MRatWork Forum by Mustafa Ramadhan - Show Posts

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - lenawaii

Pages: 1 ... 3 4 [5] 6 7

Kloxo-MR Technical Helps / Re: Letsencrypt is creating certificates but not opening https

« on: 2016-06-29, 17:18:42 »

did you verify your apache conf file for your domain ?

Go to /home/apache/conf/domains/www.yourdomain.com.conf and modify the following lines :

<IfModule mod_ssl.c>
      SSLEngine On
      SSLCertificateFile /etc/letsencrypt/live/www.yourdomain.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/www.yourdomain.com/privkey.pem
      SSLCACertificatefile /etc/letsencrypt/live/www.yourdomain.com/chain.pem
   </IfModule>

If necessary, restart apache. Let's encrypt works perfectly on my web server, I hope it will for you too :-)

Kloxo-MR Technical Helps / Spamdyke not working with SSL certificate

« on: 2016-06-29, 16:37:31 »

Hi Mustapha,

I've some trouble with Spamdyke since I've installed Let's Encrypt on my VPS and and SSL certificate to secure Qmail Toaster.

Let's Encrypt works perfectly, so no worry for this. Here's what I've done:

1/ Remplacement of /var/qmail/control/servercert.pem file with my ssl cert + intermediate cert + privatekey
Works fine with 465 port and 993 port

2/ Modification of /var/qmail/supervise/smtp-ssl/run file with:

export SMTPAUTH="!" \
   SMTPS=1 \
   SSL=1 \
   REQUIRE_AUTH=0 \
   FORCE_TLS=0 \
   DENY_TLS=0 \
   AUTH=1 \
   REQUIRE_AUTH=0 \
   ALLOW_INSECURE_AUTH=0

3/ Modification of /etc/spamdyke.conf file and added
tls-level=smtps
just before
tls-certificate-file=/var/qmail/control/servercert.pem

4/ Restart of Qmail

RESULT :
I can send emails but emails sent from outside the server are not delivered to my VPS, they are blocked. If I desactivate Spamdyke, i will receive emails so the problem is from Spamdyke.

Plus, tls-level=smtps line in spamdyke.conf file disappear when I desactivate Spamdyke. I'm sure I do something wrong.

Can you please give me some help, thanks

Lenawaii

Kloxo-MR Technical Helps / Re: Can't restart named after VPS breakdown

« on: 2015-10-31, 00:57:09 »

I'm happy to tell everyone that I solved this problem by myself.

It was a problem in the dns config for one domain with A pointing to a domain instead of an IP.

In named.acl.conf file, there should be only localhost or IPs

Kloxo-MR Technical Helps / Can't restart named after VPS breakdown

« on: 2015-10-31, 00:04:06 »

Hi everyone,

I had a VPS breakdown for an hour and after restart, my VPS has trouble to start named (bind DNS Server). Here is the error I have :

Error in named configuration:
/home/bind/conf/defaults/named.acl.conf:5: undefined ACL 'mydomain.com'

Here is the file:
acl allow-transfer {
localhost;
xxx.xxx.xx.xx1;
xxx.xxx.xx.xx2;
mydomain.com;
};

All worked perfectly before the breakdown, have you an idea to resolve this issue? Thanks a lot.

Kloxo-MR Technical Helps / Re: PHP do not work anymore after upgrade to php54

« on: 2015-09-23, 02:21:55 »

Thank you, its worked !!!

it was so a mess in my kloxo after many tries, so I finally did:

# yum update
# sh /script/upcp
# sh /script/cleanup
# sh /script/restart-all
# yum replace php53u --replace-with=php54
# service httpd restart

thank you so much for help, I love this forum & Mustapha :-)

Kloxo-MR Technical Helps / Re: PHP do not work anymore after upgrade to php54

« on: 2015-09-23, 00:39:12 »

Thanks for your help but it did not work :-(

I still have the same problem, php code is not executed.

Instead of having "hola" in my web page I have "<?php echo 'hola'; ?>"

another idea?

Kloxo-MR Technical Helps / PHP do not work anymore after upgrade to php54

« on: 2015-09-22, 18:10:22 »

Hi everyone,

I had to upgrade PHP from php53 to php54 and now PHP is not working anymore.

I did the upgrade from Kloxo > Web - Mail -Database > Webserver Config > Php Branch choosed php54 in the select menu and then click on "update"

After that I did:
# yum update
# sh /script/cleanup

Even after update and cleanup, php is not working, any idea ?

