Secure postfix gateway

Im doing this entirely for the masochistic pleasure/learningexercise
I have a cheap small VPS that I want to act as an SMTP relay to forward emails to my own server on a dynamic ip connection (the VPS has a static address). I want it to act as a gateway - so IMAP is on my server, which then forwards to the gateway, which then sends emalis out to the world from my domain name.
But Ive hit a snag..
I want to secure both servers, so they dont become spam bots and I get black-listed... I was thinking SASL and SSL on both servers, but I cant get my mind around it.
* The gateway only has postfix. It forwards mail to the host, and the host forwards (outbound) mail to it. Can/should I use SASL here or just SSL?
* The host has postfix+dovecot. Obviously Ill need SASL for IMAP, and SSL.
* Presumably Ill need one SSL certificate per server?
Any advice is very much welcome!

The instructions on that web page aren't applicable to your case. Don't follow them.

Similar Messages

10.8 Server (VPN Secure Internet Gateway) setup question

I am running Mountain Lion 10.8.4 with Server 2.2.1
I am attempting to setup the server to allow connection to my internal/Private LAN
I have the source (External Internet access) setup as #1 in the service order (en0)
and the Private network as the secondary (en4)
I followed the steps on http://macminicolo.net/mountainlionvpn and input my own IP's when needed
I am able to connect and authenticate to the vpn and able to get internet access through the vpn
unfortunatly I am unable to reach anything on my private LAN
this is my settings in my customNATRules:
nat on en4 from 10.0.0.0/24 to any -> (en4)
pass from {lo0, 10.0.0.0/24} to any keep state
i have the sysctl.conf setup with
net.inet.ip.forwarding=1
I also changed the com.apple in pf.anchors to reflect the instructions above
Network Settings
(en0) My external ip is 192.168.168.4 to my firewall (not giving you my full outside)
and the DNS Server is pointing to itelf via 127.0.0.1
(en4) My Private LAN is set with the DNS to my private DNS servers
VLAN is setup with the same settings as the instructions state in the link above and I have the DNS set as 127.0.0.1
DNS Server Settings
I have my DNS server configured with my local hostname with the Vlan, internal ip, and external ip pointing back to the hostname.
i have the forwarding DNS servers configured to my private DNS servers for the private lan and as the 3rd I have 8.8.8.8 for general internet
VPN Server settings
I have the host name and shared secret set
I have 10 IP's for client addresses with the same IP segment as the VLAN
DNS settings i have routed back to the gateway of the vlan
I have one route configured i am using in my private lan to be routed private
is there anything I am missing or setting up incorrectly? I am struggling at this point and need some help.
if you need any more info please let me know

The instructions on that web page aren't applicable to your case. Don't follow them.

Mail Delivery System Errors and Securing/Protecting agains spam

Good morning all.
This morning I started recieving these:
          From: Mail Delivery System <[email protected]>
          Subject: [It] Postfix SMTP server: errors from imr-mb02.mx.aol.com[64.12.207.163]
          Date: November 18, 2011 8:51:23 AM EST
          To: Postmaster <[email protected]>
Transcript of session follows.
Out: 220 mail.cotaoil.com ESMTP Postfix
In: EHLO imr-mb02.mx.aol.com
Out: 250-mail.cotaoil.com
Out: 250-PIPELINING
Out: 250-SIZE
Out: 250-VRFY
Out: 250-ETRN
Out: 250-AUTH LOGIN PLAIN CRAM-MD5 GSSAPI
Out: 250-AUTH=LOGIN PLAIN CRAM-MD5 GSSAPI
Out: 250-STARTTLS
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In: MAIL From:<[email protected]> SIZE=3485
Out: 250 2.1.0 Ok
In: RCPT To:<[email protected]> ORCPT=rfc822;[email protected]
Out: 451 4.3.5 Server configuration error
In: DATA
Out: 554 5.5.1 Error: no valid recipients
In: RSET
Out: 250 2.0.0 Ok
In: QUIT
Out: 221 2.0.0 Bye
How this started:
Over the past couple of days to approx a week, I have seen a massive influx of Spam on our server. Spam coming in on random ex employee names that no longer work for the company.
Previous to the spam, I turned on "forward un-deliverable mail to" and set to me. The CEO was missing emails because people were not spelling his name correctly. I have actually been able tyo catch a lot of employee emails some important, others not.
In trying to make the mail server more secure, one of the features I tried to turn on was SMTP Client Restrictions, Which broke SMTP for my users. Obviously the error is mine and I need to do more research, but love some feedback on what needs to be set on the server and clients for SMTP client restrictions to work.
I know THE HOFF (mr hoffman) had information at some point to help users secure postfix, can anyone point me in the right direction, as well as any tips here on how to stop the influx of spam?
pstconf -n is here:
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
biff = no
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = smtp-amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
debug_peer_level = 2
enable_server_options = yes
header_checks = pcre:/etc/postfix/custom_header_checks
html_directory = /usr/share/doc/postfix/html
inet_interfaces = all
local_recipient_maps =
mail_owner = _postfix
mailbox_size_limit = 0
mailbox_transport = dovecot
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains =
maximal_queue_lifetime = 2d
message_size_limit = 0
mydestination = $myhostname, localhost.$mydomain, localhost, mail.cotaoil.com, cotaoil.com, $mydomain
mydomain = mail.cotaoil.com
mydomain_fallback = localhost
myhostname = mail.cotaoil.com
mynetworks = 127.0.0.0/8,192.1.1.10,192.1.1.11
newaliases_path = /usr/bin/newaliases
owner_request_special = no
queue_directory = /private/var/spool/imap/dovecot/mail
readme_directory = /usr/share/doc/postfix
recipient_delimiter = +
sample_directory = /usr/share/doc/postfix/examples
sendmail_path = /usr/sbin/sendmail
setgid_group = _postdrop
smtp_sasl_password_maps =
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated hash:/etc/postfix/smtpdreject cidr:/etc/postfix/smtpdreject.cidr reject_rbl_client zen.spamhaus.org permit
smtpd_enforce_tls = no
smtpd_helo_required = yes
smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_pw_server_security_options = cram-md5,gssapi,login,plain
smtpd_recipient_restrictions = permit_sasl_authenticated permit_mynetworks   reject_unknown_recipient_domain reject_unknown_sender_domain reject_invalid_hostname reject_unauth_destination check_policy_service unix:private/policy permit
smtpd_sasl_auth_enable = yes
smtpd_tls_CAfile = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.cha in.pem
smtpd_tls_cert_file = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.cer t.pem
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_key_file = /etc/certificates/mail.cotaoil.com.8F44026B8E7E908CEDAAD718F486D91C8FCD693E.key .pem
smtpd_tls_loglevel = 0
smtpd_use_pw_server = yes
smtpd_use_tls = yes
tls_random_source = dev:/dev/urandom
unknown_local_recipient_reject_code = 550
virtual_alias_maps =
mail:~ administrator$

