Difference between revisions of "Updating from SME 7.1.x or earlier"

From SME Server
Jump to navigationJump to search
(removed defunct RBLList settings)
(modified Note box content)
 
(10 intermediate revisions by 3 users not shown)
Line 79: Line 79:
 
RHSBL or ''Right-Hand Side Black List'': Search for known spam hosts by host name.   
 
RHSBL or ''Right-Hand Side Black List'': Search for known spam hosts by host name.   
  
If you want to try out the RHSBL servers configured by default in SME 7.2:
+
If you want to try out the RHSBL servers configured by default in SME:
 
  <nowiki>config delprop qpsmtpd SBLList
 
  <nowiki>config delprop qpsmtpd SBLList
config setprop qpsmtpd SBLList multi.surbl.org:black.uribl.com\
+
config setprop qpsmtpd SBLList dbl.spamhaus.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net
:rhsbl.sorbs.net:bulk.rhs.mailpolice.com:fraud.rhs.mailpolice.com\
 
:porn.rhs.mailpolice.com:adult.rhs.mailpolice.com:ex.dnsbl.org
 
 
signal-event email-update</nowiki>
 
signal-event email-update</nowiki>
  
 
This will enable the following SBL servers for your system.  Be sure to check them out to see if they are consistent with your policies before enabling them.  Don't forget that RHSBL is '''disabled''' by default in SME!
 
This will enable the following SBL servers for your system.  Be sure to check them out to see if they are consistent with your policies before enabling them.  Don't forget that RHSBL is '''disabled''' by default in SME!
 +
* [http://www.spamhaus.org/ dbl.spamhaus.org]
 
* [http://www.surbl.org/ multi.surbl.org]
 
* [http://www.surbl.org/ multi.surbl.org]
 
* [http://www.uribl.com/about.shtml black.uribl.com]
 
* [http://www.uribl.com/about.shtml black.uribl.com]
 
* [http://www.au.sorbs.net/using.shtml rhsbl.sorbs.net]
 
* [http://www.au.sorbs.net/using.shtml rhsbl.sorbs.net]
* [http://rhs.mailpolice.com/ bulk.rhs.mailpolice.com]
 
* [http://fraud.rhs.mailpolice.com/ fraud.rhs.mailpolice.com]
 
  Note:  block.mailpolice.com combines the bulk & porn lists into one
 
* [http://porn.rhs.mailpolice.com/ porn.rhs.mailpolice.com]
 
* [http://adult.rhs.mailpolice.com/ adult.rhs.mailpolice.com]
 
  
 
<br>
 
<br>
 
{{Warning box|[http://wiki.openrbl.org/wiki/Blackhole.securitysage.com blackhole.securitysage.com] was a default SBL server but is no longer working and was removed on Oct 5, 2008.  If you have blackhole.securitysage.com in your SBLList and have RHSBL enabled then <b>ALL INCOMING EMAIL WILL BOUNCE.</b>  You must remove blackhole.securitysage.com from your SBLList for your email server to work properly. Follow the instructions above to reset the default SBLList.}}
 
{{Warning box|[http://wiki.openrbl.org/wiki/Blackhole.securitysage.com blackhole.securitysage.com] was a default SBL server but is no longer working and was removed on Oct 5, 2008.  If you have blackhole.securitysage.com in your SBLList and have RHSBL enabled then <b>ALL INCOMING EMAIL WILL BOUNCE.</b>  You must remove blackhole.securitysage.com from your SBLList for your email server to work properly. Follow the instructions above to reset the default SBLList.}}
  
{{Note box|Some of the SBLList above are quiet aggressive. As a result, genuine mail may be blocked. You should check your qpsmtpd logs at regular intervals to assess the impact of your selection. To reduce the amount of information presented in the logs, filter with "logterse".}}
+
{{Note box|Some of the SBLList above are quite aggressive. As a result, genuine mail may be blocked. You should check your qpsmtpd logs at regular intervals to assess the impact of your selection. To reduce the amount of information presented in the logs, filter with "logterse".
 +
 
