Category Archives: manage

qmail and simple configuration

qmail is a modern SMTP server and the second most popular MTA on the Internet. A number of large Internet sites are using qmail, Plesk is one. If you are on Plesk control panel, and need to change email account password then changing password from Plesk is a lengthy process.

qmail is installed into /var/qmail or similar. There are more directories, but four are important: bin, control, mailnames and users. bin directory contains all binary programs about manage qmail service. mailnames directory contains all mail divided by domain and user.

qmail-control
If you type this command:
man qmail-controlYou obtain info about files into /var/qmail/control directory.
We analize rejectnonexist, rcpthosts and virtualdomains.

rejectnonexist
File is the list of domains, one per line. qmail-smtpd will reject any envelope recipient address with a domain not listed in rejectnoexist.

rcpthosts
File is the list of domains, one per line. Allowed RCPT domains. If rcpthosts is supplied, qmail-smtpd will reject any envelope recipient address with a domain not listed in rcpthosts. Any details with command line:
man qmail-smptdvirtualdomains
List of virtual users or domains, one per line. A virtual user has the form user@domain:prepend, without any extra spaces. When qmail-send sees the recipient address user@domain, it converts it to prepend-user@domain and treats it as local. Any details with command line:
man qmail-send

qmail-users
If you type this command:
man qmail-usersYou obtain info about files into /var/qmail/users directory: assign and cdb.

assign
List of users addresses. File is a series of assignments, one per line. It ends with a line containing a single dot. Lines must not contain NUL.

cdb
It is a constant database (CDB). CDB is a binary format that can be accessed quickly by qmail-lspawn, even when there are thousands of assignments.

.qmail files
.qmail files contain a list of delivery instructions, one instruction per line. Delivery of a user’s mail is usually controlled by one or more “.qmail” (pronounced dot kyoo mail) files. The pseudo-user on all qmail systems whose home directory is usually /var/qmail/alias. About each user, home directory is usually /var/qmail/mailnames/domain/user/.qmail. Any details with command line:
man dot-qmail

Usage
You could use any programs to manage qmail service. Most popular is vpopmail. vpopmail is a set of API that manages virtual user accounts on a qmail system, and handles delivery for these virtual users. The command-line utilities, and Qmailadmin all use the vpopmail API, provided by the vpopmail library to manage the system. vpopmail does not work with Plesk. So that, you could run the Plesk or qmail commands. Options about Plesk commands line may differ from version to version: we are using v10.3. Any details, you could run each command with –help.

create a domain
If you want configure only domain mail into Plesk,
/usr/local/psa/bin/domain --create pandle.net -dns false -mail_service true -notify false -ip 192.168.1.11
else if you have Plesk panel, you could add new domain out to Plesk and you could add mail into qmail service.
This configuration is available only user with forward because it is disable change password without Plesk or vpopmail.
You must modify five files (assign, cdb, rejectnonexist, rcpthosts and virtualdomains) and create new directory into /var/qmail/mailnames.
/var/qmail/control
If the domain is pandle.net, add domain into files:
echo "pandle.net" >> /var/qmail/control/rejectnonexist
echo "pandle.net" >> /var/qmail/control/rcpthosts
To add domain into virtualdomains, and you are using prefix, you must use new prefix. Plesk uses progressive number like id domain. Show last prefix:
tail -n 1 /var/qmail/control/virtualdomains | awk -F ':' '{print $2}'
If last prefix number is 35, you could use 100 so that you could use again Plesk:
echo "pandle.net:100" >> /var/qmail/control/virtualdomains
/var/qmail/mailnames
mkdir /var/qmail/mailnames/pandle.net
echo "|bouncesaying This\ address\ no\ longer\ accepts\ mail." > /var/qmail/mailnames/pandle.net/.qmail-default
chown -R popuser.popuser /var/qmail/mailnames/pandle.net
chmod -R 700 /var/qmail/mailnames/pandle.net

/var/qmail/users
Show values about qmail user: popuser
grep popuser /etc/passwd
Output could be:
popuser:x:110:31:POP3 service user:/var/qmail/popuser:/bin/false
Add on the top domain line into /var/qmail/users/assign:
nano /var/qmail/users/assign
+100:popuser:110:31:/var/qmail/mailnames/pandle.net:::

