Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
31
Information / Re: location of letsencrypt vhost template wanted
« on: February 24, 2017, 12:50:55 PM »
thanks for the info, does that mean that after an update the config would get overwritten?
I just want to redirect all non ssl request and all non www requests to https://www. and the best way is vhost, but i dont want to repeat that all the time.
Do u know the location of default folder for new clients (skell) so that i could work with .htaccess by default?
I like cwp but it lacks some rather "easy" thngs.. do u know if its activly developed or not?
I just want to redirect all non ssl request and all non www requests to https://www. and the best way is vhost, but i dont want to repeat that all the time.
Do u know the location of default folder for new clients (skell) so that i could work with .htaccess by default?
I like cwp but it lacks some rather "easy" thngs.. do u know if its activly developed or not?
32
Information / Re: location of letsencrypt vhost template wanted
« on: February 24, 2017, 11:56:26 AM »
thanks, but thats not the template is it?
that is the current one is it not? I need the template so i can change it just like an normal vhost template such as domain.com:2031/index.php?module=vhost_tpl
that is the current one is it not? I need the template so i can change it just like an normal vhost template such as domain.com:2031/index.php?module=vhost_tpl
33
Information / install and configure Spamassassin
« on: February 24, 2017, 11:53:53 AM »
It seems that spamassasin gets installed by centos web panel but not used.
To enable it do the following on your own risk!:
(Im on Centos 6, clean install)
yum -y update
yum -y install spamassassin
groupadd spamfilter
useradd -g spamfilter -s /bin/false -d /usr/local/spamassassin spamfilter
chown spamfilter: /usr/local/spamassassin
echo "## Required_hits: This determines the filter balance; the lower the score the more aggressive the filter.
# A setting of 5.0 is generally effective for a small organisation or a single user.
# Adjust the strictness score to your organization's needs - a large medical organisation might want to let email items
# through that are trying to sell pharmaceuticals, so we might increase the level to a more modest 8.0.
required_hits 5
## Report_safe: This line determines whether to delete the item or to move the item to the inbox whilst appending
# a spam notice to the subject line. The levels for this line are set to either a 1 or 0. A score of 1 will delete the spam item,
# whereas a score of 0 will send the item to the inbox and rewrite the subject line.
report_safe 0
rewrite_header Subject [**SPAM**]
## Required_score: This line sets the spam score for all email allowed through to your domain, with levels of certainty set from 0 to 5.
# Zero would be classified as a legitimate email item, whereas 5 would be an definite 'SPAM' item. If we set the score to 3 we would catch a
# lot of unsolicited emails but quite a few false positives would still get through. For our example email server we will use the score of 5,
# but you can of course set this value according to your preference.
required_score 5.0" > /etc/mail/spamassassin/local.cf
echo "# Options to spamd
SAHOME="/usr/local/spamassassin"
SPID_DIR="/var/run/spamassassin"
SUSER="spamfilter"
SPAMDOPTIONS="-d -c -m5 --username ${SUSER} -H ${SAHOME} -s ${SAHOME}/spamfilter.log" > /etc/sysconfig/spamassassin
service spamassassin start
chkconfig spamassassin on
#edit /etc/postfix/master.cf and replace:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#With :
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
smtp inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=spamfilter argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
save the file and then restart postfix
To test if SpamAssassin actually works, you can simply send an email with subject XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X to some of your email accounts (from an external one!) and once the email is received, check it’s headers and you should notice something like this:
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,RCVD_IN_DNSWL_NONE,
TVD_SPACE_RATIO autolearn=no version=3.3.1
....
This means that SpamAssassin is doing it’s job.
Maybe the developer can inlcude smth like this to his setup when installing, or just dont install spamassassin ))
To enable it do the following on your own risk!:
(Im on Centos 6, clean install)
yum -y update
yum -y install spamassassin
groupadd spamfilter
useradd -g spamfilter -s /bin/false -d /usr/local/spamassassin spamfilter
chown spamfilter: /usr/local/spamassassin
echo "## Required_hits: This determines the filter balance; the lower the score the more aggressive the filter.
