Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
E-Mail / Re: spamassassin.service: Failed with result 'start-limit-hit'
« on: December 03, 2024, 11:12:33 PM »
Same problem and question about where to configure the default rules.
At last answer: /etc/spamassassin don't exist, we have /etc/mail/spamassassin, but didn't work.
Please read this new topic to create a complete and functional instructions to configure spamassassim:
https://forum.centos-webpanel.com/e-mail/how-to-install-spamassassin-updated/msg49640/#msg49640
At last answer: /etc/spamassassin don't exist, we have /etc/mail/spamassassin, but didn't work.
Please read this new topic to create a complete and functional instructions to configure spamassassim:
https://forum.centos-webpanel.com/e-mail/how-to-install-spamassassin-updated/msg49640/#msg49640
2
E-Mail / How to configure Spamassassin [updated]
« on: December 03, 2024, 11:04:53 PM »
Informations about configure Spamassassin appear to be outdated.
If you follow the wiki https://wiki.centos-webpanel.com/how-to-configure-spamassassin you will got an error with the daemon config and even solving this the spamd will consume a lot of load and will not work, as mentioned in https://forum.centos-webpanel.com/e-mail/spamassassin-service-failed-with-result-start-limit-hit/msg38072/#msg38072
I'll join here all steps to configure and ask for you, what is wrong? Let's make new and functional instructions to configure o spamassassin, please.
Assume that mail server built with ClamAV+SA+Amavis at MailServer Manager and working, but spamassassin is not marking *SPAM* and is not moving messages to Spam folder.
Add line " -o content_filter=spamassassin" at /etc/postfix/master.cf after " -o receive_override_options=no_address_mappings", you will get:
*do NOT forget about two spaces before -o
At end of same file /etc/postfix/master.cf add:
Check if /var/lib/spamassassin/ exist, if not create. Check if user and groutp owned by nobody.
At file /etc/sysconfig/spamassassin edit to:
** Here we have a problem, with -d option (Detach from starting process and run in background) you will have spamd consuming a lot of load, even not working. This is mentioned at
https://forum.centos-webpanel.com/e-mail/spamassassin-service-failed-with-result-start-limit-hit/msg38072/#msg38072 . So we can remove it? As for me both options did not work I don't know what can be better yet.
Edit /usr/share/spamassassin/local.cf with default options:
Maybe this file is not loading. As mentioned at https://forum.centos-webpanel.com/e-mail/spamassassin-service-failed-with-result-start-limit-hit/msg38072/#msg38072 this configuration must be set in another place, but where and how? Searching I found that can be any new file at /usr/share/spamassassin/ or /etc/mail/spamassassin, I've tried creating custom.cf, inserting default options, but didn't work. Even editing /etc/mail/spamassassin/local.cf
Here the configuration should be complete, but no. You'll get an error: spamassassin.service: Failed with result 'start-limit-hit' after reload spamd.
You need to edit /usr/lib/systemd/system/spamassassin.service, inside Service section add:
Reload deamon, restart postfix and spamassassin:
* Here we should restart Amavis too?
So with that I have spamassassin started, without error, but not marking and moving spam : (
Please, lets help to update this instructions. Spamassassin is so important and I hope soon cwp have this configuration included at MailServer Manager.
If you follow the wiki https://wiki.centos-webpanel.com/how-to-configure-spamassassin you will got an error with the daemon config and even solving this the spamd will consume a lot of load and will not work, as mentioned in https://forum.centos-webpanel.com/e-mail/spamassassin-service-failed-with-result-start-limit-hit/msg38072/#msg38072
I'll join here all steps to configure and ask for you, what is wrong? Let's make new and functional instructions to configure o spamassassin, please.
Assume that mail server built with ClamAV+SA+Amavis at MailServer Manager and working, but spamassassin is not marking *SPAM* and is not moving messages to Spam folder.
