linux + ruby on rails = love
October 24th, 2008 — Linux, Plesk
To enable AntiVirus for all accounts in Plesk you can use the following script:
#!/bin/bash mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa<<-EOT UPDATE mail SET virusfilter = 'any' WHERE postbox = 'true' AND virusfilter != 'any' EOT
You can run it daily from the cron to keep your mailboxes protected.
August 26th, 2008 — Linux
If you receive this error then your plugin needs patching:
ERROR: is not executable by (uid 0:gid(0 10 6 4 3 2 1 0))
The patch:
--- /usr/lib/nagios/plugins/check_mailq 2007-04-20 23:14:48.000000000 +0300 +++ check_mailq 2007-06-04 11:53:06.000000000 +0300 @@ -40,7 +40,7 @@ sub print_usage (); sub process_arguments (); -$ENV{'PATH'}=''; +$ENV{'PATH'}='/bin:/usr/bin'; $ENV{'BASH_ENV'}=''; $ENV{'ENV'}=''; $PROGNAME = "check_mailq"; @@ -49,6 +49,9 @@ $msg_p = 0 ; $state = $ERRORS{'UNKNOWN'}; +# +$utils::PATH_TO_QMAIL_QSTAT = "/var/qmail/bin/qmail-qstat"; + Getopt::Long::Configure('bundling'); $status = process_arguments(); if ($status){ @@ -63,7 +66,6 @@ alarm($opt_t); # switch based on MTA - if ($mailq eq "sendmail") { ## open mailq
August 25th, 2008 — Linux, Plesk
If you forgot your admin password in Plesk, you’ll need to connect to your server with ssh and you can find the password in the file /etc/psa/.psa.shadow .
[root@apollo ~]# cat /etc/psa/.psa.shadow <admin_pass>
To find mailbox’s password in Plesk, connect to your server with ssh, then use the following SQL query to reveal mailbox password (replace MAILBOX_NAME with your mailbox name):
[root@apollo ~]# mysql -u admin -p`cat /etc/psa/.psa.shadow` psa [...] mysql> SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) \ ON (m.dom_id = d.id AND m.account_id = a.id) WHERE m.mail_name='MAILBOX_NAME'
August 25th, 2008 — Linux, Ruby
RMagick is an interface between the Ruby programming language and the ImageMagick® and GraphicsMagick image processing libraries.
To install RMagick on CentOS 4 you’ll need to install RMagick version 1 because version 2 requires newer version of ImageMagick that’s not available in CentOS 4 repositories.
I do assume that you already have installed RubyGems. If not, then read my post Install RubyGems on CentOS 4.
Let’s start by installing required libraries:
[root@lion ~]# yum install gcc gcc-c++ ImageMagick-devel ghostscript freetype-devel \ libjpeg-devel libpng-devel libpng10-devel libwmf-devel libexif-devel libtiff-devel [...]
Then install RMagick gem specifying version with ‘-v’ switch:
[root@lion ~]# gem install rmagick -v 1.15.14 Building native extensions. This could take a while... Successfully installed rmagick-1.15.14 1 gem installed
August 2nd, 2008 — Linux, Plesk
Configuring apache for squirrelmail following this tutorial is not enough. You’ll need to configure squirrelmail too. Edit your /etc/squirrelmail/config_local.php file and paste the following configuration:
// courier-imap settings $imap_server_type = 'courier'; $default_folder_prefix = 'INBOX.'; $trash_folder = 'Trash'; $sent_folder = 'Sent'; $draft_folder = 'Drafts'; $show_prefix_option = false; $default_sub_of_inbox = false; $show_contain_subfolders_option = false; $optional_delimiter = '.'; $delete_folder = true; $force_username_lowercase = false; // other settings $default_charset = 'iso-8859-1'; $lossy_encoding = false; $sendmail_args = '-i -t'; $encode_header_key = ''; $hide_auth_header = false; $plugins[3] = 'filters'; $abook_global_file = ''; $abook_global_file_writeable = false; $addrbook_global_dsn = ''; $addrbook_global_table = 'global_abook'; $addrbook_global_writeable = false; $addrbook_global_listing = false;
August 1st, 2008 — Linux
If you are working on a x86_64 system don’t even try to go with 64bit of FireFox, just install 32bit version and enjoy all FireFox’s plugins: flash, java, … don’t waste your time.
