Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1] 2
1
CentOS-WebPanel Bugs / Re: Latest CWP Almalinux 9 sept2024 fresh instal = amavis timeout + mariadb Vmem exc
« on: February 04, 2025, 06:41:03 PM »
Hi Venty
For what I needed and as far as I know, yes, I solved, find the second post of mines in this thread, dated September 18, 2024, 05:27:57 PM
For what I needed and as far as I know, yes, I solved, find the second post of mines in this thread, dated September 18, 2024, 05:27:57 PM
2
CentOS 9 Problems / Re: Monit do not have the PHP-FPM83 configuration file
« on: September 30, 2024, 03:13:36 AM »
Thank you, I will dig into that later on, when done I will post some info
3
CentOS 9 Problems / systemd-analyze security returns a list of exposed and unsafe services
« on: September 30, 2024, 03:12:26 AM »
Hello
On relatively fresh install of Almalinux 9 with CWP PRO
I ran this command
systemd-analyze security
and got the following list of services, many are marked as "usafe" and "exposed":
UNIT EXPOSURE PREDICATE HAPPY
NetworkManager.service 7.8 EXPOSED 🙁
amavisd.service 6.9 MEDIUM 😐
atd.service 9.6 UNSAFE 😨
auditd.service 8.9 EXPOSED 🙁
cbpolicyd.service 9.6 UNSAFE 😨
chronyd.service 3.9 OK 🙂
clamav-freshclam.service 9.6 UNSAFE 😨
clamd.service 9.6 UNSAFE 😨
crond.service 9.6 UNSAFE 😨
cwp-phpfpm.service 9.6 UNSAFE 😨
cwpsrv-phpfpm.service 9.6 UNSAFE 😨
cwpsrv.service 9.2 UNSAFE 😨
dbus-broker.service 8.7 EXPOSED 🙁
dovecot.service 8.5 EXPOSED 🙁
emergency.service 9.5 UNSAFE 😨
getty@tty1.service 9.6 UNSAFE 😨
httpd.service 9.6 UNSAFE 😨
irqbalance.service 8.9 EXPOSED 🙁
lfd.service 9.6 UNSAFE 😨
low-memory-monitor.service 6.3 MEDIUM 😐
maldet.service 9.6 UNSAFE 😨
mariadb.service 8.8 EXPOSED 🙁
mlocate-updatedb.service 8.1 EXPOSED 🙁
monit.service 9.6 UNSAFE 😨
named.service 9.2 UNSAFE 😨
nginx.service 9.6 UNSAFE 😨
opendkim.service 9.2 UNSAFE 😨
php-fpm74.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm81.service 6.5 MEDIUM 😐
php-fpm82.service 6.5 MEDIUM 😐
php-fpm83.service 6.5 MEDIUM 😐
postfix.service 7.9 EXPOSED 🙁
pure-ftpd.service 9.6 UNSAFE 😨
rc-local.service 9.6 UNSAFE 😨
rescue.service 9.5 UNSAFE 😨
rsyslog.service 5.8 MEDIUM 😐
rtkit-daemon.service 7.1 MEDIUM 😐
sa-update.service 9.6 UNSAFE 😨
spamassassin.service 9.6 UNSAFE 😨
sshd.service 9.6 UNSAFE 😨
sssd-kcm.service 7.7 EXPOSED 🙁
sssd.service 8.3 EXPOSED 🙁
systemd-ask-password-console.service 9.4 UNSAFE 😨
systemd-ask-password-wall.service 9.4 UNSAFE 😨
systemd-initctl.service 9.4 UNSAFE 😨
systemd-journald.service 4.3 OK 🙂
systemd-logind.service 2.8 OK 🙂
systemd-rfkill.service 9.4 UNSAFE 😨
systemd-udevd.service 6.9 MEDIUM 😐
upower.service 2.4 OK 🙂
user@0.service 9.8 UNSAFE 😨
Not being expert I am wondering whether these are really serious problems or not and what can be done to fix the serious ones eventually.
What seems strange to me is that many of the services that are marked as unsafe are the very main services needed, e.g. nginx, lfd, postfix, cwpsrv-phpfpm.service.... and so on.
Does anyone know something about this?
Thank you in advance for info and hints.
