Email SRS support for Cpanel and Exim

Built-in SRS support under Advanced Exim Configuration Editor in WHM.
avatar
mtindor

For nearly a year I’ve had SRS enabled on the cPanel servers I maintain. Of course, when Exim gets updated I have to redo the configuration.

But it only takes adding seven lines of code to Exim, and I have never had a single problem with forwarded emails not being delivered / being rejected since implementation. I really can’t think of any good reason why SRS support is not available in cPanel at this point.

A search engine search for “cpanel SRS support” will yield instructions for manually activating SRS within Exim on a cPanel server.

M

Google apps smtp email and relay settings

from: https://support.google.com/a/answer/176600?hl=en

Google Apps SMTP settings to send mail from a printer, scanner, or app

You can set up your on-premises multifunction printer, scanner, fax, or application to send email through Google Apps. The three available options are: SMTP relay service, Gmail SMTP server and Restricted Gmail SMTP server.

For details about configuring your device or application to send SMTP messages, refer to its documentation. Google Support cannot assist with the configuration settings.

  1. SMTP relay service – used to send mail from your organization by authenticating with the IP address(s). You can send messages to anyone inside or outside of your domain.
  2. Gmail SMTP server – requires authentication with your Gmail/Google Apps account and password. Messages can be sent to anyone inside or outside of your domain.
  3. Restricted Gmail SMTP server – does not require authentication, and you will be restricted to send messages to Gmail or Google Apps users only.

The table below will help you decide which one of these options will best meet your needs:

Option Google Apps SMTP relay (recommended) Gmail SMTP server Restricted Gmail SMTP server
FQDN of SMTP Service smtp-relay.gmail.com smtp.gmail.com aspmx.l.google.com
Configuration requirements Port 25, 465, or 587
SSL/TLS optional.
One or more static IP addresses are required.
Port 465 (SSL required)
Port 587 (TLS required)
Dynamic IPs allowed
Port 25
TLS not required
Dynamic IPs allowed
Mail can only be sent to Gmail or Google Apps users
Requires authentication IP address provides authentication. Your full Gmail or Google Apps email address required for authentication No.
Bypasses anti-spam No. Suspicious emails may be filtered. No. Suspicious emails may be filtered. No. Suspicious emails may be filtered.
Sending Limits Limits for registered Google Apps users.
A registered user cannot relay messages to more than 10,000 recipients per day.
For full SMTP relay limits please see Sending limits for the SMTP relay service.
2000 Messages per day. See Sending limits for more detailed information. Per user receiving limits will apply.

You can use the SMTP relay service in the Google Admin console to relay mail from your device or application. This is possible once you add your network IP range to the SMTP relay service. You will need to configure your device to connect to smtp-relay.gmail.com on ports 25 or 465, 587. For more details about using this setting, see SMTP relay service setting.

Gmail SMTP Server could also be used to relay messages from your device or application. You can connect to Gmail mail servers using SMTP, SSL/TLS. If you connect using SMTP, you can only send mail to Gmail or Google Apps users; if you connect using SSL/TLS, you can send mail to anyone.

If your device or application supports SSL – connect to smtp.gmail.com on port 465.

To connect with SSL, you need to provide a Google username and password for authentication. Ensure that the username you use has cleared the CAPTCHA word verification test that appears when the user first logs in. We also recommend ensuring that the account has a secure password.

If your device or application does not support SSL – connect to aspmx.l.google.com on port 25.

You must configure an SPF record for your domain with the IP address of the device or application to ensure that recipients do not reject mail sent from it. You must also add this IP address to the Email Whitelist box in your Google Admin console. For example, if your sending device sends from 123.45.67.89, add that address to your SPF record without removing the Google Apps mail servers from the record: v=spf1 ip4:123.45.67.89 include:_spf.google.com ~all

Whois – How to tell what hosting company a website is using

https://who.is/whois/typeyourdomainnamehere.com

Posted in Server tips. No Comments »

Apache fasstcgi mods

I run suExec so each account will run as the owner of the account.

Fastcgi mods added to the Apache post_virtualhost_global.conf (WHM>Service Configuration>Apache Configuration>Post VirtualHost Include>All Versions)

<IfModule fcgid_module>
FcgidMaxRequestLen 52428800
</IfModule>

<IfModule mod_fcgid.c>
FcgidMaxProcesses 150
FcgidMaxProcessesPerClass 100
FcgidIOTimeout 300
FcgidMinProcessesPerClass 1
FcgidIdleTimeout 300
FcgidIdleScanInterval 120
FcgidBusyTimeout 300
FcgidBusyScanInterval 120
FcgidErrorScanInterval 10
FcgidZombieScanInterval 3
FcgidProcessLifeTime 3600
</IfModule>

Android battery calibration trick keycode

Hi, I had the same problem after 4.3 update. I did not want to do a factory, and going from a lot of posts this does not work anyway. I also didn’t want to turn off a lot of processes I previously had running. I just wanted the same level of performance as before. After doing a little research I have come believe it is a battery calibration issue. This worked for me. Charge your phone to 100%, goto keypad, type in *#0228#. This will take you to a battery status screen. Press quick start at the bottom of the screen. Your screen will go blank for a few seconds. Press the home key. Your battery percentage should have dropped. Charge to 100% and repeat the process. After a few times the drop should be negligible. Allow the battery to completely discharge and repeat. Hope this helps. Good luck.

Fix Heartbleed bug by quick update for openSSL on apache

yum update openssl* -y
This will update openSSL to the newest version for apache on CentOS

To check your server to see if it’s vulnerable to the Heartbleed bug: https://www.ssllabs.com/ssltest/

Locked out of my own firewall

CSF is the first culprit if you are locked out of your own server firewall after too many failed login attempts from a certain IP.

The block was in your firewall, not cpHulk.
The IP was listed in /etc/csf/csf.deny and /var/lib/csf/csf.tempip and /var/lib/csf/csf.tempban
You can whitelist the IP in your firewall by placing the IP in /etc/csf/csf.conf, then running csf -r

Next you can place your external IP in the whitelist of cPHulk:

WHM > Security Center > cPHulk brute force protection > White/Black list > Quick Add your current external IP to: White List (Trusted IP List)

To find your external IP:

http://cmyip.com

Easy update Ioncube loader

For Apache server running CentOs:

yum update ioncube
ioncube -v
php -v
/scripts/phpextensionmgr install IonCubeLoader
php -v

OS X flush dns

sudo killall -HUP mDNSResponder this works for OS X Mountain Lion or Lion

Posted in OS X tips. No Comments »

SMTP Reverse DNS Mismatch Warning – Reverse DNS does not match SMTP Banner

This alert on an SMTP check on Mxtoolbox is trivial.

It could be because your outbound (sending) mail server is blocking un-authenticated port 25 use by spammers. Instead you can authenticate (login) on port 487 to send email.

This from Mxtoolbox:

“Also, the banner mismatch is just a warning. There’s nothing that says that having a mismatch (or no hostnme in your banner at all) will cause you to have difficulty sending or receiving mail, it’s really more of a best practice.”