Sponsor:

Server and Web Integrator
Link:
Kloxo-MR logo
6.5.0 or 7.0.0
Click for "How to install"
Donation/Sponsorship:
Kloxo-MR is open-source.
Donate and or Sponsorship always welcome.
Click to:
Click Here
Please login or register. 2024-03-28, 16:06:22

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - idove

Pages: 1 2 [3] 4 5 ... 10
31
Kloxo-MR Technical Helps / Re: Added to SPAMHAUS
« on: 2019-07-04, 07:54:24 »
Thank you for reply, with that option, yes, all sendmail are banned. I can't send none of them via sendmail, that's ok. But, they aren't also showed in Mail Queue.

Anyway, today I received reply from abuseat.org, so there is more info why I'm keep blacklisted.

My server is sending different HELO for different domains on.
Here is the reply from abuseat.org.

Code: [Select]
Hello,

77.81.*.* is listed in the CBL, it tried to send email using too many
different domains in the HELO (domains: 5, FQDNs: 5, list:
ab**ro.hr, ce**ic.hr, mo**er.info, mo**ka.net, te**ma.hr);

In some cases it's a multi-domain capable mail server attempting to use
different HELO values for each domain. The domain used in a HELO should
reflect the name of the server, and it's owner, not the customer. In some
cases, it may make sense to use a single common domain, with different
subdomains for each customer. For example, "cust1.example.com",
"cust2.example.com" etc.

If you don't have such a mail server, there is most likely a spam sending
infection.

Most recent detection was at 2019/07/03 18:50:00 (UTC) (+/- 5 minutes)

You will need to examine the machine for a spam trojan or open proxy.
Up-to-date anti-virus tools are essential.

If the IP is a NAT firewall, we strongly recommend configuring the
firewall to prevent machines on your network connecting to the Internet
on port 25, except for machines that are supposed to be mail servers.

Useful links:

  1.  The Basics of Securing your Server - Australian Communications and
    Media Authority (ACMA)[1]

  2.  Web Server Security and Database Server Security - Acunetix[2]

  3.  A comprehensive list of Information Security Resources from SANS[3]

For more information on securing NAT firewalls/gateways, please see The
CBL on NATs[4]

Full lookup page included below for completeness.

77.81.*.* has been removed.

Note: the IP address is subject to relisting again if the problem recurs.


Also note: this removal will have taken effect immediately
within our database and for the most part the now-removed listing
will no longer affect you within half an hour.  However, with
some receiving installations it can take a few hours.


========================================================

New: many of these listings are caused by a MikroTik Router compromise.
If you have a Microtik router, please consult this entry on the MikroTik
Support Forum[5]

If this IP address is NOT a shared hosting IP address, this IP address is
infected with/emitting spamware/spamtrojan traffic and needs to be fixed.
Find and remove the virus/spamware problem then use the CBL delisting
link below.

CRITICALLY IMPORTANT, Read Carefully: In some unusual cases, IP addresses
used in shared hosting (especially those using IPSwitch Imail, Plesk or
Cpanel/WHM) can trigger CBL listings. If this is an IP address shared
amongst many customers, make sure that your mail server software is set
up to identify _itself_ in its mail connections, not each of your
customers.

Many of these packages contain features that attempt to assign each
customer a dedicated virtual IP address, so that each customer's stream
of email comes from a different IP address. However, in many cases the
package is unable to actually bind to a virtual address (and hence uses
the server's primary IP address regardless), or, there are more customers
than there are IP addresses, and the customers without dedicated IP
address all end up using the same IP address - the server primary IP
address.

To the receiving systems, an IP address that appears unable to decide
what it's own name is hence highly suspect, and is in fact imitating
malicious spamware.

Strictly speaking, using different names in the HELO/EHLO from the same
IP address is not a violation of the Email RFC standards. However, it is
clear that the RFCs are intending that the HELO/EHLO identifies who owns
the mail server. Furthermore, using multiple HELO/EHLO names is highly
frowned upon in many mail sender Best Current Practise (BCP) documents,
such as those from the OECD and M3AAWG.

