How To Block A Domain From Sending Email From My cPanel Server

We face this problem many times, even we mostly get this kind of issue when a user who is getting hacked a lot and the account is sending out spam emails. In that case, If you want to disable just his account from being able to send mail at all until he can get his script updated or changed. So here’s how we can do it:

First, in root SSH, run these commands:

touch /etc/blockeddomains
echo “” >> /etc/blockeddomains

Please replace with the domain name. Do not replace the “” part as that’s required, only the part with the right domain name.

In WHM > Exim Configuration Editor > Advanced Configuration Editor -> Click on “Add additional configuration setting” -> Add::

domainlist blocked_domains = lsearch;/etc/blockeddomains

Locate the “ROUTERS CONFIGURATION” section, and right below these lines:

driver = redirect
require_files = “+/etc/demouids”
condition = “${if eq {${lookup {$originator_uid} lsearch {/etc/demouids} {$value}}}{}{false}{true}}”
data = :fail: demo accounts are not permitted to relay email

Put the following lines:


driver = redirect
# RBL Blacklist incoming hosts
domains = blocked_domains
data = :fail: Connection rejected: SPAM source $domain is manually blacklisted.

Set Up DNS for Office 365 in cPanel

To set up Microsoft Office 365, login to cPanel, then add/update the following DNS records for the domain(s) in question: 300 MX 0 3600 TXT MS=ms000000
autodiscover 3600 CNAME 3600 TXT “v=spf1 ~all”
_sip 3600 SRV 100 1 443
_sipfederationtls 3600 SRV 100 1 5061
sip 3600 CNAME
lyncdiscover 3600 CNAME

  • The MS record shown in red is a number supplied by Microsoft as part of the verification rocess.
  • The MX record contains the domain name as a prefix, with periods replaced by hyphens.

Then, change the Email Routing setting down the bottom to “Remote Mail Exchanger”.

Resetting Root Password Using Rescue Mode

It’s been a million dollar question for anyone who is stuck and don’t remember the root password, If you are not able to reset the password for your Linux Server then you will need to place the server into rescue mode and chroot the file system of the server and run passwd to update the root password. Sounds easy? Let me show you how 🙂

  1. Place Server into Rescue Mode or If you have no idea how to do that then ask your hosting provider to do that for you.
  2. Connect to the rescue mode server using ssh as normally you do.
  3. It is always suggested to run ‘fsck’ (File System check) every time you get. It will save you hassles of it automatically running during a reboot, causing boot time to take longer than expected.

This could be either /dev/sda1 or /dev/sdb1 depending on your setup.

I will be using /dev/sda1 in the reset of the example:

fsck -fyv /dev/sda1

This will force a file system check (f flag), automatically respond ‘yes’ to any questions prompted(y flag), and display a verbose output at the very end(v flag).

Mounting the file system:

a. Make a temporary directory:

mkdir /mnt/rescue

b. Mount to that temp directory

mount /dev/sda1 /mnt/rescue
chroot /mnt/rescue

4. We are going to use ‘chroot’. chroot allows you to set the root of the system in a temporary environment.

5. Now that we are chroot-ed into your original drive, all you have to do is run ‘passwd’ to update your root password on the original Server’s hard drive.


(This will prompt you for your new password twice, and then update the appropriate files.)

6. Exit out of chroot mode.


7. Unmount your original drive

umount /mnt/rescue

8. Exit out of SSH and Exit Rescue Mode.

How To Set Up Clustered Nameservers With cPanel

As important as DNS is to web hosting, it is a good idea to make it redundant when possible. If you have two or more cPanel servers, you can use cPanel’s DNS clustering to lower the risk of a DNS failure on a nameserver taking down all of your sites. Here’s how to set that up:

Step One: Enable Clustering For Each Server

First, click over to Configure Cluster in WHM on each server. In the Modify Cluster Status box, select Enable DNS clustering. Click the Change button.

Step Two: Configure The Primary Nameserver

On the first server, scroll down to Add a new server to the cluster. The type will be cpanel. Click Configure. This will take you to the cPanel DNS Remote Configuration page.
In Remote cPanel & WHM DNS service, put the hostname or IP address of the second nameserver. Next, in Remote server username, put the username of the nameserver. While this can sometimes be reseller, in most cases it will be root.

