Thursday, December 18, 2008

What is a RBL?

HowTo: RBL or DNSBL with Exim - Stop Spam with Exim
This is my micro-howto for how I set up RBL using the Exim Configuration Editor
Are you and your clients tired of getting bombarded with spam email? Stop spam before it gets to your inbox with Exim's RBL,realtime blackhole list, confAiguration options, an invaluable tool for any Cpanel admin.

What is a RBL?

Realtime Blackhole List. A list of open mail relays and rogue sites. Subscribers to the RBL reject all mail and/or connection attempts from RBL'd IP addresses, effectively cutting off irresponsible/incompetent domains from the rest of the Internet.


-------------------------------------------
----------------------
Creating lsearch files
These files are used to manually block spammers, ignore certain domains or incoming hosts.
*****************
Create three text files in the /etc directory:

/etc/rblblacklist
/etc/rblbypass
/etc/rblwhitelist

touch /etc/rblblacklist; touch /etc/rblbypass; touch /etc/rblwhitelist


Examples with sample data:

/etc/rblblacklist



Is a manual blacklist, it rejects specific spammer hosts BEFORE they can send more email to your server:


domain1.com
domain2.com
domain3.com


/etc/rblbypass



Bypasses RBL email testing for specific destination (local) domains that don't want RBL filtering or prefer SpamAssassin tagging:


domain1.com
domain2.com
domain3.com


/etc/rblwhitelist



Blocks RBL email testing for listed incoming hosts, (wildcards allowed), in case an important client's mailserver is listed on an RBL you use, also automatically excludes relayhosts:


mail.domain1.com
*.domain2.com
*.domain3.com

-------------------------------
EXIM CONFIGURATION EDITOR
-------------------------------


If you use the WHM-based Exim Configuration Editor, all of your modifications will be reproduced after each update. If you edit exim.conf directly, cPanel updates MAY overwrite your changes! Because of this, the following changes should be entered using the Exim Configuration Editor.


------------------------
Setting up lsearch files
*******************


At the top of the editor, in the window below:
#!!# cPanel Exim 4 Config
Enter these lines:



domainlist rbl_blacklist = lsearch;/etc/rblblacklist
domainlist rbl_bypass = lsearch;/etc/rblbypass
hostlist rbl_whitelist = lsearch;/etc/relayhosts : partial-lsearch;/etc/rblwhitelist


----------------------------
RBL entries in ACL Section
*********************


RBL selection depends on many factors, be sure to edit the list below to reflect your priorities... Postmaster and abuse bypass allows blocked users to contact admin.
In the center window of the ACL section, directly below the line:
accept hosts = :
Enter these lines:

#**#
#**# RBL List Begin
#**#
#
# Always accept mail to postmaster & abuse for any local domain
#
accept domains = +local_domains
local_parts = postmaster:abuse
#
# Check sending hosts against DNS black lists.
# Accept all locally generated messages
# Reject message if address listed in blacklist.
deny message = Message rejected because $sender_fullhost is blacklisted at $dnslist_domain see $dnslist_text :
!hosts = +relay_hosts
!authenticated = *
dnslists = dnsbl.njabl.org : bl.spamcop.net : sbl.spamhaus.org : list.dsbl.org : cbl.abuseat.org : relays.ordb.org :
# RBL Bypass Local Domain List
!domains = +rbl_bypass
# RBL Whitelist incoming hosts
!hosts = +rbl_whitelist
#**#
#**# RBL List End
#**#

NOTICE: The following below didn't work for my configuration of RHE and WHM 9.4
so I had to remove it. I recommend you try it first to see if it works, if not then come back and remove this.

Scroll down the center window of the ACL section, directly below the line:
accept domains = +local_domains

Enter these lines:

#**#
#**# Reject Email to Invalid Recipient
#**#
endpass
message = unknown user
verify = recipient
#**#

--------------------------------
RBL entries in ROUTERS Section
**************************


In the ROUTERS section window, directly below the line:
# in the "local_domains" setting above.
Enter these lines:

# Deny and send notice to list of rejected domains.
reject_domains:
driver = redirect
# RBL Blacklist incoming hosts
domains = +rbl_blacklist
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

-----------------------------
RBL Testing and Verification
***********************


Once your file changes are in place, be sure to keep an eye out for errors... missing files and other errors will be listed here:
If the above NOTICE scares you then you need to check this log file. If you see Exim failed message then go back and remove that.
tail -50 /var/log/exim_paniclog

