问题[mac-osx-server](server)

突然间，我的 RADIUS 身份验证在运行 10.13.6 和服务器版本 5.6.1 (17S2109.

我已经恢复了 Open Directory Server。

$ host name.domain.tld
name.domain.tld has address xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
xxx.xxx.xxx.xxx.in-addr.arpa domain name pointer name.domain.tld.
$ kinit account
account@name.domain.tld's password: 
kinit: krb5_get_init_creds: Client (account@name.domain.tld) unknown
$ klist
klist: krb5_cc_get_principal: No credentials cache file found
$ sudo slaptest -f /private/etc/openldap/slapd.conf -v
Password:
5c5fd38c bdb_monitor_db_open: monitoring disabled; configure monitor database to enable
config file testing succeeded

当尝试按照 Apple 的文档将预装的 RADIUS 替换为 FreeRADIUS 时：

运行以下命令： ls /usr/local/lib/rlm_opendirectory.* 您应该在输出中看到以下内容：

• rlm_opendirectory.a

• rlm_opendirectory.dylib

• rlm_opendirectory.la

在指定目录中找不到或不存在任何内容。

也没有找到文件

ls /usr/local/Cellar/freeradius-server/3.0.17/lib/rlm_opendirectory.*

FreeRADIUS 的 brew 安装在哪里。

在检查管理工具半径的半径日志时，我得到：

Sun Feb 10 00:02:40 2019 : Error: TLS Alert read:warning:close notify
Sun Feb 10 00:02:40 2019 : Error:     TLS_accept: failed in SSLv3 read client key exchange A
Sun Feb 10 00:02:40 2019 : Error: rlm_eap: SSL error error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure
Sun Feb 10 00:02:40 2019 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails.
Sun Feb 10 00:02:40 2019 : Auth: Login incorrect (TLS Alert read:warning:close notify): [someone/<via Auth-Type = EAP>] (from client some_client port 0 cli xx-xx-xx-xx-xx-xx)

有没有办法排除故障，或者我应该擦除系统并重建服务器？

提前致谢！

更新

我继续安装 FreeRADIUS 但无法完成，因为 rlm_opendirectory.* 文件无处可寻/未生成或其他...

它们甚至在我系统的 Time Machine 备份中也不存在，但由于 RADIUS 直到昨天才启动并运行，opendirectory 库文件应该在某个地方！或者？

我真的希望有人能帮忙！

这是一个库存的 OS X 5.2 服务器邮件配置，我正在尝试更改它以使其拒绝带有“554 5.7.0 Reject”的垃圾邮件，然后再接受它而不向发件人发送任何额外的未送达通知。它被配置为接受带有“250 2.7.0 Ok”的垃圾邮件，然后将其丢弃或隔离开箱。这通常是用

$final_spam_destiny       = D_REJECT;
$warnspamsender = 0; (probably not necessary)

并且可以使用微调

$sa_dsn_cutoff_level = X;
$sa_crediblefrom_dsn_cutoff_level = X;

我遇到的问题是，尽管这些截止级别远低于特定邮件的实际垃圾邮件分数，但 DSN/退回仍然可以通过。它看起来像这样：

Oct 25 11:52:18 mailbox postfix/smtpd[52962]: 1CD504D13C96: client=mail.informark.co.ua[85.25.13.92]
Oct 25 11:52:18 mailbox postfix/cleanup[53010]: 1CD504D13C96: message-id=<11a201d22e97$126f7740$2adb3d4f@ynmyfnj>
Oct 25 11:52:19 mailbox postfix/qmgr[52740]: 1CD504D13C96: from=<ynmyfnj@informark.co.ua>, size=145530, nrcpt=1 (queue active)
Oct 25 11:52:20 mailbox postfix/smtp[53011]: 1CD504D13C96: to=<xxx@xxx.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=2.2, delays=1.1/0/0.02/1, dsn=5.7.0, status=bounced (host 127.0.0.1[127.0.0.1] said: 554 5.7.0 Reject, id=52765-01 - spam (in reply to end of DATA command))
Oct 25 11:52:20 mailbox postfix/bounce[53022]: 1CD504D13C96: sender non-delivery notification: 4B9804D13CB0
Oct 25 11:52:20 mailbox postfix/qmgr[52740]: 1CD504D13C96: removed

Oct 25 11:52:20 mailbox postfix/cleanup[53010]: 4B9804D13CB0: message-id=<20161025085220.4B9804D13CB0@xxx.xxx.com>
Oct 25 11:52:20 mailbox postfix/qmgr[52740]: 4B9804D13CB0: from=<>, size=3019, nrcpt=1 (queue active)
Oct 25 11:52:20 mailbox postfix/bounce[53022]: 1CD504D13C96: sender non-delivery notification: 4B9804D13CB0
Oct 25 11:52:20 mailbox postfix/smtp[53015]: 4B9804D13CB0: to=<ynmyfnj@informark.co.ua>, relay=mail.informark.co.ua[85.25.13.92]:25, delay=0.58, delays=0/0/0.26/0.32, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 9145D8C8CCC)
Oct 25 11:52:20 mailbox postfix/qmgr[52740]: 4B9804D13CB0: removed

