WHM / cPanel – list all email accounts and mailbox sizes on server

Standard

Here is a little perl script (big thanks to the original author) that will list all mailboxes on the server that returns the following fields, tab-separated:
user, email address, mailbox size (unit: MB)

opendir(USERS, ‘/var/cpanel/users’) || die $!;
while (my $user = readdir(USERS)) {
  # user loop
  next if $user =~ /^\.|system/; # skip . and .. dirs
  if (opendir(ETC, “/home/$user/etc”)) {
    while (my $domain = readdir(ETC)) {
      next if $domain =~ /^\./; # skip . and .. dirs
      if (-d “/home/$user/etc/$domain/”) {
        if (opendir(MAIL, “/home/$user/mail/$domain/”)) {
          while (my $email = readdir(MAIL)) {
            next if $email =~ /^\./;
            if (-d “/home/$user/mail/$domain/$email/”) {
              print “$user  $email\@$domain  “;
              system(“du -BM –max-depth=0 /home/$user/mail/$domain/$email/ | cut -f1”);
              }
            }
          }
        closedir(MAIL);
        }
      }
    closedir(ETC);
    }
  }
closedir(USERS);

Plesk 11.5 – upgrading to MySQL 5.5.x and php 5.4.x

Standard

On a sever using Plesk 11.5 (Centos 6), i recently upgraded MySQL and PHP using the atomicorp repo, and ran into problems with MySQL refusing to start after the upgrade.

For those who don’t know, the atomicorp repo can be added using the following commands:

wget -q -O – http://www.atomicorp.com/installers/atomic | sh

yum update

Everything seemed to go smoothly, but the mysqld service refused to start after that..

This is what the log said:

InnoDB: The InnoDB memory heap is disabled
InnoDB: Mutexes and rw_locks use GCC atomic builtins
InnoDB: Compressed tables use zlib 1.2.3
InnoDB: Using Linux native AIO
InnoDB: Warning: io_setup() failed with EAGAIN. Will make 5 attempts before giving up.
InnoDB: Warning: io_setup() attempt 1 failed.
InnoDB: Warning: io_setup() attempt 2 failed.
InnoDB: Warning: io_setup() attempt 3 failed.
InnoDB: Warning: io_setup() attempt 4 failed.
InnoDB: Warning: io_setup() attempt 5 failed.
InnoDB: Error: io_setup() failed with EAGAIN after 5 attempts.
InnoDB: You can disable Linux Native AIO by setting innodb_use_native_aio = 0 in my.cnf
InnoDB: Fatal error: cannot initialize AIO sub-system
[ERROR] Plugin ‘InnoDB’ init function returned error.
[ERROR] Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed.
[ERROR] Unknown/unsupported storage engine: InnoDB
[ERROR] Aborting

It turns out that i needed to add the following directives in the my.conf file (found in /etc/):

innodb_use_native_aio=0
innodb_buffer_pool_size=2M
innodb_additional_mem_pool_size=500K
innodb_log_buffer_size=500K
innodb_thread_concurrency=2

after restarting the mysqld service (using the command: service mysqld restart), everything was back to normal.

for good measure, i also ran the following command:

mysql_upgrade -uadmin -p`< /etc/psa/.psa.shadow `

Hope this helps!

Multiple Domain SSL Certificates in Plesk and Postfix

Standard

What if you have Multiple (virtual) Domains, and you want each one to use SSL Certificates in Plesk and Postfix so that email clients don't have SSL issues?

If you want each domain to use a valid SSL certificate, you have 2 solutions: use a multi-domain certificate, or set up each domain on a unique IP, and use normal domain-specific certificates. The first solution is terrible: those certificates are usually quite expensive (though you can find inexpensive ones), they will list all of the domains you wish to certify on the same cert, and, most importantly, they are only issued once, so adding just one new domain means getting an entirely new cert.

The better solution is to place each domain on its own IP, and then to match each certificate to its respective IP.

Here's how you do it in postfix.

