Increasing the size of your Westhost mailbox

Westhost limit the size of your mailbox to 20MB, which is a bit puny these days. However, the reason that they do this is that they keep all your mail in a single file, so every time you check your email, you have to read the whole file starting from the top. This places a large load on the server if you have a huge file.

You can override this by manually editing the file /etc/features. This file contains lines of the form
username:mail=20,ftp=-1,description=Account details
Just change the mail=20 as you see fit to specify the size of your mailbox in Megabytes (MB), so for 60MB you would have
username:mail=60,ftp=-1,description=Account details

NOTE: Westhost will automatically archive and delete mailboxes over 75MB as described below

Large Mailboxes


Your mailbox on the server is a single text file containing all of your e-mail, using the industry standard “mbox” format. Anytime you log into the incoming mail server to check your e-mail the mail server needs to read this file so your e-mail client (e.g. Outlook, Eudora, Thunderbird) can determine whether or not there is any new e-mail to download.

As the size of your mailbox increases, it takes more and more time to read that file when you check your e-mail. Large mailboxes keep the server busy for extended periods of time, needlessly degrading server performance for everything else. This translates into sluggish websites, delayed e-mail, and general unresponsiveness.

Archiving Large Mailboxes

In order to keep server performance high, we perform scans every other month and archive mailboxes that are larger than 75 megabytes. Archived mailboxes are compressed using the GNU ‘gzip’ program and are only kept until the next scan (at which point old archives will be automatically removed). If you ever need to have your archived e-mail restored please contact support for assistance.

Clearing Out a Large Mailbox

To clear out a large mailbox you will need to delete old e-mail. The easiest way to see what e-mail is being stored on the server is by checking your e-mail by logging in at From here you will be able to selectively delete any e-mail you no longer wish to keep. Deleting an e-mail off of the server will not effect any copies of a message you have already downloaded to your computer through your e-mail client.

Preventing Large Mailboxes

The best way that you can prevent your mailbox from growing too large is to configure your e-mail client to automatically remove e-mail from the server as it is downloaded. Nearly every e-mail client does this by default for you, unless you have specifically configured it not to. If needed, you can consult the help files for your particular e-mail client to learn how to change this setting.

We also strongly suggest only using a catch-all e-mail address when absolutely necessary. Spammers will try to guess e-mail addresses using your domain name. When you have a catch-all e-mail address they will always be guessing correctly, thus greatly increasing the amount of e-mail delivered to your mailbox. If you need to receive e-mail by a variety of names (e.g.,, etc.) we advise you either use e-mail aliases or to setup separate mailboxes for each address. You can make all of these changes by logging into your Control Panel (Site Manager) at (make sure to replace with your actual domain name) and clicking on E-mail / FTP Management on the top horizontal navigational bar.

Verifying a signed download

Some files have been signed by their author to prove that nobody else has tampered with them. This is particularly true of source code or appllications you have downloaded off the web.

For example the antivirus package clamav can be downloaded from Sourceforge. There will be two files for you to download clamav-x.x.x.tar.gz and clamav-x.x.x.tar.gz.sig. The first file is the source code in a compressed format and the second is the signature for the format. In order to verify the signature, you will need GnuPG or PGP installed on the computer you are going to download the file to. I have given details of how to compile GnuPG elsewhere in this blog.

In order to verify the signature, we use the command gpg –verify clamav-x.x.x.tar.gz.sig

[mylogin][~]$ gpg –verify clamav-x.x.x.tar.gz.sig
gpg: keyring `/home/mylogin/.gnupg/secring.gpg’ created
gpg: keyring `/home/mylogin/.gnupg/pubring.gpg’ created
gpg: Signature made Mon Mar 13 17:44:03 2006 MST using DSA key ID 985A444B
gpg: Can’t check signature: public key not found

The trouble is that we do not have yet the public key for the person who signed the file. We can get this from a public keyserver such as or You will need the key ID printed in the penultimate (last but one) line above. In this case 985A444B.

