In the continuing endeavour of improving the quality of his software Sam Varshavchik has released an upgrade to the Courrier-auth daemon. This release has the following changes:
If you want to upgrade your installation please read my upgrade instructions for Courier-auth.
We’ll the new server is proving it’s worth. As it is running Leopard I finally had a machine permanently available to test it out in the real world. So I’ve checked and double checked all the install instructions and they all work. Still to do is adding DSPAM and Maildrop but that won’t take that long. When that is done I’ll write some documents on upgrading!
The only problem I haven’t tackled yet is how to start postfix using the new launchctl plist files. I can’t get it to start properly. If someone can show me how it’s done I would greatly appreciate it.
Update: Allright, persistence has paid off. I’d kept googling and searching the Apple support pages and found the answer on how to start postfix using launchd. The documentation has been updated to reflect the new findings.
I’m still very busy and I haven’t had time to rewrite the documentation to reflect all the changes needed to install the mailserver components on a Leopard based Mac.
But here is a quick instruction set on how to get every item compiled on Leopard. Use the documentation set for all the other instructions, here are only the differences in use for Leopard.
As a first you don’t need to install SASL anymore, it all works without it.
Postfix:
CFLAGS='-arch i386 -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/include/sasl \
-DHAS_PCRE -I/usr/local/include \
-DHAS_SSL -I/usr/include/openssl \
-DHAS_MYSQL -I/usr/local/mysql/include/mysql' \
AUXLIBS='-L/usr/lib -lldap -lsasl2 -L/usr/lib -llber -L/usr/local/lib \
-L/usr/local/lib -lpcre \
-lssl -L/usr/local/mysql/lib/mysql \
-lmysqlclient -lz -lm'
Courier Auth:
./configure --with-authmysql \
--without-authpam \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql
Courier Imap:
--with-authpwd=YES \
--without-authcram \
COURIERAUTHCONFIG=/usr/local/bin/courierauthconfig
Create the vmail user:
sudo dscl . -create /Users/_vmail UserShell /usr/bin/false
sudo dscl . -create /Users/_vmail UniqueID 102
sudo dscl . -create /Users/_vmail PrimaryGroupID 102
sudo dscl . -create /Users/_vmail NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_vmail ''
Create the dspam user:
sudo dscl . -create /Users/_dspam UserShell /usr/bin/false
sudo dscl . -create /Users/_dspam UniqueID 101
sudo dscl . -create /Users/_dspam PrimaryGroupID 101
sudo dscl . -create /Users/_dspam NFSHomeDirectory /usr/local/var/dspam
sudo dscl . -passwd /Users/_dspam ''
DSpam:
--with-storage-driver=mysql_drv \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-mysql-libraries=/usr/local/mysql/lib/mysql \
--enable-preferences-extension \
--with-dspam-home-owner=_dspam \
--with-dspam-home-group=_postfix \
--with-dspam-home=/usr/local/var/dspam \
--enable-long-usernames \
--with-dspam-group=postfix \
--enable-mysql4-initialization \
--enable-domain-scale \
--enable-virtual-users \
--enable-debug \
--enable-verbose-debug
Maildrop:
flags=DRhu user=_vmail argv=/usr/local/bin/maildrop /etc/maildroprc -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}
Some of the changes are minor but they are required. I’m still testing most of the setup, sorry that it takes so much time to update the documentation. If someone knows a way to edit Wordpress pages offline in an easy way I would like to hear about it.
It’s that time of year again for me. My certificates which I normally give a lifespan of a year expired again. I thought I should write down the procedure for refreshing your certificates for all of you and myself so you don’t need to wade through the complete documentation set to find the relevant parts. I hope it as usefull to as it will be for me in a year.
First we’ll do the postifx SMTP TLS/SSL part.
Just open a Terminal and execute the following command in the directory ‘/etc/postfix‘:
-newkey rsa:2048 -nodes -keyout smtpd.key -keyform PEM \
-days 365 -x509
This will create a 2048 bit encryption key that, for now, is secure enough for you mailserver to use. If you are paranoid and want a bigger key just increase the number after rsa:. The key will be valid for a year, if you want a longer period just increase the number after the -days option. When the key is finished you will be asked a couple of questions you need to answer. The information will be shown to people who want to see your certificate when their mail client complains. The most important one is the ‘Common Name’, make sure that that one is the same as the mail server name. Also please make sure that all your answers are the same as the original certificate.
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, YOUR name) []:your.mailserver.tld
Email Address []:you@yourdomain.tld
To make sure everything is refreshed do a ‘sudo postfix reload‘ and try to send an email.
For the IMAP server it is a bit simpler as all the details there are put in a configuration file that still should be there: ‘/usr/local/etc/imapd.cnf‘. Please check the contents of the file and if they don’t relfect your setup please edit the file as described here.
When everything is verified and found in the correct state you can go to the directory ‘/usr/local/share‘ and run ‘sudo ./mkimapdcert‘ to generate a new certificate. Make sure you remove the existing ‘imapd.pem‘ in the same directory first or no new certificate will be created.
Start up your favourite mail client and check the certificate.
