Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Netino

Pages: 1 ... 19 20 [21] 22 23 ... 26
301
CSF Firewall / Re: Website recently hacked for Haintai
« on: January 16, 2019, 01:15:03 AM »
What scares me is just figuring out how a person can administer a server without SSH. As him/her patrols the logs and the boundaries of your server, how install their programs. how it monitors its load, how it checks the queue for E-mails, how it checks your firewall, how well it knows the harassment your server receives, all without SSH. Without SSH is not possible to do a realistic administration of the server. You can not manage a server with the panel alone. The dashboard is just a facility, primarily for customers, not for the administrator. For the administrator there are numerous tasks that are much better fulfilled through SSH, some of them are unique. So for me the server was hacked just because there is no one monitoring the server via SSH. The security of a server is like a chain: it is as strong as its weakest link. Install a postknocking to make your port 22 more secure, but be sure to use SSH.

302
E-Mail / Re: Problem with webmail
« on: January 10, 2019, 04:01:54 AM »
First is need undesrtand a little more your problem.
Are you meaning "last version" is the last CWP's version..? Or webmail version..?
What you means by "webmail redirect"..?
What is "loadresources" are you mentioning..?

The code 400 for webservers means  "Page Not Found".

Regards,
Netino

303
MySQL / Re: PMA time out when accessing via user panel
« on: January 10, 2019, 03:55:22 AM »
Problem with domain resolution..??

304
MySQL / Re: MySQL Connection refused
« on: January 10, 2019, 03:54:07 AM »
I think is not needed to format your system.

Try to repair your journal before, following a tutorial like this:
https://z900collector.wordpress.com/2016/11/10/repairing-centos-7-journal-corruption/

This is not difficult, just a little bit laborious.
Moreover, it is a necessary knowledge for any administrator to administer a server.

Regards,
Netino

305
If is not sufficient check the result of commands "systemctl status httpd.service" and "journalctl -xe", so check the last lines of apache logs.
For example, to check the last 100 lines:
Code: [Select]
# tail -100 /usr/local/apache/logs/error_log

Regards,
Netino

306
MySQL / Re: MySQL Connection refused
« on: January 07, 2019, 02:10:23 AM »
Try to restart mariadb and post the result of commands "systemctl status mariadb.service" and "journalctl -xe".

307
MySQL / Re: MySQL Connection refused
« on: January 07, 2019, 12:50:14 AM »
Your system is claiming about InnoDB:
Code: [Select]
Unknown/unsupported storage engine: InnoDB

But it is claiming too about rsyslogd/imjounal:
Code: [Select]
imjournal: rename() failed for new path: '/var/lib/rsyslog/imjournal.state': Is a directory [v8.24.0 try http://www.rsyslog.com/e/0 ]

Post the result of the command:
Code: [Select]
ls -alF /var/lib/rsyslog/imjournal.state

As you mention had your server rebooted, may be journal files are in inconsistent state, and may be needed to repair it.
The things can do more complex a little bit, but you best choice at this moment would be to rename '/var/lib/rsyslog/imjournal.state' to '/var/lib/rsyslog/imjournal.state.old', and restart rsyslogd.

Are you using InnoDB..??
How much memory you have in your system..??
And swap..??

308
How to / CONTINUATION: [Howto] Install Rspamd
« on: January 07, 2019, 12:10:16 AM »
CONTINUATION...
Configuring Postfix
===================
- Change/include in file /etc/postfix/main.cf
Code: [Select]
milter_protocol = 6
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen}
# use accept just in case rspamd fails
milter_default_action = accept
smtpd_milters = inet:127.0.0.1:11332
non_smtpd_milters = inet:127.0.0.1:11332

- Change the following in file /etc/postfix/master.cf:
Find:
Code: [Select]
smtp   inet  n - n - - smtpd
  -o content_filter=smtp-amavis:127.0.0.1:10024
  -o receive_override_options=no_address_mappings

