Re: Changing max_execution_time and max_input_time in .htaccess for a single domain

Sometimes you need more time for your script or upload to complete however you want to avoid changing these setting for the entire server, so the option to change for a single domain is there when running PHP as Apache.

To change max_execution_time and max_input_time from the 60 second default add the following lines to the top of your .htaccess:

php_value max_execution_time 600
php_value max_input_time 600

The change is instantly active and affects only the virtual host in question.

Re: qmail restart error, plesk qmail error,  [: =: unary operator expected

You have installed Plesk, updated all your modules, upgrade PHP, mysql, everything looks great. Then, you realise that you have Plesk with the Postfix MTA but you want Qmail MTA - so you go ahead and select Qmail MTA in the Plesk Upgrade Manager.

Install is fine, until you try to start qmail.

[root@server ~]# service qmail restart
/etc/init.d/qmail: line 25: [: =: unary operator expected

Before you panic, check this file:

# cat /etc/sysconfig/network

HOSTNAME=server.yourhostname.com
NETWORKING=yes

If you are missing the NETWORKING line, simply insert it.

# [root@server ~]# service qmail start
Starting qmail:                                            [  OK  ]

Your qmail service is now functioning as required. Panic over

Re: Email port, ports for email, secure email ports

When troubleshooting email and mail server related problems it is wise to first check that all of your email ports are open and not being blocked by your firewall, here you can find the ports you need open for POP, POPS, IMAP, IMAPS and SMTP

• Port 25 allows SMTP connections
• Port 110 allows POP connections
• Port 995 allows POPS connections
• Port 143 allows IMAP connections
• Port 993 allows IMAPS connections

Ensure these ports are open if you are have problems communicating with your mail server.

Re: Finding Plesk Spammer, Qmail spam source, Anonymous spam

So you’ve done all the basics, looked through the maillogs and you’ve determined the spammer is sending from “anonymous” which means a vulnerable script somewhere on the server. But where? Great, so now let’s delve a little deeper to find the UID of the spammer.

1) Let’s take a look in the mail queue and read one of those spam email references:

# /var/qmail/bin/qmail-qread

remote ankush_krishna2137@yahoo.com
6 Jan 2012 09:14:53 GMT #34012584 2987 <anonymous@server.microlite8.com>

2) Now we have a message ID, let’s search for the actual message:

# find /var/qmail/queue/ -name 34012584

/var/qmail/queue/info/0/34012584
/var/qmail/queue/remote/0/34012584
/var/qmail/queue/mess/0/34012584

3) Great! Now let’s see what’s in the message to get out that all telling UID:

# cat /var/qmail/queue/mess/0/34012584

Received: (qmail 9936 invoked by uid 10820); 6 Jan 2012 09:14:50 +0000
Date: 6 Jan 2012 09:14:50 +0000
Message-ID: <20120106091450.9934.qmail@server.microliteX.com>
To: annette@recdom.wandoo.co.uk
Subject: Urgent Reply
From: Mrs.Farida Waziri <faridawaziri@hotmail.com>

4) Let’s map the UID to a domain name on the Plesk server:

# cat /etc/passwd | grep 10820

admin947932:x:10820:2523::/var/www/vhosts/thisisthespammer.com:/bin/false

5) Spammer caught

Please share this page on Facebook or Google+ if you found this article useful.

Re: Yandex IP range, Yandex subnets, Block Yandex Robots

Across our server range we are finding that Yandex continues to ignore robots.txt files and crawls some sites constantly, so how do you stop such an abuse of your network resources?

If you use IPTABLES or APF (you should!) then you can block all Yandex spiders using the following IP ranges:

77.88.0.0/18 # yandex.ru
77.88.22.0/23 # yandex.ru
77.88.24.0/21 # yandex.ru
77.88.24.0/22 # yandex.ru
77.88.28.0/22 # yandex.ru
77.88.36.0/23 # yandex.ru
77.88.42.0/23 # yandex.ru
77.88.44.0/24 # yandex.ru
77.88.50.0/23 # yandex.ru
87.250.224.0/19 # yandex.ru
87.250.230.0/23 # yandex.ru
87.250.252.0/22 # yandex.ru
93.158.128.0/18 # yandex.ru
93.158.137.0/24 # yandex.ru
93.158.144.0/21 # yandex.ru
93.158.144.0/23 # yandex.ru
93.158.146.0/23 # yandex.ru
93.158.148.0/22 # yandex.ru
95.108.128.0/17 # yandex.ru
95.108.128.0/24 # yandex.ru
95.108.152.0/22 # yandex.ru
95.108.216.0/23 # yandex.ru
95.108.240.0/21 # yandex.ru
95.108.248.0/23  # yandex.ru
178.154.128.0/17 # yandex.ru
178.154.160.0/22 # yandex.ru
178.154.164.0/23 # yandex.ru
199.36.240.0/22 # yandex.ru
213.180.192.0/19 # yandex.ru
213.180.204.0/24 # yandex.ru
213.180.206.0/23 # yandex.ru
213.180.209.0/24 # yandex.ru
213.180.218.0/23 # yandex.ru
213.180.220.0/23 # yandex.ru

Simply restart APF and Yandex will no longer be a problem (until they extend their network!).

Re: Is PHP SOAP installed? Which version of PHP SOAP do I have?

For dedicated servers, you can tell if PHP SOAP is installed by the running the following command on the console:

# php -i phpinfo | grep soap

The following outpout will confirm you have PHP SOAP installed:

soap
soap.wsdl_cache => 1 => 1
soap.wsdl_cache_dir => /tmp => /tmp
soap.wsdl_cache_enabled => 1 => 1
soap.wsdl_cache_limit => 5 => 5
soap.wsdl_cache_ttl => 86400 => 86400

If you have a shared hosting account and need PHP SOAP, simply contact the Helpdesk to arrange a transfer of your account to a suitable server.

Re: Where can I find the mail log in Plesk?

The mail logs in Plesk qmail are stored here:

/usr/local/psa/var/log/maillog

You can view the entire maillog like this:

# cat /usr/local/psa/var/log/maillog

Or you can look at the last 150 lines like this:

# tail -150 /usr/local/psa/var/log/maillog

You can watch the maillog devlop in real time like this:

# tail -f /usr/local/psa/var/log/maillog

You can search for specific entries like this:

# tail -500 /usr/local/psa/var/log/maillog | grep test@domain.co.uk

The Plesk maillog is your friend when it comes to finding spammers and email problems on your server.

Re: Finding spammers in Plesk, find source of spam on Plesk server

If you are hosting a Plesk server wilth multiple sites then eventually you will find that spam will appear from one of those sites and it will be difficult to determine where the spam is coming from. This will put your server IP at risk of being suspended by your server provider.

First things first, let’s check to see if the spam is being sent by a mailbox user, this would indicate deliberate spamming from a client or a compromised password on a mailbox account.

Out of the ordinary authentications

A large number of authentications to a particular mailbox, ie. thousands, can indicate massive email activity, you can check this quickly as follows:

# cat /usr/local/psa/var/log/maillog |grep -I "LOGIN"|awk {'print $12'}|sort|uniq -c|sort -n

If you cannot see anything out of the ordinary, the search continues.

The Maillog is your friend

Let’s take a look at the plesk qmail maillog:

# tail -500 /usr/local/psa/var/log/maillog

Entries like the following indicate the domain and mailbox that the email is being sent from:

Dec  7 10:51:01 server qmail-local-handlers[29265]: from=info@spammerdomain.com

This leaves you no further work to do, possibly suspend the account and contact the client in question. You might want to clear the mail queue in the Plesk panel also.

Difficult to locate spammers

A more difficult situation is where the email is being sent using the Apache user or as anonymous. This type of email spam cannot so easily be traced to a sender as it is not being sent from a mailbox.

These entries look something like this:

Dec  7 10:50:17 server qmail-queue-handlers[29080]: from=anonymous@server.hostname.com

Or like this:

Dec  7 10:50:17 server qmail: 1323255017.404624 info msg 47220220: bytes 501 from <anonymous@server.hostname.com> qp 29081 uid 48

It is not possible to determine the spammer from the maillog in this situation. These emails are being sent using a form processor or other PHP mailer / PERL mailer script.

Track, Trace and Remove

To solve this problem you need to

• Login to the Plesk Control Panel > Home > Mail Settings > Mail Queue
• Click on one of the many SPAM emails you will see listed

Look for this at the top of the mail header:

Received: (qmail 2583 invoked by uid 10211)

Once you have the UID (which in this case in 10211) you can now trace the client like this:

# grep 10211 /etc/passwd

Which will show something like this:

dom74628:x:10211:2523::/var/www/vhosts/thespammerdomain.com:/bin/false

You can now proceed suspend the spam account and remove all the mails from the mail queue.

