Re: Running a mail server via MacPorts on macOS Monterey

2022-03-07 Thread Gerben Wierda via macports-users 
I don’t, I did not find a way to do OD authentication from dovecot (and postfix 
relies on dovecot). I’d like to do that, though there is a disadvantage too in 
my case (solvable).

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 7 Mar 2022, at 14:33, Ben Greenfield via macports-users 
>  wrote:
> 
> Thanks for this outline. This has been on my todo list for a couple of years
> 
> I imagine you are using the host system’s Open Directory directory for 
> authentication.
> 
> Thanks,
> 
> Ben
> 
> 
> 
>> On Mar 4, 2022, at 7:12 PM, Steve Wardle via macports-users 
>> > > wrote:
>> 
>> I initially replied to Gerben off list but I am running my mail server on 
>> macOS 12.2.1.
>> 
>> Using macports packages for:
>>  postfix +dovecot_sasl +ldap +pcre +smtputf8 +tls
>>  amavisd-new
>>  clamav
>>  dovecot
>>  libmilter
>>  unbound +libevent
>>  certbot
>> 
>> Installing / building from source:
>>  opendkim
>>  opendmarc
>>  policyd-spf
>>  postfwd
>>  postwhite
>>  sshguard
>> 
>> Steve
>> 
>>> On 3 Mar 2022, at 13:38, Gerben Wierda via macports-users 
>>> >> > wrote:
>>> 
>>> Apart from Steven Smith, are there other users here that run a mail server 
>>> setup via MacPorts? And is already someone else running on Monterey?
>>> 
>>> I am and I’d like to link up to compare the situations, issues, etc. 
>>> 
>>> Gerben Wierda (LinkedIn )
>>> R IT Strategy  (main site)
>>> Book: Chess and the Art of Enterprise Architecture 
>>> 
>>> Book: Mastering ArchiMate 
>>> 
>> 
>

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-07 Thread Ben Greenfield via macports-users 
Thanks for this outline. This has been on my todo list for a couple of years

I imagine you are using the host system’s Open Directory directory for 
authentication.

Thanks,

Ben



> On Mar 4, 2022, at 7:12 PM, Steve Wardle via macports-users 
>  wrote:
> 
> I initially replied to Gerben off list but I am running my mail server on 
> macOS 12.2.1.
> 
> Using macports packages for:
>   postfix +dovecot_sasl +ldap +pcre +smtputf8 +tls
>   amavisd-new
>   clamav
>   dovecot
>   libmilter
>   unbound +libevent
>   certbot
> 
> Installing / building from source:
>   opendkim
>   opendmarc
>   policyd-spf
>   postfwd
>   postwhite
>   sshguard
> 
> Steve
> 
>> On 3 Mar 2022, at 13:38, Gerben Wierda via macports-users 
>> > > wrote:
>> 
>> Apart from Steven Smith, are there other users here that run a mail server 
>> setup via MacPorts? And is already someone else running on Monterey?
>> 
>> I am and I’d like to link up to compare the situations, issues, etc. 
>> 
>> Gerben Wierda (LinkedIn )
>> R IT Strategy  (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> 
>> Book: Mastering ArchiMate 
>> 
>

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-07 Thread Steven Smith 
As a counterpoint, macOS is configurable with all the BSD flags you need to 
configure a performant server. Just add these options to /etc/sysctl.conf, 
which although does not exist in macOS 12, can easily be edited and works 
across reboots.

I just did this myself for a native VPN server using net.inet.ip.forwarding, 
net.inet6.ip6.forwarding, and kern.ipc.somaxconn.

The mail server tools used in the old macOS Server.app really have been 
(greatly) surpassed by current alternatives, e.g. rspamd instead of 
spamassassin, and Apache Solar searches versus whatever the old slow dovecot 
search plugin was. I used to run a mail server on Server.app, and the mail 
server configure in the port mail-server is MUCH more performant and nicer.

