Author: The Geek Decoder

Clamd.conf file for CentOS

February 7, 2015 The Geek Decoder No Comments ClamAV

##
## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.
##

# Comment or remove the line below.
#Example

# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log

# By default the log file is locked for writing – the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with –config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes

# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use ‘M’ or ‘m’ for megabytes (1M = 1m = 1048576 bytes)
# and ‘K’ or ‘k’ for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don’t use modifiers. If LogFileMaxSize is enabled, log
# rotation (the LogRotate option) will always be enabled.
# Default: 1M
LogFileMaxSize 2M

# Log time with each message.
# Default: no
#LogTime yes

# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes

# Use system logger (can work together with LogFile).
# Default: no
LogSyslog yes

# Specify the type of syslog messages – please refer to ‘man syslog’
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL

# Enable verbose logging.
# Default: no
#LogVerbose yes

# Enable log rotation. Always enabled when LogFileMaxSize is enabled.
# Default: no
#LogRotate yes

# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
#ExtendedDetectionInfo yes

# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /var/run/clamd.pid

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/clamav

# Only load the official signatures published by the ClamAV project.
# Default: no
#OfficialDatabaseOnly no

# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /tmp/clamd.socket

# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
#LocalSocketGroup virusgroup

# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660

# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes

# TCP port address.
# Default: no
TCPSocket 3310

# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world. This option can be specified multiple
# times if you want to listen on multiple IPs. IPv6 is now supported.
# Default: no
TCPAddr 127.0.0.1

# Maximum length the queue of pending connections may grow to.
# Default: 200
MaxConnectionQueueLength 30

# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.

# Close the connection when the data size limit is exceeded.
# The value should match your MTA’s limit for a maximum attachment size.
# Default: 25M
StreamMaxLength 55M

# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000

# Maximum number of threads running at the same time.
# Default: 10
MaxThreads 20

# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
ReadTimeout 300

# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn’t provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5

# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
#
# Default: 500
#SendBufTimeout 200

# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn’t increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue – MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024) # # Default: 100 #MaxQueue 200 # Waiting for a new job will timeout after this time (seconds). # Default: 30 #IdleTimeout 60 # Don't scan files and directories matching regex # This directive can be used multiple times # Default: scan all #ExcludePath ^/proc/ #ExcludePath ^/sys/ # Maximum depth directories are scanned at. # Default: 15 #MaxDirectoryRecursion 20 # Follow directory symlinks. # Default: no #FollowDirectorySymlinks yes # Follow regular file symlinks. # Default: no #FollowFileSymlinks yes # Scan files and directories on other filesystems. # Default: yes #CrossFilesystems yes # Perform a database check. # Default: 600 (10 min) #SelfCheck 600 # Execute a command when virus is found. In the command string %v will # be replaced with the virus name. # Default: no #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v" # Run as another user (clamd must be started by root for this option to work) # Default: don't drop privileges User clamav # Initialize supplementary group access (clamd must be started by root). # Default: no AllowSupplementaryGroups no # Stop daemon when libclamav reports out of memory condition. #ExitOnOOM yes # Don't fork into background. # Default: no #Foreground yes # Enable debug messages in libclamav. # Default: no #Debug yes # Do not remove temporary files (for debug purposes). # Default: no #LeaveTemporaryFiles yes # Permit use of the ALLMATCHSCAN command. If set to no, clamd will reject # any ALLMATCHSCAN command as invalid. # Default: yes #AllowAllMatchScan no # Detect Possibly Unwanted Applications. # Default: no #DetectPUA yes # Exclude a specific PUA category. This directive can be used multiple times. # See https://github.com/vrtadmin/clamav-faq/blob/master/faq/faq-pua.md for # the complete list of PUA categories. # Default: Load all categories (if DetectPUA is activated) #ExcludePUA NetTool #ExcludePUA PWTool # Only include a specific PUA category. This directive can be used multiple # times. # Default: Load all categories (if DetectPUA is activated) #IncludePUA Spy #IncludePUA Scanner #IncludePUA RAT # In some cases (eg. complex malware, exploits in graphic files, and others), # ClamAV uses special algorithms to provide accurate detection. This option # controls the algorithmic detection. # Default: yes #AlgorithmicDetection yes # This option causes memory or nested map scans to dump the content to disk. # If you turn on this option, more data is written to disk and is available # when the LeaveTemporaryFiles option is enabled. #ForceToDisk yes # This option allows you to disable the caching feature of the engine. By # default, the engine will store an MD5 in a cache of any files that are # not flagged as virus or that hit limits checks. Disabling the cache will # have a negative performance impact on large scans. # Default: no #DisableCache yes ## ## Executable files ## # PE stands for Portable Executable - it's an executable file format used # in all 32 and 64-bit versions of Windows operating systems. This option allows # ClamAV to perform a deeper analysis of executable files and it's also # required for decompression of popular executable packers such as UPX, FSG, # and Petite. If you turn off this option, the original files will still be # scanned, but without additional processing. # Default: yes ScanPE yes # Certain PE files contain an authenticode signature. By default, we check # the signature chain in the PE file against a database of trusted and # revoked certificates if the file being scanned is marked as a virus. # If any certificate in the chain validates against any trusted root, but # does not match any revoked certificate, the file is marked as whitelisted. # If the file does match a revoked certificate, the file is marked as virus. # The following setting completely turns off authenticode verification. # Default: no #DisableCertCheck yes # Executable and Linking Format is a standard format for UN*X executables. # This option allows you to control the scanning of ELF files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes #ScanELF yes # With this option clamav will try to detect broken executables (both PE and # ELF) and mark them as Broken.Executable. # Default: no #DetectBrokenExecutables yes ## ## Documents ## # This option enables scanning of OLE2 files, such as Microsoft Office # documents and .msi files. # If you turn off this option, the original files will still be scanned, but # without additional processing. # Default: yes #ScanOLE2 yes # With this option enabled OLE2 files with VBA macros, which were not # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros". # Default: no #OLE2BlockMacros no # This option enables scanning within PDF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes #ScanPDF yes # This option enables scanning within SWF files. # If you turn off this option, the original files will still be scanned, but # without decoding and additional processing. # Default: yes #ScanSWF yes ## ## Mail files ## # Enable internal e-mail scanner. # If you turn off this option, the original files will still be scanned, but # without parsing individual messages/attachments. # Default: yes ScanMail yes # Scan RFC1341 messages split over many emails. # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory. # WARNING: This option may open your system to a DoS attack. # Never use it on loaded servers. # Default: no #ScanPartialMessages yes # With this option enabled ClamAV will try to detect phishing attempts by using # signatures. # Default: yes #PhishingSignatures yes # Scan URLs found in mails for phishing attempts using heuristics. # Default: yes #PhishingScanURLs yes # Always block SSL mismatches in URLs, even if the URL isn't in the database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockSSLMismatch no # Always block cloaked URLs, even if URL isn't in database. # This can lead to false positives. # # Default: no #PhishingAlwaysBlockCloak no # Detect partition intersections in raw disk images using heuristics. # Default: no #PartitionIntersection no # Allow heuristic match to take precedence. # When enabled, if a heuristic scan (such as phishingScan) detects # a possible virus/phish it will stop scan immediately. Recommended, saves CPU # scan-time. # When disabled, virus/phish detected by heuristic scans will be reported only at # the end of a scan. If an archive contains both a heuristically detected # virus/phish, and a real malware, the real malware will be reported # # Keep this disabled if you intend to handle "*.Heuristics.*" viruses # differently from "real" malware. # If a non-heuristically-detected virus (signature-based) is found first, # the scan is interrupted immediately, regardless of this config option. # # Default: no #HeuristicScanPrecedence yes ## ## Data Loss Prevention (DLP) ## # Enable the DLP module # Default: No #StructuredDataDetection yes # This option sets the lowest number of Credit Card numbers found in a file # to generate a detect. # Default: 3 #StructuredMinCreditCardCount 5 # This option sets the lowest number of Social Security Numbers found # in a file to generate a detect. # Default: 3 #StructuredMinSSNCount 5 # With this option enabled the DLP module will search for valid # SSNs formatted as xxx-yy-zzzz # Default: yes #StructuredSSNFormatNormal yes # With this option enabled the DLP module will search for valid # SSNs formatted as xxxyyzzzz # Default: no #StructuredSSNFormatStripped yes ## ## HTML ## # Perform HTML normalisation and decryption of MS Script Encoder code. # Default: yes # If you turn off this option, the original files will still be scanned, but # without additional processing. #ScanHTML yes ## ## Archives ## # ClamAV can scan within archives and compressed files. # If you turn off this option, the original files will still be scanned, but # without unpacking and additional processing. # Default: yes ScanArchive yes # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR). # Default: no #ArchiveBlockEncrypted no ## ## Limits ## # The options below protect your system against Denial of Service attacks # using archive bombs. # This option sets the maximum amount of data to be scanned for each input file. # Archives and other containers are recursively extracted and scanned up to this # value. # Value of 0 disables the limit # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 100M #MaxScanSize 150M # Files larger than this limit won't be scanned. Affects the input file itself # as well as files contained inside it (when the input file is an archive, a # document or some other kind of container). # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 25M #MaxFileSize 30M # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR # file, all files within it will also be scanned. This options specifies how # deeply the process should be continued. # Note: setting this limit too high may result in severe damage to the system. # Default: 16 #MaxRecursion 10 # Number of files to be scanned within an archive, a document, or any other # container file. # Value of 0 disables the limit. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10000 #MaxFiles 15000 # Maximum size of a file to check for embedded PE. Files larger than this value # will skip the additional analysis step. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10M #MaxEmbeddedPE 10M # Maximum size of a HTML file to normalize. HTML files larger than this value # will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 10M #MaxHTMLNormalize 10M # Maximum size of a normalized HTML file to scan. HTML files larger than this # value after normalization will not be scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 2M #MaxHTMLNoTags 2M # Maximum size of a script file to normalize. Script content larger than this # value will not be normalized or scanned. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 5M #MaxScriptNormalize 5M # Maximum size of a ZIP file to reanalyze type recognition. ZIP files larger # than this value will skip the step to potentially reanalyze as PE. # Note: disabling this limit or setting it too high may result in severe damage # to the system. # Default: 1M #MaxZipTypeRcg 1M # This option sets the maximum number of partitions of a raw disk image to be scanned. # Raw disk images with more partitions than this value will have up to the value number # partitions scanned. Negative values are not allowed. # Note: setting this limit too high may result in severe damage or impact performance. # Default: 50 #MaxPartitions 128 # This option sets the maximum number of icons within a PE to be scanned. # PE files with more icons than this value will have up to the value number icons scanned. # Negative values are not allowed. # WARNING: setting this limit too high may result in severe damage or impact performance. # Default: 100 #MaxIconsPE 200 ## ## On-access Scan Settings ## # Enable on-access scanning. Currently, this is supported via fanotify. # Clamuko/Dazuko support has been deprecated. # Default: no #ScanOnAccess yes # Don't scan files larger than OnAccessMaxFileSize # Value of 0 disables the limit. # Default: 5M #OnAccessMaxFileSize 10M # Set the include paths (all files inside them will be scanned). You can have # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. (On-access scan only) # Default: disabled #OnAccessIncludePath /home #OnAccessIncludePath /students # Set the exclude paths. All subdirectories are also excluded. # (On-access scan only) # Default: disabled #OnAccessExcludePath /home/bofh # With this option you can whitelist specific UIDs. Processes with these UIDs # will be able to access all files. # This option can be used multiple times (one per line). # Default: disabled #OnAccessExcludeUID 0 ## ## Bytecode ## # With this option enabled ClamAV will load bytecode from the database. # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. # Default: yes #Bytecode yes # Set bytecode security level. # Possible values: # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS # This value is only available if clamav was built with --enable-debug! # TrustSigned - trust bytecode loaded from signed .c[lv]d files, # insert runtime safety checks for bytecode loaded from other sources # Paranoid - don't trust any bytecode, insert runtime checks for all # Recommended: TrustSigned, because bytecode in .cvd files already has these checks # Note that by default only signed bytecode is loaded, currently you can only # load unsigned bytecode in --enable-debug mode. # # Default: TrustSigned #BytecodeSecurity TrustSigned # Set bytecode timeout in miliseconds. # # Default: 5000 # BytecodeTimeout 1000 ## ## Statistics gathering and submitting ## # Enable statistical reporting. # Default: no #StatsEnabled yes # Disable submission of individual PE sections for files flagged as malware. # Default: no #StatsPEDisabled yes # HostID in the form of an UUID to use when submitting statistical information. # Default: auto #StatsHostID auto # Time in seconds to wait for the stats server to come back with a response # Default: 10 #StatsTimeout 10 [/bash]

