How To Permanently Disable Http/ftp/mysql/courier With LXADMIN/KLAXO
Jun 30, 2009
I have a small VPS that is used only to send mail. It uses the HyperVM software, so I installed "Klaxo" (LXadmin) on it and set up the domain, etc..
I then went into the "Server : Linux --> Services" page and disabled everything except qmail. (I also set them so they are not auto-started at bootup.)
The problem is that after about 10 minutes or so... all the services are automatically restarted.
I have no idea what process is doing this, and it's driving me a little nutty.
Does anyone know how to permanently disable a service using the Klaxo/lxadmin control panel?
(Or at least, where I can find whatever monitoring system is checking if they are up, and then restarting them?)
View 2 Replies
ADVERTISEMENT
Dec 13, 2014
I am trying to secure my VPS and one thing noted in a recent scan was SSL v2 and v3 being supported for SMTP, POP3 and IMAP. So a check of ‘Disabling SSLv3 Support on Servers’ and the Postfix configuration settings suggest:
smtpd_tls_mandatory_exclude_ciphers = aNULL, MD5
# Preferred syntax with Postfix = 2.5:
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
This actually goes further than disabling SSLv2 and v3 and also excludes the use of NULL and MD5 ciphers.
The Postfix conf file, main.cf exists in two places on my VPS:
# find / -name main.cf
/usr/libexec/postfix/main.cf
/etc/postfix/main.cf
Examining both only the copy in /etc/postfix/ is configured and at the end of this file I can find all the Plesk settings, including some RBLs I’ve defined via the UI. Hence I know this is the working config as of the two, it’s the only one actually configured. Hence I add the required commands to the config:
...
smtpd_tls_key_file = $smtpd_tls_cert_file
smtpd_tls_security_level = may
smtpd_use_tls = yes
smtp_tls_security_level = may
[Code] ....
I then go to the Plesk Tools & Settings > Services Management and restart:
SMTP Server (Postfix)
And for good measure:
Plesk milter (Postfix)
I then test whether SSLv2 is enabled:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
Now what I should get back is an error as the attempt to connect with SSLv2 should fail as it's an excluded protocol, but instead what I get back is the Plesk cert and a connection:
# openssl s_client -connect x.x.x.x:25 -starttls smtp -ssl2
CONNECTED(00000003)
depth=0 C = US, ST = Virginia, L = Herndon, O = Parallels, OU = Parallels Panel, CN = Parallels Panel, emailAddress = info@parallels.com
verify error:num=18:self signed certificate
...
Why? What do I need to do to have Postfix use the updated config and refuse an SSL2 connection?
I seem to have the same issue with Courier having made similar changes to the /etc/courier-imap/pop3d-ssl file:
# Iain 2014-12-12
# TLS_CIPHER_LIST="SSLv3:TLSv1:HIGH:!LOW:!MEDIUM:!EXP:!NULL:!aNULL@STRENGTH"
TLS_CIPHER_LIST="TLSv1:HIGH:MEDIUM:!LOW:!EXP:!NULL:!aNULL@STRENGTH"
And /etc/courier-imap/imapd-ssl file:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1
actually, this should probably read:
# Iain 2014-12-12
# TLS_PROTOCOL=SSL23
TLS_PROTOCOL=TLS1, TLS1.1, TLD1.2
Why am I unable to disable SSL v2 and v3 for SMTP/POP3/IMAP with Postfix and Courier?
View 15 Replies
View Related
May 22, 2009
how disable php and openbase_dir on lxadmin?
i dont want php asp and ... .only html allowd
how can i do it?
i have lxadmin and centos
View 8 Replies
View Related
Oct 6, 2008
yesterday i setup my first vps system and now its hosting 2 forums of my. Thing is in evry 10 mints Mysql & courier-imap are restarting..? I know this from the lxadmin alert email. So is it normal or is it a problem in my configuration..? Im running cent os 5 now. And i also check the log.. there is entry like below in it..
Oct 6 13:43:07 vps_10013 pure-ftpd: (?@127.0.0.1) [INFO] Logout.
Oct 6 13:43:07 vps_10013 xinetd[8020]: EXIT: ftp status=255 pid=21638 duration=0(sec)
Oct 6 13:43:13 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=21637 duration=6(sec)
Oct 6 13:43:48 vps_10013 xinetd[8020]: START: smtp pid=21679 from=63.247.94.194
Oct 6 13:43:49 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=21679 duration=1(sec)
Oct 6 13:44:48 vps_10013 xinetd[8020]: START: smtp pid=21901 from=63.247.94.194
Oct 6 13:44:49 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=21901 duration=1(sec)
Oct 6 13:45:49 vps_10013 xinetd[8020]: START: smtp pid=22163 from=63.247.94.194
Oct 6 13:45:50 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=22163 duration=1(sec)
Oct 6 13:46:49 vps_10013 xinetd[8020]: START: smtp pid=22499 from=63.247.94.194
Oct 6 13:46:50 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=22499 duration=1(sec)
Oct 6 13:47:49 vps_10013 xinetd[8020]: START: smtp pid=23668 from=63.247.94.194
Oct 6 13:47:50 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=23668 duration=1(sec)
Oct 6 13:48:49 vps_10013 xinetd[8020]: START: smtp pid=23920 from=63.247.94.194
Oct 6 13:48:52 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=23920 duration=3(sec)
Oct 6 13:49:49 vps_10013 xinetd[8020]: START: smtp pid=24173 from=63.247.94.194
Oct 6 13:49:53 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=24173 duration=4(sec)
Oct 6 13:50:49 vps_10013 xinetd[8020]: START: smtp pid=26117 from=63.247.94.194
Oct 6 13:50:53 vps_10013 xinetd[8020]: EXIT: smtp status=1 pid=26117 duration=4(sec)
View 7 Replies
View Related
Jun 11, 2007
I have a series of web services that are exposed to the world via IIS. The problem is I only want users to have HTTPS access to these.