In the next area, Remote server access hash, you will need to put the ssh public key of the other server. To find that key, go to the Manage root’s SSH Keys page in the second server’s WHM. Click Generate a New Key. On the next page, leave the password blank and click the Generate Key button. cPanel will issue a warning about the security of an SSH key without a password, but unfortunately it is needed for this sort of automation. (It is only a security risk if someone gains root access to your server, by which point your server’s security will already have been compromised.)

Still on the second server, click back to Manage root’s SSH Keys. Then click View/Download Key under the Public Keys: heading. This will take you to the key which you will then copy back to the first server, in the Remote server access hash field.

Uncheck the Setup Reverse Trust Relationship checkbox.

Set the DNS role of the server to Write-only. Click Submit.

Step Three: Repeat Step Two, Only Backwards

Step Three is going through the same process as Step Two, only reversing the servers. Also, role of the server should be set to Standalone instead of Write-Only.

Adding DNS Zones

There is one quirk of this system: DNS zones for domains will have to be added on the Write-Only server. So when creating cPanel accounts on the Standalone server, make sure to add the DNS for the domain to the Write-Only server.


cPanel Optimize Website No longer working

When client tries to enable or disable “Optimize Website” in cPanel, this error is shown:

OptimizeWS::optimizews(,) failed: Modification of non-creatable array value attempted, subscript -1 at /usr/local/cpanel/Cpanel/ line 104, <HC> line 52.

Here is a Solution:

To be certain you are not over-writing any existing data:

# mv /home/[cPanel user]/.htaccess /home/[cPanel user]/.htaccess.bak
# echo > /home/[cPanel user]/.htaccess; chown [cPanel user].[cPanel user] /home/[cPanel user]/.htaccess

cPanel >> Software/Services >> Optimize Website should work as expected once there is an existing .htaccess file with some content in /home/[cPanel user]/.htaccess

Let me know if anything else is needed, i’ll make sure it get fixed for you.


How To Optimise MySQL & Apache On cPanel/WHM

On this optimization process we will go over the Apache core configuration and modules that are part of Apache core. We think that with the correct settings of Apache and MySQL you can get excellent results and the correct level of resource use without installing third-party proxy and cache modules. So let’s start,


Apache & PHP

In the first stage we run the Easy Apache and selected the following:

* Apache Version 2.4+

* PHP Version 5.4+

* In step 5 “Exhaustive Options List” select

– Deflate

– Expires

– MPM Prefork

– MPM Worker

After Easy Apache finished go to your WHM » Service Configuration » Apache Configuration » “Global Configuration” and set the values by the level of resources available on your server.

Apache Directive 	 	(From 2GB memory or less and up to 12GB memory) 	 	

StartServers 	 	 	4 	 	8 	 	16 	
MinSpareServers 	 	4 	 	8 	 	16 	
MaxSpareServers 	 	8 	 	16 	 	32 	
ServerLimit 	 	 	64 	 	128 	 	256 	
MaxRequestWorkers 	 	50 	 	120 	 	250 	
MaxConnectionsPerChild 	 	1000 	 	2500 	 	5000 
Keep-Alive			On		On		On
Keep-Alive Timeout	 	5	 	5	 	 5
Max Keep-Alive Requests		50	 	120	 	120
Timeout				30		60		60


Now go to WHM » Service Configuration » Apache Configuration » Include Editor » “Pre VirtualHost Include” and allow users minimal cache and data compression to allow the server to work less for the same things by pasting the code below into the text field.

