Blog

Friday, 22 October 2021 08:54

How to fix if my IP is blacklisted by UCEPROTECT

Written by

If your IP or mailserver is blacklisted on UCEPROTECT, you don't have to worry about appearing on this

This blacklist is a scam, since they have blocked millions of legitimate IPs and request a financial amount in exchange for removing the IPs from their list.

We must be wary of blacklists where the payment of money is required for the elimination of your IP.

Many companies have already blocked the UCEPROTECT server globally as they are known for their shady tactics and false positives.

Here is an article from the well-known security company Sucuri, on this topic:

https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

Here is another that talks about the extortion that this company was doing, as early as 2009:

http://www.securitybydefault.com/2009/12/el-negocio-de-las-listas-antispam.html

The Telefónica Group, which has tens of millions of IPs, is also listed.

For an antispam system to be reliable, it must follow fair standards agreed by the majority of trusted IPS's in all countries. These rules are summarized here:

https://www.abuses.es/docus/abuses/urln.html

If a mail server rejects your emails because your IP is on the UceProtect Spam lists, it is a mail server that does not follow the guidelines recommended globally by the main Internet mail providers, and therefore it is a totally their problem and not yours, and in which case, your server/IP are NOT responsible.

Friday, 22 October 2021 08:32

How do I fix “DMARC Policy is Not Enabled”?

Written by

If you keep coming across the prompt “ DMARC policy not enabled” for your domain, that means that your domain is not protected against spoofing and impersonation with DMARC email authentication. You may often encounter this prompt while conducting reverse DNS lookups for your domain. However, it often has an easy fix to it. Through this article, we are going to take you through the various steps you need to implement to configure DMARC and set up the right policy for your domain so that you never have to come across the “DMARC policy is not enabled” prompt again!

Configuring DMARC to Protect Against Spoofing 

DMARC, which is the abbreviation for Domain-based Message Authentication, Reporting and Conformance, is a standard for authenticating outbound email messages, to ensure that your domain is adequately protected against BEC and direct-domain spoofing attempts. DMARC works by aligning the Return-path domain (bounce address), DKIM signature domain, and From: domain, to look for a match. This helps to verify the authenticity of the sending source and stops unauthorized sources from sending emails that appear to be coming from you.

Your company domain is your digital storefront that is responsible for your digital identity. Organizations of all sizes make use of email marketing to gain reach and engage their clients. However, if your domain gets spoofed and attackers send out phishing emails to your customers, that drastically impacts not only your email marketing campaigns, it also takes a toll on the reputation and credibility of your organization. This is why adopting DMARC becomes imperative to safeguarding your identity.

In order to start implementing DMARC for your domain:

  • Open your DNS management console
  • Navigate to the records section
  • Publish your DMARC record which you can generate easily using our free DMARC record generator tool and specify a DMARC policy to enable it for your domain (this policy will specify how the receiving MTA responds to messages failing authentication checks)
  • It can take 24-48 hours for your DNS to process these changes, and you’re done!
  • You can verify the correctness of your record using our free DMARC record lookup tool after configuring it for your domain

How to Fix “DMARC Quarantine/Reject Policy Not Enabled”

When you get a warning of “DMARC Quarantine/Reject policy not enabled” or sometimes just “DMARC policy not enabled” or “ No DMARC protection” that simply indicates to your domain is configured with a DMARC policy of none that allows monitoring only.

If you are just starting out on your email authentication journey, and you want to monitor your domains and email flow to ensure smooth email delivery, then we recommend you start off with a DMARC policy of none. However, a none policy offers zero protection against spoofing, and hence you will come across the frequent prompt: “DMARC policy not enabled”, where you are reminded that your domain isn’t adequately protected against abuse and impersonation.

In order to fix this, all your need to do is modify the policy mechanism (p) in your DMARC record from p=none to p=reject/quarantine, and thereby shift to DMARC enforcement. If your DMARC record was previously:

v=DMARC1; p=none; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

Your optimized DMARC record will be:

v=DMARC1; p=reject; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

Or, v=DMARC1; p=quarantine; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

I Fixed “DMARC Policy Not Enabled”, What Next?

After resolving the “DMARC policy not enabled” prompt, monitoring domains should be a continuous process to ensure DMARC deployment doesn’t affect your email deliverability, rather improves it. DMARC reports can help you gain visibility on all your email channels so that you never miss out on what’s going on. After opting for a DMARC enforcement policy, PowerDMARC helps you view your email authentication results in DMARC aggregate reports with easy-to-read formats that anyone can understand. With this, you might be able to see a 10% increase in your email deliverability rate over time.

