Saturday, November 27, 2010

chkconfig

Linux / Unix Command: chkconfig
Command Library
NAME
chkconfig - updates and queries runlevel information for system services


SYNOPSIS
chkconfig --list [name]
chkconfig --add name
chkconfig --del name
chkconfig [--level levels] name
chkconfig [--level levels] name


DESCRIPTION
chkconfig provides a simple command-line tool for maintaining the /etc/rc[0-6].d directory hierarchy by relieving system administrators of the task of directly manipulating the numerous symbolic links in those directories.

This implementation of chkconfig was inspired by the chkconfig command present in the IRIX operating system. Rather than maintaining configuration information outside of the /etc/rc[0-6].d hierarchy, however, this version directly manages the symlinks in /etc/rc[0-6].d. This leaves all of the configuration information regarding what services init starts in a single location.

chkconfig has five distinct functions: adding new services for management, removing services from management, listing the current startup information for services, changing the startup information for services, and checking the startup state of a particular service.

When chkconfig is run without any options, it displays usage information. If only a service name is given, it checks to see if the service is configured to be started in the current runlevel. If it is, chkconfig returns true; otherwise it returns false. The --level option may be used to have chkconfig query an alternative runlevel rather than the current one.

If one of on, off, or reset is specified after the service name, chkconfig changes the startup information for the specified service. The on and off flags cause the service to be started or stopped, respectively, in the runlevels being changed. The reset flag resets the startup information for the service to whatever is specified in the init script in question.

By default, the on and off options affect only runlevels 2, 3, 4, and 5, while reset affects all of the runlevels. The --level option may be used to specify which runlevels are affected.

Note that for every service, each runlevel has either a start script or a stop script. When switching runlevels, init will not re-start an already-started service, and will not re-stop a service that is not running.


OPTIONS

--level levels
Specifies the run levels an operation should pertain to. It is given as a string of numbers from 0 to 7. For example, --level 35 specifies runlevels 3 and 5.

--add name

This option adds a new service for management by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel. If any runlevel is missing such an entry, chkconfig creates the appropriate entry as specified by the default values in the init script. Note that default entries in LSB-delimited 'INIT INFO' sections take precedence over the default runlevels in the initscript.

--del name
The service is removed from chkconfig management, and any symbolic links in /etc/rc[0-6].d which pertain to it are removed.

--list name
This option lists all of the services which chkconfig knows about, and whether they are stopped or started in each runlevel. If name is specified, information in only display about service name.


RUNLEVEL FILES

Each service which should be manageable by chkconfig needs two or more commented lines added to its init.d script. The first line tells chkconfig what runlevels the service should be started in by default, as well as the start and stop priority levels. If the service should not, by default, be started in any runlevels, a - should be used in place of the runlevels list. The second line contains a description for the service, and may be extended across multiple lines with backslash continuation.

For example, random.init has these three lines:

# chkconfig: 2345 20 80
# description: Saves and restores system entropy pool for \
# higher quality random number generation.

This says that the random script should be started in levels 2, 3, 4, and 5, that its start priority should be 20, and that its stop priority should be 80. You should be able to figure out what the description says; the \ causes the line to be continued. The extra space in front of the line is ignored.

The Linux Free Command

The linux free command allows us to check free/used memory on the system The output below is the result of running free -m on my system (-m means output is in MB):

total used free shared buffers cached
Mem: 3856 1121 2735 0 17 180
-/+ buffers/cache: 923 2933
Swap: 2533 1044 1489

[edit]
Output explained

The first line starting with Mem: gives us the following information:

* total - is the total avaialble RAM (== Physical Memory) after subtracting the amount used by the kernel! In my case I have 4GB RAM and the total displays less than this.
* used - is the part of the RAM that currently has information in it that can be of use to the system (remember: unused RAM is useless, try to maximise this value)
* free - is just total-used
* shared - is the amount of memory shared between processes
* buffers and cached - the cached data and buffers for IO

The second line starting with -/+ buffers/cache: tells us how much of the memory in the buffers/cache is used by the applications and how much is free. Keep in mind that in general the cache is filled with disk IO cached data. The cache can be very easily reclaimed by the OS for applications. Let BUFFERS + CACHED from first line be value X.

X subtracted from the USED memory from the first line gives how much RAM is used by applications (USED value on second line)

X added to the FREE memory on the first line gives how much RAM applications can still request from the OS.

While the first line handles the values of currently used RAM, including applications and caches (but excluding kernel), the second line gives info on application related memory: how much is currently in use and how much is there still available for the applications.

Wednesday, November 3, 2010

Malibox setup

Mail Quick Start

Want the 5 minute email setup guide? These steps will permit a user 'emailusername' to collect email sent to 'emailusername@yourdomain.com'.

1. Setup DNS with an MX record
2. Enable POP3 on your server
3. chkconfig saslauthd on
4. /etc/init.d/saslauthd start
5. adduser -shell /sbin/nologin emailusername
6. passwd emailusername
7. Set up your email client

And, if you want to, let a user collect more than one email address.

If you want your server to collect email for domains other than the one you ordered, you'll need to setup the destinations.

If you want the longer explanation of each of these steps, read on. Also, you may find this chapter from the Webmin guide useful: http://swelltech.com/support/webminguide-1.0/ch11.html.
You Need an MX Record: Set Up The DNS

External email will only reach your VPS if you have an MX record set up for your domain pointing to your VPS. Most people set their MX record to their domain name - meaning mail will be served from the same machine as your website.

Note that an MX record is required, even if yourdomainname.com resolves to your VPS's IP address (i.e. an MX is required in addition to your regular 'A' IP address record).

If you have a pre-existing email server picking up your mail, try to get your VPS email server up and running and tested before switching your MX record to point to the VPS.

pingability.com provides a very useful web based tool to check your DNS settings. e.g. that you have a MX record.
More on DNS Configuration...
Selecting a Mail Transport Agent: Postfix It Is

This HOWTO is for setting up the Postfix server (aka Mail Transport Agent/MTA).

Make sure Postfix is running on your server. (It should be by default on our RHEL4-based distros). When you run ps axf you should see something like this in the output:


319 ? Ss 0:00 /usr/libexec/postfix/master
326 ? S 0:00 \_ qmgr -l -t fifo -u
9629 ? S 0:00 \_ pickup -l -t fifo -u

If its not running, then get it to start at boottime. Do this via Webmin: System; Bootup and Shutdown; postfix; Start at Boottime, or via SSH: chkconfig --level 35 postfix on; /etc/init.d/postfix start.

Now you will be able to send mail from your server. Try it with a command like this from your server: echo "test" | mail -s testsubject someemail@hotmailorwherever.com

Tip: You can send a file from a Linux command line like this:


afilename=somefile.ext;
(echo "$afilename is attached" ; cat $afilename | uuencode $afilename) | mail -s "`echo $afilename`" youraddress@yourserver.com

My Destinations: For Which Domains Will Your Server Receive Email?

By default your mail server should accept email sent to its hostname. Sometimes you also need it to accept email send to other domains, for example email for other domains you host on the server.

