I need reinstall qmail after spam atack and follows the post.URL....It says:
rpm -Uvh --force psa-qmail
but my system return an error message..error: opening psa-qmail failed: it does not existe file or directory (error: la apertura de psa-qmail falló: No existe el fichero o el directorio)
rpm -q psa-qmail
return
psa-qmail-1.03-cos5.build1013120126.11
And my system is CentOS
I'm getting a big problem on my server.
From 1 week until now I got 4 spam attacks. The attacker is the same, because the emails sent are iqual.
The technique is also the same, they use an email account (compromissed password) and send emails through smtp server.
When I detect the attack, i do:
1. identify the compromised account
2. Change password from the compromised account
3. Stop qmail
4. Clear queue with qmail-remove
5. Start qmail
The problem is that they already used 4 diferent domains since the first attack. So, here is my problem, how do they discover the passwords?! How can I solve this problem? I have hundreds of emails accounts and can't change it all.
CentOS release 5.10 (Final)
Plesk 11.0.9
So on our server, fail2ban got itself in a mess. Tried various things to fix, to no avail, so figured I'd just do a fresh install of it. There was minimal customisation to it that I couldn't re-do.
Note I'd already rm'd /etc/fail2ban - as on previous attempts, the files in here didn't appear to be restored to their defaults. So I figured removing the directory would force this to happen (Whether this was wise I'm not sure!) ;-)
So, following instructions here: [URL] .... I now get the following:
# wget http://kb.sp.parallels.com/Attachments/kcs-36245/fail2ban.gz
# gunzip fail2ban.gz
# mv fail2ban /etc/init.d/fail2ban
# chmod 755 /etc/init.d/fail2ban
# ll /etc/init.d/fail2ban /etc/fail2ban/fail2ban.conf
ls: cannot access /etc/fail2ban/fail2ban.conf: No such file or directory
-rwxr-xr-x 1 root root 2141 Aug 15 2014 /etc/init.d/fail2ban
I then uninstall/reinstall with # /usr/local/psa/admin/bin/autoinstaller
(Have tried via the web interface too)
I then get:
# ll /etc/init.d/fail2ban /etc/fail2ban/fail2ban.conf
ls: cannot access /etc/fail2ban/fail2ban.conf: No such file or directory
-rwxr-xr-x 1 root root 2141 Aug 15 2014 /etc/init.d/fail2ban
i.e., no change..
and if I go to the fail2ban settings in Plesk, I get:
Internal error: f2bmng failed: ERROR:f2bmng:No section: 'Definition'
Message f2bmng failed: ERROR:f2bmng:No section: 'Definition'
Is there a way to regenerate what should be in /etc/fail2ban by default?
I'm missing files that the existing crontab requires. There are results on Google for it, but since the parallels' forum upgrade, all the Google links are dead...
The missing crons in question are:
/bin/sh: /usr/local/psa/libexec/modules/watchdog/cp/clean-events: No such file or directory
/bin/sh: /usr/local/psa/libexec/modules/watchdog/cp/pack-sysstats: No such file or directory
/bin/sh: /usr/local/psa/libexec/modules/watchdog/cp/clean-sysstats: No such file or directoryClick to expand...
Is it enough to restore the full server backup via the web interface of Plesk to get everything running fine after a reinstall, or is there something else I should do ? I have all kind of backups (server, domains, customers). My server is running Plesk 12 on Ubuntu 12, and I think I will have Ubuntu 14 on the new installation. My backups are on a server on the same local network than my server.
View 3 Replies View RelatedI'm using Ubuntu 14.04.2 LTS and Plesk 12.0.18 - update 38. Since i have reinstalled 3 servers, i don't have imap connection possible in some case.
- When i connect from a Thunderbird, it works only if it's not secure : any attempt with ssl is refused.
- When i try to use a smartphone with the same working config done in Thunderbird, i canno't log whatever i do to find something working on the smartphone (note : it's works with pop)
- Horde refuse all users. If i switch to Roundcube, all works...
There is something wrong : i search the web, the forum, for 14 days now, without success. I tried many thing from the KB...no success either.
my server load is currently
load average: 13.23, 11.34, 10.53
when i look at the apache server-status, it says i am using .723% of cpu.. so i don't think that is the problem.. i ran this command..
/var/qmail/bin/qmail-qstat
and it came out with..
messages in queue: 3061
messages in queue but not yet preprocessed: 29
is that a lot of messages in queue?
when i do top.. these are some of the processes that come up first..
