Deal: Learn Linux, Docker, Git & More With This 8-Course Bundle [90% OFF]

An IT infrastructure refers to an enterprise’s combined assortment of hardware, software, networks, data centers, facilities and related equipment used for setting up, operating, controlling and/or supporting IT services.

If you looking to master and control these enterprise computer systems and IT infrastructures, then learn Linux, Docker, Git, and much more with The System Administration and Infrastructure Management Bundle at 90% off on Tecmint Deals.

Through 95+ hours of training, you’ll learn Linux system administration, thus preparing you to ace your first level of Linux administration certification. You’ll also be introduced to Amazon Web Services (AWS), the leading corporate cloud computing solution.

Additionally, you’ll learn about Git – a version control system that tracks changes made to computer files and saves the file after each change is made. With Github repository, you can save your coding files and create a collaborative environment.


You will also learn Docker – an open-source tool that allows developers to wrap their code into small containers or packets, allowing it to then be shipped to and deployed on any other system. Last but not least, you’ll learn how to make a project development cycle significantly easier with Vagrant.

What’s included in this Course?

Below are the courses included in this bundle:

  • The Complete Guide to LPIC 1 Linux Administrator Exam
  • Professional Guide to Windows Server 2016
  • Fundamentals of Unix & Linux System Administration
  • Linux Shell Programming for Beginners
  • Become An AWS Certified Solutions Architect: Associate
  • Git and Github Essentials
  • Docker for Professionals: The Practical Guide
  • Vagrant Essentials: Learn DevOps Using Vagrant

Learn the ins and outs of system administration and IT infrastructure management. Master how to control enterprise computer systems and IT infrastructures by learning Linux, Docker, Git, and much more by subscribe to this course at 90% off or for as low as $41 on Tecmint Deals.

Useful ‘host’ Command Examples for Querying DNS Lookups

Host command is a minimal and easy-to-use CLI utility for performing DNS lookups which translate domain names to IP addresses and vice versa. It can also be used to list and verify various types of DNS records such as NS and MX, test and validate ISP DNS server and Internet connectivity, spam and blacklisting records, detecting and troubleshooting DNS server issues among others.

In this article, we will learn how to use host command with a few useful examples in Linux to perform DNS lookups. In previous articles, we showed the most used 8 Nslookup commands for testing and troubleshooting DNS servers and to query specific DNS resource records (RR) as well.

We also explained 10 Linux Dig (Domain Information Groper) commands to query DNS info, it works more like the Nslookup tool. The host utility also works in a similar way and comes preinstalled on most if not all mainstream Linux distros.

With that said, let’s look at these 14 host commands below.

Find the Domain IP Address


This is the simplest host command you can run, just provide a domain name such as google.com to get the associated IP addresses.

$ host google.com
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has IPv6 address 2a00:1450:4009:80b::200e
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.

Find Domain Name Servers

To find out the domain name servers use the -t option.

$ host -t ns google.com
google.com name server ns1.google.com.
google.com name server ns2.google.com.
google.com name server ns3.google.com.
google.com name server ns4.google.com.

Find Domain CNAME Record

To find out the domain CNAME, run.

$ host -t cname mail.google.com
mail.google.com is an alias for googlemail.l.google.com.

Find Domain MX Record

To find out the MX records for a domain.

$ host -n -t mx google.com
ogle.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.

Find Domain TXT Record

To find out the TXT records for a domain.

$ host -t txt google.com
google.com descriptive text "v=spf1 include:_spf.google.com ~all"

Find Domain SOA Record

You can make host attempt to display the SOA records for specified zone, from all the listed authoritative name servers for that zone with the -C flag.

$ host -C google.com
Nameserver 216.239.38.10:
google.com has SOA record ns1.google.com. dns-admin.google.com. 156142728 900 900 1800 60
Nameserver 216.239.32.10:
google.com has SOA record ns3.google.com. dns-admin.google.com. 156142728 900 900 1800 60
Nameserver 216.239.34.10:
google.com has SOA record ns4.google.com. dns-admin.google.com. 156142728 900 900 1800 60
Nameserver 216.239.36.10:
google.com has SOA record ns2.google.com. dns-admin.google.com. 156142728 900 900 1800 60

Query Particular Name Server

To query particual domain name server.

$ host google.com ns4.google.com
Using domain server:
Name: ns4.google.com
Address: 216.239.38.10#53
Aliases: google.com has address 172.217.19.46
google.com has address 172.217.19.46
google.com has address 172.217.19.46
google.com has IPv6 address 2a00:1450:4005:808::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.

Find All Information of Domain Records and Zones

To make a query of type ANY, use the -a (all) option which is equivalent to setting the -v option.

$ host -a google.com
Trying "google.com"
;; ->>HEADER<

Get Domain TTL Information

To find out domain TTL information.

$ host -v -t a google.com
Trying "google.com"
;; ->>HEADER<

Use Either IPv4 or IPv6

The -4 or -6 option forces host to use only IPv4 or only IPV6 query transport respectively.

$ host -4 google.com
OR
$ host -6 google.com

Perform Non-Recursive Queries

The -r option performs non-recursive queries, note that setting this option clears the RD (recursion desired), the bit in the query which host makes.

$ host -rR 5 google.com
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has IPv6 address 2a00:1450:4009:80b::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.

Set UDP Retries for a Lookup

By default the number of UDP tries is 1, to change it, use the -R flag.

$ host -R 5 google.com
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has IPv6 address 2a00:1450:4009:80b::200e
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.

Set Query Time Wait for Reply

Using the -W switch, you can instruct host to wait for a reply for the specified time in seconds and if the -w flag is used, it makes host to wait forever for a reply:

$ host -T -W 10 google.com
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has address 216.58.201.46
google.com has IPv6 address 2a00:1450:4009:80b::200e
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.

That’s it! In this article, we learned how to use host command with a few useful examples in Linux. Use the feedback form below to share any thoughts with us concerning this guide.

