Messages

46

Mod_Security / Re: OWASP CRS v4.15.0 Just Release

« on: June 27, 2025, 01:30:19 PM »

It used to be the better option, but Comodo is in an identity crisis and hasn't updated its definitions since Jan 2024, so it is now effectively dead. Best to go with the OWASP-old which is current. Follow Starburst's guide to update to Mod Security 2.9.8 and then get the latest 4.15 OWASP definitions.

47

Installation / Re: Which os to choose?

« on: June 27, 2025, 01:27:53 PM »

You do want MariaDB 10.11.13 (an LTS version), not the crusty EOL 10.5 installed by default.
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/#comment-25

Good to hear the login.defs is getting handled by default now, otherwise you would not be able to log in to CWP.

48

Installation / Re: I don't receive a single message from root..??

« on: June 26, 2025, 11:38:21 PM »

CWP systems are as you described, mydestination = $myhostname = name.hostname.com

On a dedicated server I maintain (non-CWP), it is more clasically set:

Code: [Select]

mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain, mail.$mydomain, host.domain.com, mail.domain.com

49

Installation / Re: Which os to choose?

« on: June 26, 2025, 02:42:50 PM »

For EL9, this is an immediate must do:

We are working on resolving this issue, a quick fix is ​​to go to this file

Code: [Select]

nano /etc/login.defs


and comment out the following line

Code: [Select]

SHA_CRYPT_MAX_ROUNDS 5000


to

Code: [Select]

#SHA_CRYPT_MAX_ROUNDS 5000

After this you can change the user's password from the cwp administration panel and you will be able to login.

[/quote]

50

Installation / Re: Which os to choose?

« on: June 26, 2025, 10:47:52 AM »

But if you don't need CWP Migration nor PHP 5.6 legacy, then you could start with Alma 9, which would give you the longest window -- almost 7 years without having to worry about upgrades:
https://endoflife.date/almalinux

51

Installation / Re: Which os to choose?

« on: June 25, 2025, 11:53:06 PM »

I would (and do) start with AlmaLinux 8 -- fully supported, best experience -- no real caveats or gotchas. Then there is a clear path forward to upgrade to AlmaLinux 9 at any point in your 4 year window, as long as the security update phase is appropriate for your use case. (It is for mine!) CWP's EL9 support it in a workable beta state at this point and the bugs should be ironed out by the time you need to upgrade -- probably likewise into the security update phase of AlmaLinux 9!

52

Installation / Re: I don't receive a single message from root..??

« on: June 25, 2025, 02:38:00 PM »

Postfix?

53

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: June 25, 2025, 01:16:15 PM »

Forgeries. You should lock down Postfix more to prevent this kind of backscatter. And block Malaysia if you have no need for traffic from there.
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp

If you wanted to block ALL of LeaseWeb, you could add their netblocks to your blocklists, but you might block legitimate traffic:
https://ipinfo.io/AS7203

54

CentOS 7 Problems / Re: Unable to Access CWP Panel : 500 Error

« on: June 25, 2025, 01:05:45 PM »

You need to update your CWP version. Older files that are IonCube encoded will expire and throw these kinds of errors.

Code: [Select]

yum -y update
yum clean all
yum check-update
yum update
sh /scripts/update_cwp

55

CentOS 7 Problems / Re: Aborted connection 155 to db on Postfix Mail Server

« on: June 24, 2025, 09:42:31 PM »

Have you run a MySQL Tuner on your server so it could recommend settings for you?
https://github.com/major/MySQLTuner-perl

56

DKIM / Re: How to change DKIM Selector

« on: June 24, 2025, 05:27:30 PM »

DKIM just pairs a generated key with a DNS TXT record, so you can set up more flexibility behind the scenes of CWP using OpenDKIM's genkey tool:
http://www.opendkim.org/opendkim-genkey.8.html

57

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: June 24, 2025, 05:25:07 PM »

All 3 from LeaseWeb in the Netherlands. Consider reporting to their abuse@ address with the full headers. Also block those offending IPs, but it's 3 for 3 different messages, so likely there is a larger pool of source addresses used in this campaign.

58

E-Mail / Re: Postfix, SpamAssassin, or something else

« on: June 24, 2025, 10:55:36 AM »

Do you need to support mail from Serbia? Do you need to support Romanian e-mail traffic? Madagascar? You can block any/all of these at the CSF level, or by an RBL within Postfix's config:

Code: [Select]

reject_rbl_client rs.country.spameatingmonkey.net,
reject_rbl_client mg.country.spameatingmonkey.net,You can also block full TLDs if you so choose (/ etc /postfix/reject_domains):

Code: [Select]

# Rejecting whole TLDs
/\.pro$/        REJECT
/\.cam$/        REJECT
/\.top$/        REJECT
/\.work$/ REJECT
/\.click$/ REJECT
/\.link$/ REJECT
/\.diet$/ REJECT
/\.party$/ REJECT
/\.zip$/        REJECT
/\.date$/ REJECT
/\.club$/ REJECT
/\.rest$/ REJECT
/\.casa$/ REJECT
/\.bar$/        REJECT
/\.sbs$/        REJECT
/\.xyz$/        REJECT
/\.bio$/        REJECT
/\.best$/ REJECT

59

Other / Re: RBL's down

« on: June 24, 2025, 10:46:00 AM »

Gmail really clamped down a few months back -- I see denials from one domain, consistently. Have you enabled ARC headers?

60

CSF Firewall / Re: CSF analyzer

« on: June 24, 2025, 01:23:35 AM »

CSF... are the scf references a mistake instead of csf?
Out of curiosity, why shell code instead of python or perl?