Remove Apache ServerAlias setting for mail.domain.tld?

[thowden]

Hi All

Reviewing the Apache configuration on a server WHM 70.x I noted that the httpd.conf file includes ServerAlias setting for "mail.clientdomain.tld" even when the DNS explicitly is set for remote mail and the "mail" host record is pointed to an external server / service IP address or cname.

My understanding is that Apache will never respond to that ServerAlias.

Looking at the Apache template:

/var/cpanel/templates/apache2_4/ssl_vhost.default

the values are populated from %vhost.serveralias_array variable and that I guess is populated from the account create process with a new account.

Is there a method to change the setup so that the "mail." entry is removed from the Apache config ?

Thanks

Tony

 

[cPanelMichael]

Hello Tony,

First, you'll want to exclude the "mail" alias from the AutoSSL system using the SSL/TLS Status option in cPanel:

SSL TLS Status - Version 70 Documentation - cPanel Documentation

You can then setup "mail.domain.tld" using the Subdomains option in cPanel. This automatically generates a separate virtual host for the "mail" subdomain and removes the existing "mail.domain.tld" entry from the ServerAlias line in the previous Virtual Host it was a part of. You can then update it's DNS record to suit your preference.

If you'd like to disable mail as a serveralias entry at creation time for new domain names, then you'd need to follow the steps referenced on the following thread:

Disable default www entry for all subdomains and hostname

Thank you.

 

[jhawkins003]

If you'd like to disable mail as a serveralias entry at creation time for new domain names, then you'd need to follow the steps referenced on the following thread:

Disable default www entry for all subdomains and hostname

Sorry for reviving a relatively antique post, but wanted to get a quick bit of clarification!

We are looking to accomplish this precise thing, but the thread linked seems to contain instructions for disabling all generated serveralias entries? We don't want that. In our case, www entries need to be retained.

We wish to simply remove auto-generation of 'mail' aliases from our configuration as we do not route mail through cPanel and the dead entries continuously make AutoSSL throw a large quantity of nightly errors due to the number of dead mail.* domains. It seems the www/mail serveralias entries are combined in an array?

 

[cPanelMichael]

Hello @jhawkins003,

You could setup a script that makes use of the following UAPI function to exclude the "mail" alias from the AutoSSL feature:

UAPI Functions - SSL::add_autossl_excluded_domains - Developer Documentation - cPanel Documentation

Here's an example command to exclude a "mail" subdomain from AutoSSL:

uapi --user=username SSL add_autossl_excluded_domains domains=mail.domain.tld

Once your script is developed, you can either run it regularly as part of a cron job, or configure it to run as a hook for the post stage of the following actions:

Accounts::Create
Cpanel::Api1::Park::park
Cpanel::Api2::AddonDomain::addaddondomain

You can read more about standardized hooks at:

Guide to Standardized Hooks - Developer Documentation - cPanel Documentation

This is the preferred method over modifying the Apache templates globally.

Thank you.

 

[jhawkins003]

@cPanelMichael Thanks!! Thats a great solution.

We we are deciding now whether to go the AutoSSL API route - or to deploy another script that trims the mail.domain.tld subdomain records from within /var/cpanel/userdata - perhaps via hook following account creation.

Admittedly - our preference is to solve this problem as close to the core issue of the unnecessarily created mail.* subdomains as possible and not play whack a mole on other services if we don't have to. :D

 

[cPanelMichael]

Hi @jhawkins003,

The API/Hook approach is a cleaner solution because the changes are fully supported. Modifying the contents of the userdata files is unsupported and thus could lead to problems down the road should something change in the way the userdata files are configured.

Thank you.