Security Blog

After this, Cyberpanel had finished it’s install. Before doing anything else on it, I SSH back in the command line and change the password for the admin user of Cyberpanel from it’s base password of 123456. This is an important step of hardening, as often times cyberattacks will try to break into everything with the default credentials to gain unauthorized access.

Connected to the Cyberpanel GUI by adding :8090 after typing the IP address in my browser, I’m prompted to log in as the admin user and can now begin configuring Cyberpanel. Here I create a website using the previously bought domain with DKIM enabled. This website doesn’t serve anything when visited, but was necessary as it configured the DNS records upon creation. After this I use a DNS lookup tool to ensure the DNS records have been updated properly.

After the website was done being created, I add and connect the previously created name servers and issue and SSL certificate to my email server. Issuing an SSL certificate is important because it encrypts the data exchanged between a user’s browser and a website, ensuring privacy and security. It also authenticates the website, building trust with users by confirming that the site is legitimate and protecting against attacks like man-in-the-middle.

Next I go back to the Linode server setup to update my reverse DNS (rDNS). This is an important step because without it, our email server would cease to work. Not having rDNS enabled on your email server can cause your emails to be blocked or marked as spam by receiving servers, as they use rDNS to verify the legitimacy of the sending server's IP address. Without rDNS, the receiving server may assume the email is suspicious and reject it.

Changing the rDNS takes a long time to propagate through the internet, but after about an hour at most the change is done. We can verify this through online tools to check DNS propagation. We check both the IP address and the website domain name.

After this is done, I return to Cyberpanel and create the first email for myself: philippe@theduboisclan.com. I use the built in email client on the Cyberpanel GUI to test sending and receiving emails from my main email address and everything is working well. However, the security of our email server is still missing something…

That’s right! The next step is adding and configuring a firewall, blocking off unneeded ports to ensure only the traffic we need to enter and leave can do so. I opt to set up a firewall directly on the server endpoint, and configure it to allow the following ports to be open. All ports are TCP unless otherwise specified.

• HTTP / HTTPS - 80, 443

• FTP - 21

• SMTP / SMTPS / SSMTP - 25, 587, 465

• POP3 / POP3S / IMAP / SIMAP - 100, 995, 143, 993

• DNS - UDP 53

• DNSTCP - 53

• QUIC - UDP 443

Again, I now test the sending and receiving of emails with this new firewalls, but the sending and receiving fails now. It continues to work properly when the firewall is disabled, so clearly I have missed some ports and need to review which others I need open. After some digging in the Cyberpanel forums, I found the documentation for Postfix and what ports needed to be open, I had missed the following ones:

• Cyberpanel - 8090

• FTPTLS - 40110 - 40210