...and change to:
Code: [Select]
smtp      inet  n       -       n       -       -       smtpd
#  -o content_filter=smtp-amavis:127.0.0.1:10024
#  -o receive_override_options=no_address_mappings
smtpd     pass  - - n - - smtpd

Find:
Code: [Select]
smtps     inet  n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

...and change to:
Code: [Select]
smtps     inet  n - - - - smtpd
  -o syslog_name=postfix/smtps
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

Find:
Code: [Select]
pickup    fifo  n - n 60 1 pickup
 -o content_filter=
 -o receive_override_options=no_header_body_checks

...and change to:
Code: [Select]
pickup    fifo  n - n 60 1 pickup
  -o content_filter=
#  -o receive_override_options=no_header_body_checks

Find:
Code: [Select]
submission inet n - n - - smtpd
  -o smtpd_enforce_tls=yes
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

...and change to:
Code: [Select]
submission inet n - - - - smtpd
#  -o smtpd_tls_security_level=encrypt
  -o syslog_name=postfix/submission
  -o smtpd_tls_wrappermode=no
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

Find and disable the entire 'spam/virus section' as the following:
Code: [Select]
#
# spam/virus section
#
#smtp-amavis  unix  -    -       y       -       2       smtp
#  -o smtp_data_done_timeout=1200
#  -o disable_dns_lookups=yes
#  -o smtp_send_xforward_command=yes
#127.0.0.1:10025 inet n  -       y       -       -       smtpd
#  -o content_filter=
#  -o smtpd_helo_restrictions=
#  -o smtpd_sender_restrictions=
#  -o smtpd_recipient_restrictions=permit_mynetworks,reject
#  -o mynetworks=127.0.0.0/8
#  -o smtpd_error_sleep_time=0
#  -o smtpd_soft_error_limit=1001
#  -o smtpd_hard_error_limit=1000
#  -o receive_override_options=no_header_body_checks
#  -o smtpd_helo_required=no
#  -o smtpd_client_restrictions=
#  -o smtpd_restriction_classes=
#  -o disable_vrfy_command=no
#  -o strict_rfc821_envelopes=yes

- Restart Postfix, and disable amavisd-new
Code: [Select]
# systemctl reload postfix
# systemctl disable amavisd-new
# systemctl stop amavisd-new

Now you have your mail server funcional and working with rspamd.

Spamassassin
============
To migrate from Spamassassin, check <https://rspamd.com/doc/tutorials/migrate_sa.html>.
If you don’t have a lot of custom rules and primarily use the default ruleset then you shouldn’t use this plugin: many SA rules are already implemented natively in Rspamd so you won’t get any benefit from including such rules from SA.
But if you have custom rules, copy them to a the file, for example '/etc/rspamd/spam-rules/rules', and create a file '/etc/rspamd/local.d/spamassassin.conf' with the following content:
Code: [Select]
ruleset = "/etc/rspamd/spam-rules/rules";
# Limit search size to 100 kilobytes for all regular expressions
match_limit = 120k;
# Those regexp atoms will not be passed through hyperscan:
#pcre_only = ["RULE1", "__RULE2"];
Don't forget to restart rspamd.

- Dovecot + sieve
==================
You can configure your Dovecot to use sieve, to move E-mails automatically with the Rspamd's spam learning, following/reading 'Dovecot configuration', 'Sieve Scripts' and 'For Rspamd' sections in this Howto:
https://wiki.dovecot.org/HowTo/AntispamWithSieve

# So, to move spam mail automatically to folder 'Spam', create a file
#  /var/vmail/domain.com/mailbox/sieve/roundcube.sieve, and include:
Code: [Select]
require ["fileinto"];

if header :is "X-Spam" "Yes" {
        fileinto "Junk";
}

- Test your spam filter
Send an e-mail with the following body text content to one of your new mailboxes:
Code: [Select]
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

This e-mail should never arrive at its destination and Rspamd should show a rejected e-mail in its history log, at '/var/log/rspamd/rspamd.log' and in '/var/log/maillog' files.

