/var/lib/php/session cleanup failing

We found one of our servers had exceeded the inode limit of 400,000. Upon investigation, there were about 250,000 files in /var/lib/php/session

Cause
The script plesk-php-cleanuper contains a string ! -execdir fuser {} \, which opens every file in the /var/lib/php/session directory and checks that it is not used by a working process and can be deleted. However, the maximum number of open files is set to 1024 by default.

Resolution
Clear /var/lib/php/session using this script without the checker:
~# [ -x /usr/lib64/plesk-9.0/maxlifetime ] && [ -d /var/lib/php/session ] && find /var/lib/php/session -depth -mindepth 1 -maxdepth 1 -type f -cmin +$(/usr/lib64/plesk-9.0/maxlifetime) -delete
Increase the limit for open files to the required value.
To get the maximum number of open files, run:
~# ulimit -a
open files (-n) 1024
Add ulimit -n 30480 to /etc/cron.hourly/plesk-php-cleanuper:
~#vi /etc/cron.hourly/plesk-php-cleanuper
~#!/bin/sh
~ulimit -n 30480

Re-run the required Cron Job and check that it completes successfully .

http://kb.odin.com/en/119500

sqldumpscript

Here is a good script for backing up all mysql database on a Plesk server. Add a cron entry so that it runs everyday. Change the ‘-mtime +7’ value to determine how many days of backups you will keep.

vi /usr/local/sbin/sqldumpscript
chmod 755 /usr/local/sbin/sqldumpscript


#! /bin/bash

TIMESTAMP=$(date +"%F")
BACKUP_DIR="/var/www/vhosts/mysqldumps/$TIMESTAMP"
MYSQL=/usr/bin/mysql
MYSQLDUMP=/usr/bin/mysqldump
find /var/www/vhosts/mysqldumps/ -maxdepth 1 -type d -mtime +7 -exec rm -rf {} \;

mkdir -p "$BACKUP_DIR"

databases=`$MYSQL -uadmin -p\`cat /etc/psa/.psa.shadow\` -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema)"`

for db in $databases; do
$MYSQLDUMP --force --opt --skip-events --skip-lock-tables -uadmin -p`cat /etc/psa/.psa.shadow` --databases $db | gzip > "$BACKUP_DIR/$db.gz"
done

create crontab entry
39 3 * * * /usr/local/sbin/sqldumpscript

HTML emails disabled in Horde

By default inline HTML is disabled in Horde.

Resolution

To enable inline HTML, set option “inline” to “true” in the following files:

/usr/share/psa-horde/imp/config/mime_drivers.php
/usr/share/psa-horde/config/mime_drivers.php

Example:
/* HTML driver settings */
‘html’ => array(
/* NOTE: Inline HTML display is turned OFF by default. */
‘inline’ => true,

sitemap.html (xml) problems with Youst SEO plugin

Dr. Adams at http://psychological.com had a problem getting rid of google sitemap errors. After resolving the problem he sent us this update:

If you use Youst as an SEO plug-in for WordPress, do NOT use Youst for creating a sitemap. If you fail to uncheck a box, it creates a sitemap.HTML, and Google becomes obsessed with it. Instead use the Google plug-in for Sitemap.

OK, so you now have Google believing you have sitemap.html…even though such a file does not exist.

So you see a list of errors in Google Webmaster Tools, and you will never get rid of it. Never, ever…for eternity. Trust me.

It occurred to me that every stiemap.xml (sitemap-authors.xml) that is now misidentified as .html.

So you take each of those misperceived *.xml files and test them in Webmaster Tools. They will return NO errors. You then submit them one at a time. Each has many sitemap files nested beneath.

So each one you test/verify has many files beneath it.

Then you submit each (which includes nested files) again. This time they will pass.

I had 66 sitemap errors, all listed as html even though they are not.

Once you verify and then submit again, they go away.

Train Spamassassin for all mail names on the server simultaneously

Store SPAM and HAM messages in two different folders, for example ‘train_spam’ and ‘train_ham’.

