Mac@Work : The Ultimate Business Machine

The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog • Archive • Cutedge

by: Bernard Teo

Mon 02 Feb 2004

The Postfix Enabler Logo

Category : Commentary/PFEIcon.txt

I wrote to Wietse Venema, the creator of Postfix, and asked for permission to incorporate the Postfix logo as a background in our Postfix Enabler icon, as it was designed by Michel Poulain.

The idea of the icon is that Postfix Enabler helps you to fix up the Postfix that is built into every Panther-equipped Macintosh and put it to work.

To my surprise, he actually replied and said yes. So we're now spotting a spanking new icon. Thanks, Wietse, and also to Mike Poulain.

Posted at 8:48AM UTC | permalink

Sat 31 Jan 2004

Spam Block

Category : Technology/SpamBlock.txt

Lots of junk mail coming in, no doubt due to the MyDoom virus, and variants. I don't have time to add these to Postfix Enabler yet, but you can add these lines (combining contributions by Terry Allen and Michel Poulain) to the Custom Postfix Settings field in the second panel :

maps_rbl_domains = sbl.spamhaus.org, relays.ordb.org, cbl.abuseat.org, bl.spamcop.net

smtpd_client_restrictions = hash:/etc/postfix/access, reject_rbl_client sbl.spamhaus.org, reject_rbl_client relays.ordb.org, reject_rbl_client cbl.abuseat.org, reject_rbl_client bl.spamcop.net

default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason} - see http://$rbl_domain.

smtpd_helo_required = yes

smtpd_helo_restrictions = permit_mynetworks, reject_unknown_hostname

Another thing to do is to un-set the LUSER_RELAY parameter, i.e., do not nominate a user who will receive all the mail addressed to unknown users in your domain. These mail will be bounced back to the sender.

I think it works because the mail server has quietened down quite a bit.

Posted at 5:15AM UTC | permalink

Thu 29 Jan 2004

Friends

Category : Commentary/friends.txt

Mike (Michel Poulain) sent me a bunch of stuff - a nice little script to attach to a mail server to stop viruses coming in (it works with Virex which comes with a .Mac account), a collection of PC viruses to test on, and, best of all, a nice icon for Postfix Enabler. All these, plus the French localisation that I've already released on the Postfix Enabler page.

He says, "It was just to complete your book on the human nature. You get support AND thanks AND money from people too. ;-)".

He's right. I told him I was just going to write about this. About how doing shareware is a lot like being a street musician, with people throwing pennies into the open guitar case (and that's when people are at least being appreciative), but there are also times when you've got to put up with a bit of ridicule, and there are, of course, the people who sponge up on your music but wouldn't pay.

But, if we don't go out into the street, we wouldn't meet the other wonderful people who're also out there, getting as much out of life as they put into it. So, it's been a wonderful experience about sharing, and that is something that has to be written about.

And, just like being a street musician (the last chapter of a pretty fun book that I just read, "Floating Off the Page", ends on that note), you've got to have a higher purpose. I'm curious where this will lead. And when you get people like Mike and also Terry Allen plying you with stuff to add to Postfix Enabler, it's a bit hard to stop, at this point, though I had meant to.

So there'll be a next release with RBL (Real-Time Blocking) and anti-virus support. It'll be great to have SpamAssassin but I'm not sure how I would be able to bundle in a binary, and whether I'm allowed to in the first place. But I've got SpamAssassin working on a test server and it works great. The thing is to figure out how you can plug in Mike's solution or Anome, with or without SpamAssassin, depending on what a user wants. Easy to dream about, hard to do.

Posted at 8:54AM UTC | permalink

Sun 25 Jan 2004

Postfix Enabler 1.0.9 in French

Category : Commentary/pfeInFrench.txt

Michel Poulain sent me a version of the Postfix Enabler 1.0.9 interface in French. I'll take a day or two to incorporate this into a working version.

Apple has a very nice way of doing the language customisation but, so far, I hadn't had time to learn enough to exploit it. I've done it the brute-force way with the Chinese translation. But the problem comes when you make changes to the system. You have to merge in the different language versions all over again. Apple's engineers appear to have put a lot of thought into this, and I think their way is designed to take a lot of the pain out of doing this.

It's during a time like this that you can sometimes see how far down the line Apple, as a company, had carried the DNA of their founders. I remember reading about Steve Wozniak talking about his design for a circuit board, how he worked hard to eliminate the cross-over wiring, how even if nobody else sees it, he would still do it because (and I'm probably paraphrasing him here), it's the aesthetically right thing to do. (I hope to find a web page that contains this but I believe I read it in a book a long time ago; but you get the drift).

