Exim + Cpanel + Dspam Howto
Mar 21, 2007
I found a handful of howto's for dspam, but none of them catered for exim with virtual users. After hunting around, I eventually have it working on a cPanel server, with user authentication for mail users.
My setup:
dspam version 3.6.8, using mysql driver.
exim version 4.
mysql 4.1
CentOS (2.6.9-023stab033.9-enterprise)
cPanel / WHM - latest RELEASE version.
Download the source, configure and compile:
Code:
# cd /usr/local/src
# wget http://dspam.nuclearelephant.com/sou...m-3.6.8.tar.gz
# tar -zxf dspam-3.6.8.tar.gz
# cd dspam-3.6.8
Configure, replacing user/groups with your web-server user (web / apache / nobody), and use your mysql-include / library paths (will need mysql-devel on rh based systems).
Code:
# ./configure --prefix=/opt/dspam-3.6.8 --with-local-delivery-agent=/usr/sbin/exim --with-storage-driver=mysql_drv --with-userdir=/var/spool/mail/dspam --with-userdir-owner=nobody --with-userdir-group=nobody --with-dspam-mode=none --with-dspam-owner=nobody --with-dspam-group=nobody --enable-whitelist --enable-spam-delivery --enable-alternative-bayesian --disable-dependency-tracking --enable-virtual-users --with-mysql-includes=/usr/include/mysql --with-mysql-libraries=/usr/lib/mysql/ --with-dspam-home=/opt/dspam-3.6.8/var/dspam
# make && make install
Set up mysql
Code:
# mysqladmin -p create dspamdb
# mysql -p
>grant all privileges on dspamdb.* to dspamuser@localhost identified by dspampass;
>flush privileges;
>exit;
Create tables:
Code:
mysql -p dspamdb < /usr/local/src/dspam-3.6.8/src/tools.mysql_drv/mysql_objects_speed.sql
mysql -p dspamdb < /usr/local/src/dspam-3.6.8/src/tools.mysql_drv/virtual_users.sql
Link dspam in opt for easy versioning:
Code:
ln -s dspam-3.6.8 /opt/dspam
Copy the web interface files to a web directory:
Code:
# cp webui/cgi-bin /opt/dspam -r
# cp webui/htdocs /opt/dspam/
This next step is required for pop3 authentication.
Install perl module Apache::AuthPOP3 - which does apache pop3 authorisation:
Code:
perl -MCPAN -e shell
install Apache::AuthPOP3
Next, apache will need mod_perl installed - WHM -> Apache Update will allow you to enable the perl module (I am running it alongside php with no issues).
Then in /usr/local/apache/conf/httpd.conf:
Code:
ScriptAlias /dspam/ /opt/dspam/cgi-bin/
Alias /dspam_files/ /opt/dspam/htdocs/
<Directory /opt/dspam/cgi-bin>
Options None
AllowOverride AuthConfig
Order allow,deny
Allow from all
</Directory>
Create .htaccess in /opt/dspam/cgi-bin as follows:
Code:
AuthName "Dspam"
AuthType Basic
PerlAuthenHandler Apache::AuthPOP3
PerlSetVar MailHost localhost
Require valid-user
#PerlSetVar UserMap pop3user1=>realname1,pop3user2=>realname2
#Require user pop3user1 pop3user2 pop3user3 pop3user4
there are 2 commented parameters you can set when using POP3 auth - sure its pretty self-explanatory.
Set up admin user (the admin_user must be able to authenticate as a pop user):
Code:
#echo "admin_user" >> /opt/dspam/cgi-bin/admins
Create a queuesize script for web user - so dspam can determine how many messages in the queue.
Code:
vi /usr/local/bin/eximqsize
#!/bin/sh
/usr/bin/find /var/spool/exim/input/ -type f | wc -l | cut -d" " -f1-
##EOF
# chmod 4755 /usr/local/bin/eximqsize
# chown nobody /usr/local/bin/eximqsize
Configure web ui, edit /opt/dspam/cgi-bin/configure.pl:
Code:
$CONFIG{'MAIL_QUEUE'} = "/usr/local/bin/eximqsize";
$CONFIG{'WEB_ROOT'} = "/dspam_files";
$CONFIG{'LOCAL_DOMAIN'} = "FQDN"; #your servers fully qualified domain name - e.g. host.yourdomain.com
Next, set the default preferences for the system (you need /opt/dspam/bin in your path if you copy and paste this...):
Code:
dspam_admin ch pref default trainingMode TEFT
dspam_admin ch pref default spamAction quarantine
dspam_admin ch pref default spamSubject "[SPAM]"
dspam_admin ch pref default enableWhitelist on
dspam_admin ch pref default showFactors off
Permissions:
I would suggest reading the README over dspam to get a full understanding of the permissions required for running of dspam. My permissions were:
Code:
# chown nobody:mail /opt/dspam/var/dspam -R
# chown nobody:mail /opt/dspam/etc/ -R
Edit dspam.conf (in /opt/dspam/etc/. I have only listed the parameters I changed here...):
Code:
TrustedDeliveryAgent "/usr/sbin/exim -oMr spam-scanned"
Trust: root
Trust: mail
Trust: nobody / httpd #choose 1 - what ever your webserver runs as - `ps axu | grep httpd` to find out
#Use the same details as you did for the "grant all privileges on...." statement in mysql.