Add line " -o content_filter=spamassassin" at /etc/postfix/master.cf after " -o receive_override_options=no_address_mappings", you will get:
Code: [Select]
smtp inet n - n - - smtpd
-o content_filter=smtp-amavis:127.0.0.1:10024
-o receive_override_options=no_address_mappings
-o content_filter=spamassassin*do NOT forget about two spaces before -o
At end of same file /etc/postfix/master.cf add:
Code: [Select]
spamassassin unix - n n - - pipe
user=nobody argv=/usr/bin/spamc -f -e
/usr/sbin/sendmail -oi -f ${sender} ${recipient}Check if /var/lib/spamassassin/ exist, if not create. Check if user and groutp owned by nobody.
At file /etc/sysconfig/spamassassin edit to:
Code: [Select]
SAHOME="/var/lib/spamassassin/"
SPAMDOPTIONS="-d -c -m5 -u nobody -s ${SAHOME}spamd.log"** Here we have a problem, with -d option (Detach from starting process and run in background) you will have spamd consuming a lot of load, even not working. This is mentioned at
https://forum.centos-webpanel.com/e-mail/spamassassin-service-failed-with-result-start-limit-hit/msg38072/#msg38072 . So we can remove it? As for me both options did not work I don't know what can be better yet.
Edit /usr/share/spamassassin/local.cf with default options:
Code: [Select]
rewrite_header Subject *SPAM*
# report_safe 1
# trusted_networks 212.17.35.
required_score 5.0
use_bayes 1
bayes_auto_learn 1
bayes_ignore_header X-Bogosity
bayes_ignore_header X-Spam-Flag
bayes_ignore_header X-Spam-Status
include /usr/share/spamassassin/Maybe this file is not loading. As mentioned at https://forum.centos-webpanel.com/e-mail/spamassassin-service-failed-with-result-start-limit-hit/msg38072/#msg38072 this configuration must be set in another place, but where and how? Searching I found that can be any new file at /usr/share/spamassassin/ or /etc/mail/spamassassin, I've tried creating custom.cf, inserting default options, but didn't work. Even editing /etc/mail/spamassassin/local.cf
Here the configuration should be complete, but no. You'll get an error: spamassassin.service: Failed with result 'start-limit-hit' after reload spamd.
You need to edit /usr/lib/systemd/system/spamassassin.service, inside Service section add:
Code: [Select]
StartLimitBurst=0Reload deamon, restart postfix and spamassassin:
Code: [Select]
systemctl daemon-reload
sa-update
systemctl restart postfix spamassassin* Here we should restart Amavis too?
So with that I have spamassassin started, without error, but not marking and moving spam : (
Please, lets help to update this instructions. Spamassassin is so important and I hope soon cwp have this configuration included at MailServer Manager.
3
I can build it / Re: Apache Status - Accesses
« on: November 26, 2024, 07:53:54 PM »
As I don't use CloudFlare:
and worked!
thank you @cyberspace
Code: [Select]
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy xxx.xxx.xxx.xxx
and worked!
thank you @cyberspace
4
I can build it / Re: Apache Status - Accesses
« on: November 25, 2024, 02:36:45 PM »
I have enabled the mod_remoteip, only uncommented the line "LoadModule remoteip_module modules/mod_remoteip.so" on httpd.conf
but how to configure it to show the real remote ip? the /apache-status is only showing the local server ip
but how to configure it to show the real remote ip? the /apache-status is only showing the local server ip
5
Dovecot / Re: Dovecot Sieve Error
« on: October 21, 2024, 09:57:54 PM »
The missing write permission is for mail group, to dir and files.
So, chmod -R g+w to /var/sieve
After that didn't have more errors, but I don't know about that and keeping searching.
If happen again maybe I should compile like the error show and suggested at some docs: sievec /var/sieve/globalfilter.sieve
Anyone knows about it?
And seen /var/log/dovecot.log :
Fatal: master: service(lmtp): child 278485 returned error 83 (Out of memory (service lmtp { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump)
So I increase the memory to login and imap service at /etc/dovecot/dovecot.conf, maybe it is linked with the sieve error.
