Cpanel

In this tutorial we can check how to find the potential spammer account in cPanel Exim mail server. What is Spam?             In technical spam is an Unsolicited Commercial Email (UCE), means email messages sent to a personal machine without the prior request.   Types of Spam 1) Phishing spam 2) Foreign bank spam 3) Get rich easily and quickly spam 4) Illicitly pirated software 5) Newsgroup and forum spam   What are its Effects? Some effects of spam 1) Fills your Inbox with a number of bounce back emails. 2) Reduces your Internet speed. 3) Steals useful information like your credit card details and contact list information. 4) Alters your search results on search engine.   What happens after the compromise? The attacker puts a PHP file on the server that acts as part of a DDoS or a script that used to send a ton of spam. Whatever application you are using to connect to email (Outlook, Thunderbird, etc.) and use that to start spamming. We know that someone on our server is spamming. We don’t know if it’s due to a script or if it’s because someone’s machine got attacked.   Let’s look at a command which is used to searches for all external logins exigrep @ /var/log/exim_mainlog | grep _login | sed -n ‘s/.*_login:\(.*\)S=.*/\1/p’ | sort | uniq -c | sort -nr -k1 The above script is used to exigrep through our email log and return any line containing an @ and then sort, gives how many instances are there.   Let’s check which user/account has been hacked: exigrep @ /var/log/exim_mainlog | grep U= | sed -n ‘s/.*U=\(.*\)S=.*/\1/p’ | sort | uniq -c | sort -nr -k1 Using this script, we got the user who is sending the most email on the system. We can analyze that this user is producing spam.   Let’s track down the script grep “cwd=” /var/log/exim_mainlog | awk ‘{for(i=1;i<=10;i++){print $i}}’ | sort |uniq -c| grep cwd | sort -n | grep /home/ Executing this command will check the lines in the Exim log that contains the string “cwd”. It helps to find the folder where the spam is happening.   Let’s check the X-PHP-Script field grep X-PHP-Script /var/spool/exim/input/*/*-H | awk ‘{print $3}’ | sort | uniq -c | sort -nr This will search the active mail queue. It checks for the X-PHP-Script field in the header of the emails. This must be enabled in cPanel by default or it can be enabled in Whm. This above line gives which script sent the email.   Code Breakdown The below line is used to find most used mailing script’s location from the Exim mail log. grep cwd /var/log/exim_mainlog | grep -v /var/spool | awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort | uniq -c | sort -n   grep cwd /var/log/exim_mainlog Use the grep command to locate string “cwd” from the Exim mail log. This stands for current working directory grep -v /var/spool Grep with -v is used to Invert the sense of matching, To select non-matching lines.That doesn’t show any lines that start with /var/spool. Because /var/spool is the normal Exim deliveries. awk -F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ Use the awk command with the -F separator set to “cwd=”, then print out the $2nd set of data, then pipe that to the awk command again. It only prints out the $1st column, thereby we can get back the script path. sort | uniq -c | sort -n Filter the script paths by their name, and count them, sort them again in ascending order.

The Local Mail Transfer Protocol (LMTP) is a derivative of Extended SMTP (ESMTP, sometimes referred to as Enhanced SMTP, is a definition of protocol extensions to the Simple Mail Transfer Protocol standard), the extension of the Simple Mail Transfer Protocol (SMTP). LMTP is an Application Layer protocol of the Internet Protocol Suite. It must not use the default unsecure port number (25) of SMTP, but it uses a TCP (Transmission Control Protocol) transport like SMTP. When the receiving side does not have a mail queue, such as a mail storage server acting as a MDA (Mail Delivery Agent), LMTP is designed as an alternative to normal SMTP for these situations. Mail queues are an important requisite of SMTP. There are situations in which mail queues are not possible, LMTP is desirable, since a mail storage server should manage only its mail store and it will not allocate more storage for a mail queue. This is impossible with SMTP when there are multiple recipients for a mail message. SMTP can only point out the successful delivery or failure for all or none of the recipients and it also create a separate queue to handle the failed recipients. But in the case of LMTP, it can point out the success or failure to the client for each recipient and it also allow the client to handle the queueing instead. The client in this scenario would be an Internet-facing mail gateway. LMTP issues in cPanel LTMP is what Dovecot is now configured to use for local deliveries. We can discuss some LMTP issue on cPanel. If you are getting email alerts from your server as “The service ‘lmtp’ appears to be down” or alert for dovecot down. Then perform the following steps. Try to restart the dovecot service first. # restartsrv_dovecot Then you must be getting error like: mRT+MfXIqldQfgAAswxAZg: msgid=<20160810062513.AF7881C3219@domain.com>: save failed to INBOX: Quota exceeded (mailbox for user is full) Aug 10 10:56:56 server50 dovecot: lmtp(user@server50.domain.com): Error: write(/home/user/mail/dovecot-quota.lock) failed: Disk quota exceeded   This error occurs because the cPanel user has been exceeded its quota. Dovecot is very sensitive so you will need to increase the disk quota for the user in order to resolve this issue. For this, please follow the below steps.   1)  Log in to WHM. 2)  Select the icon ‘Account Function’. 3) Click on the icon ‘Modify an Account function’. 4) Select the domain which you want to modify. 5) Increase the ‘Disk Quota’ and click on the ‘Save’ button.

