Ahmad’s Muse

Posted by ahmadster at July 30th, 2006

From July 25th to July 27th I was at the Stanford Summit AlwaysOn conference in Palo Alto, CA. Man was that really cool.

I met some fancy shmancy folks, some were very interesting. I met one of the original iTunes developers, the CEO of MySQL, the CEO of Novell, the CEO of Mozilla, Bruce Perens, etc… So many people.

One particularly interesting person is Irving Wladawsky-Berger. This dude is very down to earth, Greg (sitting next to Ray here) was telling me that Irving is credited with inventing the WWW or something to that effect. It was so much fun, the whole thing was a blur. I’ll post more about it as it comes back to me

Posted by ahmadster at July 30th, 2006

Postfix will complain about not having SASL and TLS support compiled in, so I got the latest cyrus sasl from ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/. Cyrus does not check SQL passwords that are stored using crypt or other methods. To enable that, I modified a small patch I found online. The only modification is I changed -lcrypt to -lcrypto, and it worked

patch -p0 < cyrus-sasl-2.1.19-checkpw.c.patch
./configure --disable-anon --disable-ntlm --enable-sql --with-pgsql=/usr/local/pgsql --disable-java --enable-macos-framework
make
make install

There is one small bug I ran into, not sure why its not fixed. But, compiling complained about a redifinition of global_callbacks. So I edited lib/client.c around line 61, removed “static”. And edited lib/server.c, added extern to the definition of global_callbacks. That did it.

Now, back to Postfix, rebuild with the following configure command

make tidy
make -f Makefile.init makefiles 'CCARGS=-DHAS_PGSQL -I /usr/local/pgsql/include -DUSE_SASL_AUTH -I/usr/local/include/sasl -DUSE_TLS' 'AUXLIBS=-L/usr/local/pgsql/lib -L/usr/local/lib -lpq -lsasl2 -lssl -lcrypto'
make
make install

Next, I moved /usr/lib/sasl2 to /usr/lib/sasl2.old for backup. Then I symlinked /usr/local/lib/sasl2 to /usr/lib/sasl2. Switcharoo!
Now, this is fun, for you this is different, but since I have a virtual domain setup for my mail, here is my /usr/local/lib/sasl2/smtpd.conf

pwcheck_method: auxprop
mech_list: plain login cram-md5 digest-md5
auxprop_plugin: sql
password_format: crypt
sql_engine: pgsql
sql_hostnames: localhost
sql_user: my_db_username
sql_passwd: my_db_password
sql_database: my_mail_db
sql_select: select password from mailusers where username = '%u' and domain = '%r'


Here is what I added to /etc/postfix/main.cf to enable sasl, remember, I’m using the modified main.cf file that came with OSX.

smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/ssl/postfix/server.pem
smtpd_tls_cert_file = /etc/ssl/certs/dovecot.pem
smtpd_tls_key_file = /etc/ssl/private/dovecot.pem
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom


This all didn’t work very well, I kept getting somethnig in the log like “cannot load Certificate Authority data”. So I knew the problem was in the smtpd_tls_CAfile area. I just went and get the server.pem file for a working gentoo box and it worked

Posted by ahmadster at July 30th, 2006

As expected, the default Postfix that comes with OSX is not compiled with PostgreSQL support. I’m not sure if it did have TLS support though, anyway a quick run of otool like this

otool -L /usr/libexec/postfix/master

should show all the libraries the postfix master daemon is linked against. I already replaced mine so check it out in your machine.
Which brings us to the bad news. I intended to put everything in /usr/local/postfix. But I forgot to set the prefix and I replaced the apple provided postfix
The good news is that it almost didn’t matter at all. Everything installed exactly where it should by default. And OSX is almost totally happy. I say almost because there has been a small wrinkle, I’ll explain later on.
Down to Business
Download the postfix source and untar (I got 2.2.10). All README files are in a big dir together, what I really cared about is PostgreSQL and TLS support, so here is how I got it to compile

make tidy
make -f Makefile.init makefiles 'CCARGS=-DHAS_PGSQL -I /usr/local/pgsql/include' 'AUXLIBS=-L/usr/local/pgsql/lib -lpq -lssl -lcrypto'
make

That should take care of compiling. Now install

make install

You will be asked a bunch of questions, mostly about the dir locations of stuff. The first one is the most important one. It’s the one I screwed up on. I accepted the default, which installed everything on /. You should probably use /usr/local/postfix or something like that.
Anyway, everything looks fine except for …
The Wrinkle: It Won’t Run!
You will get a bunch of failures in the console about some session permission denied. Postfix from Apple uses launchd, if you look at

/System/Library/LaunchDaemons/org.postfix.master.plist

You will find that it runs the master directly. The postfix folks have taken it upon themselves to officially not like that. I kept reading about how Apple is to blame etc…
Well that don’t do me no good now, does it?
It turns out in the Postfix source code there is a SystemStarted script in the auxiliary/MacOSX dir. Copy it over to /Library/StarterItems and you are ready. Edit /etc/hostconfig and add

POSTFIX=-YES-

Now here is how you start it up

sudo SystemStarted start SMTP

We used SMTP because that’s what the StarterItem provides. Look at StartupParameters.plist. Now make sure the launchd method isn’t used anymore,

cd /System/Library/LaunchDaemons/
sudo launchctl stop org.postfix.master
sudo launchctl unload org.postfix.master.plist
sudo mv org.postfix.master.plist org.postfix.master.plist.disabled

Posted by ahmadster at July 30th, 2006

You can never have enough bandwidth. With MPlayer, I don’t waste time watching streams realtime. Learning from the Tivo experience, it’s better to just save the stream to a file and watch it that way.

Here is a little file named stream2file I keep in /usr/local/bin.

#!/bin/bash mplayer -noframedrop -dumpfile "$2" -dumpstream "$1"

Very simple, it takes a stream and a file name.

# stream2file http://www.snobby.stream.com/junk junk.rm

Enjoy

Posted by ahmadster at July 30th, 2006

So I had a client that wanted EAS installed on their FC machine. The first thing I do when I need to SSH (and SCP) to a machine alot is to paste my public SSH key into the .ssh/authorized_keys file.

The copy and paste didn’t go as planned (nano without -w is the default on FC sadly). So when I tried to SSH back in it gave me “Connection Refused”. Not even asking for a password or anything. Just not letting me connect at all.

A little digging (man ssh), and I found that you can force SSH to use the SSH 1 protocol. I guessed the SSH-key-auto-login thing was so neat it couldn’t have been something someone thought of in the first version of the protocol. So I tried it

# ahmad@x1000 ~ $ ssh -1 ahmad@client.easisserver.com
ahmad@client.easisserver.com's password:
Last login: Fri Jun 10 07:02:04 2005 from x1000.bitbuilder.com
[ahmad@client ~]#

And it worked !