Furthermore, macOS has migrated to much better kernel-level security tools like 
pfctl that more than offset the pain of migration to a macOS-specific 
environment.

All-in-all, the mail and other servers I’ve observed running on macOS have all 
been rock solid, at the expense of the necessity of adapting from cookie-cutter 
Linux or BSD options, but with the simplified workflow of not needing to 
maintain another VPS somewhere.


> On Mar 5, 2022, at 8:56 AM, Ralph Seichter via macports-users 
>  wrote:
> 
> While MacPorts provides the necessary ports for running a mail server on
> macOS, I'd suggest an alternative approach if you are dead set on using
> a Mac as the server machine. As mentioned here before, Apple is not
> making it easy to use regular macOS for server use, and this seems to be
> a deliberate decision on their end.



smime.p7s
Description: S/MIME cryptographic signature

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-05 Thread Gerben Wierda via macports-users 
Yes, I have considered VMs. Or move to containers. But as long as I can prevent 
having more than one OS to keep in control, I will do so.

The big issue for me apart from minimising what I need to be in carol of is 
that I need this to survive a reboot completely (e.g. if I’m away for 3 weeks 
and something happens, I must be certain it all runs again without my 
intervention). I even created a setup to do the docker stuff (start a virtual 
box docker machine at boot without any need to be logged in). See Gerben Wierda 
/ macOS-manage-docker-machines 
 on GitLab.

But what I never got around to my time is limited) is making sure the docker 
stuff (or docker machines) were routed. And as long as my setup kept working 
there was not enough need.

Gerben Wierda (LinkedIn )
R IT Strategy  (main site)
Book: Chess and the Art of Enterprise Architecture 
Book: Mastering ArchiMate 

> On 5 Mar 2022, at 14:56, Ralph Seichter via macports-users 
>  wrote:
> 
> * Gerben Wierda via macports-users:
> 
>> Apart from Steven Smith, are there other users here that run a mail
>> server setup via MacPorts? And is already someone else running on
>> Monterey?
> 
> While MacPorts provides the necessary ports for running a mail server on
> macOS, I'd suggest an alternative approach if you are dead set on using
> a Mac as the server machine. As mentioned here before, Apple is not
> making it easy to use regular macOS for server use, and this seems to be
> a deliberate decision on their end.
> 
> Have you considered running the mail server components in virtual
> machines (e.g. VirtualBox) or, even better, as a Docker/Containerd
> service stack? This method isolates Postfix, Dovecot et al from the
> underlying macOS, and the service Docker images can use Ubuntu, Debian,
> or whichever Linux you fancy.
> 
> I have introduced a Docker-based service infrastructure for a major mail
> service provider in Germany, catering for hundreds of thousands of users
> and millions of emails per day. While the production hardware is of
> course beefy, I develop and run the very same Docker images on my
> MacBook Pro.
> 
> -Ralph

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-05 Thread Ralph Seichter via macports-users 
* Gerben Wierda via macports-users:

> Apart from Steven Smith, are there other users here that run a mail
> server setup via MacPorts? And is already someone else running on
> Monterey?

While MacPorts provides the necessary ports for running a mail server on
macOS, I'd suggest an alternative approach if you are dead set on using
a Mac as the server machine. As mentioned here before, Apple is not
making it easy to use regular macOS for server use, and this seems to be
a deliberate decision on their end.

Have you considered running the mail server components in virtual
machines (e.g. VirtualBox) or, even better, as a Docker/Containerd
service stack? This method isolates Postfix, Dovecot et al from the
underlying macOS, and the service Docker images can use Ubuntu, Debian,
or whichever Linux you fancy.

I have introduced a Docker-based service infrastructure for a major mail
service provider in Germany, catering for hundreds of thousands of users
and millions of emails per day. While the production hardware is of
course beefy, I develop and run the very same Docker images on my
MacBook Pro.

