The following installation will work with php-5.3.x

root@server [~]# cd /usr/local/src
root@server [/usr/local/src]# wget http://pecl.php.net/get/mailparse-2.1.5.tgz
root@server [/usr/local/src]# tar xvzf mailparse-2.1.5.tgz
root@server [/usr/local/src]# cd mailparse-2.1.5
root@server [/usr/local/src/mailparse-2.1.5]# phpize
root@server [/usr/local/src/mailparse-2.1.5]# ./configure
root@server [/usr/local/src/mailparse-2.1.5]# make
root@server [/usr/local/src/mailparse-2.1.5]# make install
Installing shared extensions:     /usr/local/lib/php/extensions/no-debug-non-zts-20090626/


Once the installation is completed, you can find 'mailparse.so' file in a directory like /usr/local/lib/php/extensions/no-debug-non-zts-20090626/.

Open the php.ini file and add this extesnion. Here in my case i added an entry like the following.


root@server [~]# vi /usr/local/lib/php.ini
.
.
extension = "/usr/local/lib/php/extensions/no-debug-non-zts-20090626/mailparse.so"
.
.


Restart Apache to make the changes in effect.

root@server [~]# /etc/init.d/httpd restart


Verify wheter the extesnions is loaded or not.

root@server [~]# php -m | grep mailparse
mailparse

That's it...

Install Railo 3.2

Railo 3.2 32bit

root@railo [~]# wget http://www.getrailo.org/down.cfm?item=/railo/remote/download/3.2.1.000/tomcat/linux/railo-3.2.1.000-pl0-linux-installer.run


Railo 3.2 64bit

root@railo [~]# wget http://www.getrailo.org/down.cfm?item=/railo/remote/download/3.2.1.000/tomcat/linux/railo-3.2.1.000-pl0-linux-x64-installer.run


Give executable permission to the bianry file.

root@railo [~]# chmod +x *.run

Execute the binary file to install railo

root@railo [~]# ./railo-*-installer.run


It is better to give the default settings while the installation.

Configure Apache to load Railo

1. Add an additional conf for railo's mod_jk module in apache.
Open apache configuration file (httpd.conf) and add the following entry in it. Here in my case it is '/usr/local/apache/conf/httpd.conf'.

Include conf/mod_jk.conf

2. Add railo configuration entries.
Create a file, '/usr/local/apache/conf/mod_jk.conf' with the following contents in it.

#############################################################

<IfModule !mod_jk.c>
    LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
</IfModule>

<IfModule mod_jk.c>
    JkMount /*.cfm ajp13
    JkMount /*.cfc ajp13
    JkMount /*.do ajp13
    JkMount /*.jsp ajp13
    JkMount /*.cfchart ajp13
    JkMount /*.cfres ajp13
    JkMount /*.cfm/* ajp13
    JkMount /*.cfml/* ajp13
    # Flex Gateway Mappings
    # JkMount /flex2gateway/* ajp13
    # JkMount /flashservices/gateway/* ajp13
    # JkMount /messagebroker/* ajp13
    JkMountCopy all
    JkLogFile /var/log/httpd/mod_jk.log
</IfModule>

###############################################################

3. You have to distill apache configuration.

root@railo [~]# /usr/local/cpanel/bin/apache_conf_distiller --update
root@railo [~]# /etc/init.d/httpd restart

Check if jk module is loaded with Apache. If it is enabled you will get a result like as follows.

root@railo [~]# httpd -M | grep  jk
 Syntax OK
 jk_module (shared)



Once the installation completed, you can access railo administrator control panel using the following url.

http://<server ip>/railo-context/admin/server.cfm

Enable Railo for a cPanel Account

** Railo is enabling domain basis not account basis. You have to given the document root of your domain in the railo configuration to enable railo.

Here i am showing you how to enable railo for the domain, 'sudosu.in'. Document root of sudosu.in is '/home/sudosu/public_html'.

