Archive for October, 2011

Windows 7 explorer really slow to open “Searching for items”

and the green bar of death, taking maybe 10 or 15 seconds before you can use the folder.

Another ‘feature’ of Windows 7 apparently:
http://www.sevenforums.com/performance-maintenance/10330-explorer-slow-large-folders.html

(in case the link goes bad: select the folder -> properties ->customize -> and set type to general (or something other than whatever it is)

Thursday, October 20th, 2011 Frustration, Windows 7 system No Comments

WTF…wordpress lost all my catagories!

No, not really. But if /tmp fills up that’s one of the symptoms.

Thursday, October 13th, 2011 Uncategorized No Comments

Useful Plesk info links

http://mycutelife.net/wiki/index.php?title=Plesk

Thursday, October 13th, 2011 Uncategorized No Comments

gmail and TLS problem with qmail or postfix on Plesk systems

I fixed this once in June but never wrote it down. It seems to have broken again.  Here’s the original notes I had below.

(and an additional reminder: most ISPs are going to block port 25 so you need to telnet from some place with a real internet connection)

Bit of self followup to the original post below.

Testing via telent:
ehlo foo.com
250-u########.com
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250 8BITMIME
starttls
454 4.3.3 TLS not available

In looking for answers one common theme was that /var/qmail/control/servercert.pem must be “bad” but as noted below changing it didn’t make a difference. I’ve now also noted that *removing* it doesn’t make a difference either, and qmail doesn’t seem to create any error messages.

My system is totally stock. So it seems like the default Plesk install of qmail has a broken TLS implementation? Seems unlikely. I have no idea where problem might be.

========================================================================================
About 3 weeks ago I started noticing that email from gmail users was not making it through the server. I think it’s some sort of TLS problem but I’m not clear as to what changed and/or how to fix it.

Plesk 10.2.0 with psa-qmail 1.03-cos5.build1011110330.18

My server reports:
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-STARTTLS
250 8BITMIME

but if I trace the the google/qmail exchange I see this:
30811] select mask – CLT-RCV CLT-SND SRV-RCV
30811] >Client: 454 4.3.3 TLS not available

after some searching I found this:
http://www.google.com/support/forum/p/gm…f1789f768&hl=en

and following the same steps as in that post it would appear /var/qmail/control/servercert.pem has a problem as when I try
openssl verify servercert.pem
I get
error 20 at 0 depth lookup:unable to get local issuer certificate

Following the references to here to create a new one:
http://forum.parallels.com/showthread.php?t=7113

but when I test SSL on port 25 it I still get the same error message:
8982:error:140770FCSL routinesSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:

And how did I fix it? GFQ, as the only notes I made was:

I switched from qmail to postfix as the MTA. However the same TLS problem was showing up. However, unlike qmail, with postfix I could actually figure out how to shut off TLS.

So now I seem to need to fix it again, and this time I’ll make a note about what postfix file you edit to disable TLS. I suspect an upgrade of Plesk changed some settings, that seems to happen sometimes…and I forgot to backup /etc before starting this last time around.

Just for the record, same problem as before:

ehlo foo.com
250-u######.com
250-SIZE 10240000
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5
250-XFORWARD NAME ADDR PROTO HELO SOURCE
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
starttls
454 4.3.3 TLS not available

Some links on the topic:
http://serverfault.com/questions/129771/how-to-disable-tls-in-postfix
http://www.postfix.org/TLS_README.html

so in main.cf find/edit this section:

smtpd_tls_security_level = none # was may
smtpd_use_tls = yes
smtp_tls_security_level = may
smtp_use_tls = no

Monday, October 10th, 2011 Linux, Servers & Internet No Comments