Messages

886

CentOS-WebPanel GUI / Re: CWP Pro not activated after changing IP

« on: August 15, 2023, 02:39:16 PM »

Did you try temporarily disabling your CSF firewall?
I had a problem like yours 2-3 years ago and a regular support request resolved it in 24 hours. Maybe support lead times have slipped.

(As for the other suggestion, a new pro license to CWP is cheaper than paying for premium support...)

887

CentOS 7 Problems / Re: PHP version Switcher not working

« on: August 10, 2023, 11:51:12 PM »

Good to know the nuclear option works! Nuke php, then reinstall.
Or pay the devs a few shekels and get a much better PHP switcher, or better yet, use php-fpm for maximum performance and flexibility.

888

CentOS 7 Problems / Re: CWP7-PR0+wordpress+Plugin WebP

« on: August 10, 2023, 11:49:34 PM »

If you do try to DIY, then start by following this Nginx recipe:
https://www.nginx.com/resources/wiki/start/topics/recipes/wordpress/
I run several WP installs using this basic recipe, with perhaps only a few small tweaks. And as Starbust intimated, I would suggest removing Varnish from your toolchain. It only adds complexity for relatively little benefit, unless you have fast storage or ample RAM to throw at caching. I usually recommend people only use if they really, really need to milk that last 10-20% out of their server and have the resources to throw at it. Better is a WP cache paired with Cloudflare, but that's best done after the install & development phase when you transition over to performance tuning.

889

CentOS-WebPanel GUI / Re: Cannot create new mailbox CWP USER GUI

« on: August 08, 2023, 10:30:50 PM »

Are you able to see the domain in the root_cwp DB under the domains table? Also, are the e-mail accounts present in the postfix DB, under the domain and/or mailbox table? There could be an illegal/unsanitized character in one that is causing the web GUI display to bomb out.

890

E-Mail / Re: rogue script using php mail function

« on: August 08, 2023, 01:07:19 PM »

Head slap -- yes, I forget about to mention that one because I have php mailer functionality disabled on all my servers as a matter of course during setup. To me it's lazy coding and from a bygone era to rely on the convenience but total lack of accountability and compartmentalization with the php mail function. I require all clients to create a dedicated outbound SMTP user which they can then plug in those authentication details into whatever CMS or contact form requires outbound mail sending. So then you have accountability and proper logging, as well as proper postscreen controls and rate limits in place with Postfix.

891

CentOS-WebPanel GUI / Re: Cannot create new mailbox CWP USER GUI

« on: August 07, 2023, 11:37:57 PM »

What OS distribution & version? I haven't seen this under CentOS 7.9.

892

E-Mail / Re: There is a CWP server vulnerability. Please help me.

« on: August 07, 2023, 06:54:35 PM »

Maybe in the other thread you should just post your whole main.cf and master.cf so we can take a look and offer suggestions. Have you followed the AWS Monster guide to hardening Postfix with CWP? Are you running SpamAssassin?

893

E-Mail / Re: Preventing Sending E-mails from Non-Existent Addresses: How to Verify Sender's E

« on: August 07, 2023, 06:24:22 PM »

The trailing "permit" isn't necessary, strictly speaking, because there's an earlier "permit_mynetworks.". I just put it there because it makes it clear that whatever passes the earlier "check" and "reject" tests will be permitted.

FYI, you need an API key to use zen.spamhaus.org these days, so you need to obtain one and reconfigure that line. Right now it's not benefiting you at all. Here's a few suggested tweaks:

Code: [Select]

smtpd_recipient_restrictions =
permit_sasl_authenticated
permit_mynetworks
reject_invalid_hostname
reject_non_fqdn_sender
reject_non_fqdn_recipient
reject_unknown_sender_domain
reject_unknown_recipient_domain
reject_unlisted_recipient
reject_unauth_destination
check_client_access hash:/etc/postfix/rbl_override
check_recipient_access regexp:/etc/postfix/recipient_checks
check_helo_access hash:/etc/postfix/helo_checks
check_sender_access hash:/etc/postfix/sender_checks
check_client_access hash:/etc/postfix/client_checks
reject_rbl_client cn.country.spameatingmonkey.net
reject_rbl_client kp.country.spameatingmonkey.net
reject_rbl_client ng.country.spameatingmonkey.net
reject_rbl_client ru.country.spameatingmonkey.net
reject_rbl_client dnsbl.sorbs.net
reject_rbl_client b.barracudacentral.org
reject_rbl_client bl.spamcop.net
reject_rhsbl_sender dsn.rfc-clueless.org


894

Information / Re: Unknown user in cwp user quota

« on: August 07, 2023, 02:00:49 PM »

You should delete them from a shell -- they are just vestiges from the migration that the quota module is picking up on.

895

CentOS-WebPanel GUI / Re: Cannot create new mailbox CWP USER GUI

« on: August 07, 2023, 01:59:31 PM »

As a test, can you add it from the CWP Admin side (rather than the user panel)?

896

E-Mail / Re: Preventing Sending E-mails from Non-Existent Addresses: How to Verify Sender's E

« on: August 07, 2023, 01:57:01 PM »

Are you using postfix's postscreen, as well as having SpamAssassin in your mail chain?

Do you have something like this in your postfix main.cf? Note especially the "reject_unverified_sender" line:

Code: [Select]

smtpd_sender_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        check_sender_access hash:/etc/postfix/sender_access,
        reject_unknown_sender_domain,
        warn_if_reject,
        reject_unverified_sender,
        permit

897

CentOS 7 Problems / Re: TMI mode

« on: August 07, 2023, 01:53:55 PM »

Indeed, just to put out a public notice: don't err on the side of too little info if you want help on the forum. We generally need the basic distro info, possibly your hardware config, to know if it's VPS or a full bare metal or dedicated VM, and for sure we need relevant log entries and error messages. So don't hold back, go full TMI mode (too much information). Because it actually isn't TMI -- it's what we need to help you solve your problem!

898

E-Mail / Re: There is a CWP server vulnerability. Please help me.

« on: August 04, 2023, 03:07:46 AM »

Have you hardened your Postfix installation, as I recommended before? Are you making use of postscreen?
https://www.awsmonster.com/how-to-secure-postfixdovecot-on-cwp

Are you making full use of CSF and LFD?

Add to Posfix main.cf:

Code: [Select]

##//delivery rate controls/restrictions
# Parrallel delivery force (local=2 and dest=20 are aggressive)
local_destination_concurrency_limit = 6
default_destination_concurrency_limit = 30
# Max flow rate (1 sec delay per 50 emails/sec over the number of emails delivered/sec)
in_flow_delay = 1s
# Tarpit those bots/clients/spammers who send errors or scan for accounts
smtpd_error_sleep_time = 10s 
smtpd_soft_error_limit = 5
smtpd_hard_error_limit = 10
# limit max sends per minute
anvil_rate_time_unit = 60s
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_recipient_rate_limit = 30
smtpd_client_message_rate_limit = 30

899

CentOS 7 Problems / Re: SSH connection Access Denied

« on: August 03, 2023, 01:55:05 PM »

I'm sorry, but your rant is not very helpful at all and doesn't contribute to solving the original poster's problem.

900

How to / Re: How to enable special character (eg.ñ)support when adding domains.

« on: August 03, 2023, 01:39:08 PM »

File a bug report and chime in on the issue. I'm not sure more than a couple of devs stop by the forum, so not the best place to alert them about bugs.