Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - overseer

Pages: 1 ... 53 54 [55] 56 57 ... 59
Information / Re: error ? daily backup
« on: January 21, 2023, 09:32:43 PM »
I haven't had the backups fail on any of my 3x CWP servers.

As a workaround, you can implement AutoMySQLBackup for daily/weekly/monthly DB backups, with e-mail notification of backups, compression and encryption, backup rotation, and incremental database backups.

For /var/vmail, you can simply rsync it somewhere else for remote backup (as I do).

Updates / Re: Update CWP
« on: January 21, 2023, 09:24:03 PM »
is it normal that for more than 1 month cwp has not published any update?
If you're itchy for quicker updates, you can change your settings in CWP Settings > Edit Settings > CWP Updates.
But as it warns on the tin,
Latest (Latest version, NOT fully tested)
So a conservative sysadmin would choose the default option:
Stable (Stable version, at least two weeks tested)

E-Mail / Re: Not connect to mail from i-mac devices
« on: January 21, 2023, 09:20:07 PM »
Are you supporting STARTTLS ports in addition to the SSL/TLS mail ports?
143 for IMAP, 25 for SMTP, 110 for POP3, 587 for submission.
I can't say how your Mac clients are set to connect to the server, but they can support both STARTTLS or SSL/TLS.

E-Mail / Re: Erro SMTP (450)
« on: January 21, 2023, 09:17:15 PM »
try to find and comment # this line

Code: [Select]
in /etc/postfix/ an then

Code: [Select]
service postfix restart
If it exists, I would also suggest commenting out:
#reject_non_fqdn_hostname, # too many misconfigured servers out there...
Code: [Select]

E-Mail / Re: There is a CWP server vulnerability. Please help me.
« on: January 21, 2023, 08:42:38 PM »
Well, yes there was a vulnerability. But if you have updated to or newer (we are 2 updates past the vulnerable version), you should be safe. But it sounds as if your Postfix installation is not sufficiently hardened, and perhaps CSF/LDF is not doing all it can do for you. Also, consider installing Mod_Security with the Comodo ruleset.

Information / Re: disk r/w io speed
« on: January 15, 2023, 04:42:48 AM »
Which country? You can get a used 2012 Mac mini (space for 2x SATA SSD) with 16GB RAM and have it co-located here in the US for $50/mo at MacStadium or CyberLynk (MacMiniVault). You don't have to run macOS as the host OS -- you can run VMware ESXi or a Linux with KVM if you want to run VM(s). Or bare metal CentOS even!

Information / Re: error ? daily backup
« on: January 15, 2023, 04:33:46 AM »
Have you looked for large files that could be deleted/truncated?
Code: [Select]
find / -type f -size +500MYou could delete older backups in /backup if you are confident you don't need them
Code: [Select]
[root@srv]# ls -al /backup
total 16
drw-------.  6 root root   61 Jan 11  2022 .
dr-xr-xr-x. 21 root root 4096 Jan 14 16:49 ..
drwxr-xr-x. 37 root root 4096 Feb 19  2022 daily
drwxr-xr-x. 37 root root 4096 Mar  1  2022 monthly
drwxr-xr-x. 37 root root 4096 Feb 20  2022 weekly
In this case, maybe clean out /backup/monthly?

Change to Comodo WAF
Agreed, OWASP is too aggressive of a default.
But this tutorial has relevant info and suggested changes if you do decide to use OWASP rules.

Mod_Security / Re: Custom modsec rules
« on: January 14, 2023, 11:59:47 PM »
Have you considered blocking at the CSF/LFD firewall level instead of mod_security?

Otherwise, the answer to your question is here. File for custom directives is:
Code: [Select]
nano /usr/local/apache/modsecurity-cwaf/custom_user.conf

E-Mail / Re: Roundcube update not working due to php version of cwpsrv
« on: January 14, 2023, 11:57:35 PM »
The CWP team should get to this, but their timeline is always opaque. Meanwhile, I myself am not too worried about it as a break-in vector, as my config is generally hardened, as is Postfix so I shouldn't become a UCE relay. Not being an open relay and rate-limiting your outbound mail flow will really make you NOT a juicy target for spammers.

When installing a new version of php-fpm, the sockets config is not automatically created for you; you must do it manually. So after building it and will create an error of the .sock file missing. So you have to copy over your older users directory. For example, after enabling php 7.4, I had to create:
this way:
Code: [Select]
sudo cp -r /opt/alt/php-fpm72/usr/etc/php-fpm.d/users /opt/alt/php-fpm74/usr/etc/php-fpm.d/usersand then edit the new conf files to reflect the new version:
Code: [Select]
sudo perl -pi.back -e 's/php-fpm72/php-fpm74/g;' /opt/alt/php-fpm74/usr/etc/php-fpm.d/users/*.confThen restart the php-fpm process:
Code: [Select]
sudo service php-fpm74 restart

PHP Selector / Re: PECL extensions using PHP-FPM?
« on: January 14, 2023, 11:33:24 PM »
In the CLI, you have to call the specific version of php-fpm you want, instead of just blindly calling php in the terminal. For example, call php 8.1 with no memory limit (as I often have to do with composer):
Code: [Select]
/opt/alt/php-fpm81/usr/bin/php -d memory_limit=-1
And for things that need to run as a specific user, instead of root:
Code: [Select]
sudo -u USERNAME /opt/alt/php-fpm81/usr/bin/php -d memory_limit=-1

Other / Re: Problem with users SSH access
« on: January 09, 2023, 11:33:09 PM »
Are you using AllowUsers and/or AllowGroups in /etc/ssh/sshd_config?

Other / Re: Create new disk (home2) because /home is full
« on: January 09, 2023, 09:21:07 PM »
You would probably need to create home2 on the other disk, then possibly symlinks in /home pointing to it would work, or else you could put fstab mounts into /home (after clearing it out first -- as with the guides). But I think you'll find that /home generally isn't the culprit for disk consumption. A better consideration would be to put /var/vmail on another disk and mount it at /var/vmail in the filesystem. For instance, I have one packrat customer that has 75GB of mails in /var/vmail. Sum total of /var/vmail on that server is over 200GB of my 300GB disk allotment!

Or did you put /home on a separate partition?

Agreed; haven't found it worth the bother nor the bloat and slow responsiveness. Always a better remote term available on any system I use (Mac, Linux, Windows PuTTY, etc.)

Pages: 1 ... 53 54 [55] 56 57 ... 59