cPanel: Your server does not support the connection encryption type you have specified

If you’re getting message like “Your server does not support the connection encryption type you have specified” when try to set up email in your Outlook, then chances are that your cPanel mail server has disabled some needed encryption types.

By default, cPanel disables all those protocols: SSLv2, SSLv3, TLSv1, TLSv1.1. SSL2 and SSL3 should be disabled at all costs, but you may not get away with TLS 1.1 or even TLS 1 being disabled.

To enable TLS 1 and TLS 1.1 in your Exim, login as admin in your cpanel and then: Home -> Service Configuration -> Exim Configuration Manager. Select second option so you can insert your own directives and add this:

 +no_sslv2 +no_sslv3

check_eximailqueue: query returned no output! [FIX]

If you are icinga/nagios user and dealing with exim, you probably know for wonderful plugin check_eximailqueue. This plugin warns you when there are specific amount of email in your exim mail queue. Usually this indicates spam.

I installed this plugin on CentOS 7 with Directadmin installed. When I was executing plugin locally, it worked fine. But when I tried to execute it remotely (from Icinga server), it failed.

This was error returned when executing from Icinga server:

> # /usr/local/libexec/nagios/check_nrpe -H my.serverhostname.com -c check_exim_queue
Mailqueue WARNING - query returned no output!

I added “nagios  ALL=(ALL) NOPASSWD:/usr/sbin/exim” to my /etc/sudoers file but error still persisted. I manually set Exim and sudo path in script. Error was still there.

If you check your nrpe process, you’ll see that it runs by nrpe user and not nagios!

[root@da ~]# ps -aux | grep nrpe
 nrpe 26993 0.0 0.0 46356 1460 ? Ss 10:44 0:00 /usr/sbin/nrpe -c /etc/nagios/nrpe.cfg -d

Solution is very simple. Just change “nagios ALL=(ALL) NOPASSWD:/usr/sbin/exim”  to “nrpe ALL=(ALL) NOPASSWD:/usr/sbin/exim”  in your /etc/sudoers – replace user nagios with nrpe. It should work.

I hope it helps 🙂

Directadmin – block zip attachments with ClamAV and Exim

A lot of viruses and malware is sent in emails with zip attachments. Sometimes your antivirus like ClamAV wont catch nasty email. This is a big problem when you receiving tons of this kind of messages. So if you’re receiving tons of nasty emails containing zip attachments with viruses in it, good way to solve this is by simply reject emails with zip attachments. This was done on Directadmin server with Custombuild 2.0. Even if you’re not using Directadmin, configuration for ClamAV should be very identical.

  • If you built Exim and Clamav with Custombuild 2.0, than you should see this line in your /etc/exim.conf. Uncomment if it’s not already. If you’re using Custombuild 1.2, then this should be changed in /etc/exim.conf directly – settings in step 2 bellow.
    .include_if_exists /etc/exim.clamav.conf
  • Open file /etc/exim.clamav.conf and find word demime within that file. Then simply add zip to it. It should look like this:
    #1.0
    deny message = This message contains malformed MIME ($demime_reason)
    demime = *
    condition = ${if >{$demime_errorlevel}{2}{1}{0}}
    deny message = This message contains a virus or other harmful content ($malware_name)
    demime = *
    malware = *
    deny message = This message contains an attachment of a type which we do not accept (.$found_extension)
    demime = bat:com:pif:prf:scr:vbs:zip
    warn message = X-Antivirus-Scanner: Clean mail though you should still use an Antivirus

Now any email with zip attachment will be rejected. Sender will receive error message like this:

The error that the other server returned was: 
550 This message contains an attachment of a type which we do not accept (.zip)

Exim – remove messages from mail queue sorted by email address

Ok, title is a little confusing, I admit :). Let me try to explain. When you have stuffed exim mail queue and you want to remove all messages from specific domain only, sometimes email address that you want to use as key for your parsing is in second line. So, classic exim -bp | grep <searchstring> | awk {‘print $3’} | xargs exim -Mrm is not very useful in this case because it won’t return message ID. Grep with -B flag is what you need in this case. -B will show line before your “key” string also – message ID in this case. You can check how to on example below.

  • Check exim mail queue
[root@mailserver ~]# exim -bp

46h   58K 1b59PU-000J6d-1U <something@domain.com>
          info@mydomain.si

44h   11K 1b5Bj4-000MJC-GF <johndoe@iasoiasd.in>
          info@mydomain.si

44h   16K 1b5BjQ-000MNC-0M <jimi.hendrix@guitar.com>
          peter@olderdomain.org

43h  9.0K 1b5Bvp-000P1c-6s <purchase@domainname.net>
          info@mydomain.si

43h   11K 1b5BzX-000PmA-S5 <GallowayIla96@asgasfasgas.com>
          info@mydomain.si

41h   59K 1b5Dhb-000I5h-8E <bloop@auhuiejnapob.net>
          info@mydomain.si

27h   17K 1b5RNl-000OFW-Tn <sasa@bjkoapojfoaubopaw.si>
          info@mydomain.si

22h   78K 1b5W42-000Nna-Jn <johndoe@gmail.com>
          anothermail@foo.com

22h   11K 1b5W8b-000Oes-Fb <ramones@band.com>
          info@mydomain.si

22h  250K 1b5WHr-0000Om-Oa <fuckface@guilttrip.com>
          joasd@aasdfasf.si

20h   12K 1b5YEZ-000MF7-Jq <mrinsignificant@mobile.cn>
          test@anotherdomain.net

