WebSiteTemplate.org
AngelTech.US

Apple Certified Professional
Member of Apple Certification Alliance


Microsoft Certified Professional
Member of Microsoft Certified Professional

Having computer problems? Let our professionals solve them and help the poor at the same time!

Call us now (408) 916 - 3614 | support@angeltech.us

Apple

Install SSL certificate for Apache on OS X 10.4 (Tiger)

Go to /opt/apache2/conf/ssl.key
Generate server keyopenssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:

After you get a new .crt file from you SSL vendor like Thaw or ipsCA, you can use the Web Server Admin GUI interface to import this new CUSTOM certificate using the paths below:

Certificate File:/opt/apache2/conf/ssl.crt/my_server_new_SSL_cert.crt
Private Key File:/opt/apache2/conf/ssl.key/server.key
Certificate Authority File:/opt/apache2/conf/ssl.crt/server.csr
Private Key Passphrase: use the one that you created at earlier steps


  • If you use Entourage 2004 and try to open another user mailbox or calendard folder without any success, try to add that user under the Delegate tab in your Account Settings
  • Apple keyboards and keyboard mapping in Windows XP
  • Macintosh with OS X boot proccess
  • Open Firmware commands
  • Secure remote desktop to XP Promachine using SSH tunneling using OS X UNIX command and a free Remote Desktop client from Microsoft
ssh -2 -L 3389:XP_Pro_IP_Address:3389 username@SSH_Server
Explaination:
-2 means using ssh protocol version 2 only (more secure than version 1)
-L 3389:XP_Pro_IP_Address:3389 means listening on port 3389 on the local machine and forward all packets from this port to the machine with the provided IP address also on remote port 3389 (this is the default port XP Remote Desktop communicates)
username@SSH_Server means that you are trying to create a tunnel from this mac computer to the SSH server
Instead of typing the above command line everytime you want to use it, you can create an alias in the .cshrc or .profile file as follow:
for bash shell/Panther
alias rd="ssh -2 -L 3389:XP_Pro_IP_Address:3389 username@SSH_Server"
for tcsh shell/Jaguar
alias rd ssh -2 -L 3389:XP_Pro_IP_Address:3389 username@SSH_Server
So when use, just type rd in the terminal and login to SSH server with your password
Quit Safari completely and logon as ROOT/ADMINISTRATOR of the system. Open up the terminal and type the following command
defaults write com.apple.Safari WebKitInitialTimedLayoutDelay 0.25
  • Safari is a tab browsing browser. To enable this feature, go to Safari/Preferences/Tabs and check the box there. While you in this Tabs window, learn how to use it using keys+click.
  • You can use Disk Utility that comes with OS X 10.3 to create a hard drive image and later replicate this image to a different/bigger hard drive; however, after Restore, you need to bless the System folder with the following command in the Terminal (everything below is in 1 line) For more info, visit this Apple article
#sudo bless -folder /Volumes/Your_Volume_Name/System/Library/CoreServices
-bootinfo /usr/standalone/ppc/bootx.bootinfo
  • OS X (at least Panther that I know) has built-in VNC server which can be used to access your Mac desktop remotely. After update usingthe Apple Remote Desktop Update 2.2 http://www.apple.com/support/downloads/appleremotedesktopupdate22.htmlgo to System Preferences>Sharing>Apple Remote Desktop>Access Privileges>check the box "VNC viewers may control screen with password" and type in a password that you want to access this Mac. From other machine (*NIX/OSX/Windows) using standard VNC client to connect to this Mac. I use TightVNC client on my Windows XP to connect to this Mac.
  • You may find that you are completely unable to mount SMB volumes shared by Windows Server 2003 by using the "Go->Connect To Server" option in Mac OS X. This is a result of new encryption introduced with Windows Server 2003. Symptoms of this problem are errors about invalid usernames or passwords or errors like this logged in the console:
mount_smbfs: No credentials cache found krb5_cc_get_principal
mount_smbfs: tree connect phase failed: syserr = Permission denied
You may still be able to browse the file shares fine with smbclient, it is the mount_smbfs tool that fails (which is used by the "Connect To Server" menu option).
The easiest solution to this problem is to disable the default server setting of always requiring "digitally signed communication". To do this, log in to the domain controller and open the DC policy editor. Look for "Security Settings -> Local Policies -> Security Options" and change "Microsoft network server: Digitally sign communications (always)" from "Enabled" to "Disabled". Leave everything else. This means that the server will digitally sign communications if the client is capable, but won't reject a connection if your client is not. See this Microsoft KB article for more info 823659
  • To burn ISO image on OS X, launch Terminal then type

hdiutil burn image.iso

  • Here is how to configure SquirrelMail webmail on OS X 10.4:
  1. Turn on Web service under Server Admin control panel
  2. Under Web Settings, edit the default site under Sites to turn on WebMail option
  3. After turn on webmail option, you should be able to see http://www.defaultsite.com/webmail
  4. Launch Terminal and su to root
  5. Go to /etc/squirrelmail/config
  6. Run ./conf.pl to configure SquirrelMail

How to Configure OS X 10.4.8 (Tiger) as Email Gateway for Multiple Email Domains

If you want to scrub email for virus and bad attachments before deliver email to multiple domain on your network, you can setup Mac OS X 10.4.8 as an email gateway to do just that. This OS version use PostFix as its email software.

