Archive for the ‘Linux’ Category

Howto check sites consuming additional resources in apache webserver

Saturday, February 2nd, 2013

We were facing an httpd process overload problem that was occurring frequently every week on our server. The server is a shared hosting server holding Over 300 domains with Apache 2.2.3, MySql 5.0.45 and PHP 5.2.6. Occasionally httpd process were getting timed out, consuming 90% to 100% CPU load alone.  Some PHP or Perl script that may be using too much of memory and CPU, but it was not possible or to check each and every script or put 300 domains offline one by one or remove any suspicious scripts because of that, since this was a production server.

“top” command returns only Apache’s child process, which is not as much helpful because it does not provide website name.  But there is a way or a tool to trace down the name of the website that is causing the overload.

The Status module (mod_status) allows a server administrator to find out how well their server is performing. A HTML page is presented that gives the current server statistics in an easily readable form. If required this page can be made to automatically refresh.

The details given are:

* The number of children serving requests.
* The number of idle children.
* The status of each child, the number of requests that child has performed and the total number of bytes served by the child (*)
* A total number of accesses and byte count served (*).
* The time the server was started/restarted and the time it has been running for
* Averages giving the number of requests per second, the number of bytes served per second and the average number of bytes per request (*).
* The current percentage CPU used by each child and in total by Apache (*).
* The current hosts and requests being processed (*).

Details marked “(*)” are only available with ExtendedStatus On.

Configure Apache mod_status

Open your httpd.conf file:

# vi /etc/httpd/conf/httpd.conf

Append / modify (or uncomment) directives as follows:

ExtendedStatus On

<Location /server-status>

SetHandler server-status

Order deny,allow

Deny from all

Allow from 10.0.0.0/8

</Location>

Replace 10.0.0.0/8 with your Network IP range or workstation IP address. Save and close the file. Restart httpd server:

# service httpd restart

For full status report type:

# service httpd fullstatus

To view status report type URL – http://Server IP/server-status

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
 Loading ... Loading ...

Tags:
Posted in Linux | No Comments »

Mail Queue monitoring for Qmail and Postfix email servers

Monday, June 11th, 2012

Mail Queue monitoring is a big task for any organization running a busy mail server. Failure to do in a timely manner may lead a huge mail queue of SPAM mails or Bulk mail in the queue, which slows down the delivery of genuine mails in the queue. There are few third party tools and inbuilt command is available to monitor the mail queue in Qmail or Postfix mail server.

Qmail Server Mail Queue monitoring overview:

/var/qmail/bin/qmail-qstat will show current processed or unprocessed mail in the queue. This is a qmail inbuilt command.

/var/qmail/bin/qmail-qread will show a brief details of queued mails, like delivery address and mail type (remote/local).

These are only inbuilt command in Qmail for mail queue monitoring.

There are few third-party tools available for Qmail for mail queue monitoring.

qmHandle is a simple program which allows you to view and manage the Qmail message queue. The software will work on every Unix platform with Perl installed and Qmail installed.

qmHandle Installation:
# wget http://optusnet.dl.sourceforge.net/sourceforge/qmhandle/qmhandle-1.3.2.tar.gz
# tar -xvzf qmhandle-1.3.2.tar.gz
# cp qmHandle /usr/bin/

Now run the command as
# qmHandle

Available parameters:
-a       : try to send queued messages now (qmail must be running)
-l       : list message queues
-L       : list local message queue
-R       : list remote message queue
-s       : show some statistics
-mN      : display message number N
-dN      : delete message number N
-fsender : delete message from sender
-f’re’   : delete message from senders matching regular expression re
-Stext   : delete all messages that have/contain text as Subject
-h’re’   : delete all messages with headers matching regular expression re (case insensitive)
-b’re’   : delete all messages with body matching regular expression re (case insensitive)
-H’re’   : delete all messages with headers matching regular expression re (case sensitive)
-B’re’   : delete all messages with body matching regular expression re (case sensitive)
-t’re’   : flag messages with recipients in regular expression ‘re’ for earlier retry (note: this lengthens the time message can stay in queue)
-D       : delete all messages in the queue (local and remote)
-V       : print program version

You can view/delete multiple message i.e. -d123 -v456 -d567

The Qmail-Remove utility will remove messages containing a particular string from your Qmail queue.

