We’ll the new server is proving it’s worth. As it is running Leopard I finally had a machine permanently available to test it out in the real world. So I’ve checked and double checked all the install instructions and they all work. Still to do is adding DSPAM and Maildrop but that won’t take that long. When that is done I’ll write some documents on upgrading!

• The basic mailserver on Leopard
• Building the Postfix mailserver on Leopard
• Building the Courier Auth library
• Building the Courier IMAP/POP3 server
• Setting up the database for mailserver administration
• Create the mailbox directories
• Configuring SASL for SMTP authentication
• Configuring Postfix for virtual domains using MySQL
• Configuring Courier-auth to use MySQL
• Configuring Courier IMAP with your maildir
• Starting your basic mailserver

The only problem I haven’t tackled yet is how to start postfix using the new launchctl plist files. I can’t get it to start properly. If someone can show me how it’s done I would greatly appreciate it.

Update: Allright, persistence has paid off. I’d kept googling and searching the Apple support pages and found the answer on how to start postfix using launchd. The documentation has been updated to reflect the new findings.

Here is another episode in the problems with the mod_ssl module in Apache on Leopard. But it is a positive one. Because of the latest security update 2008-2 the default Apache install on OS X Leopard is now 2.2.8. This means we can upgrade our version as well and copy the mod_ssl module from the original installation as done previously.

I’ve looked for more workarounds, but they are all a bit drastic or don’t work. The one I haven’t tried yet is upgrading libtool as I’m not sure that would help and not break any other stuff.

You only need to do this if you need mod_ssl, if you can live without it just follow the normal installation instructions.

We used to use the /etc/hostconfig file for determining which programs should start at boot time on our Mac. Apple however has decided that this will stop in future versions and that they will move over to launchd, it is currently used in Leopard and is the prefered way in controlling your deamons. You can read more about it on the AFP548 site and the manpages for lauchd, launchctl and plist.

To enable it we need to create a .plist file with all the details, as MySQL is a system wide application we need to put it in /System/Library/LaunchDaemons/ and I’m going to call it com.diymacserver.mysql.plist. The content of the file will look like:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.diymacserver.mysql</string>
  <key>KeepAlive</key>
  <true/>
  <key>ProgramArguments</key>
  <array>
    <string>/usr/local/mysql/bin/mysqld</string>
  </array>
  <key>RunAtLoad</key>
  <true/>
  <key>UserName</key>
  <string>_mysql</string>
  <key>WorkingDirectory</key>
  <string>/usr/local/mysql</string>
</dict>
</plist>

The label key should be the same as the plist file name without the .plist
The KeepAlive option will restart MySQL when it crashes or is stopped.
The RunAtLoad means it will start at boot time.
The UserName option indicates under which user the program should start.

To load and activate the .plist file and to make sure that it is started after a reboot you’ll need to load the plist file by using the command:

sudo launchctl load /System/Library/LaunchDaemons/com.diymacserver.mysql.plist

You can see if it loaded correctly by using the command:

sudo launchctl list

This will show you all the active plist files.

You can see if everything went correctly by trying to start the mysql instance.

sudo launchctl start com.diymacserver.mysql

To stop the instance you could use:

sudo launchctl stop com.diymacserver.mysql

Bu because of the KeepAlive option it will be restarted.

To stop the script being run at boot time you need to unload the plist file.

sudo launchctl unload /System/Library/LaunchDaemons/com.diymacserver.mysql.plist

Postfix 2.5.1 had been released for a few weeks but I just got around to test it on both Tiger and Leopard. Both OS X version do not cause any problems. I did found out one error in the previous blogpost on the Leopard install instructions concerning the SASL include path which might have also caused the issues with 2.5.0. I’ve updated that post to reflect the changes. It will compile on Tiger without any changes.

The bugfixes introduced in 2.5.1 are:

• The Postfix 2.5 “postfix upgrade-configuration” command now works even with Postfix 2.4 or earlier versions of the postfix command, instead of producing a main.cf file with an empty “data_directory” parameter value.
• When installing Postfix 2.5.0 without upgrading from an existing master.cf file, the new master.cf file had an incorrect process limit for the proxywrite service. This service is used only by the obscure “smtp_sasl_auth_cache_name” and “lmtp_sasl_auth_cache_name” configuration parameters.
• Someone needed multi-line support for header/body Milter replies.
• The LDAP client’s TLS support was broken in several ways.

I’m still very busy and I haven’t had time to rewrite the documentation to reflect all the changes needed to install the mailserver components on a Leopard based Mac.

But here is a quick instruction set on how to get every item compiled on Leopard. Use the documentation set for all the other instructions, here are only the differences in use for Leopard.

As a first you don’t need to install SASL anymore, it all works without it.

Postfix:
make -f Makefile.init makefiles \
CFLAGS='-arch i386 -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/include/sasl \
-DHAS_PCRE -I/usr/local/include \
-DHAS_SSL -I/usr/include/openssl \
-DHAS_MYSQL -I/usr/local/mysql/include/mysql' \
AUXLIBS='-L/usr/lib -lldap -lsasl2 -L/usr/lib -llber -L/usr/local/lib \
-L/usr/local/lib -lpcre \
-lssl -L/usr/local/mysql/lib/mysql \
-lmysqlclient -lz -lm'

Courier Auth:
export MACOSX_DEPLOYMENT_TARGET=10.5
./configure --with-authmysql \
--without-authpam \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql

Courier Imap:
./configure --prefix=/usr/local \
--with-authpwd=YES \
--without-authcram \
COURIERAUTHCONFIG=/usr/local/bin/courierauthconfig