# Cache Control Settings for one hour cache
<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=3600, public"

<FilesMatch ".(xml|txt)$">
Header set Cache-Control "max-age=3600, public, must-revalidate"

<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=3600, must-revalidate"

# Mod Deflate performs data compression
<IfModule mod_deflate.c>
<FilesMatch ".(js|css|html|php|xml|jpg|png|gif)$">
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE no-gzip


Go to WHM » Service Configuration » “PHP Configuration Editor” and set the parameters according to your needs:

– memory_limit

– max_execution_time

– max_input_time



For MySQL you need to update the configuration file that usually in /etc/my.cnf

Best config base on 1 core & 2GB memory MySQL 5.5:

    local-infile = 0
    max_connections = 250
    key_buffer = 64M
    myisam_sort_buffer_size = 64M
    join_buffer_size = 1M
    read_buffer_size = 1M
    sort_buffer_size = 2M
    max_heap_table_size = 16M
    table_cache = 5000
    thread_cache_size = 286
    interactive_timeout = 25
    wait_timeout = 7000
    connect_timeout = 15
    max_allowed_packet = 16M
    max_connect_errors = 10
    query_cache_limit = 2M
    query_cache_size = 32M
    query_cache_type = 1
    tmp_table_size = 16M


    max_allowed_packet = 16M
    key_buffer = 64M
    sort_buffer = 64M
    read_buffer = 16M
    write_buffer = 16M


Best config base on 8 core & 12GB memory (Shared server) MySQL 5.5:

max_connections = 600
key_buffer_size = 512M
myisam_sort_buffer_size = 64M
read_buffer_size = 1M
table_open_cache = 5000
thread_cache_size = 384
wait_timeout = 20
connect_timeout = 10
tmp_table_size = 256M
max_heap_table_size = 128M
max_allowed_packet = 64M
net_buffer_length = 16384
max_connect_errors = 10
concurrent_insert = 2
read_rnd_buffer_size = 786432
bulk_insert_buffer_size = 8M
query_cache_limit = 5M
query_cache_size = 128M
query_cache_type = 1
query_prealloc_size = 262144
query_alloc_block_size = 65535
transaction_alloc_block_size = 8192
transaction_prealloc_size = 4096
max_write_lock_count = 8


max_allowed_packet = 16M

key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M

key_buffer = 384M
sort_buffer = 384M
read_buffer = 256M
write_buffer = 256M

#### Per connection configuration ####
sort_buffer_size = 1M
join_buffer_size = 1M
thread_stack = 192K


Repair & optimize databases then restart MySQL:

mysqlcheck --check --auto-repair --all-databases
mysqlcheck --optimize --all-databases
/etc/init.d/mysql restart


Security & Limit Resources


Install CSF (ConfigServer Security & Firewall) at:

1) Go to WHM » Plugins » ConfigServer Security & Firewall » “Check Server Security” And pass on what appears as required to repair:

2) Go to WHM » Plugins » ConfigServer Security & Firewall » “Firewall Configuration” and set the parameters according to your needs:






Now enjoy your new fast and more effective server.

How To Change The Primary IP Address Of A WHM/cPanel Server

Steps in WHM:

  • Log into WHM and go to Basic cPanel & WHM Setup
  • Change the Primary IP here with the option that says “The IP address (only one address) that will be used for setting up shared IP virtual hosts
  • Note: This might not actually be necessary.

Log in to SSH, and do the following:

  1. Edit /etc/sysconfig/network-scripts/ifcfg-eth0
    • Change the IPADDR and GATEWAY lines to match the new IP and Gateway for the new ip
  2. Edit /etc/sysconfig/network
    • Change the GATEWAY line here if it does not exist in the ifcfg-* file.
  3. Edit /etc/ips
    • Remove the new primary IP from this file if it is present
    • Add the old primary IP to this file with the format <IP address>:<Net Mask>:<Gateway>
  4. Edit /var/cpanel/mainip
    • Replace the old primary IP with the new primary IP
  5. Edit /etc/hosts
    • Replace the old primary IP with the new one if needed. The hostname’s dnswill need to be updated too
  6. Restart the network service to make the new IP the primary
    • service network restart
    • Note: You’re probably going to be disconnected at this point, and have to log in to ssh using the new primary ip.
  7. Restart the ipaliases script to bring up the additional IPs
    • service ipaliases restart
  8. Run ifconfig and make sure all IPs show up correctly
  9. Update the cpanel license to the new primary IP
  10. Verify you can still log in to WHM and there is no license warning

How to Install ClamAV and Configure Daily Scanning on CentOS

ClamAV is an open source (GPL) antivirus engine designed for detecting Trojans, viruses, malware and other malicious threats on Linux. In this article, we will only be configuring ClamAV to run scheduled/on-demand scans; not resident scans.

