Linux / Windows : Webhosting Technical Support: Mar 19, 2008

Wednesday, March 19, 2008

Updating and Compiling Apache and PHP

To update and compile everything, run the follwing:

cd /usr/local/directadmin/customapache
./build clean
rm -f configure.*
./build update
./build all
If you're running apache 2.0 use this instead:

cd /usr/local/directadmin/customapache
./build clean
rm -f configure.*
./build update
./build update_data_ap2
./build apache_2
./buld php_ap2 n
./build mod_perl_ap2
Once the update has completed, you'll need to restart apache:

RedHat:

/sbin/service httpd restart

FreeBSD:

/usr/local/etc/rc.d/httpd restart

Debian:

/etc/init.d/httpd restart

Useful exim commands

Here are some useful exim commands. They're useful if you have an overloaded queue and need to clear it out, or find out why the messagse are being piled up.

exim -M id #Try to send the message with id id

exim -qf #Tell exim to process the entire queue again
exim -qff #same as qf, but it will flush the frozen messages

exim -Mvl id #view the message log for message id
exim -Mvh id #view message id's headers
exim -Mvb id #view message id's body
exim -Mrm id #remove message id from the queue
exim -Mg id #fail and send a bounce to the sender
exim -bp | exiqsumm #Print summary of the messages in the queue
exiwhat #show what exim is doing right now
exim -bpc #show number of messages in the queue
exim -bp #print list of messages in the queue

The manual way to remove the entire queue is as follows

cd /var/spool
mv exim exim.old
mkdir -p exim/input
mkdir -p exim/msglog
mkdir -p exim/db
chown -R mail:mail exim
Then restart exim.

How to setup the Mail System

One common problem people have is an incorrectly setup mail system. Here is a list of rules that must be followed:

1) hostname must not match any domain that is being used on the system. Example, if you have a domain called domain.com and you want to recieve mail on user@domain.com, you must *not* set your hostname to domain.com. We recommend using server.domain.com instead. You must make sure that you add the A record for server.domain.com so that it resolves.

2) The hostname must be in the /etc/virtual/domains file.

3) The hostname must *not* be in the /etc/virtual/domainowners file.

4) The hostname must resolve. If not, add the required A records to the dns zone such that it does.

5) The directory /etc/virtual/hostname must exist.. (eg: /etc/virtual/server.domain.com). It must not contain any files.

6) Any domains that you want to use for email (eg: domain.com) must be in both the /etc/virtual/domains file and the /etc/virtual/domainowners file. The directory /etc/virtual/domain.com must exist and the files /etc/virtual/domain.com/passwd and /etc/virtual/domain.com/aliases exist.

7) File permissions for virtual pop inboxes should be:

/var/spool/virtual/domain.com 770 username:mail
/var/spool/virtual/domain.com/* 660 username:mail

If you've made any changes to you /etc/exim.conf file and require a fresh copy, you can retrieve one by running

wget -O /etc/exim.conf http://files.directadmin.com/services/exim4.conf
A restart of exim is required after installing a new exim.conf file.

8) Ensure your hostname does not contain any upper case letters.

9) Make sure that your main server IP has a reverse lookup on it.

Send a warning email to email account owners when they approach their inbox quota

If you wish to have exim send an warning to your email users when their inbox is reaching it's limit, edit your /etc/exim.conf, find the virtual_localdelivery:, just after the line that begins with quota = add:

quota_warn_threshold = 80%
quota_is_inclusive = false
quota_warn_message = "\
To: $local_part@$domain\n\
Subject: Your mailbox\n\n\
This message was automatically created\n\
by mail delivery software.\n\n\
The size of your mailbox $local_part has exceeded \n\
a warning threshold of 80 percent\n\
of your maximum mailbox size.\n"

Save, exit, and restart exim.

BYE Service not available xxx1.hostname.com IMAP4rev1 ...

If you see the error:

Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
* BYE Service not available localhost.localdomain IMAP4rev1 2003.339 at Fri, 9 Mar 2007 23:09:15 -0700 (MST)
Connection closed by foreign host.
Then delete your /etc/nologin file.

Webmail / Uebimiau shows the wrong date on 64-bit systems

If you have a weird timestamp when viewing the email in Uebimiau, then edit:

/var/www/html/webmail/smarty/plugins/shared.make_timestamp.php

and change:

if(empty($string)) {
$string = "now";
}
$time = strtotime($string);
to

if(empty($string)) {
$string = "now";
} else if(is_numeric($string)) {
return (int)$string;
}
$time = strtotime($string);

Server replied: 421 Unexpected failure, please try later

If Imap returns this error, then there might be something wrong with the smtp server. Check the /var/log/exim/mainlog (or /var/log/exim/exim_mainlog).

Errors seen before:

failed to open /etc/virtual/pophosts for linear search: No such file or directory

Fix:

touch /etc/virtual/pophosts

That would also imply that da-popb4smtp isn't running, so popb4smtp wouldn't work. To start it, run:

service da-popb4smtp start
or FreeBSD:

/usr/local/etc/rc.d/da-popb4smtp start

Using an external Mailserver

If you wish to use an external Mailserver, a few changes will need to be made.

1) Go to User Panel -> domain.com -> Email -> MX Records

There should be an option for "Local Mail Server". Uncheck that option.

2) You'll need to change the MX dns record to point to the external mailserver. Remove the "mail" MX record and add "other.domain.com." as the new MX record where that is the domain of the other server.

smtp transport process returned non-zero status 0x000b: terminated by signal 11

If you are receiving this error in your /var/log/exim/mainlog:

2006-01-10 23:01:14 1EwHYJ-0002q0-6y == user@domain.com R=lookuphost T=remote_smtp defer (-1): smtp transport process returned non-zero status 0x000b: terminated by signal 11
Then you can fix the issue by editing your /etc/exim.conf, and changing the following code:

remote_smtp:
driver = smtp
To be:

remote_smtp:
driver = smtp
hosts_avoid_tls=*
Save, exit, then restart exim.

