By default cPanel is set to accept catchalls, that is mail to non-existent users, and bounces them. This can result in much spam being accepted by a cPanel server as spammers often brute force or randomly address their spam. Further, the bounce is usually set to an innocent address that was spoofed, creating what is an increasing problem known as backscatter spam.

A few steps are required to completely fix this. First disable this default setting in cPanel WHM by going to Server Configuration > Tweak Settings > Mail > and set Default catch-all/default address to :blackhole:. This will silently drop spam rather than bounce it, preventing more backscatter spam.

Next, disable all catchalls on the server:

mkdir -p /etc/valiasesbak
cp -R /etc/valiases /etc/valiasesbak
sed -i 's/^\*: [^ ]*$/*: :blackhole:/g' /etc/valiases/*
replace ':fail: No Such User Here' ':blackhole:' -- /etc/valiases/*

Check if there are any lingering aliases set to bounce with:

grep '*:' /etc/valiases/* | egrep -v ':blackhole:'

There maybe a few other bounce fail phrases like “Invalid e-mail address. Check and re-send.” Simply substitute these phrases in the replace command above, so:

replace ':fail: Invalid e-mail address. Check and re-send.' ':blackhole:' -- /etc/valiases/*

Ensure users can write with:

chmod 777 /etc/valiases/*
chown nobody:nobody /etc/valiases/*

Lastly, prevent users from re-enabling the catchall. In WHM > Packages > Feature Manager, select Default under Edit a Feature List and then edit. Uncheck Default Address Manager and then save.

Thanks to Fidget for some help.

A Red Hat 4 server could not rebuild Apache or PHP with cPanel’s EasyApache. It kept getting a no method to auto repair package system error. cPanel support said this was due to the Red Hat subscription expiring.

Instead of paying for another $375 subscription just to get some updates, I migrated the server to the corresponding Centos 4.x release. I then made the proper packages were excluded in the first yum [main] block:

exclude=apache* bind-chroot courier* dovecot* exim* httpd* mod_ssl* mysql* nsd* perl* php* proftpd* pure-ftpd* ruby* spamassassin* squirrelmail*

and then yum list and yum update worked.