A client has asked that mail through his Zimbra MTA only be allowed from or to valid domains within their organization. This is particularly applicable to Zimbra as Zimbra will only archive mail if it’s from or to a domain for which it is authoritative. The idea is to archive all mail through their Zimbra environment.. If it is not one of their domains, refuse it.

If this were my organization it would look like this:
mail from user@morganjones.org to any domain would work
mail from user@1038east.com to any domain would work
mail from any domain to user@morganjones.org would work
mail from any domain to user@1038east.com would work
of course mail from and to user@morganjones.org or 1038east.com will work
all other mail will be considered relaying.

One thing we did not do that I might want to do is force authentication. The problem with this configuration is it does open up to spamming as it only validates from or to domain.

This is really a discussion about Postfix configuration but I did the work in Zimbra so I might as well add the additional steps to configure it in Zimbra.. These instructions will be applicable to straight Postfix or Zimbra.

You’ll want to do all the work as the zimbra user:
Run the zmprov command for each of your mtas.

# su - zimbra

$ zmprov ms mta01.morganjones.org zimbraMtaMyNetworks 127.0.0.0/8

$ vi /opt/zimbra/postfix/conf/main.cf
smtpd_sasl_auth_enable = no
# if you want enable sending to domains for which your environment is not authoritative
#   this is also handy for testing in your dev environment that is only authoritative for a dev domain
relay_domains = 1038east.com, morganjones.org

You also want to modify smtpd_recipient_restrictions but in Zimbra you must modify that with in the zimbra configuration:

$ vi /opt/zimbra/conf/postfix_recipient_restrictions.cf
# remove permit_sasl_authenticated
check_sender_access hash:/opt/zimbra/postfix/conf/access

$ vi /opt/zimbra/postfix/conf/access
1038eaast.com OK
morganjones.org OK

$ zmmtactl reload

You might want to check that /opt/zimbra/postfix/conf/main.cf now contains this:

smtpd_recipient_restrictions = reject_non_fqdn_recipient, check_sender_access hash:/opt/zimb
ra/postfix/conf/access, permit_mynetworks, reject_unauth_destination, reject_unlisted_recipi
ent, reject_invalid_hostname, reject_non_fqdn_sender, permit

You should now be set.

It’s worth mentioning: check_sender_access will only check and allow the sender domain. if you don’t set relay_domains the recipient domain is allowed because your environment is the final destination for that/those domain(s). As noted above you can set relay_domains above if you want to allow relaying to domains for which this environment is not the final destination.

B shook me out of half sleep this morning to Paul Boni on the radio talking about Foxwoods and the casino issue. She’s new to the issue but knows Paul because he’s a friend. I arrived at work to a “Foxwoods says it will consider a new site” on the front page of the Metro.

The media is going crazy:
Metro
Daily News “[resiting is a] responsible idea”
Channel 3 (Note is use of “not a done deal”)
Inquirer “..intractable state and local opposition”
Philebrity
Phillynews blogs
Al Dia (translated)

How far we’ve come. Politicians are almost unanimously talking about resiting. One operator is talking about resiting. There is no doubt now that the neighborhoods don’t want it.

Sugarhouse, the casino in the North and the most vocal of the two in its determination to stay on its site isn’t likely to meet with law makers until after Labor Day.

It’s not over by a long shot. The naysayers are just dying to point out how hard resiting could be. Discussions of an open and transparent process at the press conference apparently killed the mood.. Resiting is going to be hard.

Not resiting is going to be worse: for us and for them. The opposition is not going anywhere, we live here.

Really it’s simple: re-site now and construction will begin. Stick to the sites and neighborhood opposition will remain. Act 71, the law that brought us gaming, allows for the operators to ask for new sites. The door is now open: law makers are willing to talk about new sites. There’s no time like the present: either the operators move willingly or we keep pushing until they’re forced to move.

I spent most of last week in Starkville, MS. I decided to practice sweet tea immersion while I was there: partially because ordering unsweet tea kills conversation and makes the locals suspicious..

I think I’ve figured out the sweet tea appeal: consistent high sugar content. “Yup, one and a half cups per gallon!” the kid behind the counter at Obys remarked at lunch today as I explained this to a friend who is also a local there.