My /etc/virtual/domainowners file is empty. How do I rebuild it?

Create a script with the following contents by running:

cd /etc/virtual
vi fix_domainowners.sh

press i to go into "insert" mode, then paste the following code:

#!/bin/sh

for u in `ls /usr/local/directadmin/data/users`; do
{
for d in `cat /usr/local/directadmin/data/users/$u/domains.list`; do
{
echo "$d: $u"

for p in `cat /usr/local/directadmin/data/users/$u/domains/$d.pointers | cut -d= -f1 2>/dev/null`; do
{
echo "$p: $u"
}
done;
}
done;
}
done;
Press ctrl-c to exit "insert" mode, the press shift-Z twice to save and exit. Once at the prompt, type:

chmod 755 fix_domainowners.sh
./fix_domainowners.sh > domainowners
chmod 644 domainowners
chown mail:mail domainowners

Unrouteable address

Update your exim.conf and exim.pl files

To make use of the newest exim settings and enhancements, you can update your exim.conf by running the following as root:

wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
echo 0 > limit
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage
If you are running dovecot, you will need to re-patch your exim.conf:

cd /usr/local/directadmin/customapache
patch -p0 <>
Then restart exim:
RedHat:

/sbin/service exim restart

Debian:

/etc/init.d/exim restart

FreeBSD:

/usr/local/etc/rc.d/exim restart

Exim is going crazy, how can I track down what it's doing?

If you have many exim processes, the first place to check is:
Admin Level -> Mail Queue Administration

Check for any patterns in the sender or recipient addresses.
Check the status of some of the message to see why they're in the queue.. if there is a common problem as to why they're in your queue (bottom textarea)

You can also get exim to create a stats page for you:

cd /var/log/exim
eximstats mainlog > stats.txt
less stats.txt
Check it to see where most of the emails are headed, either outbound or local.

I can login with squirrelmail (imap) but not with webmail/Outlook (pop)

Since imap uses root access while vm-pop3 doesn't, it's likely a permission issue. You can reset all email file permissions by typing:

cd /usr/local/directadmin/scripts
./set_permissions.sh email

Setting up Outlook to send through SMTP on port 587

Many IPs are now blocking port 25 outbound from end users to prevent spam from their network. A new standard is to use port 587 and setup exim to listen on port 587.

To setup Outlook to do this
1) Open Outlook.
2) Tools -> Accounts
3) go to the "Mail" tab.
4) select the account and click "Properties".
5) Go to the "Advanced" Tab in the new window.
6) Set the "Outgoing mail (SMTP)" option to 587 from 25. Hit "Ok".

Outlook should now use port 587 for sending mail.

You'll need to make sure you have exim listening on port 587.
You can do this by Installing the latest "SpamBlocker Version 2" or by using the related guide below.

550-Verification failed for user@email.com

This error will occur if exim cannot verify the sending email address. This might be because the domain doesn't return an MX record, or the email account itself doesn't exist.

To disable the check, edit your /etc/exim.conf and change

require verify = sender
to

#require verify = sender
And then restart exim.

Webmail quotas don't match actual quotas

The webmail program (Uebimiau) is it's own self contained program. Since it uses pop to view messages, it has to download them and store them to it's own temp location. This location is totally independant of any system qutoas setup by DirectAdmin.

To change the email quotas imposed by the webmail program, you must edit

/var/www/html/webmail/inc/config.php

and change the $quota_limit value to whatever you want:

$quota_limit = 20480; //this is 20 meg.

Using other programs such as squirrelmail which use imap will not run into this issue.

How to update your exim.conf

To make use of the newest exim settings and enhancements, you can update your exim.conf by running the following as root:

wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
echo 0 > limit
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage
If you are running dovecot, you will need to re-patch your exim.conf:

cd /usr/local/directadmin/customapache
patch -p0 <>
Then restart exim:
RedHat:

/sbin/service exim restart

Debian:

/etc/init.d/exim restart

FreeBSD:

/usr/local/etc/rc.d/exim restart

How to create an email account that deletes incoming mail

The easy way is to create a forwarder and send it to:

:blackhole:
or

:fail:

:blackhole: will accept the email, and not save it.
:fail: will send a fail message to the sender.

It has the same functionality as the catch-all account options.

How to compile exim from source

In this how-to, we'll outline how to install a fresh exim binary for your system. For compatibilities reasons, we'll make this a non-static binary, as since it's compiled right on your own system, you won't have any library issues.

We'll use exim 4.63 for this example. Change all occurances of 4.63 to the version you want to use.

wget ftp://mirror.direct.ca/pub/exim/exim/exim4/exim-4.63.tar.gz
tar xvzf exim-4.63.tar.gz
cd exim-4.63/Local
wget http://www.directadmin.com/Makefile
perl -pi -e 's/^EXTRALIBS/#EXTRALIBS/' Makefile
cd ..
make
make install
This will give you a new /usr/sbin/exim-4.63-1 binary which won't be what you want.. you'll need to rename it to /usr/sbin/exim:

cp -f /usr/sbin/exim-4.63-1 /usr/sbin/exim
chmod 4755 /usr/sbin/exim

Remember to restart exim after you're finished.

**Note: If you can't download the exim-4.63.tar.gz from the above link, just go to www.exim.org and find a different link there. It's the original source, unmodified by us, you can get it anywhere.

