Windows Server 2008 PDC external time

Internet time is hidden from control panel.
As a PDC, Windows Server 2008 need to be synchronized with external source.
You can select the closest NTP server from http://www.pool.ntp.org/en/

Microsoft recommends (quote from technet.microsoft.com):

  1. Click Start, and then click Command Prompt.
  2. In the Command Prompt window, type the following line, where peers is a comma-separated list of IP addresses of the appropriate time sources, and press ENTER:w32tm /config /manualpeerlist: peers /syncfromflags:MANUALThe time sources you choose depend on your time zone. For example, if your domain controller is located in the Pacific Time zone, this line might read:w32tm /config /manualpeerlist:131.107.1.10 /syncfromflags:MANUALIn this example, the IP address of the timeserver is used instead of the fully qualified domain name for security purposes.
  3. Press ENTER. You should get a message that the command completed successfully.
  4. Type w32tm /config /update
  5. Press ENTER. You should get a message that the command completed successfully.W32time uses a variable poll interval based on the quality of timesync with the server. On DCs, this interval defaults to between 64 and 1024 seconds.
  6. To immediately synchronize with the external time server, type w32tm /resync and press ENTER. You should get a message that the command completed successfully.
  1. Type Exit and press ENTER.

Example:
For Canada we can use
ca.pool.ntp.org wich has the ip 207.194.97.58 or
clyde.concordia.ca 132.205.1.1
bonnie.concordia.ca 132.205.7.81
tick.encs.concordia.ca 132.205.96.93
tock.encs.concordia.ca 132.205.96.94

w32tm /config /manualpeerlist:207.194.97.58 /syncfromflags:MANUAL
w32tm /config /syncfromflags:manual /manualpeerlist:”132.205.96.94,0×1 207.194.97.58,0×1 ” /update /reliable:yes

Blocking spambots with SCROLLOUT F1 and fail2ban

I asume that you have a fuly functional SCROLLOUT F1 instalation and you want to add spambot blocking feature.
Ad the following line to /etc/apt/sources list

deb http://ftp.debian.org/debian unstable main

Then run

apt-get update
apt-get -t unstable install fail2ban
cd /etc/fail2ban
cp jail.conf jail.local

Edit jail.local

[postfix]
enabled = true
port = smtp,ssmtp
filter = postfix
logpath = /var/log/mail.log
maxretry = 2
bantime = 7200

Edit /etc/fail2ban/filter.d/postfix.conf

failregex = reject: RCPT from (.*)\[\]: 450 4.7.1
reject: RCPT from (.*)\[\]: 554 5.7.1
reject: RCPT from (.*)\[\]: 550 5.1.1
reject: RCPT from (.*)\[\]:\d{5}: 550 5.5.1

Then run
service fail2ban restart
To check if it is working run:

fail2ban-client status postfix
iptables -L -n

You can play with following parameters:
maxretry, bantime, findtime
Do not forget:

  • always edit jail.local instead of jail.conf (this way you don not risk to stay outside if software is updated
  • put your trusted IP addresses in ignoreip