If you're running DNS, backup, or email servers, optimizing cPFence settings can help ensure efficient use of resources while maintaining security. Below are the recommended configurations for different types of servers.
Recommended Settings for DNS and Backup Servers
For DNS and backup servers, it's best to turn off certain features that are unnecessary for these types of servers to conserve resources. You can disable real-time malware protection, proactive scanning, and the WAF module with the following commands:
cpfence --disable-MRTP
cpfence --disable-proactive
cpfence --disable-ols-wafThese commands will disable:
- MRTP (Malware Real-Time Protection)
- Proactive Scanning
- OLS/LS Web Application Firewall (WAF)
Other cPFence modules will remain active to ensure basic security and performance without overloading server resources.
Recommended Settings for Email-Only Servers
For email-only servers, you can keep most of the default settings intact for security. However, it's recommended to disable the WAF module for optimal performance. Use the following command:
cpfence --disable-ols-wafAdditional Configuration Options
Depending on your needs, you can also choose to enable or disable the following options for email servers:
AUTO_QUARANTINE="off"
EMAILS_QUARANTINE="off"
EMAIL_SPAM_PROTECTION="off"These options control automatic quarantine, email quarantine, and spam protection. Adjust them based on your server’s specific requirements.
Copying Settings to New Servers
To replicate these settings on new servers, follow these steps :
1- Create a backup of your cPFence settings, run the following command:
cpfence --backup-cpf-settings2- To restore your settings from a backup, ensure the backup file is located in the /tmp directory. Then, run the following command:
cpfence --restore-cpf-settings
Need Further Assistance?
If you encounter any issues or need additional help, feel free to reach out to our support team via your client portal.
