Edit /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15Safe_ports with whichever text editor you feel comfortable with (vi or pico) and add whatever ports you wish to allow, to the end of the line of text.
Save the changes, then...
/sbin/e-smith/db accounts setprop admin Visible internal /sbin/e-smith/signal-event email-update
instead of admin you can type in any user. Trying to sent mail to the admin/user It should report something like this:
20*.**.**.248 does not like recipient. Remote host said: 553 Sorry, that address is in my badrcptto list. Giving up on 20*.**.**.248.
Some user report that this in not working with ClamAV installed.
Ian Wells 15 July: The updates structure and process is undergoing changes. This FAQ entry will be updated to reflect this soon.
SME should be updated regularly from the updates directory. It is important to install all the updates supported by Contribs.org: the reliability and the safety of your server can depend on it.
NB: At this time, an automatic update policy is not yet defined. As this policy evolves, this FAQ will be updated to reflect it.
If you want to administer your SME Server remotely, it is recommended to use an encrypted connection. One of the easiest ways is to use SSH (Secure Shell) which offers a protected and encrypted method to logon to a SME Server from your desktop and to copy files between machines. By default, SSH access is prohibited; once authorized, it remains possible to authorize or forbid remote root access.
SME includes a SSH client and server, and supports both SSH1 and SSH2 protocols. You will easily be able to find many software clients for Windows or Macintosh, free or commercial. Putty is a good example. The Windows version is available here.
There is another possibility: to use a VPN tunnel (PPTP) to connect to your server. A PPTP connection to an SME server can easily be established on an existing Internet connection. Once the PPTP connection is established, an external client seems to be on the local area network managed by the server. You can then access other clients, ot the Server Manager, in a protected way.
It is still possible to access SME Server from the local network using telnet, but this method is deprecated. Because user names and passwords are sent across the network in clear text (unencrypted), it will reduce the security of your server to a significant degree. For this reason, telnet access is not enabled by default, and it is recommended to forbid telnet unless you absolutely need it, and then, just for the time it is necessary. Putty, or Mindterm, work very well, and don't send passwords in clear text.
If you are logged on locally (at the SME Server itself), it is possible to switch to another virtual terminal by using the key combination ALT-F2 (for tty2), ALT-F3 (for tty3), etc.
Then can you can log on with root and the admin password. By default, only the root account has shell access. A regular user account can be given shell access by root by using the chsh command. Shell access should only be given to highly-trusted local users, and only when absolutely necessary.
The best way consists in installing binary packages RPM (ix86.rpm) or noarch (noarch.rpm). The standard RedHat packages should be able to be directly installed on your SME server.
It may be required to install an additional package for it to be perfectly integrated on your SME. You will find on this site many contributions which were developed specifically for SME Server. The mailing list and the forums also contain much information on the way to install and configure these packages. There is a search box to help you find answers to your questions.
It can also be useful to consult 'CPAN' (Perl) files, 'Freshmeat' or other websites where you can find precompiled RPMs of the software which you wish to install.
In certain cases, the --nodeps option will also allow you to install a RPM by ignoring some dependences that are not present on the server.
If you want to compile and create packages on SME, please refer to the Development section of this site.
The best way is to use your ISP's smtp server to send email when you are outside of your LAN. Generally it requires you to modify (or add an additional) mail account on your PC. It's a problem, therefore there are solutions:
Use a common host name.
Does hostname "mail" correspond to a valid smtp server when you are remotely connected? If yes, then you can associate the account name of server smtp to use "mail" and you will be able to send mails from outside in in the same way that you would if you were on the local area network, without changing anything. Or, you can connect to the SME server via VPN (PPTP) and then send the messages. Some mail clients such as Outlook Express allow the configuration of several accounts. It is then possible to define an account used on the local area network and another used from outside. Also you can enable Webmail via HTTPS and to use this to send send the messages since this interface is accessible from outside your network.
Incoming Netmeeting calls are not supported and will not function with a standard installation of SME. To receive H323 calls, you need a gatekeeper. A gatekeeper is included in 'NetMeeting?', and it is the best known. There is a gatekeeper available for Linux, distributed under the Mozilla Public Licence: http://www.opengatekeeper.org.
It is also possible to use a H323 proxy such as: Phonepatch
The best solution consists in storing the strings directly in the memory of the modem, rather than to specify it with each connection.
To store the initialization strings in the modem using the AT command set, use a program such as minicom and type commands similar to these examples:
That gives the machine parameters, returns the desired parameters (AT&C1&D2&Q0%C0) and records the modifications (you can need orders AT&F0 and AT&W0; to see the handbook of the modem for specific AT commands). The ATZ commands will restore these parameters without any modification in the SME server configuration.
You will be able to find instructions on how to use minicom, and the modem commands on the page:
If you absolutely must use initialisation strings at the time of connection, the variable 'ModemInit' should be defined with the command:
'/sbin/e-smith/db configuration set ModemInit "M1L1&C1&D2"'
and to activate the changes by the command:
'/sbin/e-smith/signal-event console-save '
Yes, in fact, this limit of twelve characters was deliberately fixed to ensure a compatibility with Windows 9x hosts. You can modify the maximum length by associating the value wanted with the variables maxIbayNameLength, maxAcctNameLength and maxGroupNameLength. When no value is specified, twelve is used by default.
