Posts by TheCry

TheCry · Aug 23rd 2017

Quote from Nuxwin

As far as I known, most of providers DNS interfaces accept unquoted strings. When the string is longer than 255 bytes, the backend cut them (create the quoted strings).

Correct... My DNS provider only allows 255 bytes. So i must split the hole string in different parts like this

Code

"v=DKIM1; h=sha256; k=rsa; s=email; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/ExVpY7kE26VJFY1jiTSfxtZFaT/wZYsGNF4900TTpSZH055vECA67TRb+kzq1bsP0i+5yLrPZO02Kh" "6sGHc1k44WpzdlNv+mKpZrw8/Z1++OcrP1JnfM9OIyq1aY2C0ex7XdEaHRldpcTdqWDjBPAEEDW+W809xGVQNEV1rnlhcDCWet5na2D3nBnUit8IBLo8FyOxiI3STE" "mExqt6SBaeGJLpNNbnm741byRrr6qHf1sq6xyk0EKbJfLyOJrk20FJeva3o1AXwuOV9A9fbObjCpTzQlZdMTf0yHY2aS7nCzWnTsFDyt7uAotHstLjove3HhsXEIGM/tLRej1fyQIDAQAB"

The quotes are ok. This will work

TheCry · Aug 22nd 2017

Yes.. That is the code part

Code

$file = iMSCP::File->new( filename => "/etc/opendkim/keys/$domain/mail.txt" );my $fileContent = $file->get( );unless (defined $fileContent) {error( sprintf( "Couldn't read %s file", $file->{'filename'} ) );return 1;}$fileContent =~ s/"\n(.*)"p=/ p=/sgm; # Fix for Ubuntu 14.04 Trusty Tahr(my $txtRecord) = ($fileContent =~ /(".*")/);

This code will only take the first 2 lines.

Code

mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; ""p=MIIBIjANBgkqhkiG9w0vds<xdvbBAQEFAAOCAQ8AMIIBCgKCAQEAwrBTXhnPAwcUouftzopl8L0vOgrVdfgdfgafgWFgIt+HuXOVDV81a/H3Z492TbrV/C2DPHalI0aWlyx83457IYPq1pz72reygBXuvByNT4HIZZAmsdgfgdfgdj1UsVo+JQKniT9U60Ae1Fdi5wRpB48wyXNTEj7456RamhHrEuwsTufdfgdfgdfgT9VyhT6KPTzoRxddgpeMHF65LJgHeOpKCg1Yf+es4+/egbR57HYq1b7+p""41Cn19ZoVdn7UD67kL3A+rasd+ggfgJyqatnqwdjXZfsqo/Bgb79ZiMFCifUaTazoSnw/IBSk5iIov7M6AoC5G5zeGd+b6uV/HC3tLNCWlKloLhjjH8jN7Xvysc/fv3dffdsdasSAAEQnWXjfPIPp30eaP6o+3fnfQIDAQAB" ) ; ----- DKIM key mail for nodomain.tld

This line

Code

"41Cn19ZoVdn7UD67kL3A+rasd+ggfgJyqatnqwdjXZfsqo/Bgb79ZiMFCifUaTazoSnw/IBSk5iIov7M6AoC5G5zeGd+b6uV/HC3tLNCWlKloLhjjH8jN7Xvysc/fv3dffdsdasSAAEQnWXjfPIPp30eaP6o+3fnfQIDAQAB"

is not available in the GUI.

TheCry · Aug 22nd 2017

I'll will check it this evening. Thanks

TheCry · Aug 22nd 2017

That's clear with the several parts. I'd figuret this out.

But the key in i-MSCP GUI is not the same like the key in the file "mail.txt". The parser only gets the first 2 lines.
So if you copy paste from the GUI you add the wrong public key on the external DNS.

TheCry · Aug 22nd 2017

Hi..
There is a problem with the export of the public key under Debian Stretch.
In Debian Jessie the public key has only one line:

Code

mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIDSDV<SXVBS<Vb3DQEBAQUAA4GNADCBiQKBgQDHJ+8pG+jUnkP6166v7vecRiJeFmMaNyxcyxcwPPfKF869Z0A7TOOLXbtqGRPaoC38NUWznmiJ5+k2fPY8dfZgOkF76Dtafsrg<vbe+Pu+zfNHh4AF8ZNLc6ZP+p5Jr0iVtZ/LIXsM4kqKo+s39Tc5994EPNJYlkvihoRXVan4ye3tjbSA4Zrrede44wW6o4yO6wIDAQAB" ; ----- DKIM key mail for nodomain.tld

Under Debian Stretch the public key has 3 lines

Code

mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; s=email; "
"p=MIIBIjANBgkqhkiG9w0vds<xdvbBAQEFAAOCAQ8AMIIBCgKCAQEAwrBTXhnPAwcUouftzopl8L0vOgrVdfgdfgafgWFgIt+HuXOVDV81a/H3Z492TbrV/C2DPHalI0aWlyx83457IYPq1pz72reygBXuvByNT4HIZZAmsdgfgdfgdj1UsVo+JQKniT9U60Ae1Fdi5wRpB48wyXNTEj7456RamhHrEuwsTufdfgdfgdfgT9VyhT6KPTzoRxddgpeMHF65LJgHeOpKCg1Yf+es4+/egbR57HYq1b7+p"
"41Cn19ZoVdn7UD67kL3A+rasd+ggfgJyqatnqwdjXZfsqo/Bgb79ZiMFCifUaTazoSnw/IBSk5iIov7M6AoC5G5zeGd+b6uV/HC3tLNCWlKloLhjjH8jN7Xvysc/fv3dffdsdasSAAEQnWXjfPIPp30eaP6o+3fnfQIDAQAB" ) ; ----- DKIM key mail for nodomain.tld

I think the public key parser have to be changed for Debian Strecht. At the moment i get the public key on the console

Regards
Sascha

TheCry · Aug 5th 2017

EIne Suche hätte bestimmt geholfen:
opendkim Service unavailable

TheCry · Jul 31st 2017

Du musst einmal einen User in i-MSCP anlegen der von überall (%) oder von einer bestimmten IP-Adresse auf die Datenbank zugreifen darf.
Dann musst Du in der "/etc/mysql/my.cnf" die Zeile

Code

bind-address = 127.0.0.1

eine Raute vorsetzen

Code

#bind-address = 127.0.0.1

Anschließend MySQL Daemon restarten

Kleiner Tip am Rande! Ein offenes Port von MySQL wird gerne im Internet für Hack-Attacken gesucht.
Sichere das mit Fail2Ban ab. Dazu aktiere in der "/etc/mysql/my.cnf" folgendes:

Code

log_warnings = 278 log_error = /var/log/mysql/error.log

In Fail2Ban (/etc/fail2ban/jail.conf) musst Du dann den Filter "mysqld-auth" aktivieren:

Code

[mysqld-auth]
enabled = true
filter = mysqld-auth
port = 3306
maxretry = 2
bantime = 2592000
logpath = /var/log/mysql/error.log

Damit bist Du auf jeden Fall etwas geschützt!

TheCry · Jul 28th 2017

Die Datenbanken der User werden auch nicht durch das Setup von i-MSCP recovered.
Da musst Du schon in jeden Webspace gehen und wiederherstellen.

Was genau hast Du denn alles gesichert?

Btw.. Die Grants der einzelnen Datenbankbenutzer musst Du manuell durchführen. Dafür hat Nuxwin mir mal ein PHP-Skript gegeben

PHP

<?php
// Script which re-create SQL user from i-MSCP database
// Database which belong to SQL users are also created in case they do not exists
// Sets include path
set_include_path('.' . PATH_SEPARATOR . '/var/www/imscp/gui/library');
// Include core library
require_once 'imscp-lib.php';
$stmt = execute_query(
'
SELECT
t1.sqlu_id, t1.sqlu_name, t1.sqlu_pass, t2.sqld_name
FROM
sql_user t1
LEFT JOIN
sql_database t2 ON(t2.sqld_id = t1.sqld_id)
'
);
if($stmt->rowCount()) {
while($row = $stmt->fetchRow(PDO::FETCH_ASSOC)) {
$sqlUsername = $row['sqlu_name'];
$sqlPassword = $row['sqlu_pass'];
$sqlDatabase = $row['sqld_name'];
try {
if(!is_null($sqlDatabase)) {
execute_query('CREATE DATABASE IF NOT EXISTS ' . quoteIdentifier($sqlDatabase));
$sqlDatabase = preg_replace('/([_%\?\*])/', '\\\$1', $row['sqld_name']);
$query = 'GRANT ALL PRIVILEGES ON ' . quoteIdentifier($sqlDatabase) . '.* TO ?@? IDENTIFIED BY ?';
exec_query($query, array($sqlUsername, 'localhost', $sqlPassword));
exec_query($query, array($sqlUsername, '%', $sqlPassword));
} else {
exec_query('DELETE FROM sql_user WHERE sqlu_id = ?', $row['sqlu_id']);
}
} catch (iMSCP_Exception_Database $e) {
printf("An unexpected error occurred: %s", $e->getMessage());
}
}
}

Display More

TheCry · Jul 22nd 2017

Hi,
if i add an alias domain, at the end of the url the panel allways add a / at the end.
That is bad if i add an URL with simple html site:

Code

http://my-forward-domain.tld/forward-side.html

The panel makes this

Code

http://my-forward-domain.tld/forward-side.html/

Sascha

I'm using the latest stable under Debian Stretch

TheCry · Jul 19th 2017

Warum kopierst Du denn einen alten Thread i-mscp und Zarafa

Anscheinend hat sich damit noch niemand richtig beschäftigt. In solchen Fällen einfach mal eine VirtualBox installieren und selbst testen

Posts by TheCry

Wrong Public OpenDKIM key in GUI under Debian Stretch

Wrong Public OpenDKIM key in GUI under Debian Stretch

Wrong Public OpenDKIM key in GUI under Debian Stretch

Wrong Public OpenDKIM key in GUI under Debian Stretch

Wrong Public OpenDKIM key in GUI under Debian Stretch

Opendkim

mySQL externe Datenbank Verbindung

Server Wiederherstellung aus Backups

Domain Alias Forward always add / at the end

Zarafa und i-MSCP