New csf v13.04

Changes:

  • Fixed issue with ConfigServer::CheckIP generating incorrect IPv6 addresses during validation using Net::CIDR::Lite
  • Added UI entry for editing csf.reseller for DirectAdmin and InterWorx

IPv6 issues with exim and SMTPAUTH_RESTRICT/CC_ALLOW_SMTPAUTH [Fixed in v13.04]

We have identified an issue with exim rejecting what are valid IPv6 representations in the generated /etc/exim.smtpauth file. This problem manifests with errors in /var/log/exim_paniclog (on cPanel) as:

2019-07-18 08:00:22 Internal error: invalid IPv6 address "2001:470:1f0b:a9:9dc3:6ed8:e840::/106" passed to host_aton()

This innocuous error actual causes exim to defer (error 421) all email originating from IPv6 sources. This prevents its delivery inbound.

While we look into mitigating the issue exim has with the generated IPv6 CIDRs we would suggest disabling  SMTPAUTH_RESTRICT/CC_ALLOW_SMTPAUTH and removing the exim.conf line used to refer to it (see csf docs).

This issue has now been fixed in csf v13.04.

New csf v13.01

Changes:

  • Added reseller support in InterWorx
  • Added reseller support in DirectAdmin
  • Added login failure detection on InterWorx (v6.3.16+). If LF_INTERWORX is enabled, INTERWORX_LOG will be scanned for login failures to NodeWorx and SiteWorx. This is enabled by default on all InterWorx installations
  • Fixed text in Firewall.php stub in InterWorx
  • Improved UI display in DA
  • Improved UI display in InterWorx
  • Fixed InterWorx UI issue with “Service Status” NodeWorx feature caused by Firewall.php stub
  • Created cronjob to check for new product versions for the UI (/etc/cron.daily/csget). A manual check is still available if needed. This does not affect the daily upgrade check if enabled

New csf v13.00

Changes:

  • Added InterWorx integration and InterWorx panel specific configuration. See /etc/csf/readme.txt for more information (only tested on CentOS v7)
  • Added InterWorx regex detection for proftpd, dovecot imap, dovecot pop3, and smtp auth login failures. Added regex detection for LF_DISTSMTP and LF_DISTFTP. Added regex detection for LF_CXS and LF_MODSEC. Added Login
    Tracking for LT_POP3D and LT_IMAPD
  • Ensure UI errors are displayed in browser to avoid blank pages
  • Display install.txt if perl module checks fail
  • Reworked DirectAdmin UI to display within the parent template

Control Panel Support

After the fun and panic in the last few days regarding the changes in the control panel landscape, we wanted to provide some information on what we are doing to reassure our customers regarding our development plans for our products.

We are currently working on integration and support of csf, cxs and osm on several control panels including:

  • Directadmin:
    csf is already available and supported
    cxs is already available but not yet supported
    osm is in development
  • InterWorx:
    csf and cxs are both in development and we hope to have versions of both available soon

We will also look into MailScanner support on DirectAdmin with our Front-End (MSFE).

Other control panels may follow, but we don’t have them on our roadmap yet.

We do not yet have timescales, but the work is currently active.

Download Product SHA256 Checksums

We have added a single downloadable text file that contains SHA256 checksums for all of our products. The file is linked to from each product download/installation page. The checksum within the file for each product refers to the latest version that can be downloaded from our site.

The latest SHA256 checksums of all our products can be downloaded here: checksums.txt

New csf v12.12

Changes:

  • Updated CloudFlare code to use GET instead of POST to retrieve the id of an entry as POST in the API is no longer working, which affected entry deletion
  • Modified –denyrm [ip] to not remove “do not delete” entries. This now must be done by editing /etc/csf/csf.deny to prevent unintentional unblocking, e.g. by MESSENGER reCAPTCHA or the UI
  • MESSENGERv2: Set KeepAlive to Off
  • Added new csf CLI cluster option: -cir, –cirm ip
    This will remove the IP from each remote /etc/csf/csf.ignore member and then restart lfd. This has also been added to the UI
  • Added missing comment to cluster –ctempdeny entries
  • Added missing timestamp to cluster –cignore entries
  • Cluster command –cignore now checks for duplicates

New csf v12.11

Changes:

  • Added port 8443/tcp to cPanel server new installs to cater for the v80 calendar service. Existing installs will need to be modified manually if the service is used by adding the port to TCP_IN and TCP6_IN
  • Updated various EOL version checks in Server Report
  • Updated version modification system to check existing version before performing updates. Ensured that updates are applied chronologically