While enabling passive ftp in your ftp client is simple, doing so in your ftp server configuration files might be a bit tricky if you don’t know what you are doing.

This tutorial will cover Pure-FTPd, the ftp server used on most cPanel powered servers.

Here are the steps that you will have to fallow so that you enable passive FTP.

1. Login to your server using a ssh client
2. Open the Pure-FTPd configuration file in your favorite editor (I always use nano)

nano /etc/pure-ftpd.conf

3. Uncomment the line that starts with PassivePortRange and add:

PassivePortRange 61001 65535

4. Restart Pure-FTPd with the command:

service pure-ftpd restart

5. If you use a firewall don’t forget to allow inbound connections on the newly added ports

The question is how can such a RBL be added to Exim ?
Well it’s not that hard !
First you will have to login to your server using ssh.
After a successful login:

1. Change directory to /usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK

cd /usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK

2. Make a copy of of spamcop_rbl and name it with the new rbl name that will be used. For exemple

cp spamcop_rbl njabl_rbl

3. Open the newly created file

nano njabl_rbl

4. Change the two “dnslists” entries to the address of the new RBL. For example the new file should look something like this for dnsbl.njabl.org

root@server [/usr/local/cpanel/etc/exim/acls/ACL_RBL_BLOCK]# cat njabl_rbl

deny message = JunkMail rejected – $sender_fullhost is in an RBL, see $dnslist_text
dnslists = dnsbl.njabl.org
hosts = +backupmx_hosts

warn
dnslists = dnsbl.njabl.org
set acl_m8 = 1
set acl_m9 = “JunkMail rejected – $sender_fullhost is in an RBL, see $dnslist_text”
[% ACL_RBL_WHITELIST %]

warn
condition = ${if eq {${acl_m8}}{1}{1}{0}}
ratelimit = 0 / 1h / strict / per_conn
log_message = “Increment Connection Ratelimit – $sender_fullhost because of RBL match”

drop
condition = ${if eq {${acl_m8}}{1}{1}{0}}
message = ${acl_m9}

5. Save the file
6. Run

/scripts/buildeximconf

That’s it you should now have the RBL added to your Exim mail server. You can off curse add as many RBLs as you like but please keep in mind that too many of them will increase the chances of false positives and can increase the general load on the server.

If you have any questions don’t hesitate to leave a comment!

cd /usr/local/apache/htdocs

And finaly edit the file index.html

nano index.html

If you list the content of /usr/local/apache/htdocs you will see that you can also modify the content of other error pages that cpanel’s apache outputs.

That’s it !

If you run into any problems don’t hesitate to leave a comment.

How to fix this?
First of all you will have to login to your server using ssh.

1. You first have to edit /etc/fstab

nano /etc/fstab

2. Locate the line that looks something like

LABEL=/1 / ext3 defaults 1 1

3. Add after “defaults” the word “usrquota”. It should look something like

LABEL=/1 / ext3 defaults,usrquota 1 1

4. Save and exit
5. Remount the / partition

mount -o remount /

6. Now run the cpanel script to fixquotas

/scripts/fixquotas

That’s it! Now all you cpanel accounts should have a limited disk space that you setup.

If you have any questions or problems don’t hesitate to leave a message.

First we’ll need to log in to WHM. Under DNS Functions, select Edit DNS Zone. Choose the domain for the zone in which you wish to edit. Add an A record mapped to asterisk (wildcard) for the subdomain and the IP Address the site is hosted on. You likely already have A records for ftp, webmail, etc. just model this new one after those.

You should now be able to enter any subdomain on your domain, but it will not likely find your main site. So now we need to set that up.

Step 2: ServerAlias

Log in to your server via SSH and go open /etc/httpd/conf/httpd.conf (I’ll assume you know your way around linux via command line as well as vi or some other editor)

*Note: wherever you see example.com you should expect to see your domain name that you are setting up

Now, we could edit this file and make everything work, but there is a problem with that. Look at the top ofthe document and you should see something like this:

Direct modifications to the Apache configuration file may be lost upon subsequent regeneration of the configuration file. To have modifications retained, all modifications must be checked into the configuration system by running:
/usr/local/cpanel/bin/apache_conf_distiller –update
To see if your changes will be conserved, regenerate the Apache configuration file by running:
/usr/local/cpanel/bin/build_apache_conf
and check the configuration file for your alterations. If your changes have been ignored, then they will need to be added directly to their respective template files.

Basically what it’s saying is don’t edit this file directly because you’re changes may be lost.

