Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - venty

Pages: 1 2 3 [4] 5 6 ... 28
46
I would suggest you look here:
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp

Hi,

thank you very much...

I looked at the manual, just please clarify - in etc/postfix/main.cf I have the following restriction:

# rules restrictions
smtpd_client_restrictions = reject_unknown_client

is it appropriate to look like this:

# rules restrictions
smtpd_client_restrictions =
permit_sasl_authenticated
reject_unknown_client_hostname

Thanks in advance!

BR
Venty

47
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« on: February 20, 2025, 10:10:04 AM »
The only thing left is to:

nano crs-setup.conf

Code: [Select]
# SecDefaultAction "phase:1,log,auditlog,pass"
# SecDefaultAction "phase:2,log,auditlog,pass"


Uncomment:

Code: [Select]
SecDefaultAction "phase:1,log,auditlog,deny,status:403"
SecDefaultAction "phase:2,log,auditlog,deny,status:403"


Hi,

thank you very much....

and that's all, will they update?

BR
Venty

48
FYI.  You are not going to get a response from postfix on 465 using telnet.  465 requires SSL authentication.  To test it, you must use openssl.

Code: [Select]
openssl s_client -connect localhost:465
If you receive an appropriate response, then everything should be working, we need to look externally.  If you do not get a response from posix, please check /etc/postfix/master.cf and make sure port 465 is indeed enabled.


Hi,

thank you very much, it worked :)

Please take a look at the following restrictions in Postfix:
# rules restrictions
smtpd_client_restrictions = reject_unknown_client
smtpd_helo_restrictions =
smtpd_sender_restrictions =
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_recipient_domain
# uncomment for realtime black list checks
# ,reject_rbl_client zen.spamhaus.org
# ,reject_rbl_client bl.spamcop.net
# ,reject_rbl_client dnsbl.sorbs.net
smtpd_helo_required = yes
unknown_local_recipient_reject_code = 550
disable_vrfy_command = yes
smtpd_data_restrictions = reject_unauth_pipelining

are they adequate?

BR
Venty

49
Postfix / Re: ESMTP Postfix for SSL, port 465 is missing...
« on: February 17, 2025, 03:09:02 PM »
Thought we covered this ground in another of your threads? Not the case?

Hi,

Please tell me what the topic is...?

I still don't have a solution with SSL sending and receiving mail????

I read and did what???

BR

Venty

50
Postfix / Re: ESMTP Postfix for SSL, port 465 is missing...
« on: February 17, 2025, 12:38:39 PM »
Hi,

Hi,
I am using Alma Linux 9, set it up according to the settings.., but ESMTP Postfix for SSL, port 465 is missing, the port is open, but ::

https://prnt.sc/Y8iYYDuJ8t7r

Hi,
I am using Alma Linux 9, I have configured it according to the settings and no.., but ESMTP Postfix for SSL, port 465 is missing, the port is open, but ::

https://prnt.sc/Y8iYYDuJ8t7r

...and messages are not received on port 995, SSL?

BR
Venty


???

51
Installation / the snapshot or to do a new installation?
« on: February 16, 2025, 04:57:13 PM »
Hi,

please give your opinion - a snapshot of the current state of the server was taken and then a number of applications and settings were tested -- what is the best thing to do next - to revert to the state at the time of the snapshot or to do a new installation?

Which is better?

BR
Venty

52
Installation / Re: DNS records for pop, cpanel....
« on: February 16, 2025, 04:53:50 PM »
CNAME   *         domain.com

Is a catch all solution

Hi,

CNAME   *         domain.com or *      A IP ???


MX ? have any special features?

BR
Venty

53
Installation / Re: ...server under AL9?
« on: February 13, 2025, 08:56:14 AM »
I've posted the basic setup steps here in the forums a couple times.
Here it is again, or you also have options of people that can get the basic installed for you.

You can't have any services installed before installing CWP.

So if Apache is working 'out of the box', you are installing AlmaLinux 9.4 LAMP.
That won't work.

Reimage with the bare AlmaLinux 9.5

Setup your networking, hostname, timzone.

