WHM/CPanel Sends Private Key Via Clear Text Email
Sep 30, 2007
Why does the WHM panel send me my private key and passphrase for my SSL certificate to my inbox when I generate a CSR? Um... isn't that a bit insecure?
I purchased a Rapid SSL cert from NameCheap who then needed a Certificate Signature Request(CSR) which is generated from WHM.
After generating the CSR, WHM sent me an email that is literally titled 'SSL RSA PRIVATE KEY for *.<domain_removed>.com'
The email not only contains the ----- RSA PRIVATE KEY----- but also my 'challenge password' .
is this supposed to happen? and why on earth would my private key and passphrase be sent via unencrypted email? The only think I can think of is that the WHM panel feature is being used to generate the CSR and is sending me a self-signed cert private key , which I'm not going to use (i'm only going to use the CSR) Even if thats the case, I think it still shouldn't happen, its too confusing for newbies like me and I could just end up using the same passphrase for my actual certificate.
Here are the steps I followed:
1. purchased a RapidSSL from namecheap
2. Clicked 'Activate' in namecheap's SSL dashboard which then asks me for a CSR.
To get the CSR, per Site5's wiki:
1.logged into WHM
2. clicked 'Generate a SSL Certificate and Signing Request'
3. completed the 'create a new cert' form which among other things, asks me for the 'Email address the cert will be sent to'. For all the fields, see the site5 wiki
4. click Create
View 5 Replies
ADVERTISEMENT
Jan 20, 2008
I just recently logged into my user email account "the one which was created by the name of the user of the account" and found it had 8000 emails but none are showing up in either horde or squirrelmail. How can i delete all these emails without deleting the other bla@domain.com emails? Is there a way just to clear a specific email account in cpanel or a command line way. I think if i just delete the mail folder it would kill all the emails of that account and I just want to 'reset' that one.
View 4 Replies
View Related
Mar 19, 2008
Every email which gets automatically sent out from my server begins with:
Reply-To: noreply@MYDOMAIN.com
X-Mailer: PHP/4.4.7
Message-Id: <20080319210750.564111CEC004@mx.MYDOMAIN.com>
Date: Wed, 19 Mar 2008 22:07:50 +0100 (CET)
Dear DOMAIN.com Member,
This is not in our PHP code or anything, and I can't seem to remove it, its just a tad annoying. How do I remove it?
View 6 Replies
View Related
Jun 5, 2009
I am currently setting up my server, and are experiencing some problems.
Some of the mails sendt with the php mail() func, ends up in the mail queue in DA, and I get the following error log in DA:
2009-06-04 20:36:02 Received from <> R=1MCHnG-0005uQ-9v U=mail P=local S=1344 T="Mail delivery failed: returning message to sender"
2009-06-04 20:36:02 routing failed for admin@vmnd001.local <admin@munnbind.net> F=<>: Unrouteable address
2009-06-04 20:36:02 routing failed for admin@vmnd001.local <admin@munnbind.net> F=<>: Unrouteable address
*** Frozen (delivery error message)
This only happens with some email domains though. If I set the recipient to my yahoo mail, it works as a sharm, but when I set my other email (<<removed>>) as recipient, i get the error log above.
View 4 Replies
View Related
Jun 21, 2013
when somebody send email to hisname@hisdomain.com I'm getting that email in my mailbox (administrator email in Plesk settings).There is no CC or BCC in email recipient.I've tried to turn off the auto-reply and I'm not getting any emails.
View 10 Replies
View Related
Jun 17, 2015
I need to be able to access email passwords in plain text (not encrypted). I'm running with updates so as to not force encryption, which I'm told is a one-way deal. I'm going to have to go to new hardware soon, as I'm finding the hardware starting to fail.
I understand the "mail_auth_view" utility shows the passwords, and was wondering if it will decrypt them for you?
If not, how can I keep the behavior of non-encrypted email passwords so that the customer administrators still have access to them for their users? I know a new install forces encryption, which is why I can't do that. How can I preserve the non-encrypted passwords and move to new hardware? This seems to be a deal breaker for my customers.
View 3 Replies
View Related
Jun 17, 2015
I'm just moved from VPS OVH to KIMSUFI DEDI and got question about DNS records because isn't clear at all for me...
Domain: xxx
New DNS should be:
ns.kimsufi.com
ns3006711.ip-151-80-42.eu
My DNS records looks like that: E-mail didn't work properly as well...
View 1 Replies
View Related
May 30, 2007
1. What is the difference between the send & smtp tables within MySQL's eximstats?
2. What do they log?
3. Do they get cleaned up and old stats gets removed?
View 0 Replies
View Related
Jan 5, 2007
My host gave refuge to a ROKSO spammer and got the C-block listed in SpamHaus and cant get it removed.
