Team Leader

Source : Amazon Web Services

Passione per il cliente

I leader costruiscono tutto a partire dal cliente. Lavorano con entusiasmo per conquistarne e mantenerne la fiducia. Nonostante siano attenti a ciò che fa la concorrenza, il loro sguardo è fisso sul cliente.

Responsabilità

I leader sentono l’azienda come propria. Pensano al futuro e non sacrificano il valore di lungo termine per i risultati immediati. Agiscono per conto dell’intera azienda, non solo del proprio team. Non dicono mai “non è una mia responsabilità”.

Inventare e semplificare

I leader si aspettano e richiedono innovazione e creatività dai loro team e trovano sempre il modo per semplificare. Sono attenti a quanto accade all’esterno, vanno alla ricerca di nuove idee ovunque e non sono limitati dal fatto che qualcosa non sia stato “inventato qui”. Poiché facciamo cose nuove, accettiamo di poter essere fraintesi anche per un lungo periodo.

Avere spesso ragione

I leader sono spesso nel giusto. Hanno grande capacità di leggere le situazioni e forti intuizioni.  Esplorano diversi punti di vista e lavorano per scardinare le proprie convinzioni.

Imparare ed essere curiosi

I leader non smettono mai di imparare e cercano sempre di migliorarsi. Sono curiosi e agiscono per esplorare nuove possibilità.

Assumere e far crescere i migliori

Con ogni assunzione e promozione, i leader alzano sempre di più il livello della performance. Riconoscono i migliori talenti e si adoperano per farli crescere all’interno dell’organizzazione. I leader sviluppano leader e prendono sul serio il proprio ruolo di mentori. Lavoriamo per le nostre persone inventando meccanismi di sviluppo come ad esempio Career Choice.

Insistere sugli standard più elevati

I leader hanno sempre standard elevati e molti possono pensare che questi standard siano irragionevolmente alti. Alzano continuamente il livello delle prestazioni e guidano i loro team a realizzare prodotti, servizi e processi di alta qualità. I leader garantiscono che i difetti siano individuati alla radice e che i problemi siano effettivamente e definitivamente risolti.

Pensare in grande

Pensare in piccolo è una profezia che si auto avvera. I leader creano e comunicano una direzione coraggiosa che ispira risultati. Pensano in modo originale e si prodigano per trovare nuove modalità per servire i clienti.

Propensione all’azione

La velocità conta nel business. Molte decisioni e azioni sono reversibili e non necessitano di studi approfonditi. Noi apprezziamo i rischi calcolati.

Frugalità

Ottenere di più con meno. Risorse limitate alimentano intraprendenza, autosufficienza e creatività.  Non si ricevono punti di merito nel far crescere gli organici, l’entità del budget o le spese fisse.

Conquistare la fiducia

I leader ascoltano con attenzione, parlano con sincerità e trattano gli altri con rispetto. Fanno autocritica, anche quando è difficile o imbarazzante.  Non si convincono di diffondere un buon profumo quando emanano un cattivo odore.  I leader confrontano sempre se stessi e i propri team con i migliori.

Andare in profondità

I leader operano a tutti i livelli, sono attenti ai dettagli, effettuano controlli frequenti e si insospettiscono quando metriche e aneddoti non concordano. Non pensano mai che certi lavori siano troppo umili per loro.

Avere carattere; dissentire e aderire alle decisioni

I leader sono tenuti a mettere in discussione, con rispetto, tutte le decisioni che non condividono, anche quando questo comportamento risulta scomodo o stancante. I leader hanno convinzione e tenacia. Non scendono a compromessi in nome della coesione sociale. Una volta presa una decisione, vi aderiscono completamente.

Portare risultati

I leader sono focalizzati a migliorare gli input chiave per il loro business e ci riescono combinando qualità e tempestività. Nonostante le avversità, si dimostrano all’altezza della situazione e non si accontentano mai.

Problem Restarting Apache

[Fri Mar 31 04:44:20.842898 2017] [:error] [pid 25467] (28)No space left on device: mod_python: Failed to create global mutex 2 of 8 (/tmp/mpmtx254672).

[Fri Mar 31 04:44:20.842912 2017] [:error] [pid 25467] mod_python: We can probably continue, but with diminished ability to process session locks.

