26Oct/170

How to manage your websites in Plesk: The WordPress Toolkit

In Plesk Onyx, which we offer for our VPS and dedicated servers, you can comfortably manage your WordPress sites with the extension "WordPress Toolkit". The software enables you to set up a new WordPress site by only a few clicks, it can find already existing WordPress installations on its own and it will show them all in a list. There you can do administrative tasks like updating, installing plugins and much more on all installed WordPress instances at once. Therefore, the extension is very interesting for resellers but also for end users. The WordPress Toolkit is available for all three Plesk Onyx versions at no additional charges, but the range of functions in the Web Admin Edition got reduced in some points. For more information about the differences between the full version and the special Web Admin edition, please take a look on this site: https://www.plesk.com/extensions/wordpress-toolkit.

You can easily check if the extension has already been installed in your Plesk by changing to the following oversight: Server Management > Tools & Settings > Updates and Upgrades > Add/Remove components > Plesk extensions. You should see a green tick next to the extension "WordPress Toolkit". If there is still a red X shown, please use the "Install" function in the drop-down menu. With continue, you will proceed with the installation. You will find the extension afterwards below the menu item "Server Management" in the main menu of Plesk. It is called "Wordpress" there. In case you can not find those menus, you can also use the Plesk search bar. Maybe you are not using the Service Provider view then.

Here you can see a screenshot of the available options. You can increase the size of every image in this tutorial by clicking on it.

You can use those options selectively or on all WordPress instances at once. We will now explain those options from the left to the right.

  • Scan
    There you can search for existing WordPress installations. They will be added to the list below automatically.
  • Check Security
    There you can check your WordPress instances for elementary security problems. You will get a list with points that got checked and possible automatic improvements you can confirm.
  • Plugins
    You will get a collection of the installed plugins and also an update check for those plugins will be performed. You can install and remove plugins for your sites there as well.
  • Themes
    There you can manage your themes and exchange them for multiple WordPress sites at once.
  • Update
    You can update your WordPress installations to the newest version here. Plugins are not touched.
  • Check for Updates
    Here you can check if there are WordPress updates for your sites.
  • Auto-Update
    There you can decide if your WordPress sites should get automatic updates in future.

Additionally to those features, you have the functions Clone and Sync available in every line with an existing WordPress installation.

With Clone you can save a lot of time, if you want to use a fully configured WordPress site as Template. You can also easily change the URL of a WordPress installation this way by deleting the original site afterwards. After clicking on this function, you can do the few required settings and create the target subdomain or select one of the existing domains.

With Sync, you can copy changes to other WordPress installations. This is useful, if you want to test for example new plug-ins on a subdomain before you use them in your public blog. You have the choice between the files, the database or both.

If you want to install a new WordPress for one of your domains, you have to change the menu. Please go to "Hosting Services" and there to "Domains". If it does not exist yet, please add your domain now and open it in the list with all the available domains by clicking on the name of the domain. Next to the usual options, you can see the new one called "Install WordPress", as shown in the image below:

After the installation, you can directly log into the WordPress administration panel from Plesk. If you need the login data or want to change them, you can find this and further options in a dedicated management menu. To open this menu, please click on the name of the WordPress instance left to the direct log in button. We marked this in the picture below:

Sounds great, doesn't it? Give Plesk Onyx a try at Contabo and benefit from our one month for free promotion:

Simply order one of our VPS in combination with Plesk and you will get the edition of your choice one month for free!

18Oct/172

E-mail server in Windows Server, part 2: Security

This is a follow-up to the tutorial How to install an e-mail server in Windows, directed to those who already have an hMailserver and want to increase the security.

Spam protection

To activate the spam protection, please go to Settings >> Anti-spam in the hMailserver Administrator.

In the tab "General" you can leave the settings the way they are, as shown in the image. Of course you can adjust them later according to your needs.

