Exim: remove mails in queue from a particular sender

“spams”, its one of the major issue that a sys admin has to deal with throughout his job.  First you need to find the user who is generating it. You can get it from the mail headers.  Once you find the user, disable the script that was responsible for spams, but it may have already kept thousands(may be lacks) of mails in the exim queue waiting for its chance to get delivered.  To delete these mails one by one is impossible.  In a cPanel server having exim mail,  you can use the following command to delete mails in the current queue generated by that particular user only.

SSH into the server

    exiqgrep -i -f user@domain.com | xargs exim -Mrm

-i print messages id
-f from address
-Mrm remove mails

Remove mails to a particular sender in the queue :-

    exiqgrep -i -t user@domain.com | xargs exim -Mrm

-t to address

How to enable DKIM in cPanel server.

DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit and one can use this to prevent from getting blacklisted by the free email providers like Yahoo, MSN and Google. DKIM can increase the mail authenticity.

cPanel does not have an interface to enable DKIM like we have for SPF and Domain Keys. cPanel is still working on it for getting it implemented. However we can enable it manually by following the below steps.

Check if exim is compiled with DKIM support enabled.

root@server # /usr/sbin/exim -dd 2>&1 | grep Experimental_DKIM

Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning Old_Demime Experimental_SPF Experimental_SRS
Experimental_DomainKeys Experimental_DKIM

Generate the SSL keys

    cd /usr/local/cpanel/etc/exim

     openssl genrsa -out dkim.key 1024
     openssl rsa -in dkim.key -out dkim.public -pubout -outform PEM

You will find two keys, dkim.key & dkim.public

How do I reset Kloxo (LxAdmin) Admin Password

To reset lxadmin, you can do through SSH with just two commands:

cd /usr/local/lxlabs/lxadmin/httpdocslphp.exe ../bin/common/resetpassword.php master password

How to disable direct root login in your server

1. SSH into your server as root user.

2. Open the ssh configuration file using an editor like Vi

$ vi /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line

PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file Ctrl+X then Y then enter

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and 'su -' to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

***If you're using cPanel make sure you add your admin user to the 'wheel' group so that you will be able to 'su -' to root, otherwise you may lock yourself out of root.***

How do I check what version of CentOS

To obtain the version of CentOS your server is running, from command line issue the following:

cat /etc/*release*

Installation of FFMPEG, Mencoder, GPAC for 3gp video conversion server for CentOS

# install dependencies
yum -y install gcc gmake make libcpp libgcc libstdc++ gcc4 gcc4-c++ gcc4-gfortran subversion patch zlib-devel

# get encoding software
cd /usr/local/src

wget http://www3.mplayerhq.hu/MPlayer/releases/codecs/essential-20071007.tar.bz2
wget http://ftp.penguin.cz/pub/users/utx/amr/amrnb-7.0.0.2.tar.bz2
wget http://downloads.sourceforge.net/gpac/gpac-0.4.5.tar.gz

tar xf gpac-0.4.5.tar.gz
tar jxvf amrnb-7.0.0.2.tar.bz2
tar jxvf essential-20071007.tar.bz2

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer

# install encoding software

mkdir /usr/local/lib/codecs/
mv /usr/local/src/essential-20071007/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/
mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp

cd /usr/local/src/amrnb-7.0.0.2
./configure
make && make install

cd /usr/local/src/mplayer
svn update
./configure
make && make install

cd /usr/local/src/ffmpeg/
./configure –enable-libamr-nb –disable-mmx –enable-nonfree
make && make install

cd ./gpac
./configure
make && make install

# update library links
echo /usr/local/lib > /etc/ld.so.conf.d/ffmpeg.conf
ldconfig

How do I enable mod_rewrite in Apache2 on Debian?

Enabling mod_rewrite in apache2 is a simple procedure.

Type the following:

a2enmod rewrite

Edit /etc/apache2/sites-available/000-default or it may be called /etc/apache2/sites-available/default

and change the following line:

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

change it to:

Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all

Lastly, restart apache2:

/etc/init.d/apache2 restart

How to install ZPanel on ubuntu 12.04 x86_64

1) Ensure that you're using a server or VPS with a clean install of Ubuntu 12.04. This tutorial will focus on using Neosurge's VPS hosting solutions.

2) Log into the VPS or server as root.

3) Ensure all system packages are up to date and wait for the update and upgrade has completed by entering the following command:

Installing DomainKeys and SPF Records

DomainKeys (DKIM) and SPF records are becoming a common, and annoying, demand among email providers, mainly Yahoo and Hotmail. In short, both are methods of email authentication designed to verify email integrity, by linking a sender to a specific server or hostname. In other words, DomainKeys and SPF records specify what servers can send email on behalf of a domain name.

