Gmail could report back this error message: “Our system has detected an unusual rate of unsolicited mail originating from your IP address”

If your DKIM, SPF and DMARC are all set and your emails are correctly identified, then you may want to check the both links:

• Good links to get help on what to do: https://support.google.com/mail/thread/9191597?hl=en
• The form to be removed from GMail blacklist: https://support.google.com/mail/contact/bulk_send_new

Due to the 5,000 items threshold limitation it can become very frustrating to administrate Sharepoint. For example, if your list has more than 5,000 items, you cannot add an index, delete a lookup/people column, delete the list or the website, and more !

Hopefully some of the operations can be done with REST API, and in my organization the threshold limitation is removed during the night (1am to 4am). By combining a schedule service (like node-schedule) with my library SharepointPlus I can run this admin tasks during the night while my virtual computer is running.

To delete a column

$SP().ajax({
  url:"https://company.com/sharepoint/team/sales/_api/web/lists/getbytitle('My List')/fields/getbytitle('Column To Delete')",
  method: "POST",
  headers: {
    "IF-MATCH": "*",
    "X-HTTP-Method": "DELETE"
  }
});

To index a column

$SP().ajax({
  url:"https://company.com/sharepoint/team/sales/_api/web/lists/getbytitle('My List')/fields/getbytitle('Column to Index')",
  method: "POST",
  body:JSON.stringify({
    "__metadata":{ type: "SP.Field" },
    "Indexed":true
  }),
  headers: {
    "IF-MATCH": "*",
    "X-HTTP-Method": "MERGE"
  }
})

To delete a list

$SP().ajax({
  url:"https://company.com/sharepoint/team/sales/_api/web/lists/getbytitle('List To Delete')",
  method: "POST",
  headers: {
    "IF-MATCH": "*",
    "X-HTTP-Method": "DELETE"
  }
})

To delete a list

$SP().ajax({
  url:"https://company.com/sharepoint/team/sales/_api/web/lists/getbytitle('List To Delete')",
  method: "POST",
  headers: {
    "IF-MATCH": "*",
    "X-HTTP-Method": "DELETE"
  }
})

To delete a site

$SP().ajax({
  url:"https://company.com/sharepoint/team/sales/website_to_delete/_api/web/",
  method: "POST",
  headers: {
    "X-HTTP-Method": "DELETE"
  }
})

Finding the documentation for the Search REST API of Sharepoint is difficult…. There is a very old blog post that I’m going to replicate here to give more visibility:

Location of the Search Rest service

The Search REST service is located at the following URI: http://host/site/_api/search

The Search REST API

The Search REST service exposed by the URI specified above provides the following methods or entry points:

Query Parameters

The following table lists the query parameters available for the query entry point:

Suggest Parameters

The following table lists the query parameters available from the suggest entry point:

 References:

• [MS-SRCHCSOM]: Search Client Query Protocol Specification
• Search in SharePoint 2013 on MSDN

Examples

A postquery request will look like:

POST http://localhost/_api/search/postquery HTTP/1.1
Accept: application/json;odata=verbose
Content-Type: application/json;odata=verbose
Host: localhost
Content-Length: 419

{

 'request': {
     'Querytext': 'sharepoint',
     'StartRow':1,
     'RowLimit':8,
     'SelectProperties': {
          'results': ['Title','ContentSource','DisplayAuthor']
     },
     'TrimDuplicates':true,
     'Refiners':'companies,contentclass,ContentType(filter=7/0/*),FileExtension(filter=7/0/*),FileType(filter=6/0/*)',
     'RefinementFilters': {'results': ['filetype:equals("pptx")'] }
  }
}

After diging around for an exim4 problem (remote_smtp: message is too big (transport limit = 1)), I found the answer in this post:

Add “IGNORE_SMTP_LINE_LENGTH_LIMIT=1” in the exim4 config file (/etc/exim4/update-exim4.conf.conf), then restart exim4

With Sharepoint you can use SP.Utilities.Utility.SendEmail to send email in JavaScript, however you could receive the below error:

“The e-mail message cannot be sent. Make sure the e-mail has a valid recipient.”

