Nov 112014
 
15 days ago

I never realized just how bitchy and elitist Apple’s syslog was…

Because I’ve upgraded this system through 6 generations of OS X, there are some deprecated extensions that load on boot.  Syslog isn’t shy about telling you what it thinks about these…

 

Screen Shot 2014-11-11 at 9.21.42 PM

Nov 112014
 
15 days ago

My 2009 Mac Mini is in desperate need of an SSD upgrade.  Unfortunately, I have close to 1TB of data there (mostly PLEX media), so upgrading the two drives would be cost prohibitive.  I will probably pick up a 2012 MD388LL/A with i7 CPU at some point…  I hope.  The new ones are pretty much not upgradeable.

Since my website and mail server are running on Mavericks, I dare not load Yosemite on that system.  Lord only knows what would happen to PLEX.  It was just recently updated to solve a memory leak issue which pretty much crippled the machine on more than one occasion.  I even bought an APC Masterswitch in case I had to remote hard boot the server in case my mail stopped working.

I’ve replicated most of the shell configuration from the Mac Mini Server I setup at work to the one at home.  There were some pretty helpful blogs which outlined how to include command aliases in bash.  This makes it real easy to execute a multi tail of all three mail server logs.  I think It might be useful to consider customizing the log system on the new servers to make data mining easier.  Everyone is so convinced that the mail server is broken, that I am constantly providing proof of delivery from the mail log data.  It’s actually really useful when dealing with another company’s IT – especially if they’re outsourced.

multitail of Mavericks mail server

multitail of Mavericks mail server

 

I’ve got a Linux box that I’m messing around with here as well.  I think I can do port mirroring on the switch and send all mail traffic to both servers.  Maybe even a simpler configuration until the Linux box goes live.  In either event, Mavericks handling of spam messages, (assuming you want to use spamtrainer to update bayesian filter rules) leaves much to be desired.  Accounts have to be created on the system for “junkman” and “notjunkmail”.  This looks ridiculous on the login screen for starters…  Messages meant to be used for training must be redirected to the other accounts.  This is easy for experienced IMAP users, but for novices using a PC based mail client, it may be very difficult at best.

 

Nov 112014
 
15 days ago

Following many months of attempting to resolve an issue whereby incoming mail delivery was disrupted every 48 – 60 hours, I now have a functioning patch in place. Recently, I determined that the mail filter (amavis), was faulting during it’s cleanup cycle. Somehow it’s temp (working) folder is deleted, and then the process hangs. Consequently, postfix is unable to deliver mail since the filter has broken it’s connection. Thanks to monit (http://en.wikipedia.org/wiki/Monit), I was able to configure a service that verifies the temp folder status every 60 seconds, and then creates the folder with the proper user/group permissions (_amavisd:_amavisd) if it does not exist. Mail delivery is restored immediately, as the amavis process is now able to execute.

IMG_3255
The mail server has now been error free for four
days and counting!

IMG_3256

No need to watch the server logs in real-time any longer!

The amavisd version included with Mountain Lion is 2.8.0. I believe that somewhere in the modified code is an error that is triggered by a yet to be identified instruction sequence or message handling. It is certainly due to some modification I made to the server config at some point. Either way, there should be no further ‘tweaking’ required. I am now able to direct my attention back to the pure Linux mail server that will enable end users to customize their own mail filtering options. Once the configuration is tested, I can begin importing the active directory accounts, and replicating dovecot folders.

Now that I won’t have to restart the mail service – the monit solution solves the problem gracefully. Existing IMAP connections to dovecot are not disrupted, so end users are not disconnected from their mailboxes. Not only will confidence be restored, but secondary issues such as incorrect passwords entered at the mail client’s prompting will improve end user satisfaction.

 Posted by at 12:15 am
Aug 252014
 
3 months, 1 day ago
Junk

If you are running postfix/dovecot using the server app on OSX 10.8.x and want to implement the markasjunk2 plugin for roundcube, allow me to save you hours of frustration…  Here are the settings that worked for me.

Assuming you intent to use sa-learn to update the Bayesian filter when using the plugin, modify config.inc.php as follows:

Set plugin to use cmd_learn driver:$rcmail_config['markasjunk2_learning_driver'] = cmd_learn;

 

$rcmail_config['markasjunk2_learning_driver'] = cmd_learn;

Set spam option for learn driver:$rcmail_config['markasjunk2_spam_cmd'] = 'sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/sa-learn  --spam %f';

$rcmail_config['markasjunk2_spam_cmd'] = ‘sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/sa-learn  –spam %f’;

Set ham options for learn driver:

$rcmail_config['markasjunk2_ham_cmd'] = 'sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/sa-learn --ham %f';

$rcmail_config['markasjunk2_ham_cmd'] = ‘sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/sa-learn –ham %f’;

If you want to see it in action, be sure to turn on logging:$rcmail_config['markasjunk2_debug'] = true;

 

$rcmail_config['markasjunk2_debug'] = true;

In order for roundcube to call sa-learn with access permission to spamassassin database, it is necessary to update the sudoers file.

Open terminal and type:  sudo visudo

Screen Shot 2014-08-25 at 10.28.51 AM

(homebrew is so much easier on the eyes)

 

Once in the sudoers file, add the following line:

Screen Shot 2014-08-25 at 10.05.50 AM

 

 

 

_www ALL=(root) NOPASSWD:/Applications/Server.app/Contents/ServerRooy/usr/bin/sa-learn

After you have added the changes,  save your changes -   ‘:’  brings up menu and ‘w’ to write changes.  Then ‘:’  and ‘q’ to quit (I prefer nano to vim, but supposedly there is some voodoo about changing the sudoers file in an unsafe manner and you’ll shoot your eye out.. blah blah blah.

Open roundcube inbox, and mash the junk button, and see the results in the log file:

displayed at bottom of roundcube interface

 

learned some tokens!

Here are some good references (without which, I’d have never gotten this working):

 

 Posted by at 10:51 am