The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

mailhelo and mailips being cleared by upcp

Discussion in 'E-mail Discussions' started by nyjimbo, Dec 21, 2009.

  1. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Every now and then we find the files /etc/mailhelo and /etc/mailips zeroed out from the information that was there.

    Our upcp is set to manual so there should be no real upcp updating unless we trigger it from WHM or the system console.

    Last night at the normal upcp run time we see that /etc/mailhelo and /etc/mailips zeroed out again.

    We need those files left intact because they provide exim (or whatever reads it) to act as a different IP and different domain name as the normal IP has a "bad reputation" as per IronPort stupid reputation scheme.

    How can be tweak the system so it does not zero out those files. It does it without warning and we cannot send to anyone using the IronPort reputation crap until we go back and copy good mailhelo and mailips over the zeroed out ones and restart exim.
     
  2. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    What cPanel/WHM version?

    [Removed - setting /etc/mailips to immutable can result in several problems, including failed account creation attempts]
     
    #2 sawbuck, Dec 21, 2009
    Last edited by a moderator: Nov 18, 2016
  3. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    cPanel 11.25.0-C42048 - WHM 11.25.0 - X 3.9
    CENTOS 5.2 i686 standard

    thanks for the chattr idea, but I really want to be sure I am doing the right thing. If something needs to blow out mailhelo/mailips or if it doesnt like what it sees for some reason it would be good to know what else I should do.

    I dont want to open a trouble ticket right away as this may be a problem that has occured for others.
     
    #3 nyjimbo, Dec 21, 2009
    Last edited by a moderator: Nov 18, 2016
  4. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    Latest Current is 42213.
     
  5. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    If you wish to customize these files you will need to enable the following options in the Exim Configuration Editor:

    Send HELO based on the domain name in /etc/mailhelo (*: HELONAME can be added to the file to change the default helo name)


    Send outgoing mail from the IP that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)
     
  6. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    We did that months ago. Its just that every now and then they are zeroed out. When we went from 11.24.x to 11.25.x it did it and now last night it did it without any manual updating.
     
  7. cPanelNick

    cPanelNick Administrator
    Staff Member

    Joined:
    Mar 9, 2015
    Messages:
    3,426
    Likes Received:
    2
    Trophy Points:
    38
    cPanel Access Level:
    DataCenter Provider
    Does running /scripts/updateuserdomains (this is the only thing in cpanel that touches the file) cause the files to be zeroed out?
     
  8. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Just ran it now (boy, I hope it doesnt do anything else bad) but it did not affect the two files. The contents remained the same and date stamp is the same.

    I also just restarted EXIM after checking the file sizes just to be sure it wouldnt clear it out later (like when you sometimes delete a log but it doesnt update until you restart the associated app) and it didnt change the files date stamp or size.

    Last night when they zeroed out it the time stamp was the same minute that upcp ran (even though its set for manual) so its something quick.
     
  9. Arvand

    Arvand Well-Known Member
    PartnerNOC

    Joined:
    Jul 26, 2003
    Messages:
    130
    Likes Received:
    1
    Trophy Points:
    18
    I've just verified this. upcp just wiped mailips on all servers even though they had both the options checked in Exim configuration (EHLO and the other one).

    [Removed - setting /etc/mailips to immutable can result in several problems, including failed account creation attempts]
     
    #9 Arvand, Dec 23, 2009
    Last edited by a moderator: Nov 18, 2016
  10. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Was the upcp ran with force, or without force?

    Please let us know the output from the following commands, to confirm OS, cPanel version, and relevant Exim configuration options:
    Code:
    # grep -H '' /etc/*release /usr/local/cpanel/version
    # grep "mailhelo\|mailips" /etc/exim.conf.localopts
    # stat /var/cpanel/custom_mailhelo /var/cpanel/custom_mailips
     
    #10 cPanelDon, Dec 23, 2009
    Last edited: Dec 23, 2009
  11. Arvand

    Arvand Well-Known Member
    PartnerNOC

    Joined:
    Jul 26, 2003
    Messages:
    130
    Likes Received:
    1
    Trophy Points:
    18
    Automatic updates. Not being done with --force.

    root@tiger [~]# grep -H '' /etc/*release /usr/local/cpanel/version
    /etc/redhat-release:CentOS release 5.4 (Final)
    /usr/local/cpanel/version:11.25.0-RELEASE_42399
    root@tiger [~]# grep "mailhelo\|mailips" /etc/exim.conf.localopts
    custom_mailhelo=1
    custom_mailips=1
    per_domain_mailhelo=0
    per_domain_mailips=0
    root@tiger [~]# stat /var/cpanel/custom_mailhelo /var/cpanel/custom_mailips
    File: `/var/cpanel/custom_mailhelo'
    Size: 0 Blocks: 0 IO Block: 4096 regular empty file
    Device: 802h/2050d Inode: 2910168 Links: 1
    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2009-12-22 17:13:26.000000000 -0800
    Modify: 2009-12-22 17:13:26.000000000 -0800
    Change: 2009-12-23 00:45:12.000000000 -0800
    File: `/var/cpanel/custom_mailips'
    Size: 0 Blocks: 0 IO Block: 4096 regular empty file
    Device: 802h/2050d Inode: 2909270 Links: 1
    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2009-12-22 17:13:26.000000000 -0800
    Modify: 2009-12-22 17:13:26.000000000 -0800
    Change: 2009-12-23 00:45:08.000000000 -0800
     
  12. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Mine zeroed out again this morning. Updates are set to manual and we did not do any manual upates. It
    shows the zeroing at the time upcp is set to run. It did not zero out for two days and then it did it this morning.

