The Open Office Dilemma – Collaboration vs Working Side by Side

During the last 20 years, I worked in quite some companies, studied at universities, was self employed, worked full time remote and travelled a lot to customers. Currently, I do work in an environment where open office is a maxim and fully supported as this environment should encourage collaboration.

The Project Setup

I worked some days from home office but traveled most of the time to the customer. I slept in hotels a lot. When I was in a city where we had an office, usually Friday was “office day” where our team was not at the customer’s site.

We did have shared desks at the office, everybody had an pedestal and took the next free desk.  That was ok. We used the office day a lot to chitchat and to build up relationships with co-workers. We prepared for the week after, installed software, talked to to IT-support, went to lunch. Sometimes during the week we went to the office late so finish something we could not accomplish at the customers site. We stayed there late and had fun. When in the office it almost felt like a hackaton every time. Also managers and the CEOs worked that way. And the hours in the office it felt more like fetching up with your wo-corkers. Sometimes we run out of desks, so we went to a desk together. But this rarely did happen.

On the other side there was the customer’s site. These were just large project areas where a huge amount of workers tried to do things. At that time there were no meeting rooms for most of the projects I was involved. We just did the meetings and hinted down the project goals. As this job was exhausting, I did not care about the office, the project room and the open space. I never thought of “you could be more productive if not interrupted all the time” because he just chased down the project road.

In both cases there was a lot of collaboration. Within the companies offices it was like a family, we helped each other and were happy to see each other. At the customer’s site collaboration was formed due to the urgency of the projects. We where firefighters, stormtroopers and the emergency.  Why did it work that way? The project were ingeniously staffed. If these teams would have used offices, the probably would have moved to the hallway to work together. It was a team thing, though.

Everything worked, because it was a limited situation. Everybody was aware, that the projects will end. The situation will change with the next project. So you do not care that much. Also once you left the project, you are not interested much in its future. Also this sounds harsh, one has to face this.

The Team Room

Once I joined a high performing team in a SMB in the software development field. Their location was a team room, applying scrum , QA, ProductOwners and ScrumMaster did live in the same team room. With twenty people it was a crowded place. While doing pair programming, it was a noisy place as well. The setup was fair, tables were separated side by side. But one did not face the pair in front of the table as they have been separated by partitioning walls. Half of the tales have been empty. For bi-weekly sprints you worked on different places, however everybody had its own desk, drawers and so on. It was a fair environment and you felt home, even if it was noisy all the time.

At one point we had to perform deep thinking tasks that took several days and weeks. Major do overs and architectural changes. At that point some of os moved (still as pairs) to smaller rooms. for a limited time to get these tasks done. This was backed by the team as everybody did know, there tasks will not be done right if one is interrupted all the time. Still, other team members came over or you were sitting from time to time in the team room.

As this was not my preferred environment, it worked. The team room was fine, we delivered an unbelievable amount of output and the team played well together. There were a lot of offsite activities by the team members, and still, some years afterwards we meet every year to see each other.

In terms of collaboration, it was very good, as the team worked as such, but there also were individuals who did “their thing”. We had no phones at all, and did almost not use any e-mail. It was simply not necessary as everybody was colocated.

 The Team Lead in the Team Room Fail

Several years ago, I took part in establishing a new development team for a new product as a team lead. We got an small office with one meeting room, a team room and a separated office for the Product Manager and the CEO. First of all, we kicked the CEO out of this office and away from the neighborhood of the developers. Also my desk, which was placed right in front of the developer desks, was removed. I went to the separated office together with the PM. We had to talk a lot and spent a reasonable time  on the phone. I did a lot of PoCs which needed some deep thinking time. Sometimes I did this work from my home office.

The team on the other hand worked together similar as in the situation above. However, it was much more “civilized”. The team was only a fith of the size and everybody was a specialist in his field. Everybody got a huge amount of time for their work without interruptions. This team performed in an outstanding way and produced an awesome output within few months in a exorbitant rate of quality – after I removed my desk out of the team room.