10749 popuser 18 0 12.9 0:00.39 0.1 2924 380 304 D qmail-local
368 popuser 16 0 2.7 0:15.32 3.9 30720 19m 2244 S spamd
10712 mailman 18 0 1.7 0:00.07 0.6 5764 3124 1800 D gate_news
10678 root 17 0 0.7 0:00.09 0.2 3820 1064 780 R top
178 root 15 0 0.3 81:43.17 0.0 0 0 0 D kjournald
1827 root 15 0 0.3 76:52.47 0.1 2412 456 380 D syslogd
9170 qmails 15 0 0.3 50:27.14 0.1 2448 540 372 D qmail-send
9174 qmailr 16 0 0.3 7:55.07 4.6 83080 23m 264 S qmail-rspawn
9413 root 16 0 0.3 0:00.09 0.5 10292 2708 1956 S sshd
10089 popuser 18 0 0.3 0:01.15 0.1 3312 380 304 R qmail-local
10345 popuser 18 0 0.3 0:00.35 0.1 1540 376 304 D qmail-local
1 root 16 0 0.0 0:43.19 0.0 1888 92 64 S init
2 root 34 19 0.0 20:19.12 0.0 0 0 0 S ksoftirqd/0
3 root 5 -10 0.0 0:03.87 0.0 0 0 0 S events/0
I am a new user of Plesk 11.5.30 struggling to understand how qmail is configured.
I intend to install ezmlm to work with qmail but the installation guide assumes that the qmail installation is set up per LWQ (Life with qmail - see URL....
For example the following are quotes from LWQ:All of qmail's system configuration files, with the exception of the .qmail files in ~alias, reside in /var/qmail/control.A series of configuration files resides under /var/qmail/users.
The qmail sendmail, which is normally in /var/qmail/bin/sendmail, usually replaces .None of these directories exist. So where are all these configuration entities?
I have issue with qmail server. I want to update ssl certificate and for this i have replaced older servercert.pem with new servercert.pem file in /var / qmail/ control/. and restart service of qmail using qmailctl restart.But after updating this certificate my web browser still showing older certificate details.
View 1 Replies View RelatedI am unable to switch from qmail to postfix via the control panel. It opens a new window that just hangs and never loads. While waiting for it to load, I see these 2 processes running..
root 25108 0.1 0.0 133972 20604 ? S 21:58 0:00 /var/cache/parallels_installer/parallels_installer_CentOS_6_x86_64 --service-mode=components --enable-xml-output --ssl-cert /usr/local/psa/admin/conf/httpsd.pem --branch release,stable --web-interface --with-ssl --disable-browser
root 25109 0.0 0.0 104952 3032 ? S 21:58 0:00 /var/cache/parallels_installer/parallels_installer_CentOS_6_x86_64 --service-mode=components --enable-xml-output --ssl-cert /usr/local/psa/admin/conf/httpsd.pem --branch release,stable --web-interface --with-ssl --disable-browser
But after waiting 20 minutes, the browser never loaded and the two proceses remain. So I killed both processes and removed /tmp/psa-installer.lock and started again. The same thing happened.
Is there a way to fix this? If not, is there an easy way to switch MTAs from the command line?
I have been seeing these in my log and received complaints from customers not able to get their mail out. These messages just stay in the queue and go no where.
what they are successfully using as a tlsserverciphers and tlsclientciphers? Maybe it the dh key being too small. How can this be fixed on Qmail?
qmail: 1436646171.830486 delivery 6: deferral: TLS_connect_failed:_error:14082174:SSL_routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh_key_too_small;_connected_to_170.49.86.238.
I want to add a new port for SMTP (1024) as a client's ISP block 25, 587 and 2525. I tried following this guide: [URL] ... but it doesn't work with Parallels Plesk Panel 11.5 ...
How to add an additional SMTP port to Qmail in Plesk 11.5?
We are seeing intermittent slow responses from SMTP on a RHEL6 server running Qmail on Plesk 11.5. The response is being measured from a remote Zabbix server.
The response time seems to be slow (>10s) for a period of 2-3 minutes and then returns to normal (<1s). All other services continue to be ok during the period of slowness.
The server_args line in /etc/xinetd.d/smtp_psa already contains "-Rt0" and all the DNS servers in /etc/resolv.conf are resolving properly.
From looking at the maillog file the server was receiving about 35 SMTP connections a minute at the time of the slowdown. We have the server configured to use 2 x RBL's.
I wonder if we are hitting a limit on the maximum amount of SMTP connections. The file /var/qmail/control/concurrencyincoming does not exist so, according to the Qmail manual, there shouldn't be a limit on the number of incoming SMTP connections.
