Messages

31

CentOS 7 Problems / Re: Problems with Mail Service

« on: January 15, 2022, 10:37:51 PM »

Isn't an open relay, as mxtoolbox.com is not reporting this.
(Check here: https://mxtoolbox.com/diagnostic.aspx)

You don't clarify the volume of E-mail messages being sent from your server, but it seems several messages are being sent.

If you don't recognize these messages being sent, then most likely some user has had their password compromised, and neither Antispam nor Antivirus will stop this. You need to find out who the user is, and change the password to a stronger password, and more than that, find out how it was compromised, and prevent it from being compromised again.
That's an art.
The art of managing an internet server.

So, you need to verify who the authenticating user is to make this submission. You can start by trying to identify on the server who has authenticated to perform this sending, with the following command:

Code: [Select]

# grep 'auth=1' /var/log/maillog

Try to discover a line just right before the first sending attempt.

32

Apache / Re: WebServers Domain Configuration Reset

« on: January 14, 2022, 10:10:33 PM »

I don't know if is really the same problem as yours, but I had this type of problem when forgetting to check the mark "Rebuild WebServers conf for domain on save".

Did you already checked the content of the configuration file?:

Code: [Select]

# cat /home/user/.conf/webservers/DOMAIN.conf


33

Apache / Re: Apache vhosts configuration

« on: January 14, 2022, 09:53:39 PM »

To begin to know what happens, is needed to know the diretory listing of the templates (ls -alF /path).

34

PHP Selector / Re: Fresh install on CentOS 7 PHP version switcher erroring out.

« on: January 14, 2022, 09:27:12 PM »

Perhaps are you trying to compile PHP version "7.3.0"..?!
This is a very old version, PHP 7.3 current branch is in version 7.3.33...!!

35

E-Mail / Re: X-Envelope-From and From different

« on: January 14, 2022, 09:14:58 PM »

It may be that you have a specific E-mail where the sender is trying to confuse the recipient, but this cannot be concluded from E-mail senders. Me, for example, use it this way, X-Envelope-From is different from Mime-From, for the same domain, for historical and convenience reasons, and they are absolutely legitimate E-mails.

=>Envelope From (RFC5321)
Used by the SMTP server to generate NDR (Non-Delivery Report)
Used by SPF filter to determine if it came from the designated IP address.

=>Mime Header From (RFC5322)
Used by the email client to display information in the From field.
Used by DMARC filter to confirm if the message is authentic

Also, there are many legitimate reasons for the envelope sender and the From header not to match.
Rejecting mails based on that is not a good idea.

Anyway, if you need, you must implement through DKIM and DMARC policies.
Check this page to do it, and know the notices:
https://support.google.com/a/answer/10032169?hl=en

36

Dovecot / Re: Error: autoexpunge: Couldn't create dovecot.autoexpunge.lock lock: file_create_l

« on: January 13, 2022, 08:41:55 PM »

Sorry, but nothing is possible to solve with a "Disk Quota Exceeded" error message.
Solve that problem, and try again.

37

Apache / Re: Performance

« on: January 13, 2022, 08:38:40 PM »

This is too much specific to your platform (memory available, speed machine, etc.) and profile of your users (heavy acessed? heavy memory use? etc).
It's literally impossible to suggest values to these parameters.

But you can start by the suggestion of this file:
/usr/local/apache/conf/extra/httpd-mpm.conf

Code: [Select]

# event MPM
# StartServers: initial number of server processes to start
# MinSpareThreads: minimum number of worker threads which are kept spare
# MaxSpareThreads: maximum number of worker threads which are kept spare
# ThreadsPerChild: constant number of worker threads in each server process
# MaxRequestWorkers: maximum number of worker threads
# MaxConnectionsPerChild: maximum number of connections a server process serves
#                         before terminating
<IfModule mpm_event_module>
    StartServers             3
    MinSpareThreads         75
    MaxSpareThreads        250
    ThreadsPerChild      25
    MaxRequestWorkers      400
    MaxConnectionsPerChild   0
</IfModule>

After trying the above values, you should fine-tune your configuration to the desired performance profile.

