Installing ImageMagic on Centos 6

Install ImageMagick and ImageMagick-devel using yum because we need all the dependency installed:

yum install ImageMagick
yum install ImageMagick-devel

Then continue to install Imagick php module (Edit: If you are running php 5.4.x, then you need to install imagick 3.1.0RC2, 3.0.1 will give errors, find it here:

cd /root
wget http://pecl.php.net/get/imagick-3.0.1.tgz
tar zxf imagick-3.0.1.tgz
cd imagick-3.0.1
phpize
./configure
make
make install

Find the loaded php.ini configuration using command :

php --ini

Now we have to add the extension to the php.ini file.

extension=imagick.so

Then restart Apache :

/etc/init.d/httpd restart

Cpanel log to check when hosting created and deleted

In the recent days, we all are facing the hacking issue at that time, we always see problem like account termination from the server.
At that time, we can use the following log file to investigate the issue as its providing when hosting account was created, owner changed or account deleted from the server.
For example we are checking logs for the domain test123.com and as per the following logs the hosting account for domain test123.com is created by using the root owner on dated Wed Jan 11 08:19:40 2012 and onwership is under root.

root@linux7802 [~]# cat /var/cpanel/accounting.log | grep test123.com
Wed Jan 11 08:19:40 2012:CREATE:root:root:test123.com:115.124.103.126:admin111

Now we have changed the ownership for the domain test123.com hosting account to linux780 reseller ownership therefore check the following logs

root@linux7802 [~]# cat /var/cpanel/accounting.log | grep test123.com

Wed Jan 11 08:22:51 2012:CHANGEOWNER:root:root:test123.com:admin111:root:linux780

Now we have terminated the hosting account for the domain test123.com by using the root user and its also recorded in the accounting.log

root@linux7802 [~]# cat /var/cpanel/accounting.log | grep test123.com
Wed Jan 11 08:25:14 2012:REMOVE:root:root:test123.com:admin111

So we can similarly check the logs for all the domains when they have created/modified or removed from the server and its always to better to maintain the accounting.log for future reference.

Removing Particular IP address from Cphulk bruteforce database

When your IP got blocked in cphulk database you can not remove it from WHM as cPanel has not offer this feature yet. You will have to flush cphulk database for this but this will remove other IPs too that is not recommended as far as security is concerned.

In order to remove particular IP from cphulk bruteforce database you will have to access database and has to remove that IP.

You can do this by two methods

1)Access database through shell
2)Access database through phpmyadmin

I will explain you first method as second one is relatively easy.

Access server with root user. Type in mysql as you will login to mysql shell. Now to connect database cphulkd type in

mysql> use cphulkd;

You will now connect to database cphulkd. Now type in sql query
just to confirm if your IP is really blocked there.

mysql> SELECT * FROM `brutes` WHERE IP=’x.x.x.x’;

If you are able to see your IP in brutes then simply remove it by

mysql> DELETE FROM `brutes` WHERE IP=’x.x.x.x’;

Once it done quit the mysql by typing

mysql> quit

In this way your IP will be removed from brute force and you will enjoy cPanel browsing.

Creating Email accounts in webmin

First you have to look if Postfix and Dovecot are propely configured.

Step 1 >> Add a Webmin user. By going to System > Users and Groups.
               Then click create a new user at the bottom of the listing of users.

Click Save and move on to the next step.

Step 2 >>

Now that you have the user and new password created, you are ready to setup the new user mailbox on the server. You now want to go over to Servers > Postfix Mail Server.  Now in order to use your new user as an outgoing email you must next click on the icon labeled “Virtual Domains” then. Next simply go to “Add New Mapping”

  But, when you click save mappings, if your are receiving such an error :

 ========================================
 Error while saving a mapping : No map file defined
========================================

 Then you need to create the map file or define one in your config

Check to see if virtual_mailbox_maps or virtual_alias_maps exists in the main.cf file. if it's not there, then   create the file if it is there then check to make sure it's been created on your file system.

You need to edit your main.cf and add:

virtual_alias_domains = DomainOne.com DomainTwo.com
virtual_alias_maps = hash:/etc/postfix/virtual

You then need to run 'postmap' and you may need to restart postfix

You need to create a file called virtual, if it does not exists.
And you have to add the email address and respected User to the file for eg : -
=======================================

postmaster@example.com     postmaster
info@example.com           joe
sales@example.com          jane

===========================================

The virtual_alias_domains setting tells Postfix that example.com is a called virtual alias domain.

If you omit this setting then Postfix will reject mail or will not be able to deliver it.

NEVER list a virtual alias domain name as a mydestination domain

The /etc/postfix/virtual file contains the virtual aliases.

With the example abovemail for postmaster@example.com goes to the local postmaster.

While mail for info@example.com goes to the UNIX account joe 

and mail for sales@example.com goes to the UNIX account jane.

You then need to run 'postmap' and you may need to restart postfix.

Now you have created the required settings.

In order to create the mailboxfor the user,You have to go to System > Users and Groups >> module config at the bottom

Then tick the box having the option  >>  automatically create the mailbox when a user is created in the system.

Then take the option 'Read user mail' and check whether the mailbox have been created

Defualt Address (Catch-all Email Address)

The default or catch-all address is the one to which all e-mails, addressed to a non-available or mistakenly entered email account at your domain name are routed to.

In case someone sends an email to info@yourdomain.com and you do not have such mailbox, the catch-all option will forward this email to your default email address.