Qmail-Remove Installation:
# wget http://www.linuxmagic.com/opensource/qmail/qmail-remove/qmail-remove-0.95.tar.gz
# tar –zxvf qmail-remove-0.95.tar.gz
# mkdir /var/qmail/queue/yanked
# make ; make install

Now for deleting mail containing a particular IP Address run:

# qmail-remove -p 111.111.111.11 –v -d

You can change the IP address with a word string also  e.g.

# qmail-remove -p your- string -v -d

# qmail-remove -p your- string -v -r

This will yanked the mails instead of permanent delete.

Postfix Server Mail Queue monitoring overview:

List/Print current mail queue

# postqueue –p
# mailq

Flush the queue

# postqueue -f

Schedule immediate delivery of all mail that is queued for the named as domain.come.

# postqueue -s domain.com

TO delete all queue

# postsuper -d ALL

To delete a particular message

# postsuper -d messageid

Postfix inbuilt tools are pretty good for monitoring the mail Queue.

That’s all, for all my System Admin friends. I will keep posted for other useful article soon. Keep browsing :) .

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
 Loading ... Loading ...

Tags: , , , , ,
Posted in Linux | No Comments »

Auto shutdown script for Xen VMs on XenServer

Monday, September 5th, 2011

In case of a scheduled maintenance which requires your Xen VMs to be shutdown on your Xen server when you are not available, the following script should can be put to use:

Create a script as allvmshutdown.sh with 755 permissions and add the list of VMs as in the example script:

#!/bin/bash
xe vm-shutdown vm=VM1
xe vm-shutdown vm=VM2
xe vm-shutdown vm=VM3
xe vm-shutdown vm=VM4
xe vm-shutdown vm=VM5
xe vm-shutdown vm=VM6
xe vm-shutdown vm=VM7
xe vm-shutdown vm=VM8
xe vm-shutdown vm=VM9
xe vm-shutdown vm=VM10

To get a list of VMs on the server, run the command #xe vm-list from the command line, which will list the VMs hosted on your Xen host.

Now you just need to add a cron entry to schedule this job. For example, to run script at 02:00 am on Sunday:

crontab -e
*   02 *    *    0           /scripts/allvmshutdown.sh

Note: Do ensure that the script is commented or removed from the crontab, after the maintenance has been completed to prevent this script from recurring.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
 Loading ... Loading ...

Tags: ,
Posted in Linux, Virtualisation | No Comments »

Integrating ICICI Payment Gateway in Linux with Plesk or Cpanel

Thursday, May 5th, 2011

After multiple attempts we have finally being successful in integrating the ICICI Bank online payment gateway in our Linux severs with Plesk and cPanel. Below are the steps that may help you in configuring the same on your server.

