Yegor's blog

Small blog about system administration.

Spamd failed: a restart was attempted automatically

To repair spamd just execute following commands:

sa-learn -D --force-expire 
sa-update -D 
/usr/local/cpanel/scripts/spamassassin_dbm_cleaner 
/usr/local/cpanel/scripts/fixspamassassinfailedupdate 
/scripts/restartsrv_spamd
/scripts/autorepair spamd_dbm_fix
/etc/init.d/exim restart

So, it should fix this issue. 

No comments :

Post a Comment

Understanding DNS MX records


What is an MX Record

MX stands for Mail Exchange Records.
MX records are used in DNS records(or Zone files) to specify how email should be routed.

Lets take an example of say liz@mydomain.com.

This is how a typical DNS record(for mydomain.com) looks like.

;
; Zone file for mydomain.com

@ 14400 IN SOA ns.mynameserver.com. root.ns.mynameserver.com. (
   109157199
   86000
   7200
   3600000
   600 )
mydomain.com. 14400 IN NS ns.mynameserver.com.
mydomain.com. 14400 IN NS ns2.mynameserver.com.
mydomain.com. 14400 IN NS ns3.mynameserver.com.

; A Record
mydomain.com. 14400 IN A 216.34.94.184

localhost.mydomain.com. 14400 IN A 127.0.0.1

; MX record
mydomain.com. 14400 IN MX 0 mydomain.com. 

mail 14400 IN CNAME mydomain.com.
www 14400 IN CNAME mydomain.com.
ftp 14400 IN CNAME mydomain.com.


Notice the line with the “MX” in it. 
This is called the MX 

record.mydomain.com. 14400 IN MX 0 mydomain.com.

The MX record shows that all emails @ mydomain.com should be routed to the mail server at mydomain.com. The DNS record shows that mydomain.com is located at 216.34.94.184. 

This means that email meant for liz@mydomain.com will be routed to the email server at 216.34.94.184. This finishes the task of the MX record. 
The email server on that server(say sendmail) then takes over, collects the email and then proceeds to distribute it to the user “liz”.

It is important that there be a dot(“.”) after the domain name in the MX record. If the dot is absent, it routes to “mydomain.com.mydomain.com”. The number 0, indicates Preferance number. Mail is always routed to the server which has the lowest Preferance number. If there is only one mail server, it is safe to mark it 0.

Multiple mail servers


Multiple email servers are useful for the sake of redundancy. If the Highest Priority email server (one with the lowest Preference number) is down, then the email is routed to the Server with the second highest Preference number.

For example

mydomain.com. 14400 IN A 216.34.94.184
server2.mydomain.com. 14400 IN A 216.34.94.185
mydomain.com. 14400 IN MX 0 mydomain.com.
mydomain.com. 14400 IN MX 30 server2.mydomain.com.

You can have unlimited MX entries for Fallback.

If all the MX records are equal Preference numbers, the client simply attempts all equal Preference servers in random order, and then goes to MX record with the next highest Preference number.

Pointing MX records to an IP

Its not possible to have an MX record pointing directly to an IP. 

For example 

‘mydomain.com. 14400 IN MX 0 216.34.94.184“ 

is wrong. 
Define an “A Record” first and then have the MX record pointing to it.

server2.mydomain.com. 14400 IN A 216.34.94.185
mydomain.com. 14400 IN MX 30 server2.mydomain.com.

MX records for Subdomains


A Subdomain is something like this “Subdomain.mydomain.com”. 
Assume you want to send an email to liz@subdomain.mydomain.com and to capture that on another server.


mydomain.com. 14400 IN A 216.34.94.184
server2.mydomain.com. 14400 IN A 216.34.94.185
mydomain.com. 14400 IN MX 30 mydomain.com.
subdomain.mydomain.com. 14400 IN MX 30 server2.mydomain.com.

In this configuration, liz@subdomain.mydomain.com would go to 216.34.94.185 and liz@mydomain.com would go to 216.34.94.184.

Testing the MX record


Once you setup your MX record, always test it to see if it is setup correctly. 
You can do with tools like nslookup.

