The answer lies in the Plesk apache Config File, Safe mode can be switched off from within the file

/var/www/vhosts/domain.com/subdomains/<subdomain-name>/conf/vhost.conf

<Directory /var/www/vhosts/domain.com/subdomains/<subdomain-name>/httpdocs>
php_admin_flag safe_mode off
</Directory>

Then, as with every time you edit such a config file, you will need to tell plesk about the change

/usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=domain.com

And you will need to tell apache to reload it’s config files…
/etc/rc.d/init.d/httpd restart

You should now be good to go

I have already extended a client account’s validity period, what i do not understand is, After un-suspending the client’s account, i try to un-suspend a domain name, and i get the following Warning

Warning: The domain is still suspended for the following reason: Domain is expired.

So, On the plesk website (Forums) they say

Log into the Plesk Control Panel, click <DOMAINS> then the domain in question then “Limits”. Look at the “validity period” You must have an expiration date set there.

And since there is not “Limits” i assumed they were talking about “Resource Usage”, Since this is the Limits new name since plesk 9 ( currently at 9.5.1 , but i am sure it has been like this at least in 9.2.3, 9.3.0, and this plesk)

Anyway, there is expiry for a domain name in there.

The question i can’t help but ask is, Why are domains under a user account not Valid forever by default where the account owner’s validity takes precedence ?

cd c:\Parallels\Plesk\admin\bin

Then

domain.exe –on domainname.com

You should see

SUCCESS: Changing status of domain ‘domainname.com’ completed.

Anyway, the complete list is as follows

You have an up-to-date version

Apache ASP support    Oct 8, 2008
Apache mod_python module    Jan 6, 2007
Bandwidth Limiter For Apache support (mod_bw)    Nov 7, 2007
Plesk billing    June 24, 2009    June 24, 2009
PostgreSQL server support    Oct 26, 2009    Oct 26, 2009
SiteBuilder module migration suite    Sept 8, 2008    Sept 8, 2008
SiteBuilder publishing support for Plesk    May 22, 2007    May 22, 2007
SSHTerm – SSH Terminal java applet    Nov 30, 2008    Nov 30, 2008

An update is available

Base packages of Plesk    Dec 29, 2009    April 14, 2010
ColdFusion support for Plesk    Dec 29, 2009    April 9, 2010
Horde webmail support    Dec 29, 2009    April 9, 2010
Kaspersky antivirus module    Dec 29, 2009    April 9, 2010
Mailman mailing list manager support    Dec 29, 2009    April 9, 2010
MIVA Empresa support    Dec 29, 2009    April 9, 2010
Parallels Premium Antivirus    Dec 29, 2009    April 9, 2010
Plesk API [former Plesk Agent]    Dec 29, 2009    April 9, 2010
Plesk Backup Manager    Dec 29, 2009    April 9, 2010
Plesk Firewall module    Dec 29, 2009    April 9, 2010
Plesk migration manager    Dec 29, 2009    April 9, 2010
Plesk Professional Web Site Editor    Dec 29, 2009    April 9, 2010
Plesk Updater    Aug 17, 2009    April 7, 2010
Plesk VPN module    Dec 29, 2009    April 9, 2010
Ruby on Rails support    Dec 29, 2009    April 9, 2010
SpamAssassin support    Dec 29, 2009    April 9, 2010
Tomcat Java Servlets support    Dec 29, 2009    April 9, 2010
Watchdog (System monitoring module)    Dec 29, 2009    April 9, 2010

Not installed

Application vault packages    9.5.1-cos5.build95100410.11    April 9, 2010
AtMail webmail support    1:1.02-cos5.build95100410.11    April 9, 2010
Chinese language pack for China    9.5.1-2010032917    Mar 29, 2010
Chinese language pack for Taiwan    9.5.1-2010032917    Mar 29, 2010
Dutch language pack for Netherlands    9.5.1-2010032917    Mar 29, 2010
French language pack    9.5.1-2010032917    Mar 29, 2010
German language pack    9.5.1-2010032917    Mar 29, 2010
Italian language pack    9.5.1-2010032917    Mar 29, 2010
Japanese language pack    9.5.1-2010032917    Mar 29, 2010
Plesk Battlefield 1942 game server module    1.0.0-cos5.build95100410.11    April 9, 2010
Plesk Battlefield2 game server module    1.0.0-cos5.build95100410.11    April 9, 2010
Plesk Counter-Strike game server module    2.0.0-cos5.build95100410.11    April 9, 2010
Plesk Fileserver module and SMB file server package    0:3.0.33-3.15.el5_4.1    April 9, 2010
Russian language pack    9.5.1-2010032917    Mar 29, 2010
Spanish language pack    9.5.1-2010032917    Mar 29, 2010

