01 Aug 2018

DMARC – Domain-based Message Authentication, Reporting and Conformance

DMARC

Domain-based Message Authentication, Reporting and Conformance (DMARC)

Unsolicited or undesired electronic messages or in simple words, spam emails can be irritating as well as very dangerous to end users. Most of the email spam messages are commercial in nature, but may also contain links lead to phishing websites or sites that are hosting malware. Spam email may also include malware as scripts or other executable file attachments.
DMARC is an email-validation system. It was designed to detect and prevent email spoofing. It is intended to combat certain techniques such as emails with forged sender addresses that appear to originate from legitimate senders.

DMARC is built on top of two existing mechanisms. One of them is SPF (Sender Policy Framework) 2nd one is DKIM (DomainKeys Identified Mail. It is designed to allow the owner of a domain to publish a policy (DKIM, SPF or both), it will let the receiver know that how to deal with failures. Additionally, it provides a reporting mechanism of actions performed under those policies. It thus coordinates the results of DKIM and SPF and specifies under which circumstances the From: header field, which is often visible to end users, should be considered legitimate.

I am text block. Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.

Actually, DMARC system is used to build a collaborating system of senders and receivers to improve mail authentication practices of senders and enable receivers to reject unauthenticated messages.

Email Authentication Process (DMARC)

The basic working principle is to help email receivers determine if the message “aligns” with what the receiver knows about the sender. If not, DMARC includes guidance on how to handle the “non-aligned” messages. For example, assuming that a receiver deploys SPF and DKIM, plus its own spam filters, the flow may look something like this:

User Compose a message > Send it to receiver > Sending Server include DKIM header along with this email > Email sent to receiver > Receiver receive inbound email request > receiver system begins standard validation test > Retrieve verified DKIM domains > Retrieve “Envelop From” from SPF > Apply DMARC Policy eg: Passed, Quarantine, Reject.

At a high level, DMARC is designed to confirm the following things:

  • Minimize false positives.
  • Provide robust authentication reporting.
  • Assert sender policy at receivers.
  • Reduce successful phishing delivery.
  • Work at Internet scale.
  • Minimize complexity.

It is important to note that DMARC builds upon both the DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) specifications that are currently being developed within the IETF.

DMARC is designed to replace ADSP by adding support for:

  • wildcarding or subdomain policies.
  • non-existent subdomains.
  • slow rollout (e.g. percent experiments).
  • SPF
  • quarantining mail

Anatomy of a DMARC resource record in the DNS

DMARC policies are published in the DNS as text (TXT) resource records (RR) and announce what an email receiver should do with non-aligned mail it receives.

Here is an example DMARC TXT RR for the domain “mail.expertpk.com” that reads:

“v=DMARC1;p=reject;pct=100;rua=mailto:postmaster@expertpk.com”

In the example above, the sender expects that the receiver should reject all non-aligned messages and send a report, in a specified aggregate format, about the rejections to a specified address. If the sender was testing its configuration, it could replace “reject” with “quarantine” which would tell the receiver they shouldn’t necessarily reject the message, but consider quarantining it.
DMARC records follow the extensible “tag-value” syntax for DNS-based key records defined in DKIM. The following chart illustrates some of the available tags:

Tag NamePurposeSample
v Protocol version v=DMARC1
pct Percentage of messages subjected to filtering pct=20
ruf Reporting URI for forensic reports ruf=mailto:authfail@example.com
rua Reporting URI of aggregate reports rua=mailto:aggrep@example.com
p Policy for organizational domain p=quarantine
sp Policy for subdomains of the OD sp=reject
adkim Alignment mode for DKIM adkim=s
aspf Alignment mode for SPF aspf=r

5-Easy Steps to Deploy DMARC

Some of the world’s largest email senders and receivers Designed DMARC (PayPal, Yahoo, Gmail etc) and they are deploying SPF and DKIM based on real-world experience.
It is a well-known fact that it is nearly impossible for an organization to flip a switch to production. There are a number of built-in methods for “throttling” the DMARC processing so that all parties can ease in deploy over time.

