HowTo: retrieve email account passwords in Plesk?

September 27, 2009    |   Posted by admin   |    Category: Plesk Management

Plesk uses a database called ‘psa’ to save all the details about the domains, settings, users and their passwords in plain text. A person with root access to the server can easily retrieve email account passwords in a Plesk server from the Mysql prompt.

SSH to the server and connect to the Mysql server

# mysql -uadmin -p`cat /etc/psa/.psa.shadow`

At the mysql prompt, goto the ‘psa’ database which is used by Plesk.

mysql> use psa;

and execute the following command to retrieve passwords of all the email accounts on a domain

mysql> select mail_name, password from domains, mail, accounts where \
domains.name='domainname.com' and domains.id=mail.dom_id and \
mail.id=accounts.id;

where,
replace domainname.com with the actual domain name whose email account passwords you wish to retrieve.
domains, mail, accounts are the table names where different entries of an email account is stored.

Comments Off on HowTo: retrieve email account passwords in Plesk?

Howto: Disable MailMan

September 27, 2009    |   Posted by admin   |    Category: cPanel Management

To disable Mailman on a cPanel server, remove the execute permissions of the mailman wrapper

chmod -x /usr/local/cpanel/3rdparty/mailman/mail/wrapper

If you ever want to enable it:

chmod +x /usr/local/cpanel/3rdparty/mailman/mail/wrapper

Comments Off on Howto: Disable MailMan

Unable to fork: Cannot allocate memory

September 27, 2009    |   Posted by admin   |    Category: VPS Management

You see a message Unable to fork: Cannot allocate memory” while logging to a VPS from the host server. The reason is the VPS is running out of resources especially RAM. To temporary solve the issue, you may restart the VPS by executing

vzctl restart VEID

OR increase RAM for the VPS by increasing privvmpages and kmemsize for the VPS.

Edit the configuration file of the VPS

vi /etc/sysconfig/vz-scripts/veid.conf

increase the value of the above two parameters and restart the VPS.

To make a Plesk server PCI Compliance

September 27, 2009    |   Posted by admin   |    Category: PCI Compliance

How to make a Plesk server PCI Compliant?

Nowadays many of the Banks And Credit Card companies ask you to implement security standards on your server for client data protection which is known as PCI Compliance. Follow the below steps to achieve security standards on your server.

1 ) To turn off SSLv2 for port 8443 (Plesk port), create a file /usr/local/psa/admin/conf/httpsd.custom.include and insert the following lines:

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the above lines, restart the ‘psa’ service and run the ‘openssl’ command to test:

service psa stopall
service psa start all
openssl s_client -connect localhost:8443 -ssl2

2) To turn off SSLv2 for port 443 (Apache SSL port), edit the file /etc/httpd/conf.d/ssl.conf and insert the following lines:

SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Once you insert the lines, restart the ‘httpd’ service and run the ‘openssl’ command to test:

service httpd restart
openssl s_client -connect localhost:443 -ssl2

3) To turn off SSLv2 for 995 (POP3) and 993 (IMAP) ports, edit the following files

vi /etc/courier-imap/imapd-ssl
vi /etc/courier-imap/pop3d-ssl

comment the line which starts with “TLS_CIPHER_LIST” and insert the following line:

TLS_CIPHER_LIST=”ALL:!ADH:RC4+RSA:!SSLv2:!LOW:@STRENGTH”

restart the ‘courier-imap’ service and execute the ‘openssl’ command to test:

service courier-imap restart
openssl s_client -connect localhost:995 -ssl2
openssl s_client -connect localhost:993 -ssl2

4) To turn off SSLv2 for port 465(SMTPS), create the following files:

vi /var/qmail/control/tlsserverciphers
vi /var/qmail/control/tlsclientciphers

and insert the following code:

ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:!SSLv2:RC4+RSA:+HIGH:+MEDIUM

Once done, restart the ‘qmail’ service and test the connection on SSLv2:

service qmail restart
openssl s_client -connect localhost:465 -ssl2

This will disable SSLv2 for all the SSL ports of your server.

5) To disable TRACE and TRACE for Apache, place the following lines in the Apache configuration file + in the VirtualHost of each domain:

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE|TRACK
RewriteRule .* – [F]

TraceEnable off

Save the file and restart the ‘httpd’ service.

6) I would recommend to use the secure port 8443 to access Plesk and block the non-secure one 8880.

iptables -A INPUT -p tcp -s 0/0 -–dport 8880 -j DROP
service iptables save
service iptables restart

7) In order to upgrade the PHP version, refer the post:

https://linuxhostingsupport.net/blog/?p=218

8 ) To turn off recursion for the bind service, edit the named configuration file:

vi /etc/named.conf

add the following line in the “options” section:

recursion no;

Save the file and restart the ‘named’ service.

Sending emails using a different IP address

September 26, 2009    |   Posted by admin   |    Category: Linux Administration

You can send emails of your server from an additional IP of your server instead of the main IP using iptables. Here is the iptable command:

iptables -t nat -A POSTROUTING -o eth0 -p tcp -j SNAT –dport 25 –to-source IPAddress

where, “IPAddress” is the additional IP of your server. To save the rule, execute

service iptables save

This will make the settings permanent and you can check the rule using

iptables -L -t nat

Comments Off on Sending emails using a different IP address