Make sure Wiki Server is set to 127.0.0.1 and that Use SSL is checked.

Here’s how I was finally able to get my groups into iCal SL client (no SSL)

userName
password
server.com/principals/__uids__/wiki-groupName/ (no http://)

Related posts:

1. Snow Leopard Sieve Rules How to edit sieve rules in Snow Leopard by hand....
2. Fail2ban on Leopard Server So here I am running my own server — for...
3. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...

Related posts brought to you by Yet Another Related Posts Plugin.

Anyway, I found that a couple of my files didn’t have the correct permissions and I found out by trying to open in webmail. It gave me errors I’d never seen before. Where I found better errors was in mailaccess.log where I saw a dovecot service with a failed: Permission denied error.

I managed to find where the files lived and as I have quite a few mail users I didn’t want to go through individually so I figured out a script to do it.

sudo ls -lA /var/spool/imap/dovecot/mail | grep -v total | awk {'printf $3": /var/spool/imap/dovecot/mail/"$9"\n"'} | xargs -n2 -p sudo chown -R

The script will ask if you want to proceed with the chown command for each user.

If you find your logs reporting permissions issues with a specific account or your webmail users have errors opening mailboxes, then the following script when provided with the offending GeneratedUID will reset the permissions similar to the above. Simply replace the GUID in the script with the one listed in your logs.

dscl /LDAPv3/127.0.0.1 -list /Users GeneratedUID | grep GUID | awk {'printf $1": /var/spool/imap/dovecot/mail/"$2"\n"'} | xargs -n2 -p sudo chown -R

Related posts:

1. Snow Leopard Sieve Rules How to edit sieve rules in Snow Leopard by hand....
2. Fixing cyrus Yeah, I did something stupid and had to reinstall my...
3. WordPress Automatic Updates I think I finally have the automatic updates feature of...

Related posts brought to you by Yet Another Related Posts Plugin.

They swore up and down that they weren’t blocking anything at the router. An epiphany later and we figured out it was the Verizon DSL they were using for the access points.

Well, the simple solution is to change email to accept SMTP on port 587. This was simple enough to fix on the server. Just uncomment the following line in /etc/postfix/master.cf

#submission inet n - n - - smtpd

Then sudo postfix reload and you’re good to go.

Of course I also had to change my iPhone SMTP to use port 587. The only tricky part was remembering that I have my router set to provide a basic hardware firewall, in addition to the server’s ipfw. I had to open a service and a rule on the router to let TCP traffic on port 587 through.

Related posts:

1. Forwarding Email in Leopard Server OK, to put it mildly the Workgroup Manager and Email...
2. Port 25 blocked If you travel, or use your laptop at wireless hot...
3. Router and Airport 2 Well I found out my router problem was a simpler...

Related posts brought to you by Yet Another Related Posts Plugin.

The answer mostly comes from looking for why WordPress asks for connection information. Be sure to read the comments.

So far, my solution seems to be something like the following.

sudo chown -R _www wordpress/wp-content*
sudo chown _www wordpress/wp-admin/update*

Where wordpress is the location of the WordPress installation.

It seems to work, however, the information about what should be happening with the update seems to be in an endless loop. I let it run for a bit and when I check to see if the plugin or theme is updated it seems to have the newer version, but I’ve no real way to check or to know how long to let the process run.

Very confusing.

When I encounter more updates I’ll see if this really does work. BTW, updated to WordPress 3.0 for all the new goodness.

Update
This works fine for plugins and themes but not for the actual WP updates. Also, I just let it run until the browser doesn’t seem to be loading the page any longer and the updates are done. Something’s clearly not working as expected with this and OS X Server but I don’t know what it is.

Related posts:

1. WordPress SVN OK, since I’ve switched over to WordPress I have to...
2. Dovecot Permissions Well, I finally bit the bullet and installed OS X...
3. Fixing cyrus Yeah, I did something stupid and had to reinstall my...

Related posts brought to you by Yet Another Related Posts Plugin.

When I first set up my own server lo these years ago, I never really thought about email message filtering. After all, I had rules in Mail.app that would send my incoming message to wherever I wanted them. Besides, I was much more concerned with eliminating spam.

Well, that was then and spam seems under control. I was prompted to look at server-side message filtering mostly to help out my mother, who seems determined to have every single store, travel and other consumer site that will happily take your email address and send you messages daily — or more often, have a more controllable experience on her iPhone. When we originally set up her iPhone she told me she didn’t want to use it for email. Silly me, I listened and set her up with a POP account. Well now she wants email. What’s a good son to do.

I changed her POP account to IMAP, copied over all her messages to her new IMAP folders and thought I’d need to solve her impending problem of 100 or so messages every other day choking her inbox.

After a bit of Googling I found Sieve. I’d actually heard of it before but never really thought about it. The Apple Discussion Forum had a nice start and pointed me on to sources I used to set it up.

