Monday, 19 May 2014

Find Spammer on exim server - cPanel

Top 5 users sending maximum emails

grep "<=.*P=local" /var/log/exim_mainlog | awk '{print $6}' | sort | uniq -c | sort -nr | head -5
eximstats /var/log/exim_mainlog | grep -A7 "Top 50 local senders by message count" | tail -5 | awk '{print $1,$NF}'

Top 5 mail receivers:

egrep "(=>.T=virtual_userdelivery|=>.T=local_delivery)" /var/log/exim_mainlog | awk '{print $7}' | sort | uniq -c | sort -nr | head -5
eximstats /var/log/exim_mainlog | grep -A7 "Top 50 local destinations by message count" | tail -5 | awk '{print $1,$NF}'

Script to check path for the script used for spamming

awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1
awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $4} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

If there is large number of hits from an IP,block the IP

tail -n1000 /var/log/exim_mainlog |grep SMTP|cut -d[ -f2|cut -d] -f1|sort -n |uniq -c

Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.

exim -bpr | grep "<@>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n

That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.

exim -bpr | grep "<@>" | awk '{print $4}'|grep -v "<>" |awk -F "@" '{ print $2}' | sort | uniq -c | sort -n

Following command will show path to the script being utilized to send mail

ps -C exim -fH eww
ps -C exim -fH eww | grep home
cd /var/spool/exim/input/
egrep "X-PHP-Script" * -R

Command to delete frozen mails

exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm

If anyone is spamming from /tmp

tail -f /var/log/exim_mainlog | grep /tmp

To display the IP and no of tries done the IP to send mail but rejected by the server.

tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F[ '{print $2} '|awk -F] '{print $1} '|sort | uniq -c | sort -k 1 -nr | head -n 5

Shows the  connections from a certain ip to the   SMTP server

netstat -plan|grep :25|awk {‘print $5?}|cut -d: -f 1|sort|uniq -c|sort -nk 1

To shows the domain name and the no of emails in queue

exim -bp | exiqsumm | more

If  spamming from outside domain then you can block that domain or email id on the server

pico /etc/antivirus.exim

Add the following lines:

if $header_from: contains “name@domain.com” then seen finish endif

Catching spammer

Check mail stats

exim -bp | exiqsumm | more

Check if any php script is causing the mass mailing with

cd /var/spool/exim/inputegrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.  To Remove particular email account email

exim -bpr |grep “test.org”|awk {‘print $3?}|xargs exim -Mrm
Posted by at No comments:

Friday, 16 May 2014

IP Address - What is IP Address?

Internet Protocol Address (or IP Address) is a unique address that computing devices use to identify and communicate with other devices in the network. Device connected to the IP network must have a unique IP address within its network. An IP address is alike to a street address or telephone number in that it is used to uniquely identify a network device to deliver mail message, or view a website.



IP addresses consist of four numbers separated by periods (also called a ‘dotted-quad’) and look something like 127.0.0.1.



Wikipedia defines it as follows:



An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing. Its role has been characterized as follows: “A name indicates what we seek. An address indicates where it is. A route indicates how to get there.”



The designers of the Internet Protocol defined an IP address as a 32-bit number and this system, known as Internet Protocol Version 4 (IPv4), is still in use today. However, due to the enormous growth of the Internet and the predicted depletion of available addresses, a new addressing system (IPv6), using 128 bits for the address, was developed in 1995, standardized as RFC 2460 in 1998, and is being deployed worldwide since the mid-2000s.



IP addresses are binary numbers, but they are usually stored in text files and displayed in human-readable notations, such as 172.16.254.1 (for IPv4), and 2001:db8:0:1234:0:567:8:1 (for IPv6).



The Internet Assigned Numbers Authority (IANA) manages the IP address space allocations globally and delegates five regional Internet registries (RIRs) to allocate IP address blocks to local Internet registries (Internet Service Providers) and other entities.



IP addresses consist of a series of four numbers separated by decimal points. There are two types of IP addresses: STATIC and DYNAMIC.



Static IP addresses remain the same and are unchanging. They are permanent and are used as easy identifiers. Most ISP’s can offer to assign a single static IP or a block of static IP’s for a few extra bucks a month and may require you upgrading to a business account.



Dynamic IP addresses are temporary and changeable. Such type is issued to customers from a pool of addresses allocated by the ISP or DHCP Server. It is for a large number of customers that do not require the same address all the time for a variety of reasons. Computer will automatically get this number as it logs on to the network and saves one from the trouble of having to know the details regarding the specific network configurations. Those numbers can be assigned to anyone using a dial-up connection, Wireless and High Speed Internet connections.



