Bulk Email Server Guide: Tighten Security

Now that we have everything set up it's time to make sure our server is safe and backups are working. This is an optional but suggested step.

SSH Port

If you didn't do this already now is a perfect time. Go to "Services Config > SSH Configuration" and search for "Port 22". If needed uncomment it by removing ";" and change it to a number between 10000-60000.

Click "Save changes" at the bottom and go back to the main page of the control panel dashboard and Restart SSH by clicking on "Restart" next to it.

Restart SSH

Backups

It can always happen that your server's HDD fails or that the provider you choose goes out of business so it would be a shame if you'd lose all your data. Go to "SWP Settings > Backup Configuration" and set everything like in the picture below.

bulk email backups

This way your server will backup everything to /backup folder. You still have to download all files to your local computer so it might be better if you also set up the rsync backup option and copy all backups automatically to another server.

Disable FTP and BIND

If you are using Bitvise you don't need FTP running so it's best if you disable it. Go to "Services Config > Chkconfig manager" search for "pure-ftpd" and click the red "Off" on the right side.

While you are there you might also want to disable BIND since we are using CloudFlare for that. Search for "named" and disable it by clicking red "Off".

Firewall

This is very important but can block connections to and from your MTA servers if you configure it incorrectly. Make sure to come back to Firewall settings and open the ports you will use for PowerMTA and PowerMTA console, so your main server will be able to connect. For now, go to "Security > Firewall Manager" and enable it by clicking the "Enable Firewall" button. Your server will now only allow connections to ports you see in "Opened TCP \ UDP ports" while in Firewall Manager. Since you disabled FTP and BIND you can remove ports 21 and 53. Do this by clicking the green "Configure" button below the listed open ports and search for 21 and 53 and delete it from the list.

Restart the firewall by clicking on "Restart > Restart Firewall".

Important!

If during your setup you can't connect to your MTA servers make sure you have ports you use for SMTPs in PowerMTA opened.

Reboot

Just to be sure you did everything right and there will be no surprises later in case your VPS reboots, do it now with

reboot

If your server comes back online and you can access it you did everything right. If not the easiest solution is to start again with a clean install.

Having problems?
Please use the comments below for your questions. This way other users can benefit from provided answers. Please read this first!

This tutorial is a part of the complete Do It Yourself Bulk Email Server Guide. If you are interested in starting with email marketing or want to improve your delivery, open, and click rates I recommend that you follow it from the beginning. Almost 15 years in this business and many, many tests show that this is the best long-run solution for every mass email sender with a double opt-in, scraped, or bought list.

Join Hundreds of Happy Email Marketers!

Start the Guide Now!

This Post Has 5 Comments

  1. ninja

    Here are most frequent problems users have in this step.

    None so far.

  2. pritich

    Which ports should be kept open for powermta and pmc? Whether 21 and 53 ports should be remomved from incoming and outgoing,TCP and UDP in csf.conf? Should survival mode be set on before configuring firewall?

    1. ninja

      If you are not using FTP and BIND you can delete/block both port 21 and 53.

      For MC you must have port 8181 open and for pmta keep ports used for monitoring opened.

      There is no need to turn on survival mode.

      1. allisong

        i can’t find the area to allow port 8181

  3. allisong

    MY PowerMTA control panel is not opening after I created it hostname.domain.com:8181

Comments are closed.