Messages

226

Kloxo-MR Technical Helps / Re: [Qmail] Scavange stopps maillog - cron command to activate authentication

« on: 2014-01-04, 03:52:47 »

After the scavange time is completed, rsyslog stops.

Thus, there is no maillogging thereafter.

This can be regained by the following command in cron:

qmailctl stop
qmailctl start

Reminder: As Mustafa said, service qmail restart is not equal to service qmail stop and service qmail start, one must execute the above commands.

Only then all the services from qmail will actually stop and restart.

Unfortunately, as the maillog stops, many other associated functions stops as well.

Since I have CSF firewall and login detection installed based on maillog, the entire firewall activity stops anfetr scavange is run.

Hence, Mustafa, I request to you to investigate this issue in the area of scavange as well as the issue of qmail stop/start everywhere.

227

Kloxo-MR Technical Helps / Re: [Qmail] Scavange stopps maillog - cron command to activate authentication

« on: 2014-01-01, 11:05:34 »

As rsyslog stops after scavange, this would better:

/etc/yum.repos.d/
http://rpms.adiscon.com/v7-stable/rsyslog.repo
yum update

228

Kloxo-MR Technical Helps / [Qmail] Scavange stopps maillog - cron command to activate authentication

« on: 2013-12-31, 09:28:22 »

Hello,

Before the forum got wiped off, I had placed message on scavange deactivating qmail processes.

I found from # qmailctl stat that - for some unknown reasons - authlib/log, send/log and smtp-ssl/log was down, mostlikely after scavange. This affected authentication as well.

Now I have inserted in root crontab to run every five minutes, as root, the following:

svc -u /var/qmail/supervise/authlib/log
svc -u /var/qmail/supervise/send/log
svc -u /var/qmail/supervise/smtp-ssl/log

This works and helps.

229

Kloxo-MR Technical Helps / Re: [HAIWATHA] How to stop Haiwatha troubles!

« on: 2013-12-31, 07:49:38 »

Hello chrisf,

@Kloxo-DR, it is easy to get frustrated,  but Mustafa answered your question.

It is not the question of "easy to get frustrated" but a legal responsibility to run and manage a production webserver of a non-profit association, which I undertake. You know, may be, how association laws works in western countries.

If an official invitation by the association needs to go out and members of the association cannot access the webpage they are oblige to visit, then there may be lawsuits. Appearing before a court in western country is more frustrating than kissing feets of anyone here in this forum.

Just beware what you are saying, because it is not just emotions here. Just be reminded that there are rights and responsibilities attached with a webserver and email server, which Mustafa is indirectly associated with.

Ofourse, Mustafa undertakes no legal responsibility, but I do. I have legal responsibilities. I undertake legal obligation against others by using his code.

Further, chrisf, I did not agree, in any aspect, to undertake any beta testing of Mustafa's code on my production servers, where there are such serious legal responsibilities attached.

Qmail logs content of all emails with the -v switch, or something like that. I stopped this by -QVH switch. I have inserted -QVH switch in the qmail everywhere because Mustafa uses -v in all the run script to prevent message content logging. And chrisf, it is very wrong to not to recognize legal obligation of privacy laws of western countries.

When the last updates there was a small Hiawatha update.  (Yum update)  after this Hiawatha have 'on' status due to the update.

I have not installed Haiwatha as a webserver.

I am using Kloxo-MR 6.5.0f. If I want to change Haiwatha webserver on 6.5.0f then it will not change to it and give a notice that it is not ready for use with 6.5.0f.

Haiwatha is not ready for 6.5.0f, so I use apache.

Nothing Mustafa did.

Nothing Mustafa did NOT.

Why is Haiwatha getting updated on my webserver, when Kloxo-MR does not allow installation of Haiwatha at all?

Why is Haiwatha getting updated on my webserver, when I did not install Haiwatha at all?

I have no reason to blame Mustafa, or any one here. I am also respecting Mustafa's ambitious work. However, I want to make clear that no problems may enter on a production server in the velocity at which Mustafa is working and pouring THREE TIMES PROBLEMS THAN OFFICIAL KLOXO.

After i upgraded to kloxo-MR, I just have nightmares of studying everything to solve tiny little problems, which occurs when a programmer was not attentive or agreeing to those problems.

The stituation should be understood much more at a responsibility level than frustration of a user.

I was getting frusted learning fotran 77 and cobol  in 1983, when the size of my harddrive was 16 Megabytes. Since then, I learned not to get frustrated. I have no reason to get frustrated now. With this hint, is it clear to you, chrisf?

230

Kloxo-MR Technical Helps / Re: [HAIWATHA] How to stop Haiwatha troubles!

« on: 2013-12-31, 07:17:31 »

Hello Mustafa,

I did not make an explicit update of Haiwatha. I think this was done somethere during execution of any one of the /scripts.

Two option if not using hiawatha as webserver:
1. run 'service hiawatha stop' and then delete '/etc/rc.d/init.d/hiawatha'
2. run 'chkconfig hiawatha off; service hiawatha stop'

If this is possible to execute manually, why should this not be integrated somewhere in the right place to prevent this happening on production servers.

There must be a solution on a general level to not to allow things like this to happen in the future with Haiwatha, or any other software update.

Yes, have a trouble if hiawatha updated/downgraded because hiawatha always create '/etc/rc.d/init.d/hiawatha' with 'on' state. Restart-all/restart-web all check this status in 'on' or 'off'. If 'on', restart process will restart hiawatha service. The same mechanism for other services.

How about modifying a general code in Kloxo-MR /script/fix-all to integrate your suggestion.