Open Webmin. Go to Servers, Postfix Configuration, General Options. In the "What domains to receive mail for" section, enter the domains for which you want Postfix to receive mail. e.g. "yourdomain.com". If you are just editing the main.cf, set virtual_mailbox_domains to the domains you need.

If email intended for users of other domains ends up at your server (for whatever reason), it will be rejected with an error message like "reason: 550 Host unknown".
Mail Users

Now we need to configure where the mail your server receives goes...

Add a Unix user. e.g. via ssh: adduser -s /sbin/nologin emailusername; passwd emailusername. The /sbin/nologin option will prevent the user from logging in to your server via, say, ssh. You could also create the user via Webmin: System; Users and Groups; Create a New User. This will be the user account that holds (stores) the emails for users until they pick them up. It does not have to match up with any of the email@ names you will be using, but it can (and will ensure that at least emailusername@yourdomain.com works).
POP3/IMAP: Picking Up Your Email Remotely With Dovecot

One way to read your email is to log onto your VPS and use a program like pine or mail to read your emails. But you probably want it in Outlook or something, right? OK, so you need a POP3 (mail is deleted from the server and stored on the client) or IMAP (mail is stored on the server and sometimes cached on the client) server. Your email client will connect to it, and pick up the email.

In this HOWTO we will be using dovecot as both our POP3 and IMAP server. dovecot should be preinstalled on your VPS, else install it with apt-get update; apt-get install dovecot. Then run chkconfig --level 35 dovecot on to enable dovecot on boot up. And run /etc/init.d/dovecot start to start up the server this time around. Note: dovecot is not started by default on our servers. So you will need to take this step.
Receiving Mail Using POP3 in Outlook

Now you need to configure your email client to use the POP3 protocol to pick up mail from that server.

In Outlook: Tools; Accounts; Add; Mail Server. Enter your name; an email address (where replies go to, enter whatever address you want - it doesn't even have to be the same domain whose emails you're picking up). Enter your mail server domain name for both the incoming (POP3) and outgoing (SMTP) servers (e.g. yourdomain.com).

For Account Name, enter the username you set up, e.g. emailusername. Enter the password you set. Don't tick the "Secure Password Authentication" option (it won't work and it will stop you sending emails).

At this point someone can send an email to emailusername@yourdomain.com and it should show up in your email client. Groovy.
One User, Multiple Email Addresses (Aliases)

Say you want to pick up multiple emails addresses (e.g. info@yourdomain.com in addition to your regular email address). In Webmin: Servers; Postfix Configuration; Mail Aliases, Create a New Alias. Enter: Address of "info"; Alias to "Email Address" of "emailusername". There is no need to put the @yourdomain.com in these addresses.

After you have made this change Webmin will have added a row like info: emailusername in /etc/aliases. If you prefer you can just directly edit the /etc/aliases file, then restart your mail server.
One Email, Multiple Recipients: Forwarding To Multiple Email Addresses (Aliases)

Want one email address (e.g. sales.yourdomain.com) to go to several different users?

In Webmin: Servers; Postfix Configuration; Mail Aliases, Create a New Alias. Enter Address of "sales"; Alias to "Email Address" of "emailusername1,emailusername2,someotheruser@hotmail.com". Now if you email the sales alias, the email will get sent to those three addresses addresses.

These entries will also appear in /etc/aliases like sales: emailusername1,emailusername2,someotheruser@hotmail.com. You can edit /etc/aliases directly if you need to.
Handling Email For Multiple Email Domains

If your server is handling emails for more than one domain... First make sure each domain's MX record points to your server. Then make sure each of the domains is in your Destinations/Local Domains list.
Catch-all Email Accounts: /etc/postfix/virtual

If a user mistypes an email address when they send it to you, or just guesses at a valid email address, then they will likely get an error message from your server (user does not exist). You may wish to set up a "catch all" Address Mapping so these emails are accepted.

Go to Webmin: Servers; Postfix Configuration; Virtual Domains. If "Domain mapping lookup tables" is not set, change it to hash:/etc/postfix/virtual. Then go to "New Mapping". In "Name" enter "@yourdomain.com". In "Maps To..." use "emailusername". i.e. the user account you set up before (vs. some email address).

The entries you create will end up in the /etc/postfix/virtual file. You can add values to that file directly. For example, @yourdomain.com emailusername would be added by the previous steps.

If you add entries to the /etc/postfix/virtual file via SSH (not webmin) then you may also need to run postmap /etc/postfix/virtual (to create a new virtual.db file) and restart postfix.

Note, that if you set up a catch-all email address, you will likely receive more unsolicited email.
Sending Mail From Your PC

The default Postfix install we do will let you send email to other domains through it. It will only do this if you authenticate yourself first, i.e. use a username and password. This is good, since otherwise spammers could use your server as an open relay.

Try this:

telnet yourserveripaddress 25
Type in:
EHLO yourdomain.com

Then check that the response code includes something like:
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5

If you do not get the 250-AUTH line back, make sure that saslauthd is running. You can start it up with:

/etc/init.d/saslauthd start

Running chkconfig saslauthd on will make it start up by default.

Check your email client is doing SMTP authentication. For example, in Outlook go to Tools | Accounts | | Servers tab | Outgoing Mail Server. Then check you have ticked "My Server Requires Authentication". Under the Settings... button you can just leave things as is (i.e. use the same username and password).
Testing Your Email Setup

First, get a report on your domain from pingability.com. This invaluable report will check a number of things, including whether your email server is an open relay; that it is listening on a public IP; that you have an MX DNS record; and more. DNSReport may warn about missing reverse DNS entries. If you need one of these, just pop in a support ticket and we will create one. We create RDNS entries automatically for customers who do not have them every couple of weeks.

OK. Now from Outlook try the following tests:

Send an email from your usual email account to one of the email addresses you set up on the server. Did you get it? A connection error when trying to receive email usually indicates dovecot is not running. An authentication error may indicate you are not using the username and password you set up earlier. Other problems may be caused by MX records in DNS not being correct (check via nslookup). Or the Postfix Destinations may not list that email domain (in which case the email should bounce back to the sender).

Send an email via your new email server to one of the email addresses you set up. Did you get it? A connection problem could be due to your mail server listening on the localhost (127.0.0.1) IP address vs. a public IP address. netstat -l will tell you what services are listening on what ports and IP addresses, * means all IP addresses.

Send an email via your new email server to one of your email addresses on another server. This checks whether you can 'relay' email.
Resolving: Proper authentication required

When you send an email from your PC through your VPS's SMTP server do you get an error message like: Relaying denied. Proper authentication required.', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79?

Check you have ticked the "My Server Requires Authentication" option on your Outgoing Server section (in Outlook).
Resolving: The server does not support a SSL connection

Do you get an error message like The server does not support a SSL connection. Protocol: SMTP, Server Response: '250 HELP', Port: 25, Secure(SSL): Yes, Server Error: 250, Error Number: 0x800CCC7D?