Train Spamassassin for one mailbox using the messages from that folders:

cd /var/qmail/mailnames/DOMAIN/spam/Maildir/

sa-learn –spam .train_spam/*
Output will look similar to this:
Learned tokens from 727 message(s) (13758 message(s) examined)

sa-learn –ham .train_ham/*
Output will look similar to this:
Learned tokens from 573 message(s) (11408 message(s) examined)

Copy the spam assassin files into every email account on the server. Keep in mind that if anyone was doing their own spam/ham sorting this will override it (whitelist/blacklist will be left alone).

find /var/qmail/mailnames/ -mindepth 2 -maxdepth 2 -type d -exec /bin/cp -f /var/qmail/mailnames/DOMAIN/spam/.spamassassin/bayes_* {}/.spamassassin/ \;

netstat one liners

Active over port 80

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

 

Sorted by type

netstat -plant | awk '{print $6}' | sort | uniq -c | sort -n

How to block IP address in Linux via ssh:

The following command will drop any packet coming from the IP address 1.2.3.4:

iptables -I INPUT -s 1.2.3.4 -j DROP

or

iptables -A INPUT -s 1.2.3.4 -j DROP

(-I inserts into config, -A appends)

Use the following syntax to block 10.0.0.0/8 on eth1 public interface:
iptables -i eth1 -A INPUT -s 10.0.0.0/8 -j DROP

Use the following command to view:
iptables -L -v

Use the following command to save:
service iptables save

Add virtuozzo to Centos 6

Create partitions as follows:

/ 10GB
/vz remaining space
swap – 2GB + total memory

Login as root, and cd
wget http://download.pvc.parallels.com/47/lin/vzinstall-linux-x86_64.bin
chmod +x vzinstall-linux-x86_64.bin
yum install vzkernel (needed for mkinitrd install – find a better way?)
cd /etc/yum.reposd/
wget ftp://ftp.muug.mb.ca/mirror/centos/6.6/os/x86_64/Packages/compat-libstdc++-33-3.2.3-69.el6.x86_64.rpm
rpm -ivh compat-libstdc++-33-3.2.3-69.el6.x86_64.rpm
./vzinstall-linux-x86_64.bin (install pva agent at end, reboot, and wait for startup (around 10 minutes)).
cd
yum update

Additional notes:

Spam filtering, virus scanning and bulk email policy

Spam Protection
PrecisionPros uses the latest and best in technology to combat and reduce unsolicited email (spam). We estimate that over 95% of all email traffic is spam. Spam is not only a distraction; it can serve as a vector for viruses, malware, and phishing attacks. Our email spam filtering system is a continuously-updated, multi-layered process that eliminates 98% of all spam with near zero false-positives. Below is the layering process:

Layer 1: The Gateway Scan
As soon as an email arrives the sending IP address is compared to an aggregated spam blacklist compiled from multiple spammer tracking systems. Our gateway servers also analyze the email message in the context of other arriving mail. If a large number of emails are coming simultaneously from a single IP or are addressed to random addresses that do not exist in our system, it could signify a spam attack and the email will be blocked. If the sending address is from a domain in our system but the mailbox does not exist the email will be blocked. This last case is called “spoofing” and it is the reason you may have received spam from your own email address or domain.

Layer 2: Cloudmark® Scan
All email is scanned by Cloudmark’s industry-leading spam detection software. Cloudmark uses Advanced Message Fingerprinting™ to detect spam, phishing, and viruses. Instead of relying on a spam blacklist Advanced Message Fingerprinting examines algorithm patterns that expose spam across all languages and character formats. These patterns are updated every 60 seconds based on worldwide feedback loops and the latest spammer tactics.

Layer 3: The Message Sniffer Scan
Email is then scanned with Message Sniffer from ARM Research Labs. Message Sniffer relies on pattern recognition and machine learning technology to detect spam and malware. It searches the entire message for spam, virus, and malware features including unusual headers, structural artifacts, message source behaviors, obfuscation techniques, email and URL targets, binary and image signatures, unusual code fragments, and even coding styles.

