June 2008


Protect yourself against the new Trojan

While I still have my doubts about this news about a Trojan for OS X. I think it’s better to be safe than sorry, as my server has been hacked before, and I do use Apple’s Remote Desktop feature. I found this simple method that should prevent any issues coming in from that vulnerability. Just run the following command in a Terminal session:

sudo chmod -R u-s /System/Library/CoreServices/RemoteManagement/ARDAgent.app

This will disable the use of using this program to get root access. More on this on the TidBits website.

The other thing to help you prevent any Trojan is never to install any programs, how much fun they might be, on your server that you don’t need!

Updated the Apache documentation set

I found out that while I was installing the new Apache version that some of the documentation was still outdated or did not properly reflect the state of things on Leopard. For instance, I still referred to a blog post instead of a proper documentation page for compiling Apache on Leopard. The startup script still was done in the old fashioned way instead of using the new launchd daemon.

So I did a small overhaul of the Apache documentation and separated the Tiger and Leopard instructions as I’ve done with all the other stuff. I hope this makes it all a bit clearer.

Leopard:

Tiger:

For both:

Leopard:

Tiger:

Apache updated to 2.2.9

I got an email today from the Apache announcement mailing list that a new version was released today. I’ve downloaded version 2.2.9 and compiled it right away on my Leopard test machine. I was surprised that there weren’t any problems with the SSL module, there where no changes or fixes listed on the SSL module. It all worked as you normally would expect. It was almost like the the SSL issues on 2.2.6 and 2.2.8 never existed. The only problem I have with this is that I don’t know how or why the problem is solved.

I’ve even tried it on my production server to see if that would work and it did.

This version has besides several bugfixes tw osecurity fixes so please upgrade to this version whenever possible. Read all about the changes in the 2.2.9 changelog.

To help I’ve written some instructions on how to upgrade your Apache installation in the least painfull way with a possibility to go back if something goes wrong: Upgrading Apache

IMPORTANT: Courier-Auth updated to 0.60.6

There is a important security release of Courier-Auth, in the older versions Courier-Auth has an SQL injection exploit. This release should prevent any further security threaths. This release has the following changes:

  • Use mysql_set_character_set() instead of SET NAMES. This fixes a SQL injection possibility with MySQL databases that use non-Latin character sets.

This bug will affect you and I advise you to upgrade as soon as possible. I’ve upgraded al servers without a problem. If you want to upgrade your installation please read my upgrade instructions for Courier-auth.

Why have your own mail server

People often ask me why I have my own mail-server. Why spend all this time and money on having your own server when there are a lot of free email services that do everything you want and more for nothing. I don’t think I have to give you any examples you know the ones they mean. I tell them the following:

Because I can and because I like it!

I like to have my own mail-server because I like to be in control. I decide the features. I decide what happens with my email. I decide when email is spam. I decide the size of my inbox. I decide what is secure enough. I decide who gets access to my mail. Especially the last two are becoming more and more important when governments become more and more paranoid.

Another reason which, I guess, is only valid for geeks: It’s fun! You really get to understand the workings of email, spam filtering, and more. By configuring, tweaking and reading the log-files you really get to understand what happens and how you can improve your own mail-server.

Why did you choose to have your own mail-server ?

Next Page »