Sometimes you need to re-run this task, such as if it failed or if you need to process a particular domain name again. One common reason for this is to correct the disk and/or bandwidth usage figures for a domain.

You can either regenerate the statistics for all domain names (the equivalent of the daily cron job) using:

/usr/local/psa/admin/sbin/statistics –calculate-all

Or you can re-generate the statistics for a single domain name (“example.com” in this case) using:

/usr/local/psa/admin/sbin/statistics –calculate-one –domain-name=example.com

There is a similar tool in Parallels Plesk for Windows under C:\Program Files (x86)\Parallels\Plesk\admin\bin\statistics.exe, however this requires different arguments.

There are two different methods of installing SSL certificates in SoluSVM depending on if you are using the original Lighttpd web-server or the new Nginx option.

For Lighttpd, you need to place the Base64 encoded DER form of both the private key and the x509 certificate in /usr/local/solusvm/ssl/solusvm.pem and then restart the Lighttpd web-server.

You may need to edit /etc/lighttpd/lighttpd.conf and set “ssl.ca-file” to be the path to the Base64 encoded DER form of the x509 certificate intermediate certificate for your Certificate Authority.

For Nginx, you place the Base64 encoded DER form of both the private key in /usr/local/solusvm/ssl/nginxcert.key and the Base64 encoded DER form of x509 certificate in /usr/local/solusvm/ssl/nginxcert.pem then restart the Nginx web-server.

If you need to include an intermediate certificate for your Certificate Authority, then this also goes in the /usr/local/solusvm/ssl/nginxcert.pem file in Base64 encoded DER form.

You can either disable Zimlets server wide through the admin console, or on a per-account basis using the preferences. In particular, look for the “Date”, “Email”, “Phone” and “URL Links” Zimlets as these are the four of the default Zimlets in Zimbra 7.x that are responsible for highlighting parts of messages and turning them into contextual links.

I’m a big fan of the performance and flexibly of Nginx, not to mention that in my opinion the Nginx configuration files are just much easier to write and maintain than Lighttpd.

Thanks to a nice, easy to use installation script, the process of converting the SolusVM master server/node from Lighttpd to Nginx, just requires running the following commands:

wget http://files.soluslabs.com/solusvm/nginx/nginx-master-el5-x86_64
chmod 755 nginx-master-el5-x86_64
./nginx-master-el5-x86_64

And to convert each of your SolusVM slave servers/nodes from Lighttpd to Nginx, it’s just as simple:

wget http://files.soluslabs.com/solusvm/nginx/nginx-slave-el5-x86_64
chmod 755 nginx-slave-el5-x86_64
./nginx-slave-el5-x86_64

Both of these examples assume that you are running your SolusVM master and slave servers/nodes on a 64-bit CentOS 5.x system, however if you are using CentOS 6.x then just substitute “el6″ for “el5″ in each of these commands.

As part of the installation process, a new self signed SSL certificate will be generated for Nginx, leaving the original SSL certificate used by Lighttpd in it’s place in case you need to roll back for any reason. The roll back is simply a case of stopping and disabling the Nginx and Spawn-FCGI services before re-enabling and starting the Lighttpd service:

chkconfig nginx off
chkconfig spawn-fcgi off
chkconfig lighttpd on
service nginx stop
service lighttpd start

Apple have a brief tribute to the great man over at http://www.apple.com/stevejobs/

For some reason Parallels Plesk doesn’t specify a seperate ErrorLog for the Horde webmail.domain.com vhost in /etc/httpd/conf.d/zzz_horde_vhost.conf so all of the logs from Horde end up in the main Apachce HTTPD error log at /var/log/httpd/error_log.

In the logs there should be PHP errors where Horde is unable to load one of it’s shared libraries that is used for processing attachments:

PHP Fatal error: Can’t load Horde/Serialize.php, open_basedir restriction. in /usr/share/psa-horde/lib/Horde/SessionObjects.php on line 134,

The easiest way to fix this is to change the relative path to the file (Horde/Serialize.php) to an asbolute path, so take a copy of /usr/share/psa-horde/lib/Horde/SessionObjects.php as a backup then open the file up and
look for two lines that say:

require_once ‘Horde/Serialize.php’;

And edit these two lines to have the full path:

require_once ‘/usr/share/psa-horde/lib/Horde/Serialize.php’;

Now all you have to do is save the file and test that Horde has started working as expected. Remember that future updates to Horde from Parallels will overwrite this file and you will have to re-apply your change.

Previously, the “main” IP address on the adapter would have been used for initiating outbound connections and the “additional” IP addresses would be used for inbound connectivity only (unless specifically bound to by a client application, which is quite rare).

However, the new behaviour in Windows Server 2008 is that the IP address closest to the default gateway is used for outbound connections, which can catch you completely by surprise when your server’s IP address effectively changes after simply adding a new additional IP address to an interface – particularly if you are using firewalls to filter connections by IP address elsewhere in your network!

