Similar to the intentions of SPF records and DomainKeys, DKIM is intended to authenticate a sender by using a public/private key pair to digitally sign email, therefore increasing deliverability. At this point in time, while SPF records and DomainKeys are supported in cPanel, outgoing authentication with DKIM is not. That being said, please keep the following points in mind while following this tutorial:

1. The cPanel developers indicated that DKIM auth will be a feature in 11.32, therefore, when 11.32 is released it’s possible that a few steps in this guide will become obsolete
2. cPanel does not recommend or provide support for some of the changes this tutorial will ask you to make.  As usual, make these changes at your own risk or use our server consultation services for help

Upgrade Exim

DKIM is supported in Exim 4.70 and higher – the version current at the time this article was written is 4.69. Therefore, you will need to upgrade.  Hop over to the below URL, locate the latest version of Exim 4.7x, and navigate to the folder that corresponds with your operating system to find the RPM:

http://httpupdate.cpanel.net/exim/

In this case, we downloaded the RPM from:

http://httpupdate.cpanel.net/exim/4.70-4/centos/5.6/exim-4.70-4_cpanel_maildir.i386.rpm

On your server, run the following command (replace the URL with the one corresponding to the RPM you found)

rpm -Uvh http://httpupdate.cpanel.net/exim/4.70-4/centos/5.6/exim-4.70-4_cpanel_maildir.i386.rpm --nodeps

Now, verify the version:

root@server [~]# rpm -qa |grep -i exim
exim-4.70-4_cpanel_maildir

You’ll also want to keep cPanel from running an Exim update and reverting the version back to 4.69:

touch /etc/eximupdisable

 

If you have existing domains on this server, make sure to move local and remote domains files back:

mv -f /etc/localdomains.rpmsave /etc/localdomains
mv -f /etc/remotedomains.rpmsave /etc/remotedomains

*If you have trouble installing the RPM due to fetchmail or a conflict with the previously-install Exim package, do

yum remove fetchmail

rpm -e exim-4.69-29_cpanel_maildir (replace with the actual name of the old Exim package)

Install DomainKeys

The topic of how to install DomainKeys was previously covered in this article. Install the keys for each user, or run a loop as shown in the article to install them for all users.  The keys will be in: /var/cpanel/domain_keys/[public|private]/$domain .

Configure Exim

Open /etc/exim.conf and near the top, add the following lines:

DKIM_DOMAIN = ${lc:${domain:$h_from:}}
DKIM_FILE = /var/cpanel/domain_keys/private/${lc:${domain:$h_from:}}
DKIM_PRIVATE_KEY = ${if exists{DKIM_FILE}{DKIM_FILE}{0}}

Then scroll down until you see these lines:

remote_smtp:
driver = smtp

Replace this with:

remote_smtp:
driver = smtp
dkim_domain = DKIM_DOMAIN
dkim_selector = default
dkim_private_key = DKIM_PRIVATE_KEY
dkim_canon = relaxed
dkim_strict = 0

Now, restart Exim:

service exim restart

The additions to exim.conf will use a domain’s key, if the domain has one, to sign each message with DKIM.

Now, keep in mind that cPanel will overwrite these changes during cPanel updates. You have the following options:

• Run chattr +ia /etc/exim.conf, OR:
• Copy /etc/exim.conf to /root/exim.conf and create a file called /scripts/posteximup (and chmod to 700) containing the following code:

scp -p /root/exim.conf /etc/exim.conf
service exim restart

Verify

The easiest way to verify the functionality of your new DKIM setup is to send an email from your server to check-auth@verifier.port25.com . You’ll get an autoresponse back letting you now that everything is working (note that with DKIM, DomainKeys are obsolete so a status of “neutral” is normal)

SPF check:          pass
DomainKeys check:   neutral
DKIM check:         pass
Sender-ID check:    pass
SpamAssassin check: ham

If your server is approaching 99% disk space, your users may be aware of this before you are.  At the 1% free margin, the following error will pop up when accessing certain features in cPanel and WHM:

Sorry for the inconvience!
The filesystem mounted at / on this server is running out of disk space. cPanel operation has been temporarily suspended to prevent something bad from happening. Please ask your system admin to remove any files not in use on that partition

While 99% may seem like a dangerous limit, servers nowadays are getting rather large. If you have a server with over 3T of disk space, that 1% free could be well over 100G of space – space that would seemingly become waste.

Until this limit is removed in a future release, you can actually trick cPanel into thinking that the server has more space available. The key is the cache files located in /root/.cpanel/datastore, specifically the file _bin_df_-P_-k_-l.

If you edit that file and change the occurrence of 99% to a lower value, you’ll see the restricted cPanel and WHM features return to normal.  Keep in mind that the cache regenerates, so in some cases it may be appropriate to create a cron job to periodically change the file.

