How to find out if CVE has been applied to you package?

Hello world!

Q. How to find out if CVE has been applied to you package?
Answer: We look to changelog

[root@server20 ~]# rpm -q –changelog bind |grep CVE
– Fix CVE-2016-2776
– Fix CVE-2016-1285 and CVE-2016-1286
– Fix CVE-2015-8704
– Fix CVE-2015-8000
– Fix CVE-2015-5722
– Fix CVE-2015-5477
– Fix CVE-2015-4620
– Fix CVE-2015-1349
– Fix CVE-2014-8500 (#1171976)
– Fix CVE-2014-0591
– update to 9.9.3-P2 (fix for CVE-2013-4854)
– update to 9.9.3-P1 (fix for CVE-2013-3919)
– New upstream patch version fixing CVE-2013-2266 (#928032)
– update to 9.9.1-P1 (CVE-2012-1667)
– update to 9.9.0b2 (CVE-2011-4313)
– update to 9.8.0-P2 (CVE-2011-1910)
– update to 9.8.0-P1 (CVE-2011-1907)
– update to 9.7.1-P2 (CVE-2010-0213)
– 9.6.1-P1 release (CVE-2009-0696)
– 9.6.0-P1 release (CVE-2009-0025)
– 9.5.1b1 release (CVE-2008-1447)
– removed bind-9.5-CVE-2008-0122.patch (upstream)
– CVE-2008-0122
– fixed typo in post section (CVE-2007-6283)
– CVE-2007-6283
– updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and
CVE-2007-2926
– updated to 9.4.1 which contains fix to CVE-2007-2241
– added upstream patch for correct SIG handling – CVE-2006-4095

How to remove your server from the blacklist!

How to remove your mail server from blacklist, it is a big problem sometimes.

  1. Make sure you have Revers DNS
  2. Make sure you do not have a mail account in your server that spam the internet, you will check with mailq and search in your log file.
  3.  Check if your IP is on a mailing blacklist using our blacklist checking service.
  4. The most heavy it is to remove from Hotmail blacklist. You can find the form here.   You can also join the Junk Mail Reporting Program (JMRP).
  5. Check your IP in next website: www.senderscore.org, mxtoolbox.com.

If will find more resources will post here.

Source: http://deano.me

How to change debian root password.

How to change debian root password.
I want to change root password in Debian.
I will show you few steps to change root password.

Step 1. On grub-boot prompt press “e” to enter edit mode.
Step 2. Then press downarrow to reach the line that starts with “kernel“
press “e” again or go to end of this line with “kernel“ line.
Step 3. At the end of this line type in “init=/bin/bash” or “/bin/sh”.
Step 4. Then press enter to make that change and press “b” to boot or it is new type CTRL + X to boot.
Step 5. Now you have prompt “#”, now you have to remount partition /
mount -o remount rw /
Step 6. Now you can change root password with passwd ot whatever you want.
For restart type “init 6? or “reboot”.

How to activate dovecot plugin log delete mail

Hello,

Today I need to see in log file who delete mails.

First we activate plugins mail_log in dovecot
Edit: vim /etc/dovecot/conf.d/20-imap.conf

# Host allowed in URLAUTH URLs sent by client. "*" allows all.
#imap_urlauth_host =

protocol imap {
# Space separated list of plugins to load (default is global mail_plugins).
#mail_plugins = $mail_plugins
mail_plugins = $mail_plugins mail_log notify

# Maximum number of IMAP connections allowed for a user from each IP address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
mail_max_userip_connections = 100
}

And we add mail_plugins = $mail_plugins mail_log notify

Next we will edit : vim /etc/dovecot/conf.d/10-logging.conf

# mail_log plugin provides more event logging for mail processes.
plugin {
# Events to log. Also available: flag_change append
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
# size and vsize are available only for expunge and copy events.
mail_log_fields = uid box msgid size
}

to show like this.

Last step restart dovecot.

systemctl restart dovecot

Check if you get any error, in log file you will see someting like this:

Nov 10 11:25:48 imap(user@domain.com): Info: delete: box=Deleted Messages, uid=1252, msgid=<008301d22aa0$53e164e0$fba42ea0$@futuracar
go.bg>, size=11817
Nov 10 11:25:48 imap(user@domain.com): Info: delete: box=Deleted Messages, uid=1253, msgid=<01fc01d22f6f$4b3c15f0$e1b441d0$@futuracar
go.bg>, size=11402
Nov 10 11:25:48 imap(user@domain.com): Info: delete: box=Deleted Messages, uid=1254, msgid=<01f201d23112$579c7750$06d565f0$@futuracar
go.bg>, size=11396

We make this change in Centos 7.2

Config Centos 6 with Postfix, Amavis-new, ClamAV And Spamassassin

Setup for Centos 6.

Step 1:  Install and activate Epel-release

yum install epel-release
vim /etc/yum.repos.d/epel.repo

and change this

[epel]
name=Extra Packages for Enterprise Linux 6 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=0
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

like this

[epel]
name=Extra Packages for Enterprise Linux 6 – $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=http://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Step 2: Install amavisd-new, clamav and spamassassin:

yum install amavisd-new clamav clamav-devel clamd spamassassin

Verify amavis and clam user’s:

[root@server ~]# cat /etc/passwd | grep “amavis\|clamav”
clam:x:495:491:Clam Anti Virus Checker:/var/lib/clamav:/sbin/nologin
amavis:x:494:490:User for amavisd-new:/var/spool/amavisd:/sbin/nologin

Manually add clam to the amavis group:

[root@server ~]# gpasswd -a clam amavis
Adding user clam to group amavis

and now results
[root@server ~]# groups clam
clam : clam amavis

Finally, new services should have been added to the system:

[root@server ~]# chkconfig –list | grep “amavisd\|clamd\|spamassassin”
amavisd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
clamd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
clamd.amavisd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spamassassin 0:off 1:off 2:on 3:on 4:on 5:on 6:off

[root@server ~]# chkconfig amavisd on
[root@server ~]# chkconfig clamd on
[root@server ~]# chkconfig clamd.amavisd on

Step 3: Setup Services

vim /etc/clamd.conf

# Comment out the TCPSocket setting:
# TCPSocket 3310             <—–  (Disable this line)

Run comand freshclam

vim /etc/amavisd/amavisd.conf

edit line 20 with your domain
$mydomain = ‘ceae.info’; # a convenient default for other settings

edit line 152 with your fully-qualified domain name
$myhostname = ‘mail.ceae.info’; # must be a fully-qualified domain name!

service amavisd start
service clamd start
service clamd.amavisd start
service spamassassin start

Step 4: Integrate Amavis-new with Postfix.

Amavisd will pass all incoming mail to our antivirus and antispam and verify that we are receiving a clean mail, but at this moment we have postfix and amavisd isolated, we need make a small integration.

vim /etc/postfix/main.cf

append these lines at the end

content_filter=smtp-amavis:[127.0.0.1]:10024

edit next file

vim /etc/postfix/master.cf

append these lines at the end

smtp-amavis unix -      -       n       -            smtp
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
127.0.0.1:10025 inet n  -       n      -        -       smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

In line smtp-avavis unix – – n – <number> smtp
try that number value be the same that amavisd children

[root@server ~]# grep max_servers /etc/amavisd/amavisd.conf
$max_servers = 2; # num of pre-forked children (2..30 is common), -m