Force exim to send email from a particular IP

If you need to change the IP that is used to send email out of your systme, you can do so by editing your /etc/exim.conf.
Change:

remote_smtp:
driver = smtp
to:

remote_smtp:
driver = smtp
interface = 1.2.3.4
Where 1.2.3.4 is the IP you want exim to use.

Setting up DA with an SSL certificate

You can switch DirectAdmin to use SSL instead of plain text. -> https instead of http.

If you do not have your own certificates, you'll need to create your own:

/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes

chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

This is the old method, use either the one above, or this one. The end result is the same, but takes more steps.

openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cacert.pem -days 3653

openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cakey.pem

rm -f /usr/local/directadmin/conf/cakey.pem.tmp
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
(Paste these one at a time as the first 2 require user input)

If you already have your own certificate and key, then paste them into the following files:

certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after this change.

If you also have a CA Root Certificate, this can be specified by adding:

carootcert=/usr/local/directadmin/conf/carootcert.pem

into the /usr/local/directadmin/conf/directadmin.conf file (won't exist by default) and by pasting the contents of the caroot cert into that file.

How to add reverse IP Lookup on your IP's

Any modern verion of DA will be able to do this automatically.
Go to: Admin Level -> DNS Administration

Scroll to the bottom to the "Add Zone" section.

Enter your information normally:

domain name: server.hostname.com
ip: 1.2.3.4
ns1: ns1.hostname.com
ns2: ns2.hostname.com

where server.hostname.com is the hostname of your server.
The IP is your server IP (license IP)
and ns1/ns2 can be any NS your server uses.

Click the "Create Reverse IP Lookup" checkbox, then click "Add".

Wait a minute or so, then go into ssh to see if it worked:

dig -x 1.2.3.4
If it works, then you'll see a PTR record with your server name. If it doesn't you'll see a value that says "SOA" with likely your datacenters name beside it. This means that your datacenter has control over the lookup, so you'll have to contact them to set it up, as your server isn't queried when the lookup is done, even if it's correctly setup on your server.

The old fashioned/manual way to add the lookup (depreciated):

To add a reverse lookup on the IP 1.2.3.4, in your named.conf (RH: /etc/named.conf FBSD: /etc/namedb/named.conf) add

zone "4.3.2.1.in-addr.arpa" IN {
type master;
file "/var/named/hostname.db";
};
Note that the IP is written backwards (4.3.2.1).
In /var/named/hostname.db:

$TTL 0
@ IN SOA ns1.domain.com. root.domain.com. (
2004022000
7200
3600
1209600
86400 )

NS ns1.domain.com.
NS ns2.domain.com.
PTR domain.com.

Now the domain.com. that is in bold will be what is returned with the lookup. You can apply the hostnam.db file to all IPs if you want, just add one zone for each ip in the named.conf using the above method.

*Note: If you do not have authority over the reverse lookup on the IP's you'll have to contact your datacenter to get them to do it for you. This means that your server might not be used at all for the reverse lookup on the IPs.

I do not want to run DNS services on my DirectAdmin Server.

If you wish to control all DNS services on another server and do not need to run named (bind) on your DirectAdmin server, you can disable it by doing the following.

1) edit /usr/local/directadmin/data/admin/services.status
set named=OFF

2) Stop named:
RedHat:

/sbin/service named stop
chkconfig named off

FreeBSD:

/usr/local/etc/rc.d/named stop

3) Edit /etc/init.d/named (FreeBSD: /usr/local/etc/rc.d/named) and set the file to show:

#!/bin/sh
exit 0;
This will let DirectAdmin think that it's reloading named, while the script will actually do nothing.

With these changes the dns settings will still be made, but no program will be running to host them so they will have no effect.

How the multi server dns clustering works

This feature is often thought as being much more complex than it really is.

What is does, is transfers any zones on the given machine to the DA machines you add to the list.

So, if you have server A and add the IP for server B to the list, whenever you add a domain on server A, server B will receive a copy of the dns zone. Server B will now also be able to resolve the domain. Since this uses the API, nothing is needed to be setup with regards to clustering on server B to get data from server A transfered over to server B.

A sample nameserver setup would be (you can add more/change them as you need):
ns1.domain.com -> resolve to an IP on server A
ns2.domain.com -> resolve to an IP on server B

Since server B is also running a perfectly good copy of DirectAdmin, there is no reason you can't cluster it with server A as well. Login to server B, and add the IP for server A to the list. You can use the same nameserver settings that you use on A.

For each IP in the list of external dns servers, there are the options "Zone Transfer" and "Domain Check". You don't need to have these both on if the features they represent are not needed with your setup. Example, if you still use local nameservers, but just want to prevent a user from adding a domain to server A that already exists on server B, then you disable the Zone Transfer, and just leave Domain Check.

If you are moving users between server without deleteing them from the original machine, and they share the same external dns server, then you might need to disable the "Domain Check" option. Without disabling it, DA will tell you that the domain already exists in your system (on the external machine). When you disable the "Domain Check" and leave Zone Transfer enabled, DA will blindly add the domain to the exernal machine (it still checks locally of course), and will overwrite any zone information that might already be there.

If you need to transfer all of your zones from your current machine to the servers listed in your multi-server IP list, then you can type:

echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue
which will rewrite all local zone, thus triggering the transfer of them to the remote servers.

How to lower your TTL just before an IP change

When changing the IP of a domain, end users will have the old IP of the domain cached at their ISP's nameservers for a duration of the TTL (time to live). The default value is 14400 seconds (4 hours). This means, that when you change the IP of the sever, the worst case, is the end users will be using the wrong IP for 4 hours before the cache expires and the IP is recached with the correct value.

