ParagonHost.com “World Class Internet Services”

Bounced Email or Backscatter

California Milk Processor Board Threatens PETA with trademark infringement over “Got Pus?”

If ModSecurity is Turned On via your Web Server , then build a .htaccess file and place it in the root of the folder running the script that may be having issues.

Issues such as Web Scripts and Broken Graphics also any script that use’s the Spaw Editor will break the format of the editor button layout, this is due to Mod_Security in effect.

Building a .htaccess file and / or adding the noted commands below will resolve. this.

ModSecurity is an open source embeddable web application firewall, or intrusion detection and prevention engine for web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure, by operating as an Apache Web server module mod_security or standalone, and thus increase web application security. However, misconfigured or overly strict rule sets, ModSecurity may cause your website to return various errors such as HTTP 403 Forbidden error or access denied error, login problems, or HTTP 412 Precondition Failed error, or HTTP 406 Not Acceptable error and other false positive symptoms.

To make matter worse, the configuration of ModSecurity rules and filters have to be done manually. Although there are free predefined certified rule set which can be used with ModSecurity out of the box, however the rule sets may be not suitable for each and every environment and may interfere with the operation of websites or blogs, and customizing and modifying the rules may be too sophisticated or complicated for some users. And for some websites that hosted on shared hosting service, the mod_security may be enable by default without options. So in this case, the best solution or workaround for mod security related issues is to disable mod_security filtering and rules.

If you’re using Apache web server (which mostly do), mod_security can be disabled by adding a specific in .htaccess file. Locate the .htaccess file in Apache web root directory (public_html or /var/www/ or others), if it does not exist, create a new file named .htaccess, and add in the following code:

SecFilterEngine Off
SecFilterScanPOST Off

The above entries in the .htaccess will disable the ModSecurity (mod_security) module for the domain.

Uninstallation of ModSecurity (mod_security) from Apache module

The easiest way to remove and uninstall mod_security is to comment out or delete the related mod_security entries from httpd.conf Apache configuration file. The lines that should be removed include:

AddModule mod_security.c
LoadModule security_module modules/mod_security.so
Include “/usr/local/apache/conf/modsec.conf” This line may be different depending on what variant of Linux or Unix you used and the installation location

Save the httpd.conf and restart the Apache. ModSecurity will not be loaded and as if uninstalled.

If you’re using WebHost Manager (WHM), uninstallation is even simpler. Just scroll to cPanel section, and click on Addon Modules. Then scroll to module named modsecurity. It should be checked Install and Keep Updated currently. Just click on Uninstall to remove the mod security feature from Apache web server.

Source: ConfigServer.com http://www.ConfigServer.com 

Why you should use :fail:

There are sound technical reasons that you should only use :fail: and not :blackhole: on a cPanel server running exim. We have conducted quite extensive testing to establish this configuration is best and outline the reasons here.

In general the two different settings both discard email not destined for a POP3 account, an alias or a catchall alias. However, ever since cPanel included the verify = recipient code in the standard cPanel ACL section for exim, the way email is discarded differs with the two methods quite starkly:

• Using :blackhole: email is accepted and received into the server in its entirety. It is then processed through exim and only on delivery is it written to the null device (/dev/null) and silently ignored.
  • This wastes server bandwidth as the email data, or body, of the email is accepted into the server
  • This wastes server resources (CPU, memory and disk I/O) as the email is fully processed by exim before being finally written to /dev/null
  • Because the blackholed email is still processed through the whole of exim before it is finally deleted, if any of the usual checks and routing that any email goes through fails, such email can be placed in the exim mail queue for later reprocessing. This can lead to tens of thousands of blackholed emails accumulating in the exim mail queue which in turn can cause a range of serious server performance and resource problems and will affect the normal and timely delivery of email
  • This actually breaks the SMTP RFC’s because you’re not notifying the sending SMTP server that the email is undelivered, which is a requirement
  • Causes emails that will never be delivered onto the exim mail queue because checks such as sender verification are still carried out when processing such emails and if they cannot complete they will stay on the exim mail queue and repeatedly reprocess the email until it is finally discarded (usually 4+ days). This can cause very large mail queues full of spam which is repeatedly processed causing severe performance degradation
• Using :fail: the email is never accepted into the server. During the initial SMTP negotiation when the senders SMTP server connects to your SMTP server, the sending SMTP server issues a RCPT command notifying your server which email address the email to follow is intended for. Your server then checks whether the recipient email actually exists on your server (a POP3 account, an alias or a catchall alias) and if it does not, it issues an SMTP DENY which terminates the attempt to deliver the email.
  • This saves bandwidth as the email data is never received into your server
  • This saves server resources as the email never has to be processed
  • This complies with the SMTP RFC’s because the sending SMTP server receives the DENY command
  • Your server does not send a bounce message (just the DENY command)
  • Your server does not send anything to the sender of the email (i.e. the address in the From: line)
  • The sending SMTP server is responsible for notifying the original sender

