Month / May 2021

by Ben

Multiple cPanel Accounts on the same IP Address

This is just a very quick and basic guide on how you can have multiple cPanel accounts on the same IP address that’s not the default shared IP address.

One benefit of spreading cPanel accounts over multiple IP addresses for example would be to reduce the impact of poor mail deliverability should one account on a particular IP address start sending out spam. Another real world benefit that springs to mind is if you were to suffer a DDoS attack that could not be mitigated, your provider is likely to “null-route” (take offline) the IP address under attack. In which case it’s better to have 100 accounts spread over 5 IP addresses rather than all on one IP address.

As we know in WHM you can only have one shared IP address set in “Basic WebHost ManagerĀ® Setup” which is the default for newly created cPanel accounts.

Let’s say you have the following IP Addresses and domains…
10.10.10.2 – Main Shared IP (Shared for aaa.benyarwood.co.uk – bbb.benyarwood.co.uk – ccc.benyarwood.co.uk)
10.10.10.3 – Currently dedicated to benyarwood.co.uk

… and you want to put bbb.benyarwood.co.uk on 10.10.10.3 by going to “Change Site’s IP Address” but the option is greyed out because it’s already dedicated to benyarwood.co.uk.

So how do I put multiple cPanel accounts on the same IP address?

The “trick” (it really is very simple) is to:
1) Go to Basic WebHost ManagerĀ® Setup
2) Change the “The IPv4 address (only one address) to use to set up shared IPv4 virtual hosts.” to be 10.10.10.3
3) Go to Change Site’s IP Address and now 10.10.10.3 should no longer be greyed out.
3a) If it is still greyed out then simply change to another IP address, click “Change” and then go back to the drop-down box and it should now definitely be available to select.
4) Repeat step 1 and 2 to change the default main shared IP address back to what it was before.

It should be noted that when changing IP addresses of websites you could disrupt visitors accessing the website due to DNS cache / propagation times.

Note: This requires WHM root access.

For more WHM related guides, see here

by Ben

Juniper Notes – QFX Related

Just a very quick few Juniper QFX related notes, probably more for personal future reference than an actual guide here, but may be useful to know!

Juniper QFX stuck in “Fabric with mixed devices” mode.

Typically a QFX comes from the factory in “Virtual Chassis with similar devices” mode when running “show virtual-chassis mode”. However, I discovered that one newly received QFX was showing in “Fabric with mixed devices” even after factory defaulting and even with a “request system zeroize”.

It’s a very simple fix but not particularly well documented and certainly a head scratcher and took longer than I’d like to admit to discover especially when expecting a factory reset to actually… reset to factory default.

request virtual-chassis mode fabric mixed disable reboot

JUNOS Host Software differs to actual Junos on the device.

You might find that the “JUNOS Host Software” differs to the actual Junos version on the device.
This is common in the Juniper QFX5100 and EX4600 for example where the Host OS is not automatically upgraded however not exclusive to those devices.
Although it is not necessary for Host and JunOS versions to match (unless otherwise specified in release notes), you may like to have them matching for uniformity.

To resolve this you simply need to add the “force-host” parameter to the end of your “request system software add” command. For example:

request system software add /mnt/jinstall-host-qfx-5-17.2R2.8-signed.tgz no-validate force-host

An excerpt from a Juniper KB here:

NOTE: On QFX5100 and EX4600 switches, the Host OS is not upgraded automatically, so you must use the force-host option if you want the Junos OS and Host OS versions to be the same.
However, pay attention to these notes regarding Junos OS and Host OS versions:

The Junos OS and Host OS versions do not need to be the same.
During an ISSU, the Host OS cannot be upgraded.
Upgrading the Host OS is not required for every software upgrade, as noted above.
If you are downgrading from Junos OS Release 14.1X53-D40 to any release earlier than 14.1X53-D40, you must use the force-host option or else the switch will issue core dumps.

More reading here.

For more Juniper related notes, see here.

