OSX 10.5 Server - Mail Server Issue

Similar Messages

• DMZ - DNS Server, Mail Server, Web Server, FTP Server

  Hi,
  I am looking at a router to support around 20-30 people. I have a DNS Server, Mail Server, Web Server, FTP Server (all on one box (PC). I was wondering how everyones experiences with DMZ and port forwarding have been with these protocols with Airport and supporting a group of this size? Do you forsee issues? Will the new Airport handle these requirements better?
  Thanks

  A record for mail.mydomain.com going for ip 199.99.99.999
  MX record for mail.mydomain.com with destionation as mail.mydomain.com
  That doesn't quite make sense. There must be an A record for "server.mydomain.com" or you wouldn't be able to reach it at all. You want the MX record to point to that.

• Will Windows Outlook clients be happy with Snow Leopard Server Mail Server?

  Our network at work has a Windows SBS 2003 server - and 40+ XP PCs running office 2003 (and outlook 2003).
  Can I set up Snow Leopard Server so that the Outlook 2003 clients will be able to use contacts, calendars and mail etc from the mac (mini) that we would purchase for this?
  I'd love to get everyone on Mac here, but we can't cos our core application is windows only and we would still need the MSSQL server. I know - we could install parallels or virtualbox for the windows apps but that is extra expense, and tbh I don't think our users could cope.
  Thanks

  Hi
  +"Can I set up Snow Leopard Server so that the Outlook 2003 clients will be able to use contacts, calendars and mail etc from the mac (mini) that we would purchase for this?"+
  For mail yes. For calendars you will need 'assistance' using 3rd-party applications or helper utilities. The iCal Admin manual has more details of what is available:
  http://manuals.info.apple.com/enUS/iCalServerv10.6.pdf
  Page 12. For Addresses/Contacts consult the Address Book Server Admin Manual for more details:
  http://manuals.info.apple.com/enUS/AddressBkServerv10.6.pdf
  Page 12. I don't see anything specifically listed so you may have to search for these yourself unless someone else posts with something more specific that works?
  If you're expecting Exchange-like functionality you will be disappointed. If you really must have the functionality you're used but also want to move to the mac platform a better prospect (IMO) would be Kerio Mail Server:
  http://www.kerio.com/connect
  Depending on what other services you may or may not want you may not necessarily need OSX Server? Then again you could as easily install KMS on a Windows or Linux box instead. In which case why swop from Exchange?
  Tony

• Os x snow leopard server mail server auto detection

  Hi All,
  I have a Mac Mini Server on 10.6.8 running many services.
  One of which is Mail. When I setup a email account in the mail app for a client, it doesn't auto detect the mail server. Is there a way to set this up?
  Thanks.

  There are ways of configuring auto-discovery within email, but it's hardly trivial.
  Essentially, the mail client will query a web server for a configuration file for the current user. The server needs to return an XML file that contains all the configuration data that the email client uses.
  This is all largely based off autodiscover that Microsoft built into Outlook, and has become a pseudo-standard.
  It's well documented on the net if you want to set this up for your users. This article is based around Outlook, but the same principle applies.

• OSX Lion Server - Mail Server All Mail Lost

  Hi
  Can anyone help. 
  I opened my mail client and found a blank mail box.  It appears that all of my mail that I host on Lion Server has just vanished.  I checked it via my iPhone 30 minutes prior to accessing the mail.app on my imac and all of my mail was visible.  I then checked on my iPhone and slowly watched my mailbox contents vanish on my iPhone.
  I'm at a loss as to what has happened and I can retrieve the email via a backup I did a day ago; however I have had some important mail since then and I appear to have lost them.
  I'm truly finding OSX Lion Server to be a real pain where as Snow Leopard Server worked pretty well.
  If anyone can assist I'd be really grateful.
  Thank you

  Thanks Colin
  No one has been able to help so far in the Lion Server forums.  I've logged a call with Apple but so far they have not been able to help.
  I've now completely shutdown all Lion Server Services and loaded up Microsoft Exchange in a VM.  Obviously a tad more expensive but Exchange is a far more mature and stable product.

• Exchage server mail box issue.

  Hi All,
  One of the user in Exchange Server has a mail box size of 500 MB. I have disabled this user but not deleted, since He left our Company, after reducing the size of his mailbox to 10 MB from 500 MB, I realized that
  there were still many mail items which were available in his mail box & his mailbox property value was showing XXXX amount of items and it xxxxxx KB of space, thus it means that his mailbox items are still occupying 332 MB out of 500 MB, unfortunately
  I have already reduced mail box size to 20 MB, I would like to know where will the items available in his mailbox and suppose if i  increase the same user's mail box back to 400/500 MB then will I get back to the all mails and there will be any effect
  on exchange server database (EDB) file. If so, what are the consequences
  Regards
  Lakshminarayan

  No increasing the users MB size will not bring back items that have been deleted.
  How did you do the deletion?
  How long ago did you so the deletion?
  Are you wanting to get the data back or just wondering why the its still occupying space in the DB?
  When you delete items via Outlook they are first put into the Deleted Items Folder
  When you empty the Deleted items Folder the items are placed within the Recoverable Items/Deletions folder until the deleted item retention is reached
  Once the Deleted item retention is reached the data is purged from the DB and the space it use to occupy is now white space. The DB size itself will not decrease instead that white space can be used to store other items from any user in that DB 
  Search, Recover, & Extract Mailboxes, Folders, & Email Items from Offline Exchange Mailbox and Public Folder EDB's and Live Exchange Servers or Import/Migrate direct from Offline EDB to Any Production Exchange Server, even cross version i.e. 2003 -->
  2007 --> 2010 --> 2013 with Lucid8's
  DigiScope

• Authenticating to Mac OS X Server Mail Server - Not WOrking

  Hi,
  I have setup my smtp server (on a mac os x server) to accept authenticated smtp sessions from outside its network...
  smtpdpw_server_securityoptions = cram-md5,login,gssapi
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  However, my iPhone will not connect to the server when away from home, smtp log shows just...
  Nov 19 08:18:55 mailgate postfix/smtpd[36658]: connect from mobileweb03.london.02.net[193.113.235.169]
  Nov 19 08:18:57 mailgate postfix/smtpd[36658]: lost connection after HELO from mobileweb03.london.02.net[193.113.235.169]
  Nov 19 08:18:57 mailgate postfix/smtpd[36658]: disconnect from mobileweb03.london.02.net[193.113.235.169]
  Has anybody successfully made the iPhone work with the Mac SMTP server?
  Thx!

  i have no problem connecting to the IMAP server, this issue is sending outgoing mail via the smtp server. As I am outside of the permitted network I have setup authentication, this does not seem to be working. Message from smtp server logfile states the iPhone is ending the connection after the HELO request.

• File Server, Mail Server & Address Book

  Here's the structure in my company:
  One OSX Server is running AFP & Windows services. This server has about 25 users. Another OSX Server is running Mail services and has about 31 users.
  I am going to setup a shared Address Book to store and share our clients contact info, so I want to put them into one of the two OSX servers using LDAP. I am not sure if I should use the AFP server as the Directory Master.
  The ultimate goal is to have one single Directory master for two OSX machines, 25 user account and a LDAP for about 300 clients info.
  What's the best way to configure this? Thanks.

  Welcome in the shared AB via Ldap world!
  I made it, no-hassle, setting up the OD Master on our 'inner' OSX4.8 server, providing AFP & Windows services. The shared LDAP Address Book is activated on it, via the very nice piece of software 'ABXLdap' from j2anywhere.
  The other 'outer' server is providing FTP and Mail services, and is bound via Directory Access to the 'inner' server to auth users from inside (192.168.X.X) and from outside (Internet). It's role is 'OD replica'.
  You may found excellent ideas here: http://www.afp548.com/article.php?story=2006041917593768
  best regards

