November 2007


Progress on migrating mailserver components to Leopard

Just a quick note on the progression I’m making to get the mailserver components working on Leopard. At first I thought it would be simple, just recompile the lot and be done with it. But as most of you might have noticed, a lot has changed under the hood for Leopard. most notably was the removal of all the netinfo stuff and replacing it with dscl.

I’ve got the basic stuff working with some workarounds but still need to test SSL, maildrop and DSpam. But to reveal some of the stuff that needs to be done in a different here are some of the changes to be made in the documentation:

Postfix has no changes to the install instructions.

Instead of niutil to create the vmail user we use dscl:

sudo dscl . -create /Users/_vmail
sudo dscl . -create /Users/_vmail UserShell /usr/bin/false
sudo dscl . -create /Users/_vmail UniqueID 102
sudo dscl . -create /Users/_vmail PrimaryGroupID 102
sudo dscl . -create /Users/_vmail NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_vmail ”

To compile courier-auth you need this line added to the configure fase:

export MACOSX_DEPLOYMENT_TARGET=10.5 \
./configure --with-authmysql \
--without-authpam \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql

IMAP 4.3.0 compiles without a problem, but won’t run properly yet. I’ve got IMAP 4.2.1 working without any change in how you need to compile it. Update: tried it again and it all works, my mistake! Sorry…

On to the next item on the todo list, will keep you posted on my progress.

Courier IMAP update to 4.3.0

It’s not been that long ago but Sam Varshavchik has done it again and updated Courier IMAP. Some of the fixes include:

  • Added support for GnuTLS as an alternative to OpenSSL.
  • Fix certain courier-authlib misconfigurations from being reported as false clock skew errors.
  • Remove the \Draft flag from messages that are automatically moved to Trash after expunge, to have clients treat them as ordinary messages, if pulled from Trash.

I’ve downloaded, compiled and tested it and found no issues on my test server.

How to backup and restore mail on the server

In the last year I had some discussions with DIYMacServer users on how to upgrade their machine or even move their setup to some new hardware. The biggest issue or problem they encountered was how to safely move the emails stored on the server. In this post I will try to describe one way (there are more possibilities to do this) that is pretty safe and you won’t lose any mail.

Before you start please check if you have enough diskspace to make an archive of the mail directory, it might have become very big. You can check the size of the directory by using the command:

sudo du -hc /usr/local/virtual

The last line from the output will tell you how much space you need on your disk. If you haven’t got enough room you can ask your users to empty their Trash and Sent mail in their email application or remove some items you have stored on the server yourself. If that ain’t possible you’ll need to buy an extra drive (external or internal, depending on the machine you’ve got).

If you have users other then yourself using the mail-server please inform them in advance that the mail-server is going off-line for a short period at a time that is convenient for you to perform this task. This is only about moving the mail, not the websites and I’m assuming you’ve got the other machine ready and setup to take over.

When the time has comes, take the IMAP server off-line, to prevent users from accessing their IMAP folders and accidentally do something between backup and restore actions. If you’ve got POP3 configured as well please stop that as well.

Stop Postfix to prevent incoming mail to be lost when it arrives between backup and restore actions.

Now everything is stopped and you are ready to make a backup of the email directory.

You can do this by using the following command:

sudo tar -czf mailbackup.tar.gz /usr/local/virtual

This will create a big file called ‘mailbackup.tar.gz’, you can copy/move/ftp this file to any destination you would like.

To unpack the backup and restore it to it’s new destination please use the following command:

cd /
sudo tar -xzf /locationofarchive/mailbackup.tar.gz

Replace ‘locationofarchive’ with the path to where you stored your backup archive.

If you used the same setup on both machines the mail directory should have the proper security settings and ownership. You can test this by using the following command:

sudo ls -l /usr/local/virtual

The owner of the directories should be postfix or vmail, depending on your setup.

Now you can start the IMAP server first and check with your own mail client if you can access all your email again on the server. If there is a problem please check your logfile (/var/log/mail.log for a possible explanation). If it all works turn on the Postfix server and send yourself an email using another mailserver (use a webbased service like Gmail, Yahoo mail or Hotmail) and check if the email will arrive in your mailbox. Keep an eye on the logfile to see the email coming in.

If everything is working for you inform your users that it is all right to use the mail-server and if they have any issues that they please inform you about it.

Good luck!

PHP updated to 5.2.5

Somehow the PHP.net guys forget they have an announcement mailinglist to tell everyone a new version is released. I had a kind and very thoughtfull reminder in my mail from a happy DIYMacServer user telling me that a new version has been released.

So gentleman, start your download program and warm up your compiler. The PHP installation documentation has been updated and also has a Leopard configuration for all you early adopters.