Some of these things that Apple did, like language customisation done the Mac Way, are not things that are immediately apparent to business users. But these are things that are of very real benefit to the business world, especially now that we're wanting to do business all over the world. Yet again, it never fails to amaze me how the best all-time machine for running a business on has never, ever, been considered a serious business machine. What have all these IT guys been smoking?

But back again to Postfix Enabler. I'll get the French version out in a few days. Thanks again to Michel Poulain (Mike), and all the French-speaking people who had supported Postfix and Sendmail Enablers, right from the start.

Posted at 3:23AM UTC | permalink

Fri 23 Jan 2004

The Disappearing Masks

Category : Commentary/operamasks.txt

It's Chinese New Year (恭喜發財) and I'm watching this performance on the TV where the dancers, who were wearing Chinese Opera masks, were changing them so quickly, on stage. I've seen Kabuki (or was it, Noh) performances where they changed costumes in one breath-taking moment, but the speed with which that was done could be said to be stately, when compared to this. One moment it was blue and then it was red, and then it was some other colour, and then it was no more. Quite magical and quite difficult to see how it could have been done.

I was told that the technique was some sort of a state secret in China and even Andy Lau, the Hong Kong artiste, was rebuffed when he tried to learn how it's done so that he could use it in his shows.

So, I wanted to learn more. Just a couple of tries with Google and I got the information I was looking for. Here is the story about Andy Lau and the Sichuan Opera Mask. Shows that, maybe, the most important skill in our age is to learn how to frame a question, or how to ask the right questions, because there are so many answers that you can pull in from the web, without leaving your couch.

Posted at 2:47PM UTC | permalink

Fri 16 Jan 2004

But the good news is...

Category : Commentary/goodnewsbut.txt

On re-reading the last post, I thought it was overly dark. There have been quite a few nice messages from people who were happy with both Sendmail Enabler and Postfix Enabler. Maybe I should compile them, into a congratulatory "All the good things they say about Postfix Enabler" page. But I've always thought that these were private messages that were probably meant to remain private.

But the biggest drag over the period of doing Sendmail Enabler and Postfix Enabler are messages like these: "Heya. I'm trying to get postfix to work on my system. Now I realize that you have a policy of only providing tech support to registered users, BUT.... I can't seem to get postfix to work at all, even after following your instructions. This is, needless to say, not a particularly effective way to get me to register. So I figure we go back and forth a little bit until everything works, and then once my mail server is functional, I will register the app. Sound good? Ok, here is my situation: ... Actually, since I have your attention, maybe you can help me with this, too:..."

10 bucks to go back and forth until everything works? Unfortunately, that's pretty much the standard fare.

Ok, so it's still pretty dark.

But my purpose here is to explain as best as I can that Postfix Enabler is shareware (actually it's more like donation-ware) simply because we're not able to devote the resources to providing tech support for it, at least for now.

And also because all the heavy-lifting is done by all these Open Source stuff that we're just turning on or off, we've never really considered Postfix Enabler as truly our own product. But we felt 10 bucks was just about right for the work we put in. Nice if you paid, OK if you don't, and we'll take anything in-between. But 10 bucks for debugging people's systems? It's just not worth it.

It's different if we had made it into a commercial product because then we would have to back it up with commercial-grade support. But then it wouldn't be free or even $10.

(Actually, in case you're curious, we've got donations from $1 to $50, with the average at around $10. But then, to date, only 91 people had paid.)

Make money as a shareware writer? Never.

So if you can't send over "some coin", as someone puts it, send over some good words. Now and then things do look bleak. And it's not like we've got nothing else to do. So don't get upset if I can't help you debug your system. I've done as best as I can and we need to move on.

Posted at 12:04PM UTC | permalink

Postfix Enabler 1.0.9 Released

Category : Commentary/pfe109.txt

This release was meant to allow people to have a better idea of what's going on behind the scenes. But I knew full well the mail that I will be getting, now that they can view the mail log. It's starting to come in, people wanting to know why they're getting this message or that warning. I don't know half of these myself. But I do know that if I want to know the answers, I wouldn't have anyone else to ask besides our good friend Google.

We're going to have a bunch of work coming in that we have to focus on, so we're going to have to stop providing (hitherto, mostly free) tech support for Postfix Enabler. If I had a dime for each time I got a message saying "if you can solve this problem, my money is on the way to you", I'll have been richer than Bill Gates. Mostly, you don't even get a "thank you" after you've provided a solution, much less a dime. Just about the only thing I've got out of this is a study in human nature that may still come in useful, one day, when I decide to write a book.

