How To Block A Domain From Sending Email From My cPanel Server

We face this problem many times, even we mostly get this kind of issue when a user who is getting hacked a lot and the account is sending out spam emails. In that case, If you want to disable just his account from being able to send mail at all until he can get his script updated or changed. So here’s how we can do it:

First, in root SSH, run these commands:

touch /etc/blockeddomains
echo “domain.com” >> /etc/blockeddomains

Please replace domain.com with the domain name. Do not replace the “” part as that’s required, only the domain.com part with the right domain name.

In WHM > Exim Configuration Editor > Advanced Configuration Editor -> Click on “Add additional configuration setting” -> Add::

domainlist blocked_domains = lsearch;/etc/blockeddomains

Locate the “ROUTERS CONFIGURATION” section, and right below these lines:

democheck:
driver = redirect
require_files = “+/etc/demouids”
condition = “${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}”
allow_fail
data = :fail: demo accounts are not permitted to relay email

Put the following lines:

reject_domains:

driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
allow_fail
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Set Up DNS for Office 365 in cPanel

To set up Microsoft Office 365, login to cPanel, then add/update the following DNS records for the domain(s) in question:

example.com.au. 300 MX 0 example-com-au.mail.eo.outlook.com.
example.com.au. 3600 TXT MS=ms000000
autodiscover 3600 CNAME autodiscover.outlook.com.
example.com.au. 3600 TXT “v=spf1 include:outlook.com ~all”
_sip 3600 SRV 100 1 443 sipdir.online.lync.com.
_sipfederationtls 3600 SRV 100 1 5061 sipfed.online.lync.com.
sip 3600 CNAME sipdir.online.lync.com.
lyncdiscover 3600 CNAME webdir.online.lync.com.
Notes:

  • The MS record shown in red is a number supplied by Microsoft as part of the verification rocess.
  • The MX record contains the domain name as a prefix, with periods replaced by hyphens.

Then, change the Email Routing setting down the bottom to “Remote Mail Exchanger”.

Resetting Root Password Using Rescue Mode

It’s been a million dollar question for anyone who is stuck and don’t remember the root password, If you are not able to reset the password for your Linux Server then you will need to place the server into rescue mode and chroot the file system of the server and run passwd to update the root password. Sounds easy? Let me show you how 🙂

  1. Place Server into Rescue Mode or If you have no idea how to do that then ask your hosting provider to do that for you.
  2. Connect to the rescue mode server using ssh as normally you do.
  3. It is always suggested to run ‘fsck’ (File System check) every time you get. It will save you hassles of it automatically running during a reboot, causing boot time to take longer than expected.

This could be either /dev/sda1 or /dev/sdb1 depending on your setup.

I will be using /dev/sda1 in the reset of the example:

fsck -fyv /dev/sda1

This will force a file system check (f flag), automatically respond ‘yes’ to any questions prompted(y flag), and display a verbose output at the very end(v flag).

Mounting the file system:

a. Make a temporary directory:

mkdir /mnt/rescue

b. Mount to that temp directory

mount /dev/sda1 /mnt/rescue
chroot /mnt/rescue

4. We are going to use ‘chroot’. chroot allows you to set the root of the system in a temporary environment.

5. Now that we are chroot-ed into your original drive, all you have to do is run ‘passwd’ to update your root password on the original Server’s hard drive.

passwd

(This will prompt you for your new password twice, and then update the appropriate files.)

6. Exit out of chroot mode.

exit

7. Unmount your original drive

umount /mnt/rescue

8. Exit out of SSH and Exit Rescue Mode.

How To Set Up Clustered Nameservers With cPanel

As important as DNS is to web hosting, it is a good idea to make it redundant when possible. If you have two or more cPanel servers, you can use cPanel’s DNS clustering to lower the risk of a DNS failure on a nameserver taking down all of your sites. Here’s how to set that up:

Step One: Enable Clustering For Each Server

First, click over to Configure Cluster in WHM on each server. In the Modify Cluster Status box, select Enable DNS clustering. Click the Change button.

Step Two: Configure The Primary Nameserver

On the first server, scroll down to Add a new server to the cluster. The type will be cpanel. Click Configure. This will take you to the cPanel DNS Remote Configuration page.
In Remote cPanel & WHM DNS service, put the hostname or IP address of the second nameserver. Next, in Remote server username, put the username of the nameserver. While this can sometimes be reseller, in most cases it will be root.

In the next area, Remote server access hash, you will need to put the ssh public key of the other server. To find that key, go to the Manage root’s SSH Keys page in the second server’s WHM. Click Generate a New Key. On the next page, leave the password blank and click the Generate Key button. cPanel will issue a warning about the security of an SSH key without a password, but unfortunately it is needed for this sort of automation. (It is only a security risk if someone gains root access to your server, by which point your server’s security will already have been compromised.)

Still on the second server, click back to Manage root’s SSH Keys. Then click View/Download Key under the Public Keys: heading. This will take you to the key which you will then copy back to the first server, in the Remote server access hash field.

Uncheck the Setup Reverse Trust Relationship checkbox.

Set the DNS role of the server to Write-only. Click Submit.

Step Three: Repeat Step Two, Only Backwards

Step Three is going through the same process as Step Two, only reversing the servers. Also, role of the server should be set to Standalone instead of Write-Only.

Adding DNS Zones

There is one quirk of this system: DNS zones for domains will have to be added on the Write-Only server. So when creating cPanel accounts on the Standalone server, make sure to add the DNS for the domain to the Write-Only server.

===

cPanel Optimize Website No longer working

When client tries to enable or disable “Optimize Website” in cPanel, this error is shown:

OptimizeWS::optimizews(,) failed: Modification of non-creatable array value attempted, subscript -1 at /usr/local/cpanel/Cpanel/OptimizeWS.pm line 104, <HC> line 52.

Here is a Solution:

To be certain you are not over-writing any existing data:

# mv /home/[cPanel user]/.htaccess /home/[cPanel user]/.htaccess.bak
# echo > /home/[cPanel user]/.htaccess; chown [cPanel user].[cPanel user] /home/[cPanel user]/.htaccess

cPanel >> Software/Services >> Optimize Website should work as expected once there is an existing .htaccess file with some content in /home/[cPanel user]/.htaccess

Let me know if anything else is needed, i’ll make sure it get fixed for you.

Thanks