AdministrationFAQ

Administration FAQ | InstallationFAQ | SecurityFAQ | TroubleshootingFAQ | Tweaking FAQs

back to SME Server FAQs

* How to open ports on the Squid Proxy Server

mkdir -p /etc/e-smith/templates-custom/etc/squid/squid.conf
cp /etc/e-smith/templates/etc/squid/squid.conf/20ACL15Safe_ports /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15Safe_ports

Edit /etc/e-smith/templates-custom/etc/squid/squid.conf/20ACL15Safe_ports with whichever text editor you feel comfortable with (vi or pico) and add whatever ports you wish to allow, to the end of the line of text.

Save the changes, then...

/sbin/e-smith/expand-template /etc/squid/squid.conf
/sbin/e-smith/signal-event console-save

jckelly

* How do i make the admin account/a user account invisible for external emails?

Issue on console

/sbin/e-smith/db accounts setprop admin Visible internal
/sbin/e-smith/signal-event email-update

instead of admin you can type in any user. Trying to sent mail to the admin/user It should report something like this:

20*.**.**.248 does not like recipient. Remote host said: 553 Sorry, that address is in my badrcptto list. Giving up on 20*.**.**.248.

Some user report that this in not working with ClamAV installed.

(Charlie Brady)

* Which updates do I need to apply to SME?

Ian Wells 15 July: The updates structure and process is undergoing changes. This FAQ entry will be updated to reflect this soon.

SME should be updated regularly from the updates directory. It is important to install all the updates supported by Contribs.org: the reliability and the safety of your server can depend on it.

NB: At this time, an automatic update policy is not yet defined. As this policy evolves, this FAQ will be updated to reflect it.

* How can I manage SME remotely?

If you want to administer your SME Server remotely, it is recommended to use an encrypted connection. One of the easiest ways is to use SSH (Secure Shell) which offers a protected and encrypted method to logon to a SME Server from your desktop and to copy files between machines. By default, SSH access is prohibited; once authorized, it remains possible to authorize or forbid remote root access.
SME includes a SSH client and server, and supports both SSH1 and SSH2 protocols. You will easily be able to find many software clients for Windows or Macintosh, free or commercial. Putty is a good example. The Windows version is available here.

There is another possibility: to use a VPN tunnel (PPTP) to connect to your server. A PPTP connection to an SME server can easily be established on an existing Internet connection. Once the PPTP connection is established, an external client seems to be on the local area network managed by the server. You can then access other clients, ot the Server Manager, in a protected way.

It is still possible to access SME Server from the local network using telnet, but this method is deprecated. Because user names and passwords are sent across the network in clear text (unencrypted), it will reduce the security of your server to a significant degree. For this reason, telnet access is not enabled by default, and it is recommended to forbid telnet unless you absolutely need it, and then, just for the time it is necessary. Putty, or Mindterm, work very well, and don't send passwords in clear text.

* How do I open a session in a terminal when I am on the administration console?

If you are logged on locally (at the SME Server itself), it is possible to switch to another virtual terminal by using the key combination ALT-F2 (for tty2), ALT-F3 (for tty3), etc.

Then can you can log on with root and the admin password. By default, only the root account has shell access. A regular user account can be given shell access by root by using the chsh command. Shell access should only be given to highly-trusted local users, and only when absolutely necessary.

* How do I add additional software to SME?

The best way consists in installing binary packages RPM (ix86.rpm) or noarch (noarch.rpm). The standard RedHat packages should be able to be directly installed on your SME server.

It may be required to install an additional package for it to be perfectly integrated on your SME. You will find on this site many contributions which were developed specifically for SME Server. The mailing list and the forums also contain much information on the way to install and configure these packages. There is a search box to help you find answers to your questions.

It can also be useful to consult 'CPAN' (Perl) files, 'Freshmeat' or other websites where you can find precompiled RPMs of the software which you wish to install.

* How do I install and update RPMs?

