Category: Domino

An issue was introduced in Domino 9.0.1 FP9 that could result in SMTP mail headers with random characters inserted into From, Sendto, and Copyto fields. This could then result in non-delivery of mail to/from Internet email addresses when using the Domino notes.ini parameter SMTPVerifyAuthenticatedSender=1.

Symptoms of the issue include receiving messages containing garbled sender names. Opening the message and replying results in a number of embedded garbled characters in the header. You can observe this by viewing the page source or by simply examining the content when opening an email. Another method is to capture the SMTP outbound message and examine the header.

Fix Available:
This issue is tracked as SPR# JCARAQSJB6 and is fixed in Domino 9.0.1FP9 Interim Fix 1. For download links, go to the Domino tab in technote 1657963Interim Fixes & JVM patches for 9.0.1.x versions of IBM Notes/Domino & add-ons.

Domino

IBM® Domino® Community Server for Non-Production will be a nonwarranted license option that enables your organization to test applications in a non-production environment. This offering will provide students, developers, and vendors with the capability to test their custom IBM Domino applications.

Announcement letter here

 

Domino

IBM Traveler 9.0.1.18 enabled by default a feature that allows Traveler to “Run as a User” instead of as a server. This feature resolves several long standing issues with accessing the user’s data as the server ID.

The last point above may cause sync issues for mobile users. If the access controls are inadvertently set to values that restrict individual users, but do not restrict the Traveler server, then users that could sync when running as the Traveler server ID might not be able to sync when running as their user ID.

Note that the Traveler administrator can disable the Run as User feature by setting the notes.ini value NTS_USER_SESSION=false on all Traveler servers and restarting the servers. This may be a quick way of restoring sync capability to the few affected mobile users with restrictive access control settings. However, it is not recommended because it is a global setting, so all users will lose the benefits of Run as User when it is disabled.

Read the technote here

Domino TechNote

Last week a customer ask for a change in his Domino mail group management.

Some people with the right to change groups (with the role GroupModifier) made a change on several groups and a big problem arrives with mail routing to this groups.

The question was: How prevent Group Modifiers to modify some groups on Domino?

O only found one solution : Change the permission on the group document.

I created a simple agent and modify the group field “DocumentAccess” and put the Role ServerModifier. (Only admins has this role on Domino Directory) and also change the Group Owner to the group Administrators.

The simple agent is bellow.

FIELD DocumentAccess := “[ServerModifier]”;
SELECT @All

Domino

Domino

Prepare the packages for installation

1 – Download the image CIQ7TEN from Passport Advantage this is the Debian install for IBM Notes 9.0.1 and also the FP7 from fix central

2 – Expand the downloaded file using tar -xvf command

3 – Open the package bm-notes-9.0.1.i586.deb to be edited using the commands bellow

dpkg-deb -x ibm-notes-9.0.1.i586.deb common
dpkg-deb --control ibm-notes-9.0.1.i586.deb

4 – Edit the control file, inside of the folder DEBIAN and change the Pre-depends section :