• Mail server not sending mail properly

  I'm sure there is a quick fix to this that I'm not seeing but hopefully someone knows this better than I do.
  We are in transition from a Plesk Mail system over to our OSX Server Mail Server. We are transitioning over our accounts by domain and not doing every domain at once which would be a hassle. We have transitioned over the primary domain and one virtual domain so far. We have two more virtual domains to go.
  This third virtual domain has a lot of users and I just finish importing them all. I followed the write up on how to do this properly with doing it in WGM and then duplicating it in Postfix since virtual domains is broken. So I followed all those instructions but something weird is happening. We have not cut over our MX record yet for that virtual domain as we want to prepare our clients for when we do. But what is happening is if I send an e-mail from my account in the primary domain to a person in the virtual domain that we have not cut over yet, they won't get any mail from me. It's almost like the OSX server thinks it controls that virtual domain and delivers it to itself instead of passing it on. Yet I look in my virtual domain settings and I don't have that virtual domain setup or turned on. I just have the user accounts in.
  There has to be a way for the OSX server not to take control of virtual accounts until I'm ready for it to. Anyone know how to fix this?
  -Brian

  So I thought this was fixed but I'm still hearing that users of the virtual domain that we haven't cut over yet are not getting their e-mail. It seems like our server is holding onto messages that need to be sent on to the old server for now until I change the MX record.
  Here is the main.cf file output:
  readme_directory = /usr/share/doc/postfix
  mydomain_fallback = localhost
  messagesizelimit = 10485760
  myhostname = mail.xpmedia.com
  mailbox_transport = cyrus
  mailboxsizelimit = 0
  virtual_transport = lmtp:unix:/var/imap/socket/lmtp
  virtualmailboxdomains = hash:/etc/postfix/virtualdomainsxp
  virtualaliasdomains = hash:/etc/postfix/virtual_domains
  virtualaliasmaps = hash:/etc/postfix/virtual
  mydomain = xpmedia.com
  enableserveroptions = yes
  inet_interfaces = all
  relayhost =
  mydestination = $myhostname,localhost.$mydomain,localhost,xpmedia.com
  smtpdsasl_authenable = yes
  smtpduse_pwserver = yes
  smtpdrecipientrestrictions = permitsasl_authenticated,permit_mynetworks,reject_unauthdestination,permit
  smtpdpw_server_securityoptions = login,cram-md5,plain
  content_filter = smtp-amavis:[127.0.0.1]:10024
  smtpdclientrestrictions = permit_mynetworks rejectrblclient zen.spamhaus.org permit
  mapsrbldomains =
  mynetworks = 98.173.129.235,127.0.0.0,127.0.0.1
  localrecipientmaps =
  luser_relay = postmaster
  transportmaps=hash:/etc/postfix/transportmaps
  Here is the Transport Maps file output:
  xpmedia.com :
  xpmissions.com :
  xpwebchurch.com smtp:mail.xpmissions.com:587

• Mail server (dovecot) stop authenticate (server.app 3.0.3, OsX 10.9.2)

  Hi,
  I have this problem: on a Mac mini with Maverick 10.9.2 and Server.app 3.0.3 with Open Directory (with about 75 Users and mail), it appears that randomly, dovecot stop to authenticate mail clients without standart method, so all Windows client stop to work because server ask again their passwords.
  At this point the only way to restart service for good is to restart completely the machine.
  Start/Stop mail service or Open Directory does'nt work.
  If we do an hardware reboot of the server, clients start to authenticate again.
  We use as authenticate mechanism "Ad hoc" with all check opts. enabled...
  This is a very annoying problem: with a large number of users can be really a pain in the *ss.
  I try to search the forum and the closest similar problem I've foud it's about osx that use (in ad hoc choice of authentication mechanism) CRAM-MD5 as default option and this is not supported by windows oulook-like clients.
  The only difference in my case is that this seems NOT really true because Mail server WORKS for a while (could be one or two working day) and then in a random way that I couldnt understand, it stop until I restart the machine.
  It's so weird.
  Please, where I can start to look to troubleshoot this problem?
  Can someone had a similar experience to share?
  Thanks in advance...

