Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED Disabling mailman

Discussion in 'Security' started by Spork Schivago, Nov 8, 2016.

Tags:
  1. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    597
    Likes Received:
    63
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Hi,

    I posted in the security thread because I received a security audit and it showed that one of the problems they found with my server is that it's running mailman, again.

    I can't figure out how to prevent URLs like:
    example.com.com/mailman/listinfo/

    from returning valid mailman webpages. I have mailman disabled in WHM. It's not running. qrunner isn't running....I don't see why I can access the mailman pages if it's disabled and I'd like to figure out how to prevent these pages from showing up.

    I thought I asked this before and received an answer but I can't seem to find it now. Any thoughts? Thanks.
     
    #1 Spork Schivago, Nov 8, 2016
    Last edited by a moderator: Nov 9, 2016
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,161
    Likes Received:
    1,933
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello @Spork Schivago,

    I've reproduced this behavior and confirmed that disabling Mailman via "WHM >> Tweak Settings" doesn't automatically remove the following entries from /etc/apache2/conf/httpd.conf on systems using EasyApache 4:

    Code:
    # grep mailman /usr/local/apache/conf/httpd.conf
        Alias /mailman/archives /usr/local/cpanel/3rdparty/mailman/archives/public/
        Alias /pipermail /usr/local/cpanel/3rdparty/mailman/archives/public/
        ScriptAlias /mailman /usr/local/cpanel/3rdparty/mailman/cgi-bin/
    Internal case CPANEL-9722 is open to address this issue, and I'll update this thread with more information on the status of this case as it becomes available. In the meantime, you can create the following file as a temporary workaround:

    Code:
     /usr/local/cpanel/3rdparty/mailman/cgi-bin/.htaccess
    Within this file, add the following lines:

    Code:
    <Limit GET POST>
    order deny,allow
    deny from all
    </Limit>
    
    <Limit PUT DELETE>
    order deny,allow
    deny from all
    </Limit>
    Ensure to remove this file once a resolution is published.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Spork Schivago likes this.
  3. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    597
    Likes Received:
    63
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    Thank you. Because I've only signed up for the free version of the scans on the security auditing website I use, I cannot scan my server at will. It gets scanned automatically once a week. I won't know if this actually fixes the problem or not until they scan me again.

    I remember this solution from before though. I'm certain I've asked this question on here and got the same answer, a while back. I just can't find it. I'm thinking maybe mailman got updated and my .htaccess file got removed. I even remember having to edit the .htaccess file to block the stuff.
     
  4. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    597
    Likes Received:
    63
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    No updates on CPANEL-9722? I noticed the problem still exists. I'm using a ea4_main.local template so I just commented the mailman aliases stuff out in there and rebuilt the Apache2 config file.
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,161
    Likes Received:
    1,933
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    There's no update to report on the status of this case at this time. I'll continue to monitor the case and report back here once we've made some progress.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Spork Schivago likes this.
  6. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    597
    Likes Received:
    63
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
  7. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    45,161
    Likes Received:
    1,933
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To update, this is solved in cPanel version 70 as part of an update to the Mailman RPM:

    Fixed case CPANEL-18479: Update cpanel-mailman to 2.1.25-2.cp1162.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  8. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    597
    Likes Received:
    63
    Trophy Points:
    28
    Location:
    corning, ny
    cPanel Access Level:
    Root Administrator
    AWESOME!!!!!
     
    cPanelMichael likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice