Changes:

• Modified MailWatch to better cope with a remote MySQL database


• Removed Dynaloader from Msfe.pm as cPanel no longer provide it in their perl distribution

If you're running either of the listed builds above, then you could have a broken MTA.

For some bizarre reason, cPanel decided to add a new feature that breaks the standard MTA configuration of sending out all email on a servers main IP address. Their change is to send it out on the IP address of the sending domain. This means that unless all your rDNS PTR records for all of your servers IP addresses are set to your hostname a large number of receiving MTA's on the internet will either treat incoming email as spam or simply bounce it.

In their wisdom, cPanel have made this massive MTA change as the new default in EDGE and CURRENT, changing the status quo without your knowledge or indeed control. You cannot currently disable this change and revert back to the way the MTA should work.

In the short term, you can delete /etc/mailips and add a line to /scripts/postupcp to remove that file, however this still leaves a window between upcp running /scripts/updateuserdomains and /scripts/postupcp running when your outgoing email could be broken.

Apparently this change was made to benefit the use of SPF records. Since that technology has proven to provide little or no benefit, and there are no requirements whatsoever in the MTA RFC's to use SPF, it seems bizarre that cPanel has taken this route as their default configuration.

Note: MTA ~ SMTP Server

Changes:

• Fixed a bug with LT_POP3D and LT_IMAPD introduced in v2.88 which broke login tracking


• Modified relay tracking to not ignore RELAYHOST IP's


• Modified LF_SSH_EMAIL_ALERT to not ignore RELAYHOST IP's


• LF_SUHOSIN will now skip matches for "script tried to increase memory_limit"

Changes:

• Modified csf -dr option to delete advanced filter IP matches as well as simple matches in csf.deny

Changes:

• Added new CLI option to csf, -g --grep will search the iptables chains for a specified match which is either explicit or part of a CIDR


• Added WHM UI option for csf --grep


• Added new CLI option to csf, -dr --denyrm will remove an IP address from csf.deny and unblock it


• Added WHM UI option for csf --denyrm

Changes:

• Added csf.suignore file where you can list usernames that are ignored during the LF_EXPLOIT SUPERUSER test


• New option PT_LOAD_ACTION added that can contain a script to be run if PT_LOAD triggers an event. See csf.conf for more information


• Added SUPERUSER check to Server Check Report


• Added Suhosin check to Server Check Report

If you're using perl scripts on your server that use LWP and suddenly find them failing with connections to https resources with the following type error:


then you've probably got LWP v5.811 installed which breaks SSL connections! The author fixed the problem he created after about two days with v5.812 but the damage was done on many servers. cPanel have put a hold back on cpan module updates for LWP to v5.810 but if your servers already upgraded LWP then you'll need to either upgrade it manually from the cpan source to v5.812 or downgrade to v5.810.

» Read More

Changes:

• Allow comments after IP addresses in csf.dyndns


• Added new login failure option LF_SUHOSIN which detects alert messages and blocks the attacker IP after the configured number of matches


• Added a new exploit check for non-root superuser accounts


• Added a new configuration option LF_EXPLOIT_CHECK which allows you to configure which tests are performed by LF_EXPLOIT

Changes:

• New version of MailScanner v4.68.8

Changelog:
http://sourceforge.net/project/shownotes.php?release_id=592112

Upgrade through WHM MSFE.