Empowering you with the knowledge to master Linux web hosting, DevOps and Cloud

 Linux Web Hosting, DevOps, and Cloud Solutions

Month: June 2016

Problems logging into Plesk because of IP restrictions

Hello,

If you receive following error while logging to the Plesk panel, that means there is a IP based restriction to access Plesk admin panel and your current IP is not allowed to access.

“Unable to log into Plesk: Access for administrator from address xx.xx.xx.xx is restricted in accordance with IP Access restriction policy currently applied”

Cause
Plesk IP access policy was configured in such a way so that Plesk could not be accessed from the certain IP.

Resolution

Method 1. To enable Plesk access, you need to log into the Plesk from another IP and change the IP access policy:

Tools and Settings > Restrict Administrative Access
Add your IP to the whitelist

Method 2. Updating the database directly

If you cannot login to the panel, then you can connect to the server using SSH and correct this through database queries. Plesk database records regarding the access policy need to be corrected.

To retrieve the current policy and the restricted/allowed IPs, the following commands can be used:

Linux

#MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -u admin psa
    mysql> select * from cp_access;
    mysql> select * from misc where param='access_policy';

Windows

"%plesk_bin%\dbclient" --direct-sql --sql="select * from cp_access"
    "%plesk_bin%\dbclient" --direct-sql --sql="select * from misc where param='access_policy'";

If you wish to clear the access policy settings, remove all records from “cp_access” and set the policy to “allow”:

Linux

# MYSQL_PWD=`cat /etc/psa/.psa.shadow` mysql -u admin psa
    mysql> delete from cp_access;
    mysql> update misc set val="allow" where param='access_policy';

Windows

"%plesk_bin%\dbclient" --direct-sql --sql="delete from cp_access";
    "%plesk_bin%\dbclient" --direct-sql --sql="update misc set val='allow' where param='access_policy'";

To whitelist the IP manually

bash# mysql -uadmin -p`cat /etc/psa/.psa.shadow ` psa

insert into cp_access values ("", "deny", "x.x.x.", "255.255.255.255"); //change the IP address to your public IP.

Then you should be able to connect to the Plesk control panel from the new IP address.

Email sending limits and throttling – iRedmail free edition

iRedMail is:
1. A ZERO COST, fully fledged, full-featured mail server solution. All components are free and open source software
2. It support unlimited domains and email accounts.
2. SpamAssassin, ClamAV, SPF, DKIM, greylisting, whitelisting, blacklisting.
3. Stores mail accounts in your favorite backend: OpenLDAP, MySQL, MariaDB, PostgreSQL.
4. Supports major Linux distros

Throttling

iRedmail supports following level of throttling for email limits.
Global, per-domain and per-user throttling based on: max size of single message, number of max inbound/outbound messages per time unit.

iRedmail uses a component named iredpad for this. With iRedmail Pro version, you can configure these settings through GUI(iRedadmin panel). However they are not available through GUI for free version. The feature is enabled though we will have to modify them through database directly.

So the database is “iredapd” and table is “throttle”.

Here are some examples

1. Allow user `user@domain.com` to send 50 mails in 5 minutes (period=300):

INSERT INTO throttle (account, kind, priority, period, msg_size, max_msgs, max_quota) VALUES (‘user@domain.com’,’outbound’,100,300,0,50,0);

2. Set global limit of 500 mails per day and a maximum single mail size of 55MB

INSERT INTO throttle (account, kind, priority, period, msg_size, max_msgs, max_quota) VALUES (‘@.’,’outbound’,0,86400,57671680,500,0);

57671680 bytes = 55MB
86400 – 1 Day

# Technical details of throttle plugin
# ————-
#
# Currently you may throttle based on:
#
# – amount of mails sent over a given period of time
# – accumulated mail size sent over a given period of time
# – size of singe message
#
# Eg: You can enforce that user@domain.com does not send more than 1000 mails
# or 1GB of mail (whichever limit is hit first) in 5 minute.
#
# Possible throttling address:
#
# *) Full email address: user@domain.com
# *) Domain name (with a prefixed ‘@’): @domain.com
# *) Sub-domain name (with a prefixed ‘@.’): @.domain.com
# *) IP address: 192.168.1.1
# *) IP network: 192.168.1.*
# *) Catch-all for email address: ‘@.’ (note, the dot is required)
# *) Catch-all for IP address: ‘@ip’
#
# Priorities of different thorttle address (larger digital number has higher priority):
#
# *) email: 100 # e.g. ‘user@domain.com’. Highest priority
# *) wildcard_addr: 90 # e.g. `user@*`. used in plugin `amavisd_wblist`
# # as wildcard sender. e.g. ‘user@*`
# *) ip: 80 # e.g. 173.254.22.21
# *) wildcard_ip: 70 # e.g. 173.254.22.*
# *) cidr: 70 # e.g. 173.254.22.0/24
# *) domain: 60 # e.g. @domain.com
# *) subdomain: 50 # e.g. @.domain.com
# *) top_level_domain: 40 # e.g. @com, @org
# *) catchall: 0 # ‘@.’. Lowest priority

Please note that priority for global setting is 0 and priority of a single user is 100.

