Back to main siteLinux
Simple .php package check
I have no knowledge of php so rather than figure this out again here’s what I did. Probably has a million mistakes.
<?php
require_once 'PEAR/Registry.php';
// First see what the command line does
print("<p>pear list<br>");
$output = shell_exec('pear list');
echo "$output";
// Now see what we get
$pear = new PEAR_Config();
$pear_reg = $pear->getRegistry();
$pear_info = $pear_reg->packageInfo("PEAR");
$pear_list = $pear_reg->listPackages();
$result = count($pear_list);
echo "\n<p> pear_list has element count of ";
echo "$result </p>\n";
foreach ($pear_list as $value)
{
print_r($value);
echo " <br>\n";
}
echo "\n=====================================================<br>";
require_once 'PEAR/Info.php';
$res = PEAR_Info::packageInstalled("Mail_Mime");
echo "$res <br>\n";
?>
Notes on installing Maia on CentOS 7 Plesk 12.5
Wasn’t clear to me that Maia is a fork of amavisd-new, so you don’t need amavis? No clear instructions for installing 1.0.4, but found this install script to look at: http://pastebin.com/RsrxPkxG
Basically pick a set of directions and adapt them to work in the specific environment of the system. The two config tests http://www.maiamailguard.com/maia/wiki/configtest.pl and http://www.maiamailguard.com/maia/wiki/configtest.php are helpful (required) to figure out what’s missing. But also look at the server logs as the config test will say it’s happy when in fact things aren’t right.
To fix the open_basedir issues I ended up with:
{WEBSPACEROOT}{/}{:}{TMP}{/}:/usr/share/pear/Smarty/:/usr/share/pear/PEAR/:/usr/share/pear/
There’s a lot of packages that have to be added (using pear). This one though didn’t come up as needed but it is:
pear install PEAR_Info
Also: listPackages() and listAllPackages() return different types (I used these to check the config). listPackages() works as expected when the .php file is called from the command line, but it returns null when apache runs it. ini_get(“include_path”); indicates the include paths are the same between command line and apache. Only hint is that when run from the command line it’s not finding ../config.php (which is in the maia dir). That’s explained by different environment variables…$_SERVER[‘DOCUMENT_ROOT’]. Changing that for testing that doesn’t provide any more info as to why it works from command line and not from apache.
Looks like under apache is wants to look here: /usr/share/pear/ for confg files, but from the command like it looks here (and this is where they are): /var/lib/pear/
Why does apache not know where to look?
specifically apache is looking for (from getRegistry() ):
: statedir :/usr/share/pear/.registry
: filemap :/usr/share/pear/.filemap
: channelsdir :/usr/share/pear/.channels
: lockfile :/usr/share/pear/.lock
but that’s not where those files are.
gave up and did the obvious
ln -s /var/lib/pear/.registry .registry ln -s /var/lib/pear/.filemap .filemap ln -s /var/lib/pear/.channels .channels ln -s /var/lib/pear/.lock .lock
and didn’t work as open_basedir restrictions don’t include those. Slog through the errors and add them and finally it’s all green…except there’s still errors getting logged. Rinse & repeat…
Trying the login page, a bunch of errors, but some can probably be ignored. But this one:
AH01071: Got error 'PHP message: PHP Fatal error: Call to undefined function: MDB2_Driver_mysql::raiseError(). in /usr/share/pear/MDB2.php on line 1936\n'
is fatal, though I suspect I need to chase what got it to that line and not the missing function. Worry that maiamailguard is just too old/out of date and the problems will never stop…
more odd things to do:
pear upgrade MDB2-beta
minimal .php program to figure out the environment
<?php phpinfo();?>
in smarty.php had to change this:
if (isset($smarty_path)) {
ini_set('include_path', $smarty_path . ":" . ini_get('include_path'));
require_once ("Smarty.class.php");
} else {
require_once ("Smarty/Smarty.class.php");
}
Change Smarty -> smarty.
The search for a simple to use spam system continues
Can’t believe how many of them don’t seem to handle forwarding only accounts…
Amavis-new would seem to be a good solution for the back end that sits on top of the spam/virus stuff
https://www.ijs.si/software/amavisd/ and appears to still be active.
However a web based front end for it (but not trying to control postfix, which Pesk is handling) isn’t so obvious. Most of the things listed on the amavis page are long since abandoned. MailZu would have been a possible fit that’s in this category. ‘course someone that knows what they’re doing might figure out to use these old packages…not me though.
Maia Mailguard seems to be the best option in terms of functionality but seems unsupported at the moment. http://www.maiamailguard.com/maia/wiki/AboutMaia For some reason their mailman lists aren’t publicly available and there’s no search, so no way to look for answers to problems. Seems like there’s very little activity. This list seems to have occasional activity: http://maia-users.renaissoft.narkive.com/
Current release is on this fork here: https://github.com/technion/maia_mailguard and install info was apparently going to be here: https://github.com/technion/maia_mailguard/wiki/Installation-Guides
Things I looked at:
https://wiki.gentoo.org/wiki/Mailfiltering_Gateway Not helpful when using Plesk but does show how this all fits together.
http://forums.sentora.org/showthread.php?tid=1132
https://wiki.centos.org/HowTos/Amavisd
http://www.purplehat.org/?page_id=16 Maia install – covers 1.0.4 which is important as it sounds like earlier versions were different
https://www.howtoforge.com/installing-maia-mailguard-on-debian-lenny
http://www.phpexpert.net/maia_mailguard.html
More things with plesk 12.5 setup
/etc/aliases : fix entry for root to point to a valid email address. run newaliases after changing (maybe retsart postfix too?)
greylisting may get turned on for new domains. Check with:
/usr/local/psa/bin/grey_listing --info-domain domain.tld
turn off with:
/usr/local/psa/bin/grey_listing -ud ldomain.tld -status off
/etc/postfix/main.cf needs:
mydestination = $myhostname, localhost.$mydomain, localhost, localhost.localdomain
Plesk repair utility – hugely useful tool for dealing with issues. Seems like migrating domains leaves some bad thing around.
Ways to test DNSBL is working:
http://postfix.1071664.n5.nabble.com/Logging-DNSBL-rejections-td68920.html (telnet to 127.0.02)
http://www.crynwr.com/spam/ This is really useful and really hard to find…
Needed to set open_basedir for some php stuff, but doing it from the Plesk panel for php for the domain didn’t seem to work. Can’t tell where it’s even putting it.
found it in vhost.conf.
Setting up ASSP on CentOS 7 – punt
Spam Assassin is the default anti-spam package with Plesk, but for a server with no mail accounts it (at least for me) is useless as there’s no way to know what mail it’s rejecting. Experience with other systems has shown that astronomy related mail seems to be disliked by spam filters.
ASSP seems better suited to a system that doesn’t have local users (i.e. mailman, mail forwarding, etc.). It also looks pretty complex to install and get running. And it’s not clear how it can get trained given (almost) no mailboxes. Using ASSP 2.5.1.
First problem after installing (unzipping…) was failing to load about a dozen perl modules. installed cpan to try and figure it out, but some of the packages seem to have problems installing and had to be manually installed. Keep checking moduleLoadErrors.txt until it’s clean (look at Can’t locate X in @INC to figure out what package is missing, which is probably different than the module that caused the error) (this took multiple iterations…several hours)
In cpan, install Term::ReadLine::Gnu to get a working console. It needs ncurses-devel and readline-devel to be installed.
ASSP will want to use ClamAV, which isn’t installed as Plesk uses their own AV. (and not sure I want to use it vs. the stuff included with Plesk, just doing this to make module errors go away) Looks like there’s no simple install on CentOS 7 for clamav (clamd was missing after following the directions). Google for answers if this happens. (maybe this is helpful https://linux-audit.com/install-clamav-on-centos-7-using-freshclam/ ) Notes that those directions put clamd.conf not where clamd expects to find it (see man).
No response from the webserver. Can telnet to the server locally…Open port 55555 in the firewall(s). Change the default password (good luck, it’s buried somewhere that I can’t find again)
There’s a reference manual but so far no noob oriented “here’s how to get started for a simple system.” This tutorial seems the closest to that: https://vorkbaard.nl/installing-assp-spamfilter-on-ubuntu-server-14-04-lts/ though the stupid Linux system flavor differences don’t make it a brainless “copy these steps” for CentOS. As well as it’s for a way more complex setup than being done here.
There are comments about adding user(s) but so far have not found where that magical setting is.
Changed the smtp ports and restarted assp but it won’t respond on port 25, no error messages. The more I read about assp it does not seem like the right thing. Noticed when looking for more info about assp that spam assassin maybe can save reject messages so going to look at that as SA is already integrated in to Plesk, etc., so would probably be less headaches than assp.
gmail and TLS problem with qmail or postfix on Plesk systems
I fixed this once in June but never wrote it down. It seems to have broken again. Here’s the original notes I had below.
