If you’ve been running servers for a few years, you probably have at least one server or VPS in your fleet that’s running Redhat 9.  Redhat  9 is old, but it’s stable (probably since there are never any updates for it), and the customers lingering on those servers are usually happy…

…until you run a cPanel update and find that something doesn’t work right. From what I’ve seen, cPanel updates on Redhat 9 servers tend to break either FTP or IMAP, causing Webmail not to work. You may see errors like this:

HORDE: Login failed because your username or password was entered incorrectly.

SquirrelMail: ERROR: Connection dropped by IMAP server.

RoundCube: Unexpected condition from IMAP server, closed or corrupt connection to IMAP. Possible mailbox corruption.

To resolve this, you need to reinstall the fam package. You can do this by running:

rpm Uvh http://archive.download.redhat.com/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/fam-2.6.8-9.i386.rpm

For FTP, try reinstalling the RPM, or downgrading to the previous version:

rpm -Uvh http://httpupdate.cpanel.net/ftpinstall/pure-ftpd/redhat/9/pure-ftpd-1.0.27-1.tls.i386.rpm

If that doesn’t work, you can go to http://httpupdate.cpanel.net/ftpinstall/pure-ftpd/redhat/9/ and keep installing the previous version down until you find the one that works on your server.

Contrary to what appears to be claimed in the cPanel forums, InnoDB is not disabled by default on cPanel servers in later versions of MySQL 5…at least it shouldn’t be. If you get errors in your application due to InnoDB storage not being enabled, log into your MySQL console and run:

show engines;

You should see a list of all the storage engines MySQL supports, and you may see something like this:

| InnoDB     | DISABLED | Supports transactions, row-level locking, and foreign keys     |

If you do, there are generally two things that would cause this:

1. Check my.cnf for skip-innodb. If it’s there, remove that line and restart MySQL

2. Your ibdata files are corrupted. Try moving the ibdata* files out of /var/lib/mysql, and restart MySQL

cPanel’s stock installation of Exim includes a Tailwatchd driver called Antirelayd . Antirelayd is a daemon that checks /var/log/maillog for POP3 and IMAP logins and keeps track of valid logins for SMTP relaying. It reads /etc/relayhosts file automatically which is dynamically-updated, so any IPs that you add to this file will not be retained.

By default on all cPanel servers, authentication is required to send email via SMTP. Exim lets you authenticate two ways:

• Directly through SMTP with a valid username/password
• Through POP3 login, which allows the user to relay through the mail server for 30 minutes without re-authenticating

To always force SMTP authentication regardless of POP authentication, type the following command via SSH as root:

/usr/local/cpanel/bin/tailwatchd –disable=Cpanel::TailWatch::Antirelayd

To reverse this setting back to the default:

/usr/local/cpanel/bin/tailwatchd –enable=Cpanel::TailWatch::Antirelayd

You can alternatively disable/enable Antirelayd in WHM > Service Manager.

It’s generally not a good idea to allow open relaying through your mail server unless you want to get blacklisted.  There may be situations where you need to permanently let another server send mail through your server without authentication, in which case you can add their IP to /etc/alwaysrelay . A post in the cpanel forums suggests an alternate solution as well:

In WHM > Exim Configuration Editor > Advanced Editor, find this section:

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

Appended to this suggestion is changing:

accept hosts = +auth_relay_hosts

to

accept hosts = /etc/exim_smtp_whitelist

There are minor tweaks you can make to exim.conf to remove SMTP authentication altogether, but you won’t find that information here. We don’t want to encourage bad mail server setup that will make the SPAM problem on the Internet even worse.

You can test to see if your server is open relay by sending an email via Telnet and getting a 550 error:

:~$ telnet thecpaneladmin.com 25
Trying 69.174.52.38...
Connected to thecpaneladmin.com.
Escape character is '^]'.
220-thecpaneladmin.com ESMTP Exim 4.69 #1 Tue, 23 Feb 2010 20:37:54 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo thecpaneladmin.com
250 thecpaneladmin.com Hello myserver.com [x.x.x.x]
mail from: admin@thecpaneladmin.com
250 OK
rcpt to: test@test.com
550-vaoffice.inmotionhosting.com (thecpaneladmin.com) [68.106.154.170] is
550-currently not permitted to relay through this server. Perhaps you have not
550-logged into the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.

