Endy's Blogomat

Blog Archives

SMTP TLS trouble with cisco 851w

Since weeks I experienced a very strange problem with smtp and tls. My postfix mail server allows TLS encrypted connections – unfortunately this does not seem to work as soon as I’m at home – at work everything is fine. Today I found some time to investigate. I tested the TLS smtp connection using openssl from various systems I have access to by issuing:

openssl  s_client -starttls smtp -host my.mail.server -port 25

Only from my home LAN I got the following error:

root@linkstation:/home/nd# openssl  s_client -starttls smtp -host my.mail.server -port
2933:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO: unknown protocol:s23_clnt.c:567:

Now I began to suspect my cisco 851w Router and I was right! The router logged:

179041: Jan 13 14:51:15.969 CET: %FW-3-SMTP_INVALID_COMMAND: Invalid SMTP command 

(STARTTLSrn)(total 10 chars) from initiator (

After searching the net I found out that this also is a known problem on Cisco PIX firewalls. I disabled smtp inspection using:

c851w-nd(config)#no ip inspect name DEFAULT100 smtp

Now the ssl handshake is successful. Looks like the deep inspection inside Cisco IOS is not knowing about TLS. BTW: my Cisco runs IOS version 12.3(8r)YI2.

My Linkstation runs kernel 2.6.22

After getting fooled for about 6 hours by my cisco home router I finally managed to install u-boot bootloader on my linkstation and also boot a 2.6.22 kernel. What you basically need are the binaries for u-boot you can download here, and a linux or unix PC having netcat installed. (more…)

Apple wireless keyboard and PS3

Someone gave me the nice thin Apple Bluetoth Keyboard as christmas present. When I bought my PS3 the first thing I thought about was sitting on the couch and surfing with the PS3’s webbrowser using a bluetooth keyboard. Initaly I don’t had any success since the Apple keyboard refused to pair with the PS3. After it found the Apple Keyboard nothing happen until you pressed the return key on the keyboard which results in an error message. Next step was to update the PS3 Firmware to the most recent version. I did this using the online update from the menu and voila: after the update the keyboard paired flawlessly – BTW: this entry was written from my PS3 while sitting on my couch 🙂

Figthing with Time Machine on OS X (Update 2)

As mentioned earlier, time machine is not working out of the box on network shares as promised initially by Apple. After reading some Forums and blogs it looks like Apple stripped down Time Machine Configuration options in the final release. Never the less i managed with the help of the information provided in these forums and blogs to workaround this issue and enable Time Machine to backup to my netatalk AFP share on my Buffalo Linkstation. All you need is a spare USB disk. Here are the steps: 

  1.  connect the USB (or FW) drive to your mac
  2.  if time machine recognizes the drive just ignore it
  3. Rename the Drive to the name you would like to use for your backup share e.g. Backup
  4. Open Time Machine Configuration Dialog in System Preferences
  5. Now select your attached USB drive
  6. You will see the next backup Timer countdown, just cancel it by pressing the X button
  7. now connect your AFP share (Finder Cmd+K) 
  8. next open a terminal and copy two files from the USB Disk Volumen e.g.  
    cp /Volumes/Backup/.com.apple.timemachine.supported /Volumes/Backup-1/ 


    cp /Volumes/Backup/.00* /Volumes/Backup-1/
  9. now disconnect your USB Disk and unmount your AFP share
  10. Reconnect to your AFP share and select Backup Now by right klick (or Ctrl-Klick) on the TimeMachine Dock icon.
  11. Voila !  now your Backup should start.

you should see something like this: 
Time Machine creates not a simple Directory like on the attached Disk but a sparse Image which is then automatically mounted and used as the target.

Update 1:

After hours of waiting and finally a successful backup, I found out that time machine itself does not use the created backup on the network share – so you can make an automatic backup but not use the fancy interface – which is from my point of view only about 50% of what I would like to have or in other word useless :-( 

Update 2:

hopefully this guy is right ;-) 

Mac OS X Leopard has arrived

Today I received my copy of Mac OS X Leopard. Just as promised it took about an hour to install it on my MacBook Pro. My first impression is that it feels more responsive than Tiger – maybe because of better support for multi Core CPU’s. The reworked interface looks nice, especially the new cover flow like feature in the Finder is fun to use.

