Totally removing BoxTrapper

richy

Well-Known Member
Jun 30, 2003
274
1
168
Does anyone know how to totally remove Boxtrapper (i.e. from the Mail menu, the Webmail screens, from the exim configuration and from any existing users configurations) reliably?

Why do I want this? Well, BoxTrapper has managed to get one of our servers listed on SORBS blacklist and the only way to get it removed from the list is to either remove BoxTrapper or pay $50 and *hope* it doesn't happen again.
Your mail system appears to use challenge/response to try to fight spam.
Unfortunately it sends the challenges to forged sender addresses found
in spam, and is therefore trying to fix your spam problem by making it
the problem of any unrelated third parties instead.

Many challenge/response systems are misconfigured in this manner. It is
possible to fix this by sending the challenge in the SMTP response code
to the DATA section instead of accepting the message and generating a
bounce.

In general, you can't accept a message these days and generate a bounce
post-reception for just about any reason because the bounce will
invariably go to an address that belongs to somebody who had nothing to
do with the sending of the original message. Spam filters and
challenge/response mechanisms that operate on the premise that the
sender address freely chosen in a message is correct must cease to exist.

With backscatter (responses to forged addresses found in spam) currently
making up 85% of my spam volume (15% actual spam and 85% bounces of all
kinds resulting in spam having been forged in my name, thousands of
unwanted bounce messages every month for already a year now), it is
obvious that these schemes must end.

We will delist the server without the SORBS 'fine' if you confirm that
the challenge/response scheme has been either abandoned or fixed to send
the challenge in the SMTP response code instead, and if abandoned, that
it has not been replaced with any other spam filtering scheme that
causes similar backscatter (such as the Barracuda Spam Firewall, a
spammer's sorry excuse for a spam filter that cannot be configured to do
the right thing under any circumstances).
 

TogaDave

Well-Known Member
Apr 13, 2003
134
0
166
I too would be interested in getting rid of it.

I'm running a "release" version ( WHM 10.6.0 cPanel 10.6.0-R4 ) currently and the feature does not even work, and I've had customers emailing me asking me why it does nothing when they enable it.
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,437
31
473
Go on, have a guess
Have already done the obvious:

Untick WHM > Tweak Settings > Boxtrapper
Untick WHM > Feature Manager > disabled set > Edit > Boxtrapper
 

rs-freddo

Well-Known Member
May 13, 2003
828
1
168
Australia
cPanel Access Level
Root Administrator
Last time I looked you also had to manually remove it from the user email/webmail login interface. Hopefully this has been fixed since last stable....
 

richy

Well-Known Member
Jun 30, 2003
274
1
168
Whilst chirpy's instructions will stop new accounts from creating BoxTrapper accounts, it'll still be active on existing accounts: but with the disadvantage that users cannot modify the whitelist etc.

The first step is to modify /etc/exim.conf to remove the boxtrapper sections (there's around 4 or 5 IIRC), and then run:

rm -rf /var/cpanel/version/boxtrapper
/scripts/eximup --force
/scripts/mailscannerupdate

rm -rfv /home/*/etc/.boxtrapp*
rm -rfv /home/*/etc/.boxtrapp*
rm -rfv /home/*/etc/*/.boxtrapp*
rm -rfv /home/*/etc/*/*/boxtrapp*

(the mailscannerupdate line won't be needed if you aren't running MailScanner)
This appears to have worth well for us without any problems.
 

gflamerich

Well-Known Member
Jul 21, 2003
122
0
166
Boxtrapper still around.

chirpy said:
Have already done the obvious:

Untick WHM > Tweak Settings > Boxtrapper
Untick WHM > Feature Manager > disabled set > Edit > Boxtrapper
Do this worked for anyone?
We disabled everywhere we say boxtrapper at WHM but still see boxtrapper option and can enable it via Canel. Now it's not seen at webmail login page (at least!!!)
 

rsutc

Well-Known Member
Oct 8, 2002
84
0
156
richy said:
Whilst chirpy's instructions will stop new accounts from creating BoxTrapper accounts, it'll still be active on existing accounts: but with the disadvantage that users cannot modify the whitelist etc.

The first step is to modify /etc/exim.conf to remove the boxtrapper sections (there's around 4 or 5 IIRC), and then run:

rm -rf /var/cpanel/version/boxtrapper
/scripts/eximup --force
/scripts/mailscannerupdate

rm -rfv /home/*/etc/.boxtrapp*
rm -rfv /home/*/etc/.boxtrapp*
rm -rfv /home/*/etc/*/.boxtrapp*
rm -rfv /home/*/etc/*/*/boxtrapp*

(the mailscannerupdate line won't be needed if you aren't running MailScanner)
This appears to have worth well for us without any problems.
Well, it turns out to be more complicated than that. Even after doing this, some accounts are still sending out chanllenges. I'm not sure how. Moreover, a rebuild of Exim will restore the boxtrapper parts in the .conf file. And, whenever mailscanner crashes, I have to rebuild exim and the boxtrapper sections are back. Hmmm. Does the absense of the boxtrapper sections cause the mailscanner crash? Is there any more light?

Rick
 

siya

Member
Sep 28, 2006
22
0
151
Boxtrapper issues

I am sure, no one will like to use boxtrapper if they come to know how it actually works. I wonder, why can't cpanel provide an option to remove boxtrapper completely from the server, if it is disabled in whm. Or at least, why can't someone from cPanel tell us the exact steps to be followed to remove boxtrapper completely from a server in all sense.
 

