Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
1051
E-Mail / Re: Spamhaus
« on: June 03, 2023, 02:22:25 AM »
I'm not sure I'm understanding your question. SpamHaus is one of the "good guys" and I use their zen.spamhaus.org RBL on all my mail servers. They now require you have an account and generate a server-specific key, but you shouldn't have any trouble with their traffic usage levels for personal/small scale use. Are you running into a misconfiguration or are you getting bounce messages about your server being an open resolver?
1052
E-Mail / Re: Fwd: Delayed Mail (still being retried)
« on: June 03, 2023, 02:20:05 AM »
Is Amavis not running on your mail server?
1053
CentOS 7 Problems / Re: CWP PRO Panel White blank page cause of cron.php has expired.
« on: June 03, 2023, 02:17:27 AM »
You followed rcschaff's post, following the CentOS 7 steps (carefully)?
1054
E-Mail / Re: I received email from my own email account
« on: June 03, 2023, 02:14:25 AM »
Do you need a generic e-mail address like "contact@yourdomain.com"? That is easily guessed and likely on many spammer e-mail lists, so you're better off with something more specialized to avoid high volumes of generic spam. Or you could implement an obfuscated e-mail like the DuckDuckGo @duck.com forwarders.
That IP resolves to Thailand. Do you (or anyone on your server) do business with Thailand? If not, consider blocking that country via the CSF firewall. Also consider blocking the other top 10 spam source countries if you don't need to communicate with them.
Do you have proper UCE (unsolicited commercial e-mail) settings on your postfix config? Consider implementing zen.spamhaus.org RBL, if not many more RBLs to shut down a large percentage of spam. SpamAssassin is farther down the chain so it is best to stop spam at the gate if it fails various helo or FQDN checks or is RBL-listed.
Another option I use on a high traffic mail server is ASSP (Anti-Spam SMTP Proxy). It sits on the edge as a dedicated anti-spam solution, running on ports 25, 465, and 587. It is HIGHLY configurable and not so resource intensive. I have trained its corpus and block about 75% of incoming, non-local mail. Then it passes mail onto Postfix which runs on an alternate SMTP port (1025 or whatever). And Postfix can still be set up to use RBLs and do HELO and FQDN and other checks, so you effectively have 2 high hurdles for spam to pass.
That IP resolves to Thailand. Do you (or anyone on your server) do business with Thailand? If not, consider blocking that country via the CSF firewall. Also consider blocking the other top 10 spam source countries if you don't need to communicate with them.
Do you have proper UCE (unsolicited commercial e-mail) settings on your postfix config? Consider implementing zen.spamhaus.org RBL, if not many more RBLs to shut down a large percentage of spam. SpamAssassin is farther down the chain so it is best to stop spam at the gate if it fails various helo or FQDN checks or is RBL-listed.
Another option I use on a high traffic mail server is ASSP (Anti-Spam SMTP Proxy). It sits on the edge as a dedicated anti-spam solution, running on ports 25, 465, and 587. It is HIGHLY configurable and not so resource intensive. I have trained its corpus and block about 75% of incoming, non-local mail. Then it passes mail onto Postfix which runs on an alternate SMTP port (1025 or whatever). And Postfix can still be set up to use RBLs and do HELO and FQDN and other checks, so you effectively have 2 high hurdles for spam to pass.
1055
Other / Re: Updating cURL and OpenSSL/1.0.2k-fips
« on: June 02, 2023, 01:26:05 PM »
Do you mean you successfully updated OpenSSL to 1.1.1k but it didn't get rid of your curl error?
Or do you mean that updating to OpenSSL 1.1.1k hosed the whole system (too many dependencies, not compatible with the CWP stack)? I'm curious because I would upgrade my OpenSSL to 1.1.1 if I knew it worked with CWP. Then I would probably ride like that until I ditch CentOS 7 in spring of 2024.
Or do you mean that updating to OpenSSL 1.1.1k hosed the whole system (too many dependencies, not compatible with the CWP stack)? I'm curious because I would upgrade my OpenSSL to 1.1.1 if I knew it worked with CWP. Then I would probably ride like that until I ditch CentOS 7 in spring of 2024.
1056
CentOS 7 Problems / Re: CWP PRO Panel White blank page cause of cron.php has expired.
« on: June 02, 2023, 01:22:59 PM »1057
Migration from other control panels / Re: How to transfer backup through ssh
« on: June 02, 2023, 01:18:15 PM »
A sample command (from a remote cPanel to the local CWP) is listed on the wiki here:
http://wiki.centos-webpanel.com/how-to-manually-import-emails
http://wiki.centos-webpanel.com/how-to-manually-import-emails
Code: [Select]
rsync -avz -e "ssh -p 22" root@185.185.185.185:/home/USERNAME/mail/DOMAIN/USERNAME/ /var/vmail/DOMAIN/USERNAME/
1058
CentOS-WebPanel Bugs / Re: Cant login to CWP User :2083
« on: June 02, 2023, 01:15:27 PM »
Have you tried logging in twice? Login once and it appears to succeed but kicks you back to the login page. But then immediately login again and then it will actually succeed. This was a bug I encountered and was my workaround (but that client rarely logged into the user control panel, so it wasn't much of an issue). I resolved it by adjusting the features of the user under User Accounts>Features,Themes,Language -- since it was a dedicated VM for a single client, I effectively gave them full permissions and full features over every aspect of the server. After that, they were able to login on the first try. You don't need to go to that extreme, just try giving them one feature not currently assigned and see if that fixes it.
