MyTrueHost launched Web Hosting for Indian clients just in Rs 60/Month with various payment options(netbanking, debit card, credit card,cash card or paypal).
Please Visit at https://www.mytruehost.in

Outlook Express Setup

This article is based on Outlook Expres,s but the procedure is very similar on all email clients.

1. Start your email client applications
2. Go to Tools > Accounts
3. Click on Add > Mail
4. Type in your name (this will be the name that appears as the sender of emails) and click Next.
5. Type in your email address (this will be the address that appears as the sender of emails) and click Next.
6. Choose IMAP as your email protocol (POP is supported too)
7. Type in the server addresses for your mail server.
* IMAP server for receiving emails (POP is supported too): incoming.domain.net
* SMTP server for sending emails: smtp1.domain.net
8. Type in your email address as account name and the password. Click Next.
9. Click Finish. The account is now setup.

(update: SMTP server address changed to smtp1.domain.net)
Advanced Settings
Ports

“Domain” is using the standard ports for incoming and outgoing emails.

* POP3 port: 110
* IMAP port: 143
* SMTP port: 25
* SMTP (Alternate): 26 (in case your ISP is blocking the port 25 when the smtp server given is not the ISP’s)

SSL

You can use SSL for secure connections between your email client and the POP3/IMAP services.

* POP3-SSL port: 995
* IMAP-SSL port: 993

How to redirect port using IPTABLES

You can redirect the port in IPTABLES using the prerouting parameter.

Following is the command you can use to redirect the traffic of port 587 to port 25.

$ /sbin/iptables -t nat -I PREROUTING -p tcp –dport 587 -j REDIRECT –to-port 25
$ /etc/init.d/iptables save
$ /etc/init.d/iptables restart

You can change the ports in the above command according to your need

 

Tcpdump command to monitor the SMTP activity from a IP or range of IP

Tcpdump command to monitor the SMTP activity from a IP or range of IP

The tcpdump is a useful utility to monitor the network activity in the server. You can monitor the SMTP activity to find out the mail account used by spammer.

tcpdump -i eth0 -n src 192.168.1.4 \or dst 192.168.1.4 -w smtp.tcpdump -s 2048

The above command will monitor the SMTP activity from the IP address 192.168.1.4 and will log to the file smtp.tcpdump.

Please use the following command to monitor a range of IP

tcpdump -i eth0 -n src net 219.91.0.0/16 \or dst net 219.91.0.0/16 -w smtp.tcpdump -s 2048

The above command will monitor the range of IP starting with 219.91. You can use less or Wireshark to analyze the dump file. You need to replace the network device with your network device EG : venet0:0 in a VPS.

Enable IPTABLES support in Kernel(2.6.18)

You need to recompile kernel to enable IPTABLES support. I am giving the steps to enable IPTABLES support during kernel recompilation.

Get into the kernel source directory:

#  cd /usr/local/src/kernel<version>
#  make menuconfig

Select the following option (not as a loadable module)

Networking >> Networking options >> Network packet filtering (replaces ipchains) >> Core Netfilter Configuration >> Netfilter Xtables support (required for ip_tables) and select the all following options as modules.

Networking >> Networking options >> Network packet filtering (replaces ipchains) >> IP: Net Filter configurationS >> IP Tables support

#  make
#  make modules
#  make modules_install
#  make install


Config Server Firewall (CSF) Installation

ConfigServer Firewall (csf) is a Stateful Packet Inspection (SPI)

It is a firewall that keeps track of the state of network connections (such as TCP streams, UDP communication) travelling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall; others will be rejected.

It used iptables firewall which is simple, straight-forward, easy and flexible to configure and secure with more checks to ensure smooth operation.

Installation

1. wget http://www.configserver.com/free/csf.tgz
2. tar -xzf csf.tgz
3. cd csf
4. sh install.sh

If APF and BFD is already enabled, then you have to disable it. Otherwise both (CSF and APF) will conflict.

To disable APF,

sh disable_apf_bfd.sh

CSF is configured to work on a cPanel server with all the standard cPanel ports open.

The configuration file is located at /etc/csf directory.

ip_conntrack and APF issue

A server is limited to a certain number of TCP/IP connections that it can keep track of.

ip_conntrack is a module which has the limit set in its conntrack database. If the table exceeds this limit, even the legitimate packets will be dropped.

We usually tweak this parameter in the sysctl.conf file.

But if you have APF installed, even if you set the sysctl parameter, APF will reset the conntrack value, since APF configuration file has conntrack value set to 34576 by default.  [SYSCTL_CONNTRACK=”34576″].

So in servers having APF, you would need to increase the above parameter and then restart APF.


How to uninstall apf in linux machine

You can use the following steps to uninstall apf in a linux machine:

Stop the apf service running in the server.

$ /etc/rc.d/init.d/apf stop

Remove the apf files from the server.

$ rm -Rf /etc/apf
$ rm -Rf /etc/rc.d/init.d/apf
$ rm -Rf /var/log/apf_log
$ rm -Rf /var/log/apfados_log
$ rm -Rf /usr/local/sbin/apf

Disable apf in the run levels.

