Topics

76

Kloxo-MR Development / Installatron

« on: 2014-01-30, 07:12:56 »

Mustafa, installatron doesn't work with 6.5.1a.  In simplicity skin it just shows a blank page.

77

Kloxo-MR Technical Helps / spamdyke graylisting

« on: 2014-01-26, 19:18:43 »

After getting all spamdyke working I enabled graylisting.  My server started soft rejecting mail (mustafa actually informed me) and after checking logs I saw the error from spamdyke concerning graylisting:

Unable to create Dir /var/tmp/graylist.d/<domain>: permission denied.

the directory is set to root:root - I had to set it to 777 to get graylisting working and mail stopped being rejected.

I do not like this permission.  What should the permission be?  Under what user does spamdyke run?

Thank you

78

Kloxo-MR Technical Helps / clamav

« on: 2014-01-21, 16:28:38 »

ClamAV update process started at Tue Jan 21 10:06:29 2014
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.98 Recommended version: 0.98.1

please update. Thank you. 

79

Kloxo-MR Tips and Tricks / sendmail userid usage limits [script v1.0b]

« on: 2014-01-17, 21:41:58 »

Major battle we must fight as hosting providers are spammers ruining our servers IP credibility.  KloxoMR uses qmail-toaster, which is a very efficient MTA, it lacks a few features.

Major problem is sendmail.  It can forge domain, to/from, the only thing that is a result... IP ban.

Sendmail limiter is a wrapper script which uses mysql to keep track of sendmail, and limit by hour, half day, and full day.  You can even completely ban a client/user from sendmail.

Full logging abilities, even able to let you know which directory the script which is sending mail is at.

You can use for just limiting,  just logging, or both.

Install is easy with my auto installer, you have a few things to do manually (mysql database, cron).

SSH:

Code: [Select]

cd /tmp
wget http://cc-server1.us/sendmail_wrapper.zip
unzip sendmail_wrapper.zip

Read sendmail-chrisf.txt, full instructions

Please report performance issues or bugs.  I am developing other scripts to help manage the client settings, and a auto group script to increase group by days active.

80

Kloxo-MR Development / enable testing repos

« on: 2014-01-16, 22:26:16 »

Which testing repos must be enabled to install 6.5.1a?

81

Kloxo-MR Technical Helps / update breaks spamdyke smtp-ssl

« on: 2014-01-16, 19:51:37 »

Mustafa, I find the problems, report, and you only half use my code?  Why?  Now spamdyke smtp-ssl is broke again!!!

next, it is bad programming structure not to clear rblstmpd and blacklist vars.  On your recent update, if spamdyke is enabled those vars are NULL.

Also, RECORDIO should be OFF by default.  It is stated that recordio should only be used for debugging and testing.  On a production server sending/receiving all io output to log is resource intensive!

PLEASE USE MY SUPERVISE RUN SCRIPTS for updates.
http://forum.mratwork.com/kloxo-mr-tips-and-tricks/spamdyke-working-properly-kloxomr-201401****/

Why fix things to have them break again on update?

82

Kloxo-MR Tips and Tricks / spamdyke working properly KloxoMR 201401****

« on: 2014-01-15, 09:05:25 »

Spamdyke has not worked with KloxoMR for a while.  The reason is Mustafa added rblstmpd blacklist and it conflicts with spamdyke's ability to use auth.  Also, spamdyke must be enabled for smtps and the server pem file must be configured.

I rewrote the spamdyke section of the neccessary files below.  If you disable spamdyke, rblsmptd blacklist will automaticalky start working again automatically.  Since spamdyke can manage blacklists, there is no reason for both anyhow.