1. Make a backup copy of the following files first before edit them. Edit files under root credential

Add the following to the end of /etc/postfix/main.cf

#THE FOLLOWING DEFAULTS ARE SET BY me FOR my company EMAIL GATEWAY

#Disable local mail delivery by setting mydestination to blank
mydestination =
local_recipient_maps =
local_transport = error:local mail delivery is disabled

#Since the email gateway cannot receive email for local users, we need to
#set the originating domain to something sensible
myorigin = mycompany1.com

#Here we define email domains that we want to accept email for
relay_domains = mycompany1.com, mycompany2.com, subdomain.mycompany3.com

#Set mapping between domains and SMTP servers where the mail get forwarded
transport_maps = hash:/etc/postfix/transport

#Even though local mail delivery is disabled, the email gateway is still
#supposed to accept emails to postmaster and abuse. to do so, define a virtual
#alias map here
virtual_alias_maps = hash:/etc/postfix/virtual

#Here we define which networks are allowed to relay mail through this host
mynetworks = 127.0.0.1/32,your-subnet/32,you-other-subnet/16

#REJECT email with bad file attachment extensions in the header_checks file
header_checks = regexp:/etc/postfix/header_checks

#REJECT email servers with no reverse DNS to prevent spam
smtpd_client_restrictions = reject_unknown_client

#Verify recipient address before delivery to prevent spam and email sends to disable
#or no longer in use email address. reject_unauth_destination is required
smtpd_recipient_restrictions =
permit_mynetworks
reject_unauth_destination
reject_unknown_recipient_domain
reject_unverified_recipient


Add the following to the end of /etc/postfix/transport

#THE FOLLOWING DEFAULTS ARE SET BY me

#Since this is an email gateway and we disable local delivery, we need to set
#a relationships between email domains and their smtp servers

mycompany1.com smtp:server1.mycompany1.com
mycompany2.com smtp:server1.mycompany2.com
subdomain.mycompany1.com smtp:server1.subdomain.mycompany.com

Add the following to the end of /etc/postfix/virtual

#THE FOLLOWING DEFAULTS ARE SET BY me

#Since we disable local mail delivery, setup /etc/aliases to forward email
#has no effect. So here we will map local addresses to actual email addresses

postmaster me@mycompany1.com
abuse me@mycompany1.com
root me@mycompany1.com

Add the following to the end of /etc/postfix/check_headers

#Banned file extension list from www.sharepointblogs.com/andymay/articles/3386.aspx
#Make sure the extension list below is 1 continuous line

/^content-(type|disposition):.*name[[:space:]]*=.*\.(ade|adp|app|asa|asp|asd|awk|bas|bat|cdx|cer|cgi|chm|cil|
chm|class|cmd|com|cpl|crt|csh|dek|dll|ds|eml|emf|esh|exe|ezs|fky|fxp|hlp|hta|htr|htw|ida|idc|idq|inf|ins|inx|ipf|
isp|its|jar|js|jse|ksh|lnk|mad|maf|mag|mam|maq|mar|mas|mat|mau|maw|mda|mdb|mde|mdt|mdw|mdz|mem|
mpx|msc|msi|msp|mst|nws|obs|ocx|ops|pcd|pif|prf|prg|printer|pst|pvd|pwc|pyc|pyo|pqx|reg|rgs|rox|scf|scr|sct|
shb|shs|shtml|stm|tlb|tms|udf|url|vb|vbe|vbs|vbscript|vdo|wcm|widget|workflow|wpk|ws|wsc|wsf|wsh|xqt)/
REJECT Bad attachment file name extension: $2

Un-comment the following line in the file /etc/postfix/master.cf to disable local email delivery

#local unix - n n - - local

2. Now we need to hash transport and virtual files before we start the mail server, or we will get the following error: fatal: open database /etc/postfix/transport.db or fatal: open database /etc/postfix/virtual.db

postmap transport
postmap virtual

3. Test using telnet from a machine on a different subnet

telnet server1.mycompany1.com smtp
Trying 192.16.1.2 ...
Connected to server1.mycompany1.com.
Escape character is '^]'.
220 server1.mycompany1.com ESMTP Postfix
EHLO locahost
250-server1.mycompany1.com
250-PIPELINING
250-SIZE 31457280
250-VRFY
250-ETRN
250 8BITMIME
MAIL FROM: <me@mycompany1.com>
250 Ok
RCPT TO: <me@mycompany2.com>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: test
test 1 2 3
.
250 Ok: queued as 164D7D47EA
QUIT
221 Bye
Connection closed by foreign host.

4. If you want to fix "X-Virus-Scanned: by amavisd-new at" in your email header to "X-Virus-Scanned: by amavisd-new at server1.mycompany1.com", then edit the $X_HEADER_LINE in /etc/amavisd.conf

ABOUT US > RESOURCES > Technical How To > Apple [Print Version]

Copyright 2006 - 2010 AngelTech.US