In your Exim logs you may see errors like this:

Warning: ACL "warn" statement skipped: condition test deferred: ratelimit database not available

temporarily rejected connection in ?connect? ACL: ratelimit database not available

This likely means the Exim cache databases are corrupted. You can clear them by running:

rm -fv /var/spool/exim/db/*

Then restart Exim.

The files in question are:

• /var/spool/exim/db/ratelimit
• /var/spool/exim/db/ratelimit.lockfile
• /var/spool/exim/db/retry
• /var/spool/exim/db/retry.lockfile
• /var/spool/exim/db/wait-dk_remote_smtp
• /var/spool/exim/db/wait-dk_remote_smtp.lockfile
• /var/spool/exim/db/wait-remote_smtp
• /var/spool/exim/db/wait-remote_smtp.lockfile

In cPanel 11.25, you may be seeing errors like this in /var/log/exim_paniclog:

2010-04-15 12:33:27 failed to expand condition "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}" for virtual_user_maildir_overquota router: absolute value of integer "10485760000" is too large (overflow)

To fix this, run :

/scripts/reset_mail_quotas_to_sane_values –force –confirm –verbose

There are three ways to change a site’s IP address on a cPanel server:

Via WHM:

Go to WHM  > Change site’s IP Address , select the account, then select the IP

Via Command Line:

/usr/local/cpanel/bin/swapip <oldip> <newip> <newftpip> <domains>

*I’ve heard on some servers that this doesn’t completely switch the IP in the Apache configuration

Manually:

-Edit /var/named/domain.com.db and increment the serial number. For help in changing DNS, see this post

-Replace instances of the old IP with the new IP in /var/cpanel/userdata and /var/cpanel/users

replace 123.123.123.123 222.222.222.222 — /var/cpanel/userdata/user/*

replace 123.123.123.123 222.222.222.222 — /var/cpanel/users/user

-If the new IP is shared, remove the user’s main domain entry from /etc/domainips. If it’s a dedicated IP, add/change the IP in /etc/domainips and /etc/ssldomains (if the site has an SSL)

-Run /scripts/rebuildhttpconf and /scripts/rebuildippool

Have you ever dealt with a user that pointed their MX records to another server but email from their website or other users on the same server isn’t going there?  This is because Exim on is configured to use files called localdomains and remotedomains, which tell Exim whether a domain’s email is hosted locally or remotely.

The most common symptoms of a mis-configured local/remote domain setup are:

• Errors such as “lowest numbers MX record points to localhost” – you need to add the domain to localdomains
• Email bouncing stating the user does not exist (this may also mean that the user really does not exist!) – you need to add the domain to remotedomains
• Email from the user’s site (such as a contact form) is not being delivered to their outside mail server, but external email is – you need to add the domain to remotedomains

The files controlling these actions are:

/etc/localdomains: Contain a list of domains that have email hosted locally

/etc/remotedomains: Contain a list of domains that have email hosted remotely

The remotedomains file takes precedence, so if a domain is located in both files, the mail server should use remotedomains. However, I’ve heard that on some servers, Exim will do a DNS lookup anyway and make the decision based on where the domain is actually pointed. I haven’t personally reproduced that situation, so assume the former – remotedomains takes preference over localdomains if a domain is listed in both files.

When editing zones in cPanel or WHM, there is an option to select local/remote mail delivery or to have cPanel choose for you. Checking the corresponding boxes will update the local and remote domain files.

Need to set up a secondary mail server? Check out this article:

http://www.techtalkpoint.com/articles/how-to-setup-backup-or-secondary-mx-in-cpanel/

When you upgrade from cPanel 11.24 to 11.25, your users may notice that in cPanel, their MySQL databases show 0MB of disk space used, when they know their databases are much larger. This is due to an option in cPanel that you specifically have to enable. To enable MySQL disk usage tracking:

1) Edit /var/cpanel/cpanel.config

Change:

disk_usage_include_sqldbs=0

to

disk_usage_include_sqldbs=1

Then run the following:

/scripts/update_db_cache
This may take a few minutes if you have a ton of users with databases, but after this, you should see the database disk usage show up accurately in cPanel.