Cpanel 11.25 introduces a new feature to allow you to set a reseller’s shared IP to be different from that of the server’s shared IP. This feature can be activated in WHM > Reseller Center > Manage reseller’s shared/main IP.  While this will allow you to have multiple accounts on the same IP, those accounts have to be owned by the reseller and will all be using the same IP. What if you have a dedicated IP that you want a couple accounts to share?  There’s currently no built-in cPanel functionality to do this, but you can alter a couple files to make it happen.

This walkthrough is for changing the IP of a domain/account to one that is already taken by another account. If you’re simply changing the site’s IP to one that is free, use the WHM > Change Site’s IP Address function instead.

Some time in earlier 2009 cPanel added a new script to their repository to allow cPanel admins to easily install ImageMagick without the hassle of finding compatible RPMs for newer versions, or dealing with the the various issues surrounding Perl Magick on CentOS 5/RHEL 5 servers.

First, check to see if you have existing RPM versions installed on your system:

rpm -qa |grep -i magick

If any packages show up, remove them with rpm -e . Then to reinstall ImageMagick, run:

/scripts/installimagemagick

This may take a bit of time, but it will fully install a functional copy of ImageMagick as well as Perl Magick. When it’s done, you can run the following commands to test it:

convert -v

…will show you ImageMagick is installed, and to what version:

Version: ImageMagick 6.4.8 2010-02-11 Q16 OpenMP http://www.imagemagick.org
Copyright: Copyright (C) 1999-2009 ImageMagick Studio LLC

To test Perl Magick (Image::Magick), run:

/scripts/checkimagemagick

FTP hacks seem to be on the rise nowadays, with viruses like Gumblar stealing FTP passwords and farming them out to hackers so they can upload malicious code into user files. What you end up with is a flood of complaints from users about errors on their site and being flagged by Google for malicious content.  And as you know, when  things like this happen the first person the customer tends to blame is the hosting provider.

While it’s really not something you as the hosting provider can control, there are measures you can take to secure your server against FTP hacks.

From time to time I’ve had users ask me to install an SSL certificate for their MySQL server. Currently this support is not enabled in cPanel automatically, nor is there an option to use it in WHM > Manage Service SSL Certificates at the time this article was written. However, you can install a certificate manually by following a few simple steps.

You may have noticed that cPanel’s default partition size for /tmp is 512 MB, which in some cases can be way too small.  The /tmp partition on cPanel servers, assuming it was the one cPanel created and not one you did yourself, is a file-based partition that can easily be resized.

By default on most servers, /tmp is the temporary dumping place for a lot of things, for example:

• PHP session files
• PHP temporary file uploads
• MySQL temporary files
• Cache files for certain Apache modules

Most software that uses temporary files or sessions will automatically prefer to use /tmp – this folder is usually set to 777  permissions and therefore writeable by every user on the server.

When your /tmp partition fills up, it can cause noticeable problems for your users. If you run a larger server, the /tmp folder can fill up quickly and be very annoying as far as maintenance is concerned. Fortunately there is a very easy way to increase the size of this partition on a standalone server.

1. Stop MySQL, Apache, and cPanel to prevent writing to the /tmp partition
2. Copy the contents of /tmp to another location, such as /home (cp -rfp /tmp /home)
3. Unmount /tmp. If you’re unable to, you can do an lsof (lsof |grep /tmp) to see what processes are still writing to it, and kill them off. Or do a lazy unmount (umount -l /tmp) .
4. Delete /usr/tmpDSK (rm -rf /usr/tmpDSK)

Now open /scripts/securetmp and look for this line:

my $tmpdsksize     = 512000;    # Must be larger than 250000

And change the “512000″ value to your desired size in MB, and save the file. Now run the following script to recreate /tmp:

/scripts/securetmp

This will recreate your /tmp (tmpDSK) partition using the size you specified. While the securetmp script may be overwritten in a cPanel update, the size of /tmp will not be affected one you alter its size.