- Train Rspamd with existing spam mail (optional)
If you have mailboxes in Maildir-format with spam e-mails and normal e-mails, you can use them to train Rspamd on some real world examples. Copy those mailbox folders to your new server and execute commands like this:
-To train e-mails in /var/vmail/domain.com/mailbox/.Spam/cur as spam:
Code: [Select]
find /var/vmail/domain.com/mailbox/.Spam/cur -type f -exec /usr/bin/rspamc learn_spam {} \;

- Stop and disable spamassassin, if any:
Code: [Select]
systemctl stop spamassassin
systemctl disable spamassassin

- Stop and disable amavisd-new
Code: [Select]
systemctl stop amavisd-new
systemctl disable amavisd-new

- Stop and disable opendkim
Code: [Select]
systemctl stop opendkim
systemctl disable opendkim

-To train e-mails as “ham”:
Code: [Select]
find /var/vmail/domain.com/mailbox/cur -type f -exec /usr/bin/rspamc learn_ham {} \;
find /var/vmail/domain.com/mailbox/.Sent/cur -type f -exec /usr/bin/rspamc learn_ham {} \;

- To acess the Rspamd webinterface:
Code: [Select]
ssh -p 32 -L 11334:localhost:11334 [Your IP ADDRESS]
Remember: If you want to use the web interface instead shell, you will need to change all files to '_rspamd' user.

- And access in your browser:
http://localhost:11334

Enjoy it!

Regards,
Netino

309
How to / [Howto] Install Rspamd
« on: January 07, 2019, 12:08:43 AM »
Howto Instal Rspamd Antispam

This howto describes the main steps to get and start working with Rspamd, in particular with the following setup:
- CentOS 7
- Postfix MTA
- Redis cache
- Dovecot with Sieve plugin to sort mail and learn by moving messages to Junk folder

Attention: Use this how to at your own risk and make a backup before trying it. This howto should only be used for advanced users.

Rspamd is a fast, astonishing fast, and light open source spam filtering system which utilizes multiple techniques to prevent spam from reaching your mailbox.
I simply couldn't install stably spamassassin in the server. Looking for alternatives, I found it, and it seemed much better in almost every aspects.

Rspamd is actively developed and appears to be a much more modern project. Written in C, it is quite fast and integrates directly into postfix as a milter. It uses bayesian filtering and machine learning to learn what users consider to be spam and ham, global, by domain and by user. However, it also incorporates much many other anti-spam measures: RBL checks, SPF/DKIM/DMARC/ARC validation, DCC bulk mail checks, antivirus checks, and greylisting, to name a few. In addition, it has some other useful features like DKIM signing of outgoing mail, automatic whitelisting when you reply to someone, and a web interface where you can see spam checking results in real time.

Rspamd is an advanced spam filtering system supporting a variety of filtering mechanisms including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by rspamd and given a spam score. According to this spam score and the user’s settings rspamd recommends an action for the MTA to apply to the message- for example to pass, reject or add a header. Rspamd is designed to process hundreds of messages per second simultaneously.

It replaces amavisd-new, spamassassin, opendmarc, Policyd-SPF in just one software.
I could save about 1.0 Gb of memory with just this replacement, and Rspamd now takes up only 98Mb of memory, ie 10 times less !.
Each E-mail was analyzed in one to two minutes, and is now analyzed in 2 to 3 seconds!
I've been using it for over a year now.

What you need to know:
-General: all information below are important but need to be checked.
-General: this howto was made using CentOS7 server x64, so there could be differences to other distributions, and must be adapted some paths!
-Rspamd: Do not edit any default configuration file in /etc/rspamd/. Rspamd is designed to load configuration files from the /etc/rspamd/local.d/ folder, where is store customizations. Take a look into the documentation for available configs and parameters.
-Spamassassin: It is needed to disable spamassassin, but you can import almost all your spamassassin rules, include custom rules, and use it in Rspamd. To migrate, more information at <https://rspamd.com/doc/tutorials/migrate_sa.html>.
-Redis: This installation is really is not needed, but is strongly recommended, is a *astonishingly* fast database. If for some reason you won't install, supress all steps 'for redis use' in configuration. The steps 'with redis use' are affected by redis use, and must be adapted before you use it. The other steps are not using redis, or are unaffected by redis.
-Opendkim: Despite this configuration no longer use opendkim, as CWP uses it as the "default" configuration for automatic domain creation with DKIM support, the proposed configuration here makes use of the DKIM keys installed by opendkim, so I tried to maintain the structure of the DKIM key files for you can use it normally, preserving the autocreation of DKIM keys at CWP, so you do not need to make any changes to the existing structure, just by including the user '_rspamd' in the opendkim group.

