I recently saw an issue on one of our servers where we were trying to enable Zend Optimizer and IonCube Loaders, but they just won’t show up on a phpinfo page despite showing up via command line:

-bash-3.2# php -v
PHP 4.4.9 (cli) (built: May  4 2010 13:55:07)
Copyright (c) 1997-2008 The PHP Group
Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies
with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and
with Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies

After toggling around with this and finally getting cPanel installed, one of their techs (Kyle P.) figured out that the problem is with PHP being built with the versioning extension, which can apparently cause dynamic modules not to load when PHP is invoked as a DSO (and likely as CGI, but couldn’t reproduce it). The CPanel documentation also recommends against it:

“Versioning – The PHP versioning option was intended to allow the same sort of functionality that the concurrent DSO patches allow. It does not work well and is not recommended by cPanel or the PHP developers.”

Quite honestly, I never used versioning on a server and I knew it wasn’t something that was recommended, but at least now we know why!

One of the servers here at work was giving a 500 Internal Server error whenever a PHP page was loaded. Among the various things that can cause this error when you’re running PHP in CGI mode (suPHP), this error showing up in the Apache log was most unusual. Turns out it’s due to the suphp binary missing its sticky/suid permissions.

SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

To fix, simply chmod +s the suphp binary:

chmod +s /opt/suphp/bin/suphp

In your Exim logs you may see errors like this:

Warning: ACL "warn" statement skipped: condition test deferred: ratelimit database not available

temporarily rejected connection in ?connect? ACL: ratelimit database not available

This likely means the Exim cache databases are corrupted. You can clear them by running:

rm -fv /var/spool/exim/db/*

Then restart Exim.

The files in question are:

• /var/spool/exim/db/ratelimit
• /var/spool/exim/db/ratelimit.lockfile
• /var/spool/exim/db/retry
• /var/spool/exim/db/retry.lockfile
• /var/spool/exim/db/wait-dk_remote_smtp
• /var/spool/exim/db/wait-dk_remote_smtp.lockfile
• /var/spool/exim/db/wait-remote_smtp
• /var/spool/exim/db/wait-remote_smtp.lockfile

In cPanel 11.25, you may be seeing errors like this in /var/log/exim_paniclog:

2010-04-15 12:33:27 failed to expand condition "${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}" for virtual_user_maildir_overquota router: absolute value of integer "10485760000" is too large (overflow)

To fix this, run :

/scripts/reset_mail_quotas_to_sane_values –force –confirm –verbose

There are three ways to change a site’s IP address on a cPanel server:

Via WHM:

Go to WHM  > Change site’s IP Address , select the account, then select the IP

Via Command Line:

/usr/local/cpanel/bin/setsiteip -u $user $ip

Manually:

-Edit /var/named/domain.com.db and increment the serial number. For help in changing DNS, see this post

-Replace instances of the old IP with the new IP in /var/cpanel/userdata and /var/cpanel/users

replace 123.123.123.123 222.222.222.222 — /var/cpanel/userdata/user/*

replace 123.123.123.123 222.222.222.222 — /var/cpanel/users/user

-If the new IP is shared, remove the user’s main domain entry from /etc/domainips. If it’s a dedicated IP, add/change the IP in /etc/domainips and /etc/ssldomains (if the site has an SSL)

-Run /scripts/rebuildhttpconf and /scripts/rebuildippool

Have you ever dealt with a user that pointed their MX records to another server but email from their website or other users on the same server isn’t going there?  This is because Exim on is configured to use files called localdomains and remotedomains, which tell Exim whether a domain’s email is hosted locally or remotely.

The most common symptoms of a mis-configured local/remote domain setup are:

• Errors such as “lowest numbers MX record points to localhost” – you need to add the domain to localdomains
• Email bouncing stating the user does not exist (this may also mean that the user really does not exist!) – you need to add the domain to remotedomains
• Email from the user’s site (such as a contact form) is not being delivered to their outside mail server, but external email is – you need to add the domain to remotedomains

The files controlling these actions are:

/etc/localdomains: Contain a list of domains that have email hosted locally

/etc/remotedomains: Contain a list of domains that have email hosted remotely

The remotedomains file takes precedence, so if a domain is located in both files, the mail server should use remotedomains. However, I’ve heard that on some servers, Exim will do a DNS lookup anyway and make the decision based on where the domain is actually pointed. I haven’t personally reproduced that situation, so assume the former – remotedomains takes preference over localdomains if a domain is listed in both files.

When editing zones in cPanel or WHM, there is an option to select local/remote mail delivery or to have cPanel choose for you. Checking the corresponding boxes will update the local and remote domain files.

Need to set up a secondary mail server? Check out this article:

http://www.techtalkpoint.com/articles/how-to-setup-backup-or-secondary-mx-in-cpanel/

When you upgrade from cPanel 11.24 to 11.25, your users may notice that in cPanel, their MySQL databases show 0MB of disk space used, when they know their databases are much larger. This is due to an option in cPanel that you specifically have to enable. To enable MySQL disk usage tracking:

1) Edit /var/cpanel/cpanel.config

Change:

disk_usage_include_sqldbs=0

to

disk_usage_include_sqldbs=1

Then run the following:

/scripts/update_db_cache
This may take a few minutes if you have a ton of users with databases, but after this, you should see the database disk usage show up accurately in cPanel.

