Dedicated Servers

How to: Clear All Firewall Rules

sshAfter (or before) installing CSF, APF or some other IPTABLES based firewall there is often a need to clear all existing rules before starting the firewall otherwise you wun the risk of locking yourself out of the server console.

The following suggestion will clear all IPTABLE firewall rules.

#!/bin/sh
echo "Stopping firewall and allowing everyone..."
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

You may find it helpful to have a script on your server ready to run.

How to: Disable SELINUX

sshWhen using Plesk on Centos we’ve found the SELINUX configuration can often cause problems.

First you need to determine if SELINUX is active

cat /selinux/enforce

if 1 then disable it by:

nano /etc/selinux/config

Enter the following:

SELINUX=disabled

To disable SELINUX before reboot:

setenforce 0

Plesk: Where are the Mailman logs?

emailTroubleshooting Mailman Mailing List Manager

Mailman under Plesk provides comprehensive logging which can be useful when troubleshooting mailing list problems.

Check the maillog itself:

  • /usr/local/psa/var/log/maillog

You can find the mailman logs here:

  • Bounce log: /var/log/mailman/bounce
  • SMTP failure log: /var/log/mailman/smtp-failure

When using Mailman on Plesk, ensure to have 127.0.0.1 in your Tools & Settings > Mail Settings > White List to avoid SMTP Auth problems.

How to: Use Qmail and Spamdyke to Stop Outgoing SPAM

Using Spamdyke and Qmail to Stop Outgoing SPAM

These applications work together well but there is a loophole which can be closed as follows.

First, we force require-auth in spamdyke.conf, add this line to the top:

filter-level=require-auth

On its own this will not work properly and will block incoming mail from external providers. So, we need to dynamically create a whitelist that spamdyke can work with. We use a PHP script as follows:

<download php script>

Run this script as a cronjob every 15 minutes to gather updated email address from Plesk.

Now you will see that the spam email that has been finding its way through the loopholes can now no longer send emails. You can check the blocked emails using this rule as follows:

cat /var/log/maillog | grep "DENIED_AUTH_REQUIRED"

See how emails from ebay, paypal etc are no longer being sent from compromised accounts?

How to: Activate SNI on a Plesk server

sshIf you are running Plesk for Windows then you can activate SNI in Tools & Settings > Server Settings. Plesk for Linux always has SNI enabled if it is supported.

Most modern web browsers, starting with IE 7, Firefox 2.0, Opera 8.0, and Chrome 1.0, support SNI, unless they are run on Windows XP.

Open up a terminal session and let’s find out if SNI is active on your server:

# cat /etc/psa/psa.conf | grep SNI

# SNI
SNI_SUPPORT true

If you see this, then you are in business. If not, then unfortunately there is nothing you can do. You are likely running Centos 5.8 or older. You’ll need to upgrade to Centos 6.