How to set up SPF records

SPF is an emerging standard that let’s the owners of domain names tell people who receive email claiming to be from that domain name which SMTP servers are allowed to send email from that domain name. That’s a slightly complex sentence, so let me give you an example. Then I’ll make a note or two about how to add SPF records to your DNS settings. There is a point or two that is quite difficult to figure out from the documentation I’ve found online, but once you figure it out, it’s not that difficult. So, the example of the process:

1) A spammer sends an email with a fake address–let’s say that address is fakeaddress@geckotribe.com.

2) It leaves their email client and goes through their ISP’s SMTP server–let’s say that’s smtp.spammerisp.com (in reality, they probably wouldn’t use thier ISP’s SMTP server, but we’ll ignore that fact).

3) The message arrives at the recipient’s (poor@sucker.com) mail server (mail.sucker.com).

4) Their mail server (mail.sucker.com) checks the sender’s address (fakeaddress@geckotribe.com), extracts the domain name from it (geckotribe.com).

5) mail.sucker.com asks the DNS server for geckotribe.com (ns.geckotribe.com) for a list of SMTP servers that are allowed to send email addressed from geckotribe.com (like fakeaddress@geckotribe.com).

6) ns.geckotribe.com replies that mail.geckotribe.com and mail.myhomeisp.com are allowed to send such email, and no one else.

7) mail.sucker.com notes that smtp.spammerisp.com is not on the list.

8) mail.sucker.com either rejects the message or marks it in some way so that the recipient knows that the SPF check failed, so it’s likely that it’s spam.

There’s the process. How does the administrator for geckotribe.com set up the DNS record to indicate that mail.geckotribe.com and mail.myhomeisp.com are allowed to send email addressed from geckotribe.com? Here are two lines that need to be added to the DNS configuration file, followed by an explanation of them:

geckotribe.com. IN TXT “v=spf1 a:mail.geckotribe.com ?include:myhomeisp.com -all”

mail.geckotribe.com. IN TXT “v=spf1 a:mail.geckotribe.com -all”

On the first line:

• geckotribe.com.: this indicates “mail address from somebody@geckotribe.com. Note the “.” after “.com”. You can either put that dot there, or omit “geckotribe.com.” completely.

• IN TXT: Indicates that this is a text record. Trust me. That’s what you want.

• v=spf1: Indicates that this is an SPF version 1 record. You need this.

• a:: An “A” record (not a CNAME, TXT, MX, NS… or other type of DNS record). IMPORTANT NOTE: “a:” could have been prefixed with a plus sign, ie., this could have been “+a:mail.geckotribe.com”. The plus sign is optional–it is the default prefix. It means that if this rule matches, then the sender is legitimate. I’ll mention other prefixes later.

• mail.geckotribe.com: Lookup the IP address for mail.geckotribe.com–if that’s the IP address you’re getting the mail from, then it’s legitimate.

• ?: The question mark prefix means that if the following rule matches, the sender may or may not be legitimate. I’ll tell you why you’d use a question mark here in a minute.

• include:: This means that I don’t know the IP addresses or fully qulified domain names of the mail servers that I’m going to talk about next, but I’m going to name of the domain that you should ask for that information.

• myhomeisp.com: This is the domain name of the ISP I connect to the internet through when I’m at home. Now to answer the question of why we prefixed this rule with a question mark. It’s because when I send email via my ISP, it’s legitimate, but if somebody else with the same ISP sends mail claiming to be from geckotribe.com, it’s not. The question mark says “don’t rule it out, but it might not be legitimate”.

• -: The minus sign says that if the following rule matches, then sender is not legitimate.

• all: This rule matches anybody who wasn’t already matched by one of the preceding rules.

Briefly, the second line means that if mail claims to be from somebody@mail.geckotribe.com, it’s legit if it came via mail.geckotribe.com, but not if it came from anywhere else.

To recap and point out a few more things:

• You put multiple rules on each line. They are evaluated from left to right until one matches. The rest are ignored.

• “+” means legitimate, “?” means it might be legitimate, and “-” means it’s not legitimate.

• Each rule starts with a prefix (if none is specified, then the default is “+”) followed by “a”, “include”, “ptr”, “mx” or one of a few other things (check the specifications for details) followed by a colon.

• You should end each line with ?all or -all. Use ?all if you want to be able to send email through any ISP (for example, if you send email from your laptop as you travel all over the place). Use -all if you know (and have indicated earlier on the line) every possible SMTP server that you might send email through.

Patching the kernel

These instructions require having the skills of a sysadmin. Personally, I avoid recompiling any kernel unless absolutely necessary.

Make sure your product is affected

Linux and UNIX source software often comes with security and other patches. You can download them from Internet or project home page. There is a command called patch that apply a diff file or patch to an original source tree.

patch takes a patch file patchfile containing a difference listing produced by the diff program and applies those differences to one or more original files, producing patched versions. Normally the patched versions are put in place of the originals.

he following usage is most commonly used:

$ patch -p1 < {/path/to/patch/file}

To apply a patch, one could run the following command in a shell:

$ patch < /path/to/file

Patches can be undone, or reversed, with the '-R' option:

$ patch -R < /path/to/file

apache/mysql optimization

Apache Tweaks
------------------------
The apache directive KeepAlive specifies whether a connection has to be established dedicatedly for a request.
If you enable this directive using "on" , you must specify KeepAliveTimeout.The number of seconds Apache will wait for a subsequent request before closing the connection. Once a request has been received, the timeout value specified by the Timeout directive applies.