You can view your spam filtering by reviewing the reject log:
tail -50 /var/log/exim_rejectlog
If your RBL tests include sbl.spamhaus.org, you can test the blacklist and whitelist functions by sending an email, USING THE MAILSERVER YOU WISH TESTED, to:
nelson-sbl-test@crynwr.com
It will attempt to send an email from mailserver sbl.crynwr.com, which is blacklisted in sbl.spamhaus.org


If the blacklist works, you'll get an email that looks something like this:

Subj: Your SBL test report


Testing your SBL block. See Crynwr spam blocking resources for more info.
Please note that this test will not tell you if your server is open for
relaying. Instead, it tests to see if your server blocks email from IP
addresses listed in various blocking lists; in this case, the SBL list.
Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so
I use your envelope sender as the To: address.
I connected to 64.246.24.14 and here's the conversation I had:
220-whm.yourserver.com ESMTP Exim 4.24 #1 Thu, 16 Oct 2003 08:23:23 -0700
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo sbl.crynwr.com
250 whm.yourserver.com Hello sbl.crynwr.com [192.203.178.107]
mail from:<>
250 OK
rcpt to:<eMtnMan@yourdomain.com>
550-Message rejected because sbl.crynwr.com [192.203.178.107] is blacklisted at
550 sbl.spamhaus.org see The Spamhaus Project - Security
Terminating conversation


If the RBL block fails, you'll receive TWO emails:

Subj: Your SBL test report
Testing your SBL block. See Crynwr spam blocking resources for more info.
Please note that this test will not tell you if your server is open for
relaying. Instead, it tests to see if your server blocks email from IP
addresses listed in various blocking lists; in this case, the SBL list.
Here's how the conversation looked from sbl.crynwr.com.
Note that some sites don't apply the SBL block to postmaster, so
I use your envelope sender as the To: address.
I connected to 64.246.24.14 and here's the conversation I had:
220-whm.yourserver.com ESMTP Exim 4.24 #1 Thu, 16 Oct 2003 08:19:44 -0700
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo sbl.crynwr.com
250 whm.yourserver.com Hello sbl.crynwr.com [192.203.178.107]
mail from:<>
250 OK
rcpt to:<eMtnMan@yourdomain.com>
250 Accepted
data
354 Enter message, ending with "." on a line by itself
From: nelson-SBL-test@crynwr.com
To: eMtnMan@yourdomain.com
Date: Thu, 16 Oct 2003 15:19:46 -0000
Message-Id: <1066317586@sbl.crynwr.com>
Test message
.
250 OK id=1AA9uj-0005xq-2l
quit
Successful termination. As far as I can tell, the email was delivered.
That might not be what you want.
Subj: (BLANK)
Uh-oh, your SBL block is not working!

----------------
RBL Log Counts
*************


I use this script to count the log hits for various RBL's, you should change it to reflect your RBL's and error syntax. Mine relies on the unique word "blacklisted" in every RBL bounce entry.

Place it anywhere you want to view reports in SSH. Eg: /root/spam

pico /root/spam


SAMPLE SCRIPT:
Copy and paste in the following:

grep "blacklisted" /var/log/exim_mainlog -i > kilme
tail -100 kilme
tail /var/log/exim_paniclog
printf "n"
printf "Spam Count = "
grep "blacklisted" kilme -c -i
printf "njabl.org = "
grep "njabl.org" kilme -c
printf "spamcop = "
grep "bl.spamcop" kilme -c
printf "spamhaus = "
grep "sbl.spamhaus" kilme -c
printf "dsbl.org = "
grep "dsbl" kilme -c
printf "abuseat = "
grep "abuseat.org" kilme -c
printf "ordb.org = "
grep "ordb" kilme -c
printf "Manual = "
grep "manual" kilme -c
printf "verify fail= "
grep "verify fail" /var/log/exim_mainlog -c
printf "No Relay = "
grep "not permitted" /var/log/exim_mainlog -c
printf "n"
printf "All Spam: n"
zgrep -ci "blacklisted" /var/log/exim_mainlog*
printf "n"


Save and exit.
Ctrl + O then Y

Assuming the script is called spam, after you:
chmod 755 spam

... it can be executed with: ./spam

Example Spam Script Output!
Spam Count = 488
njabl.org = 134
spamcop = 278
spamhaus = 9
dsbl.org = 4
abuseat = 63
ordb.org = 0
Manual = 0
verify fail= 697
No Relay = 382

Monday, December 15, 2008

Apache server view performance status with mod_status configuration

The Status module (mod_status) allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh.