If so, untick the "This server requires a secure connection (SSL)" option on the "Advanced" tab of your mail server properties.
Resolving: POP3 Login Problems

Can't log in to your POP3 email?

Check your /var/log/messages file. Are you getting an error message like "ipop3d: Command stream end of file while reading line"?

This error message usually indicates your email client (Outlook) needs to be restarted.

Still can't log in?

Try talking to your pop3 server (on port 110). It may tell you more than your Windows email client:

telnet yourserverip 110
USER emailusername
PASS yourpassword

What is the error message?

"-ERR Unable to open user's INBOX"? There should be no file, or a file with that user's name in /var/spool/mail. Check the file is not actually a directory (oops!). Make sure that the file has user read/write permissions.
Installing WebMail: SquirrelMail

Do you want to send email and look at your email from a web browser? Do you need to access email when you are away from your regular PC? Then you may wish to setup a web based mail client. Here is how:

Run: apt-get install squirrelmail

Squirrelmail needs an IMAP server to operate. Otherwise you will get an error like Error connecting to IMAP server: localhost.111 : Connection refused. So ensure that dovecot is running (see above).

Restart httpd (so it will load in /etc/httpd/conf.d/squirrelmail.conf):
/etc/init.d/xinetd restart
/etc/init.d/httpd restart

If you installed SquirrelMail onto a Debian server then you may need to add this alias line to your apache conf file: Alias /webmail/ "/usr/share/squirrelmail/"

Now browse to http://yourip/webmail/index.php and you should be at a webmail prompt.

Squirrelmail uses the server hostname in its config file and appends this to the username on outgoing email. If you have multiple domains and want each domain to append their domain name on the From address then you will need to copy the squirrelmail directory to another location (e.g. somedomain.webmail) and modify the config file.

You can also modify the squirrelmail domain name by running /usr/share/squirrelmail/config/conf.pl
ISPs Filtering Port 25. AKA Resolving: The message could not be sent because connecting to SMTP server example.com failed.

This error typically occurs when your email client cannot connect to the SMTP service (e.g. sendmail or postfix) on your server.

Check that sendmail is not just listening on the 127.0.0.1 address. If you followed this howto then this is likely not the problem.

The more likely problem is that your ISP (or cable modem provider, DSL provider, office network admin, your home firewall, your local PC firewall, etc) is filtering out any outgoing traffic on port 25. Many ISPs (e.g. Earthlink) do this. Their goal is to try and reduce spam email by forcing people to use the ISP's email server. Some ISPs silently divert all outgoing SMTP traffic to their own SMTP server. Other ISPs will 'null route' those packets, meaning you will just not be able to connect to your server's mail service.

You have a couple of options. First, you can always use your ISP's email server. It is perfectly possible to send email (with your email address) from your ISP's SMTP server.

Second: you can have your mail server listen on a port other than the one your ISP is filtering. For example, port 2525. To do this run:

# in case iptables is not already installed
apt-get -y install iptables
# redirect traffic coming in on port 2525 to port 25
/sbin/iptables -t nat -I PREROUTING -p tcp --dport 2525 -j REDIRECT --to-port 25
# make it so that this command runs on server boot up.
if ! grep -qai 2525 /etc/rc.local; then
echo '/sbin/iptables -t nat -I PREROUTING -p tcp --dport 2525 -j REDIRECT --to-port 25' >> /etc/rc.local
fi

Then update your email client's settings to use port 2525 rather than the default port 25 when sending email.

http://rimuhosting.com/support/settingupemail.jsp?mta=postfix

Using Webmin to Set Up Postfix

Postfix Basic Configuration
The basic settings for Postfix are extremely important as they will impact the rest of the program functions. Complete these settings in the main.cf file before you make any changes with Webmin to insure you have the basics covered.

Configure the Hostname in the smtpd Banner
When your mail server connects to another mail server to transfer messages it performs a HELO which sends it’s hostname to the other server. This is one of the reasons your hostname is so important. In fact, many servers in order to verify the integrity of mail exchanges will do a DNS lookup to verify the FQDN (Fully Qualified Domain Name) matches what if provided in the HELO. If they do not match some servers will not allow the transfer of mail. Therefore, make sure your FQDN is what is present in the HELO.

Edit /etc/postfix/main.cf
First, make a backup of your files located in the /etc/postfix directory. This will provide a reference of changes you have made as well as give you a rescue file so you can start over after a mistake. Now edit the myhostname parameter to provide the FQDN.

myhostname = mail.example.com

Postfix is smart enough to understand that the domain listed in myhostname is the domain for the server. You can also set the mydomain parameter.

mydomain = example.com

Set your inet_interfaces to all.

inet_interfaces = all

Configure Relays
Postfix will not allow any relaying of mail for any domains by default. It will relay mail for the localhost but all other relays must be explicitly set. In the initial configuration for a one domain server, this setting for allowing your domain to relay mail is found in the mydestination parameter.

mydestination = $mydomain

If you would like to also accept mail for your hostname you may also add this information to the configuration.

mydestination = $mydomain, $myhostname

If you have created CNAMEs in your DNS settings for your domain that would also need to be added here. A CNAME (Canonical Name) is like an alias, www for example. If you want to accept mail for these they must be entered as well. If they do not fit on one line you can enter a new one on each line with a space in front of them as Postfix will not recognize them without a space.

mydestination =
$mydomain,
$myhostname,
www.$mydomain,
tech.$mydomain

Each line ends with a comma and starts with a space.

Configure Outgoing Domain
The outgoing domain parameter provides a way to verify where mail came from. This parameter setting will be used by Postfix whenever mail is sent for an address that is not fully qualified. Again,this setting is located in the main.cf file.

myorigin = $mydomain

root Mail Configuration
Postfix has a focus on security, especially when it comes to running programs as root. As a result, Postfix will deliver mail to root locally but it will not allow other programs to run as root. This means that programs like procmail cannot be used to deliver mail to the root user. Therefore you will need to create an alias for the root user so that mail that is intended for root will be delivered to a non-privileged user.

Edit /etc/aliases and create a line like this:

root: mike

Whatever user you choose make sure that it is an account that is on the system. Do not use the admin account as it is tied to other things on the system.

Once you have added the username run the command:

newaliases

Verify that Postfix is running:

/etc/init.d/postfix start
/etc/init.d/postfix stop
/etc/init.d/postfix reload





Webmin Configuration of Postfix

Now you are ready to start with additional configuration options from the Webmin interface.
General Options

This Webmin image in “General Options” shows these “Most Useful General options”.

“What domain to use in outbound mail”
If you have your settings set in the basics you can set this to “Use domainname”.

“What domains to receive mail for”
The two settings that you see, $myhostname and $mydomain are the options you should use if you have one domain.




“What trouble to report to postmaster”

This option notify_classes, allows you to send mail reports to the postmaster. This is additional information that is not usually reported because only the worst situations are typically reported. Here is a list of the notify_classes that you can use. The default for Postfix is to use resource and software.

bounce – This option will send copies of the headers that are bounced. It will also send the information about the SMTP session that led to the bounce.