Moreover, you need to ensure that your SPF doesn’t break due to too many DNS lookups. This can lead to SPF failure and impact email delivery. Dynamic SPF is an easy fix to stay under the SPF hard limit as well as updated on any changes made by your ESPs at all times.

Source: 

Monday, 11 October 2021 10:52

How to Install phpredis on CentOS 8 / RHEL 8

Written by

How do I install PHP extension called phpredis (php-redis) for interfacing with Redis cluster on CentOS 8 or RHEL 8?

The phpredis extension provides an API for communicating with the Redis key-value store. This Redis client implements most of the latest Redis API. One can use php-redis to talk with Redis server or cluster. This page provides instructions on how to install and configure the phpredis on CentOS 8 or RHEL 8 for PHP version 7.4.

 

Install phpredis on CentOS 8

Let us see all commands in details.

Step 1. Install yum utils

First, we need to install yum-utils CLI compatibility layer package, type the yum command:
sudo yum update
sudo yum install yum-utils

Sample outputs:

Last metadata expiration check: 0:26:29 ago on Sat Feb 15 18:56:33 2020.
Dependencies resolved.
===============================================================================
 Package                      Arch       Version              Repository  Size
===============================================================================
Installing:
 yum-utils                    noarch     4.0.8-3.el8          BaseOS      64 k
Installing dependencies:
 dnf-plugins-core             noarch     4.0.8-3.el8          BaseOS      62 k
 python3-dateutil             noarch     1:2.6.1-6.el8        BaseOS     251 k
 python3-dnf-plugins-core     noarch     4.0.8-3.el8          BaseOS     193 k
 python3-six                  noarch     1.11.0-8.el8         BaseOS      38 k
 
Transaction Summary
===============================================================================
Install  5 Packages
 
Total download size: 608 k
Installed size: 1.3 M
Is this ok [y/N]: y


Step 2 – Enable and install EPEL repo on CentOS 8

You need EPEL repo to install redis releated files. So turn it on, run:
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Update and check for epel repo, run:
sudo yum -y update

Step 3 – Install remi repo for PHP 7.4 and php74-php-pecl-redis5

Execute the following commands:
sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo yum -y update

Sample outputs:

 

Last metadata expiration check: 0:33:06 ago on Sat Feb 15 18:56:33 2020.
remi-release-8.rpm                              29 kB/s |  20 kB     00:00    
Dependencies resolved.
===============================================================================
 Package            Architecture Version              Repository          Size
===============================================================================
Installing:
 remi-release       noarch       8.0-4.el8.remi       @commandline        20 k
Installing dependencies:
 epel-release       noarch       8-5.el8              extras              22 k
 
Transaction Summary
===============================================================================
Install  2 Packages
 
Total size: 42 k
Total download size: 22 k
Installed size: 43 k
....

Step 4 – Set default PHP version

CentOS 8 offers various PHP versions using stream and we can see all versions with the following command:
sudo yum module list php

Let us use PHP 7.4.xx as it is supported until Noverber 2021. Run the following two commands to enable php version 7.4
sudo -y yum module reset php
sudo yum -y module enable php:remi-7.4

Sample outputs:

Last metadata expiration check: 0:04:41 ago on Sat Feb 15 19:30:48 2020.
Dependencies resolved.
===============================================================================
 Package           Architecture     Version            Repository         Size
===============================================================================
Enabling module streams:
 php                                remi-7.4                                  
 
Transaction Summary
===============================================================================
 
Complete!

Step 5 – Search for phpredis packge on CentOS 8

Now we have everything set up correctly on CentOS Linux 8 server. It is time to see what packages offered, run:
sudo yum search php-pecl-redis
sudo yum search php-pecl-redis5

Sample outputs:

============================== Name Exactly Matched: php-pecl-redis5 ==============================
php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
================================== Name Matched: php-pecl-redis5 ==================================
php70-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php71-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php72-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php73-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php74-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store

Step 6 – Installing phpredis on CentOS 8

For PHP version 7.4, we need to install the php74-php-pecl-redis5 (or php-pecl-redis5 which is selected by default when we enabled ‘php:remi-7.4’ stream ) package as follows:
sudo yum install php-pecl-redis5
Of course, you can install nginx or apache along with other PHP 7.4 modules if not installed on the server:
sudo yum install php-fpm php-common php-cli nginx php-mysqlnd php-pecl-redis5

