port" are we talking about a NIC or tcp/ip port? Sometime people say port but are actually referring to a specific network interface which can cause confusion. So to clarify, port in the text below is tcp/ip port and not network interface.

The normal thing for a server application is to bind to all or one specific IP address that the server have and to a specific port. Not a specific NIC.

As you may or may not know this comes from the low level socket api that all OSes use but originated from unix (BSD). The function that tells a socket what ip & port to use is called bind.

Higher level functions in programming languages such as java, python or whatever are usually just wrappers for the socket api.

From what I can see there seems to be options in the configuration files for Minecraft server to set which ports it should bind to as well. I don't have any experience with Minecraft, that info is just from a quick search.

Normal procedure if you want more control over a server and which IP addresses it actually replies on, is to have it bind to all IPs then employ access control with the OS firewall.

Default behavior for the bind function is to actually bind to all IPs - if you don't specify an IP. So I would expect Minecraft server to actually bind to all IPs if none are specified. But the OS firewall may not be open to accept traffic on all interfaces.

On linux you can check what service are bound to what ports and IPs with netstat -tulpn
It will not show if the firewall is open or closed though (I think...) You have to check that as well.

@Pete-S said in Ubuntu Ethernet before WiFi:

So I would look at:

changing the NIC the software binds to (configuration files?)

A quick search seems to indicate that Minecraft Server have config file called server.properties .

Inside that there is a setting called server-ip.

Set that to the static IP of the computer's IP on the LAN and I'm guessing it will bind to your LAN port every time.

@hobbit666 said in Ubuntu Ethernet before WiFi:

Question,
Is there a way of getting Ubuntu to delay start the WiFi until fully booted?
But keep the ethernet as is.

I have a laptop I'm setting up, but the software I'm installing binds the port to the first nic it sees (minecraft) which always seems to be the WiFi. I want it running on the ethernet but then allow WiFi to connect so I can remote admin it over WiFi (ethernet is on different network)

I would look at differently.

The problem is not wifi, it's the fact that the software binds to the wrong NIC.
To me it's very odd that it selects wifi to bind to, since normally LAN would be the first NIC.

So I would look at:

• changing the NIC the software binds to (configuration files?)
• changing NIC names
• changing NIC enumeration order

@Mario-Jakovina said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@scottalanmiller said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@travisdh1 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@scottalanmiller said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

@syko24 said in ONLYOFFICE has released ONLYOFFICE Docs version 7.1.:

OnlyOffice is a pretty nice alternative to MS Office. If they had an email client that would definitely be a huge plus for their product.

An email client? When would that be useful? All business email products have their own clients when needed and use web interfaces for most things (including offline handling.) Generally email clients as standalone things aren't considered a good thing (think the disaster that is Outlook.) I think no one offers one because no one should want it.
What are you looking to do with an email client? What's the use case?
I know lots of people still use Outlook because users are addicted to it. But if you are going to leave Outlook, you'd not move them to another fat client, but to the modern interfaces everyone offers.

Outlook is so much better when using the PWA version, even with it you should be getting rid of the fat client!

Not for someone who has multiple email addresses. Having to constantly click back and forth to change the user account is not ideal.

Don't have that problem with my web client. That functionality is built in.

I use Thunderbird becuase I have few email accounts, and I do not like a single web client I use(d). I do not like Gmail nor online Outlook.
I did not even knew that they support multiple accounts.
Can you name some web clients that you like, and that support multiple accounts?

(btw - I hate emails as a communication tool)

Yeah, email in Thunderbird is superior to any web client, especially when using multiple accounts or trying to do advanced stuff.

Problem is that email takes up too much time. So for common users it's better to have one account only, wean them off from email in general and migrate them to the web client or mobile app. The simpler, the better.

BTW, we use Zoho and you can integrate other imap/pop3 mailboxes as well.
https://www.zoho.com/mail/help/external-imap-accounts.html
Last time I tried it though I found some bugs and I haven't checked if they've fixed them yet.

@Dashrender said in Restrict access to parent folder but allow child folder access:

@Pete-S said in Restrict access to parent folder but allow child folder access:

@Dashrender said in Restrict access to parent folder but allow child folder access:

It's not just a list of all extensions, it's broken out into areas and departments, etc.

Yes, I imagine that would be the case for most companies.

The thing is that it would be helpful to have a system to manage it. Different companies, departments, persons or function will have different needs but a good system should be able to accommodate most of those needs with a minimal amount of work.

Integration between different system is what is need to avoid doing the same work in multiple places. The whole point of having things in a system instead of manually doing it, is to save time and provide organization and when possible automation.

I don't see a problem replacing files with better system on the technical level. But actually finding system that can get the job done without going with bespoke solutions can be tough. And bespoke software isn't cost effective in a lot of cases.

I think a paper copy only works until you're more than a page. We're still at a single page.

I think you can keep it going for quite some time - if you wanted to.

A long time ago I worked at a company that printed their own little phone book with all the internal extensions and numbers. It had maybe 30 pages or so.

@Dashrender said in Restrict access to parent folder but allow child folder access:

It's not just a list of all extensions, it's broken out into areas and departments, etc.

Yes, I imagine that would be the case for most companies.

The thing is that it would be helpful to have a system to manage it. Different companies, departments, persons or function will have different needs but a good system should be able to accommodate most of those needs with a minimal amount of work.

Integration between different system is what is need to avoid doing the same work in multiple places. The whole point of having things in a system instead of manually doing it, is to save time and provide organization and when possible automation.