Installing and Configuring Rspamd
=================================

Access ssh as root in your server.

- Install Rspamd, as: https://rspamd.com/downloads.html, executing these commands as 'root':
Code: [Select]
# curl http://rspamd.com/rpm-stable/centos-7/rspamd.repo > /etc/yum.repos.d/rspamd.repo
# rpm --import http://rspamd.com/rpm-stable/gpg.key
# yum update
# yum install rspamd
(don't start it yet)

- Install Redis
Code: [Select]
# yum install redis
# systemctl start redis
# systemctl enable redis

- Test if is Redis is working. Execute:
Code: [Select]
# redis-cli ping
the result must be 'PONG'.

- Change Redis configuration in file /etc/redis.conf:
Code: [Select]
maxmemory 500mb
maxmemory-policy volatile-lru

- and after change the system configuration: (for redis use)
Code: [Select]
# echo 1 > /proc/sys/vm/overcommit_memory

- add at file /etc/sysctl.conf (for redis use)
Code: [Select]
vm.overcommit_memory = 1

- and update the system configuration:
Code: [Select]
# sysctl -p

- ... and restart redis:
Code: [Select]
# systemctl restart redis

- Create the file /etc/rspamd/local.d/redis.conf with the following content: (for redis use)
Code: [Select]
servers = "127.0.0.1";

- file /etc/rspamd/local.d/options.inc
Code: [Select]
dns {
  enable_dnssec = true;
  timeout = 4s;
  retransmits = 5;
}

- file /etc/rspamd/local.d/worker-normal.inc
Code: [Select]
bind_socket = "127.0.0.1:11333";

- file /etc/rspamd/local.d/worker-proxy.inc
Code: [Select]
bind_socket = "127.0.0.1:11332";
milter = yes;
timeout = 120s;
upstream "local" {
 default = yes;
 self_scan = yes;
}
[code]

- file /etc/rspamd/local.d/logging.inc
[code]
type = "file";
filename = "/var/log/rspamd/rspamd.log";
level = "error";
debug_modules = [];

- Create the user password (use your own password instead 'P4ssvv0rD')
Code: [Select]
# rspamadm pw --encrypt -p P4ssvv0rD
$2$htwknhydfj45j58nuej1kffpegykzmer$i9pup6hpz3izzz3iqi99kohokmtfbnoh1k1oz3ph33xio6sgr41b
... and use it in the below file.

# /etc/rspamd/local.d/worker-controller.inc
Code: [Select]
bind_socket = "127.0.0.1:11334";
# password for normal user
password = "$2$htwknhydfj45j58nuej1kffpegykzmer$i9pup6hpz3izzz3iqi99kohokmtfbnoh1k1oz3ph33xio6sgr41b";
# password for 'admin'
# create this admin password with the rspamd utilities
enable_password = ""
secure_ip = "127.0.0.1";

- file /etc/rspamd/local.d/classifier-bayes.conf (for redis)
Code: [Select]
servers = "127.0.0.1";
backend = "redis";
autolearn = true;
new_schema = true;
expire = 8640000;

