The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Problems updating cPGreyList Common Mail Providers

Discussion in 'E-mail Discussions' started by Spork Schivago, Jul 4, 2016.

Tags:
  1. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    269
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Hello,

    cron runs upcp and I get an e-mail just about every day. I can't remember not getting one every day so it might be every day I get an e-mail report. Anyway, lately, there's been a line that I've noticed and I don't think it should be there. This is the part I'm talking about:

    Code:
    [2016-07-04 01:01:39 -0400]    - Processing command `/usr/local/cpanel/scripts/detect_env_capabilities`
    [2016-07-04 01:01:39 -0400]   Updating cPGreyList Common Mail Providers
    [2016-07-04 01:01:39 -0400]    - Processing command `/usr/local/cpanel/scripts/manage_greylisting --init --update_common_mail_providers`
    [2016-07-04 01:01:39 -0400]      [15953] [*] Initializing database for the cPanel Greylist service.
    [2016-07-04 01:01:39 -0400]      [15953] [+] Initializing database successfully completed.
    [2016-07-04 01:01:39 -0400]      [15953] [*] Updating Common Mail Providers List …
    [2016-07-04 01:01:42 -0400]      [15953] [!] Failed to update Common Mail Providers list: Cpanel::Exception/(XID s4q7cp) Failed to download the latest common mail provider IP address data: Signature verification failed for URL 'http://httpupdate.cpanel.net/common_mail_providers/common_mail_provider_ips.json'. Invalid signature. Please see https://go.cpanel.net/sigerrors for further information about this error.
    [2016-07-04 01:01:42 -0400]      [15953]
    [2016-07-04 01:01:42 -0400]      [15953]  at /usr/local/cpanel/Cpanel/GreyList/CommonMailProviders.pm line 57.
    [2016-07-04 01:01:42 -0400]      [15953]        Cpanel::GreyList::CommonMailProviders::__ANON__(__CPANEL_HIDDEN__...) called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 103
    [2016-07-04 01:01:42 -0400]      [15953]        Try::Tiny::try(CODE(0x35a4878), Try::Tiny::Catch=REF(0x34d56b0)) called at /usr/local/cpanel/Cpanel/GreyList/CommonMailProviders.pm line 58
    [2016-07-04 01:01:42 -0400]      [15953]        Cpanel::GreyList::CommonMailProviders::fetch_latest_data() called at /usr/local/cpanel/scripts/manage_greylisting line 152
    [2016-07-04 01:01:42 -0400]      [15953]        scripts::manage_greylisting::__ANON__() called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 78
    [2016-07-04 01:01:42 -0400]      [15953]        eval {...} called at /usr/local/cpanel/3rdparty/perl/522/lib64/perl5/cpanel_lib/Try/Tiny.pm line 71
    [2016-07-04 01:01:42 -0400]      [15953]        Try::Tiny::try(CODE(0x2547a98), Try::Tiny::Catch=REF(0x34d54e8)) called at /usr/local/cpanel/scripts/manage_greylisting line 205
    [2016-07-04 01:01:42 -0400]      [15953]        scripts::manage_greylisting::update_common_mail_providers(undef) called at /usr/local/cpanel/scripts/manage_greylisting line 70
    [2016-07-04 01:01:42 -0400]      [15953]        scripts::manage_greylisting::run("--init", "--update_common_mail_providers") called at /usr/local/cpanel/scripts/manage_greylisting line 23
    [2016-07-04 01:01:42 -0400]      [15953]
    [2016-07-04 01:01:42 -0400]   76% complete
    
    Is this a problem I should be worried about and is there a fix? I'd like to fix it if I can. Any idea as to why the signature verification is failing for URL? I'm running 56.0.24.

    Thanks!
     
  2. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    120
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Over the past month, I have seen so many problems with the Keyring servers not validating the services they are designed to protect, I ended up disabling the Signature validation in Tweak Settings.

    I could see no pattern to the keyring server signature failures, it just looked like someone had forgotten to update them, as they all seemed to sort themselves out if one waited long enough (up to a week in one instance).

    Either there is something seriously wrong with the keyring server synchronization, or whoever is in charge of them is not paying due care and attention (sorry guys - it's just the way it appears to be from my viewpoint)
     
  3. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    269
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Thank you for the reply. If this is in fact the case, it's a bit of a relief in a way, because it'd suggest there's no break-ins or anything on my server. It'd be nice to see the issue fixed, if that's what's happening here. It'd also be nice if there was away to test to see if that's the problem or not, so in the future, we know for certain what's going on.

    I just wanted to make sure it wasn't like some man-in-the-middle attack or something weird like that, you know?
     
  4. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    120
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    Spork Schivago likes this.
  5. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    269
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Thank you rpvw! It seems cPanel has been dealing with this issue for a bit of time now and still might not have the problem fixed. At least they'll know that other people are still experiencing this problem and that it doesn't appeared to be fixed yet. Thanks!
     
  6. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    120
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I absolutely agree with you that we need this issue sorting out.

    If we have security related features, we need to have confidence in them working and not have to start from the position that the failure report is probably another false positive.

    Security feature failures of this nature do more harm than good as users either switch them off (guilty), or ignore them because they have been desensitized by seeing all the false positives.

    I am always predisposed to want to believe that the cPanel team have got this right, and are being let down by third party software/hardware - nevertheless, if it isn't going to work in its current format, let's look for some alternative solution o_O
     
    Spork Schivago likes this.
  7. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    269
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I'm guilty for the second option there and usually start assuming they're false positives. Right now would be the perfect time for someone to try and actually take advantage of some sort of exploit they discovered with the signatures. I don't know if a man-in-the-middle attack is a possibility, but I'd imagine there's some sort of vulnerability these signatures prevent. If someone was trying to take advantage of one of those vulnerabilities, we might not know. It might just be chalked up to this known issue and someone might be told to ignore it because it's being worked on.

    For me, I think I'm semi-okay. I ask, okay, what isn't happening? Something with the cPGreyList common mail providers isn't getting updated properly. I think that's okay for my server. I have greylisting turned off. I believe one of my add-on programs (like ldf or csf) handle this and instructed me to turn it off because of conflicts. If the error message was for some other updates, I'd be worrying a lot more.
     
  8. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    269
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    I believe this problem is now fixed. I got an upgrade to 11.56.0.25 last night (or early this morning) and it seems like I'm no longer receiving the error message.
     
  9. Spork Schivago

    Spork Schivago Well-Known Member

    Joined:
    Jan 21, 2016
    Messages:
    269
    Likes Received:
    20
    Trophy Points:
    18
    Location:
    corning, ny
    cPanel Access Level:
    Website Owner
    Sorry, I was wrong. The problem still exists.
     
  10. rpvw

    rpvw Well-Known Member

    Joined:
    Jul 18, 2013
    Messages:
    120
    Likes Received:
    34
    Trophy Points:
    28
    Location:
    Spain
    cPanel Access Level:
    Root Administrator
    I confirm that the update Common Mail Providers worked for one day without error, but has now reverted to the Invalid signature error.

    I have tried using the 'Release Keyring Only' AND the 'Release and Development Keyrings' - BOTH trigger the Invalid signature error.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm unable to reproduce this issue on a test server. Could you open a support ticket using the link in my signature if the issue persists? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    654
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello @rpvw,

    I've not seen additional feedback to this thread or reference to a support ticket. I'm marking the thread as resolved, however feel free to let us know of any additional issues.

    Thank you.
     
Loading...

Share This Page