I just realised, from a review at MacUpdate, that Postfix Enabler is (nominally) just 3% of the cost of the nearest competing product (Tenon's Post.Office at US$295. Stalker's CommuniGate Pro is at $499). Of course, (I think) they built their own mail server and I'm just turning on and off a bunch of Open Source stuff. And, to be fair, I think they provide commercial-grade support which I don't want to have to do, at least for now. But 3% of the cost at maybe 80% of their functionality? If you consider that you can use Postfix Enabler for free (though you shouldn't - even getting a dollar from everyone who's using it will still be more than I've gotten so far), then you can even say that Postfix Enabler is infinitely more useful than any other product in the OS X mail server space.

Posted at 6:02AM UTC | permalink

Thu 15 Jan 2004

Albert's Info-Portal

Category : Commentary/albertinfoportal.txt

I got this from Albert's Info-Portal :

"Aoccdrnig to a rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht frist and lsat ltteer is at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit porbelm. Tihs is bcuseae we do not raed ervey lteter by itslef but the wrod as a wlohe."

There's some truth to this, isn't there? I can read the paragraph quite well if I just glance at it. Something to make you think while you're trying to teach a child to read.

Posted at 2:39AM UTC | permalink

Tue 13 Jan 2004

Awk!

Category : Technology/awk.txt

On the OS X terminal, if you do a

tail -6 -r /var/log/mail.log

you will get,

Jan 13 17:01:45 localhost postfix/smtpd[28990]: disconnect from Jan 13 17:01:45 localhost postfix/smtpd[28990]: disconnect from localhost[127.0.0.1]

Jan 13 17:00:45 localhost postfix/smtp[28994]: E269A1370E9: to=, relay=mail3.nus.edu.sg[137.132.14.18], delay=1, status=sent (250 137.132.14.18: Message accepted for delivery)

Jan 13 17:00:45 localhost postfix/qmgr[28598]: E269A1370E9: from=, size=1330, nrcpt=1 (queue active)

Jan 13 17:00:45 localhost postfix/cleanup[28992]: E269A1370E9: message-id=

Jan 13 17:00:44 localhost postfix/smtpd[28990]: E269A1370E9: client=localhost[127.0.0.1]

Jan 13 17:00:44 localhost postfix/smtpd[28990]: connect from localhost[127.0.0.1]

which shows the last few entries in the tail-end of the mail log, in reverse order.

But, what if you want to slot these lines into a table, so that it will look more comprehensible? Like below :

The problem is to figure out how to break the words into columns, knowing that you cannot predict the width of each column (another person's host name may not be localhost - it is RoadsteadServer on my "real" server), or even how many words each line would have.

The key to solving this is a Unix command that goes by the rather unlovely name of "awk" (for A. V. Aho, P. J. Weinberger, and B. W. Kernighan, the original authors).

The solution (at least that's my solution; I'm sure it could be done better) looks like this :

tail -20 -r /var/log/mail.log | awk '{gsub(/\[.....\]/,""); printf "%s*%s*%s*%s*%s*%s\n", $1,$2,$3,$4,substr($5,1,length($5)-1),substr($0, index($0, $6), 255)}'

It looks quite ugly.

But that is seeing life from what Robert Pirsig would call a romantic point of view.

In actual fact, it works beautifully. For a person pre-disposed to looking at life from the classical point of view, everything here can be explained. The solution is beautiful because of its power and its economy. There is no waste. And it does produce the right output for piping into the table you see above. It works everytime, all the time.

Quoting "Zen and the Art of Motorcycle Maintenance" :

"The classic mode proceeds by reason and by laws. Although surface ugliness is often found in the classic mode of understanding it is not inherent in it. There is a classic esthetic which romantics often miss because of its subtlety. The classic style is straightforward, unadorned, unemotional, economical and carefully proportioned. Its purpose is not to inspire emotionally, but to bring order out of chaos and make the unknown known. It is not an esthetically free and natural style. It is esthetically restrained. Everything is under control. Its value is measured in terms of the skill with which this control is maintained.

"To a romantic this classic mode often appears dull, awkward and ugly, like mechanical maintenance itself. Everything is in terms of pieces and parts and components and relationships. Nothing is figured out until it's run through the computer a dozen times. Everything's got to be measured and proved. Oppressive. Heavy. Endlessly grey. The death force.

"Within the classic mode, however, the romantic has some appearances of his own. Frivolous, irrational, erratic, untrustworthy, interested primarily in pleasure-seeking. Shallow. Of no substance. Often a parasite who cannot or will not carry his own weight. A real drag on society. By now these battle lines should sound a little familiar."

The point I am getting at is that this is also the battle line in the perennial Mac vs PC debates. "Frivolous, irrational, erratic, untrustworthy, interested primarily in pleasure-seeking" - that's the IT manager's view of the Mac user. It's so difficult to explain the reason for the conflict because the underlying issues are so subtle.