Virus Protection
PrecisionPros also uses the latest and best in technology to make sure your data isn’t compromised. Our antivirus system scans all inbound and outbound emails using a multistage process. The process is broken down into the following four stages:

Stage 1: Restricted Attachments
Virus protection starts with scanning messages for dangerous types of file attachments. Dangerous files are those that can execute code, which can be used by malicious persons to spread viruses or do harm to your computer. Restricted file types include, but are not limited to, program files (.exe, .com), script files (.bas, .vbs, .js), and shortcuts to files (.lnk, .pif). When an email is sent or received that contains a restricted file attachment, the email is rejected and the sender receives a “bounced” email notification informing them of the restriction.

Stage 2: Normalization
This stage of the email antivirus process searches for email formatting vulnerabilities that can be used by viruses to hide from virus scanners. If any vulnerability is found our system corrects the formatting of the message so that it can be thoroughly scanned for viruses. This is called “normalizing” the message, and most notably this process protects against known Microsoft Outlook security threats.

Stage 3: Decompression
Next, if the email contains any compressed attachments such as zip files, the compressed attachments are temporarily unzipped so that the contents can be scanned for viruses. Many of today’s viruses use compression as a way to sneak their way past virus scanners, sometimes even compressing themselves in several layers to try to hide from scanners. If an attachment cannot be decompressed, as might be the case for password-protected zip files, the original file is scanned for virus signatures that occur within compressed attachments.

Stage 4: Virus Scan
After the above preprocessing is complete an email antivirus scanner is used to scan the email and all of its uncompressed attachments. Everything is scanned to ensure maximum protection against new virus threats. ClamAV (www.clamav.net) is the current scanner of choice, although our system was designed to be able to plug-in any virus scanner on the market should the need to do so arise. Updated virus definitions are automatically pushed to our system. This gives our customers protection from new viruses within minutes. Virus definitions are updated hourly. In contrast, most desktop and server anti-virus programs are configured to check for new virus signatures only once per day.

Bulk Email Policy
Our Bulk Email Policy is simple: Customers may not send email of similar content to more than 250 recipients. In our effort to make our email hosting services as reliable as possible we must restrict our customers from doing anything that could jeopardize the reputation of our mail servers. Thanks to our strict Acceptable Use Policy (AUP) our mail servers have a strong reputation for consistently sending legitimate email. Our customers benefit from this directly; email sent from reputable mail servers will be delivered promptly and effectively—arriving in their recipients’ inboxes rather than their spam folders.

One of the most important ways we protect the integrity of our mail servers is to restrict bulk email. Our AUP’s Bulk Email Policy restricts customers from sending any email of similar content to more than 250 recipients—even if the email is sent in batches over time or is sent using multiple email accounts. These restrictions are tough but they are necessary to protect our mail servers from potential blacklisting. If an ISP or another email host detects that unsolicited or undesired email has been sent from one of our servers (even just one email out of a thousand) the server may be blacklisted – which results in email delivery delays and may cause legitimate email to end up in recipients’ spam folders. This affects not just the offending customer but all customers sending email through the mail server. Though we have safeguards in place to promptly replace blacklisted servers, we must preserve our mail servers’ reputation for always sending legitimate email.

When email hosting companies compromise and allow their customers to send bulk email it negatively affects everyone. In fact, many businesses turn to us because of our strict AUP. They’re tired of having their email flagged as spam by their recipients’ email providers and they know that our AUP will prevent this from happening. It’s one more way that we’re Fanatical for our customers. We do recognize that many businesses need to send legitimate bulk email—and we are here to help. We have identified iContact, a leader in the email marketing industry, as a company that not only specializes in permission based, CAN-SPAM compliant, bulk email services, but that also shares our commitment to high quality products and reliable email delivery. To learn more about iContact and how they can help with your bulk email needs, please visit them at www.icontact.com.