Cpanel has a lot of supporting software that you may be using on your server. In case something goes amiss, here is a list of scripts that reinstall cpanel-provided software on your system. For most all of these, you can pass a –force as an argument to force a reinstall of the application.

cPanel
/scripts/upcp

MySQL
/scripts/mysqlup

PostgreSQL
/scripts/installpostgres

Roundcube
/usr/local/cpanel/bin/update-roundcube

Horde
/usr/local/cpanel/bin/update-horde

Squirrelmail
/usr/local/cpanel/bin/update-squirrelmail

phpMyAdmin
/usr/local/cpanel/bin/updatephpmyadmin

pureFTP
/scripts/ftpup –force (See: Installing and Configuring pure-FTP)

Exim
/scripts/eximup

Courier IMAP
/scripts/courierup –force (See: Installing/Configuring Courier IMAP)

Dovecot
/scripts/dovecotup –force (See: Installing and Configuring Dovecot)

cpAddons
/scripts/cpaddonsup

NSD/BIND
/scripts/setupnameserver (NSD:/scripts/nsdup)

Apache/PHP
/scripts/easyapache (See: EasyApache)

suPHP
/scripts/suphpup

cPanel Internal PHP
/scripts/makecpphp

FrontPage Extensions
/scripts/fpupgrade

Mailman
/scripts/reinstallmailman (will not remove list data)

cpHulkd
/usr/local/cpanel/bin/hulkdsetup

Ruby
/scripts/installruby

Enabling Dovecot

You can convert a server from cppop or Courier IMAP to dovecot by running the following command:

/scripts/setupmailserver dovecot

Then set /var/cpanel/cpanel.config values:

maildir=1
mailserver=dovecot

Configuring Dovecot

Most relevant configurations can be made via WHM > Mailserver Configuration.

To customize the Dovecot configuration file in a way that the WHM configuration interface doesn’t allow, use one of the following methods:

If the directive you wish to change is already present in the template file, simply provide a value in the  main datastore. For example, to change the “lock_method” to “dotlock” add a line like this to /var/cpanel/conf/dovecot/main:

lock_method: dotlock

After making this change run /scripts/builddovecotconf and the configuration file will be updated.

If the directives you want to use in the dovecot.conf file do not exist in the template, copy the /var/cpanel/templates/dovecot1.1/main.default  (folder name may vary per version) template file to one named main.local. Make the modifications to main.local then run /scripts/builddovecotconf to regenerate the final configuration file. Your new template will be used each time the Dovecot configuration file is rebuilt in the future.

When using this method please note that updates to the dovecot binaries may require matching updates to the dovecot template file. The dovecot update system does not touch the main.local template in any way, and it is the responsibility of the administrator to reconcile cPanel’s template changes in main.default with the site specific main.local template.

A useful command when customizing the Dovecot configuration file is dovecot -n. This outputs the configuration being used by the current Dovecot process. Using this, you can verify that Dovecot is using all the directives you added to the configuration.

Maildir (run by Courier IMAP or Dovecot) is a mail format used in conjunction with an MTA to store email on the server as separate files within folders.  This post covers Courier IMAP as a service, not in terms of mail client usage.

Directory Structure

A user’s email is store in ”’/home/user/mail/<domain>/<emailuser>/…”’. Below is a sample directory structure of an email account:

• /home/username/mail (mail folder)

  • /domain.com (domain)

  • admin (email user)

  • maildirsize (quota/usage summary, expendable)

  • cur (default inbox for read email)

  • new (default email for unread email)

  • Drafts ( sample folder )

    • - cur (read email)

    • - new (unread email)

• /home/username/etc

  • /domain.com (domain)

    • passwd (contains email account list and UIDs, similar to /etc/passwd)

    • shadow (contains email passwords, similar to /etc/shadow)

    • quota (contains email account quota info)

Folders

So basically, each email user has its own folder, each containing the main inbox (cur/new), and separate email folders. Each separate inbox folder also contains a ”’cur”’ and ”’new”’ folder.

• cur – read email

• new – unread email

Email that is marked as read by the IMAP client (outlook, etc) is moved from ‘new’ to ‘cur’ .

Etc Files

Here’s a sample passwd file:

admin:x:510:510::/home/vnessa5/mail/v-nessa.net/admin:/bin/bash
support:x:513:513::/home/vnessa5/mail/v-nessa.net/support:/bin/bash

Similar to the /etc/password on the server, the file contains some critical pieces of information. From left to right:

• username
• password (x indicates the password is in a shadow file)
• UID (should match main user’s UID in /etc/password)
• GID (should match main user’s GID in /etc/password)
• home folder (location of the email account’s mail folders)
• shell (not relevant)

Permissions

There is a script in cPanel to attempt to fix user mail permissions, which is safe to run on a VPS or Dedicated server, but should not be run on shared without approval from a system admin:

/scripts/mailperm

The permissions should be as follows:

- /home/user/etc (user:mail, 755)
- domain.com (user:mail, 770)
- passwd (user:mail, 644)
- shadow (user:mail, 644)

The other permissions can be 755 user:user, as those files don’t affect email delivery.