A. Install ClamAV

1. Install EPEL repo

Before we can do proceed, you must ensure that you have the EPEL yum repository enabled.

The EPEL repo is enabled by simply installing an RPM. Please use the command below to install the EPEL repository on your CentOS server.

CentOS 6 – 32-bit

 CentOS 6 – 64-bit

 CentOS 5 – 32-bit

 CentOS 5 – 64-bit

After running the above commands for your relevant CentOS version, the following file is created:


The above file can be edited directly to enable or disable the EPEL repo.

2. Install required packages
yum install clamav clamd
3. Start the clamd service and set it to auto-start
chkconfig clamd on
/etc/init.d/clamd start
4. Update ClamAV’s signatures

Note: ClamAV will update automatically, as part of /etc/cron.daily/freshclam.

B. Configure Daily Scan

In this example, we will configure a cronjob to scan the /home/ directory every day:

1. Create cron file:
vim /etc/cron.daily/manual_clamscan

Add the following to the file above. Be sure to change SCAN_DIR to the directory that you want to scan:


/usr/bin/clamscan -i -r $SCAN_DIR >> $LOG_FILE

Give our cron script executable permissions:

chmod +x /etc/cron.daily/manual_clamscan

You can even run the above script to ensure that it works correctly.

Internet Protocol (IPv4) Subnet Chart

Ths is an Internet Protocol (IPv4) Subnet Chart. You can use this to quickly look up how your might need to subnet your network. At the bottom there is a quick how-to on calculating subnets.

For more information on subnetting, see RFC 1817 and RFC 1812.

Class address ranges:

  • Class A = to
  • Class B = to
  • Class C = to


Reserved address ranges for private (non-routed) use (see RFC 1918):

  • ->
  • ->
  • ->


Other reserved addresses:

  • is reserved for loopback and IPC on the local host
  • -> is reserved for multicast addresses


Chart notes:

  • Number of Subnets – “( )” Refers to the number of effective subnets, since the use of subnet numbers of all 0s or all 1s is highly frowned upon and RFC non-compliant.
  • Number of Hosts – Refers to the number of effective hosts, excluding the network and broadcast address.



Class A

Network Bits Subnet Mask Number of Subnets Number of Hosts
/8 0 16777214
/9 2 (0) 8388606
/10 4 (2) 4194302
/11 8 (6) 2097150
/12 16 (14) 1048574
/13 32 (30) 524286
/14 64 (62) 262142
/15 128 (126) 131070
/16 256 (254) 65534
/17 512 (510) 32766
/18 1024 (1022) 16382
/19 2048 (2046) 8190
/20 4096 (4094) 4094
/21 8192 (8190) 2046
/22 16384 (16382) 1022
/23 32768 (32766) 510
/24 65536 (65534) 254
/25 131072 (131070) 126
/26 262144 (262142) 62
/27 524288 (524286) 30
/28 1048576 (1048574) 14
/29 2097152 (2097150) 6
/30 4194304 (4194302) 2


Class B

Network Bits Subnet Mask Number of Subnets Number of Hosts
/16 0 65534
/17 2 (0) 32766
/18 4 (2) 16382
/19 8 (6) 8190
/20 16 (14) 4094
/21 32 (30) 2046
/22 64 (62) 1022
/23 128 (126) 510
/24 256 (254) 254
/25 512 (510) 126
/26 1024 (1022) 62
/27 2048 (2046) 30
/28 4096 (4094) 14
/29 8192 (8190) 6
/30 16384 (16382) 2


Class C

Network Bits Subnet Mask Number of Subnets Number of Hosts
/24 0 254
/25 2 (0) 126
/26 4 (2) 62
/27 8 (6) 30
/28 16 (14) 14
/29 32 (30) 6
/30 64 (62) 2

Supernetting (CIDR) Chart

  • CIDR – Classless Inter-Domain Routing.
  • Note: The Number of Class C networks must be contiguous.
    For example, represents the following block of addresses:,, and

Class C

CIDR Block Supernet Mask Number of Class C Addresses Number of Hosts
/14 1024 262144
/15 512 131072
/16 256 65536
/17 128 32768
/18 64 16384
/19 32 8192
/20 16 4096
/21 8 2048
/22 4 1024
/23 2 512

Stopping or Preventing Email Spam

The following is a list of ways Ameravant Web Hosting helps clients from the ongoing battle against Email Spam.