  1. Deploy DKIM & SPF. You have to cover the basics, first.
  2. Ensure that your mailers are correctly aligning the appropriate identifiers.
  3. Publish a DMARC record with the “none” flag set for the policies, which requests data reports.
  4. Analyze the data and modify your mail streams as appropriate.
  5. Modify your DMARC policy flags from “none” to “quarantine” to “reject” as you gain experience.

In my next blog, I will show you practical examples, as well as, I will teach you methods of deploying DMARC via command line, via cPanel, via Virtualmin/Webmin, via Plesk etc.

Note: All data in this post is taken from different sources eg dmarc.org

Faheem Khan
Share this
16 Jan 2017

Change Root Password – Rescue Mode – VPS – Dedicated Servers

Change Root Password - Rescue Mode - VPS - Dedicated Servers

To

change the VPS or dedicated server root password via rescue mode, you have to reboot your vps/server in rescue mode. to do this please follow the instructions below.

Go to your client area > services > [your vps / dedicated server]

Then click to your related product / service. When your product form open. scroll down to see “Tabs
Here Please click on “Power” Then on “Net boot” then on “Rescue”

rescue mode

Here in left side image, you can see tabs, and in these tabs you can see Power tab is highlighted and you can see the Option “Net Boot” and also “Rescue” button.

You can see “Available Options” in image footer, Select “Rescue64 pro” and then press “Boot Now”.

In

right side image you can see a pop up asking for reboot confirmation. Please select yes to reboot your server / vps in rescue mode.

Note: After rescue operation, you can reboot your server in normal mode again from same screen by selecting “Hard Disk” button instead of “Rescue“.

Note: You can also boot your server from “Network” by providing your own details.

boot now

For VPS / Cloud VPS

After this you will receive an email having credentials to access your server /vps. So when you receive these details, please access your server / vps in rescue mode via ssh and then follow the instructions below.

Using received details you are able to connect to your server, but your files are still not accessible. You need to mount them to your file system.

Note

On a Cloud VPS, before going any further, you have to mount your partition by launching the following command:

[root@rescue ~]# mount /dev/vda1 /mnt

Here “vda1” is your / partition in your vps

Now launch following command to go to your directory.

[root@rescue~]# cd /mnt

Then chroot your disk / partition by launching following command.

[root@rescue~]# chroot /mnt

For Dedicated Server

Usually, /dev/xda1 is the root partition (/), and /dev/xda2 is /home. Replace x in xda1 and xda2 by the correct letter for your drive (s,h,…).

Devices are of the following type:

  • /dev/sd for SCSI, SATA, hardware RAID
  • /dev/hd for IDE drives
  • /dev/md for software RAID
  • /dev/rd/c0d0p for Mylex RAID
  • /dev/ad4s1 for FreeBSD systems

You could also use devfs nomenclature.
If you do not know what type of disks you have on your machine, nor what are their partition table, you can use the fdisk command. Here is an example of an output:

rescue:~# fdisk -l

Disk /dev/hda 40.0 GB, 40020664320 bytes
255 heads, 63 sectors/track, 4865 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/hda1 * 1 1305 10482381 83 Linux
/dev/hda2 1306 4800 28073587+ 83 Linux
/dev/hda3 4801 4865 522112+ 82 Linux swap / Solaris

Disk /dev/sda 8254 MB, 8254390272 bytes
16 heads, 32 sectors/track, 31488 cylinders
Units = cylinders of 512 * 512 = 262144 bytes

Device Boot Start End Blocks Id System
/dev/sda1 1 31488 8060912 c W95 FAT32 (LBA)

You can see here that the server is equipped with 2 disk devices: /dev/hda and /dev/sda. There is 3 partitions on hda: hda1, hda2, hda3 and 1 partition on sda: sda1.

We can see that /dev/hda is shown with a star (*) which indicates that it is a bootable drive. The 2nd drive is an USB key (/dev/sda).

