Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - infinitech07

Pages: [1] 2 3
1
CentOS-WebPanel Bugs / Re: New centos webpanel user
« on: May 27, 2016, 12:23:25 PM »
Well said, Michael.

I used to be with CPanel for quite some years, the license for a vps/dedicated server is absolutely not cheap.

I then started to look for alternative control panels such as Zpanel, ISPconfig, Centminmod, AMH, and of course the CWP too; so far CWP I feel the best although it cannot compete with CPanel at the moment.

You guys did the great job, CWP team. Thanks!  ;)

2
How to / Re: Install Apache 2.4.x and suPHP 0.7.2
« on: May 21, 2016, 06:32:28 AM »
Download link broken  :(

3
E-Mail / Re: About Clamd and Amavisd
« on: May 06, 2016, 02:09:01 PM »
Hello forum,

My first post here ...
I was search for my problem but dont found anything .. only this topic: http://forum.centos-webpanel.com/centos-webpanel-bugs/spam-virus-filtering/ But dont help me much ... so, anyone have another tip about this problem?

Thanks

sorry , I forgot to paste the error log

Mar 23 11:24:44 mail amavis[32213]: (32213-08) Checking: 5cEgmnQnEanm [xxx] <xxx> -> <xxx>
Mar 23 11:24:44 mail amavis[32213]: (32213-08) Open relay? Nonlocal recips but not originating: xxx
Mar 23 11:24:44 mail amavis[32213]: (32213-08) (!)run_av (ClamAV-clamd) FAILED - unexpected , output="/var/amavis/tmp/amavis-20160323T111516-32213-OQ7fmYyj/parts: lstat() failed: Permission denied. ERROR\n"
Mar 23 11:24:44 mail amavis[32213]: (32213-08) (!)ClamAV-clamd av-scanner FAILED: CODE(0x2d9b078) unexpected , output="/var/amavis/tmp/amavis-20160323T111516-32213-OQ7fmYyj/parts: lstat() failed: Permission denied. ERROR\n" at (eval 113) line 897.
Mar 23 11:24:44 mail amavis[32213]: (32213-08) (!)WARN: all primary virus scanners failed, considering backups

Try execute the following commands:
Quote
usermod -a -G amavis clam
chmod g+rx /var/amavis/tmp

4
E-Mail / Re: roundcube
« on: May 06, 2016, 02:03:15 PM »
I also facing the same problem.  :( All mails from google been blocked.

After read this article at https://productforums.google.com/forum/#!topic/apps/WjzMWHorSSs; I removedd the dnsbl.sorbs.net from main.cf and it works now.

5
E-Mail / Re: Spam @mydomain - Mail Queue
« on: May 06, 2016, 07:59:27 AM »

6
E-Mail / Re: Email server security.
« on: May 06, 2016, 07:58:43 AM »
you cant stop spamming but you can limit them

Ya, you are right.
I had limited the spam on VPS by using the CSF custom regex & fail2ban.

You may refer to this http://forum.centos-webpanel.com/csf-firewall/csf-custom-regex-fail2ban-regex/.

7
CSF Firewall / Re: CSF custom regex / Fail2ban regex
« on: May 06, 2016, 07:55:17 AM »
Finally I managed to get both the CSF regex & fail2ban regex to work and the spam being minimized a lot. Hope this will help someone.  ;)

For CSF
========
1. Set the value of CUSTOM2_LOG in CSF to /var/log/maillog.

2. Set the following in /etc/csf/regex.custom.pm. You may also test your regex pattern at https://regex101.com.
Quote
if (($lgfile eq $config{CUSTOM2_LOG}) and ($line =~ /^.*postfix\/smtpd\[.*\]: NOQUEUE: reject: RCPT from (\S+)\[(\S+)\]: 450 4.1.1 <(\S+)>.*$/))  {
      #It will block permanently anyone with more than 1 matches.
      return ("450 4.1.1 spammer do not delete - $3",$2,"SMTP","1","25,587,465","1");
}

3. Restart CSF & LFD.
Quote
service lfd restart
csf -r

4. Check the CSF log file /etc/csf/csf.deny.


For fail2ban
========
1. In /etc/fail2ban/jail.conf, [postfix-tcpwrapper] section, set the following.
Quote
enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
logpath  = /var/log/maillog
bantime  = 604800
ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 3
You may adjust the value of bantime & maxretry with your own desire value.

2. Set the regex in /etc/fail2ban/filter.d/postfix.conf.
Quote
failregex = reject: RCPT from .*\[<HOST>\]: 450 4.1.1
            reject: RCPT from .*\[<HOST>\]: 454 4.7.1
            reject: RCPT from (.*)\[<HOST>\]: 554

3. You may test run the regex checking with the command as below.
Quote
fail2ban-regex /var/log/maillog /etc/fail2ban/filter.d/postfix.conf

4. Restart fail2ban service. (service fail2ban restart)

5. Check the file /etc/hosts.deny see if any IP being banned.

8
E-Mail / Re: Email server security.
« on: May 06, 2016, 07:27:40 AM »
you can put unwanted ip on /etc/csf/csf.deny , but not recomended ( i think), because you might will have a huge list.
Easiest way is using real time rbl checking,  at least barracuda,  spamcop, spamhouse and sorbs

I had set the following in main.cf but still lots of spam mail connection attempts.
Quote
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client dnsbl.sorbs.net,check_policy_service unix:private/spfpolicy

Any better idea to get this resolve?

9
E-Mail / Re: Spam @mydomain - Mail Queue
« on: May 06, 2016, 07:18:54 AM »
Is your VPS hosted with vultr.com?

10
CSF Firewall / CSF custom regex / Fail2ban regex
« on: May 02, 2016, 12:48:40 PM »
Hello everyone, my VPS getting lots of spam activities showing in the mail log. I know CSF or fail2ban might help on this but I need someone helping me on the custom regex on CSF / fail2ban for detecting the patterns at below.

Quote
Apr 29 21:50:20 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from LStLambert-657-1-68-104.w80-13.abo.wanadoo.fr[80.13.44.104]: 454 4.7.1 Service unavailable; Client host [80.13.44.104] blocked using dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?80.13.44.104; from=<> to=<Marrero_Cecil@domain.com> proto=ESMTP helo=<EX16.SUR-INTERNET.COM>
Apr 29 21:50:26 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.swissfilms.ch[213.200.251.180]: 450 4.1.1 <numbers_danial@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<numbers_danial@domain.com> proto=ESMTP helo=<exchange.swissfilms.ch>

I had this regex set in the file /etc/csf/regex.custom.pm, but it did not work.
Quote
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+)\s+reject: RCPT from \S+: 450 4.1.1/))  {
      return ("SMTP spam attack",$1,"SMTP","1","1");
}

As for fail2ban, I enabled the [postfix-tcpwrapper] at /etc/fail2ban/jail.conf. And, in file /etc/fail2ban/filter.d/postfix.conf, I had the regex pattern set but nothing seems to work as nothing appended into file /etc/hosts.deny.
Quote
[postfix-tcpwrapper]
enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
logpath  = /var/log/postfix.log
bantime  = 604800
ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 1

Quote
failregex = reject: RCPT from .*\[<HOST>\]: 450 4.1.1
            .*postfix/\smtpd.*reject: RCPT from .*\[<HOST>\]: 450 4.1.1

Anyone can advise me on the regex pattern? Thanks.

11
Postfix / Re: Mail spamming or attack?
« on: May 02, 2016, 12:41:48 PM »
if possible do it and update the server

I did that but nothing is help.  :-\

However, after done some researches, I guess either fail2ban or csf might help to solve this issue.
For CSF, need to set the custom regex on CSF but I need someone helping me on the custom regex for detecting the patterns at below.