amavis.log（调试级别 5）中的相关部分如下所示：

lookup [forward_method] => true,  "xxx@xxx.com" matches, result="smtp:[127.0.0.1]:10025", matching_key="(opaque:smtp:[127.0.0.1]:10025)"
delivery method is 1, recips: xxx@xxx.com
get_deadline quar+notif - deadline in 479.0 s, set to 288.000 s
prolong_timer quar+notif: timer 288, was 288, deadline in 479.0 s
DSN: sender NOT credible, SA: 15.417, <ynmyfnj@informark.co.ua>
lookup: (scalar) matches, result="-100"
lookup [spam_dsn_cutoff_level_bysender] => true,  "ynmyfnj@informark.co.ua" matches, result="-100", matching_key="(constant:-100)"
dsn: . 554 Spam <ynmyfnj@informark.co.ua> -> <xxx@xxx.com>: on_succ=0, on_dly=1, on_fail=1, never=0, warn_sender=, DSN_passed_on=, destiny=-3, mta_resp: "554 5.7.0 Reject, id=52765-01 - spam"
DSN: FAIL . 554 Spam, status propagated back: <ynmyfnj@informark.co.ua> -> <xxx@xxx.com>
delivery_status_notification: notif 0 bytes, suppressed: no
one_response_for_all, per_recip_capable: N, suppressed: N
one_response_for_all <ynmyfnj@informark.co.ua>: REJECTs, '554 5.7.0 Reject, id=52765-01 - spam'
notif=N, suppressed=0, ndn_needed=, exit=69, 554 5.7.0 Reject, id=52765-01 - spam
get_deadline delivery-notification - deadline in 479.0 s, set to 288.000 s
prolong_timer delivery-notification: timer 288, was 288, deadline in 479.0 s
status counters: InMsgsStatus{Rejected,RejectedInbound}
get_deadline snmp-counters - deadline in 479.0 s, set to 288.000 s
prolong_timer snmp-counters: timer 288, was 288, deadline in 479.0 s
orcpt_encode rfc822, xxx@xxx.com, smtputf8
oldest_public_ip_addr_from_received: 178.17.170.60
Blocked SPAM {RejectedInbound}, [85.25.13.92]:44462 [178.17.170.60] <ynmyfnj@informark.co.ua> -> <xxx@xxx.com>, Queue-ID: 1CD504D13C96, Message-ID: <11a201d22e97$126f7740$2adb3d4f@ynmyfnj>, mail_id: N0710n9hpdxw, Hits: 15.417, size: 145530, 1021 ms
get_deadline main_log_entry - deadline in 479.0 s, set to 288.000 s
prolong_timer main_log_entry: timer 288, was 288, deadline in 479.0 s
TIMING-SA total 817 ms - parse: 8 (1.0%), extract_message_metadata: 55 (6.7%), get_uri_detail_list: 1.42 (0.2%), tests_pri_-1000: 32 (3.9%), tests_pri_-950: 1.05 (0.1%), tests_pri_-900: 1.13 (0.1%), tests_pri_-400: 26 (3.1%), check_bayes: 24 (2.9%), b_tokenize: 11 (1.3%), b_tok_get_all: 3.5 (0.4%), b_comp_prob: 4.4 (0.5%), b_tok_touch_all: 0.80 (0.1%), b_finish: 1.12 (0.1%), tests_pri_0: 665 (81.4%), check_dkim_adsp: 479 (58.6%), check_spf: 43 (5.3%), poll_dns_idle: 0.28 (0.0%), check_pyzor: 0.25 (0.0%), tests_pri_500: 5 (0.7%), get_report: 0.77 (0.1%)
updating snmp variables in BDB
get_deadline check done - deadline in 479.0 s, set to 288.000 s
prolong_timer check done: timer 288, was 288, deadline in 479.0 s
sending SMTP response: "554 5.7.0 Reject, id=52765-01 - spam"
ESMTP> 554 5.7.0 Reject, id=52765-01 - spam
...
ESMTP< QUIT\r\n
...
ESMTP> 221 2.0.0 [127.0.0.1] amavisd-new closing transmission channel

结果，尽管明确告诉 amavis/postfix 不要向伪造的电子邮件地址发送退回邮件，甚至 amavis 在那里承认了我的愿望，但退回邮件仍然会被发送出去。我认为日志中的关键是单词“suppressed”，即“no”和“0”而不是“yes”和“1”，正如我在互联网上其他地方的 amavis 日志中看到的那样。

所以问题是我做错了什么以及是否可能有其他东西干扰设置，我也想知道调试它的最佳方法。显然，amavis 日志中的陈述是矛盾的。

我在混淆 Mac Server (El Capitan) 上的多个站点时遇到了麻烦。

在“网站”下，我想配置多个域。当我添加站点时，无法访问（即没有绿灯）。

网站服务

当我激活“DNS”或关闭“DNS”时，它不起作用。

DNS服务

我在 Hover 注册了我的域，每个域上的 DNS 记录都指向我的静态 IP。

我应该将 Mac 服务器上的 DNS 设置为 ON 还是 OFF？

我在 El Capitan 10.11.5 上设置了 OS X Server 5.1.5。我在 OSX Server 中启用了缓存服务器、打开目录和配置文件管理器。