So, chmod -R g+w to /var/sieve
After that didn't have more errors, but I don't know about that and keeping searching.
If happen again maybe I should compile like the error show and suggested at some docs: sievec /var/sieve/globalfilter.sieve
Anyone knows about it?
And seen /var/log/dovecot.log :
Fatal: master: service(lmtp): child 278485 returned error 83 (Out of memory (service lmtp { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump)
So I increase the memory to login and imap service at /etc/dovecot/dovecot.conf, maybe it is linked with the sieve error.
6
Dovecot / Re: Dovecot Sieve Error
« on: October 21, 2024, 07:44:24 PM »
I'm with the same error.
Should I delete the file? How to create this file? Maybe compile?
I did the chmod +w and the directory and file already with permission:
drwxr-xr-x. 2 vmail mail 58 Oct 19 16:16 sieve
-rw-r--r-- 1 vmail mail 203 Mar 27 2017 globalfilter.sieve
-rw-r--r-- 1 vmail mail 346 Oct 19 16:16 globalfilter.svbin
Should I delete the file? How to create this file? Maybe compile?
I did the chmod +w and the directory and file already with permission:
drwxr-xr-x. 2 vmail mail 58 Oct 19 16:16 sieve
-rw-r--r-- 1 vmail mail 203 Mar 27 2017 globalfilter.sieve
-rw-r--r-- 1 vmail mail 346 Oct 19 16:16 globalfilter.svbin
7
DNS / Re: dns_rebuild_zone - what zone template this function use? is not the default set
« on: October 17, 2024, 01:47:39 AM »
The template file used by dns rebuild zone function is:
/usr/local/cwpsrv/htdocs/resources/conf/web_servers/conf_templates/named_new_dns_zone.conf
and is different of the default zone template to create new accounts:
/usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/default.tpl
create a new file, make a backup, on update should be overwrited.
/usr/local/cwpsrv/htdocs/resources/conf/web_servers/conf_templates/named_new_dns_zone.conf
and is different of the default zone template to create new accounts:
/usr/local/cwpsrv/htdocs/resources/conf/dns/bind/zones/default.tpl
create a new file, make a backup, on update should be overwrited.
8
DNS / dns_rebuild_zone - what zone template this function use? is not the default set
« on: October 16, 2024, 09:14:14 PM »
In List of DNS Zone, when I click the button Rebuild Zone this module don't use the zone template selected in Server settings.
When I create an account ok, use the right zone template, but this useful function/module is using what zone template?
I'm doing a cpanel migrate and a lot of trash dns entries are migrate and the NSs entries are not swapped to default of the server. So rebuild zone function should be good if it worked.
The cpanel process have boring bugs arround DNS topic, other here:
https://forum.centos-webpanel.com/migration-from-other-control-panels/cpanel-cwp-migration-change-permission-of-varnamed-and-stop-bind/
When I create an account ok, use the right zone template, but this useful function/module is using what zone template?
I'm doing a cpanel migrate and a lot of trash dns entries are migrate and the NSs entries are not swapped to default of the server. So rebuild zone function should be good if it worked.
The cpanel process have boring bugs arround DNS topic, other here:
https://forum.centos-webpanel.com/migration-from-other-control-panels/cpanel-cwp-migration-change-permission-of-varnamed-and-stop-bind/
9
E-Mail / Re: how to block user ip if tried x attempts login failed in Roundcube
« on: October 16, 2024, 08:38:45 PM »
I have LF_SELECT disabled, so all access is blocked, don't filter by port.