That’s all there is to it: the South has collaborated and they all make it the same way: boil the water, add tea bags, While it’s still hot stir in 1 1/2 cups of sugar per gallon. Done. Try to get thousands of restaurants to do anything else consistently: the entire South banded together together and agreed on one drink.

I made it to but didn’t talk about Mugshots on my last trip: it’s considered the best burger in town and it seems to live up to its promise: the burger was huge and very good.

I also ate at Polliwogs this time. The exterior belies the general dive-bar character of the place. The food was passable but almost completely lacking in local flavor. I ordered the only thing on the menu that I couldn’t get at a dive bar in Philadelphia, the craw-fish sandwich and they were out of crawfish. I looked in vain for catfish, my second favorite MS specialty and ended up with a turkey, bacon and cheese sandwich. It was a fair sandwich, just like you would get in any other dive bar..

A final note: can someone explain to me why Delta both refuses to hold a flight and seems to be unable to get me through Atlanta on time? I booked through Delta, my (delayed) flight from Mississippi landed at 9:30, my (delayed) flight to Philadelphia left at 9:50.. Despite sprinting, catching the train as the doors where closing and arriving at the gate at 9:48 the woman at the gate almost seemed pleased that I missed my flight. Seriously? So much for Southern hospitality: you’re on Delta in the Atlanta airport. I generally fly through Dallas on American: Texas has its issues but at least the Dallas Fort Worth airport is able to get me home.

Mugshots
662-324-3965
101 N. Douglas Conner Street
Starkville, MS 39759

Polliwogs
662-323-4274
511 Academy Road
Starkville, MS 39759

August 7, 2008

Dear Editor:

Re: “Letters: AN EXPERT TELLS HOW HE RATED CASINO SITES Daily News Letters 8/4/08 (archived)

What Mr. Furhman fails to mention both in his letter and his “expert” analysis of the casino sites is the thousands of homes and families in the vicinity of the sites he so glibly rates a number from 5 to 10.

I am not and have never been in real estate but I have been living in the area that will be impacted by the potential Sugarhouse development for nearly 10 years. I have been opposed to and working to re-site Sugarhouse from the day the license was awarding.

It would seem that Mr. Furhman evaluates sites like someone who has never lived in a neighborhood effected by a massive development or talked to anyone that has lived in such a neighborhood. His criteria are strictly functional: size of the plot, cost to develop and access to public transit and convention visitors.

What about the neighbors that have made their lives and their homes there? Are they to just pick up and leave because real estate experts deem the vicinity of their homes “convenient to conventioneers?”

The argument goes double for the Spectrum site by the way: have you ever talked to anyone in proximity to the Spectrum or the stadiums? It’s a constant fight to manage traffic and spill-over from events. Add to that a 3+ million square foot facility with multiple 24 liquor licenses and 3000 slot machines? Are you kidding?

I would respectfully suggest that Mr. Fuhrman’s letter be considered what it is: an incomplete analysis that doesn’t consider perhaps the most important issue in the Philadelphia Casino issue: the neighborhoods and way of life that will be forever damaged if a casino is built on the central Delaware waterfront.

Morgan Jones
Fishtown

Every time I travel to Oklahoma I am asked “are you going out to the midwest?” I generally correct the speaker but could never really put my finger on how to categorize it. It’s not the midwest: the accents have a twang that hints at southern. It’s not the South: no sweet tea. It’s not the West: they’re not earthy enough.

I was writing an old friend this week when it dawned on me: Oklahoma is prairie meets southern hospitality with no sweet tea and less soul food.

If you have been to the South proper (Mississippi, Tennessee, rural Georgia) you know they both love their sweet tea and distrust those that don’t drink it.. or worse those that suggest (as I do) that it’s as simple as simply adding sugar to warm tea.. which it is but I digress. This doesn’t happen in Oklahoma. They do however serve unsweet tea absolutely everywhere in Oklahoma.

You won’t get comfort food in Oklahoma but you do get an excess of beef. Oklahoma City is the home of the “World’s Largest Stockyards.” And they do love their beef. We’re talking about restaurants that serve chicken so there’s an option for vegetarians.

Oklahoma also has some intense open spaces. For instalnce turnpike exits where the closest towns are 25 miles in either direction and the next exit is 30+ miles. This is fine until you find yourself there at 7:30 in the morning on a motorcycle and realize your fuel light is on. The woman at the toll booth was at least very nice.

