Due to an error in proftpd, you might need an virtual group.
/etc/proftpd/proftpd.conf:
GroupOwner www-data
Umask 002 003
AllowOverwrite on
AuthGroupFile /etc/proftpd/ftpd.group
/etc/proftpd/ftpd.group
www-data:x:33:testuser
Same ID and name as the local user.
/etc/nginx/ssl
openssl req -new -newkey rsa:2048 -nodes -keyout *.mydomain.com.key -out *.mydomain.com.csr
Inside config:
/etc/nginx/sites-available/default
ssl on;
ssl_certificate /etc/nginx/ssl/*.mydomain.com.crt;
ssl_certificate_key /etc/nginx/ssl/*.mydomain.com.key;
ssl_trusted_certificate /etc/nginx/ssl/chain.crt;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
chain.crt:
AlphaSSL SHA-256 R1 Intermediate Certificates (DER64)
dhparam.pem:
openssl dhparam -out dhparam.pem 4096
Office 365 sends emails from a lot of mailservers. retrys are often from a new IP.
Then you have delays of 5 min + 5 min etc…
Office 365 uses this IP’s:
https://technet.microsoft.com/en-us/library/dn163583
In your Mailscanner, you can Whitelist Office 365 Exchange IP’s by adding them to this:
/etc/sqlgrey/clients_ip_whitelist.local
OR
/etc/sqlgrey/clients_fqdn_whitelist.local
*.messageslabs.com
outbound.protection.outlook.com
*.outbound.protection.outlook.com
*.microsoftonline.com
*.hotmail.com
/etc/init.d/sqlgrey restart
postqueue -p | tail -n +2 | awk ‘BEGIN { RS = “” } / refund_of_tax@mycomp\.com/ { print $1 }’ | tr -d ‘*!’ | postsuper -d –
Script:
#Bash
while true; do
sleep 5
postqueue -p | tail -n +2 | awk ‘BEGIN { RS = “” } / refund_of_tax@mycomp\.com/ { print $1 }’ | tr -d ‘*!’ | postsuper -d –
done
Block the email:
nano /etc/postfix/recipient_access
refund_of_tax@mycomp.com REJECT
postmap /etc/postfix/recipient_access
/etc/init.d/MailScanner restart
Power off the VM and add a virtual disk to the VM.
This new disk gets the name /dev/sdc
Now this disk is used to extend the original /var
lvm pvcreate sdc
lvm vgextend vg_var /dev/sdc
lvextend -l +100%FREE /dev/vg_var/lv_var
resize2fs /dev/vg_var/lv_var
find /www/website/www/ -newermt $(date +%Y-%m-%d -d ’10 day ago’) -type f -print
grep -R email@emailtest.local /www/folder/
This searches for email@emailtest.local inside files in a folder and all sub folders.
In this example, Exim4 stops if the queue grows lager then 100
#!/bin/bash
TERM=linux
export TERM
_limit=100
clear;
_queue=”`/usr/sbin/exim -bpc`”
if [ “$_queue” -ge “$_limit” ]; then
/etc/init.d/exim4 stop
fi
A rebuild of a failed disk can by design take two days.
If you raise the “speed limit” it can go faster.
/proc/sys/dev/raid
Have two files:
speed_limit_min
speed_limit_max
Old versions of DSM (Synology firmware) has a limit in “speed_limit_min” of 1000.
New versions have 10000.
Remember to use the newest version of DSM, but you can still edit the value by hand.
echo 20000 > /proc/sys/dev/raid/speed_limit_min
The recommended default permissions of 755 for directories and 644 for files should be reasonably secure.
Use this two commands to make your www direktory have this setup:
find /www/wordpress/www/ -type f -print0 | xargs -I {} -0 chmod 0644 {}
find /www/wordpress/www/ -type d -print0 | xargs -I {} -0 chmod 0755 {}
For joomla you may need FTP to the local database.
For that, you need to edit the proftp configuration.