The ‘fixperms’ command on the shared servers should fix the permissions of a user’s home folder, including mail and etc.

Converting to Maildir

/scripts/convert2maildir

This will leave the inbox files behind if you’re coming from Mbox, so you can list/remove them with:

find /home/*/mail/* -name inbox -exec ls -la {} \;

If you’ve been running servers for a few years, you probably have at least one server or VPS in your fleet that’s running Redhat 9.  Redhat  9 is old, but it’s stable (probably since there are never any updates for it), and the customers lingering on those servers are usually happy…

…until you run a cPanel update and find that something doesn’t work right. From what I’ve seen, cPanel updates on Redhat 9 servers tend to break either FTP or IMAP, causing Webmail not to work. You may see errors like this:

HORDE: Login failed because your username or password was entered incorrectly.

SquirrelMail: ERROR: Connection dropped by IMAP server.

RoundCube: Unexpected condition from IMAP server, closed or corrupt connection to IMAP. Possible mailbox corruption.

To resolve this, you need to reinstall the fam package. You can do this by running:

rpm Uvh http://archive.download.redhat.com/pub/redhat/linux/9/en/os/i386/RedHat/RPMS/fam-2.6.8-9.i386.rpm

For FTP, try reinstalling the RPM, or downgrading to the previous version:

rpm -Uvh http://httpupdate.cpanel.net/ftpinstall/pure-ftpd/redhat/9/pure-ftpd-1.0.27-1.tls.i386.rpm

If that doesn’t work, you can go to http://httpupdate.cpanel.net/ftpinstall/pure-ftpd/redhat/9/ and keep installing the previous version down until you find the one that works on your server.

cPanel’s stock installation of Exim includes a Tailwatchd driver called Antirelayd . Antirelayd is a daemon that checks /var/log/maillog for POP3 and IMAP logins and keeps track of valid logins for SMTP relaying. It reads /etc/relayhosts file automatically which is dynamically-updated, so any IPs that you add to this file will not be retained.

By default on all cPanel servers, authentication is required to send email via SMTP. Exim lets you authenticate two ways:

• Directly through SMTP with a valid username/password
• Through POP3 login, which allows the user to relay through the mail server for 30 minutes without re-authenticating

To always force SMTP authentication regardless of POP authentication, type the following command via SSH as root:

/usr/local/cpanel/bin/tailwatchd –disable=Cpanel::TailWatch::Antirelayd

To reverse this setting back to the default:

/usr/local/cpanel/bin/tailwatchd –enable=Cpanel::TailWatch::Antirelayd

You can alternatively disable/enable Antirelayd in WHM > Service Manager.

It’s generally not a good idea to allow open relaying through your mail server unless you want to get blacklisted.  There may be situations where you need to permanently let another server send mail through your server without authentication, in which case you can add their IP to /etc/alwaysrelay . A post in the cpanel forums suggests an alternate solution as well:

In WHM > Exim Configuration Editor > Advanced Editor, find this section:

accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to \
relay through this server. Perhaps you \
have not logged into the pop/imap server in the \
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *

Appended to this suggestion is changing:

accept hosts = +auth_relay_hosts

to

accept hosts = /etc/exim_smtp_whitelist

There are minor tweaks you can make to exim.conf to remove SMTP authentication altogether, but you won’t find that information here. We don’t want to encourage bad mail server setup that will make the SPAM problem on the Internet even worse.

You can test to see if your server is open relay by sending an email via Telnet and getting a 550 error:

:~$ telnet thecpaneladmin.com 25
Trying 69.174.52.38...
Connected to thecpaneladmin.com.
Escape character is '^]'.
220-thecpaneladmin.com ESMTP Exim 4.69 #1 Tue, 23 Feb 2010 20:37:54 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo thecpaneladmin.com
250 thecpaneladmin.com Hello myserver.com [x.x.x.x]
mail from: admin@thecpaneladmin.com
250 OK
rcpt to: test@test.com
550-vaoffice.inmotionhosting.com (thecpaneladmin.com) [68.106.154.170] is
550-currently not permitted to relay through this server. Perhaps you have not
550-logged into the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.