Upgrading from 9.3.0 to 9.5.1 went smooth, unlike what you see in the post below on upgrading from 9.2.3 to 9.3.0, in the upgrade below, i had not reinstalled application vault applications because of an MD5 checksum check error in the downloaded package.

My current installation of plesk is an outdated 9.2.3, the objective is to upgrade it to 9.3.0

Before jumping to upgrading 9_2_3 to 9_3_0, i will first try to bring 9.2.3 to latest then upgrade to 9.3.0

The reason i need to update now is that I got complaints about hacked websites that redirected elsewhere ( Bublik.biz
that redirects in turn to searchresultsdirect ).

So I go to the Web GUI / UI and click on the update / Upgrade, i find my release and the newer release, My release is 9.2.3 and the new release is 9.3.0 so i select the first 9.2.3 and upgrade, the process fails, but not only does the upgrade fail, but web hosting also fails, when opening any website, you will get the @mail (atMail) page in place of the website.

so clicking on My Release 9.2.3 and select everything with an update, right after the update, i get an unpleasant surprise.

it added to my problems that all websites were opening atmail (@mail) and the Web GUI updater to 9.3.0 did not work, now the situation was really bad.

Websites were down (compared to a few had been hacked), and now i had to start working fast, the challenge is to have them online in 5 minutes.

To begin with, Although now you find nothing to update when you open the Web GUI to update and click on the 9.2.3 release, packages (PHP5 and QMAIL) are not really up to date, we need to do that manually.

So i had to start with

/usr/local/psa/admin/sbin/autoinstaller --select-release-id PLESK_9_2_3 --show-components 2>1 | grep upgrade

Followed by

/usr/local/psa/admin/sbin/autoinstaller  --select-release-current --upgrade-installed-components

The above are what Parallels prescribed here

kb.parallels.com/en/6360

That put a tick beside the current plesk release in the Web GUI, and websites were opening again, but did not really resolve my problems, still, i can not update to 9.3.0

Here are some of the WEB UI attempts and the command line attempts (They yield same results and error messages)

Warning! Not all packages were installed.

Please check if your system services are operable.

Please, contact product technical support.

Then, to try and do the same thing from the command line, i run the command

/usr/local/psa/admin/sbin/autoinstaller –select-release-latest –install-everything

And again, the error messages are as follows

ERROR: Unable to install the requested packages because either there is
         not enough free disk space left, or there are package dependency problems.
         Warning! Not all packages were installed.
         Please check if your system services are operable.
         Please, contact product technical support.

So what i did now was Deleted all files in /var/lib/rpm/ , followed by the command “rpm -rebuilddb” without the quotes, then I deleted PSA_9.3.0 in /root/parallels/ , followed by the command

/usr/local/psa/admin/sbin/autoinstaller --select-release-latest --install-everything

         ERROR: The MD5 checksum of the
         /root/parallels/PSA_9.3.0/dist-rpm-CentOS-5-i386/opt/vault/psa-appvault-knowledgetreeoss-3.4.5-8200820080409010953.noarch.rpm
         file does not match the value specified in the configuration file.
         Not all packages were installed.
         Please, resolve the above problem and try installing the packages again.
         If you cannot resolve the problem on your own, contact product technical support for assistance.