The simple way to minimize this propogation error is to lower the TTL. We'll change the TTL from 14400 to 100 seconds for all domains on your system (assuming server move). Run the following:

cd /usr/local/directadmin/data/templates
perl -pi -e 's/14400/100/' named.db
echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue
Wait about a minute or 2. Check your /var/named/*.db files.. the TTL should now be 100 instead of 14400. Once complete, do the same thing, but replace 100 with 14400 and 14400 with 100 in the perl command.

If you are running the for just one domain, then run the perl command in /var/named/domain.com.db, instead of the named.db file and restart named.

In both cases, you'll want to do this at least 4 hours before you actually do the IP change so that all cached values are stored for no more than 100 seconds. The nameservers will then query for the new IP every 100 seconds (instead of 4 hours), giving the end user the new IP much quicker.

Named is not reloading correctly when I add a domain

On some systems, the named boot script provided with the bind rpms don't seem to reliably reload the named program. You can obtain a new named boot script by running the following (RedHat):

cd /etc/init.d
mv named named.backup
wget http://www.directadmin.com/named
chmod 755 named
/sbin/chkconfig named reset
This boot script uses are more direct method of reloading named.

www.domain.com doesn't work, but domain.com works fine

This is almost always a propogation issue which will resolve itself in a matter of hours.

The assumption is that most people acccess their domains with www.domain.com vs domain.com (without the www).

This means that your ISP's nameservers will have the www.domain.com in it's cache.

When you make a change to your dns (move the domain to a different server, or change an IP) all dns values will need to be updated to the new value.

When you try to view www.domain.com again, you get your ISP's cached value which will stay in the cache for several hours, so users will recieve the old IP which will end up showing some errors (or the apache welcome page, or the "this ip is shared among many domains" page).

The next common reaction is to check the domain with just "domain.com" (no www). Because the value hasn't been used yet, it will not be in the ISP's cache. The result is that the ISP will fetch the NEW/correct ip for the domain, thus "domain.com" will work fine, but "www.domain.com" will not.

The solution is to wait to 4 hours for the cache to expire at your ISP, at which time the new IP will be fetched.

The pre-emptive solution is to lower your TTL (in the 'named.db' template or the zone) to a value of several minutes instead of 4 hours, about a day before you make any IP changes to a domain.

Domain Already Exists

This message will appear if the domain is already on the system. The way that DirectAdmin checks to see if the domain is already on the system is by looking in the named.conf file. (RedHat: /etc/named.conf, FreeBSD: /etc/namedb/named.conf)

If you are positive that domain has not been added anywhere in DirectAdmin (use "Show All Accounts" in the Admin Panel), then it should be safe to remove the zone from the named.conf file either manully, or by removing the zone from Admin Panel -> DNS Admin. Then you should be able to add the domain.

Be sure to backup the zone if you do not wish to lose the dns data.

With the addition of the Multi Server option, dns can now be hosted on other DA servers. Ensure that any Servers you have listed in your "Admin Level -> Multi Server Setup" page also do not have the domain in their named.conf files. If you disable the "check domain" option, then that server will not be queried.

Disk Usage is showing 0.00

DirectAdmin relies on the system quotas to return a value for how much space is being used. DirectAdmin will run

/usr/sbin/repquota quota_partition
Where quota_partition is the value set in the /usr/local/directadmin/conf/directadmin.conf file. The command should output a large list of numbers, eg

[root@server]# /usr/sbin/repquota /home
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 417796 0 0 7446 0 0
nobody -- 4 0 0 1 0 0
bin -- 56880 0 0 510 0 0
majordomo -- 8 0 0 2 0 0
diradmin -- 8 0 0 2 0 0
admin -- 200 0 0 44 0 0
user123 -- 100 0 0 22 0 0
user456 -- 100 0 0 22 0 0
If the "used" column is not showing anything, or users are not in the list, then you'll need to run the quotacheck program:

Redhat:

/sbin/quotaoff -a; /sbin/quotacheck -avugm; /sbin/quotaon -a;

FreeBSD:

/usr/sbin/quotaoff -a; /sbin/quotacheck -avug; /usr/sbin/quotaon -a;

If are getting errors and no output is displayed for the repquota command, you'll need to check your /etc/fstab file to make sure that it contains the rw,userquota,groupquota line beside the partition that is using the quotas.
*Important: On Linux (Redhat/Debian), it's usrquota,grpquota, and on FreeBSD it's userquota,groupquota.

Sample /etc/fstab:

# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s1a / ufs rw,userquota,groupquota 1 1
/dev/ad0s1e /tmp ufs rw 2 2
proc /proc procfs rw 0 0
In this case, the quota_partition is /. The quota partition should be the partition that holds your users. Generally, this will be one of /home, / or /usr.

Once the repquota program is returning a normal value, then you can run the tally to get the correct usage to show up in DirectAdmin:

echo "action=tally&value=all" >> /usr/local/directadmin/data/task.queue

/var is full

If you have a /var partition, and if that partition is too small it may fill up quickly. If you want to move the data which is stored in "/var" to another partition, run the following:

cd /var
du | sort -n
This will give you a full readout of all the directories that are using the most space. The directory using the most disk space will appear at the bottom of the list.

One common culprit is mysql (/var/lib/mysql on Redhat). To move that path to another partition, run the following:

cd /home
mkdir mysql
chown mysql:mysql mysql
cd mysql
/sbin/service mysqld stop
cp -Rp /var/lib/mysql/* .
cd /var/lib
mv mysql mysql_old
ln -s /home/mysql ./mysql
/sbin/service mysqld start

#once satisfied that mysqld is running, remove the old data:

rm -rf mysql_old

Starting sshd: /etc/ssh/sshd_config line 371: too many allow users

If you get the following error when trying to start sshd:

Starting sshd: /etc/ssh/sshd_config line 371: too many allow users
that means that there are too many "AllowUsers" lines in the file.