You’ll want DomainKeys and SPF records if your users have trouble sending email to certain providers, or they are having issues with spoofed (forged) email. CPanel currently allows two easy ways for you or your users to set up email verification. This is supported at least from cPanel 11.18 onward.

User-Level:

You can enable the “Email Authentication” feature in WHM ~> Feature Manager, which will enable the Email Authentication icon in the users’ cPanels where they can create DomainKeys and SPF records for their domain(s).

Root-level:

How to do Directadmin to Directadmin Migration

The directadmin to directadmin migration is easy.

1) Set the value  skip_domains_in_backups=1  in  /usr/local/directadmin/conf/directadmin.conf . This will skip coping home folder during backup creation.

2) Do to admin panel Admin Tools -> Admin Backup/Transfer , And select all users and run a backup now .This will take all accounts backups under the folder  /home/admin/admin_backups.

3) Now login to the admin panel of the new server and  go to Admin Tools -> Admin Backup/Transfer , then select the  “restore backups “. Chose all the backups files and  click the  submit.

4) Monitor the new server and wait for finishing  the restore. You can check the top comand and  or use pstree. See if the comamnd  dataskq completed or not. Also check the home folders.

5) After finishing it simply rsync the home folders.

Nginx And DDOS Protection

cPnginx and Danginx can use  to protect the HTTP DDOS as follows,
Edit the file   /etc/sysctl.conf  and increase the openfile limits. Add the following line,

fs.file-max = 700000

Edit  /etc/security/limits.conf  and add the following  lines,

nobody       soft    nofile  100000
nobody       hard    nofile  500000

Now apply the sysctl configuration using the following command .

# sysctl -p

Now edit the  /usr/local/nginx/conf/nginx.conf  file  and add the following line.

worker_rlimit_nofile 50000;

1)  Add the following sysctl parameters,
—————
net.ipv4.tcp_syncookies = 1
# source validation / reversed path
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
kernel.pid_max = 65536
net.ipv4.ip_local_port_range = 9000 65000
————–

2) Use the  RateLimit module ,   http://wiki.nginx.org/HttpLimitZoneModule   It must be placed inside http block
—————–
limit_zone slimits $binary_remote_addr 10m;
limit_conn slimits 10;
——————

3) You can also use the following too,
—————-
limit_req_zone $binary_remote_addr zone=slimitss:10m rate=1r/s;
limit_req zone=slimitss  burst=10;

How to reset litespeed admin password

Go to the below path

    /usr/local/lsws/admin/misc

run the below command

    sh admpass.sh

It will show below output

    Please specify the user name of administrator.
    This is the user name required to login the administration Web interface.

    User name [admin]: admin

    Please specify the administrator’s password.
    This is the password required to login the administration Web interface.

    Password:
    Retype password:
    Administrator’s username/password is updated successfully!

It will ask for the username type (admin) and password you want to set

How to install WatchMySQL Plugin in WHM

 Installation

Go to the below path

    cd /sbin

Remove the file or take the backup

    rm -f watchmysql

Download watchmysql plugin using the below link

    wget http://www.ndchost.com/cpanel-whm/scripts/watchmysql/download.php

Change the ownership of that file

    chown root.root watchmysql

Change permission of the file.

    chmod 0750 watchmysql

Configuration

Before you run the script you must first configure it. Use edit to open the watchmysql script and set the options.

#Sets the maximum concurrent connections per MySQL user.

    my $max_concurrent_connections = '15';

#Who to tell about this user... (email)

    my $warning_email = 'your@email.address';

#Kill Abuser's MySQL Connections (0 = no, 1 = yes)

    my $kill_user = '0';

#MySQL polling in seconds (600 = 10 minutes)

    my $check_interval = '600';

Running

To start this script simply run the following command

    /sbin/watchmysql &

If you want the script to start when the system boots you need to add the above line to /etc/rc.local

rpm command cheat sheet for Linux

rpm is a powerful Package Manager for Red Hat, Suse and Fedora Linux. It can be used to build, install, query, verify, update, and remove/erase individual software packages. A Package consists of an archive of files, and package information, including name, version, and description:

Syntax	Description	Example(s)
rpm -ivh {rpm-file}	Install the package	rpm -ivh mozilla-mail-1.7.5-17.i586.rpm rpm -ivh –test mozilla-mail-1.7.5-17.i586.rpm
rpm -Uvh {rpm-file}	Upgrade package	rpm -Uvh mozilla-mail-1.7.6-12.i586.rpm rpm -Uvh –test mozilla-mail-1.7.6-12.i586.rpm
rpm -ev {package}	Erase/remove/ an installed package	rpm -ev mozilla-mail
rpm -ev –nodeps {package}	Erase/remove/ an installed package without checking for dependencies	rpm -ev –nodeps mozilla-mail
rpm -qa	Display list all installed packages	rpm -qa rpm -qa | less
rpm -qi {package}	Display installed information along with package version and short description	rpm -qi mozilla-mail
rpm -qf {/path/to/file}	Find out what package a file belongs to i.e. find what package owns the file	rpm -qf /etc/passwd rpm -qf /bin/bash
rpm -qc {pacakge-name}	Display list of configuration file(s) for a package	rpm -qc httpd
rpm -qcf {/path/to/file}	Display list of configuration files for a command	rpm -qcf /usr/X11R6/bin/xeyes
rpm -qa –last	Display list of all recently installed RPMs	rpm -qa –last rpm -qa –last | less
rpm -qpR {.rpm-file} rpm -qR {package}	Find out what dependencies a rpm file has	rpm -qpR mediawiki-1.4rc1-4.i586.rpm rpm -qR bash

How to Install EAccelerator, IonCube, Zend Optimizer, SourceGuardian, and SuHosin outside of EasyApache

You can use /scripts/phpextensionmgr to install or uninstall these modules!

    /scripts/phpextensionmgr list
    Available Extensions:
    EAccelerator
    IonCubeLoader
    Zendopt
    SourceGuardian
    PHPSuHosin

If you wanted to install Zend Optimizer use the below command.

    /scripts/phpextensionmgr install Zendopt
    Installing Zendopt
    Determining PHP version
    Installing Zend Optimizer binary
    Activating Zend Optimizer in /usr/local/lib/php.ini
    Zend Optimizer activated
    Skipping install to /usr/local/php4, missing php.ini

Site is working fine with apache but giving 403 error with litespeed

    =================================
    Error 403: Forbidden

    You don’t have permissions to access this page. This usually means one of the following:
    ===================================

Go to the clients account for which you are getting the error message.

Create a .htaccess file and enter the below lines into it.

    SecFilterEngine Off

    SecFilterScanPOST Off

save and quit

How to reset ssh port through WHM

Login to your WHM using 2086

And then browse the below URL:

    http://serverip:2086/scripts2/doautofixer?autofix=safesshrestart

It will prompt for server password insert it and it will show that port is reset to default(22)

How to install varnish through yum

Download varnish rpm using the below link

    rpm –nosignature -i  http://repo.varnish-cache.org/redhat/el5/noarch/varnish-release-2.1-2.noarch.rpm

run the below command

    yum install varnish

How to uninstall varnish manually

Go to the folder where you have downloaded the tar file.

Go inside apachebooster folder

Provide the below permission to the file.

    chmod 777 uninstall

Run the below command to uninstall it.

    sh uninstall

How to Install varnish manually

Download the tar file from the below link

    wget http://prajith.in/downloads/apachebooster.tar.gz

untar it using the below command.

    tar -xvf apachebooster.tar.gz

go into extracted directory

    cd apachebooster

then fire the below command

    sh install.sh

Install Mhash in php 5.3+ in cPanel Centos Linux servers

The php-mhash installation in php 5.3 is very easy. Please use the following steps to install it
1) Download the latest mhash from   http://mhash.sourceforge.net/ and install it as follows,

# tar -xzf  mhash-0.9.9.9.tar.gz
# ./configure --prefix=/opt/mhash
#  make
#  make install

2) Now add it to the loader configuration in /etc/ld.so.conf.d/mhash.conf

/opt/mhash/lib

3) Now edit the file /var/cpanel/easy/apache/rawopts/all_php5 and add the following line

--with-mhash=/opt/mhash

4) Finally compile the php using the following command

#  /scripts/easyapache --build

You can test the mhash by creating a phpinfo page in your website document root.

How to convert directadmin to SUPHP

Conversion to SUPHP in directadmin is easy. You may please proceed with the following steps

1) Set the following custom build options

/build set php5_cgi yes
./build set php5_cli no

2)Now compile apache and php using the following commands

./build all d
./build rewrite_confs

3) Now need to fix the roundcube , squirrelmail and phpmyadmin permissions as follows,

./build roundcube
./build squirrelmail
./build phpmyadmin

4) Now need to fix the ownership and permission of files and dirs as follows,

# for i in `/bin/ls /usr/local/directadmin/data/users/` ; do chown -R $i.$i /home/$i/domains/* ; echo $i ;done 
# for i in `/bin/ls /usr/local/directadmin/data/users/` ; do find /home/$i/domains/ -type f -exec chmod 644 {} \; ; echo $i ;done
# for i in `/bin/ls /usr/local/directadmin/data/users/` ; do find /home/$i/domains/ -type d -exec chmod 755 {} \; ; echo $i 

This easy steps will help you to conversion your directadmin to suphp and fix the permission issues in your scripts.