Now run qmail-newu: it processes the assign file and generates a new cdb:
/var/qmail/bin/qmail-newu

create an user
If domain and mail are configured into Plesk and you must create new user,
/usr/local/psa/bin/mail --create biliards@pandle.net -passwd mypassword -mailbox true
else if domain and mail are configured into Plesk and you must update only password,
/usr/local/psa/bin/mail -u biliards@pandle.net -passwd mypassword
else if domain and mail are not configured into Plesk, commands are more than one. You must modify two files (assign and cdb) and create new directory into /var/qmail/mailnames/pandle.net. If the user name is biliards, add on the top user line into /var/qmail/users/assign:
nano /var/qmail/users/assign
=100-biliards:popuser:110:31:/var/qmail/mailnames/pandle.net/biliards:::

Now run qmail-newu: it processes the assign file and generates a new cdb:
/var/qmail/bin/qmail-newu
Make the user home directory:
mkdir /var/qmail/mailnames/pandle.net/biliards
mkdir /var/qmail/mailnames/pandle.net/biliards/\@attachments
mkdir /var/qmail/mailnames/pandle.net/biliards/Maildir
mkdir /var/qmail/mailnames/pandle.net/biliards/Maildir/cur
mkdir /var/qmail/mailnames/pandle.net/biliards/Maildir/new
mkdir /var/qmail/mailnames/pandle.net/biliards/Maildir/tmp

Make two files:
cat /var/qmail/mailnames/pandle.net/biliards/.qmail
| true
| /usr/bin/deliverquota ./Maildir

cat /var/qmail/mailnames/pandle.net/biliards/Maildir/maildirsize
0S,0C
0 0

Modify the owner and permissions:
chown -R popuser.popuser /var/qmail/mailnames/pandle.net/biliards
chmod -R 700 /var/qmail/mailnames/pandle.net/biliards
chmod 600 /var/qmail/mailnames/pandle.net/biliards/.qmail
chmod 644 /var/qmail/mailnames/pandle.net/biliards/Maildir/maildirsize

User password is configurable only Plesk or vpopmail programs. So that, if you have other domains configured into Plesk, you must use Plesk commands or you add line to user .qmail file to forward mailing:
cat /var/qmail/mailnames/pandle.net/biliards/.qmail
| true
| /usr/bin/deliverquota ./Maildir
&ittips@pandle.net

create an alias
If domain and mail are configured into Plesk and you must create new user alias,
for example, user biliards and alias bilardi and webmaster,
/usr/local/psa/bin/mail -u biliards@pandle.net -aliases add:bilardi,webmaster
else if you want create only alias about mail already configured,
nano /var/qmail/users/assign
=100-biliards:popuser:110:31:/var/qmail/mailnames/pandle.net/biliards:::

Now run qmail-newu: it processes the assign file and generates a new cdb:
/var/qmail/bin/qmail-newu

To test mail that you created, follow the steps on this page.

Reference: lifewithqmail.org, FAQ, vpopmail, pop account

How to use vhost.conf in Plesk

Maybe you need to do some specific configurations for a domain or subdomain and you tried to do directly in httpd.include file. You saw that it works for the momment but plesk will delete again your specific configurations from this file. So, in this case the answer is vhost.conf file. This file will be placed inside your domain’s conf directory, usually found at /var/www/domain.com/conf. Create a file called vhost.conf in whatever editor you prefer.

Modify Plesk skel for each vhost.conf
If you want modify configuration for all domains, then you must create vhost.conf in .skel directory:
mkdir /var/www/.skel/0/conf/
emacs /var/www/.skel/0/conf/vhost.conf

Modify vhost.conf for one domain
If you want modify configuration for one domain, the you must create vhost.conf:
emacs /var/www/onedomain.net/conf/vhost.conf
Modify vhost.conf for one subdomain
If you want modify configuration for single subdomain, the you must create vhost.conf:
emacs /var/www/onedomain.net/subdomain/siglesubdomain/conf/vhost.conf

Edit vhost.conf
If you want modify safe_mode directive to off in onedomain.net, then you could create vhost.conf into /var/www/onedomain.net/conf/:

<Directory /var/www/onedomain.net/httpdocs>
<IfModule mod_php4.c>
php_admin_flag safe_mode off
</IfModule>
<IfModule mod_php5.c>
php_admin_flag safe_mode off
</IfModule>
</Directory>