-Ralph

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-05 Thread Steve Wardle via macports-users 
Oops - forgot to CC the list again.

Hi Marius,

If I remember correctly I was using a development version for a while - it may 
have been when macOS moved to unified logging.

In /usr/local/sshguard.conf I use:

LOGREADER="/usr/bin/log stream --style syslog --info --type log --predicate 
'processImagePath == \"/usr/sbin/sshd\" or processImagePath contains 
\"dovecot\" or processImagePath contains \"postfix/smtpd\”'"

I know I can log to a file with postfix and dovecot but I like to have postfix, 
opendkim, opendmarc,  pypolicyd-spf and amavis logs in a single file so use 
unified logging. I capture the log info every 10 minutes and write it to a 
mail.log file.

I also keep a sshguard blacklist and use a Murus table as the backend.

Murus is also the backend for fail2ban which I use to monitor http access.

The MacPorts version doesn’t offer the same flexibility.

Steve

> On 5 Mar 2022, at 01:40, Marius Schamschula  > wrote:
> 
> Steve,
> 
> I curious, why you are building sshguard from source, rather than using the 
> MacPorts port.
> 
> Marius
> --
> Marius Schamschula
>

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-04 Thread Marius Schamschula 
Steve,

I curious, why you are building sshguard from source, rather than using the 
MacPorts port.

Marius
--
Marius Schamschula




> On Mar 4, 2022, at 6:12 PM, Steve Wardle via macports-users 
>  wrote:
> 
> I initially replied to Gerben off list but I am running my mail server on 
> macOS 12.2.1.
> 
> Using macports packages for:
>   postfix +dovecot_sasl +ldap +pcre +smtputf8 +tls
>   amavisd-new
>   clamav
>   dovecot
>   libmilter
>   unbound +libevent
>   certbot
> 
> Installing / building from source:
>   opendkim
>   opendmarc
>   policyd-spf
>   postfwd
>   postwhite
>   sshguard
> 
> Steve
> 
>> On 3 Mar 2022, at 13:38, Gerben Wierda via macports-users 
>> > > wrote:
>> 
>> Apart from Steven Smith, are there other users here that run a mail server 
>> setup via MacPorts? And is already someone else running on Monterey?
>> 
>> I am and I’d like to link up to compare the situations, issues, etc. 
>> 
>> Gerben Wierda (LinkedIn )
>> R IT Strategy  (main site)
>> Book: Chess and the Art of Enterprise Architecture 
>> 
>> Book: Mastering ArchiMate 
>> 
>

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-04 Thread Steve Wardle via macports-users 
I initially replied to Gerben off list but I am running my mail server on macOS 
12.2.1.

Using macports packages for:
postfix +dovecot_sasl +ldap +pcre +smtputf8 +tls
amavisd-new
clamav
dovecot
libmilter
unbound +libevent
certbot

Installing / building from source:
opendkim
opendmarc
policyd-spf
postfwd
postwhite
sshguard

Steve

> On 3 Mar 2022, at 13:38, Gerben Wierda via macports-users 
>  wrote:
> 
> Apart from Steven Smith, are there other users here that run a mail server 
> setup via MacPorts? And is already someone else running on Monterey?
> 
> I am and I’d like to link up to compare the situations, issues, etc. 
> 
> Gerben Wierda (LinkedIn )
> R IT Strategy  (main site)
> Book: Chess and the Art of Enterprise Architecture 
> 
> Book: Mastering ArchiMate 
>

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-04 Thread Marius Schamschula 
After running a full server using Debian Linux, then mkLinux, I ran core MacOS 
X as a server (with bits and pieces manually built).

The Apple made MacOS X Server available, but after version 10.6.x stated 
dumbing it down to the point where I gave up on it.

I used MacPorts for the web server functionality, but never for a mail server.

I’ve been running both my home server and work web server (before being moved 
to a virtual machine, it ran on an 2009 Mac Pro - I still use that machine for 
testing) under FreeBSD for many years.