After searching the web, I found the solution: instead of using an email address for the recipients you have to use the userDomain with “i:0#.w|”.

For example, if the user is John Doe, and his email is john_doe@company.com, then you should use something like i:0#.w|domain\\john_doe.

When I want to reload my MariaDB server, I receive the below error:

/usr/bin/mysqladmin: connect to server at ‘localhost’ failed
error: ‘Access denied for user ‘root’@’localhost’ (using password: NO)’

The solution is to provide the root’s password in the file `/etc/mysql/debian.cnf` and then the error is gone!

Il faut régulièrement penser à mettre à jour son serveur Kimsufi.

Je vais essayer d’expliquer brièvement les étapes à suivre pour cela.

1. On va d’abord sauvegarder les données :

   mkdir /root/svg_special; cp -R /var/lib/dpkg /root/svg_special/; cp /var/lib/apt/extended_states /root/svg_special/; dpkg --get-selections "*" > /root/svg_special/dpkg_get_selection; cp -R /etc /root/svg_special/etc

2. Ensuite il est conseillé d’utiliser screen pour pouvoir se reconnecter (avec screen -r) à en cas de déconnexion :

   screen

3. On va effectuer une mise à jour des paquets avec apt-get update && apt-get upgrade
4. Le processus de mise à niveau décrit sur le site de Debian a été conçu pour des mises à niveau des systèmes Jessie « purs » sans paquet provenant d’autres sources. Pour une meilleure fiabilité du processus de mise à niveau, vous pouvez supprimer ces paquets du système avant de commencer la mise à niveau. :

   aptitude search '~i(!~ODebian)'

5. On peut lancer la commande dpkg --audit pour s’assurer que tout est bon avant la migration. On peut également taper dpkg --get-selections "*" | more et vérifier qu’aucun paquet n’est en on hold
6. Maintenant il faut remplacer tous les “jessie” de /etc/apt/sources.list par des “stretch”, ce qui va donner chez moi :

   deb http://ftp.fr.debian.org/debian stretch main non-free
   
   deb http://debian.mirrors.ovh.net/debian/ stretch main
   deb-src http://debian.mirrors.ovh.net/debian/ stretch main
   
   deb http://security.debian.org/ stretch/updates main
   deb-src http://security.debian.org/ stretch/updates main
   

   On vérifiera aussi les autres fichiers qui peuvent se trouver dans /etc/apt/sources.list.d

7. Si vous utilisez MySQL, sachez qu’avec Stretch vous pourriez passer sur MariaDB… Si vous souhaitez utiliser MySQL, on peut se référer à ce blog post
   • On ajoute/édite le fichier source pour mysql : nano /etc/apt/sources.list.d/mysql.list
   • On y ajoute les sources suivantes (pour mysql-5.7) :

     deb http://repo.mysql.com/apt/debian/ stretch mysql-5.7
     deb-src http://repo.mysql.com/apt/debian/ stretch mysql-5.7
     

   • On ajoute la clé publique de ce repo :

     wget -O /tmp/RPM-GPG-KEY-mysql https://repo.mysql.com/RPM-GPG-KEY-mysql
     apt-key add /tmp/RPM-GPG-KEY-mysql
     rm /tmp/RPM-GPG-KEY-mysql
     apt-get update
     

   • Il est recommandé d’utiliser le programme /usr/bin/script pour enregistrer une transcription de la session de mise à niveau. Ainsi, quand un problème survient, on a un enregistrement de ce qui s’est passé. Pour démarrer un enregistrement, taper :

     script -t 2>~/upgrade-stretch.time -a ~/upgrade-stretch.script

   • On passe aux choses sérieuses, en commençant par mettre à jour les listes des paquets :

     apt-get update

   • On va vérifier qu’on a la place suffisante (un message explicite apparait sinon) :

     apt-get -o APT::Get::Trivial-Only=true dist-upgrade

   • On va maintenant faire une mise à jour minimale :

     apt-get upgrade

   • Et à partir de là le système va vous questionner… en général choisir l’option par défaut si vous ne savez pas quoi répondre
   • Puis on continue avec

     apt-get dist-upgrade

Cette dernière étape va durer un certain temps. Une fois terminé, vous pouvez redémarrer le serveur pour s’assurer que tout va bien.

