Yum update – glibc conflict

This should be resolved now. The problem was that there were both 32 bit and 64 bit packages for glibc. I removed the 32 bit packages with the following:

rpm -e --justdb --nodeps glibc.i686 glibc-devel.i386

And then the command that failed previously was able to succeed:

yum -y install automake19 gettext libstdc++.x86_64 libpng-devel openssl libpng-dev zlib-devel autoconf261 libidn-devel gmake libidn libXpm openssl-devel automake coreutils patch libltdl3-devel libltdl libopenssl0.9.7-static-devel libtool-ltdl-devel libXpm-devel sed libXpm-dev lsof krb5-dev flex glibc-dev expat-dev krb5-devel libstdc++-devel.x64_64 xorg-x11-devel libtool-ltdl libssl-dev pam-devel libopenssl0-devel zlib1-devel expat-devel libopenssl0-dev expat glibc-devel gcc-c++ zlib bison libjpeg-devel libtool-libltdl-devel libtool openssl-dev libopenssl0 libz-devel libjpeg-dev pam-dev fileutils libltdl-devel libopenssl0.9.7-devel e2fsprogs-devel ca_root_nss make libstdc++-dev.x86_64 libX11-devel libstdc++-devel.x86_64 gd cpp xorg-x11-dev gcc ssl-dev autoconf lex

Vsan Observer for VMware Virtual SAN – Error getting time

vsan.observer VSAN-CLUSTER --run-webserver --force %admin%@%vCenter%

OpenSSL::X509::CertificateError: error getting time

then you can just add the –no-https at the near end of the script like

vsan.observer VSAN-CLUSTER --run-webserver --force --no-https %admin%@%vCenter%

Then load

http://vCenterServer_hostname_or_IP_Address:8010

 

SSL Broken Again – Google’s POODLE Affects Oodles

Another challenge for internet security

97% of SSL web servers are likely to be vulnerable to POODLE, a vulnerability that can be exploited in version 3 of the SSL protocol. POODLE, in common with BEAST, allows a man-in-the-middle attacker to extract secrets from SSL sessions by forcing the victim’s browser into making many thousands of similar requests. As a result of the fallback behaviour in all major browsers, connections to web servers that support both SSL 3 and more modern versions of the protocol are also at risk.

http://news.netcraft.com/archives/2014/10/15/googles-poodle-affects-oodles.html

OpenStack LA Meetup – VXLAN Demystified

Went to attend the OpenStack LA Meetup and learned a lot about VXLAN movement on OpenStack.

Pretty good number of people attended. Congrats on being bought by Cisco.

Ran into my buddy Humphrey. He has a Cisco study group at routergods.com Check it out if you are trying to get your CCIE or just want to broaden your knowledge.

xfs_grow

CentOS 7 uses XFS now! How to Expand/extend your LVM

To my surprise CentOS 7 is now using XFS. I was trying to extend the LVM using my usual guide from VMware, resize2fs command spits out thi error:

resize2fs: Bad magic number in super-block while trying to open /dev/centos/root

Couldn't find valid filesystem superblock

use xfs_grow instead

http://xmodulo.com/2014/09/manage-lvm-volumes-centos-rhel-7-system-storage-manager.html

Prestashop – How to make the newsletter check box automatically checked during checkout

works with prestashop 1.6.0.9

authentication.tpl

before:

<div class=”checkbox”><label for=”newsletter”>
<input id=”newsletter” checked=”checked” name=”newsletter” type=”checkbox” value=”1″ />
{l s=’Sign up for our newsletter!’}
</label></div>

after:

RHEL6: Cool PAM Tricks – Logging Terminal Keystokes

Pam-original-cooking-spray-72450This is a neat and very useful trick that I learned today. Lets say that you want to be able to monitor and log all keystrokes that are typed as root. This is particularly useful as normally you can only log when a user uses sudo to run a command. If the user has the abilty to become root however, then they have effectively eluded yourattempts to track their activity. Like Thomas Magnum shaking a tail, they are free to scoot around your island with the top down.

So how do you stop this from occuring? How to you log all activity and keystrokes made by root without implementing a bloated 3rd party software that will probably cost and arm and a leg? You use PAM you dingbat.

The secret sauce in this security burrito is the pam_tty_audit.so module. Here is how to use it,

Below is my stock /etc/pam.d/system-auth file

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so Now look above and then look below at my modified system-auth file. Note the additonal session entry for pam_tty_audit.so. [[email protected] pam.d]# cat system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_fprintd.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so

account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 type= password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so session optional pam_keyinit.so revoke session required pam_tty_audit.so enable=root session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so Note that you will need to add the pam_tty_audit.so call to your /etc/pam.d/password-auth as well to ensure that you capture all of root's keystrokes, no matter how they log in. source: http://www.fatmin.com/2014/07/rhel6-cool-pam-tricks-logging-terminal-keystokes.html

Increase Catalog Resize Image in Magento

Please follow the steps below:

Open: /app/design/frontend/default/milano/template/catalog/product/list.phtml

Find (on lines 52-57):
<?php $mainImg = $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize); ?>
<?php if($_hoverSwap): $backImg = $_listMedia->setTemplate(“catalog/product/list/media.phtml”)->setData(‘size’, $imgSize)->setData(‘product’, $_product)->toHtml(); endif; ?>
<a href=”<?php echo $_product->getProductUrl() ?>” title=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” class=”product-image”>
<?php if($backImg != ‘null’ && $backImg): ?><img src=”<?php echo $backImg ?>” class=”hover-image” width=”<?php echo $imgSize ?>” height=”<?php echo $imgSize ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” /><?php endif; ?>
<img src=”<?php echo $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize) ?>” <?php if($backImg != ‘null’ && $backImg): ?>class=”hover-main-image” <?php endif; ?> width=”<?php echo $imgSize ?>” height=”<?php echo $imgSize ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” />
</a>

Replace with:

<?php $mainImg = $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize)->setQuality(100); ?>
<?php if($_hoverSwap): $backImg = $_listMedia->setTemplate(“catalog/product/list/media.phtml”)->setData(‘size’, $imgSize)->setData(‘product’, $_product)->toHtml(); endif; ?>
<a href=”<?php echo $_product->getProductUrl() ?>” title=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” class=”product-image”>
<?php if($backImg != ‘null’ && $backImg): ?><img src=”<?php echo $backImg ?>” class=”hover-image” width=”<?php echo $imgSize ?>” height=”<?php echo $imgSize ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” /><?php endif; ?>
<img src=”<?php echo $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize)->setQuality(100) ?>” <?php if($backImg != ‘null’ && $backImg): ?>class=”hover-main-image” <?php endif; ?> width=”<?php echo $imgSize ?>” height=”<?php echo $imgSize ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” />
</a>

Find (on lines 221-227):

<?php $mainImg = $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize, $imgHeight); ?>
<?php if($_hoverSwap): $backImg = $_listMedia->setTemplate(“catalog/product/list/media.phtml”)->setData(‘size’, $imgSize)->setData(‘height’, $imgHeight)->setData(‘product’, $_product)->toHtml(); endif; ?>
<a href=”<?php echo $_product->getProductUrl() ?>” title=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” class=”product-image”>
<?php if($backImg != ‘null’ && $backImg): ?><img src=”<?php echo $backImg ?>” class=”hover-image” width=”<?php echo $imgSize ?>” height=”<?php echo $imgHeight ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” /><?php endif; ?>
<img src=”<?php echo $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize, $imgHeight) ?>” <?php if($backImg != ‘null’ && $backImg): ?>class=”hover-main-image” <?php endif; ?> width=”<?php echo $imgSize ?>” height=”<?php echo $imgHeight ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” />
</a>

Replace with:

<?php $mainImg = $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize, $imgHeight)->setQuality(100); ?>
<?php if($_hoverSwap): $backImg = $_listMedia->setTemplate(“catalog/product/list/media.phtml”)->setData(‘size’, $imgSize)->setData(‘height’, $imgHeight)->setData(‘product’, $_product)->toHtml(); endif; ?>
<a href=”<?php echo $_product->getProductUrl() ?>” title=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” class=”product-image”>
<?php if($backImg != ‘null’ && $backImg): ?><img src=”<?php echo $backImg ?>” class=”hover-image” width=”<?php echo $imgSize ?>” height=”<?php echo $imgHeight ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” /><?php endif; ?>
<img src=”<?php echo $this->helper(‘catalog/image’)->init($_product, ‘small_image’)->resize($imgSize, $imgHeight)->setQuality(100) ?>” <?php if($backImg != ‘null’ && $backImg): ?>class=”hover-main-image” <?php endif; ?> width=”<?php echo $imgSize ?>” height=”<?php echo $imgHeight ?>” alt=”<?php echo $this->stripTags($this->getImageLabel($_product, ‘small_image’), null, true) ?>” />
</a>

Using Google Fonts causes an SSL insecure content warning in browsers when loading Magento

I found this in my theme_options.phtml

Try ‘grep -ri google *’ to find it in your phtml files.

• Locate this line on your HTML page (or template):

link href=’http://fonts.googleapis.com/css?famil…’ rel=’stylesheet’ type=’text/css’

• And change it to this:

link href=’//fonts.googleapis.com/css?family=Dosis:400,700′ rel=’stylesheet’ type=’text/css’

Spawning Multiple Telnet Sessions with Expect in Parallel

actually works

# spawn all connections
foreach conn $allconnections {

 spawn telnet $conn
 lappend spawn_id_list $spawn_id

}

# run expect script for all connections individually
foreach id $spawn_id_list {

 # this is important - for unknown (to me) reasons
 set spawn_id $id

 send "your_send_message"
 expect "your_expect_pattern"

}

http://community.activestate.com/forum-topic/spawning-multiple-telnet-sessions-expect

headache – postfix pain in the butt

first setup
mydomain = itheadaches.com
myhostname = mail.itheadaches.com
inet_interfaces = all
# inet_interfaces = localhost

set open relay to specific ip
e-mail will show deferred unless you add IPs below

smtpd_sasl_exceptions_networks = $mynetworks

mynetworks = your_ip_address

configure sasl auth for postfix

edit master.cf and uncomment submission and smtpd
http://www.howtoforge.com/forums/showthread.php?t=61657

troubleshooting commands

postconf -a /etc/posfix

postconf -d — to see default values

postfix links

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/postfix_configuration.html

http://postfix.state-of-mind.de/patrick.koetter/smtpauth/smtp_auth_mailclients.html

http://www.postfix.org/SASL_README.html

https://help.ubuntu.com/community/Postfix

http://www.electrictoolbox.com/postfix-smtp-auth-no-sasl-authentication-mechanisms/

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_path = smtpd
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject _non_fqdn_hostname,reject_non_fqdn_sender,reject_n on_fqdn_recipient,reject_unauth_destination,reject _unauth_pipelining,reject_invalid_hostname,reject_ rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org

http://www.howtoforge.com/forums/showthread.php?t=12844

http://www.howtoforge.com/virtual_users_postfix_courier_mailscanner_clamav_centos

dangers of relay
http://www.postfix.org/SMTPD_ACCESS_README.html#danger

notes:

smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
smtpd_sasl_application_name = smtpd
smtpd_sasl_path = smtpd
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_authenticated_header = yes
smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_hostname,reject_non_fqdn_sender,reject_non_fqdn_recipient,reject_unauth_pipelining,reject_unauth_destination,reject_invalid_hostname,reject_rbl_client opm.blitzed.org,reject_rbl_client list.dsbl.org,reject_rbl_client bl.spamcop.net,reject_rbl_client sbl-xbl.spamhaus.org
#smtpd_recipient_restrictions =
permit_sasl_authenticated,
permit_mynetworks,
reject_unauth_destination
mynetworks = 1.1.1.1.,2.2.2.2,3.3.3.3

headache: updating zimbra ldap authentication servers

To change or add an additional ldap server to your zimbra configuration follow the commands below:

[email protected]:~$ sudo -s
[sudo] password for server:

[email protected]:~# su – zimbra

[email protected]:~$ zmprov getDomain itheadaches.com | grep LdapURL

zimbraAuthLdapURL: ldap://192.168.90.204:389
zimbraGalLdapURL: ldap://192.168.90.204:389

[email protected]:~$ zmprov modifyDomain itheadaches.com zimbraAuthLdapURL “ldap://192.168.90.204:389 ldap://192.168.90.205:389 ldap://192.168.96.204:389”
[email protected]:~$ zmprov getDomain itheadaches.com | grep LdapURL

zimbraAuthLdapURL: ldap://192.168.90.204:389 ldap://192.168.90.205:389 192.168.96.204:389
zimbraGalLdapURL: ldap://192.168.90.204:389

[email protected]:~$ zmprov modifyDomain vpls.net zimbraGalLdapURL “ldap://192.168.90.204:389 ldap://192.168.90.205:389 ldap://192.168.96.204:389”

Headache: ffmpeg install on cpanel (centos 6) time consuming

luckily i found this site

http://www.9xphp.com/Thread-FFMPEG-ffmpeg-PHP-centos-5-6-easy-install

someone made a script to install ffmpeg and ffmpeg-php

also my mysql shared libraries corrupted somehow and had to reinstall it

/usr/local/cpanel/scripts/check_cpanel_rpms –fix

recompile apache/php after fixing mysql library

if you need mplayer install using rpm. forget compiling

http://wiki.centos.org/TipsAndTricks/MultimediaOnCentOS

this is the article i started with but broken dependencies and other problems so i tried looking for other sources.

http://servertune.com/kbase/?View=entry&EntryID=71

http://www.webhostingtalk.com/showthread.php?t=1289057

smtp relay cpanel using a smarthost

We make the following changes for outbound scanning.

Edit /etc/exim.conf

Look for two instances of:

driver = dnslookup

under dk_lookuphost: and lookuphost:

Comment both instances and add two instances of

driver = manualroute
route_list = * barracuda.outgoing.hostname

so it’ll look something like this:

dk_lookuphost:
#driver = dnslookup
driver = manualroute
route_list = * barracuda.outgoing.hostname

lookuphost:
#driver = dnslookup
driver = manualroute
route_list = * barracuda.outgoing.hostname

then go to Barracuda management panel and go to Basic -> Authorized Senders and enter main ip address of that cpanel server

and restart cpanel exim and check the exim_mainlog

grep barracuda.outgoing.hostname /var/log/exim_mainlog

http://forums.cpanel.net/f43/smtp-relay-barracuda-140997.html

http://help.comodo.com/topic-157-1-288-4545-.html

http://atmail.com/kb/2009/using-smtp-auth-with-the-exim-smarthost/

qmail / plesk show messages in queue and delete

]# qmhandle.pl
qmHandle v1.3.2
Copyright 1998-2003 Michele Beltrame

Available parameters:
-a : try to send queued messages now (qmail must be running)
-l : list message queues
-L : list local message queue
-R : list remote message queue
-s : show some statistics
-mN : display message number N
-dN : delete message number N
-fsender : delete message from sender
-f’re’ : delete message from senders matching regular expression re
-Stext : delete all messages that have/contain text as Subject
-h’re’ : delete all messages with headers matching regular expression re (case insensitive)
-b’re’ : delete all messages with body matching regular expression re (case insensitive)
-H’re’ : delete all messages with headers matching regular expression re (case sensitive)
-B’re’ : delete all messages with body matching regular expression re (case sensitive)
-t’re’ : flag messages with recipients in regular expression ‘re’ for earlier retry (note: this lengthens the time message can stay in queue)
-D : delete all messages in the queue (local and remote)
-V : print program version

Additional (optional) parameters:
-c : display colored output
-N : list message numbers only
(to be used either with -l, -L or -R)

You can view/delete multiple message i.e. -d123 -v456 -d567

qmhandle.pl -S’delete subject’

qmhandle.pl -f’delete sender’

vCenter Single Sign-On does not auto-discover trusted domains if domains are added manually (2036320)

Symptoms

– Trusted domains are not auto-discovered by vCenter Single Sign-On (SSO) when domains are manually added
– Auto-discover is not adding trusted domains automatically
– After installation, SSO does not automatically discover trusted domains

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2036320

Setting up a permanent ssh tunnel using autossh

Since the original website is offline, I’m hosting the content here now
—>
Setting up a permanent SSH tunnel between 2 servers

Greeting everyone,

Today, I’ll show you how to setup an easy and permanent SSH tunnel that auto reconnect in case of failure between two linux servers.

It may happen (for your own personal reason) that you need to connect 2 remote server together, and this, with a minimum of security (Not plain text but SSL communications)

I’ve been looking on ssh/sshd for the options that allows you to setup a TCP tunnel between 2 remote hosts.

The command for doing it is pretty easy:

[email protected]:~$ ssh -L 11223:localhost:23344 [email protected]

This command will connect as “pierre” on “remote-server.com”, opening a local TCP port from my localhost:11223 to the remote’s server localhost:23344 (See man ssh to get more explanations)

NOTE: Using port < 1024 will need root privileges The 1st problem, every time I hit this, it ask me for a password! Well, SSH as the solution for it 😀 This is call “key exchange”, the idea is to create a personal key to connect on the remote server Configure ssh auto-login: Create both of your public and private key by running: [email protected]:~$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/pierre/.ssh/id_rsa): Created directory '/home/pierre/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/pierre/.ssh/id_rsa. Your public key has been saved in /home/pierre/.ssh/id_rsa.pub. The key fingerprint is: ed:3e:d7:62:48:7e:2b:f1:d5:94:e3:13:ee:7a:fa:aa [email protected] The key's randomart image is: +--[ RSA 2048]----+ Good, now you should 2 files, one is id_rsa.pub and it contain your public key, the other one is id_rsa and it has the private key to encrypt data to the remote server. Public key should look like this: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxGc51/0BL51jV5B2EFwE4vqcvvB0PKCErsRAzzWluyNZ1/J1V3HbtwYRf9H38LJgeNYWPgBVe9BGAPTklj/MJZwtWwvhHFP/V+IaHLNbr7pW/wJdIEyRAU4i8xZNkyrlhBIPc+0b1j41PWuh3B5JorxyueP1nlcWn0xm6q5BdRiiyAKc/n1pbnTNQ1MP5YbEdaAI3K3eao5JXm5m4KcR30F+KGRg6u5Sla9qWReYgK9IF7FRL9tzSOzfoLLdLUCIBEQBpHMata3GWXJwGMRJMJp4Iw2tvb6PGNvc/MlrasJNqUef8u/TLHKYrV/0F5Z3T5HO3ZyzvxTHXsahnagP8w== [email protected] To enable auto ssh login without being prompt for a password, create the ./~ssh/authorized_keys2 and copy the public key into it. Run ssh -L again and tadaa, you are logged without password 🙂 Final step, what happen when links goes down? Eg, when the server reboot or loose the connections? Well, it disconnect. I’ve been searching for many solutions to detect disconnection and reconnect link automatically, and probably the most light and easy software for making that is call: autossh. Unfortunately, autossh doesn’t come precompiled with a Debian package. So I had to download and compile it from source. Installation: Wget http://www.harding.motd.ca/autossh/autossh-1.4b.tgz Tar zxvf ./configure Make And as root, make install Normally, there should be a binary in “/usr/local/bin/autossh” Finally, my little script #!/bin/sh # # Example script to start up tunnel with autossh. # # This script will tunnel 12345 from the remote host # to 12345 on the local host. # ID=login_here HOST=destination.host.com if [ "X$SSH_AUTH_SOCK" = "X" ]; then eval `ssh-agent -s` ssh-add $HOME/.ssh/id_rsa fi AUTOSSH_POLL=600 AUTOSSH_PORT=20000 AUTOSSH_GATETIME=30 AUTOSSH_LOGFILE=$HOST.log AUTOSSH_DEBUG=yes AUTOSSH_PATH=/usr/bin/ssh export AUTOSSH_POLL AUTOSSH_LOGFILE AUTOSSH_DEBUG AUTOSSH_PATH AUTOSSH_GATETIME AUTOSSH_PORT autossh -2 -fN -M 20000 -L 12345:localhost:12345 ${ID}@${HOST} Enjoy 🙂 http://pierre.linux.edu/2010/05/setting-up-a-permanent-ssh-tunnel-between-2-servers/

