As promised earlier, now Dovecot 1.2.0 is released, I’m officialy launching the new mailserver setup with Postfix and Dovecot (Currently Leopard only).

This means no more Courier based products like the authentication, IMAP, POP3 and maildrop apps. Dovecto can do all that with a single installation. I’ve found out that the setup is a lot simpler with a lot fewer procedures and configuration files to maintain.

An last but not in the least, it looks like Dovecot is proving to be an even better IMAP server than Courier was. As I told you in the earlier post it’s a lot faster. While testing it myself I often saw new email appear in Mail or Thunderbird immidiate after thy were received by Dovecot.

Currently the setup only describes the basic setup of a server, I still need to add the DSpam spam-filter in the setup and integrate server based filtering of incoming emails (where we used to use maildrop for). It is all possible but I still need to find out how and document it for you. When that is done I will write the neccesary migration documents how existing users can migrate safely from Courier to Dovecot.

I will keep supporting the Courier product stack for at least a year after I finished documenting the migration instructions. So don’t worry if you don’t switch immediatly. My production servers still run Courier, I only use Dovecot on my test servers. Although there is one user who has already switched to Dovecot (We helped each other in getting this done) because of the performance problems he experienced with Courier IMAP. These problems are now gone and this is one of the reasons I want to move to Dovecot a.s.a.p.

The advise currently is if you want to setup a new server: Use the Dovecot based setup. If you already use Courier please wait untill the migration instructions are finished. If you can’t wait I will try to assist you via email as much as I can but you will be mostly on your own. It’s not that difficult but ou need to know what you are doing.

I hope you like the switch and will be happy with the improved setup. You can read all about it at the new mailserver instruction pages

Just to inform you all as I missed it myself. Apple have released a new version of XCode. It’s not mandatory to upgrade but I will do it myself and all instructions etc. will be based on this version although I don’t expect any issues if you keep using the previous version.

You can download it from developer.apple.com. If you don’t have an account yet, just register. It’s free if you just want to download XCode and the related information.

What’s new in XCode 3.1.3:

• SDK support for targeting non-Mac OS X platforms, including iPhone OS SDK.
• GCC 4.2 & LLVM GCC 4.2 optional compilers for use with Mac OS X 10.5 SDK
• Updated assistants to create new projects, targets, and source ?les
• Toolbar uses a single popup to choose platform, target, and debug/release
• Integrated SCM support now works with Subversion 1.5

Finally, I’ve set myself to it after avery busy week at work. I’ve created a new set of pages to instruct you how to compile Postfix, Courier-Auth and Courier IMAP/POP3 in 64 bits mode. It’s basically setting some extra compiler flags but it takes some trial and error to find out which are the correct ones. Don’t forget you need a 64 bits MySQL installation to get this working otherwise you will get compiler errors.

• Building the Postfix mailserver in 64 bits on Leopard
• Building the Courier Auth library in 64 bits on Leopard
• Building the Courier IMAP/POP3 server in 64 bits on Leopard

The configuration of all the components is not affected by this new compilation method so they stay the same. Next up: DSPAM and Maildrop.

I’ve received many requests to add several modules to my documentation set of installing PHP. I’ve untill now avoided it because it is a lot of work to do this for all seperate versions. Not even mentioning solving issues and supporting all your questions.

I’ve now documented how to add GD (which was one of the most requested modules) and mcrypt (required for a safe use of phpmyadmin).

I’ve documented each module as a seperate installation and it will tell you which parameters to add to the normal PHP installation to make it work. In this manner everyone can select the modules he or she wants without the modules that aren’t needed.

Read more about it on their respective pages:

• Adding the mcrypt module to PHP on Leopard
• Adding the GD module to PHP on Leopard

I hope you like this method of documention this.

I’ve just finished updating my test server with Mac OSX 10.5.6. Both updates went without any problem and my setup was not affected in a negative way. Only had to get a new version of GPGmail. Every item had started after the reboot and worked according to expectations.

If you want to read more on what is affected in the updates I would suggest reading the Apple support site for the 10.5.6 update and the 2008-008 security update.

In case of doubt, please make a full bootable disk image backup with Cabon Copy Cloner before you start.

I will update my production machines this weekend when I’ve got some more spare time. If you want to be sure everything is allright please wait untill then.

Update: There was an issue with postfix, please read the update

This morning running the update everything looked fine and working. But email traffic looked a little on the light side, I didn’t even receive any spam. So I started looking around for any issues that mifght have happend and I couldn’t find it. When looking at the server it was blocking port 25 but from the servier itself all looked fine. So naturally I blamed the firewall, but that wasn’t it.

Then I read the information on the Security Update and there was an item on postfix there:

Postfix

CVE-ID: CVE-2008-3646

Available for: Mac OS X v10.5.5

Impact: A remote attacker may be able to send mail directly to local users

Description: An issue exists in the Postfix configuration files. For a period of one minute after a local command-line tool sends mail, postfix is accessible from the network. During this time, a remote entity who could connect to the SMTP port may send mail to local users and otherwise use the SMTP protocol. This issue does not cause the system to be an open mail relay. This issue is addressed by modifying the Postfix configuration to prevent SMTP connections from remote machines. This issue does not affect systems prior to Mac OS X v10.5 and does not affect Mac OS X Server. Credit to Pelle Johansson for reporting this issue.

