cPanel

Read receipts being marked as spam by MS

The most recent version of MailScanner contains a new feature called watermarking which is designed to prevent so-called backscatter bounces from joe-jobbing. Joe-jobbing is when a spammer sends out email from a spoofed email address on your server. The spam was not actually sent from your server, but your server receives the bounces from these spams.Watermarking in MailScanner adds an encrypted ‘watermark’ to each mail sent through your server, and any legitimate bounces (emails with a null sender) should contain this watermark. If a bounce does NOT contain the watermark, it is marked as spam. Unfortunately there is a bug in this system where read receipts from certain mail programs, which are sent with no sender so they look like bounces but they do not contain the watermark, are being marked as spam by MailScanner.Until this bug is fixed in MailScanner, if you are experiencing this problem we would recommend that you disable the watermarking feature. To do this, in the MailScanner configuration go to the section called “Watermarking” and set the options Use Watermarking, Add Watermark, and Check Watermarks with no sender to no, then click Change.

New cmm v1.07

Changes:

  • IMAP Trash folder included in quota/space/cleaning calculations
  • Added space used as a percentage of quota when listing accounts

New MailScanner Script v2.58

Changes:

  • Modified MailScanner init script to workaround a MailScanner bug where MailScanner doesn’t bother tidying up the incoming mail processing directory properly
  • Copied the clean.quarantine cron job to periodically tidy up the MailScanner incoming mail processing directory (see above)
  • New version of MailScanner v4.62.9

New ClamAV v0.91

A new version of ClamAV has been released. The update adds a bunch of new features to ClamAV, but most importantly for MailScanner users, fixes a bug which caused the MailScanner child processes to consume large amount of server resources on startup.Upgrade:

/bin/rm -Rf clamav-*wget http://prdownloads.sourceforge.net/clamav/clamav-0.91.tar.gztar -xzf clamav-*cd clamav-*./configure –disable-zlib-vcheckmakemake installreplace “Example” “#Example” — /usr/local/etc/freshclam.confreplace “Example” “#Example” — /usr/local/etc/clamd.conffreshclamcd ../bin/rm -Rf clamav-*/scripts/perlinstaller –force Mail::ClamAVservice MailScanner restarttail -f /var/log/maillog

New csf v2.81

Changes:

  • Added exe:/usr/local/cpanel/cpdavd to csf.pignore
  • Added option to disable refresh in WHM csf UI when viewing lfd.log
  • Removed debug code that prevented IP blocking — oops

New csf v2.80

Changes:

  • Added new lfd feature – Relay Tracking. This allows you to track email that is relayed through the server (cPanel only). It tracks general email sent into the server, email sent out after POP before SMTP and SMTP_AUTH authentication, local email sent from the server (e.g. web scripts). There are also options to send alerts and block IP addresses if the number of emails relayed per hour exceeds configured limits. The blocks can be either permanent or temporary. Currently blocking does not function for LOCALRELAY email.
  • Introduced a new blocking mechanism in lfd that allows a choice of permanent or temporary IP blocking. See csf.conf (LF_TRIGGER_PERM) for details on how to configure the various blocking options to use temporary instead of permanent blocks, e.g. for Login Failure blocking
  • Modified new installations to default to using seperate triggers for login failures, instead of the global LF_TRIGGER value

Bug in cPanel CURRENT/EDGE chkservd

If you are finding chkservd restarting lfd, antirelayd, mailscanner or other monitored process then there’s a bug in the latest chkservd. cPanel have been informed via the EDGE users mailing list (just now). Whilst waiting for a fix, you have two options:1. Untick the monitored services that chkservd keeps restarting falsely in WHM > Service Monitor > under the Monitor list. The dowside of this is that those processes won’t be monitored if they fail. You will also need to tick them again once cPanel have fixed chkservd2. Apply the following modification yourself. The upside is that monitoring continues, the downside is that it’s unofficial and will be overwritten after a upcp upgrade:Edit /usr/local/cpanel/libexec/chkservd and go to line 369 and change it from:

Are you still running without PHP protection?

An interesting report as been posted recently about the inherent dangers of allowing code to run under the same username as the apache process, i.e. nobody. This happens if you run PHP as a module, or CGI scripts without SUExec protection:http://seclists.org/bugtraq/2007/Jun/0250.htmlOf course, this is not anything new and the dangers have been known about for a long time. However the paper explains just how vulnerable you really are if you don’t protect your apache configuration from code being run within the context of its own user.Note that this affects both apache v1 and v2.Avoiding this issue is relatively simple:1. Enable SUExec (which is the default on cPanel installs)2. Enable PHPsuexec (or SuPHP), and understand the limitations that imposesLeaving your server without protection is inviting hackers to exploit your whole server including all your clients data, through a simple hole in one PHP script on one account on your server.An interesting take on this report is also discussed by the creator of mod_security:http://www.modsecurity.org/blog/archives/2007/06/apache_process.html

cPanel v11 email: [mailconfigupdate] Unable to automaticlly update the mailer config on "hostname"

If you receive the following email on cPanel v11 and you’re running our MailScanner package or are not using the cPanel inbuilt SpamAssassin setup:

cPanel was unable to automatically merge your Exim configuration with the new settings that shipped with the build you have installed (cpanel_version) because you have a custom ACL configuration which cannot be automatically configured.