So about a year and a half ago, right before the pandemic hit hard, I was really looking for a job with health benefits. I interviewed with a company for entry-level helpdesk, only to be told that even though I've been a System Admin for 5 years, I wasn't quite qualified to be hired as an entry-level helpdesk because I didn't have a "traditional education". I was told "traditional education teaches discipline", while they overlooked my military background. I could say lots of things about this situation but I'll tell you what I did about it instead. I used my remaining 10 months of G I Bill to take some instructor-led certificate prep.

Over the last 10 months, I've gotten 8 certificates to include:
A+
Networking+
Server+
Security+
And some basic MTA, and Linux certs
Saturday afternoon wrapped up my last exam (Net+) and I'm due to graduate with a 100% Cumulative GPA, what's considered to be the Dean's List (x2), and every certification knocked out on the 24th.

Probably looking at finding a DoD job if possible now that I've got the Sec+, with an active Security clearance.

Anyway, I just wanted to tell someone, thanks for reading.

@hobbit666 said in Build or Buy?:

What would suggest today for a gaming PC?
Budget is £700 for just the box. Also any recommendations on specs, daughter wants to play Minecraft, Sub Nautica, Fortnite.
(But i want to be able to play Counter Strike, Modern Warefare (not fussed running at Ultra detail settings) )

I had pre-ordered a gaming pc on some boutique builder site, but the wait time is intense. Roughly two months-ish. While waiting on that build, I saw a rig on Newegg for $2,669 about a week ago with RTX 3080 and i7 10700KF, some budget case, and a decent Z490-P mobo with included EVGA keyboard and mouse, so I bought that right away and got it within 24 hours.

Needless to say I can run anything I've tried to play on Ultra. Overall this was the way to go considering the current market.

@scottalanmiller Yea, I see it now. My wife told me I should send the guy an email update on my success, but I'm not that petty. There was a lesson to be had, and I think I nailed it.

@dbeato - thank you!

So class, today we learned that a Move Request and a Migration are two separate functions. ::facepalm::

@scottalanmiller

LOL. Maybe even in something other than Access!

I talked to the boss and he agreed to moving to a SQL Server. Now I'm researching a frontend for it.

On-Prem Exchange
Outlook 2019

Okay so because we need everyone in the organization to see this shared calendar, and we can't add each person because you can't add that many people (I think it's somewhere in the ballpark of 64 max) I've been trying to figure out how to make it work/best practices.

After a bit of reading, I've created mail-enable Dynamic Distribution groups (via EAC) based on the "Department" field in the Organization tab of User>Properties in AD. I know these work, as I've been using them.

But, since you can't add dynamic distribution groups to the permissions list for calendars, I've created a mail-enable security group (via EAC) and put them all in it.

However, I can't get it to work. Users are able to pull the calendar up, but it just says "failed to update" above it, and I'm guessing it's a permissions issue.

Current permissions on each Distibution group:

Membership>Members: All Recipient Types (after "Only the following: Users with Exchange mailboxes" didn't work.)

Rule>Recipient Container: Domain (contoso.com)
Rule>Department: listed department names from the department fields in AD ("Registrar" etc.)

Any ideas?

EDIT: I'm clearly having a moment. So there's this little group called "Default" that's basically everyone, so I was able to set Reviewer to that group and now everyone can see the calendar. ::facepalm::

I'd still like to know how I could make my initial approach work, if possible.

@pete-s said in "Site not secure" | Self-signed Certificate?:

I'm not sure how you set up CA on Windows AD but I believe you can. Don't know if you can use that for non-Windows appliances.

I ended up using this approach. As usual, it took a bit of reading and research along with poking at the server, but I was able to use this approach.

Unboxing and setting up this many Chromebooks.

@scottalanmiller I don't know how new any of this is, but I'm really digging the transitions and logo stuff you got going on. It's got the RGB feel to it, but not over the top.

How do you guys handle the broad spectrum of phishing, whaling, scam, etc. attempts?

Had a user get a scam email recently. Thankfully they forwarded it to my dept, and promptly deleted it. I was reflecting on what we do in our department to educate users and I don't feel like it's enough.

Do you all ever screenshot the email and send out a warning of basically "this is what a phishing attempt looks like", with added notes on how and why?

Do you all ever create mock phishing attempts to send out to your organization that when clicked take them to basically a "oops, you did a bad thing, now take this training"? If so, what's a good site/program for that?

Do you ever report any of the attempts, or is it a simple blacklisting of that domain you deploy? If you do report them, to whom?

Would love some thoughts and input to see what everyone else is doing or some best practices.

@Mario-Jakovina said in Unable to send emails to Gmail from my domain:

@Mr-Jones said in Unable to send emails to Gmail from my domain:

Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.

I don't think that email only justify cost of O365.
I have excellent mail experience with different web hosting providers that provide email service included for a fraction of price of O365.

For example, Hetzner offers 300GB space with unlimited mail accounts for 17 EUR / cca. 20 USD a month.
(I have not used Hetzner's mail services but I have very good experinece with them in cloud/bare metal services)

I mean - you would not convince me to buy O365 with this argument

Agreed. We already have O365, but I've been instructed to keep Exchange On-Prem exclusively. Sorry that wasn't implied more clearly.