For example, to authorize a fifteen-character maximum length for account names, type the command:
'/sbin/e-smith/db configuration set maxAcctNameLength 15'
Yes, a SME server can be used as time server for workstations under Windows, Macintosh and (*)nix like any client supporting NTP or ntpdate. The time server of SME Server is installed by default, and no particular configuration needs to be made.
No, these tools or others with graphical interface (like direct configuration files editing "by hand") are not supported because they are basically incompatible with the configuration system of SME. A system of intelligent managementof configurations files based on templates is implemented in SME. The majority of the system configuration files are not modified directly by SME Server-Manager; in fact the templates are modified and used to regenerate the configuration files upon receiving a system-update event.
If SME manager does not allow you to make the changes which you wish, you can inform Contribs.org of this by addressing a message on the Suggestions forum.
Ftp 'chmod' is prohibited by design for security reasons. It's up to the administrator to define the execution rights of any script able to run on the server. To authorize 'chmod' via ftp would be like authorizing the users to make such modifications and it's a safety risk.
Copy the templates which you need into the custom templates directory:
Modification of the new template:
Expand the corresponding configuration file (/etc/diald.conf) and restart diald service :
To use SSH 2.0 protocol, you must create a custom template as described below:
Copy the original templates into the custom templates directory:
'mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config '
'cp /etc/e-smith/templates/etc/ssh/sshd_config/20HostKey /etc/e-smith/templates-custom/etc/ssh/sshd_config'
Edit /etc/e-smith/templates-custom/etc/ssh/sshd_config/20HostKey and add the two lines:
execute these two command lines:
You should now be able to connect to your SME server using SSH 2.0.
If you configure SME to query an external DNS server with name resolution requests, it is possible for the ISP to fail to resolve them. You will also have to reconfigure your SME Server every time you change ISP's. The increase in performance is tiny compared to the ease and reliability you get if you do not define a external DNS server.
Beginning with SME Server 6.5, the ability to specify another DNS name server in the Server Manager was removed, because of the problems it was causing with end-users. SME is still able to forward name requests, and if you are sure you really need to do this, here's how:
Determine the IP of the DNS server you want to use. Of course this server must be one that the SME Server can 'see' on the network.
Open a terminal session and type:
/sbin/e-smith/config setprop dnscache Forwarder <enter the IP here (without the <>'s)>
To remove it do the following:
/sbin/e-smith/config delprop dnscache Forwarder
The function "backup to desktop" will create and transfer a compressed file (smeserver.tgz) which contains the following files and repertories:
The function "backup to tape" will make a level 0 backup(*) of all the file system, thanks to the program flexbackup (flexible backup script). (*)A level 0 Backup of "everything" requires using a new tape. It will be retightened and erased.
The command "df" returns the usage level of the file system. Used with the options "-h" and "/", it will post the size of the root partition, used space, and available space.
'df - H/'
=filesystem Size Used Avail Use% Mounted one
=dev/hda6 1.2G 310M 838M 27% =
Type df -- help to obtain a list of options.
You may also install the phpsysinfo contrib and watch the information about the "Mounted Filesystems" on http://servername/phpsysinfo/
Yes, but be careful: by default, no user (with an activated account) can establish a PPTP connection to the server. Using the Server-Manager, access can be activated, in the Users section.
Be carefull how high you set the maximum number of authorized connections for PPTP. See the Forums for details.
You should do this only if the two machines are physically identical. Many major elements, like the type of processor, are detected at the installation. The installation program will install many important packages dependent on the type of processor, and kernel. Such packages are likely not to function with other hardware.
If you move the disc on a less powerful machine (ex: from a PIII to a Pentium), the machine will stop just after having posted "freeing CPU memory".
If you move the disc on a more powerful machine (ex: from a Pentium to a PIII), you will not profit from the increase in performance.
In this case, it is recommended to update (using the same version) in order to ensure that the packages installed correspond to the type of processor in your server. That will also make it possible to detect and install the SMP core if necessary.
No. Foo@primary.com and email@example.com represent the same user and thus the same mail account.
At the time of SME installation or update, there should be only one disc, or two identical discs which will be used in mirroring (software RAID-1). All the other disc must be disconnected.
If you have two discs and you have not selected the software RAID, the second disc partitions table will be rewritten. What installation will do with the second disc is not definite.
Sorry, you don't. Bad luck.
a.b.c.d should be one of the DNS servers on your LAN, which must be able to resolve host and domain names on your LAN, and should be able to resolve reverse DNS for your LAN.
Apply these examples to the required log file to get output in date format
To show everything
grep "" /var/log/qmail/current | tai64nlocal
To show only selected occurrences
grep "hello" /var/log/qmail/current | tai64nlocal