Skip to main content

Posts

How to install ClamAv antivirus with rspamd on Ubuntu 16.04/20.04 LTS?

As usual I prefer to use open-source components. So the obvious choice is the famous ClamAV virus scanner. But its detection rate is ridiculously low with its default signatures. I heard of a study telling that in their tests ClamAV showed a 100% detection rate.  I myself have been scanning multiple infected emails with it (that have been found by another software) and it did not even find one infection.  So I started researching the alternatives – like a free-beer virus scanner from Sophos that worked well with the amavis-milter in the past. Its detection rate is pretty good. But no matter what I tried – I couldn’t get the two to work together. And to be honest… the documentation of rspamd’s antivirus module is incomplete to put say the least.  Then suddenly a friendly nerd pointed me to the SaneSecurity project that adds anti-virus signatures to ClamAV to make it actually useful. And this finally became the recommended solution for me. In a commercial setup where your customers

How to Install Memcached Server (Caching) on CentOS 7(CWP7)

It is important to secure your Memcached servers, Because systems like Memcached can contribute to denial of service attacks if improperly configured. We will explain how to install and secure your Memcached server on CentOS 7 Linux distribution. These given instructions also work on RHEL and Fedora Linux. First, update the system: # yum update -y Next, install the official Memcached package memcached; as well as libmemcached, which provides several utilities to work with Memcached: # yum install memcached libmemcached Note: libmemcached – a client library that offers a couple of tools to manage your Memcached server. Securing Memcached Configuration Settings for Local Access Only:   To make assure that installed Memcached service is listening on the 127.0.0.1 local interface, We will also disable the UDP listener. Both of these actions will protect our server from denial of service To do this, we will add the -U 0 parameter to our OPTIONS variable. The file in full should look l

How to Produce Postfix MTA logfile summary using Pflogsumm on CWP?

Pflogsumm is a log analyzer/summarizer for the Postfix MTA. It is designed to provide an over-view of Postfix activity, with just enough detail to give the administrator a "heads up" for potential trouble spots. Pflogsumm generates summaries and, in some cases, detailed reports of mail server traffic volumes, rejected and bounced email, and server warnings, errors and panics. CentOS 7 & Ubuntu 16: # yum -y install postfix-perl-scripts # sudo apt install pflogsumm [ For Ubuntu ] Generate Log Summary # perl /usr/sbin/pflogsumm -d yesterday /var/log/maillog # perl /usr/sbin/pflogsumm -d today /var/log/maillog Generate Log Once a Day and Received via Mail # crontab -e 0 0 * * * perl /usr/sbin/pflogsumm -e -d yesterday /var/log/mail.log | mail -s 'Logwatch for Postfix' admin@awsmonster.com Generate More Details CentOS sudo pflogsumm /var/log/maillog [Weekly] sudo pflogsumm -d today /var/log/maillog --problems_first sudo pflogsumm -d today /var/log/maillog --rej_ad

How to Configure Postfix SMTP Relay on CWP CentOS 7 with Relay Provider ?

If you are using Google Cloud, Then you are not able to send email directly using SMTP 25 port. So You can configure your Postfix  to send email via relay using SASL authentication. Simple Authentication and Security Layer (SASL) is a standard authentication framework supported by many services including Postfix.  CASE A: I am using a VM on Google Cloud which is my Application server where multiple domain is hosted. I want to send email from specific domain using specific relay. You can use multiple relay for multiple domain. Another Domain will not able send email directly because GCP block SMTP 25 port for outgoing. Make sure the SASL authentication framework, and mailx are all installed # yum -y install cyrus-sasl-plain mailx In /etc/postfix/main.cf , Add the following lines #Relay smtp_sasl_security_options = noanonymous smtp_sender_dependent_authentication = yes sender_dependent_relayhost_maps = hash:/etc/postfix/sender_relay smtp_sasl_auth_enable = yes smtp_sasl_password_m

How to Remove Sensitive Data and Internal Network Information from Postfix Headers ?

E-mail header contain some sensitive information. I’ll show you how to remove that information from the Postfix headers. note: some email clients will mark your email as spam if your header doesn’t contain an IP address. It is also very important to keep header details for your analysis. If any user started to spamming or compromised , then we must need header for analysis. So we will remove only our client private network details. We are assuming that postfix is already up and running and will make below changes. Step:1 Edit ‘/etc/postfix/main.cf’ file header_checks = regexp:/etc/postfix/header_checks Step:2 Append the below line in ‘/etc/postfix/header_checks’ [at the bottom] /^Received:/ IGNORE Step:3 Run postmap to apply the new configuration in /etc/postfix/header_checks [root@server1 ~]# postmap /etc/postfix/header_checks Step:4 Restart or Reload the postfix server [root@server1 ~]# systemctl restart postfix [root@server1 ~]# postfix reload Actually this

How to Block (Virus) Extensions on Postfix Mail Server ?

It's very important to block virus extension on Postfix mail server. Using  mime_header_checks directive on Postfix , we can block some specific extension to protection our mail server from spamming. So we are going to block some dangerous extension for Postfix users . Login as the root, enter: # vi /etc/postfix/main.cf Use mime_header_checks postfix config directive, enter: mime_header_checks = regexp:/etc/postfix/block_attachments Save and close the file. Open /etc/postfix/block_attachments file and append code as follows: /name=[^>]*\.(bat|com|dll|vbs|exe|pdf|zip)/ REJECT Save and close the file. You must restart or reload postfix: # /etc/init.d/postfix reload Watch log file:  You should see rejected mail log in /var/log/maillog file: # tail -f /var/log/maillog But There is a issues on that setting , That setting will also block dmarc report with attachment thats coming Google, MicroSoft etc. Use the following setting to work perfectly  # vi /etc/postfix/mime_

MaxIOPS Block Storage VPS : Start Your Free Trial for 5 Months, Promo Code: AQX767

Today I’ll introduce with you a VPS server provider which is the best at its price and performance wise also. They are providing World's fastest cloud server as well as Private Cloud with MaxIOPS block storage services. Start Your Free Trial for 5 Months, Use Promo Code: AQX767 Sign Up Link All cloud servers are deployed on enterprise-grade hardware. Together with Upcloud in-house developed software and proprietary MaxIOPS storage technology, you will get industry-leading performance at all times. Cloud servers are deployed in less than 45 seconds . With incredibly fast boot times, you will get up and running within minutes. Yes  Upcloud  , as the VPS provider it includes DDOS protection, Pure SSD and obviously Fair Usage i.e. no issue in the peak time (safe from noisy neighbors). I am using two VMs on Upcloud and Migrated from AWS & Azure . Azure Linux instance is very slow to rebbot . Also Linode took more time to reboot the VMs . I was very frustrated th