The Virtual Team

When I joined Microsoft I think in 2004, I joined a overall virtual team. Quarterly meetings in a regional office with our managers and from time to time some events. How could one collaborate this way? To make it clear from the very beginning: This was one of the most freaking awesome teams I have ever been with. E-Mails was on a minimum but chatting was always present. I think my chat log where about a Gigabyte. We hacked technology like insane – – always linked to each other. Coordination with management was on a minimum. We had our goals and did everything to reach and regularly to beat them.

Even though we worked everybody for him- or herself, we collaborated in an outstanding manner. The most impressive memory to this team are our come togethers. They were half party half hackathon, there was no or little welcome and no goodby ceremony. We just met, worked and left with a simple, see you tomorrow – knowing we already talk in the chats half an hour from that point on.

At that point we had this idea of mobile blogging restricted to the size of a SMS. We pitched this idea to an Redmond based product manager who told us, this idea has no potential. A few years later, Twitter emerged. Also I do not remember the PM, I really do hope he regrets this moment, every day since then.

Collaboration in this team was on an unbelievable level. There was a goal for the entire team, not for a single member of it. Management played an overall role in this and still, one of our managers is a good friend of mine today.

The Remote Worker

In 2006, I joined Microsoft Research. At the very beginning as software developer as remote worker.  Over time the team grew. We had members from Russia, Spain, Italy, France, Germany, UK and the US. You know what? Collaboration was on a almost all the time high. We had simple rules for the code, few guidelines, a lot of automation and awesome team members. From time to time we met at conferences or events. On a irregular timebase we met in person in Cambridge, UK as flights were cheap to this location.

We used e-mail, chats and video phone calls. At this time Skype was not used, it was even banned, within Microsoft, so we fought to use it. We used almost every technology available. I was on a kind of 24/7 standby as you knew knew if you get a call from any country in the world. In fact I was once called in the middle of the night with the request to remote setup some demos as they were supposed to presented in front of Bill Gates. I did not kew about this until I got the call. So we fixed it. Another Sunday, I got a call from Redmond. It was my architect, telling me that he is preparing a demo for the next day and I broke the build. So I fixed it. Even I never switched off my phone, this was never really stressful. There were goals we worked on (and usually reached them) and there was a high level of collaboration. Again, the team was almost fully virtual.

The Office Day Fail

Right now, I am in product management role, doing a lot of in-house consultancy regarding enterprise architecture. My employer has an awesome policy of all work must be able to be performed from any place. And the same way we have shared desks and a clean desk policy. So far so good, but than again, there is this 20% home office rate as we do not have desks for all employees at the same time. We have open space offices or 8 open floors. Table groups of four everybody facing each other. The open space is supposed to encourage collaboration. However, everyday I see how many of my co-workers just work side-by-side rather than collaborating. E-Mails and Chats are on a all time high, Mails are written and read during meetings. There are many meetings. The places are crowded, it’s noisy and there are endless interruptions.

There is only little deep thinking you can perform. You are just interrupted that often. The most I was able to sit down 360 seconds before being interrupted and being asked “Do you have five minutes?”. I usually have 20 or more of them after such an interruption.

As there is no barrier as an office, the obstacle to interrupt someone is very low. This in fact does include myself as well. I do interrupt people way to often, which I do regret immediately afterwards.

I love being on the phone or doing Skype calls. I hate it in the office. There are thirty co-workers sitting in your neck. Also I do perform really bad in negotiations in an open space. Behind a door – I do really good I think. I just do not want to bother my co-workers to much. It happened to me that I went to a  toilet to do a Skype call for a negotiation just for having some privacy – and to say things only to be said… behind closed doors.

I don’t know how much I perform in open space in terms of coding and architectural decisions. Creativity drops down to a minimum when being afraid of being interrupted any second. On the other hand I come to the office every morning with new ideas. After sitting just for one or two hours in the evening without being interrupted.