# A setting of 5.0 is generally effective for a small organisation or a single user.
# Adjust the strictness score to your organization's needs - a large medical organisation might want to let email items
# through that are trying to sell pharmaceuticals, so we might increase the level to a more modest 8.0.
required_hits 5
## Report_safe: This line determines whether to delete the item or to move the item to the inbox whilst appending
# a spam notice to the subject line. The levels for this line are set to either a 1 or 0. A score of 1 will delete the spam item,
# whereas a score of 0 will send the item to the inbox and rewrite the subject line.
report_safe 0
rewrite_header Subject [**SPAM**]
## Required_score: This line sets the spam score for all email allowed through to your domain, with levels of certainty set from 0 to 5.
# Zero would be classified as a legitimate email item, whereas 5 would be an definite 'SPAM' item. If we set the score to 3 we would catch a
# lot of unsolicited emails but quite a few false positives would still get through. For our example email server we will use the score of 5,
# but you can of course set this value according to your preference.
required_score 5.0" > /etc/mail/spamassassin/local.cf
echo "# Options to spamd
SAHOME="/usr/local/spamassassin"
SPID_DIR="/var/run/spamassassin"
SUSER="spamfilter"
SPAMDOPTIONS="-d -c -m5 --username ${SUSER} -H ${SAHOME} -s ${SAHOME}/spamfilter.log" > /etc/sysconfig/spamassassin
service spamassassin start
chkconfig spamassassin on
#edit /etc/postfix/master.cf and replace:
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
#With :
#
# Postfix master process configuration file. For details on the format
# of the file, see the Postfix master(5) manual page.
#
# ***** Unused items removed *****
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
smtp inet n - n - - smtpd -o content_filter=spamassassin
spamassassin unix - n n - - pipe user=spamfilter argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#
## Enable SMTP on port 587 only for authenticated/TLS clients
submission inet n - n - - smtpd
-o smtpd_enforce_tls=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
save the file and then restart postfix
To test if SpamAssassin actually works, you can simply send an email with subject XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X to some of your email accounts (from an external one!) and once the email is received, check it’s headers and you should notice something like this:
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE,RCVD_IN_DNSWL_NONE,
TVD_SPACE_RATIO autolearn=no version=3.3.1
....
This means that SpamAssassin is doing it’s job.
Maybe the developer can inlcude smth like this to his setup when installing, or just dont install spamassassin ))
34
Information / location of letsencrypt vhost template wanted
« on: February 23, 2017, 08:06:46 PM »
hi
i am searching for the location of the letsencrypt ssl vhost template so that i can add a redirect to them
i am searching for the location of the letsencrypt ssl vhost template so that i can add a redirect to them
35
Information / php Date Time
« on: February 23, 2017, 07:40:45 PM »
on new install Roundcube does not show date and time as the timezone is not set in php.ini
please fix the installer so that its fixed on install or ask for input after install
please fix the installer so that its fixed on install or ask for input after install
36
Information / Re: Latest CWP for CentOS7 cannot get letsencrypt SSL
« on: February 23, 2017, 07:18:07 PM »
please note that if u run nginx it wont work
also if u run already in ssl / https mode then it wont work, maybe this can be updated as a setting one nice day
lets encrypt works by checking your domainname via http
so it installs temp files in your webroot and then checks if they exist from the outside to confirm that you manage that domain.
also if u run already in ssl / https mode then it wont work, maybe this can be updated as a setting one nice day
lets encrypt works by checking your domainname via http
so it installs temp files in your webroot and then checks if they exist from the outside to confirm that you manage that domain.
37
Installation / Re: Fail2Ban: Any thoughts positive or negative on installing this?
« on: February 23, 2017, 07:10:29 PM »
First of all fail2ban is not needed if u use csf+lfd, but ... lfd needs a lot of work to filter as much as fail2ban does.
For example Roundcude... very often a target for hackers/kiddies and not dealth with by LFD
So yes.. its a good idea to use fail2ban for things that LFD does not cover. or configure LFD to cover those via regex-custom.pm
Im developing a toll to automate this as its very gard, where for fail2ban its rather easy
Then @Media Schmiede
U are safe, it does not matter that u use a changing ip address.
For example Roundcude... very often a target for hackers/kiddies and not dealth with by LFD
So yes.. its a good idea to use fail2ban for things that LFD does not cover. or configure LFD to cover those via regex-custom.pm
Im developing a toll to automate this as its very gard, where for fail2ban its rather easy
Then @Media Schmiede
U are safe, it does not matter that u use a changing ip address.