Se below:
RequireValidShell off
(/etc/password needs a false shell)
<VirtualHost 127.0.0.1> RequireValidShell off FactsAdvertise off DefaultRoot ~ MasqueradeAddress 127.0.0.1 PassivePorts 64000 65000 Port 21 <Directory /> AllowOverwrite on </Directory> <Directory /www> GroupOwner www-data Umask 002 003 </Directory> </VirtualHost> <VirtualHost 192.168.55.2> RequireValidShell off FactsAdvertise off DefaultRoot ~ MasqueradeAddress 80.80.80.80 PassivePorts 64000 65000 Port 21 <Directory /> AllowOverwrite on </Directory> <Directory /www> GroupOwner www-data Umask 002 003 </Directory> </VirtualHost>
Add this to the .htaccess for every extension:
AddType application/octet-stream .reg
In proftpd.conf, you could have some virtual host’s
If you have, groupowner is set in this way:
<VirtualHost 10.0.0.30>
DefaultRoot ~
MasqueradeAddress 80.xx.xx.xx
PassivePorts 64000 65000
Port 21
<Directory />
AllowOverwrite on
</Directory>
<Directory /www>
GroupOwner www-data
Umask 002 003
</Directory>
</VirtualHost>
The “list” zen.spamhaus.org combines all spamhaus.org’s filters including the PBL
PBL is a DNSBL database of end-user IP address ranges and this could give false positivs
Instead you could use: sbl-xbl.spamhaus.org
Rumors says, When Zen is used solely as the single test to block spam it could lead to false positives.
Configuration:
/etc/postfix/main.cf
Change:
smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client zen.spamhaus.org
to:
smtpd_client_restrictions = permit_sasl_authenticated, reject_rbl_client sbl-xbl.spamhaus.org
Alternatives:
xbl.spamhaus.org
sbl-xbl.spamhaus.org
zen.spamhaus.org
bl.spamcop.net
/etc/Mailscanner/spam.lists.conf
Restart postfix and Mailscanner
kernel: lnc0: Missed packet — no receive buffer
—
Your virtual hardware is to slow. If an option, try to install vmware-tools or use another network card type instead of vlance.
add this to the vmx:
ethernet0.virtualDev=”e1000″
ethernet1.virtualDev=”e1000″
In the .htaccess add this line to support .flv files:
AddType video/x-flv .flv
If the DB connections are not closed they can fill your system up with “sleeping” processes.
Then mysql can be slow but to minimize this behavior
Add this line to my.cnf
wait_timeout=60 (1 min)
max_connections = 2000
Prompt for access, except the allowed IP’s
AuthUserFile /www/site.com/www/homepage/.htpasswd
AuthType Basic
AuthName “Password Protected Area”
require valid-user
order deny,allow
deny from all
allow from 123.123.123.123 122.122.122.122
Satisfy Any
Show jobs with: crontab -l
Edit jobs with: crontab -e
Examples:
44 13 * * * /etc/webmin/cron/tempdelete.pl
00 3Â * * * /root/restartMySQL.sh
First line runs script every day at 13:44
second line runs script every day at 3:00
restartMySQL.sh
#! /bin/sh
/etc/init.d/mysql restart
Remember execute right
dos2unix restartMySQL.sh
apt-get install tofrodos
cd /usr/syno/etc.defaults/rc.d
touch S99-eth0.sh
touch S99-eth1.sh
echo “#!/bin/sh” >> S99-eth0.sh
echo “ethtool -s eth0 speed 100 duplex full autoneg off” >> S99-eth0.sh
echo “#!/bin/sh” >> S99-eth1.sh
echo “ethtool -s eth1 speed 100 duplex full autoneg off” >> S99-eth1.sh
chmod +x S99-eth*
——–
ethtool eth0Â
How du you configure and allow FTPS and RPD from a specific public IP on a linksys wrt54g router with the dd-wrt firmware?
iptables -t nat -I PREROUTING -s 85.x.x.2 -p tcp âdport 3389 -j DNAT âto 192.168.1.20
iptables -I FORWARD -d 192.168.1.20 -p tcp âdport 3389 -j ACCEPT
iptables -t nat -I PREROUTING -s 85.x.x.2 -p tcp âdport 60000:61000 -j DNAT âto 192.168.1.20
iptables -I FORWARD -d 192.168.1.20 -p tcp âdport 60000:61000 -j ACCEPT
iptables -t nat -I PREROUTING -s 85.x.x.2 -p tcp âdport 990 -j DNAT âto 192.168.1.20
iptables -I FORWARD -d 192.168.1.20 -p tcp âdport 990 -j ACCEPT
You are receiving an email with a digital signature, but it has a warning: “There are problems with the signature. Click the signature button for details”.
