Archive

Posts Tagged ‘plesk’

Unable to remove Plesk Domain

January 12, 2011 2 comments

When we try to remove domain the following error message is appearing.

Unable to delete hosting: Unable to create SubDomainManager: Unable to create SubDomainPerformance object: WebServerManager::getSubDomainPerformance() failed: Unable to parse current performance.


Also I am not able to remove the subdomains.

When accessing a sub domain management page the following error message is displayed:

Unable to create SubDomainManager object: Unable to create SubDomainPerformance object: WebServerManager::getSubDomainPerformance() failed: Unable to parse current performance.

CAUSE
========
Sub domain is not configured in IIS.

RESOLUTION
========

It’s needed to be re-configured. This can be done using the following command line utility:

“%plesk_bin%\websrvmng.exe” –update-subdomain –vhost-name=<domain> –subdomain=<subdomain>

==========================

If the issue persist try  these also :

1. Remove the Registry Key

HKEY_LOCAL_MACHINE -> SOFTWARE -> PLESK -> PSA Config -> Config ->SitesCache

2. The follow your suggestion and remove the domain.

cd %plesk_bin%

websrvmng.exe –remove-vhost –vhost-name=Domainname

3. Then install the domain through the command line:

websrvmng.exe –install-vhost –vhost-name=Domainname

4. Then go to the Plesk Control Panel and delete the domain. It is still in the list, but it will actually delete this time.

Categories: IIS, plesk, Windows Tags: , ,

Reset my admin password on my Plesk Linux server

September 9, 2010 2 comments

This can be accomplished with the ch_admin_passwd binary.

[root@plesklinux root]# cd /usr/local/psa/admin/bin/

[root@plesklinux bin]# ./ch_admin_passwd --help./ch_admin_passwd:

Utility to set Plesk adminstrator’s password

Gets password from the environment variable PSA_PASSWORD
Password should be from 5 to 16 symbols and should not contain login name, whitespace, quotes or national characters.

Usage: ./ch_admin_passwd -h, --help

display this help and exit.
We must export the variable before running the binary. We will unset the variable when we are done.

[root@plesklinux bin]# export PSA_PASSWORD='newpass'

[root@plesklinux bin]# echo $PSA_PASSWORDnewpass

[root@plesklinux bin]# ./ch_admin_passwd

[root@plesklinux bin]# export PSA_PASSWORD=

[root@plesklinux bin]# cat /etc/psa/.psa.shadownewpass

[root@plesklinux bin]#
Categories: plesk Tags: , ,

Plesk rebuild Apache configuration files

September 9, 2010 1 comment

Sometimes you need to rebuild all your httpd.include files, it can be done with websrvmng command:

/usr/local/psa/admin/bin/websrvmng -av

Backup and restore a Plesk domain from the command line

September 9, 2010 Leave a comment

BACKUP

Set a domain name as a variable in your shell (not really required, just makes the rest harder to screw up if you copy and paste from this howto):

DOMAIN_NAME=example.com

Go to the directory where plesk keeps the dumps

cd /var/lib/psa/dumps/$DOMAIN_NAME

Create a file with the description. even if you don’t care about the description, the file needs to exist.

echo "description goes here" > description.txt

Run the backup:

/usr/local/psa/admin/bin/domain_bu --backup --domain-name  $DOMAIN_NAME --dump-file $DOMAIN_NAME.domain_dump --desc-file  description.txt

Note that the shell prompt will be returned to you before the backup is completd. you can watch for the backup to be finished with this command (after waiting a moment or two for backup_restore.log to be created if it wasn’t there already):

tail -f backup_restore.log

When you see the text “Single domain backup is successfully completed.” (or something to that effect, depending on your version), the backup is completed.

RESTORE

To restore again with the backup, or restore on another server:

– Add the domain under the desired client in plesk (the domain has to exist in plesk to continue).

– Copy the .dump file to other server’s /var/lib/psa/dumps/[DOMAIN_NAME] directory.

