"The mind of a Mad Tech!"

UPDATED as of April 1st, 2010

*It seems Parallel’s has released a fix for this. Fix was just released / revised as of April 1st, 2010*

http://kb.parallels.com/en/8338

Resolution

It is necessary to update Parallels Panel web-engine:

1. Download the appropriate package using the wget utility. Example for CentOS 5 x86:

A list of fixed packages:

CentOS 5 x86
CentOS 5 x86_64
CentOS 4 x86
CentOS 4 x86_64
RHEL 4 x86
RHEL 4 x86_64

2. Install the downloaded package. Example for CentOS 5 x86:

Taken from “http://mattiasgeniar.be/2010/03/29/dont-upgrade-openssl-if-youre-using-plesk-broken-controlpanel/” -

If you’re using Plesk 9.x on a CentOS system, don’t upgrade the openssl package from version 0:0.9.8e-12.el5_4.1 to 0:0.9.8e-12.el5_4.6. It will break your Plesk Controlpanel, causing it to no longer start up. You’ll see a message similar to this.

[root@srv~]# /etc/init.d/psa start

Starting xinetd service…               done

Starting named service…             done

Starting mysqld service…           done

Plesk: Starting Mail Server… already started

Starting mail handlers tmpfs storage

Starting Plesk…                       failed

There won’t be an obvious error message in any log file location (/var/log/*, /usr/local/psa/var/log/*, /usr/local/psa/admin/logs/*), but it will most likely be caused by your recent openssl upgrade. Solution is this.

1) Downgrade method

[root@srv~]# yum downgrade openssl openssl-devel

2) Using RPM packages

You have to download these first! After completing the next steps, you’ll be without openssl – and downloading through wget or curl won’t  work because of missing libraries. Please take note: the following is at your own risk (and if you lose your SSH connection in the meanwhile, you’re screwed).

Find your current OpenSSL version, it should read version “el5_4.6″.

[root@srv~]# rpm -qa | grep -i openssl
openssl-0.9.8e-12.el5_4.6

Remove the package (if you haven’t downloaded the openssl package yet, do so first !!). (due to the font of this blog, it’s confusing, but the parameter = ‘ – – nodeps’).

[root@srv ~]# rpm -e –nodeps openssl-0.9.8e-12.el5_4.6

And re-install the correct version (replace the RPM with the one for your achitecture).

[root@srv  ~]# rpm -ivh openssl-0.9.8e-12.el5_4.1.x86_64.rpm
warning: openssl-0.9.8e-12.el5_4.1.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID e8562897
Preparing…                ########################################### [100%]
1:openssl                ########################################### [100%]

Afterwards, you’ll be able to start Plesk again.

[root@srv~]# /etc/init.d/psa start

Starting xinetd service…               done

Starting named service…             done

Starting mysqld service…           done

Plesk: Starting Mail Server… already started

Starting mail handlers tmpfs storage

Starting Plesk…                       done

For now the only workaround is to downgrade openssl, either with yum or with rpm (if yum is not configured):

# wget -c http://mirrors.kernel.org/centos/5/updates/x86_64/RPMS/{openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# rpm -Uvh –oldpackage {openssl-0.9.8e-12.el5_4.1.x86_64.rpm,mod_ssl-2.2.3-31.el5.centos.2.x86_64.rpm,httpd-2.2.3-31.el5.centos.2.x86_64.rpm}

# /etc/init.d/sw-cp-server start

To disable reverse lookups in qmail with Plesk,  you can  add -Rt0 to the server_args line in /etc/xinetd.d/smtp_psa


service smtp
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /usr/sbin/rblsmtpd -r sbl-xbl.spamhaus.org /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}


Once you have made the change, you will need to restart the Xinetd service;

# /etc/init.d/xinetd restart

*DNS reverse lookups will no longer be called. Please note if you make any changes in Plesk regarding mail it will overwrite the change that you just made.*

Here is a simple and quick way to test a SMTP mail relay service.

Use the telnet program in unix or windows to connect to port 25(SMTP) on your
SMTP server.  Note that windows telnet from the command line will not echo what
you type so it is not recommended.

  telnet mail.yourdomain.com 25

You will be prompted with a SMTP server response something like this..

  Trying 64.26.21.198...
  Connected to mail.yourdomain.com.
  Escape character is '^]'.
  220 mail.yourdomain.com ESMTP Sendmail 8.9.3/8.9.3; Tue, 27 Aug 2002 16:20:32 -0500

Next you identify yourself with the ehlo "hello" command..

  ehlo myhost.mydomain.com

You should see a response like this..

  250-mail.yourdomain.com myhost.mydomain.com [203.32.9.6] pleased to meet you
  250-8BITMIME
  250-SIZE 10000000
  250-DSN
  250-ONEX
  250-ETRN
  250-XUSR
  250 HELP

Now start creating the mail message by entering the from address..  

  mail from: [email protected]

You will recieve a response like this..

