by Anil Jalela | May 14, 2021 | Linux
// Soft Bounce Rules
Soft,4.3.2 service shutting down
Soft,522_mailbox_full
Soft,542 Rejected
Soft,550 5.7.1 Unable to relay
Soft,550 authentication required
Soft,550 blacklisted
Soft,550 Content Rejected
Soft,550 POSSIBLE SPAM
Soft,550 Protocol violation
Soft,550 Rejected
Soft,550 Rule imposed mailbox access for
Soft,550 Spam
Soft,550 System error
Soft,550 This message scored
Soft,554 5.7.0 Reject
Soft,554 5.7.1
Soft,554 Message rejected
Soft,554 Transaction failed
Soft,5.7.1 Blocked
Soft,5.7.1 bulkmail
Soft,5.7.1 Content-Policy reject
Soft,5.7.1 Message cannot be accepted, spam rejection
Soft,5.7.1 Message rejected
Soft,5.7.1 reject content
Soft,5.7.1 Rejected as SPAM
Soft,5.7.1 Rejected – listed at
Soft,5.7.1 Transaction failed
Soft,5.7.1 URL/Phone Number Filter
Soft,Account closed due to inactivity
Soft,account expired
Soft,Account inactive
Soft,Account inactive as unread
Soft,account is full
Soft,Address does not pass the Sender Policy Framework
Soft,addresses are not active anymore.
Soft,all relevant MX records point to non-existent hosts
Soft,appears to be spam
Soft,a stray CR character
Soft,blackhole
Soft,blacklist
Soft,Blacklisted
Soft,black listed url host
Soft,blocked
Soft,Blocked address
Soft,blocked as spam
Soft,blocked because it contains FortiGuard – AntiSpam blocking URL
Soft,blocked by filter rules
Soft,Blocked by policy
Soft,Blocked by SPAM
Soft,Blocked for abuse
Soft,Blocked for spam
Soft,blocked using
Soft,bulk mail rejected
Soft, but connection died
Soft,but sender was rejected
Soft,cannot store document
Soft,Can’t create output
Soft,Can’t open mailbox
Soft,CNAME lookup failed temporarily
Soft,Command died with status
Soft,Command rejected
Soft,Command time limit exceeded
Soft,Connection refused
Soft,Connection refused due to abuse
Soft,Connection timed out
Soft,considered unsolicited bulk e-mail
Soft,content filter
Soft,could indicate a mail loop
Soft,Could not complete sender verify callout
Soft,deferred
Soft,delivery expired (message too old)
Soft,Delivery failed 1 attempt
Soft,Delivery failed: Over quota
Soft,delivery temporarily suspended
Soft,delivery time expired
Soft,delivery was refused
Soft,Denied by policy
Soft,detected an unusual rate of unsolicited mail originating from
Soft,disk full
Soft,DNSBL:To request removal of
Soft,does not have a valid PTR record associated with it.
Soft,does not have enough space
Soft,email has been identified as SPAM
Soft,email is considered spam
Soft,email rejected due to security policies
Soft,envelope sender is in my badmailfrom
Soft,errno=28
Soft,Error: content rejected
Soft,Error in processing
Soft,error on maildir delivery
Soft,Error opening input/output file
Soft,Error: SPAM
Soft,exceeded his/her quota
Soft,exceeded storage allocation
Soft,exceeded the space quota
Soft,exceed mailbox quota
Soft,exceed maximum allowed storage
Soft,exceeds allowed message count
Soft,exceeds size limit
Soft,exceed the quota for the mailbox
Soft,expired
Soft,extended inactivity new mail is not currently being accepted
Soft,extremely high on spam scale
Soft,Failed; 4.4.7 (delivery time expired)
Soft,failed on DATA command
Soft,File too large
Soft,filter rejection
Soft,Forbidden for policy reasons
Soft,has been quarantined
Soft,has exceeded maximum attachment count limit
Soft,has exceeded the max emails per hour
Soft,has installed an invalid MX record with an IP address instead of a domain name on the right hand side.