2bounce – Any undeliverable mail will be sent to the postmaster by default.

delay – When mail is delayed it will send copies of the headers to the postmaster.

policy – If a client is rejected based on UCE policy (Unsolicitated Commercial Email) the transcript of the SMTP session is sent to postmaster.

protocol – If there are client server protocol errors the transcript of the SMTP session will be sent to postmaster.

resource – If Postfix cannot deliver mail because of resource problems send a message to the postmaster.

software – This option will notify postmaster if there are software problems that are associated with why mail cannot be delivered.

If you would like to get this information delivered to an email, you may want to add your email to the postmaster aliases so it comes to your email account and you do not have to dig for it.

postmaster: root,your_email

This will allow you to receive that information to your email account. This is something that you can do on a temporary situation as you will surely get tired of receiving all this stuff….

Here is an example you can place in your main.cf.

notify_classes = bounce, delay, resource, software


Each of the options you see here are default options that you can leave in place. In a typical Postfix installation these are going to work fine.

However, these options that you see in this screen will need to be changed.

“Internet hostname of this mail system”
This is the FQDN (Fully Qualified Domain Name) of the mail server. It should have two parts, the hostname (mail) and the domain name (example.com). Mail servers when they talk to each other will require this setting. So if you have having difficulties this is one of the places to look.

“Local Internet domain name”
Set his the same as the option above, your FQDN.

“Local Networks”
These are all of the networks that are connected to the mail server. The setting will help the mail server determine who is a local client from a Spammer on the Internet. You have two options, click the “Default” which automatically detects the networks attached to the mail server. This is an easy option but if you have other networks that use this mail server you must select option two and list the networks that will use the mail server as you see in the example.

“Automatic local networks”
This setting has four options. The options are “Default, Same IP Subnet, Same Network Class and Local Machine Only”. These setting will help simply the setting above. If you local network in on a subnet and all of your users are one the same subnet choose “Same IP Subnet”. You can expand that to many more computers if you have a large network by choosing “Same Network Class”.

“Email Content Filter”
In this example you can see an email content filter is enabled. Do Not enable this feature using Webmin as it requires multiple edits and so it will not work unless you complete all edits at once.

The other settings here are fine as the default.


SMTP Server Options

This screen SMTP server options. You can leave all at the default except the “Restrictions on recipient addresses”. In the example you can see that there are entries that are placed in this and it is not the default. This entries must be placed in a specific order…be sure you check the order before you enable this and if you have problems examine the order carefully.




reject_non_fqdn_recipient
reject_unknown_recipient_domain
permit_mynetworks
permit_sasl_authenticated
reject_unauth_destination
reject_non_fqdn_hostname
reject_invalid_hostname
check_helo_access pcre:/etc/postfix/helo_checks
check_sender_mx_access cidr:/etc/postfix/bogus_mx
reject_rbl_client zen.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl-1.uceprotect.net
permit

Explanation of Each Setting
reject_non_fqdn_recipient
It is important that you require the FQDN for recipients. In order to make this happen use the reject_non_fqdn_recipients option.

reject_unknown_recipient_domain
Another restriction to consider for the envelope sender is the requirement of an existing domain. Spammers will use this as a way to conceal their true domain. So you will want to reject all domains that are not real. You do have to consider the fact that users may create a typo that would put them in this category and receive a bounced mail from Postfix. However, in order to control spam this may be a requirement.

permit_mynetworks
The order of processing restrictions is important. As you view the list in the example, note that the permit_mynetworks is a watershed in that it differentiates between clients on the outside and clients on the inside. The options that appear up to the permit_mynetworks apply to both internal and external clients. The options which appear after permit_mynetworks apply only to external clients. This is why the order is so important.

permit_sasl_authenticated
Allow sasl authentication if you use secure connections.

reject_unauth_destination
Prevents your server from becoming an open relay.

reject_non_fqdn_hostname
Use the reject_non_fqdn_sender option to make sure users have a FQDN.

reject_invalid_hostname
You may also choose to reject based on a valid hostname. The rules are that each valid hostname should contain a top level domain (com,net,org, etc), a domain, like example in example.com and it should contain a “.” separating the two.

check_helo_access pcre:/etc/postfix/helo_checks
Create a file called helo_checks in the /etc/postfix directory. This file should contain a number of variations on your address on one line at a time.

/^ns\.example\.com$/ 550 Bad helo check
/^216\.114\.226\.157$/ 550 Bad helo check
/^\[216\.114\.226\.157\]$/ 550 Bad helo check

In these examples, you will see a start of string (^)and end of string anchor ($). The ^ matches matches the position before the first character in the string. So ^ns will match the n and org$ will match the g. This is a useful tool to have for Postfix to read one line at a time and not combine text strings.

check_sender_mx_access cidr:/etc/postfix/bogus_mx
Spammers will also use networks which are not routeable, thus not traceable. You can stop this technique with Postfix, however, your network firewall should not allow these kinds of networks to enter your network at all.

Create a map that will list these unrouteable networks. Place one network on each line.

0.0.0.0/8 550 Bad Network
10.0.0.0/8 550 Bad Network
127.0.0.0/8 550 Bad Network
224.0.0.0/4 550 Bad Network
192.168.0.0/16 550 Bad Network

reject_rbl_client zen.spamhaus.org
reject_rbl_client cbl.abuseat.org
reject_rbl_client dnsbl-1.uceprotect.net
The one thing that is important to understand when using blackholes is that these DNS blacklists require Postfix to do a DNS lookup which will take resources from your server and create latency. However, this can be a significant reduction in SPAM. In the example below two kinds of lists are used to block spam, these are only illustrations you should research your list carefully. Each list will have an address that you can enter to access the list. These two are combined in one address. That address is then entered into your smtpd restrictions.

Having tried a number of RBLs you will see that some are going out of existence, some are either too aggressive or just do not cover all of the areas that give you the protection you need. Here is a list that makes a good combination of protection without getting too crazy. Be sure to try one at a time so you can determine if one is not right for you. Use at your own risk…you could lose email.

http://postfixmail.com/blog/index.php/using-webmin-to-set-up-postfix/
http://rimuhosting.com/support/settingupemail.jsp?mta=postfix

http://neranjara.org/article/title/How_to_configure_PostFix_and_Dovecot_for_Virtual_Users_with_out_a_Database_

Saturday, September 4, 2010

XEN operations

XEN List command
----------

xm list


to check if Xen has started. It should list Domain-0 (dom0):

[root@server1 ~]# xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 350 1 r----- 94.4
[root@server1 ~]#
---------

Creating A Virtual Machine
--------------

CentOS comes with a nice tool called virt-install with which we can create virtual machines for Xen. To start it, we simply run

virt-install


The tools asks a few questions before it creates a virtual machine. I want to call my first virtual machine vm01, with 256MB RAM and a disk size of 4GB. I want to store it in the file /vm/vm01.img:

What is the name of your virtual machine? <-- vm01
How much RAM should be allocated (in megabytes)? <-- 256
What would you like to use as the disk (path)? <-- /vm/vm01.img
How large would you like the disk (/vm/vm01.img) to be (in gigabytes)? <-- 4
Would you like to enable graphics support? (yes or no) <-- no
What is the install location? <-- http://wftp.tu-chemnitz.de/pub/linux/centos/5.0/os/i386

The question about the graphics support refers to the installer, not the virtual machine itself! It is possible to start a graphical installer, but you'd have to connect to it via VNC. It's easier to use the text installer - it offers the same options, so I choose the text installer.