In the case of GPT partitions, use parted to be able to see the partitions of the drive.

To

mount the root partition (/), simply execute the mount command followed by the partitions where it is located (/dev/hda1) and the place where you wish to mount it (/mnt).

rescue:~# mount /dev/hda1 /mnt/

If your server is configured with software RAID, it is recommended to mount the /dev/md[x] partitions.

Then, do a chroot on the mount made:

rescue:~# chroot /mnt/

After mounting your partition in VPS / Dedicated Server

Now you had mounted your partition and chroot it in your VPS / Dedicated server.

It is time to change root password. Simply lanuch the following command in terminal.

rescue:~ passwd root

It will ask you for password. Give it your new password twice.

Changing password for root user.

New password:
Retype new password:

When you type new password,it will not show on screen as you are typing because of security reasons in linux/unix.

Congratulations – You have successfully updated / changed your password.

Share this
14 Jan 2017

Virtualmin – a hosting control panel

VIRTUALMIN - A hosting Control Panel


Introduction

Virtualmin is a Webmin module for managing multiple domains through a single interface, just like Plesk or Cpanel. It supports the creation and management of Apache virtual hosts, BIND DNS domains, MySQL databases, and mailboxes and aliases with Sendmail or Postfix, it also provide basic support for Nginx instead of Apache.

Virtualmin can also create a Webmin user for each virtual server (domain in cpanel), who is restricted to managing just his domain and its files. Webmin’s existing module access control features are used, and are set up automatically to limit the user appropriately. These server administrators (in cpanel, hosting account owner) can also manage the mailboxes and mail aliases in their domain, via a web interface that is part of the module.

virtualmin-1
virtualmin-1

You can see an introductory video to understand it well.

Control Panel Reviews Backend Language Open-Source Linux Windows DNS Email FTP Databases ipv6 Multi-Server
cPanel Perl, PHP x x x x x x x
Plesk PHP, C, C++ x x x x x x x x
DirectAdmin PHP x x x x x x
Core-Admin PHP x x x x x
InterWorx PHP x x x x x x x
C++ x x x x x x x
PHP, Perl x x x x x x x
Froxlor PHP x x x x x x
Vesta PHP x x x x x x
PHP x x x x x x x x
PHP x x x x x x x
Webmin Perl x x x x x x x x
ISPConfig PHP x x x x x x x x
Ajenti Python x x x x x x
BlueOnyx Java, Perl x x x x x x x
CentOS Web Panel PHP x x x x x x x
Virtualmin PHP x x x x x x x x

Which one is powerful - Cpanel or Virtualmin ?

It depends upon customer’s own decision. I think each panel is difficult when you use it first time. After some time when you become familiar with any app / panel, it become very easy for you.

Which control panel give more access to the system - cPanel or Virtualmin?

Cpanel takes all control over your system and modify its core, it grant only limited access to user, in a system where cpanel is installed you can use it for webhosting purpose only. However virtualmin give you more control on your OS. You have right to decide how to configure your machine to perform better.

Share this
15 Apr 2016

Reseller Hosting VS Shared Hosting

What is the difference between Shared and Reseller Hosting?

Shared web hosting service refers to a web hosting service where many websites reside on one web server connected to the Internet. This is generally the most economical option for hosting, as the overall cost of server maintenance is amortized over many customers. (Wikipedia)

Hence the reseller web hosting service refers to a web hosting service in which owner can resell his resources (disk space, bandwidth, mysql servers etc) whit his own customers acting like a shared hosting company. He do not need to buy a server but instead he buy resources on a hosting server to sell to his own customers.

Share this
15 Apr 2016

WHAT IS RESELLER HOSTING?

WHAT IS RESELLER HOSTING?

