LinuxWebLog.com

You can programmatically generate shadow password hash via:

-1 means md5
G5cYam5w is a random salt (minimum 8)
test.123 is the password

Here is the breakdown:

The first $1 means that it is an md5 hash.
The second $G5cYam5w is a random salt.
The third $z0NDUjMRX4xVBKw9Nb6YL0 is the md5 hash.

You can try this to find out if your CPU/Processor is 32 bit or 64 bit:

lm means Long Mode = 64 bit CPU

Also:

Should display 32 or 64.

Recently upgraded server running DirectAdmin to suphp-0.7.1 via the Custombuild. However, got "500 Internal Server Error" on accessing sites running on php5-cgi with log as below:

The solution was to update the suphp.conf file as below:

Edit "/usr/local/suphp/etc/suphp.conf" and change from:

to:

Note the double quotes for the variables.

Running `./build rewrite_confs` should fix this issue as well.

On Debian with Plesk-8.2 installed, /etc/inetd.conf show up with:

Essentially, when the SMTP connection is made, rblsmtpd is handed the connection and does its DNSBL checking. It’s then responsible for either executing the next program (relaylock) if there’s no match, or handles the connection itself if it does find a match. Thus smtp authentication never takes place if your IP is listed in PBL.

On checking Parallels Forum, I came across this post, which suggested:

If you use an dnsrbl in Plesk that lists the IP of someone trying to connect to your server to send email then they will not be able to use your server for smtp on port 25. The dnsrbl will block their attempts. This is normal and expected behaviour in Plesk.

The instructions you read about using authenticated smtp to get around the problem do not apply to the default installation of Plesk (and other similar setups). The idea of the instructions you read is that by using authenticated smtp you will bypass the dnsrbl, and therefore will not be blocked. This does not happen with the default installation of Plesk so the instructions won't work (they are rather simplistic).

The solution in Plesk 8.4 is a simple one. Enable the "submission" option in Plesk, ask your customers to change to port 587 from port 25 in their email clients and require them to use smtp authentication (remember to open up your firewall for port 587 too). This basically creates a second smtp instance listening on port 587 instead of port 25, does not have any dnsrbl blocking and REQUIRES users to use smtp authentication in order to be able to use it. No spam will come via that port because a) server to server email transfer happens on port 25 and b) it requires authentication.

(A similar solution will work in earlier versions of Plesk but rather than ticking a box in the control panel to get it to happen you have to copy a single file and edit two lines in it, but it works just as well and basically does the same thing)

The other option you can go for is to install spamdyke (search the forum for step by step instructions) which does bypass all dnsrbls when smtp authentication takes place. Note that when you use spamdyke you will not be able to use pop-before-relay authentication, and that you set up dnsrbls within spamdyke's configuration files, not via Plesk. spamdyke does add a whole plethora of additional anti-spam measures, however, and it is well worth installing if you don't need pop-before-relay.

Since version of Plesk is older, I put in the below lines in /etc/inetd.conf and restarted inetd.

Now on using the port 587 instead of port 25, users are able to autheticate and send email via the SMTP/Submission server.

1. screen:
   
   screen -dmS <screen_name> <command>
exit
2. nohup:
   
   nohup <command> &
exit
3. at:
   
   echo "<command>" | at now
exit
4. disown:
   
   <command> &
disown -h
exit

1. Edit /etc/mail/sendmail.mc and add the below lines replacing domain.tld with the actual domain name:
   dnl # BEGIN: Rewriting Sender addresses for Entire Domain
dnl #
dnl # Process login names through the genericstable
FEATURE(`genericstable', `hash -o /etc/mail/genericstable.db9;)dnl
dnl # Interpret the value in G as a domain name
FEATURE(generics_entire_domain)dnl
dnl # masquerade not just the headers, but the envelope as well
FEATURE(masquerade_envelope)dnl
dnl # Load domain.tld into G
GENERICS_DOMAIN(domain.tld)dnl
dnl #
dnl # END: Rewriting Sender addresses for Entire Domain

2. Create /etc/mail/genericstable, which is very similar to an /etc/aliases, two columns separated by whitespace:
   web1_user1    user1@domain.tld
web1_user2    user2@domain.tld
web1_user3    user3@domain.tld

3. Create the db:
   # makemap -hash /etc/mail/genericstable < /etc/mail/genericstable

4. Restart sendmail.

Feature "genericstable" tells sendmail to use the generics table.

Feature "generics_entire_domain" allows to add hosts to genericstable without having to rebuild sendmail.cf.

Feature "masquerade_envelope" applies the rewriting process to the mail envelope as well as to the mail header.

"GENERICS_DOMAIN" defines the domains to which you wish to apply the generics table.

vzpkgcache seems to have been broken with latest CentOS-5.3 upgrade. Below is notes to fix:

Edit the file /usr/share/vzpkg/cache-os line 154, append:

Edit the file /usr/share/vzpkg/functions line 20, change to:

Run to updatee the cached template:

To check is user or group exist in passwd and group file:

You could also grep the corresponding files, but this is a much cleaner way of getting entries from administrative database where database is one of aliases, ethers, group, hosts, netgroup, networks, passwd, protocols, rpc, services or shadow.

To allow custom mailbox folder for individual user:

Add/Edit "/etc/c-client.cf":

Add/Edit "~/.imaprc" for corresponding user:

All corresponding email files will now reside in the ~/mail folder for the corresponding user.

Ftp can be secured using ftps to connect. Below outlines a configuration to support such a setup using TLS/SSL.

I usually use the epel repository to install proftpd:

Configure for tls/ssl connection:

chroot and bindsocket to listen to single IP:

Setup passive ftp ports:

Create the certs:

Create /etc/pam.d/ftp so PAM can authenticate for proftpd:

Add "/bin/false" to "/etc/shells" file and use it as the shell type when creating new users: