October 15, 2014

Fix spamming in cpanel exim server

Spam is most often considered to be electronic junk mail or junk newsgroup postings. It may be defined even more generally as any unsolicited email.

Generally, spamming can happen in three ways.

1. By hacking an email account which has a simple password, which is easy to guess.

2. By uploading script on the server which send out mails at regular intervals.

3. Via forum or newsletters scripts which are sending mass emails.

A fix to a spamming issue means :

* Block the IP address if it is an incoming spamming.(Make use of iptables or csf, apf)

* Change the password, disable mailing list and scripts or even suspend the account, if it is an outgoing spamming.

Case 1:

1) Go for the command ‘exim ­bpc’, this will count the number of mails waiting in the mail queue.

For example:

# exim -­bpc

2) Once you find a high number on the queue, check for live spamming by going for the command

#exim -­bp | tail ­-10

For example:

0m 1.5K 1XV6jK­0005iy­RF <user@domain.com>


0m 1.5K 1XV85i­000223­B6 <user@domain.com>


0m 1.5K 1XV9T1­0003ET­D3 <user@domain.com>


3) Check for each mail’s header by hitting the command, ‘exim ­Mvh message ID’.

For example:

#exim ­-Mvh 1XV6jK­0005iy­RF



user 614 32007


1411165962 0

­ident user

­received_protocol local

­body_linecount 23

­max_received_linelength 98

­auth_id user

­auth_sender user@domain.com






id 1XV6jK­0005iy­RF

for user@example.com; Sat, 20 Sep 2014 06:32:42 +0800

060T To: =?UTF­8?B?bXlybmFpdTM=?= <user@example.com>

099 Subject:



026F From: <user@domain.com>

030R Reply­To: <user@domain.com>

033* Return­Path: <user@domain.com>

028* Sender: <user@domain.com>

018 MIME­Version: 1.0

059I Message­ID: <593045bb511db542f2a9955da9509c67@pvollering.com>

038 Date: Sat, 20 Sep 2014 06:32:42 +0800

040 Content­Type: text/plain; charset=UTF­8

032 Content­Transfer­Encoding: 8bit

014 X­Priority: 3

026 X­MSMail­Priority: Normal

017 X­Mailer: phpBB3

018 X­MimeOLE: phpBB3

046 X­phpBB­Origin: phpbb://www.domain.com/phpbb/ucp.php

061 X­AntiAbuse: Board servername ­ =?UTF­8?B?cHZvbGxlci5uZXQ=?=

025 X­AntiAbuse: User_id ­ 1

049 X­AntiAbuse: Username ­ =?UTF­8?B?QW5vbnltb3Vz?=

038 X­AntiAbuse: User IP ­ xxx.xxx.xxx.xxx

Here, please look into the field auth_id where the authentication id is ‘user’ which is being used to send spam emails. Here the cpanel account ‘user’ is used to send spam via scripts.

4) The next step is to locate the spam script under this account.

If the mails are sent by PHP script, the following commands will show the script which is used to send the email.

#cd /var/spool/exim/input

#egrep “X­PHP­Script” * ­R

The message IDs and the location of the scripts will be listed. Just cat the message ID to view the message header and the spamming script.

Also, you can run the following command to pull the most used mailing script’s location.

#grep cwd /var/log/exim_mainlog | grep ­v /var/spool | awk ­F”cwd=” ‘{print $2}’ | awk ‘{print $1}’ | sort |

#uniq ­c | sort ­n

For example:


2644 /home/domain/public_html/phpbb

We can see /home/domain/public_html/phpbb has more outgoing emails in the list.

Also from the email header pasted above, you can see that the spam script location is www.domain.com/phpbb/ucp.php

Now you can go ahead with null ­routing the particular script.

For example:

#cd /home/domain/public_html/phpbb

#chown root: ucp.php

#chmod 000 ucp.php
5) Now take a look at our Apache access log to see what IP addresses are accessing this script using the following command:

For example:

#grep “ucp.php” /home/domain/access­logs/domain.com | awk ‘{print $1}’ | sort ­n | uniq ­c | sort ­n

You should get back something similar to this:


10408 xxx.xxx.xxx.xxx

We can see the IP address xxx.xxx.xxx.xxx which has used our script in a malicious nature.