MySQLServer /var/lib/mysql/mysql.sock
MySQLPort
MySQLUser dspamuser
MySQLPass dspampass
MySQLDb dspamdb
MySQLCompress true
MySQLVirtualTable dspam_virtual_uids
MySQLVirtualUIDField uid
MySQLVirtualUsernameField username
Almost there....
Confirm that mysql is configure to listen on a socket in /etc/my.cnf (or whereever your config file is):
Code:
# cat /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
Now the final step - exim configuration. This is the part that took the longest, hopefully it works for you. Just as I read in the howto's I used for this, please please please dont just copy and paste - you stand a good chance of breaking your mail server if you make changes without understanding. Be warned.
My config file is /etc/exim.conf. This should be edited using the WHM -> Exim Configuration Editor -> Advanced.
Code:
#Routers - Add these in the box before virtual_user delivery / user delivery router).
dspam_router:
no_verify
#uncomment the next line to disable dspam for virtual users.
# check_local_user
condition = "${if and {
{!def:h_X-Spam-Flag:}
{!def:h_X-FILTER-DSPAM:}
{!eq {$sender_address_domain}{$domain}}
{!eq {$received_protocol}{local}}
{!eq {$received_protocol}{spam-scanned}}
} }"
headers_add = "X-FILTER-DSPAM: by $primary_hostname on $tod_full"
driver = accept
transport = dspam_spamcheck
## The next 2 routers allow you to forward spam / non-spam to dspam for training (e.g. spam-yourmail@yourdomain.net).
# spam-username
dspam_addspam_router:
driver = accept
local_part_prefix = spam-
transport = dspam_addspam
# nospam-username
dspam_falsepositive_router:
driver = accept
local_part_prefix = notspam-
transport = dspam_falsepositive
##Transports - can be added anywhere:
#this adds the spam-scanned protocol header, so when it is passed back to exim after being processed by dspam, it doesnt get stuck in a loop.
dspam_spamcheck:
driver = pipe
command = "/usr/sbin/exim -oMr spam-scanned -bS"
transport_filter = "/opt/dspam/bin/dspam --stdout --deliver=innocent,spam --user $local_part@$domain"
use_bsmtp = true
home_directory = "/tmp"
current_directory = "/tmp"
user = nobody
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
dspam_addspam:
driver = pipe
command = "/opt/dspam/bin/dspam --user $local_part@$domain --class=spam --source=error"
home_directory = "/tmp"
current_directory = "/tmp"
user = nobody
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
dspam_falsepositive:
driver = pipe
command = "/opt/dspam/bin/dspam --user $local_part@$domain --class=innocent --source=error"
home_directory = "/tmp"
current_directory = "/tmp"
user = nobody
group = mail
log_output = true
return_fail_output = true
return_path_add = false
message_prefix =
message_suffix =
If you have set up authentication correctly as well, then you should be able to open [url] and log in - if you add your login details to the "admins" file, you can configure defaults, etc. It also allows ALL users (with 1 user being an email account) to log in, using www.yourclientsdomain.com/dspam/dspam.cgi
This will not work with suexec enabled!! This is because dspam needs specific permissions, and it is expecting user nobody to access it. If suexec is enabled, you will need to use the default host, and NOT virtual hosts (and even this may not work - testing still required).
Watch exim_mainlog after this - you should pick up what transports and routers are being used.
Dspam can really hammer a system - mysql, cpu and memory usage will go up a bit, especially on busy production servers. Monitor your servers performance.
Other settings: add /opt/dspam/man to MANPATH in /etc/man.config or move dspam man directory to an existing man directory.
[ADDED]
This dspam.cgi hack will do a lookup in the cpanel config file to find the domain for any username without a domain, and append it on match (or leave just the username part if nothing is found). This requires unsecuring your system a bit - your http user will need to be able to read /etc/trueuserdomains (either chmod 644 or chown nobody):
Code:
#add this just after $CURRENT_USER is set.
if ($CURRENT_USER !~ /@.+./) {
open(TUD, "</etc/trueuserdomains");
while(<TUD>) {
my ($domain, $user) = split(/:/,$_);
chomp($user);
$user =~ s/^s*//g;
if ($user eq $CURRENT_USER) {
$CURRENT_USER = $CURRENT_USER . "@$domain";
}
}
close(TUD);
}
That should do it
dspam will allow all messages through by default, and will require some training. With this config, users can train using email commands - all they need to do is forward any spam that hits their mailbox to spam-emailaddress@domain.com (their own email address with spam- prepended). Unfortunately this does not allow handling of false positives if you are using a "quarantine" policy instead of subject. the web interface comes in handy for this.
I am busy testing a combination of dspam with assp, which seems to be working well - I especially like the greylisting feature of assp and ProtectionBox... Will add to this howto when testing is finish.
View 5 Replies
ADVERTISEMENT
Jan 29, 2007
What is ASSP? ASSP is an Anti-Spam SMTP Proxy . The homepage can be found here. ASSP is a lightweight daemon that can filter mail based on various things such as SPF, RBLs, Bayesian word lists, as well as blocking email addresses from getting mail, or having mail filtered.