The details given are:

* The number of children serving requests.
* The number of idle children.
* The status of each child, the number of requests that child has performed and the total number of bytes served by the child (*)
* A total number of accesses and byte count served (*).
* The time the server was started/restarted and the time it has been running for
* Averages giving the number of requests per second, the number of bytes served per second and the average number of bytes per request (*).
* The current percentage CPU used by each child and in total by Apache (*).
* The current hosts and requests being processed (*).

Details marked "(*)" are only available with ExtendedStatus On.

Confiure Apache mod_status

Open your httpd.conf file:
# vi httpd.conf
Append / modify (or uncomment) directives as follows:

SetHandler server-status
Order Deny,Allow
Deny from all
Allow from 192.168.1.5

Replace 192.168.1.5 with your workstation IP address. Save and close the file. Restart httpd server:
# /etc/init.d/httpd restart
For full status report type:
# /etc/init.d/httpd fullstatus

To view status report type url - http://your.com/server-status.

You can now access server statistics by using a Web browser to access the page http://your.server.name/server-status

Sunday, December 14, 2008

How to install yum on a VPS

Please follow the following commands to install yum on your Virtuozzo container . The follwoing commands are to be run from the hardware node .

————————

[root@vps1 ~]# vzlist -a
CTID NPROC STATUS IP_ADDR HOSTNAME
1 91 running 192.168.46.242 ServiceCT
105 49 running 69.72.234.148 asdf
107 49 running 69.72.234.150 test.test.com2

————————

This will list all the configured containers and their container ID (CTID) which is of importance to us

Assume you have to install yum on container 107

————————

[root@vps1 ~]# vzpkg install -p 107 yum

————————

!please note that If there is no yum available in the template repository it will fail.

Tuesday, December 9, 2008

email error : 110 Can't open SMTP stream

Hello,

If you are getting following error while sending emails from squirrelmail.


===========================
Message not sent. Server replied:

Connection timed out
110 Can't open SMTP stream.

===========================

If above case if you are having shell access then login to your server with root user, then edit
config file and do the changes as given below.


#vi /usr/local/cpanel/base/3rdparty/squirrelmail/config/config.php

$useSendmail = false;

to:

$useSendmail = true;


restart cpanel and exim service।

Sylesh

Thursday, December 4, 2008

Getting multiple copies of e-mail

Getting multiple copies of e-mail

Q. I have Microsoft Office Outlook 2003. Most e-mails I get are duplicated several times. I get an e-mail from my niece and it is there 3-4 times. Same thing with e-mails from other people. Some e-mails I've noticed from Amazon.com or others like it only are showing up once. Do you know why that is?

A. The most common cause of multiple e-mails is leaving copies of your e-mail on the mail server.

Every time your e-mail program checks for new messages it make a connection to your mail server and has look at what is there and compares it to what you already have on your computer.

After it makes that check it is supposed to download only the new messages. However, if the mail headers stored on your computer become malformed or corrupt your mail program does not know you already have the message and downloads it again.

There is a quick check you can perform to see if this is the case. If you have Web access to your mail (most Internet providers do) then you can go to the Web and log into your e-mail. If you only see one copy of the message in Web mail but you see multiple copies in your e-mail program you can be sure that the problem is with your mail program.

The quick fix for this is to change the setting that causes your mail program to leave a copy of mail on the server.

In Outlook 2003 you do this by selecting Tools, E-mail Accounts and choosing "View or change existing e-mail accounts" and clicking Next.

Highlight the entry for your mail account and select Change then click More Settings. Under the Advanced tab there is a check box next to Leave a copy of messages on the server. If you uncheck it and then click OK, Next and Finish this will fix the problem.

The steps for Outlook Express are very similar.

The next time you check mail your messages will be removed from the server and each time you check mail you will pull down the new messages only once.

Most Internet providers prefer that you set your e-mail program to do this anyway so as to keep from filling their server to overflowing with customer e-mail messages. Roadrunner imposes a 10 megabyte limit and you will stop receiving e-mail altogether if you go over that limit.

I recognize that there are situations where having your mail stored on the server is useful. If you need to leave a copy of your e-mail on the server you can try creating a new folder in Outlook under your Inbox and move all of your Inbox messages to that folder and then check your e-mail. This might clear up the problem.