Sunday, 31 December 2017

Upgrade problem with mail server going from Mac OS Sierra to High Sierra

When Server upgrades itself after a Mac OS Sierra to High Sierra upgrade it can leave the mail server broken.  For example you  cannot send emails using command line utilities mailx etc.

The reason is that in /Library/Server/Mail/Config/postfix/ this line

pickup    fifo  n       -       n       60      1       pickup
  -o content_filter=smtp-amavis:[]:10024

references transport 'smtp-amavis' but this is not defined.

If the Mail server preferences pane is used to turn on antivirus filtering the required definition of smtp-amavis is added at the end of and the mail system functions properly.  It continues to work if the antivirus filtering is then turned off because the 'pickup' definition no longer references smtp-amavis.

Friday, 11 March 2016

IPv6 important for iOS device wifi synchronisation with iTunes

Lots of people have problems with their iPhones and iPads not syncing with iTunes over wifi.  One thing that can stop this working is if there is a problem with IPv6 between the iTunes server and the iOS device.

The iOS device will always have IPv6 enabled but it is possible e.g. on Mac OS X to disable it.

I recently came across this problem after restricting access to Mac OS X server to only 'private networks' at the top level.  This should not cause a problem but it seems to stop IPv6 working.  By allowing 'all networks' the problem was fixed.  It is possible to restrict access on a service by service basis.  This problem was discovered by someone else but I can't find the link now.

Wednesday, 11 June 2014

Tesco current account application does not allow short email user names

I speculatively started a Tesco current account application.

They ask for an email address, I used g@<some domain>.  A message appeared "Please enter a valid email address."  (Obviously <some domain> was replaced by a valid domain.)

I used ga@<some domain>. A message appeared "Please enter a valid email address."

I used gad@<some domain>.  This was accepted.

So they are saying the user name part of the email address must be at least 3 characters long.

The culprit I believe is this javascript in jquery.validate-min.js:

email: function(c, b) {
                return this.optional(b) || /^((([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+(\.([a-z]|\d|[!#\$%&'\*\+\-\/=\?\^_`{\|}~]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])+)*)|((\x22)((((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(([\x01-\x08\x0b\x0c\x0e-\x1f\x7f]|\x21|[\x23-\x5b]|[\x5d-\x7e]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(\\([\x01-\x09\x0b\x0c\x0d-\x7f]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF]))))*(((\x20|\x09)*(\x0d\x0a))?(\x20|\x09)+)?(\x22)))@((([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|\d|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))\.)+(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])|(([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])([a-z]|\d|-|\.|_|~|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])*([a-z]|[\u00A0-\uD7FF\uF900-\uFDCF\uFDF0-\uFFEF])))$/i.test(c)

RFC2822 defines the address syntax.

I can't find an email address to which this can be reported.  I could call their complaints number but wouldn't expect them to understand what I'm on about.

Friday, 13 September 2013

Mac OS X Lion slapd problem after changing certificate

After changing the self-signed certificate on Mac OS X Lion Server the slapd process would not start, the log revealed messages:

Sep 13 14:50:35 crab slapd[12125]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 24 2012 23:35:56) $
Sep 13 14:50:35 crab slapd[12125]: daemon: SLAP_SOCK_INIT: dtblsize=8192
Sep 13 14:50:35 crab slapd[12125]: main: TLS init def ctx failed: -1
Sep 13 14:50:35 crab slapd[12125]: slapd stopped.

Eventually after reading about slapd and running
/usr/libexec/slapd -d -1

I found this was because slapd was using the configuration in
instead of

the former overriding the latter.  Unfortunately it seems the "Server Admin" GUI does not update slapd.d!  I tried running
/usr/libexec/slapd -f /private/etc/openldap/slapd.conf -F /private/etc/openldap/slapd.d
as recommended, but this did not update the existing slapd.d files.

Finally I just moved slapd.d to slapd.d.sav and the slapd process then started successfully.

Saturday, 2 February 2013

Fun with Sophos UTM and Mac OS X Lion ldap

Scenario: Sophos UTM 9 gateway needs to authenticate unknown users against a Mac OS X Lion server running Open Directory.  How do we find the right strings to put in the Authentication Server configuration in UTM?

The UTM configuration is reached from the UTM webadmin page, on the lhs click on "Definitions & Users" then "Authentication Servers".

Click on "New Authentication Server...".

Set "Backend" to "LDAP".

I set "Position" to "Bottom".

Populate the "Server" field with the address of your Mac OS X server.

Now the "Bind DN" field will contain uid=diradmin,cn=users,dc=fruit,dc=local if your LDAP administrator is "diradmin" and your server is "fruit.local".  You need as many "dc=" parts as there are parts in the host name e.g. for you would need "dc=fruit,dc=tree,dc=com".

(I am a little concerned about using "diradmin" here perhaps another user can be created for binding?)

In the "Password" and "Repeat" fields enter the password for "diradmin" or whatever user you are using to bind. This explains how to reset the directory administrator password if you can't remember it.
[You can get to the Directory Utility by opening System Preferences then clicking on "Login Options" then "Edit" next to "Network Account Server.]

The "Base DN" will be what appears as "LDAP Search Base" under "Open Directory"->Overview in Server Admin.

Friday, 25 January 2013

xrdp access to SuSE Linux Enterprise Server 11 SP2

  1. Launch suse-sles-11-sp2-v1.00.i386 ami.
  2. Connect with ssh as root.
  3. Use yast to install xkeyboard-config and *gnome* packages. 
  4. Download the latest xrdp package from
  5. Compile and install it.
  6. Add /usr/local/lib/xrdp to /etc/
  7. Run "ldconfig -v". 
  8. For an en-gb keyboard mapping download km-0809.ini from this very useful blog post.
  9. Disable /etc/profile.d/ by running chmod +t /etc/profile.d/
  10. Start xrdp and xrdp-sesman with /etc/xrdp/ start 
  11. You should now be able to connect using RDP using sesman-Xvnc when you get the drop-down menu as long as you have the RDP port allowed through in your current security group.