In the second tab "Spam tests" you should select all four spam detection parameters:

- Use SPF (3)
- Check host in the HELO command (2)
- Check that sender has DNS-MX records (2)
- Verify DKIM-Signature header (5)

Malware protection

As already mentioned in the previous tutorial, you have the possibility to use different anti malware software in hMailServer. The most easy solution is to use the free ClamWin anti virus scanner. You can download it there:

https://sourceforge.net/projects/clamwin/

Please follow the installation wizard. Installing the browser extension is not required for your e-mail server. Normally ClamWin will now appear in the Windows system tray and start to update its database once a day. It will also protect your system from malware. You are of course free to change those settings individually in the ClamWin menu. The integration in the hMailServer is easy. Please go to Settings >> Anti-Virus >> ClamWin. The button "autodetect" will find the correct path to your ClamWin anti virus installation and you can finish the setup with "Save".

TLS encryption

To enable your clients to start an encrypted connection to your server, so nobody can steal your data, you have to enable this in your settings first. You will need an SSL certificate to achieve this. If you do not have already one for the host name of your server, you can create a self signed one on your own. Self signed certificates are free. But you will have to add an exception manually each time you set up a new client for your server. Most clients like Thunderbird or Outlook will ask you for that after the credentials got entered and they start the first connection. You can use XCA to create such a certificate:

https://sourceforge.net/projects/xca/

After the software got installed and opened, you have to create a new database on the upper left side. You can choose any name, you do not even have to remember the password. We will need this tool only once to create the new certificate. You can remove it again afterwards.

After the new database got created you can choose the tab "Certificates". In the following menu please choose "New Certificate" on the right side. A new window will open. In this new window please choose the tab "Subject" and add your host name next to "commonName". In our example screenshot this is mail.yourdomain.com. Now please create a key for the certificate by pressing the button "Generate a new key". The options in the window normally will be  inserted correctly per default as shown in the image. You can finish the creation with "create".

The next step is to switch to the tab "Extensions". Enter a date until the certificate will be valid. You can be generous at this point. In our example we set a date in the year 2030 for "Validity not after". With the "OK" button in the bottom right corner you will finally create the certificate.

Now you have to export the certificate and the according key. Please choose in the tab "Certificates" the certificate and click on "Export" on the right side. You can let the path the way it is. In our case it is:

C:\Program Files (x86)\xca\mail.yourdomain.com.crt

In the tab "Private Keys" please do the same for the previously created key. The path should be:

C:\Program Files(x86)\xca\mail.yourdomain.com.pem

Please open the hMailServer Administrator and navigate to Settings >> Advanved >> SSL certificates and click on "Add". Now you have to add the previously exported certificate and key as shown in the image below and save the settings.

For the last step please go to Settings >> Advanced >> TCP/IP ports. There you have to modify the three entries below "0.0.0.0 / 25 / SMTP" as shown in the following images. At "SSL Certificate", please choose your recently created certificate. "0.0.0.0 / 25 / SMTP" has to stay in its original state as the only one. If you change it, your e-mail server will not work properly!

Now you have to open the new ports in your firewall. For that you can edit the rule from the previous tutorial. We called it "Ports for hMailServer" there. Please change the "local ports" from 25, 110, 143, 587 to 25, 465, 993, 995. (Windows Firewall with Advanced Security on Local computer >> Inbound Rules >> Ports for hMailServer >> Protocols and Ports)

The settings for your clients have changed too:

ingoing server:

protocol: IMAP; port: 143; security: SSL/TLS; server: the IP or hostname of your server

outgoing server:

protocol: SMTP; port: 587; security: SSL/TLS; server: the IP or hostname of your server

9Oct/1710

How to install an e-mail server in Windows Server

You want to send and receive e-mails with your Windows server and connect to it by using your clients on PC, smartphone or tablet? In this tutorial we will explain how you can setup your own e-mail server on a Windows system with a static public IP. This tutorial will work for our VPS as well as for our dedicated servers. hMailServer is a free open source program, the setup is rather simple and can be done in just a few easy steps. Next to the default features like SMTP, POP3 and IMAP, the software is capable to detect spam and also a free virus protection like ClamWin can be added.

Installation

hMailServer needs NET Framework 3.5. to run correctly. Therefore you should add it to Windows before you install hMailServer. To do so, please open the Server Manager. The next steps will differ a little in the different versions of Windows Server. We will explain it by using the example of Windows Server 2012. Please click on "Manage" on the right upper side and choose "Add Features and Roles". In the window that opens you can click four times on "Next" and leave all the settings the way they are. Now you can choose the features you need to install. You just have to choose the NET Framework 3.5 like shown in the image. With "Next" again, you confirm this selection and "Install" will start the installation. As soon as the process is finished, you can close the window and proceed with the installation of your e-mail server.

Please download the latest version of the software from this site:

https://www.hmailserver.com/download

Please do not choose a version that is still in beta, since it might contain bugs and vulnerabilities. After you received the installation package, you can execute it and accept the terms of service.

You should leave the default installation directory as is and continue with "Next". Now you can choose the required products for installation. You will need the full installation, so please let "Server" and "Administrative Tools" checked and proceed with "Next". For an easy installation, we do recommend to choose "Use built-in database engine" in the next step. In the following window let the name be hMailServer and proceed. hMailServer will need a password for administrative tasks in the future. So please create a password you want to use to protect your service and write it down. The last step will be to start the installation. It should finish without error.

hMailServer Configuration

Please open the hMailServer Administrator. In the first window you have to activate "Automatically connect on Start-up" and click on "Connect".

In the next window, please go to "Domains", choose "Add..." and insert your domain you want to use for sending e-mails.

After the domain got saved, you can add new e-mail addresses in the menu "Accounts".

Now please go to Settings >> Protocols >> SMTP >> Delivery of e-mail. There, please add the local host name of your server that should be used for introducing your server to other e-mail servers. It has to be a valid domain and has to resolve to the IP of your server. So please add an A record to your DNS zone if necessary. You also should set an identical PTR for the IP address of your server. This can be done in the Contabo customer control panel. The host name should consist of three parts. That means it has to be an FQDN and it may not contain too many numbers, since it might seem to be generic. A good name for example might be: "mail.justanexample.com". When you are done, please save your new settings.

Firewall Configuration

The main configuration is done. But you still have to open all used e-mail ports in the firewall to make it work. Please open the Windows Firewall settings and choose "Inbound Rules". On the right side click on "New Rule". A window will open and you have to choose "Port" and click on "Next". In the next window please insert the ports 25, 110, 143 and 587, as shown in the image.

In the following window please choose "Allow The Connection" and after "Next", please check "Domain", "Private" and "Public".

In the last window you can enter a name for the new rule. For example "Ports for hMailServer". Please finish the setup and close the firewall settings.

Now you should add an SPF record to your DNS zone. Many e-mail servers will reject e-mails from your server if it does not exist. Therefore please add this TXT record to your zone:

justanexample.com 86400 in TXT "v=spf1 ip4:1.2.3.4 ~all"

"justanexample.com" has of course to be replaced with your domain and 1.2.3.4 with your IP.

You should also add an MX record to your DNS zone, if it does not exist already. The MX record should look like this:

justanexample.com 86400 in MX 10 "mail.justanexample.com"

The value "mail.justanexample.com" has to be replaced with the the host name you have chosen for your e-mail server.

The basic setup of your e-mail server is now complete. It should be able to send and receive e-mails as soon as the DNS changes are active and you can now connect with any e-mail client like Outlook, Thunderbird or Apple Mail.

Client Configuration

Please use the following settings for your e-mail client.

ingoing server:

protocol: IMAP; port: 143; security: none; server: the IP or host name of your server

outgoing server:

protocol: SMTP; port: 587; security: none; server: the IP or host name of your server

Security

If you want to do some optimizations to the server security like transport encryption, spam checks and malware protection, please take a look at our second tutorial: E-mail server in Windows Server, part 2: Security.