If you find a malicious IP address sending a large volume of mail from a script, you can block them at your server’s firewall so that they can’t try to connect again using the commands given below.

In csf: csf ­-d xxx.xxx.xxx.xxx

In iptables: iptables ­-I INPUT -­s xxx.xxx.xxx.xxx -­j DROP

In apf: apf ­-d xxx.xxx.xxx.xxx
And finally save the rule which you have added.

6) Clear the spam email using the command given below

#exim ­-bp | grep “user” | awk ‘{print $3}’ | xargs exim -Mrm

Case 2:

1) Follow step (1) and (2) as in case 1

2) Please use the following command to sort the mails in the queue on the basis of number of mails and the corresponding email account.
This will list the mail IDs and its weight in the increasing order of their weight in the queue, that is, mail IDs with higher number of mails in the mail queue will be listed at the last.

#exim -­bpr | grep “<*@*>” | awk ‘{print $4}’|grep ­v “<>” | sort | uniq ­c | sort ­n

For example:

The output will look like:

1 test@example.com

1762 user@domain.com

3) Now you can read the email headers under the email account user@domain.com with the command

#exim -­bp | grep user@domain.com | tail ­-10

This will list you the output as given below:

0m 1.5K 1XV6jK­0005iy­RF <user@domain.com>

0m 1.5K 1XV85i­000223­B6 <user@domain.com>

0m 1.5K 1XV9T1­0003ET­D3 <user@domain.com>

0m 1.5K 1XV9Ti­0003KJ­55 <user@domain.com>

0m 1.5K 1XVArh­0000DU­6Z <user@domain.com>

4) Check for each mail’s header by hitting the command, ‘exim ­-Mvh message ID’.

For example:
# exim -­Mvh 1XV6jK­0005iy­RF


mailnull 47 12


1411184761 0

­helo_name webmail.domain.com


­host_name localhost.localdomain

­host_auth dovecot_login


­received_protocol esmtpa

­body_linecount 215856

­max_received_linelength 76

­auth_id user@domain.com




250P Received: from localhost.localdomain ([]:35444 helo=webmail.chai.in)

by sp12.twist.in with esmtpa (Exim 4.82)

(envelope­from <user@domain.com>)

id 1XVBcX­0000CX­3r

for info@companyname.com; Sat, 20 Sep 2014 11:46:04 +0800

018 MIME­Version: 1.0

078 Content­Type: multipart/mixed;


038 Date: Sat, 20 Sep 2014 11:46:01 +0800

028F From: user@domain.com

025T To: info@companyname.com

068 Subject: Request quotation for Operable wall at S’Poly(T1A610)­ OLS

059I Message­ID: <a49d791ef84993a11e09c3fae7d8c187@chai.in>

032 X­Sender: user@domain.com

036 User­Agent: Roundcube Webmail/1.0.1

Please look into the field auth_id ie authentication email address ‘user@domain.com’ which is being used to send spam emails.

Now, you should reset the password of the email account as soon as possible.

5) You can check the maillog to check the IP address from where this email address has been accessed.

For example :

#grep user@domain.com /var/log/maillog | awk ‘{print $10}’ | sort ­n | uniq ­c | sort ­n
941 rip=192.168.0.x,

2632 rip=xxx.xxx.xxx.xxx,
Now you can block them at your server’s firewall so that they can’t try to connect again using the commands given below.

In csf: csf ­-d xxx.xxx.xxx.xxx

In iptables: iptables ­-I INPUT ­-s xxx.xxx.xxx.xxx -­j DROP

In apf: apf ­-d xxx.xxx.xxx.xxx
And finally save the rule which you have added.

6) Please use the following command to clear the emails from a particular account.

#exim ­-bpu | grep ­e “frozen” ­e “user@domain.com” | awk ‘{print $3}’ | xargs exim ­-Mrm

Please replace “user@domain.com” with the actual email address.

