• No Comments

What a mission this was!

Oracle netsuite just flat out refuse to give you a list of IP Address’ for their sending servers

“Support will not provide a list of NetSuite IP addresses” https://docs.oracle.com/cloud/latest/netsuitecs_gs/NSADM/NSADM.pdf

Ontop of this there’s no way to use an internal domain name to send emails like noreply@email.netsuite.com , so there is no clear way to whitelist your spamfilter  ……

After back and forth with their support , they finally gave us sent-via.netsuite.com which you can do a DNS lookup of to get the IPs ( You will have to monitor this for updates ) . Mimecast allows you to whitelist via SPF record so we could add this

Name: sent-via.netsuite.com

> set type=txt
> sent-via.netsuite.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
sent-via.netsuite.com text =

“google-site-verification=MgKgRWwbn2QifDQBVdRu-IQLvbiR8GFB1hNDz_fmzPU”
sent-via.netsuite.com text =

“v=spf1 include:mailsenders.netsuite.com include:_spf.sparkpostmail.com -all”
> mailsenders.netsuite.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
mailsenders.netsuite.com text =

“v=spf1 ip4:167.216.129.180/32 ip4:167.216.129.182/31 ip4:167.216.129.184/29 ip4:167.216.129.192/29 ip4:167.216.129.200/32 ip4:167.216.129.210/32 ip4:64.89.45.192/30 “
“ip4:64.89.45.196/32 ip4:208.46.212.208/31 ip4:208.46.212.210/32 ip4:185.72.128.75/32 ip4:185.72.128.76/32 ip4:212.25.240.83/32 ip4:212.25.240.84/31 ip4:72.34.168.76/32 “
“ip4:130.61.9.72/32 ip4:130.61.68.235/32 ip4:132.145.13.209/32 ip4:132.145.11.129/32 ip4:152.67.105.195/32 ip4:140.238.193.139/32 ip4:152.67.105.20/32 ip4:72.34.168.86/32 ip4:72.34.168.85/32 “
“ip4:64.89.44.85/32 -all”
> _spf.sparkpostmail.com
Server: dns.google
Address: 8.8.8.8

Non-authoritative answer:
_spf.sparkpostmail.com text =

“v=spf1 exists:%{i}._spf.sparkpostmail.com ~all”
>

I also recommend you change the From address to a generic netsuite@yourdomain.com so easy to monitor

Dkim

NetSuite Email Campaign Best Practices

• No Comments

Recently I was trying to use Item Level targeting on some group polices using just NOT statements ( so it should apply to anything that isn’t NOT ) 

NOT UserA OR NOT User3

However it was not working , Turns out your statement cannot be all NOT’s it has to have a IS in it as well

So it needs to look something like

User IS in Domain Users and NOT UserA or NOT User3

• No Comments

Australian drivers’ licence: \b[A-Z0-9][0-9]{5,7}\b

Australian passport: \b[A-Z][0-9]{7}\b

Australian tax file number: \b[0-9]{3}( ?)[0-9]{3}\1[0-9]{2,3}\b

Exclude

1 exclude “Automatic reply:” “Undeliverable:” “Accepted:”

• No Comments

We wanted to swap a new SAN for a customer and our distributor wanted us to run the Nimble Space Savings Estimator , to find out how big the device needed to be.  Unlike Dell with LiveOptics tool , you have to run this across EVERY virtual machine, and run it across all drives for it to scan. I wrote a tool we could use inside BatchPatch to run this .exe from a share across all VM’s

This needs to be run out of hours due to heavy scanning of disk

#Find All Drives on PC (Not CDRom\System Partition)
$drives = Get-Volume | Where-Object {($_.FileSystemLabel -ne "System Reserved") -and ($_.DriveType -eq "Fixed")}

Foreach ($drive in $drives)

{
#Get DriveLetter
$drive = $drive.DriveLetter
& "\\share\Space Savings Estimator\NimbleSSE.exe" $drive`:

}

• No Comments

Setup

• Remove text on stationary ( HTML and plain text ) before sending emails via Mimecast
• Disable Office 365 Spam Filter
   
  

Maintenance

• Enabled Digest Sets every Hour ( not every 4 hour )
• Disable Device Enrollment
  
  1. Log on to the Administration Console.
  2. Click on the Administration menu item.
  3. Select the Account | Account Settings menu item.
  4. Expand the User Access and Permissions section.
  5. Select the Targeted Threat Protection Authentication option.
• SAML for Authentication SSO via a provider like Office 365 for 2fa and Brute Force protection. If not Fall back to LDAPS ( EWS basic Auth is not Secure ) 
• Disable Cloud Auth ( Or enable only for Continuity , and expire logins after 30 days ) 
• Service Monitoring Setup
• Acknowledge Disabled Users ( Make sure Receipt Validation is set to Known 
• Setup impersonation protection for VIP
• Restrict Administration Console to IP
• Continuity Test
• Confirm you have an account as Super Admin
• Enable Outbond DKIM\SPF\DMARC
• Inbound (  this we recommend a “Reject” setting. Out of the box we set it to ignore/managed permitted sender entries as some customers didn’t like that it was too aggressive. ) 

• No Comments

When users try and use the Mimecast for Outlook Add-in they login and get Application Disabled

1. Make sure this is ticked
   
2. Restart Outlook then try again
3. Sometimes Mimecast caches Authentication Profiles locally in C:\Users\%username%\AppData\Roaming\Mimecast\msw.s3db , Delete this file with Outlook closed and try again

• No Comments

Mimecast has a method to be able to replay emails to OnPremise Exchange which is neat 

We had a case needing to do this recently for a customer in 365. Mimecast tout their own product “Sync & Recover” for this however it was a one off thing and the extra cost couldn’t be justified

Thought of a way to do this without this , however you need to export the PST of individual users 

1. Export Mail to PST of each user missing mail
2. Reimport to PST to the office365 in the background for each user ( User the RootFolder in the CSV File as /Inbox

• No Comments

Both Mailguard and Mimecast have a list of allowed emails for users. When migrating from one platform to another you will need to copy these over.

Mailguard does not have an export function for its “Active Whitelist” so you will need to copy the Table produced in the Admin Panel into Excel and remove all but your two columns of emails.

These two columns will need some more manipulation as they mix up Senders and Receivers in the lists and Mimecast needs one Column for Each. But the First Column in A in Excel and he Second in B

In C1 add the following ( If A1 does has @domain.com in it list it , if B1 has @domain.com in it list it ) 

=IF(ISNUMBER(SEARCH(“@domain.com”,A1)),A1,””)&IF(ISNUMBER(SEARCH(“@domain.com”,B1)),B1,””)

In D1 add the following ( If A1 does not have @domain.com in it list B1 , if B1 has @domain.com in it list A1) 

=IF(NOT(ISNUMBER(SEARCH(“@domain.com”,A1))),,B1)&IF(NOT(ISNUMBER(SEARCH(“@domain.com”,B1))),,A1)

Example

Once one , create a .xls file with columns

Add the domain.com to #Address

Add the other domain field to either trusted_senders ( Allow Spam and Attachments ) or Approved Senders ( Allow Spam ) 

Import into Mangaed Senders using the PostIni Option 

• No Comments

Symptoms – staff unable to login to Outlook for Desktop 

Error found in event log on patched Domain controller

The Netlogon service denied a vulnerable Netlogon secure channel connection from a machine account.  

Workaround

Deploy GPO to allow insecure connections (this should be done only until machines are patched)

Refer to https://support.microsoft.com/en-au/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc

• No Comments