Solaris 10 Services

Working with services is pretty straight forward and provides some useful information and control of services on your Solaris 10 install.

If you want to see all of the services running on your machine.

svcs

If you want to list the details of a service.

svcs -l SERVICE_NAME

If you want to enable a service use the svcadm command.

svcadm enable SERVICE_NAME

As you might imagine disabling a service is just the opposite.

svcadm disable SERVICE_NAME

So as you can see, working with services in Solaris 10 is pretty straight forward. There are additional features for these commands, I'd suggest taking a look at the man pages for more info.

IronMail

I recently deployed McAfee Email Gateway, aka IronMail, and so far it's operated as advertised.

Out of the box, it does a better job than the solution it replaced. Now in defense of the old solution, it didn't have a database like TrustedSource to check reputation against, which by the way was one of the main reasons to move to IronMail.

IronMail has more than it's share of options, but I have to admit, they aren't always located under the tabs that I would typically expect to find them. However, once you figure out their logic it is really rather easy to navigate the GUI.

Troubleshooting issues via the CLI is very nice. If you are use to working at a *nix CLI, you will like this feature.

Finally, support. Like other SecureComputing, now McAfee, products I have used in IronMail tech support is very good. They have a special high level port that support can use to connect to your appliance to assist in troubleshooting.

It's not the least expensive solution nor the easiest to run, but I am impressed with the power and effectiveness of IronMail.

Fixup Protocol

I hadn't setup a new PIX in a while and the couple ASA firewalls I have recently setup haven't needed SMTP service till now.

I moved an Exchange 2007 edge server from a DMZ in a PIX to a DMZ in an ASA. Had all of my ducks in a row with routing, firewall rules etc..., so imagine my suprise when the edge server couldn't properly pass SMTP data to the hub and vice-versa.

After examining logs on the ASA and Exchange servers and going through the firewall and server configs multiple times it dawned on me that maybe I was dealing with the fixup protocol again. I had thought that Cisco would have addressed this pesky little problem with the ASA, but alas, no. As soon as I disabled ESMTP from the inspection section, mail started flowing without incident.

If your using Exchange and Cisco ASAs for the first time, before you get to frustrated with mail not moving between the edge and hub servers, check the fixup protocol.