 +
A conservative (& some would consider safe) setting for RHSBL would be as follows:
 +
config setprop qpsmtpd SBLList dbl.spamhaus.org
 +
signal-event email-update
 +
 
 +
This will enable the following SBL server for your system. Don't forget that RHSBL is '''disabled''' by default in SME!
 +
* [http://www.spamhaus.org/ dbl.spamhaus.org]}}
  
 
====DNSBL Servers====
 
====DNSBL Servers====
Line 106: Line 107:
 
If you want to try out the DNSBL servers configured by default in SME:
 
If you want to try out the DNSBL servers configured by default in SME:
 
  <nowiki>config delprop qpsmtpd RBLList
 
  <nowiki>config delprop qpsmtpd RBLList
config setprop qpsmtpd RBLList bl.spamcop.net:dnsbl.ahbl.org\
+
config setprop qpsmtpd RBLList bl.spamcop.net\
:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net:list.dsbl.org\
+
:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net\
:multihop.dsbl.org:psbl.surriel.com:zen.spamhaus.org
+
:psbl.surriel.com:zen.spamhaus.org
 
signal-event email-update</nowiki>
 
signal-event email-update</nowiki>
  
 
This will enable the following DNSBL servers for your system.  Be sure to check them out before enabling them.  (List updated 7/31/2007 to replace ''sbl-xbl.spamhaus.org'' with the new ''zen.spamhaus.org'').
 
This will enable the following DNSBL servers for your system.  Be sure to check them out before enabling them.  (List updated 7/31/2007 to replace ''sbl-xbl.spamhaus.org'' with the new ''zen.spamhaus.org'').
 +
 +
NOTE: as of January 1, 2015, [http://www.ahbl.org/ dnsbl.ahbl.org] service is no longer active. If you have added this service to your DNSBL record, please remove it. Leaving it in will cause a great many false positives.
  
 
Don't forget that DNSBL is '''disabled''' by default in SME!  
 
Don't forget that DNSBL is '''disabled''' by default in SME!  
  
 
* [http://www.spamcop.net/ bl.spamcop.net]
 
* [http://www.spamcop.net/ bl.spamcop.net]
* [http://www.ahbl.org/ dnsbl.ahbl.org]
 
 
* [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-1.uceprotect.net] Conservative (blocks single IPs)
 
* [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-1.uceprotect.net] Conservative (blocks single IPs)
 
* [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-2.uceprotect.net] More agressive (blocks class C networks)
 
* [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-2.uceprotect.net] More agressive (blocks class C networks)
* [http://dsbl.org/main list.dsbl.org] single-stage relays tested by trusted testers
 
* [http://dsbl.org/main multihop.dsbl.org] the outputs of multihop relays, tested by trusted testers
 
 
* [http://psbl.surriel.com/ psbl.surriel.com]
 
* [http://psbl.surriel.com/ psbl.surriel.com]
 
* [http://www.spamhaus.org/zen/ zen.spamhaus.org] ''formerly sbl-xbl.spamhaus.org''
 
* [http://www.spamhaus.org/zen/ zen.spamhaus.org] ''formerly sbl-xbl.spamhaus.org''

Latest revision as of 09:27, 27 November 2015

There seem to be a lot of questions about updating to SME Server version 7.2 and higher from releases of SME Server 7.1.x and before. This document will attempt to compile the various questions and answers in one place.

CD Update

Important.png Note:
For this you need physical access to your server as SSH access is unavailable during CD updates.


  1. Insert the CD into your server and issue a reboot, follow the instructions presented to you on the server screen to update to SME Server 7.2.
  2. Reset yum to the new default configuration as described here: SME Server:Adding_Software#Restoring_Default_Yum_Repositories
  3. Reset other settings to new defaults as shown here: Updating_to_SME_7.2#Updating_Configuration_Database_with_New_Default_Values
  4. Perform a final yum update to obtain updates or patches released after the generation of the 7.2 iso.

