I spent many hours with some very nice people at TWC tech support, like Jan, but what eventually fixed the problem was changing the fixed IP I was assigned to another fixed IP.

Long and short is everything, mail, web, etc. seems to be back up and running.

Related posts:

1. I’ve been having problems with Airport Base Stations recently. I...
2. Customer Service I have to give great kudos to Wendy of the...

Related posts brought to you by Yet Another Related Posts Plugin.

After a bit of googling, I found fail2ban. It’s a collection of python scripts.

> Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

There are a few tricks I’ve discovered along the way to make it work on my installation and likely on Mac OS X Server in general.

First is that fail2ban creates a PID and socket file in a directory that it fails to create. Yeah, that’s a bug. Since I didn’t want to mess around with the actual scripts in the program, I created a plist that issues the mkdir /var/run/fail2ban command. I placed this in /System/Library/LaunchDaemons and set it to Run at Load. Lingon is your friend, but’s now inactive.

After creating the file you have to use the command line to move it to the /System/Library/LaunchDaemons directory. I also created another launchd plist to reload fail2ban every day. I did this because I run multiple virtual websites and the error logs for those sites get rotated and the names have some time code or something tacked on the end of the filename.

OK, problem 1 solved. Next I discovered that since fail2ban is really running on a multitude of linux boxes all the different methods of IP tracking, sorting etc. were really useless on my OS X Server. I run ipfw firewall and fortunately there’s a module for that in fail2ban. Unfortunately it’s not quite set up correctly, at least it wasn’t for me. I had to tweak it a bit.

What this means is that your action is always going to be ipfw. I tweaked the ipfw.conf file a bit. Now it does the following.

1. Logs it’s action to ipfw.log
2. Adds a rulenum to the ipfw command. I did this because some other rule in my setup was allowing the IP before my deny could take effect. By lowering the rulenum my deny now fires off first.
3. Abstracted the protocol (tcp, udp) to pass as a variable. Just in case something you want to block isn’t tcp.

I also created another filter as I found many times some machine would excessively hit my Apache server looking for nonexistent files. Since it sounds like something a bot would do I decided to ban it. This was the simple creation of a new filter.

I created a jail.local file to hold all my prefs and through trial and error discovered that the examples of how to call for a jail weren’t working for me. Perhaps I just didn’t understand the examples. I soon discovered that parameters for the jail action needed to be passed inside of square brackets in the prefs.

I’m sure, if you’ve gotten this far that you’re either very confused by this whole post or that you’ve had an epiphany. To further the epiphany along I’ve uploaded my file changes.

You should be able to figure out what file goes where from the folder structure of the upload.

A couple of things in summary to remember. First, turn on your server’s firewall. Then make sure you change your server’s local IP address in the files to match your own. That’s the setting for localhost.

Good luck. If you have any questions leave a comment.

Related posts:

1. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...
2. Forwarding Email in Leopard Server OK, to put it mildly the Workgroup Manager and Email...
3. Leopard Server DHCP-NAT Well, I’m finally getting most of the initial stuff for...

Related posts brought to you by Yet Another Related Posts Plugin.

After a little Googling I found Amavisd critical settings and I think the $final_bad_header_destiny is the key. The default setting is set to D_PASS. I’ve changed mine to D_REJECT now I’ll see what the logs say and see how much non-spam gets caught. Obviously, if enough good stuff doesn’t get through then I’ll have to think of something else.

But the obvoious question remains, Why doesn’t SpamAssassin score these messages?

Related posts:

1. Running SpamAssassin locally While I haven’t yet gotten an iPhone I’m making preparations....
2. Unforeseen Circumstances Due to unforeseen circumstances I accidentally trashed my server installation....
3. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...

Related posts brought to you by Yet Another Related Posts Plugin.

Here’s the problem. My wife and I both have iPhone’s. I’d like to see one of her calendar’s on my iPhone and I want here to see one of mine on her iPhone. On our respective computers these calendars show up in iCal as Delegates. That’s how there’re suppose to show up. The problem is that only local calendars and subscribed calendars are listed in iTunes for syncing to the iPhone.

After a bit of googling, the answer appeared in the Apple Discussions Board. If I do a get info on the Delegate calendar and copy the CalDAV URL I can then subscribe to this URL, the calendar will show up in my Subscriptions list. I can then sync it to the iPhone. It is perhaps the simplest workaround that I’ve found. Your user must log out and log back in for iTunes to see the newly subscribed calendar.

However, it’s still a kludge and I await the day Apple fixes iTunes to allow for syncing any viewable calendar iCal to your iPhone.

Related posts:

1. Leopard Server DHCP-NAT Well, I’m finally getting most of the initial stuff for...
2. iCal - Exchange Time Zone Fix - Chapter 3 I’ve updated the iCal-Invite-Fix script again. This time to allow...
3. iPhone 2.0.2 I don’t know what Apple fixed in the 2.0.2 software...