10Jun/162

DomainKeys and DKIM in Plesk and cPanel

DomainKeys and DKIM can help you to increase the reputation of your e-mail server and preventing others to manipulate or fake your e-mails. In this tutorial, we want to show you how you can activate this feature in cPanel and Plesk. Firstly, we have to clarify that Plesk allows you to activate DomainKeys in the web interface and that cPanel is using the newer version called DKIM. Those are both quite similar in many points, but we will use those terms separately. All the images in this tutorial can be shown in a bigger version with all the details, by clicking on them. We will often use the example domain "yourdomain.com". It has to replaced with your own one, whenever it appears.

DKIM in cPanel

After you logged into your cPanel account, please search for "Authentication" in the search bar. The matching tool will now get shown in the e-mail section. After opening it, you might see that DKIM has not been activated so far. In this case, please click on the button "Activate". The notification should now look like this, possibly with an error message:

new

If you have your own server with cPanel and you are using it as a name server, the configuration of DKIM might be finished already. In this case, the notification will look like in this picture.

If there is, as already mentioned, an error shown, you will have to translate the raw DKIM record into the final record with the correct syntax and insert it into your DNS zone manually. So please mark and copy the whole raw DKIM record. cPanel offers the code in a form we cannot use directly.  Before we can use it, we have to remove all wrong special characters. For this purpose, we can use Notepad, which is available in every basic Windows installation.

 Please insert the string into the editor:

editor raw

The following has to be removed: everything that stands before "v=DKIM1".  Also all the double quotation marks before,  in the middle or at the end of the key. Furthermore, we have to delete the \ in front of the last ";". Please check that there are no line breaks. Now we have to analyse the part after: "p=". In this part, all whitespaces have to be removed. If you had to remove a " in the middle of the key, there will be such a white space right afterwards. If there are none of the mentioned special characters, it is absolutely okay. The result should look like this:

DKIM fin

Now you have to create a TXT record on your DNS server in the DNS zone for the subdomain "default._domainkey.yourdomain.com". The character string created in the previous step, beginning with: "v=DKIM1...", has to be put into the data part of the record. "your domain.com" has to be replaced with your own domain. If you are using our Contabo nameservers for your domain, please log into the Customer Control Panel, navigate to: DNS Zone Management and edit your domain. Please fill in the fields below "create a new entry" like in the following example:

newnew

When you now reload the tool "Authentication" in cPanel with the key F5 on your keyboard, the following should be shown:

success

If you can see the same message, DKIM has been activated successfully.

If there is still an error shown, you should recheck all the points so far. Are you using the nameservers from Contabo or different ones? Did you change the raw DKIM record correctly?  If you have any questions, you can ask our support. We are reachable over the e-mail address support@contabo.com. It would be a pleasure to help you in this matter

Add-on Domain in cPanel

cPanel uses a new key pair for add-on domains. Therefore you can not use the DKIM record from your main domain for the add-on domains too. You have to extract it from the DNS zone management in WHM first, if you are not using your cPanel as DNS server. Webspace customers do not have access to the administrative WHM panel. So please just ask us for the required key. Customers with their own server have to log into WHM.  There, please open the option "Edit DNS Zone" and choose your domain from the list. You should now see several records of different types. You need the one with the name: "default._domainkey". It should be there, if DKIM authentication got activated in cPanel previously. The needed key is added as TXT record on the right side. Please edit it as explained in the chapter "DKIM in cPanel". Finally, please add it in the DNS zone Management of your really used nameserver, for example the Contabo Customer Control Panel.

