I tried a little searching both in Google and on here but this is probably going to be a private or member-based thing anyway.
I've gotten a couple comments that some of my outbound personal mail is ending up in spam folders. I think it's almost completely limited to having Outlook (or Express?) as a client... which I assume doesn't even do network-based lookups. Nonetheless I don't seem to be on any blacklists, and running it through my own spamassassin filter comes up basically zero score. But the fact that more than one person has had the problem concerns me greatly. Also, I haven't seen any significant reason why the content itself would trigger anything.
I realize a public spam test service would basically be a "testing ground" for spammers to evade detection, but there's obviously legitimate uses as well... is there such a tool somewhere? Thanks for any advice. Public information sharing is key to a forum, but PMs are welcome in this case.
After few days of not getting even "one" spam out of average 70 messages a day...the company manager got angry! He thought the mail system is down.
Our provider - a VDS subscriber who rent us shared plan for a website - said: we changed nothing. I confirmed: did you install any new anti-spam software on the site...they said: NO.
In a next conversation with the company manager, they told him they installed a new anti-spam software on the whole server and cannot make it off for our site specifically.
The problem is, they already had a kind of anti-spam software which only "marks" spam-like messages with "**SPAM**" in the subject line, and doesn't mark others. I am afraid some customers' emails get marked and deleted with this new software they claim implemented, based on false positives.
Many times I get my emails in Yahoo and Hotmail go to Spam/Junk folder for some not-widely known reasons, like sending to myself, while putting recipients in CC, and other strange reasons like just using CC in an auto-reply!
something any non-tech person might do.
I am thinking in switching to a new host where we only host mails (mx record), so we don't have "any" email deleted without our check.
I don't really know much about how mod_security rules work, I've just clicked on default configuration in WHM.
Anyway one user on our vbulletin board has pmed me saying he can't access the board. He gave me his fixed ip. And I noticed it is in CSF denied ip list as:
lfd: 5 (mod_security) login failures from xx.xx.... I've checked mod_security log and it has like twenty entries for this ip saying: ....
I'm not sure if this is the right place to be posting this, but at our hotel, we have wireless routers (Linksys) that any of our clients can use to connect their laptops to the internet. We have been getting reports from our ISP that spam has been coming from our external IP address, so I wanted to know what people would recommend as ways to combat either our computers or any of our clients' computers from sending out spam. The internet is connected through a firewall/server computer running linux. I thought about blocking port 25, but I'm sure we would have clients complaining about not being able to send any mail.
We have an AWS plesk instance with around 400 domains on. All domains DNS are pointing mail to a different server and almost all domains have a contact form on their website.
the problem is, the contact forms won't work as mail is on a different server. I'm assuming that the local server thinks mail is on the server and thinks it has already been received?
is this because we need to disable incoming mail for all of these domains? if so how would we go about doing this? I tried stopping all courier-imap services but this didn't seem to work.
i have installed a new mail server i.e. SmarterMail, and from past few days i have devoted much time to find "How to create Out Bound rules in Smarter Mail?" but unfortunately i ended up with no solution, hence here i am seeking help from all the member of WHT for my two questions:
1) Can we create an out bound rule in smartermail?
1/ What is the difference between maillog and maillog.processed? I want to keep a permanent record of all mail inbound and outbound even if delivery is deferred by the gray listing. I'm not sure which one is the best to keep.
2/ I would like to change the way that the mail logs get log rotated. I am struggling to work out exactly what happens at the moment but I would like to rotate the log out every day regardless of size. I think currently that the maillog.processed is rotated daily if it is over a specific size.