My mails suck. Even though I try to avoid writing e-mails, I happens more than once to me that in the middle of the progress of writing, I was interrupted. Once the interruption was over, and the next interruption just queued up, I accidentally sent the mail. With an unfinished sentence in the middle of the unfinished mail.

When I try to write some code (mostly PoCs or demos nowadays) it takes ages. I either do it before the majority of co-workers arrives or later, when most of them have left.

I take my mandatory home office day. I usually get more intellectual work done during this day than in the rest for the week.

Without exact measurements, I feel like in a disruptive environment, I only perform 25% of what I could achieve otherwise.

If I look at the team, everybody works side by side. Almost no collaboration. Excessive usage of communication tool for remote communication and ticketing systems are utilized rather than collaborating.

Is it Only Me?

I wondered if this only for me. No one seems to have an issue with this. Everybody seems to be happy, beside me. Until a few weeks ago.

Two co-workers told me, that If I want to get something done in code, I should join there every-evening.-coding session. So they set up a Skype conference for one or two hours almost every evening where they actually do the new things.

Another co-worker came by with an awesome presentation. He did an overall comparison of platforms. He showed it to us, and showed us a book he worked through. He did during night hours for the last few weeks.

Actually, these are my top developers. I have to wonder why they have to do this during night hours. When they are not disrupted.

And then I read something here:

If your work environment fosters distractions (commonly known as “open space”), a grand majority your engineers will be stressed to the bone, and probably doing 10% of what they can actually accomplish.

tl;dr Conclusion

Also this is my very personal opinion, I had the best collaboration experience in remote teams – workin remote. Not based on working hours. Working on-site was never that awesome.

Good people will probably always sacrify their free time to fetch up disruption at their work place.

But why does remote work rock that much? In my opinion, you can work when you can perform the best. Who says I work the best at 8 am in the office? Maybe “my creative time” is 11 pm to 2 am.

If you set up an remote working environment,  this might not work out for everybody. There are always individuals not providing sufficient discipline for self-responsible work. However, in my experience, if you set up a remote working team, you usually have only team members in it, capable of providing this kind of work.

This might not work for a given team, but should be considered when creating new ones as already Martin Fouler pointed out in his article.

The fact that you can get a better team by supporting a remote working pattern has become increasingly important during my time in the software business and I expect its importance to keep growing.

Based on my experience, remote first teams can outperform co-located teams due to many aspects.

How to deal with GMAIL Undelivered Mail Returned to Sender

If you run your own mail server, you might end up quite frustrated because the Google relays do reject your mails.

Maybe your mails get rejected by the Google servers with the following message:

Our system has detected that this  message does not meet IPv6 sending guidelines regarding PTR records and authentication. Please review for more information.

If you start reading your frustration level might even increase, due to the difficulty to deal with many of the requirements to get your mails to a Google server delivered. If you start digging into the various topics, you might end up even more frustrated as you have more questions as before.

At the very end, you just have to set up a few things to make your mails fully compliant, so even Google’s server do accept them. In addition you will get high quality mails – at least regarding the tech, content is entirely up to you.

I do run a setup of mail, Dovecot, Postfix and SpamAssasin on a Ubuntu server. Therefore, this article will cover the topic on these examples but should be able to be applied to almost any other system – as long as you replace tech X by tech Y.

Testing you Mail

The first issue is how to learn about your mails issues at all. To evaluate your mails, turned out to be a perfect platform for me. As you only can evaluate three mails a day for free, you might throw in a few bucks if you in a hurry, or it might simply take some days to you to finish the tests.

How does it work? You get an unique mail address where you send your mail to. Once the mail was received any flaws in the mail will be displayed and explained (which definitely is a huge added value).

10/10 Score at

Believe me or not, I definitely haven’t had a score of 10/10 before.

SPF Record

First make sure, your DNS provides an SPF record. With no or little knowledge, I tried to create one by myself based on Google’s help page about SPF records. Did not work well at all.