The new release boasts the following fixes:

  • Fixed dl() to only accept filenames. Reported by Laurent Gaffie.
  • Fixed dl() to limit argument size to MAXPATHLEN (CVE-2007-4887). Reported by Laurent Gaffie.
  • Fixed htmlentities/htmlspecialchars not to accept partial multibyte sequences. Reported by Rasmus Lerdorf
  • Fixed possible triggering of buffer overflows inside glibc implementations of the fnmatch(), setlocale() and glob() functions. Reported by Laurent Gaffie.
  • Fixed “mail.force_extra_parameters” php.ini directive not to be modifiable in .htaccess due to the security implications. Reported by SecurityReason.
  • Fixed bug #42869 (automatic session id insertion adds sessions id to non-local forms).
  • Fixed bug #41561 (Values set with php_admin_* in httpd.conf can be overwritten with ini_set()).

and the following enhancements:

  • Upgraded PCRE to version 7.3
  • Updated timezone database to version 2007.9
  • Added ability to control memory consumption between request using ZEND_MM_COMPACT environment variable.
  • Improved speed of array_intersect_key(), array_intersect_assoc(), array_uintersect_assoc(), array_diff_key(), array_diff_assoc() and array_udiff_assoc() functions
  • Fixed bug #43139 (PDO ignores ATTR_DEFAULT_FETCH_MODE in some cases with fetchAll())
  • Fixed bug #42785 (json_encode() formats doubles according to locale rather then following standard syntax)
  • Fixed bug #42549 (ext/mysql failed to compile with libmysql 3.23)
  • Over 60 bug fixes.

Compiling Apache on Leopard

Note: There are more recent instructions on compiling Apache on Leopard in the documentation set: Installing Apache

As people are compiling Apache on Leopard and because its not the usual configure, make, install procedure. I thought a separate blog post explaining it would help people to get it all working.

There are 2 ways to define the setup, go for the default Leopard install method and overwrite the current Apache installation or install a separate instance. The separate instance falls in line with all the other DIYMacserver documentation. The Leopard install will keep the functionality of the preference pane intact. You choose !

The difference in the configuration is made in the ‘config.layout’ file which determines where all the packages should be installed. For both methods copy the layout below and add it to the ‘config.layout’ file.

DIYMacserver installation configuration
<Layout DIYMacServer>
  prefix: /usr/local/apache2
  exec_prefix: ${prefix}
  bindir: ${exec_prefix}/bin
  sbindir: ${exec_prefix}/bin
  libdir: ${exec_prefix}/lib
  libexecdir: ${exec_prefix}/modules
  mandir: ${prefix}/man
  sysconfdir: /etc/httpd
  datadir: /Library/Webserver
  installbuilddir: ${datadir}/build
  errordir: ${datadir}/error
  iconsdir: ${datadir}/icons
  htdocsdir: ${datadir}/Documents
  manualdir: ${datadir}/manual
  cgidir: ${datadir}/CGI-Executables
  includedir: ${prefix}/include
  localstatedir: /var
  runtimedir: ${localstatedir}/run
  logfiledir: ${localstatedir}/log/httpd
  proxycachedir: ${runtimedir}/proxy
</Layout>

Leopard installation configuration

<Layout Leopard>
  prefix: /usr
  exec_prefix: ${prefix}
  bindir: ${exec_prefix}/bin
  sbindir: ${exec_prefix}/sbin
  libdir: ${exec_prefix}/lib
  libexecdir: ${exec_prefix}/libexec+
  mandir: ${prefix}/share/man
  sysconfdir: /etc+
  datadir: /Library/Webserver
  installbuilddir: ${prefix}/share/httpd/build
  errordir: ${prefix}/share/httpd/error
  iconsdir: ${prefix}/share/httpd/icons
  htdocsdir: ${datadir}/Documents
  manualdir: ${datadir}/share/httpd/manual
  cgidir: ${datadir}/CGI-Executables
  includedir: ${prefix}/include+
  localstatedir: /var
  runtimedir: ${localstatedir}/run
  logfiledir: ${localstatedir}/log+
  proxycachedir: ${runtimedir}/proxy
</Layout>

If you’ve edited the ‘config.layout’ file you are ready to run the configuration script. Change the ‘–enable-layout’ to reflect your choice in configuration. So fill in either DIYMacServer or Leopard to choose, the example uses DIYMacServer as the layout.

./configure --enable-layout=DIYMacServer \
--enable-mods-shared=all \
--with-ssl=/usr \
--with-mpm=prefork \
--disable-static \
--disable-unique-id \
--disable-ipv6 \
--enable-ssl \
--enable-dav \
--enable-cache \
--enable-proxy \
--enable-shared \
--enable-logio \
--enable-deflate \
--with-included-apr \
--enable-cgi \
--enable-cgid \
--enable-suexec

You can now run:

make

and if it all goes well:

sudo make install

If you run into errors or some strange thig happens which you can’t explain, please post you questions and the error into the forum on this site:

The configuration and all the other posts related to apache in the documentation set are still valid, you still can use those.

Next Page »