Open /opt/railo/tomcat/conf/server.xml in your favourite editor like vim or nano and add the following code section in it. There will be a sample code in  /opt/railo/tomcat/conf/server.xml. You can give the following code just below the sample code.

Make changes in the following code by your domain name and it's document root.

<Host name="sudosu.in" appBase="webapps" unpackWARs="true" autoDeploy="true" xmlValidation="false" xmlNamespaceAware="false">
   <Context path="" docBase="/home/sudosu/public_html" />
   <Alias>www.sudosu.in</Alias>
</Host>


Restart railo service once you have sone the above changes.


root@railo [~]# /etc/init.d/railo_ctl restart

Once you have restarted railo, check if the service is started or not. If there is any errors the service will ne be started and it will show 'No PID found' while checking the railo status.

root@railo [~]# /etc/init.d/railo_ctl status
 * Railo/Tomcat is running (PID: 1979)

If the PID of railo is not running even after restarting railo, you have to check railo log to sort out the issue.
The following log wil help to find the issue.

root@railo [~]# tail -f /opt/railo/tomcat/logs/catalina.out


It will take time to completly UP the railo service, depending upon the number of sites added in server.xml it will vary.
Once you have done the above steps, the following url will be available for you.

http://www.sudosu.in/railo-context/admin/web.cfm

You can create a test cfm page using the following code. Save these contents in test.cfm file and copy it in the document root of the domain and access www.sudosu.in/test.cfm.

Test CFM Page

<cfset myVar="Hello World!">
<cfoutput>#myVar#</cfoutput>
<cfoutput>#Now()#</cfoutput>

Download and Extract Memcache package

root@server [~]# cd /usr/local/src
root@server [/usr/local/src]# wget http://pecl.php.net/get/memcache-3.0.6.tgz
root@server [/usr/local/src]# tar -xzf memcache-3.0.6.tgz

Compilation and installation

root@server [/usr/local/src]# cd memcache-3.0.6
root@server [/usr/local/src/memcache-3.0.6]# phpize
Configuring for:
PHP Api Version:         20090626
Zend Module Api No:      20090626
Zend Extension Api No:   220090626

root@server [/usr/local/src/memcache-3.0.6]# ./configure
root@server [/usr/local/src/memcache-3.0.6]# make
root@server [/usr/local/src/memcache-3.0.6]# make install

Enable memcache in php.ini
root@server [~]# echo "extension=memcache.so" >> /usr/local/lib/php.ini
root@server [~]# /etc/init.d/httpd restart

If 'memcache' is successfully loaded, you will get a result as like follows.

root@server [~]# php -i | grep memcache
memcache
memcache support => enabled
memcache.allow_failover => 1 => 1
memcache.chunk_size => 32768 => 32768
memcache.compress_threshold => 20000 => 20000
memcache.default_port => 11211 => 11211
memcache.hash_function => crc32 => crc32
memcache.hash_strategy => consistent => consistent
memcache.lock_timeout => 15 => 15
memcache.max_failover_attempts => 20 => 20
memcache.protocol => ascii => ascii
memcache.redundancy => 1 => 1
memcache.session_redundancy => 2 => 2

That's it..

Issue:

I have installed railo3.2 in a Apache/cPanel server. After i completed railo installation, i cannot access the railo administrator url as like follows.

http://<server IP>/railo-context/admin/server.cfm

But I can access the railo administrator url when i specify the port as like follows.

http://<server IP>:8888/railo-context/admin/server.cfm


Solution:

**This fix is only applicable for Railo 3.2

1. Add an additional conf for railo's mod_jk module in apache.
Open apache configuration file (httpd.conf) and add the following entry in it. Here in my case it is '/usr/local/apache/conf/httpd.conf'.

Include conf/mod_jk.conf

2. Add railo configuration entries.
Create a file, '/usr/local/apache/conf/mod_jk.conf' with the following contents in it.