On relatively fresh install of Almalinux 9 with CWP PRO
I ran this command
systemd-analyze security
and got the following list of services, many are marked as "usafe" and "exposed":
UNIT EXPOSURE PREDICATE HAPPY
NetworkManager.service 7.8 EXPOSED 🙁
amavisd.service 6.9 MEDIUM 😐
atd.service 9.6 UNSAFE 😨
auditd.service 8.9 EXPOSED 🙁
cbpolicyd.service 9.6 UNSAFE 😨
chronyd.service 3.9 OK 🙂
clamav-freshclam.service 9.6 UNSAFE 😨
clamd.service 9.6 UNSAFE 😨
crond.service 9.6 UNSAFE 😨
cwp-phpfpm.service 9.6 UNSAFE 😨
cwpsrv-phpfpm.service 9.6 UNSAFE 😨
cwpsrv.service 9.2 UNSAFE 😨
dbus-broker.service 8.7 EXPOSED 🙁
dovecot.service 8.5 EXPOSED 🙁
emergency.service 9.5 UNSAFE 😨
getty@tty1.service 9.6 UNSAFE 😨
httpd.service 9.6 UNSAFE 😨
irqbalance.service 8.9 EXPOSED 🙁
lfd.service 9.6 UNSAFE 😨
low-memory-monitor.service 6.3 MEDIUM 😐
maldet.service 9.6 UNSAFE 😨
mariadb.service 8.8 EXPOSED 🙁
mlocate-updatedb.service 8.1 EXPOSED 🙁
monit.service 9.6 UNSAFE 😨
named.service 9.2 UNSAFE 😨
nginx.service 9.6 UNSAFE 😨
opendkim.service 9.2 UNSAFE 😨
php-fpm74.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm80.service 6.5 MEDIUM 😐
php-fpm81.service 6.5 MEDIUM 😐
php-fpm82.service 6.5 MEDIUM 😐
php-fpm83.service 6.5 MEDIUM 😐
postfix.service 7.9 EXPOSED 🙁
pure-ftpd.service 9.6 UNSAFE 😨
rc-local.service 9.6 UNSAFE 😨
rescue.service 9.5 UNSAFE 😨
rsyslog.service 5.8 MEDIUM 😐
rtkit-daemon.service 7.1 MEDIUM 😐
sa-update.service 9.6 UNSAFE 😨
spamassassin.service 9.6 UNSAFE 😨
sshd.service 9.6 UNSAFE 😨
sssd-kcm.service 7.7 EXPOSED 🙁
sssd.service 8.3 EXPOSED 🙁
systemd-ask-password-console.service 9.4 UNSAFE 😨
systemd-ask-password-wall.service 9.4 UNSAFE 😨
systemd-initctl.service 9.4 UNSAFE 😨
systemd-journald.service 4.3 OK 🙂
systemd-logind.service 2.8 OK 🙂
systemd-rfkill.service 9.4 UNSAFE 😨
systemd-udevd.service 6.9 MEDIUM 😐
upower.service 2.4 OK 🙂
user@0.service 9.8 UNSAFE 😨
Not being expert I am wondering whether these are really serious problems or not and what can be done to fix the serious ones eventually.
What seems strange to me is that many of the services that are marked as unsafe are the very main services needed, e.g. nginx, lfd, postfix, cwpsrv-phpfpm.service.... and so on.
Does anyone know something about this?
Thank you in advance for info and hints.
4
CentOS 9 Problems / Monit do not have the PHP-FPM83 configuration file
« on: September 27, 2024, 01:28:07 PM »
Hello
I was checking what Monit does, I noticed that PHP83 is not monitored, so I thought I maybe missed to add the configuration file among the ones that have to be monitored, I went to the Monit manager and saw that PHP83 is not monitored just because the config file was not created, so was not added to the list.
I do not see a way to let cwp create new config files for Monit and I do not know how to manually do that.
What should I do to have PHP83 monitored too?
Ty in advance for any information and help
I was checking what Monit does, I noticed that PHP83 is not monitored, so I thought I maybe missed to add the configuration file among the ones that have to be monitored, I went to the Monit manager and saw that PHP83 is not monitored just because the config file was not created, so was not added to the list.
I do not see a way to let cwp create new config files for Monit and I do not know how to manually do that.
What should I do to have PHP83 monitored too?
