Using SA-Learn to improve spam filtering in cPanel

More information available at the following link
https://forums.cpanel.net/resources/how-to-train-spamassassin-with-sa-learn.623/

Training on Spam

Train Spam from Junk email directories for email account. Replace USER with the domain admin username, DOMAIN.TLD with domain name, and ACCOUNT with the email address.

/usr/local/cpanel/3rdparty/bin/sa-learn -p /home/USER/.spamassassin/user_prefs --spam /home/USER/mail/DOMAIN.TLD/.ACCOUNT@DOMAIN.TLD/.Junk/{cur,new}

Use read emails in inbox as Ham

You can use the following script to feed sa-learn ham. The script looks at all the read messages for the current year in the default inbox and then feeds them individually to sa-learn

cd /home/USER/mail/
for emailHam in `ls -lt --time-style=long-iso {cur/,new/} | grep $(date | awk '{print $6}') | grep "2,S" | awk '{print $8}'`
do
/usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --ham ${mailbox}/{cur,new}/${emailHam}
done

Script to automate the process

You can use the following script to automatically train sa-learn. Create the script and then use Crontab to launch it.

Script

Create a file named sa-learn.sh and add the following contents to it.

#!/bin/bash

# Notes on cpanel mail
# - /home/cpanel_user/mail <- Default mail directory, all the email accounts are located in the domain.com directory, although there are hidden files in here that point to that.
# - the default catch all is in ..../mail

dateYear=`date +%Y`

echo "Starting Training"
for mailbox in `cat mailboxes.txt`; do
        cd ${mailbox}
        echo "training on Ham" for ${mailbox}
        cpanelUser=`echo ${mailbox} | cut -d\/ -f3`
        # Check Spam
        echo "Trainging on Spam, SPAM, spam, junk, Junk Email, and Junk folders"
        /usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --spam ${mailbox}/{".Junk Email"/{new/,cur/},.Junk/{new/,cur/},.junk/{new/,cur/},.spam/{new/,cur/},.Spam/{new/,cur/},.SPAM/{new/,cur/}}
        cd
        # Gets a list of seen messages for the current year to use as Ham
        for emailHam in `ls -lt --time-style=long-iso {cur/,new/} |  grep $(date | awk '{print $6}') | grep "2,S" | awk '{print $8}'`
        do
            /usr/local/cpanel/3rdparty/bin/sa-learn -p /home/${cpanelUser}/.spamassassin/user_prefs --ham ${mailbox}/{cur,new}/${emailHam}
        done
done

Create text file to hold mailbox paths

You’ll need to create a file called mailboxes.txt and put the email paths for the email accounts you want to run sa-learn against. The following is an example of what the file should look like.

/home/incredigeek/mail/.bob@incredigeek_com/
/home/incredigeek/mail/.larry@incredigeek_com/
/home/incredigeek/mail/.steve@incredigeek_com/
/home/incredigeek/mail/.admin@incredigeek_com/

Create Crontab

Add script to cron by running

crontab -e

and paste in the following to launch the script every day at 1AM

0 1 * * * /root/sa-learn.sh train && echo "training run at $(date)" >> /root/email_report.log

Save and you should be ready to go.

Cambium R195W cnPilot Routers Randomly Dropping

The Problem

We have been experiencing a problem with our Cambium routers where they randomly drop and are unresponsive till a reboot. They’ll also stop handing out addresses on the LAN side.

A reboot “fixes” the problem, until it does it again. You can trigger the behavior by running a port scan against the router. Wondering if the CPU/Memory get overloaded?

nmap -T4 -A -v 192.168.11.1

While running a scan on the LAN side, the web interface slows down, but doesn’t seem to take it down as fast as a scan on the WAN side.

goahead.sh is a script that may be maxing out the cpu, but could be completely unrelated.

Resolution

Configuring the “Allowed Remote IP(IP1;IP2;)” to limit WAN access effectively blocks port scans and resolves the issue. Setting is under Administration -> Management -> Web Settings. You can add multiple ranges with

10.0.0.0/8;172.16.0.0/12;192.168.0.0/16
Configure Allowed Remote IP cnPilot R195W

It looks like the public ip ranges are limited to /24’s so if you you have a block of public IP addresses larger than a /24, you’ll need to break it down into 24’s to work properly.

