How to reset Profile Manager data
OS X Server 10.8 (Mountain Lion)
To reset the Profile Manager data stored in postgres:
sudo /Applications/Server.app/Contents/ServerRoot/usr/share/devicemgr/backend/wipeDB.sh
From the list below choose one of our FAQs topics, then select a FAQ to read. If you have a question which is not in this section, please contact us .
Which TCP ports should be open/mapped for a mail server?
/in OS X Server Mail Services/by Jeff JohnsonThis FAQ is geared towards new administrators looking for guidance on a proper mail server setup.
As a best practice, your mail server should require SSL encryption for IMAP, POP and Webmail. SMTP should have SSL enabled, but not required.
A typical OS X Server mail server for a small business would have these ports open.
- IMAP: 993
- POP: 995 (if used)
- Incoming SMTP: 25
- SMTP/TLS Submission: 587
- SMTP/SSL Submission: 465 (mainly for compatibility with older Outlook versions)
- ScreenSharing: 5900 (if used)
- Webmail: 80
- Webmail/SSL: 443
Other ports, like imap/143 pop/110, ssh/22, etc should not be opened unless required.
One size does not fit all. You may need to adjust to your needs.
Why does SMTP fail for some users: Helo command rejected
/in OS X Server Mail Services/by Jeff Johnson By default, OS X Servers expect a fully qualified domain name (FQDN) as a greeting (helo) for all SMTP connections.
The server expects:
helo mail.mydomain.com
Many apps (Outlook and some phones) don’t send a FQDN and instead send something like:
helo computer1
The server will reject this connection, and you will see this in your server’s mail.log:
Helo command rejected: need fully-qualified hostname
To resolve the issue
OS X Server 10.8
Check your current helo restrictions with:
sudo postconf -c /Library/Server/Mail/Config/postfix/ smtpd_helo_restrictions
Your results will likely be:
smtpd_helo_restrictions = reject_non_fqdn_helo_hostname reject_invalid_helo_hostname
We’d like to allow local-lan and smtp-authenticated users to bypass the restriction, so we allow their access before the reject lines.
Issue this to fix:
postconf -c /Library/Server/Mail/Config/postfix/ -e "smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname"
Then activate the change with:
sudo postfix reload
OS X Server 10.5 – 10.7
Check your current helo restrictions with:
sudo postconf smtpd_helo_restrictions
Look at your results.. You’ll probably want to keep the same restrictions but add permit_mynetworks and permis_sasl_authenticated before the reject lines.
If you had only these restrictions “reject_non_fqdn_helo_hostname reject_invalid_helo_hostname”, then you would issue:
postconf -e "smtpd_helo_restrictions = permit_mynetworks permit_sasl_authenticated reject_non_fqdn_helo_hostname reject_invalid_helo_hostname"
Then activate the change with:
sudo postfix reload
What does this warning mean: not owned by _postfix: /Library/Server/Mail/Data/mta/./guid_device_maps.plist
/1 Comment/in OS X Server Mail Services/by Jeff JohnsonOn a 10.8 Server, if you are seeing: [code]warning: not owned by _postfix: /Library/Server/Mail/Data/mta/./guid_device_maps.plist[/code]
You can safely ignore this error. It’s informational and does not suggest a problem.
The file is not created by Postfix, but by OS X Server, thus the permissions collide and Postfix is not able to fix the permissions.
How to flush local dns cache
/in General and Support/by Jeff Johnson10.7 – 10.8
sudo killall -HUP mDNSResponder
10.5 – 10.6
sudo dscacheutil -flushcache
10.4
lookupd -flushcache
Disclaimer
The author(s) claim(s) no responsibility for any damage that may occur from the use of any information found here or found on links followed from this page. The author(s) will take credit for the good stuff though. All items and/or companies mentioned on this and other pages are trademarks, registered trademarks, or service marks of the respective companies.