DIY: A More Lethal Rat Trap

This is not typically the type of article I write and has nothing to do with technology at Mount, but it was an issue I ran into recently.

I live in a farmhouse built in the 1860s, and while no house is rodent impervious, we definitely have our fair share. Recently, we have had problems with 2 different rats. One was stealing fruit from our fruit bowl, while the other was eating potatoes saved from the summer harvest.

I had set some traps to eliminate these rodents from stealing food and leaving droppings laying around. The problem was the rat was stealing any bait I used that was just sitting on the trigger in the traditional manner. To resolve this I started to use bait that I tied to the trigger. 

Rats are particular and cautious about their food, so in my case it was easy to use a needle and thread to sew the grapes and a chunk of potato to the trigger.

After doing this the rat started setting the trap off and not stealing the bait, but was also not getting caught in the trap. I tried several different traps over the course of a few days and all of them would get set off with no rodent caught.

After talking to some people who have lived in old houses far longer than myself, I was able to develop a solution that could be easily installed on existing traps models that would make them more lethal. I would take small nails and place them through the trap pointy side up in a manner that doesn't impede the normal operation of the trap.

Since using these customized traps, they have killed the rats the first time they were triggered. It seems before the rats were actually getting caught in the trap and escaping. With the nails sticking out of the trap, the rat gets caught on the nail while trying to escape, so even if the manage to get out of the clamp, they end up tearing themselves on the nail and die within a foot or two of the trap by bleeding out.

Unfortunately it means this method is a little more violent, but is the only way I have found to successfully permanently remove the rodents.

Configuring Encryption with a PGP Universal Gateway Server, Exchange, and Barracuda Spam Filter

After quite a bit more troubleshooting and a call to the vendor who sold us the PGP gateway product we have been able to get it working. We also learned that our spam filter, a Barracuda 400 antivirus device, is cable of also functioning as an email encryption gateway and is easier for us to because of a few key features. In this post, I will try to outline our original mail-flow setup, and our final setup as well as options along the way if you don't have both.

Image 1 - Pre Encryption mail flow

Pre-Encryption Mail Flow is shown in Image 1. Inbound mail travels through our spam filter, to our exchange 2007 CAS server and then to the mailbox and client. Outbound we were bypassing the spam filter and using exchange to look up mail hosts and email directly to the other MX hosts.

Post Encryption Solutions - In our original implementation plans, we were looking at 2 separate reasons for encrypting of which PGP was the most obvious option. The 2 reasons were

•  1st the need for an email based encryption with a web based solution so that we could communicate securely with others who didn't have an encryption solution. 
• 2nd was the need for disk encryption for our laptop clients. PGP would meet this need via providing both a universal gateway server, as well as desktop clients that can manage the disk encryption.

What we discovered - During the implementation and configuration we discovered a few things that changed our implementation plans to accommodate them.

• Our barracuda spam and virus firewall now supports acting as a web based encryption agent. You can filter based on content filtering rules in the barracuda just like in the PGP Universal Server. For example, we have a rule that any message flowing through the barracuda will encrypt messages containing [encrypt]. This is also possible in the universal server, but the PGP server is case sensitive while the barracuda is not.
• After trying to put the PGP server in mail flow between exchange and the barracuda we started having issues with backed up mail queues in exchange. The PGP system seems to have some rather strict limitations on messages per connection and rate control that there are no options to address to allow more messages
• A huge feature from our perspective was because the barracuda encryption service hosts the encrypted message in their cloud based system, in doing so; they provide the capabilities to allow users to self service password reset. From my discussion with our vendor this is a huge advantage because the PGP server requires administrators to reset user's passwords.
• As a benefit of having both the barracuda and PGP server and clients, we were able to come to a final deployment decision where the barracuda would do the web gateway encryption for the majority of campus. On select users that would require disk encryption, we would install the client because those users are also people who would find the value of client to client mail encryption. 

Post Encryption Mail Flow and Implementation - I have displayed a couple of the different options in Image 2 for outbound setups.

