Spam-proof your dedicated server!
I wrote about a great cpanel firewall add-on that I found a while back.
The same company that designed configserver firewall, has two security packages that are designed to help maintain a cpanel/whm dedicated server.
I recently purchased the “cPanel Service Package + MailScanner” package for one of the servers that I manage.
Here’s what you get for $125:
- iptables SPI firewall (csf)
- Login failure detection (lfd)
- Stop unnecessary processes
- Logcheck
- Logwatch
- WHM configuration check
- OpenSSH configuration check
- Install and configure Rootkit Hunter
- Install and configure Chkrootkit
- install mod_security
- Host spoof protection
- Operating System check
- Name server configuration check
- Disk check
- Kernel check
- Apache tune and check ***
- MySQL tune and check
- Enhanced log rotation
- Day of the week backup rotations
- Secure /tmp /var/tmp /dev/shm
- Install and configure ConfigServer Explorer (cse)
- Install and configure ConfigServer Mail Queues (cmq)
- Install and configure ConfigServer Mail Manage (cmm)
- Perl installation check
- Delete unnecessary OS users
- Disable open DNS recursion
- Enhance path protection
- Remove SUID/GUID from binaries
- PHP hardening
- Exploit check
- Disable vulnerable phpBB installs
- Initial cPanel configuration
- Enhance MailMan performance
- Install MRTG graphs
- MailScanner Server service
- One week of informational tickets
While this is all great, what really caught my attention was the improvement with the email that the server was handling. Security is something that you don’t actually notice, but when you see email spam drop to nearly ZERO, it’s worth taking note of. On an average day the server was getting about 20,000 spam emails a day, and since the upgrade about 99.9% are properly being marked as spam, with roughly 5 false positives for every 20,000 emails (.025%). Prior to this upgrade, spam assassin alone was catching only 85% with 3 – 5% false positive rate.
The security, vulnerability checks, and cpanel add-ons are something that every server should have, but to simply save the time by not having to do all of this yourself, is worth well over $125. This is about as perfect of a system as I have ever seen when it comes to email.
Here’s a few images of the new add-ons:
Any drawbacks?
This package has the ability to put a lot of stress on a server. If you are receiving high volumes of email, then you will definitely want to have some very high quality processors, and a lot of RAM. We are running 2 – Quad Core Xeon processors, and about 4Gb of RAM and our server has gotten stressed a few times during very high load. With some good configuring, it is possible to use this on just about any server, you will just want to reduce the scanning to a level that the server can handle. There is virtually unlimited options for configuring this, and if you purchase the package it comes with a week of support.
The configserver blog is where updates and security notices are posted if you want to stay up-to-date on any of their software. (Updates are also available in the control panel).
Subscribe to the RSS feed and have all new posts delivered straight to you.
Looks like a very nice solution, good work!
A great step in the battle against spam.