- file /etc/rspamd/local.d/milter_headers.conf
Code: [Select]
use = ["x-spamd-bar", "x-spam-level", "authentication-results"];
authenticated_headers = ["authentication-results"];
extended_spam_headers = true;

routines {
  spam-header {
    header = "X-Spam-Flag";
    value = "YES";
    remove = 1;
  }
  authentication-results {
    header = "Authentication-Results";
    remove = 1;
    # SPF/DKIM/DMARC symbols in case these are redefined
    spf_symbols {
      pass = "R_SPF_ALLOW";
      fail = "R_SPF_FAIL";
      softfail = "R_SPF_SOFTFAIL";
      neutral = "R_SPF_NEUTRAL";
      temperror = "R_SPF_DNSFAIL";
      none = "R_SPF_NA";
      permerror = "R_SPF_PERMFAIL";
    }
    dkim_symbols {
      pass = "R_DKIM_ALLOW";
      fail = "R_DKIM_REJECT";
      temperror = "R_DKIM_TEMPFAIL";
      none = "R_DKIM_NA";
      permerror = "R_DKIM_PERMFAIL";
    }
    dmarc_symbols {
      pass = "DMARC_POLICY_ALLOW";
      permerror = "DMARC_BAD_POLICY";
      temperror = "DMARC_DNSFAIL";
      none = "DMARC_NA";
      reject = "DMARC_POLICY_REJECT";
      softfail = "DMARC_POLICY_SOFTFAIL";
      quarantine = "DMARC_POLICY_QUARANTINE";
    }
  }
}

- Include '_rspamd' user at group 'opendkim':
Code: [Select]
# usermod -a -G opendkim _rspamd

- Create the file '/etc/rspamd/local.d/dkim_signing.conf' with the following content:
(you can suppress the lines starting with '#', but I do not recommend)
Code: [Select]
# If false, messages with empty envelope from are not signed
allow_envfrom_empty = true;
# If true, envelope/header domain mismatch is ignored
allow_hdrfrom_mismatch = false;
# If true, multiple from headers are allowed (but only first is used)
allow_hdrfrom_multiple = false;
# If true, username does not need to contain matching domain
allow_username_mismatch = true;
# If false, messages from authenticated users are not selected for signing
auth_only = true;
# Default path to key, can include '$domain' and '$selector' variables
path = "/etc/opendkim/userkeys/$domain/$selector.private";
# Default selector to use
selector = "default";
# If false, messages from local networks are not selected for signing
sign_local = true;
# Map file of IP addresses/subnets to consider for signing
# sign_networks = "/some/file"; # or url
# Symbol to add when message is signed
symbol = "DKIM_SIGNED";
# Whether to fallback to global config
try_fallback = true;
# Domain to use for DKIM signing: can be "header" (MIME From), "envelope" (SMTP From) or "auth" (SMTP username)
use_domain = "header";
# Domain to use for DKIM signing when sender is in sign_networks ("header"/"envelope"/"auth")
use_domain_sign_networks = "header";
# Domain to use for DKIM signing when sender is a local IP ("header"/"envelope"/"auth")
use_domain_sign_local = "header";
# Whether to normalise domains to eSLD
use_esld = true;
# Whether to get keys from Redis
# Not using redis, keys coming from files in /etc/opendkim
use_redis = false;
# Hash for DKIM keys in Redis
key_prefix = "DKIM_KEYS";

Create a soft link (the files normally are identical)
Code: [Select]
# cd /etc/rspamd/local.d/; ln -s dkim_signing.conf arc.conf

- Create the file '/etc/rspamd/local.d/mx_check.conf' with the following content:
Code: [Select]
# Set this to enable the module
enabled = true;
# connection timeout in seconds
timeout = 30.0;
# symbol yielded if no MX is connectable
symbol_bad_mx = "MX_INVALID";
# symbol yielded if no MX is found
symbol_no_mx = "MX_MISSING";
# symbol yielded if MX is connectable
symbol_good_mx = "MX_GOOD";
# lifetime of redis cache - 1 day by default
expire = 86400;
# lifetime of redis cache for no valid mxes - 2 hours by default
expire_novalid = 7200;
# greylist first message with invalid MX (require greylist plugin)
greylist_invalid = false;
# prefix used for redis key
key_prefix = "rmx";
# module-specific redis-server configuration
servers = "127.0.0.1";
# a map of specific domains that should be excluded from MX check
# exclude_domains = "/etc/rspamd/local.d/local_wl_domains.map.inc";