DomainKeys in Plesk

Please search in the search bar for: "Mail Server settings" and open the tool. At the point : "DomainKeys spam protection", please check the Box "Allow signing outgoing mail". Afterwards, you have to change to the "Mail Settings" of your domain and activate "Use DomainKeys spam protection system to sign outgoing email messages " there, like in the following screenshot:

newnewnew

Then you can open the "DNS Settings" for the affected Domain. An additional TXT entry for the subdomain: "default._domainkey.yourdomain.com" should have appeared.

neeeeew

If it is missing, please repeat all the steps so far, but firstly delete the tick at "Allow signing outgoing mail" in the Mail Server Settings and set it again after saving. If you are using your Plesk as nameserver, the configuration should be finished now. You should now test the configuration. More about this step in the later point: How to test DomainKeys and DKIM.

If you are using other nameservers for your domain, for example the ones provided by Contabo, you have to copy the data part completely and add an identical record in the zone there. To do so, please log into the Customer Control Panel of Contabo, go to the DNS Zone Management and edit the Domain. Please add, like in the following example, a TXT record for the subdomain "default._domainkey.yourdomain.com" with the data part generated by Plesk.

finnew

As you can see in the picture, a second record has to be added. This one defines the policy, that every e-mail has to have a DomainKeys signature. Please add the subdomain "_domainkes.yourdomain.com" with the TXT record: "o=-". With this last step, the configuration of DomainKeys has been finished. To ensure that everything is working perfectly, you should do a test now!

 How to test DomainKeys and DKIM

A good way to test a DKIM or DomainKey configuration, is the DKIMValidator.

After opening the site, you can see a randomly generated e-mail address. Please write an e-mail from your server to this address and, after a few seconds of waiting, open the analysis report with the button "view results". With Strg + F, you can search the site, which gives you a lot information. To check if DomainKeys and DKIM are working, search for: "result =". If it reads "pass", everything is working fine. If there is a "fail" you should start a search for the cause. If you are stuck at some point, you can contact us anytime under the e-mail address support@contabo.com. Our team of experts will stand by your side to get it working!

Posted by: Johannes | Tagged as: , , , , , , , 2 Comments
17May/160

How can I prevent my e-mails getting marked as spam?

You have your own e-mail server, but your e-mails are landing in the spam folder or do not even arrive? This can have several reasons. This tutorial will show you the most important tricks and often overseen configuration mistakes. If you have a webspace package, you will only need the point SPF of this tutorial. In this tutorial we will often use the fictional domain server.yourdomain.com and the IP address 1.2.3.4. Please replace them with your own ones when you are doing the tests or configuration.

SMTP banner

The SMTP banner is the label of your e-mail server. When it connects to a different e-mail server, it is introducing itself with it. If you have a server from us, it will, at the beginning, answer with something like this:

m1234.contabo.net

A lot of e-mail providers will not accept such a label and send your e-mail directly into the spam folder. So it is better to choose a less generic one like:

server.yourdomain.com

Please note that it has to  be a fully qualified domain name (FQDN). That means there has to be a subdomain like "server" in front of yourdomain.com. You can request the current SMTP banner by connecting to your server with Telnet over port 25. You can do this in Windows by entering the following command into the Windows  command prompt:

telnet 1.2.3.4 25

Please use your own server IP here. If you are using Windows, you will have to activate Telnet first! (Start --> Control Panel --> Programs and Features --> Turn Windows features on or off--> wait a moment, then check the Telnet Client check box and finish with clicking on OK)
The output might look like this:

220 m1234.contabo.net ESMTP Postfix (Debian/GNU)

"m1234.contabo.net" is the important information in this line. You can leave the session by entering "quit" and hitting enter. In cPanel and Plesk, the mailserver's name in the SMTP banner is equal to the hostname. So you can alter it by changing the hostname in the administration panel.
If you are using Plesk on a Windows server, it is not so easy to change the banner. Please log into your server over RDP, open the tool "MailEnable" and go to: MailEnable Management --> Servers --> localhost --> Connectors. Then choose in the opening list SMTP, click on it with you right mouse key and open "Properties". In the opening window, there are four fields you have to fill in:

Local Domain Name

Here you have to enter you main domain. For example: yourdomain.com.