Reseller hosting is a form of web hosting wherein the account owner has the ability to use his or her allotted hard drive space and bandwidth to host websites on behalf of third parties. The reseller purchases the host’s services wholesale and then sells them to customers, possibly for a profit. A certain portion of hard drive space and bandwidth is allocated to the reseller account. The reseller may rent a dedicated server from a hosting company, or resell shared hosting services. In the latter case, the reseller is simply given the permission to sell a certain amount of disk space and bandwidth to their own customers without renting a server from a web hosting company they signed for a reseller account with. (wikipedia)

A lot of web hosting companies provide reseller hosting service. With reseller hosting, the account owner of reseller hosting service rents out portion of the disc space and bandwidth he receives to alternative end users. Therefore, the account owner is sort of a hosting service supplier to those end users.

ExpertPK

Reseller Hosting - PROS AND CONS

Price is surely the largest advantage of reseller hosting. A lot of the reseller hosting plans are relatively cheap, perhaps a few dollars a month. However, as we said before, unlike established web hosting firms, the resellers might not be able to provide good technical support.

Conclusion

Reseller Hosting Accounts are meant for one owner who wishes to resell hosting and act as their own hosting company. Depending upon which reseller plan you choose, you can have your reseller account from 10 to 250 cPanel accounts. On a reseller account, you would be able to set up each domain name so it has it’s own cPanel.

So its mean for whom who want to start their own business of shared hosting, its a starting point.

Share this
31 Mar 2016

Firewall

Firewall - Securing your server

This guide is reserved for people with a good level in the administration of dedicated servers on Linux. The handling of a firewall can be dangerous . Indeed, you can block your server what will force you to restart it HARD. If you make a mistake in the final script and you put it in auto startup, you will not have access to your machine! So be very careful and if you do not feel comfortable with this guide, do not set your firewall!

To competently perform rectifying security service, two critical incident response elements are necessary: information and organization.

Faheem Khan

A Firewall, What is it?

This is a program that will block certain ports on your machine and open to other. Imagine your house, you have a door in the front and a door at the rear. At the back, does you ever, as the convict. Why ? Because this is a potential intrusion for a thief. With the firewall is the same, we will close all ports that we do not need.

Ports, What ports you use?

Caution! First of all, we must be very careful what you do. In fact, you could go wrong ports and close the bad. Imagine if you close the SSH port! It will then restart either via telnet, or via webmin or reboot so hard in. / Default opened ports on OVH server are:

21 – ftp (the FTP server, allowing depending on use).
22 – ssh (the crypted shell, leave it!).
23 – telnet (the unencrypted access to the shell, leaving in troubleshooting)
25 – sMTP (outgoing mail server, allowing in most cases).
53 – dns (the DNS server, allowing in most cases).
80 – http (the web server permitting).
110 – pop3 ( the mail access, allowing in most cases).
143 – imap (the mail access, to leave if you do not use pop3).
443 – https (the crypted web, according to let your use).
1000 – webmin (server configuration panel, leave if you use it).

Iptables - What is it?

iptables is a very powerful firewall, installed on all ExpertPK servers. The operation will be: we will open some ports and close the rest. In this example, we’ll leave that port 22 (SSH) and 80 (HTTP). This is only one example, it is for you to adapt in relation to your needs.

Iptable Example

. Connect with SSH root
The first thing to do is Verify the iptables:

$ / sbin / iptables -V

iptables v1.2.4 The version here is too old. We will put the 1.2.9:

$ cd /root
$ wget http://www.netfilter.org/files/iptables-1.2.9.tar.bz2
$ tar xvfj iptables-1.2.9.tar.bz2
$ cd iptables-1.2.9
$ make KERNEL_DIR=/usr/src/linux
$ make install KERNEL_DIR=/usr/src/linux
$ cd /sbin
$ mv iptables iptables.old
$ mv iptables-restore iptables-restore.old
$ mv iptables-save iptables-save.old
$ ln -s /usr/local/sbin/iptables iptables
$ ln -s /usr/local/sbin/iptables-restore iptables-restore
$ ln -s /usr/local/sbin/iptables-save iptables-save
$ /sbin/iptables -V
iptables v1.2.9

Share this

© 2018 M.F.K Enterprises. All rights reserved.

Click Me