This tutorial will walk you through getting the admin interface for CPanel setup for ASSP. Currently, a paid user interface can be obtained here (note that I am in no way affiliated with, nor have I tried to use this UI, I am just offering the link to those that might find it useful)
Firstly, the setup:
You will need to activate Cpanel PRO (pro.cpanel.net/activate) for your server in order for this to fully work. This activation is currently free. Simply go to the previous mentioned URL and enter your IP address if you have not done so already.
Once you have activated CPanel PRO, go into whm->addon modules and check clamav connector, then click on "save". This will install clamav for you to use
Once you have done THIS, go to whm->service manager and UNcheck spamd (it is no longer necessary with ASSP), and again click on save/submit. Note that this IS optional, however the purpose of ASSP is to defeat spam before it GETS to SpamAssassin.
Once you have done THAT, go into whm -> tweak settings and uncheck SpamAssassin and BoxTrapper mail.
Secondly, the requirements:
ASSP needs certain perl modules established To install these, simply login (as root) to your server, and type the following
Code:
/scripts/perlinstaller --force Compress::Zlib
/scripts/perlinstaller --force Email::Valid
/scripts/perlinstaller --force File::ReadBackwards
/scripts/perlinstaller --force File::Scan::ClamAV
/scripts/perlinstaller --force Mail::SPF::Query
/scripts/realperlinstaller --force Mail::SRS
/scripts/realperlinstaller --force Tie::RDBM
/scripts/realperlinstaller Sys::Syslog
/scripts/perlinstaller --force Net::LDAP
/scripts/perlinstaller --force Time::HiRes
/scripts/perlinstaller --force Tie::DBI
Note that the --force is optional, however it will make sure you've got it installed. Do these one at a time as some of these have configurable options to them.
One more perl module is needed. Since the later versions of Net::DNS are known to cause issues with RBLs, SPFs and the like, it is advised to use 0.57 . This can be obtained by doing the following:
Code:
mkdir /usr/local/assp
cd /usr/local/assp
mkdir /usr/local/assp/tmp
cd /usr/local/assp/tmp
wget [url]
tar xzf Net-DNS-0.57.tar.gz
cd Net-DNS-0.57
perl Makefile.PL
make
make test
make install
Do NOT remove the /usr/local/assp/tmp directory as when you update cpanel, it will try to auto update Net::DNS again, so you will want this intact.
Now, let's get with the program here and install ASSP:
Code:
cd /usr/local/assp
wget [url]
unzip -d /usr/local/assp /usr/local/assp/ASSP_1.2.6-Install.zip
mv --target-directory=/usr/local/assp /usr/local/assp/ASSP/*
mv --target-directory=/usr/local/assp /usr/local/assp/ASSP/.DS_Store
rm -rf /usr/local/assp/__MACOSX
rm -rf /usr/local/assp/ASSP
rm -f ASSP_1.2.6-Install.zip
rm -f Win32-quickstart-guide.txt;rm -f freshclam.bat
cd /usr/local/assp
mkdir pb
cd pb
touch denysmtp.txt
touch exportedextreme.txt
touch pbdb.black.db
touch pbdb.rbl.db
touch pbdb.white.db
cd /usr/local/assp
mkdir /usr/local/assp/notspam
mkdir /usr/local/assp/spam
mkdir /usr/local/assp/errors
mkdir /usr/local/assp/errors/notspam
cd /usr/local/assp
wget [url]
chmod 755 start
wget [url]
chmod 755 stop
cd /etc/rc.d/init.d
wget [url]
chmod 755 assp
The core of ASSP is now installed. However, the development versions have updated functions to use for users. Of course, this is completely optional, but is recommended completely. This can be done by the following in SSH
Code:
cd /usr/local/assp/
mv assp.pl assp.pl_old
mv spamdb spamdb.old
mv rebuildspamdb.pl rebuildspamdb.pl.old
mv repair.pl repair.pl.old
mkdir Data
mkdir Data/Lists
wget [url]
wget [url]
000F4555.2/rebuildspamdb.pl
wget [url]
wget [url]
mv assp.css images
wget [url]
cd Data/Lists
wget [url]
chmod u+x /usr/local/assp/*.pl
Now, let's get it up and running, and configure it, shall we?
Code:
cd /usr/local/assp
/etc/init.d/assp start
You'll see ASSP sending out some messages and then doing nothing. This is ok, and it's the expected response. Now, we need to edit some stuff. Hit ctrl-c (cancel) to shut down ASSP
once it's stopped, you'll see the following file in the assp directory - assp.cfg . Edit that with whatever you want for an editor, something like:
Code:
nano assp.cfg
You want to change a few options immediately just to get it working
Look for the lines that are something like:
Code:
runAsGroup:=
runAsUser:=
and change them to be:
Code:
runAsGroup:=root
runAsUser:=root
Then look for the line that is
Code:
AsADaemon:=
and change it to
Code:
AsADaemon:=1
Now, let's change the password just so that we're secure:
look for the line that is
Code:
webAdminPassword:=nospam4me
and change that to
Code:
webAdminPassword:=insertrandompasswordhere
Now, let's tell ASSP to setup and accept mail for our domains. Look for the line something like
Code:
localDomains:=
and change that to be
Code:
localDomains:=file:/etc/localdomains
Almost there, just a couple more changes needed.
