1. cd /root/downloads or another temporary folder where you store your files
2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz
3. tar -xvzf apf-current.tar.gz
4. cd apf-0.9.5-1/ or whatever the latest version is.
5. Run the install file: ./install.sh
You will receive a message saying it has been installed
Installing APF 0.9.5-1: Completed.
Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/
Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.
Now you will have to edit /etc/apf/conf.apf and change
DEVEL_MODE from 1 to o and also add TCP and UDP posts as provided the installation complete message.
Tuesday, 13 January 2009
Saturday, 10 January 2009
Modifying SMTP Relay Settings for Exim
cPanel’s stock installation of Exim includes a Tailwatchd driver called Antirelayd . Antirelayd is a daemon that checks /var/log/maillog for POP3 and IMAP logins and keeps track of valid logins for SMTP relaying. It reads /etc/relayhosts file automatically which is dynamically-updated, so any IPs that you add to this file will not be retained.
By default on all cPanel servers, authentication is required to send email via SMTP. Exim lets you authenticate two ways:
To always force SMTP authentication regardless of POP authentication, type the following command via SSH as root:
To reverse this setting back to the default:
You can alternatively disable/enable Antirelayd in WHM > Service Manager.
It’s generally not a good idea to allow open relaying through your mail server unless you want to get blacklisted. There may be situations where you need to permanently let another server send mail through your server without authentication, in which case you can add their IP to /etc/alwaysrelay . A post in the cpanel forums suggests an alternate solution as well:
In WHM > Exim Configuration Editor > Advanced Editor, find this section:
Appended to this suggestion is changing:
to
There are minor tweaks you can make to exim.conf to remove SMTP authentication altogether, but you won’t find that information here. We don’t want to encourage bad mail server setup that will make the SPAM problem on the Internet even worse.
You can test to see if your server is open relay by sending an email via Telnet and getting a 550 error:
By default on all cPanel servers, authentication is required to send email via SMTP. Exim lets you authenticate two ways:
- Directly through SMTP with a valid username/password
- Through POP3 login, which allows the user to relay through the mail server for 30 minutes without re-authenticating
To always force SMTP authentication regardless of POP authentication, type the following command via SSH as root:
/usr/local/cpanel/bin/tailwatchd –disable=Cpanel::TailWatch::Antirelayd
To reverse this setting back to the default:
/usr/local/cpanel/bin/tailwatchd –enable=Cpanel::TailWatch::Antirelayd
You can alternatively disable/enable Antirelayd in WHM > Service Manager.
It’s generally not a good idea to allow open relaying through your mail server unless you want to get blacklisted. There may be situations where you need to permanently let another server send mail through your server without authentication, in which case you can add their IP to /etc/alwaysrelay . A post in the cpanel forums suggests an alternate solution as well:
In WHM > Exim Configuration Editor > Advanced Editor, find this section:
accept hosts = +auth_relay_hosts
endpass
message = $sender_fullhost is currently not permitted to
relay through this server. Perhaps you
have not logged into the pop/imap server in the
last 30 minutes or do not have SMTP Authentication turned on in your email client.
authenticated = *Appended to this suggestion is changing:
accept hosts = +auth_relay_hoststo
accept hosts = /etc/exim_smtp_whitelistThere are minor tweaks you can make to exim.conf to remove SMTP authentication altogether, but you won’t find that information here. We don’t want to encourage bad mail server setup that will make the SPAM problem on the Internet even worse.
You can test to see if your server is open relay by sending an email via Telnet and getting a 550 error:
:~$ telnet thecpaneladmin.com 25
Trying 69.174.52.38...
Connected to thecpaneladmin.com.
Escape character is '^]'.
220-thecpaneladmin.com ESMTP Exim 4.69 #1 Tue, 23 Feb 2010 20:37:54 -0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
helo thecpaneladmin.com
250 thecpaneladmin.com Hello myserver.com [x.x.x.x]
mail from: admin@thecpaneladmin.com
250 OK
rcpt to: test@test.com
550-vaoffice.inmotionhosting.com (thecpaneladmin.com) [68.106.154.170] is
550-currently not permitted to relay through this server. Perhaps you have not
550-logged into the pop/imap server in the last 30 minutes or do not have SMTP
550 Authentication turned on in your email client.
Thursday, 1 January 2009
Installing PHP from source on CentOS x86_64 (w/ apache)
Installing PHP from source is much easier than most people think. In this tutorial I will describe how to install a bare PHP build with mysql/mysqli support in addition to configuring apache to interpret PHP scripts.