If there is some garbage in the system somewhere, which creates some nonesense and forces system on production servers, then it should be able to fix it automatically.

Thats what fix-all is there and should fix it, right, everyone?

231

Kloxo-MR Technical Helps / Re: [HAIWATHA] How to stop Haiwatha troubles!

« on: 2013-12-29, 10:04:19 »

Mustafa,

Can you answer me one question:

Who configured installation scripts of Haiwatha on my server?

THATS YOU! And now this is not working.

232

Kloxo-MR Technical Helps / Re: [HAIWATHA] How to stop Haiwatha troubles!

« on: 2013-12-29, 02:29:13 »

Hello Mustafa,

It is the third time all the webpages stopped working.

Why did you introduce starting of Haiwatha to initiate at boot process in sh /script/cleanup togather and parallel with httpd?

This was not before. Perhaphs that the problem.

233

Kloxo-MR Technical Helps / Re: [HAIWATHA] How to stop Haiwatha troubles!

« on: 2013-12-28, 10:02:20 »

Hi Mustafa,

Thats true. I got with /script/restart-all:

httpd terminating:                                             [  OK  ]
httpd starting:                                             [  OK  ]
Stopping Hiawatha web server:                              [FAILED]
Starting Hiawatha web server: Error binding 0.0.0.0:80
                                                           [FAILED]
Stopping qmail-toaster: svscan qmail logging.
qmail-send: No Process interrupted

I did not make an update/reinstall/downgrade hiawatha. Something happened without my knowledge.

Perhaphs your suggestion could be integrated in the /script/restart-all so that it does not fail.

234

Kloxo-MR Technical Helps / Re: After the installation of Kloxo-MR I 've got the following error please advise

« on: 2013-12-28, 09:44:11 »

Hi,

I do not think that "everything went right"!

Try to install Kloxo-MR again.

/script/upcp
/script/cleanup

Mustafa has not made a very successful install script in Kloxo-MR. It either does not install correctly or it does not install at all.
Instead, Mustafa has created a very powerful work in many other areas, instead. This is definately most important that install scripts.

Kloxo-MR never fail to cause a belief to an administrator that the installation was successful.

So try and somehow make installation proper. I also ran in the same error.

235

Kloxo-MR Technical Helps / [HAIWATHA] How to stop Haiwatha troubles!

« on: 2013-12-28, 09:18:24 »

Hello Mustafa,

For some reasons Haiwatha got messy. ALL THE WEBSITES WERE SHOWING HAIWATHA "INSTALLATION SUCCESSFUL" PAGE.

So I issued:

# service httpd start

Response:

[root@domain ~]# service httpd start
httpd start (98) Address already in use: make_sock: could not bind to address   [::]:80
(98)Address already in use: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down Unable to open logs [FAILED]

I did:

# sudo netstat -ltnp | grep ':80'

It gave:

tcp     0     0 0.0.0.0:80     0.0.0.0:*     LISTEN     1187/hiawatha

Then:

# kill 1187

Then:

#service httpd start

Only then httpd started. /script/restart-all gave - ofcourse - the same result because httpd could not bind to port 80, which was occupied by Haiwatha.

It there a way to have Haiwatha under control or not to do this problem?

236

Kloxo-MR Development / Re: [csf] ConfigServer Security & Firewall

« on: 2013-12-28, 01:41:24 »

Hi Mustafa,

I am still thinking using other firewall (csf or iptables) is useless.
Enough using lxguard and nginx/hiawatha (proxy or standalone).

Of course both have some protection in built in them.

However csf has features that are not inbuilt in lxguard or nginx/hiawatha.

It is just very wrong to be too proud of a software, where use of other software with advanced features are not only just helpful but INEVITABLE!

I just think csf is inevitable. There is no chance that lxguard or nginx/hiawatha could be any closer to functionality offered by csf firewall.

However, it is your decision tto not to integrate it tighetly in kloxo-mr.

It is integrated in zPanel, though.

237

Kloxo-MR Development / Re: [csf] ConfigServer Security & Firewall

« on: 2013-12-28, 01:35:08 »

Hello Chris,

In fact I was just playing on my test server and now need to copy csf to production /etc.

What a valuable piece of advise!

Thanks.

238

Kloxo-MR Technical Helps / [QMAIL] Stop verbose logging

« on: 2013-12-27, 14:26:45 »

Hello Mustafa,

I found that you have configured verbose logging that generates illegal maillogs pouring sensitive information not allowed by law.

I have a solution to stop this illegal logging by the following change:

/usr/bin/tcpserver -QRH -l $HOSTNAME -x $TCP_CDB -c "$MAXSMTPD"

I suggest that you incorporate this in all run files.

239

Kloxo-MR Development / [csf] ConfigServer Security & Firewall

« on: 2013-12-27, 14:10:22 »

Hello Mustafa,

Sad to know what happened with the forum and crash...

I found that following would be so fantastic to have it integrated in Kloxo-MR as a builtin package:

http://configserver.com/cp/csf.html

In particular, I found the "Port Flood Protection" as one of the MOST IMPORTANT TOOL to block connections EVEN BEFORE THE SPAMDYKE plays its role.

I have configured as follows:

PORTFLOOD = 22;tcp;1;60,25;tcp;3;60,80;tcp;10;60

---> 25;tcp;3;60

which means that the csf (firewall) shall allow within 60 sec. ONLY THREE CONNECTIONS from a particular IP on Port 25.

Spamdyke will not even be activated for processing as csf blocks the connection activity so beautifully.

Since many days, I see port flooding on 25 port. Hence, this solution is a must.

Kloxo-MR comes must later. In the sequence, CSF ---> spamdyke ---> Qmail/Kloxo-MR.