I am not certain what you mean by immediately removing the 192.1.1.10 and 192.1.1.11, AIX servers that I use to relay admin emails to an IT address here. Some sort of a gateway implemented on a pair of IBM boxes, I might presume.
192.1.1.0/24 is in a public address space that you don't have assigned (unless you're BBN). If that IP routing leaks out, then some folks can get cranky. Or should you eventially need to contact hosts within the address space of the "real" occupants of 192.1.1.0/24, routing won't necessarilt play nice. There may well be a static IP route here, depending on the details of the router configuration, as otherwise that IP traffic would be going to BBN and not to those servers. The Internet works because folks play by the rules, when working with IP routing and DNS services. And if your predecessor used this address space (and not the likely 192.168.0.0/16 block), I'd look around to see if there were other unusual network configuration choices.
TCP port 25 is the server-to-server mail port. That's the main connection used among mail servers. Blocking that has the effect that you've discovered.
It's the clients that can also use that port that need to be relocated off the port, as the clients don't have the reverse DNS and related tests that would allow them access to that port, with various common server security configurations.
Open TCP 587 at the firewall and ensure that this port is active at the mail server host, as a starting point. You can test that with (among other tools) with a remote "telnet your.mail.server.host.name 587" command or similar; that's a primitive (but effective) (common) port test.
With the Apple Mail client, make sure the SMTP server is configured to use the default SMTP ports. Mail > Preferences > Account > Account Information > Edit SMTP Server > select the target SMTP server > Advanced > select "use the default ports (25, 465, 587)" and consider using SSL and authentication. (Apple Mail tries a few ports automatically, so the set-up can be different than other clients.)
I don't have enough space here for a full write-up on how mail or IP works, and setting up an arbitrary mail client or an IP network can be an adventure; I assumed the Apple mail client in the above. See the user collaboration services disscussion of mail services in the Mac OS X Server Advanced Administration manual as some background. (And if this stuff all looks a little cryptic, that's understandable, and you might want to consider getting some set-up help or consider moving to hosted mail services and making this stuff somebody else's problem.)

Confirming method to secure web services through oracle web service manager

Hi All,
I am just wondering about the method to secure web service through oracle web service manager.
I have a unsecure web service "helloworld" which is deployed on JWSDP1.6 toolkit.I want to secure it through oracle web service manager.
Inorder to secure this unsecure web service,I use gateway(web service manager for securing web service using message level security through certificate).
So when client want to access the helloworld service,it contacts the gateway securely and gateway intern connect to original web service after decrypting and verification of the signature.When gateway gets response from the web service,it signs the response message and then encrypt and passs on to the client.
So my question is,is it the right way to secure web service?
As I am getting the following fault exception :
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Body>
<SOAP-ENV:Fault>
<faultcode "http://schemas.oblix.com/ws/2003/08/Faults">c</faultcode>
<faultstring>Step execution failed with an exception
</faultstring>
<detail></detail>
</SOAP-ENV:Fault>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I checked the log at :
C:\coresv_install_home\external\oc4j-10.1.2.0.0\j2ee\home\log\http-web-access
but there is no helpful information available.Thanks for any help.
Kash

Hi Rajesh,
Thanks for your reply.I am using the following policy steps:
1)for Request (Decrypt and Verify signature).
2)for Response(Sign Message and Encrypt).
The configuration for Request is shown below:
Pipeline "Request"
Pipeline Steps:
Start Pipeline
Log
Decrypt and Verify Signature
Basic Properties Type Default Value
Enabled (*) boolean true true
XML Decryption Properties Type Default Value
Decryptor''s keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Decrypt Keystore Type (*) string jks jks
Decryptor''s keystore password string *******
Decryptor''s private-key alias (*) string s1as
Decryptor''s private-key password string *******
Enforce Encryption (*) boolean true true
XML Signature Verification Properties Type Default Value
Verifying Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Verifying Keystore type (*) string jks jks
Verifying Keystore password string *******
Signer''s public-key alias (*) string xws-security-client
Enforce Signing (*) boolean true true
End Pipeline
And the configuration for Response is shown below:
Pipeline "Response"
Pipeline Steps:
Start Pipeline
Log
Sign Message and Encrypt
Basic Properties Type Default Value
Enabled (*) boolean true true
Signing Properties Type Default Value
Signing Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-keystore.jks
Signing Keystore Type (*) string jks jks
Signing Keystore password string *******
Signer''s private-key alias (*) string s1as
Signer''s private-key password string *******
Signed Content (*) string BODY BODY
Sign XPATH Expression string
Sign XML Namespace string[]
Encryption Properties Type Default Value
Encryption Keystore location (*) string C:\Sun\jwsdp-2.0\xws-security\etc\server-truststore.jks
Encrypt Keystore Type (*) string jks jks
Encryption Keystore password string *******
Decryptor''s public-key alias (*) string xws-security-client
Encrypted Content (*) string BODY BODY
Encrypt XPATH Expression string
Encrypt XML Namespace string[]
End Pipeline
I checked the log again but nothing useful there,it is just giving the following values:
2006-08-14 16:32:50,372 INFO [Thread-21] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - INSERT INTO MEASUREMENT_PERSISTED_STORE (ID,DEF_ID,CONTEXT_ID,PARENT_CONTEXT_ID,TIME,STORETIME,KEY0,KEY1,KEY2,KEY3,KEY4,KEY5,KEY6,KEY7,KEY8,KEY9,KEY10,KEY11,KEY12,KEY13,KEY14,KEY15,KEY16,KEY17,KEY18,KEY19,KEY20,KEY21,KEY22,KEY23,KEY24,KEY25,KEY26,KEY27,KEY28,KEY29,KEY30,KEY31,KEY32,KEY33,KEY34,KEY35,KEY36,KEY37,KEY38,KEY39,DBM0,MEASUREMENT_STR) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,'R',empty_clob())
2006-08-14 16:34:50,364 INFO [Thread-16] mstore.OLiteMStore - SELECT MEASUREMENT_STR FROM MEASUREMENT_PERSISTED_STORE WHERE ID=? FOR UPDATE
Any help would be appreciated.Thanks.
Kash

