AntiRelayd...Please Help!!!

gegervision

Active Member
Aug 10, 2002
31
0
156
Apparently after last nights updates shown the change logs below:

Exim updated to 4.69-5
Support for checking SPF and DomainKeys at SMTP time
Removed Antirelayd from init script
Updated init scripts to include --max-spare support for spamd
Patch libspf2 to address segfaults on x86-64 machines
Updated init scripts to use cPanel scripts to restart spamd

I can longer get AntiRelayd to restart and it will NOT write my alwaysrelay hosts file to relayhosts. This change now affect over 350 of my users whereby we take care of mail for their Exchange server. This is a major issue for us.

I called the Planet hosting where my servers are located and they were not aware of such a major change. They are opening a support ticket as well with cPanel to get a resolution.

Does anyone know of a work around for this issue?
 

gegervision

Active Member
Aug 10, 2002
31
0
156
Before we were able put hosts allowed to relay in the "alwaysrelay" file and the daemon would update "relayhosts" with those IPs. Now that is not happening...so how do I get my allowed relay IPs into "relayhosts." If I manually put them into "relayhosts" they get written over the second I close the file.

The Planet has opened a a ticket but I can't wait for their help. This is affect 350 Exchange server users.
 

dwykofka

Well-Known Member
Aug 6, 2003
394
3
168
This is a Major issue for me as well. All of our large customers that use exchange and relay via our servers can no longer send outbound email.

I have some very pissed off customers!
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Before we were able put hosts allowed to relay in the "alwaysrelay" file and the daemon would update "relayhosts" with those IPs. Now that is not happening...so how do I get my allowed relay IPs into "relayhosts." If I manually put them into "relayhosts" they get written over the second I close the file.

The Planet has opened a a ticket but I can't wait for their help. This is affect 350 Exchange server users.
Thank you for that information. I've filed a report with the developers about the matter.
 

dwykofka

Well-Known Member
Aug 6, 2003
394
3
168
I have downgraded several of my servers in order to get my customers back online.

in update config:
Switch to Stable

Then force a upcp

Then restart exim a couple of times (not sure why but it takes me 3-4 restarts to get it going).

Additionally I backed up my /etc/alwaysrelay files just in case.
 

gegervision

Active Member
Aug 10, 2002
31
0
156
Could there be any adverse affects in downgrading to "Stable" version? My concern is causing more issues than we all have right now.

The real resolutions is for the developers to fix this ASAP as I'm sure it's affecting more users than they know. Downgrading is a quick fix but not long term because once the Stable build gets updated with these new settings we back in the same place we are right now.

All we need is the ability for some file whether /etc/alwaysrelay that will write safe IPs to the relayshosts.

I'm guessing since we have no other responses in this post that there is no simple resolution outside of downgrading to the Stable build.

Yikes!!!
 

gegervision

Active Member
Aug 10, 2002
31
0
156
I downgraded as well to Stable build and am now backup and running. What a relief!!

I also notice that the new Release build add new DNS entries for ever host and overwrote ones I needed.

i.e. - for one of my Exchange 2003 I used webmail.theirdomain.com/exchange so I would have to retrain them where to go. Well the new release update overwrote my webmail A record with their new settings. They also added a new entry A record for whm.

THis is not good as who know what they are overwriting.
 

dwykofka

Well-Known Member
Aug 6, 2003
394
3
168
I dont have any overwritten DNS records but that "SCARES" me.

we have TONS of custom offsite dns a records for customers. If they are overwritten we will spend hours and hours trying to re-enter them.

Would a Staff member please comment on this?
 

cPanelNick

Administrator
Staff member
Mar 9, 2015
3,481
35
208
cPanel Access Level
DataCenter Provider
Could there be any adverse affects in downgrading to "Stable" version? My concern is causing more issues than we all have right now.

The real resolutions is for the developers to fix this ASAP as I'm sure it's affecting more users than they know. Downgrading is a quick fix but not long term because once the Stable build gets updated with these new settings we back in the same place we are right now.

All we need is the ability for some file whether /etc/alwaysrelay that will write safe IPs to the relayshosts.

I'm guessing since we have no other responses in this post that there is no simple resolution outside of downgrading to the Stable build.

Yikes!!!
The /etc/alwaysrelay functionality will be restored in tonight's builds.
 

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
It's part of the Proxy Access feature:

Automatically create cpanel, webmail, webdisk and whm proxy subdomain DNS entries for new accounts. When this is initially enabled it will add appropriate proxy subdomain DNS entries to all existing accounts. (Use /scripts/proxydomains to reconfigure the DNS entries manually)
This feature is enabled by default in Tweak Settings. If one enters Tweak Settings after the upgrade and saves the Tweak Settings without unticking the boxes for the Proxy access feature appropriate A records are added to the zone files.. Hence DNS records for cpanel, whm, webdisk and whm will be added to all primary domains.
 
Last edited:

cPanelKenneth

cPanel Development
Staff member
Apr 7, 2006
4,607
79
458
cPanel Access Level
Root Administrator
Let me rephrase my statement:

This feature is enabled by default.

Should be:

This feature is enabled by default in Tweak Settings.

Meaning: this feature is only enabled if you go into Tweak Settings after the upgrade to 11.23 and save the Tweak Settings without unticking the boxes for the Proxy access feature.

If no subdomain exists for a webmail A record (or cpanel, whm, etc) that record will be over-written.
 

dwykofka

Well-Known Member
Aug 6, 2003
394
3
168
Is this going to be addressed?

We have a dns cluster with thousands of named records. I would estimate that almost 20% of them have custom DNS entries. Losing all the custom entries would be devisating for our company and many others.
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
The only A records that get changed are the cpanel/whm/webdisk/webmail subdomains for the primary domain of each account.

They are only changed when no subdomain of the same name has already been created in cPanel. The only way this might cause a problem is if you went in and manually added one of these same subdomains to the DNS zone instead of using cPanel to create it as a proper subdomain.

So....If you did some manual zone manipulation to add webmail/webdisk/whm/cpanel subdomains before this feature was available you can (a) allow the new proxydomains to overwrite those DNS entries and use the new system, (b) add those subdomains in cPanel so they won't get overwritten and add your custom redirects back on the new subdomains, or (c) go into TweakSettings make sure proxydomains are turned off and save.
 

dwykofka

Well-Known Member
Aug 6, 2003
394
3
168
Example:
I edited /var/named/domaina.com.db
I added an A Record called "Exchange"
I saved the file and reloaded named

When the proxydns script runs will exchange.domaina.com disapear?
 

jdlightsey

Perl Developer III
Staff member
Mar 6, 2007
126
2
243
Houston Texas
cPanel Access Level
Root Administrator
It should not disappear.

The only scenario where the A record might change would be...

Before cPanel 11.23:

- Add an account domain.com
- Go into DNS zone editor and add webmail.domain.com pointing to a different IP address than domain.com
- Upgrade to 11.23
- Turn on ProxyDomains in tweaksettings


In this scenario the IP address for webmail.domain.com will change to match domain.com's and if you go to http://webmail.domain.com you should get a login for the webmail interface.

If you find that the proxy domains changes are altering any subdomain A records other than cpanel/webmail/whm/webdisk, it probably indicates some other problem is at work.