Ty in advance for any information and help
5
PHP / Re: Update default PHP version but keep old websites running the current version
« on: September 27, 2024, 12:34:33 AM »
OK
I did it and seems to work fine, upgraded to 8.2.23 (actual latest of the 8.2 branch, I thought being a bit conservative might be fine, so I did not opt for the 8.3 branch yet)
I also understood what fooled me into not finding the very easy proper solution using CWP GUI just as is...
The PHP-FPM method is used to have multiple PHP versions in such ways so to be able to easily maintain up to date and choose/switch at wish with a few clicks one of the many PHP versions for the domains' webservers in order to accommodate the various software needs. That is simply awesome!
When in CWP the PHP-FPM system is activated in the PHP Switcher panel appears a warning telling the following:
WARNING! This PHP versions are not active as you have forced PHP-FPM here!
You can use PHP-FPM selector per version configuration and modify WebServers for each domain/subdomain if you want to use a custom PHP-FPM version.
Somehow that warning did let me think that the PHP Switcher panel is not active and not to be used when PHP-FPM is in use!
That misunderstanding one can fall into is due to the very first sentence of the warning: "This PHP versions are not active as you have forced PHP-FPM here!"
That warning let one think that when PHP-FPM is active there is nothing to do in the PHP Switcher panel, also there is no note telling that the PHP switcher can be anyway used to change the main server PHP version even if PHP-FPM is active.
Furthermore nowhere is written that the main server PHP version cannot be changed via the PHP-FPM manager.
That first sentence in the warning message should be changed into somewhat more accurate that do not tell people, "leave this place as you can't use this until you use PHP-FPM" ^^
Maybe should be somewhat like this: "If PHP-FPM is active this PHP switcher can be used only to change the PHP version of the main server, cannot be used to change the PHP version of the webservers...".
So far so good, I cleared out an "enigma" ^^, to me looked too strange that could not be possible to setup different PHP versions for the main server using the CWP GUI itself, finally I know why I could not figure it out. This was a funny event
^^
Thank you for the very useful hint, very appreciated.
I did it and seems to work fine, upgraded to 8.2.23 (actual latest of the 8.2 branch, I thought being a bit conservative might be fine, so I did not opt for the 8.3 branch yet)
I also understood what fooled me into not finding the very easy proper solution using CWP GUI just as is...
The PHP-FPM method is used to have multiple PHP versions in such ways so to be able to easily maintain up to date and choose/switch at wish with a few clicks one of the many PHP versions for the domains' webservers in order to accommodate the various software needs. That is simply awesome!
When in CWP the PHP-FPM system is activated in the PHP Switcher panel appears a warning telling the following:
WARNING! This PHP versions are not active as you have forced PHP-FPM here!
You can use PHP-FPM selector per version configuration and modify WebServers for each domain/subdomain if you want to use a custom PHP-FPM version.
Somehow that warning did let me think that the PHP Switcher panel is not active and not to be used when PHP-FPM is in use!
That misunderstanding one can fall into is due to the very first sentence of the warning: "This PHP versions are not active as you have forced PHP-FPM here!"
That warning let one think that when PHP-FPM is active there is nothing to do in the PHP Switcher panel, also there is no note telling that the PHP switcher can be anyway used to change the main server PHP version even if PHP-FPM is active.
Furthermore nowhere is written that the main server PHP version cannot be changed via the PHP-FPM manager.
That first sentence in the warning message should be changed into somewhat more accurate that do not tell people, "leave this place as you can't use this until you use PHP-FPM" ^^
Maybe should be somewhat like this: "If PHP-FPM is active this PHP switcher can be used only to change the PHP version of the main server, cannot be used to change the PHP version of the webservers...".
So far so good, I cleared out an "enigma" ^^, to me looked too strange that could not be possible to setup different PHP versions for the main server using the CWP GUI itself, finally I know why I could not figure it out. This was a funny event
^^Thank you for the very useful hint, very appreciated.
6
PHP / Re: Update default PHP version but keep old websites running the current version
« on: September 26, 2024, 09:29:33 PM »
Thank you, I am going to take a snapshot, try and test
7
PHP / Re: Update default PHP version but keep old websites running the current version
« on: September 26, 2024, 05:17:10 PM »
Hi, ty
Using the test php script on the domain I get what is expected, PHP 8.3 as is also possible to check into the cwp control panel of domain in the CWP Settings > PHP Selector panel.
None the less anyway in the Left column of the domain control panel, in the small info widget at bottom of the column I read PHP: 7.4.33, which I think now that is the php version that the panel itself do use, in fact the domain control panel is served not by the domain webserver itself but by the main server itself on which is settled the hostname
I then used ssh to check using the php -v command on the main server accessible via the hostname, the one that serves the CWP panel(s) too, the result is that the PHP version used is the 7.4 as in fact is stated int he dashboards.
As far as I understand by theory would be good to use the PHP version that is "LTS" still receiving security updates and well known to be the most secure.
Therefore, what about the PHP 7.4?
Is it still OK to use PHP 7.4 for the main server?
Which would be the best PHP version to be used for the main server using CWP?
At this point due to my lack of knowledge I do not know if what does PHP-FPM has nothing to do with the PHP version used by the main server using the hostname, is maybe to be configured apart?
Was the PHP version to be used by the main server to be settled during the CWP installation process using the script options?
However, having the main server now using PHP 7.4, in case it would be better to use a more recent version for it, provided that now:
- I read on the CWP dashboard that PHP is 7.4 and PHP-FPM v 8.3 is "forced"
- that via the ssh PHP -v command check I see that PHP version used on the main server accessible via hostname or IP is the PHP7.4
- that in the "Webservers Main Conf" panel as I specified Nginx default PHP-FPM version: 8.3 and Apache default PHP-FPM version: 8.3 are settled already
How can I change the PHP version used by the main webserver accessible via the hostname or server IP and at the same time not remove the PHP 7.4 version from PHP-FPM leaving it available to be used in some domains or folders into domains only?
Sorry for the many questions at once (I do not want to forget to investigate for each), and ty in advance for any info and help.
Using the test php script on the domain I get what is expected, PHP 8.3 as is also possible to check into the cwp control panel of domain in the CWP Settings > PHP Selector panel.
None the less anyway in the Left column of the domain control panel, in the small info widget at bottom of the column I read PHP: 7.4.33, which I think now that is the php version that the panel itself do use, in fact the domain control panel is served not by the domain webserver itself but by the main server itself on which is settled the hostname
I then used ssh to check using the php -v command on the main server accessible via the hostname, the one that serves the CWP panel(s) too, the result is that the PHP version used is the 7.4 as in fact is stated int he dashboards.
As far as I understand by theory would be good to use the PHP version that is "LTS" still receiving security updates and well known to be the most secure.
Therefore, what about the PHP 7.4?
Is it still OK to use PHP 7.4 for the main server?
Which would be the best PHP version to be used for the main server using CWP?
At this point due to my lack of knowledge I do not know if what does PHP-FPM has nothing to do with the PHP version used by the main server using the hostname, is maybe to be configured apart?
Was the PHP version to be used by the main server to be settled during the CWP installation process using the script options?
However, having the main server now using PHP 7.4, in case it would be better to use a more recent version for it, provided that now:
- I read on the CWP dashboard that PHP is 7.4 and PHP-FPM v 8.3 is "forced"
- that via the ssh PHP -v command check I see that PHP version used on the main server accessible via hostname or IP is the PHP7.4
- that in the "Webservers Main Conf" panel as I specified Nginx default PHP-FPM version: 8.3 and Apache default PHP-FPM version: 8.3 are settled already
How can I change the PHP version used by the main webserver accessible via the hostname or server IP and at the same time not remove the PHP 7.4 version from PHP-FPM leaving it available to be used in some domains or folders into domains only?
Sorry for the many questions at once (I do not want to forget to investigate for each), and ty in advance for any info and help.
8
E-Mail / End-toEnd Encryption of emails
« on: September 26, 2024, 04:32:24 PM »
Hello
In Thunderbird client I read the following in the accounts' config panel "End-to-End encryption":
"End-To-End Encryption
Without end-to-end encryption the contents of messages are easily exposed to your email provider and to mass surveillance,
To send encrypted or digitally signed messages, you need to configure an encryption technology, either OpenPGP or S/MIME.
Select your personal key to enable the use of OpenPGP, or your personal certificate to enable the use of S/MIME. For a
personal key or certificate you own the corresponding secret key."
I am really ignorant on this topic therefore sorry for the following maybe silly question...
In order to use the End-to-End encryption for emails, do I need to do anything/setup stuff in the server/mailserver/CWP?