Of course, if 99% disk usage on your server leaves you with a minuscule amount of space, you’ll want to remove some files or add additional storage. The following articles may be useful:

• http://www.thecpaneladmin.com/11-ways-to-free-up-disk-space-on-a-cpanel-server/
• http://www.thecpaneladmin.com/huge-cpan-folder-home/
• http://www.thecpaneladmin.com/managing-multiple-hard-drives-cpanel/
• http://www.thecpaneladmin.com/manually-rearranging-accounts/

Thanks to my colleague Lee for sharing this tidbit of info

If you’ve taken a peek at your PCI scan results lately, you may have noticed that your scan provider is now requiring OpenSSH 4.5 or higher – a version that is not currently available in the CentOS 5 repositories.  A Yum update isn’t going to help you much there.

You can, however, easily compile your own RPM and manually upgrade OpenSSH.  The commands below are the ones I used to install version 5.8 (the latest stable at the time of this post), but can essentially be used for any compatible version.

First, download the OpenSSH source tarball from the vendor and unpack it. You can find the tarballs at http://www.openssh.com/portable.html

wget http://mirror.mcs.anl.gov/openssh/portable/openssh-5.8p1.tar.gz

tar -xvzf openssh-5.8p1.tar.gz

Copy the spec file and tarball:

cp ./openssh-5.8p1/contrib/redhat/openssh.spec /usr/src/redhat/SPECS/

cp openssh-5.8p1.tar.gz /usr/src/redhat/SOURCES/

Do a little magic:

cd /usr/src/redhat/SPECS

perl -i.bak -pe ‘s/^(%define no_(gnome|x11)_askpass)\s+0$/$1 1/’ openssh.spec

…and build your RPM:

rpmbuild -bb openssh.spec

Now if you go back into /usr/src/redhat/RPMS/<arch> , you should see three RPMs. Go ahead and install them:

rpm -Uvh *.rpm

To verify the installed version, just type ‘ssh -v localhost’ and you should see the banner come up, indicating the new version.

A common request we get is how a user can automatically BCC outgoing email to another address. This is most often requested by law firms that need to be able to retain copies of communication. Forwarding incoming email is easy – there’s already a section in cPanel for it. However, if you want to forward outgoing email there’s a small twist.

First, go to WHM > Exim Configuration Editor, then click “Advanced Editor” at the bottom. Don’t make any changes, just click “save”. This should create a file on the server called /etc/exim.conf.local.  From command line as root, you’ll need to edit /etc/exim.conf.local and add some options to the @CONFIG@ and @TRANSPORTSTART@ sections. The end result would look like this (plus any edits you may have already made):


@AUTH@

@BEGINACL@

@CONFIG@
system_filter_directory_transport = local_copy_outgoing

@DIRECTOREND@

@DIRECTORMIDDLE@

@DIRECTORSTART@

@ENDACL@

@RETRYEND@

@RETRYSTART@

@REWRITE@

@ROUTEREND@

@ROUTERSTART@

@TRANSPORTEND@

@TRANSPORTMIDDLE@

@TRANSPORTSTART@
local_copy_outgoing:
driver = appendfile
delivery_date_add
envelope_to_add
return_path_add
group = cpaneleximfilter
user = cpaneleximfilter
mode = 0660
maildir_format = true
create_directory = true

Now, make a copy of the existing system filter file to a custom location, so cPanel updates don’t mess with it:

cp  /etc/cpanel_exim_system_filter /etc/cpanel_exim_system_filter_custom

Edit /etc/exim.conf.localops and change the “systemfilter” option to match our new file:

systemfilter=/etc/cpanel_exim_system_filter_custom

Now, open /etc/cpanel_exim_system_filter_custom and add the following block of code to the end of the file:

if $header_from: contains "@senderdomain.com"
then
unseen deliver "other@emailaddress"
endif

Replace the blue text with the sender domain (or email address)  and the email address that outgoing mail should be copied to.

Apply these new settings to the exim.conf and restart:

/scripts/buildeximconf
service exim restart

Now when you send email from the email address or domain specified in the filter file, it will be copied to the other email address.

If you go into WHM > List Accounts and all your accounts are showing an unlimited quota and 0 disk space usage, you probably have a quota problem.

First thing, try running

/scripts/fixquotas

This’ll take a while depending on your current disk usage, but will usually fix the problem. If it doesn’t, make sure that quotas are on for your filesystem.  Look at /etc/fstab, and in the fourth column (the options column), make sure that ‘usrquota’ is specified for the file system that contains your user home folders.  For example, this is how ours looks:

LABEL=/     /           ext3    defaults,noatime,usrquota 0  0
LABEL=/home    /home          ext3    defaults,noatime,usrquota 0  0

If /home is part of the / partition, then the quotas need to be applied to / .

Now, remount the partitions with new options.  For the root ( / ) partition for example, you’d run the following command:

mount -o remount /

Then run the following command to update quotas:

/scripts/initquotas

If the problem indicates a problem writing to /aquota.user or similar, make sure the file isn’t set to immutable:

chattr -ia /aquota.user

After following these steps, if you’re still having a problem feel free to submit a support ticket and we’ll help you out!

The following is a guest post from Gwen Davis of hostingobserver.com.