What you can do, is remove *all* AllowUsers lines from the /etc/ssh/sshd_config, edit /usr/local/directadmin/conf/directadmin.conf.
Change:
sshdconfig=/etc/ssh/sshd_config

to:
sshdconfig=/etc/ssh/sshd_config.plecibo

Save/exit, restart DirectAdmin.

Type:

touch /etc/ssh/sshd_config.plecibo
and then just double check one more time that there are *no* AllowUsers lines in your /etc/ssh/sshd_conf file.

Restart sshd.

What this will do is have DA add/remove users to a file that is a plecibo, which doesn't have any effect.
As long as there are no AllowUsers lines in the main /etc/ssh/sshd_config file, then all users are allowed to connect. If one or more AllowUsers lines are present in the main sshd_config file, then only those, hence the importance to not have any show up. Make fully sure you've restarted DA before leaving the system alone, else you migh allow ssh to 1 user, thus blocking root or any other user ssh access.

Note that the /etc/ssh/sshd_config file can be edited from within the Admin Level -> File Editor, so don't fret if you mess it up. You can fix it through DA.

I can't login to DirectAdmin on port 2222

If you are unable to access your server via http://1.2.3.4:2222, then 1 of 3 things is likely happening:

1. DirectAdmin might not be running or
2. You have a firewall blocking port 2222.

Number 2. is easy to check by simply running (only on redhat systems):

/sbin/service iptables stop
/sbin/chkconfig iptables off
Then test directadmin again.

If that didn't fix it, then you'd need to check your /var/log/directadmin/error.log to check for any errors as to why it isn't starting:

tail /var/log/directadmin/error.log
Common problems are:
1. Incorrect ethernet_dev set in the /usr/local/directadmin/conf/directadmin.conf file.
2. Invalid license, either due to wrong uid/lid, IP, or date. Try: Updating your DirectAdmin License manually
3. Binaries for a different operating system.

You can always try running DirectAdmin by hand (if it's not already running) to see what the problem is.

cd /usr/local/directadmin
./directadmin b200
to start it in the terminal with debug level 200. Use Ctrl-C to stop.

I want apache 2.0, php 5 and mysql 5

DirectAdmin essentially will work with any version of the software you want (within reason). You can use these newer versions of the software should you with to have them.

To convert apache 1.3 to apache 2.0, use this guide:
directadmin.com/features.php?id=441

For php 5, use this guide (after you are running the apache version you want to have):
help.directadmin.com/item.php?id=135

Regarding MySQL 5.0, you must first decide if you are eligible for the version change. If you are running MySQL 4.1.x or higher, then there won't be any issues. If you are running MySQL 4.0.x or lower, then you have to take note of the following:

There passwords and table format changes between 4.0 and 4.1. Updating tables to the 4.1 format is not too difficult after the update is done:

mysql_fix_privilege_tables --user=da_admin --password=`cat /usr/local/directadmin/conf/mysql.conf | grep passwd |cut -d= -f2`
**However**, the password format cannot be converted to the new password format in 4.1. You have 2 choices:
1) After updating, go through all MySQL accounts and resave their passwords. You will need to know their plaintext password to do this. This is ideal so that you are using the latest formats and do not need to worry about compatibility issues with future releases.
2) Retain the old password formats and tell the new version of mysql to use those old formats by adding:

[mysqld]
old_passwords
into your /etc/my.cnf file, then restart mysqld. You will need to create this file.
This 2nd option is good to save time, but if you ever need to transfer the accounts to a new server already running MySQL 4.1 or igher, you will need to resave all mysqld password for that transferred account. The MySQL server should have all passwords in the same format.. either the new one, or the old one. If there are already account in the new format, you need to resave the passwords to it.
Related guide: directadmin.com/features.php?id=466

Once you've decided if the update is for you, use these guides to do it:

FreeBSD/Debian:
help.directadmin.com/item.php?id=106
You will need to get the binaries for your particular OS version. If you cannot file them on files.directadmin.com/services, then go to dev.mysql.com and download the binaries for your system. We do not have any special compile options, and we use all stock binaries from dev.mysql.com whenever possible. **Note** that the guide there contains freebsd binaries. Debian binaries would have to be downloaded if you use Debian. The same instructions apply.

Redhat/Fedora/CentOS (anything with rpms):
Conversion with rpms is quite easy (note the above notices about moving from 4.0 to 4.1 or higher still apply).
Download the 4 MySQL rpms that you want to use, either from files.directadmin.com or from dev.mysql.com. You'll need the server, client, shared and devel rpms. You must not have any mismatched versions. We recommend generic i386 rpms. If you have 64-bit system, then you'll need binaries specific to your system (dev.mysql.com has everything you'll need)
Use wget to download all 4 rpms, then use "rpm -Uvh file.rpm" to update/install them, for example:

mkdir mysql
cd mysql
wget http://files.directadmin.com/services/all/mysql/MySQL-client-5.0.37-0.i386.rpm
wget http://files.directadmin.com/services/all/mysql/MySQL-devel-5.0.37-0.i386.rpm
wget http://files.directadmin.com/services/all/mysql/MySQL-server-5.0.37-0.i386.rpm
wget http://files.directadmin.com/services/all/mysql/MySQL-shared-5.0.37-0.i386.rpm
rpm -Uvh MySQL-*-5.0.37-0.i386.rpm
/sbin/service mysqld restart
Again, keep in mind any changes you may need to do to your database to make this version work.

If you have a clean DirectAdmin install without any databases on it yet and you wish to install the new version, it would likely be easier to use this guide to move cleanly to the version you want: help.directadmin.com/item.php?id=96. It will install all data and passwords after deleting the previous data (hence, youll need a new install first because any databases are going to be lost). For the guide, you'd replace the 4.0 rpms used in the example and simply downoad the 5.0.x version mentioned above.