I finally ended up with the following SPF entry for my DNS:

v=spf1 mx ip4: -all
  • a is just to indicate that there might be scripts sending mails
  • ip4: depicts the mails server we are talking about in the entry
  • -all means there only this mail server while the mx indicates that only domain’s MXs are allowed to send mail for the domain while all others are prohibited.

It took me a while to figure out the right (or at least something working) based in the SFP record syntax. So why do we do this? The idea behind SPF is simple, once you have published your policy, the receiving server can check if the mail is compliant with your policy. In my case, mails sent from scripts might be fine, as long as they come from my server. If someone sends a mail from server 154.354.32.2 this mail will be probably not sent by me, as it is not compliant with my policy. Google’s server do these checks, and that’s on of the reasons your mails are rejected by them.

Finally the SPF entries doe look like the following at my DNS:

DKIM – DomainKeys Identified Mail

Next, I started with DKIM. Again, if you start reading at, you probably end up reading several IETF RFCs and a lot of question. Reading RFCs is always good and highly recommended by me, but actually did not solve my issue.

The good thing about Ubuntu is, there is an package called OpenDKIM which can be installed via

sudo apt-get install opendkim opendkim-tools

I got relatively lost, when i came to configure OpenDKIM and Postfix until I found the Postfix/DKIM site at the Ubuntu documentation.

First of all you need to add the domain to the /etc/opendkim.conf. You might want to exchange my domain to your corresponding one.

KeyFile   /etc/postfix/dkim.key 
Selector   dkim

Now, I had to generate the key file.

opendkim-genkey -t -s dkim -d

If you did it the same way as me, the file is probably located in the wrong directory. So move the file to the location provided above.

mv dkim.private /etc/postfix/dkim.key

Now I went to /etc/default/opendkim. Unlike as described in the Ubuntu documentation, I had to add the listening socket – which seems to be a standard one at Ubuntu.


I then went back to /etc/opendkim.conf and added the same port right below the Selector entry.

KeyFile   /etc/postfix/dkim.key 
Selector  dkim
Socket    inet:8891@localhost

Now, I went to the /etc/postfix/ file and added the following entries:

milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

For some reason, I now ended up with two DKIM entries in my outgoing mails. I had to add no_milters to the receive_override_options line in my /etc/postfix/ I had to fiddle a little bit with the until everything worked again.

-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters

Wherever you have created the keyfile, there will be an additional dkim.txt file. It will contain something like

dkim._domainkey IN TXT ( "v=DKIM1; k=rsa; t=y; "
 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCZFYWrNHupXvZHvWJAo6aGB6sXYf+kpUIJv+BcP6NFiF9GBy26oYZKt6/ngCXmNAIY9+yReY8UxG5GIm/QnInbXWxwDXyD0MHD8HrhHyVa6JVqTncexm29M5Bbp/u0JI4ToOQwIQqpgTr0t9ADP8i76pbelYQ5IQDOwJRJQ2N1iQIDAQAB" ) ; ----- DKIM key dkim for

Creating the corresponding DNS entry out of this seemed to be the most challenging part. You need to create an TXT entry similr to, of course using your domain. and you simply need the follwowing text in there


No quotes, no brackets, no nothing beside the above. This took me quite a while especially as DNS replication is nothing that works in real time.

For me the entry does now look like the following.

Once this is done, start OpenDKIM and restart Postfix so the changes will apply.

sudo service opendkim start
sudo service postfix restat

So far what does this actually mean? When a mail server receives your mail, it now will be signed with a DKIM key. If you check your mail headers, the will look similar to the following one.

By checking the dkim._domainkey DNS entry created before, the mail receiver now can check if the mail signature is authentic. Any mail server not in possession of the private key will probably not be able to sign the mail though, and could be thought of a spam server.

DMARC – Domain-based Message Authentication, Reporting & Conformance

Finally, it is necessary to create a DMARC record. Once SPF and DKIM are setup as above, you proceed similar as with the DKIM DNS entry.

Again you create a TXT revord for your DNS. This time the record is named _dmarc.domain.TDL, e.g. in my case.

