Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Apache / include file
« on: March 02, 2017, 04:02:13 PM »
Please create interface in GUI for end user to edit vhost
# Include "/usr/local/apache/conf/userdata/%username%/%domain_name%/*.conf
# Include "/usr/local/apache/conf/userdata/%username%/%domain_name%/*.conf
2
Information / add domains to same user account folder structure
« on: March 02, 2017, 03:52:53 PM »
Hi
When adding new domain the default is to use the default public_html folder.
I would suggest to make the folder structure as such:
/home/user/domains/XXX.TLD/public_html/
In that way u have a default and files outside of the webroot still can easily be placed in the right domain folder if belonging to specific domain,
its easy to implement in the function into existing folder creation upon adding domain.
When adding new domain the default is to use the default public_html folder.
I would suggest to make the folder structure as such:
/home/user/domains/XXX.TLD/public_html/
In that way u have a default and files outside of the webroot still can easily be placed in the right domain folder if belonging to specific domain,
its easy to implement in the function into existing folder creation upon adding domain.
3
CSF Firewall / csf issues
« on: February 24, 2017, 09:45:06 PM »
the default install of csf seems to lack the regex.pm file and thus does not filter imap, pop 3 and such.
I posted this on the configserver forum already
But that means that we are not secure by default
i also notices that the regex used by cwp in regex.custom.pm to block failed login to cwp is not correct anymore.
On an updated system the regex does not catch the failed logins for as far as i can see
(maybe my problem ))
I posted this on the configserver forum already
But that means that we are not secure by default
On an updated system the regex does not catch the failed logins for as far as i can see
(maybe my problem ))
4
Information / redirect all requests and non www to http://www.
« on: February 24, 2017, 01:41:33 PM »
In 2017 someone may require secure connections as its good, and especially for SEO
There is now visual way to achieve this in cwp
lets asume u use apache
disable any redirect u may have right now as they will interfere with the lets encrypt module
so in vhost.conf or .htaccess remove any redirects
But only for the domain u dont use or want to change
delete the folders in
/etc/letsencrypt/live
/etc/letsencrypt/archive
/etc/letsencrypt/renewal
Then via the cwp gui create the certificates again with the www alias checked
Now add in /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf (per domain)
or in .htaccess in webroot of domain (per domain)
Or add
RewriteOptions InheritDown
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
to httpd.conf (then all domains will redirect to https://www.
There is now visual way to achieve this in cwp
lets asume u use apache
disable any redirect u may have right now as they will interfere with the lets encrypt module
so in vhost.conf or .htaccess remove any redirects
But only for the domain u dont use or want to change
delete the folders in
/etc/letsencrypt/live
/etc/letsencrypt/archive
/etc/letsencrypt/renewal
Then via the cwp gui create the certificates again with the www alias checked
Now add in /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf (per domain)
or in .htaccess in webroot of domain (per domain)
Or add
RewriteOptions InheritDown
RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
# [NC] is a case-insensitive match
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule .* https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
to httpd.conf (then all domains will redirect to https://www.
5
Information / install and configure Spamassassin
« on: February 24, 2017, 11:53:53 AM »
It seems that spamassasin gets installed by centos web panel but not used.
To enable it do the following on your own risk!:
(Im on Centos 6, clean install)
yum -y update
yum -y install spamassassin
groupadd spamfilter
useradd -g spamfilter -s /bin/false -d /usr/local/spamassassin spamfilter
chown spamfilter: /usr/local/spamassassin
echo "## Required_hits: This determines the filter balance; the lower the score the more aggressive the filter.
# A setting of 5.0 is generally effective for a small organisation or a single user.
# Adjust the strictness score to your organization's needs - a large medical organisation might want to let email items
# through that are trying to sell pharmaceuticals, so we might increase the level to a more modest 8.0.
required_hits 5
## Report_safe: This line determines whether to delete the item or to move the item to the inbox whilst appending
# a spam notice to the subject line. The levels for this line are set to either a 1 or 0. A score of 1 will delete the spam item,
# whereas a score of 0 will send the item to the inbox and rewrite the subject line.
report_safe 0
rewrite_header Subject [**SPAM**]
## Required_score: This line sets the spam score for all email allowed through to your domain, with levels of certainty set from 0 to 5.
# Zero would be classified as a legitimate email item, whereas 5 would be an definite 'SPAM' item. If we set the score to 3 we would catch a
# lot of unsolicited emails but quite a few false positives would still get through. For our example email server we will use the score of 5,
# but you can of course set this value according to your preference.
required_score 5.0" > /etc/mail/spamassassin/local.cf
echo "# Options to spamd
SAHOME="/usr/local/spamassassin"
SPID_DIR="/var/run/spamassassin"
SUSER="spamfilter"
SPAMDOPTIONS="-d -c -m5 --username ${SUSER} -H ${SAHOME} -s ${SAHOME}/spamfilter.log" > /etc/sysconfig/spamassassin
service spamassassin start
chkconfig spamassassin on
#edit /etc/postfix/master.cf and replace:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#With :
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
smtp inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=spamfilter argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
save the file and then restart postfix
To test if SpamAssassin actually works, you can simply send an email with subject XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X to some of your email accounts (from an external one!) and once the email is received, check it’s headers and you should notice something like this:
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,RCVD_IN_DNSWL_NONE,
TVD_SPACE_RATIO autolearn=no version=3.3.1
....
This means that SpamAssassin is doing it’s job.
Maybe the developer can inlcude smth like this to his setup when installing, or just dont install spamassassin ))
To enable it do the following on your own risk!:
(Im on Centos 6, clean install)
yum -y update
yum -y install spamassassin
groupadd spamfilter
useradd -g spamfilter -s /bin/false -d /usr/local/spamassassin spamfilter
chown spamfilter: /usr/local/spamassassin
echo "## Required_hits: This determines the filter balance; the lower the score the more aggressive the filter.
# A setting of 5.0 is generally effective for a small organisation or a single user.
# Adjust the strictness score to your organization's needs - a large medical organisation might want to let email items
# through that are trying to sell pharmaceuticals, so we might increase the level to a more modest 8.0.
required_hits 5
## Report_safe: This line determines whether to delete the item or to move the item to the inbox whilst appending
# a spam notice to the subject line. The levels for this line are set to either a 1 or 0. A score of 1 will delete the spam item,
# whereas a score of 0 will send the item to the inbox and rewrite the subject line.
report_safe 0
rewrite_header Subject [**SPAM**]
## Required_score: This line sets the spam score for all email allowed through to your domain, with levels of certainty set from 0 to 5.
# Zero would be classified as a legitimate email item, whereas 5 would be an definite 'SPAM' item. If we set the score to 3 we would catch a
# lot of unsolicited emails but quite a few false positives would still get through. For our example email server we will use the score of 5,
# but you can of course set this value according to your preference.
required_score 5.0" > /etc/mail/spamassassin/local.cf
echo "# Options to spamd
SAHOME="/usr/local/spamassassin"
SPID_DIR="/var/run/spamassassin"
SUSER="spamfilter"
SPAMDOPTIONS="-d -c -m5 --username ${SUSER} -H ${SAHOME} -s ${SAHOME}/spamfilter.log" > /etc/sysconfig/spamassassin
service spamassassin start
chkconfig spamassassin on
#edit /etc/postfix/master.cf and replace:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#With :
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
smtp inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=spamfilter argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
save the file and then restart postfix
To test if SpamAssassin actually works, you can simply send an email with subject XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X to some of your email accounts (from an external one!) and once the email is received, check it’s headers and you should notice something like this:
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,RCVD_IN_DNSWL_NONE,
TVD_SPACE_RATIO autolearn=no version=3.3.1
....
This means that SpamAssassin is doing it’s job.
Maybe the developer can inlcude smth like this to his setup when installing, or just dont install spamassassin ))
6
Information / location of letsencrypt vhost template wanted
« on: February 23, 2017, 08:06:46 PM »
hi
i am searching for the location of the letsencrypt ssl vhost template so that i can add a redirect to them
i am searching for the location of the letsencrypt ssl vhost template so that i can add a redirect to them
7
Information / php Date Time
« on: February 23, 2017, 07:40:45 PM »
on new install Roundcube does not show date and time as the timezone is not set in php.ini
please fix the installer so that its fixed on install or ask for input after install
please fix the installer so that its fixed on install or ask for input after install
8
CentOS-WebPanel GUI / ssl vhost config with lets encrypt
« on: February 23, 2017, 03:14:14 PM »
hi
it would be nice to have a visual editor for the ssl vhosts templates.
If u use lets encrypt the vhosts are written but not easily editable.
I wanted to rewrite all requests to https://www. and could not find where to do it.
Now to do it manually it should happen in /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf but that seems not to be templates so would get overwritten with an update.
is there a simple way to edit that configuration or did i miss a point?
i cant seem to find the templates file locations
it would be nice to have a visual editor for the ssl vhosts templates.
If u use lets encrypt the vhosts are written but not easily editable.
I wanted to rewrite all requests to https://www. and could not find where to do it.
Now to do it manually it should happen in /usr/local/apache/conf.d/vhosts-ssl-letsencrypt.conf but that seems not to be templates so would get overwritten with an update.
is there a simple way to edit that configuration or did i miss a point?
i cant seem to find the templates file locations
Pages: [1]