It's also recommended you do a full php recompile to load in MySQL's current version of the client libraries. Hence, if you are going to be updating php anyway, do MySQL first.

cgi files generate Internal Server Error

This means that the cgi script did not execute properly. There are several causes that can generate this error so a few things would need to be checked.

1) check the /var/log/httpd/suexec_log. It contains any errors that would be as a result of not having correct permissions on the file. The file needs to be in a cgi-bin and must have the owner/group as the username who owns the site. If it's owned by anyone else, it will not run. Also, the script must have execute permission. The most common chmod permission is 755. Go through all directories from the public_html down to the directory the script is in, and make sure they're all set to 755 (public_html can be 750 *only* if it has a group of apache).

If the suexec_log only shows the script being run, then the cause may be with the script code itself. The easiest way to figure out script coding problems is to first run the script manually from an ssh prompt.

cd /home/username/domains/domain.com/public_html/cgi-bin
./script.cgi
One common error is to use an incorrect interpreter. The 2 most common interpreters are:

#!/usr/bin/perl
and

#!/usr/local/bin/php
This code must appear on the first line of the script. Somtimes a file is uploaded in windows format so the trailing newline (return) character is formed incorrectly and the file would need to be reuploaded in a different format.

Other errors that would be generated when running the script manually from ssh would be missing perl modules, in which case you'll need to install them yourself. Cpan is the easiest method to install new perl modules, eg:

perl -e shell -MCPAN
install Bundle::DBD::mysql

Apache stops responding but is running

A few things that could cause that are:

Possible Causes:
1) MaxClients set to a value too low
2) If you have over about 800 sites, the ErrorLog files open too many file descriptors and apache won't be able to log the errors and may stop responding.

Solutions:
1) edit /etc/httpd/conf/httpd.conf and increase the MaxClients setting to something like 200 or 300.
2)

cd /usr/local/directadmin/data/templates
cp virtual_host*.conf custom
cd custom
# remove all the ErrorLog lines (or comment them out) from the 4 virtual_host*.conf files that are in the custom directory.

echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
Apache should be restarted automatically after a few minutes later (rewrite might take a while with over 800 sites).

3) Other possible information:
Edit /usr/include/bits/typesizes.h and set
#define __FD_SETSIZE 32768
and then recompile with customapache.

On FreeBSD, it's /usr/include/sys/select.h
Change:
#define FD_SETSIZE 1024U
to
#define FD_SETSIZE 32768U

then recompile apache/php

4) edit /etc/sysctl.conf and add:
fs.file-max = 32768

and run:

/sbin/sysctl -w fs.file-max=32768
then recompile apache/php
Related error messages:
[error] System: Too many open files in system (errno: 23)

host: isc_socket_create: not enough free resources socket.c:2117: REQUIRE(maxfd <= (int)1024) failed.
host: isc_socket_create: not enough free resources

Updating Apache to the latest version

You can check the current version of apache by running

httpd -v

If you wish to update your 1.3 version of apache to the most recent, run the following:

cd /usr/local/directadmin/customapache
./build clean
./build update
./build apache_mod_ssl
If you're using apache 2.x, use "./build apache_2" isntead of apache_mod_ssl.
This should update both the configure options and the version of apache to the most recent version. Once the update has completed, you'll need to restart apache:

RedHat:

/sbin/service httpd restart

FreeBSD:

/usr/local/etc/rc.d/httpd restart

Apache won't start and there is nothing in the logs

Chance are, if apache isn't starting and isn't logging anything, the error_log is full preventing apache from starting. To double check that, run:

cd /var/log/httpd
ls -lS | less
If any file is around 2-3 gig (or more), then chances are, that's the problem.

The solution is to remove the logs, restart apache, and then implement preventative measures.

1)

cd /var/log/httpd/
rm -f error_log
rm -f access_log
rm -f suexec_log
rm -f fpexec_log
/sbin/service httpd restart ("/usr/local/etc/rc.d httpd restart" for FreeBSD)

2) Get logrota to rotate daily

perl -pi -e 's/weekly/daily/' /etc/logrotate.conf
perl -pi -e 's/rotate 4/rotate 2/' /etc/logrotate.conf

If apache still doesn't start, check /var/log/messages and try recompiling apache.

Showing files in a directory

If you want to list all files in a directory that doesn't use an index.html (or index.php) file, you can create an .htaccess file with the following contents:

Options +Indexes
This will tell apache that you want to list all files in the directory.

Apache won't restart: [crit] (98)Address already in use: make_sock: could not bind to port 8090

[crit] (98)Address already in use: make_sock: could not bind to port 8090
or
[crit] (98)Address already in use: make_sock: could not bind to port 443
or
[crit] (98)Address already in use: make_sock: could not bind to port 80

If you see this error in your /var/log/httpd/error_log, it would mean that apache isn't shutting down completely before trying to restart. This means that the new process won't be able to bind to the given ports because they're still being used by the old copy of apache that wasn't completely shut down.