We should be able to use the command gpg –keyserver –recv-keys 0x985A444B to retrieve the key automatically, but get the error
[mylogin][~]$ gpg –keyserver –recv-keys 0x985A444B
gpg: requesting key 985A444B from hkp server
/usr/mylocal/libexec/gnupg/gpgkeys_hkp: error while loading shared libraries: cannot open shared object file: No such file or directory
gpg: no handler for keyserver scheme `hkp’
gpg: keyserver receive failed: keyserver error

So we downloaded the public key from instead and saved it to the file clamav.key. NOTE: In order to lookup the public key, you will need to add ’0x’ (zero x) to the front of the key ID, so 985A444B becomes 0x985A444B. The public key can be a large file, so copy and paste it rather than trying to type it.
[mylogin][~]$ gpg –import clamav.key
gpg: key 985A444B: public key “Tomasz Kojm ” imported
gpg: Total number processed: 1
gpg: imported: 1
gpg: no ultimately trusted keys found

Once we have added the key to our public keyring, we can verify the signature
[mylogin][~]$ gpg –verify clamav-0.90RC1.1.tar.gz.sig
gpg: Signature made Mon Oct 16 02:56:15 2006 MDT using DSA key ID 985A444B
gpg: Good signature from “Tomasz Kojm
gpg: aka “Tomasz Kojm
gpg: aka “Tomasz Kojm
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 0DCA 5A08 407D 5288 279D B434 5482 2DC8 985A 444B

Note that we still do not trust this key – we have just proven that the downloaded file has not been tampered with.

Sending and Receiving EMail

Most of the time this is a painless task. You just set up your email client and hit the Send/Receive button and away you go. But what happens when things go wrong? How do you troubleshoot the problem? Our Knight in shining armour is telnet. You can use this program to manually perform the sequence of commands as shown below.

telnet 25

A typical conversation goes something like this (your entry in bold)

Sending Email

telnet 25
220 ESMTP Sendmail 8.11.6/8.11.6; Thu, 26 Oct 2006 11:18:07 -0600
250 Hello [], pleased to meet you
MAIL FROM: test@
250 2.1.0 test@ Sender ok
250 2.1.5… Recipient ok
354 Enter mail, end with “.” on a line by itself
Date: Sun,17 Aug 1997 18:48:15 +0200
From: Me <>
To: “” <>
Subject: This is a test message

This is the message body

250 2.0.0 k9QHLHX00862 Message accepted for delivery
221 2.0.0 closing connection

Connection to host lost.

If your server supports ESMTP, it is also possible to start the conversation with EHLO instead of HELO. ESMTP allows for delivery status notifications and multiple attachment encodings

220 ESMTP Sendmail 8.11.6/8.11.6; Thu, 26 Oct 2006 16:11:25 -0600
EHLO Hello [], pleased to meet you
250 HELP

Receiving EMail

A typical POP3 (receiving) conversation is

telnet 110
+OK AVG POP3 Proxy Server <> 7.1.400/7.1.408 [268.13.11/494]
USER validuser
+OK Password required for validuser
PASS xxxxxxxx
+OK validuser has 10 visible messages (0 hidden) in 1275592 octets.
+OK 10 1275592
+OK 10 visible messages (1275592 octets)
1 20018
2 19726
9 18883
10 519
+OK 519 octets
Return-Path: <test>test@
Received: from ([])
by (8.11.6/8.11.6) with SMTP id k9QHLHX00862
for; Thu, 26 Oct 2006 11:21:48 -0600
Message-Id: <>
X-Envelope-From: test@
X-Protocol: SMTP
Date: Sun,17 Aug 1997 18:48:15 +0200
From: Me <>
To: “” <>
Subject: This is a test message
X-UIDL: O*5!!PS:”!7Jk”!~+=”!
X-Antivirus: AVG for E-mail 7.1.408 [268.13.11/494]
Mime-Version: 1.0
Content-Type: text/plain

This is the message body

No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.408 / Virus Database: 268.13.11/494 – Release Date: 24/10/2006

+OK Pop server at signing off.

