February 2012

Dovecot updated to 2.1.1

Things went very quickly this week as I indicated in my earlier post. I was still working on version 2.1.0 when we got another update to solve some of the bugs that where found. To read al about the changes in 2.1.0 please read the release notes. The changes in 2.1.1 were minor but read the notes for that here.

I’ve got it running on my machines and I’m very happy with it.

The only change that might affect your installation in the upgrade to 2.1.x is that Dovecot lost the case sensitivity for its usernames. If you want to re-enable that please set auth_username_format= (i.e. to empty).

And as an extra here are the upgrade instructions for Dovecot!

Too much at once

I feel the need to ask for patience as this week we got bombarders by a lot of updates. Dovecot did a major upgrade to 2.1, Apache released a major upgrade to 2.4, postfix released 2.9.1 a small bugfix and MySQL released 5.5.21.

I need to compile, test and adjust everything where necessary and as you might understand with major upgrade there is more going on then just a compile, run and test. There are new configuration options to be evaluated and older ones deprecated that might need a new one or a workaround for lost functionality.

So I’m working on it but it take a bit longer then usual…

Dovecot updated to 2.0.18

Timo released a new version of Dovecot, I’ve installed it on my test servers and production server without a problem. No security issues solved, upgrade at your own leisure. The noticeable changes are:

  • DIGEST-MD5 authentication supports authorization id now. Patch by Yubao Liu
  • Added instance_name setting which is used to prefix Dovecot processes in ps output.
  • LDA/LMTP: Sending a large mail via submission_host or via LMTP proxy may have caused a hang.
  • Fixed dbox + mail_attachment_dir + zlib problems.
  • Login processes weren’t logging all intended messages with auth_verbose=yes
  • IMAP: THREAD REFS sometimes returned invalid (0) nodes.
  • IMAP: CONTEXT search return option wasn’t handled at all.
  • dbox: Various error handling fixes.
  • snarf plugin: Keep the mailbox locked during snarfing to avoid duplicates.

Tips on running a good email server

We all know 37signals for their products like Basecamp, Highrise and others but also their advise on building web apps and running a company like ReWork.

They are very public on how they do things and they have published a blogpost on how they run their mail servers. It’s a very good read with lots of tips and links to services and solutions that if you run your own mail server are very useful. Things like having reverse DNS entries (a must), domain keys and more are explained. Follow their advice if you want your mail server to actually deliver most of it’s email.

Mac OS X Update 10.7.3 and Security Update 2012-001

Apple released an update to Lion bringing it to version 10.7.3 and introduced a security update to Snow Leopard. If you followed the latest set of instructions where everything was located in /usr/local then these updates wouldn’t have affected you. However for all the people who are still on the original setup you will have been impacted as this security update installs and overwrites PHP and Postfix. The solution to this is still the same go into the source directory of the last installed version and run a “sudo make install” for PHP and Postfix, restart Apache and Postfix and everything is back in order again. You might also need to comment out the line:

inet_interfaces = localhost

from “/etc/postfix/main.cf

Try to migrate as soon as possible to the new setup to save you from future problems with the next security update.

The funny thing is that when you read the content of the security update details you will see that if you followed our update strategy you will use more recent stuff for your web and mail server then is included in this update. Example: After the update you will have Apache 2.2.21 while we are on 2.2.22 and the buid in PHP will be updated to 5.3.8 while we are on 5.3.10. This proves my point that you are better of doing this kind of stuff yourself without waiting for Apple or someone else to provide you with the updates.

Here you don’t even need me, I only help in the testing and eventual problem fixing if something goes wrong…

Next Page »