SME Server:Documentation:Technical Manual:Booklet

From SME Server

Jump to: navigation, search
Languages: 

English  • Deutsch


Contents

Finding Answers

Ideally most of the information you need to run and configure your server will be in the manual If something you need isn't, work your way down the resources that follow. If it's appropriate, you can add the material to the wiki, if unsure ask.

Manuals

The Manuals for the User, Administrator and Developer.

Bug Tracker

Find, report and fix bugs here http://bugs.contribs.org

You don't have to be a programmer to help or use the bug tracker. Bugs also include fixing things and making suggestions on documentation, translations and the SME Server web sites.

Refer to Bugzilla Help for helping with bug fixing and verification.

Forums

http://forums.contribs.org

There is an enormous amount of information here, a search can often find just the answer you are after. You can also find outdated, misinformed or wrong information.

The aim should be to transfer valuable information into the Manual or a Howto (with a link in the Howto List)

If you can't find the information you are after then post to the forum. If applicable, please document your answer in the wiki so it becomes a definitive answer and not just another hit on a search.

How To's

HowTo's are documents to solve a particular problem There is a list of HowTos here

Frequently Asked Questions

The Frequently Asked Questions page is to be used to document problems that cannot or will not be fixed through development of SME7. If a problem is fixed it should be moved into the Manual or a Howto.


Email Lists

There are a number of lists available to join at http://lists.contribs.org/mailman/listinfo

List descriptions and email archives are available here.


Languages: 

English  • Deutsch


What skills are necessary?

Any skill is useful for the SME Server project.

If you are a developer of any kind, we will find something for you to do. Even if you think that you have no Linux skills you can still help. You can tell us if and how you understand the wiki pages, or more precisely, we would like to know what pages you don't understand. Thanks to the insights of new users we can continuously enhance readability of the wiki. Visit Communicate to learn how to contact us.

If, on a top of that, you can write, you are invaluable. We need a lot of articles. There are thousands of Linux programs around, and more are released every day. In addition, new versions of existing applications are released. There is need for a lot of hands to write about them and to keep reviews current.

Documentation -Review or Write Documentation, Manuals, and Articles

Documentation for SME Server was inherited from the prior distribution maintainers, e-smith and mitel. Their work gave SME a great base to work from.

The current developers have continued to improve the SME Server software and to reflect these improvements the Documentation has to develop too. These wiki-based manuals have been put in place to allow anyone to update or add new sections where they see fit.

The core manuals have been protected for stability, but anyone can request access to add and update howto and contrib pages to the wiki. If you've got instructions, solutions to common problems, neat tips and tricks, or just a good way to explain something, we'd love to hear from you.

Bug and New Feature Verification

You can help improve SME Server by finding and reporting bugs. This helps us to make our software as reliable as possible.

Our bug tracking system, Bugzilla, is used for all SME Server Linux products. If you have never written a bug report, please refer to Bugzilla Help to learn what kinds of information make the report most useful.

Your role in that is to report possible bugs only via the bug tracker, and to encourage others to do the same. Refer again to Bugzilla Help for helping with bug fixing and verification, the best way to learn is to fix other peoples' problems.

Programming -Develop Patches and Packages

The most obvious way, for programmers, to participate in the development of SME Server is to post a patch as a suggested solution to an existing bug in Bugzilla. Each package has a maintainer, who will contact you to discuss your proposed solution. You may want to join our development mailing lists before you start coding in order to discuss your plans and coordinate with other developers.

For more information about getting source code and building your own packages, read the SME Server:Documentation:Developers Manual.

If you would like to build your own applications on SME Server, read the SME Server:Documentation:Developers Manual to learn how to package your own software.

Maintaining existing Languages

A new system translation interface has been installed to facilitate translations of SME Server core packages as well as SME Server contribs, for more information have a look at the Translations page.

Donations & Funding Work

Donate and help smeserver.org pay it's bills, pay a developer to add a feature you would like, email a developer directly with your request or open a bug with your proposal.

Be part of the Wiki Team

This page is built with MediaWiki. The concept of a Wiki is that anybody may add and modify content. On Help:Contents, find a quick tutorial if you're unfamiliar with Wikis.

As long as you edit anything on the wiki you are de facto member of the Wiki Team.

To make edits, you need to log in to the wiki. In order to do this, you will need to open an account. The information that SME Server requires for opening an account is very limited and easy to do.

After you log in, you will see a toolbar at the top of the page that is always available. There is a link in the toolbar that is labeled with your username. This takes you to your "personal page". Use this page to introduce yourself and don't be shy. Write a word or two about your interests, especially those related to SME Server and Linux. If nothing else, tell us how you learned about SME Server.

Help Other Users

There is an active community in the forum that help all levels of SME Server users. Please have a look at the forum for an overview: http://forums.contribs.org

Suggest New Features or Software

Visit the New Feature Request (NFR) page in the bug tracker and add your suggestion.

Only software with an OSI-compliant open-source license will be added to the SME Server project.

Database variables

SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME Server Developer's Guide to understand the template and database process.

These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted.

For example, suppose you need to increase "memory-limit" in php.

You would simply execute these commands at the server console: 

db configuration setprop php MemoryLimit 64M
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

The first line changes the value for the memory limit of PHP, the second line regenerates the configuration file and the last line will reload Apache (and subsequently also PHP as this is configured as a module of Apache).

Warning:
Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a typo.

The database system is based on a flat file system, but you should never edit them directly. Instead you should use the db command. More details on using the database system can be found in the SME Server Developer's Guide.


Setting db variables to default values

Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows: 

config delprop key prop
/etc/e-smith/events/actions/initialize-default-databases


Concept of the signal-event command

Thanks for the developers work, you can simplify more the commands using the signal-event proccess.

Again, for more details see SME Server Developer's Guide


Overview of database variables

The next section describes the standard variables defined on SME Server. Please update this list with new standard variables in future SME Server versions.

The tables below have three columns. The first is the variable, the second is the target variable (located in the final configuration file), and the third is the default value.

A lot of the variables can be set using the server-manager but some can not. For example the variable DomainMaster for samba is not important here, because this can be set through server-manager. On the other hand, the variable RecycleBin is important, because it is not accessible through the server-manager.