Connection to host lost.

You can see how easy it is for spammers to send fake or phishing emails – the only genuine piece of information in this header is my IP Address, which I have blanked out []

Other Tests

The other thing to do is to go to and fill out the DNS Lookup for the MX records of your domain in the top right box

Installing GnuPG-1.4.5

Step 1 – Download source

The first thing we need to do is download the source file from GnuPG.  I like to download the files directly to my server rather than downloading them to my PC and then uploading them to my server, so lets use a SSH session.  There are plenty of SSH Clients available, but PuTTY is available for free and does the job.  Instructions for configuring PuTTY for Westhost are available here.  Once you have logged in, create a directory to download your files to (for example, apps/dl) using the mkdir
[mylogin][~]$mkdir apps
[mylogin][~]$mkdir apps/dl

The files we need are only available via FTP from GnuPG.  If you clicked on the link to their site above, you will have found the latest version – at the time of writing this is 1.4.5.  Hover your mouse over the FTP link and you will find that the file we want to download is located at, that is to say the file gnupg-1.4.5.tar.bz2 is located on the server called in the directory gcrypt/gnupg Follow the example below to download your own copy (user input is in bold).  It is good practice to download the signature file gnupg-1.4.5.tar.bz2.sig as well. 

If you prefer, you can download the gzipped file gnupg-1.4.5.tar.gz instead of  You do not need both sets, although I download them in the example below.  GZip is just an older piece of software.  The command to extract the files would be gunzip instead of bunzip2

