howto's

LDAP server is not responding, database looks corrupted.
Article ID: 5476
Last Review: Feb,9 2009
Author: Vitaly Filatov
Last updated by: Vitaly Filatov APPLIES TO:

* Parallels Operations Automation

Symptoms
LDAP server can be started, but it is not listening on port 389 and is not working, ‘slapcat’ hangs too.
Cause
LDAP back-end database is corrupted.
Resolution
Use slapd_db_recover to recover the database, for example:
[root@psaldap ldap]# slapd_db_recover -v -h /var/lib/ldap
db_recover: Finding last valid log LSN: file: 1 offset 263805
db_recover: Recovery starting from [1][261683]
db_recover: Recovery complete at Thu Jul 17 08:29:23 2008
db_recover: Maximum transaction ID 80000175 Recovery checkpoint [1][264861]

WARNING: Always backup database files before working the database, for standard install files are located in
/var/lib/ldap

Problem

In some environments, administrators may find it difficult or tedious to manage and/or monitor logs from many different
servers, and require a mechanism for directing logs from all systems to one central location. Also, in some situations
when there is an issue with the / or /var filesystem, redirecting logs to another server can allow important messages
critical to troubleshooting to be printed, whereas they would have been lost if syslog was directing them to the local
filesystem.

Solution

The syslogd daemon can be configured to send messages for all logging levels or individual levels to one or more syslog
servers. In order to accomplish this, the file /etc/sysconfig/syslog must be edited on the syslog server to allow
remote machines to send logs here. Add the -r option to the SYSLOGD_OPTIONS like so:

SYSLOGD_OPTIONS="-r -m 0"

After the file has been saved, the syslogd service needs to be restarted:

# service syslog restart

To configure a client to send all messages to the remote server, append the following to /etc/syslog.conf:

*.* @hostname

Replace hostname above with the IP address or the hostname of the centralized log server. Or to only send individual
logging levels to the remote server:

*.info;mail.none;authpriv.none;cron.none @hostname

Again replacing hostname with the IP address or hostname of the remote server. Now restart the syslog service on the
client:

# service syslog restart

The new configuration can be tested by restarting a service such as cups on the client:

# service cups restart

Or by using a command such as:

# logger "***** THIS IS A TEST *****"

The log messages related to the cups service being restarted or from the logger command should be found in
/var/log/messages of the central server.

How can I determine the architecture of my Red Hat Enterprise Linux system?

Environment

Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4

Resolution

Red Hat Enterprise Linux is available for various 32-bit and 64-bit platforms.

There are two methods to determine what architecture of Red Hat Enterprise Linux you are running.

1) The output of “uname -a”

Example output on a 32-bit system:

Linux my32bitsystem 2.6.18-53.1.4.el5 #1 SMP Wed Nov 14 10:37:33 EST 2007 i686 i686 i386 GNU/Linux
The i686 indicates this is a 32-bit system.

Example output on a 64-bit system:

Linux my64bitsystem 2.6.18-53.1.6.el5xen #1 SMP Wed Jan 16 04:10:44 EST 2008 x86_64 x86_64 x86_64 GNU/Linux
The x86_64 indicates this is a 64-bit system. Note that 64-bit hardware can also run 32-bit software.

2) The output of “arch”
Example output on a 64bit PowerPC system:

[root@power5-2 getconf]# arch
ppc64

Attention:
getconfig LONG_BIT is not a good method. Because the result is determined by soft link /usr/libexec/getconf/default.
Different target of soft link, different result. For a example:

[root@power5-2 getconf]# getconf LONG_BIT
32
[root@power5-2 getconf]# mv default default.bak
[root@power5-2 getconf]# ln -s POSIX_V6_LP64_OFF64 default
[root@power5-2 getconf]# ll
total 48
lrwxrwxrwx 1 root root 19 Sep 22 22:55 default -> POSIX_V6_LP64_OFF64
lrwxrwxrwx 1 root root 20 Jul 28 00:32 default.bak -> POSIX_V6_ILP32_OFF32
-rwxr-xr-x 1 root root 0 Sep 22 22:54 POSIX_V6_ILP32_OFF32
-rwxr-xr-x 1 root root 19892 Jan 9 2009 POSIX_V6_ILP32_OFFBIG
-rwxr-xr-x 1 root root 26264 Jan 10 2009 POSIX_V6_LP64_OFF64
[root@power5-2 getconf]# getconf LONG_BIT
64
[root@power5-2 getconf]#

Qmail queue is growing. How can I speed up process of sending mail?
Article ID: 1414
Last Review: Oct,6 2008
Author:
Last updated by: system
Resolution

Usually Qmail queue is growing due to too many messages in remote queue, because sending mail to remote servers takes
much more time than delivering the message to the local mailbox.

By default Qmail uses up to 20 ‘qmail-remote’ processes to deliver mail to remote servers. This value can be not enough
if the server has heavy mail traffic. In this case you can increase number of simultaneously running ‘qmail-remote’
processes by creating /var/qmail/control/concurrencyremote file with needed value, for example:

# echo 50 > /var/qmail/control/concurrencyremote

Then restart Qmail. See “man qmail-control” for more information. Also, see the articles about SPAM issue 766.
Keywords: big queue stuck mail slow delivery

How do I rebuild qmail queue if it is damaged or consists of a lot of spam messages?
Article ID: 252
Last Review: Mar,5 2009
Author: Vitaly Malakhov
Last updated by: Vitaly Malakhov APPLIES TO:

* Plesk 8.x for Linux/Unix
* Plesk 7.5.x Reloaded

Resolution

This instruction is written for RPM-based systems (RedHat, Fedora, CentOS, etc…).