Yum Update

Important.png Note:
Updated 15 Oct 2007


  1. Clear out any lingering yum confusion and install the latest yum support files:
  2. yum clean all yum update smeserver-yum yum sqlite python-sqlite
  3. Reset your repository configuration and reboot:
  4. cd /home/e-smith/db/ mv yum_repositories yum_repositories.po /etc/e-smith/events/actions/initialize-default-databases signal-event yum-modify signal-event post-upgrade; signal-event reboot
  5. Obtain the remaining support files
  6. yum update dbus dbus-glib smeserver-support
  7. Obtain remaining updates and reboot
  8. yum update signal-event post-upgrade; signal-event reboot
  9. Reset other settings to new defaults as shown here: Updating_to_SME_7.2#Updating_Configuration_Database_with_New_Default_Values
  10. Perform a final yum update to confirm that you have installed all available updates.

Cleanup Tasks

Upgrading from a system prior to 7.1

Warning.png Warning:
If you are upgrading from a system prior to 7.1 you will need to manually install the kmods for smp kernel.


To install the kmods for smp kernel type at command line:

yum install kmod*smp*
signal-event post-upgrade
signal-event-reboot

Ensuring the correct yum repository configuration

Warning.png Warning:
All SME systems installed from CD (or ISO image) prior to 7.2 need to have the yum repository configuration corrected!


The default yum repository configuration changed with the release of SME version 7.1.1 in order to allow installation of unmodified and non-conflicting CentOS packages directly from the CentOS repositories.

The SME update process does not reconfigure your yum repositories automatically in order to preserve any existing custom configurations you have created.

As a result:

  • Even if your server now says it is running SME 7.1.3 your system may not be up to date, and you may be missing vital updates from the CentOS repositories that will only be installed after correcting your yum repository configuration!
  • You will STILL need to correct your yum repository configuration even after updating from the 7.2 CD.
  • A fresh install from the SME 7.2 CD is the only instance in which you do not need to reconfigure your yum repositories.

Therefore, unless you are an expert with yum and have made specific sme-related customizations for some reason, you must reset your yum repository configuration to the SME defaults using the instructions found at SME Server:Adding_Software#Restoring_Default_Yum_Repositories or your yum updates will fail sooner or later.

All SME updates assume that the default repositories are enabled, and that any 3rd party repositories you may have configured are

  • disabled by default
  • created with appropriate "Exclude" paramaters
  • accessed manually when necessary using the yum --enablerepo=xxx syntax.

Updating Configuration Database with New Default Values

SME 7.2 includes different default values for some settings. This section tells you how to change those values.

Generic Instructions

Any configuration database item that has a "default" value can be set to the default value using

config delprop key prop
/etc/e-smith/events/actions/initialize-default-databases

Afterwards, you will need to re-expand the affected templates and restart the affected services:

signal-event post-upgrade; signal-event reboot

qpsmtpd LogLevel

SME 7.0 - 7.1.3 all defaulted to qpsmtpd LogLevel 8 (or 'debug') in order to make sure that the logfile contained all plugin results.

SME 7.2 now includes the qpsmtpd logterse plugin allowing LogLevel to be reduced to 6 without losing any critical tracking information yet significantly reducing overall log activity, consequently extending log retention times.

config delprop qpsmtpd LogLevel
/etc/e-smith/events/actions/initialize-default-databases
signal-event email-update
svc -t /var/service/qpsmtpd
Important.png Note:
If you are using Brian Read's spamfilter-stats-7.pl script to get daily emails of mail server activity, you should update to the latest version to ensure that you have support for the logterse plugin. See Mailstats for more information


RHSBL Servers

RHSBL or Right-Hand Side Black List: Search for known spam hosts by host name.