Quote
Apr 29 21:50:20 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from LStLambert-657-1-68-104.w80-13.abo.wanadoo.fr[80.13.44.104]: 454 4.7.1 Service unavailable; Client host [80.13.44.104] blocked using dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?80.13.44.104; from=<> to=<Marrero_Cecil@domain.com> proto=ESMTP helo=<EX16.SUR-INTERNET.COM>
Apr 29 21:50:26 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.swissfilms.ch[213.200.251.180]: 450 4.1.1 <numbers_danial@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<numbers_danial@domain.com> proto=ESMTP helo=<exchange.swissfilms.ch>

I had this regex set in the file /etc/csf/regex.custom.pm, but it did not work.
Quote
if (($globlogs{CUSTOM2_LOG}{$lgfile}) and ($line =~ /^\S+\s+\S+\s+(\S+)\s+reject: RCPT from \S+: 450 4.1.1/))  {
      return ("SMTP spam attack",$1,"SMTP","1","1");
}

As for fail2ban, I enabled the [postfix-tcpwrapper] at /etc/fail2ban/jail.conf. And, in file /etc/fail2ban/filter.d/postfix.conf, I had the regex pattern set but nothing seems to work as nothing appended into file /etc/hosts.deny.
Quote
[postfix-tcpwrapper]
enabled  = true
filter   = postfix
action   = hostsdeny[file=/etc/hosts.deny]
logpath  = /var/log/postfix.log
bantime  = 604800
ignoreip = 127.0.0.1/8
findtime  = 300
maxretry = 1

Quote
failregex = reject: RCPT from .*\[<HOST>\]: 450 4.1.1
            .*postfix/\smtpd.*reject: RCPT from .*\[<HOST>\]: 450 4.1.1

Anyone can advise me on the regex pattern? Thanks.

12
Postfix / Re: Mail spamming or attack?
« on: April 30, 2016, 10:32:25 AM »
change your credentials

Hi Sandeep. Do you mean to change the password for every email accounts?

13
Postfix / Mail spamming or attack?
« on: April 30, 2016, 08:27:51 AM »
Hello everyone, I guess my VPS getting attacked by spammer. I noticed that within few hours time my mail log consists of numerous mail attempts from spammer.

My VPS has 2 core CPU with 4GB RAM; and has the clamav, spamassasin, amavis, & csf installed.

Anyone has the idea to get rid of this issue? Thanks.