It is sometimes claimed that using a common name for the HELO/EHLO causes
problems with SPF/SenderID. Nothing could be further from the truth, as
witnessed by the fact that the very largest multi-domain hosters (such as
gmail, yahoo etc) use the same domains for all of their mail servers.

The following web pages will give you an assist in ensuring the
configuration is set up correctly.

If you are using Plesk, see this link[6].

If you are using cPanel, see this link[7].



1. http://www.acma.gov.au/Citizen/Internet/esecurity/Online-identity/securing-your-server-internet-safety-acma
2. https://www.acunetix.com/websitesecurity/webserver-security/
3. https://www.sans.org/security-resources/
4. https://abuseat.org/nat.html
5. https://forum.mikrotik.com/viewtopic.php?t=133533
6. https://abuseat.org/PleskAvoid.html
7. https://abuseat.org/cPanel.html



--
Ray, CBL Team



I tried to send mail from mo**ka.net domain to helocheck@abuseat.org, this "howto" is explained here:
https://www.abuseat.org/helocheck.html

And I believe this is response in maillog:
Code: [Select]
Jul  4 08:02:38 server send: delivery 200: failure: User_and_password_not_set,_continuing_without_authentication./54.93.50.35_does_not
_like_recipient./Remote_host_said:_550_***_The_HELO_for_IP_address_77.81.*.*_was_'mo**ka.net'_(valid_syntax)_***/Giving_up_on_
54.93.50.35./


Then I tried to send mail from the same server as mo**er.info and mo**je.com, here are the respones:

Code: [Select]
Jul  4 08:14:38 server send: delivery 224: failure: User_and_password_not_set,_continuing_without_authentication./54.93.50.35_does_not
_like_recipient./Remote_host_said:_550_***_The_HELO_for_IP_address_77.81.*.*_was_'mo**je.net'_(valid_syntax)_***/Giving_up_
on_54.93.50.35./


Jul  4 08:24:52 server send: delivery 231: failure: User_and_password_not_set,_continuing_without_authentication./54.93.50.35_does_not
_like_recipient./Remote_host_said:_550_***_The_HELO_for_IP_address_77.81.*.*_was_'mo**er.info'_(valid_syntax)_***/Giving_up_on
_54.93.50.35./


And in mail server settings, my mail server name is configured as: mo**er.info
Is that new feature of Kloxo MR, or?

Thank you for your reply.

32
Kloxo-MR Technical Helps / Re: Added to SPAMHAUS
« on: 2019-07-03, 18:11:16 »
Like that?

Do you think that sendmail (php script) sends those emails?
What do I get with that?

I noticed that now I can't send anymore via sendmail.

Tnx.

33
Kloxo-MR Technical Helps / Re: Added to SPAMHAUS
« on: 2019-07-03, 16:52:22 »
Thank you, how do you mean, sorry don't understand.
In qmail queue there is only 1 mail that have not been delivered. Only one. I checked that email via maillog and content of message is normal, unencrypted so I can see it look like normal email.

All I know from spahaus/abuseat.org that some problem are 6 times occurred in last 24hours, and last suspicious mail was allegedly sent today at 10:15 UTC (+/-5 min). But from maillog I can't detect suspicious one at all.

From spamhaus nor abuseat org I don't get more details about that matter, just one that I sent in previous email.

Can I somehow detect that from QMail Queue? Did I misunderstand you?
Thank you.

34
Kloxo-MR Technical Helps / Added to SPAMHAUS
« on: 2019-07-03, 14:47:46 »
I have been added in last 28 days, 47 times to spamhaus, and I was unable to detect the problem until today.
I was doing update one month ago (yum update, started clean and fix scripts), maybe is this reason, and something is disconfigured, but I can't detect problem till today.

Can I get some assist, I can send domain or/and IP as PM.