Create the vmail user:
sudo dscl . -create /Users/_vmail
sudo dscl . -create /Users/_vmail UserShell /usr/bin/false
sudo dscl . -create /Users/_vmail UniqueID 102
sudo dscl . -create /Users/_vmail PrimaryGroupID 102
sudo dscl . -create /Users/_vmail NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_vmail ''

Create the dspam user:
sudo dscl . -create /Users/_dspam
sudo dscl . -create /Users/_dspam UserShell /usr/bin/false
sudo dscl . -create /Users/_dspam UniqueID 101
sudo dscl . -create /Users/_dspam PrimaryGroupID 101
sudo dscl . -create /Users/_dspam NFSHomeDirectory /usr/local/var/dspam
sudo dscl . -passwd /Users/_dspam ''

DSpam:
/configure --enable-daemon \
--with-storage-driver=mysql_drv \
--with-mysql-includes=/usr/local/mysql/include/mysql \
--with-mysql-libraries=/usr/local/mysql/lib/mysql \
--enable-preferences-extension \
--with-dspam-home-owner=_dspam \
--with-dspam-home-group=_postfix \
--with-dspam-home=/usr/local/var/dspam \
--enable-long-usernames \
--with-dspam-group=postfix \
--enable-mysql4-initialization \
--enable-domain-scale \
--enable-virtual-users \
--enable-debug \
--enable-verbose-debug

Maildrop:
sudo chown _vmail maildroprc

maildrop unix - n n - - pipe
flags=DRhu user=_vmail argv=/usr/local/bin/maildrop /etc/maildroprc -d ${user}@${nexthop} ${extension} ${recipient} ${user} ${nexthop} ${sender}

Some of the changes are minor but they are required. I’m still testing most of the setup, sorry that it takes so much time to update the documentation. If someone knows a way to edit Wordpress pages offline in an easy way I would like to hear about it.

As noted earlier there are some problems since 2.2.6 with the mod_ssl module in Leopard.

There seems to be some progress being made by people at apache as someone posted a comment to the original post which you might have missed. You can read the bugreport at: http://issues.apache.org/bugzilla/show_bug.cgi?id=44384

It looks like a version issue of the libtool, a new version of libtool has solved the problem. I hope it works out and I will see what I can do to help you compile it properly on your Mac running Leopard.

MySQL is still working on the problems regarding the incompatibilities. In the bug reports there are some advices which will be released in the next release I guess. If you can’t wait, here are the solutions:

The not working preference pane has an update which you can download from here.

The issue of not starting up properly has to do with the user rights on the data directory. You can change them to the proper user by the command:

chown -R mysql:wheel /usr/local/mysql/data

Hopefully the next release will address all the issues. If ou want to read the bugreport yourself you can do that here: http://bugs.mysql.com/bug.php?id=28854

Apache just released version 2.2.8 of it’s webserver. It’s mostly just a security fix release. When using it on Tiger there isn’t any issue with compiling and installing it as described in the documentation. On Leopard it’s another issue (or there is still the same issue). The bug we found in the apr configuration with the APR_HAS_SENDFILE option is now solved. You can compile it out of the box. The problem with mod_ssl still stands and needs to be solved. This time even copying the original mod_ssl module which worked with 2.2.6 doesn’t help anymore. If anyone has any ideas how to solve this problem I and many others would be very gratefull for that!

Thanks to Tim we’ve got a simple workaround to get our own compiled Apache version 2.2.6 running on Leopard with a proper SSL module. The solution is to just use the original mod_ssl module from the original installation. The original mod_ssl module can be found in /usr/libexec/apache2/.

To use this original module the best way possible use these commands:

cd /usr/local/apache2/modules/
sudo mv mod_ssl.so mod_ssl.so.old
sudo ln -s /usr/libexec/apache2/mod_ssl.so mod_ssl.so

Restart the server, uncomment the mod_ssl module in your httpd.conf and restart the server to see it working.

You could also copy the module from its original location but I choose this method because it will benefit from any update that might happen with a security update from Apple.

I can only hope it will also work with a new version of Apache, but we’ll have to wait and see.

Just a quick note on the progression I’m making to get the mailserver components working on Leopard. At first I thought it would be simple, just recompile the lot and be done with it. But as most of you might have noticed, a lot has changed under the hood for Leopard. most notably was the removal of all the netinfo stuff and replacing it with dscl.

I’ve got the basic stuff working with some workarounds but still need to test SSL, maildrop and DSpam. But to reveal some of the stuff that needs to be done in a different here are some of the changes to be made in the documentation:

Postfix has no changes to the install instructions.

Instead of niutil to create the vmail user we use dscl:

sudo dscl . -create /Users/_vmail
sudo dscl . -create /Users/_vmail UserShell /usr/bin/false
sudo dscl . -create /Users/_vmail UniqueID 102
sudo dscl . -create /Users/_vmail PrimaryGroupID 102
sudo dscl . -create /Users/_vmail NFSHomeDirectory /var/empty
sudo dscl . -passwd /Users/_vmail ''

To compile courier-auth you need this line added to the configure fase:

export MACOSX_DEPLOYMENT_TARGET=10.5 \
./configure --with-authmysql \
--without-authpam \
--with-mysql-libs=/usr/local/mysql/lib/mysql \
--with-mysql-includes=/usr/local/mysql/include/mysql

IMAP 4.3.0 compiles without a problem, but won’t run properly yet. I’ve got IMAP 4.2.1 working without any change in how you need to compile it. Update: tried it again and it all works, my mistake! Sorry…

On to the next item on the todo list, will keep you posted on my progress.