Here are the salient points. From the terminal…

1. Add the following lines to /etc/services

   sudo pico /etc/services
   

   Insert the following lines.

   callbook 2000/udp # callbook
   callbook 2000/tcp # callbook
   + sieve 2000/udp # sieve mail filtering
   + sieve 2000/tcp # sieve mail filtering
   

   You can check to see if it’s running by running

   netstat -an | grep 2000
   

   with results

   tcp4 0 0 *.2000 *.* LISTEN
   tcp6 0 0 *.2000 *.* LISTEN
   

2. Create /usr/sieve

   sudo mkdir /usr/sieve
   sudo chown _cyrus:mail /usr/sieve
   

3. Restart mail services

   sudo serveradmin stop mail
   [ some stuff ]
   sudo serveradmin start mail
   [ some stuff ]
   

4. Since I’m using OS X Server and SquirrelMail is already running, next was installing and configuring avelsieve.

I really did try installing the latest development version — 1.9.9 alpha. That should have been a clue. After spending way too much time with it I installed the stable version - avelsieve 1.0.1. Once copied into /usr/share/squirrelmail/plugins run sudo perl /etc/squirrelmail/config/conf.pl and activate the plugin.

Then it’s back to the terminal. These instructions are from AFP548.

    cd /usr/share/squirrelmail/plugins/avelsieve
    sudo cp config-sample.php config.php

Now set the correct authentication matching SquirrelMail.
Edit /etc/squirrelmail/plugins/avelsieve/config.php and change:

$preferred_mech = "PLAIN";

to

$preferred_mech = "CRAM-MD5";

You should be running SquirrelMail with CRAM-MD5 authentication anyway.

Finally, edit the /etc/squirrelmail/plugins/avelsieve/lib/sieve-php.lib.php file.

Find the line:

fputs($this->fp, "PUTSCRIPT \"$scriptname\" \{$len+}\r\n"); 

and change it to :

fputs($this->fp, "PUTSCRIPT \"$scriptname\"".' {'."$len+".'}'."\r\n");

This fixes an error in the script allowing you to save your changes to the filters. Now go login to webmail and click on the Filter link to start creating your Sieve filters.

Related posts:

1. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...
2. Forwarding Email in Leopard Server OK, to put it mildly the Workgroup Manager and Email...
3. Snow Leopard Sieve Rules How to edit sieve rules in Snow Leopard by hand....

Related posts brought to you by Yet Another Related Posts Plugin.

When running OS X Server and SpamAssassin, if you have spam set up to be quarantined it gets stored in /var/virusmails. A method of viewing and releasing quarantined mail mostly from the command line follows.

First, to do anything with the quarantined message you need to know it’s mail-file. That’s usually something like spam-kFLGPbnGHO3a.gz.

Using TextExpander’s snippets and the clipboard I have the following snippets.

To view the quarantined message I copy the quarantined file to /Users/Shared/ and then unzip it, read it into a new mail message to me. If it looks OK then I release it. I delete the file from /Users/Shared/ when I’m done.

To send it myself I have the following snippet. The snippet begins by copying the mail-file to the clipboard. If you don’t have TextExpander just replace all instances of %clipboard with the mail-file.

sudo cp /var/virusmails/%clipboard /Users/Shared/;gunzip /Users/Shared/%clipboard;/usr/bin/mail -s “%clipboard” me@example.com < /Users/Shared/`echo %clipboard | sed ‘s/.gz//g’`;rm /Users/Shared/`echo %clipboard | sed ‘s/.gz//g’`

If I want to release the file from quarantine and send it to notjunkmail.

sudo amavisd-release %clipboard ; sudo amavisd-release %clipboard “” notjunkmail

I did have to do a few things to get amavisd-release working. First, it was looking for amavisd.sock in the /var/amavis/home directory and it’s really located in the /var/amavis directory. It was simple to create a new directory and then create a symlink to the amavisd.sock file.

sudo mkdir /var/amavis/home; sudo ln -s /var/amavis/amavisd.sock /var/amavis/home

Now, using only the command line and a mail app, I can check on quarantined email and release it. All this just so I can make sure that I can do this task from an iPhone or iPad.

FWIW, I have amavis-blocked (by Uwe S. Fuerst) a log file parser for amavisd-new 2.x, written in Perl set up to send me logs each night at 23:59. That’s where I get the mail-file from.

Related posts:

1. Amavisd settings I run my own mail server on OS X Server....
2. Server-Side Email Filtering with Sieve Another post for the peripheral brain. When I first set...
3. Fixing MySQL and phpMyAdmin There seems to be a problem with how current versions...

Related posts brought to you by Yet Another Related Posts Plugin.

I spent many hours with some very nice people at TWC tech support, like Jan, but what eventually fixed the problem was changing the fixed IP I was assigned to another fixed IP.

Long and short is everything, mail, web, etc. seems to be back up and running.

