ServerBuddies Support Blog

Howto fix Spam Assassin Ruleset Bug

This bug can result in legitimate mail being flagged as spam.

The cPanel Development team has issued a hot fix that will address this issue and will automatically update the SpamAssassin ruleset to resolve this issue. If you have automatic cPanel updates enabled, no further action is required.

If you do not have automatic cPanel updates enabled, you can manually update the SpamAssassin ruleset by executing the following commands in a root shell:

Tags: Assassin, Bug, fix, Ruleset, Spam

The following error can be seen in the cpanel error_log and when attempting to restart Apache:

Newly created websites would be sent to defaultwebpage.cgi instead of the appropriate document root.

Resolutions:

1.) New builds, 11.25.0-CURRENT_42400 and 11.25.0-RELEASE_42400, have been published to address the issue. This issue will not be present on subsequent new installations. Upgrading a currently affected system will resolve this issue.

2.) Rebuilding the Apache configuration after the addition of the first account will permanently resolve this issue.

From the command line:

or

From the WHM:

Service Configuration -> Apache Configuration -> Global Configuration ->
Save -> Rebuild Configuration and Restart Apache

Reference: http://www.cpanel.net/

Tags: defaultwebpage.cgi, Websites

Tcpdump to monitor SMTP activity from a IP or range of IP

The tcpdump is a useful utility to monitor the network activity in the server.

You can monitor the SMTP activity to find out the mail account used by spammer.
The above command will monitor the SMTP activity from the IP address 192.168.1.4 and will log to the file smtp.tcpdump.

Use the following command to monitor a range of IP

The above command will monitor the range of IP starting with 119.91. You can use Wireshark to analyze the dump file.

For VPS you need to use venet0:0

Tags: activity, IP, monitor, range, SMTP, Tcpdump

Howto disable ipv6 networking

First check if the module is loaded:

To check if this module is currently loaded in your system, issue the following command as root. If you see ipv6 in its output, then the module is loaded.

Disable ipv6 in ubuntu:

You need to edit the aliases file using the following command:

Find

change to

Save the file and reboot.

Disable ipv6 in Fedora/Centos:

Open your modprob.conf file and add following line:

Add

Or disable it with the following command.

Tags: Disable, IPv6, networking

csf LF_SCRIPT_ALERT option

This option will notify you when a large amount of email is sent from a particular script on the server, helping track down spam scripts.

Spam Protection Alerts

If you want to add some spam protection, CSF can help. Look in the configuraiton for the following:

LF_SCRIPT_ALERT = 0 change this to 1. This will send an email alert to the system administrator when the limit configured below is reached within an hour.

LF_SCRIPT_LIMIT = 100 change this to 250. This will alert you when any scripts sends out 250 email messages in an hour.

This setting will then send an alert email if more than LF_SCRIPT_LIMIT lines appear with the same cwd= path in them within an hour. This can be useful in identifying spamming scripts on a server, especially PHP scripts running under the nobody account. The email that is sent includes the exim log lines and also attempts to find scripts that send email in the path that may be the culprit.

The limit after which the email alert for email scripts is sent. Care should be taken with this value if you allow clients to use web scripts to maintain pseudo-mailing lists which have large recipients.

Reference: http://www.configserver.com

Tags: CSF, LF_SCRIPT_ALERT, Protection, Spam