Configuration for PLesk

1. Download the SFA files from the ICICI merchant area and extract on the webserver under ICICI folder.
Extract the sfa.jar file in “SFA_Dependencies” and edit the sfa.properties file with the following entries:
verbose=true
Key.Directory=/var/www/key
OS.Type=UNIX
traceLog=/var/log/tomcat5/icici.log
2. Copy the ICICI JAR files from “SFA_Dependencies” folder to the following folders
  • JAR Files to copy: cryptix32.jar, jcert.jar, jnet.jar, jsse.jar, servlet.jar, sfa.jar
  • Copied jar files to  /usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/ from /var/www/vhosts/domainname.com/httpdocs/ICICI/SFA_Dependencies [run this stape after installation of JavaBridge]
  • Reset permissions to these files to tomcat:tomcat under the lib folder
  • Also copy the jar files to /usr/share/tomcat5/common/lib folder
  • Change the owned and group of copied files as per the existing folder owner (Optional and ensure having 777 permissions on the above folder).
3. Download JavaBridge from below URL
  • # wget http://sourceforge.net/projects/php-java-bridge/files/Binary%20package/php-java-bridge_6.2.1/php-java-bridge_6.2.1_documentation.zip/download
Install JavaBridge with the following steps:
  • Unzip the php-java-bridge_6.1.2.1_documentation.zip
  • # java -classpath JavaBridge.war TestInstallation
  • # cp JavaBridge.war /var/lib/tomcat5/webapps/.
  • # service tomcat5 restart
  • Test the installation at http://plesk02.diadem-tech.com:8080/JavaBridge
Reference URLs:
  • http://php-java-bridge.sourceforge.net/pjb/tomcat6.php
  • http://php-java-bridge.sourceforge.net/pjb/installation.php
4. Edit the file /var/lib/tomcat5/webapps/JavaBridge/WEB-INF/cgi/php.ini with below lines.
;; -*- mode: Scheme; tab-width:4 -*-
;; A simple php.ini
;; extension_dir is this “cgi” directory
extension_dir=.
;; include php libraries from these directories
include_path=.:/usr/share/pear
java.classpath = /usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/cryptix32.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jcert.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jnet.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jsse.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/servlet.jar;/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/sfa.jar;
5. Edit /root/.bash_profile to set CLASSPATH as env variable and add the below lines.
include_path=.:/usr/share/pear
CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/cryptix32.jar;
CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jnet.jar;
CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/servlet.jar;
CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/sfa.jar;
CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jcert.jar;
CLASSPATH=$CLASSPATH:/usr/share/tomcat5/webapps/JavaBridge/WEB-INF/lib/jsse.jar;
export include_path
export CLASSPATH
Run the following commands from shell:
  • #. .bash_profile to set the environment variable.
  • # env to check the environment variables.
  • # service tomcat5 restart – Tomcat restart
6. Configure Tomcat to use SUN Java
  • # vim /etc/sysconfig/tomcat5
Comment the existing JAVA_HOME and add the below line
JAVA_HOME=”/usr/java/jdk1.6.0_20/” (The JDK version will change as per the installed version)
Restart Tomcat
  • # touch /var/log/tomcat5/icici.log
  • # chown tomcat.tomcat /var/log/tomcat5/icici.log
7. Stop Apache and Tomcat and then copy the following key files to the /var/www/key directory:
  • 0000XXXX.key
  • intermediate.cer
  • payseal.icicibank-chain-bundle.cer
The .cer files can be found under the cert_bundle folder provided by ICICI. The key file also needs to be downloaded from the merchant admin site or provided by ICICI.
  • Start Apache and Tomcat.
Run the following keyrestore command from the /var/www/key folder:
# keytool -import -alias pgIntermediateCA -file ./intermediate.cer -keystore /usr/java/jdk1.6.0_12/jre/lib/security/cacerts -storepass changeit
This might give an error like keytool error: gnu.javax.crypto.keyring.MalformedKeyringException: incorrect magic which can be ignored.
8. Update the TestSSL.php page and change the response URL and use the updated file:
$oMerchant->setMerchantDetails(“0000XXXX”,”0000XXXX”,”0000XXXX”,”193.545.34.33″,rand().”",”Ord123″,”http://10.10.10.147:8756/SFAResponse.php”,”POST”,”INR”,”INV123″,”req.Preauthorization”,”100″,”",”Ext1″,”true”,”Ext3″,”Ext4″,”Ext5″);
Also in SFAResponse.php and “./Sfa/PostLibPHP.php” file on line 2 would also change from
‘ require_once(“java/Java.php”);’ to ‘ require_once(“java/Java.inc”);’
Test the TestSSL and Testjava pages
  • http://domainname.com/ICICI/SFAClient/TestPages/testjava.php
  • http://domainname.com/ICICI/SFAClient/TestPages/TestSsl.php
Hopefully the above links would work and the error output log can be checked at:
  • # tail –v –f /var/www/vhosts/pgtest.domainname.com/statistics/logs/error.log

