Updating and Compiling Apache and PHP

To update and compile everything, run the follwing:

cd /usr/local/directadmin/customapache
./build clean
rm -f configure.*
./build update
./build all
If you're running apache 2.0 use this instead:

cd /usr/local/directadmin/customapache
./build clean
rm -f configure.*
./build update
./build update_data_ap2
./build apache_2
./buld php_ap2 n
./build mod_perl_ap2
Once the update has completed, you'll need to restart apache:

RedHat:

/sbin/service httpd restart

FreeBSD:

/usr/local/etc/rc.d/httpd restart

Debian:

/etc/init.d/httpd restart

How to setup the Mail System

One common problem people have is an incorrectly setup mail system. Here is a list of rules that must be followed:

1) hostname must not match any domain that is being used on the system. Example, if you have a domain called domain.com and you want to recieve mail on user@domain.com, you must *not* set your hostname to domain.com. We recommend using server.domain.com instead. You must make sure that you add the A record for server.domain.com so that it resolves.

2) The hostname must be in the /etc/virtual/domains file.

3) The hostname must *not* be in the /etc/virtual/domainowners file.

4) The hostname must resolve. If not, add the required A records to the dns zone such that it does.

5) The directory /etc/virtual/hostname must exist.. (eg: /etc/virtual/server.domain.com). It must not contain any files.

6) Any domains that you want to use for email (eg: domain.com) must be in both the /etc/virtual/domains file and the /etc/virtual/domainowners file. The directory /etc/virtual/domain.com must exist and the files /etc/virtual/domain.com/passwd and /etc/virtual/domain.com/aliases exist.

7) File permissions for virtual pop inboxes should be:

/var/spool/virtual/domain.com 770 username:mail
/var/spool/virtual/domain.com/* 660 username:mail

If you've made any changes to you /etc/exim.conf file and require a fresh copy, you can retrieve one by running

wget -O /etc/exim.conf http://files.directadmin.com/services/exim4.conf
A restart of exim is required after installing a new exim.conf file.

8) Ensure your hostname does not contain any upper case letters.

9) Make sure that your main server IP has a reverse lookup on it.

Webmail / Uebimiau shows the wrong date on 64-bit systems

If you have a weird timestamp when viewing the email in Uebimiau, then edit:

/var/www/html/webmail/smarty/plugins/shared.make_timestamp.php

and change:

if(empty($string)) {
$string = "now";
}
$time = strtotime($string);
to

if(empty($string)) {
$string = "now";
} else if(is_numeric($string)) {
return (int)$string;
}
$time = strtotime($string);

My /etc/virtual/domainowners file is empty. How do I rebuild it?

Create a script with the following contents by running:

cd /etc/virtual
vi fix_domainowners.sh

press i to go into "insert" mode, then paste the following code:


#!/bin/sh

for u in `ls /usr/local/directadmin/data/users`; do
{
for d in `cat /usr/local/directadmin/data/users/$u/domains.list`; do
{
echo "$d: $u"

for p in `cat /usr/local/directadmin/data/users/$u/domains/$d.pointers | cut -d= -f1 2>/dev/null`; do
{
echo "$p: $u"
}
done;
}
done;
}
done;
Press ctrl-c to exit "insert" mode, the press shift-Z twice to save and exit. Once at the prompt, type:

chmod 755 fix_domainowners.sh
./fix_domainowners.sh > domainowners
chmod 644 domainowners
chown mail:mail domainowners

Unrouteable address

Update your exim.conf and exim.pl files

To make use of the newest exim settings and enhancements, you can update your exim.conf by running the following as root:


wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
echo 0 > limit
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage
If you are running dovecot, you will need to re-patch your exim.conf:

cd /usr/local/directadmin/customapache
patch -p0 <>
Then restart exim:
RedHat:

/sbin/service exim restart

Debian:

/etc/init.d/exim restart

FreeBSD:

/usr/local/etc/rc.d/exim restart

Exim is going crazy, how can I track down what it's doing?

If you have many exim processes, the first place to check is:
Admin Level -> Mail Queue Administration

Check for any patterns in the sender or recipient addresses.
Check the status of some of the message to see why they're in the queue.. if there is a common problem as to why they're in your queue (bottom textarea)

You can also get exim to create a stats page for you:

cd /var/log/exim
eximstats mainlog > stats.txt
less stats.txt
Check it to see where most of the emails are headed, either outbound or local.