Pre-Depends: gdb:i386 | gdb:amd64, coreutils:i386 | coreutils:amd64, unzip:i386 | unzip:amd64, bash:i386 | bash:amd64, procps:i386 | procps:amd64, grep:i386 | grep:amd64, sed:i386 | sed:amd64, libart-2.0-2:i386, libasound2:i386, libatk1.0-0:i386, libavahi-client3:i386, libavahi-common3:i386, libavahi-glib1:i386, libbonobo2-0:i386, libbonoboui2-0:i386, libc6:i386, libcairo2:i386, libcanberra0:i386, libcomerr2:i386, libcups2:i386, libdbus-1-3:i386, libdbus-glib-1-2:i386, libexpat1:i386, libffi6:i386, libfontconfig1:i386, libfreetype6:i386, libgail18:i386, libgcc1:i386, libgconf-2-4:i386, libgcrypt11:i386 | libgcrypt20:i386, libgdk-pixbuf2.0-0:i386, libglib2.0-0:i386, libgnome2-0:i386, libgnomecanvas2-0:i386, libgnome-keyring0:i386, libgnomeui-0:i386, libgnomevfs2-0:i386, libgnutls26:i386 | libgnutls30:i386, libgpg-error0:i386, libgssapi-krb5-2:i386, libgtk2.0-0:i386, libhunspell-1.3-0:i386, libice6:i386, libjpeg62:i386, libk5crypto3:i386, libkeyutils1:i386, libkrb5-3:i386, libkrb5support0:i386, libltdl7:i386, libnspr4:i386, libnspr4-0d:i386, libnss3:i386, libnss3-1d:i386, libogg0:i386, liborbit2:i386, libp11-kit0:i386, libpam0g:i386, libpango1.0-0:i386, libpcre3:i386, libpixman-1-0:i386, libpng12-0:i386, libpopt0:i386, libselinux1:i386, libsm6:i386, libstdc++6:i386, libtasn1-3:i386 | libtasn1-4:i386 | libtasn1-5:i386 | libtasn1-6:i386, libtdb1:i386, libuuid1:i386, libvorbis0a:i386, libvorbisfile3:i386, libx11-6:i386, libxau6:i386, libxcb1:i386, libxcb-render0:i386, libxcb-shm0:i386, libxcomposite1:i386, libxcursor1:i386, libxdamage1:i386, libxdmcp6:i386, libxext6:i386, libxfixes3:i386, libxft2:i386, libxi6:i386, libxinerama1:i386, libxml2:i386, libxrandr2:i386, libxrender1:i386, libxss1:i386, libxt6:i386, libxtst6:i386, zlib1g:i386, unity-gtk2-module:i386, libcanberra-gtk-module:i386, libxss1:i386, gtk2-engines-murrine:i386, p11-kit-modules:i386, libp11-kit-gnome-keyring:i386, ttf-xfree86-nonfree:i386 | ttf-xfree86-nonfree:amd64, libz1:i386, libgconf2-4:i386, libxkbfile1:i386, libgnome-desktop-2 | libgnome-desktop-2-7 | libgnome-desktop-2-11 | libgnome-desktop-2-17 | libgnome-desktop-3-2 | libgnome-desktop-3-12, libidl-2-0:i386, libpangox-1.0-0:i386, libpangoxft-1.0-0:i386, libasound2-plugins:i386, libgail-common:i386, libatk-adaptor:i386, overlay-scrollbar-gtk2:i386 | overlay-scrollbar-gtk2:amd64

5 – Rebuild the package using the commands:

cp -a DEBIAN common
dpkg -b common ibm-notes-9.0.1.i586.deb

6 – Delete the folders common and DEBIAN

7 – Open the Sametime package for edition:

dpkg-deb -x ibm-sametime-9.0.1.i586.deb common
dpkg-deb --control ibm-sametime-9.0.1.i586.deb

8 – Edit the control file, inside of the folder DEBIAN and change the Pre-depends section :

Pre-Depends: ibm-notes, alsa-base, alsa-utils:i386 | alsa-utils:amd64 , iproute:i386 | iproute2:i386 | iproute:amd64 | iproute2:amd64

9 – Rebuild the package using the commands:

cp -a DEBIAN common
dpkg -b common ibm-sametime-9.0.1.i586.deb

remove common and DEBIAN folders

10 – Optional – Brazilian Portuguese Language:

dpkg-deb -x ibm-notes-core-ptbr-9.0.1.i586.deb common
dpkg-deb --control ibm-notes-core-ptbr-9.0.1.i586.deb

Edit the file control inside the DEBIAN folder and remove the the following line:

Depends: ibm-notes-nl1 (= 9.0.1-20131022.1138)

Rebuild the package

cp -a DEBIAN common
dpkg -b common ibm-notes-core-ptbr-9.0.1.i586.deb

Remove common and DEBIAN folders.

Prepare Ubuntu to install IBM Notes 9.0.1 FP7

Install Synaptic. We need to install some packages

sudo apt-get install synaptic

Start Synaptic and go to Settings -> Repositories -> Other software

Add the following URI for the repository:

deb http://archive.ubuntu.com/ubuntu/ raring main restricted universe multiverse

Close Synaptic. It will ask to reload the repositories and maybe you get the index reporitory error, you can ignore it.

run on terminal:

sudo apt-get update

sudo apt-get install libart-2.0-2:i386 libasound2:i386 libatk1.0-0:i386 libavahi-client3:i386 libavahi-common3:i386 libavahi-glib1:i386 libbonobo2-0:i386 libbonoboui2-0:i386 libc6:i386 libcairo2:i386 libcanberra0:i386 libcomerr2:i386 libcups2:i386 libdbus-1-3:i386 libdbus-glib-1-2:i386 libexpat1:i386 libffi6:i386 libfontconfig1:i386 libfreetype6:i386 libgail18:i386 libgcc1:i386 libgconf-2-4:i386 libgdk-pixbuf2.0-0:i386 libglib2.0-0:i386 libgnome2-0:i386 libgnomecanvas2-0:i386 libgnome-keyring0:i386 libgnomeui-0:i386 libgnomevfs2-0:i386 libgpg-error0:i386 libgssapi-krb5-2:i386 libgtk2.0-0:i386 libhunspell-1.3-0:i386 libice6:i386 libjpeg62:i386 libk5crypto3:i386 libkeyutils1:i386 libkrb5-3:i386 libkrb5support0:i386 libltdl7:i386 libnspr4:i386 libnspr4-0d:i386 libnss3:i386 libnss3-1d:i386 libogg0:i386 liborbit2:i386 libp11-kit0:i386 libpam0g:i386 libpango1.0-0:i386 libpcre3:i386 libpixman-1-0:i386 libpng12-0:i386 libpopt0:i386 libselinux1:i386 libsm6:i386 libstdc++6:i386 libtasn1-6:i386 libtdb1:i386 libuuid1:i386 libvorbis0a:i386 libvorbisfile3:i386 libx11-6:i386 libxau6:i386 libxcb1:i386 libxcb-render0:i386 libxcb-shm0:i386 libxcomposite1:i386 libxcursor1:i386 libxdamage1:i386 libxdmcp6:i386 libxext6:i386 libxfixes3:i386 libxft2:i386 libxi6:i386 libxinerama1:i386 libxml2:i386 libxrandr2:i386 libxrender1:i386 libxss1:i386 libxt6:i386 libxtst6:i386 zlib1g:i386 unity-gtk2-module:i386 libcanberra-gtk-module:i386 libxss1:i386 gtk2-engines-murrine:i386 p11-kit-modules:i386 libp11-kit-gnome-keyring:i386 ttf-xfree86-nonfree gdb iproute2 libgconf2-4:i386 libxkbfile1:i386 lib32ncurses5 lib32z1 libidl-2-0:i386 libpangox-1.0-0:i386 libpangoxft-1.0-0:i386 libasound2-plugins:i386 libgail-common:i386 overlay-scrollbar-gtk2 libgnome-desktop-3-12:i386 libatk-adaptor:i386 libgcrypt20:i386 libgnutls30:i386

Install IBM Notes 9.0.1

dpkg -i ibm-notes-9.0.1.i586.deb
dpkg -i ibm-sametime-9.0.1.i586.deb

For Brazilian Portuguese only:
dpkg -i ibm-notes-core-ptbr-9.0.1.i586.deb

After you install and configure the IBM Notes 9.0.1 close the client and install the FP7 using the command:

dpkg -i ibm_notes_fixpack-9.0.1.i586.deb

Many thanks to Felipe Paixão. He works hard to make this setup guide.

Domino Notes

Barry and Uffe will review the latest updates on IBM Notes and Domino as well as IBM Verse On-premises and related Cloud solutions. They will discuss the future directions and support for IBM Notes and Domino and the deliverables over the next 12 to 18 months as IBM transitions to using Feature Packs for delivering future enhancements. Plus, Martin Donnelly will discuss IBM’s plans for XPages enhancements.

There will be time for questions and answers at the end of their presentation.

