How to secure your VPS/Dedicated Server against Spammers
Posted by Darin S on 14 October 2015 11:23 PM
General Operating System Maintenance:
On CentOS/RHEL based systems: yum –y update
On Debian/Ubuntu based systems: apt-get update
For cPanel systems: /scripts/upcp
For Plesk systems:
Get the link for your OS from http://sp.parallels.com/download/plesk/.
chmod +x parallels_products_installer_file_name
For CentOS/RHEL Based: yum update php* if php was installed with repos.
For cPanel systems: /scripts/easyapache can be run. This will update the version of Apache as well as PHP. The latest version will be available after the /scripts/upcp is run.
For Plesk systems: plesk sbin autoinstaller --select-product-id plesk --select-release-current --install-component php5.6
If php was manually built, the latest version can be downloaded at http://php.net/downloads.php.
To install CSF, do the following:
rm -fv csf.tgz
tar -xzf csf.tgz
Email Service Specific Items to consider:
For cPanel based systems: Within WHM, it can be set in Main >> Server Configuration >> Tweak Settings.
For cPanel based systems: /usr/local/cpanel/bin/tailwatchd --disable=Cpanel::TailWatch::Antirelayd
For Plesk based systems: In “Mail Server Settings” make sure that authorization is required and SMTP are both checked
For Debian Based:
Generate an Exim SSL certificate: /usr/share/doc/exim4-base/examples/exim-gencert
Uncomment the plan_server, driver, etc area
Add the line MAIN_TLS_ENABLE = true
Setup users and passwords, create /etc/exim4/passwd
Copy output from htpasswd -nd usernameforsmtp
Run update-exim4.conf and then /etc/init.d/exim4 restart
Using CSF (firewall), you can use the connlimit to limit the number of connections per IP and specific ports. This will be in the /etc/csf/csf.conf, CONNLIMIT= can be adjusted not only for SMTP, but other services as well.
rDNS can be set within the portal.
SPF can be generated with an SPF wizard, a free and easy one to use is http://www.spfwizard.net/.
DKIM can be generated with a DKIM generator. https://luxsci.com/extranet/dkim.html can generate the information/keys for you. You will have the option of not having all emails signed, all messages will be signed or all messages without signature can be considered spam and deleted.
For cPanel based systems: Service Configuration – Exim Configuration. The option “Scan outgoing messages for spam and reject based on defined SpamAssassin® score (Minimum: 0.1; Maximum: 99.9)” offers the most flexibility.
For other systems: SpamAssassin is controlled through the local.cf configuration file. /etc/mail/spamassassin/local.cf.