User Input System Output
cd apps/dl [mylogin][~/apps/dl]$
ftp ftp>
open Connected to
220 Service ready for new user.
Name (
anonymous 331 Send e-mail address as password.
anon@ 230 User logged in, proceed.
Remote system type is UNIX.
cd gcrypt/gnupg 250-The program GnuPG hosted here is a free software package
250-of the GNU Project, not a product of the GUUG e.V.  We call it
250-”Free Software” because you are free to copy and redistribute them,
250-following the rules stated in the license of the package.  For more
250-information, see
250-If you are looking for service or support for GNU software, see
250- for suggestions of where to ask.
250-If you would like to contribute to the development of one of these
250-packages, contact the package maintainer or the bug-reporting address
250-of the package (which should be listed in the package itself), or look
250-on for more information on how to contribute.
250-More information on GnuPG can be found at .
250 Directory change successful.
dir 200 Command okay.
150 About to send file list.
total 0
-rw-rw-r– 1 1000 1000 786 May 1 2003 README
-rw-rw-r– 1 1000 1000 796 Sep 24 2002 README~
-rw-rw-r– 1 1000 1000 107191 Sep 3 1999 gnupg-0.9.10-0.9.11.diff.gz
-rw-rw-r– 1 1000 1000 143753 Sep 7 1999 gnupg-0.9.11-1.0.0.diff.gz
-rw-r–r– 1 1000 1000 118281 Aug 1 13:34 gnupg-1.4.4-1.4.5.diff.bz2
-rw-r–r– 1 1000 1000 3047120 Jun 25 15:22 gnupg-1.4.4.tar.bz2
-rw-r–r– 1 1000 1000 158 Jun 25 15:22 gnupg-1.4.4.tar.bz2.sig
-rw-r–r– 1 1000 1000 4272825 Jun 25 15:22 gnupg-1.4.4.tar.gz
-rw-r–r– 1 1000 1000 158 Jun 25 15:22 gnupg-1.4.4.tar.gz.sig
-rw-r–r– 1 1000 1000 3089617 Aug 1 13:34 gnupg-1.4.5.tar.bz2
-rw-r–r– 1 1000 1000 158 Aug 1 13:34 gnupg-1.4.5.tar.bz2.sig
-rw-r–r– 1 1000 1000 4348833 Aug 1 13:33 gnupg-1.4.5.tar.gz
-rw-r–r– 1 1000 1000 158 Aug 1 13:33 gnupg-1.4.5.tar.gz.sig
drwxrwsr-x 2 1000 1000 4096 Sep 24 2002 nls-updates
226 Transfer complete.
type image 200 Command okay.
passive Passive mode on.
If you get the reply passive mode off, then type the command passive again.
get gnupg-1.4.5.tar.bz2 local: gnupg-1.4.5.tar.bz2 remote: gnupg-1.4.5.tar.bz2
227 Entering Passive Mode (217,69,76,44,163,131).
150 About to open data connection.
226 File transfer complete.
3089617 bytes received in 16.6 secs (1.8e+02 Kbytes/sec)
get gnupg-1.4.5.tar.bz2.sig local: gnupg-1.4.5.tar.bz2.sig remote: gnupg-1.4.5.tar.bz2.sig
227 Entering Passive Mode (217,69,76,44,163,131).
150 About to open data connection.
226 File transfer complete.
158 bytes received in 0.0126 secs (12 Kbytes/sec)
get gnupg-1.4.5.tar.gz local: gnupg-1.4.5.tar.gz remote: gnupg-1.4.5.tar.gz
227 Entering Passive Mode (217,69,76,44,161,185).
150 About to open data connection.
226 File transfer complete.
4348833 bytes received in 23.1 secs (1.8e+02 Kbytes/sec)
get gnupg-1.4.5.tar.gz.sig local: gnupg.gz.sig remote: gnupg-1.4.5.tar.gz.sig
227 Entering Passive Mode (217,69,76,44,161,238).
150 About to open data connection.
226 File transfer complete.
158 bytes received in 3.3e-05 secs (4.7e+03 Kbytes/sec)
!ls -l gnupg-1.4.5.tar* -rw-r–r– 1 mylogin myuser 3089617 Oct 30 04:45 gnupg-1.4.5.tar.bz2
-rw-r–r– 1 mylogin myuser 158 Oct 30 03:29 gnupg-1.4.5.tar.bz2.sig
-rw-r–r– 1 mylogin myuser 4348833 Oct 30 05:18 gnupg-1.4.5.tar.gz
-rw-r–r– 1 mylogin myuser 158 Oct 30 05:18 gnupg-1.4.5.tar.gz.sig
dir gnupg-1.4.5.tar* 227 Entering Passive Mode (217,69,76,44,162,76).
150 About to send file list.
total 0
-rw-r–r– 1 1000 1000 3089617 Aug 1 13:34 gnupg-1.4.5.tar.bz2
-rw-r–r– 1 1000 1000 158 Aug 1 13:34 gnupg-1.4.5.tar.bz2.sig
-rw-r–r– 1 1000 1000 4348833 Aug 1 13:33 gnupg-1.4.5.tar.gz
-rw-r–r– 1 1000 1000 158 Aug 1 13:33 gnupg-1.4.5.tar.gz.sig
226 Transfer complete.
quit 221 Service closing control connection.

Step 2 – Checking the download

Now that we have the source files on our server, we need to check that they have not been tampered with.  The simplest way is to issue the command bunzip2 -t gnupg-1.4.5.tar.bz2

[mylogin][~/apps/dl]$ bunzip2 -tv gnupg-1.4.5.tar.bz2
gnupg-1.4.5.tar.bz2: ok

However, this only checks that the archive is not corrupt.  You really need to check the file’s digital signature, but we don’t have any means to do that yet.  We can verify the checksum but GnuPG only publish the SHA1 checksum for the code and we do not have sha1sum installed on our server.  However, I can reveal ;) that the MD5sum is

811525965b4c0987e6418a7729a6444d gnupg-1.4.5.tar.bz2

If you save this text to the file gnupg-1.4.5.tar.bz2.md5, then enter md5sum -c gnupg-1.4.5.tar.bz2.md5 on the command line, you should get this response

[mylogin][~/apps/dl]$ md5sum -c gnupg-1.4.5.tar.bz2.md5
gnupg-1.4.5.tar.bz2: OK

If there was a problem with your download, you will get the following error message when testing the archive

bunzip2: gnupg-1.4.5.md5: data integrity (CRC) error in data

You can use the `bzip2recover’ program to attempt to recover
data from undamaged sections of corrupted files.

Step 3 – Other libraries

We need to download and install the libcurl, libiconv and gettext libraries before we can build GnuPG.  Also, since we do not have root access at Westhost, we need to tell all Linux packages to install to a different directory other than /usr/local.  We do this by specifying

./configure --prefix=/usr/mylocal
NOTE: Create the directory /usr/mylocal if it does not already exist

Library Command Download Location
libicurl wget
libicurl wget
libiconv wget
libiconv wget
gettext ftp
gettext ftp

libiconv and gettext depend on each other, so we need to build libiconv then gettext and the rebuild libiconv.

Build libcurl

bunzip2 -c curl-7.16.0.tar.bz2 | tar x
cd curl-7.16.0
./configure --prefix=/usr/mylocal
make install
cd ..

Build libiconv

gunzip -c libiconv-1.11.tar.gz | tar x
cd libiconv-1.11
./configure --prefix=/usr/mylocal
make install
cd ..

Build gettext

 cd pub/gnu/gettext
 mode image
 get gettext-0.16.tar.gz
 get gettext-0.16.tar.gz.sig
gunzip -c gettext-0.16.tar.gz |tar x
cd gettext-0.16
./configure --prefix=/usr/mylocal
make install

Rebuild libiconv

cd ../libiconv-1.11
make distclean
./configure --prefix=/usr/mylocal
make install
libtool --dry-run --finish /usr/mylocal/lib
libtool --finish /usr/mylocal/lib
cd ..

Step 4 – Creating the Executable

bunzip2 -c gnupg-1.4.5.tar.bz2 |tar x
cd gnupg-1.4.5
./configure --prefix=/usr/mylocal
make install

Once you have built GnuPG, you will need to create a few links as our directory is not in the PATH.

ln -s /usr/mylocal/bin/gpg /usr/local/bin/gpg

Alternatively, edit the PATH definition in /.bashrc to include /usr/mylocal/bin

You will also need to copy the configuration file
mkdir ~/.gnupg
cp -p /usr/mylocal/share/gnupg/options.skel ~/.gnupg/options

Installing xinetd

  • Download source from xinetd The current version is 2.3.14, so the command to download it is wget
  • Unzip the file using the command gunzip -c xinetd-2.3.14.tar.gz|tar x and change into the directory this creates (cd xinetd-2.3.14)
  • Configure it using the command ./configure –prefix=/usr/mylocal >log.config 2>err.config
  • Check err.config for any errors
  • Build the source code using the command make >log.make 2>err.make
  • Check err.make for errors
  • Install the package using the command make install >log.install 2>err.install
  • Check err.install for any errors
  • Now create the configuration file for the services you want to run using the command pico /etc/xinetd.conf. It should look something like this example:
    1. # Configuration file for xinetd
    2. #
    4. defaults
    5. {
    6.         instances               = 25
    7.         log_type                = FILE /var/log/xinetd
    8.         log_on_success  = HOST PID
    9.         log_on_failure = HOST
    10. }
    12. #service imapd
    13. #{
    14. #       socket_type             = stream
    15. #       wait                    = no
    16. #       user                    = vuser
    17. #       server                  = /usr/local/sbin/imapd
    18. #       log_on_failure += USERID
    19. #}
    21. #service imaps
    22. #{
    23. #       socket_type             = stream
    24. #       wait                    = no
    25. #       user                    = vuser
    26. #       server                  = /usr/local/sbin/imapd
    27. #       log_on_failure += USERID
    28. #}
    30. ## rsyncd can't run on 873/tcp because WestHost's own backup
    31. ## tools are running there.
    32. #service rsync-alt
    33. #{
    34. #       disable                 = no
    35. #       type                    = UNLISTED
    36. #       port                    = 8730
    37. #       socket_type             = stream
    38. #       wait                    = no
    39. #       user                    = vuser
    40. #       server                  = /usr/local/bin/rsync
    41. #       server_args             = --daemon
    42. #       log_on_failure += USERID
    43. #}

