If you're running DNS, backup, or email servers, optimizing cPFence settings can help ensure efficient use of resources while maintaining security. Below are the recommended configurations for different types of servers.
Recommended Settings for DNS and Backup Servers
For DNS and backup servers, it's best to turn off certain features that are unnecessary for these types of servers to conserve resources. You can disable real-time malware protection, proactive scanning, and the WAF module with the following commands:
cpfence --disable-MRTP
cpfence --disable-proactive
cpfence --disable-ols-waf
These commands will disable:
- MRTP (Malware Real-Time Protection)
- Proactive Scanning
- OLS/LS Web Application Firewall (WAF)
Other cPFence modules will remain active to ensure basic security and performance without overloading server resources.
Recommended Settings for Email-Only Servers
For email-only servers, you can keep most of the default settings intact for security. However, it's recommended to disable the WAF module for optimal performance. Use the following command:
cpfence --disable-ols-waf
Additional Configuration Options
Depending on your needs, you can also choose to enable or disable the following options for email servers:
AUTO_QUARANTINE="off"
EMAILS_QUARANTINE="off"
EMAIL_SPAM_PROTECTION="off"
These options control automatic quarantine, email quarantine, and spam protection. Adjust them based on your server’s specific requirements.
Copying Settings to New Servers
To replicate these settings on new servers, you can copy the /opt/cpfence/config.conf
file from your configured server. After copying the file, make sure to update the license key for the new server.
Need Further Assistance?
If you encounter any issues or need additional help, feel free to reach out to our support team via your client portal.