Posts by Delta04

Last night when I was updating two of our I-mscp servers I have encounter a problem that generated some problems due to cause of git-hub repository that was unreachable. The route problem was fixed after 5 hours, time that the server was crashed.
How about we start spreading the i-mscp packages world wide so that we will have multiple download locations and some kind of redundancy.

We can provide such a mirror in our data-center in Romania. Let's see how many of you have the opportunity to sustain such an idea.

It was also confusing to me the To metric. If I understand correctly, there are two HDD of 2TB each, connected in RAID 1. A lot of storage there and so little RAM Memory. What services are going to be hosted there?

I-mscp works great behind NAT, in cloud environment, if there are made some manual changes on the DNS tpl files. To be more exactly, you will have to modified in /etc/imscp/bind/parts , for domains db.tpl file and and for subdomains db_sub.tpl files.

For db.tpl, instead of {BASE_SERVER_IP}, {DOMAIN_IP} you must write your public IP. Also, in the DNS servers area, from

; dmn NS A entry BEGIN

ns{NS_NUMBER} IN {NS_IP_TYPE} {NS_IP}

; dmn NS A entry ENDING

to
; dmn NS A entry BEGIN
ns1 IN {NS_IP_TYPE} xx.xx.xx.xx
ns2 IN {NS_IP_TYPE} yy.yy.yy.yy
; dmn NS A entry ENDING

where xx.xx.xx.xx is your master DNS server IP and yy.yy.yy.yy secondary DNS server IP.

To make the sub-domains working, replace {DOMAIN_IP} with your public IP.

Tested on version i-MSCP 1.1.2.

If you want a better performance than MySQL, try I-mscp with Maria db. At this moment it has perfect compatibility with MySQL.
From my point of view, I would like to see i-mscp running under NAT in cloud environments. Best example, OpenStack and Amazon EC2.

It's so great to see a new fresh stable version of i-mscp. Congrats and keep on the good work!

The alias webmail was good because it is more easy to remember for the customer. From the security point of view you are right, still I did not have any attack on the webmail :P.

So, is not a bug, it's a feature.

The hostname and reverse IP is OK, and to be sure, the domain that I use is the main domanin from where the e-mails are sent. There must be something else...

A bit offtopic, there is a problem with the domain.tld/webmail redirect in the gitmaster version of 12 ian 2014.

Thanks for the answer. Last night I did some digging on the web and, indeed, the problem is not with the dkim or spf. Also the source of email says pass on those two,

Quote

spf=pass (google.com: domain of web@domain.tld designates 94.x.x.x as permitted sender) smtp.mail=web@domain.tld;
dkim=pass header.i=@domain.tld

It must be something else.

I have some problem with gmail, practically every mail sent from the server using opendkim / spf in gitmaster imscp version is landing in spam folder.
I have searched the web for info and I have found the following,

Quote

Messages with DKIM signatures use a key to sign messages. Messages signed with short keys can be easily spoofed (see http://www.kb.cert.org/vuls/id/268267), so a message signed with a short key is no longer an indication that the message is properly authenticated. To best protect our users, Gmail will begin treating emails signed with less than 1024-bit keys as unsigned, starting in January 2013. We highly recommend that all senders using short keys switch to RSA keys that are at least 1024-bits long.

Source

The question is, does the opendkim plugin generate 1024 bits long RSA key?

Thank you for the answer.
[hr]
According to this,

Quote

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; ....

I guess is a 256 bit key. Too weak for today's standards. I guess this is the reason that gmail treat those email as spam.

Is there a way to make it 1024 bit long?