Security Events Shows A New User Account Setup By Accessing my Network with a Profile

Can you tell me, please, if this is the result of a hack?
Mine is the 1st ID and Name.
Subject:
Security ID: GATEWAY\Angela
Account Name: Angela
Account Domain: GATEWAY
Logon ID: 0x2CBED
Additional Information:
Caller Workstation: GATEWAY
Target Account Name: Administrator
Target Account Domain: GATEWAY"
Audit Success 2/5/2014 12:49:45 AM Microsoft-Windows-Security-Auditing 4672 Special Logon "Special privileges assigned to new logon.
Subject:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege"
Audit Success 2/5/2014 12:49:45 AM Microsoft-Windows-Security-Auditing 4624 Logon "An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: GATEWAY$
Account Domain: WORKGROUP
Logon ID: 0x3E7
Logon Type: 5
Impersonation Level: Impersonation
New Logon:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3E7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x250
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I also suddenly have a 'switch user' on my windows logon screen, have files appearing and disappearing, see someone logging in with a temp profile, then a manual
profile, then an automatic profile (created from the profile examples given), logons between midnight and 2am, User Profiles Service 3, 4, 1, 5, 67, 5 and 2 over a 5 minute period at 1:10am on 2/3, etc.
I need to load my husbands PC (I reloaded mine and the problem continued, and need to know how to protect him from this, if necessary.
How do I proceed?

Hi,
Gnerally speaking, the events you list above just sytem service or application need to use system resource, then Event Viewer would record their activity. You can use Filter(filter event ID, such as 4624) to check, you will find plenty of events like new
account logon.
About your another question, you can access to User Managment to check your sytem current user, if there is any other new user has been created.
Win+X, choose Computer Managment, Local Users and Groups
Roger Lu
TechNet Community Support

Securing webaccess with ssl

OK, I will admit right now I don't fully understand how
webaccess and ssl works. In my current setup I used a
self-signed key generated and stored in eDir. This key is
used in httpd.conf like:
SecureListen xxx.yyy.zzz.1:443 "SSL Certificate"
I know have my freshly minted ssl cert (filename.crt) from
my CA. GHow the heck do I use it. I have search the TIDs
and Documentation with no luck, although I may not know
exactly what to look for.
Can someone either point me towards the correct docs or
otherwise instruct on how to set this up???
Much thanks, Chris.

OK, figured this one out. What is confusing is that in the
webaccess gateway there is an option to secure the gateway.
To the unfamiliar this would be the spot to add the
certificate. However, after doing more investigation I
realized that the ssl connection to the user is handled by
apache.
Now the apache setup is fairly straight forward provided
your CA issue you a certificate in pfx or p12 format. If
they issue a PEM certificate, then you have some dancing to
do. Luckily openssl helped here and I was able to convert
the certificate to pfx.
Chris
>>> On 7/16/2009 at 11:55 AM, in message
<4A5F15AB.CE15.0032.0@N0_$pam.vrapc.com>,
Chris<cmosentine@N0_$pam.vrapc.com> wrote:
> OK, I will admit right now I don't fully understand how
> webaccess and ssl works. In my current setup I used a
> self-signed key generated and stored in eDir. This key
> is
> used in httpd.conf like:
>
> SecureListen xxx.yyy.zzz.1:443 "SSL Certificate"
>
> I know have my freshly minted ssl cert (filename.crt)
> from
> my CA. GHow the heck do I use it. I have search the
> TIDs
> and Documentation with no luck, although I may not know
> exactly what to look for.
>
> Can someone either point me towards the correct docs or
> otherwise instruct on how to set this up???
>
> Much thanks, Chris.

Ability to filter gateway logging and simulate "go lives"...

Dear gurus,
For those of you have attempted to maintain secinfo and reginfo files (and now any proxy and message servicer ACLs) the subject title should be enough said.
The local and internal contexts account for 99% of the starting and registering of external programs. These create a huge amount of racket in the logging and in the case of secinfo dont give you the USER-HOST unless you activate additional filters, which effectively doubles the trace logging file size.
I would like to create a "functionality wishlist" in the wikis for two new features, but first wanted to test the ideas here and see whether there is agreement:
1) gw/ignore_info parameter
A file which allows certain entries not to be logged, particularly the "local" and "internal" HOST and USER-HOST entries which are anyway contained by the authorization conceot for transactions such as STMS and SM69 and SM37 (as well as some function modules which respect the application concepts, such as SXPG FMs).
This would mean one can only log (and have to read...) exceptions which are truely started or registered remotely!
2) gw/simulate_info parameter
A file which can represent the secinfo and reginfo files to show what would have happened if the real files were active.
The problem is that one cannot realistically test and let alone transport the files from DEV to QAS to PROD. You have to take risks when going live in PROD as the partners and jobs and various other dependencies (call backs) only happen there. Customers are very scraed of such Go-Lives regardless of the support offered (I sometimes spend the night clicking on a refresh button...). The ability to simulate the affect of an active secinfo and reginfo would be very cool.
Any support? If I have a few "thumbs up" then I will create a wiki for it after some discussion about whether a better approach is possible.
For sure something needs to be done, as if client systems using outbound gateway registrations fail to accept critical business data which then creates inconsistencies (customers hate that, even the thought of it!) then there is most likely no second chance to secure the gateway or RFC in general again.
Aye or nay or better suggestion?
Cheers,
Julius

What irritates me most is assumption security = SoD.
I try my best to move those to the GRC forum without delays... You can however also control many non-application specific parts of a SAP system from ABAP transactions and these are controlled by ABAP authorizations. ABAP is very powerful... A few examples are SE14, SM69 and (revelant to this example) also SMGW to transfer the control to the application layer by forcing it (local context of the USER-HOST). So authorizations are also important and omni-present (execpt for the config tool on the Java Stack...
While I am ranting another one is when you define your roles you are done with security for next 5 years and there is no need for budget. Who cares about patch Tuesdays and many other things.
A classic example of such a "5 year works out of the box" example, is a SAP_ALL minus a few things type role (imported manual authorizations into the role from SAP_ALL). That is a snapshot of SAP_ALL and any new objects introduced (with proposals introduced hopefully as well in SU24) will be unknown to it when you apply Support Packs or upgrade or add custom checks. It is bound to fail sooner or later, even although you think it cannot go wrong. A proliferation of SAP_NEW is a nice example of the symptom.
Currently the new object S_RO_OSOA is causing all sorts of havoc in this area (woth keepng an eye out for that one if it has not confronted you yet!) ....
Cheers,
Julius