To maintain uniqueness within global namespace, the IP addresses are publicly registered with the NIC (Network Information Center) to avoid IP address conflicts. Devices which need to be publicly identified such as web / mail servers must have a Globally Unique IP address, and they are assigned a Public IP address. Devices which do not require public access may be assigned a Private IP address, and make it uniquely identifiable within the organization. Example, to prevent the world from printing from it, that network printer may be assigned with a Private IP address.



What is IPv4?



Internet Protocol Version 4 (IPv4), a system of addresses used to identify devices on a network. Originally described in 1981 in RFC791, IPv4, the most widely used Internet layer protocol, at this point it is used by vast majority of users to connect to Internet. More details…



What is IPv6?



Internet Protocol Version 6 (IPv6), an Internet layer protocol developed in the 1990’s (described in RFC2460) as an alternative to IPv4. Rather than using a 32-bit system, IPv6 is based on 128-bit addresses. More details…

Posted by at No comments:

SSL Certificate - What is SSL Certificate?

SSL – Secure Sockets Layer,an encryption technology created by Netscape. SSL creates encrypted connection between Web Server and Visitor’s Web Browser allowing Private Information to be transmitted without the problems of data tampering or message forgery. It is designed to enable applications transmit information back and forth securely.

SSL Certificates are small data file that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock, https (over port 443) and allows secure connections from a web server to a browser. Typically SSL is used to secure credit card transactions, data transfer, logins and more recently is becoming the norm when securing browsing of social media sites.

SSL Certificate makes the use of Certificate Authority (CA) as a third party in order to identify both ends of the transactions which clearly happen when one browse the internet, hence opening a web page, an SSL Certificate enables encryption to protect online transaction. This encryption is actually responsible for securing the private data whenever online private transactions are made and this way it protects data from linking to other users or sources on web. SSL Certificate is unique to each other in order to identify the user. At last, the CA will authenticate the identity of the certificate owner before passing out any information.

How SSL Certificate Work? Below is the procedure:

1)       When any user browses the internet, immediately the browser requests for a secure page which starts with https:// , letters before domain name sayhttp://something.com/with SSL it will be browsed as : https://something.com

2)       Using certificate, web server sends the Public Key with the certificate.

3)       Browser then verifies whether the issued certificate is from trusted party or not and also makes sure that it is valid or not expired.

4)       Using Private Key, the web server decrypts the encryption key, the URL, and the http data.

5)       Later web server sends back the requested data.

6)       Then the browser decrypts the http data and displaying complete web page information on the computer screen.

Secure Web Site Connection:

SSL Certificate plays an important role in connecting to a Secure Web Site. Below are the advantages:

Online Secured Messaging: takes place through encryption. Web Server works with SSL Certificate in order to create encrypted channel uniquely. Basically, channel consists of Private Key and Public Key to protect the information or Private Data from other users.



Online Credentials for Established Identity: SSL Certificate allows highly secured browsing of online credentials which basically contains the identity of a person for instance, driver’s license, passport and company badge.



Generating Trustworthy Credentials: While Certificates pass through lot of authentication, credentials are rest assured to be reliable and strict. For instance, VeriSign is one of the leading certificate authorities for its punctilious identification methods.



Complete Protection on HTTPS: Basically, SSL Certificate secures https data. Such tight security allows one to achieve the success of online business.

Need of SSL Certificate:

Anyone transmitting sensitive information through web site, such as personal information as credit card details, need to secure those with SSL encryption. Unless it is secured by SSL Certificate, it is possible that every piece of data could be seen by others. Customers won’t trust the web site without an SSL Certificate. On research it is found that about 60 / 65 percent of online shoppers have terminated the online order due to lack of “trust” during transaction. In short, “SSL Certificate is necessary to gain customers trust”.

Posted by at No comments:

Monday, 28 April 2014

How to Fix Plesk Horde Webmail

Sometimes you may see horde webmain in Plesk windows showing page not found errors or not working properly during sending email via Webmail.  Here is the general fix for all the problems.

"%plesk_bin%websrvmng.exe" --reconfigure-webmail
"%plesk_bin%defpackagemng.exe" --fix --type=webmail.horde
Posted by at No comments:

Wednesday, 23 April 2014

Usefull cPanel / WHM hidden Commands

Ever locked yourself out of your Server while making some iptables changes?  What about when you change your SSH port and then forget what you set it to?
These are common support tickets we receive at RSHosting. In many cases this is something our customer’s can fix on their own if they are using cPanel on thier VPS/Server.



cPanel comes with a number of “hidden” autofix commands that allow for administrators to fix common problems simply be logging into WHM and going to a special URL. Two of the most useful ones I’ve seen are flushing iptables and restarting SSH in “safe mode” (basically the default settings and port).

