Anyone running a shared hosting server is probably now accustomed to dealing with constant complaints about blacklisting. It’s exim’s default setup on a cPanel server to use the shared IP of the server to send email, which means that all your clients on one server are sending out email on the same IP.  All it takes is for one spammer to send out a mailing list or one customer to get hacked and run a Darkmailer script, and suddenly everyone on your server seems to be complaining about getting their mail bounced.

You can change the server’s IP address for sending email. Assuming you already have an IP set up on your server with a valid PTR, you probably already saw on the cPanel forums or some other location that you can simply change the interface lines in your /etc/exim.conf file and restart exim:

remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}

dk_remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
dk_canon = nofws
dk_selector = default

In the above example, all you’d do is comment out the interface lines and replace them with:

interface = xx.xx.xx.xx

However, this tends to be a band-aid fix, as a cPanel update or any change made in WHM’s Exim Configuration Editor will regenerate the Exim config and overwrite your change. To make this more permanent, you’ll want to use the /etc/mailips file.

To set this up initially, go into WHM > Exim Configuration and enable this option:

** Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface) [?]

Or, in /etc/exim.conf.localopts, add/change this line:

per_domain_mailips=1

Then run

/scripts/buildeximconf
service exim restart

*The /etc/mailips file should be root:exim, chmod 440  if it doesn’t already exist.

chattr +i /etc/mailips

Now for actually changing the IP:

Changing the IP Globally

If you want everyone on the server to send out on the same IP, just add the following to /etc/mailips:

*: xxx.xxx.xxx.xxx

Then add the IP and it’s matching PTR to /etc/mail_reverse_dns:

xxx.xxx.xxx.xxx hostname.tld

This will tell Exim to use that IP for any sender on the server.

Changing the IP Per Domain

If you want your users with dedicated IP addresses to be able to use those IPs to send email as well, you can add them to /etc/mailips. cPanel actually now has documentation on how to do this properly:

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/EximDifferentIps

If you have multiple dedicated IP domains already, I’ve devised a simple loop you can use to populate /etc/mailips automatically:

while read line ; do DOMAIN=`echo -e $line |awk '{print $2}'` && IP=`echo -e $line |awk '{print $1}' |cut -d: -f1` && echo "$DOMAIN: $IP" >> /etc/mailips ;done < /etc/domainips

You’ll always want the wildcard line to be in there to account for any domain not listed in the file, whether it is the main server’s IP or another that you have assigned for email:

*: xxx.xxx.xxx.xxx

Then:

cp /etc/domainips /etc/mail_reverse_dns

This will set all the existing sites on dedicated IPs to send out mail on those IPs.

PostgreSQL is an open-source database server similar (but different) than MySQL. cPanel has a built-in installer for setting up PostgreSQL easily. Keep in mind that the actual version of PostgreSQL you get depends on your OS version. For instance, CentOS 4 users will likely get version 7, CentOS 5 will get version 8.

First, run the install script from command line

/scripts/installpostgres

Then in WHM under SQL Services >> Postgres Config Choose Install Config. Once the config has been installed set a root password for PostgreSQL (Only Alphanumerics). If you hav a firewall, you may want to open port 5432.

PostgreSQL is installed now, but PHP is not compiled for it, so you’ll need to run EasyApache and enable PHP with PostgreSQL (pgsql) support. You can do this manually, or through WHM. If doing so manually, here is the configure switch (or use with /var/cpanel/easy/apache/custom/rawopts  [info])

--with-pgsql=/usr

Now when you log into cPanel you’ll see a section for PostgreSQL. You’ll probably notice the phpMyAdmin wannabe phpPgAdmin which is the database management tool for Postgres. If  you don’t see this option, make sure it’s enabled in WHM > Feature Manager.

Now edit /var/lib/pgsql/data/postgresql.conf and edit some settings:

port = 5432

Postgres 7:

tcpip_socket = true

Postgres 8:

listen_addresses='*'

Now restart the postgres service:

service postgres restart

Note that if you’re installing PostgreSQL on a server that already has users on it, privileges will not be added by default for those existing users. To add privileges, run this command:

for user in `ls /var/cpanel/users` ; do su $user -c “createuser -S -D -R $i” postgres; done

Lately FTP has been a problem for a lot of hosting providers. Especially since the recent influx of Gumblar-related attacks and FTP exploits, some hosting providers are now considering changing their FTP ports as an added measure of security. If you’re on a cPanel server you have a couple extra steps to go through, but it’s a rather easy change.