Postfix Question

Hi all,
I think i need a postfix guru.
I have a Posffix mail server on a Tiger 10.4.9.
The osx-box has two gateways and two IPs. The first is the default gateway (en0 - IP 82.100.xxx.xxx) and the second should be the Postfix gateway (en2 - IP 88.80.xx.xx).
In Postfix's main.cf file setting the inet_interfaces to 88.80.xx.xx mean that Postfix will accept connctions to 88.80.xx.xx IP, but it will deliver mails through the default gateway ( en0 - 82.100.xxx.xxx). I need Postfix to deliver mail through the nondefaultgateway (en2 - 82.80.xx.xx).
Is there a way to do this ?
P.S. I cannot exchange the default_gateway with the nondefaultgateway.
TIA

The osx-box has two gateways and two IPs. The first is the default gateway (en0 - IP 82.100.xxx.xxx) and the second should be the Postfix gateway (en2 - IP 88.80.xx.xx).
You can't do this. It has nothing to do with Postfix, its basic TCP/IP networking.
Your system can only have one default gateway, and that gateway address will be used for all non-local traffic that does not have a more specific route defined. Normally this means that traffic to any host not on a local network will go through the one default gateway.
You can use a second gateway address, but only by telling the OS specifically which addresses to send through that router. Since routing is based on IP address and not protocol you cannot say 'send all mail through w.x.y.z', you can only say 'send all mail for a.b.c.d through w.x.y.z'. Unless you can predict the IP address of every mail server you're going to talk to, you're out of luck.