History

The first cron was written in the early 1970s for Version 7 UNIX as a system service (also known in UNIX as a daemon). The algorithm, invoked from the /etc/inittab location whenever the OS entered a multi-user mode, was simple — every minute, it checked a directory for any files set to be run at the current date/time, and ran any it found under superuser root. The next version of cron, created for the release of UNIX System V, extended capabilities beyond the superuser root to all users.

Cron, ported to BSD, remained unchanged for the life of UNIX System V and its derivatives: Solaris, IRIX, HP-UX, and IBM AIX. Vixie cron (now called ISC Cron) were developed for Linux in 1987, and Redhat Linux has cronie and anacron, all of which have contributed to the growth in Linux server administration.

Cron Hosting Basics

There are three basic characteristics for the best web hosts for Cron, these are Linux hosting, cPanel hosting and unlimited hosting. However, this does not mean that you will never have the ability to run cron jobs if your hosting plan has one or two elements missing. From here on we will discuss the workarounds available for each criteria.

This post will explain a simple process for installing a Red5 Flash Media server in a VPS or Dedicated environment.

Install Subversion and Java

yum -y install java-1.6.0-openjdk java-1.6.0-openjdk-devel
yum -y install subversion

Install Ant

cd /opt
wget http://mirrors.kahuki.com/apache/ant/binaries/apache-ant-1.8.1-bin.tar.bz2
tar jxvf apache-ant-1.8.1-bin.tar.bz2
mv apache-ant-1.8.1 ant
ln -s /opt/ant/bin/ant /usr/bin/ant

Result: /opt/ant

Export some variables and add to bashrc:

export ANT_HOME=/opt/ant
export JAVA_HOME=/usr/lib/jvm/java
export PATH=$PATH:/opt/ant/bin
export CLASSPATH=.:$JAVA_HOME/lib/classes.zip

echo 'export ANT_HOME=/opt/ant' >> /etc/bashrc
echo 'export JAVA_HOME=/usr/lib/jvm/java' >> /etc/bashrc
echo 'export PATH=$PATH:/opt/ant/bin' >> /etc/bashrc
echo 'export CLASSPATH=.:$JAVA_HOME/lib/classes.zip' >> /etc/bashrc


Install Red5:

cd /opt
svn co http://red5.googlecode.com/svn/java/server/trunk red5
cd red5
ant prepare
ant dist


Create an init script

By default you have to use red5′s inherent scripts to start/stop, which can be a bit annoying. Create a file called /etc/init.d/red5 and past int he following:

#!/bin/sh
# For RedHat servers
# description: Red5 flash media server
# processname: red5
PROG=red5
RED5_HOME=/opt/red5
DAEMON=$RED5_HOME/$PROG.sh
PIDFILE=/var/run/$PROG.pid
# Source function library
. /etc/rc.d/init.d/functions
[ -r /etc/sysconfig/red5 ] && . /etc/sysconfig/red5
RETVAL=0
case "$1" in
start)
echo -n $"Starting $PROG: "
cd $RED5_HOME
$DAEMON >/dev/null 2>/dev/null &
RETVAL=$?
if [ $RETVAL -eq 0 ]; then
echo $! > $PIDFILE
touch /var/lock/subsys/$PROG
fi
[ $RETVAL -eq 0 ] && success $"$PROG startup" || failure $"$PROG startup"
echo
;;
stop)
echo -n $"Shutting down $PROG: "
killproc -p $PIDFILE
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$PROG
;;
restart)
$0 stop
$0 start
;;
status)
status $PROG -p $PIDFILE
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|status}"
RETVAL=1
esac
exit $RETVAL

*Note that WordPress has a strange way of outputting double quotes, so make sure you address those in the script!
Now, chmod 755 /etc/init.d/red5 and run:

chkconfig red5 on

This will run Red5 on startup. With the init script, you can now start, stop, and restart red5 as needed, ex:

service red5 restart

red5 should now run port 5080 and rtmp service on port 1935. You may need to open these ports in your server’s firewall.

Test:

http://hostname:5080/demos/port_tester.swf

Source: Adapted from http://www.sohailriaz.com/how-to-install-red5-server-on-centos-53/

You’ll probably often see hosts that have a ton of extra icons in their cPanel for various items. When you’re customizing cPanel, it’s useful to be able to be able to add icon groups for features that either need to be grouped together, or that don’t fit into other categories.  cPanel 11 makes it very easy to customize how icons are presented.

Create the Group

First, you’ll want to create your icon group.  The group will contain features/plugins that you create and assign to the group. Here’s a very basic example of a Twitter plugin that was created as part of a separate group called “Extras”:

First, we’re going to create the “Extras” group:

If you’re using the x3 theme, go into /usr/local/cpanel/base/frontend/x3/dynamicui . Create a file based on your new menu, prefaced with dynamicui, and ending in .conf. For example, I’m creating a group of icons that I want to be under a group called “extras”, so the file I create will be called dynamicui_extras.conf .

In the dynamicui_extras.conf file, all on one line, I’ll add the properties for my group, making sure everything is on one line:

groupdesc=>Extras,description=>extra icons,grouporder=>-100,group=>extras_menu,
imgtype=>icon,subtype=>img,type=>image,file=>extras,height=>32,width=>32