Show a Custom Message to Users Before Linux Server Shutdown

In a previous article, we explained the difference between shutdown, poweroff, halt and reboot Linux commands, where we uncovered what these mentioned commands actually do when you execute them with various options.

This article will show you how to send a custom message to all system users before shutting down a Linux server.

Suggested Read: tuptime – Shows Historical and Statistical Running Time of Linux Systems

As a system administrator, before you can shut down a server, you may want to send system users a message alerting them that the system is going. By default, the shutdown command broadcasts a message to other system users as shown in the screenshot below:

# shutdown 13:25

Linux Shutdown Broadcast Message

Shutdown scheduled for Fri 2017-05-12 13:25:00 EAT, use 'shutdown -c' to cancel.
Broadcast message for [email protected] (Fri 2017-05-12 13:23:34 EAT):
The system is going down for power-off at Fri 2017-05-12 13:25:00 EAT!

To send a custom message to other system users before an in line shutdown, run the command below. In this example, the shutdown will happen after two minutes from the time of command execution:

# shutdown 2 The system is going down for required maintenance. Please save any important work you are doing now!
Linux System Shutdown Message

Linux System Shutdown Message

Supposing you have certain critical system operations such as scheduled system backups or updates to be executed at a time the system would be down, you can cancel the shutdown using the -c switch as shown below and initiate it at a later time after such operations have been performed:

# shutdown -c

Linux Shutdown Cancel Message

Shutdown scheduled for Fri 2017-05-12 14:10:22 EAT, use 'shutdown -c' to cancel.
Broadcast message for [email protected] (Fri 2017-05-14 :10:27 EAT):
The system shutdown has been cancelled at Fri 2017-05-12 14:11:27 EAT!

Additionally, learn how to auto execute commands/scripts during reboot or startup using simple and traditional methods in Linux.

Don’t Miss:

  1. Managing System Startup Process and Services (SysVinit, Systemd and Upstart)
  2. 11 Cron Scheduling Task Examples in Linux

Now you know how to send custom messages to all other system users before a system shutdown. Are there any ideas you want to share relating to this topic? Use the comment form below to do that?

How to Integrate iRedMail Roundcube with Samba4 AD DC – Part 12

Roundcube, one of the most used webmail user agent in Linux, offers a modern web interface for end users to interact with all mail services in order to read, compose and send e-mails. Roundcube supports a variety of mail protocols, including the secured ones, such IMAPS, POP3S or submission.

In this topic we’ll discuss how to configure Roundcube in iRedMail with IMAPS and submission secured ports to retrieve and send emails for Samba4 AD accounts, how to access iRedMail Roundcube web interface from a browser and add a web address alias, how to enable Samba4 AD integration for Global LDAP Address Book and how to disable some unneeded iRedMail services.

Requirements

  1. How to Install iRedMail on CentOS 7 for Samba4 AD Integration
  2. Configure iRedMail on CentOS 7 for Samba4 AD Integration

Step 1: Declare E-mail Address for Domain Accounts in Samba4 AD DC

1. In order send and receive mail for Samba4 AD DC domain accounts, you need to edit each user account and explicitly set email filed with the proper e-mail address by opening ADUC tool from a Windows machine with RSAT tools installed and joined to Samba4 AD as illustrated in the below image.

Add Email Account to Join Samba4 AD DC

Add Email Account to Join Samba4 AD DC

2. Similarly, to use mail lists, you need to create groups in ADUC, add the corresponding e-mail address for each group and assign the proper user accounts as members of the group.


With this setup created as a mail list, all members mailboxes of a Samba4 AD group will receive mail destined for an AD group e-mail address. Use the below screenshots as a guide to declare e-mail filed for a Samba4 group account and add domain users as members of the group.

Make sure all accounts members added to a group have their e-mail address declared.

Create Group Admin for Samba4 AD DC

Create Group Admin for Samba4 AD DC

Add Users to Group

Add Users to Group

In this example, all mails sent to [email protected] e-mail address declared for ‘Domain Admins’ group will be received by each member mailbox of this group.

3. An alternative method that you can use to declare the e-mail address for a Samba4 AD account is by creating a user or a group with samba-tool command line directly from one of the AD DC console and specify the e-mail address with the --mail-address flag.

Use one of the following command syntax to create a user with e-mail address specified:

# samba-tool user add [email protected] --surname=your_surname --given-name=your_given_name your_ad_user

Create a group with e-mail address specified:

# samba-tool group add [email protected] your_ad_group

To add members to a group:

# samba-tool group addmembers your_group user1,user2,userX

To list all available samba-tool command fields for a user or a group use the following syntax:

# samba-tool user add -h
# samba-tool group add -h

Step 3: Secure Roundcube Webmail

4. Before modifying Roundcube configuration file, first, use netstat command piped through egrep filter to list the sockets that Dovecot and Postfix listen to and assure that the properly secured ports (993 for IMAPS and 587 for submission) are active and enabled.

# netstat -tulpn| egrep 'dovecot|master'

5. To enforce mail reception and transfer between Roundcube and iRedMail services on secured IMAP and SMTP ports, open Roundcube configuration file located in /var/www/roundcubemail/config/config.inc.php and make sure you change the following lines, for localhost in this case, as shown in the below excerpt:

// For IMAPS
$config['default_host'] = 'ssl://127.0.0.1';
$config['default_port'] = 993;
$config['imap_auth_type'] = 'LOGIN';
// For SMTP
$config['smtp_server'] = 'tls://127.0.0.1';
$config['smtp_port'] = 587;
$config['smtp_user'] = '%u';
$config['smtp_pass'] = '%p';
$config['smtp_auth_type'] = 'LOGIN';

This setup is highly recommended in case Roudcube is installed on a remote host than the one that provides mail services (IMAP, POP3 or SMTP daemons).

