• Uncategorized

    Security Update 2008-002 and Mail Services on OS X Server 10.4.11 [by celiawessen]

    Below is an excerpt from the Apple Discussion boards from a post by pterobyte (aka Alex) of osx.topicdesk.com.


    A word of caution before applying Security Update 2008-002 to OS X Server 10.4.11:

    According to this document:
    the security update updates ClamAV to 0.92.1. Which is fine.
    What the document, doesn’t tell is that spamassassin, amavisd and what is worse, configuration files, get overwritten in the process as well (without software actually being updated).

    This has some side effects which unfortunately vary from system to system and configuration to configuration.

    If you never updated ClamAV, spamassassin or amavisd manually check that:
    -/etc/mail/spamassassin/local.cf, /etc/mail/spamassassin/init.pre and /etc/amavisd.conf didn’t get overwritten thus loosing your personalised settings (if any)
    -/etc/spam/clamav/clamd.conf and /etc/spam/clamav/freshclam.conf didn’t get overwritten thus loosing your personalised settings (if any)

    If you have manually updated spamassassin or amavisd check that:
    -/etc/mail/spamassassin/local.cf, /etc/mail/spamassassin/init.pre and /etc/amavisd.conf didn’t get overwritten thus loosing your personalised settings AND causing issues with your current versions.
    -/usr/bin/amavisd didn’t get overwritten. If it did re-install amavisd as you did the first time
    -/usr/bin/spamassassin didn’t get overwritten. If it did re-install spamassassin as you did the first time


  • Uncategorized

    Japanese on Mac OS X Server 10.4.x and SquirrelMail 1.4.5

    I’ve upgraded a 10.3.9 Server to 10.4.7 today. This of course upgraded SquirrelMail to 1.4.5 and PHP to 4.4.1. As explained before, this combination causes moji-bake in Japanese.

    Unfortunately, replacing libphp4.so with the 4.3.11 version like before will not do. Because MySQL was also upgraded to 5.x. To use a MySQL 5.x database, PHP’s MySQL API needs to be 4.1 or higher. In PHP 4.3.11 the API is version 3.23. If you run MySQL on the same machine, the option to swap libphp4.so is out of the question.

    Now, applying the Japanese patch will fix Subject and Body moji-bake within SM, but will cause the subject to be encoded in EUC and the body to be encoded in ISO-2022-jp. That means, with mail client software other than SM, you’ll either have a Subject moji-bake or body moji-bake depending on your decoding scheme.

    To fix this, you’ll have to tell SM to encode the Subject line in a different manner (ISO-2022-jp) instead of what the HTML header is telling it to (EUC-JP). To do this, you’ll need to edit/usr/share/squirrelmail/class/deliver/Deliver.class.php.


    $header[] = 'Subject: '.encodeHeader($rfc822_header->subject) . $rn;

    and comment it out.

    Right under it, add:

    $header[] = 'Subject: '.mb_convert_encoding($rfc822_header->subject,"ISO-2022-jp") . $rn;

    This forces SM to try to use ISO-2022-jp as the encoding method for the subject line. This may or may not happen, but what will happen is that the subject line will not be encoded in EUC-JP and will be encoded with the same encoding method as the Body of the message.

    — UPDATE —

    This is still the case with SquirrelMail all the way up to 1.4.16.

  • Uncategorized

    Using Port 587 to circumvent OP25B

    Excerpt from: http://mac007.com/?Tips:Alternate_SMTP_Ports

    Add this code to /etc/postfix/master.cf

    smtp      inet  n       -       n       -       -       smtpd

    # Code to enable two common alternate SMTP Submission ports
    # Modify the -o options to suit your requirements
    # Option lines should start with one or more spaces
    # Don't forget to open firewall ports for outside access
    # Enable SMTP-TLS on port 587 with specified options
    587    inet  n       -       n       -       -       smtpd
    -o smtpd_client_restrictions=
    -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
    -o content_filter=

    Don’t forget to open port 587 on the Firewall of the receiving server!

  • Uncategorized

    Make Your SpamAssassin Smarter

    Mail Service:: Make Your SpamAssassin Smarter
    Beginning with Mac OS X Server v.10.4.x, Apple has decided to bundle the Amavis/ClamAV/SpamAssassin combo with the Postfix/Cyrus mail server. It is built well, but implementation is a bit shoddy. Even the PDF manuals that come with the Server software alludes to there being more to the whole spam filtering scheme.

    The key to fighting against spam is to train your spam filter. With SpamAssassin, you'll need to build up a database for its bayes filtering system. You'll need to fill this database with spam (bad mail) and ham (good mail).

    If you are a server admin, making two e-mail accounts junkmail and notjunkmail is fairly easy. But making those two mailboxes available to other users by setting up ACLs, and monitoring those mailboxes everyday becomes tedious.

    For setting up the ACLs, you could learn how to use cyradm commands. Or you could download SirAdmin and have a nice graphical interface. SirAdmin comes with a how-to file on how to set up the cyrus admin account and usage is pretty straight forward.

    For monitoring, processing, and cleaning the two mailboxes, you'll need to set up a cron job that runs SpamAssassin's sa_learn script, then a cyrus script that will purge the two Inboxes. This is quite “mendokusai“. So in comes Spamtrainer, a set of shell scripts that will check your setup, install itself, and run all the aforementioned script at a designated time.