Something is probably changing the email before delivery, and now it it not valid. An antivirus and/or SPAM scanner could course this. If you are using ESVA Mail scanner this software is insetting a text in the email. This can be disabled.
Enter this folder:
/etc/pki/tls/certs
openssl genrsa -des3 -out âYOUR-DOMAINâ.key 1024
openssl genrsa -out âYOUR-DOMAINâ.key 1024
openssl req -new -key âYOUR-DOMAINâ.key -out âYOUR-DOMAINâ.csr
openssl req -noout -text -in âYOUR-DOMAINâ.csr
cat âYOUR-DOMAINâ.csr
Make a SSL request
copy the response to a âYOUR-DOMAINâ.crt
Edit this file:
/etc/httpd/conf.d/ssl.conf
Edit these two lines:
SSLCertificateFile /etc/pki/tls/certs/âYOUR-DOMAINâ.crt
SSLCertificateKeyFile /etc/pki/tls/certs/âYOUR-DOMAINâ.key
Restart apache
ESVA is a pre-built and easily configured email scanning Virtual Appliance (ESVA) that runs on VMware ESX Server. http://www.global-domination.org/ESVA.php
The central components are Clam antivirus and spam assassin.
After the basic setup you might want to customize some thing that cannot changed in the wizard or GUI.
Change the amount of cashed mails:
– $days_to_keep = 180; in /etc/cron.daily/clean.quarantine
– define(QUARANTINE_DAYS_TO_KEEP, 180); in /var/www/html/conf.php
– INTERVAL 180 DAY in /usr/local/bin/mailwatch/tools/db_clean.php
/etc/cron.daily/clean.quarantine
$disabled = 0;
$days_to_keep  = 14;
The default signature:
/etc/MailScanner/rules
– sig.html.rules
– sig.text.rules
Blocked filetypes:
/etc/MailScanner/filename.rules.conf
Change the max message size:
In webmin – postfix –Â “General resource control”.
An example is to add a zero.
Max size of a message: 102400000
Max size of a mailbox: 512000000
Or in /etc/postfix/main.cf: message_size_limit = 102400000
For 100 MB
Remove the “notify for SPAM”.
In the file: /etc/MailScanner/MailScanner.conf
Remove notify in the line:Â Spam Actions = store notify
Disable Graylisting for some IP’s
/etc/sqlgrey/clients_fqdn_whitlist.local
/etc/sqlgrey/clients_ip_whitelist.local
/etc/init.d/sqlgrey restart
Remove the “MailScanner has detected a possible fraud attempt from…”:
Highlight Phishing Fraud = no
Remove the opportunity to read the emails in the Webinterface:
Edit /var/www/html/detail.php
Go the end and change the “view email” link.
// echo ” <TD><A HREF=\”viewmail.php……………..”</A></TD>\n”;
echo ” <TD>…</TD>\n”;
Default SPAM score:
/etc/MailScanner/MailScanner.conf
Required SpamAssassin Score = 5
Remove Inline HTML Signature
In the file: /etc/MailScanner/MailScanner.conf
# Add the “Inline HTML Signature” or “Inline Text Signature” to the end
# of uninfected messages?
# This can also be the filename of a ruleset.
Sign Clean Messages = no
Auto Reply – Out of office
Treat Invalid Watermarks With No Sender as Spam = 2
Script in the email
Allow Script Tags = disarm
Or yes/no
Office 2010 Fileformats:
Microsoft Office 2007/2010 documents (.docx, .xlsx etc) seem to be archived XML documents and MailScanner does not like that by default.
