sendmail: Not running with correct effective GID. Is sendmail binary setgid mailtrap?

ARUN Posted in MAIL, WHM BACKEND
0

[email protected] [/]# sendmail
sendmail: Not running with correct effective GID. Is sendmail binary setgid mailtrap?
sendmail: Not running with correct effective GID. Is sendmail binary setgid mailtrap?
[email protected] [/]#

Solution :

which sendmail

chown root:mailtrap /usr/sbin/sendmail

chmod 2755 /usr/sbin/sendmail

Logs to see if the email is created/deleted in cpanel server

ARUN Posted in LOG ANALYSIS, LOG FILES, MAIL, WHM BACKEND
0

[email protected] [/usr/local/cpanel/logs]# grep mytest ./access_log | grep addpop
208.46.180.9 – arunp [05/17/2012:04:57:57 -0000] “GET /cpsess4756242303/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Email&cpanel_jsonapi_func=addpop&email=mytest&password=__HIDDEN__&quota=250&domain=arunp.in&cache_fix=1337230678750 HTTP/1.1″ 200 0 “http://72.44.91.97:2082/cpsess4756242303/frontend/x3/mail/pops.html” “Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19″
[email protected] [/usr/local/cpanel/logs]#

 

[email protected] [/usr/local/cpanel/logs]# grep mytest ./access_log | grep delpop
208.46.180.9 - arunp [05/17/2012:05:01:00 -0000] “GET /cpsess4756242303/json-api/cpanel?cpanel_jsonapi_version=2&cpanel_jsonapi_module=Email&cpanel_jsonapi_func=delpop&email=mytest&domain=arunp.in&cache_fix=1337230862987 HTTP/1.1″ 200 0 “http://72.44.91.97:2082/cpsess4756242303/frontend/x3/mail/pops.html” “Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19″
[email protected] [/usr/local/cpanel/logs]#

Roundcube logo location path in cpanel server

ARUN Posted in MAIL, WHM BACKEND
0

/usr/local/cpanel/base/3rdparty/roundcube/skins/default/images/roundcube_logo.png

Troubleshoot spamming in qmail server

ARUN Posted in ATTACK, MAIL, PLESK BACKEND
0

How to get the mail statistics :

[[email protected] qmail]# /var/qmail/bin/qmail-qstat
messages in queue: 23024
messages in queue but not yet preprocessed: 0
[[email protected] qmail]#

 

Backend path where the plesk emails are stored

ARUN Posted in MAIL, PLESK BACKEND, QMAIL
0

Plesk mail directory path :

/var/qmail/mailnames/DOMAIN.com/USERNAME

When we create a folder from within the webmail its created at the backend on

/var/qmail/mailnames/DOMAIN.com/USERNAME/Maildir/.FOLDER_NAME

ITS A HIDDEN FILE

There was an error sending your message: Failed to set sender: [email protected] [SMTP: Failed to write to socket: not connected (code: -1, response: )]

ARUN Posted in MAIL, MAIL ERROR
0

Most probably the problem is with firewall

Try stopping firewall and see if that works.

If so problem is with

SMTP_BLOCK = “1″    It should be  “0″ for  emails to work.

Reset email count in Direct Admin

ARUN Posted in DIRECT ADMIN, MAIL
0

How to reset email count in Direct admin :

echo “” > /etc/virtuage/usage/username

SMTP Error: No support for Delivery Status Notifications on Roundcube

ARUN Posted in MAIL
0
Getting the below message in roundcube while trying to send emails :
SMTP Error: No support for Delivery Status Notifications.
Solution :
You can un-check the option in Roundcube >> Settings >> Composing Message >>
"Always request a delivery status notification".

Forcefully redirect webmail to https

ARUN Posted in HTACCESS, MAIL, Webmail
0

How to forcefully redirect squirrelmail to https

Go to installation directory

cd /var/www/html/squirrelmail-1.4.22/

vi .htaccess

 

DirectoryIndex index.php

<IfModule mod_rewrite.c>
        RewriteEngine On
        RewriteCond %{SERVER_PORT}      !^443$
        RewriteRule ^(.*)$      https://%{SERVER_NAME}/squirrelmail/src/login.php [L,R=303]
</IfModule>

Error: There was an error sending your message: Failed to open sendmail [/usr/sbin/sendmail] for execution. in horde

ARUN Posted in MAIL, Webmail
0

Getting folowing error in horde :

Error: There was an error sending your message: Failed to open sendmail [/usr/sbin/sendmail] for execution.

