Alright first thing you have to understand put aside any notion of running mobile access server on any other server you may already have. Mobile access server is meant to run on a gateway server. A gateway server is a server that routes traffic to multiple destinations. Meaning its a stand alone server whose primary function is to keep your private data private.It translates public requests and serves up private content. You must run mobile access server on a separate server from the servers which contain your private data.

The second mental hurdle to get over is that yes, the gateway server or your mobile access server must be on the same subnet as the other private servers for which public requests will be relayed. The server has to have some sort of direct line of communication to the private server or servers in question. The next hurdle is DNS, yes DNS can be a huge headache but here are a few things to understand. The Public DNS that will be routed through the gateway server should point to the gateway server.

The gateway server in turn should be able to resolve all of those DNS names into private IP addresses meaning you must have internal DNS setup with the appropriate zones and records. I learned this the hard way, the Mobile Access service looks to internal DNS do not point to an external private DNS server for internal DNS it must be running on the same server as the Mobile Access service.

The last hurdle is this once DNS is setup and the service is started and you feel like you have configured everything correctly and when your so exhausted and you go to try your Mobile Access server settings and they do not work the first time, do not be surprised as I said this is a very 1.0 feature. Be prepared to check, and re-check your settings. Be prepared to start and stop DNS multiple times. Mobile Access server is a great service and works great once configured correctly.

I am now open to field questions you may have reagarding setup or ideas for further posts to explain in more detail. I hope this at least clears up some of the misconceptions that I had with the service for you ahead of time.

After many un-sucessfull attempts at using the search functionality (Spotlight), I decided to do some research on other methods for searching for files on the OSX platform. I came across the “locate” command for the Terminal.

I had never used this command before so I did some reading and I ran

1

sudo /usr/libexec/locate.updatedb

this ran the initial database rebuild which added many new entries into its database. I then ran

1

locate 'File Name here.txt'

and came up with a nice list of files on the users computer, however the problem was that all of the files we found were older revisions of the file that he had lost. I decided that the only way we were going to find his file was to use a much more aggressive approach.

I decided to use the “find” command, this works similar to the “locate” command but it searches the folder, directory or entire volume that you want. It allows you to be as specific or as vague as you want as well. For example

1

find / -name 'filename.txt'

will search the entire volume for a file with the name filename.txt. You can also search for wildcards as well

1

find . -name '*.txt'

which will generate a list of all of the text files on the computer. Notice I used a period here instead of a slash, these are where you can customize the location of the search.

So I let this run, the “find” command is considerably slower than the “locate” command because it does not use a database rather it searches live through the hard drive on the system that you are using. After about 20 minutes letting it scan the entire hard drive, every user account and every directory we came up with a few more results but again nothing that had his new content. I was really hoping that at this point he had accidentally deleted it or something.

I decided to ask him for a phrase located in the text file that could be used as a search term. To search for a phrase in a text document in the terminal run

1

find . -name '*.xlsx' -exec grep -li 'ethiopia' {} \;

this will find any reference to the word ethiopia located in a Excel file. I let this run and again slow but effective it revealed more results but nothing. I explained to the gentleman that I could try looking at the tape backups but it would take me some time. He asked me if I could do that.

It was a long walk back upstairs, I loaded the first tape into the drive and got ready. I began the search. Not 10 minutes later did I get a phone call back saying, that he had found the file on a thumb drive that he had. Go figure, turns out that no matter how many cool ways there are to search a hard drive none of them will index a thumb drive in someones pocket.

If you poke around the bind config files on your OS X Server, you’ll be able to see how apple has set them up so that you can edit them directly without confusing the GUI. /var/named contains zone files that you may edit, and they include corresponding files in /var/named/zones which you should not edit. They’ve done something similar for /etc/named.conf and the files in /etc/dns/.

Having said that, I recommend not doing both internal and external resolving for split-horizon DNS on your server, mainly because:

1. It’s kind of complicated, and you lose any convenience you had when you were able to use the GUI exclusively
2. You have NAT, which makes it even more complicated
3. There are solutions available from third parties that are better-performing, cheap/free, and more robust

In my organization, we use DNS in Mac OS X Server extensively for the internal part of a split-horizon setup. We use the “Advanced DNS” part of a network solutions account for the external part. It comes free with the domains we’ve purchased, and has redundancy and speed far greater than what I could justify for hosting a handful or externally-resolving names myself.

You need to reconfigure BIND to use “views” with two different versions of your zone file, such that access from inside your network gives the 192.168.1/24 (internal) addresses, but requests forwarded from outside (via your 2-Wire router) give out your static public IP.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

acl internal {
    127.0.0.0/8;
    192.168.1.0/24;
};
 
view "internal" {
    match-clients { internal; };
    zone "mydomain.com" {
        type master;
        file "/etc/bind/internal/db.mydomain.com";
     };
};
 
view "external" {
    match-clients { any; };
    zone "mydomain.com" {
        type master;
        file "/etc/bind/external/db.mydomain.com";
    };
};

For more information check this out it is a How To with more detailed instructions for Split Horizon DNS configuration.

To start with you must enable Sieve on your server to do this, start Server Admin, Mail > Settings > Advanced: Tick “PLAIN” on IMAP/POP and save it. Mail > Settings > Filters: Tick “Enable Server Side mail rules”, save it and restart the mail service. once your done here you will be able to use the built in web based interface for handling server side rules. However you can also install your own!

SquirrelMail is the default webmailer in SLS. You can use the plugin avelsieve to manage server side mail rules. Download avelsieve (I recommend version 1.9.9) and unpack in directory /usr/share/squirrelmail/plugins (so that directory avelsieve is within the plugins dir). Note that you also need to download javascript_libs plugin, if you use a recent version (>=1.9.8) of avelsieve. If you need the javascript_libs plugin, also unpack it in squirrelmail’s plugins dir. Then edit the file plugins/avelsieve/config/config.php (copy config_sample.php to config.php if not exisiting).