我注册了 iOS 和 OSX 设备，并且配置有效负载与我的设备/设备组配合良好。

尽管我可以使配置正常工作，但我不知道如何管理应用程序或操作系统版本。是否可以从 OS X 服务器/配置文件管理器远程强制升级操作系统？我在优胜美地有许多 MacBook Air，我想强制它们都更新到 El Capitan。

全部，

我有一个奇怪的问题。我有一个旧的 Postfix smtp 服务器，它昨天才开始充当垃圾邮件的中继。据我所知，问题在于无论垃圾邮件机器人在做什么，都发现他们可以使用 fakeusername@mydomain.edu 发送电子邮件，通过我的服务器发送到任何地方。对于我的一生，我无法弄清楚如何防止这种情况发生。

在这一点上，邮件服务器仅用于接受一些内部别名的邮件，我们托管的邮递员列表（也是别名），并充当仍然将其设置为主 SMTP 服务器的几个用户的 SMTP 服务器。

所以，真的，我应该能够告诉服务器“只接受 SASL 身份验证的客户端，或者只接受发往本地帐户的邮件”，是吗？

其他信息，运行 Mac OS X Server 10.6.8，Postfix 2.5.14。Dovecot 被禁用。

这是我的 postconf，稍微擦洗了一下。我不明白这里缺少什么......但我猜这是显而易见的......

