cPanel

New MailScanner Front-End (MSFE) v4.19

We’ve released a new version of MSFE that will upgrade ClamAV and configure and install the clamd ClamAV Daemon process. The procedure will also reconfigure MailScanner to use clamd instead of the Mail::ClamAV perl module which will now no longer be required.We’ve made these changes for two reasons:1. It separates the dependency we’ve had on Mail::ClamAV keeping up with ClamAV developments. The current problem of incompatibility between v0.20 of Mail::ClamAV and ClamAV v0.92 has happened before and held back the upgrade to the latest version of ClamAV2. There is an added benefit that we’ve discovered where this change reduces each MailScanner child processes memory footprint by ~32MB. The clamd process uses around the same amount of memory, but there’s only a need for a single process. So, the saving on the typical system that runs 3 MailScanner children is ~64MBYou will notice that if you attempt to upgrade ClamAV through MSFE before upgrading MSFE itself, you’ll receive an error instructing you yo upgrade MSFE first.

Warning: Latest ClamAV v0.92

The latest version of ClamAV just released (v0.92) is incompatible with the current latest version of the Mail::ClamAV module (v0.20), so you should not upgrade to ClamAV v0.92 until the Mail::ClamAV developer updates their code. This affects anyone using the ClamAV Module in MailScanner. For the time being, you should stay on/install only ClamAV 0.91.2

cPanel Dictionary Attack option

In CURRENT and EDGE releases of cPanel (v18335) cPanel have added their own Dictionary Attack ACL to exim. We would encourage users to use this new feature in preference to our long standing Dictionary Attack ACL.The cPanel version takes advantage of the new exim ratelimit feature and means that exim does not have to resort to running a perl script and storing IP addresses in a file. This ought to have less performance impact on exim.The cPanel ACL will block SMTP connection attempts after 5 consecutive failures rather than the 4 that we configured in ours. It maintains the block for one hour. cPanel also have a whitelist for IP’s.

MailTools v2.* breaks MailScanner

On servers that are running the perl modules that are a part of MailTools, MailScanner breaks with the recently released v2.*. The errors you will see when starting MailScanner look like this:

Variable “$FIELD_NAME” is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6907.Variable “$FIELD_NAME” is not imported at /usr/mailscanner/lib/MailScanner/Message.pm line 6910.Global symbol “$FIELD_NAME” requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6907.Global symbol “$FIELD_NAME” requires explicit package name at /usr/mailscanner/lib/MailScanner/Message.pm line 6910.Compilation failed in require at /usr/mailscanner/bin/MailScanner line 79.BEGIN failed–compilation aborted at /usr/mailscanner/bin/MailScanner line 79.

You can determine the module version using:

perl -MMail::Header -e ‘print “$Mail::Header::VERSION\n”‘

To fix this you need to downgrade MailTools to v1.77:

wget http://search.cpan.org/CPAN/authors/id/M/MA/MARKOV/MailTools-1.77.tar.gztar -xzf MailTools-1.77.tar.gzcd MailTools-1.77perl Makefile.PL makemake installcd ..rm -Rfv MailTools-1.77*

New csf v2.92

Changes:

  • Improved the cPanel version check for < v11 and whether up to date
  • Added new CLI option -t (–temp) which lists the temporary IP bans and the TTL before the IP is flushed from iptables
  • Added “View Temporary IP Bans” to WHM UI
  • Changed WHM UI lfd Log auto-refresh default to unchecked
  • Added regex for dovecot “Aborted login” messages in /var/log/maillog
  • Added support for displaying mod_security v2 logs in WHM UI

New csf v2.91

Changes:

  • Added Fedora Core v6 to the obsolete OS check
  • Added php v4 check
  • Added apache v2.2 check
  • Added Perl v5.8.8 check
  • Added cPanel v11 check
  • Modified Sys::Syslog use to utilise the ndelay and nofatal options
  • Added new option GLOBAL_IGNORE which makes lfd ignore IP’s listed in a globally located ignore file
  • Modified Connection Tracking so that lfd doesn’t block IP addresses that resolve to *.cpanel.net (to prevent CT_LIMIT being triggered during a upcp upgrade of cPanel)
  • Added new option CT_STATES to Connection Tracking so that you can specify which connection states you want to count towards CT_LIMIT, e.g. SYN_RECV

VPS + RH9 + Perl v5.8.8 + MailScanner = Problem

There appears to be a compatibility issue with the above combination and some of the perl modules that come as standard with perl v5.8.8, in particular Sys::Syslog which prevents some perl scripts from functioning correctly on VPS systems. One of those perl scripts is MailScanner. It doesn’t appear to affect real servers running RH9, however they should have been upgraded to a supported OS years ago.The only solutions if you are in this situation are to:1. Move to a VPS running a supported OS (e.g. CentOS v3+ RHE v3+)2. Downgrade perl to v5.8.7 – this is a bad idea since cPanel v11 and some of the latest perl modules that cPanel uses don’t functions as expected on anything older than perl v5.8.83. Uninstall MailScanner – though you are likely to start seeing problems with cPanel in the future due to such incompatibilities

cPanel: Problems sending email through Squirrelmail

cPanel have created a problem with a recent modification to how webmail, squirrelmail in particular, works on the latest versions of cPanel. In the past, webmail sent using the sendmail binary (exim) and worked without issue. In an attempt to identify outgoing email with the correct cPanel account, squirrelmail is now configured by cPanel to connect directly to the local port 25 under the UID of the account sending email.This causes problems with the cPanel configuration of the security SMTP Tweak option in WHM Server Security which cannot allow through such email without making that option less secure. Enabling it to do so would effectively open up the security tweak in the firewall for any script under a user account to send email out on localhost port 25. There is a workaround option by allowing localhost connections to the SMTP port which will allow squirrelmail to work, but does still reduce the security option level.The SMTP_BLOCK option in csf performs the same iptables configuration as the SMTP Tweak does through WHM and is also affected by this change by cPanel.There are 3 options to workaround this anomaly until cPanel come up with a solution:1. Enable the SMTP_ALLOWLOCAL (“Allow connections to localhost on port 25” option in WHM SMTP Tweak if you don’t use csf) which should allow port 25 connections from localhost (127.0.0.1)2. Disable the SMTP_BLOCK (or WHM SMTP Tweak option if you don’t use csf) option. In doing so, you leave yourself open to exploited scripts sending out spam while bypassing exim3. Use the following workaround mentioned on the cPanel forums:http://forums.cpanel.net/showthread.php?t=71073There is a cPanel bugzilla entry open for this issue:http://bugzilla.cpanel.net/show_bug.cgi?id=5917