Case 3:

If email are sent via newletters or forms, you can ask the customer to add any verification methods in page. One of the authentication methods is catpcha.
Redirect them to a developer to enable captcha on their contact forms.

You can refer the URL given below for more details about captcha.



AddThis Social Bookmark Button

October 4, 2014

Samba Server setup and cifs mount

Filed under: General Topics,Linux Basics,Miscellaneous — Bella @ 1:21 am

Samba is a free software re-implementation of the SMB/CIFS networking protocol.We need to setup and configure samba server where the drive to share or mount is located.

Samba Server uses the following port no. :

Daemon name : smb and nmb Samba services are implemented as two daemons: smbd, which provides the file and printer sharing services, and nmbd, which provides the NetBIOS-to-IP-address name service. NetBIOS over TCP/IP requires some method for mapping NetBIOS computer names to the IP addresses of a TCP/IP network.

How to install and configure samba server:

Step 1: Install through yum command. cups-libs is for printer.

#yum install samba samba-commons cups-libs

Step 2: create a directory which you would like to share
#mkdir /shared

Step 3: Add a new group or you can use existing group to provide access on shared directory,Here I am adding new group called staff.
#groupadd staff

Step 4: Change the group and permission of sharing folder
#chgrp -R staff /shared  chmod -R 777 /shared

Step 5: Change the selinux security context on sharing directory and set the selinux boolean value for samba .
You can skip this step if selinux has permissive or disabled status. (use sestatus command to check selinux status)
#chcon -R -t samba_share_t /shared/
#semanage fcontext -a -t samba_share_t /shared/
#setsebool -P samba_enable_home_dirs on

Step 6: create user and add them in group called staff. And set the samba password for this user.
#useradd test
#usermod -G staff test
Set Password, here test123
#smbpasswd -a test
New SMB password:
Retype new SMB password:
#tdbsam_open: Converting version 0.0 database to version 4.0.
#tdbsam_convert_backup: updated /var/lib/samba/private/passdb.tdb file.

Step 7: Take backup of /etc/samba/smb.conf file then edit the smb.conf file.
#cd /etc/samba/
#cp -p smb.conf smb.conf.orig
And add the below given parameters in last line of  samba config file /etc/samba/smb.conf file
#vi /etc/samba/smb.conf

comment = shared-directory
path = /shared
public = no
valid users = test, @staff
writable = yes
browseable = yes
create mask = 0777
directory mask = 777
force directory mode = 755
force group = root
force create mode = 644
force user = root
create mode = 644
directory mode = 775

The name in square braces is the name that we are referring while doing mount from remote server

Step 8: Edit these lines in /etc/samba/smb.conf . To allow network to reach samba server.

Change the value of with your subnet. And change the ethernet value which is in used by your system and which you want to allow for traffic.
In second line ,192.168.0. is for subnet .Same rule applied to 127. which is for loopback.

#vi /etc/samba/smb.conf

interfaces = lo eth0 eth1
hosts allow = xxx.xxx.xxx.xxx

Please test the syntax on the config file using ‘testparm /etc/samba/smb.conf’  after the changes.

Note: Mainly for windows users,if your all PC in your network are using different WORKGROUP name edit the given below line in smb.conf with your workgroup name. Windows system by default uses the WORKGROUP as WORKGROUP. Try first without changing the WORKGROUP name,if required do the change.

workgroup = MYGROUP

Step 9 : Add services in /etc/services files
#vi /etc/services

netbios-ns    137/tcp            # netbios name service
netbios-ns    137/udp            # netbios name service
netbios-dgm    138/tcp            # netbios datagram service
netbios-dgm    138/udp            # netbios datagram service
netbios-ssn    139/udp            # netbios session service
netbios-ssn    139/udp            # netbios session service

Step 10: Add iptables rule in samba server for port no. 137,138.139 and 445.