Please perform the following steps to recreate Qmail`s queue.

Attention!

All current messages will be removed from the queue in this case and cannot be restored.

1. Stop Qmail and xinetd.

/etc/init.d/qmail stop
/etc/init.d/xinetd stop

2. Move current queue to another location.

mv /var/qmail/queue /var/qmail/queue_old

3 Reinstall ‘psa-qmail’ RPM to recreate qmail queue structure with the command like:

rpm -Uvh --force psa-qmail....

4.(Optional).Reinstall drweb-qmail RPM if you use DrWeb antivirus feature which comes with Plesk.

rpm -Uvh --force drweb-qmail....

5.Start Qmail and xinetd:

/etc/init.d/qmail start
/etc/init.d/xinetd start
Note: you should get the both psa-qmail and drweb-qmail RPMs from the same Plesk version distributive which is installed
on the server.
You can obtain current psa-qmail, drweb-qmail RPMs and Plesk build versions by running the following commands on Linux
systems:


rpm -q psa-qmail
rpm -q drweb-qmail
rpm -q psa

The server is saturated with SPAM. There are many messages in the queue. The mail is sent slowly.
Article ID: 766
Last Review: Mar,16 2009
Author: Daria Taranova
Last updated by: Daria Taranova APPLIES TO:

* Plesk 7.5.x Reloaded
* Plesk 9.x for Linux/Unix
* Plesk 8.x for Linux/Unix

Resolution
First check that all domains have the option ‘Mail to non-existing user’ set to ‘reject’ but not to ‘forward’. You can
change this setting to all domains using “Group Operations” in the “Domains” tab in Parallels Plesk Control Panel. The
option “Reject mail to nonexistent user” is available since Parallels Plesk Panel 7.5.3.

Also, please, check that all the IPs and networks in the white lists are reliable and familiar to you.

Check how many messages are in the queue with Qmail:

# /var/qmail/bin/qmail-qstat
messages in queue: 27645
messages in queue but not yet preprocessed: 82

If the queue has too many messages, try to discover the source of SPAM.

If mail is being sent by an authorized user but not from the PHP script, you can run the command below to find the user
that has sent the most messages (available since Plesk 8.x). Note that you must have the ‘SMTP authorization’ activated
on the server to see these records:

# cat /usr/local/psa/var/log/maillog |grep -I smtp_auth |grep -I user |awk '{print $11}' |sort |uniq -c |sort -n

The path to ‘maillog’ may differ depending on the OS you are using.

The next step is to use is “qmail-qread”, which can be used to read the message headers:

# /var/qmail/bin/qmail-qread
18 Jul 2005 15:03:07 GMT #2996948 9073 bouncing
done remote user1@domain1.com
done remote user2@domain2.com
done remote user3@domain3.com
....

This shows the senders and recipients of messages. If the message contains too many recipients, probably this is spam.
Now try to find this message in the queue by its ID ( # 2996948 in our example):

# find /var/qmail/queue/mess/ -name 2996948

Examine the message and find the line “Received” to find out from where it was sent for the first time, for example, if
you find:

Received: (qmail 19514 invoked by uid 10003); 13 Sep 2005 17:48:22 +0700

it means that this message was sent via a CGI by user with UID 10003. Using this UID it is possible to find the domain:

# grep 10003 /etc/passwd

If the ‘Received’ line contains a UID of a user ‘apache’ (for example invoked by uid 48) – it means that spam was sent
through a PHP script. In this case, you can try to find the spammer using information from spam email (address from/to
or any other information). It is usually very difficult to discover the source of SPAM. If you are absolutely sure that
this time there is a script which sends SPAM (tail grows rapidly for no apparent reason), you can use the following
script to know what PHP scripts are running at this time:

# lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk ' { if(!str) { str=$1 } else { str=str","$1}}END{print str}'`
| grep vhosts | grep php

You can also apply KB article which describes the procedure of discovering which domains are sending mail through PHP
scripts.

Lines in Received section like

Received: (qmail 19622 invoked from network); 13 Sep 2005 17:52:36 +0700
Received: from external_domain.com (192.168.0.1)

mean that the message has been accepted and delivered via SMTP, and that the sender is an authorized mail user.

If you ever need to download an entire Web site, perhaps for
off-line viewing, wget can do the job.for example:
$ wget \
--recursive \
--no-clobber \
--page-requisites \
--html-extension \
--convert-links \
--restrict-file-names=windows \
--domains website.org \
--no-parent \
www.website.org/tutorials/html/
This command downloads the Web site www.website.org/
tutorials/html/.
The options are:
--recursive: download the entire Web site.
--domains website.org: don.t follow links outside website.org.
--no-parent: don.t follow links outside the directory
tutorials/html/.
--page-requisites: get all the elements that compose the
page (images, CSS and so on).
--html-extension: save files with the .html extension.
--convert-links: convert links so that they work locally, off-line.
--restrict-file-names=windows: modify filenames so that
they will work in Windows as well.
--no-clobber: don.t overwrite any existing files (used in case
the download is interrupted and resumed).