Soft,headers consistent with spam
Soft,high on spam
Soft,high spam probability
Soft,Hop count exceeded
Soft,HTML tag unacceptable
Soft,http://postmaster.info.aol.com/errors/421dynt1.html
Soft,identified SPAM
Soft,inactive user
Soft,Inbox is full
Soft,incoming mailbox for user
Soft,insufficient disk space
Soft,internal server error
Soft,internal software error
Soft,invalid message content
Soft, is FULL
Soft,is no longer active. Please in the future only send to the
Soft,is not accepting mail from this sender
Soft,is on RBL list
Soft,is refused. See http://spamblock.outblaze.com
Soft,it is spam
Soft,junk mail
Soft,JunkMail rejected
Soft,limits for how many messages can be sent per hour and per day
Soft,Line too long
Soft,listed in multi.surbl.org
Soft,looked like SPAM
Soft,loop count exceeded
Soft,loops back to myself
Soft,lost connection with
Soft,Mail appears to be unsolicited
Soft,Mailbox_currently_suspended
Soft,Mailbox disabled
Soft,Mailbox disk quota exceeded
Soft,mailbox full
Soft,Mailbox has exceeded the limit
Soft,mailbox is full
Soft,mailbox_quota_exceeded
Soft,mail box space not enough
Soft,mailbox temporarily disabled
Soft,Mail contained a URL rejected by SURBL
Soft,maildir delivery failed
Soft,maildir has overdrawn his diskspace quota
Soft,mailfolder is full
Soft,Mail From IP Banned
Soft,Mail only accepted from IPs with valid reverse lookups
Soft,Mail rejected by Windows Live Hotmail for policy reasons
Soft,mail rejected for spam
Soft,mail server is currently blocked
Soft,malformed or unexpected name server reply
Soft,marked by Telerama as SPAM
Soft,Message blocked
Soft,Message cannot be accepted, content filter rejection
Soft,message classified as bulk
Soft,Message classified as spam by Bogofilter
Soft,message contains potential spam
Soft,Message contains unacceptable attachment
Soft,message content rejected
Soft,Message Denied: Restricted attachment
Soft,Message detected as spam
Soft,message filtered
Soft,message from policy patrol email filtering
Soft,message held before permitting delivery
Soft,Message held for human verification
Soft,Message identified as SPAM
Soft,message is banned
Soft,message is larger than the space available
Soft,message looks like a spam
Soft,message looks like spam
Soft,Message not allowed by spam
Soft,message refused
Soft,Message rejected
Soft,Message rejected because of unacceptable content
Soft,Message rejected: Conversion failure
Soft,Message rejected due to content restrictions
Soft,Message rejected due to the attachment filtering policy
Soft,message that you send was considered spam
Soft,message that you sent was considered spam
Soft,Message would exceed
Soft,message would exceed quota
Soft,Name service error
Soft,no longer accepts messages with
Soft,not able to receive any more mail
Soft,not accepting mail with attachments or embedded images
Soft,not capable to receive mail
Soft,not delivered for policy reasons
Soft,Not enough storage space
Soft,One of the words in the message is blocked
Soft,only accepts mail from known senders
Soft,on spam scale
Soft,operation timed out
Soft,over disk quota
Soft,over quota
Soft,Over quota
Soft,over the allowed quota
Soft,over their disk quota
Soft,over the maximum allowed mailbox size
Soft,over the maximum allowed number of messages
Soft,over the storage quota
Soft,permission denied
Soft,Please receive your mail before sending
Soft,Please verify the accuracy of the address you are attempting to reach
Soft,Please visit http://bounce.emailsrvr.com/?a0
Soft,possible spam
Soft,Quota exceed
Soft,quota exceeded
Soft,Quota exceeded
Soft,quota for the mailbox
Soft,Quota violation
Soft,recipient exceeded dropfile size quota
Soft,Recipient exceeded email quota
Soft,recipient storage full
Soft,refused to talk to me: 452 try later
Soft,rejected as bulk
Soft,rejected by an anti-spam
Soft,rejected by anti-spam
Soft,rejected By DCC
Soft,Rejected by filter processing
Soft,rejected by spam-filter
Soft,rejected for policy reasons
Soft,Rejected RBL
Soft,Remote host said: 542 Rejected
Soft,Remote host said: 554 Failure
Soft,Remote sending only allowed with authentication
Soft,Requested mailbox exceeds quota
Soft,Resources temporarily not available
Soft,Resources temporarily unavailable
Soft,SC-001 Mail rejected by Windows Live Hotmail for policy reasons.
Soft,sender denied
Soft,sender id (pra) not permitted
Soft,Sender is on domain’s blacklist
Soft,Sender verification error
Soft,several matches found in domino
Soft,Sorry, I wasn’t able to establish an SMTP connection
Soft,Sorry, message looks lik
Soft,sorry, that domain isn’t in my list of allowed rcpthosts
Soft,spam
Soft,spamblock
Soft,Spam detected
Soft,Spam Detector
Soft,spam filter
Soft,Spam is not allowed
Soft,Spam limit has been reached
Soft,SPAM not accepted
Soft,Spam origin
Soft,Spam rejected
Soft,Status: 5.2.2
Soft,Storage quota reached
Soft,SURBL filtered by
Soft,system not accepting network messages
Soft,temporarily deferred
Soft,Temporary error on maildir delivery
Soft,temporary failure
Soft,temporary problem
Soft,The current email address has change
Soft,The host does not have any mail exchanger
Soft,The incoming mailbox for user
Soft,The user has not enough diskspace available
Soft,The user’s space has used up.