Here is below my system info:

A. Kloxo-MR: 6.5.0.f-2015083001

B. OS: CentOS release 6.7 (Final) x86_64

C. Apps:
1. MySQL: mysql55-5.5.45-1.ius.el6.x86_64
2. PHP: php54-5.4.45-1.ius.el6.x86_64
3. Httpd: httpd-2.2.31-1.mr.el6.x86_64
4. Lighttpd: --uninstalled--
5. Nginx: --uninstalled--
6. Qmail: qmail-toaster-1.03-1.3.55.mr.el6.x86_64
- with: courier-imap-toaster-4.1.2-1.3.18.mr.el6.x86_64
7. Dns: bind-9.9.7-1.mr.el6.x86_64

D. Php-type (for Httpd/proxy): mod_php_ruid2

E. Memory:
total used free shared buffers cached
Mem: 4096 924 3171 8 0 717
-/+ buffers/cache: 206 3889
Swap: 0 0 0

Kloxo-MR Technical Helps / How to customize Spamdyke rejection message ?

« on: 2015-06-14, 09:43:50 »

Hi,

I saw on Spamdyke documentation that this is possibly to customize rejection message. So I tried to add lines in my /etc/spamdyke.conf file following this way!

#REJECTION MESSAGES
rejection-text-ip-blacklist=my personal message 1
rejection-text-unresolvable-rdns=my personal message 2

But Qmail does not work proprely after restart. Any idea to resolve this?

Thanks for your help.

Kloxo-MR Technical Helps / Re: How to configure IPtables proprely on Kloxo MR?

« on: 2015-03-05, 09:35:49 »

well, I have another problem but not on the same VPS, with the other I have worry with the command lines but with one, I have this error :

# iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
iptables: No chain/target/match by that name.

Do you have any idea with error? No answer in google, thanks for help

Kloxo-MR Technical Helps / Re: How to configure IPtables proprely on Kloxo MR?

« on: 2015-03-05, 08:56:58 »

Well, I found the solution by myself. In fact, I needed to delete iptables wrong file, add all the command lines manually in SSH console then did :

# iptables-save | sudo tee /etc/sysconfig/iptables
# service iptables restart

The firewall rules files is proprely generated. If you modify the rules afterwards, you need to save the file again with command line:

# service iptables save

If you don't manage to make iptables work on kloxo MR, ask me. I'll be glad to help :-)

Kloxo-MR Technical Helps / How to configure IPtables proprely on Kloxo MR?

« on: 2015-03-05, 06:01:23 »

Hi there,

I want to secure my VPS with IPtables and I have an issue to apply the firewall rules. Before that I wanted to be sure about the open ports on Kloxo MR, so I installed nmap and with the command # nmap localhost, i get the list below :

--------------------

Starting Nmap 5.51 ( http://nmap.org ) at 2015-03-05 10:20 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000011s latency).
Other addresses for localhost (not scanned): 127.0.0.1
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 988 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
995/tcp open pop3s
3306/tcp open mysql

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

--------------------

To create all my firewall rules, i create an executable file /etc/sysconfig/iptables with the content below :

--------------------

#!/bin/sh

# Vider les tables actuelles + personnelles
iptables -t filter -F
iptables -t filter -X
echo "Clear rules : OK"

# Interdire toute connexion entrante et sortante
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
iptables -t filter -P OUTPUT DROP
echo "Block all connections : OK"

# SYN-Flood Protection
iptables -N syn-flood
iptables -A syn-flood -m limit --limit 10/second --limit-burst 50 -j RETURN
iptables -A syn-flood -j LOG --log-prefix "SYN FLOOD: "
iptables -A syn-flood -j DROP
echo "SYN-Flood Protection : OK"

# Ne pas casser les connexions etablies
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
echo "Established connections : OK"

# Autoriser loopback
iptables -t filter -A INPUT -i lo -j ACCEPT
iptables -t filter -A OUTPUT -o lo -j ACCEPT
echo "Loopback : OK"

# ICMP (Ping)
iptables -t filter -A INPUT -p icmp -j ACCEPT
iptables -t filter -A OUTPUT -p icmp -j ACCEPT

# SSH In/Out
iptables -t filter -A INPUT -p tcp --dport 6490 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 6490 -j ACCEPT
echo "SSH : OK"