Step 1 : To access the auto responders menu, click on the Default Address icon on the main screen of your cPanel interface.

Step 2 : From the drop-down menu select the (sub)domain for which you would like to set up a default address.

Step 3 : Now you have several options

>> You can forward all unrouted mail to an email address; in this case, you should type in the address in the field.
>> You can discard all unrouted mail with an error to the senders; in this case you should type in the message which will be sent to the senders.
>> From the Advanced Options you can discard all unrouted mail, pipe it to a program or forward it to the system account.

Step 4 : Click Change to apply your settings.

Configuring Spamassassin to show Spam Score in Spam taged messages

To enable and disable Spam Assassin please do the following:

1. Login to cPanel and look in the Mail section
2. Click Spam Assassin™
3. Click Enable SpamAssassin to enable
4. Click Disable SpamAssassin to disable
5. You have now just enabled / disabled Spam Assassin.

Required Score:
0 means everything will be marked as Spam
5 is the default
10 means nothing will be marked as Spam

Just setup Spam Assassin once, and it works for all of the emails on your account.
Spam Assassin will mark your spam so it is easy to notice.
You may not be able to save the Required Score in the drop-down feature.
Instead, you must click the "Configure SpamAssassin" button at the very bottom, change the value for required_score, and then click the "Save" button at the bottom.

Email Filtering with Spam Assassin
=========================
NOTE: You can use Spam Box or Email Filtering to move the spam from your Inbox to another folder.

 1. In your webmail, create a folder called Spam.
 2. In cPanel, go to User Level Filtering.
 3. Next to your email address, click Manage Filters.
 4. Click the Create a new Filter button.
 5. Give the filter a name like SpamAssassin Rule.
 6. Change the "From" drop down to "Spam Status".
 7. Change the "equals" drop down to "begins with".
 8. In the large blank below, type Yes
 9. Change the "Discard Message" drop down to "Deliver to folder".
10. Click the Change button and choose your new Spam folder.
11. Click the Activate button.

Now you can use IMAP and subscribe to the new Spam folder.

Showing the spam score in the subject line of spam taged messages
==============================================
 Go to :
 Exim configuration manager >> filters >> SpamAssassin™: X-Spam-Subject/Subject header prefix for spam emails [?]
 Change the default value to ***SPAM*** Score:$spam_score
 You could also use $spam_score_int if you do not want to see the decimal value.

Spamd and Mailman services Constantly failing !!!

SpamAssassin service (spamd) service is failing due to some reason. When cpanel monitoring service finds spamd down, it restarts spamd and then send you alert email.But spamd is failing too often and so you get a lot of alerts.

You can start the service using the command /scripts/restartsrv_spamd from SSH.
Another possibility is that spamd is broken. Update cpanel software with /scripts/upcp --force from root SSH.

If the issue is still persisting, the main reason seems to be,If it is in a VPS when some resources (mainly memory and buffers) exhaust.
It would be better to check if the VPS is running out of resources.
If it is an OpenVZ vps you can check the file /proc/user_beancounters yourself.
Check if there is any non-zero failcount values. Failcount represents the number of times corresponding resource ran out.

You can cat the logs from the main hardware node :

(Hardwarenode)#cat /var/log/messages |grep 403 (Vps ID) |grep OOM |wc -l

It gives the number of times the vps 403 had ran out of resources(Memory)

You can also cat the logs inorder to further check the issue by :

(Hardwarenode)#cat /var/log/messages |grep 403 (Vps ID)

You can see logs as follows :
========================================================================
Feb 3 13:41:54 linux7 kernel: [939759.629367] OOM killed process spamd (pid=671490, ve=403) exited, free=36243.
Feb 3 13:41:54 linux7 kernel: [939759.815495] OOM killed process spamd (pid=39470, ve=403) exited, free=32484.
Feb 3 13:41:54 linux7 kernel: [939759.851935] OOM killed process spamd (pid=671448, ve=403) exited, free=43210.
Feb 3 13:41:55 linux7 kernel: [939760.480391] OOM killed process mysqld (pid=428345, ve=403) exited, free=42749.
Feb 3 13:41:56 linux7 kernel: [939761.626820] OOM killed process named (pid=201837, ve=403) exited, free=40153.
Feb 3 13:41:57 linux7 kernel: [939762.734085] OOM killed process php (pid=428175, ve=403) exited, free=39938.
Feb 3 13:41:58 linux7 kernel: [939763.665735] OOM killed process spamassassin (pid=428435, ve=408) exited, free=50507.
Feb 4 16:58:50 linux7 kernel: [1037823.607551] OOM killed process spamd (pid=548164, ve=408) exited, free=35391.
435456 [0] DCSZ: 4639363 / 134217728 [0] OOMG: 242382 / inf [189] Dirty 0 Wback 0 Dche 4087 Prnd 966749
Feb 6 22:45:39 linux7 kernel: [1231132.091743] OOM killed process spamd (pid=721601, ve=408) exited, free=84250.
Feb 6 22:45:39 linux7 kernel: [1231132.091768] RAM: 130782 / 131072 [1147] SWAP: 127216 / 131072 [1147] KMEM: 37081088 / 268435456 [0] DCSZ: 4639363 / 134217728 [0] OOMG: 242382 / inf [190] Dirty 0 Wback 0 Dche 4088 Prnd 966749
========================================================================