Panache and Peril with Plesk
With this new dedicated server, I chose Plesk as a control panel solely because I hated it less than Ensim or cPanel. Normally I'd do all the installation, configuration, and tweaking of a server myself, but I just don't have time for that anymore. The biggest problem I have with control panels is that they make it very hard to do manual configs the normal Linux way: changes either get overwritten or ignored. Plesk is a little easier to live with in this regard; what follows are my last mile tweaks.
While Plesk allows you to create a chrooted FTP user for a domain, it doesn't have a front end for adding another, much less one constrained a particular subdirectory of that domain. Plesk's configuration of ProFTPD chroots any user with a group of psacln. Via the shell, just useradd a new user with the desired home directory, use /bin/false for the shell so they can't SSH in, and add them to group psacln. You'll also need to make sure that the httpdocs directory is 751, not the default 750.
Plesk charges $49.00 to provide a GUI for SpamAssassin configuration. While I didn't save any money doing this myself, maybe you will: here's how to get SpamAssassin going with Plesk's qmail implementation. If you have the Plesk SpamAssassin RPM installed (usually available in /root/swsoft), it provides a spammng command line utility for tweaking the SpamAssassin configuration. This utility appears to work without checking your license information: you can run /etc/init.d/spamassassin stop than spammng -c -C start. This restarts the spamd daemon with the proper command line flags for Plesk's qmail install.
Going a bit further, try spammng -c -C -e --mailname "morbus@disobey.com" start: this will enable SpamAssassin for the specified mailbox by editing the .qmail file in the relevant directory. For my install, this was /var/qmail/mailnames/disobey.com/morbus. With these two bits of information, we can combine Plesk's qmail with the default SpamAssassin installation without spending any cash. I have not yet figured out how to do this server wide (every incoming piece of mail is processed) or domain wide (every mail for a specific domain is processed). You?
In the .qmail file, Plesk writes the following:
| /usr/local/psa/bin/psa-spamc accept
| true
./Maildir/
psa-spamc is a shell wrapper around the SpamAssassin spamc utility and allows one argument: whether to "accept"/deliver mail that is flagged as spam based on the /etc/mail/spamassassin/ configuration, or whether to "reject" it. It'd be nice to have some granularity to say "reject everything over score 10", but eh, not a biggie.
The last thing is to reteach the /etc/init.d/spamassassin startup script. Since we haven't paid Plesk to fiddle with SpamAssassin, we have to teach our default install how to interact with Plesk's qmail without their help. If you've started the spamd daemon from Plesk's spammng, run the following to capture the startup configuration: ps auwx | grep spamd. You'll get something along the lines of:
/usr/bin/spamd --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail --max-children 5 --create-prefs --virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --pidfile=/var/run/spamd/spamd_full.pid --socketpath=/tmp/spamd_full.sock
Open up /etc/sysconfig/spamassassin and make it look like:
SPAMDOPTIONS="-d -c -m5 -H /var/qmail --username=popuser --nouser-config
--virtual-config-dir=/var/qmail/mailnames/%d/%l/.spamassassin --socketpath=/tmp/spamd_full.sock"
SPAMD_PID=/var/run/spamd/spamd_full.pid
SPAMDOPTIONS is one line. Restart spamd with /etc/init.d/spamassassin restart and check Plesk's qmail log at /usr/local/psa/var/log/maillog. If everything goes right, you should be able to send yourself a piece of mail and notice two things: spamd will process each incoming message and report the results and a .spamassassin directory will show up in the right domain and user directory under /var/qmail/mailnames/. Done.
Plesk's licensing is annoying in other ways: I can only use 30 domains within my current install. Thankfully, domain aliases don't count against this limitation and, with Drupal's multisite capabilities, I can run any amount of domains on one code base with multiple databases. Unfortunately, this is a problem when it comes to logfiles and analysis: I'm not entirely sure if Apache's ServerAlias is considered %v for split-logfile. Needs more testing before I can fully implement domain aliases.
- 4422 reads
Sounds to me like plesk (or any of the web based server admin tools) adds a whole layer of complexity and constraints. Why use it?