Edit /etc/sysconfig/iptables file

Note: If in your network iptables service is stopped or there is no rule set up.Kindly skip this step. Change the value with you network subnet.

vi /etc/sysconfig/iptables

Add the below lines  to the file /etc/sysconfig/iptables just before COMMIT or open the ports for the IPs

-A INPUT -s -m state –state NEW -p tcp –dport 137 -j ACCEPT
-A INPUT -s -m state –state NEW -p tcp –dport 138 -j ACCEPT
-A INPUT -s -m state –state NEW -p tcp –dport 139 -j ACCEPT
-A INPUT -s -m state –state NEW -p tcp –dport 445 -j ACCEPT

Now save and restart the iptables

Step 11: Now start the smb and nmb services.

#/etc/init.d/smb start
#/etc/init.d/nmb start
#chkconfig smb on
#chkconfig nmb on

Step 12: Now we will test samba from linux

#mount -t cifs //samba-server-ipaddress/shared-directory-name -o username=USERNAME /mnt/

In our Example:
#mount -t cifs //xxx.xxx.xxx.xxx/shared -p username=test password=test123 /backup
Fstab entry (/etc/fstab)
//xxx.xxx.xxx.xxx/shared /backup cifs  username=test,password=test123,rw 0 0
# df -h |grep backup
//xxx.xxx.xxx.xxx/shared  917G   17G  854G   2% /backup

Windows User:

Open the Run and type \\ip-address-of-samba-server\shared-Direcory-name

eg :  \\xxx.xxx.xxx.xxx\shared

Give username and password. here the suername is “test” and the password is “test123″

AddThis Social Bookmark Button

September 29, 2014

WordPress Theme Installation

Filed under: General Topics,Linux Basics — Bella @ 8:44 pm

WordPress is a free and open source blogging tool and a content management system (CMS) based on PHP and MySQL. WordPress is the most popular blogging system in use on the Web, at more than 60 million websites.

WordPress Themes :

WordPress users may install and switch between themes. Themes allow users to change the look and functionality of a WordPress website or installation without altering the information content or structure of the site.

Themes may be installed using the WordPress “Appearance” administration tool or theme folders may be uploaded via FTP. The PHP, HTML(hyper text markup language) and cascading style sheets(CSS) code found in themes can be added to or edited for providing advanced features. Thousands of WordPress themes exist, some free, and some paid for templates.

WordPress users may also create and develop their own custom themes if they have the knowledge and skill to do so.

Install WordPress Themes :

Installing a WordPress theme is easy. You can install a free WordPress theme by using the following steps.

>>> First you need to login to wordpress admin panel

Admin page.JPG


>>> Then from your WordPress dashboard, navigate to the Appearance > Themes menu.


>>> Click on the “Add new” button.

Add new.JPG

>>> Choose the theme that suit your website from the list that appears and select “Install”



>>> After installation, you will be guided to a page like below

>>> Select “Activate” link from the options available

>>> You have installed the theme successfully.
If you have already downloaded the zip file of the wordpress theme and you wish to install that particular theme for your website, then you can install it using the below given steps :

>>> First you need to login to wordpress admin panel

>>> Then from your WordPress dashboard, navigate to the Appearance > Themes menu.

>>> Click on the “Add new” button.

>>> Select “Upload Theme” option

>>> Select “Browse” option

>>> Upload the zip file and select “Install Now”.


>>> After installation, you will be guided to a page like below.



>>> Select “Activate” link from the options available

>>> You have installed the theme successfully

After installation, when you refresh your website, it should load with the new WordPress theme.

AddThis Social Bookmark Button

Shell shock vulnerability

A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X. Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability could allow an attacker to gain control over a targeted computer if exploited successfully. And because Bash is everywhere on Linux and Unix-like machines and interacts with all parts of the operating system, everyone anticipates that it will have lot of repercussions.

How does Shellshock work?

Shellshock exploits a flaw in how Bash parses environment variables; Bash allows functions to be stored in environment variables, but the issue is Bash will execute any code placed after the function in the environment variable value.

For example, an environment variable setting of VAR=() { ignored; }; /bin/id will execute /bin/id when the environment is imported into the bash process.
I am vulnerable?

