Wednesday, November 21, 2007

Synchronising Plesk with unison

I wanted to synchronise my local files and server with one hosted on a Plesk server.

REMOTE
First, we need to make sure that the server has unison installed.
unison -version
If unison isn't installed, install it
If the version doesn't match the version on the local machine, download the binary from the unison site, move it to /usr/bin and create "ln -s" it to "unison"
Try unison -version again.
Make sure that you can run unison remotely - the first time it is run, it tried to create a .unison directory, so if the environment doesn't allow unison to write to the users home directory, it needs to be created first.

LOCAL
Now locally, create the directory we are going to sync with.
Create the unison config file.
It lives in .unison in your home directory and will look something like:
root = /var/www/vhosts/**site_name**/httpdocs/
root = ssh://**username**@**remote_host**/httpdocs/
Using either unison or unison-gtk, run the first sync
Posted by at No comments:

Monday, September 24, 2007

SpamAssasin upgrade with SpamGuardian

I wanted to update spamassassin on my Plesk install on a Debian machine. I have SpamGuardian installed too, so needed to make sure that once the upgrade of SpamAssassin was complete, I could still control the setup through the web-insterface and Plesk and SpamGuardian.
sudo -s
get the latest spamassassin deb:
dkpg -i the_spamassassin_file.deb
cd /etc/spamassassin
remove the old .cf files (I moved them to a nuke folder)
remove the Rules_du_jour files too
edit the local.cf file
check that everything is still working
spamassassin --lint
fix any errors
if you log into the Plesk control panel now, SpamGuardian will still show that you are using the old version...

Re-install SpamGuardian

Additional instructions can be found in various places.
Posted by at No comments:

UK2 server setup

I've not long purchased another server from UK2.net and installed Plesk 8.2 on it with Spam Guardian. It's interesting how I refine the install on each occasion, and this is probably as slick as it can get without being completely automated.

check the open ports on the server
login as root

Basic server setup

Once the email from UK2 has arrived with confirmation of the server, log into the server as root, change the password and upgrade all the current packages (be aware of previous kernel updates that have caused kernel-panics at boot:
ssh root@server12345.uk2net.com
passwd
nano /etc/apt/sources.list

deb http://ftp.uk.debian.org/debian/ etch main
deb-src http://ftp.uk.debian.org/debian/ etch main

deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib

apt-get update
apt-get upgrade
Upgrade out of date packages and setup the sudo function
apt-get install sudo
nano /etc/sudoers
Add the line %admin ALL=(ALL) ALL to the bottom of the file. Now add some real users and a group called admin; add users to the admin group if they are sudoers.
adduser username
groupadd admin
usermod -G admin username
Setup some other basic packages and admin tasks
apt-get install joe lynx
joe /etc/motd - Welcome to...
joe /etc/ssh/sshd_config - PermitRootLogin no
sudo /etc/init.d/ssh restart
Setup the hosts file (/etc/hosts)
Logout of the root account and setup passwordless login to the new server
ssh-keygen -t rsa - follow the hints (don't enter a passphrase)
ssh-copy-id -i ~/.ssh/id_rsa.pub username@host
Log into your new account and check that you aren't prompted for a password.

change hostname (/etc/hostname)
install webmin
sudo dpkg -i webmin...
  • copy over installers
  • install plesk
  • login (admin:setup)
  • change password
  • change hostname
  • check watchdog and change email address
  • review licence
Other Plesk jobs on blog
  • munin
  • maxclients
  • imap connections
  • spamguardian
  • totalbackup
(where /usr/bin/bzip2 doesn't exist and bzip2 has been installed, it may be in /bin/bzip2 - create a symlink)

Set time servers
apt-get install ntp ntp-server ntp-simple
ntpdate uk.pool.ntp.org
nano /etc/ntp.conf
add server 0.uk.pool.ntp.org (1.uk.... and 2.uk...)
/etc/init.d/ntp-server restart
ntpq (peer)
*

install the new ssl certificate or renew it through the instantssl web interface
set it as the default certificate for all IP addresses on the machine
make it the default certificate
remove the plesk ssl certificate

FILES THAT GET CHANGED ON A PLESK INSTALL
  • motd
  • sources.list
  • hosts
  • hostname
  • ntp.conf
Posted by at No comments:

Thursday, August 23, 2007

Spam and Plesk

I have been reinstalling a server of mine and voted for the latest and greatest Plesk version (8.2).

