Beiträge von ñull

I found the solution. With pre-existing $1$ type of hashes, the presently used label {MD5-CRYPT}, that is put there by LC's SOAP API, is not correct. The right label to use here is {CRYPT}. I just tried changing the MD5-CRYPT to CRYPT and then it would authenticate correctly. Please correct this bug!

Apparently since Ubuntu 12.04LTS postgrey service now exclusively listens to ipv6 and this needs to be corrected in the postfix settings. See this post. This manifested as failing local mail delivery logged as:

Zitat

Jan 11 22:00:03 rhodavm100 postfix/smtpd[5944]: warning: connect to 127.0.0.1:10023: Connection refused
Jan 11 22:00:03 rhodavm100 postfix/smtpd[5944]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Jan 11 22:00:04 rhodavm100 postfix/smtpd[5944]: warning: connect to 127.0.0.1:10023: Connection refused
Jan 11 22:00:04 rhodavm100 postfix/smtpd[5944]: warning: problem talking to server 127.0.0.1:10023: Connection refused
Jan 11 22:00:04 rhodavm100 postfix/smtpd[5944]: NOQUEUE: reject: RCPT from srv1.nubelo.com[178.33.160.130]: 451 4.3.5 Server configuration problem; from=<info@nubelo.com> to=<myaddress@mydomain.como> proto=ESMTP helo=<srv1.nubelo.com>

Alles anzeigen

After changing the following line in /etc/postfix/main.cf, local mail delivery was recovered:

Zitat

greylist = check_policy_service inet:::1:10023

After that I changed /usr/lib/liveconfig/lua/postfix.lua :

Zitat

if LC.distribution.family == "Debian" then
fh:write("greylist = check_policy_service inet:::1:10023\n")

In LUA I don't see distinction is made between Debian and Ubuntu. Since I don't use Debian, I cannot tell if the same setting would work there. Is so, please correct the LUA script like indicated in your next release.

It seems that existing mailbox MD5 ends up nicely in /etc/dovecot/passwd. Problem is that authentication fails. It just seems that dovecot refuses to authenticate with that scheme, so I tried to add plain-md5 to the configuration, but it does not recognise it either:

dovecot: auth: Fatal: Unknown authentication mechanism 'plain-md5'

Could this be a distribution issue? May be the Ubuntu version does not support it any more?

I think of the case where you want to use ssl certificates for privacy and for economical reasons you want to use only one certificate for all installed apps, you don't want to spend big money on a wildcard certificate and you don't want visitor confronted with SSL security warning screens, then the only reasonable option left is to access the apps through a path alias instead of (sub)domains.

Jan 10 23:10:38 myhostname postfix/smtpd[13079]: connect from myisp.domain.com[myipaddress]
Jan 10 23:10:39 myhostname postfix/smtpd[13079]: warning: TLS library problem: 13079:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42:
Jan 10 23:10:39 myhostname postfix/smtpd[13079]: lost connection after STARTTLS from myisp.domain.com[myipaddress]
Jan 10 23:10:39 myhostname postfix/smtpd[13079]: disconnect from myisp.domain.com[myipaddress]

which basically makes secure smtp impossible.

Then I read in http://linuxlasse.net/linux/howtos/Postfix_with_TLS:

If I copy the CA certificate to the store of tls files it is working as inteded. I am not sure why, but it is working.
The location could differ from your setup.


#cp ca.crt /etc/postfix/tls


And restart postfix


#/etc/init.d/postfix restart


Note if you enable TLS, and are sending through and relay server which does not support TLS, outbound connections will ofcourse not be encryptet.

Where can I find the certificates to try this?

Would like to limit access to SOAP. Would it be possible that it listens to a different port than the web frontend. When they share the SSL port, I cannot restrict access by firewall, which makes the SOAP password the only security.

With my previous control panel I could configure it to limit access to clients that have a client certificate installed. Would you please consider adding this feature to LiveConfig? The simplest is to check presence of a client certificate signed by CA (official or selfsigned in the bundle). Extended feature could be to include authenticating through certain certificate fields, for instance the email or serial number field, which makes it possible to identify the client before log-in.