[root@localhost sangeetha]# nslookup
> set q=mx
> yahoo.com
Server: 192.168.1.1 Address: 192.168.1.1#53
Non-authoritative answer:
yahoo.com mail exchanger = 1 mx1.mail.yahoo.com.
yahoo.com mail exchanger = 1 mx2.mail.yahoo.com.
yahoo.com mail exchanger = 1 mx3.mail.yahoo.com.
yahoo.com mail exchanger = 5 mx4.mail.yahoo.com.
Authoritative answers can be found from:
yahoo.com nameserver = ns2.yahoo.com.
yahoo.com nameserver = ns3.yahoo.com.
yahoo.com nameserver = ns4.yahoo.com.
yahoo.com nameserver = ns5.yahoo.com.
yahoo.com nameserver = ns1.yahoo.com.
mx1.mail.yahoo.com internet address = 4.79.181.14
mx1.mail.yahoo.com internet address = 4.79.181.15
mx1.mail.yahoo.com internet address = 67.28.113.10
mx1.mail.yahoo.com internet address = 67.28.113.11
ns1.yahoo.com internet address = 66.218.71.63
ns2.yahoo.com internet address = 66.163.169.170
ns3.yahoo.com internet address = 217.12.4.104
ns4.yahoo.com internet address = 63.250.206.138
ns5.yahoo.com internet address = 216.109.116.17
>

No comments :

Post a Comment

HOWTO: Get Plesk e-mail addresses and passwords

#mysql -uadmin -p` cat /etc/psa/.psa.shadow` -Dpsa -e"select mail_name,name,password from mail left join domains on mail.dom_id = domains.id inner join accounts where mail.account_id = accounts.id;"

The result will show all available Plesk mail accounts inside the ‘psa’ database.

No comments :

Post a Comment

HOWTO: Force qmail to process the outbound queue

Normally, qmail will be able to process the mail queue without any interaction from the system administrator, however, if you want to force it to process everything that is in the queue right now, you can do so:

#kill -ALRM `pgrep qmail-send`

If for some peculiar reason you don't have pgrep on your server, you can go about it a slightly different way:

#kill -ALRM `ps ax | grep qmail-send | grep -v grep | awk '{print $1}'`

Your logs should begin filling up with data about e-mails rolling through the queue.

No comments :

Post a Comment

Managing Mail System in Parallels Plesk using command line

The majority of tasks related to administration of mail accounts can be handled by the mail.sh utility.

The following tasks can be performed with its help: creation/update/removal of mail names, setup of preferences for mailboxes, redirects and mail groups.
Autoresponder settings can also be controlled with this utility.

Usage: mail.sh command <mail_name> [options]

For example:

Get info about mailbox:

#/usr/local/psa/bin/mail.sh -i mail@example.com

Change password for mail@example.com:

#/usr/local/psa/bin/mail.sh -u mail@example.com -passwd <new-password>

More about it: http://download1.swsoft.com/Plesk/Plesk7.5/Doc/plesk-7.5r-sdk-html/docs/cu/unix/ch14.html

No comments :

Post a Comment

HOWTO: Reinstall package using yum

You can use the yum command with reinstall option.
This will reinstall the identically versioned package as is currently installed. 

The syntax is as follows: 

# yum reinstall packageName 
# yum reinstall packageName1 packageName2

In this example reinstall a package called keepalived, type:

# yum reinstall keepalived

No comments :

Post a Comment

tcpdump - Detailed Network Traffic Analysis

The tcpdump is simple command that dump traffic on a network.

However, you need good understanding of TCP/IP protocol to utilize this tool. 
For.e.g to display traffic info about DNS, enter:

# tcpdump -i eth1 'udp port 53'

To display all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for 
example, SYN and FIN packets and ACK-only packets, enter:


# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To display all FTP session to 202.54.1.5, enter:


# tcpdump -i eth1 'dst 202.54.1.5 and (port 21 or 20'

To display all HTTP session to 192.168.1.5:


# tcpdump -ni eth0 'dst 192.168.1.5 and tcp and port http'

Use wireshark to view detailed information about files, enter:


# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

No comments :

Post a Comment

Collect and Report System Activity

The sar command is used to collect, report, and save system activity information.
To see network counter, enter:


# sar -n DEV | more

To display the network counters from the 24th:


# sar -n DEV -f /var/log/sa/sa24 | more

You can also display real time usage using sar:


# sar 4 5

No comments :

Post a Comment

How to find Plesk domains exceeding quotas

Find domains that are over quota on disk space in Plesk:


mysql>SELECT domains.name, domains.real_size, Limits.value FROM domains, Limits WHERE domains.limits_id = Limits.id AND domains.real_size > Limits.value AND limit_name = 'disk_space' AND Limits.value != -1 ORDER BY domains.name ASC;



No comments :

Post a Comment

HOWTO: Block IP using Iptables



The following command will drop any packet coming from the IP address 1.2.3.4:

#iptables -I INPUT -s {IP-HERE} -j DROP 
#iptables -I INPUT -s 1.2.3.4 -j DROP

To list the chains:

#iptables -L -v -n

No comments :

Post a Comment

Where is httpd error_log in cPanel based server?