Do a search for the domain you are adding the wildcard to. You should find the VirtualHost set up for your domain. Here is mine:

# DO NOT EDIT. AUTOMATICALLY GENERATED. IF YOU NEED TO MAKE A CHANGE PLEASE USE THE INCLUDE FILES.

<VirtualHost 67.225.128.241:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/example/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
CustomLog /usr/local/apache/domlogs/example.com combined
CustomLog /usr/local/apache/domlogs/example.com-bytes_log “%{%s}t %I .\n%{%s}t %O .”
## User example # Needed for Cpanel::ApacheConf
<IfModule !mod_disable_suexec.c>
SuexecUserGroup example example
</IfModule>

# To customize this VirtualHost use an include file at the following location
# Include “/usr/local/apache/conf/userdata/std/2/example/example.com/*.conf”

</VirtualHost>

Notice the highlighted lines. This is where we are going to create a file. We are going to create a file at:
/usr/local/apache/conf/userdata/std/2/example/example.com/ServerAlias_wildcard.conf
(you can give it any name you want really)

*Hint: You may need to create the directories first, run this command:
mkdir -p /usr/local/apache/conf/userdata/std/2/example/example.com/

So really, you don’t need to edit anything it httpd.conf, we just needed some info.

Inside of the ServerAlias_wildcard.conf file, enter this line:
ServerAlias *.example.com

Now, you’ll need to rebuild the httpd.conf file per the instructions at the top of that file by running the following command:
/usr/local/cpanel/bin/build_apache_conf

If you open your /etc/httpd/conf/httpd.conf file again you should see that your VirtualHost for your domain as changed slightly:

<VirtualHost 67.225.128.241:80>
ServerName example.com
ServerAlias www.example.com
DocumentRoot /home/example/public_html
ServerAdmin webmaster@example.com
UseCanonicalName Off
Options -ExecCGI -Includes
RemoveHandler cgi-script .cgi .pl .plx .ppl .perl
CustomLog /usr/local/apache/domlogs/example.com combined
CustomLog /usr/local/apache/domlogs/example.com-bytes_log “%{%s}t %I .\n%{%s}t %O .”
## User example # Needed for Cpanel::ApacheConf
<IfModule !mod_disable_suexec.c>
SuexecUserGroup example example </IfModule>
Include “/usr/local/apache/conf/userdata/std/2/example/example.com/*.conf”

</VirtualHost>

Step 3: Restart Apache

The last step required is to restart apache. I suppose there are a number of ways to do this. As long as we are logged in to SSH, we might as well just run the command:
service httpd restart

Now, give it a try. you should be aby to access something like http://whatever.example.com and still see your main page.

The command works by setting the immutable bit of the file.

How you can make a file immutable ?
Note: This command must be run as root

chattr +i file_name

An example use would be:

chattr +i ftp.log

Now if I want to delete the file I would get:

rm -f ftp.log
rm: cannot remove `ftp.log’: Operation not permitted

Please remember that this was done as root !

If you want to unset the immutable bit you can use the command:

chattr -i file_name

If you want to check what are the attributes of a file you can do so using the command lsattr:

lsattr file_name

In our example we would be getting:

lsattr ftp.log
—-i——– ftp.log

Please notice the immutable bit !

Hope it helps!
If you have any questions just leave me a comment.

When you should start worrying about your CPU temperature?
When the first signs are random reboots or hangs of your server. If you see something like that it is a good idea to check your server’s temperature.

How to monitor the temperature?
Linux provides a nice and useful app to monitor your CPU temperature called lm_sensors.

Requirements
lm_sensors requires a kernel 2.6.17 or higher. If you are running an older kernel you will have to upgrade before you install lm_sensors

Installation is simple:

1. Install the package via your package manager (for exemple yum)

yum install lm_sensors

2. Run the sensors detector

sensors-detect

Fallow the on screen instructions.
This will instruct you to add to /etc/modprobe.conf something like :

#—-cut here—-
# I2C module options
alias char-major-89 i2c-dev
#—-cut here—-

3. Start the lm_sensors service

service lm_sensors start

4. Now to get the sensor data

sensors

This will list all available sensors and provide the data from them.

Please note that if you want to use lm_sensors in a core2duo system you will need kernel 2.6.21 or newer.

Hope it helps!
If you have any questions just let me know.

I just investigated a cpanel server that was showing two spamd processes that were using 100% of CPU time.
In case you see a similar problem on your server there is an easy fix released by cPanel, but before we go there please note that this is not a cPanel issue, but it’s a SpamAssasin issue (bug) that is promised to be fixed in version 3.2.4

Until then you should run as root the fallowing command:

/scripts/autorepair spamd_dbm_fix

Hope it helps !

What syntax should I use?
Now that you have learnt what it is and why you should use it, it’s time to see what syntax you should use.
For SPF to work you have to add to each DNS zone a record similar to this:

domain.com. 14400 IN TXT “v=spf1 a mx -all”

Let’s try to explain the syntax:
We are telling the world that:

• v=spf1 – we are using spf version 1 (the only version really)
• for domain “domain.com” the fallowing IP’s are allowed to send email: the A record IP and the MX record IP’s.
• “-all” – no other IP’s are allowed to send emails

You can read all the options that you have by visiting: http://www.openspf.org/SPF_Record_Syntax

How to install SPF records?