Now, you need to tell Plesk to update it’s information.
You have to run:
/usr/local/psa/admin/sbin/websrvmng -u --vhost-name=onedomain.net

this will configure plesk only for one single domain, in this case domain.com
If you want to configure it for all sites run:
/usr/local/psa/admin/bin/websrvmng -a

After this command if you look to httpd.include file, will see that your httpd.include will have an include line for your vhost.conf, something like this:
Include /srv/www/onedomain.net/conf/vhost.conf

There is also a vhost.conf file for subdomain in their DocumentRoot directory, if you want to do some specific things for subdomain.

Now, you must restart apache:
apachectl -t
apachectl graceful

Reference: vioan.ro, deec.it

Installing a SSL Certificate in Plesk

Add a SSL Certificate to a website using Plesk it is simple: it is important to know Plesk version because it is different among differente releases.
Plesk 9

  1. we first login to Plesk and navigate to the domain you wish to install the Certificate on to
  2. enter into the configuration of the target domain
  3. click on SSL Certificates
  4. click on Add SSL Certificate
  5. if you already have a SSL Certificate then you can skip this step and go to step 8. Any details:
    1. Name the certificate. This can be named anything that you choose. You could use a descriptive name including a timestamp like YYYYMMDDRR format where RR is the revision number (00 in this case as there are no revisions for the same day)
    2. Make any needed adjustments to the SSL Request. This information will be embedded in the SSL Certificate and should be similar to the domain registration information
    3. The email address should match one of the email addresses in the domain whois information provided by your domain registrar
    4. Falsified information may be rejected by your SSL Certificate Authority.
  6. now enter back into the Certificate configuration
  7. you can now review the CSR and Private Key. Save the Private Key in a safe location. Should anything occur with your server that the certificate must be re-entered you MUST have at least the Certificate and Private Key. Take the CSR and submit it to the Certificate Authority of your choice
  8. once you have received the Certificate from your Certificate Authority you can paste it into the Certificate text area. If your Certificate Authority requires, you may need to paste their own Certificate into the CA certificate text area (often called a CA Bundle)
  9. if the Private Key does not match the Certificate then you will see a page similar to this. You MUST have a matching Private Key and Certificate in order to use a Certificate
  10. once installed you will see CSR, Private Key and Certificate. These three all match up and are ready to be used
  11. now you will navigate back in to the Web Hosting Settings from the Domains configuration
  12. select the corresponding Certificate and click OK at the bottom

Plesk 9.5
Previous steps do not work. Certificate must be adding into Global Configurations and not into single domain configuration.

  1. we first login to Plesk and enter into the Global Configuration
  2. click on SSL Certificates and follow steps (about Plesk 9) from 4 to 10
  3. now you will navigate back in to the IP addresses
  4. you need exclusive IP addresses for domains with SSL certificates. Enter into IP address about your website to apply the SSL Certificate
  5. select SSL Certificate (choose name about certificate newly created)
  6. select domain and save
  7. follow last steps (about Plesk 9) 11 and 12

The new certificate is now being used for the domain. If you have updated the certificate then you may need to completely close out of your browser before the new certificate is used.

Reference: modularmerchant.com, parallels.com

open_basedir restriction in effect

PHP open_basedir protection tweak is a Safe Mode security measure that prevents users from opening files or scripts located outside of their home directory with PHP, unless the folder has specifically excluded. PHP open_basedir setting if enabled, will ensure that all file operations to be limited to files under certain directory, and thus prevent php scripts for a particular user from accessing files in unauthorized user’s account. When a script tries to open a file with, for example, fopen() or gzopen(), the location of the file is checked. When the file is outside the specified or permissible directory-tree, PHP will refuse to open it and the following errors may occur:
Warning: file_exists() [function.file-exists]: open_basedir restriction in effect. File ...
The above error message appears on a Apache httpd web server error log (error_log). However, the problem may happen to all system or websites that use PHP as scripting language.
The solution or workaround to open_basedir restriction problem is that disable the PHP open_basedir protection altogether, or to exclude the protection for certain privileged user accounts, or to allow access to the additional directory for PHP scripts.