– Set a domain name, client login and ip address the site should use as variables in your shell (not really required, just makes the rest harder to screw up if you copy and paste from this howto):

DOMAIN_NAME=example.com
CLIENT_LOGIN=myclient
IP_ADDRESS=1.2.3.4

Go to the dumps directory where you had copied the dump to

cd /var/lib/psa/dumps/$DOMAIN_NAME

Run the restore command:

/usr/local/psa/admin/bin/domain_bu --restore --domain-name  $DOMAIN_NAME --client-login $CLIENT_LOGIN --domain-ip $IP_ADDRESS  --dump-file $DOMAIN_NAME.domain_dump

If you get errors when restoring related to unmatched cert, see the instructions here: http://forum.plesk.com/showthread.php?s=&threadid=12274

Categories: plesk Tags: , , ,

Spam Tracking qmail Plesk

September 9, 2010 Leave a comment

Firstly we should look at the server’s queue:

# /var/qmail/bin/qmail-qstat

messages in queue: 758
messages in queue but not yet preprocessed: 0

We do have 758 mails in the queue. Let’s examine the queue with qmail-qread. Seeing a bunch of strange email addresses in the recipient list usually it’s meaning spam.

 # /var/qmail/bin/qmail-qread


You can examine the email content of the emails in the queue using  Plesk interface or just less command. Firstly we should  find message’s id using qmail-qread, then find the  file holding the email in /var/qmail/queue with find command.
# /var/qmail/bin/qmail-qread
18 Jul 2008 02:01:11 GMT  #22094026  1552  <>
        remote  user@yahoo.com

# find /var/qmail/queue/ -name 22094026
/var/qmail/queue/mess/19/22094026
/var/qmail/queue/remote/19/22094026
/var/qmail/queue/info/19/22094026

# less /var/qmail/queue/mess/19/22094026
Received: (qmail 10728 invoked from network); 22 Jul 2008 19:40:46 +0300
Received: from unknown (HELO User) (86.107.221.138)
  by domain.com with SMTP; 22 Jul 2008 19:40:46 +0300
Reply-To: <support@PayPal.Inc.com>
From: "PayPal"<support@PayPal.Inc.com>
Subject: Dispute Transaction
Date: Tue, 22 Jul 2008 19:40:52 +0300
MIME-Version: 1.0
Content-Type: text/html;
        charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
[...]

Oops, we do have some spam in the queue that’s received from the network (IP: 86.107.221.138). We should remove spam from the queue or the server IP address will finish listed in the RBLs, qmail-remove is the right tool for this job.

Check the number of the spams with the spam pattern (”PayPal.Inc.com” in this case):

# qmail-remove -p 'PayPal.Inc.com'

Now, remove spams (notice the ‘-r’ switch), they all will end up in the /var/qmail/queue/yanked directory. Don’t forget to stop qmail daemon before (/etc/init.d/qmail stop) :

# qmail-remove -r -p 'PayPal.Inc.com'

In a few minutes we do have more emails with the same patterns from the same ip address. That’s great, we do have opportunity to examine smtp traffic from the spammer’s ip address. Run tcpdump and wait a few minutes.

# tcpdump -i eth0 -n src 86.107.221.138 \or dst 86.107.221.138 -w smtp.tcpdump -s 2048

Examining log file with less or vi we found that spammer is sending spam using LOGIN authentication:

220 ulise.domain.com ESMTP
ehlo User
250-ulise.domain.com
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250-PIPELINING
250 8BITMIME
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdA==
334 UGFzc3dvcmQ6
MTIzNDU=
235 go ahead

Interesting, let’s decode the user/pass to see which account is used:

# perl -MMIME::Base64 -e ‘print decode_base64(“dGVzdA==”)’

test
# perl -MMIME::Base64 -e 'print decode_base64("MTIzNDU=")'
12345

So, someone created a test account with a weak password and someone else guessed it and is sending spam through the server.

Let’s find the domain owning of the mailbox:

# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa
[...]
mysql> SELECT m.mail_name, d.name, a.password FROM mail AS m LEFT JOIN (domains AS d, accounts AS a) ON (m.dom_id = d.id AND m.account_id = a.id) WHERE m.mail_name='test' AND a.password='12345';
+-----------+------------+----------+
| mail_name | name       | password |
+-----------+------------+----------+
| test      | example.com | 12345    |
+-----------+------------+----------+
1 row in set (0.01 sec)

Next step is to delete test mailbox and send a warning to client.