The items below only apply if you are an Ameravant client with the C-Panel web hosting Control Panel.

If you have your Email address posted on your web site, Internet spammers can crawl your site and copy your Email address into their system.
HOW: To prevent this Ameravant can encrypt your Email address on your web site so visitors can view and click the link but spammers cannot see the link.

There is a feature called Box Trapper that comes with Ameravant Web Hosting. When Box Trapper is activated, anyone sending an Email to your Email address would get a reply Email asking them to click a link and verify they are a real person. Once they click that link they get put on your White List and you receive their Email, and all future Emails from them. Because spammers are automated systems & don’t reply to Emails, they are never added to your White List. The following link offers more information on this feature,
HOW: Here is a link showing you how to set up Box Trapper,
SpamAssassin is widely used by Email Service Providers, like Ameravant. SpamAssassin will allow you to filter your Email and remove spam before you check your email.
HOW: From the home page of your Control Panel, click the “SpamAssassin” icon. Then click the “Enable” button next to SpamAssassin. Once SpamAssassin is turned on, you can tighten the default settings. The average Score setting is 5. You can reduce this to 4 or 3. This number represents how many tests an Email fails before it is considered spam. If you are concerned that reducing the Score will delete legitimate Email, you can enable “Spam Box” from this same page. This will direct all spam into a separate folder in your Webmail system. You can occasionally visits that folder to see if any legitimate Email is there.

Blacklisting domains or individual Email accounts will prevent spam Email from getting into any Email account at your domain. Here is a tip. If you are getting spam Email that indicates it is From your Email account and To your Email account, you can blacklist your own Email address to prevent the spammers from sending this type of Email spam to you.
HOW: You can set blacklist domains or Email addresses from your Control Panel. Click the Spam

Words or Phrases: Any filters(word or phrases) you create in this area will effect all Email accounts for your domain. If you see Words in your spam Email that clearly identify them as spam, you can put these words in your Spam Filter. For example if I put the word “penis” in my spam filter, all future Emails with the word penis will be automatically deleted, redirected to another Email account or moved to a spam folder. You get to choose the action for each word you put in your Spam Filter.
HOW: In your Control Panel, click the “Account Level Filtering” icon. Then click the “Create a new Filter” button

Any filters(word or phrases) you create in this area will affect only your individual Email account. If you see Words in your spam Email that clearly identify them as spam, you can put these words in your Spam Filter. For example if I put the word “penis” in my spam filter, all future Emails with the word penis will be automatically deleted, redirected to another Email account or moved to a spam folder. You get to choose the action for each word you put in your Spam Filter.
HOW: In your Control Panel, click the “User Level Filtering” icon. Then click the “Manage Filters” text next to the Email account you want to apply filters.

DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease.
HOW: From the home page of your Control Panel, click the “Email Authentication” icon. Then click the “Enable” button next to DomainKeys.

SPF will specify which Email Servers are authorized to send email from your domain(s). This means that only mail sent through your Email server will appear as valid mail from your domain(s) when the SPF records are checked. This prevents what is known as “Spoofing”, where spam Email appears to be coming from your domain.
HOW: From the home page of your Control Panel, click the “Email Authentication” icon. Then click the “Enable” button next to SPF.

If you are using an antivirus/antispam program on your local computer, most of them have spam filters that work with your local Email application. Check with your vendor to see how to filter out spam locally.

The most difficult type of spam to prevent is the Email that has an image in the body of the Email. When that image becomes visible it is reporting back to the spammer that your Email address is valid. After validation you can be sure more spam is on the way.
HOW: To prevent this type of image validation, many Email program have a feature where you are not able to view images in your Email unless you identify that Email/Email Address as a Friend. Outlook 2007 offers this feature. Check with your Email application provider to see if they offer this feature and how to activate it.

Unless you use the Box Trapper feature described above, it is impossible to prevent all spam from coming into your Email account. Sadly, it’s part of our new online culture.