Related posts:

1. New Safari Version?? I’ve just spent the last 40 minutes on the phone...
2. I’ve been having problems with Airport Base Stations recently. I...
3. Customer Service I have to give great kudos to Wendy of the...

Related posts brought to you by Yet Another Related Posts Plugin.

After a bit of googling, I found fail2ban. It’s a collection of python scripts.

Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules to reject the IP address.

There are a few tricks I’ve discovered along the way to make it work on my installation and likely on Mac OS X Server in general.

First is that fail2ban creates a PID and socket file in a directory that it fails to create. Yeah, that’s a bug. Since I didn’t want to mess around with the actual scripts in the program, I created a plist that issues the mkdir /var/run/fail2ban command. I placed this in /System/Library/LaunchDaemons and set it to Run at Load. Lingon is your friend, but’s now inactive.

After creating the file you have to use the command line to move it to the /System/Library/LaunchDaemons directory. I also created another launchd plist to reload fail2ban every day. I did this because I run multiple virtual websites and the error logs for those sites get rotated and the names have some time code or something tacked on the end of the filename.

OK, problem 1 solved. Next I discovered that since fail2ban is really running on a multitude of linux boxes all the different methods of IP tracking, sorting etc. were really useless on my OS X Server. I run ipfw firewall and fortunately there’s a module for that in fail2ban. Unfortunately it’s not quite set up correctly, at least it wasn’t for me. I had to tweak it a bit.

What this means is that your action is always going to be ipfw. I tweaked the ipfw.conf file a bit. Now it does the following.

1. Logs it’s action to ipfw.log
2. Adds a rulenum to the ipfw command. I did this because some other rule in my setup was allowing the IP before my deny could take effect. By lowering the rulenum my deny now fires off first.
3. Abstracted the protocol (tcp, udp) to pass as a variable. Just in case something you want to block isn’t tcp.

I also created another filter as I found many times some machine would excessively hit my Apache server looking for nonexistent files. Since it sounds like something a bot would do I decided to ban it. This was the simple creation of a new filter.

I created a jail.local file to hold all my prefs and through trial and error discovered that the examples of how to call for a jail weren’t working for me. Perhaps I just didn’t understand the examples. I soon discovered that parameters for the jail action needed to be passed inside of square brackets in the prefs.

I’m sure, if you’ve gotten this far that you’re either very confused by this whole post or that you’ve had an epiphany. To further the epiphany along I’ve uploaded my file changes.

You should be able to figure out what file goes where from the folder structure of the upload.

A couple of things in summary to remember. First, turn on your server’s firewall. Then make sure you change your server’s local IP address in the files to match your own. That’s the setting for localhost.

Good luck. If you have any questions leave a comment.

Related posts:

1. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...
2. Server-Side Email Filtering with Sieve Another post for the peripheral brain. When I first set...
3. Snow Leopard Sieve Rules How to edit sieve rules in Snow Leopard by hand....

Related posts brought to you by Yet Another Related Posts Plugin.

After a little Googling I found Amavisd critical settings and I think the $final_bad_header_destiny is the key. The default setting is set to D_PASS. I’ve changed mine to D_REJECT now I’ll see what the logs say and see how much non-spam gets caught. Obviously, if enough good stuff doesn’t get through then I’ll have to think of something else.

But the obvoious question remains, Why doesn’t SpamAssassin score these messages?

Related posts:

1. False Positive Just a personal reminder to keep in the memory bank....
2. Unforeseen Circumstances Due to unforeseen circumstances I accidentally trashed my server installation....
3. Forwarding Email in Leopard Server, part 2 I’ve previously written about problems with Leopard server and forwarding...

Related posts brought to you by Yet Another Related Posts Plugin.

Here’s the problem. My wife and I both have iPhone’s. I’d like to see one of her calendar’s on my iPhone and I want here to see one of mine on her iPhone. On our respective computers these calendars show up in iCal as Delegates. That’s how there’re suppose to show up. The problem is that only local calendars and subscribed calendars are listed in iTunes for syncing to the iPhone.

After a bit of googling, the answer appeared in the Apple Discussions Board. If I do a get info on the Delegate calendar and copy the CalDAV URL I can then subscribe to this URL, the calendar will show up in my Subscriptions list. I can then sync it to the iPhone. It is perhaps the simplest workaround that I’ve found. Your user must log out and log back in for iTunes to see the newly subscribed calendar.

However, it’s still a kludge and I await the day Apple fixes iTunes to allow for syncing any viewable calendar iCal to your iPhone.

Related posts:

1. Server-Side Email Filtering with Sieve Another post for the peripheral brain. When I first set...
2. Leopard Server DHCP-NAT Well, I’m finally getting most of the initial stuff for...
3. iCal - Exchange Time Zone Fix - Chapter 3 I’ve updated the iCal-Invite-Fix script again. This time to allow...

Related posts brought to you by Yet Another Related Posts Plugin.