Posts

How do I enable and disable Roundcube plugins?

This article covers how to enable and disable plugins, but does not cover how to configure any specific plugins.

IMPORTANT: A misconfigured plugin could cause roundcube to fail. Always backup before making changes.

To see a list of your available plugins

ls /usr/local/topicdesk/roundcube/WebApp/plugins/
Let’s be friendly and enable: emoticons

Plugins are enabled/disabled in the roundcube configuration file. We’ll use pico to edit the file.

sudo pico /usr/local/topicdesk/roundcube/WebApp/config/config.inc.php

Look for the plugin array, it will look something like this
$config['plugins'] = array('image_paster','html5_notifier','chbox','carddav','managesieve');

To enable show_additional_headers add it to the array, so it looks like this:
$config['plugins'] = array('image_paster','html5_notifier','chbox','carddav','managesieve','emoticons');

Logout and Login to Roundcube and now you have:

Roundcube WebMail Emoticons

To disable plugins

If a plugin causes roundcube to fail or you simply don’t need it – you remove the plugin from the array.

sudo pico /usr/local/topicdesk/roundcube/WebApp/config/config.inc.php

Why do postconf -n and postfix reload produce unexpected output on OS X Server 5?

If you’ve been a long-time OS X Server user, especially from the days prior to OS X Server 5, then you’ll find that commands that used to work fine, suddenly produce unexpected output.

For example:

postconf -n

may show you Postfix parameters which are completely different from what you would expect them to be.

While:

postfix reload

may show you errors that shouldn’t be there.

The reason for this is quickly found. In recent years, and especially so in OS X Server 5, Apple has been moving server related binaries to:

/Applications/Server.app/Contents/ServerRoot/

and server related configuration files to:

/Library/Server/
/Library/Server/Mail/Config/postfix/

Thus, when you call postconf -n you are actually using /usr/sbin/postconf -n and displaying the contents of /etc/postfix/main.cf instead of using /Applications/Server.app/Contents/ServerRoot/usr/sbin/postconf -n and displaying the contents of /Library/Server/Mail/Config/postfix/main.cf.

While it makes lots of sense and allows for unbundling OS X Server from the underlying OS (OS X Server 5 works on both, Yosemite and El Capitan) it is a transition which is still not complete and has its inconsistencies. Some commands (e.g. mailq) are still in their old locations due to compatibility issues with older software (sendmail in this case).

Tip: Use postqueue -p instead of mailq

Although it can drive you mad at times, overall, it is a welcome change made for good reasons.

That said, let’s see how we can make sure we use the correct binaries and configuration files.

As mentioned, binaries (applications) for Postfix are now to be found under /Applications/Server.app/Contents/ServerRoot/. So the first thing we need to do, is to use those binaries, instead of the ones under our main root /.

There are multiple ways of achieving this.

1. Use the full path to the binary:

Instead of simply typing:

postconf -n 

we would need to type:

/Applications/Server.app/Contents/ServerRoot/usr/sbin/postconf -n

Not exactly elegant, but it works.

2. Modify the PATH environment variable:

While this requires a little bit of work upfront, it will save you lots of time in the long run.

If you look inside /private/etc/paths.d/ you will find a file called com.apple.server. This in turn contains the following two paths:
/Applications/Server.app/Contents/ServerRoot/usr/bin
/Applications/Server.app/Contents/ServerRoot/usr/sbin

Unfortunately, paths added inside paths.d will be added to the end of $PATH. So if you issue for example postfix reload, you will still use /usr/sbin/postfix instead of /Applications/Server.app/Contents/ServerRoot/usr/sbin/postfix

Note: There are many ways of modifying the PATH environment variable. Choose the one you prefer or use the method outlined below.

In your users home directory (e.g. /Users/myadminaccount/) create a file called .profile.1

Inside it, add:

export PATH="Applications/Server.app/Contents/ServerRoot/usr/bin:/Applications/Server.app/Contents/ServerRoot/usr/sbin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/mysql/bin"

Note: If you already have other custom paths set up, you will need to adapt above instructions to reflect those paths as well.

Save the file, close and re-open your terminal window (or exit and re-connect via SSH) and you should be good to go.

If in doubt, issue:

which postfix

and it will show you which command is going to be used.

The steps outlined in this article are not only valid for Postfix, but pretty much for any server related binary that has been moved under /Applications/Server.app/Contents/ServerRoot/.


  1. If you are unsure about how to edit a configuration file, have a look at our tutorial on how to edit text files 

SpamAssassin Filter for New TLDs (.xyz .info .ninja etc)

Have you seen an increased spam from new TLDs (top level domains like these)?

.link, .xyz, .info, .ninja

This short tutorial demonstrates how to create a filter to add points for messages that are not from a list of preferred TLDs.

Important: This filter is not for everyone and you should adjust for best results considering your mail traffic and typical senders. You also should be familiar with editing plain text configuration files.1

Lets get started:

The local configuration for SpamAssassin is stored in this directory:

/Library/Server/Mail/Config/spamassassin

Within this directory, you can customize SpamAssassin with configuration files for filters, whitelists, blacklists, score overrides and more. These config files must end in .cf and are processed in alphabetical order. When the same setting is repeated, the last occurrence wins.

Your additions should load last, so we’ll call this new filter: z_tld.cf

Lets think about the goal.

We want to reduce spam, but still accept/deliver legitimate mail from these TLDs.
SpamAssassin runs hundreds of tests, and they all have a subtle effect on the final spam score.
We don’t want to be too heavy handed. For our example: we’re going to add 1.5 points to the final score.

Here’s our filter:

file: /Library/Server/Mail/Config/spamassassin/z_tld.cf

# add points if the From address is not a valid host in a listed TLD
header      LOCAL_FROM_TLD  From   !~ /@[a-z0-9\-\.]+\.(com|org|net|mil|edu)/i
describe    LOCAL_FROM_TLD         From address is not a valid host in a listed TLD
score       LOCAL_FROM_TLD  1.5

Lets break it down:

header:
This is the meat of the filter. We are searching the From header for mail not !~ matching the regex expression. The regex expression has two parts.

Part 1: /@[a-z0-9\-\.]+\. catches a legit hostname (mail.company) without the TLD (com, org, etc). spammer@spam!domain.com would be caught because ! is not allowed in a hostmame.

Part 2: (com|org|net|mil|edu) is the list of TLDs we do not penalize. Edit this list to include any TLD you typically receive mail from. Note: the filter ends in /i. A spamassassin expression begins with / ends with / and the i means case insensitive.

describe:
Description of the filter

score:
We are adding 1.5 points.
Remember, this is a negative match !~, so we add 1.5 points when the TLD is not com|org|net|mil|edu.

Shortcut

If you decide to implement this ‘as-is’, copy/paste the following in Terminal:

echo '# TLD Filter
# adds points if the From address is not a valid host in a listed TLD
header      LOCAL_FROM_TLD  From   !~ /@[a-z0-9\-\.]+\.(com|org|net|mil|edu)/i
describe    LOCAL_FROM_TLD         From address is not a valid host in a listed TLD
score       LOCAL_FROM_TLD  1.5' | sudo tee -a /Library/Server/Mail/Config/spamassassin/z_tld.cf

sudo launchctl stop org.amavis.amavisd
Test and Verify Results

Test your mail system, make sure you are able to send/receive.

Watch the amavis log located at /Library/Logs/Mail/amavis.log and you should see hits.

From your mail application, check for the x-spam-status header.

Check if syntax, typos or other errors in this filter have caused any errors:

sudo -u _amavisd -H spamassassin --lint -D 2>&1 | grep LOCAL_FROM_TLD

Reference

http://commons.oreilly.com/wiki/index.php/SpamAssassin/SpamAssassin_Rules

Document Version 1.0, 11.2.2016


  1. If you are unsure about how to edit a configuration file, have a look at our tutorial on how to edit text configuration files on OS X Server 

Setting Logging Levels for Mail Services on OS X Server 5

With OS X Server 5, Apple has further modified logging level and files for mail services. This setup is well thought out for occasional log peeking through Server.app, but can make it a bit cumbersome for troubleshooting since different log levels are written into separate log files, rather than a single one.

The most important logs for a mail server are:

/var/log/mail.log
/var/log/system.log
/Library/Logs/Mail/mail-info.log
/Library/Logs/Mail/mail-debug.log
/Library/Logs/Mail/amavis.log

These logs cover the SMTP, IMAP and SPAM Filter parts of mail services.

If you are curious, there are more logs here:

/Library/Logs/Mail/

When troubleshooting, most of the time we have to focus on SMTP and SPAM Filters. IMAP, which is provided by Dovecot, tends to give very few issues nowadays (while this wasn’t true in the pre 10.6 era where Cyrus was used).

So let’s focus on SMTP and SPAM Filters.

The SMTP logs are written into /var/log/mail.log while the SPAM Filter logs we usually need are written into /Library/Logs/Mail/amavis.log

The amount of information written into these logs depends on the logging level. The ones we care about are typically notice, info and debug

Most of the time you want your log levels to be at info. This gives you plenty of information for troubleshooting the most common issues. When running into real trouble, you might need even more detail which you get by setting the level to debug. Some object to keeping info on all the time as they claim that this generates lots of log entries and load on your server. Truth is, unless you are running mail services with hundreds of thousands of messages a day, this will never be an issue. Should you want to reduce the number of entries, you can set the log level to notice, but will have to compromise on the log detail you get.

Another factor is the time your log remains available before being rotated and archived or deleted. A good default setting is usually 1 day. However, most OS X Server mail servers aren’t so busy that you need to rotate daily, so setting it to 3-7 days gives you more detail to work with in the current log, rather than having to dig out archived logs. This is especially important if you suspect a breach and want to have a quick look at the past 48-72 hours.

