WHM Initial Setup for VPS
After purchasing your VPS or Dedicated Server package with cPanel, you will need to access and setup your WHM. If you are unsure of how to access your WHM, please see our article:
Once logged in, follow along with this article to simplify the WHM setup process and become more familiar with WHM and its features.
User License Agreement
Once you log into WHM for the first time, you will be prompted with the license agreement.
- Review the agreement.
- Click I Agree once you have read and understand the agreement.
You will then be brought to the setup section to configure your root WHM for quick and efficient use.
Email Settings Auto Discovery
Enable: This will allow email clients to automatically locate and configure themselves based on the server's configurations.
No, thank you: This will prevent the auto setup features on email clients from automatically locating and configuring themselves.
Enable: This will allow users to configure the retention period for incoming, outgoing and mailing list emails. You can enable the archiving feature through the cPanel interface on a per-domain basis. Messages can be retrieved through the following methods:
- IMAP connection
- Downloading the messages directly
- Mail Delivery Reports feature in WHM
No, thank you: This will prevent the server from retaining messages being sent. Additionally, these options to control the archive type and retention period per domain will be removed from cPanel.
Query Apache for "Nobody" Senders
Enable: This will allow you to query the Apache servers status to determine the true sender of the email. By looking at the process table to determine who really sent the message, cPanel can accurately report the sender of the message. While this requires more process time, it is more reliable and cannot be forged.
No, thank you: This will prevent mail delivery process from querying the Apache server to determine the true sender of a message when the user who sent the message is 'nobody'.
Enable: This will allow cPanel and WHM to secure their URLs from being affected by Cross-Site Request Forgery (XSRF) attacks by adding unique tokens to the URL upon login.
No, thank you: This will prevent the use of unique security tokens that would otherwise be displayed in the URL upon login. This is not recommended and will leave you vulnerable to XSRF attacks.
Enable: This will prevent users from sending mail openly without any restrictions. This feature configures your server so that the mail transport agent (MTA), Mailman mailing list software and root user are the only accounts able to connect to remote SMTP servers.
No, thank you: This will allow users to send mail openly without any restrictions. This is not recommended if you want to keep your users' mailing restricted.
Trust X-PHP-Script for 'nobody' senders
Enable: This will allow the server to trust the X-PHP-Script headers to determine the sender of email sent from processes running as "nobody." The server will trust messages which contain X-PHP-Script headers (this requires the Easy Apache option MailHeaders to be compiled in Apache) and use them to determine the true sender.
A sophisticated, malicious user can forge email headers. Although it may be more CPU intensive, the Apache query method is recommended if you do not trust your users.
No, thank you: This will prevent the server from checking the mail headers for X-PHP-Script headers to determine whether or not the email can be trusted and identified as a true user.