But the reson why some of us love using the Mac is that we don't come to work thinking, "What do we want to be today (like, where do you want to go today)? Let's see, do we want to be an artist or a scientist, today? What about tomorrow?" We work out of both sides of our brain, and we want to move effortlessly from one mode to the next, depending on what the solution should take. Is it any wonder why we insist that our computational machines ought to work the same way? Cultists and zealots, indeed.

Posted at 1:44PM UTC | permalink

Sat 10 Jan 2004

Apple's Open Directory

Category : Technology/openDir.txt

The ability to support SMTP-AUTH on a mail server is so important because it means you can open up the server for (legitimate) remote users to send mail through it without making it an Open Relay. It's the difference between a toy server and one that is considered industrial-strength. Even Linux users struggle to set this up. Definitely it's no cakewalk if you're still using sendmail.

Shin-ichi YOSHIMOTO, who has a Postfix for Mac OS X Users site (in Japanese), has been investigating how SMTP authentication got done on Panther.

This is his finding, summarised here in case others are also curious.

In Postfix on Panther, if "smtpd_use_pw_server=yes", SMTP-AUTH appears to be be done through Apple's Open Directory framework.

The Open Directory authentication service supports the following types of authentication :

(Basic) login, plain,

(Password Server Authentication) cram-md5, gssapi

These are the values we can use for the "smtpd_pw_server_security_options".

A plain-vanilla OS X Panther machine can only use the basic options - login and plain - because, according to Shin-ichi's findings, PasswordService.8, which is the Password Server daemon, is distributed only as part of Mac OS X Server.

That's why we set "smtpd_pw_server_security_options=plain,login".

So, in conclusion, SMTP-AUTH on Panther skips past the need to set anything up on /usr/lib/sasl2 or on /etc/pam.d

Actually, now that we know the way to do it (again, thanks to the information provided originally by Andy Black), SMTP-AUTH on Postfix on Panther is really very simple. And credit has got to go to Apple's engineers who designed it this way.

It's easy to underestimate how hard it could have been to do this. You only have to do a search on Google with the key words (SASL, SMTP-AUTH, Cyrus, PAM, etc...) to see how many hoops people working on the other *nix'es have to go through to get SMTP-AUTH to work, if at all.

It makes me wonder, all those guys who strut their stuff with their command-line knowledge on VersionTracker. If it's so clear how it's done, how come I never saw any of their stuff in months of looking up Google for the answer?

Posted at 5:18PM UTC | permalink

iLife

Category : Commentary/singlife.txt

It's almost a year since I had these pages up. But having gone round the 'Net, and having crossed paths (or swords) with people all over the world, it's home that is still the best place to be in.

"People are the same wherever you go..." as Paul McCartney and Stevie Wonder would sing. "There is good and bad. In everyone. Learn to live. Learn to give each other what we need to survive. Together alive."

As I write this, I'm looking out over the water at a friend's place, having come from our own place whose usual tranquility has been broken by the large number of cars arriving for the funeral of a man who has just died, suddenly in Jakarta, in the prime of his life. They're a hugely popular couple, and it's no wonder they have so many friends.

It puts things in perspective. There's a lot more to life than iLife and Postfix Enabler and the problems of strangers. After all, there's the kid (seen here with his very best friend). And the birds on our tree continue to sing, whether we notice them or not. We do the best we can and move on.

Posted at 6:37AM UTC | permalink

Tue 06 Jan 2004

Postfix Enabler 1.0.7 Released

Category : Technology/PFE107Released.txt

Just released it, together with the Traditional Chinese localisation, contributed by Kuo Yuan-Fen. I would love to include a French version, if somebody would contribute the localisation. I know Stephane Lacroix, for one, would like that :

"Translate

Please, translate in french the explications software on your site, because in France, we are a lot to try to use it, but as a lot of americain people who d'ont speak french, a lot of french people dont speak americain language. So you lose many customers in France. Use the Alliance Fran�aise to build the translate, there are nice et certzinly not expansive."

I would, if I could, but I don't earn enough from this to pay anyone to do it. I'll be happy if someone would volunteer, as Yuan-Fen did.

Also, just released the source code for the project. What if I get hit by a truck? as our users always like to say. The project will live on somewhere in somebody's Mac, in the 'Net, while I'll live on through the kid.

Here's my New Year's wish. Really. I wish all those guys who are so free with their put-downs at Version Tracker would go and write some code we could all use, for free, of course. We'll get a better machine to use, a lot sooner than if we only talk about it.

Posted at 7:24AM UTC | permalink