- file /etc/rspamd/local.d/dmarc.conf
Code: [Select]
servers = "127.0.0.1";
# Enables storing reporting information to redis
#reporting = true;
# If Redis server is not configured below, settings from redis {} will be used
#servers = "127.0.0.1:6379"; # Servers to use for reads and writes (can be a list)
# Alternatively set read_servers / write_servers to split reads and writes
# To set custom prefix for redis keys:
#key_prefix = "dmarc_";
# Actions to enforce based on DMARC disposition (empty by default)
actions = {
quarantine = "add_header";
reject = "reject";
}
# Ignore "pct" setting for some domains
# no_sampling_domains = "/etc/rspamd/dmarc_no_sampling.domains";

- file /etc/rspamd/local.d/force_actions.conf
Code: [Select]
# Rules are defined in the rules {} block
rules {
VIRUS_DETECTED {
action = "reject";
expression = "CLAM_VIRUS";
# message setting sets SMTP message returned by mailer
message = "Rejected due to suspicion of virus";
honor_action = ["reject"];
}
}

- file /etc/rspamd/local.d/fuzzy_check.conf
Code: [Select]
timeout = 4s;
retransmits = 3;

- file /etc/rspamd/local.d/neural.conf (with redis use)
Code: [Select]
servers = "127.0.0.1";
enabled = true;
dbname = "2"; # Redis setup

# local.d/neural_group.conf
symbols = {
  "NEURAL_SPAM" {
    weight = 3.0; # sample weight
    description = "Neural network spam";
  }
  "NEURAL_HAM" {
    weight = -3.0; # sample weight
    description = "Neural network ham";
  }
}

- file /etc/rspamd/local.d/phishing.conf
Code: [Select]
phishtank_enabled = true;
phishtank_map = "https://rspamd.com/phishtank/online-valid.json.zst";
# Enable openphish support (default disabled)
openphish_enabled = true;
# URL of feed, default is public url:
openphish_map = "https://www.openphish.com/feed.txt";
openphish_premium = false;
# For premium feed, change that to your personal URL, e.g.
# openphish_map = "https://openphish.com/samples/premium_feed.json";

- Change this to true in that file, if premium feed is enabled (paid service)
Code: [Select]
openphish_premium = true;

- file /etc/rspamd/local.d/replies.conf (with redis use)
Code: [Select]
# This setting is non-default & may be desirable
action = "no action";
# These are default settings you may want to change
expire = 86400;
key_prefix = "rr";
message = "Message is reply to one we originated";
symbol = "REPLY";
# Module specific redis configuration
servers = "127.0.0.1";

# /etc/rspamd/local.d/surbl.conf
Code: [Select]
# List of domains that are not checked by surbl
whitelist = "file://$CONFDIR/surbl-whitelist.inc";
# Additional exceptions for TLD rules
exceptions = "file://$CONFDIR/2tld.inc";
redirector_hosts_map = "/etc/rspamd/redirectors.inc";

rules {
"SURBL_MULTI" {
# DNS suffix for this rule
suffix = "multi.surbl.org";
bits {
# List of bits ORed when reply is given
JP_SURBL_MULTI = 64;
AB_SURBL_MULTI = 32;
MW_SURBL_MULTI = 16;
PH_SURBL_MULTI = 8;
WS_SURBL_MULTI = 4;
SC_SURBL_MULTI = 2;
}
}
"URIBL_MULTI" {
suffix = "multi.uribl.com";
bits {
URIBL_BLACK = 2;
URIBL_GREY = 4;
URIBL_RED = 8;
}
}
"RAMBLER_URIBL" {
suffix = "uribl.rambler.ru";
# Also check images
images = true;
}
"DBL" {
suffix = "dbl.spamhaus.org";
# Do not check numeric URL's
noip = true;
}
"SPFBL_URIBL" {
suffix = "uribl.spfbl.net";
resolve_ip = false;
ips {
URIBL_SPFBL = "127.0.0.2";
}
}
"SEM_URIBL_UNKNOWN" {
suffix = "uribl.spameatingmonkey.net";
bits {
SEM_URIBL = 2;
}
noip = true;
}
"SEM_URIBL_FRESH15_UNKNOWN" {
suffix = "fresh15.spameatingmonkey.net";
bits {
SEM_URIBL_FRESH15 = 2;
}
noip = true;
}
}