Connection Errors

I'm running 10.4 server (currently 10.4.2 but I've had the same problems on 10.4.4 and 10.4.7) as an internet gateway and content filter. I'm running DNS, DHCP, NAT, Squid Proxy Server and Dan's Guardian content filter. Starting recently, I've been having this problem: after boot up, the server runs fine for a few hours (2-4). Then trying to connect to it by ssh, remote desktop, or Server Admin either takes an extrodinarily long time (10+ minutes) or just times out. If you go to the physical machine it takes forever to log into it (if it ever finishes at all), and takes forever to launch apps. Server Admin gives me errors stating it's not able to communicate with various services, such as DHCP and web (which isn't even running). I've tried rebuilding the server several times, running all the updates, not running the updates, tweaking the DG and Squid configuraton, and nothing seems to make any difference. Right now I'm just running Squid, with DG turned off, still the same results. The system log has various errors in it - servermgrd frequently crashes, ard says there's no admin user, bootpd constantly announces the server's ip addresses and hostname. Below is an edited version of my log. I've taken out the dhcp ack and requests, because they're probably irrevelant to this issue, and I've edited out my host name and ip addresses for the sake of privacy. Does anyone have any ideas as to what the problem might be? I've searched on other forums, and found people with similar problems, but no solutions. Any help would be greatly appreciated.
Aug 10 03:14:58 gateway cp: error processing extended attributes: Operation not permitted
Aug 10 03:14:59 gateway cp: error processing extended attributes: Operation not permitted
Aug 10 03:14:59 gateway 700.daily.server.cyrus: Error: /etc/MailServicesOther.plist postfix does not contain a dictionary with key logrollingdays.
Aug 10 03:14:59 gateway cp: error processing extended attributes: Operation not permitted
Aug 10 03:30:27 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 03:30:27 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 03:34:38 gateway bootpd[1477]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 03:34:38 gateway bootpd[1477]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 03:34:38 gateway bootpd[1477]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 03:34:38 gateway bootpd[1477]: server name <my server's hostname>\
Aug 10 03:53:35 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 03:53:35 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 04:02:43 gateway ipfw: limit 1000 reached on entry 1030
Aug 10 04:04:20 gateway bootpd[1480]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 04:04:20 gateway bootpd[1480]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 04:04:20 gateway bootpd[1480]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 04:04:20 gateway bootpd[1480]: server name <my server's hostname>
Aug 10 04:17:13 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 04:17:13 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 04:30:53 gateway bootpd[1484]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 04:30:53 gateway bootpd[1484]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 04:30:53 gateway bootpd[1484]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 04:30:53 gateway bootpd[1484]: server name <my server's hostname>
Aug 10 04:41:11 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 04:41:11 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 04:55:37 gateway bootpd[1487]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 04:55:37 gateway bootpd[1487]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 04:55:37 gateway bootpd[1487]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 04:55:37 gateway bootpd[1487]: server name <my server's hostname>
Aug 10 05:03:44 gateway bootpd[1488]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 05:03:44 gateway bootpd[1488]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 05:03:44 gateway bootpd[1488]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 05:03:44 gateway bootpd[1488]: server name <my server's hostname>
Aug 10 05:05:34 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 05:05:34 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job remova
Aug 10 05:23:29 gateway bootpd[1491]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 05:23:29 gateway bootpd[1491]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 05:23:29 gateway bootpd[1491]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 05:23:29 gateway bootpd[1491]: server name <my server's hostname>
Aug 10 05:30:27 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 05:30:27 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 05:33:26 gateway bootpd[1494]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 05:33:26 gateway bootpd[1494]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 05:33:26 gateway bootpd[1494]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 05:33:26 gateway bootpd[1494]: server name <my server's hostname>
Aug 10 05:50:20 gateway bootpd[1495]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 05:50:20 gateway bootpd[1495]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 05:50:20 gateway bootpd[1495]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 05:50:20 gateway bootpd[1495]: server name <my server's hostname>
Aug 10 05:55:41 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 05:55:41 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 06:00:40 gateway bootpd[1511]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 06:00:40 gateway bootpd[1511]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 06:00:40 gateway bootpd[1511]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 06:00:40 gateway bootpd[1511]: server name <my server's hostname>
Aug 10 06:17:57 gateway bootpd[1512]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 06:17:57 gateway bootpd[1512]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 06:17:57 gateway bootpd[1512]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 06:17:57 gateway bootpd[1512]: server name <my server's hostname>
Aug 10 06:17:57 gateway bootpd[1512]: DHCP REQUEST [en1]: 1,0:14:a5:73:ba:4c
Aug 10 06:17:57 gateway bootpd[1512]: ACK sent <no hostname> 10.1.123.3 pktsize 300
Aug 10 06:21:19 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 06:21:19 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 06:22:27 gateway bootpd[1512]: DHCP REQUEST [en1]: 1,0:a:95:f3:cf:ac <D.PowerBook.Bean>
Aug 10 06:22:27 gateway bootpd[1512]: ACK sent D.PowerBook.Bean 10.1.123.10 pktsize 342
Aug 10 06:26:11 gateway bootpd[1512]: DHCP REQUEST [en1]: 1,0:14:a5:73:ba:4c
Aug 10 06:26:11 gateway bootpd[1512]: ACK sent <no hostname> 10.1.123.3 pktsize 300
Aug 10 06:32:50 gateway bootpd[1515]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 06:32:50 gateway bootpd[1515]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 06:32:50 gateway bootpd[1515]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 06:32:50 gateway bootpd[1515]: server name <my server's hostname>
Aug 10 06:47:27 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 06:47:27 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 06:49:50 gateway bootpd[1524]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 06:49:50 gateway bootpd[1524]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 06:49:50 gateway bootpd[1524]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 06:49:50 gateway bootpd[1524]: server name <my server's hostname>
Aug 10 07:02:32 gateway bootpd[1525]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 07:02:32 gateway bootpd[1525]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 07:02:32 gateway bootpd[1525]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 07:02:32 gateway bootpd[1525]: server name <my server's hostname>
Aug 10 07:13:56 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 07:13:56 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 07:20:09 gateway natd[261]: failed to write packet back (No route to host)
Aug 10 07:20:09 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:20:09 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:20:09 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:26:06 gateway natd[261]: failed to write packet back (No route to host)
Aug 10 07:26:06 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:26:07 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:26:07 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:26:07 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:26:07 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 07:32:14 gateway bootpd[1546]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 07:32:14 gateway bootpd[1546]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 07:32:14 gateway bootpd[1546]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 07:32:14 gateway bootpd[1546]: server name <my server's hostname>
Aug 10 07:40:49 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 07:40:49 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 07:55:31 gateway bootpd[1550]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 07:55:31 gateway bootpd[1550]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 07:55:31 gateway bootpd[1550]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 07:55:31 gateway bootpd[1550]: server name <my server's hostname>
Aug 10 08:08:12 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 08:08:12 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 08:10:36 gateway sshd[1554]: fatal: Timeout before authentication for 10.1.123.1
Aug 10 08:25:11 gateway natd[261]: failed to write packet back (No route to host)
Aug 10 08:25:11 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 08:25:12 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 08:25:12 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 08:25:12 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 08:25:12 gateway natd[261]: failed to write packet back (Host is down)
Aug 10 08:26:51 gateway bootpd[1580]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 08:26:51 gateway bootpd[1580]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 08:26:51 gateway bootpd[1580]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 08:26:51 gateway bootpd[1580]: server name <my server's hostname>
Aug 10 08:35:56 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 08:35:56 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 08:49:03 localhost kernel[0]: standard timeslicing quantum is 10000 us
Aug 10 08:49:03 localhost lookupd[54]: lookupd (version 365) starting - Thu Aug 10 08:49:03 2006
Aug 10 08:49:03 localhost kernel[0]: vmpagebootstrap: 509454 free pages
Aug 10 08:49:03 localhost watchdogtimerd: Automatic reboot timer enabled.
Aug 10 08:49:03 localhost kernel[0]: migtable_maxdispl = 70
Aug 10 08:49:03 localhost kernel[0]: 90 prelinked modules
Aug 10 08:49:03 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Aug 10 08:49:03 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Aug 10 08:49:03 localhost kernel[0]: using 5242 buffer headers and 4096 cluster IO buffer headers