Soft,they are not accepting mail
Soft,this account has been disabled or discontinued
Soft,This account is not allowed
Soft,this e-mail domain no longer exists
Soft,This is no longer
Soft,This message does not comply with required standards
Soft,This message has been blocked
Soft, This message has been blocked because it contains FortiSpamshield blocking URL
Soft,This message has been flagged as spam
Soft,this message has been in the queue too long
Soft,This message is looping
Soft,this message scored
Soft,timed out while receiving the initial server greeting
Soft,TLS connect failed: timed out
Soft,too many messagens on this mailbox
Soft,too many messages in this mailbox
Soft,too many messages on this mailbox
Soft,Too many results returned
Soft,triggered a spam block
Soft,try again later
Soft,unable to connect successfully to the destination mail server
Soft,Unable to create a dot-lock
Soft,unable to deliver a message to
Soft,Undeliverable message
Soft,unreachable for too long
Soft,unsolicited
Soft,user account disabled
Soft,user account is expired
Soft,User account is overquota
Soft,user has full mailbox
Soft,User hasn’t entered during last
Soft,User is inactive
Soft,user is invited to retry
Soft,user is over quota
Soft,User is overquota
Soft,user is over their quota
Soft,User mailbox exceeds allowed size
Soft,user mailbox is inactive
Soft,user overdrawn his diskspace quota
Soft,user path does not exist
Soft,user path no exist
Soft,was sent to an incorrect email address and will not reach the intended recipient
Soft,won’t accept this email
Soft,You have been blocked by the recipient
Soft,Your email has been automatically rejected
Soft,Your e-mail was rejected for policy reasons on this gateway
Soft,Your message was rejected because it appears to be part of a spam bomb
Soft,your received: header counts
Soft,You will need to add a PTR record (also known as reverse lookup) before you are able to send email into the iiNet network.
// Hard Bounce Rules
Hard,550 5.1.1
Hard,550 5.1.1 User unknown
Hard,550_Invalid_recipient
Hard,554 delivery error: This user doesn’t have
Hard,554 denied
Hard,5.7.1 Unable to deliver to
Hard,access denied
Hard,account closed
Hard,Account closed due to inactivity
Hard,account deactivated
Hard,account does not exist
Hard,account expired
Hard,Account has been suspended
Hard,account has been temporarily suspended
Hard,Account inactive
Hard,Account inactive as unread
Hard,account is locked
Hard,account is not active
Hard,Action: failed
Hard,address does not exist
Hard,address doesn’t exist
Hard,Addressee unknown
Hard,Address invalid
Hard,address is no longer active
Hard,address is not valid
Hard,Address rejected
Hard,Although I’m listed as a best-preference MX or A for that host
Hard,an MX or SRV record indicated no SMTP service
Hard,Authentication required for relay
Hard,bad address
Hard,bad address syntax
Hard,bad destination email address
Hard,bad destination host
Hard,Bad destination mailbox address
Hard,Blocked address
Hard,Cannot relay
Hard,Cannot resolve the IP address of the following domain
Hard,can’t create user output file
Hard,couldn’t find any host named
Hard,deactivated due to abuse
Hard,deactivated mailbox
Hard,delivery failed; will not continue trying
Hard,Delivery to the following recipient failed permanently
Hard,Delivery to the following recipients failed
Hard,destination addresses were unknown
Hard,Destination server rejected recipients
Hard,disabled due to inactivity
Hard,disabled mailbox
Hard,dns loop
Hard,> does not exist
Hard, does not exist
Hard,_does_not_exist_here
Hard,does not have an email
Hard,does not like recipient
Hard,doesn’t have an account
Hard,doesn’t_have_a_yahoo
Hard,Domain does not exist; please check your spelling
Hard,domain missing or malformed
Hard,Domain must resolve
Hard,Domain not used for mail
Hard,email has changed
Hard,email name is not found
Hard,extended inactivity new mail is not currently being accepted
Hard,host not found
Hard,Host or domain name not found
Hard,I am no longer with
Hard,I couldn’t find a mail exchanger or IP address
Hard,I couldn’t find any host by that name
Hard,I couldn’t find any host named
Hard,I have now left
Hard,illegal host/domain
Hard,inactive on this domain
Hard,inactive user
Hard,invalid address
Hard,Invalid Address
Hard,invalid domain mailbox user
Hard,invalid e-mail address
Hard,Invalid final delivery user
Hard,invalid mailbox
Hard,Invalid or unknown virtual user
Hard,invalid recipient
Hard,Invalid User
Hard,is currently not permitted to relay
Hard, is disabled
Hard,isn’t in my list of allowed recipients
Hard,loop: too many hops
Hard,Mailaddress is administratively disabled
Hard,Mailaddress is administrativley disabled
Hard,Mailbox currently suspended
Hard,Mailbox_currently_suspended
Hard,Mailbox disabled
Hard,mailbox (.*) does not exist
Hard,mailbox is currently unavailable
Hard,mailbox is not valid
Hard,mailbox not available
Hard,mailbox not found