As install location, you should specify a mirror close to you where the installer can download all files needed for the installation of CentOS 5.0 in our virtual machine. You can find a list of CentOS mirrors here: http://www.centos.org/modules/tinycontent/index.php?id=13

After we have answered all questions, virt-install starts the normal CentOS 5.0 installer (in text mode) in our vm01 virtual machine. You already know the CentOS installer, so it should be no problem for you to finish the CentOS installation in vm01.

After the installation, we stay at the vm01 console. To leave it, type CTRL+] if you are at the console, or CTRL+5 if you're using PuTTY. You will then be back at the dom0 console.

virt-install has created the vm01 configuration file /etc/xen/vm01 for us (in dom0). It should look like this:

====================================================
cat /etc/xen/vm01

# Automatically generated xen config file
name = "vm01"
memory = "256"
disk = [ 'tap:aio:/vm/vm01.img,xvda,w', ]
vif = [ 'mac=00:16:3e:13:e4:81, bridge=xenbr0', ]

uuid = "5aafecf1-dd66-401d-69cc-151c1cb8ac9e"
bootloader="/usr/bin/pygrub"
vcpus=1
on_reboot = 'restart'
on_crash = 'restart'
====================================================

Run
-----------

xm console vm01

to log in on that virtual machine again (type CTRL+] if you are at the console, or CTRL+5 if you're using PuTTY to go back to dom0), or use an SSH client to connect to it.

To get a list of running virtual machines, type
---------------

xm list

The output should look like this:

[root@server1 xen]# xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 259 1 r----- 1906.6
vm01 3 255 1 ------ 137.9
[root@server1 xen]#

To shut down vm01, do this:
--------------

xm shutdown vm01

To start vm01 again, run
---------------

xm create /etc/xen/vm01

If you want vm01 to start automatically at the next boot of the system, then do this:
------------------

ln -s /etc/xen/vm01 /etc/xen/auto

Here are the most important Xen commands:

xm create -c /path/to/config - Start a virtual machine.
xm shutdown - Stop a virtual machine.
xm destroy - Stop a virtual machine immediately without shutting it down. It's as if you switch off the power button.
xm list - List all running systems.
xm console - Log in on a virtual machine.
xm help - List of all commands.

Installing Xen On CentOS 5.2 (i386)

Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called "virtual machines" or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers' web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it's more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.


If you want to save your virtual machines in /vm, too, but haven't created a partition for it of if the directory /vm doesn't exist on your system, you can create it like this:

----------------------------
mkdir /vm
----------------------------

Make sure that SELinux is disabled or permissive:

---------------------------
vi /etc/sysconfig/selinux
---------------------------

If you had to modify /etc/sysconfig/selinux, please reboot the system:
--------------------------
reboot
--------------------------

Installing Xen

To install Xen, we simply run

--------------------------
yum install kernel-xen xen
--------------------------

This installs Xen and a Xen kernel on our CentOS system.

Before we can boot the system with the Xen kernel, please check your GRUB bootloader configuration. We open /boot/grub/menu.lst:

----------------------
vi /boot/grub/menu.lst
----------------------

The first listed kernel should be the Xen kernel that you've just installed:

=============================================
[...]
title CentOS (2.6.18-92.1.13.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-92.1.13.el5
module /vmlinuz-2.6.18-92.1.13.el5xen ro root=/dev/VolGroup00/LogVol00
module /initrd-2.6.18-92.1.13.el5xen.img
[...]
===============================================

Change the value of default to 0 (so that the first kernel (the Xen kernel) will be booted by default):

=================================
[...]
default=0
[...]
=================================

The complete /boot/grub/menu.lst should look something like this:

======================================================

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/VolGroup00/LogVol00
# initrd /initrd-version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title CentOS (2.6.18-92.1.13.el5xen)
root (hd0,0)
kernel /xen.gz-2.6.18-92.1.13.el5
module /vmlinuz-2.6.18-92.1.13.el5xen ro root=/dev/VolGroup00/LogVol00
module /initrd-2.6.18-92.1.13.el5xen.img
title CentOS (2.6.18-92.1.1.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.1.1.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.1.1.el5.img
title CentOS (2.6.18-92.el5)
root (hd0,0)
kernel /vmlinuz-2.6.18-92.el5 ro root=/dev/VolGroup00/LogVol00
initrd /initrd-2.6.18-92.el5.img
====================================

Afterwards, we reboot the system:

-----
reboot
--------

The system should now automatically boot the new Xen kernel. After the system has booted, we can check that by running

--------
uname -r
-------

Friday, September 3, 2010

Mod_GeoIP installation

Mod_GeoIP installation is easy. But in a cPanel server you need to follow some procedure for installing it.

Your cPanel server must have apache version 2.2.x installed.

Now proceed with the following steps to install it.

1) Download and install GeoIP database
# cd /usr/local/src/
# wget -c http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.6.tar.gz
# tar -xzf GeoIP-1.4.6.tar.gz
# cd GeoIP-1.4.6/
# ./configure
# make
# make install

2) Give apache user to read permission to that datbase file

# chown nobody.nobody /usr/local/share/GeoIP/GeoIP.dat
# echo '/usr/local/lib ' > /etc/ld.so.conf.d/geio.conf
# ldconfig

3) Download and install mod_geoip

# cd /usr/local/src/
# wget -c http://geolite.maxmind.com/download/geoip/api/mod_geoip2/mod_geoip2_1.2.5.tar.gz
# tar -xzf mod_geoip2_1.2.5.tar.gz
# cd mod_geoip2_1.2.5/
# /usr/local/apache/bin/apxs -lGeoIP -cia mod_geoip.c

4) Create a file called /usr/local/apache/conf/geoip.conf and add the following content

# cat >> /usr/local/apache/conf/geoip.conf << EOF
LoadModule geoip_module modules/mod_geoip.so

GeoIPEnable On
GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat MemoryCache

EOF

5) Add this file to apache included custom file list
echo 'Include "/usr/local/apache/conf/geoip.conf" ' >> /usr/local/apache/conf/includes/pre_main_global.conf

6) Rebuild httpd.conf and restart apache.

# /scripts/rebuildhttpdconf
# /scripts/restartsrv httpd

HyperVM XEN

HyperVM installation consists of downloading either the hypervm-install-master.sh or hypervm-install-slave.sh from download.lxlabs.com and executing them as root. They will download all the required files and do the complete installation on their own. You will need to disable selinux. edit /etc/sysconfig/selinux and then run setenforce 0.

