HolHost.com Blog Server administrators blog

7Dec/12Off

Installing Antivirus ClamAV on a cPanel

ClamAV is an popular open source anti-virus toolkit for *nix, and while many people don’t find much value in using antivirus software on Unix, it is very useful for email scanning.  cPanel’s hosting implementation allows end users to run scans on their home folders, public FTP folders, mail, and public_html.

It’s really hard to install ClamAV on cPanel – if you’re too lazy to click a couple buttons.  Simply go to WHM > Manage Plugins and enable the ClamAV Connector, and you’re good to go.

After this is done, you can go to WHM > Configure ClamAV Scanner and set scanning options for the entire server or specific users:

You should now see a Virus Scanner option in cPanel. If you don’t, you may need to enable it in Feature Manager.

From here, cPanel users can run scans on any permitted items.

For administrators, here are a few quick commands that may be useful:

Update antivirus database:

freshclam

Scan a directory and print out infected files:

clamav -ri /home

Scan a directly and remove infected files and emails:

clamav -ri –remove /home

7Dec/12Off

10 Tips for Improving Email Delivery

One of the most common problems that hosting providers face is the issue of user email not being delivered to other mail servers.  Not only does it annoy the end user, but it’s extremely frustrating for the server administrator to deal with since there’s not always a clear indication of why email doesn’t get delivered successfully.   In this post I’ll explain a few tips for helping improve the reliability of your mail server, and some tips you can give to your end users that send mailing lists.’

Note: You can’t control the incoming email policies of remote mail servers or RBL’s. However, most email providers will not intentionally inconvenience their own users by blocking legitimate email, so if you continue to have problems, I’d recommend contacting the email administrator of the remote server.

1. Do you look like a spammer?

First of all, if you’re sending out massive mailing lists, whether you consider it spam or not, you’re asking for it.  Out of a list of 100,000 people, you can expect that a couple hundred of them are going to prompt spam complaints to your email provider, especially of the emails are of a “spammy” nature.  If you’re not sure where you sit on the line between spam and email marketing, take a look at this post.

2. Practice proper mailing list etiquette

As a mailing list grows, you’re occasionally going to have email addresses that become invalid, or users that no longer want to receive your email.  Don’t think that by hiding your opt-out link, you’re going to keep a subscriber. The recipient is more likely to mark your email as spam than hunt around for a way to remove their email address from your list, so make things easier by putting your opt-out link at the top with a reminder of why you are sending the email. For example:

You are receiving this newsletter because you purchased a product on mywebsite.com and requested to receive notifications. If you no longer want to be part of this mailing list, please click <here>

That being said, it’s extremely important that you promptly honor opt-out requests, and regularly check for bounced email for addresses that may no longer exist.

In addition to this, when sending email locally, your SMTP hostname should simply be “localhost”.

3. Limit outgoing email

If you’re a hosting provider and aren’t specifically catering to users that do bulk mailing, you may want to limit how much email each users can send, and advise users with large mailing lists to use services like Constant Contact.  Tweaking a mail server to effectively send huge amounts of email without issue can be very difficult, and isn’t something I’d recommend even offering for shared hosting platforms.  In a shared environment where the actions of one user can affect many, outgoing email should be limited and then allowed on a per-case basis. There are two simple ways to do this:

  • In WHM > Tweak Settings, set the outgoing mail limit . You can specifically allow domains to send more by adding them to /var/cpanel/maxemails on versions 11.26 and lower, or adding a MAX_EMAIL_PER_HOUR option to /var/cpanel/users/$user for cpanel 11.28 and higher.
  • In exim.conf, set the following options:

recipients_max_reject = true

recipients_max = 50

The best way to do this so the change is retained over cPanel and Exim updates is to add the options in /etc/exim.conf.local under @CONFIG@, then run /scripts/buildeximconf

Exim considers each email as one email, regardless of how many recipients are in it.  This may be an inconvenience to some users, but in reality any mailing list should be sent as one recipient per email.  For larger organizations that use mailing lists for discussion, a listserv software like Mailman is a better solution.

4. Tighten up your mail server

If you’ve ever wanted to be the target of a spam hack, allowing PHP nobody mail is the best way to accomplish this.  Hopefully by now you’re running suPHP, but if you’re still running PHP as a DSO, whenever a PHP script uses the mail() function to send email it’s going to do so as the user “nobody”, or whatever user that Apache runs as.  Since the user “nobody” is a system user, it bypasses mailing limitations that you may have already set up via cPanel or exim.conf. This means that a rogue mailing script on your server can send out unlimited amounts of email and cause your server to get blacklisted. You can adjust this setting in WHM > Tweak Settings.

You’ll also want to make sure that SMTP Tweak is turned on:

/scripts/smtpmailgidonly on

It’s also a good idea to require sender verification, which can be enabled in WHM > Exim Configuration Editor

5. Always use SMTP

Similarly, mailing list software should be configured to use SMTP with a valid email address, username, and password. Don’t rely on sendmail or the php/perl mail functions – you need to send as a valid authenticated user.  Most mailing list software supports the use of SMTP, and using PHP or perl it’s very easy to incorporate SMTP authentication.

6. Use DomainKeys and SPF records

You want other mail servers to know that when they get mail from you, it’s actually from your server and not spoofed.  Consider using DKIM and SPF records to allow remote mail servers to authenticate your email. You’ll find that this may instantly improve your email delivery to services like Yahoo, MSN, and Hotmail.

7. Subscribe to Feedback loops

It’s very important for email administrators and hosting provides to subscribe to feedback loops.  Many remote mail and blacklist providers offer them, and they can be a very useful tool for identifying possible spammers on your network, as well as preemptively resolving issues with mailing lists.  If you don’t have an Abuse contact set up your domain and IP addresses, you should do that now – and register your IP(s).   AOL, Hotmail, Yahoo, and Spamcop are excellent ones to be on.  It’s also important to have your abuse@domain.com address set up so people can contact you if they want to report spam from your server or network.

8. Monitor your IPs

As easy as it is to get blacklisted on the various RBL’s out there, you’ll want to be checking if your IPs may be listed and therefore causing your email to bounce.  RBLmon.com is a good way to get started, or you can implement blacklist checking into your existing monitoring solution.  The goal is to know when your IPs are blacklisted as soon as possible.

9. Use different IPs for email

By default, when you send email your email will go out on the main IP of the server. For sites that send large amounts of email, consider putting them on separate IPs so that they don’t affect the mail delivery of other users on the server, or the network in general.

10. Set up your DNS properly

It should go without saying that whatever IP you use to send mail should have a proper reverse DNS record, and the forward DNS of that PTR should match. For example, if your mail server is named mail.mydomain.com and points to 5.6.7.8, then the PTR for 5.6.7.8 should also be mail.mydomain.com.  Ideally these records should match the EHLO/HELO name given by your MTA (Exim). This name can be altered in /etc/mailhelo if you have this option checked in WHM > Exim Configuration Editor.

Tagged as: , Comments Off