6. Next, don’t close the configuration file, search and make the following small changes in order for Roundcube to be visited only via HTTPS protocol, to hide the version number and to automatically append the domain name for accounts who login in the web interface.

$config['force_https'] = true;
$config['useragent'] = 'Your Webmail'; // Hide version number
$config['username_domain'] = 'domain.tld'

7. Also, disable the following plugins: managesieve and password by adding a comment (//) in front of the line that starts with $config[‘plugins’].

Users will change their password from a Windows or Linux machine joined to Samba4 AD DC once they login and authenticate to the domain. A sysadmin will globally manage all sieve rules for domain accounts.

// $config['plugins'] = array('managesieve', 'password');

8. Finally, save and close the configuration file and visit Roundcube Webmail by opening a browser and navigate to iRedMail IP address or FQDN/mail location via HTTPS protocol.

The first time when you visit Roundcube an alert should appear on the browser due to the Self-Signed Certificate the web server uses. Accept the certificate and login with a Samba AD account credentials.

https://iredmail-FQDN/mail
Roundcube Webmail Login

Roundcube Webmail Login

Step 3: Enable Samba AD Contacts in Roundcube

9. To configure Samba AD Global LDAP Address Book to appear Roundcube Contacts, open Roundcube configuration file again for editing and make the following changes:

Navigate to the bottom of the file and identify the section that begins with ‘# Global LDAP Address Book with AD’, delete all its content until the end of the file and replace it with the following code block:

# Global LDAP Address Book with AD.
#
$config['ldap_public']["global_ldap_abook"] = array( 'name' => 'tecmint.lan', 'hosts' => array("tecmint.lan"), 'port' => 389, 'use_tls' => false, 'ldap_version' => '3', 'network_timeout' => 10, 'user_specific' => false, 'base_dn' => "dc=tecmint,dc=lan", 'bind_dn' => "[email protected]", 'bind_pass' => "your_password", 'writable' => false, 'search_fields' => array('mail', 'cn', 'sAMAccountName', 'displayname', 'sn', 'givenName'), 'fieldmap' => array( 'name' => 'cn', 'surname' => 'sn', 'firstname' => 'givenName', 'title' => 'title', 'email' => 'mail:*', 'phone:work' => 'telephoneNumber', 'phone:mobile' => 'mobile', 'department' => 'departmentNumber', 'notes' => 'description',
), 'sort' => 'cn', 'scope' => 'sub', 'filter' => '(&(mail=*)(|(&(objectClass=user)(!(objectClass=computer)))(objectClass=group)))', 'fuzzy_search' => true, 'vlv' => false, 'sizelimit' => '0', 'timelimit' => '0', 'referrals' => false,
);

On this block of code replace name, hosts, base_dn, bind_dn and bind_pass values accordingly.

10. After you’ve made all the required changes, save and close the file, login to Roundcube webmail interface and go to Address Book menu.

Hit on your Global Address Book chosen name and a contact list of all domain accounts (users and groups) with their specified e-mail address should be visible.

Roundcube User Contact List

Roundcube User Contact List

Step 4: Add an Alias for Roundcube Webmail Interface

11. To visit Roundcube at a web address with the following form https://webmail.domain.tld instead of the old address provided by default by iRedMail you need to make the following changes.

From a joined Windows machine with RSAT tools installed, open DNS Manager and add a new CNAME record for iRedMail FQDN, named webmail, as illustrated in the following image.

DNS Webmail Properties

DNS Webmail Properties

12. Next, on iRedMail machine, open Apache web server SSL configuration file located in /etc/httpd/conf.d/ssl.conf and change DocumentRoot directive to point to /var/www/roundcubemail/ system path.

file /etc/httpd/conf.d/ssl.conf excerpt:

DocumentRoot “/var/www/roundcubemail/”

Restart Apache daemon to apply changes.

# systemctl restart httpd

13. Now, point the browser to the following address and Roundcube interface should appear. Accept the Self-Signed Cerificate error to continue to login page. Replace domain.tld from this example with your own domain name.

https://webmail.domain.tld

Step 5: Disable iRedMail Unused Services

14. Since iRedMail daemons are configured to query Samba4 AD DC LDAP server for account information and other resources, you can safely stop and disable some local services on iRedMail machine, such as LDAP database server and iredpad service by issuing the following commands.

# systemctl stop slapd iredpad
# systemctl disable slapd iredpad

15. Also, disable some scheduled tasks performed by iRedMail, such as LDAP database backup and iRedPad tracking records by adding a comment (#) in front of each line from crontab file as illustrated on the below screenshot.

# crontab -e
Disable iRedMail Tasks

Disable iRedMail Tasks

Step 6: Use Mail Alias in Postfix

16. To redirect all locally generated mail (destined for postmaster and subsequently redirected to root account) to a specific Samba4 AD account, open Postfix aliases configuration file located in /etc/postfix/aliases and modify root line as follows:

root: [email protected]

17. Apply the aliases configuration file so that Postfix can read it in its own format by executing newaliases command and test if the mail gets sent to the proper domain e-email account by issuing the following command.

# echo “Test mail” | mail -s “This is root’s email” root

18. After the mail has been sent, login to Roundcube webmail with the domain account you’ve setup for mail redirection and verify the previously sent mail should be received in your account Inbox.

Verify User Mail

Verify User Mail

That’all! Now, you have a fully working mail server integrated with Samba4 Active Directory. Domain accounts can send and receive mail for their internal domain or for other external domains.

The configurations used in this tutorial can be successfully applied to integrate an iRedMail server to a Windows Server 2012 R2 or 2016 Active Directory.

Understanding Shutdown, Poweroff, Halt and Reboot Commands in Linux

In this article, we will explain to you the difference between shutdown, poweroff, halt and reboot Linux commands. We will make clear what they actually do when you execute them with available options.

If you are hoping to dive into Linux server administration, then these are some of the important Linux commands you need to fully understand for effective and reliable server administration.