Look for the line that is something like
Code:
smtpDestination:=127.0.0.1:225
and change that to be
Code:
smtpDestination:=127.0.0.1:125
(or another port instead of 125, just REMEMBER the port!)
and one more change
change the line that looks like
Code:
listenPort:=125
to
Code:
listenPort:=25
Now save and exit the file. If you're using nano/pico, that would be ctrl-x , just make SURE to save the file before you exit!
Now, let's get ASSP fired up again
Code:
/etc/init.d/assp start
let's make sure you have assp starting on system boot:
Code:
chkconfig --add assp
Let's add a crontab to make sure that ASSP rebuilds the bayesian spam list
Quote:
crontab -e
Code:
10 4 * * * cd /usr/local/assp;/usr/local/assp/rebuildspamdb.pl
Occasionally, what I've seen is ASSP will get "hung" on certain things and just kill itself. This fix will work for this, and make sure your ASSP installation is running smoothly
Open up another file on the server, my example will be /bin/asspcheck. In this file, add the following contents
Code:
assplog=/usr/local/assp/check.log
DATE=`date "+%m-%d-%y [%k:%M]"`
pidof=/usr/local/assp/pid
thispid=`cat $pidof`
if [ ! -d /proc/$thispid ];then
rm -rf $pidof;
/etc/init.d/assp start
echo "$DATE - ASSP - restarted" >> $assplog
else
echo "$DATE - ASSP - ok" >> $assplog
fi
Now, chmod the file itself
Code:
chmod u+x /bin/asspcheck
Now, make sure it's called every 60 seconds. Add this to your root crontab
Quote:
crontab -e
Code:
* * * * * /bin/asspcheck
Now, let's go BACK into WHM and setup the variables needed to get exim to use ASSP
In exim configuration editor, click on "advanced editor"
Clear out EVERYTHING from all of the existing boxes. Keeping these with data can cause ASSP to not function as it should
When you've done that, add the following to the top box:
Code:
# assp
local_interfaces = 127.0.0.1.125
If you changed this variable to something else
Code:
smtpDestination:=127.0.0.1:125
put in the other port, NOT 125, so it would look like 127.0.0.1.whateverporthere
Click on Save
Exim will restart and you now have a working installation of assp
Now, let's go to it and work with it a bit, shall we?
go to [url], enter the user admin and the password you changed nospam4me to. This will get you logged in and you can tweak the settings as you feel necessary.
ASSP is a great and powerful proxy for any mail server, which blocks using RBLS, whitelists, etc. It is advisable to setup the email interface and let your customers know of this so that you can get them to help you in reporting and addressing spam.
Parts of this howto were taken from this page, however much of that data has been found to be outdated as far as downloads from CVS and the like go, and I've added quite a bit of useful information into it as well.
Go through the ASSP configuration VERY carefully, and ONLY change what you're sure of.
Start with the RBLs, increase the list to 5 and max hits to 2 as suggested.
If you notice problems with this or know how it might be better, hey, feel free to post in here and I'll keep it as updated as possible :)
View 14 Replies
View Related
Aug 28, 2007
I've been attempting to develope a server running apache 2+, php 5, and I was running into issues installing php as cgi.... All my scripts require The shebang:
#!/usr/bin/php at the top to execute properly. Anyone know a good site/how to that explains how to do this?
has anyone else here run suexec with apache? If so, could you tell me what you compiled it with? Just curious, as I think i'm doing everything right, yet I still fail
View 2 Replies
View Related
Nov 27, 2006
FFMPEG INSTALLATION FROM SOURCE
FFMPEG INSTALLATION FROM SOURCE
installed by:
Robertas Dereskevicius
Edited by Jon Nikolakakis
OS/ Fedora Core 5
Summary
download and install:
libffac
libffad2
xvid
libogg,libvorbis
mp3lame
ffmpeg
Setting Up Install Folder, Logging and download Packages
1)Log into ssh
2) cd /usr/src && mkdir install && cd install
3) Download faad2 and faac
from http://faac.sourceforge.net/oldsite/download.php get Faad2 and faac (new versions)
wget http://prdownloads.sourceforge.net/f...ar.gz?download
wget http://prdownloads.sourceforge.net/f...ar.gz?download
4) Verify that you have these components are installed
rpm -qa automake
rpm -qa autoconf
rpm -qa libtool
rpm -qa m4
rpm -qa gcc-c++
If any are missing than simply yum install (packagename), if you dont have a package manager than get one, it will save you alot of time
and headaches.
Installing Faac
5)tar -zxvf faac-1.24.tar.gz && cd faac
6) sh bootstrap
7) ./configure
8) make
9) make install
10) cd ..
Installing Faad2
11) tar -zxvf faad2-2.0.tar.gz
12) cd faad2 && less README.linux
13) There is 2 bugs with this package, so need to manually edit these files
14) nano Makefile.am
Edit the file to look like this
SUBDIRS = libfaad common frontend plugins
EXTRA_DIST = faad2.spec
15) cd common/mp4ff && nano mp4ffint.h
16) Comment out this line
//void mp4ff_track_add(mp4ff_t *f);
17)Save file and cd ../..