Before you start to install there are several things need to be prepared:

* Make sure that you open the ports 8888 and 8887 in the firewall.
* The boot loader must be GRUB.
* There must be a separate /boot partition. You can assign it 200MB.
* You should use LVM.The recommended disk configuration is:/boot /dev/hda1 (500MB)
/ /dev/mapper/vol00-root (8GB)
swap /dev/mapper/vol00-swap (1GB)

Installation commands to execute:

1. setenforce 0
2. wget http://download.lxlabs.com/download/hypervm/production/hypervm-install-master.sh
3. sh ./hypervm-install-master.sh –virtualization-type=xen

After installation finished, you need to modify your /etc/grub.conf file so Linux will boot with xen kernel, most of the time you’ll need to change the ‘default=1? to ‘default=0?, and reboot the machine. Remember that the ordering on Linux is always started with 0 and the kernel you have to boot will always contain ‘xen’ in its naming.

Once the machine boots back, just make sure you have the Xen kernel by doing a ‘uname -a’, and after that you can connect to ‘http://machine-name:8888?, and you will be presented with a login screen – the password would be ‘admin’. Once you login, HyperVM will explicitly force you to change the password to something other than ‘admin’.

Note: On fedora 6/centos 5, you will need to run the following commands for xen to work properly:

Fedora:

cd /usr/local/lxlabs/hypervm/httpdocs/

lphp.exe ../bin/misc/fixfc6xen.php

Centos:

cd /usr/local/lxlabs/hypervm/httpdocs/

lphp.exe ../bin/misc/fixcentos5xen.php

Note 2: If you update the kernel at any point later, you will have to run the above commands again
Bookmark and Share
Related Article

* Xen VPS can’t initialize iptables table ‘filter’ (0)
* Xen VPS “4gb seg fix up” Problem (4)
* Installing suPHP on Centos 5 (0)
* Installing libTorrent and rTorrent on Linux Centos (17)
* Installing Gnome and VNC Remote Desktop on Centos VPS (15)

Monday, June 14, 2010

Easy apache error( perl issues)

ERROR
-------
can't locate Curses.pm in @INC (@INC contains: /scripts/../lib /var/cpanel/easy/apache/custom_opt_mods /usr/local/cpanel /var/cpanel/perl/easy /scripts /usr/local/lib/perl5/5.8.8/i686-linux /usr/local/lib/perl5/5.8.8 /usr/local/lib/perl5/site_perl/5.8.8/i686-linux /usr/local/lib/perl5/site_perl/5.8.8 /usr/local/lib/perl5/site_perl .) at /usr/local/lib/perl5/site_perl/5.8.8/Curses/UI/Common.pm line 20.
BEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.8.8/Curses/UI/Common.pm line 20.
Compilation failed in require at (eval 2507) line 3.
...propagated at /usr/local/lib/perl5/5.8.8/base.pm line 85.
BEGIN failed--compilation aborted at /usr/local/lib/perl5/site_perl/5.8.8/Curses/UI.pm line 2.
Compilation failed in require at /var/cpanel/perl/easy/Cpanel/Easy/Apache/UI/CLI/Config.pm line 5.
BEGIN failed--compilation aborted at /var/cpanel/perl/easy/Cpanel/Easy/Apache/UI/CLI/Config.pm line 5.
Compilation failed in require at /var/cpanel/perl/easy/Cpanel/Easy/Apache/UI/CLI.pm line 404.
r------------------------------

Solution
------
root@cp [/home]# /scripts/realperlinstaller --force Curses::UI
---------------

Thursday, May 6, 2010

How to create a VPS with Open VZ

OpenVZ uses a Operating System template system, ie every single VPS created with OpenVZ can have its own Operating System template like Fedora Core, Debian,CentOS.

You can download OpenVZ Operating System templates from OpenVZ template website. Note that each OS templates has its own hardware version . Make sure that you are choosing the right OS template for your server hardware.

Installing a template for CentOS:
[root@test ~]#yum -y vztmpl-centos-5-2.0-2 //install the template for Centos 5
[root@test ~]#vzpkgcache //create the cache, a lot of packages will be installed
[root@test ~]#vzpkgls //check the templates installed

Now we can go ahead and create out first VPS:

[root@test ~]#vzctl create 101 --ostemplate centos-5-i386-default --config vps.basic //This will create a VPS with the ID 101 using the Centos 5 template

Now a few things will have to set for the VPS like to be started at boot server time, set the IP, hostname, password and such.


[root@test ~]#vzctl set 101 --onboot yes --save

[root@test ~]#vzctl set 101 --ipadd 192.168.0.3 --save

[root@test ~]#vzctl set 101 --hostname server.server-hostname.com --save

[root@test ~]#vzctl set 101 --nameserver 192.168.0.2 --save


[root@test ~]#vzctl set 101 --userpasswd root:password //This last command will set the password for user root on the VPS






IMPORTANT VPS COMMANDS

How Do We Stop / Start / Restart VPS Servers?
# vzctl start 101 // 101 means the VPS ID
# vzctl restart 101
# vzctl stop 101
Login Into VPS Server
vzctl enter 101



How Do We Set Disk Quota?
# vzctl set 101 --diskspace SoftLimitG:HardLimitG --save
# vzctl set 101 --diskspace 10G:12G –save

How Do We Run a Command For VPS?

# vzctl exec 101 w
# vzctl exec 101 df

Destroy VPS
# vzctl destroy 101 // destroy the vps having ID 101

Wednesday, March 31, 2010

DNS forwarding

for a in `grep /etc/trueuserowners | cut -d ':' -f1`; do for b in `grep $a /etc/userdomains | cut -d":" -f1`; do replace "66.7.213.144" "66.7.219.239" -- /var/named/$b.db ; done ; done;

Friday, March 26, 2010

Installing 3rd party s/w

Click Be

============

mkdir -p /var/netenberg/click_be/installer/

cd /var/netenberg/click_be/

wget http://www.netenberg.com/files/click_be/free/click_be_installer.bz2

tar -xjpf click_be_installer.bz2

cd /var/netenberg/click_be/installer/

php click_be.php status

php click_be.php install

open_basedir =off
===============================


Rvskin
=========
mkdir /root/rvadmin
cd /root/rvadmin
wget http://member.rvskin.com/auto_rvskin.tgz
tar -xvzf auto_rvskin.tgz
perl auto_rvskin.pl

uninstall
-------
perl uninstall /scripts/killacct rvadmin
-----------------------
=====================

CSF
--------

/etc/csf

wget http://www.configserver.com/free/csf.tgz
tar -xvzf csf.tgz
sh install.sh

in csf.conf change TESTING = "0"

csf --update
---------


SVN
=========
use ful links
http://www.tonyspencer.com/2007/03/02/setup-a-subversion-server-in-4-minutes/

http://articles.slicehost.com/2007/9/5/introduction-to-svnserve


Setup a Subversion Server in 4 Minutes Code, Linux March 2nd, 2007
You are going to need to type fast but I think you can do it in 4 minutes.  These are my notes on what worked for me on my Fedora core 6 with svn lib already installed by the package manager:

1. Create a Repository
svnadmin create /svnrepos

2. Create a SVN User
vi /svnrepos/conf/svnserve.conf
In that file add these three lines:
anon-access = none
auth-access = write
password-db = passwd
Create a password file:
vi /svnrepos/conf/passwd
In that file add a line for your user:
# add users in the format : user = password
tony = mypassword
3. Import Your Project
(assuming you’ve put your project files in /projects/myrailsproject)
svn import /projects/myrailsproject file:///svnrepos/myrailsproject
4. Start the SVN Server as Daemon
svnserve -d
Done! You should now have a svn server running with one project named myrailsproject.
Try checking it out of the repository:
svn co svn://192.168.0.2/svnrepos/myyrailsproject
Since we set anon-access to none you should be prompted for username and password which you created in the file /svnrepos/conf/passwd.

