qmail is vulnerable… switch to postfix [HOWTO]

It just got to my ears that qmail contains a known vulnerability that might lead to massive abuse of the mail system and your server. What happens now is that usually mail transfer agents (MTA’s) require that you write a complete e-mail address when sending an e-mail, something like “george@wirelessisfun.com” but qmail may accept mails addressed to simple usernames like “administrator” or “george“. When trying to send those e-mails, of course it will realize that the  address is incorect, and it will send a non delivery report back to the originating user.

Now, do the math, and count the reports sent back for a spam frenzy of a few thousand SPAM mails sent by a malicious user. That will put quite a strain on your server, and possibly on other servers.

I only had qmail on a Parallels Plesk powered server, so below you can read how to switch from qmail to postfix, the other Plesk supported MTA.

Use an ssh client to connect to your server, make sure you have root privileges, and run the following command:

/usr/local/psa/admin/bin/mailmng –features | grep -i smtp_server

if the output of that command is:

$features[‘SMTP_Server’] = “Postfix”;
$features[‘SMTP_Server_package’] = “postfix”;

you are safe, and good to go, but if the output of the above command is:

$features[‘SMTP_Server’] = “QMail”;
$features[‘SMTP_Server_package’] = “psa-qmail”;

you should change to postfix. It’s quite simple, you just need to run the following command:

/usr/local/psa/admin/sbin/autoinstaller –select-release-current –install-component postfix

That should be it. The Parallels Plesk knowledge base has an MTA change article aswell, here: http://kb.parallels.com/5801

Plesk Bandwidth reporting error

I managed to bump my head into this situation a few times, and I think some of you have too, or will in the future.

The DomainsTraffic table in the Plesk psa database gets a weird value, usually quite huge, and the traffic stats for a certain domain will skyrocket overnight from values of a couple hundred MB’s usually to several GB’s. Domains get suspended, customers get pissed and the “techies”  got work to do.

It’s actually easy to find the problem and fix it:

Log into your Plesk server as root, enter mysql and find the domain in question using the psa database:

[root@nl-ams-sp1 ~]# mysql -uadmin -p`cat /etc/psa/.psa.shadow`
mysql> use psa;
mysql> select * from domains where name = "wirelessisfun.com";

Find the day where the records got corrupted and are causing the erroneous report:

mysql> select dom_id,date,http_in,http_out from DomainsTraffic where dom_id =(select id from domains where name = "wirelessisfun.com");

This will output quite some data, but the culprit line will be really obvious:

+——–+————+———+————–+
| dom_id | date | http_in | http_out |
+——–+————+———+————–+
[snip]
| 316 | 2010-08-02 | 0 | 472399336 |
| 316 | 2010-08-03 | 0 | 491239251 |
| 316 | 2010-08-04 | 0 | 470982351 |
| 316 | 2010-08-05 | 0 | 470829065 |
| 316 | 2010-08-06 | 0 | 493939844 |
| 316 | 2010-08-07 | 0 | 454701317 |
| 316 | 2010-08-08 | 0 | 100221521161 |
| 316 | 2010-08-09 | 0 | 144318797 |
+——–+————+———+————–+

Now, that you know the corrupted line, just update the http_out value with something similar to the days before, I used the exact value as the previous day.
Make sure you replace “wirelessisfun.com” with the actual domain name, and the date value with the date in question:

mysql> update DomainsTraffic set http_out = "454701317" where dom_id =(select id from domains where name = "wirelessisfun.com") AND date = "2010-08-08";

The MySQL output should be something like:

Query OK, 1 row affected (0.03 sec)
Rows matched: 1 Changed: 1 Warnings: 0

Now that the record for the domain traffic has been fixed, you can wait for the statistics script to run during the night, and the clients traffic will be updated automatically, or you can simply re-run the statistics for that domain from your bash prompt like this:

[root@nl-ams-sp1 ~]# /usr/local/psa/admin/sbin/statistics --calculate-one --domain-name=wirelessisfun.com

Simple enough, right? Use the above tip at your own risk, it worked for me everytime.

[Plesk] upgrade / autoinstaller

I was upgrading a plesk install today (linux based), using the plesk CP (Server / Updater) and I don’t like looking at an interface that says “You will receive an e-mail once the install is complete”.

A very simple solution for people that “need” to know what’s happening and don’t like waiting for an e-mail, is to log in the server using ssh (you can use PuTTY for that) go to /tmp:

cd /tmp

and do a:

ls -asl *log

You should see all the files ending in *log (beware, there might be quite a few files to match that pattern), and among them something like:

712 -rw——-  1 root root 724202 Aug  6 03:00 autoinstaller3.log

As soon as you locate that file, you can “tail” it. In my case:

tail -f autoinstaller3.log

Et voila, you will be able to see what’s happening with the upgrade process. To stop following the upgrade process, just pres Ctrl+C and you will get back to the bash prompt.

[PLESK] removing/modifying open_basedir in plesk

Let’s think about a situation where you have a subdomain and you want it to be able to access files from the domain httpdocs directory. You cannot do that by default in Plesk, because of open_basedir. You can edit the httpd.include file in:

/var/www/vhosts/domain.com/conf/httpd.include

but that will only work until the next plesk restart or major modification.

But, the httpd.include file that manages a domain and subdomain explicitly says:

# ATTENTION!
# DO NOT MODIFY THIS FILE OR ANY PART OF IT. THIS CAN RESULT IN IMPROPER PLESK
# FUNCTIONING OR FAILURE, CAUSE DAMAGE AND LOSS OF DATA. IF YOU REQUIRE CUSTOM
# MODIFICATIONS TO BE APPLIED TO THE CONFIGURATION, PLEASE, PERFORM THEM IN THE
# FOLLOWING FILE(S):
# /var/www/vhosts/domain.com/conf/vhost.conf
# /var/www/vhosts/domain.com/subdomains/subdomain-name/conf/vhost.conf

So, disabling open_basedir is *usually* as simple as editing the vhost.conf file (or create it if it does not exist), and adding:

Entire HOWTO here.