Pure-FTP

1) Edit /etc/pure-ftpd.conf and look for the following line:

Bind <addr> <port>

Where <addr> is a publically routable IP.  The default example, 127.0.0.1, will cause the socket to bind locally but then this connection won’t serve externally. <port> is the new port you wish to put the service on.

2) If necessary, add the new FTP port to your server’s firewall

3) Edit /etc/chkserv.d/ftpd and change the port, which is the first comma-separated entry to the right of ‘=’ on the line in the file, to match the port you put the service on.

Finally:

/etc/init.d/pure-ftpd restart
/etc/init.d/cpanel restart (restarts tailwatchd/chkservd)

ProFTP

Edit /etc/proftpd.conf and change:

Port 21

Then make sure to test to make sure FTP is working before notifying your users!

I’ve experienced from time to time a problem with webmail functioning after cPanel updates, particularly on larger servers. You can reinstall all three webmail applications, while not disrupting user content, with the following commands:

Roundcube:

/usr/local/cpanel/bin/update-roundcube –force

Horde:

/usr/local/cpanel/bin/update-horde –force

or

/scripts/fullhordereset

Squirrelmail

/usr/local/cpanel/bin/update-squirrelmail –force

Click here if you are looking for full server setup automation

Thinking about using cPanel on your hosting server? Good choice. Setting up a cPanel server takes a little patience, but it’s very easy and straight forward. Basically, everything you need in order to set up a hosting environment on a Linux server is provided for you, you just need to do the configurations through their easy to use WHM panel. This tutorial will explain how to get started with setting up a cPanel server.

Before you get started, you’ll want to make sure that your server is ready to run cPanel. Take a peek at the cPanel requirements page to make sure that your server will work with cPanel:

http://cpanel.net/products/cpanelwhm/system-requirements.html

That being said, by now I’m assuming that before you continue reading this, you will have met the following requirements:

• You already have a physical server or supported VPS platform meeting the minimum requirements indicated above. For sake of preference, this guide is based on a Redhat-type server, CentOS 5 specifically.
• You have root access to your server and have a basic system administrative level of knowledge of LAMP, cPanel, and WHM

All set? Great…let’s continue!

Mod_python is one of the trickier things to install on cPanel servers. Below are the two methods I’ve used to get mod_python up and running on Apache 2.

yum -y install subversion (IF it’s not already installed)
svn co https://svn.apache.org/repos/asf/quetzalcoatl/mod_python/trunk mod_python
cd mod_python
./configure –with-apxs=/usr/local/apache/bin/apxs
make && make install

Then add to httpd.conf in the top section where the other modules are loaded:

LoadModule python_module modules/mod_python.so

And run the distiller to save the change in the configuration:

/usr/local/cpanel/bin/apache_conf_distiller –update

Using cPanel’s custom mod:

At the time this article was written, this method only worked with Apache 2.0 (not Apache 2.2). It will add a mod_python option to EasyApache so you can enable during the build. Follow the below instructions and then run EasyApache to select mod_python.

cd /var/cpanel/easy/apache/custom_opt_mods
wget http://www.cpanel.net/apps/easyapache/optmods/custom_opt_mod-mod_python.tar.gz
tar -C /var/cpanel/easy/apache/custom_opt_mods -xzf custom_opt_mod-mod_python.tar.gz
rm custom_opt_mod-mod_python.tar.gz

It was kind of annoying in the midst of cPanel 11′s release when cPanel discontinued the ability to install an SSL certificate on a shared IP.  Sure, you can do it as ‘nobody’, but this tends to mess up things when you have open_basedir set up or you’re using suPHP. Sometimes you might not have another IP to use, or you’re using an IP-based monitoring system and don’t want to complicate things. I, personally, prefer to install my shared SSL certificates on the shared IP. But that’s just me…and I’m right about everything.

There is a crafty way to get around this limitation, though it does require root access and it can be a little annoying when it’s something you have to do on a normal basis. Come on cPanel, just let us do this again so we don’t have to keep coming up with workarounds. I assume at this point that you already know how to use WHM to install a certificate, and you’re aware that the hostname for the certificate has to correspond with a user already on the server. Duh.

Click here for instructions on manual upgrades

You can easily change the major version of MySQL running on your server, keeping in mind that the actual version will be dependent on what cPanel has released in their repository. You may notice that in WHM > Tweak Settings, where MySQL upgrades and downgrades are usually done, you can no longer downgrade to versions under 5.0, nor (at the time of this writing) can you choose MySQL 5.1. Luckily cPanel gives you a way to get around this.