Multi-node Zimbra installs sometimes fail in mysterious ways.. We recently resolved what turned out to be a network problem but it was causing our Zimbra install to fail with what I originally suspected was an LDAP problem. I think the troubleshooting process may prove useful. This is Zimbra 5.0.4:

If a store doesn’t appear to be communicating with its ldap master, here’s how a I debugged it

On the ldap master:

# vi /etc/syslog.conf
    local4.debug          -/var/log/zimbra.log
# /sbin/service syslog reload
Reloading syslogd...                                       [  OK  ]
Reloading klogd...                                         [  OK  ]
# su - zimbra
$ zmlocalconfig -e ldap_log_level=800
$ zmcontrol stop && zmcontrol start

Now tail -f /var/log/zimbra.log for slapd logging

Now from the store:

yum install openldap-clients (RHEL5) or
up2date openldap-clients (RHEL4) if ldapsearch isn’t installed

$ ldapsearch -h zldap.morganjones.internal -W -x -LL -D cn=config
-b cn=zimbra objectclass=*
Enter LDAP Password:
version: 1 

dn: cn=zimbra
objectClass: organizationalRole
description: Zimbra Systems Application Data
cn: zimbra 

dn: cn=admins,cn=zimbra
objectClass: organizationalRole
description: admin accounts
cn: admins 

...

dn: cn=com_zimbra_convertd,cn=zimlets,cn=zimbra
zimbraZimletDescription: Convertd Extension for Admin UI
zimbraZimletVersion: 1.0
objectClass: zimbraZimletEntry
zimbraZimletIndexingEnabled: TRUE
zimbraZimletKeyword: com_zimbra_convertd
cn: com_zimbra_convertd
zimbraZimletIsExtension: TRUE
zimbraZimletPriority: 12
zimbraZimletEnabled: TRUE
$

side note: Zimbra users TLS for connections before stores and ldap servers. ‘-LL’ forces ldapsearch to use TLS, -x turns off ldaps.

Here’s the background that started me down this path:

Install ldap master with at least zimbra-ldap

Install a store, answer ‘n’ to zimbra-ldap and ‘y’ to zimbra-store. At the Main menu choose ‘1′ for Common Configuration.

Set Ldap master host and Ldap Admin password and when I typed ‘r’ it hung just like this:

Common configuration

   1) Hostname:                                store01.morganjones.internal
   2) Ldap master host:                      zldap.morganjones.internal
   3) Ldap port:                                389
   4) Ldap Admin password:                 set
   5) LDAP Base DN:                           cn=zimbra
   6) Require secure interprocess communications: yes
   7) TimeZone:
             (GMT-05.00) Easten Time (US & Canada)

Select, or 'r' for previous menu [r] r

A quick look at /tmp/zmsetup* revealed:

Couldn't bind to zldap.morganjones.internal as uid=zimbra,cn=admins,cn=zimbra
Checking ldap on zldap.morganjones.internal:389
Unable to startTLS: Resource temporarily unavailable
Couldn't bind to zldap.morganjones.internal as uid=zimbra,cn=admins,cn=zimbra
checking isEnabled zimbra-store

Aha.. an LDAP connectivity problem.

The third of four city council hearings on whether to award Foxwoods casino their CED (commercial entertainment district) zoning took place on Friday. The hearing may be moot in light of this week’s supreme court ruling but council choose to hold the hearing and Mayor Nutter spoke strongly on the matter.

Nutter said: “It is clear that the proposed Foxwoods site is the wrong site for Philadelphia and the Commonwealth of Pennsylvania.” He said it is the responsibility of Council and the Mayor to “…represent our constituents and run the city of Philadelphia in a forthright, open and transparent fashion.” He spoke of the potentially enormous impact casinos may have on Philadelphia, he thanked council for holding the hearings.

“If. If. If we are to have gaming in Philadelphia there is a way to do it, there is a way right that works for the citizens of this city, that works for the citizens of the Commonwealth of Pennsylvania.”

He spoke firmly about the increased infrastructure costs, particularly police, that the casinos will levy upon the city. He said these costs were not considered in the budget, the five year and the city should not have to pay for them.