Compiling PHP Source
Alright, well in order to compile the php source code you must first have gcc install (# yum install gcc). Also if you want to be able to use PHP in apache then you need to have httpd and httpd-devel packages installed. Here is how I did my install. (Please note that I used PHP 5.2.6 for my install, but this will work with just about any php version, just be sure to untar and cd into the proper directory for your version of php.)
You’re also going to want to place a php.ini into /etc/php.ini and make the /etc/php.d directory if you have not done so already.
Installing PHP into apache
To install PHP into apache all you need to do is place the following configuration file in /etc/httpd/conf.d/php.conf.
Finalizing our install is fairly simple, just restart apache by typing the following command and you should be good to run PHP applications for the web.
Compiling PHP Source
Alright, well in order to compile the php source code you must first have gcc install (# yum install gcc). Also if you want to be able to use PHP in apache then you need to have httpd and httpd-devel packages installed. Here is how I did my install. (Please note that I used PHP 5.2.6 for my install, but this will work with just about any php version, just be sure to untar and cd into the proper directory for your version of php.)
[root@nitrogen ~]# yum install gcc-c++ httpd httpd-devel apr-devel libxml2-devel zlib zlib-devel mysql-devel openssl-devel
[root@nitrogen ~]# wget http://www.php.net/get/php-5.2.6.tar.gz/from/this/mirror
[root@nitrogen ~]# tar -zxvf php-5.2.6.tar.gz
[root@nitrogen ~]# cd php-5.2.6
[root@nitrogen cd php-5.2.6]# ./configure –with-config-file-path=/etc –with-config-file-scan-dir=/etc/php.d –with-apxs2 –with-libdir=lib64 –with-mysql –with-mysqli –with-zlib
[root@nitrogen cd php-5.2.6]# make clean
[root@nitrogen cd php-5.2.6]# make
[root@nitrogen cd php-5.2.6]# make install
You’re also going to want to place a php.ini into /etc/php.ini and make the /etc/php.d directory if you have not done so already.
[root@nitrogen cd php-5.2.6]# cp php.ini-recommended /etc/php.ini
[root@nitrogen cd php-5.2.6]# mkdir /etc/php.d
Installing PHP into apache
To install PHP into apache all you need to do is place the following configuration file in /etc/httpd/conf.d/php.conf.
# /etc/httpd/conf.d/php.conf
# PHP is an HTML-embedded scripting language which attempts to make it
# easy for developers to write dynamically generated webpages
#LoadModule php5_module modules/libphp5.so#
# Cause the PHP interpreter to handle files with a .php extension.
#
AddHandler php5-script .php
AddType text/html .php
#
# Add index.php to the list of files that will be served as directory
# indexes.
#
DirectoryIndex index.php
#
# Uncommenting the following line to allow PHP to pretty-print .phps
# files as PHP source code:
#
#AddType application/x-httpd-php-source .phps
Finalizing our install is fairly simple, just restart apache by typing the following command and you should be good to run PHP applications for the web.
[root@nitrogen ~]# /sbin/service httpd restartWednesday, 10 December 2008
Cannot upload images to phpBB posts
The issue is mainly occurring due to the absence of some code. To fix this issue, do the following:
"cd" into the corresponding directory of phpBB.
Create a file "addform.html" with the following content:
Change the ownerwship of the file according to the need (ie. cpanel -> username:nobody).
Take a backup of the file "includes/template.php"
In the 265 line of ./includes/template.php you can fine the following code:
$str = implode("", @file($filename));
if (empty($str))
{
die("Template->loadfile(): File $filename for handle $handle is empty");
}
Add the following code below it:
if(basename($filename) === 'posting_body.tpl')
{
$str = str_replace('', '
• Add image to post', $str);
}
This will add the image upload facility in the phpBB posts.
"cd" into the corresponding directory of phpBB.
Create a file "addform.html" with the following content:
Change the ownerwship of the file according to the need (ie. cpanel -> username:nobody).