I created a relatively simple record:

v=DMARC1; p=none

I.e. p=none: the I do not requests any specific action be taken on mail that fails DMARC authentication and alignment.

At the very end, it looks like this for my DNS:


To get Google accepting mails from your own mail server, only a few steps are necessary. Setting up SPF, DCIM and DKIM are basically all which might be needed if Google rejects mails from your handcrafted mail server. You might want polish your SPF and DMARC records to align your policies with your very personal goals. If you are interested further in e-mail architecture, the book from Kevin Thomas called Email Architecture, Design, and Implementations might be something for your.

Locating unknown Raspberry Pi device in your Network

Just as a quick hint, once you have set up a new Raspberry Pi device (or probably any other device) which you don’t know, simply run the arp command to find out about your neighborhood.


arp -a

will make usage of the ARP protocol and give you some interesting information about some devices in your network.

arp -a

In my very case, I was told, the newly installed Raspberry Pi got the IPv4 address

.NET Core on Mac OS X

After MSFT started to open source .NET Core, it eventually found its way on my Mac OS as well.

The easiest way seams to be installing the .NET Execution Environments using Homebrew based the instruction given at Github.

sudo brew tap aspnet/dnx
sudo brew update
sudo brew install dnvm

Installation von .NET Core via Homebrew

Afte registering dmvm via


one now should be abel to install .NET core using the following dnvm commands

dnvm upgrade -u
sudo dnvm install latest -r coreclr -u

For whatever reason I permanently run into issues such as

Installing to /Users/andreas/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004
find: /Users/andreas/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004/bin/: No such file or directory
chmod: /Users/andreas/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004/bin/dnx: No such file or directory

First of all, I tried tried to update dmvm itself and again run into issueS:

foo@mac-pr:~/.dnx$ dnvm update-self
~/.dnx/dnvm/ doesn't exist. This command assumes you have installed dnvm in the usual location and are trying to update it. If you want to use update-self then should be sourced from ~/.dnx/dnvm 

Trying so create the missing folders and links manually

sudo mkdir ~/.dnx/dnvm; 
sudo ln -s /usr/local/Cellar/dnvm/1.0.0-dev/bin/ ~/.dnx/dnvm/

as well as sourcing directly from the ~/.dnx/dnvm location did not help.

Every time running

dmvm update-self 

ended up in something like

Downloading from 
Warning: Failed to create the file /Users/andreas/.dnx/dnvm/ 
Warning: Permission denied

As very last attempt, I tried to run all these stuf as su. Unlike on Linux systems, root is not enabled by default on MAC OS though. Therefore it was necessary to enable the root user following these steps.

Now you can run su in any terminal, though.

su on Mac OS

Determining latest version
Latest version is 1.0.0-beta6-12004 
Downloading dnx-mono.1.0.0-beta6-12004 from
######################################################################## 100.0%
Installing to /var/root/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004
Adding /var/root/.dnx/runtimes/dnx-mono.1.0.0-beta6-12004/bin to process PATH
Setting alias 'default' to 'dnx-mono.1.0.0-beta6-12004'

Eventually, you now can run and successfully complete

dnvm install latest -r coreclr -u

and write and run your first .NET application on Mac.

Unfortunately, all bits installed are only available for root once you followed the above instructions.

I do not want to see this web content on Yosemite

For a couple of weeks I now this really annoying message during the start up  of my Yosemite installation.

To view this web content, you need to install the Java Runtime Environment.

If I do follow the instructions of the pop up, I usually land on the Java site.

To view this web content, you need to install the Java Runtime Environment.As I develop on a regular base, I have the latest version of Java already installed (right no it should be version 8u25). Therefore, nothing to do.

I case you thought of installing Apple’s Java version for Mac. That’s  IMHO not the way to solve the issue. You might cure the symptoms, however, you will not fix the root cause for this issue.

To get rid of the message, you need the find the root cause. In my case it was the attempt to try Facebook’s video chat some weeks ago. That was the only one installation I performed since I receive this message. Even though, I disabled the add-on in Firefeox, the message kept showing at start up.

