Note on VPS with CPanel and upgrading CPanel Options

[dball]

I have a small VPS at another company in another state (michigan) for geographic diversity on DNS and to store way way offsite backups.

I ran into a weird problem when upgrading WHM/CPanel and I thought I'd share the info here in case any of you have users who are experiencing it.

Remember a while back when CPanel advised switching to Courier for retrieving mail because of the UWIMAP security problem? Well, after that upgrade, some things stopped working on the server.

CPanel uses stunnel to map some of the services through secure ports. It turns out that when my VPS did the upgrade, it didn't update the config file for stunnel. Courier provides it's own secure port so when stunnel tries to startup and can't grab the port to listen on, it aborts and the ports later in the file don't get mapped. IIRC, that includes the secure ports for WHM/CPanel and webmail.

I wanted to get the system back up quickly and there are several copies of the config file, but I narrowed it down to the following 2:

/usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
/usr/local/cpanel/etc/stunnel/default/stunnel.conf

In them, there is a section that says

# Service-level configuration

[pop3s]
accept = 995
connect = 110

[imaps]
accept = 993
connect = 143

Change this section to

# Service-level configuration

#[pop3s]
#accept = 995
#connect = 110

#[imaps]
#accept = 993
#connect = 143

Reboot the VPS through the Virtuozzo control panel and things should work now. For some reason, once this happens, you have to redo the changes every time you upgrade WHM/CPanel to a new version.

BTW, the first time this happened the VPS provider fixed it and mentioned stunnel. When I upgraded WHM/CPanel again and it happened again, I ssh'ed into the system and figured out how to fix it myself. There's probably a way to fix it permanently, but I don't know which file to change for that.

locate stunnel.conf returns:

/etc/stunnel/stunnel.conf-pop3
/etc/stunnel/stunnel.conf-sample
/usr/local/cpanel/etc/stunnel/my/stunnel.conf
/usr/local/cpanel/etc/stunnel/default/stunnel.conf.run
/usr/local/cpanel/etc/stunnel/default/stunnel.conf
/usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf.run
/usr/local/cpanel/etc/stunnel/mycabundle/stunnel.conf
/usr/local/cpanel/src/3rdparty/gpl/stunnel-4.04/tools/stunnel.conf-sample
/usr/local/cpanel/src/3rdparty/gpl/stunnel-4.04/tools/stunnel.conf-sample.in

Probably one of those other places fixes it permanently. If anyone finds out, please post it. I only use the VPS for DNS clustering and to SFTP my weekly CPanel backups to, and it's already been secured, so I don't spend a lot of time on it.

-- David