/var/qmail/supervise/smtp/run

Code: [Select]

#!/bin/sh

QMAILDUID=$(id -u qmaild)
NOFILESGID=$(id -g qmaild)
MAXSMTPD=$(cat /var/qmail/control/concurrencyincoming)
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=$(hostname)
VCHKPW="/home/vpopmail/bin/vchkpw"
#RECORDIO="/usr/bin/recordio"
RECORDIO=""

RBLSMTPD=""
BLACKLIST=""

if [ -f /var/qmail/control/spamdyke ] ; then
        SPAMDYKE=$(cat /var/qmail/control/spamdyke)" --log-level=info"
else
        SPAMDYKE=""
           if [ -f /var/qmail/control/rblsmtpd ] ; then
            RBLSMTPD=$(cat /var/qmail/control/rblsmtpd)
            BLACKLIST=$(cat /var/qmail/control/blacklists)
           fi
fi

### MR -- incresing SOFTLIMITVAR if not enough (example: because 'login fail')
if [ `uname -m` = 'x86_64' ] ; then
        SOFTLIMITVAR="72000000"
else
        SOFTLIMITVAR="18000000"
fi

IP=0
PORT=25

### MR -- SSL must using SMTPS=1 and SSL=1 but non-SSL only SSL=0 (without SMTPS=0)
export SMTPAUTH="!" \
        SSL=0 \
        REQUIRE_AUTH=0 \
        FORCE_TLS=0 \
        DENY_TLS=0 \
        AUTH=1 \
        REQUIRE_AUTH=0 \
        ALLOW_INSECURE_AUTH=1

### MR -- spamhaus.org recommended for not using $RBLSMTPD $BLACKLIST entry before $SMTPD
exec /usr/bin/softlimit -m $SOFTLIMITVAR \
        /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" $IP $PORT $RECORDIO \
        $SPAMDYKE $RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

/var/qmail/supervise/smtp-ssl/run

Code: [Select]

#!/bin/sh

QMAILDUID=$(id -u qmaild)
NOFILESGID=$(id -g qmaild)
MAXSMTPD=$(cat /var/qmail/control/concurrencyincoming)
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=$(hostname)
VCHKPW="/home/vpopmail/bin/vchkpw"
#RECORDIO="/usr/bin/recordio"
RECORDIO=""

RBLSMTPD=""
BLACKLIST=""

if [ -f /var/qmail/control/spamdyke ] ; then
        SPAMDYKE=$(cat /var/qmail/control/spamdyke)" --log-level=info --tls-level smtps --tls-certificate-file /var/qmail/control/servercert.pem"
else
        SPAMDYKE=""
           if [ -f /var/qmail/control/rblsmtpd ] ; then
            RBLSMTPD=$(cat /var/qmail/control/rblsmtpd)
            BLACKLIST=$(cat /var/qmail/control/blacklists)
           fi
fi

### MR -- incresing SOFTLIMITVAR if not enough (example: because 'login fail')
if [ `uname -m` = 'x86_64' ] ; then
        SOFTLIMITVAR="72000000"
else
        SOFTLIMITVAR="18000000"
fi

IP=0
PORT=465

### MR -- SSL must using SMTPS=1 and SSL=1 but non-SSL only SSL=0 (without SMTPS=0)
export SMTPAUTH="!" \
        SMTPS=1 \
        SSL=1 \
        REQUIRE_AUTH=0 \
        FORCE_TLS=0 \
        DENY_TLS=0 \
        AUTH=1 \
        REQUIRE_AUTH=0 \
        ALLOW_INSECURE_AUTH=0

### MR -- spamhaus.org recommended for not using $RBLSMTPD $BLACKLIST entry before $SMTPD
exec /usr/bin/softlimit -m $SOFTLIMITVAR \
        /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" $IP $PORT $RECORDIO \
        $SPAMDYKE $RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

/var/qmail/supervise/submission/run

Code: [Select]

#!/bin/sh

QMAILDUID=$(id -u qmaild)
NOFILESGID=$(id -g qmaild)
MAXSMTPD=$(cat /var/qmail/control/concurrencyincoming)
SMTPD="/var/qmail/bin/qmail-smtpd"
TCP_CDB="/etc/tcprules.d/tcp.smtp.cdb"
HOSTNAME=$(hostname)
VCHKPW="/home/vpopmail/bin/vchkpw"
#RECORDIO="/usr/bin/recordio"
RECORDIO=""

