[foilpan]

you’ve probably already migrated your server, but i recommend NOT upgrading from 10.3.x to 10.5.x server. too much has changed. you’d be better off doing a clean install.

also, be sure you get dns configured on the new server. without proper dns resolution — either provided by your 10.5 server or elsewhere — OD won’t work properly.

configure dns first on the new server and then move onto the rest of your services.

[foilpan]

in that file, it looks like what you’d need to change is the groupmembers key.

in mine, it looks like this after adding a user:

[code]
groupmembers

63578BFC-6F01-11D8-A84F-000A95AD0E0A

[/code]

that’s just the generated uid of the given user or group. you’d have to plug in the guid of the user/group you want, possibly with something like

[code]
dscl . -read /users/username GeneratedUID | awk ‘{print $2}’
[/code]

[foilpan]

interesting… neither of those situations (SAV nor duplicate mount names) applied to me earlier, but i still got the error.

i’ll try again at some point in a fresh build environment and report back.

[foilpan]

i just got the same error running the latest instadmg build on a fully loaded os x server 10.5.6. after the instadmg process finished and didn’t output a dmg, i forcefully unmounted any disk images it had mounted and re-ran it. it seemed to complete the second time.

the build includes an applications disc that came with the new macbook pros. that image didn’t seem to unmount properly.

[foilpan]

you can’t bind to a replica because it’s a read only copy of the master, so all binding and authentication should point to the master, which then in turn has a list of replicas. the clients should automatically know about all the available replicas once they’re bound.

[foilpan]

weird. is it getting confused there? the “._createUser.pkg” bit implies a resource file/folder that probably doesn’t exist.

try deleting that ._createUser.pkg and running the install again.

[foilpan]

ahh, qla server… can they make their licensing any crappier?

i’m looking to create a package for single license versions. sort of a generic pkg for installation wherever.

alternatively, do you know if it’s possible to serialize quark after running in trial mode? that’s my next option, as the package i have seems to work fine. it’s just not serialized.

[foilpan]

i hear you on that. unfortunately, we have a lot of clients who are either “all in” or need quark around for working on legacy jobs or clients. oh well…

[foilpan]

no love, eh? i’ll post any results of testing.

[foilpan]

i’ve done silent/network installs to multiple machines at once, but i’m not sure it will work for you in this situation. do your post flight scripts call the setup app with its full path?

you might also try using lanrev installease or the logGen/pkgGen approaches to packaging the apps. i’ve done it with both of those techniques, and the resulting packages have worked fine.

[foilpan]

i used the free lanrev installease app to generate a clean pkg for mass installs of site licensed cs3 premium with no real trouble so far.

to save time, i took an initial snapshot, installed the whole suite, serialized it, downloaded and installed the updates, and made the package. it took awhile, but installs now only take about 10 minutes or less as opposed to a couple of hours (at best).

lanrev seems to have problems with the packagemaker installed with the version 3.0 dev tools, so i used the older v2 under 10.4, and all was well.

[foilpan]

[QUOTE][u]Quote by: Steve+St-Laurent[/u][p]Thanks for the follow-up. I checked out the link . . . and it left me discouraged. OK, if a fire-and-forget SMTP is not nice and will get me into trouble, is there anything can be done about forged reply-to mail headers that would stop spammers from, in effect, using my stunned mailer daemon to NOT send along spam?

Is there a way to just kill incoming email for non-existent addresses? That would solve it too. I keep dreaming of a check box in the OS X Server mail configuration that would do just that but it doesn’t exist, does it? Honestly, that one feature would be worth the price of Leopard to me.

This is nuts. Getting dragged into back-scatter spam will cause problems with one group, but disabling the mailer daemon will get you into doodoo with another.

What’s happening: Spammers put a non-existent email address at my domain as the sender [reply-to] of a spam message. When it doesn’t get delivered — for whatever reason — it bounces back to my mail server. There the trusty mailer daemon tries to send it again. 🙄 [/p][/QUOTE]

+++

i recommend the book of postfix. it’s a great reference.

you can try adding some smtpd_recipient options to your postfix config.

reject_multi_recipient_bounce will reject messages to multiple addresses from the empty (<>) envelope sender.

reject_unverified_sender will attempt to verify the sender and reject messages if that fails.

chapters 8 and 9 should give you a good overview of filtering and mail restriction options. anyone who needs finer control over postfix will abandon the server admin tools and manage the configuration by hand. that’s just the way it is.

[foilpan]

[QUOTE][u]Quote by: Steve+St-Laurent[/u][p]Months later . . . perhaps I can rephrase the question.

Is there any way to disable MAILER-DAEMON? The forged reply-to email prompts the mailer daemon to try and send along spam. I know this is what is happening. Google “mailer daemon spam” and there’s lots of evidence of this happening, but no easy solution.

A fire-and-forget mail sender, while inconvenient, would be an improvement. In other words, I want mailer daemon to ignore all bouncebacks, returns to sender, etc. If you can’t deliver it on the first go, forget about it.

Is there a line in the Postfix config that would let me disable this useless daemon? Thx.[/p][/QUOTE]

you don’t want to do that. if you do, you may be blacklisted by these folks: http://rfc-ignorant.org/policy-dsn.php

the “book of postfix” (no starch press) advises treating the empty envelope sender as any valid recipient, letting message restrictions do the work.

unless i misread your problem…

[foilpan]

When it becomes unresponsive, can you ssh into the server?

Can you tell if the AFP service has spiked CPU usage?

A client of mine had a similar problem, and AFP seemed a likely culprit. I’m just waiting for it to happen again to see if there’s any weight to that theory. There was nothing really helpful in any logs right after the period of unresponsiveness and the subsequent reboot.

I even had Apple Enterprise support on the phone soon after, but they didn’t have much information for me.

Are all these affected Xserves dual 2.x Ghz models?

[foilpan]

A couple of my clients have the VXA2 1×10 firewire 800 autoloader and have had tons of problems since installation.

I just had one sent back after it wouldn’t even get past the post stage of booting. Great…

On a related note, does anyone know how to set the robot to SCSI control mode so BRU can actually control the thing? I’m tired of Retrospect’s unreliability and have used BRU with good results in trials. It just complains about this RMA unit’s not being in SCSI control mode since I unpacked the thing.

In the future, I’m avoiding Exabyte like the plague. 😥

[Author]

Posts