Quote
Apr 29 21:50:19 server postfix/smtpd[20419]: disconnect from host-92-27-2-84.static.as13285.net[92.27.2.84]
Apr 29 21:50:20 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from LStLambert-657-1-68-104.w80-13.abo.wanadoo.fr[80.13.44.104]: 454 4.7.1 Service unavailable; Client host [80.13.44.104] blocked using dnsbl.sorbs.net; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml?80.13.44.104; from=<> to=<Marrero_Cecil@domain.com> proto=ESMTP helo=<EX16.SUR-INTERNET.COM>
Apr 29 21:50:21 server postfix/smtpd[20416]: disconnect from LStLambert-657-1-68-104.w80-13.abo.wanadoo.fr[80.13.44.104]
Apr 29 21:50:24 server postfix/smtpd[20419]: connect from exchange.swissfilms.ch[213.200.251.180]
Apr 29 21:50:25 server postfix/smtpd[20419]: setting up TLS connection from exchange.swissfilms.ch[213.200.251.180]
Apr 29 21:50:25 server postfix/smtpd[20416]: connect from mail.sadler.at[80.123.104.70]
Apr 29 21:50:25 server postfix/smtpd[20419]: Anonymous TLS connection established from exchange.swissfilms.ch[213.200.251.180]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:25 server postfix/smtpd[20709]: connect from dataclarityinc.com[96.255.180.21]
Apr 29 21:50:25 server postfix/smtpd[20416]: setting up TLS connection from mail.sadler.at[80.123.104.70]
Apr 29 21:50:26 server postfix/smtpd[20709]: setting up TLS connection from dataclarityinc.com[96.255.180.21]
Apr 29 21:50:26 server policyd-spf[20494]: None; identity=helo; client-ip=213.200.251.180; helo=exchange.swissfilms.ch; envelope-from=<>; receiver=numbers_danial@domain.com
Apr 29 21:50:26 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.swissfilms.ch[213.200.251.180]: 450 4.1.1 <numbers_danial@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<numbers_danial@domain.com> proto=ESMTP helo=<exchange.swissfilms.ch>
Apr 29 21:50:26 server postfix/smtpd[20416]: Anonymous TLS connection established from mail.sadler.at[80.123.104.70]: TLSv1 with cipher AES128-SHA (128/128 bits)
Apr 29 21:50:26 server postfix/smtpd[20709]: Anonymous TLS connection established from dataclarityinc.com[96.255.180.21]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:26 server postfix/smtpd[20718]: connect from smtpmail.mih.org.uk[82.69.46.97]
Apr 29 21:50:26 server postfix/smtpd[20419]: disconnect from exchange.swissfilms.ch[213.200.251.180]
Apr 29 21:50:27 server policyd-spf[20721]: None; identity=helo; client-ip=96.255.180.21; helo=nassaugrouper.dataclarityinc.com; envelope-from=<>; receiver=penn_jewell@domain.com
Apr 29 21:50:27 server postfix/smtpd[20709]: NOQUEUE: reject: RCPT from dataclarityinc.com[96.255.180.21]: 450 4.1.1 <Penn_Jewell@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Penn_Jewell@domain.com> proto=ESMTP helo=<NassauGrouper.DataClarityinc.com>
Apr 29 21:50:27 server policyd-spf[20723]: None; identity=helo; client-ip=80.123.104.70; helo=mail.sadler.at; envelope-from=<>; receiver=knox_gretchen@domain.com
Apr 29 21:50:27 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from mail.sadler.at[80.123.104.70]: 450 4.1.1 <Knox_Gretchen@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Knox_Gretchen@domain.com> proto=ESMTP helo=<mail.sadler.at>
Apr 29 21:50:27 server postfix/smtpd[20709]: disconnect from dataclarityinc.com[96.255.180.21]
Apr 29 21:50:27 server postfix/smtpd[20718]: setting up TLS connection from smtpmail.mih.org.uk[82.69.46.97]
Apr 29 21:50:27 server postfix/smtpd[20416]: disconnect from mail.sadler.at[80.123.104.70]
Apr 29 21:50:28 server postfix/smtpd[20718]: Anonymous TLS connection established from smtpmail.mih.org.uk[82.69.46.97]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:28 server policyd-spf[20725]: None; identity=helo; client-ip=82.69.46.97; helo=smtpmail.mih.org.uk; envelope-from=<>; receiver=ott_dawn@domain.com
Apr 29 21:50:29 server postfix/smtpd[20718]: NOQUEUE: reject: RCPT from smtpmail.mih.org.uk[82.69.46.97]: 450 4.1.1 <Ott_Dawn@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Ott_Dawn@domain.com> proto=ESMTP helo=<smtpmail.mih.org.uk>