Hard,mailbox temporarily disabled
Hard,mailbox unavailable
Hard,mail receiving disabled
Hard,mail server permanently rejected message
Hard,message could not be delivered
Hard,message could not be delivered for ‘d+ days
Hard,message refused
Hard,name or service not known
Hard,No DNS information was found
Hard,no existe
Hard,no longer available
Hard,no longer in use
Hard,No mailbox here by that name
Hard,no matches to nameserver query
Hard,non esiste
Hard,no recipients
Hard,no route to host
Hard,No such account
Hard,no such address
Hard,no such domain
Hard,No such domain at this location
Hard,No such mailbox
Hard,No such recipient
Hard,No such user
Hard,no such user here
Hard,No such user here
Hard,No such virtual user here
Hard,not a gateway
Hard,not an active address
Hard,not a recognised email account
Hard,not a valid email account
Hard,not a valid mailbox
Hard,Not a valid recipient
Hard,not a valid user
Hard,not have a final email delivery point
Hard,not known at this site
Hard,not listed in domino directory
Hard,not our customer
Hard,not permitted to relay through this server
Hard,no users here by that name
Hard,no valid recipients
Hard,Permanent error in automatic homedir creation
Hard,permanent fatal delivery
Hard,permanent fatal errors
Hard,PERM_FAILURE:
Hard,permission denied
Hard,Please check the recipients e-mail address
Hard,Recipient address rejected
Hard,recipient is invalid
Hard,recipient never logged onto
Hard,Recipient no longer on server
Hard,Recipient not allowed
Hard,recipient not found
Hard,recipient rejected
Hard,recipient’s account is disabled
Hard,recipients are invalid
Hard,Recipient unknown
Hard,relaying denied
Hard,relaying disallowed
Hard,Relaying is prohibited
Hard,relaying mail to
Hard,Relaying not allowed
Hard,relay not permitted
Hard,Remote host said: 550 5.1.1 No such user
Hard,Remote host said: 553
Hard,Requested action not taken: mailbox unavailable
Hard,retry time not reached for any host after a long failure period
Hard,retry timeout exceeded
Hard,said: 550 5.2.1
Hard,said: 553 sorry,
Hard,Sender verify failed
Hard,server doesn’t handle mail for that user
Hard,Sorry, I wasn’t able to establish an SMTP connection
Hard,sorry, no mailbox
Hard,Status: 5.1.1
Hard,Status: 5.2.1
Hard,The following recipients are unknown
Hard,The mailbox is not available on this system
Hard,The recipient cannot be verified
Hard,The recipient name is not recognized
Hard,There is no user by that name
Hard,they are not accepting mail from
Hard,this account has been disabled or discontinued
Hard,This account is not allowed
Hard,This address does not receive mail
Hard,This address is no longer valid
Hard,This address no longer accepts mail
Hard,This Gmail user does not exist
Hard,This is a permanent error
Hard,This is a permanent error; Ive given up. Sorry it didnt work out.
Hard,This is a permanent error. The following address
Hard,This mail server requires authentication when attempting to send to a non-local e-mail address.
Hard,This recipient e-mail address was not found
Hard,This system is not configured to relay mail
Hard,This user doesn’t have a
Hard,This user doesn’t have a yahoo
Hard,this user doesn’t have a yahoo.com account
Hard,too many hops, this message is looping
Hard,Unable to chdir to maildir
Hard,Unable to find alias user
Hard,Unable to relay for
Hard,unable to validate recipient
Hard,unavailable mailbox
Hard,unavailable to take delivery of the message
Hard,undeliverable to the following
Hard,Unknown account
Hard,unknown address
Hard,Unknown address error
Hard,unknown address or alias
Hard,Unknown destination address
Hard,unknown email address
Hard,Unknown local part
Hard,Unknown local-part
Hard,unknown or illegal alias
Hard,unknown recipient
Hard,unknown user
Hard,unknown user account
Hard,UNKNOWN_USER: No such user
Hard,unrouteable address
Hard,Unrouteable address
Hard,unrouteable mail domain
Hard,user account disabled
Hard,user account is expired
Hard,User Does Not Exist
Hard,User hasn’t entered during last
Hard,user invalid
Hard,User is inactive
Hard,user is no longer available
Hard,User is unknown
Hard,user mailbox is inactive
Hard,user mailbox is inactive
Hard,user not found
Hard,User not known
Hard,User reject the mail
Hard,user unknown
Hard,user_unknown
Hard,User unknown
Hard,User unknown in local recipient table
Hard,User unknown in virtual alias table
Hard,User unknown in virtual mailbox
Hard,User unknown in virtual mailbox table
Hard,was not delivered to
Hard,we do not relay
Hard,Your e-mail has not been delivered
Hard,Your email has not been delivered
Hard,Your mail has not been delivered
by Anil Jalela | Dec 11, 2020 | Linux
The “From:” line of an email newsletter should identify the sender and be quickly recognizable to the recipient. Studies have shown that when viewing their inbox, readers start by looking at the From line; engaging readers here have been shown to increase open rates. useless special characters and domain name.