As mentioned, I just don't have the time to do server configs from scratch anymore. My previous dedicated server sat for four months unused because I just didn't have the time to get things working 100% the way I wanted them to. With Plesk, it took about two weeks to get things working and/or worked around. Ultimately, I decided that wasting money whilst being a purist cost too much compared to hating a control panel but actually getting something done.
Your right in that regards, that is why I use gentoo as my control panel.
What version of Plesk does this post refer to?
8.1.
I am just testing a new install of Drupal to see if we like the setup from the host and they use Plesk. But, I am having permission issues. What are your recommendations in the Plesk/Linux environment to allow Drupal to do what it needs to do while keeping Plesk happy. Any comments would be helpful as I know the systems can be set up a million different ways. My experience thus far is the setup for permissions in the vhosts directories.
I've had no problems getting Drupal and Plesk to play nicely together - in fact, I didn't even need to consider it or act upon it. What sort of permissions problems are you having? Is it related to the files directory or something else? The files directory just needs to be 755 (if it's owned by just apache) or 775 (if it's owned by apache and in the group psacln, which would allow your SSH or FTP owner accounts access to it).
Essentially, what I have done is setup the vhosts (the domain and two subdomains) via Plesk 8.1.1 and then moved three separate Drupal installs to those locations. The setup procedure went fine, the installs worked (they are all separate for a production and two separate development installs) but when I turned on any custom themes, I received a "operation not permitted" from PHP when any of the PHP calls (primarily include() in page.tpl.php for several custom layouts) are made.
I hadn't considered what the permissions would be set as, so, I am just trying to work those out as I am sure this is simply a permission problem - but haven't had any PHP issues prior to this installation environment. It may be a little out of what you've experienced but, again, any pointers are cool as I am a bit lost at the moment.
I suspect this is Plesk's default open_basedir limitation for PHP. You'll want to read up on it. But, for me, I created ~/conf/vhosts.conf (a special file that Plesk's Apache configuration will read) with the following contents. You'll need to restart Apache after you make these changes (and, of course, use your own website path and not disobey.com):
<Directory /var/www/vhosts/disobey.com/httpdocs>
php_admin_flag engine on
php_admin_value open_basedir none
</Directory>
Alternatively, this could be caused by "." not being in your PHP's include_path. If you're using include('file.php'), try include('./file.php') instead, or modify your PHP configuration to include "." (mine is currently set for include_path = ".:/usr/share/pear"). You'll need to restart Apache if you modify the php.ini file.
10x for the article, i am in exactly the same case (have plesk without spamassasin gui) and without much decent spamassasin documenation i was kinda lost.
Thank you for this tutorial! I've read up on just about every bayesian spam filter available on linux's server-side and I think I finally found my solution. That would be thanks to you. I have a dedicated server with Plesk installed and as it's unmanaged, I have to teach myself all this stuff. I still haven't heard a *pop*, so my head must still be firmly up my bum. :O((
Anyhoo - I had two questions... Why do I need to do this? "You'll also need to make sure that the httpdocs directory is 751, not the default 750." Is that in general with Plesk or because you're adding users in the beginning of that paragraph?
Why do you hate Ensim? I see that SWSoft bought them... so I'm guessing it will become Plesk Lite in the near future?
I have Plesk v8.2.1 and here's what happened after the first command:
"# /etc/init.d/spamassassin stop
-bash: /etc/init.d/spamassassin: Permission denied"
And the second:
"# spammng -c -C start
-bash: spammng: command not found"
Any recommendations?
Hello Ansel,
check that /etc/init.d/spamassassin is 755, change it if needed with chmod. Check that you are root, too, or that you use sudo if you are working from a non priviledged unix account.
for spammng, add /usr/local/psa/admin/bin and/or /usr/local/psa/admin/sbin to your PATH variable.
Kalou
Thanks for this. It worked marvellously for me on Plesk 8.2.1.
Regarding being able to do more than just accept or reject, see
http://rackerhacker.com/2007/11/27/sort-e-mail-in-plesk-with-procmail/
That simply shows moving spam directly into a Junk folder, but I'm sure you could tweak it to direct spam you're really sure about to /dev/null or whatever.
Hi there, i'm using debian, so, there's no /etc/sysconfig directory, what do these files? is any equivalent file on debian?
Great tutorial dude,
regards.
Post new comment