cPanel configuration

For cPanel you need to install Tomcat and FastCGI module in PHP to run ICICI PG, below are the steps.
1. Login WHM with root user
2. In the Main page  click on Software and then EasyApache (Apache Update)
3. Go through each step as follows.
a) Click “Start customizing based on profile”
b) Select Apache Version – Click Next to proceed with the current version.
c) Select PHP Major Version – Click Next to proceed with the current version.
d) Select PHP Minor version – Click Next to proceed with the current version.
e) Short option list – Click “Exhaustive Options List” to view full options.
Exhaustive Options List – From here you can select the PHP modules you needed
Select mod_fcgid (FCGI module for Apache), FCGI and Tomcat (you can also select other PHP module for future requirement e.g. GD, SOAP, curl, Zend, Zlib, Zip bizip, MySQLi )
f) Click “Save & Build” to start apache-php compilation.
4. Once the compilation over you can verify the installed PHP modules using the following command.
# php –m
And Tomcat from the URL: http://server ip:8080
5. After the installation of Tomcat defines the following important environment variables in /root/.bash_profile
CATALINA_HOME=/usr/local/jakarta/tomcat
CATALINA_BASE=/usr/local/jakarta/tomcat
JAVA_HOME=/usr/local/jdk/
export CATALINA_HOME CATALINA_BASE JAVA_HOME
Now run “#. .bash_profile” command from shell to set the environment variable.
All done now start the ICICI Payment Gateway Integration same as Plesk steps. Only the tomcat path is different i.e. /usr/local/jakarta/tomcat.

Tags: , ,
Posted in Linux, PHP/MySQL, Plesk Control Panel | 4 Comments »

CSF/LFD firewall installation guide for Plesk

Monday, April 25th, 2011

Config Server Firewall (csf) and Login Failure Daemon (lfd) is a robust firewall solution having Stateful Packet Inspection (SPI), Login/Intrusion Detection and Security application for Linux servers. Although it is more compatible with CPanel we have been able to use the same for the Plesk hosting control panel also and it is running fine. Please visit the below link for more information.

http://www.configserver.com

I have listed the installation steps for CSF / LFD.Login to your server with ‘root’ user and issue below commands :

Change directory to either /root or /usr/local/src , which ever you normally use for such installations

# cd /usr/local/src

[Remove any old source that might be present]

Download and untar the source for installation

# wget http://www.configserver.com/free/csf.tgz
# tar -xzf csf.tgz

Run installation script

# cd csf
# sh install.sh

Once the installation complete, you can run the below scripts provided by vendor to check if your server/vps has required iptables modules available :

# perl /etc/csf/csftest.pl

CSF provides the script to remove the other popular combination I talked about above i.e. apf/bfd, The below script will remove apf/bfd from your server/vps.

# sh /etc/csf/remove_apf_bfd.sh

Common setting for incoming/outgoing TCP/IP and UDP connection.

ETH_DEVICE = “eth1″

ETH_DEVICE_SKIP = “eth0″

# Allow incoming TCP ports
TCP_IN = “20,21,25,53,80,106,110,111,143,443,465,587,865,873,993,995,8443,8880″

# Allow outgoing TCP ports
TCP_OUT = “20,21,22,25,80,110,443,43,873,8443″

# Allow incoming UDP ports
UDP_IN = “53,111,123,230,631,859,862,2109,5353″

# Allow outgoing UDP ports
# To allow outgoing traceroute add 33434:33523 to this list
UDP_OUT = “20,21,53,113,123,2109″

# Allow incoming PING
ICMP_IN = “1″

# Set the per IP address incoming ICMP packet rate
# To disable rate limiting set to “0″
ICMP_IN_RATE = “0″

# Allow outgoing PING
ICMP_OUT = “1″

# Set the per IP address outgoing ICMP packet rate
# To disable rate limiting set to “0″
ICMP_OUT_RATE = “0″

# Enable login failure detection daemon (lfd).
LF_DAEMON = “1″

For allowing Qmail in CSF alter below setting(s)

