Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mail-tester.com Documentation #377

Merged
merged 20 commits into from
May 1, 2019
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ before_install:
- 'if [ "$TRAVIS_PULL_REQUEST" = "false" ]; then openssl aes-256-cbc -K $encrypted_8cdc3d1850ac_key -iv $encrypted_8cdc3d1850ac_iv -in deploy_key.enc -out deploy_key -d; fi'
install:
- pip install Sphinx===1.6.6
- pip install recommonmark
- pip install recommonmark==0.4.0
- pip install sphinxcontrib.youtube
script:
- ./tests.sh
Expand Down
7 changes: 7 additions & 0 deletions source/Domains/safedns/ttl.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,10 @@ Select `Product and Services` > `SafeDNS` > select your domain name > Under the
Please remember this value is in seconds and that the lowest value is `300` seconds.

Also note that there are a number of different factors that can affect the total propagation time of DNS record changes. Please see ["What factors affect DNS propagation time?"](/Domains/domains/dnspropagation.html) for more information.

```eval_rst
.. meta::
:title: Changing TTL (Time To Live) | UKFast Documentation
:description: Guidance on changing and understanding your TTL values.
:keywords: dns, safedns, ukfast, hosting, domains, ttl, propagation
```
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions source/operatingsystems/linux/mail/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,4 @@ Email is a complex and deep subject, but these guides should help cover the basi
postfix
dkim
spf
mailtester
63 changes: 63 additions & 0 deletions source/operatingsystems/linux/mail/mailtester.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# Testing Mail

Guidance on how to use `mail-tester.com` and understanding the results.

## **Purpose**
Mail-tester is used to test the 'quality' of emails - taking into consideration:
* Your message's content
* Your mailserver's configuration
* The IP address your mail is being sent from

## **How to use it**
Firstly, go to https://www.mail-tester.com in your browser. You should see something similar to:
![Mailtester_1](files/Mailtester1.png)

As instructed by the webpage, send the email you wish to test from the desired address (for example, sending a company newsletter from the appropriate address).

**You should avoid generic phrases such as** 'this is a test' **as it will likely be flagged as spam**.

Once you have sent the email, click the 'then check your score' button to proceed.

## **The results**
If no other tests were recently sent to the same address as your email, you will automatically be taken to the message sent (as below). From this, you can scroll down to see the full report.

![Mailtester_2](files/Mailtester2.png)

If your test results aren't displayed automatically, a list will appear for you to select from. This includes the subject line, spam rating, and how long ago the email was submitted.

### **Explanation of Results**
![Mailtester_3](files/Mailtester3.png)

### View of message
'Click here to view your message' simply displays your email's content in basic HTML & plain text view. The 'source' section within this gives more detailed information on the mail servers sending and receiving your mail (including their IP addresses, and what protocol was used to encrypt the email's content).

### SpamAssassin
[SpamAssassin](https://spamassassin.apache.org/) is a spam-filtering program, which uses various techniques to determine whether or not your mail will be flagged as spam. IN the example below, SpamAssassin found no issues as the records it
checks were valid, such as SPF.

SPF (Sender Policy Framework) records allow the recipient to check that your mail is authentic. The SPF record defines which mail servers are allowed to send from your domain (such as @ukfast.co.uk).

If any checks were unsuccessful, this will likely decrease the overall rating given by mail-tester. For example, SpamAssassin shows that this message is not signed with DKIM (this serves the same purpose as SPF by different means). While the lack of DKIM deducts 1/10 from the overall score, it isn;t entirely necessary as most spam filters won't consider its absence to be a huge concern.

![Mailtester_4](files/Mailtester4.png)

### Email Formatting

The fourth section evaluates how well formatted your email is. This includes:

* What percentage of your message is text - a lack of special characters and punctuation may suggest an email looks more like spam.

* Whether it includes images - image-based emails make it more difficult for spam filters to determine whether or not the content is malicious.

* Malicious code - including potentially dangerous elemnts such as javascript may be seen as a security risk and cause an email to be marked as spam. Using shortened URLs will also decrease the overall score, as they may be used to conceal the actual destination.

* Whether an 'unsubscribe' button is present - for marketing and mass emails, a method of unsubscribing must be provided by law (to comply with GDPR).

### Broken Links
The last section of mail-tester checks whether your mesage contains any links, and if they're broken. Links are considered to be broken when opening one gives an error code and doesn't load the content originally intended to be found there.

```eval_rst
.. meta::
:title: Using mail-tester.com | UKFast Documentation
:description: A guide to using mail-tester and understanding the results
:keywords: ukfast, mail, email, guide, tutorial, mail-tester, mailtester,
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
1 change: 1 addition & 0 deletions source/operatingsystems/windows/commonissues/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,4 @@ Common Issues
testingwebsites
wbem
iefiledownload
windowsupdates
61 changes: 61 additions & 0 deletions source/operatingsystems/windows/commonissues/windowsupdates.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
# Changing Windows Updates Installation Options

By default, the policy set for Windows servers is to install Windows Updates each Friday at 08:00. Microsoft release the updates on the second Tuesday of each month, so you'll typically see updates installed on the Friday after that.

This policy can be changed to suit your needs. For example, you may wish for this to take place during the night, when there will be less of an impact to business. We'll detail how to change this below.

* Log into your Windows server via Remote Desktop (RDP). Once you're logged in, click Start, and type "gpedit.msc". This will bring up the Local Group Policy Editor.

* From here, navigate to the following path:

Computer Configuration\Administrative Templates\Windows Components\Windows Update

* Then, click on the following option:

"Configure Automatic Updates"

You should then be able to see a window similar to the below image:

![AutomaticUpdates](Files/windowsupdates/ConfigureAutomaticUpdates.PNG)

* From here, you can change the day and time this is scheduled for.

Alternatively, you can drop down the first box, and choose one of the other four options:

![UpdateOptions](Files/windowsupdates/AutomaticUpdateOptions.PNG)

2 - Notify for Download and Notify for install

This option will require you to manually download and install updates. It's important that if you do choose this option, you ensure you keep on top of updates. These updates contain critical patches to exploits, bug fixes, and much more. If the updates aren't installed frequently, you could be left open to known vulnerabilities.

3 - Auto Download and Notify for install

This option is similar to the one explained above - however the updates will download automatically. It's important to note that, whilst the updates will download automatically, they *won't* install automatically. This still requires manual intervention to install the updates.

4 - Automatically download and schedule the install

This is the option we configure by default. This will handle the download and install of updates automatically for you.

5 - Allow local admin to choose setting

If your server is joined to an Active Directory domain, this allows the local administrator of the server to control how Windows Updates are downloaded/installed.




* Finally, once you've made your changes, you can ensure these are updated by doing the following:


* Click Start -> Type cmd.exe -> Right Click -> "Run as Administrator" -> Accept the UAC Prompt -> type "gpupdate /force".

![ForceGroupPolicyUpdate](Files/windowsupdates/ForceGroupPolicyUpdate.PNG)

Once this has completed, whatever options you've chosen will take effect.