Configuration files may use database values from a single configuration key, or may use multiple keys. The latter is the case for the /etc/rc.d/init.d/masq configuration file. This file takes it values from multiple database keys such as squid and masq.

It is also possible that multiple configuration files use the same key. An example of this is the httpd-admin key. This key has a variable TCPPort which is used in multiple files (/etc/httpd/admin-conf/httpd.conf and /etc/services).


AppleTalk (atalk)

Usage 

db configuration setprop atalk variable value
signal-event workgroup-update
Affected file: /etc/atalk/netatalk.conf
Variable Target Default
MaxClients AFPD_MAX_CLIENTS 20


Console Mode

Usage - Choose either login or auto DB variable. 

config set ConsoleMode login
signal-event post-upgrade
signal-event reboot
Variable Target Default
ConsoleMode Console Setting login


Clam AntiVirus (clamav)

Usage 

db configuration setprop clamav variable value
signal-event clamav-update
Affected file: /etc/clamd.conf
Variable Target Default
ArchiveBlockEncrypted ArchiveBlockEncrypted no
ArchiveBlockMax ArchiveBlockMax no
ArchiveMaxCompressionRatio ArchiveMaxCompressionRatio 300
ArchiveMaxFiles ArchiveMaxFiles 1500
ArchiveMaxFileSize ArchiveMaxFileSize 15M
ArchiveMaxRecursion ArchiveMaxRecursion 8
Debug Debug no
DetectBrokenExecutables DetectBrokenExecutables no
IdleTimeout IdleTimeout 60
LeaveTemporaryFiles LeaveTemporaryFiles no
LogClean LogClean yes
LogTime LogTime yes
LogVerbose LogVerbose yes
MaxConnectionQueueLength MaxConnectionQueueLength 30
MaxDirectoryRecursion MaxDirectoryRecursion 20
MaxThreads MaxThreads 20
ReadTimeout ReadTimeout 300
ScanArchive ScanArchive yes
ScanHTML ScanHTML yes
ScanMail ScanMail yes
ScanOLE2 ScanOLE2 yes
ScanPE ScanPE yes
SelfCheck SelfCheck 1800
StreamMaxLength StreamMaxLength 25M


Affected file: /etc/freshclam.conf
Variable Target Default
Checks Checks 24
DatabaseMirror DatabaseMirror db.local.clamav.net
DNSDatabaseInfo DNSDatabaseInfo current.cvd.clamav.net
LogVerbose LogVerbose yes
MaxAttempts MaxAttempts 6


Affected file: /var/service/clamd/env/MEMLIMIT
Variable Target Default
MemLimit MEMLIMIT 80000000

DHCP daemon (dhcpd)

Usage 

db configuration setprop dhcpd variable value
signal-event remoteaccess-update
Affected file: /etc/dhcpd.conf
Variable Target Default
Bootp bootp deny


DNS Cache Forwarder (dnscache.forwarder)

Usage 

db configuration setprop dnscache variable value
signal-event dns-update
Affected file: /var/service/dnscache.forwarder/config
Variable Target Default
CacheSize CACHESIZE 1000000
DataLimit DATALIMIT 3000000


FlexBackup

Usage 

db configuration setprop flexbackup variable value
signal-event conf-backup
Affected file: /etc/flexbackup.conf
Variable Target Default
Blocksize $blksize 32
TapeBlocksize $mt_blksize 0
BufferProg $buffer buffer
BufferMegs $buffer_megs 20
erase_rewind_only $erase_rewind_only false
Type $type tar


Horde (webmail)

Usage 

db configuration setprop horde variable value

expand-template /home/httpd/html/horde/conf.menu.aps.php
Affected file: /home/httpd/html/horde/conf.menu.aps.php
Variable Target Default
MenuArray MenuArray enabled 


expand-template /home/httpd/html/horde/config/conf.php
Affected file: /home/httpd/html/horde/config/conf.php
Variable Target Default
Administration Administration disabled 


expand-template /home/httpd/html/horde/turba/config/sources.php
Affected file: /home/httpd/html/horde/turba/config/sources.php
Variable Target Default
freebusy freebusy disabled
SharedAddressBooks SharedAddressBooks disabled


Apache server ibay specific (httpd-e-smith)

Usage 

db accounts setprop ibayname variable value
signal-event ibay-modify ibayname
Affected file: /etc/httpd/conf/httpd.conf
Variable Target Default
AllowOverride AllowOverride None
FollowSymLinks FollowSymLinks disabled
Indexes Indexes enabled
PHPRegisterGlobals register_globals disabled
PHPBaseDir open_basedir /home/e-smith/files/ibays/ibayname

Apache server-manager (httpd-admin)

Usage 

db configuration setprop httpd-admin variable value
signal-event remoteaccess-update
Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services
Variable Target Default
TCPPort TCPPort 980


IMAP (imap)

Usage 

db configuration setprop imap variable value
signal-event email-update
Affected file: /var/service/imap/config
Variable Target Default
ConcurrencyLimit INSTANCES 2000
ConcurrencyLimitPerIP INSTANCES_PER_IP 12
ProcessMemoryLimit ulimitdata 128000000


IMAPS (imaps)

Usage 

db configuration setprop imaps variable value
signal-event email-update
Affected file: /var/service/imaps/config
Variable Target Default
ConcurrencyLimit INSTANCES 2000
ConcurrencyLimitPerIP INSTANCES_PER_IP 12
ProcessMemoryLimit ulimitdata 128000000


IPTables firewall (masq)

Usage 

db configuration setprop masq variable value
signal-event remoteaccess-update
Affected file: /etc/rc.d/init.d/masq
Variable Target Default
Logging Logging most
Stealth Stealth no


Tip:
Special case is TCPPort and UDPPort from any DB key.

Any Db key named "TCPPort" or "UDPPort" affect masq file.