SMTP_BLOCK = “1″
SMTP_ALLOWLOCAL = “1″
SMTP_PORTS = “25,587″
SMTP_ALLOWUSER = “qmaild,qmaill,qmailp,qmailq,qmailr,qmails”
SMTP_ALLOWGROUP = “qmail,nofiles,mail,mailman”

Set CSF/LFD reporting FROM/TO ID as below [**** Need to set for Plesk]

LF_ALERT_TO = “supportteam@diadem.co.in”
LF_ALERT_FROM = “csf_LFD@diadem.co.in”

Allowing third party block list checking

# Enable IP range blocking using the DShield Block List at
LF_DSHIELD = “86400″

# Enable IP range blocking using the Spamhaus DROP List at
LF_SPAMHAUS = “86400″

# Enable IP range blocking using the BOGON List at
LF_BOGON = “86400″

Now Add the LFD ignore list for qmail/plesk mail user/process in csf.pignore file.

# vim /etc/csf/csf.pignore

#### Custom for Plesk ####
user:admin
exe:/var/qmail/bin/qmail-smtpd
exe:/usr/bin/imapd
exe:/var/qmail/bin/qmail-queue
exe:/usr/bin/pop3d
exe:/var/qmail/bin/qmail-send
cmd:qmail-send
cmd:/usr/bin/pop3d Maildir
cmd:/var/qmail/bin/qmail-queue
cmd:/var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
cmd:/usr/bin/imapd Maildir
exe:/var/qmail/bin/qmail-rspawn
cmd:qmail-rspawn
exe:/var/qmail/bin/qmail-clean
cmd:qmail-clean
exe:/usr/sbin/clamd
cmd:clamd
exe:/var/qmail/bin/splogger
cmd:splogger qmail
exe:/var/qmail/bin/qmail-remote.moved
user:qmaill
user:popuser
user:qmaild
user:qmails
user:qmailr
user:qmailq
user:qscand
exe:/usr/sbin/avahi-daemon
user:avahi
exe:/usr/local/sbin/zabbix_agentd
cmd:/usr/local/sbin/zabbix_agentd
user:zabbix
exe:/usr/bin/sw-engine-cgi
cmd:/usr/bin/sw-engine-cgi
user:sso
exe:/usr/sbin/sw-cp-serverd
cmd:/usr/sbin/sw-cp-serverd -f /etc/sw-cp-server/config
user:sw-cp-server
exe:/usr/bin/sw-engine-cgi
cmd:/usr/bin/sw-engine-cgi -c /usr/local/psa/admin/conf/php.ini -d auto_prepend_file=auth.php3 -u psaadm
user:psaadm
exe:/usr/libexec/mysqld
cmd:/usr/libexec/mysqld –basedir=/usr –datadir=/var/lib/mysql –user=mysql –pid-file=/var/run/mysqld/mysqld.pid –skip-external-locking –socket=/var/lib/mysql/mysql.sock
user:mysql
exe:/usr/libexec/hald-addon-acpi
exe:/usr/sbin/hald
cmd:hald
user:haldaemon
exe:/usr/bin/postgres
user:postgres
exe:/sbin/portmap
cmd:portmap
user:rpc
exe:/usr/bin/xfs
cmd:xfs -droppriv -daemon
user:xfs
exe:/usr/bin/python
cmd:/usr/bin/python /usr/lib/mailman/bin/qrunner –runner=VirginRunner:0:1 -s
user:mailman
exe:/usr/java/jdk1.6.0_20/bin/java
user:tomcat

Note: You may need to add few more process/user as per your requirement.

Now start the CSF

# csf -s

Restart LFD

# service lfd restart

Installation is done, now check the website, mail  and other services(s) and disable TESTING mode and restart CSF/LFD

# csf -r
# service lfd restart

I will list below some of very common commands you will need to use/manage csf firewall :

Enabling the firewall

# csf –enable OR
# csf -e

Disabling the firewall

# csf –disable
# csf -x

Starting firewall / applying rules

# csf –start
# csf -s

Stopping firewall / flushing rules

# csf –stop
# csf -f

Adding an IP in firewall

# csf -d 2.3.4.5 “Reason for blocking the IP”
# csf –deny 2.3.4.5 “Reason for blocking the IP”
where 2.3.4.5 is the IP you want to block.