38
Installation / Re: Problem with installation on CentOS 7
« on: February 23, 2017, 07:03:12 PM »
or the admin could update the installer to do this for you
39
Apache / Re: after used Hostname SSL with Letsencrypt script
« on: February 23, 2017, 07:01:05 PM »
u can solve it))
your hostname in httpd config is wrong, it has http:// in it, remove that and try again
your hostname in httpd config is wrong, it has http:// in it, remove that and try again
40
Installation / Re: Fresh Install
« on: February 23, 2017, 06:18:40 PM »
or via filemanager of course
change the lines that point to a certificate to reflect a working certificate
u can use the certs u used for your hostname via lets encrypt if u did that
/etc/letsencrypt/live/domainname/xxx.pem and so on
change the lines that point to a certificate to reflect a working certificate
u can use the certs u used for your hostname via lets encrypt if u did that
/etc/letsencrypt/live/domainname/xxx.pem and so on
41
Installation / Re: Fresh Install
« on: February 23, 2017, 06:15:00 PM »
well it seems a certificate issue
edit the dovecot conf file via ssh and add your certificates to dovecot
http://wiki2.dovecot.org/SSL/DovecotConfiguration
U can use the certificates u created via letsencrypt if any
edit the dovecot conf file via ssh and add your certificates to dovecot
http://wiki2.dovecot.org/SSL/DovecotConfiguration
U can use the certificates u created via letsencrypt if any
42
Installation / Re: How to make Nginx to listen to https port 443?
« on: February 23, 2017, 06:11:36 PM »
it takes manual configuration, its not automated in the gui yet.
So u need to tell nginx to listen to that port and to use this and that certs (u can use the certs u used for setting it up
/etc/letsencrypt/live/domainname/xxx.pem and so on
http://nginx.org/en/docs/http/configuring_https_servers.html
So u need to tell nginx to listen to that port and to use this and that certs (u can use the certs u used for setting it up
/etc/letsencrypt/live/domainname/xxx.pem and so on
http://nginx.org/en/docs/http/configuring_https_servers.html
43
CentOS 7 Problems / Re: SSL with Cloudflare (Please read - don't assume I haven't read other posts).
« on: February 23, 2017, 06:01:10 PM »
better ask at cloudflare
they do all kinds of magic, your site should just run in http mode and not ssl, cloudflare does that for u
https://www.cloudflare.com/ssl/
Flexible SSL
Flexible SSL encrypts traffic from Cloudflare to end users of your website, but not from Cloudflare to your origin server. This is the easiest way to enable HTTPS because it doesn’t require installing an SSL certificate on your origin. While not as secure as the other options, Flexible SSL does protect your visitors from a large class of threats including public WiFi snooping and ad injection over HTTP.
so it largely depends on your config there
they do all kinds of magic, your site should just run in http mode and not ssl, cloudflare does that for u
https://www.cloudflare.com/ssl/
Flexible SSL
Flexible SSL encrypts traffic from Cloudflare to end users of your website, but not from Cloudflare to your origin server. This is the easiest way to enable HTTPS because it doesn’t require installing an SSL certificate on your origin. While not as secure as the other options, Flexible SSL does protect your visitors from a large class of threats including public WiFi snooping and ad injection over HTTP.
so it largely depends on your config there
44
CentOS 7 Problems / Re: Love VS Not Love of CWP Panel. Many issues on Centos 7
« on: February 23, 2017, 05:57:48 PM »If you do not have a static or blank page let's encrypt are unable to install. You need have an index page.
Guide for setting up ssl on centos web panel:
Add a special user to the system, per example systemdomains
add the domainname to the system for that user, per example. hosting.xxx.com if thats your hostname
(if u use the other ways of adding the domain to the system u might run into problems later and be less flexible)
Go to xxx.com/index.php?module=letsencrypt and install Lets Encrypt
If this domain is the only one for this account systemdomains >> Install the new cert for the account systemdomains (as configured before)
if the account has more then one domain (u added via Domains >> add domain menu) then Install the new cert via Install Letsencrypt for Addon Domain function (as configured before)
Done
To do: figure out how to redirect both www and none www to https://www.
U can follow the wiki but Bind will complain that some db have no owner, this solution is more easy and actually following cwp procedures.
45
CentOS 7 Problems / Re: Wordpress redirect to https not worked
« on: February 23, 2017, 05:54:56 PM »
Its also a server function, u can change it in your vhost config for that domain, u could also use a plugin in WP to do it.
On the server is more clean i think
https://wiki.apache.org/httpd/RedirectSSL
On the server is more clean i think
https://wiki.apache.org/httpd/RedirectSSL