#############################################################

<IfModule !mod_jk.c>
    LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so
</IfModule>

<IfModule mod_jk.c>
    JkMount /*.cfm ajp13
    JkMount /*.cfc ajp13
    JkMount /*.do ajp13
    JkMount /*.jsp ajp13
    JkMount /*.cfchart ajp13
    JkMount /*.cfres ajp13
    JkMount /*.cfm/* ajp13
    JkMount /*.cfml/* ajp13
    # Flex Gateway Mappings
    # JkMount /flex2gateway/* ajp13
    # JkMount /flashservices/gateway/* ajp13
    # JkMount /messagebroker/* ajp13
    JkMountCopy all
    JkLogFile /var/log/httpd/mod_jk.log
</IfModule>

###############################################################

3. Restart Apache

root@railo [~]# /etc/init.d/httpd restart

4. If you are using cpanel server, You have to distill apache configuration.

root@railo [~]# /usr/local/cpanel/bin/apache_conf_distiller --update
root@railo [~]# /etc/init.d/httpd restart

Check if jk module is loaded with Apache. If it is enabled you will get a result like as follows.


root@railo [~]# httpd -M | grep  jk
 Syntax OK
 jk_module (shared)

Now try to access railo without giving port number...

Error:

When i tried to access ConfigServer Security & Firewall option in WHM i got the following error.

Internal Server Error

500

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_csf.cgi): subprocess exited with status 2

cpsrvd/11.38.0.18 Server at xxx.xxx.xxx.xxx


Solution:


root@server [~]# curl -s configserver.com/free/csupdate | perl


Try from your end... Update me if it helped..

Install YAZ PHP extension

You can cry install yaz using the following command. But you may encounter an erro while the installation.

# pecl install yaz

.
.
.
configure: error: YAZ not found (missing NONE)
ERROR: `/tmp/pear/temp/yaz/configure --with-yaz' failed.


You can install YAZ from source. You can follow the steps shown below to install it.

root@server [~]# cd /usr/local/src/
root@server [/usr/local/src]# wget http://ftp.indexdata.dk/pub/yaz/yaz-3.0.45.tar.gz
root@server [/usr/local/src]# tar xzf yaz-3.0.45.tar.gz
root@server [/usr/local/src]# cd yaz-3.0.45
root@server [/usr/local/src/yaz-3.0.45]# ./configure
root@server [/usr/local/src/yaz-3.0.45]# make
root@server [/usr/local/src/yaz-3.0.45]# make install

root@server [/usr/local/src/yaz-3.0.45]# cd ztest/
root@server [/usr/local/src/yaz-3.0.45/ztest]# ./yaz-ztest&
root@server [/usr/local/src/yaz-3.0.45/ztest]# ps aux | grep yaz
root     23922  0.0  0.0  21804  1540 pts/0    S    17:23   0:00 /usr/local/src/yaz-3.0.45/ztest/.libs/lt-yaz-ztest
root     24890  0.0  0.0   7216   816 pts/0    S+   17:27   0:00 grep yaz


You can verify whether it is working by running telnet on port 9999, from your local machine.

# telnet xx.xx.xx.xx 9999
Trying xx.xx.xx.xx...
Connected to xx.xx.xx.xx.
Escape character is '^]'

While running the above telnet command, you can find the following result in the terminal of server.

root@server [~]#
root@server [~#
root@server [~]# 17:27:49-15/06 lt-yaz-ztest(2) [session] Session - OK 2 tcp:::ffff:122.166.115.191 24977
17:28:12-15/06 lt-yaz-ztest(2) [warn] ODR error on incoming PDU: Required data element missing [element ] [near byte 0] 
17:28:12-15/06 lt-yaz-ztest(2) [warn] PDU dump:
    0: [UNIV 13] len=10       tl=1, ll=1 cons=0


That's it...

Custom php.ini not loading in suPHP|SuExec server

I have followed the following steps to create custom php.ini for a user in cpanel server. There is suphp enabled in the server.