And there is no use re-downloading the file, it is probably a problem on parallel’s side

And since it seems Qmail send is not working, I have attempted to set the permissionsas follows just in case

chmod 2511 /var/qmail/bin/qmail-queue

Now that the complete update all does not work, i tried to update each package alone, So i begin by requesting the latest version of the base system by issuing this command on the command line

/usr/local/psa/admin/sbin/autoinstaller –select-release-latest –install-component base

A big load of text is displayed in my terminal window, but generally the plesk messages are of one of the following formats

* Downloading the file…

*warning: /root/parallels/PSA_9.3.0/update-rpm-CentOS-5-i386/SOME_FILE: Header V3 DSA signature: NOKEY, key ID e8562897

*warning: /etc/PACKAGE/FILENAME created as /etc/PACKAGE/FILENAME.rpmnew

*Installing the package iproute-2.6.18-10.el5.i386

Warnings are probably no big deal, and emails i have been trying to send are arriving in my inbox as the process goes on, and finally, a message that reads.

Congratulations!
Plesk has been successfully installed on your server.
To complete the system configuration, please proceed to URL:
https://ip-97-74-196-212.ip.secureserver.net:8443/ or

https://97.74.196.212:8443/

Use the login name 'admin' and password '<YOUR ADMIN PASSWORD>'.

Further, use the following commands to start and stop Plesk:
"/etc/init.d/psa start" and
"/etc/init.d/psa stop" respectively.

All Plesk control panel documentation is available at

http://www.parallels.com/en/products/plesk/docs

*****************************************************************************
*                                                                           *
*      NOTE:   You have a default key file with limited functionality       *
*              currently installed for Plesk, which allows                  *
*              creating one client account, one domain, one mail name and   *
*              one web user.                                                *
*              To extend the limits of your license key and enable          *
*              additional features, please contact the Parallels sales      *
*              department: sales@parallels.com                              *
*                                                                           *
*      Thank you for choosing our products!                                 *
*****************************************************************************
Trying to register service psa...  using /sbin/chkconfig
done

GNow we probably want to check if the update shows in the Web UI,

To my surprize, most of plesk was not installed, i do not know what effect this has on existing ruby or python websites, but surely, they need to be installed again before we go any further

So i ran the AutoInstaller with no parameters as follows

/usr/local/psa/admin/sbin/autoinstaller

and then selected The auto installer package

Once the Auto installer is installed, i went on to install everything but the Application Vault packages since there is a problem with the MD5 sum of the downloaded file from parallels

vault/psa-appvault-knowledgetreeoss-3.4.5-8200820080409010953.noarch.rpm

Good luck with your plesk

First, if the server’s security certificate is revoked, you are in trouble, the reason is, you have to use plain HTTP as Mozilla Firefox, Internet Explorer and Google chrome will not let you in.

To get this out of the way, PLESK does allow you to login via HTTP (Not recommended), you can do that by visiting your server with PORT NUMBER 8880, so to open in plain HTTP (Plain text) you simply visit http://myserver.mydomain.com:8880/ but as you may well know, you are putting the server at risk of someone hijacking your server

So what i did is this

I assume you have putty, i SSHed to the server where i have set a tunnel using putty’s SSH tunnel feature, then logged in to the server via HTTP, this is how it works, when you browse the internet, you are actually asking your plesk server to get the pages for you, and therefore when you visit the http page via an ssh tunnel, your connection to the server is in reality encrypted (With the SSH tunnel).

Right after, you can visit settings => ssl certificates => Add SSL certificate => Add a certificate

Then you would go to settings => ssl certificates => put a tick beside the certificate you want to use for the server, then click on “Secure Control Panel” and you should be done and ready to go again

In some cases, you can self sign your certificate, meaning you do not need a third party to certify that you are you, but this will notify the visitors that there is no trusted authority on the certificate, so i only use a self signed certificate when i am the one who will be logging in, surely i do trust myself $25.99 (I get that price here)

Anyway, i hope this has got you a way around connecting via http in plain text, happy administrating

A few days ago, i got an SMS telling me i have mail from a datacenter, strange because i did not submit any tickets !

It seems the datacenter found some “Virus like code” on the server, and fixed it by deleting the code.

mmmmmmmmm, how did they know about it even before me, i am still investigating

The server was and still is up and running, the code was only found in a user’s home directory so it is not urgent (The system was not hit by the virus since it is a Windows virus and this is a linux server), but i am still going to change PLESK anyways .

I don’t think i should post the datacenter’s email content, but it seems very obvious to me that the user’s FTP password was compromised, or his PC was infected, either way, this should not be a big deal (The client does need to re-upload the content)

I need to thank the datacenter, for the email, the email showed me exactly what files were affected, and even included the Attack logfiles, nice going guys at EWD…

Will keep you updated on what happens when i change plesk and if i ever find a CP with this much eye candy for our art loving clients.