Flushing iptables rules




https://yourdomain.com:2087/scripts2/doautofixer?autofix=iptablesflush




Restart SSH in safe mode




https://yourdomain.com:2087/scripts2/doautofixer?autofix=safesshrestart




Once you hit the URL you will be prompted to log in. Simply enter your root password and cPanel will do the rest. These have definitely saved me on more than one occasion when my attempt to ’secure’ my server worked a little too well.  Remember that if you happen to also lock yourself out of WHM through iptables, you will not be able to hit the URL’s I mentioned.  In that case, contact support.
Other useful commands as well:



Reset the Firewall Settings


https://yourdomain.com:2087/scripts2/doautofixer?autofix=iptablesflush




Reset the SSH Settings




https://yourdomain.com:2087/scripts2/doautofixer?autofix=safesshrestart




bsdbindfix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=bsdbindfix




Autorepair




https://yourdomain.com:2087/scripts2/doautofixer?autofix=autorepair




Compress Zlib  




https://yourdomain.com:2087/scripts2/doautofixer?autofix=Compress-Zlib-1.42.tar.gz




Compresszlibfix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=compresszlibfix




dbdmysql




https://yourdomain.com:2087/scripts2/doautofixer?autofix=dbdmysql




Cooldiagnose_apache_conf




https://yourdomain.com:2087/scripts2/doautofixer?autofix=diagnose_apache_conf




fpindexfile




https://yourdomain.com:2087/scripts2/doautofixer?autofix=fpindexfile




libxml2-2.6.28.tar.gz




https://yourdomain.com:2087/scripts2/doautofixer?autofix=libxml2-2.6.28.tar.gz




libxml64fix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=libxml64fix




pro*




https://yourdomain.com:2087/scripts2/doautofixer?autofix=pro*




spamd_dbm_fix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=spamd_dbm_fix




test




https://yourdomain.com:2087/scripts2/doautofixer?autofix=test




vfilterfix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=vfilterfix




yumduprpmfix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=yumduprpmfix




resellerresourceacctounts




https://yourdomain.com:2087/scripts2/doautofixer?autofix=resellerresourceacctounts




horde_sqmail_current_fix




https://yourdomain.com:2087/scripts2/doautofixer?autofix=horde_sqmail_current_fix


Posted by at No comments:

Tuesday, 15 April 2014


  • Download all emails under the account to be migrated using a mail client like outlook express




  • Download files backup & database backup of addon domain(or subdomain or main domain) with the help of a developer




  • Delete addon domain(or subdomain or main domain) from Cpanel or Reseller WHM




  • Recreate the domain as main domain(or addon domain or subdomain)




  • Recreate all email accounts in new addon domain(or subdomain or main domain). Please note that emails cannot be migrated to new account & it will remain in mail clients like outlook express




  • Upload all files to new main domain(or addon domain or subdomain) using FTP




  • Recreate databases in new main domain(or addon domain or subdomain)




  • Restore databases either using phpMyAdmin




  • Modify configuration files in the website to reflect new database names & user names




  • Check websites & ensure that it is working fine under new main domain(or addon domain or subdomain)



 
Posted by at No comments:

Friday, 4 April 2014

DNS Troubleshooting

 Safe to say that a majority of problems in any virtual hosting system will be related to DNS, because DNS requires cooperation of numerous systems, rather than single one, and DNS problems can cause trouble to nearly every service on a hosting system.



For DNS to work, must have correct glue records at your registrar, as well as correct records on your Virtualmin system (or whatever system you choose to use for DNS, if not the Virtualmin server). Also, any slaves must also have correct records, or you will experience intermittent resolution failures.



Glue Records



Checking your glue records can be done using the whois command.




whois example.com




Look for the "domain servers" or "name servers" section of the output. The resulting names must resolve to your DNS servers.



Glue records must be configured at your name service registrar. Virtualmin and Webmin have no control over records at your registrar, so problems must be corrected using whatever interface your registrar provides.



NS Records



The NS records on your Virtualmin server should match those found in the glue records discussed previously, or intermittent problems may result.



You can find the NS records for a given zone using the host command on your server:




host -t NS example.com




A Records Address records, or A records, are the basic building block of DNS zones. They map names to IP addresses. To check an A record, use the host command:




host example.com




You can also specify the name server used to resolve queries by adding the name or IP of the server you wish to query to the end of the command:




host example.com ns1.example.com




Or, if you aren't sure about the nameserver IP address resolving correctly, you can use an IP:




host example.com 192.168.10.10




MX Records



Mail exchanger records, or MX records, provide mail servers the information they need to know how to deliver mail for a particular domain.



You can check an MX record with the host command:




host -t MX example.com


Posted by at No comments:
Subscribe to: Posts (Atom)