Plesk MTAs – the Qmail and Postfix Mail Transfer Agents / SMTP mail servers

Plesk usually uses either Postfix (new versions) or Qmail (old ones).

To find out which one you’re currently using, run the following command via SSH:

# /usr/local/psa/admin/sbin/mailmng –features | grep SMTP_Server

A QUICK COMMANDS GUIDE FOR POSTFIX

Show the email messages in Queue:

postqueue -p | tail -n 1 | cut -d’ ‘ -f5

List all messages currently in queue:

# mailq

To see the contents of an email in queue, including headers, use:

# postcat -vq messageID

*you can see the message ID in the queue

To delete the messages in the queue:

# postsuper -d ALL
# postsuper -d ALL deferred

A QUICK COMMANDS GUIDE FOR  QMAIL

Show the email messages in Queue:

# /var/qmail/bin/qmail-qstat

List all messages currently in queue:

# /var/qmail/bin/qmail-qread

To see the contents of an email in queue, including headers, use:

# find /var/qmail/queue -name NNNN| xargs cat | less
To delete the messages in the queue:
#  service qmail stop
# find /var/qmail/queue/mess -type f -exec rm {} \;# find /var/qmail/queue/info -type f -exec rm {} \;
# find /var/qmail/queue/local -type f -exec rm {} \;
# find /var/qmail/queue/intd -type f -exec rm {} \;
# find /var/qmail/queue/todo -type f -exec rm {} \;
# find /var/qmail/queue/remote -type f -exec rm {} \;
#  service qmail start

To switch from Qmail to Postfix run:

# /usr/local/psa/admin/sbin/autoinstaller –select-release-current –install-component postfix

To switch from Postfix to Qmail run:

# /usr/local/psa/admin/sbin/autoinstaller –select-release-current –install-component qmail

Old mail messages remain unchanged and are available after switching MTAs – but any messages in the queue will be lost.

PHP mail() function simple test script

This is a simple script you can use to test the functionality of the php mail() function on your server:

?php
$to = “your@emailaddress.here“; // <– replace with your address here
$subject = “Test mail”;
$message = “Hello! This is a simple test email message.”;
$from = “sender@emailaddress.here“;
$headers = “From:” . $from;
mail($to,$subject,$message,$headers);
echo “Mail Sent.”;
?>

Simply add your e-mail address, copy and paste the script into a .php file (eg. test.php), upload it on your server and access it directly. Once accessed, the file will return the message “Mail sent” and you should receive the test message in a couple of minutes tops (usually almost instantly).

How to patch/disable SSL 3.0 and fix POODLE vulnerability

SSL 3.0 is an old protocol for securing connections over the internet, its successors currently used are TLS 1.1  and TLS 1.2.

However, for compatibility reasons, most servers still support SSL 3.0 and default back to it if a connection via TLS cannot be established.

To disable SSL 3.0 and thus protect yourself from POODLE, you need to alter your server config.

Apache Server

Add the following to your configuration file:

SSLProtocol All -SSLv2 -SSLv3

and restart the server using:

#service httpd restart

or

#service apache2 restart

Nginx server

Include the following line in your configuration among the other SSL directives:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

For more details about this as well as the fixes for other servers, check: http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566

 

Force redirect http to https

A simple and very straight forward way to force redirect http requests to https without amending your website code in environments where the server hosting your website is behind a load balancer (such as for most shared hosting/cloud platforms) is by using this piece of code in your .htaccess file:

RewriteEngine On
RewriteCond %{ENV:SSL} !1
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R,L]

cPanel – Cron Jobs/Scheduled tasks

Cpanel -> Advanced->Cron Jobs->

cPanel - Cron Jobs - Scheduled tasks - Advanced section
cPanel – Advanced – Cron Jobs

As an example for using this feature, we will run a php script (test.php) which sends an e-mail to a predefined e-mail address.

cPanel - Cron Jobs - Scheduled tasks - add job

In the command line enter:

/usr/bin/php -q /home/cpanelusername/public_html/test.php

As per the above settings, the command to run the test.php script will be executed every five minutes. Make sure to repalce cpanelusername with your own username.