Ty in advance for any info and help
In Thunderbird client I read the following in the accounts' config panel "End-to-End encryption":
"End-To-End Encryption
Without end-to-end encryption the contents of messages are easily exposed to your email provider and to mass surveillance,
To send encrypted or digitally signed messages, you need to configure an encryption technology, either OpenPGP or S/MIME.
Select your personal key to enable the use of OpenPGP, or your personal certificate to enable the use of S/MIME. For a
personal key or certificate you own the corresponding secret key."
I am really ignorant on this topic therefore sorry for the following maybe silly question...
In order to use the End-to-End encryption for emails, do I need to do anything/setup stuff in the server/mailserver/CWP?
Ty in advance for any info and help
9
PHP / Re: Update default PHP version but keep old websites running the current version
« on: September 26, 2024, 03:29:33 PM »
Hello
I am not expert and just able to fiddle into linux and cwp
I have CWP PRO on Almalinux 9 recent up to date installation as of sept 2024, I am using apache+nginx (i'd like to use the apache+nginx+varnish but I could not find a way to have working right... I'll investigate on that later on..)
Understanding the practical advantages I settled PHP-FPM.
As I wanted to be able to use some older software in the domains I will use in the PHP-FPM panel I installed also PHP7.4
I intuitively managed to settle my server to have PHP 8.3 as default, that was done into the "Webservers Main Conf" panel where I specified that:
Nginx default PHP-FPM version: 8.3
Apache default PHP-FPM version: 8.3
In the "Webservers Domain Conf" panel where one can select a username and go into the "Manage webservers Configuration" panel where can see the domains list for that user and click "view edit configuration" for a domain getting a panel similar to the one seen into the "Webservers Main Conf" I settled the "PHP-FPM Service Configuration" > PHP-FPM version to 8.3 (which I think does mean that the default PHP version for this domain is now settled to PHP 8.3)
Despite the settlings explained here above:
- in my server CWP dashboard in the bottom info panel on left side I read this: "PHP version: 7.4.33 |forced PHP-FPM:8.3|"
- in the domain control panel dashboard on the bottom of the right column where is a small info panel I read the same, PHP: 7.4.33
I do not understand this, my idea was to have php7.4 available just to be used in some domains or even some directories in a domain in order to use old software that can't use PHP 8X versions, I never meant to use PHP 7.4 for other purposes and while setting up I never indicated PHP 7.4 as default for anything, actually I did not even settled PHP 7.4 in use anywhere int he domain.
Therefore, why is PHP 7.4 mentioned in the dashboards as "in use", with PHP 8.3 forced in the main dashboard and as "default" in the domain dashboard if, in theory, is not used on both?
How can I check which version are really used in the server and in the domain?
Ty in advance for help and info.
I am not expert and just able to fiddle into linux and cwp
I have CWP PRO on Almalinux 9 recent up to date installation as of sept 2024, I am using apache+nginx (i'd like to use the apache+nginx+varnish but I could not find a way to have working right... I'll investigate on that later on..)
Understanding the practical advantages I settled PHP-FPM.
As I wanted to be able to use some older software in the domains I will use in the PHP-FPM panel I installed also PHP7.4
I intuitively managed to settle my server to have PHP 8.3 as default, that was done into the "Webservers Main Conf" panel where I specified that:
Nginx default PHP-FPM version: 8.3
Apache default PHP-FPM version: 8.3
In the "Webservers Domain Conf" panel where one can select a username and go into the "Manage webservers Configuration" panel where can see the domains list for that user and click "view edit configuration" for a domain getting a panel similar to the one seen into the "Webservers Main Conf" I settled the "PHP-FPM Service Configuration" > PHP-FPM version to 8.3 (which I think does mean that the default PHP version for this domain is now settled to PHP 8.3)
Despite the settlings explained here above:
- in my server CWP dashboard in the bottom info panel on left side I read this: "PHP version: 7.4.33 |forced PHP-FPM:8.3|"
- in the domain control panel dashboard on the bottom of the right column where is a small info panel I read the same, PHP: 7.4.33
I do not understand this, my idea was to have php7.4 available just to be used in some domains or even some directories in a domain in order to use old software that can't use PHP 8X versions, I never meant to use PHP 7.4 for other purposes and while setting up I never indicated PHP 7.4 as default for anything, actually I did not even settled PHP 7.4 in use anywhere int he domain.