If you’re using cPanel WebHost Manager (WHM), you can easily disable PHP open_basedir protection or exclude certain users from the protection with WHM. Simply go to “Tweak Security” under the “Security” section, then select “Configure” link for “Php open_basedir Tweak”. Inside it, you can enable or disable php open_basedir Protection, or exclude and include hosts from the protection.

If you’re using Plesk hosting control panel, you may need to manually edit Apache configuration file of vhost.conf and vhost_ssl.conf, and add in or edit the following php_admin_value open_basedir lines to the following:

php_admin_value open_basedir none


php_admin_value open_basedir /full/path/to/dir:/full/path/to/directory/httpdocs:/tmp

Note: For SSL hosts in the vhost_ssl.conf file, the Directory path will end with “httpsdocs” instead of “httpdocs”.

The paths (above is example only and to be replaced with real path) that behind open_basedir are the directories that specifically allowed for the PHP scripts in the vhost domain account to access, so you can add in more directories that files are been stored and needed to be opened by PHP, each seperated by color “:”. But be careful as it might expose your system to security fraud.

Once done, restart Apache httpd web server (apache2ctl restart or httpd restart). If you have to manually edit the Apache configuration file to disable PHP open_basedir protection, simply open up the httpd.conf file, and search for the lines that starts with the following characters:
php_admin_value open_basedir …..
Replace the whole line under the virtual host for the domain user account that you want to disable protection with the following line to disable it:
php_admin_value open_basedir none
You can also opt to allow your PHP scripts to access additional directory instead without disabling the protection. Additional directory can be added to the line, separated with color “:”. For example, to add /new_directory to the allow list:
php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp”
php_admin_value open_basedir “/home/user_account/:/usr/lib/php:/usr/local/lib/php:/tmp:/new_directory”

Restart the Apache after finished editing. Note that the directory allowed list restriction above is actually a prefix, not a directory name. This means that “open_basedir = /dir/incl” also allows access to “/dir/include” and “/dir/incls” if they exist. When you want to restrict access to only the specified directory, end with a slash. For example: “open_basedir = /dir/incl/”.

Reference: mydigitallife.info

How to insert into plesk new db and user db manually

If you are a maniac of the shell but you need to work with plesk. If you’re not the only one to administer the db and who is not a practical use plesk.
If you created the db via shell are in use and can not stop their use. It is good that the db and db users you entered manually, are also present in plesk.

The process is very simple. Plesk uses three tables:

mysql> desc accounts;
+----------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+------------------+------+-----+---------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| type | varchar(32) | NO | | plain | |
| password | text | YES | | NULL | |
+----------+------------------+------+-----+---------+----------------+
mysql> desc db_users;
+------------+------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+------------+------------------+------+-----+---------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| login | varchar(16) | NO | | NULL | |
| account_id | int(10) unsigned | NO | MUL | NULL | |
| db_id | int(10) unsigned | NO | MUL | NULL | |
+------------+------------------+------+-----+---------+----------------+
mysql> desc data_bases;
+-----------------+------------------------------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------------+------------------------------------+------+-----+---------+----------------+
| id | int(10) unsigned | NO | PRI | NULL | auto_increment |
| name | varchar(63) | NO | MUL | NULL | |
| type | enum('mysql','postgresql','mssql') | NO | | mysql | |
| dom_id | int(10) unsigned | NO | MUL | NULL | |
| db_server_id | int(10) unsigned | NO | MUL | NULL | |
| default_user_id | int(10) unsigned | YES | | NULL | |
+-----------------+------------------------------------+------+-----+---------+----------------+

So you can add, for each database, the following lines:
mysql> insert into accounts values(id,'plain','dbUserPassword');
mysql> insert into data_bases values(id,'dbName','mysql',idDomain,idDbServer,idDbUser);
mysql> insert into db_users values(id,'dbUserName',idAccount,idDb);

How to migrate objects from Parallels Plesk Panel version 7.5 or 8.6 to Parallels Plesk Panel 9

Plesk Migration Manager (PMM) does not exist in Parallels Plesk Panel Beta, Plesk 9 Release and the first patch 9.0.1.
The feature is under development now and will be available in the next version of Parallels Plesk Panel 9.2.

However it is still possible to migrate objects from Parallels Plesk Panel versions 7.5, 8.6 manually using Plesk Backup Manager.