Setting KeepAliveTimeout to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.
This prevents unused connections from staying open for excessive amounts of time If you are going to leave KeepAlive on you will want to increase MaxKeepAliveRequests. Setting this higher allows more requests per connection and increases efficiency
#Another minor tweak that will give you a small performance boost as well as help reduce the effects of a DOS attack is changing the TimeOut Directive. This directive tells Apache how many seconds to wait while receiving an incoming request, processing it, and sending back a response.

HostnameLookups

This adds latency to every request because it requires a DNS lookup to complete before the request is finished. So it is always better to disable this directive.

MPM

Apache supports Multi-ProcessingModules (MPms). You can choose either Worker or Prefork. THe Prefork consumes higher memory than worker , it is quite famous for its speed of execution. So we normally enable Prefork for servers unless it is quite busy.


Below are the directives used in Prefork


MaxClients - sets a limit on the number of simultaneous connections/requests that will be served.Set this number too low and resources will go to waste. Set this number too high and an influx of connections will bring the server to a stand still. Set this number just right and your server will fully utilize the available resources.

An approximation of this number should be derived by dividing the amount of system memory (physical RAM) available by the maximum size of an apache/httpd process. The default value [ServerLimit 256] will work with 1-2GB of RAM.

Directive MaxRequestsPerChild is used to recycle processes. When this directive is set to 0, an unlimited amount of requests are allowed per process.


# StartServers: number of server processes to start
# MinSpareServers: minimum number of server processes which are kept spare
# MaxSpareServers: maximum number of server processes which are kept spare

# MaxRequestsPerChild: maximum number of requests a server process serves


So a sample prefork configuration would look like this

StartServers 10
MinSpareServers 5
MaxSpareServers 10

MaxClients 225
MaxRequestsPerChild 4000



In the prefork model, a new process is created per request. Spare processes are kept idle to handle incoming requests, which reduces the start-up latency. The previous configuration starts 10 processes as soon as the Web server comes up and tries to keep between 5 and 10 idle servers running. The hard limit on processes is dictated by MaxClients. Even though a process can handle many consecutive requests, Apache kills off processes after 4,000 connections, which mitigates the risk of memory leaks.

The other apache configuration directives are as follows


Timeout 200
KeepAlive On
MaxKeepAliveRequests 200
KeepAliveTimeout 3





[mysqld]
skip-locking
max_connections=500 #The number of simultaneous clients allowed.

connect_timeout=15 #Number of seconds before timeout connection.

key_buffer = 128M #shared by all threads
key_buffer_size = 128M # key_buffer_size to at least a quarter, but no more than half, of the total amount of memory on the server


join_buffer_size = 3M #The size of the buffer that is used for full joins (joins that do not use indexes).
record_buffer = 1M # Each request doing a sequential scan over a table allocates a read buffer
max_allowed_packet = 16M #Max size of packet client can read from server.

table_cache = 3000 #Each time MySQL accesses a table, it places it in the cache. If the system accesses many tables, it is faster to have these in the cache. You should increase the table_cache if you have enough memory.



max_heap_table_size = 16M #This variable sets the maximum size to which MEMORY tables are allowed to grow.





tmp_table_size = 64M # The maximum size of internal in-memory temporary tables


sort_buffer_size = 4M # Each thread that needs to do a sort allocates a buffer of this size. Increase this value for faster ORDER BY or GROUP BY operations.


read_buffer_size = 2M #Each thread that does a sequential scan allocates a buffer of this size for each table it scans.

myisam_sort_buffer_size = 32M #The buffer that is allocated when sorting the index


query_cache_type=1

query_cache_limit=2M #The query_cache_limit (default 1MB) parameter sets the maximum result sets size stored in the query cache.


query_cache_size=64M # The memory allocated to store results from old queries.


max_user_connections = 25 # The maximum number of active connections for a single user .
max_connect_errors=10000 #If there is more than this number of interrupted connections from a host this host will be blocked from further connections.
safe-show-database

slow_query_log = 1
open_files_limit = 12000 #`open_files_limit' Number of files the system allows mysqld to open.

cPanel Error – error : Invalid maildirsize file!

Login to your server via SSH. The follow example applies where the email address is sharaf@domain.com, and the account username is “username”. Substitute the values in bold.

cd /home/username/mail/domain.com/sharaf/
rm -f maildirsize

Customize Apache default Success page

You just have to login to your server via ssh.

Navigate to /usr/local/apache/htdocs

cd /usr/local/apache/htdocs

And finaly edit the file index.html

nano index.html

If you list the content of /usr/local/apache/htdocs you will see that you can also modify the content of other error pages that cpanel’s apache outputs.

MySQL ERROR! Couldn't find MySQL manager (/var/lib/bin/mysqlmanager)

cpanel server

/etc/init.d/mysql status
ERROR! MySQL is not running
[root@ns2 subsys]# /etc/init.d/mysql restart
ERROR! MySQL manager or server PID file could not be found!
Starting MySQL ERROR! Couldn't find MySQL manager (/var/lib/bin/mysqlmanager) or server (/var/lib/bin/mysqld_safe)
[root@ns2 subsys]# /etc/init.d/mysql stop
ERROR! MySQL manager or server PID file could not be found!

check in /etc/my.cnf ----------whether base_dir is set to /var/lib if so remove it.

Increase max emails per hour for a single domain in cPanel

You can change the maximum number of emails allowed for a particular domain to a different number than the system default using the file (Other than WHM settings)

/var/cpanel/maxemails
Just add an entry like “domain.com = 100″ . Now 100 is the maximum email per hour limit for domain.com.

But please make sure that you have executed the following script after updating the file /var/cpanel/maxemails.

#/scripts/build_maxemails_config