Cpanel has a lot of supporting software that you may be using on your server. In case something goes amiss, here is a list of scripts that reinstall cpanel-provided software on your system. For most all of these, you can pass a –force as an argument to force a reinstall of the application.

cPanel
/scripts/upcp

MySQL
/scripts/mysqlup

PostgreSQL
/scripts/installpostgres

Roundcube
/usr/local/cpanel/bin/update-roundcube

Horde
/usr/local/cpanel/bin/update-horde

Squirrelmail
/usr/local/cpanel/bin/update-squirrelmail

phpMyAdmin
/usr/local/cpanel/bin/updatephpmyadmin

pureFTP
/scripts/ftpup –force (See: Installing and Configuring pure-FTP)

Exim
/scripts/eximup

Courier IMAP
/scripts/courierup –force (See: Installing/Configuring Courier IMAP)

Dovecot
/scripts/dovecotup –force (See: Installing and Configuring Dovecot)

cpAddons
/scripts/cpaddonsup

NSD/BIND
/scripts/setupnameserver (NSD:/scripts/nsdup)

Apache/PHP
/scripts/easyapache (See: EasyApache)

suPHP
/scripts/suphpup

cPanel Internal PHP
/scripts/makecpphp

FrontPage Extensions
/scripts/fpupgrade

Mailman
/scripts/reinstallmailman (will not remove list data)

cpHulkd
/usr/local/cpanel/bin/hulkdsetup

Ruby
/scripts/installruby

Enabling Dovecot

You can convert a server from cppop or Courier IMAP to dovecot by running the following command:

/scripts/setupmailserver dovecot

Then set /var/cpanel/cpanel.config values:

maildir=1
mailserver=dovecot

Configuring Dovecot

Most relevant configurations can be made via WHM > Mailserver Configuration.

To customize the Dovecot configuration file in a way that the WHM configuration interface doesn’t allow, use one of the following methods:

If the directive you wish to change is already present in the template file, simply provide a value in the  main datastore. For example, to change the “lock_method” to “dotlock” add a line like this to /var/cpanel/conf/dovecot/main:

lock_method: dotlock

After making this change run /scripts/builddovecotconf and the configuration file will be updated.

If the directives you want to use in the dovecot.conf file do not exist in the template, copy the /var/cpanel/templates/dovecot1.1/main.default  (folder name may vary per version) template file to one named main.local. Make the modifications to main.local then run /scripts/builddovecotconf to regenerate the final configuration file. Your new template will be used each time the Dovecot configuration file is rebuilt in the future.

When using this method please note that updates to the dovecot binaries may require matching updates to the dovecot template file. The dovecot update system does not touch the main.local template in any way, and it is the responsibility of the administrator to reconcile cPanel’s template changes in main.default with the site specific main.local template.

A useful command when customizing the Dovecot configuration file is dovecot -n. This outputs the configuration being used by the current Dovecot process. Using this, you can verify that Dovecot is using all the directives you added to the configuration.

Maildir (run by Courier IMAP or Dovecot) is a mail format used in conjunction with an MTA to store email on the server as separate files within folders.  This post covers Courier IMAP as a service, not in terms of mail client usage.

Directory Structure

A user’s email is store in ”’/home/user/mail/<domain>/<emailuser>/…”’. Below is a sample directory structure of an email account:

• /home/username/mail (mail folder)

  • /domain.com (domain)

  • admin (email user)

  • maildirsize (quota/usage summary, expendable)

  • cur (default inbox for read email)

  • new (default email for unread email)

  • Drafts ( sample folder )

    • - cur (read email)

    • - new (unread email)

• /home/username/etc

  • /domain.com (domain)

    • passwd (contains email account list and UIDs, similar to /etc/passwd)

    • shadow (contains email passwords, similar to /etc/shadow)

    • quota (contains email account quota info)

Folders

So basically, each email user has its own folder, each containing the main inbox (cur/new), and separate email folders. Each separate inbox folder also contains a ”’cur”’ and ”’new”’ folder.

• cur – read email

• new – unread email

Email that is marked as read by the IMAP client (outlook, etc) is moved from ‘new’ to ‘cur’ .

Etc Files

Here’s a sample passwd file:

admin:x:510:510::/home/vnessa5/mail/v-nessa.net/admin:/bin/bash
support:x:513:513::/home/vnessa5/mail/v-nessa.net/support:/bin/bash

Similar to the /etc/password on the server, the file contains some critical pieces of information. From left to right:

• username
• password (x indicates the password is in a shadow file)
• UID (should match main user’s UID in /etc/password)
• GID (should match main user’s GID in /etc/password)
• home folder (location of the email account’s mail folders)
• shell (not relevant)

Permissions

There is a script in cPanel to attempt to fix user mail permissions, which is safe to run on a VPS or Dedicated server, but should not be run on shared without approval from a system admin:

/scripts/mailperm

The permissions should be as follows:

- /home/user/etc (user:mail, 755)
- domain.com (user:mail, 770)
- passwd (user:mail, 644)
- shadow (user:mail, 644)

The other permissions can be 755 user:user, as those files don’t affect email delivery.

The ‘fixperms’ command on the shared servers should fix the permissions of a user’s home folder, including mail and etc.

Converting to Maildir

/scripts/convert2maildir

This will leave the inbox files behind if you’re coming from Mbox, so you can list/remove them with:

find /home/*/mail/* -name inbox -exec ls -la {} \;