Check RAID

February 7, 2015 The Geek Decoder No Comments RAID

root@E31230211151 ~]# tw_cli
//E31230211151> show

Ctl Model (V)Ports Drives Units NotOpt RRate VRate BBU
————————————————————————
c0 9650SE-2LP 2 2 1 0 1 1 –

//E31230211151> /c0 show

Unit UnitType Status %RCmpl %V/I/M Stripe Size(GB) Cache AVrfy
——————————————————————————
u0 RAID-1 VERIFYING – 2% – 1862.63 RiW ON

VPort Status Unit Size Type Phy Encl-Slot Model
——————————————————————————
p0 OK u0 1.82 TB SATA 0 – TOSHIBA MG03ACA200
p1 OK u0 1.82 TB SATA 1 – TOSHIBA MG03ACA200

Or

# tw_cli /c0 show

Change Exim Sending IP

February 6, 2015 The Geek Decoder No Comments cPanel, Exim, WHM

If you want everyone on the server to send out on the same IP, just add the following to 


# nano /etc/mailips:
*: xxx.xxx.xxx.xxx

Then add the IP and it’s matching PTR to /etc/mail_reverse_dns:

# nano /etc/mail_reverse_dns
# xxx.xxx.xxx.xxx hostname.tld

This will tell Exim to use that IP for any sender on the server.

Restart exim

# service exim restart

Cannot edit /etc/mailips on cPanel Server

February 6, 2015 The Geek Decoder No Comments cPanel, WHM

Check /etc/mailips permissions:

Code:


# ls -lah /etc/mailips

It should show the following:


# ls -lah /etc/mailips
-rw-r----- 1 root mail 0 Mar 11 21:40 /etc/mailips

If it does not show root:mail for ownership, then fix that:

# chown root:mail /etc/mailips

If it doesn’t show 640 for file permissions, fix that:


# chmod 640 /etc/mailips

If it does have the right ownership and permissions, then next check the file isn’t set to be immutable:


# lsattr /etc/mailips

It might look like the following if it is okay:


# lsattr /etc/mailips
-------A----- /etc/mailips

Or below if it is unwritable

# lsattr /etc/mailips
----i--------e- /etc/mailips

An uppercase A is fine. If it has a lowercase i or a lowercase a, then it isn’t fine, and those need removed:


# chattr -ia /etc/mailips

Now it looks like

# lsattr /etc/mailips
-------------e- /etc/mailips

FTP Errors on CentOS

February 5, 2015 The Geek Decoder No Comments FTP

AI_NODATA – No address associated with nodename error in your FTP client. Sometimes an EAI_NODATA error is also related to either a EHOSTUNREACH error, or an ECONNABORTED error as well.

Command: MLSDError: Connection timed outError: Failed to retrieve directory listing

Status: Waiting to retry…Status: Disconnected from serverStatus: Resolving address of robertlacylv.comStatus: Connection attempt failed with “EAI_NODATA – No address associated with nodename”.Error: Could not connect to server.

Check iptables:

Make sure firewall is not blocking your access

Run following command to see what iptables rules are setup:


# /sbin/iptables -L -n


# Generated by iptables-save v1.4.7 on Wed Feb  4 23:44:12 2015
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [88:48078]
:acctboth - [0:0]
:cP-Firewall-1-INPUT - [0:0]
-A INPUT -j cP-Firewall-1-INPUT
-A INPUT -j acctboth
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j cP-Firewall-1-INPUT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j acctboth
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 993 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2082 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2078 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2077 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 26 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 143 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 995 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 110 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2086 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2087 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2095 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 465 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2096 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A cP-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 2083 -j ACCEPT
-A cP-Firewall-1-INPUT -p udp -m state --state NEW -m udp --dport 53 -j ACCEPT
COMMIT

Add the passive port range:

-A INPUT -p tcp -m tcp --dport 30000:50000 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 30000:50000

Restart ftp on cpanel

# /usr/local/cpanel/scripts/restartsrv_ftpserver

You can temporary clear all iptables rules so that you can troubleshoot problem. If you are using Red Hat or Fedora Linux type command:


# /etc/init.d/iptables save
# /etc/init.d/iptables stop

If you are using other Linux distribution type following commands:


# iptables -F
# iptables -X
# iptables -t nat -F
# iptables -t nat -X
# iptables -t mangle -F
# iptables -t mangle -X

Source: https://documentation.cpanel.net/display/CKB/How+to+Enable+FTP+Passive+Mode#HowtoEnableFTPPassiveMode-HowdoIenablethepassiveportrangeforPure-FTPd?

