Reverse DNS does not match SMTP Banner

UPDATE: WHM/cPanel removed support for in version 11.50, so changes below are not valid for versions 11.50+

https://documentation.cpanel.net/display/ALD/11.50+Release+Notes#id-11.50ReleaseNotes-/etc/mail_reverse_dnsremoved

 

If you make an SMTP test on http://mxtoolbox.com you might be getting a following error shown in the test results “Reverse DNS does not match SMTP Banner”.

This error is showing because your SMTP greeting message is not matching the PTR records for the IP of the SMTP server used in test.

Following files need to be used and configured properly, for SMTP banner to match reverse DNS records.

/etc/mailhelo
/etc/mailips
/etc/mail_reverse_dns
/etc/exim.conf

Configure Exim to use mailhelo and mailips file

Go to WHM to Home »Service Configuration »Exim Configuration Manager and in Basic Editor on Domains and IPs tab set following settings:

Send mail from account’s dedicated IP address: OFF
Reference /etc/mailhelo for outgoing SMTP HELO: ON
Reference /etc/mailips for outgoing SMTP connections: ON

Configure necessary values in configuration files

Edit or create  /etc/mail_reverse_dns file and set the following in it for needed IPs.

x.x.x.x: rdns of the IP x.x.x.x
y.y.y.y: rdns of IP y.y.y.y

Edit or create /etc/mailhelo file and set following in it for the domains that you want to setup SMTP banner for.

example.com: reverse dns of the IP used for example.com domain
*: default SMTP HELO for unconfigured domains

Edit or create /etc/mailips file and set following in it:

example.com: x.x.x.x #x.x.x.x is the IP used for outgoing mail for domain example.com
*: y.y.y.y #y.y.y.y is the default IP that will be used for unconfigured domains

Configure exim.conf to use correct SMTP Banner

Following values need to be configured in exim.conf for SMTP Banner to be set to rDNS values set in /etc/mail_reverse_dns.

smtp_active_hostname
message_id_header_domain
smtp_banner

Be default only smtp_banner is set on cPanel servers, and it has a different value then needed.

[email protected] [~]# egrep "smtp_active_hostname|message_id_header_domain|smtp_banner" /etc/exim.conf
smtp_banner = "${primary_hostname} ESMTP Exim ${version_number} \

smtp_banner will probably look like this on your cPanel server.

"${primary_hostname} ESMTP Exim ${version_number}  \#${compile_number} ${tod_full} \n   We do not authorize the use of this system to transport unsolicited, \n   and/or bulk e-mail."
Configure values in exim.conf over shell

Locate the line smtp_banner and change its value so it looks like following:

smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number} \"

Add smtp_active_hostname line value to exim.conf to look line following:

smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}

Add message_id_header_domain line to exim.conf to look like following:

message_id_header_domain = $smtp_active_hostname

In the end related values in exim.conf should look like this:

[email protected] [~]# egrep "smtp_active_hostname|message_id_header_domain|smtp_banner" /etc/exim.conf
smtp_banner = "${smtp_active_hostname} ESMTP Exim ${version_number} \"
smtp_active_hostname = ${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}
message_id_header_domain = $smtp_active_hostname

Restart exim with /scripts/restartsrv_exim and SMTP tests should now pass without the SMTP banner warning.

Configure values in exim.conf over WHM

In your WHM go to Home »Service Configuration »Exim Configuration Manager and go to Advanced Editor.

Search for the smtp_banner field and change default value to:

"${smtp_active_hostname} ESMTP Exim ${version_number} \"

 

Edit smtp_banner in WHM
Edit smtp_banner in WHM

Find the “Add additional configuration setting” button and add two new configuration settings smtp_active_hostname and message_id_header_domain.

additional configuration settings
Add additional configuration setting in WHM

For smtp_active_hostname set the following value:

${lookup{$interface_address}lsearch{/etc/mail_reverse_dns}{$value}{$primary_hostname}}

For message_id_header_domain set the following value:

$smtp_active_hostname

References:

https://forums.cpanel.net/threads/easy-fix-your-smtp-banner-smtp-greeting-and-reverse-dns-for-dedicated-ips.391311/

https://forums.cpanel.net/threads/exim-banner-mail-headers-and-resellers-with-own-ip.100697/

cdp_io processes stuck, causing high load or filling up disk space

R1Soft CDP Agent can sometimes have issues with its backup agent dying, and leaving its cdp_io processes running.

This can cause issues with high load on the server, disk space on the server being filled up by CDP agent, or backup policies on CDP server failing, as they won’t be able to start due to stuck cdp_io processes.

