Exactly what does SPF record mean? It’s highly suggested to possess SPF (Sender PolicyFramework) record for the domain, which is a kind of DNS record that categorizes the mail servers that are permitted to transmit mail within the interest of the domain. The primary concept of SPF record for the domain would be to avoid the spammers from delivering mails with fake from addresses around the domain names. For that readers to understand when the message that is declaring to become out of your domain through legal mail server, they can simply make reference to these SPF records. Should you create an SPF record for the domain where certain mail servers is offered as approved mail server for the domain. The recipient after finding the mail out of your domain, can verify together with your domain SPF record to ascertain if the content applies which is true only when the content is distributed from the server that’s been approved mail server for the domain and when the mail comes from every other server it will likely be immediately declined thinking about it junk e-mail through the recipient’s mail server. How you can add DKIM and SPF records in DNS configurations?To create domain key:
1) Login towards the user interface of Google Applications Administrator
2) Click “Advanced Tools” in the menu on the top from the page
3) Choose “Set up email authentication (DKIM)” in the Authenticate email section
4) Pick the domain title from drop lower list that the domain key needs to be produced.
5) Choose “Generate new record”
6) Complete the written text that needs to be utilized for DKIM selector prefix that is google automatically that may be modified in line with the user’s choice.
7) Click Generate Information is going to be displayed within the text box that’ll be helpful to produce DNS records to permit the readers extract public domain key.
Adding Domain Key produced to DNS records for the domain:
1) Login towards the administrator console that is distributed by your domain provider
2) Discover the page that DNS records could be up-to-date
3) Make use of the title and cost from Google applications control panel to produce TXT record ,the data are available in the authenticate email page from user interface of Google Applications.
4) Save the alterations.
Creating SPF record for domain:
1) Login for your domain’s administrative console
2) Look for the page where the DNS records could be up-to-date that you will have to allow advanced configurations.
3) Make use of this text: v=spf1 include:_spf.google.com ~all to produce a .txt record SPF record designed to use –all rather than ~all can provide problems associated with mail delivery.
4) Save the alterations For the changes completed to DNS records might take a minimum of 48 hrs to flow online.

This guide will show you how to install and configure APF firewall,
one of the better known Linux firewalls available.10

Requirements:

Root SSH access to your server

Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

3. tar -xvzf apf-current.tar.gz

4. cd apf-0.9.5-1/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

Installing APF 0.9.5-1: Completed.

Installation Details:

Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured;
they are simply presented for information purposes. You must manually configure all port options.

6. Lets configure the firewall: vi /etc/apf/conf.apf
We will go over the general configuration to get your firewall running.
This isn’t a complete detailed guide of every feature the firewall has.
Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org’s “block” list of top networks that have exhibited
suspicious activity.
FIND: USE_DS=”0?
CHANGE TO: USE_DS=”1?

7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500?
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53?

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1?

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089?
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53?

Ensim Servers
We have found the following can be used on Ensim Servers -
although we have not tried these ourselves as I don’t run Ensim boxes.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638?
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53?

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1?

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43?
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53?

Save the changes: Ctrl+X then Y

8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION]
-s|–start ……………………. load firewall policies
-r|–restart ………………….. flush & load firewall
-f|–flush|–stop ……………… flush firewall
-l|–list …………………….. list chain rules
-st|–status ………………….. firewall status
-a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall

9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to “0? after you’ve had a chance to ensure everything
is working well and tested the server out.

vi /etc/apf/conf.apf

FIND:APF DEVEL_MODE=”1?
CHANGE TO: APF DEVEL_MODE=”0?

10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

vi /etc/apf/ad/conf.antidos

There are various things you might want to fiddle with but I’ll get the ones that will alert you by email.

# [E-Mail Alerts]
Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME=”Your Company”
Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on]
USR_ALERT=”0?
Change this to 1 to get email alerts

# User for alerts to be mailed to
USR=”your@email.com“
Enter your email address to receive the alerts

Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r

11. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log

Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123

12. New – Make APF Start automatically at boot time
To autostart apf on reboot, run this:

chkconfig –level 2345 apf on

To remove it from autostart, run this:

chkconfig –del apf

13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right,
of course you do! With this new version APF now supports comments as well.
There are a few ways you can block an IP, I’ll show you 2 of the easier methods.

A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they’re instantly active.
Example:

./apf -d 185.14.157.123 TESTING

pico /etc/apf/deny_hosts.rules

Shows the following:

# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123

B) vi /etc/apf/deny_hosts.rules

You can then just add a new line and enter the IP you wish to block.
Before this becomes active though you’ll need to reload the APF ruleset.

/etc/apf/apf -r

14. Allowing IPs with APF Firewall (Unblocking)

I know I know, you added an IP now you need it removed right away!
You need to manually remove IPs that are blocked from deny_hosts.rules.

A) vi /etc/apf/deny_hosts.rules

Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.

/etc/apf/apf -r

B) If the IP isn’t already listed in deny_hosts.rules and you wish to allow it,
this method adds the entry to allow_hosts.rules

/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules
are loaded right away into the firewall, so they’re instantly active.
Example:

./apf -a 185.14.157.123 UNBLOCKING

pico /etc/apf/allow_hosts.rules

# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123

Udate OS, Apache and CPanel to the latest stable versions.

This can be done from WHM/CPanel.

Restrict SSH Access

To restrict and secure SSH access, bind sshd to a single IP that is different than the main IP to the server, and on a different port than port 22.

SSH into server and login as root.

At command prompt type: vi /etc/ssh/sshd_config

Scroll down to the section of the file that looks like this:

#Port 22
#Protocol 2, 1
#ListenAddress 0.0.0.0
#ListenAddress ::

Uncomment and change

#Port 22

to look like

Port 5678 (choose your own 4 to 5 digit port number (49151 is the highest port number)

Uncomment and change

#Protocol 2, 1

to look like

Protocol 2

Uncomment and change

#ListenAddress 0.0.0.0

to look like

ListenAddress 123.123.123.15 (use one of your own IP Addresses that has been assigned to your server)

Note 1: If you would like to disable direct Root Login, scroll down until you find

#PermitRootLogin yes

and uncomment it and make it look like

PermitRootLogin no

Save by pressing Ctrl o on your keyboard, and then exit by pressing Ctrl x on your keyboard.

Note 2: You can also create a custome nameserver specifically for your new SSH IP address. Just create one called something like ssh.xyz.com or whatever. Be sure to add an A address to your zone file for the new nameserver.

Now restart SSH

At command prompt type: /etc/rc.d/init.d/sshd restart

Exit out of SSH, and then re-login to SSH using the new IP or nameserver, and the new port.

Note: If you should have any problems, just Telnet into your server, fix the problem, then SSH in again. Telnet is a very unsecure protocol, so change your root password after you use it.

Disable Telnet

To disable telnet, SSH into server and login as root.

At command prompt type: vi /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

At command prompt type: /etc/init.d/xinetd restart

Server e-mail everytime someone logs in as root

To have the server e-mail you everytime someone logs in as root, SSH into server and login as root.

At command prompt type: pico .bash_profile

Scroll down to the end of the file and add the following line:

echo ‘ALERT – Root Shell Access on:’ `date` `who` | mail -s “Alert: Root Access from `who | awk ‘{print $6}’`” your@email.com

Save and exit.

Set an SSH Legal Message

To an SSH legal message, SSH into server and login as root.

At command prompt type: vi /etc/motd

Enter your message, save and exit.

Note: I use the following message…

“ALERT! You are entering a secured area! Your IP and login information
have been recorded. System administration has been notified.

This system is restricted to authorized access only. All activities on
this system are recorded and logged. Unauthorized access will be fully
investigated and reported to the appropriate law enforcement agencies.”

Now everytime someone logs in as root, they will see this message…

Disable Shell Accounts

Disable identification output for Apache

To disable the version output for proftp, SSH into server and login as root.

At command prompt type: vi /etc/httpd/conf/httpd.conf

Scroll (way) down and change the following line to

ServerSignature Off

Restart Apache

At command prompt type: /etc/rc.d/init.d/httpd restart

2)Get tarball using wget http://www.configserver.com/free/csf.tgz

3)tar -xvzf csf.tgz

4)cd csf

5)sh install.sh

6)csf -r

1.Login to ssh and type killall -9 httpd then try to restart http from cpanel 80% time it will work if it does not try step 2

2.Run Easy Apache from Cpanel select a different version of apache it should do the tick

It is sometimes possible that easy apache will fix the error but the error will reoccur after some days try step 3

3.  increase the ulimit for open files.

ulimit -n 10000 it should fix the issue  and it will not reoccur

Please leave a comment if you were not able to solve it using the above steps

Advantages of SEO Hosting UK

1.Ips from 12 Different City

2.Get High rankings in uk search engines and get more uk clients

3.We have plans starting from 10 ips uptil 20 ips we will be increasing that soon to 100 ips

for more details and costs visit

uk seo hosting Page