Solution :

1) Try commenting out php disable_functions.

Most probably it will be : ‘popen’

Plesk webmail shows default psa page on 9.5 version

ARUN Posted in MAIL, PLESK FRONTEND
0

Solution :

/usr/local/psa/admin/bin/autoinstaller –select-release-current –install-component horde

Postfix mail queue management command.

ARUN Posted in MAIL, PLESK BACKEND, POSTFIX
0

Few postfix mail queue management commands.

Command to get the Id of emails to be printed on a file called remove.sh

mailq | grep “[email protected]” | awk ‘{print $1}’ | sed ‘s/!//g’ | sed ‘s/^/\/usr\/sbin\/postsuper -d /g’ > remove.sh

chmod +x remove.sh

./remove.sh


Change WHM mail server IP address

ARUN Posted in MAIL, WHM BACKEND, WHM FRONTEND
0

How to change exim mail interface IP :

Login to WHM >> Exim Configuration Editor >> and check the below.

Automatically send outgoing mail from the account’s IP address instead of the main IP address. Warning: If you turn this setting on you should make sure reverse DNS entries match the ones in /etc/mail_reverse_dns.

Login to SSh

vi /etc/mailips

* :new_IP_address

For example :

[email protected] [~]# cat /etc/mailips

* :10.10.10.5

[email protected] [~]#

 

vi /etc/mailips

domain.com:IP address

# To send the email out from the particular IP for domain.com.

 

New cPanel requires

vi /etc/mailhelo to be changed as well. See below example

**********************

domain.com : domain.com
*: server.arun.net
*********************

How to redirect emails send to root to an external email address

ARUN Posted in MAIL
0

vi /etc/aliases

scroll down to bottom and add

# Person who should get root’s mail

#root:          [email protected]

Troubleshoot Spamming 2

ARUN Posted in ATTACK, MAIL, SPAMMING
0

Get details of scripts that are used to send out spam emails :

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

Eximstats

eximstats -t5 /var/log/exim_mainlog > teststats

Script to know the mail count by various accounts

grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n

The number of mails by a domain

exigrep @domain.com /var/log/exim_mainlog|grep 2009-04-17|grep Completed|wc -l

1)Issue this command: ps -C exim -fH ewww |grep home, it shows the mails going from the server.
It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.

2)Issue this command: eximstats -ne -nr /var/log/exim_mainlog
It shows top 50 domains using mail server with options.

3)Issue this command: exim -bp | exiqsumm
It shows the main domains receiving and sending mails on the server.

4)Issue this command:    netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.
5)In order to find “nobody” spamming, issue the following command
ps -C exim -fH ewww|awk ‘{for(i=1;i<=40;i++){print $i}}’|sort|uniq -c|grep PWD|sort -n
It will give some result like:
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)

The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.

Command :
grep “cwd=” /var/log/exim_mainlog|awk ‘{for(i=1;i<=10;i++){print $i}}’|sort|uniq -c|grep cwd|sort -n
This will result in something like :
47 cwd=/root
8393 cwd=/home/sample/public_html/test

Count the cwd and if it is a large value check the files in the directory listed in cwd
(Ignore if it is / or /var/spool/mail /var/spool/exim)

Pass the below mentioned command at your command prompt to find the domain which is being used by spammers.

exim -bpr | exiqsumm -c | head

Then,

exiqgrep -ir <domain> | xargs -n1 exim -Mrm

That should remove any e-mail that is in the queue that is waiting to be delivered to POP accounts at <domain>.

Precautions:
1)Turn on the SMTP tweak. It will block the users to bypass the mail server for sending out spam.
2)Turn on blacklisting ability in whm.
3)Use spamassassin to stop receiving spam mails.