Anyone running a shared hosting server is probably now accustomed to dealing with constant complaints about blacklisting. It’s exim’s default setup on a cPanel server to use the shared IP of the server to send email, which means that all your clients on one server are sending out email on the same IP.  All it takes is for one spammer to send out a mailing list or one customer to get hacked and run a Darkmailer script, and suddenly everyone on your server seems to be complaining about getting their mail bounced.

You can change the server’s IP address for sending email. Assuming you already have an IP set up on your server with a valid PTR, you probably already saw on the cPanel forums or some other location that you can simply change the interface lines in your /etc/exim.conf file and restart exim:

remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}

dk_remote_smtp:
driver = smtp
interface = ${if exists {/etc/mailips}{${lookup{$sender_address_domain}lsearch*{/etc/mailips}{$value}{}}}{}}
helo_data = ${if exists {/etc/mailhelo}{${lookup{$sender_address_domain}lsearch*{/etc/mailhelo}{$value}{$primary_hostname}}}{$primary_hostname}}
dk_private_key = "/var/cpanel/domain_keys/private/${dk_domain}"
dk_canon = nofws
dk_selector = default

In the above example, all you’d do is comment out the interface lines and replace them with:

interface = xx.xx.xx.xx

However, this tends to be a band-aid fix, as a cPanel update or any change made in WHM’s Exim Configuration Editor will regenerate the Exim config and overwrite your change. To make this more permanent, you’ll want to use the /etc/mailips file.

To set this up initially, go into WHM > Exim Configuration and enable this option:

** Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface) [?]

Or, in /etc/exim.conf.localopts, add/change this line:

per_domain_mailips=1

Then run

/scripts/buildeximconf
service exim restart

*The /etc/mailips file should be root:exim, chmod 440  if it doesn’t already exist.

chattr +i /etc/mailips

Now for actually changing the IP:

Changing the IP Globally

If you want everyone on the server to send out on the same IP, just add the following to /etc/mailips:

*: xxx.xxx.xxx.xxx

Then add the IP and it’s matching PTR to /etc/mail_reverse_dns:

xxx.xxx.xxx.xxx hostname.tld

This will tell Exim to use that IP for any sender on the server.

Changing the IP Per Domain

If you want your users with dedicated IP addresses to be able to use those IPs to send email as well, you can add them to /etc/mailips. cPanel actually now has documentation on how to do this properly:

http://docs.cpanel.net/twiki/bin/view/AllDocumentation/WHMDocs/EximDifferentIps

If you have multiple dedicated IP domains already, I’ve devised a simple loop you can use to populate /etc/mailips automatically:

while read line ; do DOMAIN=`echo -e $line |awk '{print $2}'` && IP=`echo -e $line |awk '{print $1}' |cut -d: -f1` && echo "$DOMAIN: $IP" >> /etc/mailips ;done < /etc/domainips

You’ll always want the wildcard line to be in there to account for any domain not listed in the file, whether it is the main server’s IP or another that you have assigned for email:

*: xxx.xxx.xxx.xxx

Then:

cp /etc/domainips /etc/mail_reverse_dns

This will set all the existing sites on dedicated IPs to send out mail on those IPs.

It was kind of annoying in the midst of cPanel 11′s release when cPanel discontinued the ability to install an SSL certificate on a shared IP.  Sure, you can do it as ‘nobody’, but this tends to mess up things when you have open_basedir set up or you’re using suPHP. Sometimes you might not have another IP to use, or you’re using an IP-based monitoring system and don’t want to complicate things. I, personally, prefer to install my shared SSL certificates on the shared IP. But that’s just me…and I’m right about everything.

There is a crafty way to get around this limitation, though it does require root access and it can be a little annoying when it’s something you have to do on a normal basis. Come on cPanel, just let us do this again so we don’t have to keep coming up with workarounds. I assume at this point that you already know how to use WHM to install a certificate, and you’re aware that the hostname for the certificate has to correspond with a user already on the server. Duh.

Chkservd is the service in cPanel that checks to make sure that services are running, then restarts them if necessary.  It’s also responsible for the ‘Service Manager’ section in cPanel, which is also an interface where added services can be easily checked on and off.

Service files are in /etc/chkserv.d/

To add a new service, create a line in ”’/etc/chkserv.d/chkservd.conf’” in the same format as the others:

service:1

1 means the service should be enabled, 0 means it’s off.

In ”’/etc/chkserv.d”’ each service has its own file.  Create a file called as the name of the service you are monitoring.  The contents of the file are in the format of:

#SERVICE = PORT, SEND, RESPONSE, RE-START COMMAND

There are two ways that cPanel checks services with chkservd:

*Connection-based monitoring – By default, cPanel will try to connect to the service’s specified port, issue a command, and if a response is received within 10 seconds it will consider the service to be online. For instance, FTP:

service[ftpd]=21,QUIT,220,/scripts/restartsrv_ftpserver

*Process-based monitoring – cPanel will check for a specific process to determine whether it is online. For instance, named:

service[named]=x,x,x,/scripts/restartsrvr_bind,named,named|bind

If you have more than one restart command, you can separate them with semicolons in order of preference that they should be run.  Output of these commands will be logged to the chkservd.log

After you’ve created the service’s configuration file, restart chkservd:

/etc/init.d/chkservd restart

You should then see the service listed in WebHost Manager in the ‘service manager section’

Chkservd logs are in /var/log/chkservd.log.  Checks are done every 8 minutes, and everyone online service gets a +, offline services get a -.  If the service is determined to be offline, the restart command(s) specified in that service’s chkservd configuration file is issued and the output is logged.