Fedora Legacy closing – FC4 no longer supported

A kindly reminder that anyone running FC4, FC3, FC2 or FC1 needs to migrate their servers as soon as possible. As this notice on the FedoraLegacy states:

In case any of you are not aware, the Fedora Legacy project is in the process of shutting down. The current model for supporting maintenance distributions is being re-examined. In the meantime, we are unable to extend support to older Fedora Core releases as we had planned. As of now, Fedora Core 4 and earlier distributions are no longer being maintained.

This means that if you’re running FC4 or lower you will no longer receive any OS updates including vital security fixes. You therefore need to migrate to a supported OS as soon as possible.We’d strongly recommend moving over to CentOSv4. If you have to use Fedora Core (and you should not use it on any production servers as it’s a development OS) then you should only currently use FC5 since cPanel don’t yet support FC6.

New csf v2.52


  • Separated the log file regex’s into regex.pm for those feeling brave to tailor them for non-cPanel servers
  • Unified installer for cPanel and non-cPanel installations – so that only install.sh needs to be run (checks for the existence of /usr/local/cpanel/version If you install on a server intending to use cPanel before cPanel is installed, run the install.cpanel.sh script instead
  • Added mod_security v2 regex when running Apache2 to lfd
  • Added [iptext] tag for connectiontracking.txt to list all the connections of an offending IP. Add this manually for existing installations

New csf v2.51

This is a major landmark for us in the development of csf and lfd which provides installation of the firewall and daemon onto non-cPanel generic Linux distributions:

  • Major Enhancement: csf+lfd can now be installed and used on a generic Linux OS without cPanel using install.generic.sh – see readme.txt for more information
  • PF INVDROP entries made bi-directional if PF logging enabled (reduces the number of INVDROP LOG rules by half)
  • Fixed Process Tracking throttle control to correctly use PT_INTERVAL

New MSFE v3.8


  • Added new feature allowing you to set cPanel user MailScanner settings from within the WHM UI
  • Moved a selection of settings from the MSFE Advanced settings to the main settings display
  • Added option to MailScanner Performance to allow disabling of Message Scanning. This can help to process a backlog of email very quickly as no spam or virus scanning is done at all and the queued email is simply handed to exim for delivery
  • Changed option to Edit rules to View rules instead for stability reasons since the MSFE jobs wiil overwrite any changes

You can download the update from http://download.webumake.com – if you don’t have a download account, please email sales@waytotheweb.com and request one, and be sure to include the name under which you originally ordered.

New csf v2.50


  • Removed option ALLOW_RES_PORTS from new installs, setting is ignored
  • Check for LF at the end of form data for files edited through the WHM UI and append one if omitted
  • Following the changes in 2.48 the LOGDROP chain doesn’t distinguish between incoming and outgoing blocks. So, LOGDROP has now been split into LOGDROPIN and LOGDROPOUT

ORDB RBL is closing down

Quote from http://www.ordb.org/news/?id=38:

We regret to inform you that ORDB.org, at the ripe age of five and a half, is shutting down. It’s been a case of a long goodbye as very little work has gone into maintaining ORDB for a while.
We encourage system owners to remove ORDB checks from their mailers immediately and start investigating alternative methods of spam filtering.

So, if you use relays.ordb.org in exim RBL ACL, or ORDB-RBL in the MailScanner “Spam List” setting, remove it asap.Note: We do not configure either exim or MailScanner to use this RBL when we perform the MailScanner Sevice package work

New csf v2.48


  • csf will now specify ! lo as the main ethernet device unless otherwise defined in ETH_DEVICE. This will mean that the firewall is applied to all ethernet devices on the server unless otherwise specified in the configuration