To get finally rid of the message head straight to the terminal and enter

launchctl list

In case you wonder that launchctl does, check the manpage which says

launchctl interfaces with launchd to load, unload daemons/agents and generally control launchd. launchctl supports taking subcommands on the command line, interactively or even redirected from standard input. These commands can be stored in $HOME/.launchd.conf or /etc/launchd.conf to be read at the time launchd starts.

Anyway, you shot not get a list of off all jobs loaded into launchd. There ckeck if you can find com.facebook.videochat.{username}.updater in this list. Wondering what this is? It’s some kind of Facebook-collects-your-data thing. Honestly, I don’t want to know much more about what it does, I just want to get rid of it.

com.facebook.videochat updater

Check out

ls ~/Library/LaunchAgents/ | grep facebook

You should get something like com.facebook.videochat.{username}.plist.
Now run

launchctl unload ~/Library/LaunchAgents/com.facebook.videochat.{username}.plist

followed by

launchctl remove ~/Library/LaunchAgents/com.facebook.videochat.{username}.plist

You might want to run the following command instead

launchctl remove com.facebook.videochat.{username}.updater

You now can delete the property list file

rm ~/Library/LaunchAgents/com.facebook.videochat.{username}.plist

Now check for the FacebookUpdate application  via

ls ~/Library/Internet\ Plug-Ins/ | grep Facebook

Again, you should fine something like FacebookVideoCalling.bundle. Send it to /dev/null via

rm ~/Library/Internet\ Plug-Ins/FacebookVideoCalling.bundle

Now there still something to get rid of by calling

rm -R ~/Library/Application\ Support/Facebook/

Et voiá, your are done. The cause for the message should be gone by now.

To get rid of the JAR file itself use Spotlight to looking for FacebookVideoCalling. You should find something like FacebookVideoCalling_v1.6.jar. Use Finder then to get rid of it.

Finding FacebookVideoCalling_v1.6.jar That is, by the way, the only thing Facebook suggest to uninstall the videochat. Not only, the sort of infect you with the above updater, they also do not provide useful information for uninstalling the stuff.

The fact, Facebook’s add-on installed this nasty updater is quite annoying. Adding a job to the launchd for an Firefox add-on is quite questionable. Even more annoying that this one slipped through the cracks.

Fixing the GPG Crash on Yosemite

Since upgrading to Yosemite, I have trouble running GPGMail with my Mac. When hitting the New Mail button Mail simply crashes.

GPG New MailThere is little I can do, and I almost gave up. The logs don’t help that much, though.

Crashed Thread:        0  Dispatch queue:

Exception Type:        EXC_CRASH (SIGABRT)
Exception Codes:       0x0000000000000000, 0x0000000000000000

Application Specific Information:
*** Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<HeadersEditor 0x7fb0b6584680> valueForUndefinedKey:]: this class is not key value coding-compliant for the key _composeHeaderView.'
abort() called
terminating with uncaught exception of type NSException

However, there is this single thread in the GPG support forum, someone had the exact problem, while support pointed out there is some Yosemite beta of the GPG tools. Just in time,  GPG Suite Beta 4 was released, and it works like a charm.

GPG Suite Beta 4 workingIn case you are looking for the public key, pick it up here.


Fingerprints as Security Token

I am still wondering how people can even think of using fingerprints as security tokens. You spread them all over. It’s like writing down your credit card PIN wherever you are.

Therefore, fingerprints a great for identifying you, however, not for authenticating yourself.

Think about it. These are two absolutely different things.

Getting Exim4 Done the Job

In my current project, moving my home server from a PC Tower running Windows Server 2003 to a more energy as well as space efficient Mac mini, I need to migrate quite a bunch of tools and scripts from Windows to Ubuntu.

Said that, hMailServer served me well for years on my local network. It was easy to install, maintain and run. However, I was now looking for some more lightweight solution for the new server.