Now that we know what they are and how to write them it’s time to install them.
I’ll divide my presentation in two sections.
In the first one I will teach you how to add a SPF record automatically to newly created accounts and in the second section how to add them to domains that are already setup and don’t have them.

If this is a new cPanel server or you want all the domains that you add on the server from now on to have a SPF record you have to do the fallowing:

1. Login to WHM using root
2. Click on Edit Zone Templates and then on “standard”
3. Add at the end of file:

%domain%. IN TXT “v=spf1 a mx -all”

You can replace “v=spf1 a mx -all” with the syntax that you decide it’s the best for you.

4. Repeat step 2 and 3 for the “simple” zone template

That’s it ! From now on all the accounts that you will create on the server will have a SPF record.

Now what do we do with all the accounts that are already created and don’t have a SPF record?
One option would be to edit manually all the zone files on the server and to add the TXT record. This is an easy solution if you have 10 accounts but what do you do if you have 1000 or 10.000 (on multiple servers) ?
I have the solution for you !
cPanel has built a script to install a SPF record for a given cPanel user. The script is located at: /usr/local/cpanel/bin/spf_installer
I was surprised to know how few people know about this script. In fact when I searched forums.cpanel.net for some threads about this I found none !
I can tell you that this script is scheduled to go into production in cPanel 12.x and it’s now in beta testing, this is why there no mention of it anywhere.
Unfortunately as with all the beta software out there this script has a big bug. The script will not add a SPF for the main domain but does work with your subdomains, addon or parked domanins.
After investigating for a few hours I found the problem. The script is trying to add to the DNS zone a record like this:

domain.com 14400 IN TXT “v=spf1 a mx -all”

The correct syntax would be:

domain.com. 14400 IN TXT “v=spf1 a mx -all”

Notice the extra dot (.) in the correct syntax !

How to fix this?
We have to edit one of cPanel’s source code. Here’s a step by step guide on how to do it:

1. Login as root on the server using ssh
2. We have to edit SPF.pm source file

nano /usr/local/cpanel/Cpanel/SPF.pm

3. Locate the fallowing lines (should be at the end of the file)

foreach my $domain (@DOMAINS) {
push @installlist , { match => ‘v=spf’,
domain => $domain,
record => $domain,
value => ‘v=spf1 a mx ?all’ };
}

4. Replace this with:

foreach my $domain (@DOMAINS) {
push @installlist , { match => ‘v=spf’,
domain => $domain.”.”,
record => $domain.”.”,
value => ‘v=spf1 a mx ?all’ };
}

I’m not a perl expert but this should work. There might be a better way to do it and if you know one please leave a comment here.
Also please note that I have opened a bug report with cPanel and I hope that they will fix the bug themselves within a reasonable timeframe.

Please note that the default cPanel script will add the fallowing SPF record: ‘v=spf1 a mx ?all’ which means that for all the domains you will allow the A and MX records IP’s to send email and will be neutral to all the others (notice the ?all at the end of the record !). This is probably OK for all the situations and will cause little to no trouble, but you might want to change this if you want to have a special SPF record setup.

5. Now let’s test to see if it works. Run the fallowing

/usr/local/cpanel/bin/spf_installer USERNAME

Where USERNAME is the cPanel username.

Now check to see if the zone file has a SPF record.

If everything was ok we can now add a SPF to all the domains on the server.
I have created a simple bash script to do this for you.
Run as root the fallowing:

for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

Wait for it to finish. (it might take a few minutes!).

That’s about it. Hope it helps a lot a people !
If you have any comments or questions don’t hesitate to leave a comment here.

Here are the simple steps that you have to fallow to setup this script:

1. First you must have a 3ware RAID card. you can check this by running

lspci | grep 3ware

If it outputs something about a 3ware RAID card you have one.

2. Install tw_cli

wget http://www.3ware.com/download/Escalade9500SSeries/9.3.0.4/tw_cli-linux-x86-9.3.0.4.tgz
gzip -d tw_cli-linux-x86-9.3.0.4.tgz
tar -xf tw_cli-linux-x86-9.3.0.4.tar

Note the path to tw_cli !

3. Write a bash file with the fallowing

#!/bin/bash
com=`/path_to_ tw_cli/tw_cli info c0 u0 status | awk ‘{print $4}’`
echo $com
if [ "$com" = "DEGRADED" ];
then
mail -s “RAID Warning” you@domain.com < body
fi


Note: You also have to make a file called “body” that will have the body of the warning email.
Also replace you@domain.com with your email.

4. Schedule a cron to run this script every day or so. You can do something like this:

crontab -e

Add a line like:

0 11,23 * * * /path_to_script/test

This will test the array at 11:00 and 23:00 and will email you if it detects any problems.

5. Restart crond

service crond restart

Hope it helps !
If you have any suggestions to improve the script please leave a comment.