Archive for the “Plesk” Category

APPLIES TO:

  • Parallels Plesk Panel for Linux/Unix

Symptoms

The following error occurs during domain deleting in Plesk CP:

ERROR: PleskUtilException webstatmng is failed –unset-config –domain-name=domain.tld –stat-prog=

or during domain page accessing:

 

Error: Unable to update hosting preferences: hosting update is failed: webstatmng is failed –unset-config –domain-name=guide2care.com –stat-prog=

Cause

This error means that incorrect value was specified in the ‘webstat’ field of the ‘hosting’ table in ‘psa’ database.

Resolution

The ‘webstat’ field can be set to ‘none’,'webalizer’ or ‘awstats’ values. To solve this problem, update ‘webstat’ field in ‘psa.hosting’ table for the problem ‘DOMAIN’ with the query like:

mysql -Ns -uadmin -p`cat /etc/psa/.psa.shadow` psa -e 'update domains d, hosting h set h.webstat="none" where h.dom_id=d.id and d.name="DOMAIN"'

Note, “DOMAIN” should be replaced with the real domain name.

Note, if you use MySQL 3.x, the query should be spilt in two:

select id from domains where name="DOMAIN";
update hosting set webstat="none" where dom_id="DOMAIN_ID";

Where DOMAIN_ID is the number that you get after the first query.

Backup domains statistics directory (HTTPD_VHOSTS_D/DOMAIN/statistics/).

After that you will be able to delete domain or access it through Plesk CP and manage webstat on the domain’s hosting setup page.

http://kb.parallels.com/1726

Comments No Comments »

If you try and export a DB in plesk and get the error message:

File not Found
can’t find the file at https://xx.xx.xx.xx:8443/domains/databases/phpMyAdmin/export.php.

Then chances are that the memory_limit for php is too low for the operation. The simple solution is to SSH into the server and do the following:

Go to : /usr/local/psa/admin/conf/
Edit : php.ini
and increase memory_limit, a good level is 512MB
restart plesk control panel (/etc/init.d/psa stop/start)

Once you restart the plesk control panel test the export once more. It should now work.

Comments No Comments »

So, I recently had to set-up Plesk as a backup MX server and I found the following article quite usefull.

Step 1
Log into the server you want to make a backup MX

Step 2
For every domain you want forwarded to the primary server, add it to the file/var/qmail/control/morercpthosts . If the file doesn’t exist, create it and add each domain on a new line with no www behind it, so for example:

domain1.com
domain2.com

Step 3
Now run /var/qmail/bin/qmail-newmrh which creates a binary file called /var/qmail/control/morercpthosts.cdb

Step 4
For every domain you added to morercpthosts, you must add an entry to /var/qmail/control/smtproutes(create it if it doesn’t exist), but you should add it in this format:

<DOMAIN>:<IP of DOMAIN>:<PORT>

Note that the port is optional, and can be used if your mail server port isn’t 25. So for example, the file that corresponds to my exampls morercpthosts file would be:

domain1.com:123.123.123.123:25
domain2.com:123.123.123.123:25

Step 5
Now, go into plesk and disable mail on the accounts you want to apply the backup MX feature to. You can do this two ways, in bulk or one by one.

To do this in bulk, go to domains on PLESK, check the ones you want and click on “Group Operations”.

Near the bottom, you have an option to turn off Mail. Select the “turn off” option and submit the form.

To do this one by one. Go to domains on PLESK, click on the domain you want, then click on Mail (the envelope) and make sure the icon looks like the following.

 

If the icon is red and says “Switch off”, then click on it and the following page should show the icon in the image above.

Step 6
Restart qmail (you can also do this via PLESK on Server>Services)

service qmail restart

Step 7
Add a new MX record to your DNS. You’ll want to give this new entry a priority higher than your primary server, so your primary may have a priority of 10 and this new one a priority of 20.

Step 8
Test your new settings. For Windows Vista type “cmd”+Enter in the search area of your start menu. On Windows XP open your start menu, click “Run” and type “cmd”+Enter. This will bring up a command line console.

Type the following, but change the emails to your specific emails (What you should type in is in Green, responses are in black and may vary slightly):

telnet 123.123.123.123 25
220 server.domain.com ESMTP
MAIL FROM: youremail@anotheremailyouown.com
250 ok
RCPT TO: test@domain.com
250 ok
DATA
354 go ahead
Subject: Testing
Testing
.
250 ok 1235396952 qp 32405
QUIT
221 server.domain.com

If you get any errors, chances are you missed something along the way (or your server was misconfigured to begin with). Hopefully this shouldn’t be the case and you should shortly receive a mail in your account.

