The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo








Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

The Ultimate Business Machine - Archives

List of Categories : Database * Technology * Commentary * Singapore * Travel *

Sat 10 Jan 2004

Apple's Open Directory

Category : Technology/openDir.txt

The ability to support SMTP-AUTH on a mail server is so important because it means you can open up the server for (legitimate) remote users to send mail through it without making it an Open Relay. It's the difference between a toy server and one that is considered industrial-strength. Even Linux users struggle to set this up. Definitely it's no cakewalk if you're still using sendmail.

Shin-ichi YOSHIMOTO, who has a Postfix for Mac OS X Users site (in Japanese), has been investigating how SMTP authentication got done on Panther.

This is his finding, summarised here in case others are also curious.

In Postfix on Panther, if "smtpd_use_pw_server=yes", SMTP-AUTH appears to be be done through Apple's Open Directory framework.

The Open Directory authentication service supports the following types of authentication :

(Basic) login, plain,

(Password Server Authentication) cram-md5, gssapi

These are the values we can use for the "smtpd_pw_server_security_options".

A plain-vanilla OS X Panther machine can only use the basic options - login and plain - because, according to Shin-ichi's findings, PasswordService.8, which is the Password Server daemon, is distributed only as part of Mac OS X Server.

That's why we set "smtpd_pw_server_security_options=plain,login".

So, in conclusion, SMTP-AUTH on Panther skips past the need to set anything up on /usr/lib/sasl2 or on /etc/pam.d

Actually, now that we know the way to do it (again, thanks to the information provided originally by Andy Black), SMTP-AUTH on Postfix on Panther is really very simple. And credit has got to go to Apple's engineers who designed it this way.

It's easy to underestimate how hard it could have been to do this. You only have to do a search on Google with the key words (SASL, SMTP-AUTH, Cyrus, PAM, etc...) to see how many hoops people working on the other *nix'es have to go through to get SMTP-AUTH to work, if at all.

It makes me wonder, all those guys who strut their stuff with their command-line knowledge on VersionTracker. If it's so clear how it's done, how come I never saw any of their stuff in months of looking up Google for the answer?

Posted at 5:18PM UTC | permalink

Mac@Work
Put your Mac to Work

Sivasothi.com? Now how would you do something like that?
Weblogs. Download and start a weblog of your own.
A Mac Business Toolbox
A survey of the possibilities
A Business Scenario
How we could use Macs in businesses
VPN Enabler for Mavericks
MailServe for Mavericks
DNS Enabler for Mavericks
DNS Agent for Mavericks
WebMon for Mavericks
Luca for Mavericks
Liya for Mountain Lion & Mavericks
Postfix Enabler for Tiger and Panther
Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.