Friday, October 30, 2009

Greylisting in Snow Leopard Server, or not

Apple's OS X Snow Leopard Server 10.6 implements Greylisting, an anti-spam technique based on forcing sending SMTP servers to "slow down" before they can deliver. This is great for reducing spam, but it also has the perhaps undesired effect of causing delivery delays. Sometimes really, really loooong delivery delays.

In SLS, when you enable anti-spam in your Mail server (which is postfix), greylisting is automatically enabled. Because there are no readily available manuals on how to use this feature, from Apple, you may want to turn it off. Note that I'm skittish about changing config files like in a normal Unix server in an Apple server, because Apple is known to simply change vast portions of their server products without much notice. It's possible that you'd spend time implementing, and they change the way it has to be done so you have to redo it. Anyway, here's how to disable:

How to Disable Greylisting in Snow Leopard Server

Of course, as implied above, you can stop Greylisting by turning off spam filtering altogether. However, to be more specific and just disable Greylisting, do the following:

  1. From Terminal on the server (ssh'ed in or direct), do "sudo bash" to login as root. Then use nano to edit /etc/postfix/main.cf
  2. Remove the "check_policy_service unix:private/policy" string from the line that starts with "smtpd_recipient_restrictions" near the bottom of the file. Save, and exit nano.
  3. Issue a "postfix reload" to reload the configuration.
  4. Use the "exit" command to quit the sudo bash root shell.

I'm a little miffed that Apple would enable this by default and not implement any easy way to edit the greylists or whitelists. At any rate, you can read a couple articles on greylisting, or just wait for Apple. Time however, waits for no man. :-)

Textmate Regular Expression Search and Replace

I use and love the text editor Textmate, which has some powerful functions. One thing that it can help with is quickly editing text files, and for example today I used it for searching lines in a mail system's "aliases" file. I wanted to remove 50-odd lines with the word owner in them, so I used the Find command with Regular Expression checked.

The search string is:

^.*owner.*$

If you enter that string which means to find the lines with owner in them, check "Regular Expression," and leave a blank in the Replace box, Textmate will blank out the lines for you. Convenient!

Monday, October 19, 2009

Rick's Picks (weekly)

  • Corrupt Apple Leopard Server Open Directory Services Thu, Oct 15 2009 22:24 | LDAP, Open Directory, tips, software, Troubleshooting, apple | Permalink I had a Leopard Server crash and burn so that nothing was responding, and when I forced the server to reboot (as well as rebooting a bunch of other ancillary servers and services just in case), I found an ominous sign in Server Admin, along with no user accounts in Workgroup Manager. Eek! Server Admin's Open Directory showed:

    tags: open, directory, apple, leopard, server, recover, crash


Posted from Diigo. The rest of my favorite links are here.

Thursday, October 15, 2009

Corrupt Apple Leopard Server Open Directory Services

I had a Leopard Server crash and burn so that nothing was responding, and when I forced the server to reboot (as well as rebooting a bunch of other ancillary servers and services just in case), I found an ominous sign in Server Admin, along with no user accounts in Workgroup Manager. Eek! Server Admin's Open Directory showed:

LDAP Server is: stopped

Password Server is: running

Kerberos is: stopped

Not good. Never fear, though.

How to Fix a Corrupted Open Directory

First, don't panic. Apple's forums show you can use "

slapd -Tt
" to check the configuration.

myhost:~ administrator$ sudo bash

Password: ********

bash-3.2# /usr/libexec/slapd -Tt

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

bdb(dc=myhost,dc=mydomain,dc=com): PANIC: fatal region error detected; run recovery

bdb_db_open: Database cannot be opened, err -30978. Restore from backup!

bdb(dc=myhost,dc=mydomain,dc=com): DB_ENV->lock_id_free interface requires /

an environment configured for the locking subsystem

backend_startup_one: bi_db_open failed! (-30978)

slap_startup failed (test would succeed using the -u switch)

The "run recovery" here means to run the

db_recover
command (a.k.a.
slapd_db_recover
on other *nix LDAPs). Use the -v switch to make the result verbose.

bash-3.2# db_recover-v -h /var/db/openldap/openldap-

openldap-data/ openldap-slurp/

bash-3.2# db_recover -v -h /var/db/openldap/openldap-data/

db_recover: Finding last valid log LSN: file: 6 offset 4190936

db_recover: Recovery starting from [6][4190795]

db_recover: Recovery complete at Thu Oct 15 21:57:41 2009

db_recover: Maximum transaction ID 80000225 Recovery checkpoint [6][4190936]

Ah, that looked nice. Then run

slapd -Tt
again to test, and if all is well, exit out of the sudo'ed bash shell.

bash-3.2# /usr/libexec/slapd -Tt

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

overlay_config(): warning, overlay "dynid" already in list

config file testing succeeded

bash-3.2# exit

myhost:~ administrator$

After a few minutes

launchd
should kickstart the Open Directory services again so that you see:

LDAP Server is: running

Password Server is: running

Kerberos is: running

A couple of tests shows I once again have Wiki Server, iCal Server, Jabber Chat etc, all the Open Directory and Kerberos-based services back on line. Breathe a sigh of relief if this helped you and let me know in the comments!