Posts by kess

kess · Sep 1st 2016

Quote from Nuxwin

@KH2015

We could check the sender for the mails that are sent through sendmail. We need only add an SMTP restriction (at the right place)... But by doing this, that would mean that any system user which must be able to send mail (such as the root user) should be listed as allowed sender (including the host domain name).

Another approach would be to only allow SASL authenticated users but this would make the PHP mail() function unworkable. Thus, the users would be forced to use a smtp library to be able to authenticate through SASL.

Display More

A lot of hosting companies are permitting only SASL authenticated users to send mail. The PHP mail() function is disabled...
Just chioces...

kess · Sep 1st 2016

@Nuxwin,
sorry for late reply.

To answer your questions:
- Every DNS Server is configured as local resolver for himself only
- I'm queringg my DNS Server from outside networks, to resolve names/services configured on that specific DNS server (not as forwarder)

Another question: If I don't configure forwarders in the named .conf.options, and if my servers are configured to use 127.0.0.1 to resolve names, how can bind9 know where to forward queries of non locally managed records ?
Does it use root hints ? (because I don't want to use them)...

But anyway, if I remove the forwarders instruction, my servers can't resolve external names...

kess · Aug 30th 2016

In fact without that listener my bind 9 resolves perfectly DNS queries, but only for local domains or records directly inserted in the local database. I've built that listener (starting from one of yours) because my DNS wasn't able to resolve external names like google.com or security.debian.org or every other external domain.

I must say that these are not fresh debian installations. I've started time ago with ispcp on lenny, then it became i-MSCP in squeeze, then wheezy and now jessie. So perhaps something strange during upgrades and/or server moves and now on VMware has happened.

But the fact (in my specific situations) is that if I don't configure forwarders for bind9, external names are not resolved.

If you'd like to investigate more, it's not a problem for me, just tell me which additional informations you need

kess · Aug 30th 2016

Personally i use the standard way provided by i-MSCP setup to use my local resolver. The resolv.conf file is static for me, the entries are managed by i-MSCP.
I just use a listener in order to modify the DNS forwarders in /etc/bind/named.conf.options as shown below:

Perl

#!/usr/bin/perl=head1 NAME Listener::Bind9::Forwarders=cut# i-MSCP - internet Multi Server Control Panel# Copyright (C) 2013-2014 by Laurent Declercq## This program is free software; you can redistribute it and/or# modify it under the terms of the GNU General Public License# as published by the Free Software Foundation; either version 2# of the License, or (at your option) any later version.## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the# GNU General Public License for more details.## You should have received a copy of the GNU General Public License# along with this program; if not, write to the Free Software# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.## @category i-MSCP# @copyright 2013-2014 by Laurent Declercq# @author Laurent Declercq <l.declercq@nuxwin.com># @link http://i-mscp.net i-MSCP Home Site# @license http://www.gnu.org/licenses/gpl-2.0.html GPL v2package Listener::Bind9::Forwarders;use iMSCP::EventManager;use iMSCP::TemplateParser;=head1 DESCRIPTION Hook file which lets you configure your own Nameserver forwarders. Hook file compatible with i-MSCP >= 1.1.0=head1 PUBLIC METHODS=over 4=item addBind9Forwarders Add Nameserver Forwarders. Return int 0=cutsub addBind9Forwarders{ my ($cfgTpl, $tplName) = @_; if($tplName eq 'named.conf.options') { # Insert here your comma separated DNS Forwarders my $myForwarders = "1.2.3.4,5.6.7.8"; # END DNS Forwarders my @forwardersvalues = split(',', $myForwarders); $mysplitForwarders = ""; foreach my $forwarder (@forwardersvalues) { $mysplitForwarders = $mysplitForwarders . " " . $forwarder . ";\n"; } $$cfgTpl = replaceBloc( " // forwarders {\n // 0.0.0.0;\n", " // };\n", " forwarders {" . getBloc( " // forwarders {\n // 0.0.0.0;", " // };\n", $$cfgTpl ) . $mysplitForwarders . " };\n", $$cfgTpl ); } 0;}iMSCP::EventManager->getInstance()->register('afterNamedBuildConf', \&addBind9Forwarders);=back=head1 AUTHOR Laurent Declercq <l.declercq@nuxwin.com>=cut1;

File /etc/resolv.conf:

Code

# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
search xxxyyyzzz.com

kess · Aug 29th 2016

There you can just activate or deactivate the feature. You then need to edit your MX in the custom DNS resources.

kess · Aug 18th 2016

Owncloud files should be uploaded with ftp in binary mode. Then the integrity check will work.

kess · Aug 18th 2016

Code

mysql -u root -p<type your mysql root password here>use imscp;update plugin set plugin_status='disabled';

Then:

Code

perl imscp-autoinstall -d

Then open your panel, update all your plugins with the latest version, configure them again and the enable your new plugins.

kess · Aug 12th 2016

Hello guys,
as written in the other post, today I installed the last version on OpenDKIM plugin.

I'm using i-MSCP 1.3.0 on Debian 8 x 64 with php-fpm, proftpd, and OpenDKIM plugin is 1.1.1

In order to make OpenDKIM work correctly, after each domain activation (as reseller) I need to restart postfix and opendkim services.
If I don't restart both services after activating OpenDKIM for a specific domain, the e-mails are going out but without signature.

In the plugin log I can just find:

Code

[Fri Aug 12 13:20:26 2016] [debug] Modules::Plugin::_call: Calling run() method on Plugin::OpenDKIM

If you need any further informations, please feel free to ask.
Thank you, bye Kess.

kess · Aug 12th 2016

Hello guys,
I installed today the OpenDKIM plugin and everything seems to work more or less correctly.

Just a cosmetic issue with DNS record that is created.
Generally when I create a custom resource record and I type for example _dmarc, i-MSCP creates automatically something like _dmarc.domain.tld. (in the name column I mean)
The record created by OpenDKIM remains just mail._domainkey (without the ending dot)

It works, but just for you to know.

I'm using i-MSCP 1.3.0 on Debian 8 x 64 with php-fpm, proftpd, and OpenDKIM plugin is 1.1.1

Thank you, bye Kess

kess · Jul 25th 2016

If I remember correctly, you can mount the remote storage with davfs. Then you can use rsync or duplicity directly to upload your backups...

Posts by kess

Postfix: avoid sending with false sender address

What is your preferred method to setup your local resolver?

What is your preferred method to setup your local resolver?

What is your preferred method to setup your local resolver?

External mail servers edit is not present on i-MSCP 1.3.0 fresh installation

OwnCloud hangs with i-MSCP 1.3.0 and PHP-FPM

Another problem upgrade 1.1.17 to 1.3.0

OpenDKIM Services Restart

OpenDKIM DNS record

Sync from ftp to webdav