  I try to look at passwordservice logs but nothing strange are there.
  It seems that kerberos is involved too, i see many error like this:
  2014-03-27T11:07:17 Failed to decrypt PA-DATA -- notifiche@SERVER.[MYSERVER].COM (enctype aes256-cts-hmac-sha1-96) error Decrypt integrity check failed for checksum type hmac-sha1-96-aes256, key type aes256-cts-hmac-sha1-96
  And always is notification mailbox I've created for the server.
  Looking at google I found this,  is the most closest case related to mine:
  http://www.marshut.com/qktsu/decrypt-integrity-check-failed-issue.html
  Thanks fos any hints or clue you can give...

• OSX Mail Server got hacked

  Hey,
  I just wanted to tell you (and maybe an engeneer at Apple is bumping into this) that my OSX Server got hacked and is now sending a **** load of phrishing E-Mails all over the globe. My IP got blocked already by Verizon.
  I wanted to tell you this because I'm running the latest Server Software (2.2.1) and OSX (10.8.4) Version. Maybe you want to take a look into that.
  I now just have to figure out how to take over my own server (I'm not that experienced with servers and haven't been hacked yet).
  If you have any kind of tips to get back to regular status please tell me!
  Cheers
  Constantin

  Nothing immediately leaps out, but it's still possible there's a relay going here.
  Definitely check the accounts and trace the messages through your server.  Find out how they're getting access.
  Please also use the Postfix documentation (links below) or please get some direct help from somebody that can directly access and review the settings.  If you're not in a position to get help for this, then please review the Postfix documentation for the following settings, as retrieved from one of the mail servers I'm dealing with:
  smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_non_fqdn_recipient reject_unknown_recipient_domain reject_unauth_pipelining reject_unauth_destination check_policy_service unix:private/policy permit
  smtpd_sender_restrictions = permit_sasl_authenticated reject_non_fqdn_sender reject_unknown_sender_domain permit
  smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit
  ...and then compare that with what the current settings on the mail server are:
  smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination
  smtpd_sender_restrictions =
  smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated permit
  The check_policy_service unix:private/policy setting is greylisting, which I usually have enabled.  Various of the settings I'm using are for spam control.   Your current settings might be good enough, depending on the relay settings (see below).
  You'll want to check the setting of relay_domains in the full listing of parameters, and I'd expect something like this:
  relay_domains = $mydestination
  with whatever is stored over in mydestination being just local stuff, with with no wildcards.  This to avoid the reject_unauth_destination from allowing more access than you expected.  You may also need to look at mydomain.
  I'd encourage reviewing the Postfix documentation or a book on that topic (though I don't particularly know of nor have any recommendations for Postfix books), or working with somebody that can help with this issue and with getting you an overview.
  Specific Postfix web pages I'd encourage a look at include address verification and relay access control and (more of a general issue with mail servers) avoiding generating backscatter spam.  Here's SpamCop's recommendations for the smtpd_recipient_restrictions settings (though you'll want to enable the RBL via Server.app)  Here's the full list of Postfix settings.
  ps and FWIW: please consider posting the settings directly here, as I'm finding Postbin makes for difficult answers, with multiple browser tabs open to review the settings. 

