Simple .php package check

I have no knowledge of php so rather than figure this out again here’s what I did. Probably has a million mistakes.

<?php
require_once 'PEAR/Registry.php'; 
// First see what the command line does
print("<p>pear list<br>");
$output = shell_exec('pear list'); 
echo "$output";
// Now see what we get
$pear = new PEAR_Config();
$pear_reg = $pear->getRegistry();
$pear_info = $pear_reg->packageInfo("PEAR");
$pear_list = $pear_reg->listPackages();
$result = count($pear_list);
echo "\n<p> pear_list has element count of ";
echo "$result </p>\n";

foreach ($pear_list as $value)
{
print_r($value);
echo "    <br>\n";
}
echo "\n=====================================================<br>";
require_once 'PEAR/Info.php';
$res = PEAR_Info::packageInstalled("Mail_Mime");
echo "$res <br>\n";
?>

Notes on installing Maia on CentOS 7 Plesk 12.5

Wasn’t clear to me that Maia is a fork of amavisd-new, so you don’t need amavis? No clear instructions for installing 1.0.4, but found this install script to look at: http://pastebin.com/RsrxPkxG

Basically pick a set of directions and adapt them to work in the specific environment of the system. The two config tests http://www.maiamailguard.com/maia/wiki/configtest.pl and  http://www.maiamailguard.com/maia/wiki/configtest.php are helpful (required) to figure out what’s missing. But also look at the server logs as the config test will say it’s happy when in fact things aren’t right.

To fix the open_basedir issues I ended up with:

{WEBSPACEROOT}{/}{:}{TMP}{/}:/usr/share/pear/Smarty/:/usr/share/pear/PEAR/:/usr/share/pear/

There’s a lot of packages that have to be added (using pear). This one though didn’t come up as needed but it is:

pear install PEAR_Info

Also: listPackages() and listAllPackages() return different types (I used these to check the config). listPackages() works as expected when the .php file is called from the command line, but it returns null when apache runs it. ini_get(“include_path”); indicates the include paths are the same between command line and apache. Only hint is that when run from the command line it’s not finding ../config.php (which is in the maia dir). That’s explained by different environment variables…$_SERVER[‘DOCUMENT_ROOT’]. Changing that for testing that doesn’t provide any more info as to why it works from command line and not from apache.

Looks like under apache is wants to look here: /usr/share/pear/ for confg files, but from the command like it looks here (and this is where they are): /var/lib/pear/

Why does apache not know where to look?

specifically apache is looking for (from getRegistry() ):

: statedir :/usr/share/pear/.registry
: filemap :/usr/share/pear/.filemap
: channelsdir :/usr/share/pear/.channels
: lockfile :/usr/share/pear/.lock

but that’s not where those files are.

gave up and did the obvious

ln -s /var/lib/pear/.registry .registry
ln -s /var/lib/pear/.filemap .filemap
ln -s /var/lib/pear/.channels .channels
ln -s /var/lib/pear/.lock .lock

and didn’t work as open_basedir restrictions don’t include those. Slog through the errors and add them and finally it’s all green…except there’s still errors getting logged. Rinse & repeat…

Trying the login page, a bunch of errors, but some can probably be ignored. But this one:

AH01071: Got error 'PHP message: PHP Fatal error:  Call to undefined function: MDB2_Driver_mysql::raiseError(). in /usr/share/pear/MDB2.php on line 1936\n'

is fatal, though I suspect I need to chase what got it to that line and not the missing function. Worry that maiamailguard is just too old/out of date and the problems will never stop…

more odd things to do:

pear upgrade MDB2-beta

minimal .php program to figure out the environment

<?php phpinfo();?>

in smarty.php had to change this:

    if (isset($smarty_path)) {
      ini_set('include_path', $smarty_path . ":" . ini_get('include_path'));
      require_once ("Smarty.class.php");
    } else {
      require_once ("Smarty/Smarty.class.php");
    }

Change Smarty -> smarty.

The search for a simple to use spam system continues

Can’t believe how many of them don’t seem to handle forwarding only accounts…

Amavis-new would seem to be a good solution for the back end that sits on top of the spam/virus stuff

https://www.ijs.si/software/amavisd/ and appears to still be active.

However a web based front end for it (but not trying to control postfix, which Pesk is handling) isn’t so obvious. Most of the things listed on the amavis page are long since abandoned. MailZu would have been a possible fit that’s in this category. ‘course someone that knows what they’re doing might figure out to use these old packages…not me though.