# cp /usr/local/lib/php.ini /home/<user>/public_html/php.ini

I have created a phpinfo page and accessed in browser and it is found that it still loading server's default(/usr/local/lib/php.ini) php.ini

Later it is found that there is SuExec Enabled Server.

root@server [~]# httpd -M | grep su
 suexec_module (static)
 suphp_module (shared)
Syntax OK


The configuration changes given below will help you to enable Custom php.ini on SuExec and suphp Enabled Server.

Open /opt/suphp/etc/suphp.conf in yourfavourate editor and search for the following lines.

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
application/x-httpd-php=/usr/local/lib/
application/x-httpd-php4=/usr/local/php4/lib/
application/x-httpd-php5=/usr/local/lib/


The above suphp configuration forces suphp to use the php.ini from /usr/local/lib/. You can comment those line to resolve the loading issue of custom php.ini file. So the configuation will look like as follows after the change.

[phprc_paths]
;Uncommenting these will force all requests to that handler to use the php.ini
;in the specified directory regardless of suPHP_ConfigPath settings.
;application/x-httpd-php=/usr/local/lib/
;application/x-httpd-php4=/usr/local/php4/lib/
;application/x-httpd-php5=/usr/local/lib/


Once you made the changes, restart apache to make changes in effective.

# /etc/init.d/httpd restart


Try to load phpinfo page again and verify the result.


Reference:


http://blog.philipbrown.id.au/2009/08/php-suexec-and-custom-php-ini-files/
http://www.askapache.com/php/custom-phpini-tips-and-tricks.html
http://forums.cpanel.net/f185/methods-increase-security-suphp-restricting-who-can-use-php-ini-files-167186.html

Error:

When try to access phpMyAdmin from cPanel it is showing the following error.

Fatal error: session_start() [<a href='function.session-start'>function.session-start</a>]: Failed to initialize storage module: sqlite (path: /var/cpanel/userhomes/cpanelphpmyadmin/sessions/phpsess.sdb) in /usr/local/cpanel/base/3rdparty/phpMyAdmin/libraries/session.inc.php on line 92


Fix:

Login as root user via ssh,

open the file, /usr/local/cpanel/3rdparty/etc/phpmyadmin/php.ini in your favourate editor and search for the following entries in it.

session.save_handler = sqlite
session.save_path =/var/cpanel/userhomes/cpanelphpmyadmin/sessions/phpsess.sdb

Change the above two lines to as follows.

session.save_handler = files
session.save_path = /var/cpanel/userhomes/cpanelphpmyadmin/sessions

If the direcroty exists, remove all session files from there.

# rm -f /var/cpanel/userhomes/cpanelphpmyadmin/sessions/sess*


If the directory, /var/cpanel/userhomes/cpanelphpmyadmin/sessions does not exist, create it.

# mkdir -p /var/cpanel/userhomes/cpanelphpmyadmin/sessions

change the permission of /var/cpanel/userhomes/cpanelphpmyadmin/sessions as follows.

# chmod 1777 /var/cpanel/userhomes/cpanelphpmyadmin/sessions

Once you have done the above changes, restart apache.

# /etc/init.d/httpd restart


Try loading phpMyAdmin again...

Disable SSL redirect in Cpanel/Webmail Logins



You can disable the SSL redirection in cpanel logins by changing the folllowing configurations in /var/cpanel/cpanel.config.

requiressl=1
alwaysredirecttossl=1

Change the "1" to a "0" for the above two settings, and save the changes.


To make the above changes in effect, using the following command.

# /usr/local/cpanel/whostmgr/bin/whostmgr2 --updatetweaksettings


The above settings in /var/cpanel/cpanel.config correspond to the following settings in the WebHost Manager in Main >> Server Configuration >> Tweak Settings:

Always redirect to SSL off
Require SSL off

Fix permissions/ownership under a reseller

                             I recently had an issue with incorrect ownership and permissions  of all files under a reseller in cpanel after the manual migration from a Kloxo and plesk server.
I created the following script to fix permissions under a reseller.

You just copy the following script in a file fixperm.sh, then

# chmod +x fixperm.sh

Give the reseller user name in the <reseller> field when running the fixperm.sh. If no parameter is given, it will fix permissions/ownership of all accounts in the server.

# sh fixperm.sh <reseller>


#====================================================================

reseller=$1
echo -e "Fixing Permissions of account under $reseller \n"
for i in `grep -rl "OWNER=$reseller" /var/cpanel/users | cut -d/ -f5`
do
if [ "$i" != "root" ]; then
chown -R $i:$i /home/$i
chown $i:nobody /home/$i/public_html
chown $i:mail /home/$i/etc 
find /home/$i/public_html/ -type d -exec chmod 755 "{}" \;
find /home/$i/public_html/ -type f -exec chmod 644 "{}" \;
chmod 750 /home/$i/etc /home/$i/public_html
echo $i
fi
done

#====================================================================


That's it...

Installing Ruby

In cpanel it is easy to install Ruby using the following cpanel script.

# /scripts/installruby

Some times the cPanel scripts installer does not work properly and does not install them. So you can run the following commands to install Ruby.

# gem install rails
# gem install mongrel
# gem install fastthread

Open ports 3000 and 12001 if you’re running a firewall

If you have installed LIBSAFE, uring the installation you may encounter an Overflow error and the installation will stop. You have to add /usr/bin/ruby to LIBSAFE exception list.
The installation log may as like follows.
.
.
.
.
0x8052e4a /usr/bin/ruby
0x8bbde7 /lib/libc-2.5.so
Overflow caused by memcpy()
Killed


You can add /usr/bin/ruby to LIBSAFE exception list by using the following command.

# echo "/usr/bin/ruby" >> /etc/libsafe.exclude
# echo "/usr/bin/ruby-bin" >> /etc/libsafe.exclude

Try running the installation again... This time there will not be any Overflow errors while installation...


Note:

http://forums.glowhost.com/knowledge-base/how-create-ruby-rails-application-using-cpanel-932.html

Install ffmpeg on CentOS-5 cPanel server

CentOS / x86_64:

# rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS//rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

CentOS / i386:

# rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

Installing ffmpeg and related dependencies

# yum install ffmpeg ffmpeg-devel

Installing ffmpg-php

# cd /usr/local/src
# wget http://downloads.sourceforge.net/ffmpeg-php/ffmpeg-php-0.6.0.tbz2
# tar xjf ffmpeg-php-0.6.0.tbz2
# cd ffmpeg-php-0.6.0
# sed -i ‘s/PIX_FMT_RGBA32/PIX_FMT_RGB32/g’ ffmpeg_frame.c
# phpize
# ./configure --prefix=/usr --enable-shared
# make
# make install

The make install command will show PHP extensions path where ffmpeg PHP extension is installed:

root@server [~/ffmpeg-php-0.6.0]# make install

Installing shared extensions: /usr/local/lib/php/extensions/no-debug-non-zts-20060613/

Make sure that value of extension_dir is set to PHP extension directory as given by above make install command:

Add following line in php.ini, this will enable ffmpeg PHP extension:

extension=ffmpeg.so

Restart Apache to make this change effective:

# /scripts/restartsrv_httpd

Verify that FFmpeg is working properly by running the following:

# php -m | grep ffmpeg
# php -i | grep ffmpeg
# php -r ‘phpinfo();’ | grep ffmpeg

Error:

When creating a mail account using cpanel, it is showing an error as showing below.


                                                                Error

File open for /home/user/etc/domain.com/passwd failed with error No such file or directory


Solution:

The error is because of the the wrong permssions or missing of the 'etc' directory in user's document root.
You can create a new direcory in that name and given permissions as like follows to solve the issue.
Let 'arun' be the cpanel user having  the issue.

root@server [~]# cd /home/arun
root@server [/home/arun]# mkdir etc
root@server [/home/arun]# chmod 750 etc
root@server [/home/arun]# chown arun.mail etc

Try creating mail accounts again....