For cPanel and Plesk they recommanding following links,
https://www.abuseat.org/PleskAvoid.html
https://www.abuseat.org/cPanel.html

Code: [Select]
RESULTS OF LOOKUP (from abuseat.org)
77.81.x.x is listed

This IP address was detected and listed 47 times in the past 28 days, and 6 times in the past 24 hours. The most recent detection was at Wed Jul 3 10:15:00 2019 UTC +/- 5 minutes

This IP address was self-removed 1 times in the past week.

New: many of these listings are caused by a MikroTik Router compromise. If you have a Microtik router, please consult this entry on the MikroTik Support Forum

If this IP address is NOT a shared hosting IP address, this IP address is infected with/emitting spamware/spamtrojan traffic and needs to be fixed. Find and remove the virus/spamware problem then use the CBL delisting link below.

CRITICALLY IMPORTANT, Read Carefully: In some unusual cases, IP addresses used in shared hosting (especially those using IPSwitch Imail, Plesk or Cpanel/WHM) can trigger CBL listings. If this is an IP address shared amongst many customers, make sure that your mail server software is set up to identify _itself_ in its mail connections, not each of your customers.

Many of these packages contain features that attempt to assign each customer a dedicated virtual IP address, so that each customer's stream of email comes from a different IP address. However, in many cases the package is unable to actually bind to a virtual address (and hence uses the server's primary IP address regardless), or, there are more customers than there are IP addresses, and the customers without dedicated IP address all end up using the same IP address - the server primary IP address.

To the receiving systems, an IP address that appears unable to decide what it's own name is hence highly suspect, and is in fact imitating malicious spamware.

Strictly speaking, using different names in the HELO/EHLO from the same IP address is not a violation of the Email RFC standards. However, it is clear that the RFCs are intending that the HELO/EHLO identifies who owns the mail server. Furthermore, using multiple HELO/EHLO names is highly frowned upon in many mail sender Best Current Practise (BCP) documents, such as those from the OECD and M3AAWG.

It is sometimes claimed that using a common name for the HELO/EHLO causes problems with SPF/SenderID. Nothing could be further from the truth, as witnessed by the fact that the very largest multi-domain hosters (such as gmail, yahoo etc) use the same domains for all of their mail servers.

The following web pages will give you an assist in ensuring the configuration is set up correctly.

If you are using Plesk, see this link.

If you are using cPanel, see this link.

SELF REMOVAL:
Normally, you can remove the CBL listing yourself. If no removal link is given below, follow the instructions, and come back and do the lookup again, and the removal link will appear.

35
Try modified '/var/qmail/supervise/clamd/run' content

from
Code: [Select]
exec /usr/bin/setuidgid clam /usr/sbin/clamd 2>&1to
Code: [Select]
exec /usr/bin/setuidgid root /usr/sbin/clamd 2>&1

and then 'sh /script/restart-mail' or reboot your server.

I manage to do that now problem is on
sh /script/restart-mail

Code: [Select]
supervise: fatal: unable to start clamd_remove/run: file does not exist
supervise: fatal: unable to start clamd_remove/run: file does not exist
supervise: fatal: unable to start clamd_remove/run: file does not exist

And in /var/log/maillog

Code: [Select]
Jun 28 23:00:55 server clamd: ERROR: Can't open/parse the config file /etc/clamd.d/scan.conf
Jun 28 23:00:56 server clamd: ERROR: Please edit the example config file /etc/clamd.d/scan.conf

36
Now my maillog is full with this lines

Code: [Select]
Jun 25 04:32:23 server clamd: setuidgid: fatal: unknown account clam


37
Kloxo-MR Technical Helps / Virus scan and clamd how to setup
« on: 2019-06-24, 16:53:37 »
I would like to run Virus scan for all incoming/outcoing mails, how to do that?
Do I need to manually install clamd, is it enough to enable Virus scan enable in mail server settings?


Thank you for short how to.


38
Tnx,
everything is updated and fresh, server rebooted. Only I didn't do:
 'sh /script/cleanup'
Is that essential, what does it do? It seems that everything works properly. Should I run this command?


Btw, I did manage to install php71m and enable php7.1 for some sites in Web Features.
It's easy to configure via web panel. Great job again MRatWork !!!

Thank you again.

