Yegor's blog

Small blog about system administration.

Spamd failed: a restart was attempted automatically

To repair spamd just execute following commands:

sa-learn -D --force-expire 
sa-update -D 
/scripts/autorepair spamd_dbm_fix
/etc/init.d/exim restart

So, it should fix this issue. 

No comments :

Post a Comment

Understanding DNS MX records

What is an MX Record

MX stands for Mail Exchange Records.
MX records are used in DNS records(or Zone files) to specify how email should be routed.

Lets take an example of say

This is how a typical DNS record(for looks like.

; Zone file for

@ 14400 IN SOA (
   600 ) 14400 IN NS 14400 IN NS 14400 IN NS

; A Record 14400 IN A 14400 IN A

; MX record 14400 IN MX 0 

mail 14400 IN CNAME
www 14400 IN CNAME
ftp 14400 IN CNAME

Notice the line with the “MX” in it. 
This is called the MX 14400 IN MX 0

The MX record shows that all emails @ should be routed to the mail server at The DNS record shows that is located at 

This means that email meant for will be routed to the email server at This finishes the task of the MX record. 
The email server on that server(say sendmail) then takes over, collects the email and then proceeds to distribute it to the user “liz”.

It is important that there be a dot(“.”) after the domain name in the MX record. If the dot is absent, it routes to “”. The number 0, indicates Preferance number. Mail is always routed to the server which has the lowest Preferance number. If there is only one mail server, it is safe to mark it 0.

Multiple mail servers

Multiple email servers are useful for the sake of redundancy. If the Highest Priority email server (one with the lowest Preference number) is down, then the email is routed to the Server with the second highest Preference number.

For example 14400 IN A 14400 IN A 14400 IN MX 0 14400 IN MX 30

You can have unlimited MX entries for Fallback.

If all the MX records are equal Preference numbers, the client simply attempts all equal Preference servers in random order, and then goes to MX record with the next highest Preference number.

Pointing MX records to an IP

Its not possible to have an MX record pointing directly to an IP. 

For example 

‘ 14400 IN MX 0“ 

is wrong. 
Define an “A Record” first and then have the MX record pointing to it. 14400 IN A 14400 IN MX 30

MX records for Subdomains

A Subdomain is something like this “”. 
Assume you want to send an email to and to capture that on another server. 14400 IN A 14400 IN A 14400 IN MX 30 14400 IN MX 30

In this configuration, would go to and would go to

Testing the MX record

Once you setup your MX record, always test it to see if it is setup correctly. 
You can do with tools like nslookup.

[root@localhost sangeetha]# nslookup
> set q=mx
Server: Address:
Non-authoritative answer: mail exchanger = 1 mail exchanger = 1 mail exchanger = 1 mail exchanger = 5
Authoritative answers can be found from: nameserver = nameserver = nameserver = nameserver = nameserver = internet address = internet address = internet address = internet address = internet address = internet address = internet address = internet address = internet address =

No comments :

Post a Comment

HOWTO: Get Plesk e-mail addresses and passwords

#mysql -uadmin -p` cat /etc/psa/.psa.shadow` -Dpsa -e"select mail_name,name,password from mail left join domains on mail.dom_id = inner join accounts where mail.account_id =;"

The result will show all available Plesk mail accounts inside the ‘psa’ database.

No comments :

Post a Comment

HOWTO: Force qmail to process the outbound queue

Normally, qmail will be able to process the mail queue without any interaction from the system administrator, however, if you want to force it to process everything that is in the queue right now, you can do so:

#kill -ALRM `pgrep qmail-send`

If for some peculiar reason you don't have pgrep on your server, you can go about it a slightly different way:

#kill -ALRM `ps ax | grep qmail-send | grep -v grep | awk '{print $1}'`

Your logs should begin filling up with data about e-mails rolling through the queue.

No comments :

Post a Comment

Managing Mail System in Parallels Plesk using command line

The majority of tasks related to administration of mail accounts can be handled by the utility.

The following tasks can be performed with its help: creation/update/removal of mail names, setup of preferences for mailboxes, redirects and mail groups.
Autoresponder settings can also be controlled with this utility.

Usage: command <mail_name> [options]

For example:

Get info about mailbox:

#/usr/local/psa/bin/ -i

Change password for

#/usr/local/psa/bin/ -u -passwd <new-password>

More about it:

No comments :

Post a Comment

HOWTO: Reinstall package using yum

You can use the yum command with reinstall option.
This will reinstall the identically versioned package as is currently installed. 

The syntax is as follows: 

# yum reinstall packageName 
# yum reinstall packageName1 packageName2

In this example reinstall a package called keepalived, type:

# yum reinstall keepalived

No comments :

Post a Comment

tcpdump - Detailed Network Traffic Analysis

The tcpdump is simple command that dump traffic on a network.