[Fri Mar 31 04:44:20.842914 2017] [:error] [pid 25467] mod_python: Hint: On Linux, the problem may be the number of available semaphores, check ‘sysctl kernel.sem’

[Fri Mar 31 04:44:20.868130 2017] [mpm_prefork:notice] [pid 25467] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.6.30 mod_python/3.5.0- Python/2.7.5 mod_jk/1.2.42 configured — resuming normal operations

To solve :

This error completely stumped me a couple of weeks ago. Apparently someone was adjusting the Apache configuration, then they checked their syntax and attempted to restart Apache. It went down without a problem, but it refused to start properly, and didn’t bind to any ports.

Within the Apache error logs, this message appeared over and over:

Apache is basically saying “I want to start, but I need to write some things down before I can start, and I have nowhere to write them!” If this happens to you, check these items in order:

1. Check your disk space
This comes first because it’s the easiest to check, and sometimes the quickest to fix. If you’re out of disk space, then you need to fix that problem. 🙂

2. Review filesystem quotas
If your filesystem uses quotas, you might be reaching a quota limit rather than a disk space limit. Use repquota / to review your quotas on the root partition. If you’re at the limit, raise your quota or clear up some disk space. Apache logs are usually the culprit in these situations.

3. Clear out your active semaphores
Semaphores? What the heck is a semaphore? Well, it’s actually an apparatus for conveying information by means of visual signals. But, when it comes to programming, semaphores are used for communicating between the active processes of a certain application. In the case of Apache, they’re used to communicate between the parent and child processes. If Apache can’t write these things down, then it can’t communicate properly with all of the processes it starts.

I’d assume if you’re reading this article, Apache has stopped running. Run this command as root:

If you see a list of semaphores, Apache has not cleaned up after itself, and some semaphores are stuck. Clear them out with this command:

Now, in almost all cases, Apache should start properly. If it doesn’t, you may just be completely out of available semaphores. You may want to increase your available semaphores, and you’ll need to tickle your kernel to do so. Add this to /etc/sysctl.conf:

And then run sysctl -p to pick up the new changes.

Restart : service httpd restart

Deploy a Spring Boot application under Tomcat Web Server Container

Higthligths:
@SpringBootApplication
public class Application extends SpringBootServletInitializer {

protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}

public static void main(String[] args) throws Exception {
SpringApplication.run(Application.class, args);
}

}

pom.xml

<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-tomcat</artifactId>
    </dependency>



</dependencies>

Spring boot provides option to deploy the application as a traditional war file in servlet 3.x(without web.xml)supporting tomcat server.Please see spring boot documentation for this. I will brief what you need to do here.

step 1 : modify pom.xml to change the packaging to war:(that you already did)

<packaging>war</packaging>

step 2 : change your dependency

    <dependency>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-tomcat</artifactId>
   </dependency>

to

<dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-tomcat</artifactId>
      <scope>provided</scope>
</dependency>

step 3 :modify your war name (if you need to avoid the version details appended with the war name) in pom.xml under <build> tag.

<build>
    <finalName>web-service</finalName>
.....

step 4 : run maven build to create war : clean install step 5 : deploy the generated war file web-service.war in tomcat and request url in browser http://<tomcat ip>:<tomcat port>/web-service/hello

 

here the project : http://gitlab.saic.it/root/spring-boot-war-tomcat

ISPConfig 3 + RoundCube Mail 1.0 + Password Management

 Most of the articles on the web are referring to older versions. Below are the steps to get it working.

Assumptions: This works on a Ubuntu Server 12.04 LTS updated with the latest patches, setup by following “Perfect Server” tutorial, then installed with RoundCube 1.0 as the Webmail. (SqurrielMail installation was skipped).

1. Enable the password plugin of RoundCube – The 1.0 version comes with the plugin in the package, but not activated.

Under config/config.inc.php

// ———————————-
// PLUGINS
// ———————————-
// List of active plugins (in plugins/ directory)
$config[‘plugins’] = array(‘password’);

This tells you will activate the ‘password’ plugin which sits inside the plugins/ directory.

2. Then edit the plugins/password/config.inc.php

$config[‘password_db_dsn’] = ‘mysql://ispconfig:password@localhost/dbispconfig’;

“password” is stored in /usr/local/ispconfig/interface/lib/config.inc.php.