Mail isn't leaving the queue, it's returning this error
Feb 12 23:12:01 XXXX postfix-local[64360]: System error .qmail: Permission denied
Feb 12 23:12:01 XXXX postfix-local[64360]: Wrong permissions for .qmail
All the files within /var/qmail/ are set to the user and group "popuser", and have the nessacery rwx permissions for the user/group.
The OS is CentOS.
Just got a strange problem on my plesk server. (11.0.9)
Qmail isn't working...
In Home>Tools & Settings>Services management SMTP "Server (QMail)" is stoppped.
When I try to start it, it say "Information: Please allow for some time for the service to start." but never starts...
In command line i try to restart it with "service qmail restart" and it says "OK" also if i run "service qmail status" it says "qmail-send (pid 2880) is running..."
but, it really doesn't work... queue is getting bigger and smtp isnt responding...!
I'm using Plesk 11.5.50 CentOS 6.5 64bit with Qmail. I have installed a SSL certificate on mail server "mail.company.tld" and is running successfully with smtp/pop3/imap4 daemon. Every user agent uses "mail.company.tld" for smtp/pop3/imap4. The qmail name is "mail.company.tld" (file me). The server has about 300 domains and 1000 accounts.
Now we want to add a new SSL certificate, called "mail.newcompany.tld", and use it only for certain domains. I would like to know if is possible to use the new SSL "mail.newcompany.tld" for a specific mail domain without using the old SSL "mail.company.tld" that isn't expired yet. From Plesk Panel I haven't found a section for using the SSL for a specific mail domain.
I have a server(godaddy) with plesk. It was all working well till 8 - 10 days ago. I didnt notice it one week later where I started receiving a lot of failed mail notices. Then on investigation, there were more then 50K spam mails in the mail queue and the mails that were supposed to be sent(registration, forgot password) were also held up in the queue. I found the source of the spam and fixed that.
Also I cleared the mail-queue. Now when I try to send out a test message, it still gets held up in the mail queue. But I can send a test mail to the same domain (info@mydomain.com). All new user registration mails are also held up and this is greatly affecting the site.
I am running CentOS 5.10 (Final) with Plesk 11.5.30 Update #44 and since a few days have the strangest problem with incoming emails from certain hosts.
The email from known senders produces a relaylock message like:
/var/qmail/bin/relaylock [12345]: mail from 80.80.80.80:59595 (mail.hostname.com)
From what I was able to gather this is regular behaviour with plesk and qmail, indicating that the senders' mailserver has made contact.
Then nothing happens. For hours. 7-10 to be exact. Then the mail is being processed and delivered.
We installed a new VPS with Centos and Plesk 12.
Domains are simply not showing in the controlpanel. We can see the subscriptions but its empty under the button 'Domains'. Newly created sites as well as migrated sites do not show.
Before we created or migrated a site to the server we changed psa.conf HTTPD_VHOSTS_D /home/httpd/vhosts
This is a legacy from our old servers and never has been a problem. I suppose this is not related, but just thought I should mention it.
The second problem with this server is that when we toggle the mailservice in 'Services management' the button reacts but does not change the state of qmail. It just keeps running. What can be wrong with this fresh installation?
I have a PTR record and RDNS works for me but when i want sending email to this server : 62.152.169.25 error occurs and mail undelivery received.
qmail: 1403506829.587606 delivery 2978: failure: 62.152.169.25_does_not_like_recipient./Remote_host_said:_550_Invalid_RDNS_entry_for_144.76.245.38/Giving_up_on_62.152.169.25./
Since 15.05.2015 smtp experiencing problems.
Smtp service (qmail) stops responding on port 25:
# time telnet localhost 25
Trying 127.0.0.1...
quit
quit
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
quit
quit
Connection closed by foreign host.
real 4m10.629s
user 0m0.000s
sys 0m0.002s
After server restart or sometimes apache stop or ixnetd restart its responding for a some random time, and then again it stops to respond. Plesk panel show it as stopped but qmail itself running in memory, and does other its work, it just stops responding at port 25, or responds with a huge delay.
I've tried change it to postfix, reconfigured with mchk, repaired with repair.sh -r, disabled and uninstalled parallels antivirus, antispam, dnsbl, disabled firewall, disabled smtp lock. Checked apache, dns. Enabled submission port which works when 25 port doesnt, but i need working 25 port.
Nothing solves problem, its just stops responding after some random time. There is no errors on maillog.