He ended with: “…We have an obligation to the citizens of this city and residents of the Commonwealth of Pennsylvania that if there is to be casino gaming in Philadelphia that it is done properly, it is done respectfully, it is done thoughtfully, and that it uses the best land use planning principles and we not allow ourselves to be lulled by the various interests who have their interests and not our interests at heart.”

This is strong stuff. So far Nutter has not spoken without purpose. He clearly chooses his words carefully. He twice referred to casinos as ‘if:’ likely not a mistake or oversight on his part. He speaks clearly and deliberately without hesitation or second thought. This is why we elected him, this is the stuff that changes cities.

Update, 4/26/08: I am not sure I can give credit but this is posted publicly:

Every time I write a perl script I have to pause to remember how Perl handles true and false. It seems Nathan Torkington answered the question years ago in this article from the Perl Journal. Truth is relatively simple when put in his terms:

- only scalars can be true/false (ie no lists)
- undef is false
- “” is false
- 0 is false
- 0.0 is false
- “0″ is false
- all else is true

This means negative numbers are true.

January 31, 2007

Dear Editor:

Re: “Rendell calls Council gutless over casinos”

Rendell is kowtowing to casino interests and ignoring the very neighborhoods he had a hand in rejuvenating. Rendell needs to understand that City Council is listening to its constituency. The people are not against jobs or development: they are fighting for the future of their neighborhoods.

City Council has the courage to listen to its constituency and stand up to a Governor who ignores the facts. Public officials listening to their constituency as Council is doing is not extortion, it’s their job, it’s why we elected them and we applaud them for it.

Make no mistake: most of us opposed to the locations of these facilities are not against gaming or job creation for the city. We simply don’t want to see our neighborhoods destroyed. If these are moved out of neighborhoods the opposition will largely disappear and Rendell and the casinos will get their chance to attempt to create jobs and tax relief.

The casino operators can start building right away by simply choosing sites outside of neighborhoods. The law allows it the best of my knowledge and City Council would likely support it.

If Rendell wants gaming in Philadelphia the solution is very simple: he can join Senator Fumo, City Council and much of the Philadelphia Delegation and move theses facilities to sites where they are not opposed. It is not enough that he asked the developers to move, he needs to take the initiative and make it happen. The neighborhoods don’t want them–how can we make that any more clear?

Make no mistake, the opposition to these casinos is significant and we will not let up. We have fought these locations for well over a year and we will continue to fight them until they are moved. If they are built where they are proposed we will work to shut them down.

Morgan Jones
Fishtown Resident

December 3, 2007

Dear Editor:

Re: “The ‘New Vince’ tastes suspiciously refreshing”, Daily News 10/3

John Baer is right to point out the sudden 180-degree turn that Vince Fumo has done on casinos, but is the ‘New Vince’ ready to really step and do something to sway the skeptical voters who know and are warming up to Anne Dicker?

To my untrained eye it looks like Fumo is nervous. The neighborhoods are still vocally against casinos, Fumo is facing what appears to be a strong indictment and Dicker, a strong advocate with a record of standing up for neighborhoods and opposing casinos, is on the hunt.

The fact is Fumo is the self identified author of the law that brought gambling to Pennsylvania. Fumo did nothing when this law was used to to strip Philadelphians of their right to vote on whether to keep casinos away from neighborhoods. Fumo did nothing when Fourteen of us traveled to Harrisburg and got arrested asking the Gaming Control board to open up their records last winter. Fumo was not there to support the Philly Ballot Box initiative this spring. When casino opponents held their own “citizen’s referendum” on a buffer zone between casinos and homes, Michael Nutter, Tom Knox, Chaka Fattah, Bob Brady, Mike O’Brien and most of our city’s political leaders supported the effort and voted in the referendum, but Fumo did nothing.

Many of us have given up more than a year of our lives to fight casino development in our neighborhoods. We want to believe Fumo is really in this to the end but he’s going to have to actually move these casinos before election day if he wants my vote and my neighbors’ votes. I want to trust and support him but the old Vince is too fresh on my mind to allow anything short of action to sway me.

We will fight casino development in our neighborhoods until they are moved. If they are built we will shut them down. Period. If Vince Fumo wants our support he is going to have to move the casinos before the election, it’s just too easy for him to be our ally until the election is over.

Morgan Jones
Fishtown Resident
FAST (Fishtown Against Sugarhouse Takeover)