Plesk Postfix error – Delivery to the following recipient failed permanently

February 3, 2015 The Geek Decoder No Comments Plesk

An email sender to your server is getting a bounce message:


Delivery to the following recipient failed permanently".

Email logs show:


Feb  3 11:57:52 mail postfix/cleanup[21623]: D4153A20130: milter-reject: END-OF-MESSAGE from mail-ob0-f181.google.com[209.85.214.181]: 5.7.1 Command rejected; from=<user@domain.org> to=<user@domain2.org> proto=ESMTP helo=<mail-ob0-f181.google.com>

Resolution:

Check the logs as the email is being rejected for a non SPF record:


Feb 3 11:57:50 mail spf filter[22107]: Starting spf filter...
Feb 3 11:57:52 mail spf filter[22107]: SPF result: fail
Feb 3 11:57:52 mail spf filter[22107]: SPF status: REJECT
Feb 3 11:57:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[1877]: handlers_stderr: REJECT
Feb 3 11:57:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[1877]: REJECT during call 'spf' handler
Feb 3 11:57:52 mail /usr/lib64/plesk-9.0/psa-pc-remote[1877]: Message aborted.
Feb 3 11:57:52 mail postfix/cleanup[21623]: D4153A20130: milter-reject: END-OF-MESSAGE from mail-ob0-f181.google.com[209.xx.xx.xx]: 5.7.1 Command rejected; from= to= proto=ESMTP helo=

Postfix: mails sent through sendmail binary are blocked because of wrong HELO

February 3, 2015 The Geek Decoder No Comments Plesk, Postfix

My server is using Centos 6.5
I updated from Plesk 11.5 to 12 last week and postfix to 2.8.17.
Since then, all mails sent using the sendmail binary (notifications, mail forwards…) are being rejected with a wrong HELO hostname: localhost.
It seems that sendmail is using locahost as a HELO tag which is not accepted.

 

Qick Fix:

remove whole non_smtpd_milters from postfix main.cf in case you do not use commtouch.
If you would like to use commtouch then you can remove only “inet:127.0.0.1:12768” from non_smtpd_milters.
restart postfix.

 

Link: http://forum.sp.parallels.com/threads/postfix-mails-sent-through-sendmail-binary-are-blocked-because-of-wrong-helo.305216/

 

Yum update errors for ghost update

January 31, 2015 The Geek Decoder No Comments Administration, CentOS 6, Yum

Running yum update on CentOS 6.2 produces errors:

yum update

Error: Package: matahari-host-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-service-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-agent-lib-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-network-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-host-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-sysconfig-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-sysconfig-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-service-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-agent-lib-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidcommon.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidcommon.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
Error: Package: matahari-network-0.4.4-11.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
           Requires: libqpidclient.so.5()(64bit)
           Removing: qpid-cpp-client-0.12-6.el6.x86_64 (@anaconda-CentOS-201112091719.x86_64/6.2)
               libqpidclient.so.5()(64bit)
           Updated By: qpid-cpp-client-0.14-22.el6_3.x86_64 (base)
               Not found
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

Here is more information on Matahari: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/6.3_Technical_Notes/matahari.html

Solution:

#yum remove matahari*

Then run yum update again

Apache Error

January 31, 2015 The Geek Decoder No Comments Apache


Options ExecCGI FollowSymLinks IncludesNOEXEC Indexes Limit SymLinksIfOwnerMatch
AllowOverride All

results in an error – Syntax error on line 71 of /usr/local/apache/conf/httpd.conf

Based on my understanding, it first disables FollowSymLinks and enables SymLinksIfOwnerMatch at the httpd.conf level and it applies to all the files and subdirectories present inside, /home.

The next directive, AllowOverride. By writing “All”, it allows all the Directives belonging to FileInfo, AuthConfig, Indexes, Limit to be overriden by .htaccess files.

It explicitly mentions the list of Options that can be overriden by the .htaccess files.

So, it allows SymLinksIfOwnerMatch to be overriden by the .htaccess file.

Is my understanding correct?

Why does it allow SymLinksIfOwnerMatch to be overriden by the .htaccess file if it has explicitly mentioned in the line above that the SymLinksIfOwnerMatch is enabled?