Template for cnMaestro

You can also create a template in the Cambium Cloud so you can apply the change to multiple routers fairly easily.

Go to Configuration -> Templates and add a new template.

WebRemoteLegalIP=10.0.0.0/8;192.168.0.0/16;172.16.0.0/12
WebRemoteLegalIP template for cnMaestro

And then you can go to your device -> Configuration and apply your new config.

Apply Allowed WAN IPs Template

Do note that if you run a scan from an allowed range, it still seems to cause problems. But at least setting the Allowed Remote IPs will keep others from scanning your network and causing problems on your R195’s.

Mount disk by UUID in Linux

Find UUID

blkid

Example output

/dev/xvdb1: UUID="42fbe9a1-eea1-34bc-439d-19a0b48e7df1" TYPE="xfs"

Mount drive using the UUID

[root@host ~]# mount -U 42fbe9a1-eea1-34bc-439d-19a0b48e7df1 /mnt

Add to fstab to automatically mount on system boot up

vi /etc/fstab

Add the following, swap out the UUID for your devices UUID

UUID="42fbe9a1-eea1-34bc-439d-19a0b48e7df1" /backup xfs defaults 0 0

Save and exit. Now when the system reboots it should automatically mount the drive. You should also be able to call “mount -a” to automatically mount everything in fstab.

Baicells eNodeB – Random Stuff

SSH
Looks like Default SSH port is 27149

Software
Runs Quagga

CELL> show version
Quagga 0.99.21 ().
Copyright 1996-2005 Kunihiro Ishiguro, et al.

https://www.quagga.net/

Settings
show network config

CELL> enable
CELL# show network
% Command incomplete.
CELL# show network config
network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.lan=interface
network.lan.proto='static'
network.lan.ipaddr='192.168.150.1'
network.lan.netmask='255.255.255.0'
network.lan.mtu='1496'
network.lan.ifname='eth2.3'
network.wan=interface
network.wan.ifname='eth2'
network.wan.media='copper'
network.wan.proto='dhcp'
network.defRouteIf=defRouteIf
network.defRouteIf.defRouteIf='wan'
CELL#

Users

CELL# show user
User      Permission    State
---------------------------------
admin     admin         unlocked
anonymous admin         unlocked
---------------------------------
CELL#

User commands

CELL# user
 USERNAME User name
 add Add user
 delete Delete user
 lock User lock
 role User role
 unlock User unlock
CELL# user

Kotlin – Buttons and TextViews

Set Text for text view

val textBoxVar: TextView = findViewById(R.id.textBoxID)
textBoxVar.text = "Hello World!"

Button clicked – do something

val buttonVar: Button = findViewById(R.id.buttonID)
buttonVar.setOnClickListener {
    buttonVar.text = "Button Pushed..."  //Change text on button

}

Toast notification

val text = "Hello World! This is a toast message!"
val duration = Toast.LENGTH_SHORT
val toast = Toast.makeText(applicationContext, text, duration)
toast.show()

Change UniFi Camera Password from Command Line

Basic steps are

  • Change password with passwd
  • Copy passwd hash to /tmp/system.cfg
  • Apply Changes

Changing Password with passwd

The passwd command is normally used for changing the password for a Linux user. We’ll use it to change our user password and then copy the hash out of the /etc/passwd file to use in the Ubiquiti config file.

UVC.v4.18.37.67# passwd
Changing password for admin
New password:
Retype password:
passwd: password for admin changed by admin
UVC.v4.18.37.67#

Copy passwd hash to /tmp/system.cfg

Using “cat /etc/passwd”, we can get what the new password hash is and can copy that into the /tmp/system.cfg file.

