Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #11  
Old 22nd July 2011, 16:03
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,736
Thanks: 840
Thanked 5,597 Times in 4,408 Posts
Default

Quote:
Originally Posted by piyush View Post
Most website using fast-cgi. there is no option for suexec.
All recent ISPConfig 3 versions have a suexec option in the website settings. Which exact ISPConfig version do you use?

Regarding rkhunter, please post just the result summary that you receive after all rkhunter checks have been done.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Sponsored Links
  #12  
Old 22nd July 2011, 16:07
piyush piyush is offline
Junior Member
 
Join Date: Jul 2011
Posts: 22
Thanks: 1
Thanked 1 Time in 1 Post
Default

I just see in mail queue there are many emails in queue one of them is as below

-Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
41EF0201777 9313 Thu Jul 21 13:57:23 MAILER-DAEMON
(host mx3.efwmx.net[64.94.160.236] refused to talk to me: 550 550 This system is configured to reject mail from 220.135.105.28 [220.135.105.28] (Host blacklisted - Found on Realtime Black List server 'zen.spamhaus.org'))
billy.wemlinger@herrealtors.com

so it means some one is trying to send email to billy.wemlinger@herrealtors.com

Which is not I and none of us. that means some one is using this server for bulk email.

How can we identify and stop strange mailing like this ?
Reply With Quote
  #13  
Old 22nd July 2011, 16:12
piyush piyush is offline
Junior Member
 
Join Date: Jul 2011
Posts: 22
Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by till View Post
All recent ISPConfig 3 versions have a suexec option in the website settings. Which exact ISPConfig version do you use?

Regarding rkhunter, please post just the result summary that you receive after all rkhunter checks have been done.
Hi Till,

Thanks a lot for giving your precious time.

I am using ISPConfig Version: 3.0.3.3

There is option as suphp but not suexec. is that same ?

Here is summery of RK Hunter as below

System checks summary
=====================

File properties checks...
Files checked: 130
Suspect files: 1

Rootkit checks...
Rootkits checked : 245
Possible rootkits: 0

Applications checks...
All checks skipped

The system checks took: 18 minutes and 7 seconds

All results have been written to the log file (/var/log/rkhunter.log)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
Reply With Quote
  #14  
Old 22nd July 2011, 16:51
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

Watch for Till instructions, this is probably a problem with your apache2 or one of your sites...

Regarding open relay and postfix, test your server here:
http://www.mxtoolbox.com/diagnostic.aspx

If using postfix (it is not an open relay by default as I think), please run:

cat /var/log/mail.log | grep "smtp" | tail

and

postconf |grep 'mynetworks ='

Post both results here.

Edit: for suexec enabled, you need to have it installed "apache2-suexec" and enabled with "a2enmod suexec" before installing ispconfig. Which perfect guide did you follow?

Last edited by erosbk; 22nd July 2011 at 16:54.
Reply With Quote
  #15  
Old 22nd July 2011, 17:15
piyush piyush is offline
Junior Member
 
Join Date: Jul 2011
Posts: 22
Thanks: 1
Thanked 1 Time in 1 Post
Default

Here is test result with http://www.mxtoolbox.com/diagnostic.aspx

220 server1.sarakuchh.com ESMTP Postfix (Ubuntu)

OK - 220.135.105.28 resolves to 220-135-105-28.hinet-ip.hinet.net
Warning - Reverse DNS does not match SMTP Banner
0 seconds - Good on Connection time
Not an open relay.
6.583 seconds - Warning on Transaction time


Here is result of cat /var/log/mail.log|grep "smtp" | tail

Jul 22 22:05:02 server1 postfix/smtpd[9459]: lost connection after CONNECT from localhost[127.0.0.1]
Jul 22 22:05:02 server1 postfix/smtpd[9459]: disconnect from localhost[127.0.0.1]
Jul 22 22:05:04 server1 postfix/smtpd[9433]: warning: 64.20.227.133: address not listed for hostname recover.mxtoolbox.com
Jul 22 22:05:04 server1 postfix/smtpd[9433]: connect from unknown[64.20.227.133]
Jul 22 22:05:04 server1 postfix/smtpd[9433]: NOQUEUE: reject: RCPT from unknown[64.20.227.133]: 554 5.7.1 <test@example.com>: Relay access denied; from=<supertool@mxtoolbox.com> to=<test@example.com> proto=SMTP helo=<please-read-policy.mxtoolbox.com>
Jul 22 22:05:05 server1 postfix/smtpd[9433]: disconnect from unknown[64.20.227.133]
Jul 22 22:05:11 server1 postfix/smtpd[9459]: warning: 122.180.61.226: hostname NSG-Corporate-226.61.180.122.airtel.in verification failed: Name or service not known
Jul 22 22:05:11 server1 postfix/smtpd[9459]: connect from unknown[122.180.61.226]
Jul 22 22:05:14 server1 postfix/smtpd[9459]: NOQUEUE: reject: RCPT from unknown[122.180.61.226]: 550 5.1.1 <jobs@prosoftworld.net>: Recipient address rejected: User unknown in virtual mailbox table; from=<mjaved65@gmail.com> to=<jobs@prosoftworld.net> proto=ESMTP helo=<mail.naukrinews.com>
Jul 22 22:05:17 server1 postfix/smtpd[9459]: disconnect from unknown[122.180.61.226]


