Messages

16

Kloxo-MR Technical Helps / OSSEC VPOPMAIL Bruteforce

« on: 2015-11-30, 13:20:25 »

I got this from OSSEC

OSSEC HIDS Notification.
2015 Nov 30 12:07:30

Received From: server2->/var/log/maillog
Rule: 9953 fired (level 10) -> "VPOPMAIL brute force (empty password)."
Portion of the log(s):

Nov 30 12:07:30 server2 vpopmail[15115]: vchkpw-smtp: null password given tester:118.102.202.131
Nov 30 12:07:20 server2 vpopmail[15100]: vchkpw-smtp: null password given testing:118.102.202.131
Nov 30 12:07:11 server2 vpopmail[15087]: vchkpw-smtp: null password given postmaster:118.102.202.131
Nov 30 12:07:01 server2 vpopmail[15015]: vchkpw-smtp: null password given administrator:118.102.202.131
Nov 30 12:06:51 server2 vpopmail[15003]: vchkpw-smtp: null password given info:118.102.202.131
Nov 30 12:06:42 server2 vpopmail[14988]: vchkpw-smtp: null password given mysql:118.102.202.131
Nov 30 12:06:33 server2 vpopmail[14980]: vchkpw-smtp: null password given postgres:118.102.202.131
Nov 30 12:06:22 server2 vpopmail[14971]: vchkpw-smtp: null password given oracle:118.102.202.131
Nov 30 12:06:13 server2 vpopmail[14948]: vchkpw-smtp: null password given postfix:118.102.202.131
Nov 30 12:06:03 server2 vpopmail[14935]: vchkpw-smtp: null password given root:118.102.202.131



--END OF NOTIFICATION

17

Kloxo-MR Technical Helps / Re: DKIM Ket changes after cleanup

« on: 2015-11-26, 15:37:53 »

Thank you, found the file location and edited.

18

Kloxo-MR Technical Helps / Re: DKIM Ket changes after cleanup

« on: 2015-11-26, 13:33:40 »

Thanks for that. I deleted a client's account and webmail gave server error 500 for all other accounts and seemed that running a cleanup was the only way to fix the issue but never knew DKIM keys were reset.

19

Kloxo-MR Technical Helps / DKIM Ket changes after cleanup

« on: 2015-11-25, 15:48:43 »

When I run sh /script/cleanup to fix webmail not working DKIM keys change and I have to update on cloudflare. Is this normal or anyway to solve  this?

20

Kloxo-MR Technical Helps / Re: Mail Queue backing up

« on: 2015-11-23, 18:53:28 »

Seeing this in mail log now. Even though the email address is correct!

Nov 23 17:20:38 server2 send: delivery 206: failure: User_and_password_not_set,_continuing_without_authentication./154.34.342.201_does_not_like_recipient./Remote_host_said:_550_No_such_person_at_this_address./Giving_up_on_154.34.342.201./

21

Kloxo-MR Technical Helps / Re: Mail Queue backing up

« on: 2015-11-23, 16:40:25 »

Some emails are getting delivered but always to spam even thought SPF & DKIM is all set correct. Server emails never seem to get delivered as they just sit in the mail queue and after a while says failure notice.

22

Kloxo-MR Technical Helps / Re: Mail Queue backing up

« on: 2015-11-23, 09:24:57 »

So I guess this is causing my issue from the mail queue logs.

deferral: CNAME_lookup_failed_temporarily._(#4.4.3)

Has anyone else had or having this issue as I can't get emails working.

23

Kloxo-MR Technical Helps / Re: Have to run sh /script/cleanup after adding domain

« on: 2015-11-22, 16:34:36 »

I seem to have solved this issue. Thanks

24

Kloxo-MR Technical Helps / Re: Mail Queue backing up

« on: 2015-11-22, 16:34:14 »

inform here 'cat /etc/resolv.conf'.

nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 2001:4860:4860::8888
nameserver 2001:4860:4860::8844

25

Kloxo-MR Technical Helps / Re: Have to run sh /script/cleanup after adding domain

« on: 2015-11-22, 14:50:17 »

Also if I delete a client other clients using htaccess php add handler gets reset!

26

Kloxo-MR Technical Helps / Re: Have to run sh /script/cleanup after adding domain

« on: 2015-11-22, 14:16:18 »

Awesome thanks

27

Kloxo-MR Technical Helps / Re: Mail Queue backing up

« on: 2015-11-22, 14:10:07 »

I have deleted all mail in queue although none got delivered.

No I'm not using domain.com not wanting to show my own domain!

28

Kloxo-MR Technical Helps / Mail Queue backing up

« on: 2015-11-22, 13:56:40 »

Mail seem to come in fine but can't seem to send any. I'm also not getting mails from the server they are all in mail queue.

After running sh /script/sysinfo this is what I have.

A. Kloxo-MR: 7.0.0.b-2015103001
   - Web: hiawatha-9.15.0-f.6.mr.el6.x86_64
   - PHP: php54s-5.4.45-1.ius.el6 (cgi mode)
B. Plateform:
   - OS: CentOS release 6.7 (Final) x86_64
   - Hostname: server2.domain.com
C. Services:
   1. MySQL: MariaDB-server-10.0.22-1.el6.x86_64
   2. PHP:
      - Branch: php54-cli-5.4.45-1.ius.el6.x86_64
      - Multiple:
        * php53m-5.3.29-1.ius.el6
        * php54m-5.4.45-1.ius.el6
        * php55m-5.5.30-1.ius.el6
      - Used: php55m
   3. Httpd: httpd-2.2.31-1.mr.el6.x86_64
      - PHP Type: php-fpm_event
   4. Lighttpd: --uninstalled--
   5. Hiawatha: --unused--
   6. Nginx: --uninstalled--
   7. Cache: --uninstalled--
   8. Dns: bind-9.9.7-1.mr.el6.x86_64
   9. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
      - with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.x86_64
D. Memory:
                total       used       free     shared    buffers     cached
   Mem:          3830       1073       2757          1         30        610
   -/+ buffers/cache:        431       3398
   Swap:         1023          0       1023
E. Disk Space:
   Filesystem      Size  Used Avail Use% Mounted on
   /dev/vda1        78G  3.2G   71G   5% /

29

Kloxo-MR Technical Helps / Re: Have to run sh /script/cleanup after adding domain

« on: 2015-11-22, 13:43:21 »

Sorry not sure what you mean?

30

Kloxo-MR Technical Helps / Have to run sh /script/cleanup after adding domain

« on: 2015-11-22, 10:47:48 »

Everytime I add a new domain all my sites appear offline until I run sh /script/cleanup.