Step 7 – Restart PHP or Nginx/Apache server

It depends upon your configuration, and you need to restart the Apache 2 or restart PHP-fpm service or restart/reload the Nginx service. Since I am using php-fpm as FastCGI process manager, I am going to use the following systemctl command:
sudo systemctl restart php-fpm.service
## OR ##
sudo systemctl reload php-fpm.service


Source:

The choice of a database management system is usually an afterthought when starting a new project, especially on the Web. Most frameworks come with some object-relational mapping tool (ORM) which more or less hides the differences between the different platforms and makes them all equally slow. Using the default option (MySQL in most cases) is rarely wrong, but it’s worth considering. Don’t fall into the trap of familiarity and comfort – a good developer must always make informed decisions among the different options, their benefits and drawbacks.

Database Performance

Historically, MySQL has had a reputation as an extremely fast database for read-heavy workloads, sometimes at the cost of concurrency when mixed with write operations.

PostgreSQL, also known as Postgres, advertises itself as “the most advanced open-source relational database in the world”. It was built to be feature-rich, extendable and standards-compliant. In the past, Postgres performance was more balanced - reads were generally slower than MySQL, but it was capable of writing large amounts of data more efficiently, and it handled concurrency better.

The performance differences between MySQL and Postgres have been largely erased in recent versions. MySQL is still very fast at reading data, but only if using the old MyISAM engine. If using InnoDB (which allows transactions, key constraints, and other important features), differences are negligible (if they even exist). These features are absolutely critical to enterprise or consumer-scale applications, so using the old engine is not an option. On the other hand, MySQL has also been optimized to reduce the gap when it comes to heavy data writes.

When choosing between MySQL and PostgreSQL, performance should not be a factor for most run-of-the-mill applications – it will be good enough in either case, even if you consider expected future growth. Both platforms are perfectly capable of replication, and many cloud providers offer managed scalable versions of either database. Therefore, it’s worth it to consider the other advantages of Postgres over MySQL before you start your next project with the default database setting.

Postgres Advantages over MySQL

Postgres is an object-relational database, while MySQL is a purely relational database. This means that Postgres includes features like table inheritance and function overloading, which can be important to certain applications. Postgres also adheres more closely to SQL standards.

Postgres handles concurrency better than MySQL for multiple reasons:

Postgres implements Multiversion Concurrency Control (MVCC) without read locks Postgres supports parallel query plans that can use multiple CPUs/cores Postgres can create indexes in a non-blocking way (through the CREATE INDEX CONCURRENTLY syntax), and it can create partial indexes (for example, if you have a model with soft deletes, you can create an index that ignores records marked as deleted) Postgres is known for protecting data integrity at the transaction level. This makes it less vulnerable to data corruption.

Default Installation and Extensibility of Postgres and MySQL

The default installation of Postgres generally works better than the default of MySQL (but you can tweak MySQL to compensate). MySQL has some outright weird default settings (for example, for character encoding and collation).

Postgres is highly extensible. It supports a number of advanced data types not available in MySQL (geometric/GIS, network address types, JSONB which can be indexed, native UUID, timezone-aware timestamps). If this is not enough, you can also add your own datatypes, operators, and index types.

Postgres is truly open-source and community-driven, while MySQL has had some licensing issues. It was started as a company product (with a free and a paid version) and Oracle’s acquisition of MySQL AB in 2010 has led to some concerns among developers about its future open source status. However, there are several open source forks of the original MySQL (MariaDB, Percona, etc.), so this is not considered a huge risk at the moment.

When to Use MySQL

Despite all of these advantages, there are still some small drawbacks to using Postgres that you should consider.

Postgres is still less popular than MySQL (despite catching up in recent years), so there’s a smaller number of 3rd party tools, or developers/database administrators available.

Postgres forks a new process for each new client connection which allocates a non-trivial amount of memory (about 10 MB).

Postgres is built with extensibility, standards compliance, scalability, and data integrity in mind - sometimes at the expense of speed. Therefore, for simple, read-heavy workflows, Postgres might be a worse choice than MySQL.

These are only some of the factors a developer might want to consider when choosing a database. Additionally, your platform provider might have a preference, for instance Heroku prefers Postgres and offers operational benefits to running it. Your framework may also prefer one over the other by offering better drivers. And as ever, your coworkers may have opinions!

If you have a view on database selection please add a comment below - we would love to hear your thoughts. If you liked this, you should follow us on Twitter. Check out our YouTube channel where we publish screencasts and other videos.