2bounce_notice_recipient = postmaster
access_map_reject_code = 554
address_verify_default_transport = $default_transport
address_verify_local_transport = $local_transport
address_verify_map = 
address_verify_negative_cache = yes
address_verify_negative_expire_time = 3d
address_verify_negative_refresh_time = 3h
address_verify_poll_count = 3
address_verify_poll_delay = 3s
address_verify_positive_expire_time = 31d
address_verify_positive_refresh_time = 7d
address_verify_relay_transport = $relay_transport
address_verify_relayhost = $relayhost
address_verify_sender = $double_bounce_sender
address_verify_sender_dependent_relayhost_maps = $sender_dependent_relayhost_maps
address_verify_service_name = verify
address_verify_transport_maps = $transport_maps
address_verify_virtual_transport = $virtual_transport
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases,hash:/var/mailman/data/aliases
allow_mail_to_commands = alias, forward
allow_mail_to_files = alias, forward
allow_min_user = no
allow_percent_hack = yes
allow_untrusted_routing = no
alternate_config_directories = 
always_bcc = 
anvil_rate_time_unit = 60s
anvil_status_update_time = 600s
append_at_myorigin = yes
append_dot_mydomain = yes
application_event_drain_time = 100s
authorized_flush_users = static:anyone
authorized_mailq_users = static:anyone
authorized_submit_users = static:anyone
backwards_bounce_logfile_compatibility = yes
berkeley_db_create_buffer_size = 16777216
berkeley_db_read_buffer_size = 131072
best_mx_transport = 
biff = no
body_checks = 
body_checks_size_limit = 51200
bounce_notice_recipient = postmaster
bounce_queue_lifetime = 5d
bounce_service_name = bounce
bounce_size_limit = 50000
bounce_template_file = 
broken_sasl_auth_clients = no
canonical_classes = envelope_sender, envelope_recipient, header_sender, header_recipient
canonical_maps = 
check_for_od_forward = yes
cleanup_service_name = cleanup
command_directory = /usr/sbin
command_execution_directory = 
command_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
command_time_limit = 1000s
config_directory = /etc/postfix
connection_cache_protocol_timeout = 5s
connection_cache_service_name = scache
connection_cache_status_update_time = 600s
connection_cache_ttl_limit = 2s
content_filter = smtp-amavis:[127.0.0.1]:10024
cyrus_sasl_config_path = 
daemon_directory = /usr/libexec/postfix
daemon_timeout = 18000s
data_directory = /var/lib/postfix
debug_peer_level = 2
debug_peer_list = 
default_database_type = hash
default_delivery_slot_cost = 5
default_delivery_slot_discount = 50
default_delivery_slot_loan = 3
default_destination_concurrency_failed_cohort_limit = 1
default_destination_concurrency_limit = 20
default_destination_concurrency_negative_feedback = 1
default_destination_concurrency_positive_feedback = 1
default_destination_rate_delay = 0s
default_destination_recipient_limit = 50
default_extra_recipient_limit = 1000
default_minimum_delivery_slots = 3
default_privs = nobody
default_process_limit = 100
default_rbl_reply = $rbl_code Service unavailable; $rbl_class [$rbl_what] blocked using $rbl_domain${rbl_reason?; $rbl_reason}
default_recipient_limit = 20000
default_recipient_refill_delay = 5s
default_recipient_refill_limit = 100
default_transport = smtp
default_verp_delimiters = +=
defer_code = 450
defer_service_name = defer
defer_transports = 
delay_logging_resolution_limit = 2
delay_notice_recipient = postmaster
delay_warning_time = 0h
deliver_lock_attempts = 20
deliver_lock_delay = 1s
destination_concurrency_feedback_debug = no
detect_8bit_encoding_header = yes
disable_dns_lookups = no
disable_mime_input_processing = no
disable_mime_output_conversion = no
disable_verp_bounces = no
disable_vrfy_command = yes
dont_remove = 0
double_bounce_sender = double-bounce
duplicate_filter_limit = 1000
empty_address_recipient = MAILER-DAEMON
empty_address_relayhost_maps_lookup_key = <>
enable_original_recipient = yes
enable_server_options = yes
error_notice_recipient = postmaster
error_service_name = error
execution_directory_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
expand_owner_alias = no
export_environment = TZ MAIL_CONFIG LANG
fallback_transport = 
fallback_transport_maps = 
fast_flush_domains = $relay_domains
fast_flush_purge_time = 7d
fast_flush_refresh_time = 12h
fault_injection_code = 0
flush_service_name = flush
fork_attempts = 5
fork_delay = 1s
forward_expansion_filter = 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ
forward_path = $home/.forward${recipient_delimiter}${extension}, $home/.forward
frozen_delivered_to = yes
hash_queue_depth = 1
hash_queue_names = deferred, defer
header_address_token_limit = 10240
header_checks = pcre:/etc/postfix/custom_header_checks
header_size_limit = 102400
helpful_warnings = yes
home_mailbox = 
hopcount_limit = 50
html_directory = /usr/share/doc/postfix/html
ignore_mx_lookup_error = no
import_environment = MAIL_CONFIG MAIL_DEBUG MAIL_LOGTAG TZ XAUTHORITY DISPLAY LANG=C
in_flow_delay = 1s
inet_interfaces = all
inet_protocols = ipv4
initial_destination_concurrency = 5
internal_mail_filter_classes = 
invalid_hostname_reject_code = 554
ipc_idle = 5s
ipc_timeout = 3600s
ipc_ttl = 1000s
line_length_limit = 2048
lmtp_bind_address = 
lmtp_bind_address6 = 
lmtp_body_checks = 
lmtp_cname_overrides_servername = no
lmtp_connect_timeout = 0s
lmtp_connection_cache_destinations = 
lmtp_connection_cache_on_demand = yes
lmtp_connection_cache_time_limit = 2s
lmtp_connection_reuse_time_limit = 300s
lmtp_data_done_timeout = 600s