Aug 10 08:49:03 localhost kernel[0]: DART enabled
Aug 10 08:49:03 localhost kernel[0]: MacRISC4CPU: publishing BootCPU
Aug 10 08:49:03 localhost kernel[0]: Enabling ECC Error Notifications
Aug 10 08:49:03 localhost kernel[0]: FireWire (OHCI) Apple ID 42 built-in now active, GUID 001124ff fe401f72; max speed s800.
Aug 10 08:49:03 localhost kernel[0]: Security auditing service present
Aug 10 08:49:03 localhost kernel[0]: BSM auditing present
Aug 10 08:49:03 localhost kernel[0]: disabled
Aug 10 08:49:03 localhost kernel[0]: rooting via boot-uuid from /chosen: 022D55F8-6B93-3998-98BF-77A1364E9099
Aug 10 08:49:03 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Aug 10 08:49:03 localhost kernel[0]: Got boot device = IOService:/MacRISC4PE/ht@0,f2000000/AppleMacRiscHT/pci@7/IOPCI2PCIBridge/k2-sat a-root@C/AppleK2SATARoot/k2-sata@0/AppleK2SATA/ATADeviceNub@0/IOATABlockStorageD river/IOATABlockStorageDevice/IOBlockStorageDriver/HDS728080PLA380 Media/IOApplePartitionScheme/AppleHFS_Untitled1@3
Aug 10 08:49:03 localhost kernel[0]: BSD root: disk0s3, major 14, minor 2
Aug 10 08:49:03 localhost kernel[0]: jnl: replay_journal: from: 6860800 to: 5859328 (joffset 0x267000)
Aug 10 08:49:03 localhost kernel[0]: hfs mount: enabling extended security on Gateway
Aug 10 08:49:03 localhost kernel[0]: HFS: Removed 2 orphaned unlinked files
Aug 10 08:49:03 localhost kernel[0]: Jettisoning kernel linker.
Aug 10 08:49:03 localhost kernel[0]: Resetting IOCatalogue.
Aug 10 08:49:03 localhost kernel[0]: Matching service count = 0
Aug 10 08:49:03 localhost kernel[0]: Matching service count = 10
Aug 10 08:49:03 localhost kernel[0]: Matching service count = 10
Aug 10 08:49:03 localhost kernel[0]: Matching service count = 10
Aug 10 08:49:03 localhost kernel[0]: Matching service count = 10
Aug 10 08:49:03 localhost kernel[0]: AppleRS232Serial: 44277020 80013020 chip base, virtual, physical
Aug 10 08:49:03 localhost kernel[0]: IOPlatformControl::registerDriver Control Driver AppleSlewClock did not supply target-value, using default
Aug 10 08:49:03 localhost kernel[0]: BCM5701Enet: Ethernet address 00:0d:93:9d:98:05
Aug 10 08:49:03 localhost kernel[0]: BCM5701Enet: Ethernet address 00:0d:93:9d:98:06
Aug 10 08:49:04 localhost diskarbitrationd[36]: disk0s3 hfs 022D55F8-6B93-3998-98BF-77A1364E9099 Gateway /
Aug 10 08:49:04 localhost launchd: org.postfix.master: exited with exit code: 1
Aug 10 08:49:04 localhost launchd: org.postfix.master: respawning too quickly! throttling
Aug 10 08:49:04 localhost launchd: org.postfix.master: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 08:49:04 localhost launchd: org.postfix.master: will restart in 10 seconds
Aug 10 08:49:04 localhost kernel[0]: AppleBCM5701Ethernet - en0 link active, 100-Mbit, full duplex, no flow control
Aug 10 08:49:05 localhost servermgrd: servermgr_dns: Couldn't get the primary address
Aug 10 08:49:05 gateway kernel[0]: AppleBCM5701Ethernet - en1 link active, 100-Mbit, full duplex, no flow control
Aug 10 08:49:05 gateway configd[34]: setting hostname to "<my server's hostname>"
Aug 10 08:49:05 gateway servermgrd: cupsd's bootstrap server port not found
Aug 10 08:49:05 gateway servermgrd: cupsd's bootstrap server port not found
Aug 10 08:49:05 gateway servermgrd: cupsd's bootstrap server port not found
Aug 10 08:49:05 gateway servermgrd: cupsd's bootstrap server port not found
Aug 10 08:49:06 gateway mDNSResponder: Adding browse domain local.
Aug 10 08:49:06 gateway kernel[0]: AppleBCM5701Ethernet - en0 link active, 100-Mbit, full duplex, no flow control
Aug 10 08:49:08 gateway kernel[0]: AppleBCM5701Ethernet - en1 link active, 100-Mbit, full duplex, no flow control
Aug 10 08:49:08 gateway configd[34]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-net work
Aug 10 08:49:08 gateway configd[34]: posting notification com.apple.system.config.network_change
Aug 10 08:49:08 gateway lookupd[76]: lookupd (version 365) starting - Thu Aug 10 08:49:08 2006
Aug 10 08:49:09 gateway squid[138]: Squid Parent: child process 141 started
Aug 10 08:49:09 gateway servermgrd: servermgr_dns: Reloaded named
Aug 10 08:49:10 gateway kernel[0]: ATY,Bugsy_A: vram [a8000000:08000000]
Aug 10 08:49:11 gateway kernel[0]: ATY,Bugsy_B: vram [a0000000:08000000]
Aug 10 08:49:11 gateway /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Aug 10 08:49:11 gateway automount[197]: deferring user logout notification while init is in progress...
Aug 10 08:49:11 gateway loginwindow[200]: Login Window Started Security Agent
Aug 10 08:49:12 gateway automount[197]: reposting deferred logout notification.
Aug 10 08:49:12 gateway servermgrd: servermgr_dns: Reloaded named
Aug 10 08:49:16 gateway /usr/sbin/serialnumberd[190]: serialnumberd: Firewall rule #1 added to allow port 626.
Aug 10 08:49:17 gateway ARDAgent [219]: ******ARDAgent Launched******
Aug 10 08:49:17 gateway ARDAgent [219]: ******ARDAgent Ready******
Aug 10 08:49:19 gateway ntpdate[88]: no server suitable for synchronization found
Aug 10 08:49:20 gateway configd[34]: target=enable-network: disabled
Aug 10 08:49:20 gateway /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Disabled firewall
Aug 10 08:49:20 gateway /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Flushed rules
Aug 10 08:49:21 gateway /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:nat divert rule for interface 'en0' added to firewall
Aug 10 08:49:21 gateway /usr/sbin/serveradmin: servermgr_ipfilter:ipfw config:Notice:Enabled firewall
Aug 10 08:49:21 gateway /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:natd launch requested
Aug 10 08:49:21 gateway /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:Deleted old NAT rule
Aug 10 08:49:21 gateway /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:nat divert rule for interface 'en0' added to firewall
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:27 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: HTTPREQUESTFAILED: https://gateway.local:311/commands/servermgr_info: authorization required
Aug 10 08:49:28 gateway DirectoryService[42]: Failed Authentication return is being delayed due to over five recent auth failures for username: admin.
Aug 10 08:50:11 gateway servermgrd: servermgr_ipfilter:ipfw config:Notice:Disabled firewall
Aug 10 08:50:11 gateway servermgrd: servermgr_ipfilter:ipfw config:Notice:Flushed rules
Aug 10 08:50:12 gateway /usr/sbin/serveradmin: servermgr_nat: nat config:Notice:nat divert rule for interface 'en0' added to firewall
Aug 10 08:50:12 gateway servermgrd: servermgr_ipfilter:ipfw config:Notice:Enabled firewall
Aug 10 08:50:25 gateway sudo: admin : TTY=ttyp1 ; PWD=/Users/admin ; USER=root ; COMMAND=/usr/bin/killall dansguardian
Aug 10 08:50:53 gateway kernel[0]: arp: 10.1.96.17 moved from 00:0d:93:69:7a:58 to 00:0d:93:69:78:58 on en1
Aug 10 08:50:56 gateway bootpd[299]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 08:50:56 gateway bootpd[299]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 08:50:56 gateway bootpd[299]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 08:50:56 gateway bootpd[299]: server name <my server's hostname>
Aug 10 08:51:19 gateway /usr/sbin/serialnumberd[190]: serialnumberd: Firewall rule #1 added to allow port 626.
Aug 10 09:01:21 gateway bootpd[362]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 09:01:21 gateway bootpd[362]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 09:01:21 gateway bootpd[362]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 09:01:21 gateway bootpd[362]: server name <my server's hostname>
Aug 10 09:20:03 gateway bootpd[471]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 09:20:03 gateway bootpd[471]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 09:20:03 gateway bootpd[471]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 09:20:03 gateway bootpd[471]: server name <my server's hostname>
Aug 10 09:26:44 gateway bootpd[514]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 09:26:44 gateway bootpd[514]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 09:26:44 gateway bootpd[514]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 09:26:44 gateway bootpd[514]: server name <my server's hostname>
Aug 10 10:00:46 gateway bootpd[711]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 10:00:46 gateway bootpd[711]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 10:00:46 gateway bootpd[711]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 10:00:46 gateway bootpd[711]: server name <my server's hostname>
Aug 10 10:11:06 gateway servermgrd: [47] error in getAndLockContext: flock(servermgr_netboot) FATAL time out
Aug 10 10:11:06 gateway servermgrd: [47] process will force-quit to avoid deadlock
Aug 10 10:11:06 gateway launchd: com.apple.servermgrd: exited with exit code: 1
Aug 10 10:11:06 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 10:15:32 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 10:15:32 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 10:16:37 gateway sshd[756]: fatal: Timeout before authentication for 10.1.123.1
Aug 10 10:18:04 gateway bootpd[711]: DHCP REQUEST [en1]: 1,0:14:a5:73:ba:4c
Aug 10 10:18:04 gateway bootpd[711]: ACK sent <no hostname> 10.1.123.3 pktsize 300
Aug 10 10:21:04 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 10:21:04 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 10:28:03 gateway launchd: com.apple.servermgrd: exited abnormally: Broken pipe
Aug 10 10:28:03 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 10:30:28 gateway bootpd[765]: interface en0: ip <external ip> mask 255.255.25.0
Aug 10 10:30:28 gateway bootpd[765]: interface en1: ip <internal ip1> mask 255.255.224.0
Aug 10 10:30:28 gateway bootpd[765]: interface en1: ip <internal ip2> mask 255.255.224.0
Aug 10 10:30:28 gateway bootpd[765]: server name <my server's hostname>
Aug 10 10:34:13 gateway servermgrd: [762] error in getAndLockContext: flock(servermgr_dhcp) FATAL time out
Aug 10 10:34:13 gateway servermgrd: [762] process will force-quit to avoid deadlock
Aug 10 10:34:13 gateway launchd: com.apple.servermgrd: exited with exit code: 1
Aug 10 10:34:13 gateway launchd: com.apple.servermgrd: 9 more failures without living at least 60 seconds will cause job removal
Aug 10 10:36:05 gateway ARDAgent [219]: ValidDHEXAdmin unexpected error -14136
Aug 10 10:36:05 gateway ARDAgent [219]: entry not found for admin
Aug 10 10:36:05 gateway ARDAgent [219]: entry not found for admin
Aug 10 10:36:05 gateway ARDAgent [219]: entry not found for admin
Aug 10 10:36:05 gateway ARDAgent [219]: entry not found for admin
Aug 10 10:36:05 gateway ARDAgent [219]: entry not found for admin
Aug 10 10:36:05 gateway ARDAgent [219]: entry not found for admin
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
Aug 10 10:36:09 gateway /Applications/Server/Server Admin.app/Contents/MacOS/Server Admin: [273] ServerManager session failed in connect(gateway.local,127.0.0.1,311): 54
xserve dual g5 2.3 ghz Mac OS X (10.4.2) 2 GB RAM, 80 GB HD