SOGo ActiveSync not working – iRedmail

iRedMail is:
1. A ZERO COST, fully fledged, full-featured mail server solution. All components are free and open source software
2. It support unlimited domains and email accounts.
2. SpamAssassin, ClamAV, SPF, DKIM, greylisting, whitelisting, blacklisting.
3. Stores mail accounts in your favourte backend: OpenLDAP, MySQL, MariaDB, PostgreSQL.
4. Supports major Linux distros

You know how difficult is to configure a fully fledged email service you have tried. iRedmail do this heavy part for you. I would recommend this piece of software to everyone. I used to configure email server manually using Postfix, Postfixadmin, MySQL, SpamAssassin, etc. Even though I have done this several times, it needs 2-3 hours for setup. But iRedmail can do all of this and MORE in few minutes, thus saves lot of time.

iRedmail comes with SOGo which provides EAS Activesync support

SOGo is providing the EAS support. If you are getting an error “Unable to connect” on email client do following

1. Check https://hostname/Microsoft-Server-ActiveSync

if it gives 404, issue with SOGo httpd conf
If it gives white page, no problem with conf

SOGo installs Apache config file /etc/httpd/conf.d/SOGo.conf by default, please open it and find below lines:

#ProxyPass /Microsoft-Server-ActiveSync \
# http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
# retry=60 connectiontimeout=5 timeout=360

Remove # at the beginning to enable ActiveSync support:
ProxyPass /Microsoft-Server-ActiveSync \
http://127.0.0.1:20000/SOGo/Microsoft-Server-ActiveSync \
retry=60 connectiontimeout=5 timeout=360

Find string yourhostname in the same file, replace all yourhostname by your FQDN server hostname. (Tip: you can get your FQDN hostname with command hostname -f.)

Restart Apache

Disable greylisting completely – iRedmail

iRedMail is:
1. A ZERO COST, fully fledged, full-featured mail server solution. All components are free and open source software
2. It support unlimited domains and email accounts.
2. SpamAssassin, ClamAV, SPF, DKIM, greylisting, whitelisting, blacklisting.
3. Stores mail accounts in your favourte backend: OpenLDAP, MySQL, MariaDB, PostgreSQL.
4. Supports major Linux distros

You know how difficult is to configure a fully fledged email service you have tried. iRedmail do this heavy part for you. I would recommend this piece of software to everyone. I used to configure email server manually using Postfix, Postfixadmin, MySQL, SpamAssassin, etc. Even though I have done this several times, it needs 2-3 hours for setup. But iRedmail can do all of this and MORE in few minutes, thus saves lot of time.

How to disable greylisting completely

Greylisting is a method of defending e-mail users against spam. A mail transfer agent (MTA) using greylisting will “temporarily reject” any email from a sender it does not recognize

To disable greylisting completely, please remove plugin name greylisting in iRedAPD config file
/opt/iredapd/settings.py, parameter plugins =:
plugins = […, ‘greylisting’, …]

Restarting iRedAPD service is required.

Reject outgoing Spam – iRedmail server

iRedMail is:
1. A ZERO COST, fully fledged, full-featured mail server solution. All components are free and open source software
2. It support unlimited domains and email accounts.
2. SpamAssassin, ClamAV, SPF, DKIM, greylisting, whitelisting, blacklisting.
3. Stores mail accounts in your favourte backend: OpenLDAP, MySQL, MariaDB, PostgreSQL.
4. Supports major Linux distros

You know how difficult is to configure a fully fledged email service you have tried. iRedmail do this heavy part for you. I would recommend this piece of software to everyone. I used to configure email server manually using Postfix, Postfixadmin, MySQL, SpamAssassin, etc. Even though I have done this several times, it needs 2-3 hours for setup. But iRedmail can do all of this and MORE in few minutes, thus saves lot of time.

Reject outgoing Spam

iRedmail comes with Amavis, Spamassasin and Clamd. By default iRedmail will not block Outgoing spam message. However you can tweak Amavis configurations to reject such mails.

/etc/amavisd/amavisd.conf

Add following to $policy_bank{‘ORIGINATING’}

final_virus_destiny => D_DISCARD,
final_banned_destiny => D_REJECT,
final_spam_destiny => D_REJECT,
final_bad_header_destiny => D_REJECT,

Then restart amavis /etc/init.d/amavisd restart

This will reject all outgoing spam mails above the score

Of course tweak the spam score accordingly.

Powered by WordPress & Theme by Anders Norén