An spf record that ends
~all
is essentially useless in preventing joe-jobbing, because it tells the remote system that you (the domain controller) don't know what it should do with the email (which doesn't come from your approved systems), and it is therefore likely to accept it.
Once you are confident with your SPF setup, you should change the
~all
to
-all
which is much more positive statement; that says to a recipient who consults the SPF that an email which is not from your list of approved systems is not from you at all, and should be refused. From the output you've pasted above, it looks as if the recipient in this case is checking the SPF, so at that point they should refuse the email at SMTP RCPT TO: stage, and the annoying bounce message will never be generated.
Don't use a password. Generate a passphrase-less SSH key and push it to your VM.
If you already have an SSH key, you can skip this step…
Just hit Enter for the key and both passphrases:
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
Copy your keys to the target server:
$ ssh-copy-id id@server
id@server's password:
Now try logging into the machine, with ssh 'id@server'
, and check-in:
.ssh/authorized_keys
Note: If you don't have .ssh dir and authorized_keys file, you need to create it first
to make sure we haven’t added extra keys that you weren’t expecting.
Finally, check to log in…
$ ssh id@server
id@server:~$
You may also want to look into using ssh-agent
if you want to try keeping your keys protected with a passphrase.
Best Answer
As sysadmin noted, if Universal Password is enabled in your eDirectory tree, then in your password policy, enable allowing Admins to retrieve the password and then use this tool instead: Dump UP tool it will generate the LDIF of all the passwords for you as well, all ready to go.
If you have IDM licensed, there are a couple of third party driver for Google Apps.
Concensus Consulting sells one: Google Apps driver
There is a version from a company in Australia.Cosmokey driver Or you can use the SOAP driver and send the events yourself as suggested by Justin.