I still have a licence for Spam Guardian from 4psa, so I opted to install that too. For optimisation purposes, I did some digging and attempted to optomise my setup. Here's what I did:

Download the installer from the 4psa client area. On debian systems (which mine is) also download SafeCat from the client download area. Move the tarred installers to /usr/local/src.
unzip the installers - [tar -zxf]
chmod 777 sguardian_directory
sudo dpkg -i safecat*.deb
sudo apt-get install spamassassin
Change to the sguardian direction and execute: sudo ./install.sh - follow instructions
  • Ensure that domain and client creation and modification works
  • Check the service restart works
  • Install the license and perform the server checks again
apt-get install libnet-ip-perl libnet-dns-perl
If you want to install Pyzor, Razor, SPF and DCC, follow these instructions:
sudo -s

apt-get install python-gdbm python2.3-gdbm pyzor libdigest-hmac-perl libdigest-nilsimsa-perl libnet-dns-perl razor libmail-spf-query-perl libnet-cidr-lite-perl libsys-hostname-long-perl dcc-client

/usr/bin/pyzor --homedir /etc/mail/spamassassin/.pyzor discover
chown popuser.popuser -R /etc/mail/spamassassin/.pyzor
/usr/bin/razor-admin -create -home /etc/mail/spamassassin/.razor -conf=/etc/mail/spamassassin/.razor/razor-agent.conf
/usr/bin/razor-admin -discover -home /etc/mail/spamassassin/.razor
/usr/bin/razor-admin -register -home /etc/mail/spamassassin/.razor
If you get "Error 202 while performing register, aborting.", just re-execute the register command until the operation is successful.

Put the following in "/etc/spamassassin/local.cf" at the top of the file
loadplugin Mail::SpamAssassin::Plugin::Pyzor
loadplugin Mail::SpamAssassin::Plugin::SPF
loadplugin Mail::SpamAssassin::Plugin::DCC
#loadplugin Mail::SpamAssassin::Plugin::TextCat

pyzor_options --homedir /etc/mail/spamassassin/.pyzor
razor_config /etc/mail/spamassassin/.razor/razor-agent.conf
Then restart the server
/etc/init.d/spamassassin restart
spamassassin --lint
N.B.
The first time I tried this, I forgot to add the LoadModule directive for DCC. By default, it is not loaded because it isn't opensource. When I did a "spamassassin --lint", I got this, but all was fixed by adding the LoadModule... and restarting it again:
[26699] warn: config: failed to parse line, skipping: dcc_timeout 5
[26699] warn: config: failed to parse line, skipping: use_dcc 1
[26699] warn: config: failed to parse, now a plugin, skipping: ok_languages all
[26699] warn: lint: 2 issues detected, please rerun with debug enabled for more information
Finally, get those extra rule sets from SARE using RulesDuJour.
Copy the rules_du_jour script to /usr/local/sbin/
Copy the RDJ config file to /etc/rulesdujour/
Run RulesDuJour and watch the rules get updated.
Add a cron to run the script at a random time in the morning:
crontab -e
04 4 * * * /usr/local/sbin/rules_du_jour
The following, is an example of the RDJ config file: don't add too many directives!
#!/bin/bash
# Version 1.21