    Replace vuser with your user name

  • Test your installation of xinetd by typing /usr/mylocal/sbin/xinetd -d. Fix any errors. If there are none, then terminate the daemon using Control-X
  • Create the file /etc/rc.d/init.d/xinetd which will be used to start and stop the xinetd task using the command pico /etc/rc.d/init.d/xinetd
    1. #!/bin/bash
    2. #
    3. # Startup script for the xinetd server
    4. #
    5. # chkconfig: - 86 14
    6. # description: xinetd
    7. # processname: xinetd
    8. # pidfile: /var/run/
    9. # config: /etc/xinetd.conf
    11. # Source function library.
    12. . /etc/rc.d/init.d/functions
    14. xinetd=/usr/mylocal/sbin/xinetd
    15. prog=xinetd
    16. RETVAL=0
    18. start() {
    19.         echo -n $"Starting $prog: "
    20.         pidfile=/var/run/
    21.         pid=`cat $pidfile 2>/dev/null`
    22.         [ "$pid" ] && \
    23.                 [ "`find  /proc/${pid}/exe -printf '%l%U\n' 2>/dev/null |
    24. awk -F'/' '{print $NF}'`" != "xinetd`id -u`" ] && \
    25.                                 /bin/rm -f $pidfile
    26.         daemon $xinetd
    27.         RETVAL=$?
    28.         echo
    29.         [ $RETVAL = 0 ] && touch /var/lock/subsys/xinetd
    30.         return $RETVAL
    31. }
    32. stop() {
    33.         echo -n $"Stopping $prog: "
    34.         killproc $xinetd
    35.         RETVAL=$?
    36.         echo
    37.         if [ $RETVAL = 0 ] ; then
    38.                 rm -f /var/lock/subsys/xinetd /var/run/
    39.                 pid=`pidof -o $$ -o $PPID -o %PPID -x ${xinetd} || pidof -o $$ -o $PPID -o %PPID -x ${prog}`
    40.                 if [ "$pid" ] ; then
    41.                         killproc $xinetd
    42.                         RETVAL=$?
    43.                 fi
    44.         fi
    45. }
    46. reload() {
    47.         echo -n $"Reloading $prog: "
    48.         killproc $xinetd -HUP
    49.         RETVAL=$?
    50.         echo
    51. }
    53. # See how we were called.
    54. case "$1" in
    55.   start)
    56.         start
    57.         ;;
    58.   stop)
    59.         stop
    60.         ;;
    61.   status)
    62.         status $xinetd
    63.         RETVAL=$?
    64.         ;;
    65.   restart)
    66.         stop
    67.         start
    68.         ;;
    69.   condrestart)
    70.         if [ -f /var/run/ ] ; then
    71.                 stop
    72.                 start
    73.         fi
    74.         ;;
    75.   reload)
    76.         reload
    77.         ;;
    78.   *)
    79.         echo $"Usage: $prog
    80. {start|stop|restart|condrestart|reload|status}"
    81.         exit 1
    82. esac
    84. exit $RETVAL
  • Make this file executable by using chmod u+x /etc/rc.d/init.d/xinetd
  • Create the links Snnxinetd and Knnxinetd in /etc/rc.d/rc2.d so that xinetd will start and stop whenever you restart and shutdown your VPS. Choose suitable unique numbers for nn. Packages are started and stopped in ascending order. I chose nn=100.
    • ln -s /etc/rc.d/init.d/xinetd /etc/rc.d/rc2.d/S100xinetd
    • ln -s /etc/rc.d/init.d/xinetd /etc/rc.d/rc2.d/K100xinetd