CSF Directadmin Issue Permission denied [User:admin UID:501]- Solved

This is a simple permission issue in directadmin. The CSF in directadmin is running a setuid program. So it simply need to enable the  setuid  permission for the root user in this  program.   You may need to look into the following  file ,

# ls -al /usr/local/directadmin/plugins/csf/exec/csf
-rwxr-xr-x 1 root root 8112 Jun 23 10:37 /usr/local/directadmin/plugins/csf/exec/csf

Now you need to enable the “S” bit as follows,

#  chmod  4755  /usr/local/directadmin/plugins/csf/exec/csf
# ll /usr/local/directadmin/plugins/csf/exec/csf 
-rwsr-xr-x 1 root root 8112 Jun 23 10:37 /usr/local/directadmin/plugins/csf/exec/csf

Now login to the directadmin  as admin user and check the CSF page. It must work.

How to install mod_evasive in cPanel server

Please follow the procedure given below to install and configure  mod_evasive in  cPanel server with apache 2.2.

Download the   latest source file from http://www.zdziarski.com

# cd /usr/local/src/
# wget /blog/wp-content/uploads/2010/02/mod_evasive_1.10.1.tar.gz
# tar -xvzf mod_evasive_1.10.1.tar.gz
# cd mod_evasive/
# /usr/local/apache/bin/apxs -cia mod_evasive20.c

Now create a file named  /usr/local/apache/conf/mod_evasive.conf and add the following lines

# cat /usr/local/apache/conf/mod_evasive.conf
LoadModule evasive20_module   modules/mod_evasive20.so
<IfModule mod_evasive20.c>
DOSHashTableSize    3097
DOSPageCount        2
DOSSiteCount        50
DOSPageInterval     1
DOSSiteInterval     1
DOSBlockingPeriod   10
</IfModule>

Now include the above file inside  /usr/local/apache/conf/includes/pre_main_global.conf

Include "/usr/local/apache/conf/mod_evasive.conf"

Now rebuild httpd.conf

/scripts/rebuildhttpdconf

Now restart apache

/scripts/restartsrv httpd

How Do I Restore A MySQL Database?

To restore a MySQL database please follow the below steps:

- Login to your control panel www.yourdomain.com/cpanel
- Click on 'Backups' in 'Site Management'
- Click on 'Browse' to locate the Database you want to restore then click 'Upload'

It may take a while to upload your .sql and populate the database so a broadband connection would help. This will overwrite the database that you currently have up.

Reset Bandwidth Usage In WHM/cPanel

If you run cPanel on your VPS or Dedicated Server and want to reset bandwidth for a particular user or domain then:

1. ssh to your server
2. cd /var/cpanel/bandwidth.cache/
3. vi domainname.com and/or vi username
4. replace contents with 0
5. save and quit

WHM/cPanel should now show 0 for the user/domain in Account Information >> View Bandwidth Usage

How To Reset A Kloxo Or LxAdmin Password From SSH

When your VPS is installed by us with Kloxo or LXadmin the password will 'admin' and the username 'admin' too.
Note: if you reinstall yourself it will also be 'admin'.
If you still can't login then:

1) Login via SSH

2) cd /usr/local/lxlabs/kloxo/httpdocs

or

2) cd /usr/local/lxlabs/lxadmin/httpdocs

3) /usr/bin/lphp.exe  ../bin/common/resetpassword.php master NEWPASSWORD

Now try your password again.

How to force redirection to HTTPS

To force visitors to use HTTPS to access your site via yor SSL certificate is to add the following to the top of a .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

CentOS - Hostname Change

There are 4 steps in a hostname change, luckily all the steps are easy.

Sysconfig/Network

Open the /etc/sysconfig/network file with your favorite text editor. Modify the HOSTNAME= value to match your FQDN host name.

# sudo nano /etc/sysconfig/network

HOSTNAME=myserver.domain.com

Hosts File

Change the host that is associated to your main IPaddress for your server, this is for internal networking (found at /etc/hosts):

 

Run Hostname

The 'hostname' command will let you change the hostname on the server that the commandline remembers, but it will not actively update all programs that are running under the old hostname.

Restart Networking

At this point all the necessary changes that needed to be made have been made, you will want to restart networking on your server to make sure that changes will be persistent on reboot:

# /etc/init.d/network restart