Forgot to mention -
if you SSH into the server before it starts having problems, you can continue to work on it once it does. The last time I did this I found that the system really wasn't doing much - it had 93% of the CPU free, 1.64 GB of RAM free (of 2 GB total), and only had about 30 network connections.
Also, according to the firewall log, people are trying to get into my proxy server, but they are being blocked, so I don't think it's anyone relaying spam or anything though the system.

Which Apple servers are used for authentification?

Hello.
I use iPad in corporate network via WiFi.
Network is secured by gateway, which stands as a proxy for any inside/outside traffic.
I have an issue - while using AppStore on iPad, after pressing Install button on any application, I got error message:
'Couldn't connect to Store. Unable to setup secure connection to server. Check time settings' (the message is in Russian, so it's not 100% accurate translation).
The issue is solved very easy - if I would press Install while I'm on GSM network internet (3G), app is starting to download. Then I presson app to pause, turn on WiFi and press app to continue - voila, it's downloaded with no problems. So the issuer is narrowed only to failed authentification via gateway, because downloading itself is going OK.
Admins have to add iTunes servers to white list in order to provide working authentification, but couldn't finf exact list of what Apple servers' IP / domain names to add. Does anybody have this info?

Hi,
For general ledger :
http://help.sap.com/saphelp_nw70/helpdata/en/57/dd153c4eb5d82ce10000000a114084/frameset.htm
This is the best how-to guide on AP,AR,GL and TAX.
http://help.sap.com/saphelp_nw04/helpdata/en/af/16533bbb15b762e10000000a114084/frameset.htm
Hope it helps.
Regards,
Srikanth.

How to deploy mobile application

Hello folks...
A few quick basic question... How do you start on deployment of mobile platform for SAP...
What are the hardware and software requirements... what is the process...
Can someone help...???
Regards,
Harshal

Hi Harshal,
If you are trying consume SAP backend data on mobile device, below are the setups needed.
1. SUP2.1 server installed.
2. Relay server
3. SAP Netweaver Gateway 2.0
Connectivity would be like Gateway<> SUP<>Relay Server<-->Device
Once you have the above setup ready, you need to do the below configurations.
1. Configure releay server in SCC.
2. Create security configuration in SCC.
3. Create application connection in SCC providing Gateway Service Doc/Proxy URL.
4. Register the application and start using it with SAP backend.
Once you download and install the app, you need to register them with SUP. Applications will have a registration page asking you the details like SUP server Host/Port,Company ID, User,Security Configuration, Gateway User/Password etc..
Apllications will be identified at SCC using the APPID. Every app is having a unique predefined APPID. You need to create a new application connection in your SCC with this APPID.
User authorization will be based on the registration type choosen.
1. If Manual registration is choosen, then you need to create a User in SCC with some activation code. During registration, the user and activation code sent from application is compared against this.
2. If you choose SSO, the user is vaildated by a ticket issuing system.
Regards
Rohith

Server ---IP address//redirection..Pls

I am new to this Please help me
i am using JSPs
i wanna a redirect my clients request to a secure payment
gateway (Bank here after) ,But while doing so the Bank needs the
invoked IP is from the server(constant) but always I try this Bank gets the clients IP address
instead, i used sendredirest or jsp:forward ,
is there any other alternatives to achieve this ,Please help me
NB:- I tried with URLconnection directly from server but it failed as the
Bank url holds a https protocol

Hi,
You can use filters which are part of Servlet & JSP s latest specification, to
change the contents of the request before forwarding.You can find more information
on this technology at http://java.sun.com/jsp.Also there is an white paper on filters http://java.sun.com/products/servlet/Filters.html.
Hope this helps.
Good Luck.
Gayam.Srinivasa Reddy
Developer Technical Support
Sun Micro Sysytems
http://www.sun.com/developers/support/

ACS and SQL Audit

ACS could collect windows security event log but could not collect SQL audit log by default.
but if we configure SQL 2008 to write its log to windows security event log, ACS could collect these logs and produce reports, right?
Do we need any customization of SCOM for this? Thanks.