(and an additional reminder: most ISPs are going to block port 25 so you need to telnet from some place with a real internet connection)
Bit of self followup to the original post below.
Testing via telent:
ehlo foo.com
250-u########.com
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250 8BITMIME
starttls
454 4.3.3 TLS not availableIn looking for answers one common theme was that /var/qmail/control/servercert.pem must be “bad” but as noted below changing it didn’t make a difference. I’ve now also noted that *removing* it doesn’t make a difference either, and qmail doesn’t seem to create any error messages.
My system is totally stock. So it seems like the default Plesk install of qmail has a broken TLS implementation? Seems unlikely. I have no idea where problem might be.
========================================================================================
About 3 weeks ago I started noticing that email from gmail users was not making it through the server. I think it’s some sort of TLS problem but I’m not clear as to what changed and/or how to fix it.Plesk 10.2.0 with psa-qmail 1.03-cos5.build1011110330.18
My server reports:
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250 8BITMIMEbut if I trace the the google/qmail exchange I see this:
30811] select mask – CLT-RCV CLT-SND SRV-RCV
30811] >Client: 454 4.3.3 TLS not availableafter some searching I found this:
http://www.google.com/support/forum/p/gm…f1789f768&hl=enand following the same steps as in that post it would appear /var/qmail/control/servercert.pem has a problem as when I try
openssl verify servercert.pem
I get
error 20 at 0 depth lookup:unable to get local issuer certificateFollowing the references to here to create a new one:
http://forum.parallels.com/showthread.php?t=7113but when I test SSL on port 25 it I still get the same error message:
8982:error:140770FCSL routinesSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:
And how did I fix it? GFQ, as the only notes I made was:
I switched from qmail to postfix as the MTA. However the same TLS problem was showing up. However, unlike qmail, with postfix I could actually figure out how to shut off TLS.
So now I seem to need to fix it again, and this time I’ll make a note about what postfix file you edit to disable TLS. I suspect an upgrade of Plesk changed some settings, that seems to happen sometimes…and I forgot to backup /etc before starting this last time around.
Just for the record, same problem as before:
ehlo foo.com
250-u######.com
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-XFORWARD NAME ADDR PROTO HELO SOURCE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
454 4.3.3 TLS not available
Some links on the topic:
http://serverfault.com/questions/129771/how-to-disable-tls-in-postfix
http://www.postfix.org/TLS_README.html
so in main.cf find/edit this section:
smtpd_tls_security_level = none # was may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no
Doxygen Graphviz DOT problem in Ubuntu 10.4 Lucid
The graphviz version graphviz 2.20.2-8 from Ubuntu’s repository seems to have some bug in DOT that causes it to hang.
The latest from http://www.graphviz.org/Download_linux_ubuntu.php is 2.26.3. However there’s maybe a funny in the dependencies as I needed the base and the lib packages graphviz_2.26.3-1_i386.deb & libgraphviz4_2.26.3-1_i386.deb as otherwise tryign to run DOT without the lib package you get:
dot: error while loading shared libraries: libgvc.so.5: cannot open shared object file: No such file or directory
Makefile debugging article
Makefiles are pure evil. The concept was nice but working with them is awful. I have wasted more hours/days/weeks chasing down makefile problems because the #@$#*$ idjiots that came up with the idea must have assumed nobody would use more than one makefile and build nothing more complicated than ‘hello world’. I put this right up their with Microsoft’s Windows Registry as one of the top 10 dumbest implementations of a good idea ever.
Now I feel better…
http://www.drdobbs.com/tools/197003338
Debugging Makefiles By John Graham Cumming, February 05, 2007
Linux upstart instead of init.d
intro article
http://www.linuxplanet.com/linuxplanet/tutorials/7033/1/
but it makes it painful to figure out why something doesn’t start as there’s no way I’ve found to debug – i.e. it run the start/stop, etc in their own process and messages seem to get sent to /dev/null…an echo “hello” 1>&2 doesn’t end up in the logs. Someday I’ll understand why…
another link: http://upstart.ubuntu.com/
Linux GPL terminal program with logging and other features
So far this seems like the best terminal program for Linux:
http://software.jessies.org/terminator/
(there’s a couple of things that show up in google for Terminator)
Though for Windows I still like Secure CRT:
http://www.vandyke.com/