#!/bin/sh

#
# Example script to start up tunnel with autossh.
#
# This script will tunnel 12345 from the remote host
# to 12345 on the local host.
#

ID=root
HOST=host.vpls.net

#if [ "X$SSH_AUTH_SOCK" = "X" ]; then
#eval `ssh-agent -s`
#ssh-add $HOME/.ssh/id_rsa
#fi

AUTOSSH_POLL=600
AUTOSSH_PORT=20000
AUTOSSH_GATETIME=30
AUTOSSH_LOGFILE=$HOST.log
AUTOSSH_DEBUG=yes
AUTOSSH_PATH=/usr/bin/ssh
export AUTOSSH_POLL AUTOSSH_LOGFILE AUTOSSH_DEBUG AUTOSSH_PATH AUTOSSH_GATETIME AUTOSSH_PORT
autossh -2 -f -N -T -p19500 -M20000 -R 19501:localhost:19501 ${ID}@${HOST}

-f tells ssh to background itself after it authenticates, so you don’t have to sit around running something on the remote server for the tunnel to remain alive.

-N says that you want an SSH connection, but you don’t actually want to run any remote commands. If all you’re creating is a tunnel, then including this option saves resources.

-T disables pseudo-tty allocation, which is appropriate because you’re not trying to create an interactive shell.

headache – Plesk, spamassassin, source limit, etc

troubleshooting viewing logs

tail -f /usr/local/psa/var/log/maillog

prefork: server reached –max-children setting, consider raising it

[[email protected] sysconfig]# mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -e “select * from misc where param=’spamfilter_max_children'”

[[email protected] sysconfig]# mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa -e “update psa.misc set val=’25’ where param=’spamfilter_max_children'”

/etc/init.d/psa-spamassassin restart

ps auxww | grep spamd
and look at:
spamd … –max-children 25 …

source connection limit

/etc/xinetd.d/xinetd.conf
change per_source = UNLIMITED

Greylist Problems
http://blogs.reliablepenguin.com/2012/03/16/plesk-10-greylist-problems
/usr/local/psa/bin/grey_listing –update-server -domains-whitelist “add:*messaging.microsoft.com”

http://kb.mediatemple.net/questions/259/How+can+I+raise+Courier-IMAP+connections+for+my+server?#dv

also do above for pop3 service

adjusting qmail send retry delay aka chanskip
http://dave.frop.net/adjusting_qmailsend_retry_delay_aka_chanskip

change smtp relay to external host by setting
smtproutes in /var/qmail/control
:mail-relay.server.com

Parallels Plesk Panel for Linux services logs and configuration files
http://kb.parallels.com/en/111283

http://forum.parallels.com/showthread.php?262329-psa-ps-remote-Internal-error-Unable-to-parse-e-mail-address

test smtp auth
http://qmail.jms1.net/test-auth.shtml

table of plesk errors
http://serverkb.co.uk/wiki/Plesk_Errors

headache – zimbra amavis ldap search failed

Mar 7 18:47:34 mta-02 amavis[7173]: (07173-02) (!)lookup_ldap: do_search: failed: LDAP_OPERATIONS_ERROR
Mar 7 18:47:34 mta-02 amavis[7173]: (07173-02) (!!)TROUBLE in process_request: do_search: failed: LDAP_OPERATIONS_ERROR at (eval 116) line 538.

All I did was run these commands as zimbra

zmamavisdctl stop
zmamavisdctl start

http://www.zimbra.com/forums/installation/1971-zimbra-stoped-working-overnight.html