[Anonymous]

After many hours of research I have finally figured out that qrunner is in /usr/share/mailman/bin. However, I have now determined, from a log I just found, that ‘mailman’ is not in the “site file”. What the heck is the filename of the “site file” and where is it located? Can someone help me over this hump. TIA.

[Anonymous]

I forgot to mention, we have a workaround if you are interested.

[Anonymous]

I’m having a similar problem. I have asked this on other forums and so far have not received any replies. I am successfully mounting ‘Home’ directories for my users but none of the other share points seem to get mounted.

When you select the check box to create a mount point, it is supposed to automatically mount it as the selected share (there are 4 radio buttons but only user home directories work for me). If any of the other 3 are being mounted, I sure cannot find the path on the cleint.

P.S. Are you running DHCP and are the clients you are having trouble with obtaining DHCP info correctly?

[Anonymous]

Hey Joel,
Yes, amavisd is running.
I have entered content_filter=smtp-amavis:[127.0.0.1]:10024 in the main.cf file. Is that all I need to do to main.cf?

I have entered:
smtp-amavis unix – – y – 2 smtp
-o smtp_data_done_timeout=120
-o disable_dns_lookups=yes

127.0.0.1:10025 inet n – y – – smtpd
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o strict_rfc821_envelopes=yes
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000

In the master.cf file. Is that all I need to do in master.cf?

Thanks for the quick reply.

[Anonymous]

the issue here according to me is not one of NAT or not, since I have the same problem but both on the router which has a public IP and on the machines behind NAT which have private IPs….

The issue is according to me with the providers blocking that specific UDP port.

For me the issue comes up when I use a Panther Server on one side and a Panther client on the other, no VaporSec, just the regular clients. The tunnel is there and I can initiate connections from client to server, but not from server to client….

[Anonymous]

Try writing your cron entry like this:
[code:1:5089f52247]
*/15 * * * * sh /usr/sbin/learnspam
[/code:1:5089f52247]

[Anonymous]

Thanks for the reply.

SMTP is running fine. We are successfully moving mail in both directions. All we are missing is the ability to set up lists due to the missing ‘qrunner’.

[Anonymous]

Problem solved. A reboot cleared it up. Looks like OS X is taking a page right out of the Windows book. 😈

[Anonymous]

With a little experimentation I think I answered most of my own questions in the positive. I still need to figure out how to run ‘kerberosutoconfigure’ on all my clients. Also OD is apparently independent of relm as my relm seems to work. Now we can get back to my original problem wiht email although it is quite different now.

When I attempt to authenticate I get prompted for my Kerberos password and using ‘Kerberos’ I can see the ticket. Clearly that much is working. Unfortuately, I still cannot connect to the mail server. When I look in the log, I see the following error messages:

Jan 29 13:23:44 XserveONE pop3d[25534]: Major Error (1): A token was invalid (gss_accept_sec_context)
Jan 29 13:23:45 XserveONE pop3d[25534]: Minor Error (1): Token header is malformed or corrupt (gss_accept_sec_context)
Jan 29 13:23:45 XserveONE pop3d[25534]: Major Error (1): A token was invalid (gss_accept_sec_context)
Jan 29 13:23:45 XserveONE pop3d[25534]: Minor Error (1): Token header is malformed or corrupt (gss_accept_sec_context)
Jan 29 13:23:48 XserveONE pop3d[25534]: badlogin: [130.205.111.239] GSSAPI

Obviously I still have something wrong. Can you still help?

[Anonymous]

Thanks for helping the mud settle a little but it is still far from clear to me.

So the user/password for logging on to the Open Directory is, indeed, independent from the KDC? That was one of my big stumbling blocks as I thought they were the same and there was nothing in the documentation that indicated otherwise. It certainly explains why I could not find the KDC before following your procedure.

If I understand, the next time I reset a user’s password (or if the user is forced to change their own password?) the user will show up in the KDC?

In order for me to tell the clients they are in a Kerberized environment, I have to go to each client machine and set up the edu.mit.kerberos file? Ugh! Is there a way to automate this (keeping in mind the users are computer illiterate)?

I do have a little Kerberos knowledge but under Unix only. How do I set the relm for Open Directory? I cannot find any place in server admin that talks about that. Does not the KDC relm and Open Directory relm have to be set the same in order to be sync’ed?