3. Edit $config[‘password_query’] in plugins/password/config.inc.php

$config[‘password_query’] = ‘UPDATE mail_user SET password=%c WHERE email=%u LIMIT 1’;

or

$config[password_query] =UPDATE mail_user SET password=%c WHERE email=%u and password=%o LIMIT 1‘;

Linux Command to check DNS

Find Out the Domain Mail Server

host -t mx saic.it

Find Out the Domain TXT Recored

host -t txt saic.it

Find Out the Domain SOA Record

host -t soa saic.it

Display All Information About Domain Records and Zone

host -a saic.it

oppure

dig +noall +answer saic.it

https://stopemailfraud.proofpoint.com/dmarc/

Display DKIM record

dig +short mail._domainkey.saic.it txt

Postfix SMTP Authentication for Mail servers

16. SMTP Authentication for Mail servers

 

SMTP AUTH for mail server is a feature that is often required to relay mail through other mail servers. To enable SMTP AUTH for Postfix, acting as mail client in this scenario, you need to do the following steps:

Procedure 10. Configure SMTP AUTH for mail servers

  1. Provide a file, which will holds necessary information about credentials
  2. Configure Postfix to enable SMTP AUTH for the smtp daemon
  3. Configure Postfix to use the file with the SASL credentials.

16.1. Add credentials to sasl_passwd

Postfix, acting as mail client in this scenario, will need to be able to

  1. know when to provide a username and password
  2. pick the right credentials when there is more than one mail server who requires Postfix to SMTP AUTH

16.1.1. Enter credentials

These informations are layed down in /etc/postfix/sasl_passwd:

[root@mail postfix]# less /etc/postfix/sasl_passwd
# foo.com1         username:password2
# bar.com            username:password
1 Using the hostname Postfix can identify the correct username:password when there are multiple entries in sasl_passwd
2 username:password are entered in plaintext format. They are separated by a single colon “:

The mail server that we want to relay through in this example is mail.my-isp.org; username is test and it’s password is testpass. We open /etc/postfix/sasl_passwd and add our credentials. When we are done it looks like this:

[root@mail postfix]# cat /etc/postfix/sasl_passwd
mail.my-isp.org      test:testpass

16.1.2. Secure sasl_passwd

As you have noticed, the credentials in sasl_passwd are entered plaintext. That means that anybody who can open the file will be able to read this sensitive information. Therefore we change ownership and permission to root and r/w only.

[root@mail postfix]# chown root:root /etc/postfix/sasl_passwd && chmod 600 /etc/postfix/sasl_passwd

After these commands ownership and permissions read like this:

[root@mail postfix]# ls -all /etc/postfix/sasl_passwd
-rw-------    1 root     root           79 Dec 30 23:50 /etc/postfix/sasl_passwd
[Note] Note
You wonder why Postfix running as user postfix can read this file?

Postfix will start as user root, read all files that need root permission and switch to user postfix after that.

16.1.3. Create sasl_passwd DB file

Now that we have set correct ownership and permissions there is one more thing to do. A plaintext file can’t be read as fast as database. Postfix requires this file to be a database, because it doesn’t want to spend a lot of time looking the credentials up when it needs to get it’s job done. We create a sasl_passwd.db with the help of postmap:

[root@mail postfix]# postmap hash:/etc/postfix/sasl_passwd

After that there will be a new file sasl_passwd.db in /etc/postfix/.

[root@mail postfix]# ls -all /etc/postfix/sasl_passwd.db
-rw-------    1 root     root        12288 Mar 13 23:13 /etc/postfix/sasl_passwd.db

From the onwership and permissions you can see that postmap applied the same as in the source file. That’s it for sasl_passwd; you only need to get back when the informations need an update.

[Note] Note
Don’t forget to postmap the file, when you change credentials. Postfix will tell you anyway by claiming that sasl_passwd is newer than sasl_passwd.db in the maillog.

16.2. Enable SMTP AUTH

There are only three options that you must set to enable SMTP AUTH for mail servers in Postfix.

[Note] Note
You can easily tell that these parameters are settings for the smtp daemon. They all begin with smtp_.

16.2.1. Enable SMTP AUTH

The first thing we do is enabling SMTP AUTH for the smtp daemon. We open main.cf and enter some documentation first and then we set smtp_sasl_auth_enable to yes.

# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes

16.2.2. Set path to sasl_passwd

Then we tell Postfix where to find sasl_passwd by adding smtp_sasl_password_maps = hash:/path/to/sasl_passwd to the configuration.

smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd

16.2.3. Set security options

Finally we set security options. In our scenario we will allow Postfix to use anonymous and plaintext authentication. That’s why we set the paramter, but leave it empty:

smtp_sasl_security_options =

All settings together will give this listing in main.cf.

# SASL SUPPORT FOR SERVERS
#
# The following options set parameters needed by Postfix to enable
# Cyrus-SASL support for authentication of mail servers.
#
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options =

16.2.4. Reload Postfix

All that you need to do now is to reload Postfix and you’re ready to use your ISPs mail server to relay mail.

