Remove limit for Outlook OST and PST files

Outlook limits the default size for PST Files and OST Files to 50 GB. The size is determined by the registry value in the registry, the maximum can be increased to about 4 PB (4096 TB).

In Outlook 2003 and Outlook 2007, the maximum recommended size of a PST Data File and an OST Data File was limited to 20 GB.

Outlook 2010, 2013, 2016, 2019, and Microsoft 365 set this recommended limit to 50 GB.

How to increase the maximum file size of a PST Data File ?

To increase the maximum size of PST files and OST files in Outlook, the values must be created and set under the following key in the registry.

Outlook 2003
HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\PST
Outlook 2007
HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\PST
Outlook 2010
HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\PST
Outlook 2013
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\PST
Outlook 2016 / Outlook 2019 / Microsoft 365
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\PST

Increase Size of Outlook PST Data File and OST Data File

The following 2 new DWORD values must be created or set, to increase the Outlook Data File limit.

  • WarnLargeFileSize
    Do not set this higher than 4090445042 (decimal) or f3cf3cf2 (hexadecimal)
  • MaxLargeFileSize
    Do not set this higher than 4294967295 (decimal) or ffffffff (hexadecimal)

Run REG ADD in Command Prompt

When opening a command prompt by pressing the Win + R keys and run cmd, the following two lines are executed.

Lines with Copy Paste run in the Command Prompt.

The first value WarnLargeFileSize indicates how many MB a user can write to a pst or ost file before receiving a warning that the file is full.The second value MaxLargeFileSize indicates how many MB the system can write to a pst file or ost file.This value must be at least 5% higher because more than just user data is written to a pst file and an ost file.

Registry Key WarnLargeFileSize MaxLargeFileSize

  Although the registry path is PST, it also applies to OST files.

  If the mailbox is on an Exchange Server or an Office 365 account, the quota must also be increased.

Exchange Mailbox usage Quota settings

  In Outlook 2013 and earlier versions, IMAP accounts also used an Outlook Data File (PST). Starting with Outlook 2016 and Outlook for Microsoft 365, IMAP accounts use Offline Outlook Data Files (OST).

Outlook offline data file (OST)

Most account types, e.g. Accounts such as IMAP accounts, Microsoft 365 accounts, Exchange accounts, and Outlook.com-accounts use an Offline Outlook Data File (OST) to keep a synchronized copy of your mailbox information on your local computer.

Outlook Data Files (.pst) created using Outlook 2013 or Outlook 2016 are usually stored in the Documents\Outlook Folder on the computer.

Offline Outlook Data File (OST) from Outlook 2019 and Microsoft 365 is saved under %LOCALAPPDATA% under the path \Users\Username\AppData\Local\Microsoft\Outlook. Most of the data remains on the server. However, all locally stored items should be backed up. For example, Calendar, Contacts, Tasks and all folders are only marked as Local.

WinSCP Sites is empty

WinSCP sites are gone, no saved targets

WinSCP stores targets with the connection data under Sites, if all entries to the sites have disappeared after an update, there is no reason to panic. The sites can be restored easily and quickly, how to proceed is shown in this post.

After a software update of WinSCP was performed, and the sites were stored in the registry, which was the default in the earlier versions, it may happen that after an update of WinSCP, the setting was changed to INI. So we just need to change the setting back to Registry.

How to Preferences in WnSCP

WinSCP Empty Sites

The setting from WinSCP.ini to Windows registry can be changed by clicking the Tools button, if the Login Session window is not open, press the keys [Ctrl] + [N] then the Tools button.

Under Preferences go to Storage and in the Configuration storage area, enable with click on Windows registry.

WinSCP Preferences - Storage - Configuration storage: Windows registry

Tools – Preferences – Storage – Configuration storage: Windows registry.

After exiting WinsCP and running again, the targets reap appear in the Sites [Ctrl] + [N] window.

WinSCP Configuration in Registry

If the registry is used as configuration store, the configuration is saved under the following key.

WinSCP Configuration in INI-File

When loading configuration, WinSCP first looks for an INI file in the directory, where WinSCP executable is stored in. The INI file needs to have an .ini extension and the same name as the executable (i.e. WinSCP.ini). If INI file in not found there, WinSCP looks to application data directory of your user profile, i.e. to C:\Users\username\AppData\Roaming\WinSCP.ini.