Avec phpmyadmin vous pourriez recevoir l’erreur suivante :

PHP Warning: require_once(): open_basedir restriction in effect. File(/usr/share/php/php-php-gettext/gettext.inc) is not within the allowed path(s): (/usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/) in /usr/share/phpmyadmin/libraries/common.inc.php on line 77
PHP Warning: require_once(/usr/share/php/php-php-gettext/gettext.inc): failed to open stream: Operation not permitted in /usr/share/phpmyadmin/libraries/common.inc.php on line 77

Dans ce cas là, il faut rajouter /usr/share/php/php-php-gettext/ dans le fichier /etc/phpmyadmin/apache.conf sur la ligne open_base_dir. Ce qui va donner la ligne : php_admin_value open_basedir /usr/share/phpmyadmin/:/etc/phpmyadmin/:/var/lib/phpmyadmin/:/usr/share/php/php-gettext/:/usr/share/php/php-php-gettext/

J’ai eu quelques soucis avec fail2ban qui ne démarrait pas. J’ai pu résoudre en consultant le Troubleshooting de leur wiki. Il s’agissait du fichier /etc/fail2ban/jail.d/defaults-debian.conf qui avait été créé avec une entrée invalide. Il a suffit de le supprimer.

Une fois les erreurs corrigées, on va nettoyer tous les paquets avec

apt-get autoremove

As explained in some threads, Internet Explorer adds some invisible extra characters when returning a date from the JavaScript function new Intl.DateTimeformat.

var day = "Thursday";
var intlDay = new Intl.DateTimeFormat('en-US', {weekday:"long"}).format(new Date(2019,1,7));
console.log(day === intlDay); // return FALSE with IE
intlDay = intlDay.replace(/\u200E/g, ''); // replace \u200E
console.log(day === intlDay); // return TRUE with IE

The trick is to replace \u200E in the returned string.

Si on envoie des emails depuis notre propre serveur, avec notre propre domaine, certaines mailbox (comme Gmail) pourraient vous détecter comme du spam !

Pour éviter cela, il faut prendre quelques précautions.

Type “SPF”

Tout d’abord, il faut ajouter une entrée SPF via le gestionnaire de domaine d’OVH. Le wizard va aider à composer la chaine qui sera enregistrée pour le domaine.

Il faudra fournir :

• L’IPv4 du serveur qui envoie les emails
• L’IPv6 du serveur qui envoie les emails
• Inclure le MX d’OVH (include:mx.ovh.com)

Au final, le champ SPF devrait ressembler à ça :
300 IN TXT "v=spf1 a mx ip4:1.2.3.4 ip6:2001:41d0:a:abcd::1/128 include:mx.ovh.com -all"

Type “DKIM”

Cette fois on va ajouter une entrée de type “DKIM”.

Il faudra utiliser https://dkimcore.org/tools/ et :

• Le sous domaine est fourni par l’outil (exemple : 1547992053.kodono._domainkey)
• Choisir la version “DKIM 1”
• Type de clé : RSA
• La clé publique générée par l’outil dkimcore

Au final, le champ DKIM devrait ressembler à ça :
1547992053.kodono._domainkey.kodono.info. 0 DKIM v=DKIM1;k=rsa;p=MIGfMA0GCSqGSIb3DQE...anzmm2RIpt0tV3gwTGwuLQIDAQAB;t=s;

On pourra ensuite utiliser https://github.com/louisameline/php-mail-signature qui est une librairie PHP et qui aide à signer les emails qu’on envoie en PHP.

Type “DMARC”

Enfin, on ajoute une entrée de type “DMARC”.