You can check if you’re vulnerable by running the following lines in your default shell.

env X=”() { :;} ; echo vulnerable” `which bash` -c “echo Check completed”

If you see the word “vulnerable” echo’d back , then you’re at risk.

How Shellshock is Impacting the Web ?

The most likely route of attack is through Web servers utilizing CGI (Common Gateway Interface), the widely-used system for generating dynamic Web content. An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. The attacker is able to inject environment variables inside all bash process spawned by a web server under the CGI specification. This will occur directly if the CGI script is programmed in bash or indirectly by system calls inside other types of CGI scripts since the environment will propagate to the sub-shell. The vulnerability will automatically be triggered at the shell process instantiation. Furthermore if specific headers are used as attack points, the payload may not appear in the web-server logs, letting a compromise occur with virtually no trace of the intrusion.

CGI stores the HTTP headers in environment variables. Let’s say the example.com is running a CGI application written in Bash script.

We can modify the HTTP headers such that it will exploit the shellshock vulnerability in the target server and executes our code.

curl -k http://example.com/cgi-bin/test -H “User-Agent: () { :;}; echo Hacked > /tmp/Hacked.txt”

Here, the curl is sending request to the target website with the User-Agent containing the exploit code. This code will create a file “Hacked.txt” in the “/tmp” directory of the server.

What can I do to protect myself?

Major operating software vendors including RedHaT, CentOS, etc are already released a initial patch for this bug.

Red Hat—https://access.redhat.com/articles/1200223*
Novell/SUSE— http://support.novell.com/security/cve/CVE-2014-6271.html

If a patch is unavailable for a specific distribution of Linux or Unix, it is recommended that users switch to an alternative shell until one becomes available.

Need expert assistance?

SupportPro has a team of well experienced professionals. We can check your server for Shellshock vulnerability and patch the server so that you and your customers are secure from this attack. Feel free to contact us if you need assistance.

AddThis Social Bookmark Button

September 23, 2014

Email signature in different mail clients and webmail

Filed under: General Topics,Miscellaneous — Bella @ 11:08 pm

Email signatures are generally used to display the sender’s name and contact information at the end of an email. We can use website links or even images in the signature for providing identity of an email owner. It is much easier if this content is automatically added to the end of every email instead of manually adding it for each email. We can create email signature in both webmail and email clients.

Below are the instructions on how to add your own custom email signature in different email clients and webmail.


  1. Login to webmail and click on RoundCube
  2. Click on “Settings” at the top right side of the page.
  3. On the Settings page, click on the “Identities” Tab at the left side.
  4. Double click on the email address that you want to create a signature for.
  5. Add your signature and click Save.

To include images in your email signature :

  1. Login to RoundCube >> Settings >> Identities
  2. Click on the desired identity in the left hand panel.
  3. Click the HTML Signature check-box under the ‘Signature’ tab. This will cause the Signature field to allow special formatting.
  4. Now Click on the HTML icon which is for editing HTML source code.
  5. In the pop-up HTML Source Editor window, enter in the following code replacing this image path with your own: <p><img src=”http://domain.com/imagefilename.jpg” alt=”" width=”125″ height=”85″ /></p>
  6. Click on Update to be dropped back to the signature editing page.
  7. Then click on Save to save the signature.
  8. Now once this has been done you’ll want to click on Settings up at the top-right.
  9. From the left-hand menu click on Composing Messages.
  10. Then on the Compose HTML messages drop-down menu, select Always, and then click on Save.
  11. Now when you go to compose a new email, you should see your image automatically appended to your signature at the bottom.


  1. Login to SquirrelMail.
  2. Click on Options at the top of the screen.
  3. Click on “Personal Information.”
  4. On the next screen you will be able to insert your signature.
  5. Click on Submit
  6. Use this signature when composing a new email.


  1. Login to Horde
  2. On the icon bar at the top of any mail page, click on the options icon.
  3. In the Your Information column, click Personal Information.
  4. On the Personal Information page, click Edit Your Identities.
  5. Select the Default identity from the Your Identities pop-up menu, type your signature text, and click the Create button.
  6. Confirmation that the change you have made to your default identity will appear at the top of your window stating “adding a signature file.”


