Accéder au contenu principal

beaucoup de SPAM

 I have confirmed access to the provided server, and I am familiarizing myself with your ticket request.


While this ticket is being reviewed, we ask that you do not work on your server except in emergency situations, so as to not cause any conflicts.

Please make sure to check your email in case we require access to any information that may assist us in resolving your issue.

After a quick review, I noticed that the SPF record is set to soft fail ~all

This will need to be adjusted as it appears the majority of the spam is due to people pretending to send on behalf of XXXXX.DZ  and using different servers to do so.

With a soft fail, this prevents most servers from denying the mail outright due to a lack of "permission checking" and the mail you are receiving is a result of the "bounces" because the server is not confirming or denying that it is permitted to send.

For more information about SPF records, please refer to the link below.

SPF records: Hard Fail vs Soft Fail?
How do I verify my SPF records are working?
Preventing spoofed emails

I also noticed you do have a DMARC implemented but it is not fully setup, you may want to review that and work to make it a bit stronger. Please refer to the documentation below for DMARC information

What is DMARC?


You will want to discuss these matters with a qualified system administrator to set up templates for any future accounts to make sure all of their mail settings are set up to be hardened on initial creation.

For more information on our zone templates, please refer to the link below

https://docs.cpanel.net/whm/dns-functions/edit-zone-templates/

Please note that cPanel, LLC only supports the cPanel-provided software and does not provide general system-administration services. You may, therefore, wish to seek assistance from a qualified system administrator for this issue.

Commentaires

Enregistrer un commentaire

Posts les plus consultés de ce blog

cPanel DDOS attack - Mitigate Slowloris Attacks - mod_qos

Apache mod_evasive Mod_evasive is a module available for the Apache HTTP server that can automatically block attacks by rate-limiting any IP that sends too many requests in a short time. Start by installing the module from WHM’s  EasyApache 4  interface. Select the  Currently Installed Packages  profile, search for  mod_evasive  in the  Apache Modules  section, and then install it. The default settings are good for most servers, but you can tweak them further by editing the configuration file  /etc/apache2/conf.d/300-mod_evasive.conf . You can also whitelist specific IP addresses or classes, so legitimate requests are not blocked. Configure CSF to block attacks While  mod_evasive  works very well, it only protects the Apache webserver. In order to harden other services as well, you can install the free  ConfigServer Security & Firewall  (CSF), which also includes a WHM plugin. As the  root  user, install CSF with these terminal commands: cd /usr/src rm -fv csf.tgz wget https://down
Enregistrer un commentaire
Lire la suite

Spool file is locked (another process is handling this message)

LOG: MAIN cwd=/usr/local/cpanel/whostmgr/docroot 4 args: /usr/sbin/exim -v -Mrm 1dUoey-0006YJ-3A Message 1dUoey-0006YJ-3A is locked LOG: skip_delivery MAIN Spool file is locked (another process is handling this message) To do this you can run the following commands. |exim -Mt 1dUoey-0006YJ-3A |exim -Mrm 1dUoey-0006YJ-3A I am also providing the following page in case you want more information regarding the exim command options. http://www.exim.org/exim-html-current/doc/html/spec_html/ch-the_exim_command_line.html
Enregistrer un commentaire
Lire la suite

Open Media Vault NAS change password

Known Root Password Login to the OMV using the root user and the current password via SSH or Console enter the following command passwd root The new password is now active. Unknown Root Password, but Admin Access to OMV GUI is Available In this scenario we still can help ourselves with the GUI. The method we use is, that we create a cron job for the root user which then resets the password. Navigate to System -> Cron Jobs Press the +Add button UN-tick the enabled box, so that the cronjob does not run automatically. put into the command field the following line, replace newpasswd with your password: echo "root:newpasswd" | chpasswd press okay select the newly created cron job Click the run button. in the opening window click the start button. It will shortly deactivate and activate again. open ssh or console and login as root with your new password. Root and Admin Password Unknown If you do not know the root password, you need to boot with a Li
Enregistrer un commentaire
Lire la suite