The solution is to put this in filename.rules.conf
allow  \.xml\.rel$            –      –
allow  \.rel$                 –      –
allow  \.docx$                –      –
allow  \.xlsx$                –      –
allow  \.xml\d*\.rel$         –      –
allow  \.x\d+\.rel$           –      –
allow  \.bin$                 –      –
allow  \.wmf$                 –      –
allow  \.dat$                 –      –
Put this just above the â# Deny all other double file extensions..â line
allow  .doc$                  –      –
allow  .xls$                  –      –
And in MailScanner.conf change Maximum Archive Depth to 3
Maximum Archive Depth = 3
This makes MailScanner recognize the Office 2007/2010.
Disable Fuzzyocr:
Rename /etc/mail/spamassassin/FuzzyOcr.cf to something else.
Restart Mailscanner
Disable SPAM and or AV scan
/etc/MailScanner/MailScanner.conf
Spam Checks = no
Use SpamAssassin = no
Virus Scanning = no
—
In MailScanner.conf
Spam Checks = /etc/MailScanner/rules/spam.check.rules
In spam.check.rules:
FromOrTo:    domain.com     no
FromOrTo:      default  yes
Enable Remote ssh login
/etc/ssh/sshd_config
PermitRootLogin yes
Restart sshd
If running virtual, ESVA might loose time
Make a file in: /etc/cron.daily
—
#!/bin/sh
#
/usr/sbin/ntpdate 195.184.96.2
date +”%D %r `echo Cron completed`” >> /var/log/cron_job.log
—
chmod +x ntp.cron
Remember RAM!
Do you see this error in the maillog:
“too big for available disk space in /var/spool/MailScanner/incoming, skipping it”
Mailscanner is using this directory temporality to unpack files before scanning.
By default ESVA have 1024 MB of RAM. Half of that size is used to the RAM-based filesystem.
Maybe 512 MB for unpacking is to small.
See FSTAB and change the size here
tmpfs /dev/shm tmpfs defaults,size=1024m
The easy way (if you have RAM enough), is to just give ESVA more RAM.
Allow EXE in zipped attachments
/etc/MailScanner/archives.filename.rules.conf
allow \.exe$ Windows/DOS Executable
/etc/MailScanner/archives.filetype.rules.conf
#deny executable No executables
Remember to update resolv.conf
If this file does not contain a IP of an vallid DNS, you might get this error in the log: “Recipient address rejected: Domain not found”
This is an exaple with openDNS
/etc/resolv.conf
search localdom.local
nameserver 208.67.222.222
Block destination email address
/etc/postfix/recipient_access
Example:
refund_of_tax@testdom.com REJECT
skatdk@testdom.com REJECT
postmap /etc/postfix/recipient_access
Remember to add the file to postfix’s Main.cf:
Example:
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:2501, check_recipient_access hash:/etc/postfix/recipient_access
Show ClamAV version
/usr/sbin/clamd -V
Remove mails from queue
List queue: mailq
Remove specific email: postsuper -d -3EFE828621
Exchange – Duplicate deliver
If you release a message that already have been delivered, it will not end up in the mailbox.
You can see what email that have “hit” this rule/functionality in the “EMC –> email tracking or powershell
Get-MessageTrackingLog -EventId DUPLICATEDELIVER
Block email baced on subject – postfix
main.cf
header_checks = regexp:/etc/postfix/header_checks
header_checks
/^Subject: Spam subject/ DISCARD
Restart postfix
Block email baced on subject – Mailscanner
/etc/MailScanner/mcp
Eksample:
header P2 Subject =~ /new Message/i
describe P2 Banned Subject
score P2 10
header P3 Subject =~ /new2 for you/i
describe P3 Banned Subject
score P3 10
Disable ahbl.org
/var/lib/spamassassin/3.004000/updates_spamassassin_org/20_dnsbl_tests.cf
# another domain-based blacklist
#header DNS_FROM_AHBL_RHSBL eval:check_rbl_envfrom(‘ahbl’, ‘rhsbl.ahbl.org.’)
