Mailserver Security (WHM/cPanel)

RMedure · Mar 21, 2015

This may seem pretty trivial or basic to most VPS owners ... but for me not being very familiar with where to find everything in WHM, I sure could have used a write up like this.

https://powerproductsandservices.com/public/Mailserver/Mailserver Security.pdf

If y'all think it's worthy ... maybe cross post it in the cPanel reseller hosting forum?

Cheers!

KH-Jonathan · Mar 22, 2015

Thanks for the great write-up, Robert!

Dion · Mar 22, 2015

The emailsecuritygrader.com site needs to update its RBL checklist...two of its RBL checks will always return a positive:

http://ahbl.org/content/last-notice-wildcarding-services-jan-1st

My site got a 92% score, which is fine with me. It knocked off 8 points for having an open port 110...even though port 110 only accepts secure authentication.

Most attacks on my site originally came through port 21 (FTP). I changed FTP access to port 2100 and closed port 21, and the difference was very noticeable.

RMedure · Mar 23, 2015

Yeah, I noticed they had ahbl.org RBL in there. I went ahead and closed port 110 since secure pop connection should be coming to 995 anyway.

Dan · Mar 23, 2015

Looks great RMedure! If you could post it in the cPanel how to forum that would be great as I am sure that others would find it to be of great help!

RMedure · Mar 28, 2015

I wrote a custom rule in LFD to temporary ban IP addresses that attempt to AUTH either before or without SSL. This will keep your logs from filling up with bruteforce attack attempts if you have SSL required in exim config. Check out step no. 7 in the revised document:

https://powerproductsandservices.com/public/mailserver/Mailserver Security.pdf

Cheers!

Mailserver Security (WHM/cPanel)

RMedure

New Member

KH-Jonathan

CTO

Dion

Member

RMedure

New Member

Dan

Moderator

RMedure

New Member