Here is a simple explanation of what happens during the SMTP conversation

• Some other SMTP server connects to your server on port 25 and initiates an SMTP connection (EHLO command)
• Other server then sends a message saying who they’re delivering a message for (MAIL FROM command)
• Other server then sends who the message is for on your server (RCPT command)
• At this point your server then checks whether the email address in the RCPT command can actually be delivered on your server. If you do not have a catchall alias configured to point to an email address (Default Address) and you have it set to :fail: the following happens:
• Your server sends back along the same connection to the sending server “Go away, no-one here” (the DENY command)
• The sender server would then normally tell their user that the attempt to email your server failed. Your server does not send a “bounce” message. As far as your server is concerned, all that has happened is a little SMTP chatter and no email has been received and no bounce sent

Additionally, this is what our Exim Deny ACL does:

• If the sender server tries four email addresses that don’t exist on your server the ACL disconnects the session with the sender server (DROP) and puts the IP address of the sender server into /etc/exim_deny
• If the sender server connects again, the ACL first checks /etc/exim_deny and if it finds the senders IP address there the session is immediately disconnected

*** If a user reports that they can send mail from Horde but cannot save to sent mail folder or if using SquirrelMail , sending mail fails with the following error:

Email quota - invalid maildirsize file

Here is the solution:

In some cases when a mailbox can get corrupt and needs a small tweak. There are many different email issues that can happen.

If you see when changing a quota in your cPanel Center, the following message “invalid maildirsize file.

The following will help 99% to fix the issue, its easy and don’t be scared!

This would be a courier maildirsize file for the email account, which you can usually find by logging into cPanel, click on File Manager, click on the folder icon next to the mail folder, click on the folder icon next to the domain name, click on the folder icon next to the email user name, then click on the file called maildirsize in that folder (don’t click on the icon but the file’s name itself). In the upper right hand list of links, click to delete the file. Once you delete it, it will reform for the account automatically and it should then have the correct quota size.

cPanel announces the release of cPanel 11!

May 2nd, 2007

cPanel and WHM 11 brings the most extensive update ever to the cPanel and WHM software package. With upgrades in nearly every section of the product, this version enhances the feature packed, security minded and highly stable platform for web hosting.This update includes a tremendous list of new features including:

Security Center with comprehensive security tools
Substantial Back-end code upgrades
Apache 2.0.x and 2.2.x support
Increased interface speed
Web disks
Site Owner Interface Upgrade
Site Owner “Getting Started Wizard”
Upgraded branding and better language support
Easy Perl, PHP and Ruby module installers
and much, much more

“This upgrade really piles on the features and enhances our existing code base. cPanel 11 is a great step towards the future of web hosting control panels,” stated Eric Gregory, cPanel Public Relations.”

Due to the massive amount of changes to the cPanel and WHM code base, cPanel will be releasing this upgrade in multiple stages. The first stages will contain the majority of the new features and code, including the new domain owner interface. This first stage is currently available in the CURRENT branch and can be downloaded by running /scripts/upcp on the CLI or ‘Upgrade to Latest Version’ in WHM. The later updates will be smaller and more focused, including such features as Apache 2.0.x and 2.2.x support. It is recommended to maintain your current upgrade branch to ensure a smooth transition to cPanel 11.