  1. Open Thunderbird
  2. Goto Tools and select Account Settings from the program’s menu
  3. Click on your account’s email address on the top left if not already.
  4. To configure a plain-text signature, enter the text you want to append in the Signature text field.
  5. To use HTML formatting in your signature, check Use HTML and format the Signature text with the desired HTML mark-up.
  6. Alternatively, you can upload an image or a file that contains your signature. Check ‘Attach the signature from a file’ (text, HTML, or image) To the right, click Choose, browse your hard drive for your signature file and attach it by pressing Open. Click OK in the Account Settings panel to save your changes.


  1. Open Outlook Express
  2. Open a new message. On the Message tab, in the Include group, click Signature, and then click Signatures.
  3. On the E-mail Signature tab, click New.
  4. Type a name for the signature, and then click OK.
  5. In the Edit signature box, type the text that you want to include in the signature.
  6. To format the text, select the text, and then use the style and formatting buttons to select the options that you want.
  7. To add elements besides text, click where you want the element to appear, and then do any of the following:
  8. To add an electronic business card, hyperlink or an image
  9. To finish creating the signature, click OK.

To insert a signature automatically:

  1. On the Message tab, in the Include group, click Signature, and then click Signatures.
  2. Under Choose default signature, in the E-mail account list, click an email account with which you want to associate the signature.
  3. In the New messages list, select the signature that you want to include.
  4. If you want a signature to be included when you reply to or forward messages, in the Replies/forwards list, select the signature. Otherwise, click (none).

To Insert a signature manually

  1. In a new message, on the Message tab, in the Include group, click Signature, and then click the signature that you want.
  2. To remove a signature from an open message, select the signature in the message body, and then press Delete.

Windows Live Mail

  1. Open Windows Live Mail on your computer.
  2. Click on the blue file icon at the top left corner of the application to open a new drop down menu. Then select “Options” then “Mail” from the new menu.
  3. When the Options box opens, click on the Signature tab at the far right.
  4. On the Signature Settings screen, click New to create a new signature.
  5. Either you can select radio button ‘Text’ and provide your signature in the corresponding area
  6. Or select the “File” radio button and then the Browse button to navigate to where you saved your Email Signature file.
  7. If you would like to append your signature on all email messages you create, please tick the box at the top “Add signature to all outgoing messages”.
  8. If you would like to append your signature to all replies and forwards un-tick the box “Don’t add signatures to Replies and Forwards”.
  9. Click on Apply and then OKIf you would like to only add your signature on some emails, do not tick any check boxes. Then when you create an email message, you can add your signature by pressing the “Signature” button in the toolbar and selecting the appropriate signature.

Mac Mail

  1. Select Outlook >> Preferences from the menu.
  2. Open the Signatures category.
  3. Click + symbol under the list of signatures.
  4. Type the desired text of your signature under Signature to create a new signature.
  5. If you want to include a link to a web site, you can enter just the main part of the URL, rather than the entire URL. For example, domain.com rather than http://www.domain.com or www.domain.com. Mail will turn it into a live link.
  6. If you would like to add an image or vCard file to your signature, drag the image or vCard file to the Signatures window.
  7. Put a check mark next to “Always match my default message font” if you want your signature to match the default font in your messages.
  8. If you want to select a different font for your signature text, highlight the text, and then select ‘Show Fonts’ from the Format menu.
  9. Save the signature then close the Mail program. This is important, Mail must be closed now so we can edit the email signature we just created.

To give a signature name:

  1. Click Untitled is the signature list.
  2. If the signature name does not turn editable, click again; make sure you do click the name Untitled, not next to it.
  3. Type the desired new name for the signature.
  4. Hit Enter

To make your new signature as the default inserted in new messages:

  1. Click Default Signatures
  2. Make sure your new signature is selected under Default signature for all the desired accounts.
  3. Click OK
AddThis Social Bookmark Button
Next Page »

Powered by WordPress