Category: whm

How To Send Email From an IP without Authentication – Cpanel/WHM

Since antirelayed is removed by the cpanel team from the latest cpanel, the situation might arise to some people, at least to me. I had a server sending mails without authentication, a trusted IP. Now, how to do this with the latest Cpanel/WHM?

Well, Cpanel still keeps the facility called ‘alwaysrelay’. This one was there when antirelayed was there. Antirelayed used to allow relay for an IP without authentication for a specific period of time, while ‘alwaysrelay’ will allow relaying all the time.

All you need to do, is to add the IP in the following file in a new line:

/etc/alwaysrelay

and restart the Exim:

service exim restart

That should be it. Remember, you might encounter the exim report cpaneleximscanner found your email to be spam. In such cases, go to WHM >> Service Configuration >> Exim Configuration Manager >> Set the following option to ‘Off’ : Scan outgoing messages for spam and reject based on the Apache SpamAssassin™ internal spam_score setting

and Save. Now you may check, it should work.

How to Skip WHM Initial Setup Wizard When Stuck After Upcp

If you have recently ran upcp and the WHM initial setup wizard is stuck in a URL like the following:

https://yourhostname.com:2087/cpsess*****/scripts/initial_setup_wizard1

And can not get away with it, here is the easy way to do it. Basically each setup wizard has a skip button and the button goes to initial_setup_wizard1_do, so only adding the _do at the of your initial_setup_wizard1 should do the job, like the following:

https://yourhostname.com:2087/cpsess*****/scripts/initial_setup_wizard1_do/

This should take you to the WHM home by letting you save some of the new WHM features and will not ask again for initial setups.

SMTP Error: 550 Please turn on SMTP Authentication in your mail client – IP is not permitted to relay through this server without authentication

We had a customer complaining about a commonly seen error of the following type:

550 Please turn on SMTP Authentication in your mail client. mail-pf0-f172.google.com [209.85.192.172]:38632 is not permitted to relay through this server without authentication.

Diagnostic-Code: smtp; 550-Please turn on SMTP Authentication in your mail client. 550-mail-pf0-f172.google.com [209.85.192.172]:38632 is not permitted to relay 550 through this server without authentication.

reason: 550-Please turn on SMTP Authentication in your mail client.
550-mout.kundenserver.de [212.227.17.24]:49392 is not permitted to relay
550 through this server without authentication.

They were all basically the same error. This is a common error and the solution is pretty simple as it looks like. Enabling ‘SMTP Authentication’ on the outlook or the mail client should solve the problem. But interestingly, the client was smart and he wasn’t doing any mistake with ‘SMTP authentication’. The error was actually showing up when someone was trying to send the mail to him (As a receiver SMTP). We then tried digging the error further.

There is something we need to remember. SMTP is not only authenticated using username and password, it also goes through a dns authentication check too. If your dkim/domainkeys/spf/dmarc do not match as the mail server has advised, the mail will get denied with the same type of error (Error code 550). We then realized the customer account was transfered earlier from a different server and the old domainkeys were still there in it’s DNS zone file. As domainkeys are RSA keys generated per server, it is important to regenerate the keys after the server change. Otherwise, the old key check through the DNS can trigger the 550 error from the receiver relay. We had deleted and generated a new domainkeys for the customer and the error went off.

How to change WHM reseller password!

After all these years, it never came to my mind that when somebody purchases a reseller, they usually do not change their WHM password for a long period. They keep it ‘as it is’ generated by WHMCS on purchasing the reseller package. The most interesting fact is that they don’t change it, because they fail to find an option to change it in WHM.

WHM doesn’t come with a distinct option saying ‘Change WHM Password’ unfortunately. That makes a percentage of reseller believe that they can not change their WHM password. In recent times, while investigating a couple of reseller hacks, I could determine, one of the primary reason of password leakage is, not changing the WHM password for longer period of time and keeping it ‘saved’ in browser. At a certain point of time, when the browser gets exposed to the hacker, user loose control over their WHM account.

Now the question comes, how to change a WHM password! Your WHM username is basically a cpanel username. It only granted to be able to own multiple cpanel accounts and that is the only difference, that’s all. To change the WHM password, simply login to your cpanel with the WHM details and use the ‘Change Password’ option. So if your WHM url is http://something.com/whm with username: something and password: anything, then you basically login with the same details in http://something.com/cpanel instead of whm. Once logged in, just visit the Change Password to change your WHM/Reseller password.

It is highly recommended for all the users to change the password once they receive their reseller welcome email. You should try changing the reseller password often to prevent any anonymous leakage from unknown attacks. It is also advised not to save the WHM password in your browser. Please keep in mind, your password can leak access to the cpanel accounts under you and cause great threat for their websites & domain reputation. They possibly have no reason to be so.