Removing IP from deny list

# csf -dr 2.3.4.5

1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
 Loading ... Loading ...

Tags: , ,
Posted in Linux, Plesk Control Panel | 3 Comments »

Vmware Zimbra – The open source messaging alternative to Google Apps and MS Exchange

Friday, February 18th, 2011

Zimbra Collaboration Server (www.zimbra.com) is a fully featured open source messaging and collaboration application that supports email messaging,  group calendars, blackberry sync and other features using an advanced Ajax web interface that enables tool tips, drag-and-drop items, advanced searching capabilities and right-click menus in the UI. The software consists of both client and server components. Two versions of Zimbra are available: an open-source version, and a commercially supported version (“Zimbra Network”) with closed-source components such as a proprietary connector to Outlook for calendar synchronization. Zimbra has been bought over from Yahoo by Vmware and they have recently released ver 7 of the Zimbra Open source and Network editions on their website.

The Zimbra Server uses several open source projects e.g. Postfix, MySQL, OpenLDAP, Apache Tomcat (replaced by Jetty since 5.0), ClamAV, SpamAssassin, AMaViS and Amavisd-new, DSPAM, Aspell, etc. It exposes an Application programming interface (API) to all its functionality and also is an IMAP and POP3 server. The server runs on many distributions of Linux as well as on Mac OS X.

Zimbra can synchronize mail, contacts, and calendar items with open-source mail clients such as Novell Evolution and also with proprietary clients such as Microsoft Outlook and Apple Mail, but only through proprietary connectors available exclusively in the commercially supported version (“Zimbra Network Edition”). Zimbra also provides native two-way sync to many mobile devices (Nokia Eseries, BlackBerry, Windows Mobile, iPhone with 2.0 software).

Zimbra can be an ideal mail server for your organization if you are having more than 50 users and if your users require the advanced collobaration features which a groupware can offer (calendaring, shared folders, appointment tracking, web based UI, etc.). As it has full POP3 and IMAP support alongwith a robust spam filter (it segregates the suspected spam mails in a junk folder so that users can review the mails and mark the false positive mails as ‘not junk’), its very useful at organisations who want to stomp out spam mail but need the option to verify the mails which have been tagged as spam (akin to most web based email services). We have successfully implemented Zimbra for several of our clients in a virtualised environemnt and  it works well with just 2 GB RAM and Multicore processor for upto 100 users.

We have also recently migrated one of our client’s 12 GB mail box to the Zimbra Server with a single script as given below.

To migrate the mails, first you need to create all your mailboxes in zimbra server.

And after that move all your messages from Plesk Server to Zimbra server in a same folder structure.

To backup from Plesk server follow the steps.

# cd /var/qmail/mailnames/
# tar -zcvf /your/path/domain.tgz domain.com

Now move the backup file (domain.tgz) to Zimbra server with SCP or Samba share (or any other method) which ever is available. Go to the path where you have copied the backup file and extract the backup file.

# cd /your/path
# tar -zxvf domain.tgz

It will look like something as below when you list the extracted folder.

domain.com/user1
domain.com/user2

Now copy the below script in domain folder as ‘mailexport.sh’ and grant execution permission and run the script. It will add all your mails from Inbox and other custom folder to Zimbra server mailbox.

#!/bin/bash
#
# Maildir to Zimbra import
# Drop in your user root and run as superuser.
#

domain=”domain.com” # change to your domain!

