After more then 3 years there is a new release of Postfixadmin, the webbased tool to allow you to maintain your postfix mailserver installation. It assist in the creation of mail adresses and aliases.

New is the all in one interface where the super user and the domain admin will work. In the 2.1.0 there was a subdirectory called admin which needed to be secured extra. It is now an all in one interface.

The new version still has the same problem as the old one in sending the SMTP commands to fast which will result in the error:

BD5DAF029E: reject: DATA from localhost[127.0.0.1]: 503 5.5.0 : Data command rejected: Improper use of SMTP command pipelining; from= to= proto=ESMTP helo=

This will easily be solved by again editing the ‘functions.inc.php‘. Open the file and find the function ‘smtp_mail‘. Change the following code:

fputs ($fh, "EHLO $smtp_server\r\n");
$res = smtp_get_response($fh);
fputs ($fh, "MAIL FROM:<$from>\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “RCPT TO:<$to>\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “DATA\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “$data\r\n.\r\n”);
$res = smtp_get_response($fh);
fputs ($fh, “QUIT\r\n”);
$res = smtp_get_response($fh);
fclose ($fh);

into

fputs ($fh, "EHLO $smtp_server\r\n");
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, "MAIL FROM:<$from>\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “RCPT TO:<$to>\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “DATA\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “$data\r\n.\r\n”);
$res = smtp_get_response($fh);
usleep(10000);
fputs ($fh, “QUIT\r\n”);
$res = smtp_get_response($fh);
fclose ($fh);

Full instructions on how to upgrade your current 2.1.0 installation to 2.2.0 can be found here: Upgrading Postfix Admin 2.1.0 to 2.2.0

In the continuing endeavour of improving the quality of his software Sam Varshavchik has released an upgrade to the Courrier-auth daemon. This release has the following changes:

• Cleaned up authmysql module — allow punctuation in userids and passwords
• Dropped the unmaintained authvchkpw module

If you want to upgrade your installation please read my upgrade instructions for Courier-auth.

I got an email from the PHP announcement list that version 5.2.6 is released. I have tested it today on Tiger and Leopard and I can tell you everything works as far as I can tell.

Security Enhancements in PHP 5.2.6:

• Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
• Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
• Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
• Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
• Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
• Upgraded bundled PCRE to version 7.6

For all the changes in 5.2.6 read the ChangeLog.

I know, I should have know better and I should have upgraded my blog as I was supposed to do as advised by Matt. But I was busy working on this new design which I was doing on a new install of Wordpress 2.5 with a copy of the database as my site got hacked yesterday. The whole database was corrupted, pages and comments disappeared. While I was trying to restore a backup as soon as possible I made things even worse than they already where.

To keep it short, I just made my test environment where I was developing the new design of the site the current live site. It was the easiest thing to do and I only lost some posts and comments by that. Which I still will try to retrieve in some manner when possible. The design isn’t finished, it still needs some tweaks. I just received an email from the designer with a large list of items I need to change. Tanja, I’m sorry I will do them as quickly as possible.

Hope you like the new design even if it isn’t completely finished yet.

The developers at Roundcube finally decided to release version 0.1 as a stable release. I’ve been using the release candidates without problems for many months. A new thing I discovered is the installer pages which help you to setup your PHP and Apache settings to make it work correctly. Another new thing is the inclusion of TinyMCE to allow you to create HTML mail.

If you want to you can download the new version and start installing/upgrading. Download it from here.

Postfix 2.5.1 had been released for a few weeks but I just got around to test it on both Tiger and Leopard. Both OS X version do not cause any problems. I did found out one error in the previous blogpost on the Leopard install instructions concerning the SASL include path which might have also caused the issues with 2.5.0. I’ve updated that post to reflect the changes. It will compile on Tiger without any changes.

The bugfixes introduced in 2.5.1 are:

• The Postfix 2.5 “postfix upgrade-configuration” command now works even with Postfix 2.4 or earlier versions of the postfix command, instead of producing a main.cf file with an empty “data_directory” parameter value.
• When installing Postfix 2.5.0 without upgrading from an existing master.cf file, the new master.cf file had an incorrect process limit for the proxywrite service. This service is used only by the obscure “smtp_sasl_auth_cache_name” and “lmtp_sasl_auth_cache_name” configuration parameters.
• Someone needed multi-line support for header/body Milter replies.
• The LDAP client’s TLS support was broken in several ways.

There are more and more problems being reported by people trying to use postfix 2.5.0. I haven’t gotten it to work myself as well. The error occurs during linking you will see a message related to “_sasl_set_path”.

Please use 2.4.7 as a stable version that works.

Update: It looks like on Leopard you don’t need to install SASL, somehow the default installed version does work. To use that you also need to adjust the makefile creation.

make -f Makefile.init makefiles \
CFLAGS='-arch i386 -isysroot /Developer/SDKs/MacOSX10.4u.sdk' \
CCARGS='-DUSE_TLS -DUSE_SASL_AUTH -DUSE_CYRUS_SASL \
-I/usr/local/include/sasl \
-DHAS_PCRE -I/usr/local/include \
-DHAS_SSL -I/usr/include/openssl \
-DHAS_MYSQL -I/usr/local/mysql/include/mysql' \
AUXLIBS='-L/usr/lib -lldap -lsasl2 -L/usr/lib -llber -L/usr/local/lib \
-L/usr/local/lib -lpcre \
-lssl -L/usr/local/mysql/lib/mysql \
-lmysqlclient -lz -lm'

There are still other people testing this, if you can test this as well please let me know the outcome.

Apache just released version 2.2.8 of it’s webserver. It’s mostly just a security fix release. When using it on Tiger there isn’t any issue with compiling and installing it as described in the documentation. On Leopard it’s another issue (or there is still the same issue). The bug we found in the apr configuration with the APR_HAS_SENDFILE option is now solved. You can compile it out of the box. The problem with mod_ssl still stands and needs to be solved. This time even copying the original mod_ssl module which worked with 2.2.6 doesn’t help anymore. If anyone has any ideas how to solve this problem I and many others would be very gratefull for that!

No we didn’t miss a few versions, this is the first new release after 5.0.45. By the way this is a bug fix release and it is in source format only. This means that you definitely need to compile your version if you are affected by the bugs that are fixed. If you don’t have any problems or concerns don’t upgrade.

Check the bug fixes that are listed on the release notes and check if you are affected in any way.

I’ve compiled this version and did some simple tests on Leopard and Tiger and both can be compiled and installed using the instructions in the documentation set without problems.

It’s not been that long ago but Sam Varshavchik has done it again and updated Courier IMAP. Some of the fixes include:

• Added support for GnuTLS as an alternative to OpenSSL.
• Fix certain courier-authlib misconfigurations from being reported as false clock skew errors.
• Remove the \Draft flag from messages that are automatically moved to Trash after expunge, to have clients treat them as ordinary messages, if pulled from Trash.

I’ve downloaded, compiled and tested it and found no issues on my test server.