Apr 29 21:50:29 server postfix/smtpd[20718]: disconnect from smtpmail.mih.org.uk[82.69.46.97]
Apr 29 21:50:30 server postfix/smtpd[20419]: connect from unknown[110.4.44.55]
Apr 29 21:50:30 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from unknown[110.4.44.55]: 450 4.7.1 Client host rejected: cannot find your hostname, [110.4.44.55]; from=<info@trainingzone.com.my> to=<cyrus@domain.com> proto=ESMTP helo=<server1trainingzonecommy>
Apr 29 21:50:30 server postfix/smtpd[20419]: disconnect from unknown[110.4.44.55]
Apr 29 21:50:30 server postfix/smtpd[20709]: connect from dataclarityinc.com[96.255.180.21]
Apr 29 21:50:31 server postfix/smtpd[20709]: setting up TLS connection from dataclarityinc.com[96.255.180.21]
Apr 29 21:50:31 server postfix/smtpd[20709]: Anonymous TLS connection established from dataclarityinc.com[96.255.180.21]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:31 server policyd-spf[20721]: None; identity=helo; client-ip=96.255.180.21; helo=nassaugrouper.dataclarityinc.com; envelope-from=<>; receiver=penn_jewell@domain.com
Apr 29 21:50:31 server postfix/smtpd[20709]: NOQUEUE: reject: RCPT from dataclarityinc.com[96.255.180.21]: 450 4.1.1 <Penn_Jewell@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Penn_Jewell@domain.com> proto=ESMTP helo=<NassauGrouper.DataClarityinc.com>
Apr 29 21:50:31 server policyd-spf[20721]: None; identity=helo; client-ip=96.255.180.21; helo=nassaugrouper.dataclarityinc.com; envelope-from=<>; receiver=penn_jewell@domain.com
Apr 29 21:50:31 server postfix/smtpd[20709]: NOQUEUE: reject: RCPT from dataclarityinc.com[96.255.180.21]: 450 4.1.1 <Penn_Jewell@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Penn_Jewell@domain.com> proto=ESMTP helo=<NassauGrouper.DataClarityinc.com>
Apr 29 21:50:32 server postfix/smtpd[20419]: warning: 88.98.35.173: hostname c.fairfieldhigh.tameside.sch.uk verification failed: Name or service not known
Apr 29 21:50:32 server postfix/smtpd[20419]: connect from unknown[88.98.35.173]
Apr 29 21:50:32 server postfix/smtpd[20709]: disconnect from dataclarityinc.com[96.255.180.21]
Apr 29 21:50:32 server postfix/smtpd[20419]: setting up TLS connection from unknown[88.98.35.173]
Apr 29 21:50:33 server postfix/smtpd[20419]: Anonymous TLS connection established from unknown[88.98.35.173]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:33 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from unknown[88.98.35.173]: 450 4.7.1 Client host rejected: cannot find your hostname, [88.98.35.173]; from=<> to=<Bowden_Jeanie@domain.com> proto=ESMTP helo=<exchange.fairfieldhs.local>
Apr 29 21:50:34 server postfix/smtpd[20419]: disconnect from unknown[88.98.35.173]
Apr 29 21:50:40 server postfix/smtpd[20718]: connect from mail.medizin-hst.de[92.79.186.50]
Apr 29 21:50:40 server postfix/smtpd[20416]: connect from mona.bmstech.com.au[203.33.248.10]
Apr 29 21:50:40 server postfix/smtpd[20416]: setting up TLS connection from mona.bmstech.com.au[203.33.248.10]
Apr 29 21:50:41 server postfix/smtpd[20718]: setting up TLS connection from mail.medizin-hst.de[92.79.186.50]
Apr 29 21:50:41 server postfix/smtpd[20416]: Anonymous TLS connection established from mona.bmstech.com.au[203.33.248.10]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:41 server policyd-spf[20723]: None; identity=helo; client-ip=203.33.248.10; helo=mail.bmstech.com.au; envelope-from=<>; receiver=raymond_elmo@domain.com
Apr 29 21:50:41 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from mona.bmstech.com.au[203.33.248.10]: 450 4.1.1 <Raymond_Elmo@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Raymond_Elmo@domain.com> proto=ESMTP helo=<mail.bmstech.com.au>
Apr 29 21:50:41 server postfix/smtpd[20718]: Anonymous TLS connection established from mail.medizin-hst.de[92.79.186.50]: TLSv1 with cipher AES128-SHA (128/128 bits)
Apr 29 21:50:41 server policyd-spf[20723]: None; identity=helo; client-ip=203.33.248.10; helo=mail.bmstech.com.au; envelope-from=<>; receiver=raymond_elmo@domain.com