Image 2

Depending on if your client is a PGP desktop user or not both the first and second mail flows in this image can be implemented at the same time.

Post install - Here are the instructions of how it was done.

Exchange Smarthost to gateway example

1. In Exchange modify your Send Connector that forwards email to the internet. For us, it is Organization Configuration > Hub Transport > Send Connectors > Send to Internet. Usually this is the SMTP space that matches the address of *.   In the network tab you need to configure it to send to the mail server doing the web based encryption, this can be either barracuda like in our case or simply the PGP gateway.
2. To configure the PGP gateway, log into the web interface. Go to Mail > Proxies > then click on the SMTP Proxy. If the PGP server will be in the mail flow like option 3 above, you need to change the SMTP Proxy type to Unified. In the Outbound mail designated source IPs: add the IP address of your Exchange server. If the PGP server is your last mail flow stop before the Internet, choose Send mail directly to recipient mail server. If you have another outbound mail server like our barracuda, choose Send all outbound mail to relay and enter the IP of your next hop. For inbound mail enter the IP address of your exchange server in Mailserver hostname.
3. In addition, if you are passing through the PGP server for inbound mail, you will need to configure Mail > Mail Routes and add your domain and Exchange server IP address. With the exception of policy setup, this should complete the configuration of the PGP Universal Server
4. For the PGP policy setup you can modify the Outbound rule applicable to Server, Client under Mail > Mail Policy.  We created a custom policy and placed it just prior to the Sign + Encrypt Buttons rule that is a default rule. You can see the rule setup in the image that would encrypt messages based on the subject containing [encrypt], a social security number, and a federal tax.  In the actions, you want to encrypt on the recipient's key or send via Web Messenger, if using the PGP Web Messenger. If you are using something like the Barracuda to do encryption but you have the PGP server in the mail flow, you can set this to send unencrypted because it will be encrypted by the barracuda.

   

   PGP encryption policy rule

5. If you also have a Barracuda to configure the outbound mail login to the web interface. Go to Basic > Outbound > Relay Using Trusted IP/Range, and add the IP address of either your PGP or Exchange server, whichever will be sending mail. This only enables outbound mail not the encryption portions.
6. In the Barracuda, Go to Domains > Domain Manager > Manage Domain of your domain. In the Advanced > Encryption menu you can upload a custom image to appear in the emails.
7. In the Barracuda, Go to Block/Accept > Content Filtering. Change the content filters to include something like a pattern of [\encrypt\] (which matches on [encrypt]), set Inbound Off, and Outbound to Encrypt, with Subject checked.

Best of luck with your install.

Pocket reader connectivity in CBORD's CSGold

The following article will document the potential issues and steps required to verify the connectivity of Cbord's CSGold Pocket Reader. We have one of these devices, specifically an MC70, and recently had issues where the device would not communicate with the server and was permanently in an offline state.

1. Step one is to ensure that the wireless on the device is connecting to your wireless network and you have network access. To accomplish this you can use the wireless network configuration tools. When completed the connectivity icon at the top of the reader should look like figure 1 with the arrows.
2. You next need to ensure that the port and server the pocket reader is pointing at to connect to is the IP address of your TPS server. The port needs to be 20000 + the node sid of the line driver of the pocket reader. For example, our line driver node sid is 9001, this means that our port needs to be 29001.
3. You need to confirm the MAC address that the reader displays in Info > Device Info is identical to the MAC address in the TPS configuration for the location you have the reader set to.  I have discovered this is case sensitive.
4. To obtain additional information, stop and restart the Pocket Reader MGR with a debug level of 5.
5. Look on the TPS server in Goldserver\logs folder for a file named LineDriverNODESID(timeDATE).out or .log
6. You can open this with notepad and look at any connection attempts from the pocket reader.
7. In addition, you could also do a netstat -a -n | grep port (in my example 29001) and it will show incoming attempts for the server.
8. If you see nothing here be sure to check for any firewall or ACL rules between your device and the server.

With these steps in place the pocket reader should be getting that little green triangle in the application instead of the red triangle. Best of luck.