#describe DNS_FROM_AHBL_RHSBL Envelope sender listed in dnsbl.ahbl.org
#tflags DNS_FROM_AHBL_RHSBL net
#reuse DNS_FROM_AHBL_RHSBL
Throttling too many connections from new source
edit:
/etc/sqlgrey/sqlgrey.conf
connect_src_throttle = 5
0 = Disable
/etc/init.d/sqlgrey restart
Allow password protected ZIP from one or more email/domains
Allow Password-Protected Archives = no
to:
Allow Password-Protected Archives = %rules-dir%/pp.archives.rules
pp.archives.rules:
FromOrTo: test@mydomain.com yes
FromOrTo: mydomain2.com yes
FromOrTo: default no
MailScanner restart
How do I start vmware-tools everytime monowall starts?
1)
login to the webinterface.
2)
Make a backup of the configuration, the output is a XML file.
3)
Edit the XML file in a texteditor. Make the changes and upload it to the firewall.
4)
monowall reboots
Configuration file:
You can insert the shell command inside <shellcmd and </shellcmd>
The whole thing has to be placed after </webgui> and before </system>
Se the example below:
</webgui>
<dnsserver>10.0.0.100</dnsserver>
<dnsserver>10.0.0.101</dnsserver>
<shellcmd>vmware-guestd –background /var/run/guestd.pid</shellcmd>
</system>
Every time you log on a debian this copyright message is displayed:
—
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
—
It can be removed by edit this file: /etc/motd.tail
apt-get install binutils cpp gcc make psmisc linux-headers-$(uname -r)
mount /dev/cdrom /mnt/
tar -C /tmp -zxvf /mnt/VMwareTools-xxx.tar.gz
umount /mnt
cd /tmp/vmware-tools-distrib ./vmware-install.pl
reboot
Install and setup apache2:
apt-get install apache2
apt-get install openssl ssl-cert
apt-get install libapache2-mod-php5 php5-cli php5-common php5-cgi
create a certificate:
openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/apache.pem -keyout /etc/apache2/apache.pem
chmod 600 /etc/apache2/apache.pem
a2enmod ssl
/etc/init.d/apache2 restart
Edit the conf files:
NameVirtualHost *:80
NameVirtualHost *:443
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
/etc/init.d/apache2 restart
Boot knoppix and start the root console.
Type:
grub
root (hd0,0)
setup (hd0)
quit
Reboot
———————————-
If you use Ubuntu
sudo -i -u root
grub
find /boot/grub/stage1 (remember the output)
root (hdx,x)
setup (hd0)
quit
Reboot
Compress a folder to a file with timestamp
tar cfvz /fil-$TIMESTAMP.tgz /etc
Postfix
If changed mail.cf, do a /etc/init.d/postfix reload
If changed /etc/postfix/virtual run this command: postmap hash:/etc/postfix/virtual
postmap /etc/postfix/transport
Copy a hard-drive
dd if=/dev/hd_originaldisk-partition of=/dev/hd_nydisk-partition
MySQL Backup
/usr/bin/mysqldump -A -uroot -p[myCode] > /andet/backup.sql
Delete a folder containing files
rm -rf /remove/this
Create an empty file
touch file-name
Disk-use of an folder
du -sh folder
Format disk
cfdisk /dev/hda
Extract tar.bz2 to a folder
tar xzf file.tar.bz2
NMAP scan to a file
nmap -sS -PT -PI -O -T 3 10.0.0.*>file.txt
Change file and folder rights
chown martin filename
chown -R martin:martin FileAndSubFolders
chmod
– user group other
– 4 2 1 4 2 1 4 2 1
– r w x r w x r w x
Boot script in Debian
/etc/rc.boot/
Remember: #!/bin/bash
on top of the text files.
Set date and time
ntpdate
Search inside files
find /www/test.local/www/ -name * | grep -lir VALID_AZ09 *
Create sources.list
http://debgen.simplylinux.ch/index.php
Show 30 largest folders
du -m /FOLDER | sort -nr | head -n 30
Size is in Megabyte
Example 1Â – Static IP
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.0.40
netmask 255.255.255.0
gateway 10.0.0.1
Example 2 – DHCP
auto eth0 iface eth0 inet dhcp
Remember the DNS configuration in /etc/resolv.conf
nameserver 195.184.96.2
nameserver 213.173.225.86
Tips
Change (spoof) the MAC
ifconfig eth0 hw ether 01:23:45:67:89:AB
WordPress generated this page with 66 queries, in 1.705 seconds. . .