[1;33mChecking rkhunter version... [0;39m This version : 1.3.2 Latest version: 1.3.2 [ Rootkit Hunter version 1.3.2 ]
[1;33mChecking rkhunter data files... [0;39m Checking file mirrors.dat [34C[ [1;32mNo update [0;39m ] Checking file programs_bad.dat [29C[ [1;32mNo update [0;39m ] Checking file backdoorports.dat [28C[ [1;32mNo update [0;39m ] Checking file suspscan.dat [33C[ [1;32mNo update [0;39m ] Checking file i18n/cn [38C[ [1;32mNo update [0;39m ] Checking file i18n/en [38C[ [1;32mNo update [0;39m ] Checking file i18n/zh [38C[ [1;32mNo update [0;39m ] Checking file i18n/zh.utf8 [33C[ [1;32mNo update [0;39m ] Warning: Checking for preload file [ Warning ] Warning: Found library preload file: /etc/ld.so.preload Warning: The file properties have changed: File: /bin/ps Current hash: 36f3d8a9fcaebf5838e5e55ebdcac7e355477343 Stored hash : 8f1acf237e562043f8353f4ec5d0c3490c0d0cb3 Current inode: 1228803 Stored inode: 1228857 Current size: 61364 Stored size: 67088 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The command '/usr/bin/GET' has been replaced by a script: /usr/bin/GET: perl script text executable Warning: The command '/usr/bin/groups' has been replaced by a script: /usr/bin/groups: Bourne shell script text executable Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable Warning: The file properties have changed: File: /usr/bin/top Current hash: 15f1f743d73d9546a05a15644816139de7708327 Stored hash : 5e78fb7f0a02643a91964081ca03316dbaf01bdd Current inode: 246165 Stored inode: 245920 Current size: 48536 Stored size: 48504 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The file properties have changed: File: /usr/bin/vmstat Current hash: 898351bc3be226caf6915715b23a1c7cc5d35fdd Stored hash : edaa64f3921a0a2d873c14a5eb641ba883f4dcff Current inode: 246561 Stored inode: 246020 Current size: 17872 Stored size: 20444 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The file properties have changed: File: /usr/bin/w Current hash: 480c2c2e4f1048e19fc075f4daebe79fa84e08d1 Stored hash : 87f39eeb583bc7f6622e95fd0266f093ed8b362b Current inode: 246020 Stored inode: 246167 Current size: 9720 Stored size: 11720 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The file properties have changed: File: /usr/bin/watch Current inode: 246167 Stored inode: 245924 Current file modification time: 1214487892 Stored file modification time : 1195262225 Warning: The command '/usr/bin/whatis' has been replaced by a script: /usr/bin/whatis: Bourne shell script text executable Warning: The command '/sbin/ifdown' has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable Warning: The command '/sbin/ifup' has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable Warning: The file properties have changed: File: /sbin/sysctl Current hash: b560099caf18d28bcc0249efaec75dcddb87b219 Stored hash : fa13202ac5897d9f7198e8afbbe7d0c835b07639 Current inode: 589893 Stored inode: 589875 Current size: 9144 Stored size: 11048 Current file modification time: 1214487892 Stored file modification time : 1195262225
I know some of these warnings like /usr/bin/GET - groups -ldd - whatis - ifdown – ifup are normal false positives.
But other warnings are new,
I think they changed after upgrading the cpanel to 11.23 I have cpanel on centos 4.6
I was surprised to see that they had 100% uptime in May according to their logs. I am used to see 99.98%, 98.97% etc. etc. with other hosts. But even 100% is quite possible.
On June 7th the uptime suddenly dropped below 96% with avg. 7 outages. I was really disappoined as I was planning to signup. But after a day or so it again rose to 100% with 0 outages on all of their servers which clearly explained the 100% uptime of May.
According to them they had a attack because of which IPs of nodes had to be changed and subsequently they also changed it on hyperspin.com (their server monitoring service). I immediately signed up on hyperspin to verify this claim. Changing the IP or hostname of a monitored service on hyperspin doesn't reset its log is what i clearly observed. Its quite visible that the logs were reset intensionally to hide the actual server uptime and make it always show 100% percent. When i reverted back to them on this issue, they prefered to close the ticket. I just want to know from other hosts, it this practice common or primaryvps.com is an exception? Well as mentioned on their site, the uptime log is located at:
hyperspin.com/publicreport/30037/20077
But don't expect too much. It has only two figures 0 for outages and 100% for uptime.