I checked the configuration files and I noticed, by the date, that main.cf was changed. I did a diff with a backup and I founf out that the security update added the following line:

inet_interfaces = localhost

This means that only local programs get access to the postfix program. This was the cause of the problem of no longer receiving any mail! So I removed the line from main.cf and restarted postfix with the command:

sudo postfix stop

Because of the startup scripts postfix will restart automatically.

By the way, I also noted this error message in the logfile:

fatal: unsupported dictionary type: mysql

I’m not sure this is due to the Security update but it means that postfix is unable to access mysql because support for it wasn’t compiled in. You can check it by running:

sudo postconf -m

It should return mysql in the list. It wasn’t on my computer. To solve this I went into the postfix source directoy of the last succesfull build and ran a:

sudo make install

Restarted postfix again and all was fine and running again. I also received some spam today. Please leave a comment if you see this on your system as well.

It looks my earlier findings were a bit premature. I’ve been given access to a Core2Duo Mac mini by Ceriel of Vakantieland.nl and Crashplan.nl to test the findings I had when compiling the MAMP stack in 64 bits. There are some minor differences in compiling MySQL and PHP as the earlier solution does not work for them.

Apache:
CFLAGS="-arch x86_64" \
./configure --enable-layout=DIYMacServer \
  --enable-mods-shared=all \
  --with-ssl=/usr \
  --with-mpm=prefork \
  --disable-unique-id \
  --enable-ssl \
  --enable-dav \
  --enable-cache \
  --enable-proxy \
  --enable-logio \
  --enable-deflate \
  --with-included-apr \
  --enable-cgi \
  --enable-cgid \
  --enable-suexec

MySQL:
CFLAGS="-arch x86_64" \
CXXFLAGS="-arch x86_64" \
./configure --prefix=/usr/local/mysql \
  --localstatedir=/usr/local/mysql/data \
  --libexecdir=/usr/local/mysql/bin \
  --libdir=/usr/local/mysql/lib \
  --with-server-suffix=-standard \
  --enable-thread-safe-client \
  --enable-local-infile \
  --enable-shared \
  --with-zlib-dir=bundled \
  --with-big-tables \
  --with-readline \
  --with-archive-storage-engine \
  --with-innodb \
  --without-docs \
  --without-bench

PHP:
CFLAGS="-arch x86_64" \
CXXFLAGS="-arch x86_64" \
./configure --prefix=/usr/local/php5 \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--sysconfdir=/etc \
--with-zlib \
--with-zlib-dir=/usr \
--with-openssl \
--without-iconv \
--enable-exif \
--enable-ftp \
--enable-mbstring \
--enable-mbregex \
--enable-sockets \
--with-mysql=/usr/local/mysql \
--with-mysqli=/usr/local/mysql/bin/mysql_config \
--with-apxs2=/usr/local/apache2/bin/apxs

In Leopard there is a problem with the iconv library, somehow that is not 64 bits or something like that. When compiling 32 bits it works. I guess if you really want iconv you will have to recompile the inconv library to get that one working. Currently I’m working to get IMAP working for postfixadmin.

Some of you have the “luxury” of having Macs with Core 2 Duo processors. I’m still working on my Core Duo Mac mini so this post isn’t really for me. But if you have one of those Macs who are capable of running 64 bit software than this post is for you.

To compile MySQL, Apache or PHP you need to add a compiler flag to the ./configure statement and that is it.

CFLAGS="-arch x86_64" \
./configure etc...

(Note: this is only valid for Intel CPU’s, in case of a PowerPc use ppc_64)

I do not know how this would influence performance as I can’t run 64 bit apps. If someone would test the difference and comment their findings here that would be great.

To find out if you’ve got the capability of running 64 bit applications I found this simple test. Open a Terminal session and execute the following command:

httpd -V

In the output you should find a line with:

Architecture: 64-bit

if you have got a 64 bit version or

Architecture: 32-bit

if you have a 32 bits system just like me.

By the way I’m planning for a new Mac before the end of the year. Still need to decide what model but I’ve started saving up for it, care to help ?

The people from Corsaire have done it again. They have published a whitepaper on how you can secure your installation of Leopard. It’s a document describing the best practices and some of it should be common knowledge. It’s a follow up on the previous guides they published for Tiger and earlier.

It’s a good and easy read and you can benefit from this when you have your Mac connected to the outside world. Did I mention it’s available for free.

You can download the PDF from here.

When I tested the latest MySQL upgrade I noticed I had left out some of instructions that accompany the other applications. So this weekend I wrote the pages “Upgrading MySQL” and “Starting MySQL on Leopard” which makes sure that MySQL is started automatically after a reboot using the new launchd program. With this you don’t need to install the MySQL startup item, it will only interfere. The new launchd scripts is also configured to automatically restart MySQL after a crash, shutdown or other failure.