 $ /sbin/chkconfig –level 345 apf off

Open up and remove this line:

$  vi /etc/cron.daily/fw
/etc/rc.d/init.d/apf restart >> /dev/null 2>&1

named: the best practice in editing configuration files.

It is sometimes easy to make changes in named.conf file or in any zone files manually though the control panel has options to modify them. If the changes are being made manually, we should also make sure that the configuration as well as the zone files are not being messed up.

The bind package has utilities to check the syntax of named.conf and any zone files. We can make use of those binaries to check our modifications done to those files before reloading or restarting named service.

To check the sytax of zone file /var/named/kb.com.db for the domain kb.com,

[root@bash ~]# named-checkzone kb.com /var/named/kb.com.db
zone kb.com/IN: loaded serial
OK
[root@ bash~]#

If everything is correct, it will show the serial number with which the zone file is loaded. Otherwise, it will give error message indicating the line number at which the error occured.

To check the syntax of named.conf file,

[root@bash ~]# named-checkconf /etc/named.conf
[root@bash~]#

You may also load the configuration of all master zones listed in named.conf at the time of checking the syntax as,

[root@bash ~]# named-checkconf -z /etc/named.conf
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone kb.com/IN: loaded serial
[root@bash ~]#

The command will show a detailed output in case any error in named.conf file.

This way we can make sure that we are not editing the configuration file wrongly.

 

Split DNS

What is split DNS

It is an advanced concept, and in which, the DNS server is configured to respond to the same query differently, based on the hosts accessing it. It is done by configuring different views or visibility in name server. A typical example is, how DNS server responds to the queries from the same server and the queries from outside of the server. The view clause is available with BIND 9.x, and hence the latest release of Cpanel is using this concept.

Configuration

In this configuration, we will be considering only two views to the name server. One is internal and other is external. The internal view is
responsible for handling queries from within the server, and the external view, responsible for managing queries from outside the server.

In the following example, we consider adding a domain name say “example.com” to the internal view as well as the external view.

view “internal” {
match-clients        { localnets; };
match-destinations    { localnets; };
recursion yes;

zone “.” IN {
type hint;
file “/var/named/named.ca”;
};

zone “example.com” {
type master;
file “/var/named/example.com.db”;
};
};

view    “external” {
recursion no;

zone “.” IN {
type hint;
file “/var/named/named.ca”;
};

zone “example.com” {
type master;
file “/var/named/example.com.db”;
};
};

A view is matched against a particular query based on match-clients or match-destinations statements in the view clause. In the above example, view “internal” has the following statements.

match-clients        { localnets; };
match-destinations    { localnets; };

Here, the match-clients matches source IP address of the host and match-destinations matches the destination IP address specified in DNS request. It is specified as “localnets”. It is a builtin macro, which matches any hosts on that network. Other bulitin macros are the following:

any – allows all hosts
none – denies all hosts
localhost – allows IP address of all interface on the system

If we haven’t defined any match statements, it will default to any and allows request from any hosts.

So, in our example, view “internal” will be allowing requests from all the IPs that are configured on the server. Since view “external” doesn’t have any match statements, it will allow queries from anywhere.

In this example, we allow recursive query only within the server. In view “external”, the recursive query is disabled.

Conclusion

We can configure the a single DNS server to behave differently by defining appropriate views. There is no need to run separate DNS servers for internal as well as external networks. We can also make some restrictions, just like the way, we disabled recursion for queries from outside the server.

 

 

Unable to restart named

Getting the following errors while trying to restart named in a cPanel server.

root@host [~]# service named restart
Stopping named: [FAILED]
Starting named: [FAILED]

root@host [~]# service named status
rndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.

So named restart failed. Next step is to find the exact reason and this can be find out in /var/log/messages. In my case I got the following error in /var/log/messages while restarting named.

May 5 01:44:51 host named[7460]: starting BIND 9.3.3rc2 -u named
May 5 01:44:51 host named[7460]: found 4 CPUs, using 4 worker threads
May 5 01:44:51 host named[7460]: loading configuration from '/etc/named.conf'
May 5 01:44:51 host named[7460]: no IPv6 interfaces found
May 5 01:44:51 host named[7460]: listening on IPv4 interface lo, 127.0.0.1#53
May 5 01:44:51 host named[7460]: listening on IPv4 interface venet0:0, 67.222.12.150#53
May 5 01:44:51 host named[7460]: listening on IPv4 interface venet0:1, 67.222.13.150#53
May 5 01:44:51 host named[7460]: /etc/rndc.key:1: configuring key 'rndc-key': bad base64 encoding
May 5 01:44:51 host named[7460]: loading configuration: bad base64 encoding
May 5 01:44:51 host named[7460]: exiting (due to fatal error)

 

This error is due to the mismatch of the secret key in /etc/rndc.conf and the include file /etc/rndc.key. Both the keys should be the same.

After copying the secret key from the file /etc/rndc.conf to /etc/rndc.key, named was restarted successfully.

root@host [~]# service named status
number of zones: 19
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/1000
tcp clients: 0/100
server is up and running