In order to provide some control which IP address is used for outbound connections, Microsoft introduced the “skipassource” flag to the netsh command. This allows you to exclude IP addresses from being used for outbound connections when managing IP addresses via netsh.

This command wasn’t initially available, so you may need to apply one of Microsoft’s hotfixes (KB975808 for Windows Server 2008 and KB2386184 for Windows Server 2008 R2). It is also possible to wipe out your carefully crafted skipassource settings using the GUI unless you apply KB2554859.

To add an IP address to the “Local Area Connection” interface with the skipassource flag set, fire up the command line and run the following (replacing <ip> <netmask&gt with the appropriate values for your network of course):

netsh int ipv4 add address “Local Area Connection” <ip> <netmask> skipassource=true

You can verify that this has worked as well as view the flags on all currently configured IP addresses using:

netsh int ipv4 show ipaddresses level=verbose

You can export a chosen mailbox from the source Zimbra server with:

zmmailbox -z -m user@test.com getRestURL “//?fmt=tgz” > /tmp/user_test.com.tar.gz

And then import it into the destination server with:

zmmailbox -z -m user@test.com postRestURL “//?fmt=tgz&resolve=reset” /tmp/user_test.com.tar.gz

You need to make sure that the target account exists before attempting to import the archive on the destination server. Using the “reset” resolve method will ensure that everything is wiped from the target account before importing from the archive.

Simply replace “tgz” with “zip” in order to chose between the two archive formats when importing and exporting, making sure to use the right one on the import!

If you want to download a copy of an account from your browser, just visit the appropriate URL (e.g. http://mail.test.com/home/user/?fmt=tgz where “user” is the account’s username) or use the nice Import/Export GUI in the Zimbra preferences tab, which also gives you the option to upload and import an archive.

The Zimbra preference interface to the export function also allows you to easily specify advanced settings such as date ranges, search filters or limiting the export to a certain data type such as calendar items.

The one problem with Zimbra’s import/export system is that user settings such as signatures and mail filters which are stored in an account’s LDAP attributes aren’t included in the exported data. It’s easy enough to manually move signatures between servers, but anything more than a couple of mail filters can be tedious to manually re-create.

Luckily, you can get the information you need from the zimbraMailSieveScript attribute for a chosen account using the zmprov command line utility:

zmprov ga user@test.com zimbraMailSieveScript

This should give you something a copy of your mail filter rules in the sieve format, for example:

require ["fileinto", "reject", "tag", "flag"];

# No Reply
if anyof (header :contains ["to"] “noreply@test.com”) {
fileinto “Inbox/No Reply”;
stop;
}

You can then easily re-import this into LDAP on the destination server by placing single quotes around the result and using “zmprov ma”:

zmprov ma user@test.com zimbraMailSieveScript ‘require ["fileinto", "reject", "tag", "flag"];

# No Reply
if anyof (header :contains ["to"] “noreply@test.com”) {
fileinto “Inbox/No Reply”;
stop;
}’

You can of course apply the same technique to other account details if you wish, you just need to know the appropriate LDAP attribute, such as zimbraPrefMailSignatureHTML for your signature or zimbraPrefOutOfOfficeReply for your out of office auto reply.

It seems that Parallels are using ptrace to determine if someone has attached a debugger to Plesk in order to reverse engineer it. The problem is that AtomiCorp have implemented GRSecurity ptrace protection in the Atomic Secured Linux kernel in order to prevent malicious software such as TTY sniffers and Parallels Plesk is incorrectly interpreting it’s inability to ptrace as suspicious debugging behaviour.

Until Parallels fix this behaviour in Plesk (and there is no sign that they will, given that it has been a known issue for many months), then the only thing that you can to is disable the GRSecurity ptrace feature in the Atomic Secured Linux kernel. This can be done whilst the system is running using sysctl:

sysctl -w kernel.grsecurity.harden_ptrace=0

In order to make this change permanent so that it doesn’t disappear every time you reboot your server, you will need to edit /etc/sysctl.conf and add the following line:

kernel.grsecurity.harden_ptrace = 0

Now restart the Parallels Plesk service and enjoy your error free license management

Thanks to the EPEL project run by the Fedora guys, you can quickly and easily install an up to date copy of NSD on CentOS/RHEL systems. The only problem that I have found so far is that the RPM doesn’t seem to create directory for the PID file specified in the /etc/nsd/nsd.conf and so the daemon won’t start out of the box.

Obviously it is easy enough to create the /var/run/nsd directory with mkdir, but remember to chown/chgrp this directory to the nsd user and group, otherwise and “nsdc restart” will fail with errors in /var/log/messages along the lines of “failed to unlink pidfile /var/run/nsd/nsd.pid: Permission denied“