The plain HTTP request was sent to HTTPS port nginx

The plain HTTP request was sent to HTTPS port nginx

Getting annoyed by the error message displayed each time you forget to use https in your URL when trying to access th Plesk panel?

The “400 Bad Request – The plain HTTP request was sent to HTTPS port” error is caused by a bug in the Parallels Plesk panel version 11.5, here is a quick fix for it:

create a new file called zzz-myhost.conf  in /etc/sw-cp-server/conf.d/ and add the following line into it:

error_page 497 https://panel.provider.com:$server_port$request_uri;

(! replace panel.provider.com with your domain/sub-domain or IP address)

Then restart sw-cp-server:

# /etc/init.d/sw-cp-server restart

 

Stop Excel 2013 from auto-converting numeric values to dates

There are few ways to resolve that, the most common and simple one would be to format the cells prior pasting the data as text (select range, right click, format cells, double click on text).

What I have done was to simply change the decimal separator:

File -> options -> advanced -> untick “use system separators” and set the decimal separator to a dot “.” (default in my case was the comma).

File ->

Select File

Options ->

excel fix converting values to dates 2

Advanced -> untick “use system separators” and set the decimal separator to a dot “.” 

excel fix converting values to dates 3

 

OpenSSL Heartbleed bug – a quick explanation on the recent security issue and the fix

Heartbleed is a recently discovered small bug that relates to the OpenSSL’s implementation of the TLS ‘heartbeat’ mechanism.

The bug is present only in the OpenSSL versions 1.0.1 through 1.0.1f!

By exploiting this bug, an attacker can request that a running TLS server hand over a relatively large slice (up to 64KB) of its private memory space. Since this is the same memory space where OpenSSL also stores the server’s private key material, an attacker can potentially obtain data such as:

1) private keys
2) TLS session keys
3) confidential data
4) session ticket keys.

The remedy

You can test if a given server is vulnerable using this tool: http://filippo.io/Heartbleed/ (enter your domain as for example: yourdomain.name:443)

To check the OpenSSL version running on your server, use the following command via SSH:

CentOS

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Ubuntu

# dpkg -s openssl | grep Version
Version: 1.0.1-4ubuntu5.6

Having identified a problem, the first step is to patch OpenSSL. Fortunately this is relatively easy. The 1.0.1g version is not vulnerable, and Debian has a patch. You can also recompile OpenSSL with the -DOPENSSL_NO_HEARTBEATS option.

Installing OpenSSL 1.0.1g on CentOS:

# cd /usr/local/src
# wget -N http://www.openssl.org/source/openssl-1.0.1g.tar.gz
# tar -xzvf openssl-1.0.1g.tar.gz
# cd openssl-1.0.1g
# ./config
# make
# make install
# alias cp=cp
# cp /usr/local/ssl/bin/openssl /usr/bin/openssl
# cd /usr/local/ssl/include
# ln -s /usr/local/ssl/include/openssl openssl

Once done, check the version again and restart the web server:

# openssl version
OpenSSL 1.0.1g 7 Apr 2014

Restart any services using SSL.

Installing OpenSSL 1.0.1g on Ubuntu:

# apt-get update
# apt-get install -y openssl libssl1.0.0

Restart any services using SSL.

What’s the TLS Heartbeat mechanism ?

The TLS Heartbeat mechanism is designed to keep connections alive even when no data is being transmitted. Heartbeat messages sent by one peer contain random data and a payload length. The other peer is suppose to respond with a mirror of exactly the same data.

If you want to read more about this, the best written article I’ve found on this topic can be found here: http://blog.cryptographyengineering.com/2014/04/attack-of-week-openssl-heartbleed.html

Quick commands guide for the vi / vim editor

Vim is a text editor that you can use in Linux environments to create or edit files.

There are two working modes in vim. One is the command mode and another is the insert mode.

To enter text or edit any line, press the “i” key on your keyboard (the i stands for Insert).

Once you’re done editing, you can exist this mode by pressing  the Esc key.

Some usefull commands:

:? – Search

dd – Delete line

p – paste below cursor

u – Undo last change

Exit Commands

:wq Write file to disk and quit the editor

:q! Quit (no warning)

:q Quit (a warning is printed if a modified file has not been saved)

For more commands see: http://www.fprintf.net/vimCheatSheet.html