If you do ps auxf | grep cdp you might see a lot of processes like this.

root      587475  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:20 cdp_io/1/0

root      587481  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:14 cdp_io/1/1

root      587482  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/2

root      587483  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:13 cdp_io/1/3

root      587487  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:13 cdp_io/1/4

root      587488  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:13 cdp_io/1/5

root      587490  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/6

root      587557  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/7

root      587603  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/8

root      587604  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/9

root      587605  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/10

root      587607  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/11

root      587613  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:13 cdp_io/1/12

root      587691  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:13 cdp_io/1/13

root      587699  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:12 cdp_io/1/14

root      587710  0.0  0.3 2136156 128260 ?      Ss   Dec19   0:13 cdp_io/1/15

Trying to kill those processes with kill -9 will yield no results, and processes will be left running.

Doing a Google search on similar issues returns two possible options to kill those processes, and resolve any possible issues caused by them.

http://wiki.r1soft.com/display/CDP/Solved+Issue+of+CDP+Agent+Dying+During+Backup+Process

http://www.webhostingtalk.com/showthread.php?t=1331701

Three possible options to kill the stuck processes are:

  1. Reboot of the device where cdp_io processes are stuck.
  2. Doing a complete remove, and reinstall of CDP agent.
    NOTE: yum reinstall will not work, you need to remove the packages completely, and install them again.
  3. Doing an update of CDP agent to new version, if newer version is available.

On RedHat-compatible distributions, update to a new version can be made by issuing yum update serverbackup*, or in some cases yum update r1soft* command in shell of the device with CDP agent.

Remove and reinstall CDP agent on RedHat-compatible distributions.

To completely remove, and install CDP agent again, first check what CDP agent packages you have installed on your device.

Check currently installed version.

Currently installed CDP agent packages can be checked with rpm -qa | egrep "serverbackup|r1soft", which will show currently installed serverbackup packages, or r1soft packages, depending on which naming version of the packages you have installed on your machine.

[~]# rpm -qa | egrep "serverbackup|r1soft"
serverbackup-enterprise-agent-5.10.1-8.x86_64
serverbackup-async-agent-2-6-5.12.0-21.x86_64
serverbackup-agent-5.12.0-21.x86_64
serverbackup-setup-5.12.0-21.x86_64

Remove and reinstall CDP agent packages.

Remove CDP agent packages with yum remove serverbackup* or yum remove r1soft*, depending on which packages are installed on your machine.

After you remove the packages, all cdp_io processes should be removed, and any load or disk space usage that was caused by the processes will go down.

Reinstall CDP agent packages again with yum install command on packages you had installed before removal.

For example, for the output of rpm -qa | egrep “serverbackup|r1soft” in the example above, you will run the following command.

[~]# yum install serverbackup-agent serverbackup-async-agent-2-6 serverbackup-enterprise-agent serverbackup-setup

..

YUM fails in clean CentOS 7 install, Exiting on user cancel

If you are installing CentOS 7, you might get an issue with yum update exiting, when it starts downloading packages with the message  Exiting on user cancel even though you haven’t pressed any key, or did anything else that might have cancelled the process.

This seems to be a known bug on Red Hat Enterprise Linux / CentOS 7.1, but it happened on version 7.0.1406 for me.

https://bugzilla.redhat.com/show_bug.cgi?id=1091740

[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.0.1406 (Core)

After running yum update it would connect to repository any resolve all the dependencies, and list all the packages that need to be updated, but once you would confirm the download, it would initiate download of packages, and then failed with the message indicating that the process was interrupted from keyboard.

Transaction Summary
=================================================================================================================================
Install    8 Packages (+6 Dependent packages)
Upgrade  202 Packages

Total size: 203 M
Total download size: 194 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
Traceback (most recent call last):
  File "/usr/libexec/urlgrabber-ext-down", line 75, in 
    main()
  File "/usr/libexec/urlgrabber-ext-down", line 61, in main
    fo = PyCurlFileObject(opts.url, opts.filename, opts)
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1258, in __init__
    self._do_open()
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1589, in _do_open
    self._do_grab()
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1723, in _do_grab
    self._do_perform()
  File "/usr/lib/python2.7/site-packages/urlgrabber/grabber.py", line 1517, in _do_perform
    raise KeyboardInterrupt
KeyboardInterrupt


Exiting on user cancel

After running bash -c 'yum clean metadata && yum upgrade' as suggested on CentOS forums, yum has downloaded all the packages, and upgraded to latest CentOS version

https://www.centos.org/forums/viewtopic.php?t=47372

[[email protected] ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)

Alternate solution

Another possible solution, to this might be to edit /usr/lib/python2.7/site-packages/urlgrabber/grabber.py file, and change the line number 1510 as below:

Change “elif errcode in (42, 55, 56):” to “elif errcode == 42:”

https://infologs.wordpress.com/2015/01/25/url-grabber-error-on-yum-updateinstall-on-centos7/

Install ClamAV on RHEL/CentOS 7, and configure clamd

ClamAV on RedHat Enterprise Linux (RHEL) and CentOS 7 can be installed from Extra Packages for Enterprise Linux (EPEL) repository.

One liner to install EPEL repo, ClamAV packages, and correct configuration files.

yum -y install epel-release; yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd; sed -i '/^Example$/d' /etc/freshclam.conf; sed -i '/^Example$/d' /etc/clamd.d/scan.conf; sed -i -e 's/#LocalSocket \/var\/run\/clamd.scan\/clamd.sock/LocalSocket \/var\/run\/clamd.scan\/clamd.sock/g' /etc/clamd.d/scan.conf; sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam; systemctl enable [email protected]; freshclam; systemctl start [email protected]; systemctl status [email protected];

If everything is OK, output should end something like this.

Downloading daily.cvd [100%]
daily.cvd updated (version: 20882, sigs: 1566229, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 268, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (3990501 signatures) from database.clamav.net (IP: 104.131.196.175)
[email protected] - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled)
   Active: active (running) since Sun 2015-09-06 09:24:37 EDT; 16ms ago
 Main PID: 707 (clamd)
   CGroup: /system.slice/system-clamd.slice/[email protected]
           └─707 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes

Sep 06 09:24:37 test.demo.local systemd[1]: Started Generic clamav scanner daemon.
Sep 06 09:24:37 test.demo.local clamd[707]: clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 06 09:24:37 test.demo.local clamd[707]: Running as user clamscan (UID 998, GID 997)
Sep 06 09:24:37 test.demo.local clamd[707]: Log file size limited to 1048576 bytes.
Sep 06 09:24:37 test.demo.local clamd[707]: Reading databases from /var/lib/clamav
Sep 06 09:24:37 test.demo.local clamd[707]: Not loading PUA signatures.
Sep 06 09:24:37 test.demo.local clamd[707]: Bytecode: Security mode set to "TrustSigned".
[[email protected] ~]#

ClamAV Installation details:

Install EPEL repo:

EPEL can be installed from CentOS Extras repository, which is enabled by default, with the following command.

yum -y install epel-release

In case epel-release package is not available for any reason, it can be installed from Webtatic or Fedora servers, with following commands.

rpm -Uvh https://mirror.webtatic.com/yum/el7/epel-release.rpm

or

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
Install ClamAV packages:

Once EPEL is installed ClamAV packages can be installed with the following command.

yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Once all necessary packages have been installed, freshclam.conf file needs to be edited, for ClamAV update to work.

Correct freshclam.conf file:

Default installation will return the following error when “freshclam” command is run, due to file being marked as example config file.

# freshclam
ERROR: Please edit the example config file /etc/freshclam.conf
ERROR: Can't open/parse the config file /etc/freshclam.conf

Error is caused by the following section in the freshclam.conf configuration file.

## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.
##

# Comment or remove the line below.
Example

As specified in the file, last line in this snippet, needs to be removed, or commented out, in order for “freshclam” command to work.
Line can be removed with the following command.

sed -i '/^Example$/d' /etc/freshclam.conf
Enable automatic Updates:

By default freshclam cronjob is disabled, and last line needs to be removed or commented out from /etc/sysconfig/freshclam in order for automatic updates to run.

[[email protected] ~]# cat /etc/sysconfig/freshclam
## When changing the periodicity of freshclam runs in the crontab,
## this value must be adjusted also. Its value is the timespan between
## two subsequent freshclam runs in minutes. E.g. for the default
##
## | 0 */3 * * *  ...
##
## crontab line, the value is 180 (minutes).
# FRESHCLAM_MOD=

## A predefined value for the delay in seconds. By default, the value is
## calculated by the 'hostid' program. This predefined value guarantees
## constant timespans of 3 hours between two subsequent freshclam runs.
##
## This option accepts two special values:
## 'disabled-warn'  ...  disables the automatic freshclam update and
##                         gives out a warning
## 'disabled'       ...  disables the automatic freshclam silently
# FRESHCLAM_DELAY=


### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
FRESHCLAM_DELAY=disabled-warn   # REMOVE ME
[[email protected] ~]#

Lines can be removed with following command.

sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam
Correct scan.conf file:

Same needs to be done for scan.conf file

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##


# Comment or remove the line below.
Example

Following command removes the line from scan.conf file.

sed -i '/^Example$/d' /etc/clamd.d/scan.conf

We also need to define the socket file.
If we try to run clamd, following error is returned.

[[email protected] ~]# clamd -c /etc/clamd.d/scan.conf
ERROR: Please define server type (local and/or TCP).
[[email protected] ~]#

Checking the scan.conf file, we see socket file is commented out.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
#LocalSocket /var/run/clamd.scan/clamd.sock

Comment can be removed with following command.

sed -i -e 's/#LocalSocket \/var\/run\/clamd.scan\/clamd.sock/LocalSocket \/var\/run\/clamd.scan\/clamd.sock/g' /etc/clamd.d/scan.conf

 

MySQLTuner Couldn’t find mysqladmin in your $PATH

If you try to run MySQLTuner on a default RHEL/CentOS 7 minimal install, you will receive an error due to “which” command not being found.

In order to resolve the error you need to add “which” to your CentOS/RHEL installation, or use the “–mysqladmin” switch to point to mysqladmin executable when running mysqltuner.pl.

When you try to execute MySQLTuner, you will receive a message like this:

# perl mysqltuner.pl
Can't exec "which": No such file or directory at mysqltuner.pl line 905 (#1)
(W exec) A system(), exec(), or piped open call could not execute the
named program for the indicated reason. Typical reasons include: the
permissions were wrong on the file, the file wasn't found in
$ENV{PATH}, the executable in question was compiled for another
architecture, or the #! line in a script points to an interpreter that
can't be run for similar reasons. (Or maybe your system doesn't support
#! at all.)

Use of uninitialized value $mysqladmincmd in scalar chomp at mysqltuner.pl line
907 (#1)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.

To help you figure out what was undefined, perl will try to tell you
the name of the variable (if any) that was undefined. In some cases
it cannot do this, so it also tells you what operation you used the
undefined value in. Note, however, that perl optimizes your program
anid the operation displayed in the warning may not necessarily appear
literally in your program. For example, "that $foo" is usually
optimized into "that " . $foo, and the warning will refer to the
concatenation (.) operator, even though there is no . in
your program.

Use of uninitialized value $mysqladmincmd in -e at mysqltuner.pl line 908 (#1)
Use of uninitialized value $mysqladmincmd in -e at mysqltuner.pl line 913 (#1)
[!!] Couldn't find mysqladmin in your $PATH. Is MySQL installed?

If you check the reported lines in mysqltuner.pl file, you will see that reported variable mysqladmincmd is found by looking for path of mysqladmin with “which mysqladmin” command.

# sed -n '905p;908p;913p' mysqltuner.pl
        $mysqladmincmd = `which mysqladmin`;
    if ( !-e $mysqladmincmd && $opt{mysqladmin} ) {
    elsif ( !-e $mysqladmincmd ) {

You can install “which” with following command.

yum -y install which

After installing the rpm, you will be able to execute mysqltuner.pl file.

Alternative to installing “which” is to run MySQLTuner with “–mysqladmin” switch and define the path to mysqladmin executable.

# perl mysqltuner.pl --help
   MySQLTuner 1.6.0 - MySQL High Performance Tuning Script
   Bug reports, feature requests, and downloads at http://mysqltuner.com/
   Maintained by Major Hayden ([email protected]) - Licensed under GPL

   Important Usage Guidelines:
      To run the script with the default options, run the script without arguments
      Allow MySQL server to run for at least 24-48 hours before trusting suggestions
      Some routines may require root level privileges (script will provide warnings)
      You must provide the remote server's total memory when connecting to other servers

   Connection and Authentication
      --host     Connect to a remote host to perform tests (default: localhost)
      --socket     Use a different socket for a local connection
      --port         Port to use for connection (default: 3306)
      --user     Username to use for authentication
      --pass     Password to use for authentication
      --mysqladmin   Path to a custom mysqladmin executable
      --mysqlcmd     Path to a custom mysql executable

      --noask              Dont ask password if needed

   Performance and Reporting Options
      --skipsize           Don't enumerate tables and their types/sizes (default: on)
                           (Recommended for servers with many tables)
      --skippassword       Don't perform checks on user passwords(default: off)
      --checkversion       Check for updates to MySQLTuner (default: don't check)
      --forcemem     Amount of RAM installed in megabytes
      --forceswap    Amount of swap memory configured in megabytes
      --passwordfile Path to a password file list(one password by line)
   Output Options:
      --silent             Don't output anything on screen
      --nogood             Remove OK responses
      --nobad              Remove negative/suggestion responses
      --noinfo             Remove informational responses
      --debug              Print debug information
      --dbstat             Print database information
      --idxstat            Print index information
      --nocolor            Don't print output in color
      --buffers            Print global and per-thread buffer values
      --outputfile   Path to a output txt file

      --reportfile   Path to a report txt file

      --template     Path to a template file

On CentOS 7 path to mysqladmin executable is “/usr/bin/mysqladmin”.

This is an example of a command which runs MySQL tuner, by manually specifying MySQL user and password, and path to mysqladmin executable.

perl mysqltuner.pl --user root --pass yourpassword --mysqladmin /usr/bin/mysqladmin
%d bloggers like this: