After more then 3 years there is a new release of Postfixadmin, the webbased tool to allow you to maintain your postfix mailserver installation. It assist in the creation of mail adresses and aliases.

New is the all in one interface where the super user and the domain admin will work. In the 2.1.0 there was a subdirectory called admin which needed to be secured extra. It is now an all in one interface.

The new version still has the same problem as the old one in sending the SMTP commands to fast which will result in the error:

BD5DAF029E: reject: DATA from localhost[127.0.0.1]: 503 5.5.0 : Data command rejected: Improper use of SMTP command pipelining; from= to= proto=ESMTP helo=

This will easily be solved by again editing the ‘functions.inc.php‘. Open the file and find the function ‘smtp_mail‘. Change the following code:

fputs ($fh, "EHLO $smtp_server\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "MAIL FROM:<$from>\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “RCPT TO:<$to>\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “DATA\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “$data\r\n.\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “QUIT\r\n”);
$res = smtp_get_response($fh);
fclose ($fh);

into

fputs ($fh, "EHLO $smtp_server\r\n");
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, "MAIL FROM:<$from>\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “RCPT TO:<$to>\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “DATA\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “$data\r\n.\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “QUIT\r\n”);
$res = smtp_get_response($fh);
fclose ($fh);

Full instructions on how to upgrade your current 2.1.0 installation to 2.2.0 can be found here: Upgrading Postfix Admin 2.1.0 to 2.2.0

In the continuing endeavour of improving the quality of his software Sam Varshavchik has released an upgrade to the Courrier-auth daemon. This release has the following changes:

• Cleaned up authmysql module — allow punctuation in userids and passwords
• Dropped the unmaintained authvchkpw module

If you want to upgrade your installation please read my upgrade instructions for Courier-auth.

I’ve finished the documentation set for the DSpam installation on Leopard. There are some minor changes that would cause many problems between Tiger and Leopard. Most, if not all, of the changes are the result of the new user name creation and naming in Leopard. The last change is in the startup procedure, we are now using the lanchd system for DSpam as well.

• Compiling DSPAM on OS X Leopard
• Creating the MySQL database for DSPAM on Leopard
• Configuring DSPAM on Leopard
• Configure Postfix for the DSPAM content filter on Leopard
• Starting DSPAM on Leopard
• Training DSPAM with scripts

I got an email from the PHP announcement list that version 5.2.6 is released. I have tested it today on Tiger and Leopard and I can tell you everything works as far as I can tell.

Security Enhancements in PHP 5.2.6:

• Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
• Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
• Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
• Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
• Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
• Upgraded bundled PCRE to version 7.6

For all the changes in 5.2.6 read the ChangeLog.

We’ll the new server is proving it’s worth. As it is running Leopard I finally had a machine permanently available to test it out in the real world. So I’ve checked and double checked all the install instructions and they all work. Still to do is adding DSPAM and Maildrop but that won’t take that long. When that is done I’ll write some documents on upgrading!

• The basic mailserver on Leopard
• Building the Postfix mailserver on Leopard
• Building the Courier Auth library
• Building the Courier IMAP/POP3 server
• Setting up the database for mailserver administration
• Create the mailbox directories
• Configuring SASL for SMTP authentication
• Configuring Postfix for virtual domains using MySQL
• Configuring Courier-auth to use MySQL
• Configuring Courier IMAP with your maildir
• Starting your basic mailserver

The only problem I haven’t tackled yet is how to start postfix using the new launchctl plist files. I can’t get it to start properly. If someone can show me how it’s done I would greatly appreciate it.

Update: Allright, persistence has paid off. I’d kept googling and searching the Apple support pages and found the answer on how to start postfix using launchd. The documentation has been updated to reflect the new findings.

If you are reading this the page has been fed from the new server at macminicolo.net. I hope you like the new speed. Now this is finished and most of the design has been tweaked I now can spend some time on writing some more documentation again. I hope to get the Leopard specifics for the installation grouped into one place, the aim is to get this done before the end of May.

You all might have noticed the new sponsor banner on the new site for macminicolo.net on the right hand site and wondered why. The thing is I’ve decided to move my server from home to macminicolo.net to keep providing this website and service to the best of my abilities.

It’s not something I decided on a easily, I was always proud to be able to host all the sites with their respective email server from my home using my simple DSL connection. But lately the stability of my DSL connection has gone down. I’ve had two outages this year alone.

I used to have my DSL connection with a small reputable ISP which delivered great service. Whenever you needed assistance you could call the help-desk and someone who actually understood what you where talking about was able to help you and get you going again. But consolidation is the name of the game and large ISP’s are buying the smaller ones and the service deteriorates rapidly. Whenever I call now they tell be to reboot the computer as they assume I’ve got a Windows machine and all the questions are scripted as with any call-center.

I still believe that it is possible to host from home using your DSL line, the outages I had never lasted longer than half a day. Which meant that I would never loose any mail. But too many people are currently depending on my server to be up and running 24/7. If you don’t have that requirement and can live with 99% uptime instead of 99.999% you’ll be fine hosting at home.

Brian Stucky offered me a great deal at macminicolo.net which made the decision to go outdoor a lot easier. In exchange I’m putting a banner on the site to return the favor. I think he is running a great service for us Mac lovers who want to use a mini as their server platform. He’s very quick to respond to any question I had, even the outlandish ones. Besides the standard packages macminicolo offers there is room to customise the offer to your needs. I will keep posting on my experiences with macminicolo but untill now they are excellent… TUAW recently tested macminicolo and they liked it as well.

An additional benefit might be that the site might become a bit more responsive as the bandwidth will be a lot better.

PS. If fiber to my home becomes affordable (which will take a few years) I will reconsider my options again!

Here is another episode in the problems with the mod_ssl module in Apache on Leopard. But it is a positive one. Because of the latest security update 2008-2 the default Apache install on OS X Leopard is now 2.2.8. This means we can upgrade our version as well and copy the mod_ssl module from the original installation as done previously.

I’ve looked for more workarounds, but they are all a bit drastic or don’t work. The one I haven’t tried yet is upgrading libtool as I’m not sure that would help and not break any other stuff.

You only need to do this if you need mod_ssl, if you can live without it just follow the normal installation instructions.

We used to use the /etc/hostconfig file for determining which programs should start at boot time on our Mac. Apple however has decided that this will stop in future versions and that they will move over to launchd, it is currently used in Leopard and is the prefered way in controlling your deamons. You can read more about it on the AFP548 site and the manpages for lauchd, launchctl and plist.

To enable it we need to create a .plist file with all the details, as MySQL is a system wide application we need to put it in /System/Library/LaunchDaemons/ and I’m going to call it com.diymacserver.mysql.plist. The content of the file will look like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.diymacserver.mysql</string>
  <key>KeepAlive</key>
  <true/>
  <key>ProgramArguments</key>
  <array>
    <string>/usr/local/mysql/bin/mysqld</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>UserName</key>
  <string>_mysql</string>
  <key>WorkingDirectory</key>
  <string>/usr/local/mysql</string>
</dict>
</plist>

The label key should be the same as the plist file name without the .plist
The KeepAlive option will restart MySQL when it crashes or is stopped.
The RunAtLoad means it will start at boot time.
The UserName option indicates under which user the program should start.

To load and activate the .plist file and to make sure that it is started after a reboot you’ll need to load the plist file by using the command:

sudo launchctl load /System/Library/LaunchDaemons/com.diymacserver.mysql.plist

You can see if it loaded correctly by using the command:

sudo launchctl list

This will show you all the active plist files.

You can see if everything went correctly by trying to start the mysql instance.

sudo launchctl start com.diymacserver.mysql

To stop the instance you could use:

sudo launchctl stop com.diymacserver.mysql

Bu because of the KeepAlive option it will be restarted.

To stop the script being run at boot time you need to unload the plist file.

sudo launchctl unload /System/Library/LaunchDaemons/com.diymacserver.mysql.plist

I know, I should have know better and I should have upgraded my blog as I was supposed to do as advised by Matt. But I was busy working on this new design which I was doing on a new install of Wordpress 2.5 with a copy of the database as my site got hacked yesterday. The whole database was corrupted, pages and comments disappeared. While I was trying to restore a backup as soon as possible I made things even worse than they already where.

To keep it short, I just made my test environment where I was developing the new design of the site the current live site. It was the easiest thing to do and I only lost some posts and comments by that. Which I still will try to retrieve in some manner when possible. The design isn’t finished, it still needs some tweaks. I just received an email from the designer with a large list of items I need to change. Tanja, I’m sorry I will do them as quickly as possible.

Hope you like the new design even if it isn’t completely finished yet.