I don't see a problem replacing files with better system on the technical level. But actually finding system that can get the job done without going with bespoke solutions can be tough. And bespoke software isn't cost effective in a lot of cases.

@WrCombs said in Application error -:

So being told this is a windows issue, but I'm not sure how.

I've been beating my head against my desk with this for weeks now.
any advice would be appreciated.

In dotnet applications developers can build their applications against different version of .net.

As we know, the gazzilion .NET versions is a mess. So to alleviate the mess the application have config files with redirect bindings so you can decide which version of .net the application should use - even if it was intended for another version.

Since you don't have 4.0 you can try and redirect to 4.8 instead.

However you can also install 3.5 on Windows 11 and redirect to that, which I think maybe has a higher probability of succeeding. Since 3.5 is backwards compatible with 2.x and 3.x applications and it looks like your application originally required version 2.x.

There is actually a good chance that just installing 3.5 will solve your problem, because there are automatic redirects going on as well. (But undo your changes to the config file).

Links to look at:
https://docs.microsoft.com/en-us/dotnet/framework/configure-apps/redirect-assembly-versions
https://docs.microsoft.com/en-us/dotnet/framework/install/on-windows-11

@Dashrender said in Restrict access to parent folder but allow child folder access:

@Pete-S said in Restrict access to parent folder but allow child folder access:

Basically what @scottalanmiller said above. Avoid "files". Let application handle the information in an organized way where the user are not going to be working with files. Only systems and sysadmins would have to think about "files".

I love the thought process here - but getting users to give up files is like pulling teeth.
Policies and Proceedures - docx/PDF - could be replaced with Wiki
Phone lists - docx/PDF - could be replaced with wiki - but people demand to print it out for faster access.
reports pulled from ERP - xlsx - what? to a custom app?
new employee paperwork - docx/pdf - HR system

Yeah, that is the problem. It's hard to find applications that can replace manual work. And most importantly, make it easier than it is to do it manually.

For example, phone numbers and lists should be pulled from databases, not wikis. I mean basically everybody today have their smartphones filled with contacts that they use to call someone. And they can't recall a single phone number because they never need to. They're all in a database.

But to automatically get the phone numbers people need into the phones they use (cell, voip, etc) isn't always so easy.

So you'd want a system that contains a database with all contacts in the company and has web access. It can integrate with whatever PBX you use and sync to whatever else phone you need contact info on. Also being able to set up "favorites" and use that info to automatically program shortcuts/BLFs on phones and sidecars for 1-button access. And also print lists of phone numbers if you need it on paper.

Does this system exist? I don't know. I've seen systems that can do bits and pieces of it but lack the overall vision.
But a lot of companies with more than a handful of employees needs something like it.

Hmm, now I'm thinking I probably should have installed Windows 11 instead...

Well, maybe not, I don't actually run it on anything else.

OK, turned out that there are actually two Education versions:

• Windows 10 Pro Education (based on Professional)
• Windows 10 Education (based on Enterprise)

Perhaps Education based on the Enterprise version is only for volume keys and Education Pro is what you get when you buy a computer that comes pre-installed with the Education license. I don't know.

Anyways, I managed to reinstall Windows 10 using the standard download media from Microsoft:
https://www.microsoft.com/en-us/software-download/windows10

Installation didn't find the product key in the BIOS so I had to install without a product key and select "Windows 10 Pro Education".

After completing the installation I wanted to active Windows. It wouldn't do this by itself.

So to activate I needed the product key in the BIOS. To get that you run:
wmic path SoftwareLicensingService get OA3xOriginalProductKey

Then I entered that key into the activation which worked perfectly.

You can probably apply the same approach to reinstall different Windows version when you have a OEM license on the hardware - especially when you have wiped or installed a new drive and you have no installation or recovery media at hand.

I have a couple of laptops that has been wiped completely and needs to be reinstalled.

I think they're OEM licensed for Windows 10 Education because they have the stickers. Is that the same installation image as Enterprise?

According to Microsoft, the Education edition is Enterprise with different defaults.

@stacksofplates said in VNC Replacement solution:

@Pete-S said in VNC Replacement solution:

@stacksofplates said in VNC Replacement solution:

@Pete-S said in VNC Replacement solution:

@scottalanmiller said in VNC Replacement solution:

@stacksofplates said in VNC Replacement solution:

Nomachine works well. It's easy to set up and I've found it to be more performance and easier to set up than VNC. If it's just between windows and Linux, then rdp works also as Pete mentioned (if you don't want straight console access).

And easier than RDP on some platforms.

Nomachine is free only for personal use. You have to pay if you're using it for commercial use. It's not exactly straight forward to know what is what but there are some guidance here:
https://knowledgebase.nomachine.com/AR03P00972

My interpretation is that you can get away with the free version only for sporadic admin tasks. Anything else in a company requires the enterprise license.

That sucks. It didn't used to be like that. I really feel like they are just strangling their product over time. The pricing for everything they have is ridiculous.

Yeah, they've made changes over the years. There is the NX protocol and it's wasn't open source but then it was and then it wasn't. I think open source project such as freenx / x2go uses NX but it's not compatible with the NX version that NoMachine uses. I've run into that problem a couple of years ago. I don't know if freenx exists anymore or what the deal is.

Yeah I think nomachine uses nx4 and x2go uses the old open source nx3. It's a mess. I know when I did this for the DoD contractor we just ended up using RDP because the whole ecosystem was terrible. X2Go looks like it still can't support anything past GNOME 3.12 which is ridiculous as it's been like 5-6 years since I last looked.

It's funny because we looked at it as well and we too ended up with RDP. And RDP has improved a lot over the years.