[case 59934] [case 59875] cPanel bug/flaw causing CBL issues

bellwood

Well-Known Member
PartnerNOC
Sep 25, 2012
77
35
143
New York
cPanel Access Level
DataCenter Provider
I currently have a ticket open with cPanel support investigating an issue where by 2 bugs in the system are causing our server's main shared IP to become and remain CBL'd.

The first bug is:
59875 - user accounts owned by a reseller will reference reseller's domain in /etc/mailhelo (instead of account's domain)

This is big problem for our resellers customer's who are themselves resellers.

All their mail ehlo's as their resellers domain and not their own.

The second bug is:
59934 - /etc/mail_reverse_dns "incorrect" when multiple users exist on the same IP address

Whenever a reseller has multiple customers on the same IP, mail is sent from the server's main shared IP instead and ehlo's as the server's hostname. Again bad for our resellers.

This all add's up to our server looking like it's compromised and sending mail from the shared IP and hostname which is causing lots of headaches for us and our customers and down the chain.

As ancillary issue, whenever one of our customers creates and account, the notifications come from the servers main shared IP and hostname, not theirs, so if the server is CBL'd they often don't get them AND it reveals our hostname instead of theirs to their clients.

Again, this has all been conveyed and confirmed via a ticket with cPanel however I'm hoping some additional light and 'spotlight' on the subject may help bring fixes to these obvious problems.

Thank you =)
 

JeffP.

Well-Known Member
Sep 28, 2010
164
15
68
If anyone else notices this issue, please submit a ticket (see my signature below for the link to our helpdesk), and be sure to reference the appropriate case ID(s) in the ticket. This will allow us to add the ticket # to the corresponding case(s), which will continue to allow our developers to see the growing need for these issues to be resolved.

Thanks!
 

bellwood

Well-Known Member
PartnerNOC
Sep 25, 2012
77
35
143
New York
cPanel Access Level
DataCenter Provider
Additional issues are now surfacing as well.

Sender Verify Callbacks are NOT using the clients dedicated IP either, it's using the main servers IP, so since the main IP is CBL'd due to the above, email delivery is GREATLY degraded.

C'mon cPanel PLEASE address this obvious oversight. Email is a vital service for all clients.
 

alphawolf50

Well-Known Member
Apr 28, 2011
186
2
68
cPanel Access Level
Root Administrator
Sender Verify Callbacks are NOT using the clients dedicated IP either, it's using the main servers IP, so since the main IP is CBL'd due to the above, email delivery is GREATLY degraded.
"Sender Verification Callouts" should be disabled, period. "Sender Verification" is fine, it just verifies the domain exists. "Sender Verification Callouts" actually connects to a remote mail server and tries to verify that the account actually exists. This will land you on many blacklists. Disable "Sender Verification Callouts".
 

brianoz

Well-Known Member
Mar 13, 2004
1,146
7
168
Melbourne, Australia
cPanel Access Level
Root Administrator
More detail is listed here: http://forums.cpanel.net/f43/listed-cbl-result-using-send-mail-accounts-dedicated-ip-270432.html

The point is, cPanel's behaviour is incorrect and is getting people's IPs listed on CBL.

Without doing detailed analysis, I'm not 100% sure, but I suspect correct behaviour would be to use the same HELO string for all domains sending out of a particular IP. That fix in itself would alleviate the CBL problem.

Many of us are getting listed, here I am back a year later with the same issue. Could this be looked into further?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,884
2,243
463
Both internal cases referenced in this thread are still open. There is currently no time frame available on when a resolution may be implemented. I have ensured this thread is referenced in both internal cases so our developers can review your specific concerns.

Thank you.
 

andrei_claus

Member
Nov 2, 2012
6
0
1
cPanel Access Level
Root Administrator
Hello,

We are having the same problem and have opened a cPanel ticket.

Our reseller IP's get listed monthly.

I cannot begin to explain the importance of this issue being solved as mail services are an important part of client overall happiness.

We have come to the stage where CBL is going to block our delisting attempts.

Please make any efforts you can to solve this.

have a nice day
 

jack01

Well-Known Member
Jul 21, 2004
200
0
166
Can we have a formal update about this situation? Has 11.40 addressed this problem at all because we are noticing CBL blocks for no apparent reason after updating to WHM 11.40.0 (build 19) - RELEASE (CENTOS 6.4 x86_64).