38

Information / Re: Cannot log into my cPanel

« on: January 13, 2022, 08:26:37 PM »

Try logging in, and then immediately issue the following command:

Code: [Select]

tail -20 /usr/local/cwpsrv/logs/error_log
Post the results here.

39

Apache / Re: Performance

« on: January 12, 2022, 09:17:21 PM »

(...)
Since MPM is turned off by default in httpd.conf

No. It's enabled the module "mpm_event".

Check with:

Code: [Select]

# /usr/local/apache/bin/apachectl -M | grep -i mpm


(...)
Current setup is Nginx -> Apache -> PHP-FPM 7.xx

Besides Apache settings should i change any other settings to better utilize the resources?

Thanks in advance

The MPM Event is needed to run PHP-FPM.
You can choose another MPM just with PHP-CGI.
It is a Apache module/PHP limitation.

Surely, PHP-FPM have a superior performance, included with Nginx<->Varnish<->Apache, but you can have different problems with greedy caching with Varnish.
Your choice.

40

Nginx / Re: vHost conf file keeps reseting to the orig, tpl file has some errors

« on: January 12, 2022, 09:06:36 PM »

Why there is an editor there if the admin is not supposed to change the vHost file? The editor gives you a sense that you can edit it and it stays there! On the other hand, an static viewer gives you a sense that you can just see the contents and there is another way to edit it!

Yes, I agree: in my opinio,those files should be locked for editing, and there should be a warning that any changes will be overwritten in the next update. On the other hand, the documentation mentions that the changes made will be overwritten, so it is only possible to keep the changes with new files created from clones of those files.

When I apply the custom templates via the "WebServers Domain Conf" page, I get 50x error. I can not restart apache if I select the default all_methods template. The spacing in that file is not correct. I only described one scenario for Nginx_apache, I have other problems on another VM where I try to change the Nginx vhost conf for my NodeJS app.

Here is a problem with your template. After creating and applying it, you should check how it looks in your Apache or Nginx server configuration files. Check for errors, and fix templates.

Lets just repeat that if I clone the default tpl file without any changes, I can not make it work. I've tried both "Nginx -> apache -> PHP-CGI" and "Nginx -> apache -> proxy" option. Maybe you need to give it a try yourself and give me more insights. Please note that I dont have php-fpm. I am using php switcher v2.

When creating a .tpl file, it is mandatory to also create its corresponding .stpl file, or the template will not be available to be chosen and assigned to your site, either for PHP-FPM or PHP-CGI.

41

CentOS 7 Problems / Re: Problems with Mail Service

« on: January 12, 2022, 08:56:30 PM »

Check you logs by queue id, like:

Code: [Select]

# grep C5BADEE08CC /var/log/maillog
of

Code: [Select]

# grep ABBFDEE005D /var/log/maillog
...and post the results here.

42

CentOS 7 Problems / Re: 403 Forbidden Error on Virtual Host

« on: January 12, 2022, 08:44:47 PM »

I don't have any problem executing this command in my server.

You already checked your /usr/local/apache/domlogs/*.error.log files.?!

Regards,
Netino

43

CentOS-WebPanel GUI / Re: Mod_Security's Security incidents wrong IP

« on: January 12, 2022, 12:01:30 AM »

This is a ModSecurity issue, and it will not be fixed in 2.x versions.
Check:
https://github.com/SpiderLabs/ModSecurity/issues/811

Regards,
Netino

44

Nginx / Re: vHost conf file keeps reseting to the orig, tpl file has some errors

« on: January 11, 2022, 11:52:50 PM »

I am using Apache-Nginx as the webserver. I want to allow all the HTTP methods (PUT, DELETE) on a host by changing the vHost file. When I change that via the "WebServers Configuration Editor" to add a line, it reverts to the template file after a while.

I tried adding a configuration via the "Manage WebServers Configuration" page, but the "All_methods" tpl file does not work. I can't successfully restart the httpd service, it complains about the conf file. I tried cloning the default tpl file to create my own template, but I can't make it work with my web current web serv Apache_nginx.