Email
by Ben

Relay Different Domains via Multiple SmartHosts in WHM

If you’re running a shared web-hosting server then you may occasionally have the odd request by a user to relay their mail through their chosen relayer (such as MailGun, Sendgrid, Mailjet etc). This guide will assist you in setting up your WHM to relay different domains via Multiple SmartHosts.

cPanels Blog here explains very well what a SmartHost is. We are going to be following the content of this guide somewhat below with a few extra steps to allow us to specify the domains.

Note: This requires root access to WHM to complete.

Setting up Multiple SmartHosts.

We will assume you’ve already added the domain to your chosen SmartHost(s) control panel, verified the domain and received the appropriate SMTP details to start relaying mail.

In WHM -> Exim Configuration Manager

Login to WHM, go to Exim Configuration Manager, select the Advanced Tab and find the AUTH section similar to the image below.

Copy in the contents of the box below.

#Section: AUTH
#Smart Host Sending
sendbysmarthosts:
driver = plaintext
public_name = LOGIN
hide client_send = : ${extract{user}{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}: ${extract{pass}{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}

Next up we want to add the PREROUTERS section. 

#Section: PREROUTERS
#Smart Host Sending
sendbysmarthostsrouter:
driver = manualroute
domains = ! +local_domains
condition =  "${if eq{${lookup{$sender_address_domain}partial-lsearch{/etc/exim_smarthosts}{$value}}}{}{false}{true}}"
ignore_target_hosts = 0.0.0.0 : 127.0.0.0/8
headers_add = "${perl{mailtrapheaders}}"
transport = sendbysmarthoststransport
route_list = * ${extract{smtp}{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}

Next up we want to add the TRANSPORTSTART section. 

#Section: TRANSPORTSTART
#Smart Host Sending
sendbysmarthoststransport:
driver = smtp
port = ${extract{port}{${lookup{$sender_address_domain}lsearch{/etc/exim_smarthosts}}}}
hosts_require_auth = $host_address
hosts_require_tls = $host_address

And that’s it for the WHM side of things so go ahead and save the configuration.

Multiple SmartHosts – File Modifications in SSH / Terminal

We need to edit a few files so go ahead and open up an SSH session or you can use the Terminal inside WHM.

Let’s start by creating a new file in the etc directory called exim_smarhosts, i.e. /etc/exim_smarthosts 

It should be quite clear but the purpose of this file is to specify the domains and their associated SMTP credentials. In the example below I have demonstrated my own domain.  In this file you only need to add the domains that will be relayed via SmartHost, any domains not specified will continue to be sent out normally through your own server.

# sending by Mailgun
domain1.com: domain=domain1.com user=MAILGUN_smtp_user pass=MAILGUN_api_password smtp=smtp.eu.mailgun.org port=587
benyarwood.co.uk: domain=benyarwood.co.uk [email protected] pass=asupersecretpassword smtp=smtp.eu.mailgun.org port=587

# sending by Mailjet
domain3.com: domain=domain3.com user=MAILJET_smtp_user pass=MAILJET_api_password smtp=in-v3.mailjet.com port=587
domain4.com: domain=domain4.com user=MAILJET_smtp_user pass=MAILJET_api_password smtp=in-v3.mailjet.com port=587

# sending by Sendpulse
domain5.com: domain=domain5.com user=SENDPULSE_smtp_user pass=SENDPULSE_api_password smtp=smtp-pulse.com port=587
domain6.com: domain=domain6.com user=SENDPULSE_smtp_user pass=SENDPULSE_api_password smtp=smtp-pulse.com port=587

Save and exit.

That’s it! We just need to rebuild the exim configuration to perform a quick syntax check and activate the changes.

/scripts/buildeximconf

At this point I’d recommend heading into cPanel -> Webmail for one of the domains and sending a test email to an outside recipient to check delivery works okay. Also check that you can still send mail from accounts that AREN’T being relayed.

Adapted from a cPanel forum post here

For more WHM related guides please see here