for user in `ls -d1 */|sed s/\\\///`
do
echo
echo “User $user”
echo
#
#
find $user -maxdepth 10 -type d -name cur | while read line;
do
folder=`echo ${line}|cut -f3 -d”/”|sed s/\\\.//`
line2=`echo ${line/%cur/new}`
echo “FOLDER $folder”
if [ "$folder" = "cur" ]
then
/opt/zimbra/bin/zmmailbox -z -m $user@$domain addMessage Inbox $PWD/$user/Maildir/cur
/opt/zimbra/bin/zmmailbox -z -m $user@$domain addMessage Inbox $PWD/$user/Maildir/new
else
if [ "$folder" != "Sent" ] && [ "$folder" != "Drafts" ] && [ "$folder" != "Junk" ] && [ "$folder" != "Trash" ]
then
/opt/zimbra/bin/zmmailbox -z -m $user@$domain createFolder “/$folder”
fi
/opt/zimbra/bin/zmmailbox -z -m $user@$domain addMessage “/$folder” “${PWD}/${line}”
/opt/zimbra/bin/zmmailbox -z -m $user@$domain addMessage “/$folder” “${PWD}/${line2}”
fi
done

done

All done now you can get your old mails within the Zimbra server. If you are looking at an alternative messaging alternative to either Google Apps, MS Exchange or simply need a more robust messaging solution, the Zimbra collaboration suite (open source or network editions) could be a suitable solution to meet your needs.

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
 Loading ... Loading ...

Tags: , ,
Posted in Linux, Mail Service | No Comments »

Email and server security features on Diadem servers

Thursday, October 14th, 2010

Diagram of Various Tiers of security in datacenter network and at server level

security


At Diadem Technologies we take extreme precaution and safeguard of our mailing services to ensure continuous and reliable availability of our mailing services to our clients. We have all our servers located in the world’s leading datacenter which has a very secure environment with various levels of physical and hardware based protection to keep your data safe from different attacks and vulnerabilities. The servers have multi core Xeon processers and have RAID10 array of HDDs for complete data redundancy so that a hard disk crash would not affect the server operations and would not result in any loss of data on the server.

The servers are restricted to be accessed via the Public network so that no unauthorized access to the servers can be made. We use a secure encrypted VPN (virtual private network) connection that connects to the private backend network and hence the servers are only accessible to the legitimate admin users at our end.

For network level protection we have in place perimeter hardware firewalls by CISCO systems to block external threats along with CISCO GUARD DDOS (Distributed Denial of service) and CISCO Tipping point IPS (Intrusion prevention system). CISCO GUARD DDOS protects from requests that make a computer resource unavailable to its intended users and brings down the server to halt. CISCO Tipping point IPS is an advanced Intrusion prevention system that is used extensively in critical networks to monitor network and/or system activities for malicious or unwanted behavior and can react, in real-time, to block or prevent those activities. Network-based IPS, for example, will operate in-line to monitor all network traffic for malicious code or attacks. When an attack is detected, it can drop the offending packets while still allowing all other traffic to pass.

After passing through the various levels of security mentioned above we have more additional security features on the physical server for protecting the server /server applications and the inbound and outbound mails.

  • At the server we have robust software based firewalls that have been customized to add another level of security in the server.
  • We have SMTP connection tracking system to check all the connections that are being made to the server for sending or receiving mails. At this level various parameters of a mail are checked like if the IP of the sender is blacklisted in any third party Anti SPAM website, if the sender has a valid mail server, if the reverse DNS of the sender email server is valid.
  • We have enabled greylisting on the server to cut down on SPAM mails before they can enter the server. We have advanced content filtering along with anti spam software, antivirus, malware and anti root kit signatures that are updated regularly to block emerging threats immediately.
  • Once the mail is scanned with the above filters, we implement a new and unique technique to authorize defined servers only to server your emails through the use of SPF records. Any other servers would not be able to send or receive any mail on behalf of your domain. This will cut down spoofing of your emails.
  • At the last stage we have SMTP authentication enabled that allows mails to be relayed through our servers only for those who are intended to send mails hence reducing the unwanted relaying of mails.

The above illustration highlights our commitment to ensure that we provide our clients with the best of breed technologies to ensure spam free, virus free, efficient and continuous availability of our mailing services for their operations.

If you are interested in knowing more about our web hosting services and plan details, you can look us up at www.diadem.co.in.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
 Loading ... Loading ...