I can login with squirrelmail (imap) but not with webmail/Outlook (pop)

Since imap uses root access while vm-pop3 doesn't, it's likely a permission issue. You can reset all email file permissions by typing:

cd /usr/local/directadmin/scripts
./set_permissions.sh email

Webmail quotas don't match actual quotas

The webmail program (Uebimiau) is it's own self contained program. Since it uses pop to view messages, it has to download them and store them to it's own temp location. This location is totally independant of any system qutoas setup by DirectAdmin.

To change the email quotas imposed by the webmail program, you must edit

/var/www/html/webmail/inc/config.php

and change the $quota_limit value to whatever you want:

$quota_limit = 20480; //this is 20 meg.

Using other programs such as squirrelmail which use imap will not run into this issue.

How to update your exim.conf

To make use of the newest exim settings and enhancements, you can update your exim.conf by running the following as root:


wget -O /etc/exim.conf http://files.directadmin.com/services/exim.conf
wget -O /etc/exim.pl http://files.directadmin.com/services/exim.pl
chmod 755 /etc/exim.pl
cd /etc/virtual
touch blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders
echo 0 > limit
mkdir usage
chown mail:mail blacklist_domains whitelist_from use_rbl_domains bad_sender_hosts blacklist_senders whitelist_domains whitelist_hosts whitelist_senders limit usage
If you are running dovecot, you will need to re-patch your exim.conf:

cd /usr/local/directadmin/customapache
patch -p0 <>
Then restart exim:
RedHat:

/sbin/service exim restart

Debian:

/etc/init.d/exim restart

FreeBSD:

/usr/local/etc/rc.d/exim restart

How to compile exim from source

In this how-to, we'll outline how to install a fresh exim binary for your system. For compatibilities reasons, we'll make this a non-static binary, as since it's compiled right on your own system, you won't have any library issues.

We'll use exim 4.63 for this example. Change all occurances of 4.63 to the version you want to use.

wget ftp://mirror.direct.ca/pub/exim/exim/exim4/exim-4.63.tar.gz
tar xvzf exim-4.63.tar.gz
cd exim-4.63/Local
wget http://www.directadmin.com/Makefile
perl -pi -e 's/^EXTRALIBS/#EXTRALIBS/' Makefile
cd ..
make
make install
This will give you a new /usr/sbin/exim-4.63-1 binary which won't be what you want.. you'll need to rename it to /usr/sbin/exim:

cp -f /usr/sbin/exim-4.63-1 /usr/sbin/exim
chmod 4755 /usr/sbin/exim

Remember to restart exim after you're finished.



**Note: If you can't download the exim-4.63.tar.gz from the above link, just go to www.exim.org and find a different link there. It's the original source, unmodified by us, you can get it anywhere.

Setting up DA with an SSL certificate

You can switch DirectAdmin to use SSL instead of plain text. -> https instead of http.

If you do not have your own certificates, you'll need to create your own:

/usr/bin/openssl req -x509 -newkey rsa:1024 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9999 -nodes

chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

This is the old method, use either the one above, or this one. The end result is the same, but takes more steps.

openssl req -new -x509 -keyout /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cacert.pem -days 3653

openssl rsa -in /usr/local/directadmin/conf/cakey.pem.tmp -out /usr/local/directadmin/conf/cakey.pem

rm -f /usr/local/directadmin/conf/cakey.pem.tmp
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem
(Paste these one at a time as the first 2 require user input)


If you already have your own certificate and key, then paste them into the following files:

certificate: /usr/local/directadmin/conf/cacert.pem
key: /usr/local/directadmin/conf/cakey.pem

Edit the /usr/local/directadmin/conf/directadmin.conf and set SSL=1 (default is 0). This tells DA to load the certificate and key and to use an SSL connection. DirectAdmin needs to be restarted after this change.

If you also have a CA Root Certificate, this can be specified by adding:

carootcert=/usr/local/directadmin/conf/carootcert.pem

into the /usr/local/directadmin/conf/directadmin.conf file (won't exist by default) and by pasting the contents of the caroot cert into that file.

How to add reverse IP Lookup on your IP's

Any modern verion of DA will be able to do this automatically.
Go to: Admin Level -> DNS Administration

Scroll to the bottom to the "Add Zone" section.

Enter your information normally:

domain name: server.hostname.com
ip: 1.2.3.4
ns1: ns1.hostname.com
ns2: ns2.hostname.com

where server.hostname.com is the hostname of your server.
The IP is your server IP (license IP)
and ns1/ns2 can be any NS your server uses.

Click the "Create Reverse IP Lookup" checkbox, then click "Add".

Wait a minute or so, then go into ssh to see if it worked:

dig -x 1.2.3.4
If it works, then you'll see a PTR record with your server name. If it doesn't you'll see a value that says "SOA" with likely your datacenters name beside it. This means that your datacenter has control over the lookup, so you'll have to contact them to set it up, as your server isn't queried when the lookup is done, even if it's correctly setup on your server.