and here is result of postconf|grep 'mynetworks ='
mynetworks = 127.0.0.0/8 [::1]/128

I am not remember that I install apache2-suexec or not but I did follow the guide.
Reply With Quote
  #16  
Old 22nd July 2011, 17:20
piyush piyush is offline
Junior Member
 
Join Date: Jul 2011
Posts: 22
Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by erosbk View Post
Watch for Till instructions, this is probably a problem with your apache2 or one of your sites...

Regarding open relay and postfix, test your server here:
http://www.mxtoolbox.com/diagnostic.aspx

If using postfix (it is not an open relay by default as I think), please run:

cat /var/log/mail.log | grep "smtp" | tail

and

postconf |grep 'mynetworks ='

Post both results here.

Edit: for suexec enabled, you need to have it installed "apache2-suexec" and enabled with "a2enmod suexec" before installing ispconfig. Which perfect guide did you follow?
Hi Erosbk,

Thanks for your suggestion.

If any doubts I can reinstall server from scratch with following tutorial.

What's your suggestion ?
Reply With Quote
  #17  
Old 22nd July 2011, 17:22
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

Ok, it looks like you are not an open relay.

Try this: a2enmod suexec

Post here results to see if you have it installed or not... I think that there is no need to reinstall whole server. Maybe you can install what is not installed, and as a last step, update and reconfigure ispconfig. Till could help you better with this I think...
Reply With Quote
  #18  
Old 22nd July 2011, 17:26
piyush piyush is offline
Junior Member
 
Join Date: Jul 2011
Posts: 22
Thanks: 1
Thanked 1 Time in 1 Post
Default

Quote:
Originally Posted by erosbk View Post
Ok, it looks like you are not an open relay.

Try this: a2enmod suexec

Post here results to see if you have it installed or not... I think that there is no need to reinstall whole server. Maybe you can install what is not installed, and as a last step, update and reconfigure ispconfig. Till could help you better with this I think...
here is result of a2enmod suexec
Module suexec already enabled


It's already installed
Reply With Quote
  #19  
Old 22nd July 2011, 17:29
erosbk erosbk is offline
Senior Member
 
Join Date: Mar 2011
Posts: 337
Thanks: 49
Thanked 36 Times in 30 Posts
Default

Enter in ISPConfig as admin, go sites, select one site, and see if you have this options:


...
SSI
Ruby
SuEXEC (this is what you need to have selected, does it exist?)
Own error documents
Autosubdomain
SSL
PHP (combo here to select php mode)
Activar
Reply With Quote
  #20  
Old 22nd July 2011, 17:33
piyush piyush is offline
Junior Member
 
Join Date: Jul 2011
Posts: 22
Thanks: 1
Thanked 1 Time in 1 Post
 
Default

Quote:
Originally Posted by erosbk View Post
Enter in ISPConfig as admin, go sites, select one site, and see if you have this options:


...
SSI
Ruby
SuEXEC (this is what you need to have selected, does it exist?)
Own error documents
Autosubdomain
SSL
PHP (combo here to select php mode)
Activar

Aah it's there. Before I was looking this option inside combo.

So should I check this option in all sites ?
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Virtual Users And Domains With Postfix, Courier, MySQL And SquirrelMail -Ubuntu 8.04 c4rdinal HOWTO-Related Questions 112 23rd August 2011 11:49
ISPConfig3 mail doesn't work Marr General 6 1st September 2010 10:32
I don't recieve mail. privir Installation/Configuration 2 3rd June 2009 23:08
Connection dropped by IMAP server gublym Server Operation 5 23rd January 2009 10:47
Webmail Relay Error palkat General 17 23rd April 2006 19:12


All times are GMT +2. The time now is 09:07.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.