How do I unzip a file in different format

If a file ends in .zip (for example, file.zip) type:
unzip file.zip

If a file ends in .tar (e.g., file.tar) type:
tar -xvf file.tar

If a file ends in .gz (for example, file.gz) type:
gzip -d file.gz

If a file ends in .tar.gz (e.g. file.tar.gz) type:
gzip -d file.tar.gz
and then
tar -xvf file.tar

If a file ends in .tgz (e.g. file.tgz) type:
tar -xvzf file.tgz

PGSQL

su postgres

$pg_dump databasename > achefeli_achefeliciano.sql

drop database achefeli_achefeliciano;

CREATE DATABASE achefeli_achefeliciano ENCODING 'LATIN1' TEMPLATE template0;

psql -d achefeli_achefeliciano -f achefeli_achefeliciano.sql

http://www.postgresql.org/docs/7.4/interactive/app-psql.html

Mysql

Repairing tables
=============

mysqlcheck --all-databases --auto-repair --> it repair all tables

myisamchk -crS /var/lib/mysql/mazad_almazad/*.MYI ---> for misam tables

mysqlcheck -r straysh_/*.frm ---> inodb
=================

Dump database
=======
mysqldump "database_name" > "database_name.sql" like this

root@server [~]# mysqldump indiaond_mmi > indiaond_mmi.sql

Drop
====
mysqladmin drop "database_name" like

mysqladmin drop indiaond_mmi

Create
=======
mysqladmin create "database_name" like

mysqladmin creat indiaond_mmi

Restore
====
mysql "database_name" < "dump path" like

mysql indiaond_mmi < /home/indiaond/indiaond/mysql/indiaond_mmi.sql

Mysql privileges
-------------
Enter in to mysql console

grant all privileges on database_name.* to 'database_username'@'localhost' identified by 'database_password';


mysql> grant all privileges on saudican_monpl2.* to 'saudican_monpl2'@'localhost' identified by 'monpl2';
=======================

The server is not responding (or the local MySQL server's socket is not correctly configured)
-------------------

. You just have to go into the config.inc.php file and change:
$cfg['Servers'][$i]['host'] = 'localhost';

to this

$cfg['Servers'][$i]['host'] = '127.0.0.1';

then save
and re-run [(your directory path]/phpmyadmin/index.php in your browser.
Damned annoying. But I am glad I found the fix now
----------------------------------


Change password through backend
------------------

mysql> select * from agb_book_auth;
+----+----------+-------------------------------------------+----------------------------------+------------+
| ID | username | password | session | last_visit |
+----+----------+-------------------------------------------+----------------------------------+------------+
| 1 | universo | *7ACE763ED393514FE0C162B93996ECD195FFC4F5 | a052734944b5f972db30c2a8f09c3e8d | 1241038315 |
+----+----------+-------------------------------------------+----------------------------------+------------+
1 row in set (0.00 sec)

mysql> update agb_book_auth set password=password('2003love') where username='universo';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 0

mysql> select * from agb_book_auth;
+----+----------+-------------------------------------------+----------------------------------+------------+
| ID | username | password | session | last_visit |
+----+----------+-------------------------------------------+----------------------------------+------------+
| 1 | universo | *EE3B755DE94AD4D46D03BE2E1B6435D3EBA8970A | 712102efbd65e82fa0d789476a6a9382 | 1243574039 |
+----+----------+-------------------------------------------+----------------------------------+------------+
1 row in set (0.00 sec)
-----------------------------------



My.cnf normal standerds
-------
set-variable = max_connections=300
set-variable = max_user_connections=50
set-variable = interactive_timeout=100
set-variable = wait_timeout=100
set-variable = connect_timeout=100
safe-show-database
key_buffer = 384M
max_allowed_packet = 16M
table_cache = 1500
sort_buffer_size = 2M
read_buffer_size = 2M
myisam_sort_buffer_size = 64M
thread_cache = 8
query_cache_size = 32M
# Try number of CPU's*2 for thread_concurrency
thread_concurrency = 8
old-passwords = 1
----------------

Quota issues

Common scripts
==========
/scripts/resetquotas
/scripts/initquotas

main configuration file: vi /etc/quota.conf


quota -v "username" : will display quotas on filesystems where no storage is allocated.
quota -s "username" : option will make quota(1) try to choose units for showing limits, used space and used inodes.


Example Steps for /home partition:

1. First check whether quota is enabled for /home partition.

# vi /etc/fstab

LABEL=/home /home ext3 defaults,usrquota 1 2

2. Remount the /home partition

# mount -o remount /home

3. Create a file called aquota.user for which we need to run quotacheck.

# quotacheck -c /home

4. Enable quota

# quotaon /home

This will enable quota on /home. Now you can edit the quota of a user using.

# edquota

5) Run /scripts/fixquotas this will solve the quota issue of cpanel accounts.

# /scripts/fixquotas

6) After this `repquota -a` should print out the soft/hard limits with grace periods for all users. If quotas are still not reporting anything in WHM and/or CPanel, check

# repquota -a

7) /var/cpanel/cpanel.config for disablequotacache=0

If that is set to 0, try setting it to 1 and see if that fixes it.

# vi /var/cpanel/cpanel.config ; /scripts/fixquotas

8) If a user’s quota shows more space being used than is in their home directory chances are there are stray files on the system owned by their UID. To find these files, run the following as root:

# find -user username > /tmp/username.txt

Disk usage problem

Using find command you can locate the files owned by the user

find "path" -user "username" like this "find /home/.cpan/build -user" and change the unwanted ownership to root.

Eaccelerator cache fill /tmp daily "find . -name 'sess*' | xargs rm"

also disable Eaccelerator in php.ini or change the path

Cpanel Issues

How do I fix the error "License File Expired"?
---------------------
/usr/local/cpanel/cpkeyclt

http://twiki.cpanel.net/twiki/bin/view/AllDocumentation/All/WHMsFAQ#How_do_I_fix_the_error_License_F
---------------

Bandwidth day and year not showing
-----------
/scripts/rrdtoolinstall --force
---------

ClamAV
------
You can install clamav antivirus which is open source and do a clamav scan to make sure that the website is not affected. On a cPanel server, the below command will scan the entire website files of each users.

clamscan -i -r –remove /home/*/public_html/

http://solidservers.ca/2009/06/how-to-install-clamav-in-cpanel/
http://www.supportsages.com/blog/2009/04/how-to-do-virus-scan-on-linux-servers/

delete folders in /var/ and /var/run install it through WHM then do command " freshclam".