To improve your server’s security you’ll need to enable:
Server -> Mail -> Check the passwords for mailboxes in the dictionary



Reference : http://www.cherpec.com/2008/07/plesk-howto-debug-spam-problems/

Categories: plesk, qmail Tags: , , ,

Hode in Plesk gives blank page after login

September 9, 2010 Leave a comment

If you are getting segmentaion fault/blank page for horde in plesk, you can check the following steps

1. Log in to the server shell.
2. Issue the following command:
# mysql -uadmin -p`cat /etc/psa/.psa.shadow` psa -e “replace into misc (param,val) values (’apache_pipelog’, ‘true’);”
3. Rebuild Apache configuration as follows:
# $PRODUCT_ROOT_D/admin/sbin/websrvmng -v -a

Categories: plesk Tags: ,

Qmail spam detection

September 9, 2010 Leave a comment

To get rid of spam on your Qmail mail server:

  1. Make sure that all domains have the Mail to nonexistent user option set to Reject.This option is available since Parallels Plesk Panel 7.5.3 and can be changed for all the domains using group operations: select the domains, click Modify Selected, in the Preferences section select Switch on for the Mail to nonexistent user option and select the Reject value for it.
  2. Make sure that there are no untrusted IP addresses or networks in the white list.To do this, go to Home > Mail Server Settings > White List tab. To remove untrusted IP addresses or networks, select them in the list and click Remove Selected.
  3. Check how many messages there are in the Qmail queue with:# /var/qmail/bin/qmail-qstatmessages in queue: 34657

    messages in queue but not yet preprocessed: 90

    If there are too many messages in the queue, try to find out where the spam is coming from. If the mail is being sent by an authorized user, but not from a PHP script, you can find out which user sent most of the messages with the following command:

    # cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk '{print $11}' |sort |uniq -c |sort -n

    Note that the SMTP authorization option should be enabled on the server to see these records. The path to maillog may be different depending the OS you use.

  4. Use the qmail-qread utility to read the messages headers:# /var/qmail/bin/qmail-qread18 Jul 2005 15:03:07 GMT #2996948 9073 <user@domain.com> bouncing

    done remote user1@domain1.com

    done remote user2@domain2.com

    done remote user3@domain3.com

    ….

    The qmail-qread utility shows messages’ senders and recipients. If a message has too many recipients, then it is most probably spam.

  5. Try to find the message in the queue by it’s ID (for example, the message ID is #1234567):# find /var/qmail/queue/mess/ -name 1234567
  6. Look into the message and find the first from the end Received line. It is where the message was initially sent from.
    • If you find something like:Received: (qmail 19514 invoked by uid 12345); 10 Sep 2008 17:48:22 +0700
    • it means that this message was sent via a CGI script by user with UID 12345. Use this UID to find a corresponding domain:

      # grep 12345 /etc/passwd

    • Received lines like:Received: (qmail 19622 invoked from network); 10 Sep 2008 17:52:36 +0700Received: from external_domain.com (192.168.0.1)

      mean that the message was accepted for delivery via SMTP and the sender is an authorized mail user.

    • If Received line contains an UID of an apache user (for example invoked by uid 48), it means that the spam was sent via an PHP script. In this case you can try to find the spammer using information from the spam e-mails (from/to addresses, subjects, etc). But usually to find the spam source is very hard in this case. If you are sure that some script is sending spam at the current moment (the queue grows very fast), you can use this little script to find out what PHP scripts are running in real-time:# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ‘ { if(!str) { str=$1 } else { str=str”,”$1}}END{print str}’` | grep vhosts | grep phpTo try to find out from what folder the PHP script that sends mail was run, create /var/qmail/bin/sendmail-wrapper script with the following content:

      #!/bin/sh

      (echo X-Additional-Header: $PWD ;cat) | tee -a /var/tmp/mail.send|/var/qmail/bin/sendmail-qmail “$@”

      Note, the paths can slightly differ depending on your OS and Parallels Plesk Panel version.

      Create a log file /var/tmp/mail.send and grant it a+rw rights, make the wrapper executable, rename old sendmail and link it to the new wrapper:

      # touch /var/tmp/mail.send

      # chmod a+rw /var/tmp/mail.send

      # chmod a+x /var/qmail/bin/sendmail-wrapper

      # mv /var/qmail/bin/sendmail /var/qmail/bin/sendmail-qmail

      # ln -s /var/qmail/bin/sendmail-wrapper /var/qmail/bin/sendmail

      Wait for about an hour and revert sendmail back:

      # rm -f /var/qmail/bin/sendmail

      # ln -s /var/qmail/bin/sendmail-qmail /var/qmail/bin/sendmail

      Examine the /var/tmp/mail.send file. There should be lines starting with X-Additional-Header pointing out to domains’ folders where the script that sends the mail is located.

      You can see all the folders where mail PHP scripts were run from with the following command:

      # grep X-Additional /var/tmp/mail.send | grep `cat /etc/psa/psa.conf | grep HTTPD_VHOSTS_D | sed -e ‘s/HTTPD_VHOSTS_D//’ `

Categories: plesk, qmail Tags: , ,