# DNS In/Out
iptables -t filter -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -t filter -A INPUT -p udp --dport 53 -j ACCEPT
echo "DNS : OK"

# NTP Out
iptables -t filter -A OUTPUT -p udp --dport 123 -j ACCEPT
echo - NTP : OK

# HTTP + HTTPS Out/In
iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT
echo "HTTP/HTTPS : OK"

# FTP Out/In
iptables -t filter -A OUTPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 30000:50000 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 20:21 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 30000:50000 -j ACCEPT
iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
echo "FTP : OK"

# Mail SMTP/SMTPS
iptables -t filter -A INPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 465 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 25 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 456 -j ACCEPT
echo "SMTP/SMTPS : OK"

# Mail Submission
iptables -t filter -A INPUT -p tcp --dport 587 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 587 -j ACCEPT
echo "Submission : OK"

# Mail POP3/POP3S
iptables -t filter -A INPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 995 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 110 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 995 -j ACCEPT
echo "POP/POP3S : OK"

# Mail IMAP/IMAPS
iptables -t filter -A INPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A INPUT -p tcp --dport 993 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 143 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 993 -j ACCEPT
echo "IMAP/IMAPS : OK"

# MySQL
iptables -t filter -A INPUT -p tcp --dport 3306 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 3306 -j ACCEPT
echo "MySQL : OK"

# Kloxo
iptables -t filter -A INPUT -p tcp --dport 7777:7778 -j ACCEPT
iptables -t filter -A OUTPUT -p tcp --dport 7777:7778 -j ACCEPT
echo "Kloxo : OK"

--------------------

The problem is when i want to apply my rules with the command #/etc/init.d/iptables start, I want the error below:

iptables: Applying firewall rules: iptables-restore: line 4 failed [FAILED]

I've tried to resolve it by myself but no way. I'll appreciate any help, thanks.

Kloxo-MR Technical Helps / Re: SSL certificate bug after cleanup

« on: 2015-02-25, 15:58:08 »

I found the solution by myself, in fact there is a bug in Kloxo MR, when you update or cleanup Kloxo, all apache conf files are reedited by default so you have to take care of correcting path to ssl certificates :

ex : in file /home/apache/conf/domains/mydomain.com.conf

correct lines below:

<IfModule mod_ssl.c>
      SSLEngine On
      SSLCertificateFile /home/kloxo/httpd/ssl/venet0_0___localhost.crt
      SSLCertificateKeyFile /home/kloxo/httpd/ssl/venet0_0___localhost.key
      SSLCACertificatefile /home/kloxo/httpd/ssl/venet0_0___localhost.ca
</IfModule>

Once you correct path to certificates, it works fine.

There is the same bug when updating kloxo, I need to manually update the following files:
- /etc/php.ini
- /etc/httpd/conf.d/~lxcenter.conf
- /home/phpini/tpl/php.ini.tpl
- /etc/httpd/conf/httpd.conf

Well, it's not long to do it but it's really good to know it.

Pages: 1 ... 3 4 [5] 6 7

Show Posts

Messages - lenawaii

Kloxo-MR Technical Helps / Re: Letsencrypt is creating certificates but not opening https

Kloxo-MR Technical Helps / Spamdyke not working with SSL certificate

Kloxo-MR Technical Helps / Re: Can't restart named after VPS breakdown

Kloxo-MR Technical Helps / Can't restart named after VPS breakdown

Kloxo-MR Technical Helps / Re: PHP do not work anymore after upgrade to php54

Kloxo-MR Technical Helps / Re: PHP do not work anymore after upgrade to php54

Kloxo-MR Technical Helps / PHP do not work anymore after upgrade to php54

Kloxo-MR Technical Helps / How to customize Spamdyke rejection message ?

Kloxo-MR Technical Helps / Re: How to configure IPtables proprely on Kloxo MR?

Kloxo-MR Technical Helps / Re: How to configure IPtables proprely on Kloxo MR?

Kloxo-MR Technical Helps / How to configure IPtables proprely on Kloxo MR?

Kloxo-MR Technical Helps / Re: SSL certificate bug after cleanup

Kloxo-MR Development / Re: Each Kloxo update disables SSL cert for Kloxo

Kloxo-MR Technical Helps / Re: SSL certificate bug after cleanup

Kloxo-MR Technical Helps / Re: SSL certificate bug after cleanup