lmtp_data_init_timeout = 120s
lmtp_data_xfer_timeout = 180s
lmtp_defer_if_no_mx_address_found = no
lmtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
lmtp_destination_concurrency_limit = $default_destination_concurrency_limit
lmtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
lmtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
lmtp_destination_rate_delay = $default_destination_rate_delay
lmtp_destination_recipient_limit = $default_destination_recipient_limit
lmtp_discard_lhlo_keyword_address_maps = 
lmtp_discard_lhlo_keywords = 
lmtp_enforce_tls = no
lmtp_generic_maps = 
lmtp_header_checks = 
lmtp_host_lookup = dns
lmtp_initial_destination_concurrency = $initial_destination_concurrency
lmtp_lhlo_name = $myhostname
lmtp_lhlo_timeout = 300s
lmtp_line_length_limit = 990
lmtp_mail_timeout = 300s
lmtp_mime_header_checks = 
lmtp_mx_address_limit = 5
lmtp_mx_session_limit = 2
lmtp_nested_header_checks = 
lmtp_pix_workaround_delay_time = 10s
lmtp_pix_workaround_maps = 
lmtp_pix_workaround_threshold_time = 500s
lmtp_pix_workarounds = disable_esmtp,delay_dotcrlf
lmtp_quit_timeout = 300s
lmtp_quote_rfc821_envelope = yes
lmtp_randomize_addresses = yes
lmtp_rcpt_timeout = 300s
lmtp_rset_timeout = 20s
lmtp_sasl_auth_cache_name = 
lmtp_sasl_auth_cache_time = 90d
lmtp_sasl_auth_enable = no
lmtp_sasl_auth_soft_bounce = yes
lmtp_sasl_mechanism_filter = 
lmtp_sasl_password_maps = 
lmtp_sasl_path = 
lmtp_sasl_security_options = noplaintext, noanonymous
lmtp_sasl_tls_security_options = $lmtp_sasl_security_options
lmtp_sasl_tls_verified_security_options = $lmtp_sasl_tls_security_options
lmtp_sasl_type = cyrus
lmtp_send_xforward_command = no
lmtp_sender_dependent_authentication = no
lmtp_skip_5xx_greeting = yes
lmtp_starttls_timeout = 300s
lmtp_tcp_port = 24
lmtp_tls_CAfile = 
lmtp_tls_CApath = 
lmtp_tls_cert_file = 
lmtp_tls_dcert_file = 
lmtp_tls_dkey_file = $lmtp_tls_dcert_file
lmtp_tls_enforce_peername = yes
lmtp_tls_exclude_ciphers = 
lmtp_tls_fingerprint_cert_match = 
lmtp_tls_fingerprint_digest = md5
lmtp_tls_key_file = $lmtp_tls_cert_file
lmtp_tls_loglevel = 0
lmtp_tls_mandatory_ciphers = medium
lmtp_tls_mandatory_exclude_ciphers = 
lmtp_tls_mandatory_protocols = SSLv3, TLSv1
lmtp_tls_note_starttls_offer = no
lmtp_tls_per_site = 
lmtp_tls_policy_maps = 
lmtp_tls_scert_verifydepth = 9
lmtp_tls_secure_cert_match = nexthop
lmtp_tls_security_level = 
lmtp_tls_session_cache_database = 
lmtp_tls_session_cache_timeout = 3600s
lmtp_tls_verify_cert_match = hostname
lmtp_use_tls = no
lmtp_xforward_timeout = 300s
local_command_shell = 
local_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
local_destination_concurrency_limit = 2
local_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
local_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
local_destination_rate_delay = $default_destination_rate_delay
local_destination_recipient_limit = 1
local_header_rewrite_clients = permit_inet_interfaces
local_initial_destination_concurrency = $initial_destination_concurrency
local_recipient_maps = proxy:unix:passwd.byname $alias_maps
local_transport = local:$myhostname
luser_relay = 
mail_name = Postfix
mail_owner = _postfix
mail_release_date = 20110707
mail_spool_directory = /var/mail
mail_version = 2.5.14
mailbox_command = 
mailbox_command_maps = 
mailbox_delivery_lock = flock, dotlock
mailbox_size_limit = 0
mailbox_transport = dovecot
mailbox_transport_maps = 
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maps_rbl_domains = 
maps_rbl_reject_code = 554
masquerade_classes = envelope_sender, header_sender, header_recipient
masquerade_domains = 
masquerade_exceptions = 
max_idle = 100s
max_use = 100
maximal_backoff_time = 4000s
maximal_queue_lifetime = 5d
message_reject_characters = 
message_size_limit = 31457280
message_strip_characters = 
milter_command_timeout = 30s
milter_connect_macros = j {daemon_name} v
milter_connect_timeout = 30s
milter_content_timeout = 300s
milter_data_macros = i
milter_default_action = tempfail
milter_end_of_data_macros = i
milter_end_of_header_macros = i
milter_helo_macros = {tls_version} {cipher} {cipher_bits} {cert_subject} {cert_issuer}
milter_macro_daemon_name = $myhostname
milter_macro_v = $mail_name $mail_version
milter_mail_macros = i {auth_type} {auth_authen} {auth_author} {mail_addr}
milter_protocol = 2
milter_rcpt_macros = i {rcpt_addr}
milter_unknown_command_macros = 
mime_boundary_length_limit = 2048
mime_header_checks = $header_checks
mime_nesting_limit = 100
minimal_backoff_time = 300s
multi_recipient_bounce_reject_code = 554
mydestination = $myhostname, localhost.$mydomain
mydomain = domain.com
mydomain_fallback = localhost
myhostname = server.domain.com
mynetworks = 127.0.0.0/8,123.123.0.0/16
mynetworks_style = subnet
myorigin = $myhostname
nested_header_checks = $header_checks
newaliases_path = /usr/bin/newaliases
non_fqdn_reject_code = 554
non_smtpd_milters = 
notify_classes = resource, software
owner_request_special = no
parent_domain_matches_subdomains = debug_peer_list,fast_flush_domains,mynetworks,permit_mx_backup_networks,qmqpd_authorized_clients,relay_domains,smtpd_access_maps
permit_mx_backup_networks = 
pickup_service_name = pickup
plaintext_reject_code = 450
prepend_delivered_header = command, file, forward
process_id_directory = pid
propagate_unmatched_extensions = canonical, virtual
proxy_interfaces = 
proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $sender_bcc_maps $recipient_bcc_maps $smtp_generic_maps $lmtp_generic_maps