# IMPORTANT! Edit the TRUSTED_RULESETS line to choose your RuleSets
TRUSTED_RULESETS="
SARE_REDIRECT
SARE_EVILNUMBERS0
SARE_EVILNUMBERS1
SARE_BAYES_POISON_NXM
SARE_HTML0
SARE_HTML1
SARE_HEADER
SARE_SPECIFIC
SARE_ADULT
SARE_BML
SARE_FRAUD
SARE_SPOOF
SARE_RANDOM
SARE_SPAMCOP_TOP200
SARE_OEM
SARE_GENLSUBJ0
SARE_GENLSUBJ1
SARE_UNSUB
SARE_URI0
SARE_URI1
SARE_OBFU
SARE_STOCKS
SARE_CODING
";

# Variable penetrance
# SARE_EVILNUMBERS
# SARE_HTML
# SARE_HEADER
# SARE_GENLSUBJ
# SARE_URI


# Left out
# SARE_HIGHRISK

SA_DIR="/etc/mail/spamassassin";
MAIL_ADDRESS="support@humblehosting.co.uk";
SINGLE_EMAIL_ONLY="true";
SA_LINT="spamassassin --lint";
SA_RESTART="/etc/init.d/spamassassin";
WGET="wget -N";
PERL="perl";
MAILCMD="mail";
GREP="grep";
RULES_DU_JOUR_SCRIPT="/usr/local/sbin/rules_du_jour";

#### End Local Settings ####
Posted by at 2 comments:

Friday, August 10, 2007

Gutsy testing

Gutsy (Ubuntu 7.10) has reached Tribe 4 (the 4th alpha release), so I reckon it's time to try it out on my local machine. And, I'm going to go back to the old trusty i386 version. And, after reading the feature in last month's Ubuntu newsletter about the badness of Automatix, that won't be on my list of things to install either.

Like usual, it's a fresh install using the live CD - which works out of the box.

Once the install is done, get the latests updates, add the restricted drivers for my nVidia dual head graphics card and restart. Thankfully, unlike a Windows install, that is the only restart I'll need for a while... and, I'm quite impressed at how quickly the shutodwn and restart is too.

Get the panels fixed and start the process of copying the backup files.

Add the medibuntu repro for some extra interesting stuff (like googleearth and skype), and perform a quick apt-get install to get the things I like that aren't on a default install.
echo "deb http://packages.medibuntu.org/ gutsy free non-free" | sudo tee -a /etc/apt/sources.list
wget -q http://packages.medibuntu.org/medibuntu-key.gpg -O- | sudo apt-key add - && sudo apt-get update

sudo apt-get install unison unison-gtk openssh-server joe easytag thunderbird googleearth skype msttcorefonts
Now, set the hostname and copy the hosts file from the backup folder. Setup keys:
ssh-keygen -t rsa
Finally, setup unison, copy 'backup' into the .unison directory and run "unision-gtk backup"
All done!
Posted by at No comments:

Saturday, July 21, 2007

VNC and remote desktop (Ubuntu)

I was helping RoJ to setup his new Ubuntu machine (which he likes a lot) and decided that rather than just logging in via SSH, I'd try the old remote desktop.

So, I got him to enable remote desktop login (System -> Preferences -> Remote Desktop) and got him to check the "View your desktop" box. Then I made sure that he had port 5900 forwarding to his machine.


All I needed to do from my end was use the VNC viewer to get a beautiful live stream of his laptop 400 miles away:
vncviewer xxx.xxx.xxx.xxx:5900
Posted by at No comments:

Friday, June 08, 2007

Ubuntu Feisty 64

I'd previously tried a version of Ubuntu in 64-bit, but when I installed Feisty the last time, I plumped for the 32-bit version.

I decided today that it was worth giving the 64-bit version a go and using the full potential of my processor.

I'm glad to say that everything is working wonderfully, and there is a definite difference. The main speed hike has been seen when using Google Earth - the movement of the maps are now super smooth. There is also a definite improvement in load times of large apps like OO.

Down side is that flash won't work, so I'll have to follow some instructions on how to get it working... if I can be bothered.

And... I had to find a .deb for Thunderbird 2 since it's not in the repos yet and not part of Automatix2.
Posted by at No comments:
Subscribe to: Posts (Atom)