Step 9

This is optional, but recommended. Make sure your backup server is using a decent spam detection, because it’s commonplace for spammers to use backup MXes by digging your domain and sending to them to circumvent stronger spam filters on the main server. For decent spam filtering, try installing qmail-scanner with another of our how-to posts.

That’s it…. remember to back up before trying this!

Further Reading:

 

 

Comments No Comments »

Plesk has a lot of short comings, in my opinion. One of them is they way Plesk stores passwords. I will not go into the best practices for passwords, but instead offer this one-liner that will allow you to change all the FTP passwords for Plesk in one fell swoop. This is particularly useful if you think one or more passwords have been compromised.


# for i in $(mysql -NB psa -uadmin -p`cat /etc/psa/.psa.shadow` -e ‘select login from sys_users;’); do export PSA_PASSWD=”$(openssl rand 6 -base64)”; /usr/local/psa/admin/bin/usermng –set-user-passwd –user=$i; echo “$i: $PSA_PASSWD” >> ftp_passwords; done


If for some odd reason you have a password for a user that is set to NULL, this will not update it. You shouldn’t have any, unless you are editing the psa database directly.

Comments 1 Comment »

Plesk has been notoriously poor at adding an additional user for FTP access to a particular domain. While you can add one outside of plesk. You’ll have to contend with permissions for each account and perhaps set-up facls, creating a group and setting the GID bit, or finding another creative solution to allow two accounts to access and modify the same files without tripping over each other.

Now, if you are simply trying to add another user with the same access as the original ftp user. You can create another user with the same UID of the original FTP account. When you do this, the system records the original UID so you may have a hard time determining which user actually made the change, so keep this in mind for security purposes.

We are going to use domain.com for this example. Below is a quick overview of the steps:

Create the user with the home directory as the root of what they can access

  • Find the UID of the original user
  • Create the user with the home directory as the root they can access
  • Give the user a password
  • Make their primary group psacln
  • Add them to the psaserv group as well


# grep “domain.com” /etc/passwd
domain_ftp:x:1037:1037::/var/www/vhosts/domain.com:/bin/false


# useradd domain_ftp2 -d /var/www/vhosts/domain.com/ -s /bin/false -ou 1037
# echo “password” | passwd domain_ftp2 –stdin
Changing password for user domain_ftp2.
passwd: all authentication tokens updated successfully.


# usermod -g psacln domain_ftp2
# usermod -G psaserv domain_ftp2


# lftp username:password@localhost
lftp username@localhost:/> cd ..
lftp username@localhost:/>

Comments No Comments »

Wish I could take credit for this, but this Howto came from Justin Samuel’s Blog. I’ve posted my comments in another color.

This howto will show you how to setup an SSL certificate on a Plesk server so that it will be used when people connect through secure pop, smtp and imap.

To do the following, you need a certificate. It can be self signed or CA signed. Using a self-signed cert will of course result in some browser warnings for those who have not added the certificate as locally trusted on their computer. [You can read how to create a self signed cert here.]

You will want a copy of your cert in PEM format. If you don’t have this already, just create a single file with the private key followed by the certificate. That’s it. For example, just run the following (using correct paths to your private key and certificate files):

# cat server.key server.crt > server.pem
# chmod 600 server.pem

and you’ll now have a PEM file. It should look like this:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Courier-IMAP (pop3s and imaps)

The first step is to set it up for pop3s and imaps by backing up and replacing the certs at:

/usr/share/courier-imap/pop3d.pem
and
/usr/share/courier-imap/imapd.pem

with your PEM file.

If you have a chained cert, you need to do one more thing. You need to tell courier-imap about it. Backup and edit both of the following files:

/etc/courier-imap/pop3d-ssl
/etc/courier-imap/imapd-ssl

and set the value TLS_TRUSTCERTS in each file to the path to the certificate chain. For example, drop a copy of the certificate chain into a file at:

/usr/share/courier-imap/chain.crt

and then set the value for TLS_TRUSTCERTS in the pop3d-ssl and imapd-ssl files like so:

TLS_TRUSTCERTS=/usr/share/courier-imap/chain.crt

now restart courier-imap:

service courier-imap restart

Qmail (smtps)

To setup your certificate for use with smtps, copy your PEM file to:

/var/qmail/control/servercert.pem

and if you have a CA certs, append them to that same file (so you should have all of the CA chained certs right after your own certificate in that file).

now restart qmail:

service qmail restart

Test everything

You can test these newly installed certificates to make sure everything is working with the following:

openssl s_client -connect [host]:993
openssl s_client -connect [host]:995
openssl s_client -connect [host]:465

Note that the imaps test (port 465) can take a while to respond when testing like this.

And, of course, you can test these (and should) by trying to use an actual email account to send and receive mail using these protocols.

Comments No Comments »