Therefore, why is PHP 7.4 mentioned in the dashboards as "in use", with PHP 8.3 forced in the main dashboard and as "default" in the domain dashboard if, in theory, is not used on both?
How can I check which version are really used in the server and in the domain?
Ty in advance for help and info.
10
CentOS-WebPanel Bugs / Re: Latest CWP Almalinux 9 sept2024 fresh instal = amavis timeout + mariadb Vmem exc
« on: September 19, 2024, 05:19:18 PM »
Hello
ty, OK
how to check if postfix is configured to work with amavis on 127.0.0.1 ?
Which file(s) and lines in it should be checked?
Thank you
ty, OK
how to check if postfix is configured to work with amavis on 127.0.0.1 ?
Which file(s) and lines in it should be checked?
Thank you
11
CentOS-WebPanel Bugs / Re: Latest CWP Almalinux 9 sept2024 fresh instal = amavis timeout + mariadb Vmem exc
« on: September 18, 2024, 05:27:57 PM »
Yes I know, my host do not offer almalinux 8, I did not want to do a manual install and opted to try almalinux 9
However, I found out that adding the line $inet_socket_bind = '127.0.0.1'; in /etc/amavisd/amavisd.conf seems to solve the problem, I also rebooted and amavis seems to start fine after this addition.
OpenDKIM instead after reboot is stopped, do not automatically start, but if I manually start goes on and seems to work, I checked the logs and I get no particular info, only that failed to start, no details...
I cheked wheter was enabled to be started at boot, and was not, I enabled it, reboot and worked
As far as I know/discovered by myself as ignorant DIY buddy those were the culprits, I hope that beyond these issues those services truly work now, still have to check this...
BTW ... Silly question from an ignorant...
As I am not expert and have always doubts about security...
Can anyone confirm that that adding the line $inet_socket_bind = '127.0.0.1'; to /etc/amavisd/amavisd.conf does NOT cause security troubles or other kind of problems/errors?
Ty in advance
UPDATE:
I found this on the web
"If you bind a socket for receiving data to a specific address you can only receive data sent to this specific IP address. For example, if you bind to 127.0.0.1 you will be able to receive data from your own system but not from some other system on the local network, because they cannot send data to your 127.0.0.1: for one any data to 127.0.0.1 will be sent to their own 127.0.0.1 and second your 127.0.0.1 is an address on your internal loopback interface which is not reachable from outside."
If I do not understand wrong, there should be no major problems with this addition in the amavisd configuration, is that correct?
Ty
However, I found out that adding the line $inet_socket_bind = '127.0.0.1'; in /etc/amavisd/amavisd.conf seems to solve the problem, I also rebooted and amavis seems to start fine after this addition.
OpenDKIM instead after reboot is stopped, do not automatically start, but if I manually start goes on and seems to work, I checked the logs and I get no particular info, only that failed to start, no details...
I cheked wheter was enabled to be started at boot, and was not, I enabled it, reboot and worked
As far as I know/discovered by myself as ignorant DIY buddy those were the culprits, I hope that beyond these issues those services truly work now, still have to check this...
BTW ... Silly question from an ignorant...
As I am not expert and have always doubts about security...
Can anyone confirm that that adding the line $inet_socket_bind = '127.0.0.1'; to /etc/amavisd/amavisd.conf does NOT cause security troubles or other kind of problems/errors?
Ty in advance
UPDATE:
I found this on the web
"If you bind a socket for receiving data to a specific address you can only receive data sent to this specific IP address. For example, if you bind to 127.0.0.1 you will be able to receive data from your own system but not from some other system on the local network, because they cannot send data to your 127.0.0.1: for one any data to 127.0.0.1 will be sent to their own 127.0.0.1 and second your 127.0.0.1 is an address on your internal loopback interface which is not reachable from outside."
If I do not understand wrong, there should be no major problems with this addition in the amavisd configuration, is that correct?
Ty
12
CentOS-WebPanel Bugs / Latest CWP Almalinux 9 sept2024 fresh instal = amavis timeout + mariadb Vmem exc
« on: September 18, 2024, 04:51:22 PM »
Hello
I installed fresh almalinux 9 and CWP PRO according to the precise instructions given.
