October 2008


Mac mini not dead yet!

There where rumors floating on the internet that the Mac mini is dead. Sources indicated that european retailers weren’t getting any mini’s anymore. Which would mean that our beloved “server” platform is coming to an end. I guess the price of a second hand mini won’t come down soon if this really is true.

Appleinsider.com however came with a report this friday that gives a little spark of hope. Their report mentions a new mac mini that is on the way. As a source they have Brian Stucky of Macminicolo.net fame who mentions he knows what is coming. Read the article if you want to know more, I for one hope it is true as I really love the mini. Mine is getting a bit old and slow for desktop use and would jump at a newer and faster mini!

PS. On the appleinsider article there is a picture of the macminicolo.net datacenter. I wonder which of the 400 mini’s is mine?

New feature: Greylisting using SQLGrey

Just finished writing the documentation on adding greylisting as a new anti spam feature to our mailserver setup. Grey listing is a combination of whitelisting and blacklisting senders and mailservers. It does this all automatically, basically it asks all non whitelisted senders to try to resend the message after 5 minutes. Every proper MTA (mailserver) will do this without a problem. If the sender and mailserver have done this a number of times they will be whitelisted as a sender that does not send spam. (If you want all the details on greylisting read the site greylisting.org)

I’ve got it running for a few days now and my spam has almost dropped to zero. Normally my Junk folder would at least have 20 spam messages a day which are for 99% caught by DSpam and Mail.app. Meaning that this really helps, it will even improve the DSpam filtering capabilities as the spam/ham ratio is better now.

There is however a drawback to this setup. All email which is send to you from an irregular source will be delayed for a minimum of 5 minutes. If that is not a problem feel free to add this feature to your mailserver.

How to add greylisting using the SQLGrey daemon is now listed in the documentation set as well as a page on how to create startup scripts for this new feature.

Also note that if you use a backup MX this backup server should also have the same greylisting setup otherwise all mail from your backup server will bypass the greylisting as your backup server will be whitelisted. If you don’t have a backup MX server with these capabilities please contact me as I think I might be able to help you out.

IMPORTANT: Security Update 2008-007, postfix affected

This morning running the update everything looked fine and working. But email traffic looked a little on the light side, I didn’t even receive any spam. So I started looking around for any issues that mifght have happend and I couldn’t find it. When looking at the server it was blocking port 25 but from the servier itself all looked fine. So naturally I blamed the firewall, but that wasn’t it.

Then I read the information on the Security Update and there was an item on postfix there:

Postfix

CVE-ID: CVE-2008-3646

Available for: Mac OS X v10.5.5

Impact: A remote attacker may be able to send mail directly to local users

Description: An issue exists in the Postfix configuration files. For a period of one minute after a local command-line tool sends mail, postfix is accessible from the network. During this time, a remote entity who could connect to the SMTP port may send mail to local users and otherwise use the SMTP protocol. This issue does not cause the system to be an open mail relay. This issue is addressed by modifying the Postfix configuration to prevent SMTP connections from remote machines. This issue does not affect systems prior to Mac OS X v10.5 and does not affect Mac OS X Server. Credit to Pelle Johansson for reporting this issue.

I checked the configuration files and I noticed, by the date, that main.cf was changed. I did a diff with a backup and I founf out that the security update added the following line:

inet_interfaces = localhost

This means that only local programs get access to the postfix program. This was the cause of the problem of no longer receiving any mail! So I removed the line from main.cf and restarted postfix with the command:

sudo postfix stop

Because of the startup scripts postfix will restart automatically.

By the way, I also noted this error message in the logfile:

fatal: unsupported dictionary type: mysql

I’m not sure this is due to the Security update but it means that postfix is unable to access mysql because support for it wasn’t compiled in. You can check it by running:

sudo postconf -m

It should return mysql in the list. It wasn’t on my computer. To solve this I went into the postfix source directoy of the last succesfull build and ran a:

sudo make install

Restarted postfix again and all was fine and running again. I also received some spam today. Please leave a comment if you see this on your system as well.

Update on 64 bits compilation

It looks my earlier findings were a bit premature. I’ve been given access to a Core2Duo Mac mini by Ceriel of Vakantieland.nl and Crashplan.nl to test the findings I had when compiling the MAMP stack in 64 bits. There are some minor differences in compiling MySQL and PHP as the earlier solution does not work for them.

Apache:
CFLAGS="-arch x86_64" \
./configure --enable-layout=DIYMacServer \
  --enable-mods-shared=all \
  --with-ssl=/usr \
  --with-mpm=prefork \
  --disable-unique-id \
  --enable-ssl \
  --enable-dav \
  --enable-cache \
  --enable-proxy \
  --enable-logio \
  --enable-deflate \
  --with-included-apr \
  --enable-cgi \
  --enable-cgid \
  --enable-suexec

MySQL:
CFLAGS="-arch x86_64" \
CXXFLAGS="-arch x86_64" \
./configure --prefix=/usr/local/mysql \
  --localstatedir=/usr/local/mysql/data \
  --libexecdir=/usr/local/mysql/bin \
  --libdir=/usr/local/mysql/lib \
  --with-server-suffix=-standard \
  --enable-thread-safe-client \
  --enable-local-infile \
  --enable-shared \
  --with-zlib-dir=bundled \
  --with-big-tables \
  --with-readline \
  --with-archive-storage-engine \
  --with-innodb \
  --without-docs \
  --without-bench

PHP:
CFLAGS="-arch x86_64" \
CXXFLAGS="-arch x86_64" \
./configure --prefix=/usr/local/php5 \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--sysconfdir=/etc \
--with-zlib \
--with-zlib-dir=/usr \
--with-openssl \
--without-iconv \
--enable-exif \
--enable-ftp \
--enable-mbstring \
--enable-mbregex \
--enable-sockets \
--with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-apxs2=/usr/local/apache2/bin/apxs

In Leopard there is a problem with the iconv library, somehow that is not 64 bits or something like that. When compiling 32 bits it works. I guess if you really want iconv you will have to recompile the inconv library to get that one working. Currently I’m working to get IMAP working for postfixadmin.