Then:

Code: [Select]
dnf install dnf-plugins-core
Code: [Select]
dnf install elrepo-release epel-release -y
Code: [Select]
dnf config-manager --set-enabled crb
Code: [Select]
dnf --refresh update
Code: [Select]
dnf install nano wget ipset ebtables iptables ipset-service uuid uuid-devel libuuid-devel m4 pcre pcre-devel zlib-devel perl-DBD-MySQL perl-IPC-Cmd perl-Pod-Html perl-Sys-Hostname perl-libwww-perl.noarch perl-LWP-Protocol-https.noarch perl-GDGraph libtool s-nail htop sysstat python3-perf ImageMagick ImageMagick-devel nmap make quota cockpit* -y
Code: [Select]
dnf --refresh update
Code: [Select]
dnf install clamav* clamd
Code: [Select]
dnf clean all
Code: [Select]
cd /usr/local/src
Code: [Select]
wget http://centos-webpanel.com/cwp-el9-latest
Code: [Select]
sh cwp-el9-latest
Code: [Select]
dnf install spamassassin amavis
Reboot

Configure & Start CSF

UPDATE DEPENDENCIES
Code: [Select]
dnf install php-cli libsodium libsodium-devel php-sodium php-pecl-zip  php-pecl-mailparse php-mbstring php-pear php-devel php-pecl-imagick
Code: [Select]
pecl channel-update pecl.php.net
To updated MariaDB follow:
https://www.alphagnu.com/topic/23-upgrade-mariadb-1011-in-cwp-centos-7-centos-8-stream-almalinux-78-rockylinux-78/

The one string to re-install MariaDB has been updated, or you'll get an error.
Run this instead:
Code: [Select]
dnf install MariaDB-server MariaDB-client net-snmp perl-DBD-MySQL --allowerasing
There are other steps, but everyone customizes their servers differently.

Hi,

When, at what stage of setup should this be done:
https://prnt.sc/p1azgfisxGwq

BR
Venty

54
Suggestions / Re: :):):) Comodo WAF rules update required :):):)
« on: February 13, 2025, 07:31:34 AM »
And it works for both CWPfree and CWPpro.  ;D

Hi,

it really works... :)

When I replaced the line "/usr/local/apache/modsecurity-owasp-latest/coreruleset-4.11.0/owasp.conf" when updating the rules, in the configuration file it is in red, I guess it should be like this?

With the two ModSecurity and the rules updates, could I do something in the future to update them, check their sites, and follow similar steps?

BR
Venty

55
SSL / Does the SSL certificate depend on the selected server
« on: February 10, 2025, 09:31:41 AM »
Hi,

Does the SSL certificate (AutoSSL (Let's Encrypt)) depend on the selected server types in the CWP panel??? Does it matter when and where we install the SSL and what server/s we have chosen:

https://prnt.sc/sCaYiLZJG-wv

i.e. if we installed it in 1, will it work in 2 as well (or vice versa)?

BR
Venty

56
Installation / Re: DNS records for pop, cpanel....
« on: February 09, 2025, 09:22:35 AM »
Hi,

When determining the DNS records for pop, cpanel. imap, ftp, mail, webmail, locolhost and others, if necessary, do I put them with A? or CNAME? record to the IP or respectively the name of the domain??

And secondly, is it necessary to provide a record/s for all these subdomains, which should also point to the host name (host.domain.com)?

Thanks in advance!

BR
Venty

And secondly, is it necessary to provide a record/s for all these subdomains, which should also point to the host name (host.domain.com)?


57
Installation / DNS records for pop, cpanel....
« on: February 08, 2025, 12:48:28 PM »
Hi,

When determining the DNS records for pop, cpanel. imap, ftp, mail, webmail, locolhost and others, if necessary, do I put them with A? or CNAME? record to the IP or respectively the name of the domain??

And secondly, is it necessary to provide a record/s for all these subdomains, which should also point to the host name (host.domain.com)?

Thanks in advance!

BR
Venty

58
Installation / When the DNS records are located at the ISP..
« on: February 07, 2025, 08:33:07 AM »
Hi,

when the DNS records for the Parent domain are located at the ISP  (from which I purchased the domain), what am I expected to enter here?

https://prnt.sc/NQmofJQLtfDZ

Maybe I need to enter the names and IP of the name servers provided to me by the ISP or the IP of my Parent domain??

Thaks in advance!

BR
Venty

59
Problems on other RedHat linux servers / Re: daily "Anacron" messages?
« on: February 06, 2025, 04:41:10 PM »
Hi,

I installed..., but the following problems remain:

https://prnt.sc/fzU336rAC-mN    and   https://prnt.sc/M-ELGTHcCHqA

BR
Venty

60
Hi Venty
For what I needed and as far as I know, yes, I solved, find the second post of mines in this thread, dated September 18, 2024, 05:27:57 PM

Hi,

"...that adding the line $inet_socket_bind = '127.0.0.1'; in /etc/amavisd/amavisd.conf seems to solve the problem..." - does it matter where I add it in the file?

BR
Venty

Pages: 1 2 3 [4] 5 6 ... 28