The old fashioned/manual way to add the lookup (depreciated):

To add a reverse lookup on the IP 1.2.3.4, in your named.conf (RH: /etc/named.conf FBSD: /etc/namedb/named.conf) add


zone "4.3.2.1.in-addr.arpa" IN {
type master;
file "/var/named/hostname.db";
};
Note that the IP is written backwards (4.3.2.1).
In /var/named/hostname.db:


$TTL 0
@ IN SOA ns1.domain.com. root.domain.com. (
2004022000
7200
3600
1209600
86400 )

NS ns1.domain.com.
NS ns2.domain.com.
PTR domain.com.


Now the domain.com. that is in bold will be what is returned with the lookup. You can apply the hostnam.db file to all IPs if you want, just add one zone for each ip in the named.conf using the above method.

*Note: If you do not have authority over the reverse lookup on the IP's you'll have to contact your datacenter to get them to do it for you. This means that your server might not be used at all for the reverse lookup on the IPs.

I do not want to run DNS services on my DirectAdmin Server.

If you wish to control all DNS services on another server and do not need to run named (bind) on your DirectAdmin server, you can disable it by doing the following.

1) edit /usr/local/directadmin/data/admin/services.status
set named=OFF

2) Stop named:
RedHat:

/sbin/service named stop
chkconfig named off

FreeBSD:

/usr/local/etc/rc.d/named stop


3) Edit /etc/init.d/named (FreeBSD: /usr/local/etc/rc.d/named) and set the file to show:

#!/bin/sh
exit 0;
This will let DirectAdmin think that it's reloading named, while the script will actually do nothing.

With these changes the dns settings will still be made, but no program will be running to host them so they will have no effect.

How the multi server dns clustering works

This feature is often thought as being much more complex than it really is.

What is does, is transfers any zones on the given machine to the DA machines you add to the list.

So, if you have server A and add the IP for server B to the list, whenever you add a domain on server A, server B will receive a copy of the dns zone. Server B will now also be able to resolve the domain. Since this uses the API, nothing is needed to be setup with regards to clustering on server B to get data from server A transfered over to server B.

A sample nameserver setup would be (you can add more/change them as you need):
ns1.domain.com -> resolve to an IP on server A
ns2.domain.com -> resolve to an IP on server B

Since server B is also running a perfectly good copy of DirectAdmin, there is no reason you can't cluster it with server A as well. Login to server B, and add the IP for server A to the list. You can use the same nameserver settings that you use on A.

For each IP in the list of external dns servers, there are the options "Zone Transfer" and "Domain Check". You don't need to have these both on if the features they represent are not needed with your setup. Example, if you still use local nameservers, but just want to prevent a user from adding a domain to server A that already exists on server B, then you disable the Zone Transfer, and just leave Domain Check.

If you are moving users between server without deleteing them from the original machine, and they share the same external dns server, then you might need to disable the "Domain Check" option. Without disabling it, DA will tell you that the domain already exists in your system (on the external machine). When you disable the "Domain Check" and leave Zone Transfer enabled, DA will blindly add the domain to the exernal machine (it still checks locally of course), and will overwrite any zone information that might already be there.

If you need to transfer all of your zones from your current machine to the servers listed in your multi-server IP list, then you can type:

echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue
which will rewrite all local zone, thus triggering the transfer of them to the remote servers.

How to lower your TTL just before an IP change

When changing the IP of a domain, end users will have the old IP of the domain cached at their ISP's nameservers for a duration of the TTL (time to live). The default value is 14400 seconds (4 hours). This means, that when you change the IP of the sever, the worst case, is the end users will be using the wrong IP for 4 hours before the cache expires and the IP is recached with the correct value.

The simple way to minimize this propogation error is to lower the TTL. We'll change the TTL from 14400 to 100 seconds for all domains on your system (assuming server move). Run the following:

cd /usr/local/directadmin/data/templates
perl -pi -e 's/14400/100/' named.db
echo "action=rewrite&value=named" >> /usr/local/directadmin/data/task.queue
Wait about a minute or 2. Check your /var/named/*.db files.. the TTL should now be 100 instead of 14400. Once complete, do the same thing, but replace 100 with 14400 and 14400 with 100 in the perl command.

If you are running the for just one domain, then run the perl command in /var/named/domain.com.db, instead of the named.db file and restart named.

In both cases, you'll want to do this at least 4 hours before you actually do the IP change so that all cached values are stored for no more than 100 seconds. The nameservers will then query for the new IP every 100 seconds (instead of 4 hours), giving the end user the new IP much quicker.