If you want to try out the RHSBL servers configured by default in SME:

config delprop qpsmtpd SBLList
config setprop qpsmtpd SBLList dbl.spamhaus.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net
signal-event email-update

This will enable the following SBL servers for your system. Be sure to check them out to see if they are consistent with your policies before enabling them. Don't forget that RHSBL is disabled by default in SME!


Warning.png Warning:
blackhole.securitysage.com was a default SBL server but is no longer working and was removed on Oct 5, 2008. If you have blackhole.securitysage.com in your SBLList and have RHSBL enabled then ALL INCOMING EMAIL WILL BOUNCE. You must remove blackhole.securitysage.com from your SBLList for your email server to work properly. Follow the instructions above to reset the default SBLList.



Important.png Note:
Some of the SBLList above are quite aggressive. As a result, genuine mail may be blocked. You should check your qpsmtpd logs at regular intervals to assess the impact of your selection. To reduce the amount of information presented in the logs, filter with "logterse".

A conservative (& some would consider safe) setting for RHSBL would be as follows:

config setprop qpsmtpd SBLList dbl.spamhaus.org
signal-event email-update

This will enable the following SBL server for your system. Don't forget that RHSBL is disabled by default in SME!


DNSBL Servers

DNSBL (DNS Block List): Block spam hosts based on the IP address of the remote system.

If you want to try out the DNSBL servers configured by default in SME:

config delprop qpsmtpd RBLList
config setprop qpsmtpd RBLList bl.spamcop.net\
:dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net\
:psbl.surriel.com:zen.spamhaus.org
signal-event email-update

This will enable the following DNSBL servers for your system. Be sure to check them out before enabling them. (List updated 7/31/2007 to replace sbl-xbl.spamhaus.org with the new zen.spamhaus.org).

NOTE: as of January 1, 2015, dnsbl.ahbl.org service is no longer active. If you have added this service to your DNSBL record, please remove it. Leaving it in will cause a great many false positives.

Don't forget that DNSBL is disabled by default in SME!


Important.png Note:
Some of the RBLList above are quite aggressive. As a result, genuine mail may be blocked.

Many will argue what's best but most would agree that you can set best-practice recommended settings by:

config setprop qpsmtpd RBLList zen.spamhaus.org
signal-event email-update

You should check your qpsmtpd logs at regular intervals to assess the impact of your selection. To reduce the amount of information presented in the logs, filter with "logterse".


sa-update

SME 7.2 introduces /etc/cron.daily/sa_update to automatically update your Spamassassin rules daily.

Brian Read had published /etc/cron.daily/sa-update (with a dash instead of an underline) for updating Spamassassin in SME versions prior to 7.2.

If you had installed this script on an earlier version of SME 7.x you may want to delete it now using:

rm -f /etc/cron.daily/sa-update

Known Issues or Problems

Yum Problems

More info on general Yum issues can be found here: SME_Server:Documentation:FAQ#General

Public key for perl-version-0.7203-1.el4.1.i386.rpm is not installed

This error should be resolved by following the standard #Yum_Update procedure above.

[Errno 256] No more mirrors to try.

This probably indicates that your yum repositories are misconfigured. You should follow the standard #Yum_Update procedure above.

Existing lock /var/run/yum.pid: another copy is running. Aborting.

SME Server runs yum automatically to check for available updates. If this background check is running you will see this error. Just wait a few minutes for the background process to finish.

GLib-CRITICAL **: file gtimer.c: line 106 (g_timer_stop)

This error indicates that you have installed yum packages that require later versions of sqlite and python-sqlite than you have installed on your system. You can recover using the commands shown below, which should:

  1. Download and install the latest versions of python-sqlite and sqlite (to make yum operational) and smeserver-yum (to provide proper repository defaults). cd /tmp wget ftp://ibiblio.org/pub/linux/distributions/smeserver/releases/7.2/smeos/i386/SME/RPMS/*sqlite-* wget ftp://ibiblio.org/pub/linux/distributions/smeserver/releases/7.2/smeos/i386/SME/RPMS/smeserver-yum-* yum localinstall sqlite python-sqlite smeserver-yum
  2. Reset your repository configuration cd /home/e-smith/db/ mv yum_repositories yum_repositories.po /etc/e-smith/events/actions/initialize-default-databases signal-event yum-modify
  3. Reboot to activate all changes signal-event post-upgrade; signal-event reboot
  4. After rebooting, make sure you have the basic files before beginning your major update: yum update dbus dbus-glib smeserver-support yum
  5. Then finish your update: yum update


Troubleshooting when yum install is broken

If yum is broken, then it's obviously not possible to use yum to do updates (to yum). If you are unable to install the sqlite and smeserver-yum packages with yum as per the above instructions, then you will need to manually download the packages & (dependency packages) & install them from the local machine using rpm -Uvh. You might receive this type of error when manually updating packages:

rpm -Uvh sqlite* python-sqlite* smeserver-yum*
error: Failed dependencies:
yum-plugin-fastestmirror is needed by
smeserver-yum-1.2.0-37.el4.sme.noarch

This indicates you also need to download the dependency rpm, in this case yum-plugin-fastestmirror.

Manually download ALL the required packages to an empty folder, eg from http://mirror.contribs.org/smeserver/releases/7/ then do:

rpm -Uvh *.rpm
signal-event post-upgrade
reboot

Then continue on with the normal yum update process

yum update
signal-event post-upgrade
reboot

Webmail / Horde

If you have created custom templates designed to change the appearance of Webmail or Horde on your system, you may have to delete your existing custom templates, copy the new version of the same template fragments, and make your customizations on the new copies.

Important.png Note:
Anyone that has a custom-template of 110AppRegistryHorde is going to be affected, because of the webroot detection changes in horde 3.1.4. It doesn't work as advertised. Copying the new 110AppRegistryHorde to templates-custom and then making your changes will allow you to customize your setup once again. See Bugzilla:3181.


IMAP subfolders do not show in IMP

  • The 'Folder' drop-down list in webmail only offers INBOX
  • /var/log/messages shows entries like:
...: PHP Notice:  Undefined index:  a in /home/httpd/html/horde/lib/Horde/IMAP/Tree.php on line 1275
...: PHP Notice:  Undefined index:  a in /home/httpd/html/horde/lib/Horde/IMAP/Tree.php on line 1438
...: PHP Notice:  Undefined index:  value in /home/httpd/html/horde/imp/folders.php on line 361

From Bugzilla:1701(Courtesy of Alain):

  1. rm /etc/e-smith/templates-custom/var/service/imap/config/IMAP_CAPABILITY
  2. signal-event post-upgrade; signal-event reboot (note: signal-event email-update is not enough)

Remote Administration using SSH Tunnels

Prior versions of SME Server allowed you to access server-manager using http://localhost:980/server-manager after establishing an ssh tunnel on port 980 to your SME server.

You could also establish a tunnel from local port xxxx to port 443 on your SME server, then access server-manager at https://localhost:xxxx/server-manager

Both of these options will now generate a page not found error after entering your admin username & password, as the login page automatically redirects both of these to "https://localhost/server-manager".

You can work-around this issue in one of 3 ways:

  1. Tunnel port 443, then login at https://localhost/server-manager
  2. Tunnel whatever port you used previously, get the error message, then manually return to your original URL
  3. Enable PPTP on your SME server and use a PPTP VPN to access server-manager.

Missing email folders after upgrade

This link explains why you may appear to be missing your mail folders after an upgrade: After I upgrade my SME Server, my email folders have disappeared when using IMAP

10fix_privilege_tables in message log

These messages are generated by /usr/share/mysql/mysql_fix_privilege_tables.sql. The script itself says:

You can safely ignore all 'Duplicate column' and 'Unknown column' errors
because these just mean that your tables are already up to date.
This script is safe to run even if your tables are already up to date!

See also Bugzilla:3223.