• Help with OSX server mail setup

  Please if anyone can tell me what I am doing wrong, I would be very grateful.  I have a company with an externaly hosted website and an an internally hosted email (OSX server).  I have everything kind of working, but some things don't seem quite right.  I'll explain below:
  I have a purchased domain: mycompany.com hosted by godaddy.
  I am using Godaddy name servers: ns65.domaincontrol.com and ns66.domaincontrol.com
  The external godaddy DNS has an a name entry for my mail server: mail pointing to 123.123.123.123 (which is my companies external static IP address).
  There is also a null (@) a name record for my website hosting service (squarespace) pointing to 456.456.456.456
  There is a cName record www pointing to the squarespace domain "www.squarespace6.com"  (know this is unusual, but it is how squarespace asks this to be set up and does not work otherwise)
  There is an MX record with priority 10 and host name @ pointing to mail.mycompany.com
  I have a airport extreme router with the appropriate ports forwarded to the OSX server.
  The DNS servers on the router are pointed to the internal IP address of the OSX server
  I did not change the domain name on the router (mistake?) it is currently san.rr.com
  On the OSX server I have set up host name to be mycompany.comDNS is set up with primary zone being mycompany.com
  Primary Zone entries include
  nameserver = mycompany.com
  machine record host name is mycompany.com and the IP address is the internal IP address of the OSX server
  another machine record with host name "mail" and IP address is the internal IP address of the OSX server.
  Finally, there is a mail exchanger record with mail server "mail.mycompany.com" and priority 10
  There are 2 entries autocreated in the Reverse zone
  Mail is setup and running on the OSX server providing mail for "mail.mycompany.com"
  Users are setup with email address: [email protected] (note: without the mail subdomain - I think this is OK?)
  I am using self signed certificate.
  In my clients (windows Thunderbird, Mac Mail, iOS mail), the settings are for the incoming mail server host name to be "mail.mycompany.com" and the outgoing also to be "mail.mycompany.com"
  I woud have expected this to be imap.mycompany.com and smtp.mycompany.com respectively, but it doesn't work when I input these values and works with the former.  Have I set this up wrong??  imap seems to require SSL on port 993 and SMTP seems to require TLS on port 587.Outlook on PC gives me an error that after googling appears to be a problem with not recognizing a fuly qualified hostname form the SMTP client.  I see the fix, but wanted to know if that meant that my server didn't have a fully qualified host name and whether I should change that rather than just remove that restriction???
  The final problem is that my outgoing emails seem to be getting caught up in other people's spam filters too frequently.  What is the main reason for this?  Is it because I have set something up wrong and it brings up flags or is it simply because I am not a huge hosting company, or somethign else althogether?
  If you've gotten this far, big thanks!  If you can help me, even more thanks!

  Well, actually they are both getting caught up in spam filters and bounced back.  I actually realized that part of the problem is that I have a dynamic IP address, but it doesn't change.  Regardless, on the bounce back it looks like hotmail and other domains are rejecting email from my IP and recognize it as dynamic.  This was a test server that i would by physically taking to my business where there is a static business IP address (Cox).
  Sorry for the very long original message, but it seems that most people don't post enough information for the problem to be solved in their original posts and I was hoping to provide as much detail as possible.
  The other is the question of "are things set up right?"  It seems strange to me that both my outgoing and incoming servers are "mail.mycompany.com" and not imap.mycompany.com and smtp.mycompany.com and I wonder if this is going to cause me to have problems?
  Is it a problem that my email addresses are [email protected] and not [email protected]?
  Was I supposed to change the domain name on the router?
  Also is it going to be a problem that I am using a self signed certificate?

• OSX Lion Server / Mail.app with FB

  Hi - I have an OSX mac mini i7 Lion Server 10.7.4 running mail server. I am getting emails from gmails but apparently, it is not getting email from Facebook registration. I tried many times but no facebook registration comes in. I tried sending email from a gmail account to my the same username and I get all of them. But, from facebook, say registering from facebook, it is not getting any. User is setup correct in osx users as well as in mail server users.
  I went to mail.app and deleted the mail cache, remove the filters for spams and all that. But I still do not get FB email confirmation. What could be the reason.
  This is what I get on my message log.
  This from All messages log:
  6/14/12 8:50:21.125 AM postfix/smtpd: connect from outmail020.snc7.facebook.com[69.171.232.154]
  6/14/12 8:50:26.206 AM postfix/smtpd: disconnect from outmail020.snc7.facebook.com[69.171.232.154]
  6/14/12 8:51:56.533 AM org.clamav.clamd: SelfCheck: Database status OK.
  6/14/12 8:51:58.184 AM postfix/postscreen: CONNECT from [66.220.144.142]:56363
  6/14/12 8:52:04.498 AM postfix/postscreen: PASS NEW [66.220.144.142]:56363
  6/14/12 8:52:04.840 AM postfix/smtpd: connect from outmail008.snc4.facebook.com[66.220.144.142]
  6/14/12 8:52:09.926 AM postfix/smtpd: disconnect from outmail008.snc4.facebook.com[66.220.144.142]
  6/14/12 8:55:29.936 AM postfix/anvil: statistics: max connection rate 1/60s for (smtpd:69.171.232.154) at Jun 14 08:50:21
  6/14/12 8:55:29.936 AM postfix/anvil: statistics: max connection count 1 for (smtpd:69.171.232.154) at Jun 14 08:50:21
  This from the mail.log
  Jun 14 01:11:10 rj45hotspot postfix/dnsblog[5142]: warning: dnsblog_query: lookup error for DNS query 134.143.42.114.zen.spamhaus.org: Host or domain name not found. Name service error for name=134.143.42.114.zen.spamhaus.org type=A: Host not found, try again
  Jun 14 08:50:14 rj45hotspot postfix/dnsblog[7431]: warning: dnsblog_query: lookup error for DNS query 154.232.171.69.zen.spamhaus.org: Host or domain name not found. Name service error for name=154.232.171.69.zen.spamhaus.org type=A: Host not found, try again
  Thanks