Apr 29 21:50:41 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from mona.bmstech.com.au[203.33.248.10]: 450 4.1.1 <Raymond_Elmo@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Raymond_Elmo@domain.com> proto=ESMTP helo=<mail.bmstech.com.au>
Apr 29 21:50:42 server postfix/smtpd[20416]: disconnect from mona.bmstech.com.au[203.33.248.10]
Apr 29 21:50:42 server policyd-spf[20725]: None; identity=helo; client-ip=92.79.186.50; helo=mail.medizin-hst.de; envelope-from=<>; receiver=cummins_susie@domain.com
Apr 29 21:50:42 server postfix/smtpd[20718]: NOQUEUE: reject: RCPT from mail.medizin-hst.de[92.79.186.50]: 450 4.1.1 <Cummins_Susie@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Cummins_Susie@domain.com> proto=ESMTP helo=<mail.medizin-hst.de>
Apr 29 21:50:43 server postfix/smtpd[20718]: disconnect from mail.medizin-hst.de[92.79.186.50]
Apr 29 21:50:56 server postfix/smtpd[20709]: connect from polara1.lnk.telstra.net[165.228.174.43]
Apr 29 21:50:56 server postfix/smtpd[20416]: connect from static-198-181.grapevine.transact.net.au[121.127.198.181]
Apr 29 21:50:57 server postfix/smtpd[20416]: setting up TLS connection from static-198-181.grapevine.transact.net.au[121.127.198.181]
Apr 29 21:50:57 server postfix/smtpd[20709]: setting up TLS connection from polara1.lnk.telstra.net[165.228.174.43]
Apr 29 21:50:57 server postfix/smtpd[20416]: Anonymous TLS connection established from static-198-181.grapevine.transact.net.au[121.127.198.181]: TLSv1 with cipher AES128-SHA (128/128 bits)
Apr 29 21:50:57 server postfix/smtpd[20419]: connect from exchange.leupamed.at[80.123.184.238]
Apr 29 21:50:57 server postfix/smtpd[20709]: Anonymous TLS connection established from polara1.lnk.telstra.net[165.228.174.43]: TLSv1 with cipher AES128-SHA (128/128 bits)
Apr 29 21:50:57 server policyd-spf[20723]: None; identity=helo; client-ip=121.127.198.181; helo=remote.patriotalliance.com.au; envelope-from=<>; receiver=robles_robt@domain.com
Apr 29 21:50:57 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from static-198-181.grapevine.transact.net.au[121.127.198.181]: 450 4.1.1 <Robles_Robt@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Robles_Robt@domain.com> proto=ESMTP helo=<remote.patriotalliance.com.au>
Apr 29 21:50:58 server postfix/smtpd[20419]: setting up TLS connection from exchange.leupamed.at[80.123.184.238]
Apr 29 21:50:58 server postfix/smtpd[20416]: disconnect from static-198-181.grapevine.transact.net.au[121.127.198.181]
Apr 29 21:50:58 server policyd-spf[20721]: None; identity=helo; client-ip=165.228.174.43; helo=mail.orbitaltraffic.com.au; envelope-from=<>; receiver=howe_shelley@domain.com
Apr 29 21:50:58 server postfix/smtpd[20709]: NOQUEUE: reject: RCPT from polara1.lnk.telstra.net[165.228.174.43]: 450 4.1.1 <Howe_Shelley@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Howe_Shelley@domain.com> proto=ESMTP helo=<mail.orbitaltraffic.com.au>
Apr 29 21:50:58 server postfix/smtpd[20718]: connect from static-84-9-16-58.vodafonexdsl.co.uk[84.9.16.58]
Apr 29 21:50:58 server postfix/smtpd[20419]: Anonymous TLS connection established from exchange.leupamed.at[80.123.184.238]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:58 server policyd-spf[20721]: None; identity=helo; client-ip=165.228.174.43; helo=mail.orbitaltraffic.com.au; envelope-from=<>; receiver=howe_shelley@domain.com
Apr 29 21:50:58 server postfix/smtpd[20709]: NOQUEUE: reject: RCPT from polara1.lnk.telstra.net[165.228.174.43]: 450 4.1.1 <Howe_Shelley@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Howe_Shelley@domain.com> proto=ESMTP helo=<mail.orbitaltraffic.com.au>
Apr 29 21:50:58 server postfix/smtpd[20416]: connect from static-100-0-172-19.bstnma.fios.verizon.net[100.0.172.19]
Apr 29 21:50:58 server policyd-spf[20721]: None; identity=helo; client-ip=165.228.174.43; helo=mail.orbitaltraffic.com.au; envelope-from=<>; receiver=howe_shelley@domain.com
Apr 29 21:50:58 server postfix/smtpd[20709]: NOQUEUE: reject: RCPT from polara1.lnk.telstra.net[165.228.174.43]: 450 4.1.1 <Howe_Shelley@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Howe_Shelley@domain.com> proto=ESMTP helo=<mail.orbitaltraffic.com.au>