Hi again, the solution we're using is http://pinpoint.microsoft.com/en-US/applications/progel-security-log-gateway-12884904459,
this solution can parse the events splitting the token in various attributes/parameters to make them more meaningful in ACS.
- Daniele
Microsoft MVP System Center Cloud and Datacenter Management
Unisciti alla community italiana per System Center
http://www.ugisystemcenter.org
http://nocentdocent.wordpress.com
This posting is provided “AS IS” with no warranties, and confers no rights.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Connecting to Oracle Configurator schema in EBS 11.5.10

Hello,
Is it possible to connect remotely (from different machine) to Oracle Configurator schema using CZWebAppsContext provided no networking issues? I've copied dbc file locally from EBS server and I've tried different CZWebAppsContext constructor calls to no avail. Perhaps I need to modify the dbc file?
I get following exception:
Exception in thread "main" java.lang.RuntimeException: Null JDBC Connection returned from connection pool.
Contents of CZWebAppsContext error stack: AOLJ_JAVA_EXCEPTION (MESSAGE=Not able to create new database connection: FND FILE_NOT_READABLE N FILE http://server:1557/OA_HTML/env.txt)
SECURITY-No gateway reconnect
AOLJ_JAVA_EXCEPTION (MESSAGE=ProfileCache: getLocalJDBCConnection() == null)
AOLJ_JAVA_EXCEPTION (MESSAGE=Not able to create new database connection: FND FILE_NOT_READABLE N FILE http://server:1557/OA_HTML/env.txt)
SECURITY-No gateway reconnect
AOLJ_JAVA_EXCEPTION (MESSAGE=Not able to create new database connection: FND FILE_NOT_READABLE N FILE http://server:1557/OA_HTML/env.txt)
SECURITY-No gateway reconnect
FILE_NOT_READABLE (FILE=http://server:1557/OA_HTML/env.txt)
     at oracle.apps.cz.common.CZWebAppsContext.getJDBCConnection(CZWebAppsContext.java:116)
     at oracle.apps.fnd.security.SessionManager.validateLogin(SessionManager.java:1351)
     at package.TestClass.main(TestClass.java:21)
Indeed there is no http://server:1557/OA_HTML/env.txt
Code:
public static void main(String[] args) throws ClassNotFoundException {
     Class.forName("oracle.jdbc.driver.OracleDriver");
     CZWebAppsContext czContext = new CZWebAppsContext("server", "1557", "c:\\Temp\\dcp.dbc" );
     SessionManager mgr = czContext.getSessionManager();
     // line below throws
     boolean valid = mgr.validateLogin(***, ***);
DBC file:
#DB Settings
#Thu Feb 04 17:18:12 CET 2010
GUEST_USER_PWD=***/***
APPL_SERVER_ID=***
FND_JDBC_BUFFER_DECAY_INTERVAL=300
APPS_JDBC_DRIVER_TYPE=THIN
FND_JDBC_BUFFER_MIN=1
GWYUID=***/***
FND_JDBC_BUFFER_MAX=5
APPS_JDBC_URL=jdbc\:oracle\:thin\:@(DESCRIPTION\=(LOAD_BALANCE\=YES)(FAILOVER\=YES)(ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=tcp)(HOST\=server)(PORT\=1557)))(CONNECT_DATA\=
(SID\=POC)))
FND_JDBC_STMT_CACHE_FREE_MEM=TRUE
FND_JDBC_STMT_CACHE_SIZE=200
TWO_TASK=POC
FND_MAX_JDBC_CONNECTIONS=500
FND_JDBC_USABLE_CHECK=false
FNDNAM=APPS
FND_JDBC_PLSQL_RESET=false
DB_PORT=1557
FND_JDBC_CONTEXT_CHECK=true
FND_JDBC_BUFFER_DECAY_SIZE=5
DB_HOST=server
Thanks.
Marcin

Pl also see ML Note 403261.1. See the aflobbld.sql file for instructions on what parameters to pass.
Srini

Assistant needs access to boss's calendar on Exchange on her iphone

I have a dilemma.
The assistant already has access to her boss's calendar on her Outlook 2007 on Exchange 2010. But not on her iphone. She has her calendar but cannot get to her boss's calendar. How can I make this work?
We are using Air-Watch MDM to enroll and manage the iPhones.
Thanks,

We are also using AirWatch in my company and have been asked a similar question for some assistants. Let me first state that while it is possible - there are numerous cautions to doing this!
If the assistant's phone is properly enrolled and they receive their data from Exchange, you can manually create another Exchange account on their iPhone for their manager and select what deliverables they would like to sync. AirWatch's SEG (Secure Email Gateway) will use the compliance of her/his iPhone to passthrough to Exchange any valid account on that device. Unlike Outlook/Exchange - there is no view only for the assistant, they will have full control of that mailbox - this gets confusing with things like calendar - because they will get notifications for both meetings and the pop-ups do not indicate which account they are for. (there is some setting changes you can make to set the assistants calendar as the default, but I have not seen notifications on/off per calendar account - only the calendar as a whole).
When we tested this, we are not using certificates to sync the passwords (that's another discussion), so everytime the manager changes their AD password (which we sync with their Outlook password), they would have to go and manually change it on the assistants phone.
In short - it is possible to have multiple accounts on an enrolled device, but the additional ones will need to be manually created (since the EAS payload pulls the Enrolled Information from the AirWatch agent for email setup), they will have full access to that mail account and can get confusing on the calendar side.

Secure postfix gateway

Similar Messages

Maybe you are looking for