[root@mail postfix]# postfix reload
postfix/postfix-script: refreshing the Postfix mail system

Have fun!

Configure DomainKeys (OpenDKIM) with Postfix on CentOS 7

Configure DomainKeys (OpenDKIM) with Postfix on CentOS 7

Very useful guide

In this post we will demonstrate how to install & configure DomainKeys with postfix (MTA) on CentOS 7 , i am assuming Postfix is already installed with following domain and hostname.

Hostname = mail5.freshdaymall.com

Domain = freshdaymall.com

Step:1 Set EPEL Repository using below rpm command

OpenDKIM package is not available in the default yum repositories but available in CentOS 7 EPEL repositories.

[root@mail5 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Step:2 Install OpenDKIM Package using yum

[root@mail5 ~]# yum install -y opendkim

Step:3 Run below Command to create keys

Execute the below command to create public & private keys under folder “/etc/opendkim/keys

[root@mail5 ~]# opendkim-default-keygen
Generating default DKIM keys:
Default DKIM keys for freshdaymall.com created in /etc/opendkim/keys.
[root@mail5 ~]#
[root@mail5 ~]# cd /etc/opendkim/keys/
[root@mail5 keys]# ll
total 8
-rw-r----- 1 root opendkim 891 Nov 29 08:42 default.private
-rw-r--r-- 1 root opendkim 320 Nov 29 08:42 default.txt
[root@mail5 keys]#

default.private is the private key for the domain and default.txt is public key that we will publish in DNS record (TXT) in the domain. A Selector ( default ) is created while generating keys, a selector can be unique keyword which is associated in keys and included in DKIM signature.

Step:4 Edit the Following Files :

  • /etc/opendkim.conf —- Config file of opendkim
  • /etc/opendkim/KeyTable —- As name suggest it defines the path of private key for the domain
  • /etc/opendkim/SigningTable — This file tells OpenDKIM how to apply the keys.
  • /etc/opendkim/TrustedHosts — This file defines which hosts are allowed to use keys.

Edit the file “/etc/opendkim.conf” & set the below parameters.

opendkim-conf-file

Edit the KeyTable file and replace the example.com with your domain name.

[root@mail5 ~]# cat /etc/opendkim/KeyTable
# OPENDKIM KEY TABLE
# To use this file, uncomment the #KeyTable option in /etc/opendkim.conf,
# then uncomment the following line and replace example.com with your domain
# name, then restart OpenDKIM. Additional keys may be added on separate lines.

#default._domainkey.example.com example.com:default:/etc/opendkim/keys/default.private
default._domainkey.freshdaymall.com freshdaymall.com:default:/etc/opendkim/keys/default.private
[root@mail5 ~]#

Edit the SigningTable file and define who will sign the outgoing mails.

[root@mail5 ~]# cat /etc/opendkim/SigningTable 
# WILDCARD EXAMPLE
# Enables signing for any address on the listed domain(s), but will work only if
# "refile:/etc/opendkim/SigningTable" is included in /etc/opendkim.conf.
# Create additional lines for additional domains.

*@freshdaymall.com default._domainkey.freshdaymall.com

As i am using * in above parameter which means all the users on domain are allowed to sign the emails.

Edit the TrustedHosts file , add Server’s FQDN and domain name below localhost ip (127.0.0.1)

[root@mail5 ~]# cat /etc/opendkim/TrustedHosts 
# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.

127.0.0.1
mail5.freshdaymall.com
freshdaymall.com
[root@mail5 ~]#

Step:5 Edit Postfix Config File (/etc/postfix/main.cf)

Add the below lines at end of /etc/postfix/main.cf file.

[root@mail5 ~]# vi /etc/postfix/main.cf
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

Step:6 Start OpenDKIM & postfix Service

[root@mail5 ~]# hash -r
[root@mail5 ~]# systemctl start opendkim ; systemctl enable opendkim ; systemctl restart postfix
ln -s '/usr/lib/systemd/system/opendkim.service' '/etc/systemd/system/multi-user.target.wants/opendkim.service'
[root@mail5 ~]#

Step:7 Update the TXT DNS record of your domain.

Use the output of default.txt and update the DNS Record (TXT) of the Domain.

domain-public-key-opendkim

Step:8 Send a Test email and view the logs.

sendmail-with-telnet

Check whether email is signed or not.

signed-by-email

Wow , Our email is signed and domainKeys configuration task is completed now.