proxy_write_maps = $smtp_sasl_auth_cache_name $lmtp_sasl_auth_cache_name
qmgr_clog_warn_time = 300s
qmgr_fudge_factor = 100
qmgr_message_active_limit = 20000
qmgr_message_recipient_limit = 20000
qmgr_message_recipient_minimum = 10
qmqpd_authorized_clients = 
qmqpd_client_port_logging = no
qmqpd_error_delay = 1s
qmqpd_timeout = 300s
queue_directory = /private/var/spool/postfix
queue_file_attribute_count_limit = 100
queue_minfree = 0
queue_run_delay = 300s
queue_service_name = qmgr
rbl_reply_maps = 
readme_directory = /usr/share/doc/postfix
receive_override_options = 
recipient_bcc_maps = 
recipient_canonical_classes = envelope_recipient, header_recipient
recipient_canonical_maps = 
recipient_delimiter = +
reject_code = 554
relay_clientcerts = 
relay_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
relay_destination_concurrency_limit = $default_destination_concurrency_limit
relay_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
relay_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
relay_destination_rate_delay = $default_destination_rate_delay
relay_destination_recipient_limit = $default_destination_recipient_limit
relay_domains = $mydestination
relay_domains_reject_code = 554
relay_initial_destination_concurrency = $initial_destination_concurrency
relay_recipient_maps = 
relay_transport = relay
relayhost = 
relocated_maps = 
remote_header_rewrite_domain = 
require_home_directory = no
resolve_dequoted_address = yes
resolve_null_domain = no
resolve_numeric_domain = no
rewrite_service_name = rewrite
sample_directory = /usr/share/doc/postfix/examples
send_cyrus_sasl_authzid = no
sender_bcc_maps = 
sender_canonical_classes = envelope_sender, header_sender
sender_canonical_maps = 
sender_dependent_relayhost_maps = 
sendmail_path = /usr/sbin/sendmail
service_throttle_time = 60s
setgid_group = _postdrop
show_user_unknown_table_name = yes
showq_service_name = showq
smtp_always_send_ehlo = yes
smtp_bind_address = 
smtp_bind_address6 = 
smtp_body_checks = 
smtp_cname_overrides_servername = no
smtp_connect_timeout = 30s
smtp_connection_cache_destinations = 
smtp_connection_cache_on_demand = yes
smtp_connection_cache_time_limit = 2s
smtp_connection_reuse_time_limit = 300s
smtp_data_done_timeout = 600s
smtp_data_init_timeout = 120s
smtp_data_xfer_timeout = 180s
smtp_defer_if_no_mx_address_found = no
smtp_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
smtp_destination_concurrency_limit = $default_destination_concurrency_limit
smtp_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
smtp_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
smtp_destination_rate_delay = $default_destination_rate_delay
smtp_destination_recipient_limit = $default_destination_recipient_limit
smtp_discard_ehlo_keyword_address_maps = 
smtp_discard_ehlo_keywords = 
smtp_enforce_tls = no
smtp_fallback_relay = $fallback_relay
smtp_generic_maps = 
smtp_header_checks = 
smtp_helo_name = $myhostname
smtp_helo_timeout = 300s
smtp_host_lookup = dns
smtp_initial_destination_concurrency = $initial_destination_concurrency
smtp_line_length_limit = 990
smtp_mail_timeout = 300s
smtp_mime_header_checks = 
smtp_mx_address_limit = 5
smtp_mx_session_limit = 2
smtp_nested_header_checks = 
smtp_never_send_ehlo = no
smtp_pix_workaround_delay_time = 10s
smtp_pix_workaround_maps = 
smtp_pix_workaround_threshold_time = 500s
smtp_pix_workarounds = disable_esmtp,delay_dotcrlf
smtp_quit_timeout = 300s
smtp_quote_rfc821_envelope = yes
smtp_randomize_addresses = yes
smtp_rcpt_timeout = 300s
smtp_rset_timeout = 20s
smtp_sasl_auth_cache_name = 
smtp_sasl_auth_cache_time = 90d
smtp_sasl_auth_enable = no
smtp_sasl_auth_soft_bounce = yes
smtp_sasl_mechanism_filter = 
smtp_sasl_password_maps = 
smtp_sasl_path = 
smtp_sasl_security_options = noplaintext, noanonymous
smtp_sasl_tls_security_options = $smtp_sasl_security_options
smtp_sasl_tls_verified_security_options = $smtp_sasl_tls_security_options
smtp_sasl_type = cyrus
smtp_send_xforward_command = no
smtp_sender_dependent_authentication = no
smtp_skip_5xx_greeting = yes
smtp_skip_quit_response = yes
smtp_starttls_timeout = 300s
smtp_tls_CAfile = 
smtp_tls_CApath = 
smtp_tls_cert_file = 
smtp_tls_dcert_file = 
smtp_tls_dkey_file = $smtp_tls_dcert_file
smtp_tls_enforce_peername = yes
smtp_tls_exclude_ciphers = 
smtp_tls_fingerprint_cert_match = 
smtp_tls_fingerprint_digest = md5
smtp_tls_key_file = $smtp_tls_cert_file
smtp_tls_loglevel = 0
smtp_tls_mandatory_ciphers = medium
smtp_tls_mandatory_exclude_ciphers = 
smtp_tls_mandatory_protocols = SSLv3, TLSv1
smtp_tls_note_starttls_offer = no
smtp_tls_per_site = 
smtp_tls_policy_maps = 
smtp_tls_scert_verifydepth = 9
smtp_tls_secure_cert_match = nexthop, dot-nexthop
smtp_tls_security_level = 
smtp_tls_session_cache_database = 
smtp_tls_session_cache_timeout = 3600s
smtp_tls_verify_cert_match = hostname
smtp_use_tls = no
smtp_xforward_timeout = 300s
smtpd_authorized_verp_clients = $authorized_verp_clients
smtpd_authorized_xclient_hosts = 
smtpd_authorized_xforward_hosts = 
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_connection_count_limit = 50
smtpd_client_connection_rate_limit = 20
smtpd_client_event_limit_exceptions = ${smtpd_client_connection_limit_exceptions:$mynetworks}
smtpd_client_message_rate_limit = 0
smtpd_client_new_tls_session_rate_limit = 0
smtpd_client_port_logging = no
smtpd_client_recipient_rate_limit = 0
smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_unauth_destination reject_rbl_client zen.spamhaus.org reject_rbl_client psbl.surriel.com reject_rbl_client multi.uribl.com reject_rbl_client dsn.rfc-ignorant.org reject_rbl_client dul.dnsbl.sorbs.net reject_rbl_client sbl-xbl.spamhaus.org reject_rbl_client bl.spamcop.net reject_rbl_client dnsbl.sorbs.net reject_rbl_client cbl.abuseat.org reject_rbl_client ix.dnsbl.manitu.net reject_rbl_client combined.rbl.msrbl.net reject_rbl_client rabl.nuclearelephant.com
smtpd_data_restrictions = 
smtpd_delay_open_until_valid_rcpt = yes
smtpd_delay_reject = yes
smtpd_discard_ehlo_keyword_address_maps = 
smtpd_discard_ehlo_keywords = 
smtpd_end_of_data_restrictions = 
smtpd_enforce_tls = no
smtpd_error_sleep_time = 10s
smtpd_etrn_restrictions = 
smtpd_expansion_filter = \t\40!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~
smtpd_forbidden_commands = CONNECT GET POST
smtpd_hard_error_limit = 5
smtpd_helo_required = yes
smtpd_helo_restrictions = permit_mynetworks reject_invalid_helo_hostname reject_non_fqdn_helo_hostname
smtpd_history_flush_threshold = 100
smtpd_junk_command_limit = 100
smtpd_milters = 
smtpd_noop_commands = 
smtpd_null_access_lookup_key = <>
smtpd_peername_lookup = yes
smtpd_policy_service_max_idle = 300s
smtpd_policy_service_max_ttl = 1000s
smtpd_policy_service_timeout = 100s
smtpd_proxy_ehlo = $myhostname
smtpd_proxy_filter = 
smtpd_proxy_timeout = 100s
smtpd_pw_server_security_options = cram-md5,plain,login
smtpd_recipient_limit = 3000
smtpd_recipient_overshoot_limit = 1000
smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_pipelining, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_sender_access hash:/etc/postfix/sender_access, check_policy_service unix:private/policy
smtpd_reject_unlisted_recipient = yes
smtpd_reject_unlisted_sender = no
smtpd_restriction_classes = 
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = no
smtpd_sasl_exceptions_networks = 
smtpd_sasl_local_domain = $mydomain
smtpd_sasl_path = smtpd
smtpd_sasl_security_options = noanonymous, noplaintext
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_type = cyrus
smtpd_sender_login_maps = 
smtpd_sender_restrictions = reject_unknown_sender_domain
smtpd_soft_error_limit = 3
smtpd_starttls_timeout = 300s
smtpd_timeout = 300s
smtpd_tls_CAfile = /etc/certificates/CA.chain.pem
smtpd_tls_CApath = 
smtpd_tls_always_issue_session_ids = yes
smtpd_tls_ask_ccert = no
smtpd_tls_auth_only = no
smtpd_tls_ccert_verifydepth = 9
smtpd_tls_cert_file = /etc/certificates/cert.cert.pem
smtpd_tls_dcert_file = 
smtpd_tls_dh1024_param_file = 
smtpd_tls_dh512_param_file = 
smtpd_tls_dkey_file = $smtpd_tls_dcert_file
smtpd_tls_exclude_ciphers = SSLv2, aNULL, ADH, eNULL
smtpd_tls_fingerprint_digest = md5
smtpd_tls_key_file = /etc/certificates/key.key.pem
smtpd_tls_loglevel = 0
smtpd_tls_mandatory_ciphers = medium
smtpd_tls_mandatory_exclude_ciphers = 
smtpd_tls_mandatory_protocols = SSLv3, TLSv1
smtpd_tls_received_header = no
smtpd_tls_req_ccert = no
smtpd_tls_security_level = 
smtpd_tls_session_cache_database = 
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_wrappermode = no
smtpd_use_pw_server = yes
smtpd_use_tls = no
soft_bounce = no
stale_lock_time = 500s
stress = 
strict_7bit_headers = no
strict_8bitmime = no
strict_8bitmime_body = no
strict_mailbox_ownership = yes
strict_mime_encoding_domain = no
strict_rfc821_envelopes = no
sun_mailtool_compatibility = no
swap_bangpath = yes
syslog_facility = mail
syslog_name = postfix
tls_append_default_CA = no
tls_daemon_random_bytes = 32
tls_export_cipherlist = ALL:+RC4:@STRENGTH
tls_high_cipherlist = ALL:!EXPORT:!LOW:!MEDIUM:+RC4:@STRENGTH
tls_low_cipherlist = ALL:!EXPORT:+RC4:@STRENGTH
tls_medium_cipherlist = ALL:!EXPORT:!LOW:+RC4:@STRENGTH
tls_null_cipherlist = eNULL:!aNULL
tls_random_bytes = 32
tls_random_exchange_name = ${data_directory}/prng_exch
tls_random_prng_update_period = 3600s
tls_random_reseed_period = 3600s
tls_random_source = dev:/dev/urandom
trace_service_name = trace
transport_maps = 
transport_retry_time = 60s
trigger_timeout = 10s
undisclosed_recipients_header = To: undisclosed-recipients:;
unknown_address_reject_code = 554
unknown_client_reject_code = 554
unknown_hostname_reject_code = 554
unknown_local_recipient_reject_code = 554
unknown_relay_recipient_reject_code = 554
unknown_virtual_alias_reject_code = 554
unknown_virtual_mailbox_reject_code = 554
unverified_recipient_reject_code = 554
unverified_sender_reject_code = 554
use_getpwnam_ext = yes
use_od_delivery_path = no
verp_delimiter_filter = -=+
virtual_alias_domains = $virtual_alias_maps
virtual_alias_expansion_limit = 1000
virtual_alias_maps = 
virtual_alias_recursion_limit = 1000
virtual_destination_concurrency_failed_cohort_limit = $default_destination_concurrency_failed_cohort_limit
virtual_destination_concurrency_limit = $default_destination_concurrency_limit
virtual_destination_concurrency_negative_feedback = $default_destination_concurrency_negative_feedback
virtual_destination_concurrency_positive_feedback = $default_destination_concurrency_positive_feedback
virtual_destination_rate_delay = $default_destination_rate_delay
virtual_destination_recipient_limit = $default_destination_recipient_limit
virtual_gid_maps = 
virtual_initial_destination_concurrency = $initial_destination_concurrency
virtual_mailbox_base = 
virtual_mailbox_domains = $virtual_mailbox_maps
virtual_mailbox_limit = 51200000
virtual_mailbox_lock = fcntl, dotlock
virtual_mailbox_maps = 
virtual_minimum_uid = 100
virtual_transport = virtual
virtual_uid_maps = 