Currently the following keys are included in masq:

TCPPort:

httpd-admin - sshd - smtpd - ssmtpd


Additional information on customizing iptables

Create a custom-named service definition in the configuration database. 

db configuration set <servicename> service

Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules. 

db configuration setprop <servicename> TCPPort <portnumber>
db configuration setprop <servicename> TCPPorts <portnumbers>
db configuration setprop <servicename> UDPPort <portnumber>
db configuration setprop <servicename> UDPPorts <portnumbers>
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24

Effectuate the changes you have made 

signal-event remoteaccess-update


Affected file: /etc/rc.d/init.d/masq
Variable Target Default
TCPPort --proto tcp --dport <Ports> Pre-configured for default services; no default for custom services
TCPPorts --proto tcp --dports <Ports> No default for custom services; Ranges of ports are defined with a : not a -
UDPPort --proto udp --dport <Ports> Pre-configured for default services; no default for custom services
UDPPorts --proto udp --dports <Ports> No default for custom services; Ranges of ports are defined with a : not a -
status disabled AllowHosts is set to "" (an empty string) unless the status is 'enabled'
access private AllowHosts is set to "" (an empty string) unless access is 'public'
AllowHosts --src ..... --jump ACCEPT Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is enabled and public.
DenyHosts --src ..... --jump denylog Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.

SpamAssasin

Usage 

db configuration setprop spamassassin variable value
signal-event email-update
Affected file: /etc/mail/spamassassin/local.cf
Variable Target Default
DNSAvailable dns_available yes
OkLanguages ok_languages all
OkLocales ok_locales all
ReportSafe report_safe 0
Subject rewrite_header Subject [SPAM]
SkipRBLChecks skip_rbl_checks 0
TrustedNetworks trusted_networks 127.
UseAutoWhitelist use_auto_whitelist 0
UseBayes use_bayes 0
Sensitivity required_hits medium


MySQL (mysqld)

Usage 

db configuration setprop mysqld variable value
expand-template /etc/my.cnf
/etc/rc.d/init.d/mysqld restart
Affected file: /etc/my.cnf
Variable Target Default
InnoDB InnoDB disabled
LocalNetworkingOnly LocalNetworkingOnly yes


Network Time Protocol (ntpd)

Usage 

db configuration setprop ntpd variable value
signal-event timeserver-update
Affected file: /var/service/ntpd/env/MEMLIMIT
Variable Target Default
MemLimit MEMLIMIT 12000000


Affected file: /etc/ntp/step-tickers and /etc/ntp.conf
Variable Target Default
NTPServer server pool.ntp.org
SyncToHWClockSupported SyncToHWClockSupported yes


Php

Usage 

db configuration setprop php variable value
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart
Affected file: /etc/php.ini
Variable Target Default
MaxExecutionTime max_execution_time 30
MemoryLimit memory_limit 32M
PostMaxSize post_max_size 20M
UploadMaxFilesize upload_max_filesize 10M
AllowUrlFopen allow_url_fopen Off

Don't forget "M" unit because you get a lot of httpd errors and apache can't start!


Virtual Private Network (VPN) (pptpd)

Usage 

db configuration setprop pptpd variable value
signal-event remoteaccess-update
Affected file: /etc/ppp/options.pptpd
Variable Target Default
debug debug no
Passive passive enabled


Affected file: /etc/pptpd.conf
Variable Target Default
debug debug no


Pro FTP (proftpd)

Usage 

db configuration setprop ftp variable value
signal-event remoteaccess-update
Affected file: /etc/proftpd.conf
Variable Target Default
DisableAnonymous DisableAnonymous no


Samba global settings (smbd)

Usage 

db configuration setprop smb variable value
signal-event ibay-modify
Affected file: /etc/samba/smb.conf
Variable Target Default
RecycleBin recycle disabled
ShadowCopy shadow_copy disabled
DeadTime deadtime 10080
DisplayCharSet display charset ISO8859-1
DosCharSet dos charset 850
LogonDrive logon drive Z
OpLocks oplocks enabled
OsLevel os level 65
ServerString server string SME Server
SMBPorts smb ports 139
UnixCharSet unix charset UTF8
UseClientDriver use client driver yes


Samba per i-bay settings (smbd)

Usage 

db accounts setprop ibay_name variable value
signal-event ibay-modify
Affected file: /etc/samba/smb.conf
Variable Target Default
Browesable browseable enabled
OpLocks oplocks enabled
RecycleBin recycle disabled
VetoOplockFiles veto oplock files (not set)

Squid Proxy (squid)

Usage 

db configuration setprop squid variable value
signal-event proxy-update
Affected file: /etc/squid/squid.conf
Variable Target Default
SafePorts acl Safe_ports port 80
EnforceSafePorts EnforceSafePorts no


Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq
Variable Target Default
Transparent Transparent yes


Affected file: /etc/rc.d/init.d/masq
Variable Target Default
TransparentPort TransparentPort 3128


Alternate Usage for Configuration of an Up-Stream Proxy Server 

db configuration set squid-parent-variable value
signal-event proxy-update
Affected file: /etc/squid/squid.conf
squid-parent-variable Target Default
SquidParent name-or-ip-of-upstream-proxy-server (none)
SquidParentPort port-number-used-by-upstream-proxy-server (none)
(un-do using 'db configuration delete SquidParent', 'signal-event proxy-update')


SSH (sshd)

Usage 

db configuration setprop sshd variable value
signal-event remoteaccess-update
Affected file: /etc/ssh/sshd_config
Variable Target Default
TCPPort Port 22
Protocol Protocol 2
UsePAM UsePAM no
MaxAuthTries MaxAuthTries 2
MaxStartups MaxStartups 10:30:60
PasswordAuthentication PasswordAuthentication no
PermitRootLogin PermitRootLogin no
AllowHosts AllowHosts IP address(es) list


Note:
Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu.

To configure AllowHosts: IP address(es) list is a single IP or a comma separated list of IP addresses and/or netmasks (e.g. 16.17.18.19,203.14.64.0/24). Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.


smtpd

Usage 

config setprop smtpd variable value
signal-event email-update
Affected file: /var/service/qpsmtpd/runenv
Variable Target Default
Instances Total smtp Instances 40
InstancesPerIP smtp-Instances-Per-IP 5


yum

Usage 

config setprop yum variable value
signal-event yum-modify
Affected file: /etc/yum.conf
Variable Target Default
AutoInstallUpdates Install updates automatically? disabled
EnableGroups Enable Groups 0
GPGCheck Check GPG signature for repositories 0
PackageFunctions Display individual packages in 'Software Installer' disabled
RandomDelay Random Delay 120
status Yum's status enabled
RestrictRepo Repo names whose contents should be excluded from 'Available Packages' in the 'Software Installer' none
RestrictRPM All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' none

See also 'db yum_repositories'


Miscellaneous Other DB Variables

Note:
This is meant to be an easy place to add db variable information if you don't have time to put it into the correct section(s) above. You can find most of the template fragments affected by a given db variable if you execute: 
cd /etc/e-smith
fgrep -lR variable templ*/* | less

where variable is the name of the variable using correct capitalization

Note that any command listed here is to be executed on one line!