39
No options. Need 'yum clean all; yum update -y' and then 'sh /script/cleanup'.

Sorry, is that reply for me?
I'm currently using 5.6.31u, how to enable latest available 7.1.8?
And how to select and enable multiple php's in webserver config?

Do I need to enable " Multiple PHP Enable (for 'php-fpm')"
Do I need to enable " Enable Multiple PHP As Secondary PHP (for Apache)"?

Tnx.

40
I didn't update nor php nor kloxo nor centos, but I need other versions of php than current PHP 5.6.31. Reason why I didn't update is because everything works smooth and nice, and few years ago after update I get broken server and kloxo :).


Is there any how to manual, to update php, kloxo etc...
What can go wrong, what to do after if something deosn't work, how to fix.  Short manual or todo list.

What I try to achieve is to I would like to have latest php7, it's faster than php5, that's the main reason and I would to use multiple php's (compability issues).

Tnx for advices.

Here is my sysinfo:

Code: [Select]
[root@server plugins]# sh /script/sysinfo
A. Control Panel:               
   - Kloxo-MR: 7.0.0.c-2017083001
   - Web: hiawatha-10.6.0-f.1.mr.el7.x86_64
   - PHP: php56s - 5.6.31-1.ius.centos7 (fpm mode)
B. Plateform:
   - OS: CentOS Linux release 7.3.1611 (Core) x86_64
   - Hostname: server.xxxxxxxxxxxx.com
C. Services:
   1. MySQL: MariaDB-server-10.0.32-1.el7.centos.x86_64
   2. PHP:
      - Installed:
        - Branch: php56u-cli-5.6.31-1.ius.centos7.x86_64
      - Used: --PHP Branch--
      - Multiple: disable
   3. Web Used: apache
     - Hiawatha: hiawatha-10.6.0-f.1.mr.el7.x86_64
     - Lighttpd: lighttpd-1.4.45-1.el7.x86_64
     - Nginx: nginx-1.13.4-1.el7.ngx.x86_64
     - Apache: httpd24u-2.4.27-1.ius.centos7.x86_64
       - PHP Type: php-fpm_event
       - Secondary PHP: off
   4. WebCache: none
     - ATS: --uninstalled--
     - Squid: --uninstalled--
     - Varnish: --uninstalled--
   5. Dns: bind
     - Bind: bind-9.9.9-1.mr.el7.x86_64
     - DJBDns: djbdns-1.05-17.4.mr.el7.x86_64
     - NSD: nsd-4.1.16-1.el7.x86_64
     - PowerDNS: pdns-4.0.3-1.el7.MIND.x86_64
     - Yadifa: yadifa-2.2.5-1.mr.el7.x86_64
   6. Mail: qmail-toaster-1.03-1.3.57.mr.el7.x86_64
      - pop3/imap4: courier-imap-toaster-4.1.2-1.3.20.mr.el7.x86_64
      - smtp: qmail-toaster-1.03-1.3.57.mr.el7.x86_64
      - spam: --uninstalled--
   7. FTP: pure-ftpd
      - pure-ftpd: pure-ftpd-1.0.42-3.el7.x86_64
   8. Stats: awstats
      - awstats: kloxomr-stats-awstats-7.6-1.mr.noarch
D. Memory:
              total        used        free      shared  buff/cache   available
Mem:           7983        1426         500         372        6057        5823
Swap:             0           0           0
E. Disk Space:
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda         59G   51G  5,6G  91% /


*** Process Time: 00:00:01:10.70232 (dd:hh:mm:ss:xxxxxx) ***

* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
        (importance after Kloxo-MR update)


41
I did on a DigitalOcean's vps and everything looks good

Tnx for reply,
can you please share your

 sh /script/sysinfo

Tnx.

42
Kloxo-MR Technical Helps / yum update - is it safe to run?
« on: 2019-05-17, 07:47:48 »
Hi.
Recently I received email from my VPS hosting  "Urgent maintenance related to Intel’s Microarchitectural Data Sampling" and I need to do:

yum update
reboot

Is it safe?