So they mapped a new, clean IP to my server and I need to change the IP that my MTA is sending out under. Since I didnt set this up and the guy who did is not avaliable to me ATM, I cant seem to figure this out.
View 3 Replies
View Related
Sep 4, 2008
I am currently with the planet and am happy with them, however as part of a new venture I need to gather a list of hosts as well as the planet that will be able to cater to the ventures needs and go to tender with the requirements.
ThePlanet offer something called a virtual rack. This is cheaper than renting a dedicated rack, allows for Gb networking but doesnt not allow for a SAN. Do other providers offer something similar? The cost of putting a machine on the virtual rack is not that much more expensive than just renting the machine. I guess there isn't too much to these set-ups to be fair.
If not, then we are looking for dedicated racks, with the ability to host a SAN at some point, but starting off with say 3 servers (2 web servers, 1 storage server with raid5 6Tb of hdd). These servers will be dealing with network cameras although I don't think that many will be streaming at once but the network capacity does need to be there.
Who's door should I be knocking on to find out some prices?
One final thing, should I bother looking for co-lo providers as well? We are in the Uk but not precious about our host being in the same country at all (it would be nice but uk prices are ££). Really, all we would be able to do with co-lo is buy the hardware outright to save price as we are not interested in looking after the hardware.
View 13 Replies
View Related
Nov 13, 2008
I have loads of spam messages being sent from my VPS and I think one (or more) of the legit email accounts are used to send spam (either someone worked out the passwords or users of those accounts have malicious software installed on their machines.
How can I check which email accounts send which emails? Currently nothing is being logged by qmail (/var/log/mail* are empty).
View 10 Replies
View Related
Dec 18, 2007
I have these lines in sendmail.mc and I've compiled the sendmail.cf with them:
LOCAL_DOMAIN(`freesexdoor.com')dnl
MASQUERADE_AS(`freesexdoor.com')dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl
I have the users daemon, freesexd and root in the trusted_users file. I have restarted sendmail (using service sendmail restart). I have the domains: server.freesexdoor.com, freesexdoor.com and mail.freesexdoor.com in the sendmail's local_hosts file.
In Apache 2's httpd.conf, I have this: php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f freesexd [at} freesexdoor.com'
Yet when I sent an e-mail with php to advertising [at} freesexdoor.com, I got these headers in the e-mail, which don't look good to a spam filter:
Received: from localhost.localdomain (IS-3293 [127.0.0.1])
by localhost.localdomain (8.13.8/8.13.8) with ESMTP id
Received: (from daemon@localhost)
by localhost.localdomain (8.13.8/8.13.8/Submit) id
Message-Id: <200712180935.lBI9ZrRs005480@localhost.localdomain>
Additionally hotmail rejects my e-mails and it is obvious why. (My OpenSPF record is fine btw and on my former server I was able to send e-mails with it fine.)
Naturally I want something like "freesexdoor.com" to replace "localhost.localdomain" in those header lines. So how can I get this working?
The OS is CentOS 5 by the way.
View 6 Replies
View Related
May 19, 2009
We're looking for a VPS in the UK that comes with cPanel. Ideally we'd want around 100GB storage and 1GB Ram. Budget is around £40. Can anything be bought for that price?
View 10 Replies
View Related
May 18, 2009
I have a dedicated server running WHM 11 Accelerated/ Cpanel
Main IP: 111.11.111.11
DNS1: 222.22.222.22
DNS2: 333.33.333.33
I will be hosting/ building my own sites on the box so I want to assign
each site dedicated IP and custom nameservers.
I have created a base package, now I have managed to create the setup
I want 2 different ways what I need to know is am I right/ wrong, which one
is the best way and if there is a better way.
I create an account in WHM, click the reseller option while doing so with
dedicated IP. So now I have a cpanel/reseller account with
DNS Zone: [url]/ Dedicated IP: 444.44.444.44
In WHM I click DNS Zone / Add a DNS Zone
Add IP: 555.55.555.55
Add DNS A Zone 1 ns1.[url]
Select Reseller
Save
Add IP: 666.66.666.66
Add DNS A Zone 2 ns2.[url]
Select Reseller
Save
now I have 3 zones & 3 IP
[url]- 444.44.444.44
[url]- 555.55.555.55
[url]- 666.66.666.66
The second way I do it is to use the cpanel accounts IP as 1 of the nameservers and end up like this:
now I have 3 zones & 2 IP
[url] - 444.44.444.44
[url]- 444.44.444.44
[url]- 555.55.555.55
View 3 Replies
View Related