Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - infinitech07

Pages: [1] 2 3
1
CentOS-WebPanel Bugs / Re: Error Transfer Account CWP to CWP (centos7)
« on: December 23, 2018, 11:12:45 AM »
same problem here!!

Quote
2018-12-23 14:47:02 Verifying...!
2018-12-23 14:47:03 initiating account creation xxxx
2018-12-23 14:47:04 account creation xxxx
2018-12-23 14:47:04 {status:OK}<pre>Changing password for user xxxx.
passwd: all authentication tokens updated successfully.
Changing shell for xxxx.
Shell changed.
</pre><pre></pre>--> Template exist. Copying template files to /home/xxxx/public_html/ <br><pre>
Account Details
========================================
Server IP: 94.237.72.156
Web Panel Login:
Domain: xxxx.com
Username: xxxx
Password: testpass
Admin Email: admin@xxxx.com

Panel URL:
http://server.xxxx101.com:2082
https://server.xxxx101.com:2083

NameServers:
ns1.centos-webpanel.com
ns2.centos-webpanel.com
</pre><h3>Check Account Create Details</h3>--> Checking if /home/xxxx/public_html folder if exist: <b>[YES]</b><br><br><b>DKIM Key Set</b>
2018-12-23 14:47:04 Error trying to create the account xxxx

2
Backup / Command line for restore full backup
« on: December 23, 2018, 07:32:01 AM »
I had created a full backup on user cwp control panel, and I transferred the backup file over to the new server which having the cwp installed.
The user account also being created on new cwp, but how am I going to restore the full backup by using console command line?

3
CentOS Configuration / Re: How to setup user quotas ?
« on: July 10, 2018, 02:01:19 PM »
For those having the problem setting up the quota on XFS file system, hope the below tips would help you. I finally got this work for my server.

1. Follow the steps on this link.
https://help.directadmin.com/item.php?id=557

(Ignore the step 7,8).

2. Enter the command line "/usr/sbin/repquota /" to make sure the quota is working.

3. Follow the XFS instructions on this post page 1.

Reference sites:
- https://help.directadmin.com/item.php?id=557
- https://help.directadmin.com/item.php?id=42
- https://www.server-world.info/en/note?os=CentOS_7&p=quota

4
CentOS-WebPanel Bugs / Re: New centos webpanel user
« on: May 27, 2016, 12:23:25 PM »
Well said, Michael.

I used to be with CPanel for quite some years, the license for a vps/dedicated server is absolutely not cheap.

I then started to look for alternative control panels such as Zpanel, ISPconfig, Centminmod, AMH, and of course the CWP too; so far CWP I feel the best although it cannot compete with CPanel at the moment.

You guys did the great job, CWP team. Thanks!  ;)

5
How to / Re: Install Apache 2.4.x and suPHP 0.7.2
« on: May 21, 2016, 06:32:28 AM »
Download link broken  :(

6
E-Mail / Re: About Clamd and Amavisd
« on: May 06, 2016, 02:09:01 PM »
Hello forum,

My first post here ...
I was search for my problem but dont found anything .. only this topic: http://forum.centos-webpanel.com/centos-webpanel-bugs/spam-virus-filtering/ But dont help me much ... so, anyone have another tip about this problem?

Thanks

sorry , I forgot to paste the error log

Mar 23 11:24:44 mail amavis[32213]: (32213-08) Checking: 5cEgmnQnEanm [xxx] <xxx> -> <xxx>
Mar 23 11:24:44 mail amavis[32213]: (32213-08) Open relay? Nonlocal recips but not originating: xxx
Mar 23 11:24:44 mail amavis[32213]: (32213-08) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20160323T111516-32213-OQ7fmYyj/parts: lstat() failed: Permission denied. ERROR\n"
Mar 23 11:24:44 mail amavis[32213]: (32213-08) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2d9b078) unexpected , output="/var/amavis/tmp/amavis-20160323T111516-32213-OQ7fmYyj/parts: lstat() failed: Permission denied. ERROR\n" at (eval 113) line 897.
Mar 23 11:24:44 mail amavis[32213]: (32213-08) (!)WARN: all primary virus scanners failed, considering backups

Try execute the following commands:
Quote
usermod -a -G amavis clam
chmod g+rx /var/amavis/tmp

7
E-Mail / Re: roundcube
« on: May 06, 2016, 02:03:15 PM »
I also facing the same problem.  :( All mails from google been blocked.

After read this article at https://productforums.google.com/forum/#!topic/apps/WjzMWHorSSs; I removedd the dnsbl.sorbs.net from main.cf and it works now.

8
E-Mail / Re: Spam @mydomain - Mail Queue
« on: May 06, 2016, 07:59:27 AM »

9
E-Mail / Re: Email server security.
« on: May 06, 2016, 07:58:43 AM »
you cant stop spamming but you can limit them

Ya, you are right.
I had limited the spam on VPS by using the CSF custom regex & fail2ban.

You may refer to this http://forum.centos-webpanel.com/csf-firewall/csf-custom-regex-fail2ban-regex/.

10
CSF Firewall / Re: CSF custom regex / Fail2ban regex
« on: May 06, 2016, 07:55:17 AM »
Finally I managed to get both the CSF regex & fail2ban regex to work and the spam being minimized a lot. Hope this will help someone.  ;)

For CSF
========
1. Set the value of CUSTOM2_LOG in CSF to /var/log/maillog.

