Empowering you with the knowledge to master Linux web hosting, DevOps and Cloud

 Linux Web Hosting, DevOps, and Cloud Solutions

Tag: exim

Install Ajenti V on Ubuntu 16.04 on Ubuntu 16.04

Install Ajenti v on Ubuntu 16.04

Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. Optionally, an add-on package called Ajenti V allows you to manage multiple websites from the same control panel


Step 1: First make sure that all your system packages are up-to-date

sudo apt-get update
sudo apt-get upgrade

Step 2: Installing Ajenti Control Panel.
wget -O- https://raw.github.com/ajenti/ajenti/1.x/scripts/install-ubuntu.sh | sudo sh

Step 3: Start the service:
systemctl start ajenti

Step4: Install Agenti hosting module + nginx+ mail+ftp

If you have Apache installed, but don’t use it, remove it first:
apt-get remove apache2

If you have Sendmail or Postfix installed, remove them too
apt-get remove sendmail postfix

Install Ajenti-v

apt-get install ajenti-v ajenti-v-nginx ajenti-v-mysql ajenti-v-php7.0-fpm php7.0-mysql

# If you need Python
apt-get install ajenti-v-python-gunicorn

# If you want FTP
apt-get install ajenti-v-ftp-pureftpd

# If you want mail
apt-get install ajenti-v-mail

# If you want POP support (for gmail etc.)
apt-get install courier-pop

Step 5: Restart All Services
systemctl restart nginx
systemctl restart php7.0-fpm
systemctl restart mysql
systemctl restart exim4
systemctl restart pure-ftpd
systemctl restart ajenti

Step 6: Accessing Anjeti control panel.

Anjeti will be available on HTTP port 8000 by default. Open your favourite browser and navigate to http://yourdomain.com:8000 or http://server-ip:8000 and enter default username “admin” or “root” and password is “admin”.

Change the password immediately to something secure.

Blocking spoofed outgoing mails from your cPanel server

Spoofing is where the mail headers are manipulated to appear as if the mail comes from some other domain. When emails are set to be from an email address on your domain and bounce, they are sent to our servers, attempting to deliver themselves to that mailbox. Generally, you will never see these emails; however, if the email spoofer happens to configure the “From:” header to be a real email box, the bounce will come back to your mailbox and you will receive the email. There is a high chance that a very large number of spam message already sent from server. This can cause high load in the server and sometimes leads to the blacklist of your mail server IP address.

There are two ways in which a spoofed mail can be created.

1. Exploiting vulnerable form to mail scripts to send out spoofed mails through local mail agent.
2. Using stolen mail account login details to send spoofed mails through SMTP authentication.
Let’s look at a solution on how spoofing can be prevented in Exim mail servers commonly implemented in cPanel/WHM servers.

I. Blocking all un-authenticated spoofed outbound emails
1. Login to WHM >> EXIM CONFIGURATION MANAGER >> ADVANCED EDITOR

2. Add the following entry in the top using Add additional configuration setting:

domainlist remote_domains = lsearch;/etc/remotedomains

3. Add the following code under acl_not_smtp :

deny
condition = ${if ! match_domain{${domain:${address:$h_From:}}}{
+local_domains : +remote_domains}}
message = Sorry, you don’t have\
permission to send email from this server with a header that\
states the email is from ${lc:${domain:${address:$h_from:}}}.
accept

Here, the ACL will check for the presence of domain name part of the from address in either of the files – /etc/localdomains or /etc/remotedomains. If there is a mismatch, server will reject the email.

 

II. Blocking all authenticated spoofed outbound emails
1. WHM >> EXIM CONFIGURATION MANAGER >> ADVANCED EXIM EDITOR

2. Search for acl_smtp_data and add the following lines under it:

deny
authenticated = *
condition = ${if or {{ !eqi{$authenticated_id} {$sender_address} }\
{ !eqi{$authenticated_id} {${address:$header_From:}} }\
}\
}
message = Your FROM address ( $sender_address , $header_From )
must match your authenticated email user ( $authenticated_id ).
Treating this as a spoofed email.
Here, for all authenticated users, the rule will check whether the authenticated userid matches with the from address. If it matches, it will allow the email. Else, it will display the message “Your FROM must match your authenticated email user. Treating this as spoofed email”

 

PS: If the acl_smtp_data is mentioned as something else(like acl_smtp_data = check_message), locate check_message and add the above lines just under it.
IMPORTANT points to keep in mind
a. POP before SMTP won’t work with this setting. You will have to ask your customers to use the option – “My Server Requires Authentication” in the SMTP settings of their email client.
b. Username in the format user+domain.com will not work. They have to use user@domain.com instead.

Also your customer cannot change the from field to something other than original authentcated user. People use this method in Website Contact forms.

 

Setting SPF records

Another way to prevent spoofing is using SPF records. You must specify valid spf records for your domain, so that only the intended people or server can send mails on behalf of your domain name.

Powered by WordPress & Theme by Anders Norén