- file /etc/rspamd/local.d/url_redirector.conf (with redis use)
Code: [Select]
# How long to cache dereferenced links in Redis (default 1 day)
expire = 1d;
# Timeout for HTTP requests (10 seconds by default)
timeout = 10; # 10 seconds by default
# How many nested redirects to follow (default 1)
nested_limit = 1;
# Prefix for keys in redis (default "rdr:")
key_prefix = "rdr:";
# Check SSL certificates (default false)
check_ssl = false;
max_size = 10k; # maximum body to process

- file /etc/rspamd/local.d/url_reputation.conf (with redis use)
Code: [Select]
# Enable
enabled = true;
# Key prefix for redis - default "Ur."
key_prefix = "Ur.";
# Symbols to insert - defaults as shown
symbols {
  white = "URL_REPUTATION_WHITE";
  black = "URL_REPUTATION_BLACK";
  grey = "URL_REPUTATION_GREY";
  neutral = "URL_REPUTATION_NEUTRAL";
}
# DKIM/DMARC/SPF allow symbols - defaults as shown
foreign_symbols {
  dmarc = "DMARC_POLICY_ALLOW";
  dkim = "R_DKIM_ALLOW";
  spf = "R_SPF_ALLOW";
}
# SURBL metatags to ignore - default as shown
ignore_surbl = ["URIBL_BLOCKED", "DBL_PROHIBIT", "SURBL_BLOCKED"];
# Amount of samples required for scoring - default 5
threshold = 5;
# Maximum number of TLDs to update reputation on (default 1)
update_limit = 1;
# Maximum number of TLDs to query reputation on (default 100)
query_limit = 100;
# If true, try to find most 'relevant' URL (default true)
relevance = true;

- file /etc/rspamd/local.d/url_tags.conf  (with redis use)
Code: [Select]
# cache some URL tags in redis
enabled = true;

- file /etc/rspamd/override.d/antivirus.conf
Code: [Select]
# multiple scanners could be checked, for each we create a configuration block with an arbitrary name
clamav {
  # If set force this action if any virus is found (default unset: no action is forced)
  action = "reject";
  # if `true` only messages with non-image attachments will be checked (default true)
  # attachments_only = false;
  scan_mime_parts = false;
  # If `max_size` is set, messages > n bytes in size are not scanned
  #max_size = 20000000;
  # symbol to add (add it to metric if you want non-zero weight)
  symbol = "CLAM_VIRUS";
  # type of scanner: "clamav", "fprot", "sophos" or "savapi"
  type = "clamav";
  # If set true, log message is emitted for clean messages
  log_clean = true;
  # For "savapi" you must also specify the following variable
  #product_id = 12345;
  # For "savapi" you can enable logging for clean messages
  #log_clean = true;
  # servers to query (if port is unspecified, scanner-specific default is used)
  # can be specified multiple times to pool servers
  # can be set to a path to a unix socket
  servers = "127.0.0.1:3310";
  # `whitelist` points to a map of IP addresses. Mail from these addresses is not scanned.
  whitelist = "/etc/rspamd/antivirus.wl";
}

- You can download maps and fuzzy keys from 'maps.rspamd.com'.
Currently, it has two ip addresses: 88.99.142.95 and 212.24.145.107.
So, you need to release it at firewall, to the port 11335 outbound to maps.rspamd.com.
- Change the file /etc/csf/csf.allow, including at final:
Code: [Select]
udp|out|d=11335|d=88.99.142.95
tcp|out|d=11335|d=212.24.145.107
udp|out|d=11335|d=212.24.145.107