I think this problem occured after recent plesk microupdate, because i didn't do anything to server configuration in last months.
This article says it might be dnsbl [URL] .... but it disabled(from plesk panel) on my server, maybe there is way to focefully kill any relation to dnsbl?
Plesk info:
OS Red Hat Enterprise Linux Server 5.9 (Tikanga)
Panel version 11.5.30 Update #50, last updated at May 18, 2015 05:21 PM
The system is up-to-date; last checked at May 17, 2015 10:56 PM
update: xinetd restart is definitely brings smtp alive, but it goes off after random period of time (5min ~ couple hours)
I'm having a hard time figuring why me emails are not delivered to mailboxes.
A bit of context:
OS: Ubuntu 12
Plesk pannel: 11.5
This server was supposed to be a new server (upgrade) from a previous who was working correctly (Also Linux with Plesk but both older versions).
After new server installed and websited up and running, I decided to create mailboxes and then copied all mailboxes (including emails and folders) to this new server.
First issue I got was i could not connect, until I figure out permissions were incorrect (for root after copy) and fixed it to be accessible by "popuser" (each user to access his mailbox).
Now i can connect, but new emails stay on qmail and can't be delivered to mailboxes.
Even after I have deleted the emalboxes and recreate them (now new emails are being delivered) all those emails in the queue can't be delivered.
I forced queue flush with "postqueue -f" but I get errors on the log:
(temporary failure. Command output: .qmail has prog delivery but has x bit set. (#4.7.0) 4.2.1 Message can not be delivered at this time )...
Which user should i give permissions (if that is the case) so tha both popuser (email user) and qmail/postfix can write on the mailboxes and deliver messages?
I have a Qmail server that is using relays.ordb.org
As you probaly know this shut down two years ago. But is now sending all requests as spam. No one is recieving there emails.
this a Standard Qmail,with a hacked qmail-send witch intergrates with Mysqld.
is not installed with qmailroks, or supervise. Can't find the config text file.
how can we remove traces or referrences to relays ordb.org
Anybody have a good scheme of fresh install or preinstallling a server with Linux (CentOS in this case) remotely?
View 7 Replies View RelatedRHEL3/Cpanel/Exim
So one of my domains is getting a dictionary attack. It is a popular domain and "big deal" it happens all the time. Well, this time it is the most ruthless distributed dictionary attack I have ever seen.
Today marks the one week period and emails are flooding in 10 to 15 a second (of course none of them ever get delivered). It is like hail pounding on a thin tin roof and the denial/logging alone has the server load at least quadrupled!
Oh yeh, the best part. I have a beautiful list of over 7,000 banned IP addresses (and growing every minute, now THATS DISTRIBUTED!).
I'm getting multiple smtp mass mail attack, using weak passwords.
Is there a command, a part from
/usr/local/psa/admin/sbin/mail_auth_view
to list only unsecure password?
What steps do I need to take to uninstall Parallel Plesk 11 for Windows. Then Reinstall Parallel Plesk 11 for Windows. Because my "File Manager" got corrupted, my download link timesout and I need this fixed.
View 5 Replies View RelatedWe've been seeing sluggish performance on our mail gateways, and so I started doing some digging in the logs. It looks like we are filling up with messages like:
2007-05-16 12:22:16 Connection from [xx.xx.xx.xx] refused: too many connections
We have our max connections set to 20 (total, not host-specific) in exim4. So I started tailing the logs, and sure enough, we are getting bombarded with requests to randomstring@ourdomain.com coming from all over the map. The requests are getting denied of course, but that doesn't help the connection issue since they are consuming all of them, preventing real mail (for the most part) from getting through.
What is the proper way to deal with something like this? I could certainly just up the max connections value from 20 to 40 or 50 or whatever, but I'm not sure what kind of performance impact that will have on the rest of the traffic going through our gateways.
Since the spam attempts are coming from all over the place, it doesn't seem like I can just firewall out a few addresses and be done with it.
This particular rack is a cluster of web and database servers behind two gateway boxes, which handle the mail traffic (so this problem is on the gateways, the actual mail server itself sits behind the gateways and never actually sees these fake emails).
I have Spam in the Mail Queue.
How can I detect, where it come from, or how can I avoid it ?
Today in a plesk 12 with mail control (20 mails per hour per mailbox) a spammer stole a password of a mailbox and send nearly 1000 mails in two hours.
How can it is possible? Also in the stats I see 0 mails sent. In the logs (var/log/mail.log) I see the spam wast sent from a mailbox...