PeteC

Well-Known Member
May 8, 2003
106
1
166
Texas
cPanel 10.9.0 S65 Forcing BoxTrapper to be Available

I am sure, no one will like to use boxtrapper if they come to know how it actually works. I wonder, why can't cpanel provide an option to remove boxtrapper completely from the server, if it is disabled in whm. Or at least, why can't someone from cPanel tell us the exact steps to be followed to remove boxtrapper completely from a server in all sense.
And now, to make matters worse, I updated to cPanel 10.9.0 S65 and all servers show BoxTrapper icons in cPanel and if you click those icons it's totally functional. I've always had BoxTrapper disabled on these servers (in Tweak settings, and in the "Disabled" feature list). So now cPanel is forcing BoxTrapper to be available and functional to users even though I explicitly check all the options to make it unavailable.:mad: Hopefully I'm missing something here, because I'm not happy...
 

PeteC

Well-Known Member
May 8, 2003
106
1
166
Texas
PeteC: how did u get to cPanel 10.9.0 S65 ?
the highest stable version is cPanel 10.9.0 S58 !
S65 is listed now in the versions. It was released Nov. 11, which was the same day I upgraded. hopefully there will be another Stable release to shut off boxtrapper before long. I can only hope...
 

XPerties

Well-Known Member
Apr 10, 2003
401
0
166
New Jersey, USA
You know it pisses me off when cPanel decides to enable stuff on servers. You guys have no freakin right to enable anything. Shown in my screenshot looks to be cpanel pro yet everything has and was disabled but yet it still shows up.

This needs to be fixed so this crap add-ons can be removed.
 

Attachments

PeteC

Well-Known Member
May 8, 2003
106
1
166
Texas
You know it pisses me off when cPanel decides to enable stuff on servers. You guys have no freakin right to enable anything. Shown in my screenshot looks to be cpanel pro yet everything has and was disabled but yet it still shows up.

This needs to be fixed so this crap add-ons can be removed.
BoxTrapper is the addon from Hell. No matter how much we hate it and try to remove it, it just keeps coming back.

Until/unless cPanel does something about it, I just edited these two files:

x.html
bluelagoon.html

They are in this directory:

/usr/local/cpanel/base/frontend/x/cpanelpro

You need to find the boxtrapper code and wrap it with cpanelif so the end result is like so:

Code:
<cpanelif !$CONF{'skipboxtrapper'} $CPDATA{'FEATURE-BOXTRAPPER'}>
   <cpanelfeature cpanelpro_boxtrapper>
   <cpanelcell align="center" valign="top">
   <td class=index2 width="75" nowrap><a href="cpanelpro/boxtrapper.html"><img border="0" src="mainicons/email.gif" width="32" height="32"></a><br>
      <br>
      <a href="cpanelpro/boxtrapper.html">Boxtrapper</a>
   </td>
   </cpanelcell>
   </cpanelfeature>
</cpanelif>
That removes it from the user's cPanel anyway.
 

sneader

Well-Known Member
Aug 21, 2003
1,195
65
178
La Crosse, WI
cPanel Access Level
Root Administrator
Why is PRO even showing up?

I believe the above suggestion only gets rid of BoxTrapper... my problem is that Stable 65 enabled CPANEL PRO. I do not have PRO "installed and keep updated" even checked under Addon Modules, nor do I have boxtrapper, leech protect, virus scanning, support ticket, or any of this stuff enabled... but it's all showing up on my customer's cPanel. Heck, I don't even have these things enabled in Feature Manager.

How do I get rid of cPanel Pro?

- Scott

cPanel Ticket # 164047
 

sparek-3

Well-Known Member
Aug 10, 2002
2,042
230
368
cPanel Access Level
Root Administrator
I have created a guide detailing how to remove Boxtrapper from the Exim configuration. You can read the guide at:

http://www.spareknet.org/howtos/boxtrapper.php

By doing this, it would not make any difference as to whether or not your end users had the ability to configure Boxtrapper. Messages just would not be picked up by Boxtrapper entirely. I have used this set up on several of our servers and never had any issues with Boxtrapper.
 

boeki

Active Member
Jan 30, 2004
32
0
156
instead of commenting, i delete the boxtrapper lines (including related lines below it) but whenever there is a cpanel update or when i edit exim.conf via whm, the boxtrapper lines are put back in place.

will just commenting prevent it from appearing again?
 

sparek-3

Well-Known Member
Aug 10, 2002
2,042
230
368
cPanel Access Level
Root Administrator
I don't think just a cpanel update will overwrite the exim.conf file, maybe if a new exim is built as part of the cpanel update, but I've never experienced this. Perhaps if you have automatic updates enabled, then this may happen. I run manual updates, so I cannot give any information regarding automatic updates.

But commenting out the lines and deleting the lines is really the same thing. I chose to comment them out, really for no apparent reason. I suppose so that you can always go back into the exim.conf file and remove the # symbols to reinstate boxtrapper. In my practice it is always best to comment out lines rather than delete them, especially if you are not sure what removing them will do. Say you are coding a program, but you don't think you need a certain line. If you comment out the line, you've done the same action as deleting it, but then if you later decide you need that line, all you have to do is remove the comments around that section of code. However, if you delete that line of code, then decide you need, you no longer have that line of code and have to rewrite it (and hope you can remember it).

But no, commenting out the lines will not offer any benefits versus deleting the lines.