Script to Change cPanel password of all accounts

1. Create a file named chpass.sh with the following contents in it.

===================================================================

#!/bin/sh
cat /etc/trueuserdomains | awk '{print $2}' | while read user; do
pass=`echo "$user $pass" >> passwords.txt
/scripts/realchpass $user $pass
done
/scripts/ftpupdate

===================================================================

2. Give executable permission to the script.

# chmod +x chpass.sh

3. Run the script and you will get a file named passwords.txt with all cpanel users with their new passwords.

# sh chpass.sh


You can use random string generate scripts like the following generate passwords.


pass=`date | md5sum | head -c16 | xargs`
pass=`openssl rand -base64 128 | head -c16 | xargs`
pass=`strings /dev/urandom | tr -dc .~?_A-Z-a-z-0-9 | head -c16 | xargs`

Note:-

In some cases when executing /scripts/realchpass script will showing the following error.

ERROR: /usr/local/cpanel/scripts/realchpass
Invocation changes only the system
password and does not have any effect
on other services associated with your
cPanel account, including FTP, SSH,
WebDAV, and FrontPage.  It is strongly
encouraged for you to change the
password via the WHM & cPanel
interface. You can force a password
change through this script by setting
the environment variable
'ALLOW_PASSWORD_CHANGE=1'.

You can fix the above error by running the following command. After that execute the script again.

# export ALLOW_PASSWORD_CHANGE=1

Error:

I have a following PHP mail sending script which keeps getting 'FAILURE' when accessing via browser.

========================================================

<?php
$email = "mail@yourdomain.com";
$from = "admin@from.com";

if(!mail($email, 'Test subject', 'message', 'From: '. $from . "\r\n")) {
    echo "FAILURE";
}
else {
    echo "SUCCESS";
}
?>

========================================================

php mail function is not working in the server. There is no coding issues in the script file.


Solution:


In order to sort out this issue, please go through the following checks.


Check if php mail function is disabled in php.ini

root@server [~]# cat /usr/local/lib/php.ini | grep disable_functions
disable_functions = "mail"

If it is disabled, remove the entry of 'mail' from php.ini from the line, "disable_functions =". Then,

# /etc/init.d/httpd restart




If you are still having problem, try the following test. Let your mail script is mail.php. Then run the following command.

root@server [~]# php mail.php
sendmail: Not running with correct effective GID. Is sendmail binary setgid mailtrap?
sendmail: Not running with correct effective GID. Is sendmail binary setgid mailtrap?
root@server [~]#


If you are getting an error as like above, you can do the following commands to fix this error.

root@server [~]# which sendmail
/usr/sbin/sendmail

root@server [~]# chown root:mailtrap /usr/sbin/sendmail

root@server [~]# chmod 2755 /usr/sbin/sendmail

How to convert CentOS 5.x or 6.x to CloudLinux (without cPanel & WHM installed)


1. Purchase a CloudLinux license
2. Login as root user in the server and issue the following commands.

   # wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cpanel2cl

   If you purchased an IP address-based CloudLinux license, run the command

   # sh cpanel2cl -i

   If you purchased a CloudLinux license key, run the command
 
   # sh cpanel2cl -k <key>

====================================================================================



How to convert CentOS 5.x to CloudLinux (with cPanel & WHM installed)


If you own an IP address-based CloudLinux license, run these commands:

# /usr/local/cpanel/cpkeyclt
# /usr/local/cpanel/bin/cloudlinux_system_install -k
# reboot
# /usr/local/cpanel/scripts/easyapache --build


If you own a CloudLinux license key, run these commands:

# wget http://repo.cloudlinux.com/cloudlinux/sources/cln/cpanel2cl
# sh cpanel2cl -k <key>
# reboot
# /scripts/easyapache --build


Reference:

http://docs.cpanel.net/twiki/bin/vief/AllDocumentation/InstallationGuide/InstallingOs
http://docs.cloudlinux.com/

Upgrade/Downgrade MySQL version

You can change mysql version in a cpanel server via WHM and terminal. Here is the steps which help you to Upgrade/Downgrade MySQL version.
In either case, you must login as root user.


via WHM:

You can Upgrade/Downgrade MySQL version via WHM by following the steps shown below.