Maia Mailguard seems to be the best option in terms of functionality but seems unsupported at the moment. http://www.maiamailguard.com/maia/wiki/AboutMaia For some reason their mailman lists aren’t publicly available and there’s no search, so no way to look for answers to problems. Seems like there’s very little activity. This list seems to have occasional activity: http://maia-users.renaissoft.narkive.com/

Current release is on this fork here: https://github.com/technion/maia_mailguard and install info was apparently going to be here: https://github.com/technion/maia_mailguard/wiki/Installation-Guides

Things I looked at:

https://wiki.gentoo.org/wiki/Mailfiltering_Gateway  Not helpful when using Plesk but does show how this all fits together.

http://forums.sentora.org/showthread.php?tid=1132

https://wiki.centos.org/HowTos/Amavisd

http://www.purplehat.org/?page_id=16 Maia install – covers 1.0.4 which is important as it sounds like earlier versions were different

https://www.howtoforge.com/installing-maia-mailguard-on-debian-lenny

http://www.phpexpert.net/maia_mailguard.html

More things with plesk 12.5 setup

/etc/aliases : fix entry for root to point to a valid email address. run newaliases after changing (maybe retsart postfix too?)

greylisting may get turned on for new domains. Check with:

/usr/local/psa/bin/grey_listing --info-domain domain.tld

turn off with:

/usr/local/psa/bin/grey_listing -ud ldomain.tld -status off

/etc/postfix/main.cf needs:

mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain

Plesk repair utility – hugely useful tool for dealing with issues. Seems like migrating domains leaves some bad thing around.

https://docs.plesk.com/en-US/12.5/administrator-guide/plesk-administration/plesk-repair-utility.74649/

Ways to test DNSBL is working:

http://postfix.1071664.n5.nabble.com/Logging-DNSBL-rejections-td68920.html  (telnet to 127.0.02)

http://www.crynwr.com/spam/  This is really useful and really hard to find…

Needed to set open_basedir for some php stuff, but doing it from the Plesk panel for php for the domain didn’t seem to work. Can’t tell where it’s even putting it.

found it in vhost.conf.

Setting up ASSP on CentOS 7 – punt

Spam Assassin is the default anti-spam package with Plesk, but for a server with no mail accounts it (at least for me) is useless as there’s no way to know what mail it’s rejecting. Experience with other systems has shown that astronomy related mail seems to be disliked by spam filters.

ASSP seems better suited to a system that doesn’t have local users (i.e. mailman, mail forwarding, etc.).  It also looks pretty complex to install and get running. And it’s not clear how it can get trained given (almost) no mailboxes. Using ASSP 2.5.1.

First problem after installing (unzipping…) was failing to load about a dozen perl modules. installed cpan to try and figure it out, but some of the packages seem to have problems installing and had to be manually installed. Keep checking moduleLoadErrors.txt until it’s clean (look at Can’t locate X in @INC to figure out what package is missing, which is probably different than the module that caused the error) (this took multiple iterations…several hours)

In cpan, install Term::ReadLine::Gnu to get a working console. It needs ncurses-devel and readline-devel to be installed.

ASSP will want to use ClamAV, which isn’t installed as Plesk uses their own AV. (and not sure I want to use it vs. the stuff included with Plesk, just doing this to make module errors go away) Looks like there’s no simple install on CentOS 7 for clamav (clamd was missing after following the directions).  Google for answers if this happens. (maybe this is helpful https://linux-audit.com/install-clamav-on-centos-7-using-freshclam/ ) Notes that those directions put clamd.conf not where clamd expects to find it (see man).

No response from the webserver. Can telnet to the server locally…Open port 55555 in the firewall(s). Change the default password (good luck, it’s buried somewhere that I can’t find again)

There’s a reference manual but so far no noob oriented “here’s how to get started for a simple system.” This tutorial seems the closest to that: https://vorkbaard.nl/installing-assp-spamfilter-on-ubuntu-server-14-04-lts/  though the stupid Linux system flavor differences don’t make it a brainless “copy these steps” for CentOS. As well as it’s for a way more complex setup than being done here.

There are comments about adding user(s) but so far have not found where that magical setting is.

Changed the smtp ports and restarted assp but it won’t respond on port 25, no error messages. The more I read about assp it does not seem like the right thing. Noticed when looking for more info about assp that spam assassin maybe can save reject messages so going to look at that as SA is already integrated in to Plesk, etc., so would probably be less headaches than assp.

Windows 7 explorer really slow to open “Searching for items”

and the green bar of death, taking maybe 10 or 15 seconds before you can use the folder.

Another ‘feature’ of Windows 7 apparently:
http://www.sevenforums.com/performance-maintenance/10330-explorer-slow-large-folders.html

(in case the link goes bad: select the folder -> properties ->customize -> and set type to general (or something other than whatever it is)

gmail and TLS problem with qmail or postfix on Plesk systems

I fixed this once in June but never wrote it down. It seems to have broken again.  Here’s the original notes I had below.

(and an additional reminder: most ISPs are going to block port 25 so you need to telnet from some place with a real internet connection)

Bit of self followup to the original post below.

Testing via telent:
ehlo foo.com
250-u########.com
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250 8BITMIME
starttls
454 4.3.3 TLS not available

In looking for answers one common theme was that /var/qmail/control/servercert.pem must be “bad” but as noted below changing it didn’t make a difference. I’ve now also noted that *removing* it doesn’t make a difference either, and qmail doesn’t seem to create any error messages.

My system is totally stock. So it seems like the default Plesk install of qmail has a broken TLS implementation? Seems unlikely. I have no idea where problem might be.

========================================================================================
About 3 weeks ago I started noticing that email from gmail users was not making it through the server. I think it’s some sort of TLS problem but I’m not clear as to what changed and/or how to fix it.

Plesk 10.2.0 with psa-qmail 1.03-cos5.build1011110330.18

My server reports:
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250 8BITMIME

but if I trace the the google/qmail exchange I see this:
30811] select mask – CLT-RCV CLT-SND SRV-RCV
30811] >Client: 454 4.3.3 TLS not available

after some searching I found this:
http://www.google.com/support/forum/p/gm…f1789f768&hl=en

and following the same steps as in that post it would appear /var/qmail/control/servercert.pem has a problem as when I try
openssl verify servercert.pem
I get
error 20 at 0 depth lookup:unable to get local issuer certificate

Following the references to here to create a new one:
http://forum.parallels.com/showthread.php?t=7113

but when I test SSL on port 25 it I still get the same error message:
8982:error:140770FCSL routinesSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:

And how did I fix it? GFQ, as the only notes I made was:

I switched from qmail to postfix as the MTA. However the same TLS problem was showing up. However, unlike qmail, with postfix I could actually figure out how to shut off TLS.

So now I seem to need to fix it again, and this time I’ll make a note about what postfix file you edit to disable TLS. I suspect an upgrade of Plesk changed some settings, that seems to happen sometimes…and I forgot to backup /etc before starting this last time around.

Just for the record, same problem as before:

ehlo foo.com
250-u######.com
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-XFORWARD NAME ADDR PROTO HELO SOURCE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
454 4.3.3 TLS not available

Some links on the topic:
http://serverfault.com/questions/129771/how-to-disable-tls-in-postfix
http://www.postfix.org/TLS_README.html

so in main.cf find/edit this section:

smtpd_tls_security_level = none # was may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no

Workaround to Framemaker bugs with transparent images

Transparent images by making them .eps in framemaker. (Framemaker has always had a serious design flaw in its ability to handle images, I guess the designers expected a white background on everything, the official excuse about text runaround makes no sense at all)

http://forums.adobe.com/message/2873005

Tags: framemaker eps transparency

Force delete of files in Windows 7

Easy to end up with files that Windows 7 won’t let you delete even as admin. Properties -> whatever is useless.

Found this on some random response on microsoft forum, but wasn’t quite right, so here’s what worked (where h:\del is the dir with stuff to delete in it)

takeown /f h:\del /r   (or maybe it needs ” ” around the path? Something not right…)

icacls “h:\del\*”  /grant %USERNAME%:F /T /C

rd /S h:\del

This still doesn’t get rid of all files but out of 20,000 that I couldn’t delete only 2 were left. Note I had to repeat this a couple of times, not sure why, but each time more got deleted.

Retrospect Express HD is not to be trusted

About 9 months ago picked up an Iomega eSata drive to use as backup.  It came with a cut down version of Retrospect, which I remember from long ago (for the Mac). So I figured I would use it for backup as all I wanted was daily incrementals of the entire PC (i.e. so if the HD died I could just restore to a new HD and not be more than a day off).

I tried pulling a few files after first installing & running, and it seemed to be working. Today however it popped up a “disk full, backup failed” error message, which is odd since it’s supposed to croak off old ones to free up space, etc.  The program showed  zero restore points…the support forum said to delete the .rbc file and it would rebuild it and all would be fine. Nope (and it took it 4 hours to come up empty…). So I figured maybe trying a backup…after another 4 hours or so it was now showing 26 restore points and then started the backup, which then died with the same disk full error.

So this now goes into the crapware category, as WTF good is backup software that you can’t recover a backup from?