RBLSMTPD=""
BLACKLIST=""

if [ -f /var/qmail/control/spamdyke ] ; then
        SPAMDYKE=$(cat /var/qmail/control/spamdyke)" --log-level=info"
else
        SPAMDYKE=""
           if [ -f /var/qmail/control/rblsmtpd ] ; then
            RBLSMTPD=$(cat /var/qmail/control/rblsmtpd)
            BLACKLIST=$(cat /var/qmail/control/blacklists)
           fi
fi

### MR -- incresing SOFTLIMITVAR if not enough (example: because 'login fail')
if [ `uname -m` = 'x86_64' ] ; then
        SOFTLIMITVAR="64000000"
else
        SOFTLIMITVAR="16000000"
fi

IP=0
PORT=587

### MR -- SSL must using SMTPS=1 and SSL=1 but non-SSL only SSL=0 (without SMTPS=0)
export SMTPAUTH="!" \
        SSL=0 \
        REQUIRE_AUTH=0 \
        FORCE_TLS=1 \
        DENY_TLS=0 \
        AUTH=1 \
        REQUIRE_AUTH=0 \
        ALLOW_INSECURE_AUTH=0

### MR -- spamhaus.org recommended for not using $RBLSMTPD $BLACKLIST entry before $SMTPD
exec /usr/bin/softlimit -m $SOFTLIMITVAR \
        /usr/bin/tcpserver -v -R -H -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD" \
        -u "$QMAILDUID" -g "$NOFILESGID" $IP $PORT $RECORDIO \
        $SPAMDYKE $RBLSMTPD $SMTPD $VCHKPW /bin/true 2>&1

Replace those three files, then:
Goto KloxoMR panel -> Admin -> Mail Server Settings -> Enable spamdyke.

Command line:
qmailctl stop
qmailctl start

look at the bottom of /var/log/maillog and you will see it working 

83

Kloxo-MR Technical Helps / /usr/bin/multilog

« on: 2014-01-14, 17:08:09 »

After recent update 20140110 I got flooded with warnings:

Time:         Mon Jan 13 23:53:40 2014 +0300
Account:      qmaill
Resource:     Process
TimeExceeded:     13031 > 2000 (seconds)
Executable:   /usr/bin/multilog
Command Line: /usr/bin/multilog t s1000000 n100 /var/log/qmail/clamd
PID:          27884 (Parent PID:27818)
Killed:       No

where is this initiated at?  And for what purpose.  It looks as to be logging clamd,  this is something new after update.  Is it necessary?  If not, where to disable?

Thank you

84

Kloxo-MR Technical Helps / spamdyke

« on: 2014-01-10, 19:22:13 »

I have been trying to get spamdyke to work for almost 48 hours straight!   When I enable it, smtp auth and SSL stop working, outside email clients and KloxoMR webmail can not send mail.

I've read everything I could find.  Does spamdyke work properly under newest KloxoMR 20140107?

I enabled spamdyke, qmailctl stop, qmailctl start.  smtp breaks.

 Please advise.

85

Kloxo-MR Development / qmail / sendmail userid usage limits

« on: 2014-01-08, 22:32:38 »

I have been working on a solution for KloxoMR qmail-toaster to allow for usage limits, and have developed a script that uses the userid and MySQL database for usage limits.

Currently my script does this:
allowing the setting of 3 different groups: per hour, per 12 hours, per 24 hours.

A user can only belong to one group.  So rating can be, for example:  50 emails per hour, or 500 per 12 hours.  1000 per 24 hours.  All users default to first setting (per hour) and you must adjust for better priveledges.

This only works with php-fpm, suphp since they use userid to run php.
 
A reporting feature can be turned on to alert a email you choose when a overage has occurred.  Also, a custom log will be created with a single line of mail sent by and time stamp.

In testing I am not noticing a lag, or any serious overhead.

Installation is similar to my DKIM strategy, however, this requires the following:
Database user and table creation
file renaming and copying of my scripts
Perl Installed, and may need some dependencies installed

I am in beta stage and need a couple knowledgable admins to install and test under a higher load than my 25 sites.  If you are not at ease with server admin, please do not ask for the script yet.  I am creating auto install script, but not ready yet.