Domain Already Exists

This message will appear if the domain is already on the system. The way that DirectAdmin checks to see if the domain is already on the system is by looking in the named.conf file. (RedHat: /etc/named.conf, FreeBSD: /etc/namedb/named.conf)

If you are positive that domain has not been added anywhere in DirectAdmin (use "Show All Accounts" in the Admin Panel), then it should be safe to remove the zone from the named.conf file either manully, or by removing the zone from Admin Panel -> DNS Admin. Then you should be able to add the domain.

Be sure to backup the zone if you do not wish to lose the dns data.

With the addition of the Multi Server option, dns can now be hosted on other DA servers. Ensure that any Servers you have listed in your "Admin Level -> Multi Server Setup" page also do not have the domain in their named.conf files. If you disable the "check domain" option, then that server will not be queried.

Disk Usage is showing 0.00

DirectAdmin relies on the system quotas to return a value for how much space is being used. DirectAdmin will run

/usr/sbin/repquota quota_partition
Where quota_partition is the value set in the /usr/local/directadmin/conf/directadmin.conf file. The command should output a large list of numbers, eg

[root@server]# /usr/sbin/repquota /home
*** Report for user quotas on device /dev/hda3
Block grace time: 7days; Inode grace time: 7days
Block limits File limits
User used soft hard grace used soft hard grace
----------------------------------------------------------------------
root -- 417796 0 0 7446 0 0
nobody -- 4 0 0 1 0 0
bin -- 56880 0 0 510 0 0
majordomo -- 8 0 0 2 0 0
diradmin -- 8 0 0 2 0 0
admin -- 200 0 0 44 0 0
user123 -- 100 0 0 22 0 0
user456 -- 100 0 0 22 0 0
If the "used" column is not showing anything, or users are not in the list, then you'll need to run the quotacheck program:

Redhat:

/sbin/quotaoff -a; /sbin/quotacheck -avugm; /sbin/quotaon -a;

FreeBSD:

/usr/sbin/quotaoff -a; /sbin/quotacheck -avug; /usr/sbin/quotaon -a;


If are getting errors and no output is displayed for the repquota command, you'll need to check your /etc/fstab file to make sure that it contains the rw,userquota,groupquota line beside the partition that is using the quotas.
*Important: On Linux (Redhat/Debian), it's usrquota,grpquota, and on FreeBSD it's userquota,groupquota.

Sample /etc/fstab:

# Device Mountpoint FStype Options Dump Pass#
/dev/ad0s1a / ufs rw,userquota,groupquota 1 1
/dev/ad0s1e /tmp ufs rw 2 2
proc /proc procfs rw 0 0
In this case, the quota_partition is /. The quota partition should be the partition that holds your users. Generally, this will be one of /home, / or /usr.

Once the repquota program is returning a normal value, then you can run the tally to get the correct usage to show up in DirectAdmin:

echo "action=tally&value=all" >> /usr/local/directadmin/data/task.queue

Starting sshd: /etc/ssh/sshd_config line 371: too many allow users

If you get the following error when trying to start sshd:

Starting sshd: /etc/ssh/sshd_config line 371: too many allow users
that means that there are too many "AllowUsers" lines in the file.

What you can do, is remove *all* AllowUsers lines from the /etc/ssh/sshd_config, edit /usr/local/directadmin/conf/directadmin.conf.
Change:
sshdconfig=/etc/ssh/sshd_config

to:
sshdconfig=/etc/ssh/sshd_config.plecibo

Save/exit, restart DirectAdmin.

Type:

touch /etc/ssh/sshd_config.plecibo
and then just double check one more time that there are *no* AllowUsers lines in your /etc/ssh/sshd_conf file.

Restart sshd.

What this will do is have DA add/remove users to a file that is a plecibo, which doesn't have any effect.
As long as there are no AllowUsers lines in the main /etc/ssh/sshd_config file, then all users are allowed to connect. If one or more AllowUsers lines are present in the main sshd_config file, then only those, hence the importance to not have any show up. Make fully sure you've restarted DA before leaving the system alone, else you migh allow ssh to 1 user, thus blocking root or any other user ssh access.

Note that the /etc/ssh/sshd_config file can be edited from within the Admin Level -> File Editor, so don't fret if you mess it up. You can fix it through DA.

I can't login to DirectAdmin on port 2222

If you are unable to access your server via http://1.2.3.4:2222, then 1 of 3 things is likely happening:

1. DirectAdmin might not be running or
2. You have a firewall blocking port 2222.

Number 2. is easy to check by simply running (only on redhat systems):

/sbin/service iptables stop
/sbin/chkconfig iptables off
Then test directadmin again.