The need can be summarized quite easily:

  • arbitrary devices and services on the local network need to be able to deliver mails via SMTP to the server
  • local services on the server need to be able to send out mails as well
  • the server needs to forward the mail to my real server
  • very basic authentication is a must
  • it need to run on my old 1.66 Ghz Mac mini

At all it’s as simple as the following diagram:

Exim4 SetupAfter digging through all the stuff such as Sendmail, Postfix and so on, I ended up with Exim4 as the perfect solution for my needs.

Basically, after installing it via

sudo apt-get install exim4

the only thing is to quickly run through the setup.

sudo dpkg-reconfigure exim4-config

It’s sort of guided and quite easy to do as long as you have some experience with networks. However, there are quite some pitfalls which are quite annoying if you are little experienced with Exim.

Network Interfaces

Assign all network interface IP addresses you want to listen for incoming mails as seen below.

Ecim4 Mail Server configurationHowever, make sure providing only IP addresses from network interfaces, which are actually connected to the network. Otherwise the daemon might fail to start.

014-12-25 10:23:46 socket bind() to port 25 for address failed: Cannot assign requested address: daemon abandoned

If the network interfaces are set up correctly, you should find the daemon listening on the network interfaces specified before:

2014-12-25 10:31:06 exim 4.82 daemon started: pid=16276, -q30m, listening for SMTP on []:25 [::1]:25 []:25

Monitoring the logs

Whenever you try to figure out what’s going wrong while connecting from any client during the setup, e.g. to check the logging information above, it might help to start tailing the log via

sudo tail -f /var/log/exim4/mainlog

The Paniclog Fail

When messing with the configuration, you might end up from time to time with the following message while starting the daemon.

ALERT: exim paniclog /var/log/exim4/paniclog has non-zero size, mail system possibly broken

Check the file, and just delete the log file after fixing the cause for the log entry.

sudo rm /var/log/exim4/paniclog

The Authentication Test

Once up and running, you might want to check the server. It might be quite convenient to check simply via Telnet by opening to your Exim server and one of the IP addresses provided before.

macbook:~ andreas$ telnet 25
 Connected to
 Escape character is '^]'.
 220 macmini ESMTP Exim 4.82 Ubuntu Thu, 25 Dec 2014 11:47:43 +0100
 250-macmini Hello macbook []
 250-SIZE 52428800
 250 HELP

Following the SMTP protocol, you can ask the server using

ehlo <someIdentifier>

The ehlo verb provides some computer-readable information about the server’s abilities, though.

Instead of Telnet you could start Exim using

exim -bh

This will bring up Exim wit a testing session.

*** SMTP testing session as if from host
**** but without any ident (RFC 1413) callback.
**** This is not for real!

>>> host in hosts_connection_nolog? no (option unset)
>>> host in host_lookup? yes (matched "*")
>>> looking up host name for
>>> IP address lookup yielded localhost
>>> gethostbyname2 looked up these IP addresses:
>>>   name=localhost address=
>>> checking addresses for localhost
>>> no IP address for localhost matched
>>> does not match any IP address for localhost
>>> host in host_reject_connection? no (option unset)
>>> host in sender_unqualified_hosts? no (option unset)
>>> host in recipient_unqualified_hosts? no (option unset)
>>> host in helo_verify_hosts? no (option unset)
>>> host in helo_try_verify_hosts? no (option unset)
>>> host in helo_accept_junk_hosts? no (option unset)
220 macmini ESMTP Exim 4.82 Ubuntu Fri, 26 Dec 2014 11:39:25 +0100

Again ask the server using ehlo.

>>> in helo_lookup_domains? no (end of list)
>>> host in pipelining_advertise_hosts? yes (matched "*")
>>> host in auth_advertise_hosts? yes (matched "*")
>>> host in tls_advertise_hosts? no (option unset)
250-macmini Hello []
250-SIZE 52428800
250 HELP

I figured this out, as one of my devices, an failed to send a status mail.