At the moment everything is working fine, however users can access services via HTTP (port 80) and HTTPS (port 443). Using the IIS manager I have attempted to remove port 80, however it will not allow me to do this.
So the question is, how can I close of HTTP access within IIS?
View 5 Replies
View Related
Feb 11, 2007
Hopefully I'm posting this in the correct area. Our server runs CentOS 4.4 on x86_64 arch.
So basically everything was going rather smoothly...
Problems began to arise at the point where I finished installing/configuring SquirrelMail. Upon logging in, I saw this:
[see attachment]
Ok, so I checked maillog and saw:
Feb 11 13:50:46 zeus imapd: LOGIN, user=alex, ip=[::ffff:127.0.0.1], protocol=IMAP
Feb 11 13:50:47 zeus imapd: Failed to connect to socket /tmp/fam--
Feb 11 13:50:47 zeus imapd: Failed to create cache file: maildirwatch (alex)
Feb 11 13:50:47 zeus imapd: Error: Input/output error
Feb 11 13:50:47 zeus imapd: Check for proper operation and configuration
Feb 11 13:50:47 zeus imapd: of the File Access Monitor daemon (famd).
Feb 11 13:50:47 zeus imapd: DISCONNECTED, user=alex, ip=[::ffff:127.0.0.1], headers=0, body=0, rcvd=21, sent=57, time=1
So I did some searching and determined it was a problem with Courier-IMAP being compiled with File Alteration Monitor support and famd not running (I built RPM directly from source tarball without any customization whatsoever per the instructions on the Courier website).
I found some possible solutions to be:
1) Install and run fam and be sure portmapper is running as well (problem being is that fam has since been replaced by gamin on CentOS, which is installed properly on my system).
2) Do a source install of Courier-IMAP and --disable-fam
Ok, so route 1 went like this: I uninstalled gamin, found fam-2.6.8, installed it, started it manually, made sure portmapper was running and tried again. This time, I still got the same errors in SquirrelMail, but the errors in maillog didn't show up. However, shortly after the page loaded, the famd process I had started manually promptly ended without my intervention. Ok, onto trying #2.
Route 2 went like this: reinstalled gamin, then I tried building a custom RPM by manually configuring with --disable-fam and then using rpmbuild -bc --short-circuit and rpmbuild -bi --short-circuit. That didn't change anything at all, I still had the same errors both with SquirrelMail and in maillog. Then I said ok, I'll just do a complete source install. ./configure --disable-fam && make && make install. Manually started that server, tried again, same deal, both errors.
So I've got problems. Either with Courier-IMAP, SquirrelMail, or both. The other daemons seem to run fine, I just mentioned them in case of the possibility of some kind of (unknown to me) conflict.
If you need to see any of my configs, let me know...any information greatly appreciated...I'm desperate.
View 1 Replies
View Related
Jul 26, 2009
Just recently we've been noticing our services repeatedly going down.
Ie. http, named, mysql
View 14 Replies
View Related
Jun 22, 2007
how i can limit http and mysql connection limit on per domain basis.
View 2 Replies
View Related
Jan 10, 2008
in one of our dedicated servers, when we go to WHM/Service Status / CPU Memory MySQL usage.. http server and MySQL process appears all 3 times...
is that normal?
i attach an email to be more clear.
View 3 Replies
View Related
Mar 20, 2007
I currently have a server for proxy websites only.
I have disabled MySQL, is that ok?
Will my statistics software still work (awstats)?
What else can i disable or do to optimize the server for proxy websites.
I'm using the phproxy scripts.
View 0 Replies
View Related
May 11, 2009
I rebuilt my VPS (again) today and noticed something different. Instead of the usual "Install LxAdmin" icon in HyperVM I read "Install Kloxo."
I looked at the demo and everything looked the same. Has anyone noticed any definite differences between the two? Has anything significant changed apart from the name?
View 3 Replies
View Related
Apr 26, 2009
How can I disable INSERT access to specific table.
The user should have full access the the DB except insert to specific table.
The tables_priv allow to set what enable and not what disable.
I'm using mysql v5
View 4 Replies
View Related
Aug 9, 2014
I installed the Google Authenticator extension, and the inevitable happened: my phone died.So now I am left without access to the Plesk panel.How can I disable the authentication in the SQL database, so I can login again?