```eval_rst
.. meta::
:title: Changing Windows Updates Options | UKFast Documentation
:description: Information and Instructions about Windows Updates installation options
:keywords: ukfast, windows, updates, change, date, time, update, group, policy
2 changes: 2 additions & 0 deletions source/operatingsystems/windows/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,9 @@ Windows
iis/index
mssql/index
networking/index
powershell/index
rdp/index
server2016/index
windowsadministration/index
tlsandschannel/index

29 changes: 29 additions & 0 deletions source/operatingsystems/windows/powershell/TLSInPowershell.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# TLS 1.2 in Powershell

By default, Powershell will use SSL3.0 and TLS1.0. This can prove problematic when performing web requests to sites that have disabled these insecure protocols, and you may see an error such as:


![TLSError](files/Powershell/PowershellTLSError.PNG)


In order to allow a connection to be established, we can force Powershell to use a more secure protocol, like TLS 1.2, using this command:

```
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
```

You can use this command to see what protocols will be used:

```
[Net.ServicePointManager]::SecurityProtocol
```

Voila! You can now establish a connection to the site over a secure protocol.

*Note, this will only change this for the current session. If you want this change to be persistent, you'll need to apply this change in your Powershell profile*

```eval_rst
.. meta::
:title: TLS connections in Powershell | UKFast Documentation
:description: Information and Instructions about Windows Powershell TLS options
:keywords: ukfast, windows, powershell, tls, ssl, secure, transport, layer, connection
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
10 changes: 10 additions & 0 deletions source/operatingsystems/windows/powershell/index.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
===
Tips
===

General tips for Windows Server.

.. toctree::
:maxdepth: 1

TLSInPowershell
36 changes: 24 additions & 12 deletions source/security/ddos/gettingstarted.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,13 +117,19 @@ Here's how to do this for NGiNX and Apache:
For NGiNX, insert this code into one of the `http` or `server` blocks in your configuration. This requires the [realip](https://nginx.org/en/docs/http/ngx_http_realip_module.html) module be compiled into nginx. You can confirm if this is already there with `nginx -V 2>&1 | grep -o realip`. If this outputs `realip`, you're good to go.

```
set_real_ip_from 185.156.64.0/24;
set_real_ip_from 23.170.128.0/24;
set_real_ip_from 2a02:21a8:1::/48;
set_real_ip_from 2a02:21a8:2::/48;
set_real_ip_from 2a02:21a8::/48;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
set_real_ip_from 185.156.64.0/24;
set_real_ip_from 23.170.128.0/24;
set_real_ip_from 192.166.44.0/24;
set_real_ip_from 78.24.88.0/24;
set_real_ip_from 195.69.102.0/24;
set_real_ip_from 2a02:21a8:1::/48;
set_real_ip_from 2a02:21a8:2::/48;
set_real_ip_from 2a02:21a8::/48;
set_real_ip_from 2a09:ba00:4::/48;
set_real_ip_from 2a09:b600:5::/48;
set_real_ip_from 2a09:b200:6::/48;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
```

Once you have added these into your configuration, test and reload your NGiNX configuration (e.g. `nginx -t && systemctl reload nginx`) to make the changes live.
Expand All @@ -135,11 +141,17 @@ For Apache 2.4 and above, you will need to use the [mod_remoteip](https://httpd.
```
<IfModule remoteip_module>
RemoteIPHeader X-Forwarded-For
RemoteIPTrustedProxy 185.156.64.0/24
RemoteIPTrustedProxy 23.170.128.0/24
RemoteIPTrustedProxy 2a02:21a8:1::/48
RemoteIPTrustedProxy 2a02:21a8:2::/48
RemoteIPTrustedProxy 2a02:21a8::/48
RemoteIPTrustedProxy 185.156.64.0/24;
RemoteIPTrustedProxy 23.170.128.0/24;
RemoteIPTrustedProxy 192.166.44.0/24;
RemoteIPTrustedProxy 78.24.88.0/24;
RemoteIPTrustedProxy 195.69.102.0/24;
RemoteIPTrustedProxy 2a02:21a8:1::/48;
RemoteIPTrustedProxy 2a02:21a8:2::/48;
RemoteIPTrustedProxy 2a02:21a8::/48;
RemoteIPTrustedProxy 2a09:ba00:4::/48;
RemoteIPTrustedProxy 2a09:b600:5::/48;
RemoteIPTrustedProxy 2a09:b200:6::/48;
</IfModule>
LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" ddosx

Expand Down