How SmartNSF came to rescue in a heavily surveilled little (bird) house

Tags: Lotus Domino SmartNSF

One small hobby project of mine is a birdbox with an wifi enabled IP Camera. Much more fun to watch those small house sparrows build their nest and see how hard they work to bring up new kiddo-birds Smile


The images from the web camera surfaces on an web page, and everything worked fine last year.


However, firing up the camera this year, nothing showed up! After a quick look at the Chrome console, I quickly realized that the old and trusty IFRAME no longer worked as it used to. First and foremost I have enabled SSL on the site (with Let's Encrypt, using Windows ACME Simple (WACS), I'll create a blog post on that too in the near future) and it turns out that HTTPS won't allow IFRAMEs to use HTTP-based content at all. The concept is called "Mixed Active Content", read more about that here if interested. The built in web server on the web camera can't use anything else but plain old http …

While there probably are many other solutions to this challenge (feel free to chime in if you know!), this article describes how I used SmartNSF to call a small java-class, wrapping the whole HTTP-call nice and easy. A side effect was that I also could hide the inner workings of the IP camera completely! No more user name and password exposed in HTML Smile.

If you don't know SmartNSF, it is very briefly an extension to both your Domino server and to your Designer client, enabling you to create powerful REST Services supporting full CRUD in minutes! While you of course can do much of the same with the built-in Domino Access Services (DAS), you have much better control with SmartNSF. In my opinion, one of the most important things to happen with Notes/Domino in years.

Read more to see how I enabled SmartNSF to solve this challenge!


How to redirect an URL in Domino and break the Domino-server's attempt to append any URL-parameter like "?OpenDocument" to the target URL!!

Tags: Configuration Lotus Domino
This is a story of something that I anticipated should take 5 minutes to fix. It turned out to take a couple of hours instead!

Very briefly - using the redirect web site rules, Domino will transfer any URL parameters (like ?OpenDocument, ?OpenForm etc) from the source URL-pattern to the target URL. If the target URL doesn't like OpenDocument very well, this ends up in an "HTTP Web Server: Invalid URL Exception". This article describes how I struggled worked to break this behaviour!

A picture named M2


The quest to avoid SMTP Hacking and "Authentication Failed" on Domino-server continues

Tags: Lotus Domino Configuration

Update Nov, 11th, 2017: If your are using the sample database, you need a configuration first. Go to the configuration-view and press the "Configuration" button to create one.


This blog-post is about a combination of my own agent creating an IP-address list and a product named "IP Blocker". The combination automatically pumps bad IP addresses from Domino log to IP Blocker – and gone are the bad IP address.

Even though I have some sort of control on the numerous SMTP hacking attempts happening every day, I still feel uncomfortable just seeing that they keep on pounding my server. What do I mean?

The log gets lots of messages like this;

07.11.2017 05:00:06   SMTP Server: Authentication failed for user stevens ; connecting host

Back in March 2017 I wrote the blog-post Finally I managed to stop the SMTP hacking, generating tons of "SMTP Server: Authentication failed for user ..."-messages. Back then I was using the Windows Firewall to trap the bad IP addresses, and that worked. Every IP address registered was effectively blocked from ever reaching my server. The down-side was to keep up with all the new IP addresses, and somewhat cumbersome user interface to register IP addresses. My blog post goes into detail how that was done.

A reader named David Brown commented on the blog-post and referred to his blog-post Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks, which suggested the somewhat strange tip to turn off the SMTP Authentication server in order to actually automatically fence out the bad IP addresses.

Here the other day I came across another Windows tool named IP Blocker from BeeThink-software. It looks a little outdated, but it turned out to be quite powerful! Below you see it in action on my Windows machine;


All the red dots are blocked addresses! What was the most important selling point to me was the ability to automatically load IP-address lists.

What if I created an agent retrieving all the "Authentication Failed" messages, extracting the IP addresses and automatically created an IP-address list file to IP Blockere to read?

Read on to meet "Authentication Failed Extractor" database Smile


Wow! SmartNSF (BETA-5) can now call java directly, and work with the parameters with ease!

Tags: Lotus Domino Java SmartNSF

This evening it was time to test the latest and greatest version of SmartNSF – BETA 5. When you have installed it (via an updatesite database for the server) and via a local update site in your Designer, you get some cool new features. First of all, intellisense seems to work very good so now it is much easier to get the available methods etc.