To install RPM packages on a RedHat based system like SME Server, you will need to know how to use the command line. These are the most used ones:

'man rpm' will show the man page of the rpm Note: to have the pages of handbook, you will have to download the RPM man-1.5i2-6.i386.rpm and install it with the following commands:
'rpm -ivh /path/to/the/file.rpm' will (i)nstall file.rpm with (v)erbose (detailed) feedback by posting (h)ashes during the installation.
'rpm -Uvh /path/to the/file.rpm' will (U)pgrade (update) the package, with the same options used previously.
'rpm -e file.rpm' will (e)rase (uninstall) the package

In certain cases, the --nodeps option will also allow you to install a RPM by ignoring some dependences that are not present on the server.

* I need to compile applications under SME. What do I need?

If you want to compile and create packages on SME, please refer to the Development section of this site.

* How do I send email (with SME smtp server) when I'm oustide my local area network?

The best way is to use your ISP's smtp server to send email when you are outside of your LAN. Generally it requires you to modify (or add an additional) mail account on your PC. It's a problem, therefore there are solutions:

Use a common host name.
Does hostname "mail" correspond to a valid smtp server when you are remotely connected? If yes, then you can associate the account name of server smtp to use "mail" and you will be able to send mails from outside in in the same way that you would if you were on the local area network, without changing anything. Or, you can connect to the SME server via VPN (PPTP) and then send the messages. Some mail clients such as Outlook Express allow the configuration of several accounts. It is then possible to define an account used on the local area network and another used from outside. Also you can enable Webmail via HTTPS and to use this to send send the messages since this interface is accessible from outside your network.

* How do I authorize entering (inbound) connections of 'NetMeeting' or H323?

Incoming Netmeeting calls are not supported and will not function with a standard installation of SME. To receive H323 calls, you need a gatekeeper. A gatekeeper is included in 'NetMeeting?', and it is the best known. There is a gatekeeper available for Linux, distributed under the Mozilla Public Licence: http://www.opengatekeeper.org.

It is also possible to use a H323 proxy such as: Phonepatch

----!

* How do I configure the modem initialization strings in SME?

The best solution consists in storing the strings directly in the memory of the modem, rather than to specify it with each connection.
To store the initialization strings in the modem using the AT command set, use a program such as minicom and type commands similar to these examples:

AT&F
AT&C1&D2&Q0%C0
AT&W

That gives the machine parameters, returns the desired parameters (AT&C1&D2&Q0%C0) and records the modifications (you can need orders AT&F0 and AT&W0; to see the handbook of the modem for specific AT commands). The ATZ commands will restore these parameters without any modification in the SME server configuration.
You will be able to find instructions on how to use minicom, and the modem commands on the page:
http://www.linuxdoc.org/HOWTO/Modem-HOWTO.html

If you absolutely must use initialisation strings at the time of connection, the variable 'ModemInit' should be defined with the command:

'/sbin/e-smith/db configuration set ModemInit "M1L1&C1&D2"'

and to activate the changes by the command:

'/sbin/e-smith/signal-event console-save '

* Is it possible to exceed twelve characters limit of the names of account, group or i-bay?

Yes, in fact, this limit of twelve characters was deliberately fixed to ensure a compatibility with Windows 9x hosts. You can modify the maximum length by associating the value wanted with the variables maxIbayNameLength, maxAcctNameLength and maxGroupNameLength. When no value is specified, twelve is used by default.
For example, to authorize a fifteen-character maximum length for account names, type the command:

'/sbin/e-smith/db configuration set maxAcctNameLength 15'
'/sbin/e-smith/signal-event console-save'

* Can LAN workstations be synchronized (NTP) on SME Server?

Yes, a SME server can be used as time server for workstations under Windows, Macintosh and (*)nix like any client supporting NTP or ntpdate. The time server of SME Server is installed by default, and no particular configuration needs to be made.

* Can I use other linux configuration tools on SME, such as 'WebMin', 'SWAT'...?