Normally, when you want to turn off or reboot your machine, you’ll run one of the commands below:

Shutdown Command

shutdown schedules a time for the system to be powered down. It may be used to halt, power-off or reboot the machine.


You may specify a time string (which is usually “now” or “hh:mm” for hour/minutes) as the first argument. Additionally, you may set a wall message to be sent to all logged-in users before the system goes down.

Important: If the time argument is used, 5 minutes before the system goes down the /run/nologin file is created to ensure that further logins will not be allowed.

Examples of shutdown commands:

# shutdown
# shutdown now
# shutdown 13:20 # shutdown -p now #poweroff the machine
# shutdown -H now #halt the machine # shutdown -r09:35 #reboot the machine at 09:35am

To cancel a pending shutdown, simply type the command below:

# shutdown -c

Halt Command

halt instructs the hardware to stop all CPU functions, but leaves it powered on. You can use it to get the system to a state where you can perform low level maintenance.

Note that in some cases it completely shuts down the system. Below are examples of halt commands:

# halt #halt the machine
# halt -p #poweroff the machine
# halt --reboot #reboot the machine

Power off Command

poweroff sends an ACPI signal which instructs the system to power down.

The following are examples of poweroff commands:

# poweroff #poweroff the machine
# poweroff --halt #halt the machine
# poweroff --reboot #reboot the machine

Reboot Command

reboot instructs the system to restart.

# reboot #reboot the machine
# reboot --halt #halt the machine
# reboot -p #poweroff the machine

That’s all! As mentioned earlier on, understanding these commands will enable to effectively and reliably manage Linux server in a multi-user environment. Do you have any additional ideas? Share them with us via the comments section below.

How to Delete HUGE (100-200GB) Files in Linux

Usually, to delete/remove a file from Linux terminal, we use the rm command (delete files), shred command (securely delete a file), wipe command (securely erase a file) or secure-deletion toolkit (a collection of secure file deletion tools).

We can use any of the above utilities to deal with relatively small files. What if we want to delete/remove a huge file/directory say of about 100-200GB. This may not be as easy as it seems, in terms of the time taken to remove the file (I/O scheduling) as well as the amount of RAM consumed while carrying out the operation.

In this tutorial, we will explain how to efficiently and reliably delete huge files/directories in Linux.

Suggested Read: 5 Ways to Empty or Delete a Large File Content in Linux

The main aim here is to use a technique that will not slow down the system while removing a huge file, resulting to reasonable I/O. We can achieve this using the ionice command.

Deleting HUGE (200GB) Files in Linux Using ionice Command


ionice is a useful program which sets or gets the I/O scheduling class and priority for another program. If no arguments or just -p is given, ionice will query the current I/O scheduling class and priority for that process.

If we give a command name such as rm command, it will run this command with the given arguments. To specify the process IDs of running processes for which to get or set the scheduling parameters, run this:

# ionice -p PID

To specify the name or number of the scheduling class to use (0 for none, 1 for real time, 2 for best-effort, 3 for idle) the command below.

This means that rm will belong to idle I/O class and only uses I/O when any other process does not need it:

---- Deleting Huge Files in Linux -----
# ionice -c 3 rm /var/logs/syslog
# ionice -c 3 rm -rf /var/log/apache

If there won’t be much idle time on the system, then we may want to use the best-effort scheduling class and set a low priority like this:

# ionice -c 2 -n 6 rm /var/logs/syslog
# ionice -c 2 -n 6 rm -rf /var/log/apache

Note: To delete huge files using a secure method, we may use the shred, wipe and various tools in the secure-deletion toolkit mentioned earlier on, instead of rm command.

Suggested Read: 3 Ways to Permanently and Securely Delete Files/Directories’ in Linux

For more info, look through the ionice man page:

# man ionice 

That’s it for now! What other methods do you have in mind for the above purpose? Use the comment section below to share with us.

How to Configure and Integrate iRedMail Services to Samba4 AD DC – Part 11

In this tutorial will learn how to modify iRedMail main daemons which provide mail services, respectively, Postfix used for mail transfer and Dovecot which delivers mail to accounts mailboxes, in order to integrate them both in Samba4 Active Directory Domain Controller.

By integrating iRedMail to a Samba4 AD DC you will benefit from the following features: user authentication, management, and status via Samba AD DC, create mail lists with the help of AD groups and Global LDAP Address Book in Roundcube.

Requirements

  1. Install iRedMail on CentOS 7 for Samba4 AD Integration

Step 1: Prepare iRedMail System for Sama4 AD Integration

1. On the first step, you need to assign a static IP address for your machine in case you’re using a dynamic IP address provided by a DHCP server.

Run ifconfig command to list your machine network interfaces names and edit the proper network interface with your custom IP settings by issuing nmtui-edit command against the correct NIC.


Run nmtui-edit command with root privileges.

# ifconfig
# nmtui-edit eno16777736
Find Network Interface Name

Find Network Interface Name

2. Once the network interface is opened for editing, add the proper static IP settings, make sure you add the DNS servers IP addresses of your Samba4 AD DC and the name of your domain in order to query the realm from your machine. Use the below screenshot as a guide.

Configure Network Settings

Configure Network Settings

3. After you finish configuring the network interface, restart the network daemon to apply changes and issue a series of ping commands against the domain name and samba4 domain controllers FQDNs.