All should be in the correct state and our certificates are valid for another year.
Just a quick note on the progression I’m making to get the mailserver components working on Leopard. At first I thought it would be simple, just recompile the lot and be done with it. But as most of you might have noticed, a lot has changed under the hood for Leopard. most notably was the removal of all the netinfo stuff and replacing it with dscl.
I’ve got the basic stuff working with some workarounds but still need to test SSL, maildrop and DSpam. But to reveal some of the stuff that needs to be done in a different here are some of the changes to be made in the documentation:
Postfix has no changes to the install instructions.
Instead of niutil to create the vmail user we use dscl:
sudo dscl . -create /Users/_vmail UserShell /usr/bin/false
sudo dscl . -create /Users/_vmail UniqueID 102
sudo dscl . -create /Users/_vmail PrimaryGroupID 102
sudo dscl . -create /Users/_vmail NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_vmail ''
To compile courier-auth you need this line added to the configure fase:
./configure --with-authmysql \
--without-authpam \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql
IMAP 4.3.0 compiles without a problem, but won’t run properly yet. I’ve got IMAP 4.2.1 working without any change in how you need to compile it. Update: tried it again and it all works, my mistake! Sorry…
On to the next item on the todo list, will keep you posted on my progress.
It’s not been that long ago but Sam Varshavchik has done it again and updated Courier IMAP. Some of the fixes include:
I’ve downloaded, compiled and tested it and found no issues on my test server.
In the last year I had some discussions with DIYMacServer users on how to upgrade their machine or even move their setup to some new hardware. The biggest issue or problem they encountered was how to safely move the emails stored on the server. In this post I will try to describe one way (there are more possibilities to do this) that is pretty safe and you won’t lose any mail.
Before you start please check if you have enough diskspace to make an archive of the mail directory, it might have become very big. You can check the size of the directory by using the command:
The last line from the output will tell you how much space you need on your disk. If you haven’t got enough room you can ask your users to empty their Trash and Sent mail in their email application or remove some items you have stored on the server yourself. If that ain’t possible you’ll need to buy an extra drive (external or internal, depending on the machine you’ve got).
If you have users other then yourself using the mail-server please inform them in advance that the mail-server is going off-line for a short period at a time that is convenient for you to perform this task. This is only about moving the mail, not the websites and I’m assuming you’ve got the other machine ready and setup to take over.
When the time has comes, take the IMAP server off-line, to prevent users from accessing their IMAP folders and accidentally do something between backup and restore actions. If you’ve got POP3 configured as well please stop that as well.
Stop Postfix to prevent incoming mail to be lost when it arrives between backup and restore actions.
Now everything is stopped and you are ready to make a backup of the email directory.
You can do this by using the following command:
This will create a big file called ‘mailbackup.tar.gz’, you can copy/move/ftp this file to any destination you would like.
To unpack the backup and restore it to it’s new destination please use the following command:
sudo tar -xzf /locationofarchive/mailbackup.tar.gz
Replace ‘locationofarchive’ with the path to where you stored your backup archive.
If you used the same setup on both machines the mail directory should have the proper security settings and ownership. You can test this by using the following command:
The owner of the directories should be postfix or vmail, depending on your setup.
Now you can start the IMAP server first and check with your own mail client if you can access all your email again on the server. If there is a problem please check your logfile (/var/log/mail.log for a possible explanation). If it all works turn on the Postfix server and send yourself an email using another mailserver (use a webbased service like Gmail, Yahoo mail or Hotmail) and check if the email will arrive in your mailbox. Keep an eye on the logfile to see the email coming in.
If everything is working for you inform your users that it is all right to use the mail-server and if they have any issues that they please inform you about it.
Good luck!
Allright, the update for Courier-Auth that solves the bug found when using with Mac OSX is released. There where some other issues that were fixed in the IMAP server and some other small bugs in other parts of the courier software stack that we don’t use in our setup. The bug fixes that concern us are:
I’ve tested these new releases (0.60.2 for Courier-Auth and 4.2.1 for Courier-IMAP) and they work, don’t forget to do a:
after you’ve done a ‘make install’ on the courier-auth daemon.
As you might have noticed from the comments on the blogpost on the new version of Courier-auth, there was something wrong.
It turned out to be a completely different error than first reported. Everything looked allright after compiling and installing but it all went wrong when trying to start it up:
/usr/local/var/spool/authdaemon/pid.lock: Bad file descriptor
ll_daemon_start: Resource temporarily unavailable
I checked permissions, deleted the files, to no avail. At a loss I posted a question to the courier-user mailinglist and I got a reply and a patch within a few hours. I’ve just tested the patch and it all works as expected.
Now we only need to wait for the official release of the patch into the next release.
Sam released a new batch of updates on most of the Courier packages, here is the list with the important changes:
Courier-authlib 0.60.0:
Courier-imap 4.2.0
Note: Please don’t update if you are not sure. There have been issues reported and I haven’t tested it myself. I will test it asap…
Note 2: I’ve checked it myself and there is a problem with version 0.60 and 0.60.1 of courier-auth. Currently working with the developers to get it worked out.
RSS feed