No, these tools or others with graphical interface (like direct configuration files editing "by hand") are not supported because they are basically incompatible with the configuration system of SME. A system of intelligent managementof configurations files based on templates is implemented in SME. The majority of the system configuration files are not modified directly by SME Server-Manager; in fact the templates are modified and used to regenerate the configuration files upon receiving a system-update event.

If SME manager does not allow you to make the changes which you wish, you can inform Contribs.org of this by addressing a message on the Suggestions forum.

* Where can I find the source code of SME Kernel?

SME Kernel is exactly the same as the one provided by RedHat. You can obtain its source code on any 'RedHat' mirror site.

* Where can I find .config file used to configure SME Kernel?

It's the RPM of 'RedHat' Kernel that is used. You will be able to find the .config file in the RPM of the kernel source, available on any 'RedHat' mirror site.

* Why isn't chmod authorized via ftp?

Ftp 'chmod' is prohibited by design for security reasons. It's up to the administrator to define the execution rights of any script able to run on the server. To authorize 'chmod' via ftp would be like authorizing the users to make such modifications and it's a safety risk.

* How do I configure SME to use a permanent connection by modem?

When you select the "Server and Gateway - Dialup" operating mode, you also have the ability to define the connection strategy. For a permanent modem connection, select the "continuous" mode. This option may be used for a connection with either a static or a dynamic IP address.
If your ISP provides you a static IP address, the server must assign you a good address when it is connected, by using component IPCP (Internet Protocol Control Protocol) defined in the RFC of PPP. If the server does not, you will have to contact your ISP to fix the problem.
If your ISP can't/won't configure its RAS (Remote Access Server) to give a good IP address, you will have to follow the instructions below to create a custom template. Once this template is created, you will not need to define the external IP adress or its subnet mask. It is not recommended to define a primary or secondary external DNS server.

Copy the templates which you need into the custom templates directory:

'mkdir -p /etc/e-smith/templates-custom/etc/diald.conf'
'cp /etc/e-smith/templates/etc/diald.conf/pppd-options /etc/e-smith/templates-custom/etc/diald.conf/pppd-options'

Modification of the new template:

'perl -pi -e "s/noipdefault/x.x.x.x:y.y.y.y/" /etc/e-smith/templates-custom/etc/diald.conf/pppd-options'

Expand the corresponding configuration file (/etc/diald.conf) and restart diald service :

'/sbin/e-smith/signal-event console-save'

* How do I modify the configuration to use protocol SSH 2.0?

To use SSH 2.0 protocol, you must create a custom template as described below:

Copy the original templates into the custom templates directory:

'mkdir -p /etc/e-smith/templates-custom/etc/ssh/sshd_config '
'cp /etc/e-smith/templates/etc/ssh/sshd_config/20HostKey /etc/e-smith/templates-custom/etc/ssh/sshd_config'

Edit /etc/e-smith/templates-custom/etc/ssh/sshd_config/20HostKey and add the two lines:

'HostKey /etc/ssh/ssh_host_dsa_key'
'HostKey /etc/ssh/ssh_host_rsa_key'

execute these two command lines:

'/sbin/e-smith/expand-template /etc/ssh/sshd_config'
'/sbin/e-smith/signal-event remoteaccess-update'

You should now be able to connect to your SME server using SSH 2.0.

* Why does SME recommend to not use a primary or secondary external DNS server?

If you configure SME to query an external DNS server with name resolution requests, it is possible for the ISP to fail to resolve them. You will also have to reconfigure your SME Server every time you change ISP's. The increase in performance is tiny compared to the ease and reliability you get if you do not define a external DNS server.

* How do I forward DNS name resolution requests to another DNS server anyway, in SME 6.5?