Among the configuration I am thinking of are:

• WEB Dav configuration
• Client certificate authentication for SSL sites

In stead of adding these features one by one, another way would be when system administrators in some form or another could manipulate the text of the configuration directly. Or better still, allowing the system admin to add these functions through LUA. You have already in PHP the possiblity to add custom configuration. Would be nice when something similar were possible in Apache (or other web servers too).

Zitat von bfal

... jetzt weiß ich welche Vorteile ein Control Panel in PHP hat.....solche Grenzen konnte man meist selbst schnell anpassen

Das LC in C geschrieben ist finde ich weniger problematisch. Das sind eher Vorteile von Open source, who man selber etwas verändern kann.

Scheint mir eine gute Idee!

I discovered that by simply adding a subdomain, I can add A records for ns1.domain.com for instance, but the IP address is always (one) of the server LC server(s). How can I add a ns2 A record for and external DNS, with different IP address ?

I can change the zone file manually, but this change is lost when LC overwrites it.

Zitat von bady

Rundmails sollen erst in der nächsten Version (1.7.1) kommen.

Kann man noch nicht im Roadmap zurückfinden, ist aber sicherlich noch Aktuell. Sehe u.A. diese Beiträge

Subscriptions get created correctly now when the 'customer' parameter is included in token and 'auth'

Apparently you have to add the 'customer' parameter to the SOAP token and 'auth'. Then it allows adding domains. Not very clear in the documentation though where the permissions of 'admin' stop. Apparently there is no 'root' like superuser in LiveConfig.

Ich würde gern wissen ob spf Unterstützung geplant ist?

[indent]As admin SOAP user I can apparently not add new accounts under a reseller. Setting the resalecontract to the resellers subscription name still creates the client under admin not under the reseller. In the frontend when logged in as reseller the client only appears under the reseller, not under admin. So apparently I have to do the API call as the the reseller user. That this would be possible and may be desirable can be guessed from: [/indent]

Zitat

Zu jedem Benutzer in LiveConfig kann neben dem „normalen“ Passwort ein davon unabhängiges SOAP-Passwort hinterlegt werden (siehe auch Abschnitt 2.7, „ Passwort-Initialisierung “.

[indent] It is not explained how to set it for other users than admin. How do you do that? And will it automatically enable the SOAP API permission for that user?[/indent] [indent]Or should it still be possible to do this all as SOAP user admin? Up to now all attempts to create an account under a reseller have failed. To temporary migrate I could create them all as clients under admin, which I have seen working, but will there be or is there a feature to then move the clients to a reseller? [/indent]

A reseller based on a hosting plan with resaleable not set, is allowed to create reseller hosting plans. Apparently the resaleable setting is ignored.

The following parameters are sent (straight from my debugger): par

array[7] :
[subscriptionname] "somename" string
[password] "some password" string
[customerid] "cH4lr.FWBgyS" string
[plan] "migrate_reseller" string
[webserver] "localhost" string
[mailserver] "localhost" string
[dbserver] "localhost" string

The actual subscription is added without error message, but in a state that it is not recognised as valid or existing; it does not allow adding domains, not in the frontend nor via SOAP API. In the front end the subscription appears in the subscription box but it does not when I try to create a domain account. I 'm stuck with my migration script with this bug. Time (= money) is ticking. I am a bit desperate now.

Apparently I have to create the reseller accounts manually, because API apparently fails. When I create a reseller plan manually in the front-end then I notice that you cannot add domains to this account, nor databases nor email (just like admin account would allow under itself) within the limits of its account. So apparently to add to a reseller domains, you need to create clients under it with own hosting plan.

Is there a way to easily migrate accounts from one LC server to another? There are fewer domains to move but still the same I would appreciate some hints to do it easier. Note that both are master servers.

Yes I forgot about the regexp column. Thanks for reminding me. Still the same in the frontend some instruction is needed too.

What are valid login values? There is nothing documented. Also are password beginning with $1$ treated like MD5 hashes, like in other API calls?