Mac OSX Sending illegal SMTP data

In a discussion with the user of this mac, they informed me that the former IT guy could not get the user into email properly. He stated that he was able to get email to send, but could not receive. Things were beginning to make more sense.

Quick research resulted in a partially helpful website at http://technosailor.com/2006/10/25/how-to-configure-your-mac-to-send-mail-regardless-of-where-you-are/ which offered instruction on how to set up your Mac to act as an SMTP server. A tool called Postfix.

I finally found the shell in Mac OSX. Aparently it's called "Terminal" and was found in Applications > Utilities.

From there some of my old Linux training came back to me and I was able to traverse the directory structures and run vi to edit files. I was able to browse the postfix configuration files found in/etc/hostconfig.

Now the problem is clear to me. It's not a virus, but a foolish admin who set up postfix rather than just configuring email to access the exchange server. (Right. Doesn't make sense to me either.) Postfix, being the good application it was, was happily routing emails for unauthenticated connections. A botnet managed to find this machine, and began to happily spam away. The statements above about there being a malformed virus have resulted as nothing more than a false-positive.

To stop postfix from running, I ran "sudo /bin/launchctl unload -w /System/Library/LaunchDaemons/org.postfix.master.plist" (minus the quotes, of course.) Though I understood this, the main clue came from http://osx.topicdesk.com/content/view/69/45/

It's worth mentioning that this system was not running cyrus, so I did not have to run the second command.

No points awarded, as I've figured this out. Hopefully the post may aid others in similar situations when/if they arise.

Yes, indeed this was a mac. Upon disconnecting the mac from the network, the traffic stopped. However this is explained in my notes above.

Try the links here: http://search.atomz.com/search/?sp_a=sp1002f5bb&sp_q=certificate&sp_p=all&sp_f=ISO-8859-1

re installing certificates on Macs.

Thanks strung, but I don't know how that search holds relevance to my questions.

What steps can I take to troubleshoot this?
What methods or tools exist that I am simply ignorant to
What is the IT standard for diagnosing Macs?

I wasn't asking how to fix postfix or cyrix. I did not have any certificate troubles with configuring entourage, as we have signed certificates from a well-known root ca. I think the former admin just did not know how to set up mail on a mac.

(tongue in cheek I was told later by a director that the former admin was deathly afraid of macs. Go figure.)

Again, anyone in my position that was ignorant to supporting mac os x, the answer was Terminal. Terminal opens the Unix shell to which you can use 'common' unix commands. (if you weren't aware, Mac OSX is based on a breed of Unix commonly called Darwin Unix.)

if you don't know any unix and need help, you're in luck. There's a stong online community and plenty of help pages out there. I might suggest starting at the source. http://manuals.info.apple.com/en_US/Command_Line_Admin_v10.5.pdf is a command line manual for using Mac OS X 10.5. They direct this at OS X Server, however don't let that cause you to loose focus. OS X 10.5 server and 10.5 workstation are all built on the same basic technology, and so the greater majority of the commands cited in this manual will work on Leopard.



Other sites that may be helpful:

A brief note about getting help on commands: http://docs.info.apple.com/article.html?path=Mac/10.5/en/8791.html

Common Commands used for troubleshooting unix: http://publib.boulder.ibm.com/infocenter/db2luw/v8/index.jsp?topic=/com.ibm.db2.udb.doc/admin/r0008948.htm

Tips for troubleshooting Unix: http://www.december.com/unix/tutor/trouble.html

Sorry, that response was posted to the wrong thread.

To answer your questions, the Activity Monitor App (found in \applications\utilities ) and a third party shareware app called Little Snitch http://www.obdev.at/products/littlesnitch/index.html would probably have tracked this problem down.

Sorry, I didn't recommend those at the time. As there are no Mac viruses, my knee-jerk reaction was that it was not likely the Mac causing the problem. It never occurred to me that someone might have installed an SMTP server on it.

Strung,

I am a big proponent for credit-when-due; I'm also a big proponent of industry standards.
Sadly, the industry standard for mac  support seems to widely be accepted as "Call apple for support." as I discovered while talking to a few self-proclaimed mac experts.

Right.

I've since familiarized myself better with the utilities that are here for my use. The activity monitor was surprisingly informative. I honestly expected less from the application.

For that direction, I'm prepared to change my closure request and issue half points... however I would like to bait you into this a bit more to award you full credit.

Are there any other Industry Standard tools you can think of that may in the future assist me in working on Mac OS X?

By industry standard, I refer to something established by authority, custom, or general consent as a model or example. Your historical experience in this environment will certainly speak volumes to me over the 'call apple' standards I've been suggested recently.

Regards,
-TLP Admin

Forgot Stuffit Expander:  http://www.stuffit-expander.com/stuffit-expander.html?mv1=aUS031&gclid=CMf7n5vCnZUCFQEGQQodETVSjQ which will expand just about any archive file known to man and is free.

Onyx:   http://www.titanium.free.fr/pgs/english.html  is a multipurpose tool to clean caches and run maintenance scripts.

The free Windows Remote Desktop for Mac:  http://www.microsoft.com/mac/products/remote-desktop/default.mspx allows Macs to control WinXP Pro computers remotely.

Disk Utility will also partition drive, by the way and repair access permissions.

Tech support resources:

http://www.ifelix.co.uk/tech/index.html

http://www.thexlab.com/faqs/faqs.html

http://www.macfixit.com

http://discussions.apple.com/index.jspa

http://support.apple.com/manuals

http://support.apple.com/specs/

http://www.apple.com/support/

Mac Tutorials (below the grey bar halfway down the page and in the right hand side bar): http://www.apple.com/mac/

Little known trick. On your Mac go to:  http://localhost:631/printers/

Neo Office - free Open Source competitor for MS Office, will even open old WordPerfect files and convert them to MS Word format.

http://www.neooffice.org/neojava/en/index.php

Sorry you asked?  :)

One more thing, (as Steve Jobs is famous for saying)... One of the most useful Mac repair tools for which I don't think there is a Windows equivalent is Target Disk Mode. If you have a Mac that won't boot, you can connect it to a second Mac using a Firewire cable. Booting the broken Mac while holding down the T key will boot it into Target Disk Mode which will cause its hard drive to mount as an extra volume on the good Mac. You can then run all your diagnostics from the good Mac, recover files, re-initialize the hard drive, or do whatever else you want.

What can I say? You've a grand library of tribal mac knowledge; even if you don't consider it as such. Best regards and +respect. Thanks a lot for your guidance.

Strung,

Sorry? Nonsense! I never regret learning, even if it's a painful process ;D

Some of these tools are really cool... its a shame I don't have a mac at my disposal. The more I tinker with these, the more I like them. (which says a lot from an old Windows/Linux admin. We tend to get stuck in our old habits.)

Points awarded as they've been well-earned. This will certainly aid me in future troubleshooting and working with the small handful of macs we have here.