Il faudra utiliser :

1. Le sous-domaine doit être _dmarc
2. Règle pour le domaine : none

Au final, le champ DMARC devrait ressemble à ça :
_dmarc.kodono.info. 0 DMARC v=DMARC1; p=none;

Ajout d’un reverse

Il va falloir ajouter un reverse (PTR) pour l’IPv4 et l’IPv6 du serveur. Cela se fait via la console de votre serveur (par exemple via le site Kimsufi si votre serveur est là bas).

Tester

Une fois vos emails créés, vous pouvez les tester grâce aux sites https://www.mail-tester.com/ et https://dkimvalidator.com/

Sources:

• https://stackoverflow.com/questions/44988163/create-self-signed-certificate-for-testing-localhost-and-have-it-accepted-by-the
• http://woshub.com/how-to-create-self-signed-certificate-with-powershell/
• https://stackoverflow.com/questions/4691699/how-to-convert-crt-to-pem/4691749#4691749
• https://webpack.js.org/configuration/dev-server/#devserver-https

If you develop with Webpack under Windows and you want to open your localhost server in HTTPS with IE11 you may receive a message like :

“Content was blocked because it was not signed by a valid security certificate.”

Below I explain the steps to make it work with IE11:

1. Open Powershell in Administrator mode
2. Type (no need to change anything, just copy/paste):

   New-SelfSignedCertificate -certstorelocation cert:\localmachine\my -dnsname localhost -FriendlyName "Dev localhost" -NotAfter (Get-Date).AddMonths(240) -TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.1")

   It should return a Thumbprint:

      PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\my
   
   Thumbprint                                Subject
   ----------                                -------
   1D97DFF290FBACE0871F16AD1B38172F253CA048  CN=localhost

   You may want to open certlm.msc to see the new certificate in Personal

3. Export to .cer with the below Powershell command (make sure to replace 1D97DFF290FBACE0871F16AD1B38172F253CA048 with the Thumbprint you received before)… it will be exported to C:\localhost.cert (but you can change the path):

   Export-Certificate -Cert Cert:\LocalMachine\My\1D97DFF290FBACE0871F16AD1B38172F253CA048 -FilePath C:\localhost.cer (example: Export-Certificate -Cert Cert:\LocalMachine\My\PREVIOUS_Thumbprint_HERE -FilePath C:\localhost.cer)

4. We now need to export to .pfx with the below Powershell commands:

   $CertPassword = ConvertTo-SecureString -String "YourPassword" -Force –AsPlainText
   Export-PfxCertificate -Cert cert:\LocalMachine\My\2779C7928D055B21AAA0Cfe2F6BE1A5C2CA83B30 -FilePath C:\localhost.pfx -Password $CertPassword
   

5. Next we’ll use the opensource application called XCA: download and install it.
6. Open XCA and go to : File > New Database
7. Choose where you want to have this database and provide a password (to make it easy, you can choose the same “YourPassword” than before)
8. Go to tab Certificates
9. Click Import and select the previous created localhost.cer
10. Once imported, right click the cert and Export > File, then select “*.crt” for the file format
11. Go to the Private Keys tab and click on Import PFX
12. Select the previously created PFX and click Import All
13. Right click on “localhost_key” and Export > File, then select “PEM Private (*.pem)” for the file format
14. Close XCA and go to the folder with all your files
15. Double-click on the file localhost.crt you have just created
16. Windows shows a popup with a "Install Certificate..." button; Click on this button
17. Choose Current User, and next, click on “Place all certificates in the following store”, and browse to “Trusted Root Certification Authorities”
18. Finally, in your Webpack config, you should enter something like the below:

    module.exports = {
      //...
      devServer: {
        https: {
          key: fs.readFileSync('C:\\localhost.pem'),
          cert: fs.readFileSync('C:\\localhost.crt')
        }
      }
    };
    

Launch your webpack server and open IE to your localhost server. It should work…

If you need to do CORS request, you may need to open IE settings, then go to Security and make sure to add localhost in the Local Intranet/Trusted Sites, then click on “Custom Level…”, go to “Miscellaneous” and select “Enable” for “Access data sources across domains”.