Adobe didn’t released yet a 64bit flash plugin for linux, although there exists different workarounds to make 32bit plugins to work on the x86_64 platform they are still buggy.
If you’ll try to use nspluginwrapper you’ll end up with FireFox eating 1GB of ram after you’ll open a few flash sites because it’s leaking memory.
Let’s go to install firefox with flash-plugin, firstly remove firefox x86_64 version and then install i386 version:
[root@silver ~]# yum remove firefox.x86_64 [...] [root@silver ~]# yum install firefox.i386 [...]
Then we’ll download rpm for linux from Adobe :
http://www.adobe.com/shockwave/download/alternates/
[root@silver ~]# rpm -ivh flash-plugin-9.0.124.0-release.i386.rpm [...]
Now, you are ready to use your favorite browser on linux x86_64 with flash player.
Update:
An alpha refresh of 64-bit Adobe Flash Player 10 for Linux operating systems was released on 12/16/2008.
Download it from here:
http://labs.adobe.com/downloads/flashplayer10.html
August 1st, 2008 — Linux
If are seeing a lots of “TCP: drop open request from A.B.C.D” messages and you don’t expect a real load the server, you’ll need to enable syncookies. Edit your /etc/sysctl.conf and append the following lines:
# enable syncookies net.ipv4.tcp_syncookies = 1
Then restart network service.
[root@centurion ~]# /etc/init.d/network restart Shutting down interface eth0: [ OK ] Shutting down loopback interface: [ OK ] Setting network parameters: [ OK ] Bringing up loopback interface: [ OK ] Bringing up interface eth0: [ OK ]
July 31st, 2008 — Linux, Plesk
If you are trying to backup your server to a ftp location don’t forget to specify destination file on the remote server, or you’ll receive this error:
[root@apollo ~]# export FTP_PASSWORD="secret" [root@apollo ~]# /usr/local/psa/bin/pleskbackup --no-gzip all --skip-logs ftp://backup:@backup.example.com/ Unable to parse options: Bad FTP file format at /usr/local/psa/bin/pleskbackup line 287.
July 22nd, 2008 — Linux, Plesk
Today I’ve received an alert from the monitoring system, the mails count from server’s queue was too high.
Depending on the numbers of the clients hosted on the server more than 500 of mails lasting more than half hour in the queue is meaning that someone has sent a newsletter or spam.
Let’s ssh there and study the problem. Firstly we should look at the server’s queue:
[root@ulise ~]# /var/qmail/bin/qmail-qstat messages in queue: 758 messages in queue but not yet preprocessed: 0
We do have 758 mails in the queue. Let’s examine the queue with qmail-qread. Seeing a bunch of strange email addresses in the recipient list usually it’s meaning spam.
[root@ulise ~]# /var/qmail/bin/qmail-qread [...]
You can examine the email content of the emails in the queue using Plesk interface or just less command. Firstly we should find message’s id using qmail-qread, then find the file holding the email in /var/qmail/queue with find command.
[root@ulise ~]# /var/qmail/bin/qmail-qread [...] 18 Jul 2008 02:01:11 GMT #22094026 1552 <> remote user@yahoo.com [...] [root@ulise ~]# find /var/qmail/queue/ -name 22094026 /var/qmail/queue/mess/19/22094026 /var/qmail/queue/remote/19/22094026 /var/qmail/queue/info/19/22094026 [root@ulise ~]# less /var/qmail/queue/mess/19/22094026 Received: (qmail 10728 invoked from network); 22 Jul 2008 19:40:46 +0300 Received: from unknown (HELO User) (86.107.221.138) by domain.com with SMTP; 22 Jul 2008 19:40:46 +0300 Reply-To: <support@PayPal.Inc.com> From: "PayPal"<support@PayPal.Inc.com> Subject: Dispute Transaction Date: Tue, 22 Jul 2008 19:40:52 +0300 MIME-Version: 1.0 Content-Type: text/html; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 [...]
Oops, we do have some spam in the queue that’s received from the network (IP: 86.107.221.138). We should remove spam from the queue or the server IP address will finish listed in the RBLs, qmail-remove is the right tool for this job.
Check the number of the spams with the spam pattern (“PayPal.Inc.com” in this case):
[root@ulise ~]# qmail-remove -p 'PayPal.Inc.com'
Now, remove spams (notice the ‘-r’ switch), they all will end up in the /var/qmail/queue/yanked directory. Don’t forget to stop qmail daemon before (/etc/init.d/qmail stop) :
[root@ulise ~]# qmail-remove -r -p 'PayPal.Inc.com'
In a few minutes we do have more emails with the same patterns from the same ip address. That’s great, we do have opportunity to examine smtp traffic from the spammer’s ip address. Run tcpdump and wait a few minutes.
[root@ulise ~]# tcpdump -i eth0 -n src 86.107.221.138 \or dst 86.107.221.138 -w smtp.tcpdump -s 2048
Examining log file with less or wireshark we found that spammer is sending spam using LOGIN authentication:
220 ulise.domain.com ESMTP ehlo User 250-ulise.domain.com 250-AUTH=LOGIN CRAM-MD5 PLAIN 250-AUTH LOGIN CRAM-MD5 PLAIN 250-STARTTLS 250-PIPELINING 250 8BITMIME AUTH LOGIN 334 VXNlcm5hbWU6 dGVzdA== 334 UGFzc3dvcmQ6 MTIzNDU= 235 go ahead
Interesting, let’s decode the user/pass to see which account is used:
[root@ulise ~]# perl -MMIME::Base64 -e 'print decode_base64("dGVzdA==")' test [root@ulise ~]# perl -MMIME::Base64 -e 'print decode_base64("MTIzNDU=")' 12345
So, someone created a test account with a weak password and someone else guessed it and is sending spam through the server.
Let’s find the domain owning of the mailbox:
[root@ulise ~]# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa [...] mysql> SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) ON (m.dom_id = d.id AND m.account_id = a.id) WHERE m.mail_name='test' AND a.password='12345'; +-----------+------------+----------+ | mail_name | name | password | +-----------+------------+----------+ | test | example.com | 12345 | +-----------+------------+----------+ 1 row in set (0.01 sec)
Next step is to delete test mailbox and send a warning to client.
To improve your server’s security you’ll need to enable:
Server -> Mail -> Check the passwords for mailboxes in the dictionary
Creating a mailbox “test” with password “12345″ is a stupid thing and spammers just love to exploit it.
July 17th, 2008 — Linux, Plesk
Extracting files from a Plesk 8.3 backup it’s not an easy task and it’s time consuming.
Let’s examine backup file:
[root@monster ~]# file plesk_bigserver_2008-07-10.backup plesk_bigserver_2008-07-10.backup: ASCII English text, with very long lines
Plesk backup is a multi-part mime-encoded file, you can easy restore one domain or whole server using plesk backup utilities, but when you need a few files from backup you’ll need an external tool like ripemime or mpack.
Requirements:
Check your free space using df(disk free) command.
[root@monster ~]# df -h Filesystem Size Used Avail Use% Mounted on /dev/hda3 9.2G 2.5G 6.3G 29% / /dev/hda1 190M 15M 166M 8% /boot none 1010M 0 1010M 0% /dev/shm /dev/hda7 53G 17G 34G 34% /home /dev/hda6 950M 17M 886M 2% /tmp /dev/hda5 46G 7.2G 37G 17% /var
Let’s install mpack. On a Redhat/Fedora/CentOS system it’s easy, just subscribe to Dag Wieers’s repository. You’ll need to download rpmforge-release rpm that’s matching your server OS and architecture:
For CentOS 5 and x86_64 architecture we’ll use rpmforge-release-0.3.6-1.el5.rf.i386.rpm:
[root@monster tmp]# wget http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm [...] [root@monster tmp]# rpm -ivh rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm http://dag.wieers.com/rpm/packages/rpmforge-release/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm [...] [root@monster tmp]# yum install mpack [...]
Let’s make a directory where we’ll extract backup files and then extract files there:
[root@monster ~]# mkdir recover [root@monster ~]# cd recover [root@monster ~]# munpack < ../plesk_bigserver_2008-07-15.backup [...]
Mpack will extract files into separate tar archives where you can locate the domain by archive name and extract files using tar command.