  Hmmm, not sure what is going on, but from the Mail log, neither of those IPs have a name associated with them, 1st one is in Netherlands, 2nd one is iin Africa!???
  Any idea why it'd be looking those up?
  I wonder if your Facebook account has been hacked, or See if you might have this malware redirecting DNS queries...
  http://macmegasite.com/node/3924
  http://www.ehow.com/how_2128387_remove-osxrspluga-trojan-horse-mac.html
  How to fix...
  http://www.macosxhints.com/article.php?story=20071031114140862
  Known DNSChanger address ranges. Source: dcwg.org
  http://krebsonsecurity.com/2012/03/court-4-more-months-for-dnschanger-infected-p cs/

• OSX mail server not working after upgrade to 10.8.1

  I updated my mini-mac running OSX server to 10.8.1 and now I am having problems with the mail server.  It just stopped working.  I checked the log files and this is what it has returned:
  Aug 28 09:24:40 limcoserver.limcoengineering.com postfix/trivial-rewrite[25261]: warning: harsh:/Library/Server/Mail/Config/postfix/virtual_domains: table lookup problem
  Aug 28 09:24:40 limcoserver.limcoengineering.com postfix/trivial-rewrite[25261]: warning: virtual_alias_domains lookup failure
  Aug 28 09:24:40 limcoserver.limcoengineering.com postfix/smtpd[25256]: warning: hash:/Library/Server/Mail/Config/postfix/smtpdreject is unavailable. open database /Library/Server/Mail/Config/postfix/smtpdreject.db: No such file or directory
  Aug 28 09:24:40 limcoserver.limcoengineering.com postfix/smtpd[25256]: warning: hash:/Library/Server/Mail/Config/postfix/smtpdreject: table lookup problem
  Aug 28 09:24:50 limcoserver.limcoengineering.com postfix/smtpd[25256]: warning: hash:/Library/Server/Mail/Config/postfix/smtpdreject is unavailable. open database /Library/Server/Mail/Config/postfix/smtpdreject.db: No such file or directory
  Aug 28 09:24:50 limcoserver.limcoengineering.com postfix/smtpd[25256]: warning: hash:/Library/Server/Mail/Config/postfix/smtpdreject: table lookup problem
  Aug 28 09:26:28 limcoserver.limcoengineering.com postfix/postscreen[25317]: warning: cannot connect to service private/smtpd: Connection refused
  The mail server log is reporting the following error
  Aug 28 09:26:22 limcoserver.limcoengineering.com log[25134]: anvil: Warning: Killed with signal 15 (by pid=1 uid=0 code=unknown 0)
  Aug 28 09:26:22 limcoserver.limcoengineering.com log[25134]: imap-login: Warning: Killed with signal 15 (by pid=1 uid=0 code=unknown 0)
  Aug 28 09:26:22 limcoserver.limcoengineering.com log[25134]: auth: Warning: Killed with signal 15 (by pid=1 uid=0 code=unknown 0)
  Aug 28 09:26:22 limcoserver.limcoengineering.com log[25134]: log: Warning: Killed with signal 15 (by pid=1 uid=0 code=unknown 0)
  Aug 28 09:26:22 limcoserver.limcoengineering.com push_notify[24372]: terminating mail notification services (SIGTERM)
  From the look it seems like the database table maybe corrupted, and I would like to find out how if anyone has this problem.  It seems like eveytime there is an update on ML, there is some resultant problems with one or more of the services on OSX server.