The subject line should be engaging and benefit-oriented and talk about the content of this issue of the email newsletter. The key message in the subject line should be first; subject lines are often truncated. When writing subject lines, companies should be sure they don’t sound “spammy” by avoiding over-the-top claims and language favored by less reputable emailers.
Subject lines get truncated at all different lengths, but the shortest is on mobile. Android truncates at 24 characters Apple truncates at 31. A study from Informz provided data saying shorter email subject lines performed the best. These include email subject lines that were 10 characters or fewer. After the email subject lines of 10 or fewer characters, email subject lines of 50-59 characters in length were the second most popular. I’ve seen other studies that long subject lines work great too … so maybe test both. The long ones might get cut off and might be more clickable because they’re cut off.
Encourage signups to alternate lists just in case they decide to unsubscribe from your email lists later on down the road. Depending on your email template’s design, place the icons in the right or left navigation to give them prominence.
Not hide the unsubscribe button against CAN-SPAM regulations to omit your unsubscribe button, but making the button prominent makes subscribers feel more secure. It also keeps people from hitting the “spam” button and getting you blacklisted from important email domains.
Commercial emails sent to mobile phones must include clear identification (who are you?) as well as an easy way to unsubscribe and a physical mailing address for your business. You must give the subscriber a way to opt-out in the same way that they opted in – as in, you can’t ask them to call a phone number to get off your list when they subscribed online.
Make sure that the frequency of the send and the content are consistent with what subscribers were told when they signed up. Ask readers to share your email newsletter with their friends and colleagues. Provide those who receive a forwarded issue an easy way to sign-up themselves.
Data from eye-tracking marketers have shown that the left side of the screen is the main focus of email readers. Therefore, the left side should be where your email images are placed (and maybe your ads too!). For our newsletters with two columns, we vary from this rule with ads on the right.
Emails should be 600-800 pixels maximum width. This will make them behave better within the preview-pane size provided by many clients. ex-thunder outlook and Apple devices, AOL 660px yahoo640PX
There should be a balance between editorial and promotional content—60%/40% is the rule. The newsletter should be a manageable length to read online, usually 2 to 3 printed pages.
Design for simplicity. Use grid-based layers and avoid complicated elements that require HTML floats or positioning.
Assume images will be initially blocked by email clients, or that certain images—background images, for example—will completely fail to load.
Since version 2007, Outlook has provided zero background image support. When using layered images in your design, be sure they can degrade gracefully. Always use a solid background color as a fallback for Outlook and make sure no crucial information or imagery exists solely in a background image.
Don’t design an email that’s essentially one large, sliced-up image. An image-heavy email will increase the chances of your email client flagging it as spam, resulting in damage to your sender reputation. While these kinds of emails look pretty, they perform poorly.
A company logo in the preview pane that’s instantly recognizable to readers is important; a strong benefit-oriented headline or newsletter title helps as well. Image blocking (which is getting more prevalent) makes it important to include a link to view the email online in case images aren’t visible. Also good—making sure that the key messages of the preview pane get delivered even if the images aren’t visible.
Many publishers choose to add a table of contents box into their preview pane. The table of contents should include links so that the reader can “jump” directly to the item in the newsletter or to the website with the full story.
As a general rule, the best way to avoid ending up in the dreaded Spam folder is to make sure that your emails reflect a balanced image to text ratio. Most email clients block images by default. With this in mind, incorporate text that summarizes the main point of your message: the offer, the announcement, the transaction taking place, the action for the consumer to take, etc. Some text — especially the main call to action — should be viewable upon opening the email, even if the images are shut off.
Use basic, cross-platform fonts such as Arial, Verdana, Georgia, and Times New Roman. Web fonts are not widely supported in an email, so in most cases, you’ll need a fallback. To circumvent the general lack of support available for handling these issues, stick with web-safe fonts like Arial, Helvetica, Tahoma, Times Roman, and Georgia. The font for mobile emails needs to be larger than that of standard emails. Apple will automatically increase a small font to be a minimum of 13 pixels. On Android devices, 16-18 scale-independent pixels are considered medium and large text sizes. Many designers recommend a minimum of a 14-pixel font for body text and a minimum of a 22-pixel font for headlines.
Avoid elements that require Flash or JavaScript. If you need the motion in an email, a .gif is your best bet. Don’t forget about mobile experience! Is your email readable at arm’s length on a small screen? Will the images slow their load time on a mobile device? Are your links easy to press with a thumb?
Code all structures using the table element. For more complicated layouts, you should nest tables to build complex structures. Use element attributes (such as cell padding, valign, and width) to set table dimensions. This forces a box-model structure.
Keep your CSS simple. Avoid compound style declarations (IE: “font:#000 12px Arial, Helvetica, sans-serif;”), shorthand code (IE: #000 instead of #000000), CSS layout properties (IE: slot, position, clear, visibility, etc.), complex selectors (IE: descendant, child or sibling selectors, and pseudo-elements)It’s true, CSS support in email has come a long way, and we can now incorporate some media queries to allow for responsive layouts — but by no means can we expect all clients and devices to support this yet.
Inline all CSS before sending.
Use only absolute links for images, and host those images on a reliable server.
Don’t bother with JavaScript or Flash—those technologies are largely unsupported by email clients.
Account for mobile-friendliness, if possible. Use media queries to increase text sizes on small screens, provide thumb-sized (~46x46px) hit areas for links. Make an email responsive if the design allows for it.
Readers have come to expect to find certain information in the footer of an email newsletter. Some of it, like a way to unsubscribe, is required by CAN-SPAM regulations (assuming the email’s purpose is promotional, not transactional). Other information is just best practice, like including a link to a subscription. Also, note that there are new Canadian email regulations in the market.
To first make sure you’re getting the best delivery rate, ask readers to “white list” you by adding your newsletter’s from address to their address book. Then conduct tests by scheduling your emails on different days and times to discover which delivery time works best. The timing of your delivery can also make or break your ability to reach readers. The email newsletter should be sent at regular intervals and delivered at an appropriate day/time (weekdays during business hours for B2B, weekends, or evenings for B2C).
Multipart MIME is used by most professional email marketers, and for mobile email design, that approach should not change. This format sends the email content in both HTML and plain text. Using Multipart MIME will assure your email content is available, even if the mobile device only allows text. And with that said, try to build your email template in as much basic HTML as possible, because CSS is sometimes blocked and can get screwy depending on what email client is opening it.
Test, test, test. Create email accounts across various services, and send emails to yourself.
by Anil Jalela | Dec 10, 2020 | Linux
Intoduction
———–
Linux is not secured by default configurations.
Security can be added to it very high level, but must be balanced with functionality.
The correct Linux distribution must be chosen, and minimum installation done.
Patches must be diligently applied.
Syslog logs must be exported and analyzed periodically.
Network Services must be kept to a minimum.
User and groups must be periodically audited.
File/folder access control lists must be set.
File Integrity software may be used in high-security installations.
Application-specific security measures are also a must.
where to start
————–
Physical System Security.
Identifies open ports & running services.
Check installed software.
remote login security.
User Security.
Linux auditing using syslogd.
File System Security.
os security.
Physical System Security
————————
1)disable booting from CDs/DVDs, floppies, and external devices, and set a bios password.
2)set a password for the GRUB bootloader.
password hash using the command “grub-md5-crypt”.
Add the hash to the first line of /etc/grub.conf as follows:
password –md5 passwordhash
Identifies open ports & running services
—————————————-
# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 783814/httpd
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 325048/master
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 4550/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 645920/sendmail
tcp 0 0 0.0.0.0:48000 0.0.0.0:* LISTEN 17535/nimbus(contro
tcp 0 0 0.0.0.0:48001 0.0.0.0:* LISTEN 17574/nimbus(spoole
tcp 0 0 0.0.0.0:5666 0.0.0.0:* LISTEN 7959/nrpe
tcp 0 0 0.0.0.0:48006 0.0.0.0:* LISTEN 17588/nimbus(hdb)
tcp 0 0 0.0.0.0:587 0. 0.0.0:* LISTEN 312402/master
tcp 0 0 127.0.0.1:10027 0.0.0.0:* LISTEN 135878/perl
tcp 0 0 127.0.0.1:10028 0.0.0.0:* LISTEN 312402/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 17020/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 1009332/memcached
tcp 0 0 0.0.0.0:15243 0.0.0.0:* LISTEN 16806/vsftpd
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 15386/httpd
tcp 0 0 :::22 :::* LISTEN 4550/sshd
tcp 0 0 :::80 :::* LISTEN 2180/httpd
udp 0 0 0.0.0.0:48000 0.0.0.0:* 17535/nimbus(contro
udp 0 0 127.0.0.1:11211 0.0.0.0:* 1009332/memcached
Stop unused service or filter port for specific ips.
Some services are not open port but create socket so find which service running
/sbin/chkconfig –list |grep ‘3:on’
(For EL7 /usr/bin/systemctl list-unit-files)
root@anil:~# /sbin/chkconfig –list |grep ‘3:on’
abrt-ccpp 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrt-oops 0:off 1:off 2:off 3:on 4:off 5:on 6:off
abrtd 0:off 1:off 2:off 3:on 4:off 5:on 6:off
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
atd 0:off 1:off 2:off 3:on 4:on 5:on 6:off
auditd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
blk-availability 0:off 1:on 2:on 3:on 4:on 5:on 6:off
cpuspeed 0:off 1:on 2:on 3:on 4:on 5:on 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
dkimproxy 0:off 1:off 2:off 3:on 4:on 5:on 6:off
haldaemon 0:off 1:off 2:off 3:on 4:on 5:on 6:off
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
icinga 0:off 1:off 2:on 3:on 4:on 5:on 6:off
irqbalance 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iscsi 0:off 1:off 2:off 3:on 4:on 5:on 6:off
iscsid 0:off 1:off 2:off 3:on 4:on 5:on 6:off
kdump 0:off 1:off 2:off 3:on 4:on 5:on 6:off
lvm2-monitor 0:off 1:on 2:on 3:on 4:on 5:on 6:off
mailgraph 0:off 1:off 2:on 3:on 4:on 5:on 6:off
messagebus 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
npcd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
nrpe 0:off 1:off 2:on 3:on 4:on 5:on 6:off
pmtadbloader 0:off 1:off 2:on 3:on 4:on 5:on 6:off
pmtamc 0:off 1:off 2:on 3:on 4:on 5:on 6:off
pmtapgsql 0:off 1:off 2:on 3:on 4:on 5:on 6:off
postfix 0:off 1:off 2:on 3:on 4:on 5:on 6:off
puppetserver 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rrdcached 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
sysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:off
udev-post 0:off 1:on 2:on 3:on 4:on 5:on 6:off
root@anil:~#
Also lsof can be used
Once you’ve find out any unwanted service are running, disable it using below command.
# chkconfig serviceName off
Note:- Do not stop services which you don’t know because it is create problem when booting any system .e.g you are on grapical mode (level 5) and stop gpm then at that time mouse will not working
Check installed software
————————
Check installed software using “rpm -qa –last” and ensure latest versions of packages are installed – especially those that are used by lower-privileged users: httpd, openssh, kernel, sendmail, etc.
Possibly not required software remove it from system.
NFS and related services: autofs, nfs, nfsserver, nfslock
Unused networking services: routed, gated, ratvf, snmpd, named, dhcpd, dhclient, dhrelay, nscd, smb.
Mail Services: Sendmail, postfix.
Optional network and local services: atd, ldap, kudzu, rhnsd, ypbind, apache, quota, quotad, myself, etc.
Printing services: lpr, cups, lprng.
# yum remove package-name.
Note:- Before type yes or “y”, make sure this package does not break your setup. For Eg, when you remove the postfix that will remove the dependent rpm crontab. It will break your scheduled service.
remote login security
———————
main configuration file sshd_config make necessary change as per below.
PermitRootLogin no
AllowUsers username
Protocol 2
remove telnet-server and rssh
Banner /some/Banner file path with security warning
No user must login directly as ‘root’.
Administrators must login with their own accounts, and then use ‘su’ to become root.
This ensures accountability
Viable alternative is the ‘sudo’ utility, which allows:
Listing of privileged accounts.
Actions that can be taken by these accounts.
Download from http://www.courtesan.com/sudo/intro.html
Time out of logged in user, so he has to re-authenticate in order to use ‘sudo’
User Security
————-
:- Restrict Users to Use Old Passwords
his is very useful if you want to disallow users to use same old passwords. The old password file is located at /etc/security/opasswd. This can be achieved by using PAM module.
Add the following line to ‘auth‘ section in “/etc/pam.d/system-auth”.
auth sufficient pam_unix.so likeauth nullok
:- Enforcing Stronger Passwords
vi /etc/pam.d/system-auth and set below line
/lib/security/$ISA/pam_cracklib.so retry=3 minlen=8 lcredit=-1 ucredit=-2 dcredit=-2 ocredit=-1
(lcredit, ucredit, dcredit and/or ocredit respectively lower-case, upper-case, digit and other)
:- Check Password Expiration of Users
chage -l username
# chage -l sysadm
Last password change : Jul 02, 2014
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
set password expires
#chage -M 60 -m 7 -W 7 userName
-M Set maximum number of days
-m Set minimum number of days
-W Set the number of days of warning
:- Lock and Unlock Account
# passwd -l accountName
# passwd -u accountName
:- Lock Cronjobs for users
Cron has it’s own built in feature, where it allows to specify who may, and who may not want to run jobs. This is controlled by the use of files called /etc/cron.allow and /etc/cron.deny. To lock a user using cron, simply add user names in cron.deny and to allow a user to run cron add in cron.allow file. If you would like to disable all users from using cron, add the ‘ALL‘ line to cron.deny file.