But, the really cool feature in this version is the support for CUSTOM strategies. This means that you can define a route like this (the example below is directly from the discussion.nsf sample database enclosed in the SmartNSF zip);


The URI infos will call the Info-class in the package org.opennrf.smartnsf. This means that an URL like  http://www.vcode.no/test/discussion.nsf/xsp/.xrest/infos (note; URL is shown just for illustration purposes, and is not active) will call the java code shown below;


(Click on image to enlarge)


Ahhh, feels good to have FP8 (and iNotes working again) in place!

Tags: Lotus Domino


For some reason the client installer would’t run smoothly unless I killed NSD first (had this problem back with FP5 too). Well, with NSD out of the way, the new version installed without hickups.

On the server, everything went smooth! Took a while longer (approx 15-20 minutes) compared to other updates, but that doesn’t matter as long as the install works!

And, finally the iNotes client worked again!


Finally I managed to stop the SMTP hacking, generating tons of "SMTP Server: Authentication failed for user ..."-messages

Tags: Lotus Domino Configuration Spam

Have you ever seen a bunch of these in your Domino log-database?


If so, you are the victim of attempted SMTP Hacking. It means that someone is trying to log on to your server via the SMTP protocol. SMTP was primarily constructed for functionality and not so much security Smile

Unnecessarily to say, it is a waste of cycles to have all this traffic hit your server, not to mention what could happen if they ever succeed entering the system! Obviously the perpetrators uses some sort of directory attack trying out both known and valid mail addresses, in addition to all sorts of other names.

Read on to see how I finally was able to stop specified IPs from even reaching the Domino server (hint, the Windows Firewall comes to rescue!)

Update March 7th, 2017: David Brown over at his site https://port1352.wordpress.com (love the port1352-name!) took the time to chime in and tipsed me about his blog-post Disable SMTP-AUTH To Stop Relay Hackers In Their Tracks . I had actually seen this post too, but I could not get my head around that it would could actually be better to turn off SMTP-authentication in order to have better security. I asked a question on his post, and he posted a thorough answer to why this might be a good idea here. Thanks David for taking your time to answer this question!


How to setup Gmail's smtp.gmail.com as the outgoing mail server on both Domino and on iOS

Tags: After Hours Lotus Domino Configuration
One of the fun things with software, and perhaps especially server software, is that there is lots of ways to get things done. Sometimes you just drown in settings, configurations and restarts. Suddenly things start to work, and you really don't know exactlywhat fixed the problem! This is a story along those lanes, and I write about primarily to remember the steps for later for my own part. Perhaps it can be beneficiary to others too.
From having my own Domino server and using it for both incoming- and outgoing mail, things has transformed over the years to only handle incoming mail, and relaying outgoing mail to other SMTP-servers. In my case it has been the Telenor server "smtp.online.no" for many years. Up til now I have been very satisfied with Telenor and smtp.online.no too. If you are interested, you can read more about the history of my server at the end of this article.
The Problem

However, in January 2017 something happened on the the Telenor-side, and suddenly their SMTP-server wouldn't accept relayed mail from my server anymore.
Sending mail from my Domino server quickly resulted in the following log-entry, along with a non-delivery report sent back to the sender
06.02.2017 23:06:48   Router: Message 00796504 NOT transferred via SMTP to SMTP.ONLINE.NO for some.recipient@somewhere.com 553 5.3.0 <some.recipient@somewhere.com>... We do not relay from
If I tried to send from my iPhone or iPad, which also had the smtp.online.no as outgoing mail server, I received this;
A picture named M2
The above is in Norwegian, and says; “Cannot Send Mail – A copy has been placed in your Outbox. The Recipient {name} was rejected by the server.”
I have now been in touch with the support-departments for both Canal Digital and Telenor, and to make a long story very short; Hopelessly problematic to get any sensible answers at all!!!

First Canal Digital: From filing a support-request via their own support-pages, I didn't get any answer at all. First when I posted on their Facebook-page, they answered instantly!
So, note-to-self, don't bother to write anything in support forms or send email, that won't be answered anyway. Only use channels that obviously hurt a little if requests stay unanswered. That must feel like the other side of the coin for Canal Digital…
The answer to my problem? Canal Digital just points to Telenor and basically says "it's their fault, we do nothing with mail".
Ok, over to Telenor, and a very similar story unveils with them. Sensible enough they don't have a Facebook page where customers can rant (they have learnt the lesson that Canal Digital is learning …) However, after registering a couple of cases, were the latter pointed to a huge document with very detailed information about the problem, I finally got an answer today;
We don't do e-mail support at all via e-mail ….