Beginning with SME Server 6.5, the ability to specify another DNS name server in the Server Manager was removed, because of the problems it was causing with end-users. SME is still able to forward name requests, and if you are sure you really need to do this, here's how:

Determine the IP of the DNS server you want to use. Of course this server must be one that the SME Server can 'see' on the network.
Open a terminal session and type:
/sbin/e-smith/config setprop dnscache Forwarder <enter the IP here (without the <>'s)>
/etc/e-smith/events/actions/dnscache-conf

To remove it do the following:

/sbin/e-smith/config delprop dnscache Forwarder
/etc/e-smith/events/actions/dnscache-conf

* What is backed up when using SME's backup function?

The function "backup to desktop" will create and transfer a compressed file (smeserver.tgz) which contains the following files and repertories:

/home/e-smith
/etc/e-smith/templates-custom
/etc/e-smith/templates-user-custom
/etc/ssh
/root/.ssh
/etc/passwd
/etc/shadow
/etc/group
/etc/gshadow
/etc/smbpasswd

The function "backup to tape" will make a level 0 backup(*) of all the file system, thanks to the program flexbackup (flexible backup script). (*)A level 0 Backup of "everything" requires using a new tape. It will be retightened and erased.

* How do I know what space is available on my hard disk?

The command "df" returns the usage level of the file system. Used with the options "-h" and "/", it will post the size of the root partition, used space, and available space.
For example:
'df - H/'
=filesystem Size Used Avail Use% Mounted one
=dev/hda6 1.2G 310M 838M 27% =

Type df -- help to obtain a list of options.

You may also install the phpsysinfo contrib and watch the information about the "Mounted Filesystems" on http://servername/phpsysinfo/

* Is it possible to define which users can have an access using VPN?

Yes, but be careful: by default, no user (with an activated account) can establish a PPTP connection to the server. Using the Server-Manager, access can be activated, in the Users section.

Be carefull how high you set the maximum number of authorized connections for PPTP. See the Forums for details.

* Can I install SME on one machine and use the same hard disk on another?

You should do this only if the two machines are physically identical. Many major elements, like the type of processor, are detected at the installation. The installation program will install many important packages dependent on the type of processor, and kernel. Such packages are likely not to function with other hardware.
If you move the disc on a less powerful machine (ex: from a PIII to a Pentium), the machine will stop just after having posted "freeing CPU memory".
If you move the disc on a more powerful machine (ex: from a Pentium to a PIII), you will not profit from the increase in performance.

In this case, it is recommended to update (using the same version) in order to ensure that the packages installed correspond to the type of processor in your server. That will also make it possible to detect and install the SMP core if necessary.

* I created a virtual domain. Is there a distinction between foo@primary.com and foo@virtual.com?

No. Foo@primary.com and foo@virtual.com represent the same user and thus the same mail account.

* If I install SME on a computer with two hard drives, did it recognize them and use both?

At the time of SME installation or update, there should be only one disc, or two identical discs which will be used in mirroring (software RAID-1). All the other disc must be disconnected.
If you have two discs and you have not selected the software RAID, the second disc partitions table will be rewritten. What installation will do with the second disc is not definite.

You can add discs after installation or update, if you know some Linux. You will be able to find help in the Experienced user forum. There is also a how to:
How to add an extra hard disk to a SME server

* How do i change a username?

Sorry, you don't. Bad luck.

Charlie Brady

* How to turn off the SME DNS Server?

/sbin/e-smith/config setprop dnscache Forwarder a.b.c.d
/sbin/e-smith/signal-event post-upgrade
/sbin/e-smith/signal-event reboot

a.b.c.d should be one of the DNS servers on your LAN, which must be able to resolve host and domain names on your LAN, and should be able to resolve reverse DNS for your LAN.

Charlie Brady

* How to read the @4000000042a81.. dates in qmail/current and other log files?

Apply these examples to the required log file to get output in date format

To show everything
grep "" /var/log/qmail/current | tai64nlocal

To show only selected occurrences
grep "hello" /var/log/qmail/current | tai64nlocal

Stefan Braunstein