2. Set the following in /etc/csf/regex.custom.pm. You may also test your regex pattern at https://regex101.com.
Quote
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^.*postfix\/smtpd\[.*\]: NOQUEUE: reject: RCPT from (\S+)\[(\S+)\]: 450 4.1.1 <(\S+)>.*$/))  {
      #It will block permanently anyone with more than 1 matches.
      return ("450 4.1.1 spammer do not delete - $3",$2,"SMTP","1","25,587,465","1");
}

3. Restart CSF & LFD.
Quote
service lfd restart
csf -r

4. Check the CSF log file /etc/csf/csf.deny.


For fail2ban
========
1. In /etc/fail2ban/jail.conf, [postfix-tcpwrapper] section, set the following.
Quote
enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
logpath  = /var/log/maillog
bantime  = 604800
ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 3
You may adjust the value of bantime & maxretry with your own desire value.

2. Set the regex in /etc/fail2ban/filter.d/postfix.conf.
Quote
failregex = reject: RCPT from .*\[<HOST>\]: 450 4.1.1
            reject: RCPT from .*\[<HOST>\]: 454 4.7.1
            reject: RCPT from (.*)\[<HOST>\]: 554

3. You may test run the regex checking with the command as below.
Quote
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf

4. Restart fail2ban service. (service fail2ban restart)

5. Check the file /etc/hosts.deny see if any IP being banned.

11
E-Mail / Re: Email server security.
« on: May 06, 2016, 07:27:40 AM »
you can put unwanted ip on /etc/csf/csf.deny , but not recomended ( i think), because you might will have a huge list.
Easiest way is using real time rbl checking,  at least barracuda,  spamcop, spamhouse and sorbs

I had set the following in main.cf but still lots of spam mail connection attempts.
Quote
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net,check_policy_service unix:private/spfpolicy

Any better idea to get this resolve?

12
E-Mail / Re: Spam @mydomain - Mail Queue
« on: May 06, 2016, 07:18:54 AM »
Is your VPS hosted with vultr.com?

13
CSF Firewall / CSF custom regex / Fail2ban regex
« on: May 02, 2016, 12:48:40 PM »
Hello everyone, my VPS getting lots of spam activities showing in the mail log. I know CSF or fail2ban might help on this but I need someone helping me on the custom regex on CSF / fail2ban for detecting the patterns at below.

Quote
Apr 29 21:50:20 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from LStLambert-657-1-68-104.w80-13.abo.wanadoo.fr[80.13.44.104]: 454 4.7.1 Service unavailable; Client host [80.13.44.104] blocked using dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?80.13.44.104; from=<> to=<Marrero_Cecil@domain.com> proto=ESMTP helo=<EX16.SUR-INTERNET.COM>
Apr 29 21:50:26 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.swissfilms.ch[213.200.251.180]: 450 4.1.1 <numbers_danial@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<numbers_danial@domain.com> proto=ESMTP helo=<exchange.swissfilms.ch>

I had this regex set in the file /etc/csf/regex.custom.pm, but it did not work.
Quote
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+)\s+reject: RCPT from \S+: 450 4.1.1/))  {
      return ("SMTP spam attack",$1,"SMTP","1","1");
}

As for fail2ban, I enabled the [postfix-tcpwrapper] at /etc/fail2ban/jail.conf. And, in file /etc/fail2ban/filter.d/postfix.conf, I had the regex pattern set but nothing seems to work as nothing appended into file /etc/hosts.deny.
Quote
[postfix-tcpwrapper]
enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
logpath  = /var/log/postfix.log
bantime  = 604800
ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 1

Quote
failregex = reject: RCPT from .*\[<HOST>\]: 450 4.1.1
            .*postfix/\smtpd.*reject: RCPT from .*\[<HOST>\]: 450 4.1.1

Anyone can advise me on the regex pattern? Thanks.

14
Postfix / Re: Mail spamming or attack?
« on: May 02, 2016, 12:41:48 PM »
if possible do it and update the server

I did that but nothing is help.  :-\

However, after done some researches, I guess either fail2ban or csf might help to solve this issue.
For CSF, need to set the custom regex on CSF but I need someone helping me on the custom regex for detecting the patterns at below.

Quote
Apr 29 21:50:20 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from LStLambert-657-1-68-104.w80-13.abo.wanadoo.fr[80.13.44.104]: 454 4.7.1 Service unavailable; Client host [80.13.44.104] blocked using dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?80.13.44.104; from=<> to=<Marrero_Cecil@domain.com> proto=ESMTP helo=<EX16.SUR-INTERNET.COM>
Apr 29 21:50:26 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.swissfilms.ch[213.200.251.180]: 450 4.1.1 <numbers_danial@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<numbers_danial@domain.com> proto=ESMTP helo=<exchange.swissfilms.ch>

I had this regex set in the file /etc/csf/regex.custom.pm, but it did not work.
Quote
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+)\s+reject: RCPT from \S+: 450 4.1.1/))  {
      return ("SMTP spam attack",$1,"SMTP","1","1");
}

As for fail2ban, I enabled the [postfix-tcpwrapper] at /etc/fail2ban/jail.conf. And, in file /etc/fail2ban/filter.d/postfix.conf, I had the regex pattern set but nothing seems to work as nothing appended into file /etc/hosts.deny.
Quote
[postfix-tcpwrapper]
enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
logpath  = /var/log/postfix.log
bantime  = 604800
ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 1

Quote
failregex = reject: RCPT from .*\[<HOST>\]: 450 4.1.1
            .*postfix/\smtpd.*reject: RCPT from .*\[<HOST>\]: 450 4.1.1

Anyone can advise me on the regex pattern? Thanks.

15
Postfix / Re: Mail spamming or attack?
« on: April 30, 2016, 10:32:25 AM »
change your credentials

Hi Sandeep. Do you mean to change the password for every email accounts?

Pages: [1] 2 3