Dec 25 13:32:07 SMTP[2007]: smtp error (auth failed): 250 HELP^M
Dec 25 13:32:07 SMTP[2007]: SMTP authentication failed

The Missing Plain Auth Advertisement

So far, everything works as a charm. However, for the recent setup, I wanted to have plain authentication for most of my clients. This did cost me half a day to figure out and drove me almost mad while digging through tons of Exim docs.

First of all, activate plain authentication for the server by changing the configuration

sudo vim /etc/exim4/conf.d/auth/30_exim4-config.examples

Here you need to remove the comments from the following section

  driver = plaintext
  public_name = PLAIN
  server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
   server_set_id = $auth2
  server_prompts = :
  server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}

Finally  update the configuration

sudo update-exim4.conf

and restart Exim

sudo service exim4 restart

If you now walk through the tests above, the server will still omit the authentication advertisement.

Once that has been done, create (or edit if it already exists)the exim4.conf.localmacros file.

sudo touch /etc/exim4/exim4.conf.localmacros.
sudo vim /etc/exim4/exim4.conf.localmacro

Add the following line and restart the daemon once again.


If you now start the tests again, you will see the authentication advertisement of the server, though.

ehlo test
 >>> host in smtp_accept_max_nonmail_hosts? yes (matched "*")
 >>> test in helo_lookup_domains? no (end of list)
 >>> host in pipelining_advertise_hosts? yes (matched "*")
 >>> host in auth_advertise_hosts? yes (matched "*")
 >>> host in tls_advertise_hosts? no (option unset)
 250-macmini Hello test []
 250-SIZE 52428800
 250 HELP

Once this worked at the very end, the devices where able to send vie my Exim relay.

Test Mail from IC 3115W CameraDealing with Non System Users

When dealing with non system users, you can simply create Exim users via

sudo /usr/share/doc/exim4-base/examples/exim-adduser

That’s quite easy, when dealing with plain authentication. Keep in mind, users and passwords are stored in plain text in the /etc/exim4/passwd file.

Failed to find Host

In case you get some log entries such as

2014-12-25 12:12:31 refused relay (host) to ...; from &...; H=(...) [] (failed to find host name from IP address)

You need to add some host names for the corresponding IP addresses in /etc/hosts.


RDP from Mac to Ubuntu

I am currently in the progress of moving my entire home automation server from Windows 2003 to a Ubuntu LTS. However, connecting to the new server via SSH is quite painful. As I am using openHAB including the Eclipse-based editor, I would prefer to connect to the server from Windows and Mac via RDP.

I tried quite a while using XRDP, but almost gave up as I always had trouble, either not being able to connect or having no desktop at all.

Therefore, kudos to Mike Rehner, who came up with a step by step guide how to install and cofigure XRDP on Ubuntu.

20 minutes absolutely worth watching, especially as he comes up with two or three hints, I haven’t foundon any other tutorial so far such as

  • you are going to need a 2D desktop such as MATE Desktop Environment
  • you need to connect several times using the RDP as the first or second attempt might fail
  • how to change the XRDP settings to be able to connect to previous session

The proof, I was able to connect to the Ubuntu via my Mac, though:

XRDP Mac OS X Ubuntu


The Right Moment to start over with Visual Studio and .NET

Yesterday, Somasegar, corporate vice president of the Developer Division at Microsoft announced Microsoft is going to open source the .NET platform. Since I left Microsoft in 2011, this is one of the moments I am most stunned. There is a fully featured community edition of Visual Studio, Android emulator, .NET open sourced under the MIT License, support for Linux and Mac OS X. Further background information can be found on my former colleague Immo’s post over here.

I went from Windows to Mac once I left, dug into Python, Java, a lot of Apache projects and somewhat C++ and JavaScript, developing for the new Jolla and Sailfish OS and contributing to the IoT project  OpenHAB. Anyway, I never really was that overwhelmed by the dev ecosystem as I was with Microsoft.

It does not look like the Microsoft I left at all, however, with these major changes, I will be definitely one of the first nailing .NET on my Mac OS X.  I am looking forward for this. For today, I will install the new Visual Studio Community 2013 on my virtual Windows, though.