• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Upgrade proof qmail enhancements possible?

G

greyman56

Guest
Hi All,

I am new here and to Plesk. We are evaluating it as a possible solution to our hosting needs and have been scanning the archives but have not found the answer I seek.

I would like to add extra facilities into the qmail delivery chain in a way that will not be overwritten by control panel changes or plesk upgrades if this is possible.

The items I want to add are in the /etc/xinetd.d/smtp_psa file "server_args" line. If I insert another program into this line in this file, will it removed when the control panel (say) removes rbl from the front of the line?

Are these parameters held anywhere else so they can be regenerated by the panel?

And what would happen when an upgrade is performed to the plesk PSA?

I would also like to add extra processing in the users .qmail file. Is this possible and if so, where would this be done?

In each .qmail file or is there somewhere that determines what is in the .qmail file by default?

Thanks
Graham Miller
 
Hi Graham,

The smtp_psa will be overwritten every time you upgrade Plesk or change maps settings I'm afraid (or most of the time anyway)

I'm not sure about the .qmail files - I suspect they will be OK because I found all sorts of silly things in mine from previous installations of various 3rd party applications even after many Plesk upgrades. But I don't know how you'd change the default contents.

I'm not sure how you would get around the main smtp_psa problem but I suspect a hook into the Plesk API might be the best option, or a cron job that checks things, or something to check for changes in the file at any rate.

Personally I'd just keep a backup copy of my modified smtp_psa and copy it back over every time I did an upgrade/update if any changes had been made by the upgrade/update.

Obviously you can't do this for .qmail for each user but like I say I suspect they will be ok as far as upgrades are concerned - just don't assume I'm correct - I could be totally wrong - as long as you can get the content you want in them.

Hopefully someone with more knowledge will pipe up and let you know the details.
 
I've never had my smtp_psa and smtps_psa files overwritten actually. Plesk generates the .qmail files from the data in its database AFAIK (also on demand when running mchk -v), messing with these files might be tricky.

Just curious: what exactly are you planning to do?
 
Thanks Faris and Breun.

Seems that you both disagree on the smtp_psa file so I guess it probably just inserts the rblsmtpd parts at the front of the command chain (which is its correct place) and removes it at will. If this is so, then I will be able to insert a greylisting program between the rbl and smtp.

As for .qmail files, it seems that I will have to play with data in the DB perhaps.

To describe what I want to do I need to put some history in here. We are coming from our own dedicated servers with no control panel at all. Straight CentOS4 with all the tasks performed manually by remote shell commands and shell scripts. While this has done us to date, it relies heavily on our only technical resource (yours truly) to do everything from changing email passwords to adding / deleting accounts and domains etc etc etc. This is obviously becoming inefficient so we need to get a control panel environment.

Our existing setup is 1 x dedicated qmail based mail server, 1 x general web server with mysql, 1 x dedicated web server, and 1 x dedicated mysql/pgsql server. They are all P4-3GHz / 2GB ram machines with raid 1. These are lightly loaded for maximum performance.

As we also want to reduce our costs a bit, it seems that the best will be to put all our small domains on one server with mail, web, and DB all managed by PSA so we can easily get traffic stats and control the domain or customer from one panel. And then the customer can also do some of their own control too. This will reduce our overall box rental by one.

We are still considering what to do with the power users on the dedicated web server. Having a separate DB server has its advantages from a degradation under load point of view.

So back to the mail issue.....
The mail server is using vmailmgr for its virtual domain mailbox handling. All incoming mail goes through the following chain to arrive at the user's mailbox or be redirected elsewhere:

smtp.cdb(whitelist) -> rblsmtpd -> greylistd -> validmailboxcheck -> queue -> .qmail-default (QMVC -> clamav -> vdeliver)

The vmailmgr system uses a single linux user account per vdomain. It thus uses a .qmail-default file that allows us to place things in the delivery chain for each domain. Currently we use QMVC which does some structure checks and calls clamav, followed by the vdeliver which then handles the local mailbox delivery or re-queues the message for re-delivery elsewhere.

