Tweak Settings Security Checklist - Missing Options?

[jerdoggmckoy]

In trying to follow the recommended security options here: Recommended Security Settings Checklists - I find that some things are no longer applicable such as the SecurityTokens.

Under Cookie IP Validation, it says if turning this on "you should also disable proxy domains." However, there is no proxy domain options, only proxy subdomain options. I'm assuming this is what was meant, turning off the "Proxy subdomains"?

Also, it is recommended to "Block Common Domains Usage", however, I cannot find that feature either.

And finally, I cannot find any Bounce option for:

Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?

Thanks in advance for any help!

 

[24x7server]

In trying to follow the recommended security options here: Recommended Security Settings Checklists - I find that some things are no longer applicable such as the SecurityTokens.

Under Cookie IP Validation, it says if turning this on "you should also disable proxy domains." However, there is no proxy domain options, only proxy subdomain options. I'm assuming this is what was meant, turning off the "Proxy subdomains"?

For this you will have to disable "Proxy subdomains" and "Proxy subdomain creation" in your tweak setting

Also, it is recommended to "Block Common Domains Usage", however, I cannot find that feature either.

You can enabled "Prevent cPanel users from creating specific domains" on your server to block common domains Usage

Prevent cPanel users from creating a Parked or Addon domain that is listed in /usr/local/cpanel/etc/commondomains or /var/cpanel/commondomains. Recommended.

And finally, I cannot find any Bounce option for:

Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?

Thanks in advance for any help!

Yes, You use "Fail" and "Blackhole" options

“Blackhole” accepts and processes the message but then silently discards it

 

[jerdoggmckoy]

Awesome, thank you for the help!

 

[cPanelMichael]

And finally, I cannot find any Bounce option for:

Initial default/catch-all forwarder destination
Selecting Bounce for this option causes the server to automatically discard unroutable email sent to your server's new accounts. This option is the best at protecting your server against mail attacks.

The only options are System account, fail or Blackhole. I'm assuming "Fail" is the best option now?

Yes, "fail is the preferred option over "blackhole". Per it's description:

“Blackhole” accepts and processes the message but then silently discards it. This avoids notifying the remote SMTP server but violates SMTP RFC 5321 and generally should not be used.

Thank you.