November 3rd – 10:30 A.M. to 12:00 P.M. Eastern U.S. time. Register here

Domino

I upgrade from El Capitain and Notes 9.0.1 IF4 works fine for me. Yesterday IBM launch the FIX5 for Notes on MAC and will support macOS Sierra

Some information from the TN about the fix 5:

IBM Notes 9.0.1 64-bit running 9.0.1 Interim Fix 5 or above supports macOS Sierra and OS X 10.11. IBM clients can open Service Requests running this release.
Full certification of macOS Sierra will be completed by end of October 2016 or approximately 30 days after the general release of macOS Sierra.

IBM Client Application Access (ICAA) 1.0.0.1 Feature Pack 1 due out in November 2016 will support macOS Sierra.

Domino fix

MacOS Sierra will be available on 20 September for the general public. I search yesterday and today on the system requirements for Notes on MAC and i not found any information.

Anyone knows if the current version of Notes for MAC will run on Sierra?

Domino Notes

As of September 6, 2016, IBM has implemented hard entitlement validation on Fix Central for IBM Notes/Domino products. IBM Software Subscription and Support (S&S) will be validated through IBM ID association to IBM Customer Numbers.

More information on this TN

Domino

“Domino applications that are created from system templates that make use of Java applets, such as the Domino Directory (names.nsf), Document Library, Domino Web Server Configuration database and Widget Catalog database, will be impacted by the removal of NPAPI functionality. The Teamroom and Discussion databases created from older (pre-8.5.3) templates will be impacted as well.
Additionally, custom Notes applications that are using Java applets also may not work correctly in web browsers due to these changes.
It is recommended that you either (1) redesign the portions of the applications that use Java applets to use HTML, or (2) redesign the entire application to leverage XPages design elements.”

I think IBM will not replace any Java applet.

Domino

Nikto is an Open source web scanner released under the GPL license, which is used to perform comprehensive tests
on Web servers for multiple items including over 6500 potentially dangerous files/CGIs.

To install Nikto on Centos ;

1  yum install perl-CPAN* perl perl-Net-SSLeay openssl install perl-Time-HiRes
2  wget https://github.com/sullo/nikto/archive/master.zip
3 – unzip master.zip

To run a simple test, just type ./nikto.pl -h 192.168.10.74 on the program folder.

This is the result from my development server

– Nikto v2.1.6
—————————————————————————
+ Target IP:          192.168.10.74
+ Target Hostname:    192.168.10.74
+ Target Port:        80
+ Start Time:         2016-09-01 08:43:45 (GMT-3)
—————————————————————————
+ Server: Lotus-Domino
+ The anti-clickjacking X-Frame-Options header is not present.
+ The X-XSS-Protection header is not defined. This header can hint to the user agent to protect against some forms of XSS
+ The X-Content-Type-Options header is not set. This could allow the user agent to render the content of the site in a different fashion to the MIME type
+ No CGI Directories found (use ‘-C all’ to force check all possible dirs)
+ IBM/Lotus Domino: Server detected based on banner or nsf retrieval.
+ IBM/Lotus Domino: Version 9.0.0.0 detected at /download/filesets/l_LOTUS_SCRIPT.inf.
+ OSVDB-523: /homepage.nsf: This database can be read without authentication, which may reveal sensitive information.
+ Allowed HTTP Methods: GET, HEAD, POST, TRACE, PUT, DELETE, OPTIONS, PATCH
+ OSVDB-397: HTTP method (‘Allow’ Header): ‘PUT’ method could allow clients to save files on the web server.
+ OSVDB-5646: HTTP method (‘Allow’ Header): ‘DELETE’ may allow clients to remove files on the web server.
+ HTTP method: ‘PATCH’ may allow client to issue patch commands to server. See RFC-5789.
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable to XST
+ /ckeditor/ckeditor.js: CKEditor identified. This file might also expose the version of CKEditor.
+ /ckeditor/CHANGES.md: CKEditor Changelog identified.
+ 8392 requests: 0 error(s) and 12 item(s) reported on remote host
+ End Time:           2016-09-01 08:45:02 (GMT-3) (77 seconds)
—————————————————————————
+ 1 host(s) tested

Domino