The server has 30Gb RAM, 8 CPU AMD EPYC 7282, AlmaLinux release 9.4 (Seafoam Ocelot) - Kernel Version: 5.14.0-427.35.1.el9_4.x86_64 - Platform: x86_64 kvm
Apache version: Apache/2.4.56
PHP version: 7.4.33 Forced PHP-FPM: 8.1
MySQL version: 10.5.22-MariaDB
FTP version: 1.0.51
Web Servers: nginx-varnish-apache
I settled all the basic about SSL, rDNS/PTR and other basic settings.
All seems to work fine so far.
I installed ClamAV, all went fine.
However, I tried to use "Postfix Mail Server Manager" in order to activate and use the following:
AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM
rDNS Check (recommended): Drop all emails if no rDNS/PTR
Install DKIM & SPF (recommended): Installs DKIM & SPF, enables DKIM for New Accounts and Domains
Install Policyd (recommended): Installs Policyd, enables hourly email limit per domain.
The result apparently was successful, but:
- AMaVis service do not start due to time limit, trying to restart it does give same error, after reboot also do not start
- OpenDKIM service started after activation, but after the reboot did not start, trying to restart it does work (apparently)
After activating those services I received various emails telling about these errors:
Account: mysql
Resource: Process Time
Exceeded: 7211 > 1800 (seconds)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 916 (Parent PID:916)
Killed: No
And this:
Account: mysql
Resource: Virtual Memory Size
Exceeded: 2092 > 512 (MB)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 1443 (Parent PID:1443)
Killed: No
and another one telling this:
Account: clamupdate
Resource: RSS Memory Size
Exceeded: 410 > 256 (MB)
Executable: /usr/bin/freshclam
Command Line: freshclam
PID: 40327 (Parent PID:40276)
Killed: No
I tried to search information/solutions to these issues and found only sparse information that I am not sure can work and do not seem exhaustive anyway.
To me seems that the "Postfix Mail Server Manager" automatic configurator is incomplete, would be nice if it would take care to add the correct variables in the proper configuration files to avoid getting those errors.
However, can anyone tell what should I fix in the configuration of the server in order to solve these issues?
Thank you in advance
I installed fresh almalinux 9 and CWP PRO according to the precise instructions given.
The server has 30Gb RAM, 8 CPU AMD EPYC 7282, AlmaLinux release 9.4 (Seafoam Ocelot) - Kernel Version: 5.14.0-427.35.1.el9_4.x86_64 - Platform: x86_64 kvm
Apache version: Apache/2.4.56
PHP version: 7.4.33 Forced PHP-FPM: 8.1
MySQL version: 10.5.22-MariaDB
FTP version: 1.0.51
Web Servers: nginx-varnish-apache
I settled all the basic about SSL, rDNS/PTR and other basic settings.
All seems to work fine so far.
I installed ClamAV, all went fine.
However, I tried to use "Postfix Mail Server Manager" in order to activate and use the following:
AntiSpam/AntiVirus (recommended): ClamAV, Amavis & Spamassassin, Requires 2Gb+ RAM
rDNS Check (recommended): Drop all emails if no rDNS/PTR
Install DKIM & SPF (recommended): Installs DKIM & SPF, enables DKIM for New Accounts and Domains
Install Policyd (recommended): Installs Policyd, enables hourly email limit per domain.
The result apparently was successful, but:
- AMaVis service do not start due to time limit, trying to restart it does give same error, after reboot also do not start
- OpenDKIM service started after activation, but after the reboot did not start, trying to restart it does work (apparently)
After activating those services I received various emails telling about these errors:
Account: mysql
Resource: Process Time
Exceeded: 7211 > 1800 (seconds)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 916 (Parent PID:916)
Killed: No
And this:
Account: mysql
Resource: Virtual Memory Size
Exceeded: 2092 > 512 (MB)
Executable: /usr/libexec/mariadbd
Command Line: /usr/libexec/mariadbd --basedir=/usr
PID: 1443 (Parent PID:1443)
Killed: No
and another one telling this:
Account: clamupdate
Resource: RSS Memory Size
Exceeded: 410 > 256 (MB)
Executable: /usr/bin/freshclam
Command Line: freshclam
PID: 40327 (Parent PID:40276)
Killed: No
I tried to search information/solutions to these issues and found only sparse information that I am not sure can work and do not seem exhaustive anyway.