You can use iptables pre-routing to route from one port to another.

For example, the following command will enable mail users to use port 26 or port 25 for SMTP request. All port 26 requests will be routed to port 25.

# iptables -t nat -A PREROUTING -p tcp -d 192.168.167.2 --dport 26 -j DNAT --to 192.168.167.2:25

Now your clients can use port 26 or port 25 without any problems.

Re: Mail being bounced even though Mailbox exists, bounce message

“Hi. This is the qmail-send program at server.mailserver.com.
I’m afraid I wasn’t able to deliver your message to the following addresses.
This is a permanent error; I’ve given up. Sorry it didn’t work out.”

Take a look in the mail log file:

tail -1500 /usr/local/psa/var/log/maillog

You see errors such as this:

Unable to stat entry '/usr/local/psa/handlers/info'

To resolve you need to remove and rebuil all mail handlers as follows:

1. Stop the mail service

    # /usr/local/psa/admin/sbin/mailmng --stop-service

    OR

    # service qmail stop

2. Backup old handlers in a temporary directory

    # mkdir /usr/local/temp

    # cp -a /usr/local/psa/handlers/before-* /usr/local/temp/

    # cp -a /usr/local/psa/handlers/info /usr/local/temp/

3. Remove the handlers

    # rm -rf /usr/local/psa/handlers/before-*/*

    # rm -rf /usr/local/psa/handlers/info/*

4. Recreate handlers using mchk utility

    # /usr/local/psa/admin/sbin/mchk --with-spam

5. Start mail service:

    # /usr/local/psa/admin/sbin/mailmng --start-service

    OR 

    service qmail start

This may take a little time however it will resolve all errors.

Re: Can’t start Apache, getting error (28) No space left on device

First, don’t panic, this problem is easily fixed. Take a deep breath and now get ready to clear up some semaphores:

1) First let’s kill all httpd process:

# killall -9 httpd

2) Now let’s delete the semaphores:

# ipcs -s | grep apache | perl -e 'while (<STDIN>) {@a=split(/\s+/); print `ipcrm sem $a[1]`}'

3) Now let’s start up Apache

# service httpd start

Problem solved, panic over. One for the toolbox!

Re: How to enable PHP Pear for a domain in Plesk

1) edit vhost.conf as such:

<Directory /var/www/vhosts/domain.com/httpdocs>
        php_admin_value include_path "/var/www/vhosts/domain.com/httpdocs/:/usr/share/pear/"
        php_admin_value open_basedir "none"
</Directory>

2) /usr/local/psa/admin/sbin/websrvmng – -reconfigure-vhost –vhost-name=domain.com

3) service httpd restart

To test pear, create a php file, eg check_pear.php

<?php
require_once 'System.php';
var_dump(class_exists('System', false));
?>

4) open check_pear.php in a browser, a ‘true’ result confirms pear is working:

bool(true)

That’s all there is to getting PEAR working on Plesk 9 Linux.

Re: Where are emails and email files stored in Plesk?

Even though emails account for part of your web space usage, they are actually stored outside of your vhost document root.

You can find all email files here:

# ls -l /var/qmail/mailnames

Each directory relates to a specific POP box, the mailboxes are not grouped by domain or client account.

If you get the error “The domain is still suspended for the following reason: Domain is temporarily suspended for backing up or restoring.” this means that the domain is locked and you will not be able to unsuspend the domain name from the Plesk 9.x control panel.

Some solution show you editing the plesk databases directly, but there is no need for such a risk.

The solution for Plesk 9.x for Linux is as follows:

1. Open up a command shell with the server
2. Type the following command to directly unsuspend the domain
3. # /usr/local/psa/bin/domain –on domain.com

Now you should see “SUCCESS: Changing status of domain ‘domain.com’ complete.”

One of the first things we do to a Plesk server is remove Dr Web and all of it’s components which is not as easy as it may first appear as there are a number of modules that need removing.

Here we will show you how to remove all parts of Dr Web from your Plesk server.

Open an SSH session with your server and do the following:

# yum remove drweb-base drweb-bases drweb-common drweb-daemon drweb-updater psa-drweb-configurator

You will now find no trace of Dr Web in your logs or in your system.