Having said that, here is how to set what we discussed above:

sudo serveradmin settings mail:postfix:log_level = "info"
sudo serveradmin settings mail:postfix:spam_log_level = “info”
sudo serveradmin settings mail:imap:log_level = "info"
sudo serveradmin settings mail:postfix:log_rolling_days_enabled = yes 
sudo serveradmin settings mail:postfix:log_rolling_days = 3

To check your settings, you can for example issue:

sudo serveradmin settings mail:imap:log_level

Besides above log related commands, there are many more parameters that can be viewed or set via the command line. For an overview, issue:

sudo serveradmin settings mail

Be careful when unsure about changing a parameter and always make sure you have a working backup.

Another option is to merge SMTP and SPAM Filter information into one log. This of course comes down to personal preference. I like it, because I can follow the entire flow of an incoming or outgoing e-mail through SMTP and all connected filters, rather then having to peek into two separate log files.

To do so, edit1
/Library/Server/Mail/Config/amavisd/amavisd.conf

and make sure the necessary parameters are set as follows:

$log_level = 3;
$DO_SYSLOG = 1;              # log via syslogd (preferred)
$syslog_facility = 'mail';

From now on, all SPAM Filter log entries will be written into /var/log/mail.log rather than /Library/Logs/Mail/amavis.log for easy troubleshooting.


  1. If you are unsure about how to edit a configuration file, have a look at our tutorial on how to edit text configuration files on OS X Server 

How to Edit Text Configuration Files on OS X Server

Managing OS X Server, quite often requires one to manually edit text based configuration files. As do many of our tutorials and FAQs.

There are many ways of doing this. You can use a Terminal based editor or one with a fancy GUI. What is paramount though, is that you use a Plain Text Editor like TextWrangler, Textastic or BBEdit. Rich Text Editors like Microsoft Word or Pages can severely damage your configuration files. Keeping above in mind, the rest comes down to personal preference.

On OS X I prefer to either use PICO, a Terminal based editor or TextWrangler which has a simple but powerful GUI and good syntax highlighting.

On iOS, PICO – accessed through an SSH session with Prompt – or TextWrangler with its built in SFTP client are my tools of choice.

Whether I use a Terminal based editor or one with a GUI mainly depends on the task at hand. For quick edits of a few lines, PICO works well and is the fastest way to go. If I need to make lots of changes or need a good overview of the file I am editing, a GUI editor is way more comfortable.

Let’s have a quick look at how these work.

Assuming we want to modify Postfix’ main.cf, we would issue:

sudo pico /Library/Server/Mail/Config/postfix/main.cf

And be presented with a view like this:

Now we can use our cursor keys to move around, the backspace key to delete characters or simply type what we need. When we are done editing, we need to save and exit. The commands for this are at the bottom of the window.

In order to save and exit, we would hit CTRL-O (to write the file) and CTRL-X to exit PICO. Alternatively we can just hit CTRL-X and enter y when asked to save.

Have a good look at the available commands as there are more options like cutting text and page scrolling.

While it may need a bit of time to get adjusted to, mastering a Terminal based text editor can be a very useful item in your tool chest.

Using the GUI instead of Terminal

If you don’t like using Terminal, you can always use a Plain Text Editor like TextWrangler which would look something like this

and behave like any other GUI Plain Text Editor.
The choice is yours, just make sure you avoid Rich Text Editors like Microsoft Word or Pages. There are plenty to choose from, like TextWrangler, Textastic, BBEdit, SubEthaEdit, SublimeText and many more. The choice on iOS is equally large.

For this tutorial, let’s look at TextWrangler which is a powerful (yet free) plain text editor

TextWrangler allows you to navigate hidden directories (/etc /Library etc) and edit files even when they are owned by root.

IMPORTANT: Don’t use the App Store version
Due to app store rules, the version from the app store is not able to unlock/edit files.
Download the application directly from the publisher: http://www.barebones.com/products/textwrangler/

These steps walk you through editing a hidden/privileged (root) file. We’ll use /etc/php.ini as our example.

In TextWrangler, use the Open File by Name option in the File menu.
This allows you to simply paste the path/name: /etc/php.ini

OpenByName

Another way to open /etc/php.ini is with the more familiar Open Dialog from TextWrangler.
Be sure to choose the Show Hidden Files option.

open-dialog

ALWAYS backup a file before you make changes
Save a backup to your Desktop using the Save a Copy option from the File menu.
Because the file is owned by root, you’ll need to authenticate.

Screen Shot 2016-02-10 at 11.45.44 AM

We need to be careful editing this file, one out of place character could effect your system.
You did backup first, right ?

Let’s make a safe change.
In the php.ini file, comments start with a semi-colon.
Simply add a space at the end of one of the commented lines:

;;;;;;;;;;;;;;;;;;;
; About php.ini   ;  <<--- add a space at the end of this line
;;;;;;;;;;;;;;;;;;;

When you attempt to edit the file, you’ll be asked to authenticate again.
Once you authenticate, you can edit, then save the file.

That is all there is. Happy editing!