18)autoreconf -vif
19) ./configure
20) make
21) make install
Installing Libogg and Libvorbis
22)cd .. and then Check to see if libogg and libvorbs
rpm -qa libogg-devel
rpm -qa libvorbis-devel
rpm -qa libncurses-devel
If not installed then simply Package Install (replace yum and install settings with your package manager)
yum install libogg-devel
yum install libvorbis-devel
yum install libncurses-devel
Installing LAME (for audio)
23)go into lame sourceforge - http://sourceforge.net/project/showf...package_id=309
24)wget http://mesh.dl.sourceforge.net/sourc...me-3.97.tar.gz
25)tar -zxvf lame-3.97.tar.gz
26)cd lame*
27) ./configure; make;make install
Installing Xvid
28) cd .. && wget http://downloads.xvid.org/downloads/...e-1.1.2.tar.gz
29)tar -zxvf xvidcore-1.1.2.tar.gz && cd xvid*/build/generic/
30) ./configure; make; make install;
31) cd ../../..
Installing ffmpeg
32) rpm -q subversion If not install, then install subversion
33)svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg && cd ffmpeg
34) ./configure --enable-shared --enable-xvid --enable-vorbis --enable-libogg --enable-mp3lame --enable-gpl --enable-faad --enable-faac --enable-a52
35)make
36)make install
If Installation went ok, run
ldd ./ffmpeg
If Path to Lib Libraries are not ok
37)Check to see if /usr/local/lib exists on this file
cat /etc/ld.so.conf
If not
echo /usr/local/lib >>/etc/ld.so.conf
38) cat/etc/ld.so.conf Now check to see if (/usr/local/lib exist)
39) save file
40) ldconfig
41) run ldd ./ffmpeg
FFmpeg should be complete and installed. On some servers you may need to add Disable Shared and enable flags.
View 14 Replies
View Related
Dec 24, 2008
i have 1 dedicated server, and 1 shared hosting the domain.com is hosted in dedicated server i want the subdomain sub.domain.com in other host
i have try this but not working :
I. the dedicated server have whm and cpanel
in whm i go to DNS Functions --> Edit DNS Zone --> i add sub name , choose A, and enter other ip host
II. the shared hosting only have cpanel
i go to cpanel --> addons domain --> add my domain.com
then go to cpanel again --> Subdomains --> i add sub from domain.com
with above step i just got this when accessing the url http://sub.domain.com :
Quote:
Great Success !
Apache is working on your cPanel® and WHM Server
If you can see this page, then the people who manage this server have installed cPanel and WebHost Manager (WHM) which use the Apache Web server software and the Apache Interface to OpenSSL (mod_ssl) successfully. They now have to add content to this directory and replace this placeholder page, or else point the server at their real content.
View 5 Replies
View Related
Aug 31, 2007
Anyone have any info on how to do this? It appears my hosts don't know how to do it..
"You have the tun module which can be loaded via a modprobe but the dev entries would appear to be needed to be made. Of course, you could do this if you know how or wait while I research it. We know tun/tap works on openvz but you're the first request we've had on Xen."
View 1 Replies
View Related
Jun 13, 2007
I'm on CentOS 4.4, webmin, LAMP, OpenSSH and ProFTPD server.
But what I'm wondering is how to look at my off network backup space.
I can only access my backup space through the DC network/my own server. So I need some kind of way to bounce a GUI ftp connection off the server - which would allow me to look at the files...
I know I can use rsync for backing up and restoring. But the way I understand rsync I need to know exactly what I am to move, as it operates on an exact command.
View 2 Replies
View Related
Aug 31, 2007
"You have the tun module which can be loaded via a modprobe but the dev entries would appear to be needed to be made. Of course, you could do this if you know how or wait while I research it. We know tun/tap works on openvz but you're the first request we've had on Xen."
View 2 Replies
View Related
Apr 29, 2007
I tried to install some software but I got this message:
Checking for perl modulesfailed
You need to install the LWP perl module (libwww-perl) to install ...
Does any one know how I can install this module or is it better to install/update the whole sets of perl module?
View 14 Replies
View Related
Jul 2, 2008
I've seen a lot of requests for a simple howto dealing with bandwidth limiting/"capping" on Linux. I put together a howto yesterday on this which I hope you'll find useful.
Ifve recently optimized the scripts used for bandwidth management in one of our UK facilities and I thought Ifd post a quick howto on it.
The full script can be found directly here: http://www.adamsinfo.com/bandwith-li...oute2/#more-15
My setup here is a live feed entering eth0 on this linux router and leaving eth1 into a switch connected to a collection of other servers. This is set up as an unrestricted public router, routing between a /30 on eth0 and a /24 on eth1.
Note: We canft in any way restrict the amount of traffic that eth0 receives from the outside, so instead we restrict how fast eth0 sends data out, the same applies the other way round. So, if we want to limit the amount of data that the local servers can send, we shape the routerfs external interface (eth0). If we want to limit the amount of data that the local servers can receive, we shape the routerfs internal interface (eth1)
With Debian Etch on 2.6.x, run:
apt-get install tc iproute2 bc
Then script as follows:
# Set some variables
#!/bin/bash
EXT_IFACE=heth0
INT_IFACE=heth1
TC=htch
UNITS=hkbith
LINE=h10000 #maximum ext link speed
LIMIT=h5000 #maximum that wefll allow
# Set some variables for individual gclassesh that wefll use to shape internal upload speed, i.e. shaping eth0
CLS1_RATE=h200 # High Priority traffic class has 200kbit
CLS2_RATE=h300 # Medium Priority class has 300kbit
CLS3_RATE=h4500 # Bulk class has 4500kbit
# (Wefll set which ones can borrow from which later)
# Set some variables for individual gclassesh that wefll use to shape internal download speed, i.e. shaping eth1
INT_CLS1_RATE=h1000 #Priority
INT_CLS2_RATE=h4000 #Bulk
[...] A few hundred lines [...]