I understand that plesk uses the qmail "users" mechanism to handle the virtual domain mailboxes, so this changes our local delivery options somewhat. But we want to understand how the delivery chain works in Plesk so we can attempt to replicate the services we have offered our customers as best as possible.

We also try our best to reject most errors at smtp conversation time rather than receive them then send bounces after queue processing. This reduces server load and eliminates much of the unneeded bounces that many now consider to be spam. Because it seems that we are best to handle the email on the same server that handles the web server and rest of the domain, it would be even more important to reduce the processing load when the server gets hit with large amounts of spam (which we have had in the past and not really felt any pain from at all).

If anyone has some comments to make about ways of achieving our goals in a PSA environment, I would be very happy to hear them.

Thanks
Graham
 
If you want greylisting just head over to atomicrocketturtle.com and install qgreylist from the atomic yum channel. We use qmail-scanner from the same repository so we can integrate the latest ClamAV and SpamAssassin with Plesk's qmail setup. And all this without editing any of Plesk's files manually.
 
Graham,

breun knows about a million times more than me so you should assume he's right and I'm wrong when we disagree.

His suggestion of using greylist and qmail-scanner from atomicrocketturtle.com are excellent.

But if you want to spend a little more money to reduce your hassles, there are two products to consider:

1) 4psa.com Clean Server. This adds per-user anti-virus and global malformed email deltion for emails. It has completely killed off the problem we used to have in the past of incorrectly formatted emails causing problems for users using certain email clients and certain AV packages.

2) 4psa.com spamguardian. This adds per user anti-spam facilities using spamassassin and you can add dcc and other bits and bobs.

Adding qgreylist to the above is highly recommended BUT be aware that it will affect any users using your server to send email via smtp.

The solution to this is to create, for example, smtp_587 in xinetd.d and have it run on port 587 with no greylisting (and no maps if necessary) and have users witch to using port 587 instead of 25 for sending email.

Alternatively you can compile your own qmail bits to add greylisting and when using this method there's no issue with users using the server to send emails via smtp. Comprehensive instructions can be found on this forum if you search for "greylist".


Faris.
 
I'd say Faris is pretty up2date on this topic as well. :)

If you don't spending some money on add-ons those 4PSA products are probably fine, plus they come with a GUI in Plesk. I like doing everything through SSH, so I don't really care for GUIs, but your clients/users might.
 
Thanks guys for your helpful suggestions. Like Breun, I also am very comfortable in SSH so I will probably just build the thing manually so that I fully understand what is going on. We have used clamav for several years now and I do not remember anyone reporting a single virus since it went in.... so we are happy with this one and we know how to look after it for updates etc.

I have a test plesk 8.1 server now so I can play and find out how it behaves for myself.

There seems to be two alternatives for the clamav install. The ART rpm which uses the perl wrapper around the qmail queue, or the qscanq wrapper. Personally I think the qscanq approach might be better but I think I will try both and see which feels best.

Perhaps a post back here once I am done.

Cheers
Graham
 
ART's package is qmail-scanner, especially modded for use on Plesk servers. I know qmail-scanner is pretty widely in use and easy to install (just add the yum repository and run 'yum install qmail-scanner'). If you have any questions please do visit ART's forum. Qscanq might be a bit more work to install (and keep going after Plesk upgrades? I don't know.).

By the way, Plesk's own antivirus solution (Dr. Web) also uses a Perl wrapper around qmail, although I'd choose ClamAV over Dr. Web any day.
 
You must log in or register to reply here.

Similar threads

davidds64
Question How to upgrade MariaDB to latest version with Plesk Obsidian on Alma Linux 9
Replies
5
Views
3K
davidds64
davidds64
dash
  • Sticky
Question Try our new tool to upgrade your old MariaDB server from Plesk UI
2 3 4
Replies
70
Views
27K
wakabayashi
wakabayashi
Matt N
Resolved 18.0.40 upgrade killed postfix, now no mail
Replies
8
Views
3K
Matt N
Matt N
AbramS
Input Spamhaus (e)DROP Script for iptables
Replies
5
Views
3K
rodroot
R
G
Resolved Plesk with 404 not found after upgrading to Mariadb 10.5
Replies
3
Views
3K
GhaithJ
G
Back
Top