86

Kloxo-MR Bugs and Requests / ssh2 module for php54

« on: 2014-01-05, 18:06:00 »

Mustafa, can you package up the ssh2 extension for php54.  I am in need of this module for a script which collects all selfbackups (KloxoMR) to my main server through sftp.  This module is required.

http://php.net/manual/en/ssh2.installation.php

Thank you

87

Kloxo-MR Technical Helps / scavenge

« on: 2013-12-31, 18:14:15 »

  I had originally posted this before.  Scavenge is very important in hosting business, without it, we are just giving away resources, and KloxoMR is good for only 'personal' servers.  When I run scavenge from command line I get these first:

[root@cc-server ~]# sh /script/scavenge
ionice: ignoring given class data for idle class
ionice: ignoring given class data for idle class
ionice: ignoring given class data for idle class
ionice: ignoring given class data for idle class
ionice: ignoring given class data for idle class
ionice: ignoring given class data for idle class
ionice: ignoring given class data for idle class

on some servers there may be 10-30 messages like above, then, scavenge always hangs at:

In client-admin cron_manage_flag equals 0 and limit is On
In client-admin backupschedule_flag equals 0 and limit is On
In client-admin backup_flag equals 0 and limit is On
In client-admin dns_manage_flag equals 0 and limit is On
In client-admin webhosting_flag equals 0 and limit is On
Dead Quota: In client-admin clientdisk_usage equals 125.9
Dead Quota: In client-admin traffic_last_usage equals 0
Dead Quota: In client-admin mysqldb_usage equals 2.5

I reproduced this 'hang' on every server, 6 now altogether.  Even on fresh install centos 6 _64.  It will sit there until I ctrl-c to break out of the script.

Please look at scavenge problems Mustafa, very important.

88

Kloxo-MR Technical Helps / suEXEC

« on: 2013-12-30, 13:55:49 »

I am wondering if KloxoMR uses suEXEC for cgi scripts?  Also wondering if CGI scripts can be run in any directory under /home/client/ or must it be /home/client/cgi?

89

Kloxo-MR Tips and Tricks / PHP force redirect SSL NginxProxy endless loop

« on: 2013-10-05, 09:32:39 »

I switched to nginxproxy from apache to benefit from the speed on my shared hosting production server.

I have a few domains with SSL enabled and suddenly the sites were in a endless loop and they would not display.

I traced the problem to php checking $_SERVER['HTTPS'] - which behind nginx proxy apache does not know it is https being served.

I was pulling my hair out trying to get this to work - but php was getting environment and server variables from apache which doesn't know nginx is sending ssl pages.

The fix is simple! YET I hope I save someone the trouble I had with this.

ssh:
/home/nginx/conf/globals
if you are using a custom.proxy.conf just add the below lines, if not we must create it:
cp proxy.conf custom.proxy.conf

vim custom.proxy.conf

Find all the lines where it says proxy_set_header and add this line:

Code: [Select]

proxy_set_header X-Forwarded-Protocol $scheme;

Then go to the directory of the website having the endless ssl loop due to a php redirect.
Example:

Code: [Select]

if ($_SERVER['HTTPS'] !== on) {
// redirect to https here ----

Add this to the .htaccess of the domain with ssl:

Code: [Select]

SetEnvIf X-Forwarded-Protocol https HTTPS=on

sh /script/fixweb
sh /script/restart-all

All fixed

This is for those who understand php programming and ssl redirect being forced through php headers.

Everyone else  this doesn't apply....

Enjoy

90

Kloxo-MR Technical Helps / few questions

« on: 2013-09-22, 18:10:58 »

Does suhosin work with php-fpm event?  Is there a yum install for suhosin?

Is there any known problems using suhosin?

I am securing a server for shared hosting and using KloxoMR as the control panel.

Mustafa - have you given consideration to adding php_admin_value to php-fpm template - getting values from client php settings.  This would essentially give them control over their php-fpm instance.  It would be no more difficult than adding the lines to .htaccess - just add them to the php-fpm template.  In a shared hosting environment this is important.

Thanks