# systemctl restart network.service
# cat /etc/resolv.conf # verify DNS resolver configuration if the correct DNS servers IPs are queried for domain resolution
# ping -c2 tecmint.lan # Ping domain name
# ping -c2 adc1 # Ping first AD DC
# ping -c2 adc2 # Ping second AD DC
Verify Network DNS Configuration

Verify Network DNS Configuration

4. Next, sync time with samba domain controller by installing the ntpdate package and query Samba4 machine NTP server by issuing the below commands:

# yum install ntpdate
# ntpdate -qu tecmint.lan # querry domain NTP servers
# ntpdate tecmint.lan # Sync time with the domain
Sync Time with Samba NTP Server

Sync Time with Samba NTP Server

5. You might want the local time to be automatically synchronized with samba AD time server. In order to achieve this setting, add a scheduled job to run every hour by issuing crontab -e command and append the following line:

0 */1 * * * /usr/sbin/ntpdate tecmint.lan > /var/log/ntpdate.lan 2>&1
Auto Sync Time with Samba NTP

Auto Sync Time with Samba NTP

Step 2: Prepare Samba4 AD DC for iRedMail Integration

6. Now, move to a Windows machine with RSAT tools installed to manage Samba4 Active Directory as described in this tutorial here.

Open DNS Manager, go to your domain Forward Lookup Zones and add a new A record, an MX record and a PTR record to point to your iRedMail system IP address. Use the below screenshots as a guide.

Add A record (replace the name and the IP Address of iRedMail machine accordingly).

Create DNS A Record for iRedMail

Create DNS A Record for iRedMail

Add MX record (leave child domain blank and add a 10 priority for this mail server).

Create DNS MX Record for iRedMail

Create DNS MX Record for iRedMail

Add PTR record by expanding to Reverse Lookup Zones (replace IP address of iRedMail server accordingly). In case you haven’t configured a reverse zone for your domain controller so far, read the following tutorial:

  1. Manage Samba4 DNS Group Policy from Windows
Create DNS PTR Record for iRedMail

Create DNS PTR Record for iRedMail

7. After you’ve added the basic DNS records which make a mail server to function properly, move to the iRedMail machine, install bind-utils package and query the newly added mail records as suggested on the below excerpt.

Samba4 AD DC DNS server should respond with the DNS records added in the previous step.

# yum install bind-utils
# host tecmint.lan
# host mail.tecmint.lan
# host 192.168.1.245
Install Bind and Query Mail Records

Install Bind and Query Mail Records

From a Windows machine, open a Command Prompt window and issue nslookup command against the above mail server records.

8. As a final pre-requirement, create a new user account with minimal privileges in Samba4 AD DC with the name vmail, choose a strong password for this user and make sure the password for this user never expires.

The vmail user account will be used by iRedMail services to query Samba4 AD DC LDAP database and pull the email accounts.

To create the vmail account, use ADUC graphical tool from a Windows machine joined to the realm with RSAT tools installed as illustrated on the below screenshots or use samba-tool command line directly from a domain controller as explained on the following topic.

  1. Manage Samba4 Active Directory from Linux Command Line

In this guide, we’ll use the first method mentioned above.

Active Directory Users and Computers

Active Directory Users and Computers

Create New User for iRedMail

Create New User for iRedMail

Set Strong Password for User

Set Strong Password for User

9. From iRedMail system, test the vmail user ability to query Samba4 AD DC LDAP database by issuing the below command. The returned result should be a total number of objects entries for your domain as illustrated on the below screenshots.

# ldapsearch -x -h tecmint.lan -D '[email protected]' -W -b 'cn=users,dc=tecmint,dc=lan'

Note: Replace the domain name and the LDAP base dn in Samba4 AD (‘cn=users,dc=tecmint,dc=lan‘) accordingly.

Query Samba4 AD DC LDAP

Query Samba4 AD DC LDAP

Step 3: Integrate iRedMail Services to Samba4 AD DC

10. Now it’s time to tamper with iRedMail services (Postfix, Dovecot and Roundcube) in order to query Samba4 Domain Controller for mail accounts.

The first service to be modified will be the MTA agent, Postfix. Issue the following commands to disable a series of MTA settings, add your domain name to Postfix local domain and mailbox domains and use Dovecot agent to deliver received mails locally to user mailboxes.

# postconf -e virtual_alias_maps=' '
# postconf -e sender_bcc_maps=' '
# postconf -e recipient_bcc_maps= ' '
# postconf -e relay_domains=' '
# postconf -e relay_recipient_maps=' '
# postconf -e sender_dependent_relayhost_maps=' '
# postconf -e smtpd_sasl_local_domain='tecmint.lan' #Replace with your own domain
# postconf -e virtual_mailbox_domains='tecmint.lan' #Replace with your own domain # postconf -e transport_maps='hash:/etc/postfix/transport'
# postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf' # Check SMTP senders
# postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf' # Check local mail accounts
# postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf' # Check local mail lists
# cp /etc/postfix/transport /etc/postfix/transport.backup # Backup transport conf file
# echo "tecmint.lan dovecot" > /etc/postfix/transport # Add your domain with dovecot transport
# cat /etc/postfix/transport # Verify transport file
# postmap hash:/etc/postfix/transport

11. Next, create Postfix /etc/postfix/ad_sender_login_maps.cf configuration file with your favorite text editor and add the below configuration.

server_host = tecmint.lan
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = [email protected]
bind_pw = ad_vmail_account_password
search_base = dc=tecmint,dc=lan
scope = sub
query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
result_attribute= userPrincipalName
debuglevel = 0

12. Create /etc/postfix/ad_virtual_mailbox_maps.cf with the following configuration.

server_host = tecmint.lan
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = [email protected]
bind_pw = ad_vmail_account_password
search_base = dc=tecmint,dc=lan
scope = sub
query_filter = (&(objectclass=person)(userPrincipalName=%s))
result_attribute= userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 0

13. Create /etc/postfix/ad_virtual_group_maps.cf with the below configuration.

server_host = tecmint.lan
server_port = 389
version = 3
bind = yes
start_tls = no
bind_dn = [email protected]
bind_pw = ad_vmail_account_password
search_base = dc=tecmint,dc=lan
scope = sub
query_filter = (&(objectClass=group)(mail=%s))
special_result_attribute = member
leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel = 0

On all three configuration files replace the values from server_host, bind_dn, bind_pw and search_base to reflect your own domain custom settings.

