WildCard 憑證如果用 MMC 匯入 Local Computer 的 Personal 後
SMTP Domain 的 Access -> Security communication 中 Require TLS encrypt 還是反灰不能勾選
此時開啟 IIS Manager (管理網站的那個 Internet Information Services (IIS) Manager)
在伺服器層級點 Server Certificates,再點 Import,記得匯入 Store 選 Personal
按 OK 後重啟 IIS & SMTP Service 即可
*. 可以把 Allow this certificate to be exported 取消勾選
Stop-Service SMTPSVC
Stop-Service IISAdmin
notepad C:\Windows\System32\inetsrv\MetaBase.xml
找到 <IIsSmtpServer Location ="/LM/SmtpSvc/1" 這一段
加入參數: RelayIpList=""
Start-Service IISAdmin
Start-Service SMTPSVC
Set-Service SMTPSVC -StartupType Automatic
Mail eml 格式檔案 ZIP 後存在 DB 裡,但某日發現資料庫中有許多 Record 的 Subject 都錯誤
推測是歸檔程式有 Bug 的關係。
因為會影響搜尋結果,所以必須從資料庫中取出 ZIP 過的 eml 檔案
解壓後分析,再修正資料庫中的資料
以下程式包含上述功能但有更多其他功能,就不多說,有需要自取
需要 SharpZipLib
這是用來忽略解壓過程中發生錯誤,強制解壓的工具
不知道為什麼 DB 中的 ZIP 二進位資料取出後解壓會有問題,但忽略錯誤就可以
只用 Powershell 實在沒辦法對 Email 做良好的 Parser,必須丟到 Python 去處理
所以需要用 Powershell 處理到一半,用 Python 讀檔,再回 Powershell 處理
因為我實在不熟 Python,不然應該要用 Python 從頭寫到瑋才對
以下程式有許多部份都是用 Copilot 協助產生的,再加上自己修改而成
[Version]Signature="$Windows NT$"[NewRequest]Subject = "CN=Dino9021 Code Signing, OU=IT, O=DinoClub, L=Hsinchu, S=Taiwan, C=TW"KeySpec = 1KeyLength = 2048Exportable = TRUEMachineKeySet = FALSESMIME = FALSEPrivateKeyArchive = FALSEUserProtected = FALSEUseExistingKeySet = FALSERequestType = PKCS10ProviderName = "Microsoft RSA SChannel Cryptographic Provider"[Extensions]2.5.29.37 = "{text}"_continue_ = "1.3.6.1.5.5.7.3.3" ; Code Signing EKU
ChatGPT Team support SSO with detailed setup instructions.
However, this version does not support SCIM provisioning.
To restrict unassigned users from logging into ChatGPT Team via SSO, we have an alternative option using Conditional Access to achieve this goal.
That is all,
Now unassigned users may be able to log in but not access the ChatGPT team.
Microsoft Entra admin center
=> Entra ID - Authentication methods
=> Software OATH tokens
=> Set Include Groups
=> Entra ID - Authentication methods
=> Settings
=> System-preferred multifactor authentication
=> Add Groups to Exclude will make the members can set Default sign-in method
Browse "Security info" of Shared Account (https://aka.ms/mfasetup)
=> Add sign-in method
=> Choose Microsoft Authenticator
=> I want to use a different authenticator app
=> Finish the setup with OTP App you want to use (Microsoft Authenticator will do)
*. You may want to change the "Default sign-in method" from "App based authentication - notification" to "App based authentication or hardware token - code" to avoid high App Notification frequency.
*. If you see "Microsoft Authenticator - notification" instead of "App based authentication - notification" and "Sign-in method when most advisable is unavailable" instead if "Default sign-in method" on the "Security info" page, you might have forgotten to follow the second section of the Microsoft Entra Admin Center.
AdGuard DNS(無過濾功能):
94.140.14.140
94.140.14.141
AdGuard DNS(攔截廣告、跟蹤器和釣魚網站)
94.140.14.14
94.140.15.15
AdGuard DNS(攔截廣告、跟蹤器、釣魚網站和成人內容的網站)
94.140.14.15
94.140.15.16
Cloudflare DNS(隱私權保護)
1.1.1.1
1.0.0.1
Cloudflare DNS (阻止惡意程式)
1.1.1.2
1.0.0.2
Cloudflare DNS (阻止惡意軟件及成人內容)
1.1.1.3
1.0.0.3
It's not a popular Software / Application.
You may not need it.
First : SplitDB.vbs (Run on MailStore Server)
=> Split DB by day with SplitDB.vbs
Second: MergeDB.vbs (Run on MailSearch Server)
=> Merge DB to Quarter
$UnBlockIPURL 是一個給 User 自行解鎖 IP 的清單,要另外處理
此處不提供與介紹
# in Hours
$BlockTime = 720;
$RuleGroupName = "ExchangeAuthFailBlockIPs"
$RuleSubnetsGroupName = "ExchangeAuthFailBlockSubnets"
$SMTPLookBackHours = 1;
$SMTPLogFullPath = "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs\FrontEnd\ProtocolLog\SmtpReceive\"
$SMTPLogSearchTailLines = 10000;
$UnBlockIPURL = 'https://www.contoso.com/BlockIPs/History/AllUnblock.Json';
$ClassBSubnetBlockCount = 3;
#-------------------------------------------------------------------------------------------------------------------------------------------