- Start rspamd
Code: [Select]
# systemctl start rspamd

Check with the folloing command:
Code: [Select]
# ps auxww | grep rspamd

At this point, if all it's ok and there is no typing wrong, Rspamd must be working, it will result in:
Code: [Select]
_rspamd   5166  0.0  0.0 304072  2864 ?        SNs  Dez06   0:00 rspamd: main process
_rspamd   5171  0.0  0.8 474132 31944 ?        SNL  Dez06   0:26 rspamd: rspamd_proxy process (127.0.0.1:11332)
_rspamd   5172  0.0  0.9 362124 35768 ?        SN   Dez06   0:28 rspamd: controller process (127.0.0.1:11334)
_rspamd   5173  0.0  0.6 358404 25972 ?        SN   Dez06   0:07 rspamd: normal process (127.0.0.1:11333)
_rspamd   5174  0.0  0.1 304072  6580 ?        SN   Dez06   0:12 rspamd: hs_helper process

It is working, but no functional yet.
Now, we must to configure Postfix.

(...FOLLOWS AT PART 2, BELOW)

310
CentOS 6 Problems / Re: mysql crashed after server migration please help!
« on: January 06, 2019, 11:39:52 PM »
Seems you don't have mariadb installed.
Try that command with 'mysql'.

And list here the result of commands "systemctl status mariadb.service" or "systemctl status mysql.service" and "journalctl -xe".

311
MySQL / Re: MySQL Connection refused
« on: January 06, 2019, 11:36:40 PM »
What shows the commands "systemctl status mariadb.service" or "journalctl -xe"..??

312
MySQL / Re: MySQL Connection refused
« on: January 06, 2019, 09:23:03 PM »
Check if the passwords match between files:
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
and
/root/.my.cnf

If the passwords mismatch, correct them.
It must be exact same in both files.

Restart mysql:
# systemctl restart mariadb (if in CentOS7)
or
# service mariadb restart (if in CentOS6)

Regards,
Netino

313
Apache / Re: Where is vHosts?
« on: January 06, 2019, 09:05:40 PM »
Seems that template files now are unused, due to that config had changed to be made at database level.
Check youself, acessing the phpMyAdmin, database 'root_cwp', table 'settings', fields 'apache_vhost_tpl' and 'apache_sub_vhost_tpl', have a identical configuration of that template files.

This is an example of the problem of CWP developers, failing to publish a changelog.
We simply don't know what was changed, at least in features, and if you have customizations, you are lost.

Regards,
Netino

314
CentOS 6 Problems / Re: mysql crashed after server migration please help!
« on: January 06, 2019, 01:13:40 AM »
Check if the passwords match between files:
/usr/local/cwpsrv/htdocs/resources/admin/include/db_conn.php
and
/root/.my.cnf

If the passwords mismatch, correct them.
It must be exact same in both files.

Restart mysql:
# systemctl restart mariadb (if in CentOS7)
or
# service mariadb restart (if in CentOS6)

Regards,
Netino

315
SSL / Re: alertandautorenewssl error
« on: January 05, 2019, 02:12:00 AM »
Ok, so you don't have a file named "/usr/local/apache/conf.d/vhosts-ssl.conf".
Your CWP is updated, but trying to access a unused anymore file.

I don't know why you are receiving this message, but surely apache call the SSL files from individual domain files, like "domain.ssl.conf" in directory "/usr/local/apache/conf.d/", called from directive:
IncludeOptional /usr/local/apache/conf.d/vhosts/*.conf
from file:
/usr/local/apache/conf.d/vhosts.conf

... that is called from directive:
Include /usr/local/apache/conf.d/*.conf
from file:
/usr/local/apache/conf/httpd.conf
.. the main apache configuration file.

So, if you have activated some monitoring for apache, that checks the old structure, this program is outdated, and need be updated.
This only can be made by CWP support.

Regards,
Netino

Pages: 1 ... 19 20 [21] 22 23 ... 26