Apr 29 21:50:58 server postfix/smtpd[20718]: setting up TLS connection from static-84-9-16-58.vodafonexdsl.co.uk[84.9.16.58]
Apr 29 21:50:59 server postfix/smtpd[20797]: connect from diy2247803.lnk.telstra.net[139.130.128.94]
Apr 29 21:50:59 server postfix/smtpd[20416]: setting up TLS connection from static-100-0-172-19.bstnma.fios.verizon.net[100.0.172.19]
Apr 29 21:50:59 server postfix/smtpd[20709]: disconnect from polara1.lnk.telstra.net[165.228.174.43]
Apr 29 21:50:59 server postfix/smtpd[20718]: Anonymous TLS connection established from static-84-9-16-58.vodafonexdsl.co.uk[84.9.16.58]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:59 server policyd-spf[20494]: None; identity=helo; client-ip=80.123.184.238; helo=exchange.leupamed.at; envelope-from=<>; receiver=hendricks_garth@domain.com
Apr 29 21:50:59 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.leupamed.at[80.123.184.238]: 450 4.1.1 <Hendricks_Garth@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Hendricks_Garth@domain.com> proto=ESMTP helo=<exchange.leupamed.at>
Apr 29 21:50:59 server postfix/smtpd[20797]: setting up TLS connection from diy2247803.lnk.telstra.net[139.130.128.94]
Apr 29 21:50:59 server postfix/smtpd[20416]: Anonymous TLS connection established from static-100-0-172-19.bstnma.fios.verizon.net[100.0.172.19]: TLSv1 with cipher AES256-SHA (256/256 bits)
Apr 29 21:50:59 server policyd-spf[20494]: None; identity=helo; client-ip=80.123.184.238; helo=exchange.leupamed.at; envelope-from=<>; receiver=hendricks_garth@domain.com
Apr 29 21:50:59 server postfix/smtpd[20419]: NOQUEUE: reject: RCPT from exchange.leupamed.at[80.123.184.238]: 450 4.1.1 <Hendricks_Garth@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Hendricks_Garth@domain.com> proto=ESMTP helo=<exchange.leupamed.at>
Apr 29 21:50:59 server postfix/smtpd[20797]: Anonymous TLS connection established from diy2247803.lnk.telstra.net[139.130.128.94]: TLSv1 with cipher AES128-SHA (128/128 bits)
Apr 29 21:51:00 server policyd-spf[20725]: None; identity=helo; client-ip=84.9.16.58; helo=server2008.surveyassociatesltd.local; envelope-from=<>; receiver=peterson_jackson@domain.com
Apr 29 21:51:00 server postfix/smtpd[20718]: NOQUEUE: reject: RCPT from static-84-9-16-58.vodafonexdsl.co.uk[84.9.16.58]: 450 4.1.1 <Peterson_Jackson@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Peterson_Jackson@domain.com> proto=ESMTP helo=<server2008.surveyassociatesltd.local>
Apr 29 21:51:00 server policyd-spf[20723]: None; identity=helo; client-ip=100.0.172.19; helo=rxa-srv1.rxadvance.com; envelope-from=<>; receiver=jack_rosemarie@domain.com
Apr 29 21:51:00 server postfix/smtpd[20416]: NOQUEUE: reject: RCPT from static-100-0-172-19.bstnma.fios.verizon.net[100.0.172.19]: 450 4.1.1 <Jack_Rosemarie@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Jack_Rosemarie@domain.com> proto=ESMTP helo=<RXA-SRV1.RxAdvance.com>
Apr 29 21:51:00 server postfix/smtpd[20419]: disconnect from exchange.leupamed.at[80.123.184.238]
Apr 29 21:51:00 server postfix/smtpd[20709]: connect from remote.lowercolumbiacap.org[74.85.50.138]
Apr 29 21:51:00 server postfix/smtpd[20416]: disconnect from static-100-0-172-19.bstnma.fios.verizon.net[100.0.172.19]
Apr 29 21:51:00 server postfix/smtpd[20718]: disconnect from static-84-9-16-58.vodafonexdsl.co.uk[84.9.16.58]
Apr 29 21:51:00 server postfix/smtpd[20709]: setting up TLS connection from remote.lowercolumbiacap.org[74.85.50.138]
Apr 29 21:51:00 server policyd-spf[20808]: None; identity=helo; client-ip=139.130.128.94; helo=mail.diytiles.com.au; envelope-from=<>; receiver=drake_emil@domain.com
Apr 29 21:51:00 server postfix/smtpd[20797]: NOQUEUE: reject: RCPT from diy2247803.lnk.telstra.net[139.130.128.94]: 450 4.1.1 <Drake_Emil@domain.com>: Recipient address rejected: User unknown in virtual mailbox table; from=<> to=<Drake_Emil@domain.com> proto=ESMTP helo=<mail.diytiles.com.au>
Apr 29 21:51:00 server postfix/smtpd[20709]: Anonymous TLS connection established from remote.lowercolumbiacap.org[74.85.50.138]: TLSv1 with cipher AES256-SHA (256/256 bits)