Tags: ,
Posted in Linux, Web Hosting | 1 Comment »

Some useful Linux shell commands

Monday, September 13th, 2010

Below are some useful commands in Linux (applicable for RedHat Enterprise Linux, Fedora and CentOS) for regular server admin activities.

  • To find a word string in the files under a folder(s).

# find . | xargs grep ‘your-string’ -sl

  • To get the disk usages for the individual sub-directory run:

# ls -d /your/path/* | xargs du -sH

  • Replace a word string with another word string in all files in a folder.

Using ‘sed’ command:
# sed -i ‘s/ string1/ string2/g’ *.html

Using ‘find’ command:
# find ./ -type f -exec sed -i ’s/string1/string2/’ {} \;

  • When you deleting huge number of files in a folder, you might receive an error like “/bin/rm: Argument list too long”, do this instead “rm -rf” command:

# find . -name ‘*.ext’ | xargs rm

  • If you want to delete 20 days older files in folder, you can use the find command as below for your job.

This commands to list the files older than 20 days:
# find /path/folder1 -mtime +20 -type f -exec ls -d1 {} \;

Delete the files older than 20 days:
# find /path/folder1 -mtime +20 -type f -exec rm -rf {} \;
OR
# find /path/folder1 -mtime +20 -type f -ok rm -rf {} \;

You can change the older days count by increasing or decreasing the number and the file or folder by specify the “-type d” for folder.

  • Changing File or folder permission for multiple files and folder with the command
    chmod -R 777 /path/folder1/* is a risky affair, if you miss the path of folder or file the command would applicable to the root (/) folder and that can result a some wrong permission in system file/folder which leads a vulnerable system. Instead of using the “chmod” command directly, you can use it with find command for a safer modification.

For folders permission:
# find . -type d -exec chmod 555 {} \;

For files permission:
# find . -type f -exec chmod 444 {} \;

These are the most frequently used commands in Linux for day to day activities, thank you for your visit and please feel free to share any additional linux commands which you find useful :) .

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 3.00 out of 5)
 Loading ... Loading ...

Tags:
Posted in Linux | 2 Comments »

64 bit Linux Hosting – Now Available

Wednesday, June 2nd, 2010

Keeping in view the ever growing needs of our clients for faster and higher performance web hosting servers, we have recently provisioned our first 64 bit Linux Web Hosting Server which is deployed with the 64-bit RHEL 5 Enterprise OS.

64 bit web servers are a significant step up in computer architecture and deliver higher performance, security and reliability of hosted web applications on such servers.  Here is the hardware configuration of our new 64 bit Linux (RHEL 5) server:

  • Quad Core Intel Xeon 5520 Processor
  • 6 GB DDR 1333 Registered RAM
  • 64 bit RHEL 5 OS and applications
  • Raptor 300 GB 10K RPM HDDs
  • RAID 10 Disk Array
  • Plesk 9.5 Control Panel

This shiny new 64 bit server is ready to host your website and unleash the power of the 64 bit computing platform for your website, email and hosted apps. You can view our 64-bit Linux Hosting Plans online get in touch with us for any queries on our plan features.

Reference: Wikipedia – 64 bit

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
 Loading ... Loading ...

Posted in Linux | No Comments »

http port 80 redirection

Saturday, March 20th, 2010

If you want to redirect all incoming TCP traffic on port 80 to a custom port say 8089 on the local machine, then xinetd is a good option. Xinetd, the Extended Internet Daemon, is an open-source super-server  daemon which runs on many Unix-like  systems and manages Internet-based connectivity.

Follow the below steps redirect to the 80 port.

Login to your Linux server as super user i.e. ‘root’.

Create a file under /etc/xinetd.d/ folder as http_redirector

# vi /etc/xinetd.d/http_redirector

Now add the following entries in the files.

service http_redirector
{
type = UNLISTED
disable = no
socket_type = stream
protocol = tcp
user = root
wait = no
port = 80
redirect = 127.0.0.1 8089
log_type = FILE /tmp/httpredirector.log
}

Restart the xinetd service.

# service xinetd restart

That’s all you are done.

Tags: , ,
Posted in Linux, Web Hosting | 1 Comment »