[Anonymous]

Hmmm. OK, I decided to take the chance of screwing up my Open Directory and followed the steps in your article. It would seem that my impression that Open Directory uses Kerberos was mistaken as there seems to be no relationship between the two. It appears I have a working KDC but now I need to somehow connect it to Open Directory. When I log in on the client machine, I expected to see some tickets. However, when I fire up ‘Kerberos’ on the client there are no tickets. How did I get logged in to Open Directory with no tickets?

While your article was very informative (why this was not documented by Apple in the Panther server setup is a mystery) it does not explain the connection between Open Directory and the KDC.

Do I need to reboot my server to get this to connect?

[Anonymous]

Thanks for the replies.

Why was the Kerberos environment (as opposed to the KDC) not set up with the install? It is working now with Open Directory. How do I set up the environment without breaking Open Directory? Where is this documented?

[Anonymous]

First of all,. I really appreciate your help, I am relatively new to this and it is hard to find help on this stuff.
What are localhost aliases, where are they set and what is an example of a properly set one. SSL is not enabled.

Here is main:

# THE FOLLOWING DEFAULTS ARE SET BY APPLE
#
# bind to localhost only
#
inet_interfaces = all

# turn off relaying for local subnet
#
mynetworks_style = host

# mydomain_fallback: optional domain to use if mydomain is not set and
# myhostname is not fully qualified. It is ignored if neither are true.
#
mydomain_fallback = localhost
myhostname = server.axismag.com
mailbox_transport = cyrus
enable_server_options = yes
luser_relay =
maps_rbl_domains = relays.ordb.org
message_size_limit = 0
mydestination = $myhostname,localhost.$mydomain,axismag.com,floridamusicfestival.com,destinationcyberspace.c$
smtpd_use_tls = no
smtpd_enforce_tls = no
smtpd_tls_loglevel = 0
smtpd_sasl_auth_enable = yes
smtpd_use_pw_server = yes
smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination,permit
smtpd_pw_server_security_options = plain,login
server_enabled = 1
relayhost =
smtpd_client_restrictions = reject_maps_rbl
always_bcc =
mynetworks = 127.0.0.0/8

Here is the master:

# DO NOT SHARE THE POSTFIX QUEUE BETWEEN MULTIPLE POSTFIX INSTANCES.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n – n – – smtpd
#smtps inet n – n – – smtpd
# -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes
#submission inet n – n – – smtpd
# -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes
#628 inet n – n – – qmqpd
pickup fifo n – n 60 1 pickup
cleanup unix n – n – 0 cleanup
qmgr fifo n – n 300 1 qmgr
#qmgr fifo n – n 300 1 nqmgr
#tlsmgr fifo – – n 300 1 tlsmgr
rewrite unix – – n – – trivial-rewrite
bounce unix – – n – 0 bounce
defer unix – – n – 0 bounce
flush unix n – n 1000? 0 flush
proxymap unix – – n – – proxymap
smtp unix – – n – – smtp
relay unix – – n – – smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n – n – – showq
error unix – – n – – error
local unix – n n – – local
virtual unix – n n – – virtual
lmtp unix – – n – – lmtp
#
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# maildrop. See the Postfix MAILDROP_README file for details.
#
maildrop unix – n n – – pipe
flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# The Cyrus deliver program has changed incompatibly, multiple times.
#
old-cyrus unix – n n – – pipe
flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
# Cyrus 2.1.5 (Amos Gouaux)
cyrus unix – n n – 10 pipe
user=cyrus argv=/usr/bin/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
uucp unix – n n – – pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender – $nexthop!rmail ($recipient)
ifmail unix – n n – – pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix – n n – – pipe
flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient

Please let me know if there is anything that looks quirky to you. Thanks -tim

[Anonymous]

i haven’t done extensive testing, but my experience has been that the Apple Admin GUI for mail *does* store its settings independent of the Postfix config files, and if you make changes to fields that are modifiable in the GUI, or strip out settings set by the GUI, they will be replaced / reincorporated into the file if you use the GUI afterwards. That being said, the GUI does not appear to modify any NON-Apple settings, so if you *add* to the config files, those additions will persist. that being said, on the few occasions i go into the Apple GUI, I *always* back up my config files first.
it’d be nice if the apple GUI provided a little more access to the postfix config options, though it’d be pretty tough to make a foolproof GUI, given the wide range of options in postfix. i’m also hoping one of these days apple will give us sieve as part of the cyrus install (as i’m loathe to try and compile it myself, especially since i don’t have a spare box to experiment on at the moment…)

[Anonymous]

As I said in my orignal message there is no /etc/krb5*. Panther apparently puts everything somewhere else that I can’t find. klist, kadmin.local all fail.

[Author]

Posts