….. Ha ha ha, are you kidding me?!?! No e-mail support via e-mail ?!?!? (choke choke …)
However, they points me to Telenoreksperten, a call-center charging you no less than approximately USD 3 per minute. I guess this is no other logic than if your washing machine breaks down. Nobody will even touch your washer if you don't stuff their deep pockets full of money ….


Domino 9.0.1 FP5 finally installed, but "nsdhelp.dll" was missing afterwards ...

Tags: Lotus Domino

According to this news flash from IBM, they ackowledge that there is some problems with the FPP5 updater. Indeed so, it won’t install if you have hotfixes installed as I blogged about here.

The news flash from IBM also stated that you could rerun any hotfix-installers to revert back to the previous level of code. I found my HF419 installer and ran it again. First it identified that I could revert back to vanilla 9.0.1 FP4 level, and I continued... First off I got this:


... hmmm, for some reason the updater didn’t finish off the running nsd.exe, so I had to do that manually via the Windows Task Manager. Re-ran the code and now it finished with success Smile 

Time to re-run the FP5 updater, and this time it correctly identified the 9.0.1 FP4 code and let me finish with success.

However, on a re-start of the Domino server, it couldn’t start due to a missing nsdhelp.dll file;


Bummer!! I couldn’t find it anywhere on my server, so I had to restore it from my backup!!

The last sign of nsdhelp.dll is in the UPGRADE.LOG and it seems like the HF419 renamed it:

Rename: canFileName: nsdhelp.dll, dw = 9
Temp file size was 0: UPTMP0009.TMP

Seems like the FP5 updater went a tad too fast through the quality control this time. Normally I would say that upgrading the server has been a breeze over the last years. Just download the updater, run it, and voila ... the server is updated.


Domino 9.0.1 FP5 updater also have problems ifyou have hotfixes installed

Tags: Lotus Domino

I currently have Domino 9.0.1 FP4 HF419 on Win32 installed.

Some days ago IBM released the FixPack 5 (FP5) for IBM Notes and Domino 9.0.1. Very soon after problems were discovered with the client installer and the FP5 updater was withdrawn. I can just confirm that the Domino updater also has problems, if you have installed hotfixes. Below is the screenshot from the updater:


Unfortunate that the updater doesn’t “roll over” the hotfixes....  Next thing is to try to uninstall the HF419 and then try FP5 updater again Smile


Yes - it *is* possible to disable the "Domain Indexer is indexing..." and "Domain Indexer finished indexing ..." messages in the log :-)

Tags: Lotus Domino
My Domino log contained a bunch of messages like;

23.11.2009 08:28:42   Domain Indexer is indexing Database 'bla bla.nsf'
23.11.2009 08:28:42   Domain Indexer finished indexing Database 'bla bla.nsf'

Not really something I pay much attention to, and I would rather have any errors or warnings instead.


Any tips for quick performance analysis on Domino server?

Tags: Lotus Domino Question
I am running Domino 8.5 on a Windows 2003 server inside a vmware image. I suspect that the server is performing somewhat bad... I understand that I can read and learn a lot about real performance analysis - which seems to be an immensely huge area.

At this years Lotusphere I attended Daniel Nasheds presentation "SHOW102 - IBM Lotus Notes and IBM Lotus Domino on Linux 101 ". At the very last slides he presented some screendumps of Linux tools named vmstat and iostat. Just by looking at some of the numbers, he could quickly determine whether a server was "CPU bound" or "IO Bound" - very convenient!!

Does anybody know about similar tools or techniques on Windows servers? Looking at the Task Manager's Performance-tab, I guess I can see similar information, and I hope that someone can point out things like "If Commit Charge is larger than Physical Memory, then you have a problem with too little RAM" ... or something


How a single byte could crash the server!

Tags: Lotus Domino
This is a story of a Domino server which crashed burning to the ground, every time an integration agent made with Lotus Connectors (use "lsxlc"...) ran. Read on to how I discovered what agent that was the problem and why I pinpointed the Lotus Connectors as the culprit.


How to run Lotus Domino on a Windows Home Server

Tags: Windows Home Server Lotus Domino Software
Learn how I run Lotus Domino in a virtual server ontop of Windows Home Server, all on one box.