Archives

Add a DMARC record to your domain in cPanel

What is DMARC?

According to dmarc.org :

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

DMARC is a policy with which the sender indicates the message is protected by DKIM and /or SPF. It also tells the receiver what to do with the message if DKIM/SPF authentication fails.

Please check the DMARC resources (from the end of this article) before creating a DMARC record. You can use an online tool to create a DMARC record. Check the DMARC Tools page.

To set a DMARC record for your domain:

  1. Log into cPanel
  2. Navigate to Zone Editor (DOMAINS section)
  3. On the row with the desired domain, click the Manage link
  4. Click the down arrow   from the right of the Add Record button.
  5. Select Add DMARC Record from the drop-down list
  6. Modify any DMARC settings (see below) and click the Add Record button
cPanel DMARC
cPanel DMARC

 

DMARC Settings

Policy Action
None No action is taken; you can use this setting to monitor DMARC
Quarantine Messages will be marked as spam
Reject Messages will be rejected

 

Parameter Settings
Subdomain Policy Action for subdomain policy. Same options as for the main domain policy.
DKIM Mode Relaxed – the system allows some messages from domains that it doesn’t recognize.
Strict – the system will reject all messages from domains that it doesn’t recognize.
SPF Mode Relaxed – the system allows some messages from senders that it doesn’t recognize.
Strict – the system will reject all messages from senders that it doesn’t recognize.
Percentage Default value is 100. It represents the percentage of the email messages you want the system to filter.
Generate Failure Reports When All Checks Fail – report will be send if all checks fail
Any Checks Fail – report will be send if any checks fail
Report Format AFRF – Authentication Failure Reporting Format
IODEF – Incident Object Description Exchange Format
Report Interval The time in seconds between each aggregate email message report. The default value is 86400 (24 hours).

The video tutorial for setting a DMARC record:

 

If you’ve added a valid email for the Send Aggregate Mail Reports To, you will receive a message from receivers that support DMARC, like in the example bellow:

From: noreply@dmarc.yahoo.com
To: admin@plothost.com
Subject: Report Domain: plothost.com Submitter: yahoo.com Report-ID: <1496110592.916792>
In the attachment you will see an XML file with the same name as the zip archive.

<?xml version="1.0"?>	
<feedback>	
  <report_metadata>	
    <org_name>Yahoo! Inc.</org_name>	
    <email>postmaster@dmarc.yahoo.com</email>	
    <report_id>1496110592.916792</report_id>	
    <date_range>	
      <begin>1496016000</begin>	
      <end>1496102399 </end>	
    </date_range>	
  </report_metadata>	
  <policy_published>	
    <domain>plothost.com</domain>	
    <adkim>r</adkim>	
    <aspf>r</aspf>	
    <p>none</p>	
    <pct>100</pct>	
  </policy_published>	
  <record>	
    <row>	
      <source_ip>d02.plothost.com</source_ip>	
      <count>1</count>	
      <policy_evaluated>	
        <disposition>none</disposition>	
        <dkim>fail</dkim>	
        <spf>fail</spf>	
      </policy_evaluated>	
    </row>	
    <identifiers>	
      <header_from>plothost.com</header_from>	
    </identifiers>	
    <auth_results>	
      <dkim>	
        <domain>web.plothost.com</domain>	
        <result>neutral</result>	
      </dkim>	
      <spf>	
        <domain>web.plothost.com</domain>	
        <result>none</result>	
      </spf>	
    </auth_results>	
  </record>	
</feedback>		

Resources:
DMARC Website at https://dmarc.org/overview/
DMARC Tools – record creation, lookup, check etc
Google recommendations for DMARC here
cPanel Zone Editor Documentation

Share this post:

Generate private and public key in cPanel for SSH access

The common way to connect to the server via SSH is to use a username and a password. But to increase security, you can use a pair of keys(a private one and a public one) to connect to the server.

The public key will be on the server. The private key will be on your computer. When you are trying to connect, the server compares the two keys. If they are the right ones, you will be able to access it.

We will show in this post how to generate the pair of keys and connect to your server with PuTTY.

To generate and use public and private keys in cPanel:

1.Log in to cPanel
2.Scroll down to the SECURITY section -> SSH Access

3.Click the Manage SSH Keys button

4.Click the +Generate a New Key button

5.You are now on a page with a title Generating a Public Key. Here, choose:
-Key Name – you can leave the default value
-Key Password – enter the password for the key and confirm it
-Key Type (RSA or DSA) – let the default value
-Key Size (2048 or 4096) – let the default value

cPanel mentions:

RSA vs DSA: RSA and DSA are encryption algorithms used to encrypt your key. DSA is faster for Key Generation and Signing and RSA is faster for Verification.

