Tweak Settings Security Checklist - Missing Options?

jerdoggmckoy

Active Member
Jun 3, 2013
36
0
6
St Paul, MN
cPanel Access Level
Root Administrator
In trying to follow the recommended security options here: Recommended Security Settings Checklists - I find that some things are no longer applicable such as the SecurityTokens.

Under Cookie IP Validation, it says if turning this on "you should also disable proxy domains." However, there is no proxy domain options, only proxy subdomain options. I'm assuming this is what was meant, turning off the "Proxy subdomains"?

Also, it is recommended to "Block Common Domains Usage", however, I cannot find that feature either.

And finally, I cannot find any Bounce option for:

Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?

Thanks in advance for any help!
 

24x7server

Well-Known Member
Apr 17, 2013
1,894
91
78
India
cPanel Access Level
Root Administrator
In trying to follow the recommended security options here: Recommended Security Settings Checklists - I find that some things are no longer applicable such as the SecurityTokens.

Under Cookie IP Validation, it says if turning this on "you should also disable proxy domains." However, there is no proxy domain options, only proxy subdomain options. I'm assuming this is what was meant, turning off the "Proxy subdomains"?
For this you will have to disable "Proxy subdomains" and "Proxy subdomain creation" in your tweak setting

Also, it is recommended to "Block Common Domains Usage", however, I cannot find that feature either.
You can enabled "Prevent cPanel users from creating specific domains" on your server to block common domains Usage
Prevent cPanel users from creating a Parked or Addon domain that is listed in /usr/local/cpanel/etc/commondomains or /var/cpanel/commondomains. Recommended.

And finally, I cannot find any Bounce option for:

Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?

Thanks in advance for any help!
Yes, You use "Fail" and "Blackhole" options
“Blackhole” accepts and processes the message but then silently discards it
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
And finally, I cannot find any Bounce option for:

Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?
Yes, "fail is the preferred option over "blackhole". Per it's description:

“Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.

Thank you.