Offer valid while Domains last

What you need to do to get one of the domains listed below

1- Have 5 Domains in your EasyWebDNS account
2- Email freedomain [a.t] easywebdns [d-o-t] com with the domains in your account and the domain name you are interested in, We will then get back to you and push the free 3 letter domain to you.

If you like one of the domains listed, Act fast.

L4J.NET
L4Q.NET
L4V.NET

L4Z.NET
N4G.NET
N4J.NET
N4V.NET

N4Z.NET
D4Q.NET
E4Q.NET
F4Z.NET
G4K.NET
G4V.NET
H4Q.NET
I0E.NET
I8J.NET

J4V.NET
K2J.NET
L2Q.NET
O2Q.NET
O2Y.NET
O4J.NET
O4Q.NET
O4V.NET

O4Z.NET
P4Q.NET
P4V.NET
R2Q.NET

T4J.NET
T4Q.NET
U2H.NET
U2J.NET
U2Z.NET
U4J.NET
U4O.NET
U4P.NET

U4V.NET
V2Y.NET
V4K.NET
V4Q.NET
V4Y.NET
V4Z.NET
Q2L.NET
Q2V.NET
Q2Y.NET
Q4J.NET
Q4O.NET
Q7X.NET
Q9X.NET
J2Q.NET

G2Q.NET
G4Q.NET
P2J.NET
Q1U.NET
Q3U.NET
V2J.NET
I8O.NET
R4X.NET
J2Q.NET
N4X.NET
L4X.NET
O4X.NET
U4Q.NET

When i add domain stuff, i will be writing about them along with notes and other things on easy web dns, So as a revision here are the planned features

1- Nameservers that support Dynamic Updates
2- Checking domain availability by SMS
3- Checking domain availability by E-Mail
4- Wap Version of the website
5- Bind Tutorials
6- Load balancing and other tricks using the DNS system
7- Domain Availability Checking PHP script, free for all (at Domain Reseller Direct)
8- Allowing Domain Reseller Direct customers to allow there customers to check availability by SMS and E-Mail, a white label system

Any suggestions ?

Awaiting your responce

Cheers

ClueBringer POLICYD is an addon for postfix that limits the amount of mail shared web hosting users can send per hour.

Integrating ClueBringer for PostFix has not been the easiest of tasks especially when a complicated setup exists, Here i will try to make sense of the entire program, POLICYD cluebringer is written in Phython that i know very little about, i will try to make sense of the code with my C knowledge.

To begin with, i will go about this in the same order the installation file requieres.

1. Setup MySQL (or whichever database you plan to use)

a. In database/ run…
$ for i in core.tsql access_control.tsql quotas.tsql amavis.tsql checkhelo.tsql checkspf.tsql greylisting.tsql
$ do
$ ./convert-tsql mysql $i
$ done > policyd.mysql

This will build policyd.mysql, be sure to ALWAYS load core.tsql first, you only really need the
schema for the modules you plan to use, no harm in adding all of them though.

b. Load policyd.mysql into MySQL
$ mysql -u root -p policyd < policyd.mysql

Done with the trivial creation of database and users, converting tsql files to a mysql file and importing it, and having a database ready for cluebringer.

2. Put cluebringer.conf in your /etc directory and adjust cluebringer.conf with your MySQL database details

Let us take a look at the cluebringer.conf file, Other thatn copeying it to the /etc/ directory i will also raise the log level to 4 for debugging

log_level=4

And point the cluebringer log file to /var/log/cbpolicyd.log

log_file=/var/log/cbpolicyd.log

I will also fix the database credentials to use MySQL, and create a file for the log that cluebringer policyd can write to

3. Copy the cbp/ directory into /usr/local/lib/policyd-2.0/
mkdir /usr/local/lib/policyd-2.0
cp -r cbp /usr/local/lib/policyd-2.0/

Taking a look inside, I found a bunch of interesting files .PM, looked inside, nothing to do there.

