SMTP – DMARC

Following up on the first SMTP post, this next one is probably easiest: the DMARC record. Getting it active on your domain can take a few seconds and maybe a more complicated setup a few minutes. As simple as this mechanism is to set up, it’s always has been pretty solid against the abuse of…

Continue Reading

SMTP – Backscatter check

I will dedicate the next couple of posts on a few on these mechanisms and checks. The first is to check for Backscatter. Backscatter is when a NDR (Non Delivery Report) or bounce message contain the full body of a mail / spam message. After the recent DirectAdmin posts there was a lot to do…

Continue Reading

Debian DirectAdmin installation – Custom httpd code II

This is awesome. With part two of the DirectAdmin custom httpd code, we’ve reached the end of the DirectAdmin series. When you’ve followed it, I’m pretty confident you have a solid DA configuration. To conclude, we’ve covered the intro, quotas, software installation, firewall, AppArmor, firewall followup, SSL, SSL for WebApps, the control panel, Exim, SpamAssassin…

Continue Reading

Debian DirectAdmin installation – SpamAssassin

Almost there, getting a fully functional and secure (as secure as it can be…) DirectAdmin server up and running! But you’ll discover that SpamAssassin (SA) isn’t installed by default. When you’re dealing with domains that have a lot of email traffic, especially domains and email addresses that are pretty old, your DA server will be…

Continue Reading

Debian DirectAdmin installation – Exim

The Exim configuration is pretty decent right out of the DirectAdmin box. Don’t forget to configure SSL though, as described here. By default, you need one more edit in the config file and you’re done. This is necessary to be able to be alerted from your DA server. On one of my DA boxes, I…

Continue Reading

Debian DirectAdmin installation – Control Panel

We’re getting a pretty decent grasp on our DirectAdmin configuration, with SSL on the control panel and the webapps, firewall, AppArmor, etc. You would almost forget that DirectAdmin IS a control panel that should make life easier (but doesn’t in my humble opinion, but that’s another discussion). So here a couple of essential edits from…

Continue Reading

Debian DirectAdmin installation – SSL for WebApps

Awesome, we’ve got our SSL going. Now we’re good to go right? Wrong. We’ve only secured the DirectAdmin interface itself, not the WebApps like Roundcube, or Exim for that matter. Securing these is just as important as the DA interface itself. So follow the next steps to secure Nginx, Roundcube, Exim and others.

Continue Reading

Debian DirectAdmin installation – SSL

A bit more on security. I don’t know if it’s normal but getting SSL going was a bit more complicated as one would have expected, but certainly doable from the CLI. What I’m also explaining below, is how to prevent (new) users from logging in via SSH on your DirectAdmin server. This is somewhat default…

Continue Reading

Debian DirectAdmin installation – Firewall followup

Our basis for DirectAdmin is pretty secure now after installing the firewall and AppArmor. Check out this followup though. After the CSF/LFD firewall installation on Debian, we also need to tweak some essential settings from the DirectAdmin console. It’s not too complicated, but nevertheless important. You can now login at https://yourserver.yourdomain.com:2222 with the credentials that…

Continue Reading