How To Protect Your cPanel Server Against CVE-2016-1531

Overview

On March 2, Exim announced via its mailing list that it had discovered a vulnerability in all versions of its mail transport agent. Exim is the default MTA on cPanel servers. The latest version patches the vulnerability, and the latest cPanel update resolves the issue.

Impact

Exim says that all installations of its MTA were vulnerable to a condition in which an attacker with any level of privileges on the server could gain root privileges. The versions of cPanel & WHM listed below are protected against the attack on Exim. Any version prior to the current versions listed below are vulnerable:

  • 11.50.5.0
  • 11.52.4.0
  • 54.0.18
  • 55.9999.106 (EDGE tier only)

Is Exim Vulnerable on Your Server?

If your cPanel server has automatic updates enabled, then the patch will already have been applied.

You can confirm that your server is protected simply by logging into WHM and checking the version listed at the top of the screen, as shown in the image below:

Check WHM version

Note: the “build” listed after the version represents the final digits in the release version. In the example above, WHM 54.0 (build 18) indicates that the version is 54.0.18.

Resolution

If you are not already on the latest version of cPanel, follow these instructions to enable automatic updates. Once you click the Save button to change your settings, you will have the option to update the server to the latest version immediately by clicking the link in the confirmation message as shown below:

UpdateNow

 

How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

Your Guide to POODLE and WHM/cPanel
I. How to Disable SSLv3 for Apache and Protect Your WHM/cPanel Server from POODLE
II. How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE

There’s a new POODLE in town, but unfortunately it’s not the kind of pooch you want around. POODLE stands for Padding Oracle On Downgraded Legacy Encryption. It’s an exploit that, although not considered to be as serious as Heartbleed, is one that should still be protected against. For more information read the Google Blog.

Fortunately, protecting your WHM/cPanel server is easy. Just follow the steps below:

Continue reading “How to Disable SSLv3 for Exim and Protect Your WHM/cPanel Server from POODLE”

How To: Watch Server Logs in Real Time

Servers do a fantastic job of writing down in log files what is happening right that moment. While going back and reading logs later to determine what happened in the past is helpful, it is also useful to watch logs in real time. Linux provides a command line tool that lets us do just that: tail.
Continue reading “How To: Watch Server Logs in Real Time”

How To: Read An Exim Maillog

One of the best tools you can use when tracking down e-mail problems is mail logs. On Liquid Web’s cPanel servers, we have turned on all of exim’s logging capabilities. Full logging means that there is a lot going on, and trying to decipher the logs can be cryptic at first. Let’s take a look at how they are composed.
Continue reading “How To: Read An Exim Maillog”

Understanding localdomains and remotedomains

Due to the nature of the Internet, services for one domain do not need to be on one server. The website and email for a domain do not need to be on the same physical server. DNS is used to direct the traffic to the correct place, but DNS alone will not get all the bits to where they are supposed to be. Exim, cPanel’s SMTP service needs a little help beyond DNS in order to know how to handle mail that is generated locally. This is where /etc/localdomains and /etc/remotedomains come into play.

Continue reading “Understanding localdomains and remotedomains”

Digging Into Exim Mail Logs With Exigrep

Perhaps a particular domain on your cPanel server has stopped receiving e-mail. Or, an address on your domain is able to receive e-mail, except from your supplier. Maybe you can receive e-mail just fine, but are receiving error message bounce-backs from Yahoo. How are you going to get the fine-grained information you need to figure out just what is going on?

The answers you seek can be found in exim’s logs.

Continue reading “Digging Into Exim Mail Logs With Exigrep”

Configuring an Alternate Port for Outgoing Mail Traffic

Many large ISPs restrict the access to port 25 on their networks to attempt to stem the tide of spam sent out from compromised computers.  If your ISP is restricting access to port 25 you will not be able to send e-mail through your server, but by enabling SMTP (Simple Mail Transfer Protocol) on a different port, like 26, it may be possible to circumvent the restriction.
Continue reading “Configuring an Alternate Port for Outgoing Mail Traffic”