==============================

Fantastico

Install Fantastico
=====================

For 32-bit:

Code: rpm -qa wget ;
uname -a
wget ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/5/i386/os/Fedora/RPMS/wget-1.10.2-3.2.1.i386.rpm

chattr -ia /usr/bin/wget
rpm -e wget
rpm -ivh --force wget-1.10.2-3.2.1.i386.rpm

For 64-bit:

Code: rpm -qa wget
wget http://download.fedora.redhat.com/pub/fedora/linux/releases/7/Everything/x86_64/os/Fedora/wget-1.10.2-15.fc7.x86_64.rpm
or
ftp://ftp.pbone.net/mirror/archive.fedoraproject.org/fedora/linux/releases/7/Fedora/x86_64/os/Fedora/wget-1.10.2-15.fc7.x86_64.rpm

chattr -ia /usr/bin/wget
rpm -e wget
rpm -ivh --force wget-1.10.2-15.fc7.x86_64.rpm

This for both 64 bit and 32 bit

Code: cd /usr/local/cpanel/whostmgr/docroot/cgi
wget -N http://files.betaservant.com/files/free/fantastico_whm_admin.tgz
tar -xvzf fantastico_whm_admin.tgz
rm -rf fantastico_whm_admin.tgz

also ione cube loader is enable in whm and try install fantastico through whm.

======================================

The ICON for Fantastico DOES NOT APPEAR in cPanel
---------------------------

The ICON for Fantastico DOES NOT APPEAR in cPanel « on: March 23, 2008, 03:33:39 AM » First, make sure you are using a theme that supports third-party addons like Fantastico. Some older themes and themes like x3mail do not support Fantastico.

You will need to check all of the following three things as any/all of these things may be the problem.

1) Make sure Fantastico is enabled, both in WHM's Feature Sets and that it is enabled in the WHM Fantastico admin settings.

2) Make sure you have a symlink to the Fantastico directory in every theme you use. For example if you use the "x3" theme:

Code: ln -s /usr/local/cpanel/3rdparty/fantastico /usr/local/cpanel/base/frontend/x3
3) If you use the X3 theme, make sure your icon cache is up-to-date:

Code: /usr/local/cpanel/bin/rebuild_sprites --force
If you get the following error after running rebuild_sprites:

Can't locate object method "newFromJpeg" via package "GD::Image" at /usr/local/cpanel/bin/rebuild_sprites line 17.

then you will need to install the Perl GD module first:

Code: /scripts/realperlinstaller --force GD or /scripts/installgd
After that, try rerunning the rebuild_sprites command above.

Please note that cPanel Inc. has discontinued support for the "x" and "x2" themes as of the release of cPanel v11. Although Fantastico does work in those themes we encourage you to switch to "x3" or another supported theme to ensure your users have the best experience possible.
----------------------------


Fantasitico shows ioncube error
===================

check php.ini in /usr/local/lib/php.ini

or php -v/

if its not present install /scripts/phpextensionmgr install IonCubeLoader

or ionecube present enable in tweak setting.

Cpanel shows error in fantastico : /scripts/makecpphp

http://www.netenberg.com/forum/index.php?topic=6902.0
http://www.netenberg.com/forum/index.php?topic=6795.0
=======================

FTP ISSUES

Access ftp
-------
ftp ip address

put - enter item into the account
get -

Common scripts
=========
/scripts/ftpupdate
/scripts/ftpup
==========

error log
----------
tail -f /etc/pure-ftpd/pure-ftpd.conf
-------


Also you can set ftp configuration through WHM.

WEBMAIL ISSUES

Fix Various Mail Permission
========
: /scripts/mailperm
=========


Sending message fails
============
This problem usually occurs when CSF ( Config Server Firewall ) is installed on your server and it is interacting with the working of squirrel mail. So while configuring CSF enable both SMTP_BLOCK & SMTP_ALLOWLOCAL . Enabling just SMTP_BLOCK can cause this issue.

$ vi /etc/csf/csf.conf
set
SMTP_BLOCK = '0'
save and exit

restart csf.


This will fix.
=================


To convert courier to dovecot please use the following two steps,
==========
# /scripts/setupmailserver --force dovecot
# /scripts/convert2dovecot
=========


Update webmails
-----------------
/usr/local/cpanel/bin/update-roundcube --force
/usr/local/cpanel/bin/update-squirrelmail --force
/usr/local/cpanel/bin/update-horde --force
--------------------

Squirrelmail not sending emails
================
vi /usr/local/cpanel/base/3rdparty/squirrelmail/config/config.php
just changed:
$useSendmail = false;

to:
$useSendmail = true;
==============


HORDE LOGIN PROBLEMS
================
Reset Horde is a solution

/scripts/resethorde
Or
/scripts/fullhordereset ———-Don’t do it until you find another solution. :)
?HORDE LOGIN PROBLEM

Hope you would have got this issue often. The client cannot able to login to his Horde account to check his mail. He would have reached till the login screen and if he click “Login” it will stay back in the same screen instead of going to his inbox. Here is the fix for it,

Check the following first,

1. goto ” cd var/lib/mysql/horde ” and check if there is a file named ” horde_sessionhandler.frm “

2. move all the file named “horde_sessionhandler” with other name

3. Or you can goto mysql and can drop the table “horde_sessionhandler”. It will show error message some times. If so use the step 2, so that the table gets moved automatically.(Remember that if you are using step2 skip the step 3)

4. Now type in shell “mysql”

5. It will take to mysql prompt . type “use horde”;

6. copy this command and paste there :

CREATE TABLE horde_sessionhandler (session_id VARCHAR(32) NOT NULL, session_lastmodified INT NOT NULL, session_data LONGBLOB, PRIMARY KEY (session_id)) ENGINE = InnoDB;

7. quit from mysql and restart mysql.

8. Try now… Your issue is fixed!!!!!
==================================================



Change current exim configuration
--------------

/scripts/exim_tidydb
---------------

EXIM COMMANDS

The foolowing exim_cheatsheet link help you to learn more.

http://bradthemad.org/tech/notes/exim_cheatsheet.php

Remove frozen message from the queue: exiqgrep -z -i | xargs exim -Mrm

Start exim queue: exim -q -v
EXIM

Exim is a message transfer agent (MTA) developed at the University of Cambridge for use on Unix systems connected to the Internet. It is freely available under the terms of the GNU General Public Licence. In style it is similar to Smail 3, but its facilities are more general. There is a great deal of flexibility in the way mail can be routed, and there are extensive facilities for checking incoming mail. Exim can be installed in place of sendmail, although the configuration of exim is quite different to that of sendmail.

A mail transfer agent (MTA) (also called a mail transport agent, message transfer agent, or smtpd (short for SMTP daemon)), is a computer program or software agent that transfers electronic mail messages from one computer to another.