Command service(s) config file(s) notes
db domains setprop test.com MailServer a.b.c.d qpsmtpd; qmail; fetchmail /var/service/qpsmtpd/config/goodrcptto; /var/service/qpsmtpd/config/peers/local; /var/service/qpsmtpd/config/peers/0; /var/service/qpsmtpd/plugins; /var/service/qmail/control/virtualdomains; /var/service/qmail/control/smtproutes; /etc/fetchmail Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message.
config set SquidParent <hostname or IP> squid, diald /etc/diald.filter, /etc/squid/squid.conf Configure squid to peform all web downloads from the specified upstream proxy server
config set SquidParentPort <portnumber> squid /etc/squid/squid.conf Connect to the upstream proxy server using <portnumber>. Defaults to 3128 if 'SquidParentPort' is unspecified. Ignored if SquidParent is not set.
config delete SquidParent squid, diald /etc/squid/squid.conf, /etc/diald.filter Return squid to normal operation (no upstream proxy server)
db accounts setprop username Visible internal ; signal-event email-update n/a n/a Make an email address invisible from outside? (see http://forums.contribs.org/index.php?topic=36302.0)
db accounts setprop pseudonym Visible internal ; signal-event email-update n/a n/a Make an pseudonym email address invisible from outside
db <database> delprop key property ; /etc/e-smith/events/actions/initialize-default-databases various various Restore the developers' default value for property
db <database> delete key ; /etc/e-smith/events/actions/initialize-default-databases various various Restore the developers' default value for each property belonging to the key key
command service(s) config file(s) notes. Copy this block when adding new entries to this table.


Languages: 

English  • Deutsch


Chapter 4. Software Configuration

Information for software that comes with the SME Server but may require additional configuration

Languages: 

English  • Deutsch


Introduction

The primary goal of the Network UPS Tools (NUT) project is to provide reliable monitoring of UPS hardware and ensure safe shutdowns of the systems which are connected.

The default configuration of NUT, will keep your connected systems operational until a critical battery state is reached (ie battery is nearing exhaustion) and then power down your server/equipment in a controlled fashion. See http://www.networkupstools.org/

Default Configuration (USB)

Most USB connected UPS's will work with the default settings. If using a USB connection just enable nut as follows: 

config setprop nut status enabled
signal-event post-upgrade
signal-event reboot

If your USB UPS does not work properly OR you have a serial device then follow the Configuration Options below.

Configuration Options

Not all UPS's are supported by USB or the newhidups driver. However NUT supports many UPS's and can be configured under SME Server easily.

Serial Connection

  1. Find the configuration details for your model of UPS. Refer to: http://www.networkupstools.org/compat/stable.html and make note of the driver name and upstype number (if any) in the third column.
    Warning:
    Always use the serial cable supplied with the UPS. Standard serial cables won't work with a serial UPS and have been known to cause damage to the UPS. Pay particular attention to any references to cable in in the UPS Model column.
  2. From the consol issue the following commands: 
    config setprop nut Model <model> 
config setprop nut Device <device>
config setprop nut Type <type>
config setprop nut status enabled

    Where:
    <model> and <type> are the driver name and type number found above.
    <device> is the serial port that the UPS is connected to eg. /dev/ttyS0. It also possible to use a more readable symlink. See HowTo on udev - symlinks for details.

    Note: The case of Model, Device and Type.

  3. Check: 
    config show nut
  4. Apply changes and restart server: 
    signal-event post-upgrade
signal-event reboot

    Alternatively, without NUT running or requiring a server reboot: 

    expand-template /etc/sysconfig/ups
expand-template /etc/ups/*
/etc/rc7.d/S38nut start
  5. Confirm server is communicating with UPS: 
    upsc UPS@localhost

    Whenever a UPS event occurs Emails are sent to the admin account.

Configuring as a slave

Set configuration values: 

config setprop nut SlaveUPS UPS@192.168.33.11
config setprop nut Master no

Where 192.168.33.11 is your UPS master, that is the computer that is in direct communication with the UPS. The hostname of that computer may also work.

Apply changes and restart server: 

signal-event post-upgrade
signal-event reboot

Confirm server is communicating with master: 

upsc UPS@192.168.33.11

Conecting multiple UPS's

To be added http://bugs.contribs.org/show_bug.cgi?id=629

Aditional Information

There are template fragments in /etc/e-smith/templates/etc/ups that control the config files located in /etc/ups. The default settings should be OK for most situations.

For information on configuration parameters: 

man ups.conf
man upsd.conf
man upsd.users
man upsmon.conf
man upssched.conf

For general information: 

man upsd
man nutupsdrv
Languages: 

English  • Deutsch


MySQL Database

SME Server runs MySQL as a database server. A lot of applications require a MySQL database, among them is the Horde webmail interface which is supplied by SME Server by default.

General

The SME Server is based on CentOS, the development team will take their stock RPM's from the CentOS releases. The current version of MySQL installed on SME Server is version 4.1.20.

You can upgrade MySQL to a higher version but you are advised not to do so, as this might break your SME Server configuration. The Horde webmail interface relies on MySQL. Upgrading to version 5.x is known to break stuff like webmail. If you insist on upgrading MySQL you may be able to find instructions in the forum, but be advised that no support can be expected from the developers and all bugs reported in the bugtracker will not be taken into account.

MySQL on SME Server runs on a socket instead of on a port which you might be accustomed to. This is done to improve security as in the view of the development team only the server itself (localhost) needs to have access to the MySQL server. However you can configure MySQL to be accessible from the local network (see below).

MySQL root password

There appears to be no password set for the MySQL root password, but this is not true. If you are logged in to the SME Server shell a special mechanism is in place to log you in with MySQL root privileges without prompting you for the password.

