Some of the things which can be done from WHM to harden your mail service :
From WHM Main >> Server Configuration >> Tweak Settings:
* POP3 connection limit option prevents lots of POP3 connections.
* POP3 flood prevention option.
* Prevent “nobody” from sending mail : This will ensure that PHP
scripts user the ownership of user “nobody” will not be able send any mails.
* In service manager you can find the option “antirelay” . Turn
this off so that each time POP3 connects authentication would be required.
Try to use Secure protocols and related ports
These are just basics in hardening the mail system. More ones to follow……
The above warning might show up each time when any of cPanel services are used.
This is because cPanel / Webmail is configured to work by the server’s shared / self-signed SSL
This is not a security problem and you can safely disregard it.
To get around this issue though, either accept the certificates and tell your browser to ignore the warnings, or purchase an SSL certificate that is mapped to your main server hostname and then assign that certificate to all of the cPanel services.
When trying to upgrade MySQL server from WHM or via script,
# /scripts/mysqlup –force,
Do you face the below error message?
-bash-3.00# /scripts/mysqlup –force
Failed to download http://httpupdate.cpanel.net/RPM01/centos/unknown/i386/MySQL-server-5.1.63-0.i386.rpm
Failed to install mysql51.
Reason : In this particular scenario, if you analyze the logs, we can find that there is some issue with the rpm file to be fetched. If you observe the link from which the update is trying to fetch the required rpms we can see that the link actually doesnt point to a valid page. If you manually try to access the above link via a web-browser this results in ‘Not Found’. In the link, you can see a keyword ‘unknown’ in the space allocated for rpm distribution version.
Fix : Change the wrongly specified rpm_dist_version.
Change it from /var/cpanel/sysinfo.config. Change the “rpm_dist_ver” to point
the current centOS version, that is 4 or 5.
Then proceed with upgrading process.
This can be an issue not only during MySQL upgrade, rather when any upgrade relating
with the use of RPM’s is specified. ( eg : Pure-FTPd )
Reason : Pure-ftpd service doesn’t work with CallUploadScript set to yes in /etc/pure-ftpd.conf file. That is because the pure-uploadscript service is not getting
started while restarting the pure-ftpd service.
Ever came across a situation in which /root/.cpanel/comet consumes considerable amount of disk space?
Reason : This issue happens when high number of emails are in the mail queue manager which can occur when spamming is carried out in the server.
Manually purging the files would be an effort-consuming task.