1059
Other / Re: Updating cURL and OpenSSL/1.0.2k-fips
« on: June 02, 2023, 02:17:55 AM »Quote
Note: The latest stable version is the 3.1 series supported until 14th March 2025. Also available is the 3.0 series which is a Long Term Support (LTS) version and is supported until 7th September 2026. The previous LTS version (the 1.1.1 series) is also available and is supported until 11th September 2023. All older versions (including 1.1.0, 1.0.2, 1.0.0 and 0.9.Off the cuff, I would suggest shooting for the 1.1.1 version upgrade, as it is supported until September 2023. It is unlikely to break things in the CWP stack which depend on the 1.0.x code branch. I don't know how much the 3.1 or 3.0 branch is as a drop-in replacement under CentOS 7.9 and the CWP stack -- so proceed at your own risk!are now out of support and should not be used. Users of these older versions are encouraged to upgrade to 3.1 or 3.0 as soon as possible. Extended support for 1.0.2 to gain access to security fixes for that version is available.
1060
E-Mail / Re: SMTP ERROR: Failed to connect to server: Connection refused (111)
« on: June 02, 2023, 02:11:33 AM »
465 is SSL/TLS. You can use STARTTLS with port 25 SMTP or 587 submission if you want to negotiate a secure channel on those ports.
Are you allowing outgoing mail ports in your firewall config file -- /etc/csf/csf.conf?
TCP_IN = "21,22,25,53,80,110,143,443,465,587,993,995,2083,2096,2304"
TCP_OUT = "20,21,22,25,22,53,80,110,113,443,2083,2096,587,993,995,2080,2443"
Are you allowing outgoing mail ports in your firewall config file -- /etc/csf/csf.conf?
TCP_IN = "21,22,25,53,80,110,143,443,465,587,993,995,2083,2096,2304"
TCP_OUT = "20,21,22,25,22,53,80,110,113,443,2083,2096,587,993,995,2080,2443"
Code: [Select]
SMTP_PORTS = "25,465,587"
PORTS_imapd = "143,993"
PORTS_pop3d = "110,995"
1061
E-Mail / Re: Firewall is blocking email delivery
« on: June 02, 2023, 02:06:48 AM »
Are you allowing outgoing mail ports in /etc/csf/csf.conf?
TCP_IN = "21,22,25,53,80,110,143,443,465,587,993,995,2083,2096,2304"
TCP_OUT = "20,21,22,25,22,53,80,110,113,443,2083,2096,587,993,995,2080,2443"
TCP_IN = "21,22,25,53,80,110,143,443,465,587,993,995,2083,2096,2304"
TCP_OUT = "20,21,22,25,22,53,80,110,113,443,2083,2096,587,993,995,2080,2443"
Code: [Select]
SMTP_PORTS = "25,465,587"
PORTS_imapd = "143,993"
PORTS_pop3d = "110,995"
1062
Other / Re: Updating cURL and OpenSSL/1.0.2k-fips
« on: June 02, 2023, 01:56:31 AM »Code: [Select]
$ yum info openssl
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: la.mirrors.clouvider.net
* epel: irltoolkit.mm.fcix.net
* extras: linux.mirrors.es.net
* updates: mirrors.oit.uci.edu
Installed Packages
Name : openssl
Arch : x86_64
Epoch : 1
Version : 1.0.2k
Release : 26.el7_9
Size : 814 k
Repo : installed
From repo : updates
Summary : Utilities from the general purpose cryptography library with TLS implementation
URL : http://www.openssl.org/
License : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
: machines. OpenSSL includes a certificate management tool and shared
: libraries which provide various cryptographic algorithms and
: protocols.
https://webhostinggeeks.com/howto/install-update-openssl-centos/
1063
Other / Re: Updating cURL and OpenSSL/1.0.2k-fips
« on: June 02, 2023, 01:26:14 AM »
What OS version? CentOS 7.9 or something else?
1064
CentOS Configuration / Re: How to configure SpamAssassin
« on: June 01, 2023, 03:19:15 AM »
For sure, that's how it is supposed to work:
Code: [Select]
overseer@srv$ less /etc/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
# These should be safe assumptions and allow for simple visual sifting
# without risking lost emails.
1065
CentOS Configuration / Re: How to configure SpamAssassin
« on: May 31, 2023, 09:25:16 PM »
That's how it's supposed to work...
Code: [Select]
[overseer@srv ~]$ less /etc/spamassassin/local.cf
# These values can be overridden by editing ~/.spamassassin/user_prefs.cf
# (see spamassassin(1) for details)