Tuesday, 15 January 2013

FreeBSD 9.1 Sparc Ultra 5 X config

I needed to run X on an old Philips 150 S monitor that has a fixed 1024x768x60 resolution.

This is the /etc/X11/xorg.conf I ended up with:

Section "ServerLayout"
Identifier " Configured"
Screen 0 "Screen0" 0 0
InputDevice "Mouse0" "CorePointer"
InputDevice "Keyboard0" "CoreKeyboard"

Section "Files"
ModulePath "/usr/local/lib/xorg/modules"
FontPath "/usr/local/lib/X11/fonts/misc/"
FontPath "/usr/local/lib/X11/fonts/TTF/"
FontPath "/usr/local/lib/X11/fonts/OTF"
FontPath "/usr/local/lib/X11/fonts/Type1/"
FontPath "/usr/local/lib/X11/fonts/100dpi/"
FontPath "/usr/local/lib/X11/fonts/75dpi/"

Section "Module"
Load "extmod"
Load "record"
Load "dbe"
Load "dri"
Load "dri2"
Load "glx"

Section "InputDevice"
Identifier "Keyboard0"
Driver "kbd"

Section "InputDevice"
Identifier "Mouse0"
Driver "mouse"
Option "Protocol" "mousesystems"
Option "Device" "/dev/cuau3"

# rc.conf
# moused_enable="YES"
# moused_type="mousesystems"
# moused_port="/dev/cuau3"
#Section "InputDevice"
# Identifier "Mouse0"
# Driver "mouse"
# Option "Protocol" "auto"
# Option "Device" "/dev/sysmouse"

Section "Monitor"
Identifier "Monitor0"
VendorName "Monitor Vendor"
ModelName "Monitor Model"
HorizSync 35-50
VertRefresh 56-75

Section "Device"
### Available Driver options are:-
### Values: <i>: integer, <f>: float, <bool>: "True"/"False",
### <string>: "String", <freq>: "<f> Hz/kHz/MHz"
### [arg]: arg optional
#Option "probe_sparse" # [<bool>]
#Option "accel" # [<bool>]
#Option "crt_display" # [<bool>]
#Option "composite_sync" # [<bool>]
#Option "hw_cursor" # [<bool>]
#Option "force_pci_mode" # [<bool>]
#Option "dma_mode" # <str>
#Option "agp_mode" # <i>
#Option "agp_size" # <i>
#Option "local_textures" # [<bool>]
#Option "buffer_size" # <i>
#Option "mmio_cache" # [<bool>]
#Option "test_mmio_cache" # [<bool>]
#Option "panel_display" # [<bool>]
#Option "reference_clock" "28.636 MHz"
#Option "shadow_fb" # [<bool>]
#Option "sw_cursor" # [<bool>]
#Option "AccelMethod" # <str>
#Option "RenderAccel" # [<bool>]
Identifier "Card0"
Driver "mach64"
VendorName "Advanced Micro Devices [AMD] nee ATI"
BoardName "3D Rage I/II 215GT [Mach64 GT]"
BusID "PCI:1:2:0"

Section "Screen"
Identifier "Screen0"
Device "Card0"
Monitor "Monitor0"
DefaultDepth 8
SubSection "Display"
Viewport 0 0
Depth 8
Modes "1024x768"

Tuesday, 27 November 2012

Getting usable resolution in B2G

I downloaded the Mac OS X B2G (Boot to Gecko) client (see this) but the emulated device resolution was poor.

A quick way of getting better resolution is to start the client from the command line like this:

/Applications/ --screen=ipad \
-profile /Applications/

Wednesday, 24 October 2012

Date strangeness in Apple Mail on Mac OS X Lion

When importing messages from gmail to a folder on a local mail server  I noticed that Apple's Mail program was showing a whole bunch of older messages with the date 23/10/2007.  I looked at the text file for the earliest message and saw that the "Date" field was correct (16/05/2004) but that the latest "Received:" header was 23/10/2007.  (I was not surprised by this discrepancy because the mail had been moved in 2007 to gmail.)

In the standard view in Mail you can sort on "Date" but there is no way I have found of specifying what "Date" means.


  1. Go to Mail->Preferences->Viewing and tick the box "Use classic layout".
  2. The layout will change to classic where you can select the columns that are displayed.
  3. If "Date Sent" is not there, right click on one of the column headers and select "Date Sent".
  4. Click on the "Date Sent" header to order on that column.
  5. If you now go back to the new standard view by unticking "Use classic layout" the field is called "Date" again but is the date sent and the correct dates appear.

Let's hope that Apple don't get rid of classic layout!

Friday, 19 October 2012 in Mac OS X Lion Server

The code here has a problem but it so happens it has no effect on its operation.

It uses two databases, greylist.db and whitelist.db.

The intention seems to be that key/value pairs representing SMTP clients are initially stored in greylist.db then promoted to whitelist.db (that's the gist, anyway).  Due to a coding error in the open_whitelist_db subroutine %db_hash gets tied to whitelist.db when it has already been tied to greylist.db by a previous call to open_database, in smtpd_access_policy.

Since different keys were to be stored in the two databases anyway this does not affect the operation of the process, so having two databases was unnecessary.

I haven't check the code shipped with Mountain Lion (I can't upgrade this server to Mountain Lion as Apple have deemed its hardware to be too old).