LinuxHostingSupport

Quite often you see the “lowest numbered MX record points to localhost: rejected RCPT error” error message in ‘exim_mainlog’ on a cPanel server. The error message appears while sending/receiving emails and it looks something like:

temporarily rejected RCPT <email@domainname.tld>: lowest numbered MX record points to local host

The reason for the error message is the domain “domainname.tld” is missing from the /etc/localdomains file of your server. The difference between the /etc/localdomains and /etc/remotedomains  files is that, they decide whether the email has to be delivered locally OR to a remote server respectively and is checked by the exim mail server.

To fix the issue, edit the file:

# pico /etc/localdomains

and place the domain name entry there. There is no need to restart the ‘exim’ service.

SSH service can be secured in various ways like changing the SSH port, changing the ssh protocol,  ssh ListenAddress, disable root login with the PermitRootLogin parameter, allowing ssh access to specific users, restricting SSH access to specific IPs etc. These steps will make sure SSH service on your server is secure.

Edit the SSHD configuration and make the changes listed below:

vi /etc/ssh/sshd_config

1) Set the default SSH port 22 to a higher value, by changing the ‘Port’ directive

Port 2233

2) To make SSH work on a secure protocol, set the ‘Protocol’ directive as

Protocol 2

3) Bind SSHD service to a specific IP of the server, which you can achieve by replacing ‘#ListenAddress’ directive to

ListenAddress xx.xx.xx.xx

where, xx.xx.xx.xx is the additional IP of the server and the only one which will allow you to SSH into the server.

4) To disable root access, set ‘PermitRootLogin’ directive to ‘no’

PermitRootLogin no

Make sure you add an alternate SSH user on the server who have privileges to gain root access before disabling this option.

5) To allow SSH access to specific users, add the “AllowUsers” directive at the end of the configuration

AllowUsers user1 user2

This will allow SSH access to users user1 and user2. You need to allow SSH access to the user who is allowed to gain root access incase root access is disabled.

Save the file and restart the sshd service

service sshd restart

6) Using the TCP wrappers i.e. hosts.allow and hosts.deny, you can restrict SSH access to specific IPs i.e. edit /etc/hosts.allow and add the following

sshd : yourlocalip: allow
sshd : all : deny

“yourlocalip” is the one assigned by your ISP. It will restrict SSH access to your local IP only.

The “hostname resolves to. It should resolve to xx.xx.xx.xx” alert is sent by cPanel if the hostname of your server is not resolving to your server IP. The message send by cPanel is as follows:

IMPORTANT: Do not ignore this email.
The hostname (server.domain.tld) resolves to .  It should resolve to
xx.xx.xx.xx.  Please be sure to correct /etc/hosts as well as the ‘A’
entry in zone file for the domain.

Some are all of these problems can be caused by
/etc/resolv.conf being setup incorrectly.  Please check this file if you
believe everything else is correct.

In order to stop the “hostname” alert, you need to make sure the hostname is pointing to your server IP. The ‘A’ record for the hostname has to be set where the name servers of “domain.tld” are hosted.

For example, if the hostname of your server is “server.abc.com”, an ‘A’ record for “server” has to be set on the servers where name servers assigned to “abc.com” are resolving. If the name servers for abc.com are resolving to your server, you need to edit the dns zone file of abc.com from

WHM >> DNS Functions >> Edit a DNS Zone”

and add an ‘A’ record for ‘server’ to point to your server IP.

If you are using your domain registrar’s name servers for abc.com, then you have to set an ‘A’ record in the domain registrar panel. But make sure it is set correctly on your server as well.

Next step is to see if the hostname is properly set in the /etc/hosts file of the server. SSH to your server as root and make sure the hostname is set as follows:

ServerIP  server.abc.com server

If the hostname is resolving to your server IP and you still receive the alert message, disable the alert for the hostname from

WHM >> Server Contacts >> “IP Address DNS Check”

NOTE: If the hostname is resolving properly to your server, it is safe to ignore/disable these alerts. It is not going to effect the working of your server/websites in any ways.

You may receive the “Access denied for user ‘root’@'localhost’” message while accessing mysql from the command prompt. The error message states that the Mysql password for user ‘root’ is incorrect and need to reset the password using skip-grant-tables option.

ERROR 1045 (28000): Access denied for user ‘root’@'localhost’ (using password: NO)

How to reset a Mysql password for ‘root’?

# /etc/init.d/mysql stop

Make sure all the mysql processes are stopped by executing the killall command

# killall -9 mysqld

Next, connect to mysql server using the skip-grant-tables method.

# /usr/bin/mysqld_safe –skip-grant-tables &

now, execute ‘mysql’ and you will be at the mysql prompt

# mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 23056
Server version: xx.xx-community MySQL Community Edition (GPL)
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mysql>

Goto the ‘mysql’ database and update the password for user ‘root’ in the “user” table.

mysql> use mysql;

To set a password, execute

mysql> update user set password=PASSWORD(“passhere”) where user=’root’;

OR to set a blank password, execute the mysql ‘update user’ query

mysql> update user set password=PASSWORD(“”) where user=’root’;

Once done, reload privileges and quit

mysql> flush privileges;
mysql> quit

Now, restart the mysql service

# /etc/init.d/mysql restart

and you should be able to connect mysql server:

# mysql
OR
# mysql -uroot -p

Error:

VFS: Error -5 occurred while creating quota.
VFS: find_free_dqentry(): Data block full but it shouldn’t.

Explanation:

The error message “find_free_dqentry(): Data block full but it shouldn’t” appears in the server logs when the files “aquota.user and aquota.group” are mostly corrupted. The ‘fixquotas’ cannot read these files and thus increases CPU usage while quota update is in process. You need to create new aquota.user and aquota.group files and execute the quotacheck again.

Solution:

First, turn off the quota:

# quotaoff -av

Move the aquota files i.e. /aquota.user and /aquota.group to a temporary directory.

# mkdir /root/tmp_aquota
# mv /aquota.* /root/tmp_aquota/

Now, create these files again with the touch command

# touch /aquota.user
# touch /aquota.group

Now, execute ‘quotacheck’. quotacheck  examines  each  filesystem,  builds a table of current disk usage.

# /scripts/quotacheck   (cPanel server)
OR
# quotacheck -augm

While in process, you may see a message as “quotacheck : Warning quota files aquota.group was probably truncated. Can’t save quota settings” which is normal under this circumstances.

Once the quotacheck process completes, turn on the quotas

# quotaon -av

Quota update will work fine again.