The full cPanel 11 release schedule and comprehensive feature information can be found at http://www.cpanel.net/cpanel11

“This update is our most massive update ever. We’ve decided to release in multiple parts to make it an easy transition for our customers as most are using a code base that is quite different from that of cPanel 11. This staggered release will allow us to provide hands on assistance for our upgrading customers and make the upgrade process relatively elementary,” says Dave Koston, cPanel’s Operations Manager

Source: http://blog.cpanel.net/?p=10

Aggregation: ParagonHost, LLC http://www.paragonhost.com

Installing cPanel on a linux box is as simple as: 

This is a basic installation tutorial for the CentOS operating system for dedicated server duties !
CentOS is a free whitelabel distro of RedHat Enterprise with all the bells and wistles, and is the OS of choice for many web hosting companies

Installing the OS using ‘Text Mode’ :

1 - Insert the first Linux installation CD-ROM (disc 1) in the CD-ROM drive of your server and restart the server.
2 - At the boot: prompt, type text and press the Enter key. This starts the installation process.
3 - On the Language Selection screen, select English as the language that you want to run the installation program in, then click OK.
4 - On the Keyboard Selection screen, select the keyboard attached to your server, then click OK.
5 - On the Mouse Selection screen, select the mouse attached to your server, then click OK.
6 - On the Welcome screen, review the installation information, then click OK.
7 - On the Installation Type screen, select Custom, then click OK.
8 - On the Disk Partitioning Setup screen, select Disk Druid. Quote:
- If your disk has existing partitions, select each partition and click Delete.
9 - Create the following disk partitions: Quote:
The following partitions are recommended prior to installing cPanel: 

**1 GB /
*50 MB /boot (No seperate /boot for FreeBSD)
**1 GB /tmp
*10 GB /usr
**7 GB /var
**1 GB swap (swap should be 2x RAM)
Remaining space to /home Note: The above partitioning scheme is assuming a 40 GB hard drive. If you have a larger hard drive, you should increment /usr & /var accordingly. To create the / partition ‘root’: Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type / .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 1024, then click OK. To create the /boot partition: Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /boot.
* For the Filesystem type select ext3.
* In the Size (MB) field, type 50, then click OK. To create the /tmp partition : Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /tmp .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 1024, then click OK. To create the /usr partition : Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /usr .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 10240, then click OK. To create the /var partition : Quote:
* On the Partitioning screen (see step 8 ) , click New.
* In the Mount Point field, type /var .
* For the Filesystem type select ext3.
* In the Size (MB) field, type 7168, then click OK. To create the swap partition: Quote:
* On the Partitioning screen (see step , click New.
* For the Filesystem type field, select swap.
* In the Size (MB) field, enter a number that is twice the current RAM (1024 If you are using 512 MB Ram), then click OK. To create the /home partition: Quote:
* On the Partitioning screen (see step , click New.
* In the Mount Point field, type /home.
* For the Filesystem type select ext3.
* In the Size (MB) field, select Fill all available space, then click OK.
10 - When finished, Click OK.
11 - On the Boot Loader Configuration screen, select LILO Boot Loader, then click OK.
12 - On each of the following three screens, click OK.
13 - On the Network Configuration screen, clear Use bootp/dhcp, enter your server network configuration, then click OK.
14 - On the Hostname Configuration screen, enter the fully qualified host name of your server, then click OK.
15 - On the Firewall Configuration screen, select No firewall, then click OK.
16 - On the Language Support screen, select English (USA), then click OK.
17 - On the Time Zone Selection screen, select the location, then click OK.
18 - On the Root Password screen, enter in the root password for your server, re-enter the password to confirm it, then click OK.
19 - If you want to create an account that you can use to remotely log on to your server using SSH or FTP, click Add.
*** Provide the login name and password, then click OK.
20 - Review the information on the User Account Setup screen, then click OK.
21 - Review the information on the Authentication Configuration screen, then click OK.
22 - On the Package Group Selection screen, verify that only the following packages are selected. Clear all other check boxes.
Quote:
. Network Support
. Messaging and Web Tools
. DNS Name Server
. Network Managed Workstation
. Software Development
23 - Click OK.
24 - Review the Installation to begin screen, then click OK.
25 - Insert the second/third installation CD-ROM when notified to, then click OK.
26 - To create a boot disk, click Yes. Otherwise, click No.
27 - When done, the installation complete screen displays.
28 - Click OK, then press Enter to restart.
[2] Checking the host name and network settings :
After your first boot, you must check your system’s host name and network configuration to ensure that they are correct. To check your system’s host name and network configuration:
- Log on to the system as the root user.
- Type vi /etc/hosts to open the host file and modify the contents.
- Verify that the file is in the following format:

- Verify that the loopback entry (127.0.0.1) appears in the file. A correctly configured file should look like this: Note : The IP addresses used here are for illustration purposes only; they are not valid values.
Quote:
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
10.1.1.1 myhost.mydomain.com myhost - Modify the file as needed.
- Type :wq to close the file.
- Type vi /etc/sysconfig/network to open the network sysconfig file and modify the contents.
- Verify the host name. A correctly configured file should look like this: Note : The IP addresses used here are for illustration purposes only; they are not valid values.
Quote:
NETWORKING=yes
HOSTNAME=myserver.mydomain.com
GATEWAY=10.100.0.1 - Modify the file as needed.
- Type :wq to close the file.
- Type vi /etc/sysconfig/network-scripts/ifcfg-eth0 to open the network scripts file and modify the contents.
- Verify that network information. A correctly configured file should look like this: Note : The IP addresses used here are for illustration purposes only; they are not valid values.
Quote:
DEVICE=eth0
BOOTPROTO=static
BROADCAST=10.1.1.1
IPADDR=10.1.1.1
NETMASK=255.255.0.0
NETWORK=10.1.0.0
ONBOOT=yes - Modify the file as needed.
- To make these changes active, restart the system by typing:
Quote:
shutdown -r now [3]cPanel Installation Instructions:
Quote:
Important : You must have a valid cPanel license. If you do not have a valid cPanel license, please contact one of cPanel distributors listed at http://www.cpanel.net/dist.htm or buy a license directly from cPanel at http://www.cpanel.net/store/. cPanel now uses a universal install script which can be found at http://layer1.cpanel.net/. You can use the following commands in the root shell to download and start the installation script:
Quote:
mkdir /home/cpins
cd /home/cpins
wget http://layer1.cpanel.net/latest
sh latest At this point the installation has started and may take anywhere from 30 - 60 minutes to complete. At no point during the installation should you be prompted for user input. You will know the cPanel installation has been completed by the screen output coming to a stop & the statement “Done.” is printed on your screen. You should then hit “ctrl c”† to continue. Note: You must be on a stable connection to install cPanel. If your shell session disconnects during a cPanel install the cPanel installation will be aborted. You can restart the cPanel installation by completing “sh cpanel-*”† again, however it is recommended that you reformat your machine & start over to ensure a clean slate before placing the machine into production.
[4]cPanel/WHM Configuration: Following a successful install you should setup cPanel/WHM as soon as possible. In order to complete this process you will need to log into your machine using its main (eth0/fxp0) IP address; you should input something similar to this into your browser:
Quote:
https://xxx.xxx.xxx.xxx:2087 Note: you should replace xxx.xxx.xxx.xxx with your actual IP address. Further to that, you will be prompted about a self signed SSL certificate; ignore this by clicking on “Yes”. A self signed certificate is generated by cPanel/WHM to ensure a secure/encrypted communication with your server. You will now be prompted with a few questions related to how you would like your installation of cPanel/WHM customized. You can walk through the wizard by clicking on “Next Step” or if you are an experienced user feel free to click on “Finish” to skip to the end. For a complete user guide on how to access cPanel/WHM and/or use any of the functions within cPanel/WHM, please visit cPanel do*****ents section at http://www.cpanel.net/docs.htm That’s all for now .. Just keep in mind, this is not the all-in-one package for server installaion, you’ll have to secure the server, update your kernel, install a firewall, configure SSH, apply patches …. etc,etc,etc,etc Zzzzzzzzzzz This was just to illustrate the BASIC steps to get you online.

If your installing a vald ssl certificate for your cPanel server - you must use WHM to do so.

If your installing one for a virtual host then you can install the Intermediate Cert. via the command line, which you may be required to do in order to enable the Intermediate Certificate to install… The symptom is that the SSL cert will report that the cert. was not issued by a trusted provider.

 The key to installing the root cert for the server will be via WHM under SSL/TLS , then Change Server Certificates

1) Copy and paste the CRT issued to you in the first box.

2) Copy and paste the “Issuing” or Intermediate Cert in the 3rd box

3) No need to enter a domain name… 

**** You may try to put the Issuing / Intermediate Cert in the 3rd box for your virtual domains or you can use the following info to help with optioning your httpd.conf file directives. Common paths for Apache WHM would be /etc/httpd/conf/httpd.conf

INSTALLATION INSTRUCTIONS - APACHE 1.3

Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key files (generated when you created the - Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache httpd.conf file and add the following directives:  

 SSLCertificateFile /path to certificate file/your issued certificate  
 SSLCertificateKeyFile /path to key file/your key file  
 SSLCertificateChainFile/path to intermediate certificate/sf_issuing.crt

- Save your httpd.conf file and restart Apache.