Home » Software » MySQL Upgrade

Select the mysql version and then click Next.


via Terminal:

You can find the MySql Version with the help of following commands :

============================
root@server[~]# mysql  --version
root@server[~]# mysql -V
root@server[~]# mysql -e status | grep "Server version"
============================

You can change mysql version via terminal in a cpanel server by following these steps,

Open the file, /var/cpanel/cpanel.config using vi or nano editor.

# vi /var/cpanel/cpanel.config

find the line, mysql-version=x.x
give the desired mysql version number in place of x.x

Then run the following commmand to install and load new mysql version,

# /scripts/mysqlup --force

Now re-run apache build (easyapache) - so it can build php-mysql connector

# /scripts/easyapache


Note:

The method described would be performed at one's own risk. A manual downgrade is not recommended and can incur significant risk when attempted on an existing system. A full backup of the MySQL data directory is advised, and for a proper downgrade one should consider using mysqldump to create an SQL dump before downgrading.

http://www.thecpaneladmin.com/upgrading-downgrading-mysql/

Scripts To Check Spammer and Spam mails in cPanel Server - Exim:

To get a sorted list of email sender in exim mail queue. It will show the number of mails send by each one.

# exim -bpr | grep "<" | awk {'print $4'} | cut -d "<" -f 2 | cut -d ">" -f 1 | sort -n | uniq -c | sort -n

You will get a result as like follows,

      1  arun@testdomain.com
      2  sales@test1domain.com
      3  sandy@test123.com
      4  root@testdomain.co.in
    29  admin@testdomain.in
  124  arun@test123domain.com

=============================================================================================

The following scripts will check the script that will originate spam mails:

# grep "cwd=/home" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

# awk '{ if ($0 ~ "cwd" && $0 ~ "home") {print $3} }' /var/log/exim_mainlog | sort | uniq -c | sort -nk 1

# grep 'cwd=/home' /var/log/exim_mainlog | awk '{print $3}' | cut -d / -f 3 | sort -bg | uniq -c | sort -bg

You will get a result as like follows for the first two scripts. The third script is just a sub of the first two scripts.

      9      cwd=/home/test1/public_html
     10     cwd=/home/test2/public_html/a1/www
     15     cwd=/home/test3/public_html
     91     cwd=/home/test4/public_html
    178    cwd=/home/test5/public_html/web
    770    cwd=/home/test6/public_html/foro
    803    cwd=/home/test7/public_html/web
 124348 cwd=/home/test8/public_html/wp/wp-content/themes/twentyeleven

=============================================================================================

If we need to find out exact spamming script. The following script will shows the current spamming script running now. The following script will help you in all time of mail servers. It will help you to find the exact script which sending mails.

# ps auxwwwe | grep <user> | grep --color=always "<location of script>" | head

The usage of the above script is as shown below.

# ps auxwwwe | grep test8 | grep --color=always "/home/test8/public_html/wp/wp-content/themes/twentyeleven" | head

Once you find the exact script, the following script will help you to find the IP address which is responsible for spamming. You will get a list of IPs from the following script. The IPs address which has high number of access is most probably causing spamming. You can block the IP address in csf or apf firewall.

# grep "<script_name>" /home/user/access-logs/testdomain.com | awk '{print $1}' | sort -n | uniq -c | sort -n


=============================================================================================

Following command that will show you the script which is using script to send the email. If it is from php then use


# egrep -R "X-PHP-Script"  /var/spool/exim/input/*

=============================================================================================

It shows top 50 domains using mail server with options.