I like the stability, zfs, and FreeBSD ports (although doing everything with 
Makefiles is not my thing). Both only run mail to forward system messages to me.

Marius
--
Marius Schamschula




> On Mar 4, 2022, at 4:12 PM, Bill Cole 
>  wrote:
> 
> On 2022-03-03 at 08:38:47 UTC-0500 (Thu, 3 Mar 2022 14:38:47 +0100)
> Gerben Wierda via macports-users 
> is rumored to have said:
> 
>> Apart from Steven Smith, are there other users here that run a mail server 
>> setup via MacPorts? And is already someone else running on Monterey?
> 
> I have run a personal/family mail/web/dns server whose componentry* is almost 
> all built by MacPorts since ~2006. Current platform is El Capitan, because 
> Apple has made macOS increasingly hostile to server use. When running ElCap 
> becomes too much of a hassle (or when that machine dies,) I expect that I 
> will finally move its functionality to a FreeBSD machine.
> 
> Catalina and later simply are not fit for server duty. The deliberate 
> breaking of standard logging, broad locking of the system, and breakage in 
> the legacy implementation of 'cron' make it clear that Apple doesn't want 
> people fiddling around with their Macs "under the hood" or using them as 
> unattended utility machines.
> 
> 
> (*) Apache HTTPD, Postfix, Dovecot, BIND, SpamAssassin, and a bunch of tools 
> that I use for administrative/research work on that machine. Also MIMEDefang, 
> which is hand-built because it's got some (originally intentional and 
> explicit)  Mac-hostility and there's no port. Yet.
> 
> -- 
> Bill Cole
> b...@scconsult.com or billc...@apache.org
> (AKA @grumpybozo and many *@billmail.scconsult.com addresses)
> Not Currently Available For Hire

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-04 Thread Bill Cole 

On 2022-03-03 at 08:38:47 UTC-0500 (Thu, 3 Mar 2022 14:38:47 +0100)
Gerben Wierda via macports-users 
is rumored to have said:

Apart from Steven Smith, are there other users here that run a mail 
server setup via MacPorts? And is already someone else running on 
Monterey?


I have run a personal/family mail/web/dns server whose componentry* is 
almost all built by MacPorts since ~2006. Current platform is El 
Capitan, because Apple has made macOS increasingly hostile to server 
use. When running ElCap becomes too much of a hassle (or when that 
machine dies,) I expect that I will finally move its functionality to a 
FreeBSD machine.


Catalina and later simply are not fit for server duty. The deliberate 
breaking of standard logging, broad locking of the system, and breakage 
in the legacy implementation of 'cron' make it clear that Apple doesn't 
want people fiddling around with their Macs "under the hood" or using 
them as unattended utility machines.



(*) Apache HTTPD, Postfix, Dovecot, BIND, SpamAssassin, and a bunch of 
tools that I use for administrative/research work on that machine. Also 
MIMEDefang, which is hand-built because it's got some (originally 
intentional and explicit)  Mac-hostility and there's no port. Yet.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire

Re: Running a mail server via MacPorts on macOS Monterey

2022-03-04 Thread Bjarne D Mathiesen 
I'm running a mail server setup on 10.6.8
* postfix
* dovecot
* mysql
* sqlgrey

Gerben Wierda via macports-users wrote:
> Apart from Steven Smith, are there other users here that run a mail
> server setup via MacPorts? And is already someone else running on Monterey?
> 
> I am and I’d like to link up to compare the situations, issues, etc. 
> 

-- 
Bjarne D Mathiesen
Korsør ; Danmark ; Europa
---
denne besked er skrevet i et totalt M$-frit miljø
MacPro 2010 ; OpenCore + macOS 10.15.7 Catalina
2 x 3,46 GHz 6-Core Intel Xeon ; 256 GB 1333 MHz DDR3 ECC RDIMM
ATI Radeon RX 590 8 GB