我有一个 apache 2.4 服务器，它使用 proxypass 将一个域的 SSL 连接转发到同一本地网络上的 OSX 服务器 5.1.5。我在 apache 服务器上生成了我的 CSR，它似乎可以工作，但在使用设备注册时会引发网络错误，抱怨 SSL 配置无效，我可以单击注册并下载配置文件，但随后我得到

配置文件配置失败 - 网络错误

以下是我的虚拟主机配置。

<VirtualHost *:443>
        ServerName mydomain.xyz

        SSLEngine On
        SSLProxyEngine On
        ProxyRequests Off
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerExpire off
        SSLProxyCheckPeerName off
        SSLInsecureRenegotiation on
        SSLProxyVerify none
        SSLVerifyClient none
        SSLCertificateFile /etc/ssl/mydomain_xyz.crt
        SSLCertificateKeyFile /etc/ssl/mydomain_xyz.key

        ProxyPass / https://10.0.1.36/
        ProxyPassReverse / https://10.0.1.36/

        ProxyPreserveHost on

        <Location "/">
                Require all granted
        </Location>
</VirtualHost>

在浏览器中访问域时，我没有看到任何错误。

我的配置是否有任何可能的错误？

第二台服务器具有自签名证书，因为它不直接处理任何外部连接，仅通过 apache 服务器上的 proxypass。

这是使用 proxypass 设置 SSL 的正确方法，还是应该使用其 CSR 为第二台服务器创建 SSL 证书？

我试图保留使用 POP 而不是 IMAP 访问我们的 OSX 10.6.8 邮件服务器的用户的运行记录。

Server Admin 应用程序在“连接”选项卡下提供邮件连接的运行列表。这包括用户名、始发 IP 地址、连接长度、类型（IMAP / POP）和总连接数。但是，该应用程序似乎不支持记录这些连接，并且 mail.log 仅显示消息事务，而不显示客户端登录（并且设置中没有明确的选项来跟踪此数据）。

是否有人熟悉在服务器端跟踪 POP 连接的简单方法？我想建立这些用户的列表，以便他们可以迁移到 IMAP，但到目前为止还没有直观地监视“连接”窗口，似乎没有明显的方法可以做到这一点。

我有几台客户端机器出现在网络中（不仅在 Server.app 中，而且在各种日志中），它们有我不认识的“计算机名称”（Apple 中的 Bonjour 名称），但可能是旧的客户或更可能是活跃客户的旧名称。我还无法将 MAC 地址与日志中的较新计算机名称或主机名等进行匹配，而且我没有太多历史数据可以使用，例如网络上以前已确认的客户端。

更奇怪的是，相同的客户端出现在一些 Cisco 交换机的日志中，并且并不总是在建筑物的同一楼层，这很奇怪，因为制造商查找的 MAC 可能是 iMac。我相当一致地看到其中的 2-4 个，在一个我们有大约 100 台类似 iMac 的网络中，这些 iMac 都将以类似的方式进行成像，但没有这些缓存数据，或者其他任何东西。

它通过关闭 dhcp（在这种情况下通过使用 Server.app 中的 GUI）暂时清除 dhcp 列表中的名称，然后删除或编辑/var/db/dhcpd_leases，然后重新打开服务，但几分钟后它们再次出现。我怎样才能删除它们？...或者我应该有其他网络和/或安全问题？

任何关于如何在命令行上在 Darwin/OSX 中管理 DHCP 的更通用的提示也会有所帮助。Server.app 中的整个 DHCP 设置对我来说似乎有问题/滞后。

这个问题是关于在 10.10 和 10.11 上运行客户端的 OSX Server 5.0 而非 OSX 10.11 的服务器。

最近刚刚将 OS X Server 添加到我的工作 Mac Pro 中，并找到了 NetInstall 工具套件……我喜欢它！

但是在为引导/安装/恢复设置 El Capitan 之后......我想要更多：是否可以创建 Mac 支持的 Windows 或 Linux 的 NetBoot/NetInstall/NetRestore 映像？IE Windows 10、Windows 7、Debian、Ubuntu 等。我有 El Capitan 和 Yosemite 安装程序，但它只检测 El Capitan for System Image Utility。

为我们的 Mac 用户提供无需重新分区即可启动到 Windows 的选项，以及促进 Windows 和/或 Linux 的 Boot Camp 安装（对于我们的程序员），这将是很棒的

我有一个过去两年左右一直在使用的 OS X 服务器。

在此期间，它已经升级和修复了很多次，它产生了一些证书问题，现在变成了坏疽。

我想通过 Workgroup Manager 或其他方式转移 OD 中的网络用户，如果可能的话，甚至可能保留他们的密码。我无法存档 OD 并恢复它，因为我还更改了服务器的主机名和 ip。

是否有捷径可寻？