It could be the case that it may be difficult to understand the principles involved when you host mail if you are a novice… but we never know if the is a rival panel just trying to dis vmin …
I guess the flack will hit me for this
Well, Contabo does offer a Ubuntu 18. Not sure why you would put this on a 40 day old server. Would that account for the older software versions the OP is using? Reinforces the ‘shouldn’t be running a server’ theory.
what is
Não sei
?
Portuguese for ‘DNDC’. Don’t know, don’t care.
11 year old post where the problem had nothing to do with Virtualmin (or Postfix); it was a compromised account.
Translating “Não sei” to my language threw something else, thanks for clearing that up
You ask why I’m not trying to help you. You didn’t ask for help. This is what you said:
And, I wished you good luck. And, now, I bid you farewell. I don’t know what else you could possibly expect of us, given your post. You didn’t post a question, you didn’t ask for help, you posted an accusation with no actionable details and said you’d be using something else. So, I agree that you should use something else. I don’t do this for free in order to be abused.
You are not operating in good faith or with any concern for our community guidelines, so I have no interest in helping you.
I honestly don’t know how you could expect us to help, when you didn’t give any useful details and you didn’t ask for help.
1 Like
Would Ubuntu 18 not update to newer software(virtualmin and webmin)? Not gonna hunt for release cycles at this point.
If installed according to our documentation, updates would be offered/recommended in the GUI on any currently supported OS. Ubuntu 18.04 is currently maintained upstream (but only for a few more days), and we continue to provide package updates for it.
OP has already told us they’re going to use something else, though, so it’s a moot point.
No trying to defend anyone nor attack, Virtualmin is lacking some good tools to protect server like Brute Force Attack protection (as Cpanel does) and some others useful security tools that I’ve suggested on other threads.
On this issue sending spam most times is not a server issue but a client issue, meaning that the user does not have his/her PC protected and that’s usually the spam’s source. In short one computer using one of your email accounts got virus or malware and was controlled to send spam.
That’s no issue with Virtualmin neither the Server.
However Virtualmin helps a lot to avoid sending out spam, just set an email rate limit.
It would help a lot more if that setting was part of the setting up virtualmin documentation or even better on the setup.
The email rate limit that can be used to protect your server from sending spam and if you set it just a little above the top usage (per domain or server) it will stop the spam before your provider shut down your server (your users will call you that they can not send emails) and will give you time to find out the cause you will need either Virtualmin Pro or technical skills to find out the account sending spam.
You should require your customer to have an antivirus solution in each computer that uses your server to avoid be blacklisted and shut down.
Virtualmin includes brute force protection for every service it manages, including itself. Fail2ban provides brute force protection for mail services, including SASL for outgoing mail.
I forgot cPanel has ‘built in’ because CFS? usually does the bulk of the work. Then you are dependent on knowing there are duplicate services if you don’t find what you’re looking for in one.
DOS attacks aren’t handled but those really need to be handled upstream anyhow.
Webmin has CSF support, too. I just prefer the simpler solution (Fail2ban+Firewalld).
And fail2ban doesn’t block you from the server if one port trips. BIG plus.
Tell ME at which point I attacked a developer I just found that virtualmin has some kind of vulnerability and I decided that I will not use it anymore until I receive a bunch of ironic responses from idiots who do not accept any criticism. it’s my right to criticize any system if nobody knows how to deal with it, bad luck for those who don’t know how to deal with it.
I didn’t even ask for help, I just said that if I’m going to comment on something that won’t add anything, it’s better not to comment.
But what I see is a bunch of people with super inflated egos trying to debunk the fact that yes, there is some vulnerability in the system, I still haven’t been able to find out what it is and because of that I won’t be able to continue using a system that does have its flaws. obviously if I find it I’ll post “Not here”. But in the proper field that is directly aimed at developers.
To make matters worse, I can’t see the email logs, because I don’t have the “PRO” version, which makes it even more difficult to try to find any kind of vulnerability or know who and how they are attacking me. And when my passwords are all changed and with very advanced difficulty.
I don’t need to come here and attack anyone. I have 3 more servers that I’ve managed for over 8 years, and I’ve never had this spamming problem using my postfix. But it was enough for me to install virtualmin, and in a few days of use I already had my server blocked by the host accusing me of doing phishing.
Therefore, I can no longer continue using the system, am I wrong in saying that I will no longer use it? Does this hurt your Ego so much that you can’t stand criticism? Improve the system then, do more tests, stop attacking those who criticize the system. If there is criticism, it is because the system is not as secure as it seems. If this hurts your mind, I’m sorry. Better dig a hole and bury yourselves. So no criticism will reach your baby ears.
No. You are not obligated to help me, nor do I want your help. I just hit back at the idiotic comments posted after my complaint. The system does have its vulnerabilities, unfortunately I still haven’t been able to find out what they are. But I won’t make a point of looking for it either, after all I’ve already decided that I won’t use the system anymore and if this bothers you so much, I’m sorry for you.
Sem tentar defender ninguém nem atacar, o Virtualmin carece de algumas boas ferramentas para proteger o servidor, como a proteção Brute Force Attack (como o Cpanel faz) e algumas outras ferramentas de segurança úteis que sugeri em outros tópicos.
Someone managed to break into my server and is sending mass spam without my authorization. I need you to shut down the server immediately. I am unable to continue using this server. I am at immense financial loss because of this striker.
At the exact moment I write this text, my server continues to send mass spam through virtualmin, even though I have disabled the virtual servers. Contabo reactivated my account, and soon after, mass shipments began without my authorization. I can’t see the email logs because I’m using a free version of virtualmin, so there’s no point in continuing to use the system. My IP is already burned, my financial loss is decreed and I need to leave to hire a new VPS, with a new IP and another management system that does not have this vulnerability.
But some here can’t bear to hear that, and would rather mock me. I’m glad to know that the community has a bunch of emotional immatures who can’t stand criticism and instead of helping, they prefer to mock and accuse me of “attacking the developers.”
I just said I wasn’t going to use the system anymore and they just freaked out.
And yet here you still are posting over and over again.
Troll.