The MySQL root password for SME Server is a 72 character random string generated during installation of SME Server. You should never change the MySQL root password as this will break your SME Server configuration. How to login as MySQL root user? describes how to access MySQL with root privileges on SME Server.

Login as MySQL root user

To login as MySQL root user, simply type 'mysql' at the SME Server shell, this will log you in with root privileges.

Resetting the MySQL root password

To reset the password for the MySQL root account. The MySQL root user on SME Server has a random generated password which is generated during installation. You do not need to know this password to login to MySQL with root privileges on SME Server. If you might have changed the MySQL root password you can reset it like this after getting command line access as root user: 

 cd /var/service/mysqld
 sv d .
 expand-template /root/.my.cnf
 expand-template /var/service/mysqld/set.password
 /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password
 sv u .

Since SME Server 7.3 the runsvctrl command was replaced by the sv command so for SME Server 7.2 and earlier releases use the following: 

 cd /var/service/mysqld
 runsvctrl d .
 expand-template /root/.my.cnf
 expand-template /var/service/mysqld/set.password
 /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < ./set.password
 runsvctrl u .

Restoring accidently deleted MySQL root user

Note: The following is only applicable on SME 7.3 and MySQL 4.1 

 cd /var/service/mysqld
 sv d .
 echo 'use mysql;'>set.rootuser
 echo -n 'INSERT INTO user VALUES("localhost","root","",'>>set.rootuser
 echo '"Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","Y","","","","",0,0,0);'>>set.rootuser
 expand-template /root/.my.cnf
 expand-template /var/service/mysqld/set.password
 /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.rootuser
 /usr/libexec/mysqld --bootstrap --user=mysql --skip-grant-tables < set.password
 sv u .

Access MySQL from the local network

MySQL on SME Server is run on a socket instead of on a port. MySQL on SME Server is by default configured to allow only localhost connections to improve security, this means that it is only accessible from the server itself and not from the local network nor from the internet. If you wish to enable local network access, execute the following commands on a SME Server shell as root: 

 config setprop mysqld LocalNetworkingOnly no
 expand-template /etc/my.cnf
 /etc/rc.d/init.d/mysqld restart

Access MySQL from a remote network

If you wish to enable access to MySQL databases from remote networks, then in addition to the LocalNetworkingOnly db setting mentioned above, you will need to execute the following commands: 

 config set mysqld service access public status enabled TCPPort 3306 
 signal-event remoteaccess-update 
 signal-event reboot

Keep in mind this enables access to your MySQL database for ANYONE, so make sure you have strong passwords on ALL your MySQL databases. Alternatively it would be a more secure approach to require external (remote) users to establish a VPN connection and effectively become part of the local network. In that case do not change the mysql access to public status using the above command.

Administration

Information about user managament can be found in the MySQL User Account Management section of the MySQL manual, which holds a lot of useful information, a small section is listed here for convenience.

Create a new database

  • See the developers guide if you wish to automate the creation of a database within an rpm

or

  • Get access to the SME Server shell and issue the following commands: 
 mysqladmin createdatabase 'name'

This will create an empty database called name.

Warning:
The 'root' user should not be permitted to access the database except from localhost. Each application should have its own database and its own user to access that database.

Creating MySQL user(s)

Decide which permissions you will have to give to the user on what database. Details about this can be found in the MySQL Manual found at the MySQL site. Get access to the SME Server shell and issue the following commands to login to the MySQL server: 

 mysql

Suppose we want to create a user which has read-only access on all tables in the database called 'test': 

GRANT SELECT ON test.* TO 'user'@'host' IDENTIFIED BY 'password';

In the above line you will have to fill in the user and the host and/or domain from which you will allow the user access to the SME Server MySQL server (don't forget the single quotes). More information can be found in the MySQL Server Manual at the MySQL website linked here.

Listing available databases

To view a list of available databases on the system you can issue the following command while logged in in MySQL: 

show databases;

Remove a database

Get access to the SME Server shell and MySQL and issue the following command: 

drop database databasename;

Replace databasename with the name of the database.

Remove a user

Get access to the SME Server shell and MySQL and issue the following command: 

DELETE FROM user WHERE user = 'username';
FLUSH PRIVILEGES;

Replace username with the username you wish to delete.

Tip:
mysql_setpermission is a command line menu driven utility that can assist in MySQL administration.


Email

Spam

Spamassassin

Set spamassassin for automatically delete junkmail. You can change the "days" that spamassassin sets to automatically delete junkmail, to delete after two months 

db configuration setprop spamassassin MessageRetentionTime 60  
signal-event email-update


The "Custom spam rejection level" will only work when "Spam sensitivity" is set to custom.

  1. Open server-manager.
  2. Click e-mail in the navigation pane (left-hand side).
  3. Click Change e-mail filtering settings.
  4. Change "Spam sensitivity" to custom and adjust the settings to your liking.

This happens because by default, no mail (except for viruses) gets rejected without the admin doing something first.

X-Spam-Level Header in Email Messages

SME does not create an X-Spam-Level header in processed email messages by default.

To enable this capability: 

/usr/bin/yum install --enablerepo=smecontribs smeserver-qpsmtpd-spamassassinlevelstars
signal-event email-update

(Based on Bugzilla:3505)

Custom Rule Scores

You can customize the score assigned by a specific Spamassassin rule (SARE_ADULT2 in this case) as follows: 

mkdir -p /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf
cd /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf
echo "score SARE_ADULT2 20.000" >> 20localscores
signal-event email-update

You can now add additional tests and custom scores by editing the newly-created template fragment 20localscores and adding new custom scores using: 

pico -w /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/20localscores
signal-event email-update

Each custom score goes on its own line. If you enter a score surrounded by parentheses, the "custom" score will be added to the default score for the specified test (use score TEST_NAME (-1) to reduce the score for 'TEST_NAME' by 1)

You can remove these customizations using: 

rm -f /etc/e-smith/templates-custom/etc/mail/spamassassin/local.cf/20localscores
signal-event email-update

References:

Real-time Blackhole List (RBL)

Enabling RBL's
RBL's are disabled by default to allow maximum accommodation (your ISP may be on a RBL & you may not know it). You can enable RBL's by: 

config setprop qpsmtpd DNSBL enabled RHSBL enabled
signal-event email-update

You can see your RBL's by: 

config show qpsmtpd

You can add to your RBL's by: 

config setprop qpsmtpd RBLList <rbl-list-name>
signal-event email-update

Many will argue what's best but most would agree that you can set best-practice recommended settings by: 

config setprop qpsmtpd RBLList zen.spamhaus.org:whois.rfc-ignorant.org:dnsbl.njabl.org
signal-event email-update

Note: More information on this topic can be found here: [1] [2]

Server Only

Some of the spam filter rules cannot work unless the SMESERVER knows the external IP of the box. If you put a SMESERVER in server-only mode behind other firewalls, it will lose some of the anti-spam rules. For example, the rule that blocks attempts where spammers try "HELO a.b.c.d" where a.b.c.d is your external IP address.

Unfortunately, many admins believe that port-forwarding SMTP provides additional security. It doesn't, it limits the SMESERVER's ability to apply some rules.


I want to enable GreyListing

GreyListing support is under the covers and can easily be enabled for those who know what they are doing. However, many experienced users found that they spent more time looking after the greylisting configuration than they received in benefit.

Setup Blacklists & Bayesian Autolearning

(Much of what follows has been shamelessly copied from the Sonoracomm howto)

The default SME settings (as you can see here) do not include DNSBL filtering, spam rejection, or (which is not obvious from the above) bayesian filtering in spamassassin to allow spamassassin to learn from received email and improve over time.

The following command will enable the default blacklists, enable the bayesian learning filter and set thresholds for the bayesian filter. 

config setprop spamassassin UseBayes 1
config setprop spamassassin BayesAutoLearnThresholdSpam 4.00
config setprop spamassassin BayesAutoLearnThresholdNonspam 0.10
expand-template /etc/mail/spamassassin/local.cf
sa-learn --sync --dbpath /var/spool/spamd/.spamassassin -u spamd
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes_*
chown spamd.spamd /var/spool/spamd/.spamassassin/bayes.mutex
chmod 640 /var/spool/spamd/.spamassassin/bayes_* 
config setprop qpsmtpd DNSBL enabled
config setprop qpsmtpd RHSBL enabled
config setprop spamassassin status enabled
config setprop spamassassin RejectLevel 12
config setprop spamassassin TagLevel 4
config setprop spamassassin Sensitivity custom
signal-event email-update

These commands will:

  • enable spamassassin
  • configure spamassassin to reject any email with a score above 12
  • tag spam scored between 4 and 12 in the email header
  • enable bayesian filter
  • 'autolearn' as SPAM any email with a score above 4.00
  • 'autolearn' as HAM any email with a score below 0.10
  • enable RHSBL using the default SBLList. Note that rhsbl checking has been known to place a heavy burden on SME servers.
  • enable DNSBL using the default RBLList

The Sonora Communications "Spam Filter Configuration for SME 7" howto

http://www.sonoracomm.com/support/19-inet-support/49-spam-filter-configuration-for-sme-7

Email Clients

"concurrency limit reached" when using IMAP

Sometime shows as Thunderbird giving this error message, This Mail-server is not a imap4 mail-server

To workaround thunderbirds limitations change, this thunderbird setting to false

  • Preferences, Advanced, Config editor (aka about:config): filter on tls.
  • set security.enable_tls to false

You can also increase the ConcurrencyLimitPerIP and/or ConcurrencyLimit value for imap and/or imaps (secure) 

config setprop imap ConcurrencyLimitPerIP 20
config setprop imaps ConcurrencyLimitPerIP 20
signal-event post-upgrade; signal-event reboot

check 

config show imap
tail -f /var/log/imap/current | tai64nlocal

More detail can be found here.

Mail server is not an IMAP4 mail server

This is a bug in Thunderbird, the previous tips may help

The Bat

The gives this error message, but they are wrong.
"This server uses TLS v3.0 which is considered to be obsolete and insecure. The server must use TLS v3.1 or above."


Outlook/Outlook Express give error 10060/0x800CCC90

Most likely OUTLOOK (EXPRESS) isn't configured correctly. 

-open OUTLOOK
-click TOOLS > ACCOUNTS
-click CHANGE (on the right-hand side)
-find INCOMING MAIL SERVER & OUTGOING MAIL SERVER (on right-hand side)
-type: mail.yourdomain.tld (in both places)
-click MORE SETTINGS (on bottom-right)
-click OUTGOING SERVER tab (at the top)
-checkmark "MY OUTGOING SERVER REQUIRES AUTHENTICATION"
-bullet "USE SAME SETTINGS AS INCOMING MAIL SERVER"
-click ADVANCED tab (at the top)
-find OUTGOING SERVER
-checkmark "THIS SERVER REQUIRES A SECURE CONNECTION" (under outgoing server)
-change 25 to 465
-[possibly required, secure IMAP is 993]
-click OK > NEXT > FINISHED
-you're finished, your email should work now

Outlook test message doesn't come through

You clicked the TEST ACCOUNT SETTINGS in OUTLOOK didn't you? This is a bug in OUTLOOK. The test message sends a test email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected. To test, send an actual message from OUTLOOK.

If you want, you can try THUNDERBIRD. It's like OUTLOOK but made by a different company. It's completely free and works very well at home and at the office.

I can't receive/send email from my application (ACT!, vTiger, MS Outlook, etc)

Most likely, this is a bug the application you're using and not a problem with the SMESERVER. The application sends an email with 'no Date header'. As the name suggests, this means a message without any date. Since the server doesn't accept mail with 'no Date header' (because it's required) the message is rejected.

As a workaround you can disable the check for the 'Date header'. To disable this check on the internal interface: 

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
echo "# 17check_basicheaders disabled by custom template" > \
17check_basicheaders
signal-event email-update

To disable this check for the external interface: 

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/0
echo "# 17check_basicheaders disabled by custom template" > \
17check_basicheaders
signal-event email-update

After I upgrade my SME Server, my email folders have disappeared when using IMAP

After upgrade, if there are missing IMAP folders, the client may need to re-subscribe to folders. This may affect either webmail users or users who use an IMAP email client.

Entourage: Using SME's Self-Signed Certificate for SSL Connections from Entourage on OS X 10.4

The main problem here is that Microsoft has decided that Entourage will only support trusted, PEM Base-64 Encoded certificates. To use IMAPS or SMTPS from Entourage with your SME server, you will need to: 

1. Login to your Mac as a user with administrative privileges

2. Open Safari and browse to https://smeserver/server-manager.  
   When you receive the warning about your certificate:
   - click on "Show Certificate"
   - click and drag the gold-rimmed image of a certificate to your desktop.  
   You will now have myserver.mydomain.tld.cer on your desktop.

3. Locate and open the Microsoft Cert Manager
   - "Import" the certificate you downloaded in step 2.

4. Highlight the imported certificate and "Export" it. 
   - Select the "PEM..." format
   - add "pem." to the beginning of the filename
   - export it to your Desktop

5. Double-click on the new pem.myserver.mydomain.tld.cer  
   - Apple's Keychain Access application will open.
   - Select the X509Anchors Keychain and click "OK"

6. While still in Apple's Keychain Access, select the "Certificates" category
   - Drag pem.myserver.mydomain.tld.cer into the certificates window.

You should now be able to connect to your SME from your Entourage using IMAPS.

If you are accessing your SME server using a different name than the one encoded in the certificate you will still receive a security warning from Entourage, but "OK" will now grant access to your folders.

Notes:

  • Procedure mostly taken from http://www.kerio.com/manual/kmsug/en/ch09s06.html
  • I still get various other IMAP errors due, I suspect, to the "concurrency limit reached" issue.
  • Click on "Show Keychains" in Apple's "Keychain Access" if you need to delete a certificate and try again.

How do I get my e-mail to show the correct From Address

The From address on an e-mail is not supplied by the server. It is supplied by the e-mail client.

  • Configure your Account in your e-mail client with the correct FROM address.
  • You can change the FROM address in webmail with the following:
    • Login to webmail as the user, go to options-personal information and change the identity to have the correct FROM address. You can have multiple identities with a single user.

Server Settings

Double bounce messages

To stop admin receiving double bounce messages 

config setprop qmail DoubleBounceTo someoneuser
signal-event email-update

Or just delete them. You risk losing legitimate double bounces (which are rare, but you want to look at them when they do occur) 

config setprop qmail DoubleBounceTo devnull
signal-event email-update

see a longer explaination here

Keep a copy of all emails

You may need to keep a copy of all emails sent to or from your email server. This may be for legal, or other reasons.

The following instructions will create a new user account (maillog) and forward every email that goes through your SME server to it.

First, log onto the server-manager and create the user maillog

Go to the SME Command Line (logon as root) and issue the following commands: 

config setprop qpsmtpd Bcc enabled
signal-event email-update

Optionally make the forwarding of the emails invisible to the end user. Without it, there will be an X-Copied-To: header in each email. Run this command before the signal-event 

config setprop qpsmtpd BccMode bcc

If you want to view the emails, point your email client at the SME and log on as maillog.

Set max email size

There are several components involved in sending email on a SME server. Each component has a size limit that may affect an email message that passes through the server.

Subsystem Function Default Limit Command to change size Notes
qmail Delivers email to local mailboxes and to remote servers 15000000 config setprop qmail MaxMessageSize xx000000 Value is in BYTES. 15000000 equals approximately 15MB
clamav Used to scan emails and attachments 15M config setprop clamav MaxFileSize 15M value includes human-readable abbreviations. "15M" equlas 15 MegaBytes.
qpsmtpd The clamav plugin to qpsmtpd is called with a specified size limit. 25000000 config setprop qpsmtpd MaxScannerSize xx000000 Value is in BYTES.
Question: does this value override the setting of 'MaxFileSize', or will the smaller value prevail?
php The php maximum file upload size will determine the largest file you can attach to an email message using horde (or any other php email client) 10M config setprop php UploadMaxFilesize 10M

A note about clamav:
ClamAV includes settings to prevent the scanning of archives that could cause problems if fully expanded; if an attachment cannot be scanned, it will be rejected.

These attributes could result in the rejection of a compressed attachment on a SME server:

  • ArchiveMaxCompressionRatio (default 300)
  • MaxFiles (default 1500)
  • MaxRecursion (default 8)

Add the admin user as an administrator for Horde

config setprop horde Administration enabled 
signal-event email-update

Large attachments not displaying in webmail

Due to limits set in the PHP configuration it might be that webmail will not display large attachments (see also bugzilla:3990). The following entries are related to the error and can be found in the log files:

/var/log/messages 

Mar 13 00:00:12 box1 httpd: PHP Fatal error:  Allowed memory size of 33554432 bytes exhausted (tried to allocate 154 bytes) in /home/httpd/html/horde/imp/lib/MIME/Contents.php on line 173

/var/log/httpd/error_log 

Allowed memory size of 33554432 bytes exhausted (tried to allocate 0 bytes)

The default MemoryLimit setting in PHP is set to 32M the value can be changed using the commands below replacing XX with the value you desire.

Note:
You can set the MemoryLimit any value you like but be sure to add the capital M as a suffix for Megabytes. 
db configuration setprop php MemoryLimit XXM
expand-template /etc/php.ini
sv t httpd-e-smith

Disable mail to a user from an external network

Can be either a user, pseudonym or group 

db accounts setprop groupname/username Visible internal
signal-event email-update

I can't receive mail at: user@mail.domain.tld

Add mail.domain.tld as a virtualdomain. 

-login to SERVER-MANAGER
-click DOMAINS (on the left)
-click ADD
-type: mail.domain.tld

How do I find out who is logged into webmail and what IP number.

This is logged is in /var/log/messages.

How do I enable smtp authentication for users on the internal network.

mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cd /etc/e-smith/templates-custom/var/service/qpsmtpd/config/peers/local
cp /etc/e-smith/templates/var/service/qpsmtpd/config/peers/0/05auth_cvm_unix_local .
signal-event email-update

(note the "." at the end of the 3rd line)
Authentication for the local network will now follow the setting of config::qpsmtpd::Authentication

How do I disable SMTP relay for unauthenticated LAN clients

http://forums.contribs.org/index.php?topic=38797.msg176490#msg176490

  • Enable smtp authentication as shown above
  • Disable un-authenticated smtp relay for the local network(s)using: 
mkdir -p /etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients
echo "# SMTP Relay from local network denied by custom template" >\
/etc/e-smith/templates-custom/var/service/qpsmtpd/config/relayclients/80relayFromLocalNetwork
signal-event email-update
  • Configure your email clients to use smtps with authentication:

- change outgoing smtp port to 465 and select SSL
- enable Authentication against the outgoing mail server


Internet provider's port 25 is blocked: How to set an alternative port for the SMTP server

If your provider is blocking smtp port 25 on your internet connection but your hosting provider is offering an alternative port (or when using some relay service) you can simply set this alternative port by adding it to the 'Address of Internet provider's mail server' value in the 'E-mail delivery settings' screen of the server-manager like this: 

<internet providers mail server name or ip-address>:<alternative port>

For example: mail.mydomain.com:587

How do I enable and configure a disclaimer in email messages

A disclaimer message can be added to the footer of all outgoing email messages.