    Don't know if you want mine too. Manual updates, nothing with force, all done in WHM, not console.

    root@slserver1 [~]# grep -H '' /etc/*release /usr/local/cpanel/version
    /etc/redhat-release:CentOS release 5.2 (Final)
    /usr/local/cpanel/version:11.25.0-CURRENT_42048
    root@slserver1 [~]# grep "mailhelo\|mailips" /etc/exim.conf.localopts
    custom_mailhelo=1
    custom_mailips=1
    per_domain_mailhelo=0
    per_domain_mailips=0
    root@slserver1 [~]# stat /var/cpanel/custom_mailhelo /var/cpanel/custom_mailips
    File: `/var/cpanel/custom_mailhelo'
    Size: 0 Blocks: 0 IO Block: 4096 regular empty file
    Device: 802h/2050d Inode: 361299 Links: 1
    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2009-12-21 08:45:51.000000000 -0600
    Modify: 2009-12-21 08:45:51.000000000 -0600
    Change: 2009-12-21 16:45:01.000000000 -0600
    File: `/var/cpanel/custom_mailips'
    Size: 0 Blocks: 0 IO Block: 4096 regular empty file
    Device: 802h/2050d Inode: 361300 Links: 1
    Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
    Access: 2009-12-21 08:45:51.000000000 -0600
    Modify: 2009-12-21 08:45:51.000000000 -0600
    Change: 2009-12-21 16:45:01.000000000 -0600
    root@slserver1 [~]#
     
    #12 nyjimbo, Dec 24, 2009
    Last edited: Dec 24, 2009
  13. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Thank you both for the details; this is very much appreciated.

    If the issue is persistently recurring please consider submitting a support request so that we can take a closer look at the affected system. When available, please PM me referencing this thread and your new ticket ID number so I may follow-up internally.
     
  14. Arun

    Arun Active Member

    Joined:
    Jan 28, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    /etc/mailips gets emptied

    I use the option:

    Send outgoing mail from the ip that matches the domain name in /etc/mailips (*: IP can be added to the file to change the main outgoing interface)

    However I notice that after the cPanel 11.25 update, the /etc/mailips file gets emptied everyday when the auto upgrade runs. Is there anything to be done to prevent this from happenning?

    cPanel 11.25.0-R42399
     
  15. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,367
    Likes Received:
    5
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
  16. Arun

    Arun Active Member

    Joined:
    Jan 28, 2006
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I notice that the mailips file is now getting emptied more often, even after adding it back after a cpanel update and before the cpanel update runs next
     
  17. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Please submit a support request so that we can inspect the system and investigate the symptoms. When available, please PM me the new ticket ID number so I may follow-up internally.


    To help gather more information and detail I suggest using the audit daemon "auditd" to monitor the files; for RHEL and CentOS this is available when the software package (RPM) "audit" is installed.

    For usage information, I recommend the official manual "man" pages accessible via the following commands:
    Code:
    # man auditd
    # man auditctl
    # man ausearch
    Here are example rules that could be used in an audit daemon "auditd" rules configuration file; at minimum I would use the two rules for "/etc/mailhelo" and "/etc/mailips":
    Code:
    -w /etc/exim.conf.localopts -p war -k eximlocalopts
    -w /etc/mailhelo -p wa -k etcmailhelo
    -w /etc/mailips -p wa -k etcmailips
    -w /var/cpanel/custom_mailhelo -p war -k varcpmailhelo
    -w /var/cpanel/custom_mailips -p war -k varcpmailips
    Here is the auditd rules configuration file path for CentOS5/RHEL5:
    Code:
    /etc/audit/audit.rules
    Here is the auditd rules configuration file path for CentOS4/RHEL4:
    Code:
    /etc/audit.rules
    The audit daemon init script may be found at one of the following paths:
    Code:
    # /etc/rc.d/init.d/auditd
    # /etc/init.d/auditd
    To search the audit logs a command like the following may be used, where "key" should be replaced by the filter key string defined by the option "-k" in the rule configuration:
    Code:
    # ausearch -i -k key
     
  18. cPanelDon

    cPanelDon cPanel Quality Assurance Analyst
    Staff Member

    Joined:
    Nov 5, 2008
    Messages:
    2,557
    Likes Received:
    7
    Trophy Points:
    38
    Location:
    Houston, Texas, U.S.A.
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Friendly Moderator Note

    The above two posts are now merged into the existing larger thread to ease monitoring for new information and help others locate existing information.
     
  19. nyjimbo

    nyjimbo Well-Known Member

    Joined:
    Jan 25, 2003
    Messages:
    1,125
    Likes Received:
    0
    Trophy Points:
    36
    Location:
    New York
    Yep, my Centos box did it again this morning after not doing it yesterday. Same thing, right at upcp time even though we have upcp set to manual.

    I will start a ticket later when I have woke up and got things squared away.
     
  20. Promethyl

    Promethyl Well-Known Member

    Joined:
    Mar 27, 2004
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Could it be it's copying /var/cpanel/custom_mailips over /etc/mailips ?
     
Loading...

Share This Page