I have tried not to get bogged down with too many irrelevant details here and would be happy to answer any questions or take any corrections. Itfs pretty simple and it works well. Install bmon and you can confirm this yourself. The purpose of this is that I can take a 10mbit connection and limit the traffic to 5mbit ensuring that I donft break the 95th percentile that I want to maintain at the datacenter. I can increase and decrease this at any time as traffic requires or permits respectively.
View 0 Replies
View Related
May 14, 2009
We are planing to implement a spam appliance like the mailfoundry for our 60 cpanel servers.
What is the best and easiest way to replace the standard cpanel mx entry in the dns zonefiles with our two new MX entries?
Additionaly we need to enable the option "Always accept mail locally even if the primary mx does not point to this server." for all the dnszonefiles where we use the new MX entries.
The problem is, that some customers are using already own mx entries, therefore we can not change all of them, but only the entries which point to the cpanel server.
Does someone have a script for this, or how would you change this?
View 2 Replies
View Related
Aug 11, 2007
Any straight up easy way. So they stay permanent?
Can I simply use system-config-network and add each IP one at a time.
View 6 Replies
View Related
Oct 13, 2007
Here is the procedure to upload websites and their subwebs (subsites) with FP 2002/2003
Upload the website with FTP
Install FP extensions
Wait for the DNS to pullulate
Open your remote website with FP
Convert folders to subwebs as needed
Upload (again) all your website files with FP
An error message will appear: "cannot find a web server at <domain name> on port 80 ...."
select <OK>
Wait for FP to stop and a message "status unknown" will appear
start uploading again
A message asking something about replacing remote files will appear. Select <YES>
Repeat the process for each subweb (it might take a while)
At the end, you will find a status message: "Successful upload", or similar
That was all
It works for some hosts with cPanel but I cannot be sure if it works for all
Some just require oppening the remote site with FP and convert the requiered folders to subwebs as neeeded.
View 0 Replies
View Related
May 8, 2007
I know Cpanel has some features to do this unfortunately i have a private lable Pannel
that is why I want to move to a host that can allow me to move all my customers in and out as fast as I need to. There are many reasons to leave or find different hosting
that is not the question the question is how to do this without having your customers
go crazy or if posible to do it without them even noticing more then a short period of downtime late at night.
Please offer any opinions or directions on Pannel choice and methods to make the move seamless.
Mistakes are also very interesting And although we all know every hosting company is willing to help us do this and they are all nice guys it is important that things like this can be done fast and also without need for outside tech support All things are important like checking php versions and perl moduals and apache, mysql, phpMyadmin versions.. is setting up a dns3. and dns4. and asking customers to use that important for fast migration?
View 5 Replies
View Related
Mar 23, 2007
i have a dedicated server running plesk, and ive found that one site is using alot of apache processes, which is pushing up the server load quite a lot, so im wondering if anyone can tell me how to find out which site is causing the problems?
View 3 Replies
View Related
May 10, 2009
i have server
system centos5.2
Apache 2.2.11
PHP 5.2.9
how can install HP/Java Bridge?
in this link he said install Apache Tomcat
but i have Apache 2
[url]
View 3 Replies
View Related
Feb 5, 2008
how to setup a cron job to copy files & directories from one folder to the root folder. I have CPanel X.
My root directory is public_html/
I have another directory public_html/uploads containing both files and directories.
I need a cron job that will copy all the files & directories from public_html/uploads to the root public_html/
If it helps, here is some system info
General server information:
Operating system Linux
Service Status Click to View
Kernel version 2.6.22_hg_grsec_pax
Apache version 1.3.39 (Unix)
PERL version 5.8.8
Path to PERL /usr/bin/perl
Path to sendmail /usr/sbin/sendmail
PHP version 4.4.4
MySQL version 4.1.22-standard
cPanel Build 11.17.0-STABLE 19434
Theme cPanel X v2.6.0
View 1 Replies
View Related
Jul 6, 2008
I have a website that was running fine for a month or two until my host recently changed some settings on the server, and now it shows a bunch of errors. I contacted the host and they said >
"To avoid the errors, please do not use disabled function. If you need such functionality, you can have your own php.ini on your root http folder containing only necessary option"
Since I'm not a programer, I have no idea what they're talking about. So, I asked them how to do that, they're reply of course was>
"Please consult with the script writer on how to convert ini_set function in your code to php.ini seting. As the script is not encrypted, you can do it with commenting all ini_set calls and write a substitute on php.ini (Create php.ini file in webroot folder)."
I tried to contact the developer, but it appears he has gone MIA! So, now I am left with no clue how to fix the website, so I turn to you guys!
The website is [url]. You can see the errors in the header, but I'll post them here as well>>
"Warning: ini_set() has been disabled for security reasons in /home/buymydom/public_html/includes/global.php on line 3
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/buymydom/public_html/includes/global.php:3) in /home/buymydom/public_html/includes/global.php on line 32
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/buymydom/public_html/includes/global.php:3) in /home/buymydom/public_html/includes/global.php on line 32"
My question is, How do I convert ini_set function in my code to php.ini?
View 3 Replies
View Related
Nov 25, 2007
i would like to copy index.shtml to these folder in 1 command ...
PHP Code:
[root@BOX wp-content]# ls -latotal 48drwxr-xr-x 9 sitename sitename 4096 Nov 25 16:06 .drwxr-xr-x 6 sitename sitename 4096 Nov 25 15:52 ..drwxrwxrwx 3 sitename sitename 4096 Nov 25 16:05 backupdrwxr-xr-x 2 sitename sitename 4096 Nov 16 15:39 cachedrwxrwxrwx 3 sitename sitename 4096 Nov 25 16:05 gallery-rwxr-xr-x 1 sitename sitename 30 May 5 2007 index.php-rw-r--r-- 1 sitename sitename 457 Nov 25 16:06 index.shtmldrwxrwxrwx 3 sitename sitename 4096 Nov 16 16:27 photosdrwxr-xr-x 28 sitename sitename 4096 Nov 25 15:57 pluginsdrwxr-xr-x 8 sitename sitename 4096 Nov 22 03:01 themesdrwxr-xr-x 3 sitename sitename 4096 Nov 16 04:04 uploads-rw-r--r-- 1 sitename sitename 909 Nov 16 15:43 wp-cache-config.php[root@BOX wp-content]#
i mean to let index.shtml index uploads and themes .....etc in 1 command .
View 12 Replies
View Related
Jun 26, 2008
How do you get Exim to rewrite/remove
Received: from ip.isp.com ([123.123.123.123])
by mx.myhost.net with esmtpa (Exim 4.69)
I'm trying to avoid the error
Received-SPF: softfail (google.com: domain of transitioning me@myhost.net does not designate 123.123.123.123 as permitted sender) client-ip=123.123.123.123;
Basically, any email thats sent through myhost.net should look like it was sent directly.
View 2 Replies
View Related
May 30, 2005
This one's pretty simple really, but given the fact that I'm constantly running into crond stops with CPanel servers (no clue why, or where, but it's happening), I'll post this here. If it helps someone, then great, if not, hey, no worries.
Firstly, login as root to your server through ssh, however you usually do .
Next, the script (we'll call it /bin/croncheck.sh). Use whatever editor you choose to create the file.
#!/bin/bash .......
View 14 Replies
View Related
Mar 10, 2005
If you receive the following errors while trying to install a Perl Module through the WHM ...
View 1 Replies
View Related
Apr 1, 2007
I have had great difficulty in setting up OpenVPN, so I thought, when I finally do get it to work, I will write a HOWTO, so other can hopefully benefit
This guide was done using a FC4 VPS, running on Xen, it will work on OpenVZ, all you need to do is ask your VPS provider to install tun support.
1.First of all get a few additional repos, If you already have your repos setup, skip this step
If you have Fedora 3, follow these steps,
[url]
If you have Fedora 4, follow these steps,
[url]
If you have Fedora 5, follow these steps,
[url]
If you have CentOS, follow the additional third party CentOS repos
[url]
Then issue these commands, each line is a new command, anything beginning with "#" are comments so dont try to execute those.
Code:
yum update
yum install openssl openssl-devel
# openssl and openssl-devel may be installed already
so dont worry
2. Right, now you want to install OpenVPN, here are the commands,
Code:
yum install openvpn -y
#Now check that it works
service openvpn start
service openvpn stop
3. A few things to setup before you can make certificates, issue these commands,
Code:
find / -name "easy-rsa"
#you should get an output like this
/usr/share/doc/openvpn-2.0.7/easy-rsa
#Now, make a copy of the easy-rsa directory, to /etc/openvpn/ ( make sure you #have put the right version number in i.e. mine was -2.0.7, change if needed)
cp -R /usr/share/doc/openvpn-2.0.7/easy-rsa /etc/openvpn/
cd /etc/openvpn/easy-rsa
chmod 777 *
mkdir /etc/openvpn/keys
4. You need to edit the vars file, located in /etc/openvpn/easy-rsa
You can use any editor you like, I used vi.
Change the line
Code:
export KEY_DIR=$D/keys
to
Code:
export KEY_DIR=/etc/openvpn/keys
Also at the bottom of this file you will see something similar to this,
Code:
export KEY_COUNTRY=US
export KEY_PROVINCE=CA
export KEY_CITY=SOMEWHERE
export KEY_ORG="My Org"
export KEY_EMAIL=me@mydomain.com
Change this to your own values.
5. Now its time to make the certificates, enter these commands
Code:
. ./vars
Code:
./clean-all
Code:
./build-ca
# just hit enter to the defaults apart from Common Name, this must be unique
# call it something like mydomain-ca
Code:
./build-key-server server
Code:
./build-key client1
# remember that common name must be unique e.g. use mydomain-client1
# and YES you want to sign the keys
Code:
./build-key client2
# do this step for as many clients as you need.
Code:
./build-dh
6. We are almost done now
right we need to create a few config files, you can download my template from here,
Code:
cd /etc/openvpn
Code:
wget www.designpc.co.uk/downloads/server.conf
# make sure you change a few things in the server.conf file, like DNS
# servers
Code:
touch server-tcp.log
~ this makes the log file..