You will first place your certificates for each domain in the /etc/postfix/ directory (you can also create a /etc/postfix/ssl/ directory) Note: i use Plesk, which uses .pem certificate files, but you can also use .key and .cer files — .pem files are just a concat of .key and .cer file, in that order, meaning that it includes the private key, the domain certificate and the CA and root certificates, in that order

then, you need to modify the end of the master.cf file in /etc/postfix/

originally, the last lines of mine looked like this (probably because i added the last 3 IPs after i set up the server:

1.1.1.1- unix – n n – – smtp -o smtp_bind_address=1.1.1.1 -o smtp_bind_address6= -o smtp_address_preference=ipv4

2.2.2.2- unix – n n – – smtp -o smtp_bind_address=2.2.2.2 -o smtp_bind_address6= -o smtp_address_preference=ipv4

smtp inet n – n – – smtpd
smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes
submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticate d,reject -o smtpd_sender_restrictions=

3.3.3.3- unix – n n – – smtp -o smtp_bind_address=3.3.3.3 -o smtp_bind_address6= -o smtp_address_preference=ipv4

4.4.4.4- unix – n n – – smtp -o smtp_bind_address=4.4.4.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4

5.5.5.5- unix – n n – – smtp -o smtp_bind_address=5.5.5.5 -o smtp_bind_address6= -o smtp_address_preference=ipv4

Now, to bind each certificate to its corresponding IP, you do as follows:

1.1.1.1- unix – n n – – smtp -o smtp_bind_address=1.1.1.1 -o smtp_bind_address6= -o smtp_address_preference=ipv4

2.2.2.2- unix – n n – – smtp -o smtp_bind_address=2.2.2.2 -o smtp_bind_address6= -o smtp_address_preference=ipv4

3.3.3.3- unix – n n – – smtp -o smtp_bind_address=3.3.3.3 -o smtp_bind_address6= -o smtp_address_preference=ipv4

4.4.4.4- unix – n n – – smtp -o smtp_bind_address=4.4.4.4 -o smtp_bind_address6= -o smtp_address_preference=ipv4

5.5.5.5- unix – n n – – smtp -o smtp_bind_address=5.5.5.5 -o smtp_bind_address6= -o smtp_address_preference=ipv4

#smtp inet n – n – – smtpd
#smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes
#submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=

1.1.1.1:smtp inet n – n – – smtpd -o smtpd_tls_cert_file=/etc/postfix/cert1.pem -o smtpd_tls_key_file=/etc/postfix/cert1.pem
1.1.1.1:smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert1.pem -o smtpd_tls_key_file=/etc/postfix/cert1.pem
1.1.1.1:submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert1.pem -o smtpd_tls_key_file=/etc/postfix/cert1.pem

2.2.2.2:smtp inet n – n – – smtpd -o smtpd_tls_cert_file=/etc/postfix/cert2.pem -o smtpd_tls_key_file=/etc/postfix/cert2.pem
2.2.2.2:smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert2.pem -o smtpd_tls_key_file=/etc/postfix/cert2.pem
2.2.2.2:submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert2.pem -o smtpd_tls_key_file=/etc/postfix/cert2.pem

3.3.3.3:smtp inet n – n – – smtpd -o smtpd_tls_cert_file=/etc/postfix/cert3.pem -o smtpd_tls_key_file=/etc/postfix/cert3.pem
3.3.3.3:smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert3.pem -o smtpd_tls_key_file=/etc/postfix/cert3.pem
3.3.3.3:submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert3.pem -o smtpd_tls_key_file=/etc/postfix/cert3.pem

4.4.4.4:smtp inet n – n – – smtpd -o smtpd_tls_cert_file=/etc/postfix/cert4.pem -o smtpd_tls_key_file=/etc/postfix/cert4.pem
4.4.4.4:smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert4.pem -o smtpd_tls_key_file=/etc/postfix/cert4.pem
4.4.4.4:submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert4.pem -o smtpd_tls_key_file=/etc/postfix/cert4.pem

5.5.5.5:smtp inet n – n – – smtpd -o smtpd_tls_cert_file=/etc/postfix/cert5.pem -o smtpd_tls_key_file=/etc/postfix/cert5.pem
5.5.5.5:smtps inet n – n – – smtpd -o smtpd_tls_wrappermode=yes -o smtpd_tls_cert_file=/etc/postfix/cert5.pem -o smtpd_tls_key_file=/etc/postfix/cert5.pem
5.5.5.5:submission inet n – n – – smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_tls_cert_file=/etc/postfix/cert5.pem -o smtpd_tls_key_file=/etc/postfix/cert5.pem

That's it!! (don't forget to comment out the original lines as seen above)

Note: to do the same for POP/IMAP if you use courier-imap, you simply place copies of those .pem files in /usr/share/courier-imap/ (or in the case of Plesk, you place them in /usr/share/ ) and you name them as follows: imapd.pem.xx.xx.xx.xx pop3d.pem.xx.xx.xx.xx — where xx.xx.xx.xx is the respective IP address (the 2 certificates are copies of the same file)

Also: the free startssl certificates work just fine for these purposes.

Hope this helps!