When you opt to use INI file for the first time, WinSCP tries to write it to directory, where WinSCP executable is stored in. If the directory is not writable, INI file is stored to application data directory of your user profile.

WinSCP Transferring Configuration

The created destinations (sites) with the connection data are copied into the WinSCP.ini file with the change from Windows registry to Automatic INI file, if the sites were previously saved in the registry. To make the sites for WinSCP available on another computer, the sites with the connection data are transferred under Tools with Export/Backup Configuration and Import/Restore Configuration.

How to Install VSFTPD

Install FTP server VSFTPD and hardening trough Fail2ban

Very Secure File Transfer Protocol Deamon (VSFTPD), as the service of the same name promises us, VSFTPD is a secure FTP daemon, which is used as the default FTP server by most Linux distributions, such as in Debian, Ubuntu, CentOS, Fedora, RHEL and more. VSFTPD provide a stable FTP server and is authorized under the GNU General Public License. VSFTPD is designed for secure and easy support for virtual clients with PAM (Pluggable Authentication Modules). This tutorial shows how to install VSFTPD and implement it with Fail2ban on Debian 10 (buster) or other Linux versions. Fail2ban is an intrusion prevention system written in Python that runs on any Linux operating system that includes a manipulable firewall.

Installation

The provision of VSFTPD on Debian as well as under Ubuntu as usual by running the apt package manager from the default repository.

CentOS and RHEL install VSFTPD using DNF Dandified Yum.

After the installation we take steps to configuring VSFTPD.

For CentOS / RHEL / Fedora, vsftpd.conf find on path /etc/vsftpd.

  If you don’t like VIM, you can edit using nano or ne. or whatever your favorite is,

We disable anonymous login and allow local users to write.

chroot jail for FTP users

chroot stands for change root and is a feature for Unix systems to change the root directory. chroot only affects the current process and its child processes, it is a simple jail mechanism in which the FTP server prevents users from accessing files outside of its directory. chroot is also an easy way to sandbox untrusted data. The chroot settings for VSFTPD users can be found in the file vsftpd.conf.

To configuring for chroot users, go to the line chroot_local_user and change to YES, as with chroot_list_enable

All users are chrooted, except for a few who are exempt by creating the file /etc/vsftpd.chroot_list to containing those users who are excluded from chroot.

  CentOS / RHEL path /etc/vsftpd/vsftpd.chroot_list

It is possible to completely lock out users, to refuse login for certain users, add following lines to the file vsftpd.conf.

Create a file vsftpd.userlist and add users to it. Add user per line like the service accounts, for example: vsftpd.userlist

SFTP encrypted authentication

So that passwords are not sent in clear text, add these options to the configuration file, some of which are already available, check them and change the options if necessary.

Note: The default is that SFTP is already enabled by the SSH daemon, so check the file /etc/ssh/sshd_config.

Hint! more recommended VSFTPD settings

VSFTPD protection with Fail2ban

To protect the FTP server from brute force attacks, Fail2ban is activated for VSFTPD. If there are a defined number of failed login attempts, the suspicious host is locked for a certain amount of time. For Fail2ban to work, the logs are important. For this purpose, Fail2ban is installed on the FTP server.

For Fail2ban and VSFTPD, create the file jail.local, if not already exist.

  The file jail.conf can also be copied, or individual blocks of the services can be added to jail.local.

The logs are important for the functionality of Fail2ban. The FTP server (VSFTPD) logs in to log file /var/log/vsftpd.log. Fail2ban is flexible and can be adapted to most requirements. If an additional service is used, which requires xferlog, it can be logged in both log files with dual_log_enable=YES.

  In the standard, /var/log/vsftpd.log is read out, which is predefined with the variable %(vsftpd_log)s.

The Fail2ban filter for vsftpd contains the file at /etc/fail2ban/filter.d/vsftpd.conf

The Fail2ban daemon must restart to apply changes.

Now check blocked IP addresses by Fail2ban you can be here as root run this fail2ban-client command.