adjei.co.uk

During a domain transfer, while DNS was still propogating I needed to retrieve mail from the old server to the new.

I did so thusly…
# yum install fetchmail

$ touch .fetchmailrc
$ chmod 600 .fetchmailc


I then added the following lines to .fetchmailrc

poll <remote_ip> with proto POP3
user <remoteemail@example.com> there with password "<password>" is "<localemail@example.com" here

Then once ensuring you can POP3 out of the server (port 110) through the firewall, you can just run ‘fetchmail’ from the command line to grab the mail.

Topping it off with a cronjob for the duration of DNS propogation would probably be a sensible finish.

References:

http://theos.in/news/howto-configure-fetchmail-linux-or-unix-client-program-to-fetch-emails/

http://www.catb.org/~esr/fetchmail/fetchmail-FAQ.html

I had to enable quota support to my hard disk mounts on one of my new Plesk boxes today. This lets Plesk manage how much space is given to whomever… very necessary for a virtual hosting box.

I found these instructions on the Plesk forum, but not all in one place, hence…

Add ‘usrquota’ to the options in fstab. Mine looked like this before and after…
before
/dev/md0 / ext3 defaults 1 1

after
/dev/md0 / ext3 defaults,usrquota 1 1


Then run these to get quotas working…
# mount -o remount /
# quotaoff -av
# quotacheck -avum
# quotaon -av


..and that should be you good to go.

Part 1
Retrieve the full license key from Plesk using the web control panel License Manager.
Backup and download the key.
# cp /etc/psa/psa.key /var/www/vhosts/<domain>/httpdocs/
Visit http://<domain>/psa.key
Part 2
Then run the offline installer script…
wget -q -O - http://www.atomicorp.com/installers/aooi |sh
or tweak it slightly…
# wget http://3es.atomicrocketturtle.com/tests/aooi-installer.sh
# chmod +x aooi-installer.sh
Edit the script
# vi aooi-installer.sh
:%s/www.gtlib.gatech.edu/mirror.linux.duke.edu/g
:wq

Run the install
# ./aooi-installer.sh
Open a serial console and watch what happens during reboots etc.

Part 3
Login as root with password ‘atomic555′
Change the root password
# passwd
Copy my firewall scripts to server and customise with new machinename
/root/fw.on
/root/fw.off
/root/getfw.sh
/etc/rc.d/rc.firewall_off
Make them all executable
# chmod +x /root/fw.on /root/fw.on /root/fw.off /root/getfw.sh /etc/rc.d/rc.firewall_off

Write and install an iptables firewall
# ./getfw.sh

Part 4
Install latest Plesk (don’t use auto-installer psa_installer_v3.2.0_build070705.20_os_CentOS_4.3_x86_64 – busted)
# wget http://download1.swsoft.com/Plesk/Plesk8.2/CentOS4.3/psa_installer_v3.1.2_build070321.17_os_CentOS_4_x86_64
# chmod +x psa_installer_v3.1.2_build070321.17_os_CentOS_4_x86_64
# ./psa_installer_v3.1.2_build070321.17_os_CentOS_4_x86_64
You can login to plesk at https://<domain>:8443/
user: admin
pass: setup
Once you’ve logged in change your password

Part 5
Add yourself a user account so you don’t have to login as root
# useradd <username>
# passwd <username>
If you’re going to be using the Plesk migration manager, add your new user to the ‘wheel’ group and enable sudo
# usermod -a -G wheel <username>
uncomment %wheel line in /etc/sudoers

Part 6
Update yum to use atomic channel and run an update
# wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh
# yum update
If it complains about dependencies involving php-pear
# yum install php-pear
# yum update

Part 7
Make sure you are using all the latest conf files. Use my ‘rpmnew.sh’ manager script to speed the job.
Make sure httpd service is running (probably have to move /etc/php.d/ioncube-loader.ini)

Part 8
Buy and install ASL channel
# wget -q -O - http://www.atomicorp.com/installers/install-asl.sh |sh

Further tweaks
Set kernel to attempt reboot (panic) on oops

I’m currently building a new server for a client and am finding great success using the top notch tools from atomic rocket turtle. (Atomic Corp)

By using Scott’s AOOI script I have managed to install CentOS 4.4 on one of 1and1’s Business Server IIs along with PHP 5 and mysql 5. Taking a backup of the Plesk key before doing so, I was able to install a fresh Plesk 8.2 and have a bang up to date, future proofed box with all the features of the 1and1 build (64 bit, dual core, RAID1 etc.).

1. Login as root and then…
   # wget http://3es.atomicrocketturtle.com/tests/aooi-installer.sh
# chmod +x aooi-installer.sh
2. I actually needed to mod the script a little to get it to run happily as the mirror for the CentOS image was defunct
   Open aooi-installer.sh in vi (or equivalent) and replace the url
   www.gtlib.gatech.edu
   with
   mirror.linux.duke.edu
   save and start the install
   # ./aooi-installer.sh
3. A good way of getting a feel for what should be happening and when can be had from the excellent video provided by Scott.
   It shows two consoles open.. one running the install script, and one logged in from the serial console (superb 1and1 feature) keeping a running commentary on what is happening on the box.
   http://www.atomicrocketturtle.com/tutorials/aooi-v6-tutorial.ogg

The guys over at Atomic Corp are doing some really great work on hardening web servers based on Plesk, and I can’t recommend their ASL – Atomic Secured Linux subscription yum channel enough.

I found myself wanting to create an extra FTP user for one of my Plesk machines that would only have access to a subdirectory of one of the machine’s domains.

It turns out this isn’t as tricky as I made it!

If you create a new OS user giving them the same user ID number as the primary FTP user and the Plesk group ‘psacln’, they have the same privileges. Giving them a home directory of the subdirectory instead of the primary user’s home directory chroots them inside it.. perfect.

1. Determine the uid number of the primary user (bob)


# cat /etc/passwd | grep bob
bob:x:10021:10001::/home/httpd/vhosts/bob.org:/bin/false


2. Create the new user with the same uid number, group, and shell (if you wish) but with a new home directory.

# useradd -u 10021 -o -d /home/httpd/vhosts/bob.org/httpdocs/bobs_subdir -g psacln -s /bin/false bob
# passwd bob

Give them a password and you’re done!

Thanks to this post on the SWSoft forums

http://forum.swsoft.com/showthread.php?postid=118777