  alias_maps = hash:/etc/aliases
  always_bcc = [email protected]
  biff = no
  command_directory = /usr/sbin
  config_directory = /Library/Server/Mail/Config/postfix
  content_filter = smtp-amavis:[127.0.0.1]:10024
  daemon_directory = /usr/libexec/postfix
  data_directory = /Library/Server/Mail/Data/mta
  debug_peer_level = 2
  debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin xxgdb $daemon_directory/$process_name $process_id & sleep 5
  dovecot_destination_recipient_limit = 1
  enable_server_options = yes
  html_directory = /usr/share/doc/postfix/html
  imap_submit_cred_file = /Library/Server/Mail/Config/postfix/submit.cred
  inet_interfaces = all
  inet_protocols = all
  local_recipient_maps =
  mail_owner = _postfix
  mailbox_size_limit = 0
  mailbox_transport = dovecot
  mailq_path = /usr/bin/mailq
  manpage_directory = /usr/share/man
  maps_rbl_domains =
  message_size_limit = 36700160
  mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  mydomain = limcoengineering.com
  mydomain_fallback = localhost
  myhostname = mail.limcoengineering.com
  mynetworks = 127.0.0.0/8,[::1]/128,192.168.10.4
  newaliases_path = /usr/bin/newaliases
  owner_request_special = no
  postscreen_dnsbl_sites = zen.spamhaus.org*2
  queue_directory = /Library/Server/Mail/Data/spool
  readme_directory = /usr/share/doc/postfix
  recipient_delimiter = +
  relayhost =
  sample_directory = /usr/share/doc/postfix/examples
  sendmail_path = /usr/sbin/sendmail
  setgid_group = _postdrop
  smtp_sasl_auth_enable = yes
  smtpd_client_restrictions = hash:/Library/Server/Mail/Config/postfix/smtpdreject cidr:/Library/Server/Mail/Config/postfix/smtpdreject.cidr permit_mynetworks
  smtpd_enforce_tls = no
  smtpd_helo_required = yes
  smtpd_pw_server_security_options = login,plain
  smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks reject_unauth_destination check_policy_service unix:private/policy permit
  smtpd_sasl_auth_enable = yes
  smtpd_tls_CAfile = /etc/certificates/limcoserver.limcoengineering.com.B60AD03C6077548EE4B726A57BF6 E76DAAFA06BB.chain.pem
  smtpd_tls_cert_file = /etc/certificates/limcoserver.limcoengineering.com.B60AD03C6077548EE4B726A57BF6 E76DAAFA06BB.cert.pem
  smtpd_tls_ciphers = medium
  smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
  smtpd_tls_key_file = /etc/certificates/limcoserver.limcoengineering.com.B60AD03C6077548EE4B726A57BF6 E76DAAFA06BB.key.pem
  smtpd_use_pw_server = yes
  smtpd_use_tls = yes
  tls_random_source = dev:/dev/urandom
  unknown_local_recipient_reject_code = 550
  use_sacl_cache = yes
  virtual_alias_maps = harsh:/Library/Server/Mail/Config/postfix/virtual_domains