Code:
touch ipp.txt
this makes the IP reservation list.
7. You need to make a few changes to OpenVPN itself. Go to..
Code:
cd /etc/init.d/
edit the openvpn file
#Uncomment this line (line 119)
Code:
echo 1 > /proc/sys/net/ipv4/ip_forward
Add these lines below it, changing 123.123.123.123 to your public IP address,
Code:
iptables -t nat -A POSTROUTING -s 192.168.2.3 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.4 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.5 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.6 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.7 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.8 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.9 -j SNAT --to 123.123.123.123
iptables -t nat -A POSTROUTING -s 192.168.2.10 -j SNAT --to 123.123.123.123
Now install iptables if you dont have it already,
Code:
yum install iptables
#test it
service iptables start
service iptables stop
8. Now for the client config files. If your client is a Windows machine, make sure you have installed OpenVPN, use the gui version, downloadable from here;
[url]
You need to copy a few files from the server to your client machine, here is the list, located in /etc/openvpn/keys/
## WARNING ## Use a secure way of transferring these files off the server, something like WinSCP.
ca.crt
client1.csr
client1.key
client1.crt
Put these files in this directory C:Program FilesOpenVPNconfig
Now you need to make a client config, here is an example..
PHP Code:
clientdev tunproto tcp#Change my.publicdomain.com to your public domain or IP addressremote my.publicdomain.com 1194resolv-retry infinitenobindpersist-keypersist-tunca ca.crtcert client1.crtkey client1.keyns-cert-type server#DNS Options here, CHANGE THESE !!push "dhcp-option DNS 123.123.123.123"push "dhcp-option DNS 123.123.123.124"comp-lzoverb 3
Make sure you edit any of the lines with comments above them.
Call this file client1.opvn and put it in C:Program FilesOpenVPNconfig
Make sure the file extension is .opvn not .txt
To connect right click on OpenVPN in the taskbar >> Connect
To test ping 192.168.2.1
View 14 Replies
View Related
May 2, 2007
I am having issues in receieving emails. For some reason, the rbl lists I had setup are causing the server to reject emails (retry - timeout). So, I need to take this rbl list completely. How can I do that? exim.conf is locked and using the advanced editor is no fun even though I tried it putting the dnslists without the rbl causing the problem.
View 3 Replies
View Related
Mar 28, 2009
What are some good and reliable RBL for use in Exim on Cpanel? Please provide full urls.
View 5 Replies
View Related
Jun 25, 2008
I'm having an issue with email generated from a website contact form. The email is being sent from the website via php. The issue is that the email address that it is being sent to is a domain/website that is also on cpanel. It is trying to deliver it to a local account, but the email is acutally on a third party system outside of cpanel. Does anyone know anyway for exim to not try and deliver locally?
View 4 Replies
View Related
Jun 2, 2008
I seem to be experiencing some difficulty adding SPF records via "Edit DNS Zone". When adding these records and checking them with several SPF record checkers, it always reports a record such as the following:
v=spf1
Which turns out to be invalid, and definitely not the record I had specified. The record I specified looks like the following:
"v=spf1 a mx ip4:XXX.XXX.XXX.XXX ~all"
XXX.XXX.XXX.XXX being a valid IP, of course.
Is there known issues when adding these types of records via WHM?
And to make it clear, I have added these records as TXT type, with and without the quotes.
View 8 Replies
View Related
Feb 21, 2007
Wondered if anyone out there would like to share their experience, if any, of setting up cpanel to work with domainkeys via exim.
Hopefully anyone reading this thread will know by now what domainkeys are and how it affects the delivering of email to most major email providers inboxes rather than spam/bulk folders.
antispam.yahoo.com/domainkeys
The domainkeys support for exim is now in the 'experimental' phase:
duncanthrax.net/exim-experimental/
(page allegedly updated on 30th Oct, 06)
However cpanel themselves seem to be dragging their feet a little with implementing it:
bugzilla.cpanel.net/show_bug.cgi?id=4099
This is understandable considering support for domainkeys is not yet part of the main exim core code, and thus is likely to change. From what I've been reading elsewhere, re-compiling and upgrading exim is not advisable with cpanel.
My knowledge of exim (and cpanel TBH) is limited however, and I was wondering what might be the implications of *ahem* hacking it a little in order to enable domainkeys.
SPF records alone just don't seem to cut it anymore.
View 0 Replies
View Related
Aug 6, 2007
change some variables in exim.conf so that they will not be modified next time cPanel will update exim.
Basically I need to modify this:
smtp_banner and rfc1413_query_timeout.
View 4 Replies
View Related
Sep 11, 2008
more specific filtering options in cpanel exactly:
if header from contains 'example' and also header from contains 'example2' then discard
in cpanel it just has one word or phrase i need the filter to check for 2 words in any order in the from field
View 1 Replies
View Related
Nov 8, 2007
We are having trouble with disk space on some of our shared hosting servers and we are wondering if anyone have a script to clean e-mails from exim not checked in the last 60 days ?
View 1 Replies
View Related