14
SSL / Re: Short Let's Encrypt guide on CentOS 6.x
« on: April 20, 2016, 07:03:49 AM »
I did play around with the letsencrypt SSL few days ago, taking me quite some times to get it installed.

First, you must make sure you have at least the Python v2.7.x or above, and also the virtualenv installed.

Install the letsencrypt.
Quote
cd /root
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto

And if you get the following error, please refer to the link, https://www.digitalocean.com/community/tutorials/how-to-set-up-python-2-7-6-and-3-3-3-on-centos-6-4, to get the virtualenv installed.
Quote
virtualenv: command not found

In fact, I still got the error (not virtualenv error, could not remember thou) when running ./letsencrypt-auto command. So, I did in manual method to generate the SSL.
Quote
./letsencrypt-auto certonly --webroot -w /home/your_domain/public_html -d your_domain.com -d www.your_domain.com

Then,  copy the SSL into /etc/pki/tls directory.
Quote
cp -f /etc/letsencrypt/live/your_domain/cert.pem /etc/pki/tls/certs/your_domain.cert
cp -f /etc/letsencrypt/live/your_domain/fullchain.pem /etc/pki/tls/certs/your_domain.bundle
cp -f /etc/letsencrypt/live/your_domain/privkey.pem /etc/pki/tls/certs/your_domain.key

At your CWP, go to Apache settings >> SSL cert manager, on your right hand side form, choose the cert, user & enter your domain; then install SSL. Done.

Note: Make sure you have the 443 port open in firewall & listen to port 443.

You may test the score of SSL cert at https://www.ssllabs.com/ssltest.
At the beginning, I got the score C and after did some researches, I added the following lines onto this file /usr/local/apache/conf.d/vhosts-ssl.conf.
Quote
....
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
....
Restart the apache.

I got the score A now.  ;D Hope this guide will help you. Cheer.

15
Informations / Re: How to Secure CWP webserver
« on: April 20, 2016, 06:26:35 AM »
I did play around with the letsencrypt SSL few days ago, taking me quite some times to get it installed.

First, you must make sure you have at least the Python v2.7.x or above, and also the virtualenv installed.

Install the letsencrypt.
Quote
cd /root
git clone https://github.com/letsencrypt/letsencrypt10
cd letsencrypt
./letsencrypt-auto

And if you get the following error, please refer to the link, https://www.digitalocean.com/community/tutorials/how-to-set-up-python-2-7-6-and-3-3-3-on-centos-6-4, to get the virtualenv installed.
Quote
virtualenv: command not found

In fact, I still got the error (not virtualenv error, could not remember thou) when running ./letsencrypt-auto command. So, I did in manual method to generate the SSL.
Quote
./letsencrypt-auto certonly --webroot -w /home/your_domain/public_html -d your_domain.com -d www.your_domain.com

Then,  copy the SSL into /etc/pki/tls directory.
Quote
cp -f /etc/letsencrypt/live/your_domain/cert.pem /etc/pki/tls/certs/your_domain.cert
cp -f /etc/letsencrypt/live/your_domain/fullchain.pem /etc/pki/tls/certs/your_domain.bundle
cp -f /etc/letsencrypt/live/your_domain/privkey.pem /etc/pki/tls/certs/your_domain.key

At your CWP, go to Apache settings >> SSL cert manager, on your right hand side form, choose the cert, user & enter your domain; then install SSL. Done.

Note: Make sure you have the 443 port open in firewall & listen to port 443.

You may test the score of SSL cert at https://www.ssllabs.com/ssltest.
At the beginning, I got the score C and after did some researches, I added the following lines onto this file /usr/local/apache/conf.d/vhosts-ssl.conf.
Quote
....
SSLEngine on
SSLProtocol All -SSLv2 -SSLv3
SSLCompression Off
SSLHonorCipherOrder On
SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
....
Restart the apache.

I got the score A now.  ;D Hope this guide will help you. Cheer.

Pages: [1] 2 3