One of the more important features to customers is the ability to view and analyze their web traffic. CPanel offers three statistics programs for end users to view their stats, all of which are free and open source:

• Analog
• AwStats
• Webalizer

Configuring Stats

In WHM, go to Statistics Software Configuration and select which statistics programs to enable. The go to WHM > Tweak Settings as well and check the same stats programs under “Stats Programs“. Usually though checking them in one place or the other will enable them in both places.

You also want to set the update frequency of the logs, usually to 24 hours. You can check the box for allowing Awstats override configuration files as well, so that users will have their own awstats.conf they can modify in their tmp folders.

With this, you’ll need to verify into WHM > Tweak Settings the following value:

Number of days between processing log files and bandwidth usage (default 1, decimal values are ok)

Again, the Tweak settings and stats configuration are essentially the same setting, so updating one should update them both.

Now that stats will be running on a normal schedule, you can make additional configurations. In WHM > Tweak Settings, go to the Stats and Logs section and you’ll find a number of settings that you can configure:

• Allow users to update Awstats from cPanel – This will put an ‘Update Now’ link in awStats for each user so they can run their own stats. Keep in mind that if you enabled the local Awstats config for users, they can override this setting.
• Delete each domain’s access logs after stats run – If this is checked, the domain’s stats in /usr/local/apache/domlogs will be removed after each stats run
• The load average above the number of cpus at which logs file processing should be suspended (default 0) – What server load will caused the stats to stop running
• Awstats Reverse Dns Resolution – This resolves IPs in Awstats to hostnames. This can degrade performance on more populated servers, but seems to be preferred by end users.

Managing Stats

You can set time exclusions to indicate when stats should not be running. This is useful for servers that tend to have higher load during the day. To enforce this restriction, edit /etc/stats.conf and set:

BLACKHOURS=8,9,10,11,12,13,14,15

In that example, stats will not run between 8am and 3pm.

In WHM > Statistics Software Configuration, you can see if your server’s stats are running properly. If they are, you should see this:

The server currently is able to keep up with your statistics processing schedule.

If the message says otherwise, and your stats are not up to date, you may need to make changes to how you are running your statistics. Meaning, if you have a lot of users on the server, you may want to consider making one or more of the following changes:

• Narrow the blackout hours (if specified)
• Increase the load limit for processing stats in WHM > Tweak Settings
• Change the frequency in which logs are being run, to allow more time

You may also want to see if there are any very large logs files in /usr/local/apache/domlogs, that could be taking a long time to run.  You may want to consider moving that user to another server or running their stats manually via cron job at a certain time every day.

To run a user’s stats manually, you can use WHM > Statistics Software Configuration, or use:

/scripts/runweblogs <user>

If stats have not been updating at all, it’s possible that cpanellogd isn’t running. Try restarting cPanel, and run /scripts/runlogsnow

When I was in technical support, I got at least a dozen or more calls a week about clients who couldn’t send email, but had no problem receiving. When incoming mail works fine but the client can’t connect to the SMTP server, 99.9999% of the time it’s being caused by the ISP blocking remote SMTP/port 25 connections.  You can tell your customers this, but by now you probably know that your customers only care about what you can do for them. You know the ISP isn’t going to budge, and you can’t really blame them – the influx of SPAM has forced a lot of ISPs, webhosts, and email providers to change their protocols. And you need to as well.

Luckily cPanel offers an easy solution for opening additional ports for Exim, so your clients that can’t use standard port 25 can still send email through your mail server.

To enable the second port, all you need to do is log into WHM > Service Manager and check both boxes next to “exim on another port” and enter the port (one that is not already used) in the box, then save the settings. If you have a firewall, you also need to make sure the port is open so your users can connect to it.