Category Archives: Linux

General Discussion threads regarding Linux/UNIX

Parallels Plesk Postfix Mail Queue Spam Issue

Over the weekend I noticed that SMTP traffic on one of the domains I host was sending an abnormal amount of SMTP traffic. In Parallels Plesk the Postfix Mail Queue showed upwards of 65,000 emails stuck in the queue. This was especially alarming because the domain does not have any email accounts. Based on the domain traffic activity report within Plesk it was clear that the emails were coming from domain.com.

I spent some time searching the internet and found a few very valuable pieces of information:

I should also mention that Plesk 12 has a new feature which allows you to set limits on outgoing mail flow. The first step I took was to restrict mail flow for domain.com. You can control mail flow at the following levels from within the Plesk Control Panel; Default per Mailbox, Default per Domain, Default per Subscription.

Here are the steps I took to resolve the Postfix Spam problem:

Step 1) I set the outgoing mail flow to 0 for the domain in question. I then ran some of the built in Plesk tools such as Watchdog security scan. Watchdog threw a couple of warnings but there weren’t any issues other than normal alerts (SSH enabled, root access, etc.).

Step 2) In PHP 5.3.0. developers created a brilliant way to track emails sent via PHP scripts. In order to use this new feature you have to create a log file for PHP to write to:

  • Create log file
    touch /var/log/php-mail.log
    
  • Change permissions of log file
    chmod 777 /var/log/php-mail.log
    

Step 3) Once you create the log file and change the permissions for PHP you need to log into Parallels Plesk and modify the PHP settings: (specific to the domain in question)

  • Modify PHP settings for suspect domain
    • Added the following entries
      add_x_header = On
      mail.log = /var/log/phpmail.log
      

Parallels Plesk PHP parameters (domain specific)

Step 4) After a short period of time (less that a minute) the log file began to fill with data:

mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit
mail() on [/var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php:1]: To: [email protected] -- Headers: From: "Molly Weiss" <[email protected]>  Reply-To:"Molly Weiss" <[email protected]>  X-Priority: 3 (Normal)  MIME-Version: 1.0  Content-Type: text/html; charset="iso-8859-1"  Content-Transfer-Encoding: 8bit

Based on the data I was able to identify the following file: /var/www/vhosts/domain.com/httpdocs/drupal_dev/modules/taxonomy/ini.php. This file was embedded within the suspect domains website directory. I am not totally sure how it got there but my guess is through an exploit in Drupal or an incorrect permission as I was developing a new website in Drupal.

I moved the file to a different directory, changed its permissions and downloaded it from the server for further investigation. Since the removal of this file there have been no further issues with the domain sending spam.

Due to this issue I have changed all passwords. Depending on what I find I may even look at an entire rebuild however I don’t believe it is required.

If you have had any similar issues please share or if you think missed something please let me know.

Fedora Core 21 Server running in Hyper-V Windows 8.1

Over the weekend I decided to install Fedora Core 21 Server on my Windows 8.1 home server running Hyper-V. I was able to install Fedora Core 21 Server without having to run Linux Integration Services which is very nice as network, mouse/keyboard, hard drive functions work “out-of-the-box.”

On initial installation I disabled “Secure Boot.” In most cases I find that UEFI “Secure Boot” for Linux Virtual Machines in Hyper-V does not work.

Fedora Core 21 must have built in kernel support for Hyper-V however I have not been able to find any official documentation regarding “native kernel support for Hyper-V.” Fedora Core is similar to Red Hat and Cent OS so I am assuming the development team has included  native kernel support for Hyper-V, as they do with the newer releases of Red Hat and Cent OS.

It is worth noting that Hyper-V does not report Integration Services status or an IP address via the Hyper-V management console. Based on my experience with Hyper-V only Window’s Virtual Machines are reliable when reporting status such as Integration Services, Network IP, Heartbeat, etc.

Microsoft Tech Net highlights Linux Virtual Machine Guest Operating System Support here. Note that Fedora Core is not amongst the supported guest operating systems.

I also tried installing Fedora Core 21 Workstation which did not work. The Cloud version of Fedora Core 21Cloud requires a different environment in order to be deployed (openstack).

Basic Linux Commands

Here are some basic Linux commands I think will help beginner users… Obviously if you are a Linux admin you need to know much more. A beginner to Linux should know that these commands are run from a terminal, if you do not know what a terminal is then this post is probably not for you. If you want to know what a terminal is I suggest you GOOGLE it. You should also be aware that these commands are for Red Hat based systems (Red Hat, Cent OS, Fedora Core)

man program-name — this command is short for manual, when you run “man vi” this will display the manual for vi. vi is a text editor in Linux

which name — this command tells you if the specific command is in your path, the path being your environment variables

exit — this will close the terminal or exit the current users session

rpm — Red Hat Package Management

yum — Yellowdog Updater, Modified

whoami — tells you which user you are

ls — list directory contents

cd — change directory

clear — clear screen

history — shows the history for previously executed commands

mkdir directory-name — make a directory

cp — copy a file, directory, etc
cp file1.txt file2.txt

mv — move a file, directory, etc
mv file.txt file1.txt

The above commands are very basic and will help get a user started with Linux/UNIX with the terminal or command line. There are many more commands and I will add/update this post from time to time. If someone thinks I have missed an important command for beginners please let me know and I will be sure to post it!

VMware Server 2.0 and Windows 8 Pro Compatibility

VMware Server 2.0 and Windows 8 Pro are not compatible. Last weekend I upgraded my Windows 7 Ultimate PC to Windows 8 Pro. I was running VMware Server 2.0 and after the upgrade to Windows 8 Pro the VMware service would not start.

I tried to uninstall and re-install VMware Server 2.0 but it does not like Windows 8 Pro. If anything changes I will be sure to post back. The Windows 8 Upgrade Assistant indicated that VMware Server was compatible but my “hands on” experience indicates otherwise.

Microsoft now includes Hyper-V for Windows 8 Pro. I can rebuild my virtual machines in Hyper-V which is nice. Be aware though Hyper-V only supports certain Operating Systems: Guest OS Support. You also need hardware which supports Hyper-V.

In addition to the above Hyper-V Guest OS support the following Linux Guests are supported but a Microsoft add-on is required: Hyper-V Linux Guest Support

wordpress permalink

I finally got around to configuring Permalinks in WordPress! Some of you might laugh but based on my server configuration I had to do a little bit of research, configuring Permalinks in WordPress on a Parallels Plesk system requires a few minor modifications to the vhost which is hosting the WordPress Blog.

1) The first step is to check the directory of your vhost, you want to check for the .htaccess file:

ls -la /var/www/vhosts/<vhost-name>/conf

2) In my case the .htaccess file was not there, so I had to create it

touch /var/www/vhosts/<vhost-name>/conf/.htaccess

3) Make sure you change permissions on the file

chown root:apache /var/www/vhosts/<vhost-name>/conf/.htaccess

4) Edit the file accordingly, add the lines WordPress tells you to under “Settings –> Permalink.”

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

5) Now you need to reconfigure the individual vhost

/usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=<vhost-name>

Or the new way Parallels Plesk requires you to do it (the above one works but you receive and warning: WARNING: You are using obsolete option, use corresponding option of httpdmng). See this post by Bryan White

 /usr/local/psa/admin/bin/httpdmng –reconfigure-domain skrakes.com

6) Test your WordPress Blog, the Permalink should now be working!