Search results

  1. RMedure

    How to stop spam -- DEAD in its tracks!!

    I don't think so. That's an SPF error which basically indicates that the sender is using a relay when the server otherwise doesn't allow it. Step 4 here (https://powerproductsandservices.com/public/mailserver/Mailserver%20Security.pdf) explains it pretty well.
  2. RMedure

    How to stop spam -- DEAD in its tracks!!

    @Sherrie: I haven't had any issues with any settings reverting back to default, so I don't know what your issue might be. I would look in the email header for clues. @Sherrie and @Marco_B: Yes, you edit the file via your preferred method. I'm pretty sure that shortly after KnownHost...
  3. RMedure

    WHM 11.50 and Centos 5

    The warning 'implies' that some features may not work or may break? The verbiage is "To take full advantage of cPanel and WHM, we STRONGLY recommend that you use Centos 6." But I haven't been able to find anything that describes what 'full advantage' is versus ... I guess not 'full advantage'...
  4. RMedure

    WHM 11.50 and Centos 5

    Does anyone know what issues there are with running 11.50 on centos 5? The cPanel documentation says that centos 5 is technically supported, but the WHM main screen then gives a warning that you really better be on centos 6.
  5. RMedure

    How to stop spam -- DEAD in its tracks!!

    Yes, the raw files are better for cut/paste. Wasn't able to figure out how to get 'code' in the pdf to work right with copy/paste unfortunately. Well, that's why I put the raw files out there. Regarding the changes (or change log), I update all of the documents and provide the change log for...
  6. RMedure

    How to stop spam -- DEAD in its tracks!!

    Hmm, that's step 2. I was thinking more along the lines of some of the ACL or security settings in step 3. If you want to seriously lock down your mailserver, check this out: https://forums.knownhost.com/threads/mailserver-security-whm-cpanel.3372/ :-) A reseller might think twice about...
  7. RMedure

    How to stop spam -- DEAD in its tracks!!

    Greylisting if done properly, will retain a database of "known good mail servers" ... so that the wait only happens once per sender.
  8. RMedure

    How to stop spam -- DEAD in its tracks!!

    I can hardly wait to try the stock greylisting. I'm holding off on 11.50 for a while though. I'm curious to know exactly how it handles greylist tracking (by messageID+server hash or server only). Hopefully I'll have time to look into that soon (if that level of details are even documented at...
  9. RMedure

    How to stop spam -- DEAD in its tracks!!

    Cool! There's some good stuff going on in those RBL's. :) I noticed that WHM/cPanel updates to ver 11.50 is being pushed out. I was under the impression that it's still has issues. Is knownhost on board with running this version now? I'm pretty anxious to try out the built-in greylisting.
  10. RMedure

    How to stop spam -- DEAD in its tracks!!

    The first one (173.254.228.199) is on the barracuda list now ... greylisting may have gotten this one. The second (173.254.228.202) is also on barracuda list now ... The third one (173.254.228.205) is also on the barracuda list now ... The forth one (173.254.228.210) is also on the barracuda...
  11. RMedure

    How to stop spam -- DEAD in its tracks!!

    I noticed that after I setup the accept delay/sync ... I could detect that 15s delay in my own email client and was a little annoyed, so I added some common static IP's that I work from. :) You can do the same with your own IP numbers (ip number list delimited by a ":") if you detect the same...
  12. RMedure

    How to stop spam -- DEAD in its tracks!!

    I would be very interested in seeing the email headers for the spam that's getting through. My observations to date: 1. Could be because of not greylisting. Some spammer's roll through blocks of IP numbers and randomly generated domain names to stay ahead of the RBL's. But the greylisting...
  13. RMedure

    How to stop spam -- DEAD in its tracks!!

    I just noticed that, and you beat me to it!! Is KH recommending upgrade from 11.48 to 11.50? Has anyone tried out the greylisting in 11.50 yet? In the meantime, I fixed a few bugs in my greylist solution that hopefully didn't stump anybody. The updated guide is at the same link...
  14. RMedure

    How to stop spam -- DEAD in its tracks!!

    Yeah I saw that before I started on the greylisting work. We're still at 11.48 ... I wonder how long it will be before we see 11.50.
  15. RMedure

    How to stop spam -- DEAD in its tracks!!

    @Eric: It's pretty much all in WHM and/or via root level SSH ... not in each cpanel account separately. @Dion: I would expect that steps 1 - 6 would be sufficient for most people as it was for John above (and probably about as far as you'd want to go if you're a reseller). But I would also...
  16. RMedure

    Mailserver Security (WHM/cPanel)

    I wrote a custom rule in LFD to temporary ban IP addresses that attempt to AUTH either before or without SSL. This will keep your logs from filling up with bruteforce attack attempts if you have SSL required in exim config. Check out step no. 7 in the revised document...
  17. RMedure

    How to stop spam -- DEAD in its tracks!!

    Yes! Steps 1 - 6 should go a very long way. And as with most things in life ... the last 10% takes 90% of the effort. ;) I may be a glutton for punishment so far as that goes with perfectionism. The RBL function is so very important; and it boggles my mind that cPanel sets up their stock...
  18. RMedure

    WHM OWASP Rules for ModSecurity

    I'd like to know the answer to this as well ...
  19. RMedure

    How to stop spam -- DEAD in its tracks!!

    This turned out to be a rather long document, and I haven’t had time yet to thoroughly proof read it. So PLEASE let me know if you find any errors or anything that just doesn’t make sense. Also, the appendix containing more verbose reasoning and explanation is TBD. Otherwise, enjoy! :)...
  20. RMedure

    Mailserver Security (WHM/cPanel)

    Yeah, I noticed they had ahbl.org RBL in there. I went ahead and closed port 110 since secure pop connection should be coming to 995 anyway.
Top