14. Next, open Postfix main configuration file and search and disable iRedAPD check_policy_service and smtpd_end_of_data_restrictions by adding a comment # in front of the following lines.

# nano /etc/postfix/main.cf

Comment the following lines:

#check_policy_service inet:127.0.0.1:7777
#smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777

15. Now, verify Postfix binding to Samba AD using an existing domain user and a domain group by issuing a series of queries as presented in the following examples.

The result should be similar as illustrated on the bellow screenshot.

# postmap -q [email protected] ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
# postmap -q [email protected] ldap:/etc/postfix/ad_sender_login_maps.cf
# postmap -q [email protected] ldap:/etc/postfix/ad_virtual_group_maps.cf
Verify Postfix Binding to Samba AD

Verify Postfix Binding to Samba AD

Replace AD user and group accounts accordingly. Also, assure that the AD group you’re using has some AD users members assigned to it.

16. On the next step modify Dovecot configuration file in order to query Samba4 AD DC. Open file /etc/dovecot/dovecot-ldap.conf for editing and add the following lines.

hosts = tecmint.lan:389
ldap_version = 3
auth_bind = yes
dn = [email protected]
dnpass = ad_vmail_password
base = dc=tecmint,dc=lan
scope = subtree
deref = never
user_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_filter = (&(userPrincipalName=%u)(objectClass=person)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/Maildir/,=mail=maildir:/var/vmail/vmail1/%Ld/%Ln/Maildir/

The mailbox of a Samba4 AD account will be stored in /var/vmail/vmail1/your_domain.tld/your_domain_user/Maildir/ location on the Linux system.

17. Make sure pop3 and imap protocols are enabled in dovecot main configuration file. Verify if quota and acl mail plugins are also enabled by opening file /etc/dovecot/dovecot.conf and check if these values are present.

Enable Pop3 and Imap in Dovecot

Enable Pop3 and Imap in Dovecot

18. Optionally, if you want to set a global hard quota to not exceed the maximum of 500 MB of storage for each domain user, add the following line in /etc/dovecot/dovecot.conf file.

quota_rule = *:storage=500M 

19. Finally, in order to apply all changes made so far, restart and verify the status of Postfix and Dovecot daemons by issuing the below commands with root privileges.

# systemctl restart postfix dovecot
# systemctl status postfix dovecot

20. In order to test mail server configuration from the command line using IMAP protocol use telnet or netcat command as presented in the below example.

# nc localhost 143
a1 LOGIN [email protected]_domain.tld ad_user_password
a2 LIST “” “*”
a3 LOGOUT
Test iRedMail Configuration

Test iRedMail Configuration

If you can perform an IMAP login from the command line with a Samba4 user account then iRedMail server seems ready to send and receive mail for Active Directory accounts.

On the next tutorial will discuss how to integrate Roundcube webmail with Samba4 AD DC and enable Global LDAP Address Book, customize Roudcube, access Roundcube web interface from a browser and disable some unneeded iRedMail services.

How to Password Protect a Vim File in Linux

Vim is a popular, feature-rich and highly-extensible text editor for Linux, and one of its special features is support for encrypting text files using various crypto methods with a password.

In this article, we will explain to you one of the simple Vim usage tricks; password protecting a file using Vim in Linux. We will show you how to secure a file at the time of its creation as well as after opening it for modification.

Suggested Read: 10 Reasons Why You Should Use Vim Editor in Linux

To install the full version of Vim, simply run this command:

$ sudo apt install vim #Debian/Ubuntu systems
$ sudo yum install vim #RHEL/CentOS systems $ sudo dnf install vim #Fedora 22+

Read Also: Vim 8.0 Is Released After 10 Years – Install on Linux

How to Password Protect a Vim File in Linux


Vim has a -x option which enables you to use encryption when creating files. Once you run the vim command below, you’ll be prompted for a crypt key:

$ vim -x file.txt
Warning: Using a weak encryption method; see :help 'cm'
Enter encryption key: *******
Enter same key again: *******

If the crypto key matches after entering it for the second time, you can proceed to modify the file.

Vim File Password Protected

Vim File Password Protected

Once your done, press [Esc] and :wq to save and close the file. The next time you want to open it for editing, you’ll have to enter the crypto key like this:

$ vim file.txt
Need encryption key for "file.txt"
Warning: Using a weak encryption method; see :help 'cm'
Enter encryption key: *******

In case you enter a wrong password (or no key), you’ll see some junk characters.

Vim Content Encrypted

Vim Content Encrypted

Setting a Strong Encryption Method in Vim

Note: There is a warning indicating that a weak encryption method has been used to protect the file. Next, we’ll see how to set a strong encryption method in Vim.

Weak Encryption on Vim File

Weak Encryption on Vim File

To check the set of cryptmethod(cm), type (scroll down to view all available methods):

:help 'cm'
Sample Output
 *'cryptmethod'* *'cm'* 'cryptmethod' 'cm' string (default "zip")
global or local to buffer |global-local|
{not in Vi}
Method used for encryption when the buffer is written to a file:
*pkzip*
zip PkZip compatible method. A weak kind of encryption.
Backwards compatible with Vim 7.2 and older.
*blowfish*
blowfish Blowfish method. Medium strong encryption but it has
an implementation flaw. Requires Vim 7.3 or later,
files can NOT be read by Vim 7.2 and older. This adds
a "seed" to the file, every time you write the file
options.txt [Help][RO] 

You can set a new cryptomethod on a Vim file as shown below (we’ll use blowfish2 in this example):

:setlocal cm=blowfish2

Then press [Enter] and :wq to save the file.

Set Strong Encryption on Vim File

Set Strong Encryption on Vim File

Now you should not see the warning message when you open the file again as shown below.

$ vim file.txt
Need encryption key for "file.txt"
Enter encryption key: *******

You can also set a password after opening a Vim text file, use the command:X and set a crypto pass like shown above.