View 1 Replies
View Related
Apr 7, 2007
I'm running centos 4.4 and i just installed another HD... seems like everytime I reboot the server, my mount is gone... This is what I have in my fstab:
mount /dev/sdb1 /drive2 defaults 1 3
View 3 Replies
View Related
May 6, 2009
I am trying to push my server to return Moved Permanently code and redirect these URLs to the main URL, but cant find the right code.
domain.com
w.domain.com
ww.domain.com
wwww.domain.com
to
www.domain.com
There are a number of codes available on the net and all supposed to do that, but which one is the eight one?
1)
Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domain.com [nc]
rewritecond %{http_host} ^w.domain.com [nc]
rewritecond %{http_host} ^ww.domain.com [nc]
rewritecond %{http_host} ^wwww.domain.com [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]
2)
Options +FollowSymLinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com
RewriteCond %{HTTP_HOST} ^w.example.com
RewriteCond %{HTTP_HOST} ^ww.example.com
RewriteCond %{HTTP_HOST} ^wwww.example.com
RewriteRule ^(.*)$ http://www.example.com/$1 [R=permanent,L]
3)
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain.com$ [NC]
RewriteCond %{HTTP_HOST} ^w.domain.com$ [NC]
RewriteCond %{HTTP_HOST} ^ww.domain.com$ [NC]
RewriteCond %{HTTP_HOST} ^wwww.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]
View 14 Replies
View Related
May 26, 2008
I use deflate to prevent ddos attack.
But after I start deflate, I still keep seeing a lot of connection from certain IP.
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
87 218.86.252.158
363 219.150.191.62
501 60.216.238.212
I want to block those IPs permanently.
How can I do that.
View 7 Replies
View Related
Mar 30, 2015
I am using nginx exclusively for my websites/php stuff and I do not need apache anymore. I want to switch off Web Server (Apache) service permanently (see screenshot 1). But somehow or something turns it always back on. I am getting a lot of apache memory warnings lately. I just want to turn it off.
View 4 Replies
View Related
Aug 11, 2007
Any straight up easy way. So they stay permanent?
Can I simply use system-config-network and add each IP one at a time.
View 6 Replies
View Related
Oct 29, 2007
My server runs on CSF.
Very often the firewall automatically ban some of my customers IP who has fix IP to access to their webmail and website, because they have over 100 staffs, maybe that is why the IP was banned automatically for having too many connections to the server.
Everytime I unban the IP, it keeps being banned again. I have to stop / restart iptables to flush it.
How can I allow the IP permanently?
View 1 Replies
View Related
Feb 11, 2015
How to set a permanent ban per IP in Fail2ban?? I have banned continuously some IPs with recidibe and I need put this IPs in a permanent blacklist.
View 1 Replies
View Related
Jul 7, 2009
I need to determine which mail server is better so i can know what to install as default on future servers.
View 9 Replies
View Related
Apr 25, 2009
i have cpanel with 512 meg ram.
i need fast mail server. so which of them is good?
Courier or Dovecot
View 10 Replies
View Related
Dec 19, 2007
I have a mail account hosted in a VPS with cpanel and SquirrelMail as webmail client.
It has thousands of mail files. SquirrelMail got very slow, because courier-imap is very slow sorting files and authenticating users.
I've heard that Dovecot is much faster than courier...
Does anyone have replaced courier by dovecot in cPanel installations? is it a good idea?
View 4 Replies
View Related
Jan 30, 2013
I am using the following mod_rewrite rule for shortened SEO friendly links: RewriteRule ^blog/([^/]*).html$ /blog/blog.php?pid=$1 [R=301,L]
For Google SEO reasons, will the shortened rewritten link created from above be the permanent link, from the R=301? Even though the longer link is still functional? Or, do I need to create a rewrite match 301 rule to push the long URL to the shortened URL permanently?
View 5 Replies
View Related
Jan 22, 2008
Any live expirience for good values of this courier settings for cPanel server:
Maximum Imap Connections (Total)
Maximum Imap Connections Per Ip
Maximum TLS/SSL Imap Connections Per Ip
Maximum Pop3 Connections (Total)
Maximum Pop3 Connections Per Ip
Maximum TLS/SSL Pop3 Connections Per Ip
Number of Authentication Daemons
?
The current values are the original ones which cPanel set:
Maximum Imap Connections (Total) 50
Maximum Imap Connections Per Ip 30
Maximum TLS/SSL Imap Connections Per Ip 30
Maximum Pop3 Connections (Total) 50
Maximum Pop3 Connections Per Ip 4
Maximum TLS/SSL Pop3 Connections Per Ip 30
Number of Authentication Daemons 5
Thanks,
View 1 Replies
View Related
Sep 24, 2008
I have a mail server which is courier, postfix, amavisd, using Mysql db and virtual mailboxes which I administer through postfixadmin.
I want to be able to add a set of default folders to all mailboxes created such as Possible Spam and some others.
I have investigated shared folders but this is not what i want, is there a way I can get courier/postfix to create a set of additional sub-folders when it creates a mailbox.
All mailboxes are accessed as IMAP mailboxes.
View 0 Replies
View Related