# echo ALL >>/etc/cron.deny
:- Disable CTR+ALT+DEL Restart using /etc/sysctl.conf
# Disable CTR+ALT+DEL Restart Keys
kernel.ctrl-alt-del = 1
:- User with Empty Passwords
check user which created but password not set .
# cat /etc/shadow | awk -F: ‘($2==””){print $1}’
No dormant or generic accounts present Accounts of separated users not present.
All system (non-user) accounts have /bin/false for the shell.
All system accounts have *NP* or *LK* in their password fields in /etc/shadow.
SOP exists for verifying validity of accounts in these files Every account in passwd has a corresponding entry in shadow.
Only one line contains 0 in the uid field in the passwd file.
Also known as Password Cracking
Use ‘Crack’ from http://www.users.dircon.co.uk/~crypto/download/c50-faq.html
Works on almost all Unix platforms, and is very fast
Also viable password cracker is John the Ripper
Set these tools running for a day or two and ferret out all weak passwords
Linux auditing using syslogd
—————————-
Configuration file is /etc/syslog.conf
Format is:
Facility.Priority Action to be taken.
Facility – the application/program that is generating the logs.
Priority – Emerg, alert, crit, err, warning, notice, info, debug, none.
Action – send it to a file, send it to console, send it via email, send it to another system (loghost).
Segregation of responsibilities – send logs to another system, where the security administrator has control.
/var/log/message – Where whole system logs or current activity logs are available.
/var/log/auth.log – Authentication logs.
/var/log/kern.log – Kernel logs.
/var/log/cron.log – Crond logs (cron job).
/var/log/maillog – Mail server logs.
/var/log/boot.log – System boot log.
/var/log/mysqld.log – MySQL database server log file.
/var/log/secure – Authentication log.
/var/log/utmp or /var/log/wtmp : Login records file.
/var/log/yum.log: Yum log files.
useful command check login and process :- last,lastlog,lastb
other command :- atop ,top –n 1 –b ,ps- aux, who,w, whoami,uptime.
:-use Tools for Log Analysis
Swatch – real-time monitoring of logs
Logsentry
Logwatch
File System Security
——————–
Unix Permissions are applicable to three entities:
Owner:Group:Everyone.
Three main permissions apply, with numeric representations
Read = 4 Write = 2 Execute = 1.
First character identified type of file “D = directory” “- = file” “S = socket” “L = link” “P = pipe”
Permissions of a new files are determined by the value umask so make sure all user run with default umask 0022
:-for check umask
# for user in $(awk -F: ‘{print $1}’ /etc/passwd); do printf “%-10s” “$user” ; su -c ‘umask’ -l $user 2>/dev/null; done
To avoid checking system user do :
# for user in $(awk -F: ‘( $3 >= 500 ){print $1}’ /etc/passwd); do printf “%-10s” “$user” ; su -c ‘umask’ -l $user 2>/dev/null; done
SUID and SGID files are executables that can be executed by anyone, but they execute with privileges of owner (usually root) or group – very critical checks!
# find / -perm –4000
# find / -perm –2000
https://www.rfxn.com/downloads/faf-current.tar.gz is best software to find and fix system
:-File Integrity
File Integrity can be verified:
Size and timestamp – can be modified to fool the auditor
MD5 hashes – secured method, but tedious.
File Integrity Software:
Must be used immediately after the installation.
Create a database of MD5 hashes of all critical files.
Monitor changes to these files and send alerts.
Tripwire – commercial, scalable, central console
AIDE – open-source, reasonably enterprise-levels
os security
———–
use TCPWrappers to restric service and port access
set limits for user process and open file
Keep System updated using yum update
Turn on SELinux Permissive :-
Enforcing: This is default mode which enable and enforce the SELinux security policy on the machine.
Permissive: In this mode, SELinux will not enforce the security policy on the system, only warn and log actions. This mode is very useful in term of troubleshooting SELinux related issues.
Disabled: SELinux is turned off.
do not use X Window System
Enable Iptables or other firewall
set /boot partition s read-only using vi /etc/fstab
LABEL=/boot /boot ext2 defaults,ro 1 2
Ignore ICMP or Broadcast Request using sysctl.conf
#Ignore ICMP request:
net.ipv4.icmp_echo_ignore_all = 1
#Ignore Broadcast request:
net.ipv4.icmp_echo_ignore_broadcasts = 1
diable ipv6 using /etc/sysconfig/network
NETWORKING_IPV6=no
IPV6INIT=no
make system security check regularly
Snort
nmap
nessus
openvas
nikto and other tools.
Vulnerability Databases
———————–
www.SecurityFocus.com/bid Feed in vendor, software and version number Check the vulnerabilities and see if any exploits available
Portscan Report – Superscan
Portscan Report – Nmap