Check out some of our useful articles on Vim editor.

  1. Learn Useful Vim Editor Trips and Tricks in Linux
  2. 8 Useful Vim Editor Tricks for Every Linux User
  3. spf13-vim – The Ultimate Distribution for Vim Editor
  4. How to Use Vim Editor as Bash IDE in Linux

That’s all! In this article, we explained how to password protect a file via the Vim text editor in Linux.

Always remember to appropriately secure text files that could contain secret info such as usernames and passwords, financial account info and so on, using strong encryption and a password. Use the feedback section below to share any thoughts with us.

ssh_scan – Verifies Your SSH Server Configuration and Policy in Linux

ssh_scan is an easy-to-use prototype SSH configuration and policy scanner for Linux and UNIX servers, inspired by Mozilla OpenSSH Security Guide, which provides a reasonable baseline policy recommendation for SSH configuration parameters such as Ciphers, MACs, and KexAlgos and much more.

It has some of the following benefits:

  • It has minimal dependencies, ssh_scan only employs native Ruby and BinData to do its work, no heavy dependencies.
  • It’s portable, you can use ssh_scan in another project or for automation of tasks.
  • It’s easy to use, simply point it at an SSH service and get a JSON report of what it supports and it’s policy status.
  • It’s also configurable, you can create your own custom policies that fit your specific policy requirements.

Suggested Read: How to Install and Configure OpenSSH Server in Linux

How to Install ssh_scan in Linux

There are three ways you can install ssh_scan and they are:

To install and run as a gem, type:

----------- On Debian/Ubuntu ----------- $ sudo apt-get install ruby gem
$ sudo gem install ssh_scan
----------- On CentOS/RHEL ----------- # yum install ruby rubygem
# gem install ssh_scan


To run from a docker container, type:

# docker pull mozilla/ssh_scan
# docker run -it mozilla/ssh_scan /app/bin/ssh_scan -t github.com

To install and run from source, type:

# git clone https://github.com/mozilla/ssh_scan.git
# cd ssh_scan
# gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
# curl -sSL https://get.rvm.io | bash -s stable
# rvm install 2.3.1
# rvm use 2.3.1
# gem install bundler
# bundle install
# ./bin/ssh_scan

How to Use ssh_scan in Linux

The syntax for using ssh_scan is as follows:

$ ssh_scan -t ip-address
$ ssh_scan -t server-hostname

For example to scan SSH configs and policy of server 92.168.43.198, enter:

$ ssh_scan -t 192.168.43.198

Note you can also pass a [IP/Range/Hostname] to the -t option as shown in the options below:

$ ssh_scan -t 192.168.43.198,200,205
$ ssh_scan -t test.tecmint.lan
Sample Output
I, [2017-05-09T10:36:17.913644 #7145] INFO -- : You're using the latest version of ssh_scan 0.0.19
[
{ "ssh_scan_version": "0.0.19", "ip": "192.168.43.198", "port": 22, "server_banner": "SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1", "ssh_version": 2.0, "os": "ubuntu", "os_cpe": "o:canonical:ubuntu:16.04", "ssh_lib": "openssh", "ssh_lib_cpe": "a:openssh:openssh:7.2p2", "cookie": "68b17bcca652eeaf153ed18877770a38", "key_algorithms": [ "[email protected]", "ecdh-sha2-nistp256", "ecdh-sha2-nistp384", "ecdh-sha2-nistp521", "diffie-hellman-group-exchange-sha256", "diffie-hellman-group14-sha1"
], "server_host_key_algorithms": [ "ssh-rsa", "rsa-sha2-512", "rsa-sha2-256", "ecdsa-sha2-nistp256", "ssh-ed25519"
], "encryption_algorithms_client_to_server": [ "[email protected]", "aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]", "[email protected]"
], "encryption_algorithms_server_to_client": [ "[email protected]", "aes128-ctr", "aes192-ctr", "aes256-ctr", "[email protected]", "[email protected]"
], "mac_algorithms_client_to_server": [ "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"
], "mac_algorithms_server_to_client": [ "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "[email protected]", "hmac-sha2-256", "hmac-sha2-512", "hmac-sha1"
], "compression_algorithms_client_to_server": [ "none", "[email protected]"
], "compression_algorithms_server_to_client": [ "none", "[email protected]"
], "languages_client_to_server": [
], "languages_server_to_client": [
], "hostname": "tecmint", "auth_methods": [ "publickey", "password"
], "fingerprints": { "rsa": { "known_bad": "false", "md5": "0e:d0:d7:11:f0:9b:f8:33:9c:ab:26:77:e5:66:9e:f4", "sha1": "fc:8d:d5:a1:bf:52:48:a6:7e:f9:a6:2f:af:ca:e2:f0:3a:9a:b7:fa", "sha256": "ff:00:b4:a4:40:05:19:27:7c:33:aa:db:a6:96:32:88:8e:bf:05:a1:81:c0:a4:a8:16:01:01:0b:20:37:81:11"
}
}, "start_time": "2017-05-09 10:36:17 +0300", "end_time": "2017-05-09 10:36:18 +0300", "scan_duration_seconds": 0.221573169, "duplicate_host_key_ips": [
], "compliance": { "policy": "Mozilla Modern", "compliant": false, "recommendations": [ "Remove these Key Exchange Algos: diffie-hellman-group14-sha1", "Remove these MAC Algos: [email protected], [email protected], [email protected], hmac-sha1", "Remove these Authentication Methods: password"
], "references": [ "https://wiki.mozilla.org/Security/Guidelines/OpenSSH"
]
}
}
]

You can use -p to specify a different port, -L to enable the logger and -V to define the verbosity level as shown below:

$ ssh_scan -t 192.168.43.198 -p 22222 -L ssh-scan.log -V INFO

Additionally, use a custom policy file (default is Mozilla Modern) with the -P or --policy [FILE] like so:

$ ssh_scan -t 192.168.43.198 -L ssh-scan.log -V INFO -P /path/to/custom/policy/file

Type this to view all ssh_scan usage options and more examples:

$ ssh_scan -h
Sample Output
ssh_scan v0.0.17 (https://github.com/mozilla/ssh_scan)
Usage: ssh_scan [options]
-t, --target [IP/Range/Hostname] IP/Ranges/Hostname to scan
-f, --file [FilePath] File Path of the file containing IP/Range/Hostnames to scan
-T, --timeout [seconds] Timeout per connect after which ssh_scan gives up on the host
-L, --logger [Log File Path] Enable logger
-O, --from_json [FilePath] File to read JSON output from
-o, --output [FilePath] File to write JSON output to
-p, --port [PORT] Port (Default: 22)
-P, --policy [FILE] Custom policy file (Default: Mozilla Modern)
--threads [NUMBER] Number of worker threads (Default: 5)
--fingerprint-db [FILE] File location of fingerprint database (Default: ./fingerprints.db)
--suppress-update-status Do not check for updates
-u, --unit-test [FILE] Throw appropriate exit codes based on compliance status
-V [STD_LOGGING_LEVEL],
--verbosity
-v, --version Display just version info
-h, --help Show this message
Examples:
ssh_scan -t 192.168.1.1
ssh_scan -t server.example.com
ssh_scan -t ::1
ssh_scan -t ::1 -T 5
ssh_scan -f hosts.txt
ssh_scan -o output.json
ssh_scan -O output.json -o rescan_output.json
ssh_scan -t 192.168.1.1 -p 22222
ssh_scan -t 192.168.1.1 -p 22222 -L output.log -V INFO
ssh_scan -t 192.168.1.1 -P custom_policy.yml
ssh_scan -t 192.168.1.1 --unit-test -P custom_policy.yml

Check out some useful artilces on SSH Server:

  1. SSH Passwordless Login Using SSH Keygen in 5 Easy Steps
  2. 5 Best Practices to Secure SSH Server
  3. Restrict SSH User Access to Certain Directory Using Chrooted Jail
  4. How to Configure Custom SSH Connections to Simplify Remote Access

For more details visit ssh_scan Github repository: https://github.com/mozilla/ssh_scan

In this article, we showed you how to set up and use ssh_scan in Linux. Do you know of any similar tools out there? Let us know via the feedback form below, including any other thoughts concerning this guide.

Ebook: Introducing Learn Linux In One Week and Go from Zero to Hero

After the success of our RHCSA / RHCE and LFCS / LFCE certification books, we are now happy to present “Learn Linux In One Week”.

This ebook will walk you through the beginnings of Linux and the contributions of Linus Torvalds and Richard Stallman to performing secure file transfers over a network. You’ll learn how to manage users and groups, and to write shell scripts to help automate system administration tasks.

Have little or no experience with Linux? That is not a problem at all. We will provide you with 2 ready-to-go Linux virtual machines that you can use to get started.

On top of it, every chapter comes with exercises to apply what you have learned in that chapter, and we also provide the solutions to those exercises.


And believe us, this is only the tip of the iceberg.

What’s inside this eBook?

Read the table of contents of “Learn Linux In One Week” here.

Chapter 0 – Introduction to Linux

  • What is Linux?
  • Installing VirtualBox on Windows
  • Importing Linux Mint 18 and CentOS 7 virtual machines on VirtualBox
  • VirtualBox extension pack and guest additions

Chapter 1 – Files and Directories in Linux

  • The Filesystem Hierarchy Standard
  • What is the shell?
  • Commands: pwd, cd, ls
  • More commands: touch, echo, mkdir, rmdir, rm, cp, mv
  • Redirection and pipelines
  • History and tab completion in the command line
  • Bonus: Exercises 1 with solutions

Chapter 2 – Permissions and Ownership

  • Users and groups
  • Important files: /etc/passwd, /etc/group, /etc/shadow
  • Commands: chmod, chown, chgrp, visudo
  • The /etc/sudoers file
  • Bonus: Exercises 2 with solutions

Chapter 3 – Finding and Describing Files

  • Find files based on one or more search criterias
  • Describing files
  • Commands: find, type, file
  • Bonus: Exercises 3 with solutions

Chapter 4 – Linux Processes Management

  • Definition of a process
  • Daemons
  • Signals
  • Commands: ps, top, nice, renice, kill, killall
  • Bonus: Exercises 4 with solutions

Chapter 5 – Learn Shell Scripts

  • Shell scripts with Bash
  • Environment Variables
  • Variable substitution
  • Shell expansion
  • Bonus: Exercises 5 with solutions

Chapter 6 – Linux Software Package Management

  • Learn aptitude to search for, install, update, or remove packages.
  • Learn yum to search for, install, update, or remove packages.
  • Bonus: Exercises 6 with solutions

Chapter 7 – Network Operations

  • Installing and configuring an SSH server
  • Copying files securely over the network
  • Bonus: Exercises 7 with solutions

We believe learning Linux should not be difficult, and should not cost you an exaggerated amount of time or money. We are not only passionate about Linux and other Free and Open Source technologies but also about teaching those topics.

That is why, by buying “Learn Linux In One Week”, you don’t just get the ebook to learn on your own – you also get our support to answer questions and free updates when we release them.

With your purchase, you will also be supporting Tecmint.com and helping us to continue providing high-quality articles on our website for free, as always. We are offering this ebook for $20 for a limited time.

Learn Linux In One Week

Important: Indian users and other who’re facing any issues during payment via PayPal can buy via Gumroad using the following link.

Learn Linux In One Week

Note: After making payment, allow us 30-60 minutes of time for delivery.

We look forward to hearing from you – don’t miss on this opportunity! Feel free to reach out to us if you have questions about the contents of the book or if you would like a sample chapter for free to evaluate your purchase.