Related posts brought to you by Yet Another Related Posts Plugin.

I’d love to be able to deploy push email and push calendar to my users.

Related posts:

1. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...
2. Forwarding Email in Leopard Server OK, to put it mildly the Workgroup Manager and Email...

Related posts brought to you by Yet Another Related Posts Plugin.

Here’s what to do.

In Server Admin > Mail > Settings > Advanced > Hosting the following items are needed.

1. Obviously, in the lower panel Virtual Domain Hosting needs to be checked and the domains entered.

2. In the upper panel I have the following entries.

• localhost
• server.mydomain.private (this is the entry under Server Admin > Mail > Settings > General > Domain Name.

virtual1.com and the others are the hosted virtual domains for which users have email accounts. That’s it. When I check my mail logs, mail is forwarded, I get errors regarding accounts not being set up, but mail is forwared.

Update
Well, it seems I still see the bounces, but mail is forwarded. I’ve removed the virtual domains from the upper panel. It was a bad idea to start with. I don’t know if Snow Leopard server fixes this. Let me know.

Related posts:

1. Forwarding Email in Leopard Server OK, to put it mildly the Workgroup Manager and Email...
2. Moving domains Sorry if anyone gets confused. When I moved this blog...
3. Securing Email I think I’ve finally accomplished it. It being getting my...

Related posts brought to you by Yet Another Related Posts Plugin.

What I did was to copy this file manually then run some of the commands that system.log reported as not being run properly.

sudo cp /mailbfrBackups/mailbackup/cyrus_config_DIR/imap/db/skipstamp /var/imap/db
sudo /usr/bin/cyrus/bin/reconstruct -p default -i
sudo su _cyrus /usr/bin/cyrus/bin/reconstruct -i
sudo -u _cyrus /usr/bin/cyrus/bin/cyrus-quota -f

So far I think I’ve got all my users and mailboxes back. Of course all the email is now listed as unread, but I expected that.

Of course Alex came back with the real answer which was the following in mailbfr.

sudo mailbfr -f
sudo mailbfr -o

And all is well. I think.

Of course, it didn’t work as expected. I ended up reinstalling the OS and then fixing only specific users mailstores. Once everything was working I then updated the OS to 10.5.2 and now everything works.

Related posts:

1. Fixing MySQL and phpMyAdmin There seems to be a problem with how current versions...
2. Unforeseen Circumstances Due to unforeseen circumstances I accidentally trashed my server installation....
3. Forwarding Email in Leopard Server OK, to put it mildly the Workgroup Manager and Email...

Related posts brought to you by Yet Another Related Posts Plugin.

I restart and my mail server doesn’t seem to be working correctly.

Several reinstalls later and I would still have a wonky mail server. It only got screwy after I tried to restore my mail stores. I was using mailbfr so it should have gone smoothly.

After several attempts I decided to change my plan. I reinstalled the OS, and didn’t update the software to 10.5.2. I then copied over calendars, files, etc. after setting up the server software.

Then I hand edited the SpamAssassin local.cf file to it’s previous settings and used mailbfr to selectively restore only specific users. Everything’s working. So I let it chug along checking my logs and finally decide to do the Software Update.

Everything’s still working. My wife thinks I should not run my own server as the aggravation is so great. I told her that it only continues to demonstrate how little comparative aggravation I receive from her.

Related posts:

1. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...
2. Amavisd settings I run my own mail server on OS X Server....
3. Fixing cyrus Yeah, I did something stupid and had to reinstall my...

Related posts brought to you by Yet Another Related Posts Plugin.

It turns out that the default authentication method for SquirrelMail is login so out of the box it needs to be checked. I think, though I cannot confirm, that it might also be the default authentication method for Thunderbird.

You can change the preferences in SquirrelMail using the following command.

/usr/share/squirrelmail/config/conf.pl

No related posts.

Related posts brought to you by Yet Another Related Posts Plugin.

I’ve just installed the USBAx8817x 1.0.3b10 release and it seems to be working.

Peter emailed me to let me know his sources inside Apple report that the driver in 10.5.2 should correctly with Apple’s adapter. You will have to remove Peter’s driver to see if this works. I’ll try it when I get the server back from repair as I’ll have to re-install the OS anyway.

Related posts:

1. Apple USB Ethernet adapter Don’t use this adapter on any Mac except the MacBook...
2. Apple USB Ethernet part 2 Well, after spending several hours on the phone with AppleCare...
3. USB to Ethernet Adapter Oh my god how aggravating. I’ve got an Intel Mac...

Related posts brought to you by Yet Another Related Posts Plugin.