I had a weird problem. I just cant find the error_log file of apache in /var/log.
Where is error log file of apache (httpd) located in cpanel? I have cPanel running on the CentOS server and somehow managed to locate the error_log in different directory

/etc/httpd/logs/error_log

or the short way of finding the error log is

#vim /etc/httpd/conf/httpd.conf

Locate error_log there.

No comments :

Post a Comment

HOWTO: Catching spammer on cPanel based server.

If you see many processes of exim then you can check exim in more detail. shows the total no of email in qmail.
Print a listing of the messages in the queue:

#exim –bpc

Shows no of frozen emails:

#exim -bpr | grep frozen | wc -l

To remove FROZEN mails from the server:

#exim -bp | exiqgrep -i | xargs exim -Mrm

To shows the domain name and the no of emails sent by that domain:

#exim -bp | exiqsumm | more

Check if any php script is causing the mass mailing with:

#cd /var/spool/exim/input && egrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.
To Remove particular email account email:

#exim -bpr |grep “example.com”|awk {‘print $3′}|xargs exim -Mrm



2 comments :

Post a Comment

How to restart ProFTPd server on CentOS with Plesk

ProFTPd runs under xinetd in Parallels Plesk:

#/etc/init.d/xinetd restart

this command should restart it.

2 comments :

Post a Comment

How to check and repair all databases in MySQL

Default command:

#mysqlcheck -uroot -p<root-password> --auto-repair --check --optimize --all-databases

For Parallels Plesk:

#mysqlcheck -uadmin -p`cat /etc/psa/.psa.shadow` --auto-repair --check --optimize --all-databases


Keep it simple :-)

2 comments :

Post a Comment

How to unsuspend domain in Parallels Plesk using command line


For Windows

Open the command prompt and go to the plesk admin location (%plesk_bin%) and fire the following command

%plesk_bin%\domain.exe --on domain.com

Note: replace domain.com with your actual domain.

For Linux

[root@server ~]# /usr/local/psa/bin/domain -u domain.com -status enabled


Note: replace domain.com with your actual domain.

No comments :

Post a Comment

How to disable mod_security in Parallels Plesk for one domain

For Plesk and similar systems you can also disable modsecurity in the Apache configuration.

Step 1) Edit the vhost/vhost_ssl.conf for the domain

#vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf 

Step 2) Add the following

<IfModule mod_security2.c> SecRuleEngine Off </IfModule>

Step 3) Add vhost.conf to domain config

#/usr/local/psa/admin/bin/websrvmng -a

Step 4) Restart Apache

#service httpd restart

If it's needed to disable mod_security globally, just disable config file:

#mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled

and restart httpd

#service httpd restart 

No comments :

Post a Comment

HTTPD restart failed: Address already in use

When you are trying to start Apache Web server, you get the following error in the console and in error_log:

"(98)Address already in use: make_sock: could not bind to address [::]:443 no listening sockets available, shutting down"

(It is also possible that the error discusses the 80 port.)
This error means that some other process already uses 443 (80) port and Apache cannot bind to it.

To fix your problem, just run these 4 commands:  

# for i in `ps auwx | grep -i nobody | awk {'print $2'}`; do kill -9 $i; done
# for i in `lsof -i :80 | grep http | awk {' print $2'}`; do kill -9 $i; done
# for i in `lsof -i :80 | grep http | awk {' print $2'}`; do kill -9 $i; done
# service httpd restart


No comments :

Post a Comment

Howto: Generate strong password with command line

How can you make your password strong enough to not get cracked by the bad guys? Here are some tips on password construction you can use to beef up your password.
  • If possible, make your password at least 12-15 characters in length 
  • Use at least 2 upper-case letters, 2 lower-case letters, 2 numbers, and 2 special characters (except the common ones such as "!@#$") 
  • Never use whole words. Make the password as random as possible 
  • Avoid using personal information as part of your password 
  • Avoid using keyboard patterns 
However, you can create strong password with simple command:

#< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c10 

No comments :

Post a Comment

How to clear message queue in Qmail with ONE command

#/etc/init.d/qmail stop && cd /var/qmail/queue && find intd todo local remote mess info bounce -type f -print |xargs rm && /etc/init.d/qmail start

Keep it simple. :-)

No comments :

Post a Comment

Spamd Child High CPU Usage


In linux based servers the spamd child runs for particular user can use high processing time(CPU).
This is because of infinite loop in spamassasin perl script,this bug is reported in apache spamassasin site.

In cpanel based servers this can be solved by running this following commands :



#/scripts/autorepair spamd_dbm_fix

#/etc/init.d/exim restart


No comments :

Post a Comment