Can anything go wrong? I mean with Kloxo MR setup or is it pretty safe to do that.
Tnx.


--
[root@server ~]# sh /script/sysinfo
A. Control Panel:               
   - Kloxo-MR: 7.0.0.c-2017083001
   - Web: hiawatha-10.6.0-f.1.mr.el7.x86_64
   - PHP: php56s - 5.6.31-1.ius.centos7 (fpm mode)
B. Plateform:
   - OS: CentOS Linux release 7.3.1611 (Core) x86_64
   - Hostname: server.moj-server.info
C. Services:
   1. MySQL: MariaDB-server-10.0.32-1.el7.centos.x86_64
   2. PHP:
      - Installed:
        - Branch: php56u-cli-5.6.31-1.ius.centos7.x86_64
      - Used: --PHP Branch--
      - Multiple: disable
   3. Web Used: apache
     - Hiawatha: hiawatha-10.6.0-f.1.mr.el7.x86_64
     - Lighttpd: lighttpd-1.4.45-1.el7.x86_64
     - Nginx: nginx-1.13.4-1.el7.ngx.x86_64
     - Apache: httpd24u-2.4.27-1.ius.centos7.x86_64
       - PHP Type: php-fpm_event
       - Secondary PHP: off
   4. WebCache: none
     - ATS: --uninstalled--
     - Squid: --uninstalled--
     - Varnish: --uninstalled--
   5. Dns: bind
     - Bind: bind-9.9.9-1.mr.el7.x86_64
     - DJBDns: djbdns-1.05-17.4.mr.el7.x86_64
     - NSD: nsd-4.1.16-1.el7.x86_64
     - PowerDNS: pdns-4.0.3-1.el7.MIND.x86_64
     - Yadifa: yadifa-2.2.5-1.mr.el7.x86_64
   6. Mail: qmail-toaster-1.03-1.3.57.mr.el7.x86_64
      - pop3/imap4: courier-imap-toaster-4.1.2-1.3.20.mr.el7.x86_64
      - smtp: qmail-toaster-1.03-1.3.57.mr.el7.x86_64
      - spam: --uninstalled--
   7. FTP: pure-ftpd
      - pure-ftpd: pure-ftpd-1.0.42-3.el7.x86_64
   8. Stats: awstats
      - awstats: kloxomr-stats-awstats-7.6-1.mr.noarch
D. Memory:
              total        used        free      shared  buff/cache   available
Mem:           7983         889         545         314        6549        6438
Swap:             0           0           0
E. Disk Space:
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda         59G   48G  8,5G  85% /


*** Process Time: 00:00:00:25.25169 (dd:hh:mm:ss:xxxxxx) ***

* Note: run 'sh /script/sysinfo -y' if you want run 'fix-service-list' also
        (importance after Kloxo-MR update)
---

43
Forum Announcements / Re: He is back!!!!!!!!!!!!!!
« on: 2019-05-07, 10:26:36 »
Thumbs up ;).

44
Anyone tested?

Is it possible to forward mail to multiple addresses, for example if i send mail to mail1@domain.com, to resend this email to mail2, mail3 and mail4 on the same domain.

And that all mail1, ... mail4 has the same email in inbox which was sent to mail1.
Please try before comment, it seems that this is impossible.

Thank you.

45
Forum Announcements / Re: MR will be back
« on: 2018-05-16, 17:03:13 »
He is giving time to family, so guys chill project is live and it will be live forever. Please Donate monthly for server and coder fees. This will be a big help to the project.

Every year I have donate it, but now sorry I don't buy it. "He is here please donate".
Sorry, but it just looks like you would like to take money in his name.

If Mustafa is here or alive he will reply in his style and word. For every support he gave he receive donation from ppl. For now it looks thah he isn't here or he isn't active on this project at all.

Currently, this project seems dead to me or not in progress.

Pages: 1 2 [3] 4 5 ... 10

MRatWork Affiliates:    BIGRAF(R) Inc.    House of LMAR    EFARgrafix

Page created in 0.038 seconds with 17 queries.

web stats analysis