To solve this, use a different boot script that will wait for all apache processes to stop before starting the new one:

cd /usr/local/directadmin/customapache
rm -f httpd*
./build update
Once you have the new scripts downloaded, you need to install them:

RedHat:

cp httpd /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
chkconfig httpd reset

FreeBSD:

cp httpd_freebsd /usr/local/etc/rc.d/httpd
chmod 755 /usr/local/etc/rc.d/httpd

How to add all of the Include lines into your httpd.conf

If you reinstall DA (./directadmin i) on a live box, your /etc/httpd/conf/httpd.conf file will get overwritten and emptied of all data. You'll need to readd all of the Include lines for your users so that their sites show up (you'll be seeing the apache pages, or the shared IP pages instead)

Type:

cd /usr/local/directadmin/data/users
for i in `ls`; do { echo "Include /usr/local/directadmin/data/users/$i/httpd.conf" >> /etc/httpd/conf/httpd.conf; }; done;
Note that this add the include lines for *all* users.. so if you've added users to DA after you ran the "./directadmin i", you'll end up with duplicates. Make sure you dont have duplicate Include lines.. (apache won't restart, it will let you know)

Wildcard *.domain.com

If you'd like to setup your domain to accept anything.domain.com, you can do so with the following guide (Admin access required)

1) Setup the dns with a wildcard A record. Go to Dns Control, and add an "A" record:
* -> 1.2.3.4
where 1.2.3.4 is the IP of your domain.
This will allow anything.domain.com to resolve to your server. Apache does not yet know how to direct that name though.

2) To setup apache, go to:
Admin Level -> Custom Httpd configurations -> domain.com
In the top text area, add this *one* line:

ServerAlias *.|DOMAIN|
then click "Save".

That should be it. Wait a few minutes for everything (apache, named) to be restarted then test it out.

The wildcard subdomains will point to your main public_html directory for the domain.
If you want to change this, it's probably best not to do step 2, and to setup your own custom virtualhost manually into the /etc/httpd/conf/httpd.conf (DA wont delete/overwrite it there) with the same ServerAlias directive as in step 2.

Other similar uses might be subdomain aliasing, where test.domain.com is the same as test.domain2.com.
You can accomplish this by following step 1) above, then insert the following instead of step 2) above:

|*if SUB|
ServerAlias |SUB|.domain2.com
|*endif|
which will make any existing subdomain from domain2.com point to domain.com.

Increase the max upload filesize in apache/php

Edit:
/usr/local/lib/php.ini

Search for

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M
Change the 2M to whatever new value you want, then restart apache.

How to update to php 5

To update to php5, the build script will still work. All that you need to do is swap out the version, compile normally and make a few modifications to your /etc/httpd/conf/httpd.conf file.

1) download the php-5.2.2.tar.gz from php.net into your customapache directory:

cd /usr/local/directadmin/customapache
wget http://files.directadmin.com/services/customapache/php-5.2.2.tar.gz

2) change your build script for the new version:

nano build
change: PHP_VER=4.4.4
to: PHP_VER=5.2.2

3) build php normally:

./build clean
./build php n
If you're using apache 2.x, use

./build clean
./build php_ap2 n
instead.

4) edit /etc/httpd/conf/httpd.conf
Remove any referce of:

LoadModule php4_module modules/libphp4.so

and make sure they're replaced with:

LoadModule php5_module modules/libphp5.so

Remove any reference of:

AddModule mod_php4.c
and replace with:

AddModule mod_php5.c

5) find this piece of code:

DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php3 index.phtml index.cgi

replace with:

DirectoryIndex index.html index.htm index.shtml index.php index.php4 index.php5 index.php3 index.phtml index.cgi

Find this:

AddType application/x-httpd-php .inc .php .php4 .php3 .phtml
AddType application/x-httpd-php-source .phps

(it might have AddHandler instead of AddType)
replace with:

AddHandler application/x-httpd-php .inc .php .php5 .php4 .php3 .phtml
AddHandler application/x-httpd-php-source .phps

Then restart apache.

If you get the following error while compiling php:

checking whether to enable LIBXML support... yes
checking libxml2 install dir... no
checking for xml2-config path...
configure: error: xml2-config not found. Please check your libxml2
installation.

*** There was an error while trying to configure php. Check the configure.php file
Then edit the configure.php file (or configure.php_ap2 if you're using apache 2), and change:

--with-xml \
to:

--disable-libxml \
--disable-dom \
--disable-xml \
--disable-simplexml \
--disable-xmlreader \
--disable-xmlwriter \
or else install the missing rpms/packages for xml. (libxml2-dev and libxml2-utils on debian). Redhats:

yum -y install libxml2-devel libxslt-devel

How to forward a website to another url

There are several ways to accomplish this task, but the simplest to understand is to use php.

To do this, you need to create the page that will do the forwarding. This can be any page, as long as it ends in ".php". If you are trying to redirect a domain, you'd create "index.php" inside the public_html directory.

Once you decide which page you will use, then create the file and enter the following text:

header("Location: http://whereyouwant.com/to/go.html");
?>
Where http://whereyouwant.com/to/go.html is the location that you want the page to forward to. You can use local values, ie: /page.html, or full urls as in the above example (http://..etc.)

Setting up webmail.domain.com as default for new domains.

How to track which site is using the apache processes.

Edit your /etc/httpd/conf/httpd.conf and add

ExtendedStatus On

SetHandler server-status

just after the code that says "ServerSignature On". Save, exit, then restart apache. You can access the stats page by going to http://1.2.3.4/httpd-status where 1.2.3.4 is your server's IP.

Hotlink protection: How-To prevent people from stealing your files

Create an .htaccess file in your public_html directory with the following code:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?domain.com.*$ [NC]
RewriteRule .(gif|jpg)$ - [F]
Where domain.com is your domain.

crond[12345]: User account has expired

If crond is not running the dataskq program correctly, it has to do with the system account for 'diradmin' expiring (this is rare).

You can type

[root@server]# chage -l diradmin
Minimum: 0
Maximum: 99999
Warning: 7
Inactive: -1
Last Change: Apr 04, 2003
Password Expires: Never
Password Inactive: Never
Account Expires: Never

to see the current status.