  250 [email protected].. Sender ok

Now define the recipient's address..

  rcpt to: [email protected]
If the mail server allows relay for the user you specified, you will recieve
a resonse like this..

  250 [email protected].. Recipient ok

If the mail server does not allow relaying for the user specified, you will
an error like this..

  550 [email protected].. Relaying denied
This is a good way to test a mail server for the open relay vulnerability. If
the mail server allows relay for all email addresses and is publicly
accessable it may be used by spammers to send unsolicited mail.

Now we start the data part of the message, type...

  data

Next you need to construct the body of the message and optionaly nice looking
mail headers.  First the optional headers.  You can skip this step and still
send mail. When you are finished with the body of the message, type a single
"." on an otherwise empty line.  This will signal the end of the message.

  To: John Thomas <[email protected]>
  From: Jane Smith <[email protected]>
  Subject: Testing SMTP Mail Relay
  Dear John

  This is the body of the message.

  .

Now you will see a response like this..

  250 QAA07271 Message accepted for delivery
Finally, disconnect from the mail server by typing..

  quit

You will see..

  221 mail.yourdomain.com closing connection
  Connection closed by foreign host.
Optionaly you can continue to compose more messages.

Here is an end to end example...

user@host ~$ telnet 192.168.99.99 25
Trying 192.168.99.99...
Connected to mx.someotherplace.com (192.168.99.99).
Escape character is '^]'.
220 mx.someotherplace.com ESMTP CSEEMail (2.0)
ehlo myhost.org
250-mx.someotherplace.com
250-PIPELINING
250-SIZE 28672000
250-VRFY
250-ETRN
250 8BITMIME
mail from: [email protected]
250 Ok
rcpt to: [email protected]
250 Ok
data
354 End data with <CR><LF>.<CR><LF>
Subject: Howdy from me
here is the end to end test
.
250 Ok: queued as D3A30D80E1
quit
221 Bye
Connection closed by foreign host.
user@host ~$

You may notice that if you attempt an easyapache update in Cpanel that you run into the following issue;

Premature end of script headers: /usr/local/cpanel/whostmgr/docroot/cgi/
easyapache.pl: Please check   /  usr /  local /  cpanel /  logs /  error_log  for the exact error.

This indicates that you have either a bad install or an out of date instance of Perl. You can correct this by doing the following;
SSH into the vps  / server and do the following;

cd /

wget http://layer1.cpanel.net/perl588installer.tar.gz

tar -xvzf perl588installer.tar.gz

cd ./perl588installer

./install

cd /

rm -rf ./perl588installer

rm ./perl588installer.tar.gz

rm -f /home/*/.cpanel-datastore/_usr_bin_perl_-v

All done!

New Page 1

To install Zend onto a Linux server, its not as complex as it may seem and

its actually pretty easy. To do so, you will first need to SSH onto the linux

server. Once you do this, simply type the following to access the root

directory;

cd /root

Now that you are in the root directly, if you type the following, it will

pull the Zend files over to the servers. This is an install hosted on this blog;

wget

http://keithdmitchell.com/downloads/zend/ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz

Now that you have this, you are ready to install Zend.

Since the file is in the root directly, you will need to type the following

to start;

tar xvfx ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz

Once that is done, you will need to goto the directly that the files are now

located, so type;

cd  ZendOptimizer-3.3.3-linux-glibc23-i386

Once you have changed directory, Make sure the install.sh file has been

created. To do this type this command:

ls -la

If you see the files, you are now ready to follow-up on the install. To start

the install process, type  the following;

./install.sh

This will start the install process and prompt you using a setup wizard. Make

you sure read and accept the license agreement (otherwise you will not be able

to install zend).

By default, zend will install to /usr/local/zend or

/usr/local/zend/etc. When it asks you if you are using a webserver,

enter yes, as you are using apache web server.

It will ask for your location of the php.ini file on your server. Depending
on

your OS and if you are running a control panel, it will end up being a different

location.

.

If you aren’t sure, then quit the install and type;

locate php.ini

This will attempt to locate the php.ini file for you. Zend will

attempt to locate it on the install process, but if it can’t, then you will need

to find the file.

Next it will ask if you are using Apache web server. Answer yes

as you are.

It will then ask for the apache control utility directory, Zend will locate
this for you.

Zend will then install, verify the install and then ask to restart the
webserver,

which you will need it to do.

Once this is done, the Zend optimizer is installed.

Congrats! You have now installed  Zend Optimizer v3.3.3.  If

you have a php test page, this will also now show;

Zend Optimizer v3.3.3, Copyright (c) 1998-2007, by Zend Technologies