Default mail domain name

This is your e-mail server name in the SMTP banner. For example: server.yourdomain.com

DNS Addresses

Here you have to enter the DNS servers. If you have your server in one of our datacenters, the following addresses would work perfectly:

for Nuremberg:
213.136.95.10 213.136.95.11

for Munich:
79.143.183.251 79.143.183.252

Notification email address

Please enter an existing e-mail address.

If you are using Postfix instead of an administration panel, you can change the SMTP banner by using this command in the terminal:

postconf -e "myhostname = server.yourdomain.com" && postfix reload

Please replace "server.yourdomain.com" with the new domain name of the e-mail server.

PTR

The PTR, or also called reverse DNS record, is the counterpart of the A-record in a DNS zone.

A-record:

server.yourdomain.com --> 1.2.3.4

PTR:

1.2.3.4 --> server.yourdomain.com

Most e-mail servers only accept an e-mail, if the PTR is exactly the same as the name of the mailserver in the SMTP-Banner! If you have for example the following SMTP-Banner:

220 server.yourdomain.com  ESMTP Postfix (Debian/GNU)

You have to change your PTR like in the upper example, what can be done easily in the Customer Control Panel. Please notice, that you have to change the PTR of the IPv6 address too, if you are using IPv6 additionally to IPv4. It will not harm to do it anyway, if you are not sure.

SPF

With the SPF record you determine that it is only allowed to send e-mails from specific IP addresses. Many e-mail servers are considering e-mails from domains without SPF record as spam. You can add an SPF record in the Customer Control Panel with the DNS Zone Management. The following one should work in most cases:

86400 in TXT "v=spf1 +a +mx ~all"

It will allow the IP named in the A-record and the one of the mailserver, named in the MX-record.

If you use one of our webspace packages, please use the following one:

86400 in TXT "v=spf1 +a +mx +include:mail-relay.contabo.net ~all"

If you have a special configuration, you can use a tool like this to generate an individual SPF:

SPF-Wizard

Blacklists

We always do test our IP addresses, before we give them to our customers. But it is not impossible, that your IP is currently on a blacklist. This will cause your sending attempts to fail despite all your tries to achieve a perfect configuration. If you assume that your IP might be on such a list, you can test for the most important ones on this site:

MX-Toolbox Blacklist Check

Please enter the IP address of your server and wait some seconds for the test! If the IP is listed somewhere (marked in red), you should contact the owners of this list. They will offer a removal form on their home page. The IP should be removed in a few days. Some e-mail providers have their own lists, that can not be reviewed so easily. They normally will send you a bounce e-mail to signal, that the sending attempt failed, with the reason included in it. If they mention an internal blacklist, you can find below some links to the removal forms of such providers:

Microsoft
Yahoo
Google

If you have problems getting your IP removed from such a list, please write an e-mail with the error message and the IP to support@contabo.com. We will help you solving this problem.

Additional points

If you have paid attention to all the points so far, and your e-mails have still problems with reaching the recipient or are landing in the spam folder, it is time to look for the reason in close detail. Have you got a reply when the e-mail was not accepted? Read this e-mail carefully. Often there stands the reason for this behaviour! If you have found such a message, but it does not help you, you are free to sent it with the complete header to our support. Our team of experts at support@contabo.com has a lot of experience with solving such problems!

If the e-mail is arriving but landing in spam, the header of the received e-mail will often contain useful hints. Especially Google makes it easy for the owners of small e-mail servers and often adds a link to its e-mail guidelines. Therefore, it might be useful to send a test e-mail to a Gmail address too, for a further analysis!

Please also take a look on the free MX-Toolbox SMTP Check. Here you have to enter the domain of your e-mail address. The site will test your configuration for common problems!

If nothing helped

If you have worked through the whole tutorial, and there are still problems with sending e-mails, or you need help at some point, you can contact our support. We are there for you everyday from 8:00 to 23:00 (German time) at support@contabo.com.