Pages

Tuesday, January 17, 2017

Qmail Commands

Though I am not a qmail expert. I would like to share some commands that I know for qmail MTA.

To check mail queue:
/var/qmail/bin/qmail-qstat




To flush mail queue:
qmailctl doqueue




To check SMTP log(running):
tail -f /var/log/qmail/qmail-smtpd/current


@40000000587db4390923aefc tcpserver: pid 14016 from 122.144.8.44
@40000000587db4390937db0c tcpserver: ok 14016 smtp.abc.com:122.144.8.83:25 mail.xyz.com:12.44.08.44::29044
@40000000587db4391081076c tcpserver: end 14016 status 0


14016 is the process ID for a mail.



To check mail delivery log (running):

tail -f /var/log/qmail/qmail-send/current


@40000000587db5611218ba84 starting delivery 8216: msg 8657324 to remote shidfin@yahoo.com
@40000000587db5722cf0c0cc delivery 8216: success: 66.196.118.33_accepted_message./Remote_host_said:_250_ok_dirdel/


8216 is the process ID for delivery.



To set smtproute (relayhost):

vim /var/qmail/control/smtproutes
:mx.outgoingserver.com [for all outgoing mails]
domain1.com:mx1.outgoingserver.com [For specific domain]domain2.com:mx2.outgoingserver.com [For specific domain]




To restart qmail service:
qmailctl restart

Saturday, December 17, 2016

Match SASL username and From address in Zimbra SMTP

Zimbra uses postfix as its MTA. Postifix default configurations have some weakness which we have to modify get optimum performance and fight against spam.

Firstly, postfix has a trusted network [mynetwork] from which users can send mails without verifying their username and password.

Later on if we impose SMTP authentication for sending mails the users the users can still send mails by changing their from address [It is usually happens when a user is compromised]. A reference log is given below for better understanding.


Dec 17 14:17:45 mail postfix/submission/smtpd[8055]: 62B2A7009F9: client=unknown[x.x.x.x], sasl_method=LOGIN, sasl_username=user
Dec 17 14:17:45 mail postfix/qmgr[29613]: 62B2A7009F9: from=<gks@example.com>, size=5705, nrcpt=3 (queue active)


So, we are still in some security holes with our mail server. To be more strict we can match the from address of the user with the username that he uses in SMTP authentication. Let's see how to do that.


Login to Zimbra shell:
su zimbra

Run below command:
zmprov mcf zimbraMtaSmtpdSenderLoginMaps  proxy:ldap:/opt/zimbra/conf/ldap-slm.cf +zimbraMtaSmtpdSenderRestrictions reject_authenticated_sender_login_mismatch

Edit the file /opt/zimbra/conf/zmconfigd/smtpd_sender_restrictions.cf  as below:
permit_mynetworks, reject_sender_login_mismatch

Restart zimbra service [Not required actually because Zimbra will automatically apply this after one miniute]:
zmcontrol restart

Now if one of your accounts is compromised, it is not possible to send SPAM mails using different from address which will help you find out the compromised ID easily.

Wednesday, September 7, 2016

PHP module "mod_rewrite" enable in cPanel

Cpanel is a widely used application for Web and Domain hosting solution. Providers use cPanel & WHM to provide virtual private or dedicated servers for hosting. Web developers worldwide uses URL Rewriting for web sites.

Last time I faced a issue with "mod_rewrite" module of PHP in my shared cPanel hosting server. Later the solution came with following modification.


I have added following lines in a .htaccess file and upload in public_html folder of created user of cPanel.

<IfModule mod_rewrite.c>
DirectoryIndex index.php
RewriteEngine on

RewriteCond $1 !^(index\.php|assets|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php/$1 [L,QSA]
</IfModule>