6.Click the Generate Key button. You will see a confirmation message: Key Generation Complete! with some details:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
b7:9a:55:59:c1:a7:6a:31:5c:9a:40:50:e9:73:24:a0

7.Click the Go Back link
8.Now you need to authorize the public key. (the Authorization Status is not authorized). Click the Manage link.

9.You will see a message The key with the name “id_rsa” is currently “not authorized” for use when connecting to this account.  Click the Authorize button. The success message is: The key “id_rsa.pub” has been authorized.

10.Click the Go Back link
11.Go to the Private Keys sections and click the View/Download link.

12.Here we will Convert the “id_rsa” key to PPK format. Enter the passphrase and click the Convert button.

13.You will see the key to be used in PuTTY. Click the Download key button and save the file to your computer (the filename is id_rsa.ppk) 

14.Now start PuTTY on your computer and go to Connection->SSH->Auth. Here, browse and select the file you saved at 13. (Private key file for authentication)

15. Click the Open button. PuTTY will connect to the server. Enter the Passphrase when asked.

16.You are now connected to the server 🙂

 
One of the most used SSH programs is PuTTY. Download it from chiark.greenend.org.uk/~sgtatham/putty/
Share this post:

Set up mail client to receive and send messages

To get email messages to your email client you need to use IMAP or POP3 protocol.
To send email messages from your client you will need to use the SMTP protocol.

Abbreviations used means:
IMAP = Internet Message Access Protocol
POP3 = Post Office Protocol, version 3
STMP = Simple Mail Transfer Protocol
You can find more information on these protocols on the links from the end of this post.

To find more details on how to connect with an email client to the server:

  1. Log in to cPanel
  2. Go to Email Accounts from EMAIL section
  3. Look on the list of accounts for your account, and click the Set Up Mail Client link
  4. You will see the settings for manual configuration, but you can also download auto-configuration scripts for programs like Microsoft Outlook.
cPanel Email Connection Settings cPanel Email Connection Settings

The details for email connections to the server are:

✔️ Secure SSL/TLS Settings (Recommended)
 Username: username@domain.com
 Password: Use the email account’s password.
 Incoming Server: domain.com
IMAP Port: 993 or POP3 Port: 995
 Outgoing Server: domain.com
SMTP Port: 465
  IMAP, POP3, and SMTP require authentication.

 

❌ Non-SSL Settings (NOT Recommended)
 Username: username@domain.com
 Password: Use the email account’s password.
 Incoming Server: domain.com
IMAP Port: 143 or POP3 Port: 110
 Outgoing Server: domain.com
SMTP Port: 25
  IMAP, POP3, and SMTP require authentication.

Resources:

Wikipedia IMAP Protocol
Wikipedia POP3 Protocol
Wikipedia SMTP Protocol

Share this post:

Configure a default email address in cPanel

With this option, you will configure what happens to an email that comes to an email address that doesn’t exist on your account.

To configure a default email address:

  1. Use yourdomain.com/cpanel to login to your account
  2. Go to the EMAIL section, then to the Default Address option
  3. Look for Default Address Maintenance section
  4. From the drop-down box, select the domain you want to setup a default email address for
  5. Choose an action, as:
    – Discard the email while your server processes it by SMTP time with an error message.
    – Forward to Email Address
    – Forward to your system account “username”
    – Pipe to a Program
    – Discard (Not Recommended)
  6. Click the Change button. From now on the action you selected will be applied to all unrouted emails.
cPanel Default Email Address cPanel Default Email Address

 

The video tutorial:

Share this post:

Working with email filters and global email filters in cPanel

Are you receiving a lot of spam messages? Or you just want to filter some messages? cPanel offers you this possibility. You can use email filters which can be configured for each account. Also there is the possibility to use global email filters.

How to configure email filters:

  1. Log into your cPanel account
  2. Go to Email Filters (EMAIL section)
  3. Look for the email account you want to modify the filters for and click the Manage Filters link
  4. Click the Create a New Filter button
  5. Enter:
    Filter Name – the name you want to use for this specific filter
    Rules – here you set up a rule or a combination of rules using the and/or operators
    Actions – what action should the filter take: Discard Message, Redirect to Email, Fail With Message, Stop Processing Rules, Deliver to Folder, Pipe to a Program.
  6. Click the Create button. You will see the confirmation message:  You have successfully created a new filter. You can create another one now, or you can return to the filters list.

For global filters, the process is very similar. In this case, you will create rules for all email accounts.

The video tutorial:

Share this post:
Page 3 of 14
1 2 3 4 5 14