Messages

511

E-Mail / Re: rogue script using php mail function

« on: August 08, 2023, 01:07:19 PM »

Head slap -- yes, I forget about to mention that one because I have php mailer functionality disabled on all my servers as a matter of course during setup. To me it's lazy coding and from a bygone era to rely on the convenience but total lack of accountability and compartmentalization with the php mail function. I require all clients to create a dedicated outbound SMTP user which they can then plug in those authentication details into whatever CMS or contact form requires outbound mail sending. So then you have accountability and proper logging, as well as proper postscreen controls and rate limits in place with Postfix.

512

CentOS-WebPanel GUI / Re: Cannot create new mailbox CWP USER GUI

« on: August 07, 2023, 11:37:57 PM »

What OS distribution & version? I haven't seen this under CentOS 7.9.

513

E-Mail / Re: There is a CWP server vulnerability. Please help me.

« on: August 07, 2023, 06:54:35 PM »

Maybe in the other thread you should just post your whole main.cf and master.cf so we can take a look and offer suggestions. Have you followed the AWS Monster guide to hardening Postfix with CWP? Are you running SpamAssassin?

514

E-Mail / Re: Preventing Sending E-mails from Non-Existent Addresses: How to Verify Sender's E

« on: August 07, 2023, 06:24:22 PM »

The trailing "permit" isn't necessary, strictly speaking, because there's an earlier "permit_mynetworks.". I just put it there because it makes it clear that whatever passes the earlier "check" and "reject" tests will be permitted.

FYI, you need an API key to use zen.spamhaus.org these days, so you need to obtain one and reconfigure that line. Right now it's not benefiting you at all. Here's a few suggested tweaks:

Code: [Select]

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unlisted_recipient
reject_unauth_destination
check_client_access hash:/etc/postfix/rbl_override
check_recipient_access regexp:/etc/postfix/recipient_checks
check_helo_access hash:/etc/postfix/helo_checks
check_sender_access hash:/etc/postfix/sender_checks
check_client_access hash:/etc/postfix/client_checks
reject_rbl_client cn.country.spameatingmonkey.net
reject_rbl_client kp.country.spameatingmonkey.net
reject_rbl_client ng.country.spameatingmonkey.net
reject_rbl_client ru.country.spameatingmonkey.net
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client b.barracudacentral.org
reject_rbl_client bl.spamcop.net
reject_rhsbl_sender dsn.rfc-clueless.org


515

Information / Re: Unknown user in cwp user quota

« on: August 07, 2023, 02:00:49 PM »

You should delete them from a shell -- they are just vestiges from the migration that the quota module is picking up on.

516

CentOS-WebPanel GUI / Re: Cannot create new mailbox CWP USER GUI

« on: August 07, 2023, 01:59:31 PM »

As a test, can you add it from the CWP Admin side (rather than the user panel)?

517

E-Mail / Re: Preventing Sending E-mails from Non-Existent Addresses: How to Verify Sender's E

« on: August 07, 2023, 01:57:01 PM »

Are you using postfix's postscreen, as well as having SpamAssassin in your mail chain?

Do you have something like this in your postfix main.cf? Note especially the "reject_unverified_sender" line:

Code: [Select]

smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/sender_access,
        reject_unknown_sender_domain,
        warn_if_reject,
        reject_unverified_sender,
        permit

518

CentOS 7 Problems / Re: TMI mode

« on: August 07, 2023, 01:53:55 PM »

Indeed, just to put out a public notice: don't err on the side of too little info if you want help on the forum. We generally need the basic distro info, possibly your hardware config, to know if it's VPS or a full bare metal or dedicated VM, and for sure we need relevant log entries and error messages. So don't hold back, go full TMI mode (too much information). Because it actually isn't TMI -- it's what we need to help you solve your problem!

519

E-Mail / Re: There is a CWP server vulnerability. Please help me.

« on: August 04, 2023, 03:07:46 AM »

Have you hardened your Postfix installation, as I recommended before? Are you making use of postscreen?
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp

Are you making full use of CSF and LFD?

Add to Posfix main.cf:

Code: [Select]

##//delivery rate controls/restrictions
# Parrallel delivery force (local=2 and dest=20 are aggressive)
local_destination_concurrency_limit = 6
default_destination_concurrency_limit = 30
# Max flow rate (1 sec delay per 50 emails/sec over the number of emails delivered/sec)
in_flow_delay = 1s
# Tarpit those bots/clients/spammers who send errors or scan for accounts
smtpd_error_sleep_time = 10s 
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
# limit max sends per minute
anvil_rate_time_unit = 60s
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 30
smtpd_client_message_rate_limit = 30

520

CentOS 7 Problems / Re: SSH connection Access Denied

« on: August 03, 2023, 01:55:05 PM »

I'm sorry, but your rant is not very helpful at all and doesn't contribute to solving the original poster's problem.

521

How to / Re: How to enable special character (eg.ñ)support when adding domains.

« on: August 03, 2023, 01:39:08 PM »

File a bug report and chime in on the issue. I'm not sure more than a couple of devs stop by the forum, so not the best place to alert them about bugs.

522

Information / Re: Unknown user in cwp user quota

« on: August 02, 2023, 08:02:53 PM »

That looks to be a list of UIDs. Did you migrate from cPanel or another control panel, or create and delete users from outside CWP?

523

CentOS 8 Problems / Re: CWP File Manager Can not move or copy folder to a sub folder

« on: August 02, 2023, 08:01:44 PM »

Can you do this operation in 2 steps -- 1) move it to /backups and then 2) move it to the sub-directory?

524

CentOS-WebPanel GUI / Re: How to enable Terminal for Users?

« on: August 02, 2023, 01:39:51 PM »

Since the CWPpro Terminal is so slow & buggy as to be worthless, I wouldn't want to foist it on my users anyway. And only a couple of my clients are trusted to have shell access anyway (esp. the 1:1 VM that I run like a VPS).
https://control-webpanel.com/free-your-mind-new-terminal
So yes, go with PuTTY on Windows or a terminal on Linux or Mac. Don't try to do everything within the web browser. Or you could point users to a Chrome extension: https://chrome.google.com/webstore/detail/secure-shell/iodihamcpbpeioajjeobimgagajmlibd

525

CentOS 7 Problems / Re: Can't start Mysql Server

« on: August 01, 2023, 02:29:34 AM »

If you have crashed InnoDB tables, you can add these lines to / etc / my .cnf and restart mariadb:

Code: [Select]

# Recovery mode options
innodb_force_recovery = 1
innodb_purge_threads = 0

Warning
Only set innodb_force_recovery to a value greater than 0 in an emergency situation, so that you can start InnoDB and dump your tables. Before doing so, ensure that you have a backup copy of your database in case you need to recreate it. Values of 4 or greater can permanently corrupt data files. Only use an innodb_force_recovery setting of 4 or greater on a production server instance after you have successfully tested the setting on a separate physical copy of your database. When forcing InnoDB recovery, you should always start with innodb_force_recovery=1 and only increase the value incrementally, as necessary.

EDIT: The forum apparently REALLY doesn't want you to use the system path to MariaDB's config file...