Change the authentication mechanism to

$sieve_preferred_sasl_mech = 'PLAIN';

Edit file /usr/share/squirrelmail/config/config.php and register the plugin(s)

$plugins[0] = 'avelsieve'; $plugins[1] = 'javascript_libs'; //

only if using a newer version of avelsieve. See avelsieve page Access the Webmailer (http://<SLS_server_name>/webmail/ and check the filter connection.

SquirrelMail is the default webmailer in SLS. You can use the plugin avelsieve to manage server side mail rules. Download avelsieve (I recommend version 1.9.9) and unpack in directory /usr/share/squirrelmail/plugins (so that directory avelsieve is within the plugins dir).Note that you also need to download javascript_libs plugin, if you use a recent version (>=1.9.8) of avelsieve.If you need the javascript_libs plugin, also unpack it in squirrelmail’s plugins dir.

Then edit the file plugins/avelsieve/config/config.php (copy config_sample.php to config.php if not exisiting).Change the authentication mechanism to

$sieve_preferred_sasl_mech = 'PLAIN';

Edit file /usr/share/squirrelmail/config/config.php and register the

plugin(s):$plugins[0] = 'avelsieve';$plugins[1] = 'javascript_libs'; //

only if using a newer version of avelsieve. See avelsieve page Access the Webmailer (http://<SLS_server_name>/webmail/ and check the filter connection.

Roundcube: Sorrily Apple decided to use the old-fashioned, ugly SquirrelMail webmailer and not RoundCube. RoundCube is much nicer and also the “managesieve” plugin available for it is much better than avelsieve in SquirrelMail. Luckily you can install RoundCube on your SLS without harming the default installation.

Enable managesieve plugin ManageSieve plugin comes with RoundCube. To enable it, edit file roundcube/config/main.inc.php:

$rcmail_config['plugins'] = array('managesieve');

Then edit file plugins/managesieve/lib/Net/Sieve.php comment line

var $supportedAuthMethods=.... (comment with //)

uncomment line

var $supportedAuthMethods=array( 'PLAIN' , 'Login' );

Set timezone:

date.timezone = Europe/Berlin

Now test roundcube by accessing http:///roundcube/ Login as a user you like to change server side rules for. Click on “Settings” in the upper right corner, then on Filter. If you see the page and no error occurs, you are successfully connected to the sieve backend of IMAP! You now can create your rules.

The good thing is, that every rule managing application (Apple web rule management, SquirrelMail, RoundCube) you use, store its own file. So one app is not overwriting the others config file. This is of importance if you enable the apple built-in crippled rule management and store the rules, there. This creates an own file “wiki_server_rules.sieve” in your sieve script dir and enables it by the link dovecot.sieve -> wiki_server_rules.sieve

setup the 10.6.2 Snow Leopard server clean before I did anything I setup DNS on the server and manually retyped and rechecked all of the DNS records from the 10.5 server to the 10.6.2 server. Once I verified that the DNS records were set. I checked the server’s DNS by running sudo changeip -checkhostname and it came back clean. Great good to go, or so I thought.

I had setup split horizon DNS on the server, the Open Directory Master, has already been setup on a single use Mac Mini Server. The Mac Mini Server is running the ODM and DNS. The DNS on the Mini is self referencing and my router has the public ip mapped to the private. The new Mail server (10.6.2) also running DNS had a record pointing to the public ip of the ODM. Great, next step bind the mail server to the ODM so that I can start to migrate mail accounts.I was working on this project around 10:00pm in the evening not knowing how long that it would take to migrate the accounts from Cyrus to Dovecot, but I had studied the Apple upgrade instructions for weeks prior so I felt like I had it totally under control. I followed the instructions and used the code from page 42 of the manual.

sudo /usr/libexec/dovecot/migrate_mail_data.pl --moveMail 0 --cyrusBin "/Volumes/10.5 Server Volume Name/usr/bin/cyrus/bin" --database "/Volumes/10.5 Server Volume Name/var/imap" --sourceSpool "/Volumes/10.5 Server Volume Name/var/spool/imap" --targetSpool "/var/spool/imap/dovecot/mail"

The script will tell you if your doing something wrong, which is helpful. My biggest question was how long would it take to migrate 30GB of mail to the new mail server. The answer, exactly two hours. I had decided that instead of using a firewire cable to connect the two servers together that I would simply pop the HD out of the old mail server and put it into the new server. This made a huge difference in the time of migration.

Once it finished I turned on mail, and everything started working fine. Great! I cleaned up my tools and logged out of the server and went home around 2am. The next few days were pure hell. As mentioned above I decided to use split horizon DNS. It was my first attempt at doing this and what I had noticed in the logs were a myriad of disconnect warnings every 5 min the mail server was getting disconnected from the ODM and then reconnecting causing some major issues.

The log files were filling up so fast that they were causing kernel panics, I had to reboot the server many times once every couple of hours, I decided to call Apple. The Apple representative captured my logs, and promptly told me that I would have to reformat the hard drive and completely start over. I told him that this was a clean install and that no way would I be starting over. He offered no other solution or advice other than telling me that it was not normal for a new server to have kernel panics this early in the game.

I decided to check my DNS turns out that the route statement in the router, was not properly entered. It was getting to the server but it was unable to retain a connection. I re-entered the route statement correctly and then rebooted the router. Almost immediately the issues stopped. Apple has come a long way in their migration capabilities if your ever having issues with your 10.6.2 mail service DNS is almost always the culprit!