If that didn't fix it, then you'd need to check your /var/log/directadmin/error.log to check for any errors as to why it isn't starting:

tail /var/log/directadmin/error.log
Common problems are:
1. Incorrect ethernet_dev set in the /usr/local/directadmin/conf/directadmin.conf file.
2. Invalid license, either due to wrong uid/lid, IP, or date. Try: Updating your DirectAdmin License manually
3. Binaries for a different operating system.

You can always try running DirectAdmin by hand (if it's not already running) to see what the problem is.

cd /usr/local/directadmin
./directadmin b200
to start it in the terminal with debug level 200. Use Ctrl-C to stop.

I want apache 2.0, php 5 and mysql 5

DirectAdmin essentially will work with any version of the software you want (within reason). You can use these newer versions of the software should you with to have them.


To convert apache 1.3 to apache 2.0, use this guide:
directadmin.com/features.php?id=441


For php 5, use this guide (after you are running the apache version you want to have):
help.directadmin.com/item.php?id=135


Regarding MySQL 5.0, you must first decide if you are eligible for the version change. If you are running MySQL 4.1.x or higher, then there won't be any issues. If you are running MySQL 4.0.x or lower, then you have to take note of the following:

There passwords and table format changes between 4.0 and 4.1. Updating tables to the 4.1 format is not too difficult after the update is done:

mysql_fix_privilege_tables --user=da_admin --password=`cat /usr/local/directadmin/conf/mysql.conf | grep passwd |cut -d= -f2`
**However**, the password format cannot be converted to the new password format in 4.1. You have 2 choices:
1) After updating, go through all MySQL accounts and resave their passwords. You will need to know their plaintext password to do this. This is ideal so that you are using the latest formats and do not need to worry about compatibility issues with future releases.
2) Retain the old password formats and tell the new version of mysql to use those old formats by adding:

[mysqld]
old_passwords
into your /etc/my.cnf file, then restart mysqld. You will need to create this file.
This 2nd option is good to save time, but if you ever need to transfer the accounts to a new server already running MySQL 4.1 or igher, you will need to resave all mysqld password for that transferred account. The MySQL server should have all passwords in the same format.. either the new one, or the old one. If there are already account in the new format, you need to resave the passwords to it.
Related guide: directadmin.com/features.php?id=466

Once you've decided if the update is for you, use these guides to do it:

FreeBSD/Debian:
help.directadmin.com/item.php?id=106
You will need to get the binaries for your particular OS version. If you cannot file them on files.directadmin.com/services, then go to dev.mysql.com and download the binaries for your system. We do not have any special compile options, and we use all stock binaries from dev.mysql.com whenever possible. **Note** that the guide there contains freebsd binaries. Debian binaries would have to be downloaded if you use Debian. The same instructions apply.

Redhat/Fedora/CentOS (anything with rpms):
Conversion with rpms is quite easy (note the above notices about moving from 4.0 to 4.1 or higher still apply).
Download the 4 MySQL rpms that you want to use, either from files.directadmin.com or from dev.mysql.com. You'll need the server, client, shared and devel rpms. You must not have any mismatched versions. We recommend generic i386 rpms. If you have 64-bit system, then you'll need binaries specific to your system (dev.mysql.com has everything you'll need)
Use wget to download all 4 rpms, then use "rpm -Uvh file.rpm" to update/install them, for example:

mkdir mysql
cd mysql
wget http://files.directadmin.com/services/all/mysql/MySQL-client-5.0.37-0.i386.rpm
wget http://files.directadmin.com/services/all/mysql/MySQL-devel-5.0.37-0.i386.rpm
wget http://files.directadmin.com/services/all/mysql/MySQL-server-5.0.37-0.i386.rpm
wget http://files.directadmin.com/services/all/mysql/MySQL-shared-5.0.37-0.i386.rpm
rpm -Uvh MySQL-*-5.0.37-0.i386.rpm
/sbin/service mysqld restart
Again, keep in mind any changes you may need to do to your database to make this version work.

If you have a clean DirectAdmin install without any databases on it yet and you wish to install the new version, it would likely be easier to use this guide to move cleanly to the version you want: help.directadmin.com/item.php?id=96. It will install all data and passwords after deleting the previous data (hence, youll need a new install first because any databases are going to be lost). For the guide, you'd replace the 4.0 rpms used in the example and simply downoad the 5.0.x version mentioned above.

It's also recommended you do a full php recompile to load in MySQL's current version of the client libraries. Hence, if you are going to be updating php anyway, do MySQL first.