INSTALLATION INSTRUCTIONS - APACHE 2.X
Installing Your Web Server Certificate and the Intermediate Certificate:
- Copy your issued certificate, intermediate certificate and key file (generated when you created the Certificate Signing Request (CSR)) into the directory that you will be using to hold your certificates.
- Open the Apache ssl.conf file and add the following directives:

 SSLCertificateFile /path to certificate file/your issued certificate  
 SSLCertificateKeyFile /path to key file/your key file  
 SSLCertificateChainFile/path to intermediate certificate/sf_issuing.crt

- Save your ssl.conf file and restart Apache.

INSTALLATION INSTRUCTIONS - Microsoft IIS 5.x/6.x
NOTE: For Windows NT 4.0, you must have at least Service Pack 4.0 or higher or Microsoft Internet Explorer 5.0.
Installing Intermediate Certificate:
Once you have downloaded the intermediate certificate, please follow the instructions below to install it:
- Select “Run” from the start menu; then type “mmc” to start the Microsoft Management Console (MMC).
- In the Management Console, select “File,” then “Add/Remove Snap In.”
- In the Add/Remove Snap-In dialog, select “Add.”
- In the Add Standalone Snap-in dialog, choose “Certificates”; then click the “Add” button.
- Choose “Computer Account”; then click “Next” and “Finish.” - Close the Add Standalone Snap-in dialog and click “OK” on the Add/Remove Snap-in dialog to return to the main MMC window.
- If necessary, click the “+” icon to expand the “Certificates” folder so that the Intermediate Certification Authorities folder is visible.
- Right-click on “Intermediate Certification Authorities” and choose “All Tasks”; then click “Import.”
- Follow the wizard prompts to complete the installation procedure.

Installing Your Web Server Certificate
- Select the Internet Information Service console within the Administrative Tools menu.
- Select the Web site (host) for which the certificate was made.
- Right mouse-click and select “Properties.”
- Select the “Directory Security” tab.
- Select the “Server Certificate” option.
- The Welcome to the Web Server Certificate Wizard windows opens. Click “OK.”
- Select “Process the pending request and install the certificate.” Click “Next.”
- Enter the location for the certificate file at the Process a Pending Request window. The file extension may be .txt or .crt instead of .cer (search for files of type “all files”).
- When the correct certificate file is selected, click “Next.”
- Verify the Certificate Summary to make sure all information is accurate. Click “Next.”
- Select “Finish.”

INSTALLATION INSTRUCTIONS - cPanel/WebHost Manager
About the Certificate Bundle
As part ofhe installation process for your issued SSL certificate, you must install the certificate bundle, which consists of our Valicert root certificate and the intermediate certificate. You can download the certificate bundle from our repository at https://certificates.starfieldtech.com/Repository.go. The bundle is located in the Root Bundle section.

Installing Web Server Certificate and Certificate Bundle
- Open the WebHost Manager and click “Install an SSL Certificate” on the SSL/TLS menu.
You will see a screen with three boxes on it. Your issued certificate, RSA private key and certificate bundle must be pasted into boxes 1, 2, and 3, respectively.
- In the first box, paste in the contents of your issued SSL certificate. If the certificate file is on your server, you may use the Fetch button to copy it from the file.
- In the second box, paste in your private key which was generated when you created the CSR.
- In the third box, paste in the certificate bundle (ca_bundle.crt).
At the top of the page click “Do it.”

ABOUT THE INTERMEDIATE CERTIFICATE
Before you install your Web Server Certificate you must install our intermediate certificate — the sf_issuing.crt  — on your Web server. An intermediate certificate is a subordinate certificate issued by the trusted root specifically to issue end-entity server certificates. The result is a chain that begins at the trusted root CA, through the intermediate certificate, and ending with the Web Server SSL certificate issued to you. Such a certificate is called “chained root certificate.” The usage of an intermediate certificate thus provides an added level of security as the Certification Authority (CA) does not need to issue certificates directly from its CA root certificate.