In this tutorial, I will show you how to “blacklist” or “whitelist” email using the spam filters found in cPanel. You can filter based on individual email addresses or entire domains. The process only takes a minute, yet it will save you a lot of time and trouble when dealing with your email inbox. Note that the kind of blacklisting we’re talking about here is done at the level of the individual recipient (that’s you). Not to be confused with email server blacklisting, which is a different topic. Apache SpamAssassin is the most commonly used spam control in cPanel configurations. But the spam filtering application used in your cPanel account may differ. The instructions below should apply regardless of the spam filtering application you use. What Does it Mean to Blacklist or Whitelist Email? When you blacklist an email address, all email sent from that address is blocked from reaching your inbox. Alternately, whitelisting an email address allows email from that address to bypass spam filters. Email from whitelisted addresses will show up in your inbox every time, regardless of the content. If you consistently find email in a spam or junk folder that you want to land in your inbox, whitelisting the address is the answer. If you receive unwanted email from an address or domain, and they don’t respond to unsubscribe requests, blacklisting will keep them out of your inbox. How to Blacklist Email in cPanel. Log in to cPanel. In the “Email” section, click the “Spam Filters” link or icon. Scroll down to the “Additional Configurations (For Advanced Users)” section. Click the “Show Additional Configurations” link. Scroll down to the “Blacklist (Emails Never Allowed)” section. Click the “Edit Spam Blacklist Settings” link. Click the “Add a New ‘blacklist_from’ Item” link. When entering addresses, either to blacklist or whitelist, you can use the following options: user@ggexample.com — To whitelist a single email address. *@ggexample.com — To whitelist all of the addresses at ggexample.com. ?ser@ggexample.com — To whitelist a single character in an address at ggexample.com (i.e., user@ggexample.com, but not theuser@ggexample.com). Enter the email address that you wish to blacklist. Click the “Update Blacklist (blacklist_from)” button. There is a success message, but otherwise, the cPanel interface can make it appear as if nothing has changed. That can be a bit confusing at first, but if you add more items you can see how the list is presented. To delete a blacklist item, click the “X” icon next to the item you wish to delete. How to Whitelist Email in cPanel Whitelisting is done using the same steps for blacklisting shown above but in the “Whitelist (Emails Always Allowed)” section. Log in to cPanel. In the “Email” section, click the “Spam Filters” link or icon. Scroll down to the “Additional Configurations (For Advanced Users)” section. Click the “Show Additional Configurations” link. Scroll down to the “Whitelist (Emails Always Allowed)” section. Click the “Edit Spam Whitelist Settings” link. Click the “Add a New ‘whitelist_from’ Item” link. Enter the email address that you wish to whitelist. Click the “Update Whitelist (whitelist_from)” button Keeping a Clean Inbox Spam filtering has come a long way, but sometimes you still need the control that blacklisting and whitelisting can provide. Knowing how to blacklist or whitelist email in cPanel is a great tool to have at your disposal. Do you use email blacklists or whitelists? If so, which do you block (or allow) more often: individual addresses or entire domains?

A common question that’s not easily answered, is the defining factors between an Addon Domain and a Parked Domain in cPanel/WHM. Here’s a chart to help simplify the differences: Characteristic Addon Domains Parked Domains Main domain appears in the address bar Yes No Apache directive used VirtualHost ServerAlias Separate logs Yes No Separate stats Yes No Treated as a subdomain (other than URL) Yes No Ideal for multiple domains sharing the same address No Yes

This is a very straightforward process in cPanel. Login to cPanel and click MySQL Databases. Under Modify Databases, search for the drop-down called “Check DB”. Select the database which is having trouble. Click the “Check DB” button. This will help to identify cause of the problem. If the problem is “Marked as crashed”, then proceed as follows. Go back to MySQL Databases. Under Modify Databases, look for the drop-down called “Repair DB”. Select the database name which is having trouble. Click the Repair DB button. Once complete, reload your web site.

Almost all web software require a database to operate and one of the most popular RDMS (Relational Database Management Software) is MySQL. A web server is pre-installed with LAMP, but if yours do not, you can refer to our earlier tutorials on how to install LAMP on your server for CentOS and Ubuntu.   1) Login into your server’s cPanel main page and look for “Databases”.   2) Click on “MySQL Database Wizard”, a guided process to assist you with the process of creating a new database.   3) Give your new database a name and click “Next Step” when you are done.   4) You now have to create a new user for the database. Your username can be the same name as your database. It is advisable to create a password using “Password Generator” as a complex password will safeguard and reduce the risk of your database being hacked and compromised. Next, click “Create User”.   5) Remember to assign all privileges to your newly created user and click “Next Step”.   6) Your new database and user are now created and ready to be used.

cPanel comes with a few useful statistic and monitoring tools analytic that contains important and useful information of your web server’s traffic and visitors. Step 1 Login into cPanel. Step 2 Click on any statistic and monitoring tool that you want to see.   Latest Visitor – Log file that displays a list of the latest visitors’ IP address. Bandwidth – You can monitor and view your web server’s bandwidth usage. Webalizer – Powerful statistic logging tool that contains all the important information you need to analyze your visitors and site traffic. Webalizer FTP – Statistic logging tool for monitoring FTP traffic. Raw Access Log – Raw data of your web server’s information. Analog Stats – Another web based statistic logging tool that is quite similar to Webalizer but display datas in analog format. Error log – Log file containing errors encountered on your web server. Awstats – Another web based statistic logging tool that is quite similar to Webalizer and Analog Stats but more polished and has a better GUI.