@Pete-S said in Unable to send emails to Gmail from my domain:

@Mr-Jones said in Unable to send emails to Gmail from my domain:

*I'm still waiting for Budget approval/acquisition for the DMARC stuff.

There is nothing you need to buy to implement it.

You should implement SPF, DKIM and DMARC.

The only thing you might want to buy is a service that will watch your DMARC reports and generate notifications if there is a problem.

I think this is very good and good value as well:
https://www.uriports.com/pricing

Use their awesome free service to test your email setup and learn more about DMARC.
https://www.learndmarc.com/

Really cool links there! Thank you!

@scottalanmiller said in Unable to send emails to Gmail from my domain:

@Pete-S said in Unable to send emails to Gmail from my domain:

Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.
If you haven't checked your IP against blacklists you must do so as well.

That implies that you are running your own email server which isn't exactly forbidden, but it's a "no no". If you are running your own email server, it's expected that you will proxy through a big sender with clean IPs that have been cleared already.

For all intents and purposes, the modern email frameworks are built around limiting email sending from big senders (Amazon, MS, Google, Zoho) only and all others are suspect and/or blocked outright. Even people running their own email servers typically (without knowing) block or restrict receiving emails from anyone but the giant carriers.

Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.

@scottalanmiller said in Unable to send emails to Gmail from my domain:

@Pete-S said in Unable to send emails to Gmail from my domain:

@Mr-Jones said in Unable to send emails to Gmail from my domain:

*I'm still waiting for Budget approval/acquisition for the DMARC stuff.

There is nothing you need to buy to implement it.

You should implement SPF, DKIM and DMARC.

The only thing you might want to buy is a service that will watch your DMARC reports and generate notifications if there is a problem.

I think this is very good and good value as well:
https://www.uriports.com/pricing

Use their awesome free service to test your email setup and learn more about DMARC.
https://www.learndmarc.com/

Exactly, it's just part of the configuration of setting up email. It's a setting.

Expand on this, please. It's my understanding there is no out-of-the-box support for DMARC or DKIM for On-Prem Exchange Servers.

@Pete-S
Very first thing I did.

I found one of the issues to be that our Network Firewall was configured with the wrong IP address for outbound traffic of that Exchange Server, so it was picking up the next available (our VPN IP) and using that to pass traffic. The SPF didn't match because of this.

Currently I can send now, but it always goes straight to Spam folder. Likely because we don't have DMARC set up yet.

@Pete-S
Good catch. There wasn't actually a space there, I just goofed.

I'll try ~all.

I recently started having trouble sending emails to Gmail from our domain.

Error:
"mx.google.com gave this error:
Our system has detected that this message is likely unsolicited mail. To reduce the amount of spam sent to Gmail, this message has been blocked. "

The only thing that changed was that I made an SPF record on GoDaddy for our On-Prem Exchange server. I've used Mxtoolbox to troubleshoot.

*I'm still waiting for Budget approval/acquisition for the DMARC stuff.

Mxtoolbox SPF Lookup:
spf:mail.contoso.com - Green on everything
mx:mail.contoso.com - No DMARC Record Found
mx:mail.contoso.com - DNS Record not found
mx:mail.contoso.com - DMARC Quarantine/Reject policy not enabled

It appears to me, as someone with no prior experience configuring an SPF record, that the issue might be the GoDaddy MX record. I'll disclose both in hopes that someone might be able to point out where I went wrong.

GoDaddy TXT Record:
v=spf1 a:mail.contoso.com ip4: 104.200.130.82 -all

GoDaddy A Record:
mail.contoso.com > 104.200.130.82

GoDaddy MX Record:
@ > mail.contoso.com (should this be mail > mail.contoso.com)?

On-Prem Exchange Server: EXCH01 with IP of 172.16.10.100

On-Prem A Records:
EXCH01 > 172.16.10.100
mail > 172.16.10.100

On-Prem Reverse Lookup Zone PTR Record:
172.16.10.100 > EXCH01.contoso.com
172.16.10.100 > mail.contoso.com

So I get the Network Firewall folks on the phone, and now everything wants to work as smooth as ever. Ugh.

I've spent maybe 30 minutes trying to replicate the issue that's plagued me repeatedly since 6:15am yesterday, and I cannot now.

Great news that it's all working now, embarrasing that I can't replicate it when asked.

I still feel like I need to know what happened.

Would a PHP error cause this? That's the only thing I can think of, as I was editing some conditional logic on the website yesterday morning, but I'm failing to see the correlation given the context of the issue. I feel like if the site had funky PHP, that would take the site down for everyone.

@scottalanmiller said in Website down, but only for organization Network:

@Mr-Jones said in Website down, but only for organization Network:

If resetting the Modem, Router, switches doesn't work, I'll move to the Network Firewall as I agree there might be some security DDOS protection or otherwise that's at play here.

Possible. What kind of firewall is it?

Barracuda.

@dafyre said in Website down, but only for organization Network:

Does your network have any kind of security stuff on the workstations or firewalls that monitors that kind of traffic? I've seen some rare instances where the Firewall or AV software would start blocking after a minute or two, and then it would crash and restart and then everything would be happy for another few minutes.

I've disabled local firewall, and put Web Filter in Audit Mode with no affect.

If resetting the Modem, Router, switches doesn't work, I'll move to the Network Firewall as I agree there might be some security DDOS protection or otherwise that's at play here.