19h  9.1K 1b5YK6-000NPV-1m <fetasir@cheese.com>
          info@mydomain.si

19h   12K 1b5YXM-000Ppg-Qd <asfaeaw@asdasa.com.br>
          info@mydomain.si

19h   11K 1b5Yeq-0001JN-9a <geaafwawfaef@gesawad.vn>
          blabla@mojadomena.si
.
.
.
  • We want to delete all messages that contains string info@mydomain.si and are in second line.
[root@mailserver ~]# exim -bp | awk {'print $1,$3'} | grep -B1 mydomain | awk {'print $2'} | xargs exim -Mrm

Message 1b59PU-000J6d-1U has been removed
Message 1b5Bj4-000MJC-GF has been removed
Message 1b5Bvp-000P1c-6s has been removed
Message 1b5BzX-000PmA-S5 has been removed
Message 1b5Dhb-000I5h-8E has been removed
Message 1b5RNl-000OFW-Tn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5W42-000Nna-Jn has been removed
Message 1b5W8b-000Oes-Fb has been removed
Message 1b5YK6-000NPV-1m has been removed
Message 1b5YEZ-000MF7-Jq has been removed
Message 1b5YK6-000NPV-1m has been removed
.
.
.

Mass email migration with imapsync

You may want to migrate larger number of email accounts to another server. If there are even different types of mail servers, than imapsync is one of the best solutions for migration. With script below, you’ll be able to migrate multi accounts without repeating and running imapsync again and again.

Here is the script. Just create file, e.g. mail-migration.sh, and paste code below in it.

#!/bin/bash

# Source and destination mail server setting
SERVER1=post.literal.si
SERVER2=cp2.hosterdam.com

# Select appropriate auth mechanism.
#AUTHMECH1="--authmech1 LOGIN"
#AUTHMECH2="--authmech2 LOGIN"

# Uncomment if you want to start test/dryrun only. No emails will be transfered!
#TESTONLY="--dry"

# Path to imapsync
imapsync=/usr/bin/imapsync

# Users file
if [ -z "$1" ]
then
echo "No users text file given." 
exit
fi

if [ ! -f "$1" ]
then
echo "Given users text file \"$1\" does not exist" 
exit
fi

# start loop
{ while IFS=';' read  u1 p1 u2 p2; do
	$imapsync ${TESTONLY} ${AUTHMECH1} --host1 ${SERVER1} --user1 "$u1" --password1 "$p1" ${AUTHMECH2} --host2 ${SERVER2} --user2 "$u2" --password2 "$p2"
done ; } < $1

Don’t forget to chmod your script so that will be executable.

chmod +x mail-migration.sh

Now you’ll have to create a simple text file that will contain login informations for each email account that you want to transfer. Create text file, for example, mail-users.txt and add login informations like shown bellow. Login informations must be separated with ;. username1 is username on old server, username2 is username on new server.

username1@domain.com;password1;username2;password2
anotheruser1@domain.com;password1;anotheruser2@domain.com;password2
.
.
.

Finaly, lets transfer emails. Simply run your script like shown below. Use text file with login informations that you created. Imapsync will try to transfer all accounts that are in mail-users.txt.

root@myserver [~]# ./migrate-mail.sh mail-users.txt

Exim – delete specific emails from queue

Sometimes your exim mail queue can grow quite large. Especially when some website (WordPress!) is hacked and is sending tons of spam mail. Or when you end up with thousands of frozen mails. You probably don’t want to remove all emails from queue. That would mean legit emails too. You want to specify and delete only specific ones.

For sake of this demonstration we want to delete all emails that contains string domain.com

18h   60K 1b33Uz-000LkN-48 <info@domain.com> (someuser)
          info@somedomain.com

Just run command below and all mails with string match doman.com will be deleted from mail queue.

exim -bp |  grep "domain.com" | awk {'print $3'} | xargs exim -Mrm

Or for example, in case of frozen mails:

exim -bp |  grep froz | awk {'print $3'} | xargs exim -Mrm

Directadmin – enable and configure Spamassassin automatically when adding user

By default, when you add new user in Directadmin, Spamassassin is disabled. Some users may not know about Spamassassin, so they’ll have it disabled and will receiving a lot of spam. So it may be good practice to enable Spamassassin by default. You can do that by adding below code in your /usr/local/directadmin/scripts/custom/user_create_post.sh script. The first step is well described on Directadmin sites. But you may also want to define some parameters for Spamassassin “on the fly”. You can do that by manipulating filter.conf file.
In this example I want that on user creation:

  1. spam goes to appropriate users spam folder,
  2. I don’t want to delete high scoring spam,
  3. I want to rewrite subject of spam email with *****SPAM*****.

Just add below code in your user_create_post.sh script. And remove script comments (##).

## We enable Spamassassin, create needed files and give them appropriate permissions
if [ “$spam” = “ON” ]; then
DIR=/home/$username/.spamassassin
mkdir $DIR
touch $DIR/user_prefs
chown ${username}:mail $DIR
chmod 771 $DIR
chown $username:$username $DIR/user_prefs
chmod 755 $DIR/user_prefs
touch $DIR/spam
chown mail:$username $DIR/spam
chmod 660 $DIR/spam

## Here we define some variables for Spamassassin by adding some lines to filter.conf
echo “high_score=15” >> /etc/virtual/$domain/filter.conf
echo “high_score_block=no” >> /etc/virtual/$domain/filter.conf
echo “where=userspamfolder” >> /etc/virtual/$domain/filter.conf
echo “rewrite_header subject *****SPAM*****” >> /home/$username/.spamassassin/user_prefs

## Adding operation in task queue
echo “action=rewrite&value=filter&user=$username” >> /usr/local/directadmin/data/task.queue
fi
exit 0;

© 2018 geegkytuts.net
Hosted by Hosterdam


About author