UVC.v4.18.37.67# cat /etc/passwd
admin:$6$K4VfN1jGcxaX63Eo$yMGBg7jgCCg.HorkmkQf9wnQcEko.1onZcAa6ua421LonYgfYr8FgHprrwkMqaTYzH0KqCtOEPqDlB3AvkvcW.:0:0:Administrator:/etc/persistent:/bin/sh
UVC.v4.18.37.67#

Open up the /tmp/system.cfg config file, find the section below and replace the hash part, i.e. the part that is in bold.

users.1.name=admin
users.1.password=$6$K4VfN1jGcxaX63Eo$yMGBg7jgCCg.HorkmkQf9wnQcEko.1onZcAa6ua421LonYgfYr8FgHprrwkMqaTYzH0KqCtOEPqDlB3AvkvcW.
users.1.status=1

As a side note, you can copy and past all of the “users.1.*” lines and change the 1 to 2 and have a second user.

Apply Changes

You can use the following command to write the changes and then reboot the camera.

cfgmtd -f /tmp/system.cfg -w && reboot

Long Example

[admin@localhost ~]$ ssh ubnt@10.96.1.91
ubnt@10.96.1.91's password:
BusyBox v1.29.2 () built-in shell (ash)
UVC.v4.18.37.67# passwd
Changing password for admin
New password:
Retype password:
passwd: password for admin changed by admin
UVC.v4.18.37.67# cat /etc/passwd
admin:$6$K4VfN1jGcxaX63Eo$yMGBg7jgCCg.HorkmkQf9wnQcEko.1onZcAa6ua421LonYgfYr8FgHprrwkMqaTYzH0KqCtOEPqDlB3AvkvcW.:0:0:Administrator:/etc/persistent:/bin/sh
UVC.v4.18.37.67# vi /tmp/system.cfg <- Edit the text file and replace the hash with the one from above
UVC.v4.18.37.67# cfgmtd -f /tmp/system.cfg -w && reboot

VirtualBox – VERR_NEM_VM_CREATE_FAILED

Looks to be an issue if you have Windows HyperV enabled.

Search for and Open up the “Turn Windows features on or off” and make sure “Windows Hypervisor Platform” is unchecked and hit OK to apply it.

Disable Windows Hypervisor Platform

Reboot computer and launch VM

https://superuser.co/questions/1442766/virtualbox-fails-to-start-with-verr-nem-vm-create-failed

WHM/cPanel Firewall

Had a weird issue where a certain address was unable to access the cpanel server, but it was intermittent with it working some times, but failing at other times.

Ended up being the firewall on the WHM server blocking that particular IP address due to failed log in attempts.

Check the status of LFD (Login Failure Daemon)

systemctl status lfd

How do I know which IP’s are being blocked?

Check the logs, dmesg or tail /var/log/messages

[1122639.674605] Firewall: UDP_IN Blocked IN=eth0 OUT= MAC=8e:23:f5:16:a6:b1:cc:51:54:6a:2e:ea:14:00 SRC=72.211.105.113 DST=192.168.1.12 LEN=64 TOS=0x00 PREC=0x00 TTL=246 ID=40014 PROTO=UDP SPT=9307 DPT=161 LEN=44
[1122646.728510] Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=8e:23:f5:16:a6:b1:cc:51:54:6a:2e:ea:14:00 SRC=198.199.98.83 DST=192.168.1.12 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=57522 DPT=15672 WINDOW=65535 RES=0x00 SYN URGP=0

CSF keeps a file with addresses to deny in “/etc/csf/csf.deny” Also nice that if gives you a little bit of info on why it was blocked.

# grep -r "192.168.1.21" /etc/csf/csf.deny
192.168.1.21 # lfd: (pop3d) Failed POP3 login from 192.168.1.21 (US/United States/-): 10 in the last 3600 secs - Tue Jun 20 11:36:15 2020

You can also dump all of the rule in iptables with

iptables --list | egrep "192.168.1.21"

Change 192.168.1.21 with the IP you are looking for

Whitelist IP Addresses

Open up /etc/csf/csf.allow with a text editor and add the IP to the bottom of the file.

or add the IP address to the end of the file with the following command. Replace 192.168.1.21 with the IP address you want to whitelist.

echo "192.168.1.21" >> /etc/csf/csf.allow

You can also do all of this from the WHM web interface “Plugins -> ConfigServer Security & Firewall”

Further reading

https://documentation.cpanel.net/display/CKB/How+to+Configure+Your+Firewall+for+cPanel+Services