cPanel WHM

WHM Setup Options

Email Settings Auto Discovery

Enable: This will allow email clients to automatically locate and configure themselves based on the server’s configurations.

No, thank you: This will prevent the auto setup features on email clients from automatically locating and configuring themselves.

Email Archiving

Enable: This will allow users to configure the retention period for incoming, outgoing and mailing list emails. You can enable the archiving feature through the cPanel interface on a per-domain basis. Messages can be retrieved through the following methods:
IMAP connection
Downloading the messages directly
WebMail
Mail Delivery Reports feature in WHM

No, thank you: This will prevent the server from retaining messages being sent. Additionally, these options to control the archive type and retention period per domain will be removed from cPanel.

Query Apache for “Nobody” Senders

Enable: This will allow you to query the Apache servers status to determine the true sender of the email. By looking at the process table to determine who really sent the message, cPanel can accurately report the sender of the message. While this requires more process time, it is more reliable and cannot be forged.

No, thank you: This will prevent mail delivery process from querying the Apache server to determine the true sender of a message when the user who sent the message is ‘nobody’.

Security Tokens

Enable: This will allow cPanel and WHM to secure their URLs from being affected by Cross-Site Request Forgery (XSRF) attacks by adding unique tokens to the URL upon login.

No, thank you: This will prevent the use of unique security tokens that would otherwise be displayed in the URL upon login. This is not recommended and will leave you vulnerable to XSRF attacks.

SMTP Restrictions

Enable: This will prevent users from sending mail openly without any restrictions. This feature configures your server so that the mail transport agent (MTA), Mailman mailing list software and root user are the only accounts able to connect to remote SMTP servers.

No, thank you: This will allow users to send mail openly without any restrictions. This is not recommended if you want to keep your users’ mailing restricted.

Trust X-PHP-Script for ‘nobody’ senders

Enable: This will allow the server to trust the X-PHP-Script headers to determine the sender of email sent from processes running as “nobody.” The server will trust messages which contain X-PHP-Script headers (this requires the Easy Apache option MailHeaders to be compiled in Apache) and use them to determine the true sender.

A sophisticated, malicious user can forge email headers. Although it may be more CPU intensive, the Apache query method is recommended if you do not trust your users.

No, thank you: This will prevent the server from checking the mail headers for X-PHP-Script headers to determine whether or not the email can be trusted and identified as a true user.