Posts by dzchimp

dzchimp · May 25th 2013

Quote from c0urier

The first postgrey error is probably related to this?
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630353

Solution:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=630353#15

Thanks. The postgrey error was fixed by the bugfix.

However how do I go about fixing the bounce due to unknown user issue?

Latest log:

Code

#cat /var/log/mail.infoMay 25 08:35:50 hermes authdaemond: modules="authuserdb authpam", daemons=5May 25 08:35:50 hermes authdaemond: Installing libauthuserdbMay 25 08:35:50 hermes authdaemond: Installation complete: authuserdbMay 25 08:35:50 hermes authdaemond: Installing libauthpamMay 25 08:35:50 hermes authdaemond: Installation complete: authpamMay 25 08:35:50 hermes postfix/policyd-weight[676]: policyd-weight 0.1.15 devel-1 started and daemonized. conf:/etc/policyd-weight.conf; GID:110 110 EGID:110 110 UID:106 EUID:106; taint mode: 1May 25 08:35:50 hermes postfix/policyd-weight[676]: warning: cache_query: $csock couln't be created: connect: No such file or directory, calling spawn_cache()May 25 08:35:50 hermes postfix/policyd-weight[678]: cache spawnedMay 25 08:35:50 hermes postgrey[677]: Process BackgroundedMay 25 08:35:50 hermes postgrey[677]: 2013/05/25-08:35:50 postgrey (type Net::Server::Multiplex) starting! pid(677)May 25 08:35:50 hermes postgrey[677]: Binding to TCP port 10023 on host localhost#012May 25 08:35:50 hermes postgrey[677]: Setting gid to "111 111"May 25 08:35:50 hermes postgrey[677]: Setting uid to "107"May 25 08:35:51 hermes postfix/master[936]: daemon started -- version 2.7.1, configuration /etc/postfixMay 25 08:36:50 hermes postfix/pickup[942]: C52344041803: uid=0 from=<root>May 25 08:36:50 hermes postfix/cleanup[1481]: C52344041803: message-id=<20130525030650.C52344041803@hermes.joel.co.in>May 25 08:36:50 hermes postfix/qmgr[943]: C52344041803: from=<root@hermes.joel.co.in>, size=457, nrcpt=1 (queue active)May 25 08:36:50 hermes postfix/virtual[1483]: C52344041803: to=<joel@eyrie.in>, relay=virtual, delay=0.02, delays=0.01/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "joel@eyrie.in")May 25 08:36:50 hermes postfix/cleanup[1481]: C9C414041809: message-id=<20130525030650.C9C414041809@hermes.joel.co.in>May 25 08:36:50 hermes postfix/qmgr[943]: C9C414041809: from=<>, size=2218, nrcpt=1 (queue active)May 25 08:36:50 hermes postfix/bounce[1484]: C52344041803: sender non-delivery notification: C9C414041809May 25 08:36:50 hermes postfix/qmgr[943]: C52344041803: removedMay 25 08:36:50 hermes postfix/local[1485]: C9C414041809: to=<root@hermes.joel.co.in>, relay=local, delay=0.01, delays=0/0/0/0, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")May 25 08:36:50 hermes postfix/qmgr[943]: C9C414041809: removed

Some more details of my config:

Code

#postconf -n
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
append_at_myorigin = yes
append_dot_mydomain = no
biff = no
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
daemon_directory = /usr/lib/postfix
inet_interfaces = all
inet_protocols = ipv4, ipv6
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
local_transport = local
mail_spool_directory = /var/mail
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
message_size_limit = 0
mydestination = $myhostname, $mydomain
mydomain = hermes.joel.co.in.local
myhostname = hermes.joel.co.in
mynetworks_style = host
myorigin = $myhostname
recipient_delimiter = +
relay_domains = hash:/etc/postfix/imscp/relay_domains
setgid_group = postdrop
smtpd_banner = $myhostname ESMTP i-MSCP Git Master Managed
smtpd_data_restrictions = reject_multi_recipient_bounce, reject_unauth_pipelining
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname
smtpd_recipient_restrictions = reject_non_fqdn_recipient, permit_mynetworks, permit_sasl_authenticated, check_policy_service inet:127.0.0.1:12525, check_policy_service inet:127.0.0.1:10023, permit
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_security_options = noanonymous
smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, permit_mynetworks, permit_sasl_authenticated
transport_maps = hash:/etc/postfix/imscp/transport
virtual_alias_maps = hash:/etc/postfix/imscp/aliases
virtual_gid_maps = static:8
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_domains = hash:/etc/postfix/imscp/domains
virtual_mailbox_limit = 0
virtual_mailbox_maps = hash:/etc/postfix/imscp/mailboxes
virtual_minimum_uid = 999
virtual_uid_maps = static:999

Display More

dzchimp · May 24th 2013

After a fresh install of Debian 6 minimal and i-mscp, I've transitioned my sites to this server.

While trying a php form to send email, I found that my server was not sending out any email. Wordpress notifications werent being received.

I tried the following command in bash:

Code

echo "this is the body" | mail -s "this is the subject" "myname@mydomain.com"

And found this log:

Code

[root@hermes] /etc #tail -n 30 /var/log/mail.infoMay 24 23:36:37 hermes postgrey[4086]: 2013/05/24-23:36:37 postgrey (type Net::Server::Multiplex) starting! pid(4086)May 24 23:36:37 hermes postgrey[4086]: Binding to TCP port 10023 on host localhost#012May 24 23:36:37 hermes postgrey[685]: 2013/05/24-23:36:37 Server closing!May 24 23:36:37 hermes postgrey[685]: Couldn't unlink "/var/run/postgrey.pid" [Permission denied]May 24 23:36:38 hermes postfix/policyd-weight[562]: master: /etc/policyd-weight.conf reloadedMay 24 23:36:39 hermes postfix/policyd-weight[563]: cache: /etc/policyd-weight.conf reloadedMay 24 23:36:40 hermes postfix/master[975]: terminating on signal 15May 24 23:36:40 hermes postfix/master[4185]: daemon started -- version 2.7.1, configuration /etc/postfixMay 24 23:37:55 hermes postfix/pickup[4192]: B7272404180A: uid=0 from=<root>May 24 23:37:55 hermes postfix/cleanup[4310]: B7272404180A: message-id=<20130524180755.B7272404180A@hermes.myname.co.in>May 24 23:37:55 hermes postfix/qmgr[4193]: B7272404180A: from=<root@hermes.myname.co.in>, size=457, nrcpt=1 (queue active)May 24 23:37:55 hermes postfix/virtual[4312]: B7272404180A: to=<myname@mydomain.com>, relay=virtual, delay=0.02, delays=0.02/0/0/0, dsn=5.1.1, status=bounced (unknown user: "myname@mydomain.com")May 24 23:37:55 hermes postfix/cleanup[4310]: BA5A2404180B: message-id=<20130524180755.BA5A2404180B@hermes.myname.co.in>May 24 23:37:55 hermes postfix/bounce[4313]: B7272404180A: sender non-delivery notification: BA5A2404180BMay 24 23:37:55 hermes postfix/qmgr[4193]: BA5A2404180B: from=<>, size=2218, nrcpt=1 (queue active)May 24 23:37:55 hermes postfix/qmgr[4193]: B7272404180A: removedMay 24 23:37:55 hermes postfix/local[4314]: BA5A2404180B: to=<root@hermes.myname.co.in>, relay=local, delay=0.04, delays=0/0/0/0.04, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")May 24 23:37:55 hermes postfix/qmgr[4193]: BA5A2404180B: removedMay 24 23:53:04 hermes postfix/master[4185]: terminating on signal 15May 24 23:53:04 hermes postfix/master[4453]: daemon started -- version 2.7.1, configuration /etc/postfixMay 24 23:53:13 hermes postfix/pickup[4459]: 5E87C404180B: uid=0 from=<root>May 24 23:53:13 hermes postfix/cleanup[4465]: 5E87C404180B: message-id=<20130524182313.5E87C404180B@hermes.myname.co.in>May 24 23:53:13 hermes postfix/qmgr[4460]: 5E87C404180B: from=<root@hermes.myname.co.in>, size=457, nrcpt=1 (queue active)May 24 23:53:13 hermes postfix/virtual[4467]: 5E87C404180B: to=<myname@mydomain.com>, relay=virtual, delay=0.03, delays=0.02/0/0/0.01, dsn=5.1.1, status=bounced (unknown user: "myname@mydomain.com")May 24 23:53:13 hermes postfix/cleanup[4465]: 62DE1404180C: message-id=<20130524182313.62DE1404180C@hermes.myname.co.in>May 24 23:53:13 hermes postfix/qmgr[4460]: 62DE1404180C: from=<>, size=2218, nrcpt=1 (queue active)May 24 23:53:13 hermes postfix/bounce[4468]: 5E87C404180B: sender non-delivery notification: 62DE1404180CMay 24 23:53:13 hermes postfix/qmgr[4460]: 5E87C404180B: removedMay 24 23:53:13 hermes postfix/local[4469]: 62DE1404180C: to=<root@hermes.myname.co.in>, relay=local, delay=0.01, delays=0/0.01/0/0, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")May 24 23:53:13 hermes postfix/qmgr[4460]: 62DE1404180C: removed

My postfix conf:

Code

[root@hermes] /etc #cat postfix/main.cf
# Postfix directory settings; These are critical for normal Postfix MTA functionallity
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
# Some common configuration parameters
inet_protocols = ipv4, ipv6
inet_interfaces = all
mynetworks_style = host
myhostname = hermes.joel.co.in
mydomain = hermes.joel.co.in.local
myorigin = $myhostname
smtpd_banner = $myhostname ESMTP i-MSCP Git Master Managed
setgid_group = postdrop
# Receiving messages parameters
mydestination = $myhostname, $mydomain
append_dot_mydomain = no
append_at_myorigin = yes
local_transport = local
transport_maps = hash:/etc/postfix/imscp/transport
relay_domains = hash:/etc/postfix/imscp/relay_domains
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
# Delivering local messages parameters
mail_spool_directory = /var/mail
# Mailboxquota
# => 0 for unlimited
# => 104857600 for 100 MB
mailbox_size_limit = 0
mailbox_command = procmail -a "$EXTENSION"
# Message size limit
# => 0 for unlimited
# => 104857600 for 100 MB
message_size_limit = 0
biff = no
recipient_delimiter = +
local_destination_recipient_limit = 1
local_recipient_maps = unix:passwd.byname $alias_database
# i-MSCP Autoresponder parameters
imscp-arpl_destination_recipient_limit = 1
# Delivering virtual messages parameters
virtual_mailbox_base = /var/mail/virtual
virtual_mailbox_limit = 0
virtual_mailbox_domains = hash:/etc/postfix/imscp/domains
virtual_mailbox_maps = hash:/etc/postfix/imscp/mailboxes
virtual_alias_maps = hash:/etc/postfix/imscp/aliases
virtual_minimum_uid = 999
virtual_uid_maps = static:999
virtual_gid_maps = static:8
# SASL parameters
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_authenticated_header = yes
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks,
permit_sasl_authenticated,
reject_invalid_helo_hostname,
reject_non_fqdn_helo_hostname
smtpd_sender_restrictions = reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit_mynetworks,
permit_sasl_authenticated
smtpd_recipient_restrictions = reject_non_fqdn_recipient,
# reject_unknown_recipient_domain,
permit_mynetworks,
permit_sasl_authenticated,
# reject_unauth_destination,
# reject_unlisted_recipient,
check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:10023,
permit
smtpd_data_restrictions = reject_multi_recipient_bounce,
reject_unauth_pipelining
# TLS parameters
#smtpd_tls_security_level = may
#smtpd_tls_loglevel = 2
#smtpd_tls_cert_file = /etc/imscp/hermes.joel.co.in.pem
#smtpd_tls_key_file = /etc/imscp/hermes.joel.co.in.pem
#smtpd_tls_auth_only = no
#smtpd_tls_received_header = yes
# AMaViS parameters; activate, if available/used
#content_filter = amavis:[127.0.0.1]:10024
# Quota support; activate, if available/used
#virtual_create_maildirsize = yes
#virtual_mailbox_extended = yes
#virtual_mailbox_limit_maps = mysql:/etc/postfix/mysql_virtual_mailbox_limit_maps.cf
#virtual_mailbox_limit_override = yes
#virtual_maildir_limit_message = "The user you're trying to reach is over mailbox quota."
#virtual_overquota_bounce = yes

Display More

How can I check what's wrong?

dzchimp · Apr 10th 2013

Quote from Nuxwin

Hello ;

Have you read the status of the master branch at top of forum ? ----> Git master branch status on 08.04.2013: Broken

If we are providing such information, it's not for nothing..

When the status will be back to Working, you will be able to update.

Display More

I confess that I did not look at the status before pulling. My mistake. The last time I checked was a couple of days ago, when it showed the status "Stabilization period". I assumed that it was still at that.

I appreciate the dynamic nature of this kind of development. However at the moment, four of my sites are down, with no way to upgrade or uninstall. Could you perhaps give me an outline a manual uninstallation procedure so that I can redo the installation on one of the RC versions?
[hr]
I managed to uninstall it after manually correcting at least 5 different perl syntax errors in the uninstall script(s). Unfortunately, by the time I finished the uninstallation, the directory /var/www/imscp was removed by the script, so I dont have documentation of the errors which I corrected.

Anyway, there are a lot of double $ signs in the scripts, and one occasion where a local variable was not declared with "my". I have fixed these and managed to uninstall the git master. I'll install an RC version on my site, and try to curb my tendency to get the "latest" one.

dzchimp · Apr 10th 2013

I tried to upgrade from previous git master to current git master.

I did a git pull followed by perl imscp-autoinstall. The installation failed with the following error:

Code

[ WARNINGS ]
Servers::httpd::apache_fcgi::start: [Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[Wed Apr 10 07:09:46 2013] [warn] VirtualHost 198.23.228.223:80 overlaps with VirtualHost 198.23.228.223:80, the first has precedence, perhaps you need a NameVirtualHost directive
[ ERRORS ]
main::setupRebuildCustomerFiles:
[ ERRORS ]
iMSCP::Debug::END: Exit code is 1!
[ ERRORS ]
iMSCP::Debug::END: Exit code is 1!

Display More

Now, everything in the domain control panel shows "Modification in progress". I'm unable to edit anything.

dzchimp · Mar 22nd 2013

Thank you! It started working. I just needed to add the certificates and keys. Cool.

dzchimp · Mar 22nd 2013

I have tried the following to install an SSL certificate on one of my domains. I have copied the default-ssl file from /etc/apache2/sites-available to /etc/apache2/sites-available/vettathu.com.conf, and made the following changes so ultimately it reads as:

Code

<IfModule mod_ssl.c><VirtualHost 50.7.228.37:443> ServerAdmin webmaster@vettathu.com ServerName www.vettathu.com ServerAlias www.vettathu.com vettathu.com vu2003als3.r2d2.joel.co.in DocumentRoot /var/www/virtual/joel.co.in/vettathu.com/htdocs <Directory /var/www/virtual/joel.co.in/vettathu.com/htdocs/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /var/www/virtual/joel.co.in/vettathu.com/cgi-bin/ <Directory "/var/www/virtual/joel.co.in/vettathu.com/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel info CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM SSLCertificateFile /etc/apache2/certificates/ssl.crt SSLCertificateKeyFile /etc/apache2/certificates/ssl.key SSLCertificateChainFile /etc/apache2/certificates/sub.class1.server.ca.pem CustomLog /var/log/apache2/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" # A self-signed (snakeoil) certificate can be created by installing # the ssl-cert package. See # /usr/share/doc/apache2.2-common/README.Debian.gz for more info. # If both key and certificate are stored in the same file, only the # SSLCertificateFile directive is needed. #SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem #SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key # Server Certificate Chain: # Point SSLCertificateChainFile at a file containing the # concatenation of PEM encoded CA certificates which form the # certificate chain for the server certificate. Alternatively # the referenced file can be the same as SSLCertificateFile # when the CA certificates are directly appended to the server # certificate for convinience. #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt # Certificate Authority (CA): # Set the CA certificate verification path where to find CA # certificates for client authentication or alternatively one # huge file containing all of them (file must be PEM encoded) # Note: Inside SSLCACertificatePath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCACertificatePath /etc/ssl/certs/ #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt # Certificate Revocation Lists (CRL): # Set the CA revocation path where to find CA CRLs for client # authentication or alternatively one huge file containing all # of them (file must be PEM encoded) # Note: Inside SSLCARevocationPath you need hash symlinks # to point to the certificate files. Use the provided # Makefile to update the hash symlinks after changes. #SSLCARevocationPath /etc/apache2/ssl.crl/ #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl # Client Authentication (Type): # Client certificate verification type and depth. Types are # none, optional, require and optional_no_ca. Depth is a # number which specifies how deeply to verify the certificate # issuer chain before deciding the certificate is not valid. #SSLVerifyClient require #SSLVerifyDepth 10 # Access Control: # With SSLRequire you can do per-directory access control based # on arbitrary complex boolean expressions containing server # variable checks and other lookup directives. The syntax is a # mixture between C and Perl. See the mod_ssl documentation # for more details. #<Location /> #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ #</Location> # SSL Engine Options: # Set various options for the SSL engine. # o FakeBasicAuth: # Translate the client X.509 into a Basic Authorisation. This means that # the standard Auth/DBMAuth methods can be used for access control. The # user name is the `one line' version of the client's X.509 certificate. # Note that no password is obtained from the user. Every entry in the user # file needs this password: `xxj31ZMTZzkVA'. # o ExportCertData: # This exports two additional environment variables: SSL_CLIENT_CERT and # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the # server (always existing) and the client (only existing when client # authentication is used). This can be used to import the certificates # into CGI scripts. # o StdEnvVars: # This exports the standard SSL/TLS related `SSL_*' environment variables. # Per default this exportation is switched off for performance reasons, # because the extraction step is an expensive operation and is usually # useless for serving static content. So one usually enables the # exportation for CGI and SSI requests only. # o StrictRequire: # This denies access when "SSLRequireSSL" or "SSLRequire" applied even # under a "Satisfy any" situation, i.e. when it applies access is denied # and no other module can change it. # o OptRenegotiate: # This enables optimized SSL connection renegotiation handling when SSL # directives are used in per-directory context. SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /var/www/virtual/joel.co.in/vettathu.com/cgi-bin> SSLOptions +StdEnvVars </Directory> # SSL Protocol Adjustments: # The safe and default but still SSL/TLS standard compliant shutdown # approach is that mod_ssl sends the close notify alert but doesn't wait for # the close notify alert from client. When you need a different shutdown # approach you can use one of the following variables: # o ssl-unclean-shutdown: # This forces an unclean shutdown when the connection is closed, i.e. no # SSL close notify alert is send or allowed to received. This violates # the SSL/TLS standard but is needed for some brain-dead browsers. Use # this when you receive I/O errors because of the standard approach where # mod_ssl sends the close notify alert. # o ssl-accurate-shutdown: # This forces an accurate shutdown when the connection is closed, i.e. a # SSL close notify alert is send and mod_ssl waits for the close notify # alert of the client. This is 100% SSL/TLS standard compliant, but in # practice often causes hanging connections with brain-dead browsers. Use # this only for browsers where you know that their SSL implementation # works correctly. # Notice: Most problems of broken clients are also related to the HTTP # keep-alive facility, so you usually additionally want to disable # keep-alive for those clients, too. Use variable "nokeepalive" for this. # Similarly, one has to force some clients to use HTTP/1.0 to workaround # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and # "force-response-1.0" for this. BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # MSIE 7 and newer should be able to use keepalive BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown</VirtualHost></IfModule>

The certificates from StartSSL have been copied to the locations corresponding to the following directives:
SSLCertificateFile /etc/apache2/certificates/ssl.crt
SSLCertificateKeyFile /etc/apache2/certificates/ssl.key
SSLCertificateChainFile /etc/apache2/certificates/sub.class1.server.ca.pem

Now, on restarting the server and accessing https://vettathu.com, I get the following error:

Code

You don't have permission to access /index.php on this server.

The site is a wordpress multisite install, and .htaccess is as follows:

Code

RewriteEngine OnRewriteBase /RewriteRule ^index\.php$ - [L]# uploaded filesRewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]RewriteCond %{REQUEST_FILENAME} -f [OR]RewriteCond %{REQUEST_FILENAME} -dRewriteRule ^ - [L]RewriteRule . index.php [L]

If instead of the wordpress index.php, I create a index.html, https://vettathu.com/index.html loads correctly with SSL. Could someone guide me on how to fix the Wordpress site with SSL?

Error logs:

Code

tail -n 30 /var/log/apache2/error.log
[Fri Mar 22 22:28:55 2013] [info] [client 59.93.42.134] Connection to child 22 established (server www.vettathu.com:443)
[Fri Mar 22 22:28:55 2013] [info] Seeding PRNG with 648 bytes of entropy
[Fri Mar 22 22:28:55 2013] [info] Initial (No.1) HTTPS request received for child 13 (server www.vettathu.com:443)
[Fri Mar 22 22:28:56 2013] [info] Subsequent (No.2) HTTPS request received for child 13 (server www.vettathu.com:443)
[Fri Mar 22 22:28:56 2013] [error] [client 59.93.42.134] File does not exist: /var/www/virtual/joel.co.in/vettathu.com/htdocs/favicon.ico
[Fri Mar 22 22:28:56 2013] [info] [client 59.93.42.134] Connection to child 12 established (server www.vettathu.com:443)
[Fri Mar 22 22:28:56 2013] [info] Seeding PRNG with 648 bytes of entropy
[Fri Mar 22 22:29:09 2013] [info] [client 59.93.42.134] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Fri Mar 22 22:29:09 2013] [info] [client 59.93.42.134] Connection closed to child 12 with abortive shutdown (server www.vettathu.com:443)
[Fri Mar 22 22:29:11 2013] [info] [client 59.93.42.134] (70007)The timeout specified has expired: SSL input filter read failed.
[Fri Mar 22 22:29:11 2013] [info] [client 59.93.42.134] Connection closed to child 13 with standard shutdown (server www.vettathu.com:443)
[Fri Mar 22 22:29:16 2013] [info] [client 59.93.42.134] Request header read timeout
[Fri Mar 22 22:29:16 2013] [info] [client 59.93.42.134] (70007)The timeout specified has expired: SSL input filter read failed.
[Fri Mar 22 22:29:16 2013] [info] [client 59.93.42.134] Connection closed to child 22 with standard shutdown (server www.vettathu.com:443)
[Fri Mar 22 22:31:52 2013] [info] [client 59.93.42.134] Connection to child 18 established (server www.vettathu.com:443)
[Fri Mar 22 22:31:52 2013] [info] Seeding PRNG with 648 bytes of entropy
[Fri Mar 22 22:31:52 2013] [info] [client 59.93.42.134] Connection to child 24 established (server www.vettathu.com:443)
[Fri Mar 22 22:31:52 2013] [info] Seeding PRNG with 648 bytes of entropy
[Fri Mar 22 22:31:53 2013] [info] Initial (No.1) HTTPS request received for child 18 (server www.vettathu.com:443)
[Fri Mar 22 22:31:54 2013] [info] [client 59.93.42.134] Connection to child 21 established (server www.vettathu.com:443)
[Fri Mar 22 22:31:54 2013] [info] Seeding PRNG with 648 bytes of entropy
[Fri Mar 22 22:31:54 2013] [info] Subsequent (No.2) HTTPS request received for child 18 (server www.vettathu.com:443)
[Fri Mar 22 22:31:54 2013] [error] [client 59.93.42.134] File does not exist: /var/www/virtual/joel.co.in/vettathu.com/htdocs/favicon.ico
[Fri Mar 22 22:32:09 2013] [info] [client 59.93.42.134] (70007)The timeout specified has expired: SSL input filter read failed.
[Fri Mar 22 22:32:09 2013] [info] [client 59.93.42.134] Connection closed to child 18 with standard shutdown (server www.vettathu.com:443)
[Fri Mar 22 22:32:09 2013] [info] [client 59.93.42.134] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Fri Mar 22 22:32:09 2013] [info] [client 59.93.42.134] Connection closed to child 21 with abortive shutdown (server www.vettathu.com:443)
[Fri Mar 22 22:32:13 2013] [info] [client 59.93.42.134] Request header read timeout
[Fri Mar 22 22:32:13 2013] [info] [client 59.93.42.134] (70007)The timeout specified has expired: SSL input filter read failed.
[Fri Mar 22 22:32:13 2013] [info] [client 59.93.42.134] Connection closed to child 24 with standard shutdown (server www.vettathu.com:443)

Display More

dzchimp · Mar 19th 2013

Quote from o-leary

Secondly I would like to know if you are likely to implement something to do this on a per user basis in the future? The ability to move domains between servers and import/export would surely be welcomed by all. And for the purposes of my above mentioned hosting system it would mean distributing the mirroring tasks over time so the servers are not overloaded.

Hi,
If by making it per user, you mean you want it to make seperate backups for each user-i.e it should backup only his files and databases per backup task, it should be possible. At the moment, the only thing needed is to modify fullbackup.conf with the subdirectory (corresponding to the main domain of the user), and also add the database names of other users, in the function which excludes databases from backup.

If you need this to be automated, I'll need to implement a system to read the main directory of the user, and the database allocation from imcp database. Possible, but requires me taking a deeper look at the organization of i-mscp database. Managing a single user server, it wasnt important for me. But it can be done. Maybe later.

dzchimp · Mar 14th 2013

Backup Master is a bash based script which works alongside the i-mscp system (in that it is tweaked to work with the imscp database and paths), but silently in the background. It can backup in a single command line option, all the existing mysql databases, and the entire virtual server (customizable) to the server. It can optionally transfer the backups to a remote server of your choice-both sftp and ftp protocols are accepted. ftp has batch upload/download/mirror facility.

The script uses a custom csv based database to keep track of the backup files, and these are called task files. The collection of task files, has details regarding all the files and databases backed up, and these are stored with the date and time of backups in the filename. These can be restored at will.

The script has command line options to make it useful as cronjobs.

Everything is automated. At the end of the process, you will receive an email notification of the scheduled job done.

Options and sensitive information are seperated from the main script. All options are heavily customizable.

The script is GPL3, and suggestions, improvements, critiques are welcome. It is in beta. At the moment, the script will not touch the imscp tables and are not made to work with the LOCK on SQL system databases. So be prepared to change your imscp user passwords after a restore.

Download Link: https://bitbucket.org/droidzone/backupmaster

Installation:

Code

git clone git@bitbucket.org:droidzone/backupmaster.git

Now copy all the files to a location in your path, and modify fullbackup.conf and fullbackup.dat as per your customized information. [/size]

Run it with:

Code

./fullbackup

dzchimp · Mar 4th 2013

I have setup a catch all for one of my domains, and tested it with an email sent from a hotmail.com id. It seemed delayed for around 5-10 minutes, so I checked the mail logs and found this:

Code

Mar 4 19:33:08 myhost postfix/smtpd[23828]: connect from blu0-omc1-s9.blu0.hotmail.com[65.55.116.20]Mar 4 19:33:10 myhost postfix/policyd-weight[20302]: weighted check: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .outlook. - helo: .blu0-omc1-s9.blu0.hotmail. - helo-domain: .hotmail.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; <client=65.55.116.20> <helo=blu0-omc1-s9.blu0.hotmail.com> <from=parkerttgm@outlook.com> <to=test@mydomain.com>; rate: -8.5Mar 4 19:33:10 myhost postfix/policyd-weight[20302]: decided action=PREPEND X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .outlook. - helo: .blu0-omc1-s9.blu0.hotmail. - helo-domain: .hotmail.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -8.5; <client=65.55.116.20> <helo=blu0-omc1-s9.blu0.hotmail.com> <from=parkerttgm@outlook.com> <to=test@mydomain.com>; delay: 1sMar 4 19:33:10 myhost postgrey[20094]: action=greylist, reason=new, client_name=blu0-omc1-s9.blu0.hotmail.com, client_address=65.55.116.20, sender=parkerttgm@outlook.com, recipient=test@mydomain.comMar 4 19:33:10 myhost postfix/smtpd[23828]: NOQUEUE: reject: RCPT from blu0-omc1-s9.blu0.hotmail.com[65.55.116.20]: 450 4.2.0 <test@mydomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/mydomain.com.html; from=<parkerttgm@outlook.com> to=<test@mydomain.com> proto=ESMTP helo=<blu0-omc1-s9.blu0.hotmail.com>Mar 4 19:33:10 myhost postfix/smtpd[23828]: disconnect from blu0-omc1-s9.blu0.hotmail.com[65.55.116.20]Mar 4 19:34:08 myhost imapd: LOGIN, user=parkertt@mydomain.com, ip=[::ffff:192.157.59.133], port=[49449], protocol=IMAPMar 4 19:34:08 myhost imapd: LOGOUT, user=parkertt@mydomain.com, ip=[::ffff:192.157.59.133], headers=0, body=0, rcvd=92, sent=444, time=0Mar 4 19:34:10 myhost postfix/smtpd[23828]: connect from blu0-omc1-s9.blu0.hotmail.com[65.55.116.20]Mar 4 19:34:11 myhost postfix/policyd-weight[20302]: decided action=PREPEND X-policyd-weight: using cached result; rate: -8.5; <client=65.55.116.20> <helo=blu0-omc1-s9.blu0.hotmail.com> <from=parkerttgm@outlook.com> <to=test@mydomain.com>; delay: 1sMar 4 19:34:11 myhost postgrey[20094]: action=greylist, reason=early-retry (239s missing), client_name=blu0-omc1-s9.blu0.hotmail.com, client_address=65.55.116.20, sender=parkerttgm@outlook.com, recipient=test@mydomain.comMar 4 19:34:11 myhost postfix/smtpd[23828]: NOQUEUE: reject: RCPT from blu0-omc1-s9.blu0.hotmail.com[65.55.116.20]: 450 4.2.0 <test@mydomain.com>: Recipient address rejected: Greylisted, see http://postgrey.schweikert.ch/help/mydomain.com.html; from=<parkerttgm@outlook.com> to=<test@mydomain.com> proto=ESMTP helo=<blu0-omc1-s9.blu0.hotmail.com>Mar 4 19:34:11 myhost postfix/smtpd[23828]: disconnect from blu0-omc1-s9.blu0.hotmail.com[65.55.116.20]

How is this greylisting controlled/configured, and how is possible to relax the rules to get email properly?

Edit:
Ok, I figured it out myself.

Apparently the greylisting is controlled by a service called postgrey. It is started by postfix.

To disable postgrey, comment out the consecutive lines from /etc/postfix/main.cf:

Code

check_policy_service inet:127.0.0.1:12525,
check_policy_service inet:127.0.0.1:10023,

Restart postfix:
/etc/init.d/postfix restart

And mail starts arriving fast now.
I know postgrey is a spam protection feature. However I dont need it.

dzchimp · Mar 4th 2013

Quote from fluser

Can you post the details of:
aptitude search sendmail

Here it is:

Code

root@force:~# aptitude search sendmail
p dhis-mx-sendmail-engine - Dynamic Host Information System - sendmail MX engine
p geany-plugin-sendmail - mailer plugin for Geany
i libmail-sendmail-perl - Send email from a perl script
p libsendmail-milter-perl - Interface to Sendmail's Mail Filter API
p libsendmail-pmilter-perl - A Perl implementation of the Sendmail Milter protocol
p python-zope.sendmail - Mail sending library for zope
pB sendmail - powerful, efficient, and scalable Mail Transport Agent
p sendmail-base - powerful, efficient, and scalable Mail Transport Agent
pB sendmail-bin - powerful, efficient, and scalable Mail Transport Agent
p sendmail-cf - powerful, efficient, and scalable Mail Transport Agent
p sendmail-doc - powerful, efficient, and scalable Mail Transport Agent

Display More

[hr]
It seemed to have been 'libmail-sendmail-perl'

Doing a 'apt-get remove sendmail*' seems to have done the trick

Edit2: I also had to unset the exec permission on the sendmail startup file in /etc/init.d/sendmail

Posts by dzchimp

Why doesnt my server send emails with postfix from php?

Why doesnt my server send emails with postfix from php?

Upgrade issue

Upgrade issue

Installing a SSL certificate on a domain and using Wordpress

Installing a SSL certificate on a domain and using Wordpress

Introducing Backup master - A complete bash based solution to backup/restore tasks

Introducing Backup master - A complete bash based solution to backup/restore tasks

Recipient address rejected: Greylisted

[DEBIAN] How to properly remove sendmail completely