4. Copy cbpolicyd and cbpadmin into /usr/local/bin
cp cbpolicyd cbpadmin /usr/local/bin/

Those are 2 interesting PERL files, they start with

use lib(‘/usr/local/lib/policyd-2.0′,’/usr/lib/policyd-2.0′);

but there is no /usr/lib/policyd-2.0, No need to reach for the good old camel book yet, it turns out that adding this (Non existing location) to the include directory of PERL is not really a big deal.
5. Install the webui/* into your apache directory, check out includes/config.php and adjust the MySQL server details.

No rocket science there.

So, up to this minute, no change has been done to the system, You see everything we have done up to this minute is simply adding files and configuring them to wait for some other program to execute them, No change has been done to the system up to now.

The first change that will be done to the system is when we approach POSTFIX to add POLICYD to its list of consultants.

Although we will not be asking it to do it directly (We will ask amavisd-new to do it), we do need to add some rules to postfix, according to the installation file.

6. Setup Postfix to use cbpolicyd…
Add the following Postfix config…
check_policy_service inet:127.0.0.1:10031
in BOTH smtpd_recipient_restrictions and smtpd_end_of_data_restrictions.

In short, they want me to edit /etc/postfix/main.cf , If this is the first time you hear of this file, Or if you don’t know what the risk of being an open relay is, or if you don’t know what an open relay is, or if you know very little about email and the internet in general, and if you don’t know what SPF means, or if you don’t know how to write to this file, this tutorial is not yet for you, you need to start with a postfix book not here, You have been warned.
7. Copy your amavisd from /usr/sbin/amavisd and patch it with contrib/amavisd-new-2.5.3_policyd-200802070918.patch like this…
$ patch < contrib/amavisd-new-2.5.3_policyd-200802070918.patch
After this change your initscripts to start the patched amavisd.

AMAVISD-NEW, The patch that comes with cluebringer does the following to the amavisd-new file that is written in PERL.

———————————-

Ads 2 parts to the script

1- First it ads (The part in RED)

sub new { my($class,$conn,$msginfo) = @_; undef }
sub checks { my($self,$conn,$msginfo) = @_; undef }
sub before_send { my($self,$conn,$msginfo) = @_; undef }
sub after_send { my($self,$conn,$msginfo) = @_; undef }
sub mail_done { my($self,$conn,$msginfo) = @_; undef }
sub process_policy { my($self,$conn,$msginfo,$pbn) = @_; return $pbn }

2- Then it ads a part (In RED)

my($cnt_local) = 0; my($cnt_remote) = 0;
for my $r (@{$msginfo->per_recip_data}) {
my($recip) = $r->recip_addr;
my($is_local) = lookup(0,$recip, @{ca(‘local_domains_maps’)});
$is_local ? $cnt_local++ : $cnt_remote++;
$r->recip_is_local($is_local);
if (!$r->bypass_banned_checks) {
my($bypassed_b) = lookup(0,$recip, @{ca(‘bypass_banned_checks_maps’)});
$r->bypass_banned_checks($bypassed_b);
}
if (!$r->bypass_spam_checks) {
my($bypassed_s) = lookup(0,$recip, @{ca(‘bypass_spam_checks_maps’)});
$r->bypass_spam_checks($bypassed_s);
}
}

# Check if we need to do last minute policy changes
if (ref $custom_object) {
$which_section = “custom-process_policy”;
eval {
my $new_policy_bank = $custom_object->process_policy($conn,$msginfo,\%current_policy_bank); 1;
%current_policy_bank = %{ $new_policy_bank };
} or do {
my($eval_stat) = $@ ne ” ? $@ : “errno=$!”; chomp $eval_stat;
do_log(-1,”custom process_policy error: %s”, $eval_stat);
};
section_time($which_section);
}

———————————————————————————————–

The initscript that does the amavisd-new initialisations is /etc/init.d/amavisd
8. Copy amavisd-policyd.pm where you see fit, and add this configuration line to your amavisd.conf file…
include_config_files(‘/path/to/amavisd-policyd.pm’);

9. Edit the top of amavisd-policyd.pm and change …
use lib(‘/root/cluebringer-trunk’); # to point to the directory which contains cbp/

my $DB_dsn = “DBI:SQLite:dbname=/tmp/cluebringer.sqlite”; # to point to your MySQL DB

10. Fire everything up and browse to the web gui to configure