10
E-Mail / Re: how to block user ip if tried x attempts login failed in Roundcube
« on: October 16, 2024, 07:38:05 PM »
tested and passed! thank you very mutch.
the custom rule to /usr/local/csf/bin/regex.custom.pm, 5 attempts of login, temporary block for 300s, ports 2095,2096 (if LF_SELECT is enabled otherwise all access blocked):
Oct 16 15:19:09 one lfd[389884]: (roundcubelogin) Failed Roundcube login attempt from IP: 177.50.21.90 (BR/Brazil/xxx.xxx.50.858.isp.timbrasil.com.br): 1 in the last 3600 secs - *Blocked in csf* [LF_TRIGGER]
the custom rule to /usr/local/csf/bin/regex.custom.pm, 5 attempts of login, temporary block for 300s, ports 2095,2096 (if LF_SELECT is enabled otherwise all access blocked):
Code: [Select]
if (($globlogs{CUSTOM3_LOG}{$lgfile}) and ($line =~ /Failed login.*X-Real-IP:\s(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}),X-Forwarded-For/)) {
return ("Failed Roundcube login attempt from IP:",$1,"roundcubelogin","5","2095,2096","300","0");
}
restart csf and lfd, try wrong logins and check /var/log/lfd.log:Oct 16 15:19:09 one lfd[389884]: (roundcubelogin) Failed Roundcube login attempt from IP: 177.50.21.90 (BR/Brazil/xxx.xxx.50.858.isp.timbrasil.com.br): 1 in the last 3600 secs - *Blocked in csf* [LF_TRIGGER]
11
E-Mail / Re: how to block user ip if tried x attempts login failed in Roundcube
« on: October 16, 2024, 01:21:18 PM »
thank you cyberspace, it's a nice begin!
but don't work if is not set a custom regex on /usr/local/csf/bin/regex.custom.pm to identify the "Failed login".
Example on regex.custom.pm:
# CWP Failed Login Protection
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+)\s+Failed Login from:\s+(\S+) on: (\S+)/)) {
return ("Failed CWP-Login login for User: $1 from IP: $2 URL: $3",$2,"cwplogin","5","2030,2031","1");
}
Reference explain this code: https://docs.danami.com/juggernaut/user-guide/login-failure-custom-triggers
I don't know regex, so I'm trying to make one. Can someone help or have this regex?
The roundcube log with filed login exemple:
[16-Oct-2024 11:06:21 +0000]: <pidual7q> Failed login for gfdgfd from 127.0.0.1(X-Real-IP: 177.19.57.777,X-Forwarded-For: 177.19.57.245) in session pidual7q9hjruj15 (error: 0)
[16-Oct-2024 11:29:33 +0000]: <hi7i5n10> Failed login for jdjd from 127.0.0.1(X-Real-IP: 177.50.21.777,X-Forwarded-For: 177.50.21.126) in session hi7i5n10h617j2u6 (error: 0)
[16-Oct-2024 11:29:43 +0000]: <hi7i5n10> Failed login for jdjd from 127.0.0.1(X-Real-IP: 177.50.21.387,X-Forwarded-For: 177.50.21.126) in session hi7i5n10h617j2u6 (error: 0)
but don't work if is not set a custom regex on /usr/local/csf/bin/regex.custom.pm to identify the "Failed login".
Example on regex.custom.pm:
# CWP Failed Login Protection
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+)\s+Failed Login from:\s+(\S+) on: (\S+)/)) {
return ("Failed CWP-Login login for User: $1 from IP: $2 URL: $3",$2,"cwplogin","5","2030,2031","1");
}
Reference explain this code: https://docs.danami.com/juggernaut/user-guide/login-failure-custom-triggers
I don't know regex, so I'm trying to make one. Can someone help or have this regex?
The roundcube log with filed login exemple:
[16-Oct-2024 11:06:21 +0000]: <pidual7q> Failed login for gfdgfd from 127.0.0.1(X-Real-IP: 177.19.57.777,X-Forwarded-For: 177.19.57.245) in session pidual7q9hjruj15 (error: 0)
[16-Oct-2024 11:29:33 +0000]: <hi7i5n10> Failed login for jdjd from 127.0.0.1(X-Real-IP: 177.50.21.777,X-Forwarded-For: 177.50.21.126) in session hi7i5n10h617j2u6 (error: 0)
[16-Oct-2024 11:29:43 +0000]: <hi7i5n10> Failed login for jdjd from 127.0.0.1(X-Real-IP: 177.50.21.387,X-Forwarded-For: 177.50.21.126) in session hi7i5n10h617j2u6 (error: 0)
12
CentOS-WebPanel GUI / Re: Constantly logged out
« on: October 16, 2024, 02:03:14 AM »
I had the same problem, it's bad, but was just close all opened cwp tabs and in login page shift+reload to clear the cache.
13
E-Mail / how to block user ip if tried x attempts login failed in Roundcube
« on: October 15, 2024, 11:57:09 PM »
I didn't find any specific option about Roundcube in CSF.
Is there any possibility to block user ip if more than 3 failed login attempts in Roundcube? using CSF or some other mechanism?
Roundcube login looks very vulnerable.
Is there any possibility to block user ip if more than 3 failed login attempts in Roundcube? using CSF or some other mechanism?
Roundcube login looks very vulnerable.
14
Migration from other control panels / cpanel cwp migration change permission of /var/named and stop bind
« on: October 15, 2024, 11:32:22 PM »
After used the migration_cpanel_v2 tool, migrated all packages and two users, the migration runs without error but bind stoped.
The bind/named service goes down and can't start. Seen log it was perminssion denied to access /var/named/
Checking the directory permission it was changed owner to last user migrated. And the named db created have root:root permition.
Only after changed everything to named:named owner (dir and files) the bind started.
I tried /var/named with root:named and db files with root:root (maybe it's the right permission), but bind don't work. Do you know what is the right permission do theses dir and db files?
Always I run the migration permission are changed to the last user and I need to correct.
Seen the migration log, no error or something strange, only:
2024-10-15 16:17:07 rsync -av /home/.imburana20241015201542eJTBVdSkz3Yr4S/cpmove-imburana/dnszones /home/imburana/
2024-10-15 16:17:07 sed -i 's|xxx|xxx|g' /home/imburana/dnszones/*.db
2024-10-15 16:17:07 WebServers_AutoSSLmanual ssl
2024-10-15 16:17:07 WebServers_Rebuild ssl
2024-10-15 16:17:07 Copy files
2024-10-15 16:18:17 All files were copied
2024-10-15 16:18:17 grep 'imburana=' /home/.CPANELCWP_20241015201542/accounts.ini
2024-10-15 16:18:17 Adjusting user permissions
-------
Almalinux 8.10, CWP last version.
The bind/named service goes down and can't start. Seen log it was perminssion denied to access /var/named/
Checking the directory permission it was changed owner to last user migrated. And the named db created have root:root permition.
Only after changed everything to named:named owner (dir and files) the bind started.
I tried /var/named with root:named and db files with root:root (maybe it's the right permission), but bind don't work. Do you know what is the right permission do theses dir and db files?
Always I run the migration permission are changed to the last user and I need to correct.
Seen the migration log, no error or something strange, only:
2024-10-15 16:17:07 rsync -av /home/.imburana20241015201542eJTBVdSkz3Yr4S/cpmove-imburana/dnszones /home/imburana/
2024-10-15 16:17:07 sed -i 's|xxx|xxx|g' /home/imburana/dnszones/*.db
2024-10-15 16:17:07 WebServers_AutoSSLmanual ssl
2024-10-15 16:17:07 WebServers_Rebuild ssl
2024-10-15 16:17:07 Copy files
2024-10-15 16:18:17 All files were copied
2024-10-15 16:18:17 grep 'imburana=' /home/.CPANELCWP_20241015201542/accounts.ini
2024-10-15 16:18:17 Adjusting user permissions
-------
Almalinux 8.10, CWP last version.
15
DNS / Re: Permission problem when restarting BIND DNS Server
« on: October 15, 2024, 05:03:34 PM »
Pages: [1]