Here a screenshot of my new desktop:


I was impressed that my Cisco VPN CLient was still operational like most of the other Apps. Also most important for me: Finally in Leopard  you can use Cisco VPN Client over a PPP connection! This is the greatest improvement or lets say bug fix for me. I often need to access networks using the VPN client and – to be honest – while being on the road my mac was not capable of doing this easy task without the help of vmware and windows.

For the other apps – I ran into the following issues:

  • Quicksilver – Icon was shown in the dock even if hide from dock was selected after updating to the latest version everything was fine.
  • growl – growl mail plugin is incompatible with leopards mail app. Hopefully this will be fixed soon – I already miss this.
  • Spaces: What I really like is spaces since I missed this feature most since I moved from Linux to OS X. All previous implementation where not that useful, but spaces is! You can easily move between spaces by hot-keys, move windows around and – what I like most – predefine space per Application.
  • Ichat:The new Ichat is fun, too. I played around with the effects and the screen sharing, also the presentation mode is quite nice. Ichat now handles multiple accounts and I got it working with our Jabber server at work. I still have some strange problem with an other Jabber account on a different server  but i will investigate later.
  • Timemachine: First thing i did was of cause plugging a new 500GB drive in in order to let time machine make a full backup. The initial backup took about an hour (about 65GB) which is still fast compared to the backup I made on Thursday using Carbon Copy Cloner which was about 5 hours for the same amount of data. The Interfaces is really nice and making backups or restoring things is pure fun. I think this is really a nice approach to provide such a convenient interface that people start using it. All other backup solutions i know are uncomfortable and unsexy compared to time machine – only drawback is the lack of network backups – or is there a way?
  • Preview:One thing I noticed is that preview has improved much – you now have more image processing tools at hand for example one to resize images easily.
  • Dashboard tool:As promised creating “widgets” from Dashboard is now really easy. In safari just select an area of a website and your done. I have not yet found a useful use case for this but it is at least a nice idea. 😉

These are only a few things which i already tested, hopefully I will find a lot more improvements.

For now I can summarize  that Leopard is not re-inventing an OS but a solid update with a few very nice new features and many useful improvements.

Fix for Parallels coherence mode in german 3168

Today i installed the new Version of parallels desktop for mac. Unfortunately the coherence mode does not work in the German version (3168 de). I finaly was able to get everything running including resolution changes on fullscreen using the vmtools.iso of the US version Parallels Desktop 3186 Mac en.dmg.You need to mount the dmg in finder, then follow this steps:

cd /var/tmpcp /Volumes/Parallels Desktop/Install Parallels Desktop.pkg/Contents/Archive.pax.gz .gunzip Archive.pax.gzcpio -i -d -IArchive.pax ./Library/Parallels/Tools/vmtools.isosudo cp Library/Parallels/Tools/vmtools.iso /Library/Parallels/Tools/vmtools.iso 

Afterwards mount the image in parallels using Device->CD/DVD->Image and select /Library/Parallels/Tools/vmtools.iso.Now inside your vm go to the cd-rom drive and run PrlTools.exe. Once everything is installed restart and your done 😉

OpenVZ und echtes Ethernet mit veth

Heute mal was fachliches 😉

Falls jemand mal unter OpenVz ein Interface braucht auf dem man snoopen kann und welches eine Mac Addresse hat, sollte er ein veth device verwenden. Das ganze ist hier beschrieben.

Ich war heute mal so frei das /usr/sbin/vznetaddroute script zu tunen und im OpenVz Wiki zu dokumentieren. Nun ist das ganze ein wenig generischer. Wer Lust hat kann sich das ganze ja mal anschauen, es macht OpenVZ noch interessanter – nicht unbedingt das Script aber die Funktion an sich 🙂

Wer fragen hat kann mich ja anmailen….