Apple Leopard Server: Two Weeks Later

May 28th, 2008

So, it’s been installed and running for two weeks. I think I made it pretty clear in the first review that it’s good but not perfect, nothing is and over the past 14 days I’ve had a chance to really dig in and learn new things and fix some problems.

If you have been following my twitter updates you may have noticed some, shall we say, frustrations, with the VPN server that come with Leopard server. Me, being lazy, setup a simple PPTP VPN for my use that I use to connect back home when I’m on the road or looking to secure my traffic from whatever random wireless I’m connected to. This is what I used to do on Windows Server 2003 and 2008 so I thought.. why change now. The PPTP server built into Leopard server wasn’t nearly as reliable as I needed it to be and I’m not sure why. Depending on where I am the PPTP server will stay connected for 3 days or, more furstratiingly, 3 seconds. Now that I’ve had a few weeks to do some testing it seems like the PPTP server works great everywhere except one of my offices. In it’s defense though other PPTP servers that I also use frequently have recently stopped work from that office as well. I’m thinking the issue is a larger one and I’m not going to count this against Apple. For my day job I host a PPTP server on Server 2003 and I have been able to connect to it and use it for days at a time.. up until about two weeks ago. Nothing has changed on the server side, I would know, it’s just not working but only from this one office. I have had a constant 20 something day connection to that same VPN server from my house. The network at this one office though is out of my control and has always been troublesome. Ok, fine, not Apple’s fault but it’s still the servers problem to sort out. Not having that VPN from that office is not an option.

Luckily, Leopard server offers a simple to setup LT2P VPN server as well. I checked the box to enable it and put in a ‘secret code’ and voila, dead solid L2TP VPN access. I’ve been using it all day from the problem office and have had low ping times and no dropped packets, at all. Problem solved and I’m happy though it does leave me with some questions as to why LT2P is working so great and PPTP is working so poorly.

Second issue was with Spam Filtering. As I’ve discussed Leopard server comes with SpamAssassin to filter incoming messages to figure out if they are spam or legitimate. That’s great but regardless of what you do using the ‘Server Admin’ tools it will only scan primary domain. This means that if you are hosting more then one email domain only one is getting scanned. For instance, I recieve email to that server for topslakr.com but I also have other domains that I receive email for. All those other domains were not being scanned by SpamAssassin. On the plus side RBL scanning does work for all domains. There is a simple but cumberome for this that involves editing files with elevated permissions. Here is what I did:

From the Terminal:
sudo /Applications/TextEdit.app/Contents/MacOS/TextEdit /etc/amavisd.conf

This launches ‘TextEdit’ with elevated privledges to access and edit the amavisd.conf file. This file is the config for how Leopard Server scan email. It will ask for a password, enter your stand administrator password. TextEdit opens ready for you to edit the file.

Look for:
@local_domains_maps = ( [“.$mydomain”] ); # list of all local domains

When you find it you need to edit it to replace the text between the ( and the ) to say 1 instead of the text that is there. I’m gun shy though so I commented out that line and added a new one incase I needed to go back. My now looks like this:

#@local_domains_maps = ( [“.$mydomain”] ); # list of all local domains
@local_domains_maps = ( 1 ); # list of all local domains

All of the rest of the information in the file stays the same, just that one small addition. It basically tells the server to scan email from all domains. From here you do a normal save and then, to keep things simple, reboot. You can just restart the one process for which that file affects but I can reboot in less time then I would need to type in the command…

Now, SpamAssassin is very effective. It’s already catching 99% of all my spam. I may see one message a day in my inbox which the Leopard Mail client is catching. Editing those files isn’t a bad thing in my book. Unix/Linux are built on files like that and you will find lots of comment text in them explaining what many of the parameters mean, they are designed to be edited by the average sysadmin. If you are geeky enough to be hosting multiple domains you probably aren’t afraid of those files. Truth be told, the fact that Apple leaves them on the system editable and fully commented is great in my book. It’s a hell of a lot easier then having to add in a cryptic registry key in Windows to make a similar change. Most of my configuration on my Linux servers is done the same way.

The server is still running very fast. All of the Time Machine backups are running perfectly and I’ve had no crashes or performance problems and, with the exception of what I have mentioned here, no configuration or use problems either. Webmail, though minimal, does load and function about 3 times as fast as Zimbra did with well less then 1/10th the load on the server. Everything is a trade off.

I’ll post again as needed.

Topslakr

Trackback URI | Comments RSS

Leave a Reply