If it looks more like this:

[root@server]# chage -l diradmin
Minimum: -1
Maximum: -1
Warning: -1
Inactive: -1
Last Change: Nov 08, 2005
Password Expires: Never
Password Inactive: Never
Account Expires: Never

Then you'll need to run:

[root@server]# chage -m 0 -M 99999 -W 7 diradmin

I've heard other reports that it's an issue with AuthPAM

What ports do I need to open in my firewall?

20,21: FTP. Note that ftp will use a "random high port number" if the client is in PORT mode, so you may need to add a port range into your /etc/proftpd.conf file to allow ftp connections, eg:

PassivePorts 32555 32565

and then open that port range as well in your firewall.

22: ssh access

25: smtp for exim to recieve email

53: dns (named), so your sites resolve

80, 443: apache traffic, http and https

110: client pop email access
143: clients imap email access

2222: DirectAdmin Access

3306: mysql acess. You don't need to open this port if you don't want to allow remote mysql access, as most mysql scripts are all accessed locally.

How to compile wget for your system

Sometimes the precompiled wget binaries refuse to work with your ssl linked libraries.
The simple solution is to compile a new wget binary to be used with your ssl libraries.

wget http://files.directadmin.com/services/wget-1.8.2.tar.gz
tar xvzf wget-1.8.2.tar.gz
cd wget-1.8.2
./configure --prefix=/usr --with-ssl
make
make install

If you're using FreeBSD, you'd need to use --prefix=/usr/local instead of /usr.
Obviously, if you don't have wget to begin with, you'd need to use another tool to download the wget source code, like "fetch" or "lynx".

Restoring a System Backup file

The sysbk program does not come with an automated restore tool (If you want automation, use the Reseller Level -> Manage User Backups, or Admin Level -> Admin Level Backup).

System Backups are stored into custom paths that the admin can specify.
An example:
/backup/07-30-04

where the numbers represent the date of that backup under the /backup folder.

If (for example) you want to restore your /etc/virtual directory, you'd type:

cd /etc
tar xvzfp /backup/07-30-04/custom/etc/virtual.tar.gz

A list of files/directories used by DirectAdmin:
directadmin.com/paths.html

Be careful with the /etc/passwd, /etc/shadow, /etc/group, etc.. files. Test out your login/lougout of ssh with another window before logging out, after replacing those files to ensure your login still works.

Setting the system date and clock

To set the system clock, use the date command.

For Redhat Systems, use the following format:

date --set="Mmm DD HH:MM:SS YYYY"

Example:

date --set="Oct 20 15:52:29 2004"

For FreeBSD systems, use the following format:

date YYMMDDHHMM

Example:

date 0410201544

Will set the date/time to 2004, October 20th, 15:44 (3:44pm).

For any operating system, if you have the rdate program, you can simply type:

rdate -s time-a.nist.gov

to sync your server with the atomic clock in Boulder, Colorado. Note that if the value set by rdate isn't correct, then you likely have a wrong timezone specified. Commands like system-config-date or redhat-config-date can set it up for you. Else you'd need to create a symbolic link from one of the timezones in /usr/shared/zoneinfo to /etc/localtime, eg:

mv /etc/localtime /etc/localtime.moved
ln -s /usr/share/zoneinfo/Canada/Mountain /etc/localtime

Creating your own service monitor in Direct Admin

Creating your own service monitor in Direct Admin

As of version 1.24.0, DA can now do this automactially for you. See This Link. However, the following code will still work, and should allow for more customizations if needed.

Many admins run extra pieces of software that DA does not check for, to make sure it's running. This is a simple script that enables an admin to keep an eye on any extra software he's running. In this example, we'll be checking on the spamd proram. Replace the bold items with your own info where applicable.

#!/bin/sh
COUNT=`ps -ax | grep -v grep | grep -c spamd`
if [ $COUNT -eq 0 ]; then
#the command used to start spamd
/usr/bin/spamd -d -c -m 5

sleep 3

COUNT=`ps -ax | grep -v grep | grep -c spamd`
if [ $COUNT -eq 0 ]; then
echo -e "Subject: spamd is downnnspamd is downn.\n\n" | /usr/sbin/exim your@email.com
fi
fi
exit 0;

Thow that code into your own script file, chmod it to 755, then add a root cronojob to check on it as often as you like. DA checks for services once per minute. However, this script doesn't know if it just sent an email the previous minute, so if the service is still down, you'll get one email every minute ;) So maybe every 5 or 10 minutes is sufficient.

How to create your own mysql package on freebsd or debian

If you need an updated mysql package for your system, but one isn't available in the format you need, you can compile your own. First go to dev.mysql.com and download the tar.gz package you want, eg:

wget http:///path/to/mysql-5.0.27.tar.gz
tar xvzf mysql-5.0.27.tar.gz
cd mysql-5.0.27

Then you need to configure mysql for your sytem. Type:

CFLAGS=-DHAVE_BROKEN_REALPATH ./configure --prefix=/usr/local/mysql --with-extra-charsets=all --enable-thread-safe-client --enable-local-infile --enable-assembler --with-named-z-libs=not-used --disable-shared --enable-static

If the configure succeeds, then you can compile it:

make
This will likely take a long time as mysql is very large. Once it finishes, to create the binary package, type:

./scripts/make_binary_distribution

This will assemble all binary files and scripts and put them into a tar.gz for you, which should be in the directory you're currently in:

server# ls -la *.tar.gz
-rw-r--r-- 1 root 100 23977052 Jul 31 2006 mysql-5.0.27-freebsd6.0-i386.tar.gz

The naming format will vary depending on the OS and version you're using. Feel free to make any additional customizations to the configure options, if you know what you're doing ;)

If you get the following error on Debian

checking for termcap functions library... configure: error: No curses/termcap library found

Type

apt-get install libncurses5-dev

Wednesday, March 19, 2008

Topics .........

Brief History

Something About Me