The message can be the same for all domains or it can be different for all domains.

This functionality is part of sme7.2 release so make sure you have upgraded before doing this.

To create a general disclaimer for all domains on your sme server 

config setprop smtpd disclaimer enabled
pico -w /service/qpsmtpd/config/disclaimer

Enter the required disclaimer text

To save & exit 

Ctrl o
Ctrl x

To make the changes take effect 

signal-event email-update


To create domain specific disclaimers, create seperate domain based disclaimer text files

Delete the general (all domains) disclaimer file if you have already created it 

rm  /service/qpsmtpd/config/disclaimer
config setprop smtpd disclaimer enabled
pico -w /service/qpsmtpd/config/disclaimer_domain1.com.au
pico -w /service/qpsmtpd/config/disclaimer_domain2.com
pico -w /service/qpsmtpd/config/disclaimer_domain3.org

Enter the required text in each disclaimer file

To save & exit 

Ctrl o
Ctrl x

After making any changes remember to do 

signal-event email-update


Note if you only wish to have a disclaimer for some domains, then only create a disclaimer text file for those domains


Note also the criteria for when a disclaimer is attached

(see http://bugs.contribs.org/show_bug.cgi?id=2648)

eg a disclaimer is added to internal to external messages but not internal to internal messages.

There are also various switches that can be applied

(see http://bugs.contribs.org/show_bug.cgi?id=2648).


To disable the disclaimer function for all domains on your sme server 

config setprop smtpd disclaimer disabled
signal-event email-update


Email WBL server manager panel

There is a server manager contrib to allow GUI control of email white and black lists.

The panel allows easy configuration of functionality that is built into qmail, qpsmtpd and spamassassin. For more information google for qmail & qpsmtpd, read the spamassassin section in this wiki article and see default qpsmtpd plugin confguration).

Warning:
It is a test release, although it has been in use since Jan 2007 and appears functionaly stable. To install do: 
wget http://mirror.contribs.org/smeserver/contribs/dmay/smeserver/7.x/testing/smeserver-wbl/smeserver-wbl-0.0.1-a8.dmay.noarch.rpm 
rpm -Uvh smeserver-wbl*.rpm

There are two main sections, Reject and Accept, where you can control settings.

Reject - Black lists are used for rejecting e-mail traffic 

 DNSBL status      - DNSBL is an abbreviation for "DNS blacklist". 
                     It is a list of IP addresses known to be spammers.
 RHSBL status      - RHSBL is an abbreviation for "Right Hand Side Blacklist". 
                     It is a list of domain names known to be spammers.
 qpsmtpd badhelo   - Check a HELO message delivered from a connecting host. 
                     Reject any that appear in badhelo during the 'helo' stage.
 qmail badmailfrom - Check envelope sender addresses. 
                     Reject any that appear (@host or user@host) in badmailfrom during the 'mail'           
                     stage.

Accept - White lists are used for accepting e-mail traffic 

 Whitelists status           - White Lists: ACCEPT
 qpsmtpd whitelisthosts      - Any IP address listed in whitelisthosts will be exempted 
                               from any further validation during the 'connect' stage.
 qpsmtpd whitelisthelo       - Any host that issues a HELO matching an entry in whitelisthelo 
                               will be exempted from further validation during the 'helo' stage.
 qpsmtpd whitelistsenders    - Any envelope sender of a mail (@host or user@host) matching an 
                               entry in whitelistsenders will be exempted from further validation
                               during the 'mail' stage.
 spamassassin whitelist_from - Any envelope sender of a mail (*@host or user@host) matching an 
                               entry in whitelist_from will be exempted from spamassassin rejection.


After making any changes using this panel you must click both the Save and Update buttons, in order for changes to take effect.

External Access

Allow external IMAP mail access

There was a deliberate decision to remove non-SSL protected username/password services from the external interface.

to allow unsecure IMAP access 

config setprop imap access public
signal-event email-update

But before you do this try to use secure IMAP
fixme: explain how

POP3 & webmail HTTP

I want to set my SMESERVER to allow POP3 (or webmail HTTP) but it's not an option, I only see POP3S (or webmail HTTPS).

The SMESERVER is secure by design. POP3 (or webmail HTTP) is viewed as inadequate security and removed as an option from a standard installation to encourage unknowing administrators to select the 'best practice' option -a secure connection with POP3S, IMAPS, or HTTPS.

You can still set your SMESERVER to allow POP3 settings by: 

config setprop pop3 access public
signal-event email-update

Allow external pop3 access

Email settings > POP3 server access in SME 7.1 server-manager allows only pop3s protocol for clients outside the LAN. Some email clients (eg The Bat! v3.98.4) won't allow pop3s connections to SME 7.1 because of ssl version conflict. Until this is sorted out, a workaround is to hack SME to allow regular pop3 on the external interface using the following commands. 

config setprop pop3 access public
signal-event email-update
svc -t /service/pop3s

more information bugzilla:2620

Imap

Folders with a dot in name

Email folder names that have a period ('.') in the folder name, will be split into sub-folders. e.g. folder name 'www.contribs.org' is created as 

www
  contribs
        org

qpsmtpd

SME uses the qpsmtpd smtp daemon.

Official Description

qpsmtpd is a flexible smtpd daemon written in Perl. Apart from the core SMTP features, all functionality is implemented in small "extension plugins" using the easy to use object oriented plugin API.

qpsmtpd was originally written as a drop-in qmail-smtpd replacement, but now it also includes smtp forward, postfix, exim an