September 2006


Finally the moment was there, I’ve made the decision. I raided the donations pot and picked up my first Intel Core Duo Mac mini. The last update to the mini series, making all models Dual Core and increasing the processor speed made the Dual Core wish I had even more affordable. I had estimated to need a budget of over 800 euro, but the update made the price for a Core Duo drop to 620 euro.

I would like to thank everyone once again for all their donations, without your help this wasn’t possible. You really make all the effort I’ve put in it worthwhile and I hope that I can keep giving you what you are looking for.


Having learned the hard way what it means to have a security leak in your system I went out to find tips on how to secure my SSH access a bit better. I had some good tips from readers, thank you who did, and found some good ones on the internet.

Securing SSH, I found out, is actually not that hard. There is a configuration file /etc/sshd_config which when tweaked can help a lot ! (more…)


Finally got a spare moment to sit behind my dear Mac to write to you about the last security update. I’ve installed it right after I noticed the bouncing software update icon on the server and all is still running as expected. The updates are mostly for possible attacks on your Airport cards. I use Airport extensively and therefore needed the update. Read more about the update here.


My apologies if you encountered any problems because the site was off-line. It’s because I was stupid enough not to use a more secretive password with characters, digits and use upper- and lowercase, I just had an easy common word which was easy to remember for me. I noticed for some time now someone trying to use SSH to gain access to my computer but never thought it to be harmful. I seen it at other sites as well. Until yesterday, they had guessed correctly ! Someone got access to my computer via SSH using my root account and installed a simple PHP script that started to send out a massive mailing (I haven’t counted them) with the postcard virus.

I was very lucky to discover it very quickly because I was fiddling with my new spam filter when I noticed that my logfile was filling up rather quickly with strange messages to email addresses I never used before. First I thought some of my others users was doing this but it kept on going so I stopped Postfix and started investigating.

I quickly found out what was going on. Cleaned the postfix queues, which where huge, and restarted Postfix. Scanned the drive for all files changed after 17:00 and located the script and removed it. Now I’ve changed all passwords, checked all user accounts and closed down SSH access until I can find a better, more secure way, of accessing this machine remotely from the outside.

Because of the spam being send out, my ISP got notified about it and blocked my internet access today without me knowing it. Which is a good case if you are on the receiving end of spam, but I solved the problem and didn’t know about it. Next time, I hope never, I will email my ISP that I solved the issue so they don’t need to block me again. I do wish that other providers would block their users if they send out spam, there would be a lot less spam.

Again my apologies for being off-line and even more if you received any of the spam being send out from my computer.


I dropped the test setup of Spammassassin on my production server to accommodate a setup of DSPAM. There is no scientific proof that either one is better, at least I couldn’t find it.

One of the major reasons to switch for me was the web interface that comes with DSPAM. With that you can enable users to train their spam filter, check the quarantined messages, identify the false positives (messages tagged spam and that aren’t) and correct them. One other, not so important, reason is that I found. When researching spam filters I read that spammers adapt their strategies to the counter measures spam filters develop. But they adapt only to the most used spam filters. It’s like virus-writers targeting Windows users. At least that is the theory.

I’ve got DSPAM running for two days now, with some hurdles, it’s not running in it’s complete and proper form but it is working. I’ve started with a blank corpus and started training from the beginning and I’m already getting good results. I even opened up my Postfix configuration to be less strict so I receive more spam then normal. What I was unable to achieve with my Spamassassin setup, filter the image spam, is working now with DSPAM. After training DSPAM with three image spam messages it currently blocks them, which is a sign of more promising results in the future.

I will write proper documentation on how to set it up, but before I do that I need to get a proper bullet proof working setup with the web-based administration (which I haven’t looked at yet). If you want to know what I’ve done to get my current setup please read my entries in the forum. Please be careful and only try to do this if you know what you are doing. I don’t understand all the finer details yet, but I’m learning as we go along. I’ll keep you posted on any progress.


I used yesterday to recompile Postfix, Courier-Auth, Apache and PHP with the 5.0.24a MySQL libraries. I just used my own instructions to compile everything.

I first did Postfix and Courier-auth as they would cause the least problems when it would go wrong. My backup mailserver would still receuve all mail and forward it to me when the mailserver is back online. It all went without a hitch, just did a restart of the programs and all was running as expected.

Apache posed an issue, how to compile and install, followed by compiling PHP without disturbing all the people looking at my sites. In the end it was simple. Compile and install Apache2, don’t restart Apache so the old version keeps running but the new software is available on disk. Then compile and install PHP using the new Apache installation files and when that is done restart Apache and all would be fine. Well that’s what I thought…

There was a small error in the modules that I included in the httpd.conf. Some of them, all concerning authentication, where rewritten and given different names. I was still trying to load the old ones as I didn’t update my httpd.conf to reflect these changes. So Apache2 wouldn’t start. I just commented out the old modules and added the new ones in my httpd.conf and presto, Apache 2.2.3 and PHP 5.1.6 are now running on my server, together with Postfix 2.2.3.

They’ve been running for almost a day now and I haven’t gotten any complaints yet.

If you are still running “ISP in a box” version 1 and want to upgrade but are still a bit afraid on how to do this let me know and I’ll help out.

Just found out there was an error, got a call on the phone from some of my friends that they couldn’t email anymore. When checking the logfiles I foud out I forgot a step after compiling and installing Courier auth:

sudo chmod o+x /usr/local/var/spool/authdaemon

In the logfile there was the error:

SASL authentication failure: cannot connect to Courier
      authdaemond: Permission denied

Which means I didn’t follow my own instructions !


My server was, and still is partially, running the v1 version of the documentation which means that MySQL, Apache and PHP where still the old versions provided by Server Logistics. The MySQL server was still running version 4.0.21 which is ancient and needed an upgrade. But it is a tricky task to perform. Upgrading software on my development server is easy and if it doesn’t work there is no big problem. Upgrading my live server is another thing. Besides my own sites I host some other sites for friends and although none of the sites can’t afford downtime it’s not something I was looking forward to.

So I needed to be prepared. I made a copy of my production servers harddisk to an external drive and used that image to boot my test mini. In this manner I had an exact copy of my live server on my internal network. In this manner I could play around without damaging anything.

The procedure I ended up with has caused a short downtime but you can’t do without as you need to shutdown the old server and start the new. It means several seconds of downtime which shouldn’t be much of a problem. I think nobody really noticed that my site was down for some seconds.

Here is how I did it:

  • Download the appropriate binary package for your Mac and the source code from
  • Use the binary installer and install MySQL 5.0.24a
  • Use my documentation to install the source code package. This is required to get the required shared libraries to compile other programs which need them.
  • Delete the MySQL startup item from /Library/StartupItems using the command sudo rm -rf /Library/StartupItems/MySQL
  • Delete the Server Logistics MySQL preference pane from /System/Library/PreferencePane using the command sudo rm -rf /System/Library/PreferencePane/MySQL.prefPane
  • Install the MySQL startup item from the binary installation package
  • Install the MySQL Preference pane from the binary installation package by double clicking on it.
  • Copy the fresh MySQL data directory for safekeeping using the command sudo mv /usr/local/mysql/data /usr/local/mysql/
  • Copy the databases from the old server to the new by using the command: sudo cp -R /Library/MySQL/var /usr/local/mysql/data
  • Change the ownership of the data directory to set the correct permissions by using the command: sudo chown -R mysql /usr/local/mysql/data
  • Shutdown the old MySQL server, this can be done using the Preference Pane or issue the command mysqladmin shutdown -p followed by your MySQL password
  • Start the new server by issuing the command: sudo /usr/local/mysql/bin/mysqld_safe &. It should respond with: Starting mysqld daemon with databases from /usr/local/mysql/data
  • Next fix some issues with the MySQL passwords which have changed since version 4.1. You can do this by running the command: sudo /usr/local/mysql/bin/mysql_fix_privilege_tables --password=yourpassword
  • That’s it, you are running MySQL 5.0.24a. Congratulations.

Note: Depending on the speed at which information is inserted or updated in your database you can choose to bring down the old version of the database before copying it. This would mean that your site is down for a longer period but would guarantee that all the information is copied. I’ve chosen to copy the data first as my information isn’t updated that frequently.

Next I’m going to recompile all the mailserver components to use the new MySQL libraries. They all still work but you can better be safe than sorry. After that I’m going to upgrade Apache and PHP.


There was always a bug in PostfixAdmin 2.1.0 that prevented the creation of a mailbox when you created a new email address because PostfixAdmin send the incorrect commands to the Postfix mailserver. It was a small error and was also noted at the forum and bugtracker at the PostfixAdmin site. The error was that the smtp_mail function was sending an ‘EHLO’ command instead of the required ‘HELO’ command. I had the change of the function documented in the install notes.

But in the ongoing endeavor to stop spammers in sending emails to us the Postfix developers set stricter rules on their server communications. One of them being the stricter rules on sending multiple commands to the mailserver without listening for an answer from the mailserver after each command, which is typical for spam software. However this was also what PostfixAdmin was doing, sending all these commands to send an email to the newly created mail address without listening properly to the answers Postfix was sending.

The bug is fixed in PostfixAdmin CVS and is, as far as I can tell, scheduled to be released in the 2.1.1 release. But we encounter the bug now, I get remarks from people who are installing PostfixAdmin on top of Postfix 2.2.0 or later.

To help myself and them I copied some of the code that would solve the problem from CVS and put it into the current 2.1.0 source of PostfixAdmin. It solves the problem of Postfix rejecting emails being send from PostfixAdmin with the error:

Data command rejected: Improper use of SMTP command pipelining.

The error is solved by changing the ‘smtp_mail’ function to listen for answers send by the Postfix server in the ‘’ source file.

To help you out you can download the edited ‘’ from here. To see what I’ve changed look at the forum entry describing the error.

I didn’t create the fix, I just copied some of the code that was available in CVS and back ported it to the current stable 2.1.0 version.


I need your help in a creative process. I’m tired of all these remarks and emails in which people are telling me that “ISP in a box” is not a proper description. An ISP provides people the actual internet access which I don’t. I just explain people how to build a proper web and mailserver on which they can multiple domains for friends or family. Although I’ve got some small design/hosting firms which use this setup as well for hosting their client sites and email addresses.

I knew when I started this that the title wasn’t 100% correct, but when I started this documentation process Ward Mundy gained a lot of attention with his blog where he launched his ISP in a box series which basically did the same as I’m doing but in a more simplistic manner. Without giving it too much thought I copied the title for my own use.

I’ve decided to change the naming of the documentation series. Even though this might cause some confusion and it will change some of the URL’s in the future I’m willing to give it a try. But I’ve been struggling for some time to come up with a better title that covers all the topics discussed and properly addresses the audience. The series is targeted at Mac users, even though I’ve found out that people using a different OS have found some of the documents very useful it is still only targeted at Mac users.

So a title like “webhosting in a box” just doesn’t do it for me. It’s missing the mailserver component and does not define the target audience. I kind of like “DIY hosting” as it is a Do It Yourself exercise but it misses the Mac audience. Calling it “DIY hosting on a Mac” just doesn’t have that same ring to it.

Or should I just drop the effort to find a name/title that covers what I’m doing and use a name that doesn’t mean a thing and is possibly hard to pronounce but has a great logo to go with it ;-)