New csf v2.45

Changes and new features:

  • Added workaround to restart the bandmin acctboth chains if csf is stopped or (re)started
  • Rewritten the way RELAYHOSTS works so instead of using an iptables chain a check is done at block time on the IP address and if it is in /etc/relayhosts then it will be treated as if it is listed in csf.ignore
  • Enabled RELAYHOSTS by default, which is now a boolean on off (1 or 0) instead of a time interval
  • Added exe:/usr/local/cpanel/bin/logrunner to csf.pignore
  • Added new options PT_USERMEM and PT_USERTIME to report excessive user process usage and optionally PT_USERKILL to kill such processes. An alert is sent using resalert.txt

Want to make spam detection more aggressive?

We’ve recently started including the following SpamAssassin score modifications to help boost the identification of incoming spam with MailScanner. To do it yourself, create a file called /etc/mail/spamassassin/ and add the following lines:

score BAYES_99 5.0score URIBL_SBL 5.0score URIBL_AB_SURBL 5.0score URIBL_OB_SURBL 5.0score URIBL_PH_SURBL 5.0score URIBL_SC_SURBL 5.0score URIBL_WS_SURBL 5.0score URIBL_JP_SURBL 5.0

Then reload MailScanner:

service MailScanner reload

That’s it. This makes your Bayesian database have a greater say in what is very likely to be spam and also boosts the scores of emails that contain URI’s in known spam from various URI RBL spam lists

New csf v2.44


  • Added new option PT_LOAD which will detect if the server load average of choice exceeds a set threshold and send an alert
  • Reduced the DROP_NOLOG default setting to not include ephemeral ports for new installations
  • Moved DROP_NOLOG rules to the LOGDROP chain

New csf 2.43


  • Added new option DROP_PF_LOGGING which will give detailed iptables log information on dropped packets that are INVALID or out of sequence. This can help tracking down why iptables may be blocking certain IP connections

New csf v2.41


  • Fixed syntax in lfd procedure for csf locking
  • Added pre and post csf job detection. If /etc/csf/ exists it will be run before any of the csf iptables rules are applied. If /etc/csf/ exists it will be run after all of the csf rules have been applied. This allows you run your own iptables commands within those files. Each file is passed through /bin/sh
  • Added two new command line options to completely enable and disable csf and lfd
  • Added Enable and Disable options to WHM UI

New csf v2.40

Stability and performance improvements:

  • Added csf lock procedure to avoid iptables race conditions if multiple /simultaneous instances of csf or lfd are executed
  • Added check for child reaper looping to dramatically reduce lfd load

New csf v2.39


  • Added OS check to Security Check to warn if using RH7/9 FC1/2 which are no longer supported (or about to be retired)
  • Made lfd more lenient when it cannot open a log file (reports the error but continues to function)
  • PHP Server Check – if /opt/suphp_php_bin/php.ini exists use that for php settings
  • Added new option RELAYHOSTS to csf.conf which allows you to automatically allow access to IP’s listed in /etc/relayhosts at a specified interval

ConfigServer cPanel Services

We’ve decided to simplify our cPanel Server Service packages to a single package (with a MailScanner option). This has been done for a one main reason – we’ve found that many people who were purchasing the smaller packages were needing the security features of the large packages and weren’t benefitting from them, frequently purchasing additional services from us to bring their servers up to the Full Service spec.To better service our customers we’ve created a single package that tackles all of the apsects of server security and management that we deal with. We’ve reduced the price of what was the cPanel Full Service package for the new all encompassing package.We have not removed any features at all whilst doing this.We hope the change benefits our customers in making their servers more secure and managable.