The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo








Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

Sat 10 Jan 2004

Apple's Open Directory

Category : Technology/openDir.txt

The ability to support SMTP-AUTH on a mail server is so important because it means you can open up the server for (legitimate) remote users to send mail through it without making it an Open Relay. It's the difference between a toy server and one that is considered industrial-strength. Even Linux users struggle to set this up. Definitely it's no cakewalk if you're still using sendmail.

Shin-ichi YOSHIMOTO, who has a Postfix for Mac OS X Users site (in Japanese), has been investigating how SMTP authentication got done on Panther.

This is his finding, summarised here in case others are also curious.

In Postfix on Panther, if "smtpd_use_pw_server=yes", SMTP-AUTH appears to be be done through Apple's Open Directory framework.

The Open Directory authentication service supports the following types of authentication :

(Basic) login, plain,

(Password Server Authentication) cram-md5, gssapi

These are the values we can use for the "smtpd_pw_server_security_options".

A plain-vanilla OS X Panther machine can only use the basic options - login and plain - because, according to Shin-ichi's findings, PasswordService.8, which is the Password Server daemon, is distributed only as part of Mac OS X Server.

That's why we set "smtpd_pw_server_security_options=plain,login".

So, in conclusion, SMTP-AUTH on Panther skips past the need to set anything up on /usr/lib/sasl2 or on /etc/pam.d

Actually, now that we know the way to do it (again, thanks to the information provided originally by Andy Black), SMTP-AUTH on Postfix on Panther is really very simple. And credit has got to go to Apple's engineers who designed it this way.

It's easy to underestimate how hard it could have been to do this. You only have to do a search on Google with the key words (SASL, SMTP-AUTH, Cyrus, PAM, etc...) to see how many hoops people working on the other *nix'es have to go through to get SMTP-AUTH to work, if at all.

It makes me wonder, all those guys who strut their stuff with their command-line knowledge on VersionTracker. If it's so clear how it's done, how come I never saw any of their stuff in months of looking up Google for the answer?

Posted at 5:18PM UTC | permalink

iLife

Category : Commentary/singlife.txt

It's almost a year since I had these pages up. But having gone round the 'Net, and having crossed paths (or swords) with people all over the world, it's home that is still the best place to be in.

"People are the same wherever you go..." as Paul McCartney and Stevie Wonder would sing. "There is good and bad. In everyone. Learn to live. Learn to give each other what we need to survive. Together alive."

As I write this, I'm looking out over the water at a friend's place, having come from our own place whose usual tranquility has been broken by the large number of cars arriving for the funeral of a man who has just died, suddenly in Jakarta, in the prime of his life. They're a hugely popular couple, and it's no wonder they have so many friends.

It puts things in perspective. There's a lot more to life than iLife and Postfix Enabler and the problems of strangers. After all, there's the kid (seen here with his very best friend). And the birds on our tree continue to sing, whether we notice them or not. We do the best we can and move on.

Posted at 6:37AM UTC | permalink

Mac@Work
Put your Mac to Work

Sivasothi.com? Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.