To me seems that the "Postfix Mail Server Manager" automatic configurator is incomplete, would be nice if it would take care to add the correct variables in the proper configuration files to avoid getting those errors.
However, can anyone tell what should I fix in the configuration of the server in order to solve these issues?
Thank you in advance
13
CentOS-WebPanel Bugs / Re: Roundcube Internal server error
« on: May 23, 2022, 03:33:26 AM »
The problem of the inbox not working is fast solved with the cwp and cwp roundcube update fix as suggested by CWP.
I have two servers with CWP, the older one had all of these problems with roundcube, the newer one not, comparing the two, for what is concerning the big contact photo and the absence of the HTML rich editor when composing emails I could find out what was fixed in the newer and replicate a similar environment in the older.
Very simply in the elastic skin folder the files that are listed here below do conflict(?) with others and the result is a botched GUI.
I have no idea of why and which file does what wrong, however renaming or deleting those files do the trick.
The files are:
dark.less
embed.min.css
print.min.css
styles.min.css
So far now seems all ok.
Ty
I have two servers with CWP, the older one had all of these problems with roundcube, the newer one not, comparing the two, for what is concerning the big contact photo and the absence of the HTML rich editor when composing emails I could find out what was fixed in the newer and replicate a similar environment in the older.
Very simply in the elastic skin folder the files that are listed here below do conflict(?) with others and the result is a botched GUI.
I have no idea of why and which file does what wrong, however renaming or deleting those files do the trick.
The files are:
dark.less
embed.min.css
print.min.css
styles.min.css
So far now seems all ok.
Ty
14
CentOS-WebPanel Bugs / Re: Roundcube Internal server error
« on: May 22, 2022, 11:36:12 PM »
I have the same problem with elastic skin of the big pic occupying all the space available in the email panel, I tried to change the css files and nothing good happened, finally I simply changed the svg image size to 50x50px and that did the trick, for the moment at least
Uploading an image for the contact will show the image just as big as originally imported.
Many months passed by since people begun to notice these roundcube errors, seems that it is still the same, 1.4, big image, and probably other errors.
One that s not minor that I found out on my server is that using elastic skin when I reply or wrtie a new email, despite having settled the configuration to always use HTML, the editor's tools to format the text do not appear nowhere, also the emoticons do not appear (I enable the emoticons plugin).
I have no idea about how to solve this one...
Uploading an image for the contact will show the image just as big as originally imported.
Many months passed by since people begun to notice these roundcube errors, seems that it is still the same, 1.4, big image, and probably other errors.
One that s not minor that I found out on my server is that using elastic skin when I reply or wrtie a new email, despite having settled the configuration to always use HTML, the editor's tools to format the text do not appear nowhere, also the emoticons do not appear (I enable the emoticons plugin).
I have no idea about how to solve this one...
15
E-Mail / Re: Roundcube profile image too big
« on: May 22, 2022, 10:08:07 PM »
Hello
I have the same problem of the stretched profile image occupying the whole panel where the email is shown.
I checked on more browsers and the result is the same
I checked the css style in /usr/local/cwpsrv/var/services/roundcube/skins/elastic/styles/styles.css, the "img.contactphoto" is complete with border, height and the rest as follows: img.contactphoto{margin:0 1rem 0 0;border-radius:50%;width:4rem;height:4rem;object-fit:cover}
I tried to change it, but I see no effects at all whatever I do.
I also got another thing I do not understand how to solve.
When replying or writing a new message, despite I settled the configuration to always use html I get no editor tools to format the text, no emoticons (I already enabled the emoticons plugin)....
I have the same problem of the stretched profile image occupying the whole panel where the email is shown.
I checked on more browsers and the result is the same
I checked the css style in /usr/local/cwpsrv/var/services/roundcube/skins/elastic/styles/styles.css, the "img.contactphoto" is complete with border, height and the rest as follows: img.contactphoto{margin:0 1rem 0 0;border-radius:50%;width:4rem;height:4rem;object-fit:cover}
I tried to change it, but I see no effects at all whatever I do.
I also got another thing I do not understand how to solve.
When replying or writing a new message, despite I settled the configuration to always use html I get no editor tools to format the text, no emoticons (I already enabled the emoticons plugin)....
Pages: [1] 2