Take a backup of the file "includes/template.php"
In the 265 line of ./includes/template.php you can fine the following code:
$str = implode("", @file($filename));
if (empty($str))
{
die("Template->loadfile(): File $filename for handle $handle is empty");
}
Add the following code below it:
if(basename($filename) === 'posting_body.tpl')
{
$str = str_replace('', '
• Add image to post', $str);
}
This will add the image upload facility in the phpBB posts.
How to Change Your FTP Port
Lately FTP has been a problem for a lot of hosting providers. Especially since the recent influx of Gumblar-related attacks and FTP exploits, some hosting providers are now considering changing their FTP ports as an added measure of security. If you’re on a cPanel server you have a couple extra steps to go through, but it’s a rather easy change.
1) Edit /etc/pure-ftpd.conf and look for the following line:
Where is a publically routable IP. The default example, 127.0.0.1, will cause the socket to bind locally but then this connection won’t serve externally. is the new port you wish to put the service on.
2) If necessary, add the new FTP port to your server’s firewall
3) Edit /etc/chkserv.d/ftpd and change the port, which is the first comma-separated entry to the right of ‘=’ on the line in the file, to match the port you put the service on.
Finally:
Edit /etc/proftpd.conf and change:
Then make sure to test to make sure FTP is working before notifying your users!
Pure-FTP
1) Edit /etc/pure-ftpd.conf and look for the following line:
Bind Where is a publically routable IP. The default example, 127.0.0.1, will cause the socket to bind locally but then this connection won’t serve externally. is the new port you wish to put the service on.
2) If necessary, add the new FTP port to your server’s firewall
3) Edit /etc/chkserv.d/ftpd and change the port, which is the first comma-separated entry to the right of ‘=’ on the line in the file, to match the port you put the service on.
Finally:
/etc/init.d/pure-ftpd restart
/etc/init.d/cpanel restart (restarts tailwatchd/chkservd)
ProFTP
Edit /etc/proftpd.conf and change:
Port 21Then make sure to test to make sure FTP is working before notifying your users!
Monday, 10 November 2008
aquota.user: Permission denied
This error has been bugging me for over a year now:
This generally occurs when performing any function where the quota system is being modified, such as changing an account’s quota, suspending/unsuspended an account, or running one of cPanel’s quota scripts. First, check the permissions of /aquota.user (or the actual quota file being referenced in the error):
It should ideally return this output:
If you see an ‘i’ in there though, it means that for some reason the quota file has been made immutable, and therefore cannot be modified by the system. You can remove the immutable flag by running:
That should correct the problem, and allow you to proceed with the account function you were trying to perform.
touch: cannot touch `/aquota.user': Permission deniedThis generally occurs when performing any function where the quota system is being modified, such as changing an account’s quota, suspending/unsuspended an account, or running one of cPanel’s quota scripts. First, check the permissions of /aquota.user (or the actual quota file being referenced in the error):
lsattr /aquota.user
It should ideally return this output:
------------- /aquota.userIf you see an ‘i’ in there though, it means that for some reason the quota file has been made immutable, and therefore cannot be modified by the system. You can remove the immutable flag by running:
chattr -ia /aquota.user
That should correct the problem, and allow you to proceed with the account function you were trying to perform.
Monday, 13 October 2008
How to block emails from a specific address using Exim
This is fairly easy to achieve with Exim.
First you’ll need to find the system filter file for Exim. This can be found out through WHM >> Main >> Service Configuration >> Exim Configuration Editor.
Towards the middle of the page, under the section ‘Filters’ , you ‘ll find the path to the file.
Open that file via SSH using your favorite editor and add the following to it :
If you would like a copy of the email to be sent to you after the message fails, use the following code :
Make sure that you substitute the correct email addresses in the above code.
First you’ll need to find the system filter file for Exim. This can be found out through WHM >> Main >> Service Configuration >> Exim Configuration Editor.
Towards the middle of the page, under the section ‘Filters’ , you ‘ll find the path to the file.
Open that file via SSH using your favorite editor and add the following to it :
if first_delivery
and ( (”$h_from:” contains “emailtoblock@domainname.com”)
)
then fail
endif
If you would like a copy of the email to be sent to you after the message fails, use the following code :
if first_delivery
and ( (”$h_from:” contains “emailtoblock@domainname.com”)
)
then
unseen deliver “youremail@yourdomainname.com”
fail
endif
Make sure that you substitute the correct email addresses in the above code.
Subscribe to:
Posts (Atom)