• New, Single Server - DNS, Web, Wiki, Mail Setup Issues

  I'm having some issues properly setting up 10.7.3 to host internal DNS and external Web, Wiki and Mail.  I'm having issues with the web and wiki hosting.  Since those are the most important right now, I haven't really had a chance to fully test the other features.  I was able to do some testing of the mail and iCal but it was limited.
  Long read below but I thought the specifics would be helpful...
  My goals and configuration are:
  ***GOALS***
  Primary:
  1) Host a public website: example.org and www.example.org
  2) Host a public wiki: main.example.org and www.main.example.org
  3) Host a public mail server: [email protected]
  4) Host a public, group calendar
  4a) Read only to majority - Read/Write to a group
  5) Host a global address book for authenticated users
  Secondary:
  6) Allow anonymous public access to a file share (read only)
  7) Allow authenticated access to the same file share (read/write)
  8) Do as much of this via GUIs as possible.
  ***SETUP AND CONFIGURATION***
  Physical:
  1) Business class Internet (no blocked ports)
  2) A single, public and static IP address
  3) Domain name and public DNS via GoDaddy
  4) Wildcard Cert: *.example.org from GoDaddy
  5) Late 2011 (bought in Jan 2012) MacMini Lion Server (the $1,000 one).
  5a) Upgraded the RAM to 16GB (need for VMware Windows clients)
  5b) Added two USB to Ethernet adapters.
  6) Using a new model AirPort Extreme Base Station (bought w/ the MM) as the main router.
  Initial Configuration:
  7) Setup a Mac Address reservation for the main and two USB Ethernet ports along with the wireless too.
  7a) Main port = 10.0.1.5 / Others are .6, .7 and .10
  8) During the setup, I chose the Host on the Internet (third) option and named my server: main.example.org
  9) After the setup completed, I upgraded the OS & Admin Tool to 10.7.3 from a clean install (on #5 now)
  DNS Config
  10) I used the admin tool to open DNS and change:
  11) "Primary Zone Name" from main.example.org to example.org.
  12) In the "Nameservers:" block, I changed the zone name there but left the nameserver name alone (zone: example.org /// Nameserver Hostname: main.example.org).
  13) The Machine Name and Reverse Zone was left alone.  RZ resolves to main.example.org.  sudo changeip -checkhostname is good.  dig on the example.org and main.example.org are good to go (NOERROR).
  OD Config
  14) From the server app, I clicked Manage/Network Accounts and setup the OD - No issues.
  SSL
  15) From the server app, I created self signed cert, generated a CSR, got a public Cert, then replaced the self-signed with the public one - No issues.
  16) Changed any service using the self-signed cert to the public one - No issues.
  17) Changed the cert in the OD to the public cert from server admin - No issues.
  In order: File Sharing, Mail, AB, iCal, Web, Wiki, Profile Manager, Network Groups, Network Users
  18) File Sharing was setup using the server app
  19) Setup mail using the server app to start it and the server admin app to configure it - No issues there (I think...)
  20) AB - Flipped the switch to on
  21) iCal - Flipped the switch to on - I setup the e-mail address to use after I added the network accounts.
  22) Web - Flipped the switch to on - Default site worked (main.example.org)
  23) Wiki - Flipped the switch to on - Default wiki worked. (main.example.org)
  24) PM - Checked the sign config profiles and enabled the device mgt.  I then flipped the switch to on - Default settings and pages worked.
  ***MY PROBLEMS***
  Website:
  Adding a website for example.org gave me the red dot in the server app.  To fix that, I added a Machine Name record to my primary zone (PZ = example.org Machine Name = example.org).  I first tried using the same 10.0.1.5 IP as the main.example.org and left the reverse mapping alone (still resolved to the NS of main.example.org).
  That gave me the green light in the server app when trying to add the website again.  From there, I changed the "Store Site Files In" to the location of my website files (and confirmed "Everyone" has Read Access in the folder's security settings).  I left the other info alone (all defaults accepted) and clicked done.
  Access to the website works on the server but external access doesn't (Network Error/timed out tcp_error).  Checked the AirPort settings using the AirPort utility (version 5.5.3) and the Port Mapping (under the "Advanced" icon) show serveral services all pointing to 10.0.1.5.  Thinking it could be DNS I tried main.example.org externally and it failed the same way.
  I ran the changeip command (good to go) and dig on example.org and main.example.org and they both resolved to 10.0.1.5 correctly.
  I removed the example.org Machine Record from the zone and it now looks like:
  PZ=example.org / ZONE=example.org / NS=main.example.org
  Machine Record=main.example.org / IP=10.0.1.5
  RM=10.0.1.5 / Resolves=main.example.org
  PLEASE HELP!

  The amount of users (if relevant):
  On site - 1 (Me)
  Off site - 16 (Windows clients - some have iOS devices too)
  Web site traffic - less than 50 regular visits per day (avg of 15) with a peek of ~125 once a month.
  This is for a 501c3 public nonprofit made of all unpaid volunteers (including the officers and directors).  All of us have paying day jobs and I just so happen to be the guy that knows just enough to get myself in trouble here.