# eximstats -ne -nr /var/log/exim_mainlog

=============================================================================================

It shows from which user’s home the mail is going, so that you can easily trace it and block it if needed.it shows the mails going from the server.

# ps -C exim -fH ewww | grep home
=============================================================================================

It shows the IPs which are connected to server through port number 25. It one particular Ip is using more than 10 connection you can block it in the server firewall.

# netstat -plan | grep :25 | awk {'print $5'} | cut -d: -f 1 | sort | uniq -c | sort -nk 1
==============================================================================================

In order to find “nobody” spamming, issue the following command

# ps -C exim -fH ewww | awk '{for(i=1;i<=40;i++){print $i}}' | sort | uniq -c | grep PWD | sort -n

 It will give some result like:
Example :
6 PWD=/
347 PWD=/home/sample/public_html/test
Count the PWD and if it is a large value check the files in the directory listed in PWD
(Ignore if it is / or /var/spool/mail /var/spool/exim)

The above command is valid only if the spamming is currently in progress. If the spamming has happened some hours before, use the following command.


# grep "cwd=" /var/log/exim_mainlog | awk '{for(i=1;i<=10;i++){print $i}}' | sort | uniq -c | grep cwd | sort -n

==============================================================================================

The following script will give the summary of mails in the mail queue.

exim -bpr | exiqsumm -c | head


You will get a result as like follows,


Count  Volume  Oldest  Newest  Domain
 -----      ------      ------     ------       ------

  114   171KB     24h     28m  testdomain.com
   15    28KB       36h     7m    gmail.com
    5     10KB       34h     10h   test2domain.com
    4     8192        27h     4h     yourdomain.com
    4     75KB       7m      7m    server.domain.com
    3     6041        23h     42m  test123.com

==============================================================================================


You can find useful commands/scripts used in exim in the following link,
http://linuxadmintips4u.blogspot.in/2012/11/most-frequently-used-commands-in-exim.html


More Reference:

https://github.com/Exim/exim/wiki

http://www.exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html

http://www.exim.org/exim-html-4.20/doc/html/spec_13.html#IX1148


http://www.grscripts.com/tweaking.html   ---> Tweakings for ASSP

Error:


When i run the following command in terminal i got an errors as shown below. I got this error in a cpanel 11.32.5 (build 18) server.

# exim -bt test@yourdomain.com


LOG: MAIN PANIC
  failed to expand condition "${perl{check_mail_permissions}}" for check_mail_permissions router: Undefined subroutine &main::check_mail_permissions called.

LOG: MAIN PANIC
  failed to expand condition "${perl{enforce_mail_permissions}}" for enforce_mail_permissions router: Undefined subroutine &main::enforce_mail_permissions called.

LOG: MAIN PANIC
  failed to expand condition "${perl{increment_max_emails_per_hour_if_needed}}" for increment_max_emails_per_hour_if_needed router: Undefined subroutine &main::increment_max_emails_per_hour_if_needed called.




Solution:

The following script helped me to fix the error.

# /scripts/buildeximconf

There is no direct option to add an additional shared IP in WHM. But you can add more shared IPs if you have SSH root access to the server.

You can add more shared IPs by following the steps shown below.

# cd /var/cpanel/mainips/

If there is no such directory, you have to create it.
   # mkdir -p /var/cpanel/mainips/

# vi /var/cpanel/mainips/root

Add the IPs in this file one by one separated by new line, each line is an additional shared IP in WHM.

If you want to add 11.22.33.44 and 44.33.22.11 as shared IPs, You will get a result as follows.

# cat /var/cpanel/mainips/root
  11.22.33.44
  44.33.22.11

Now if you login to WHM and

Home » IP Functions » Show/Edit Reserved IPs

You can see the status of new IPs as 'Main/shared IP for root'.