October 2005


31
Oct
2005

Finally had an evening to myself to continue the research in setting up a good and secure mailserver for multiple virtual domains. I’ve started by getting SASL up and running doing some proper authentication when someone wants to send mail via our mailserver. Normally one is able to do this without providing a username and password, but in this day and age of evil spammers this is not a good idea.

Authentication for SMTP access is a good thing. But not by itself, we need to encrypt the communication between the client and the server so nobody can sniff out the passwords on the internet. To do this we need to recompile postfix for TLS support. It’s a SSL lookalike for a specific transport. More on this later.

It took me some effort and some Googling to get the authentication on STMP working using the compiled SASL library. As an added bonus I got it to use the authdaemon which we configured already for the IMAP authentication. Which saves a lot of problems now we don’t have to keep multiple user administrations. It’s getting better all the time.

Next step is getting TLS working on Postfix, keep watching…

22
Oct
2005

I wanted to apologize for not posting anything in almost 2 weeks, but there haven’t been many new discoveries. I still need more time to play with my current configuration and to test the installation documentation.

I’ve gotten myself a cheap external firewire enclosure to use the extra harddisk from my PC which I don’t really use anymore. The only time I switch it on is to get some files I didn’t copy the first time around. The firewire disk is a really usefull tool when having a Mac, you can use it to backup your personal every day or store some of that data that just clogs up your system disk.

My main reason to get one is that I now can have more installations of OS X running on my computer. It’s just a matter of selecting the correct bootable drive at startup to switch my environment. It’s really usefull to get a clean install without losing all your data and still be able to test my installation procedures.

11
Oct
2005

Finally found the problem with my Postfix configuration, it had something to do with the domain tags in the ‘main.cf’ configuration file. I can now send and receive emails between several test accounts and two domain names I set up on my local Mac mini. I still have to test it in the real world but I will leave that for a later date. I can’t just remove my production server and stick my Mac mini into the network. I only have one internet connection with one ip-address so it’s going to be difficult, that step needs a lot of preparation and must include everything on the current server to be migrated to the Mac mini so I can leave it in place.

Things I still need to do is to get a more secure way of access to the mail server. I’m thinking on using SSL to access the IMAP server and to find a way to get users who are connected via the internet to send email safely without having to include their ip-address in my servers config. This should be possible in some manner which I need to research a bit more.

Another thing is that I’m going to buy an external harddisk which I can connect to my Mac mini and use it to make a test install of all the things I need to get a proper server install. When attaching a firewire disk it will be possible to boot from that and create a new installation without interfering my current installation which I use for my daily work. In this manner I can test my installation and configuration script. I’m currently writing it all down and doing a backtrack on what I did that time before it all started working ;-)

The question remaining is, shall I publish the document in advance before testing it and amend it with my findings or should I wait untill it is fully tested. Please let me know what you think or would like to see…

By the way, when I’m done it’s just going to be a document explaining how-to to create your own server. A proper ISP in a box as you might call it. I’m not going to provide install packages, you will need to compile some stuff to get it all working. I’ve made this choice because it’s otherwise going to be to dependend on all the choices you make which packages you will use for all the other components. I like having freedom of choice so I will provide it as well. I’m not going to dictate wich component you need to take, but will give options and what to do to get them working.

10
Oct
2005

Again I made some small progress in getting a fully functional IMAP based mail server running on my Mac mini. After getting Postfix compiled with MySQL support I needed to get started on the IMAP end of things.

First downloading the source code as I couldn’t find any ready made packages I could just install. You can get Courier IMAP from here and the authentication library from here. I used version 4.0.6 of the IMAP server and version 0.57 of the authlib daemon.

The authlib daemon was as easy as ./configure, make and then as root do a ‘make install’ and ‘make install-configure’ and then tweak some of the configuration files. The IMAP server took more effort. It needed some parameters during the configuration stage, I took some values on a best guess effort but I still need to find out what they do exactly. I’ve got it compiled and running with:

./configure --prefix=/usr/local --with-authpwd=YES  --without-authcram
make
make install

Now I can read my emails from the server, still needed some configuration tweaking but more on that later. Still while trying to send mail to myself the mail address gets bounced in Postfix, I need to find out why. But to end on a positive note, my mail was copied into the send mail folder on the IMAP server !

1
Oct
2005

Finally found some spare time to have a look at how to compile Postfix on my Mac mini. When looking around for information on configuring Postifx on the Mac I also bookmarked all the information regarding compiling Postfix. Most of the info I found was out of date or targeted older versions. So I had to combine and try out what still worked and what not.

By the way this is just a quick write down on the things I found out, it’s not a complete guide. I’m planning to write a step by step guide on how to compile and configure a proper Postfix mail server on your Mac mini.

Via some backdoor (can’t remember how I found it) located this article on AFP548.com. It’s for an older version of Postfix and OS X (panther) but it’s got some nice pointers on the stuff you have to do. You have to remember that I’m not an Unix guru and just have fumbled my own current Postfix installation into a working environment. This time it’s going to be a repeatable effort and I’m looking for all the info I can get.

I’m including PCRE into the Postfix build as well as it’s faster than regexp for contect filtering. I’m not sure if I’m going to use this but it was quite easy to do. It was as simple as downloading the source from http://www.pcre.org/, extracting, running ./configure, make and make install. Done.

Installing SASL was a bit more complex because of the compiler errors I got when trying to compile the latest release. But to cut a long story short, I got it compiled when using version 2.1.18 of the source. I’ve still got to find out which is the latest version that compiles without a problem.

Compiling Postfix was also not nuch of a problem. Just getting the latest version of the source (2.2.5 in this case) and getting the first make command working with the options needed. We wanted MySQL support (what all this effort was about) and include PCRE ad SASL. So you end up with a command looking like:

make -f Makefile.init makefiles \
CCARGS='-DUSE_SASL_AUTH -I/usr/local/include/sasl \
-DHAS_MYSQL -I/Library/Mysql/include/mysql'  \
AUXLIBS='-L/usr/lib -lldap -L/usr/lib -llber -L/usr/lib -lsasl2 \
-L/Library/MySQL/lib/mysql -lmysqlclient -lz -lm'

I’m using the Server Logistics package for MySQL (as told here), if you are sing a package from a different source your path to the mysql.h file might be different. Please check it before compiling.

If the above make command worked for you then issue it, followed by a make and make update command and everything should be up to date and installed. To check if we got MySQL tables in this version run the following command and look for MySQL in the output:

# postconf -m
btree
cidr
environ
hash
mysql
pcre
proxy
regexp
static
unix

Next step is the IMAP server and configuration but that is for another time, now I’m happy I got this done. Just taking one step at a time.