As the last option, I tried to edit the default.tpl and default.stpl file, it worked but I am just surprised that its back to the orig file now!

You must avoid to change directly the vhosts/*.conf files.
They will always be overwritten when the webservers are rebuilt.

Instead of to change directly the vhosts conf files, you must create additional custom templates, simply copying and change them.
After that, you must apply the customized template to you site in CWP, "WebServers Domain Conf".

If you customize your webserver configuration, you *must* customize too the webserver templates in "/usr/local/cwpsrv/htdocs/resources/conf/web_servers/", otherwise, they will always be overwritten when CWP is updated.
(check there your webservers files used)

The templates per-si are *always* overwritten when CWP is updated too. So, you *must* to create additional files in that directories, instead to change it.
Copy an existant file, change the name of the file, one for .conf and another for .ssl.conf (always two files, obligatorily). This is needed to the template is showed in the "WebServers Domain Conf".

You can check this link to do it:
http://wiki.centos-webpanel.com/webservers-vhost-templates

One diverse way to avoid this customization above (in webserver templates) is to create your new custom files directly in 'conf.d' diretories of your webservers, avoiding to change the system config webserver files. You can use it, if possible.

Regards,
Netino

45

E-Mail / Re: Fake users sending spam

« on: January 11, 2022, 11:47:30 PM »

(...)
Jan 11 08:44:43 cwp postfix/smtpd[17250]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:44:43 cwp cbpolicyd[10726]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=collatedbg@myserver.tdl, to=b.lichtenberg@random.de, reason=quota_match, policy=6, quota=
3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.58/10 (115.8%)
Jan 11 08:44:43 cwp postfix/smtpd[17251]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <b.lichtenberg@random.de>: Recipient address rejected: 1; from=<collatedbg@myserver.tdl> to=<b.lichtenberg@random.de> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:44:43 cwp postfix/smtpd[17251]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:44:43 cwp postfix/smtpd[17251]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:44:43 cwp cbpolicyd[17260]: module=Quotas, action=defer, host=127.0.0.1, helo=myserver.tdl, from=f_ycqxcyirp@myserver.tdl, to=frank-rilling@random.de, reason=quota_match, policy=6, quota=3, limit=4, track=Sender:@myserver.tdl, counter=MessageCount, quota=11.58/10 (115.8%)
Jan 11 08:44:43 cwp postfix/smtpd[17258]: NOQUEUE: reject: RCPT from localhost[127.0.0.1]: 450 4.7.1 <frank-rilling@random.de>: Recipient address rejected: 1; from=<f_ycqxcyirp@myserver.tdl> to=<frank-rilling@random.de> proto=ESMTP helo=<myserver.tdl>
Jan 11 08:44:43 cwp postfix/smtpd[17258]: lost connection after RCPT from localhost[127.0.0.1]
Jan 11 08:44:43 cwp postfix/smtpd[17258]: disconnect from localhost[127.0.0.1] ehlo=1 mail=1 rcpt=0/1 commands=2/3
Jan 11 08:45:17 cwp postfix/smtpd[17254]: warning: hostname examsection.earacheevince.com does not resolve to address 212.192.246.26
Jan 11 08:45:17 cwp postfix/smtpd[17254]: connect from unknown[212.192.246.26]
Jan 11 08:45:20 cwp postfix/smtpd[17254]: warning: unknown[212.192.246.26]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Jan 11 08:45:20 cwp postfix/smtpd[17254]: lost connection after AUTH from unknown[212.192.246.26]
Jan 11 08:45:20 cwp postfix/smtpd[17254]: disconnect from unknown[212.192.246.26] ehlo=1 auth=0/1 commands=1/2
(...)

The spam is coming from localhost. It doesn't appear to be an open relay. It looks like some script on the server itself is allowing this sending attempt. The web logs for the same time and/or spam start time should be investigated to try to identify which scripts are allowing this.
The following files/directories must be scanned:
/usr/local/apache/logs/
/usr/local/apache/domlogs/
/usr/local/cwpsrv/var/services/roundcube/logs/