You may migrate Parallels Plesk Panel as a whole or separate domains and clients. Below are the instructions.

1. Migrate server

a. Login to a source server with Parallels Plesk Panel 8.6 installed and create a full backup with the pleskbackup utility:

~# /usr/local/psa/bin/pleskbackup all

The utility is included into the psa-backup-manager package for Plesk 8.6, verify that it is installed.

In Parallels Plesk Panel 7.5 the command line backup utility is /usr/local/psa/bin/psadump that is included into psa-bu package.

If not installed you may install Plesk Backup Manager via Autoinstaller in control panel Server -> Updater

b. Copy the dump to the destination server with Parallels Plesk Panel 9 and convert the backup to version 9 with pre9-backup-convert.

~# /usr/local/psa/bin/pre9-backup-convert -v convert -d /var/lib/psa/dumps/

Where /var/lib/psa/dumps/ is Backups directory on the destination server with Parallels Plesk Panel 9.

This will create a number of backup XML files and subdirectories with data under /var/lib/psa/dumps.

c. Login to Parallels Plesk Panel as administrator and change to the server backup repository:

Home -> Backup Manager -> Server Repository

There is a list of backup files in the server repository.

d. Click the backup name to enter the Backup Details page.

e. Select the required restoration options and click Restore to start the restoration process.

Note: you should check the Administrator’s clients option to restore all clients and domains from the backup.

2. Migrate client

a. Login to the source server and create a backup of clients you want to migrate or full server backup with pleskbackup:

~# /usr/local/psa/bin/pleskbackup all

or

~# /usr/local/psa/bin/pleskbackup clients CLIENT.LOGIN

b. Copy the dump to the destination Parallels Plesk Panel 9 server and convert the backup to version 9 with pre9-backup-convert.

~# /usr/local/psa/bin/pre9-backup-convert -v convert -d /var/lib/psa/dumps/

This will create a number of backup XML files and subdirectories with data under /var/lib/psa/dumps.

c. Login to Parallels Plesk Panel as administrator and create a new client with the same login of migrated client.

d. Then access local backup repository of the new client:

Clients -> CLIENT NAME -> Backup Manager

Because the login of newly created client coincides with the login of client from the dump the converted backup should be shown in the repository.

e. Click the backup name to enter the Backup Details page.

f. Select the required restoration options and click Restore to start the restoration process.

3. Migrate domain

a. Login to the source server and create a backup of the domain you want to migrate or full server backup with pleskbackup:

~# /usr/local/psa/bin/pleskbackup all

or

~# /usr/local/psa/bin/pleskbackup domains DOMAIN.NAME

b. Copy the dump to the destination Parallels Plesk Panel 9 and convert the backup to version 9 with pre9-backup-convert.

~# /usr/local/psa/bin/pre9-backup-convert -v convert -d /var/lib/psa/dumps/

This will create a number of backup XML files and subdirectories with data under /var/lib/psa/dumps.

c. Login to Parallels Plesk Panel as administrator and create a new domain name that coincides with name of the migrated domain from backup.

d. Then access the local backup repository of the domain:

Domains -> DOMAIN.NAME -> Backup Manager

Because new domain name coincides with domain from the backup the converted backup should be shown in the repository.

e. Click the backup name to enter the Backup Details page.

f. Select the required restoration options and click Restore to start the restoration process.

Before migrating from Parallels Plesk Panel 8.1, 8.2, 8.3, 8.4 you should upgrade the source Parallels Plesk Panel to the latest version 8.6.

To migrate objects from Parallels Plesk Panel version 7.5 using Plesk Backup Manager you should create a backup on the source server 7.5 with the utility /usr/local/psa/bin/pleskdump, convert it to version 8 with utility backup-convert and then convert to version 9 with pre9-backup-convert.

Refer to the article Is it possible to restore Plesk 7.5 backup on Plesk 8.x system? for details about how to convert backup to version 8.
After that you may restore the backup through Backup Manager in the control panel.

Alternatively you may migrate from 7.5 to 8.6 using Plesk Migration Manager, create a backup via Parallels Plesk Panel 8.6, convert it to 9 with pre9-backup-convert and restore on destination Parallels Plesk Panel 9.

Reference: parallels.com