However, you need good understanding of TCP/IP protocol to utilize this tool. 
For.e.g to display traffic info about DNS, enter:

# tcpdump -i eth1 'udp port 53'

To display all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for 
example, SYN and FIN packets and ACK-only packets, enter:

# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To display all FTP session to, enter:

# tcpdump -i eth1 'dst and (port 21 or 20'

To display all HTTP session to

# tcpdump -ni eth0 'dst and tcp and port http'

Use wireshark to view detailed information about files, enter:

# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

No comments :

Post a Comment

Collect and Report System Activity

The sar command is used to collect, report, and save system activity information.
To see network counter, enter:

# sar -n DEV | more

To display the network counters from the 24th:

# sar -n DEV -f /var/log/sa/sa24 | more

You can also display real time usage using sar:

# sar 4 5

No comments :

Post a Comment

How to find Plesk domains exceeding quotas

Find domains that are over quota on disk space in Plesk:

mysql>SELECT, domains.real_size, Limits.value FROM domains, Limits WHERE domains.limits_id = AND domains.real_size > Limits.value AND limit_name = 'disk_space' AND Limits.value != -1 ORDER BY ASC;

No comments :

Post a Comment

HOWTO: Block IP using Iptables

The following command will drop any packet coming from the IP address

#iptables -I INPUT -s {IP-HERE} -j DROP 
#iptables -I INPUT -s -j DROP

To list the chains:

#iptables -L -v -n

No comments :

Post a Comment

Where is httpd error_log in cPanel based server?

I had a weird problem. I just cant find the error_log file of apache in /var/log.
Where is error log file of apache (httpd) located in cpanel? I have cPanel running on the CentOS server and somehow managed to locate the error_log in different directory


or the short way of finding the error log is

#vim /etc/httpd/conf/httpd.conf

Locate error_log there.

No comments :

Post a Comment

HOWTO: Catching spammer on cPanel based server.

If you see many processes of exim then you can check exim in more detail. shows the total no of email in qmail.
Print a listing of the messages in the queue:

#exim –bpc

Shows no of frozen emails:

#exim -bpr | grep frozen | wc -l

To remove FROZEN mails from the server:

#exim -bp | exiqgrep -i | xargs exim -Mrm

To shows the domain name and the no of emails sent by that domain:

#exim -bp | exiqsumm | more

Check if any php script is causing the mass mailing with:

#cd /var/spool/exim/input && egrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.
To Remove particular email account email:

#exim -bpr |grep “”|awk {‘print $3′}|xargs exim -Mrm


Post a Comment

How to restart ProFTPd server on CentOS with Plesk

ProFTPd runs under xinetd in Parallels Plesk:

#/etc/init.d/xinetd restart

this command should restart it.


Post a Comment

How to check and repair all databases in MySQL

Default command:

#mysqlcheck -uroot -p<root-password> --auto-repair --check --optimize --all-databases

For Parallels Plesk:

#mysqlcheck -uadmin -p`cat /etc/psa/.psa.shadow` --auto-repair --check --optimize --all-databases

Keep it simple :-)


Post a Comment

How to unsuspend domain in Parallels Plesk using command line

For Windows

Open the command prompt and go to the plesk admin location (%plesk_bin%) and fire the following command

%plesk_bin%\domain.exe --on

Note: replace with your actual domain.

For Linux

[root@server ~]# /usr/local/psa/bin/domain -u -status enabled

Note: replace with your actual domain.

No comments :

Post a Comment

How to disable mod_security in Parallels Plesk for one domain

For Plesk and similar systems you can also disable modsecurity in the Apache configuration.

Step 1) Edit the vhost/vhost_ssl.conf for the domain

#vim /var/www/vhosts/<DOMAINNAME>/conf/vhost.conf 

Step 2) Add the following

<IfModule mod_security2.c> SecRuleEngine Off </IfModule>

Step 3) Add vhost.conf to domain config

#/usr/local/psa/admin/bin/websrvmng -a

Step 4) Restart Apache

#service httpd restart

If it's needed to disable mod_security globally, just disable config file:

#mv /etc/httpd/conf.d/00_mod_security.conf /etc/httpd/conf.d/00_mod_security.conf.disabled

and restart httpd

#service httpd restart 

No comments :

Post a Comment

HTTPD restart failed: Address already in use

When you are trying to start Apache Web server, you get the following error in the console and in error_log:

"(98)Address already in use: make_sock: could not bind to address [::]:443 no listening sockets available, shutting down"

(It is also possible that the error discusses the 80 port.)
This error means that some other process already uses 443 (80) port and Apache cannot bind to it.

To fix your problem, just run these 4 commands:  

# for i in `ps auwx | grep -i nobody | awk {'print $2'}`; do kill -9 $i; done
# for i in `lsof -i :80 | grep http | awk {' print $2'}`; do kill -9 $i; done
# for i in `lsof -i :80 | grep http | awk {' print $2'}`; do kill -9 $i; done
# service httpd restart

No comments :

Post a Comment

Howto: Generate strong password with command line

How can you make your password strong enough to not get cracked by the bad guys? Here are some tips on password construction you can use to beef up your password.
  • If possible, make your password at least 12-15 characters in length 
  • Use at least 2 upper-case letters, 2 lower-case letters, 2 numbers, and 2 special characters (except the common ones such as "!@#$") 
  • Never use whole words. Make the password as random as possible 
  • Avoid using personal information as part of your password 
  • Avoid using keyboard patterns 
However, you can create strong password with simple command:

#< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c10 

No comments :

Post a Comment

How to clear message queue in Qmail with ONE command

#/etc/init.d/qmail stop && cd /var/qmail/queue && find intd todo local remote mess info bounce -type f -print |xargs rm && /etc/init.d/qmail start

Keep it simple. :-)

No comments :

Post a Comment

Spamd Child High CPU Usage

In linux based servers the spamd child runs for particular user can use high processing time(CPU).
This is because of infinite loop in spamassasin perl script,this bug is reported in apache spamassasin site.

In cpanel based servers this can be solved by running this following commands :

#/scripts/autorepair spamd_dbm_fix

#/etc/init.d/exim restart

No comments :

Post a Comment