Difference between revisions of "SME Server:Documentation:Administration Manual:Chapter13"

From SME Server
Jump to navigationJump to search
m (remove chapter numbers)
m (Clarify use of secondary mail server)
 
(40 intermediate revisions by 6 users not shown)
Line 1: Line 1:
===Chapter 13. Configuration===
+
<noinclude>{{Languages}}</noinclude>
 +
===Configuration===
  
 
====Software Installer Panel====
 
====Software Installer Panel====
Line 13: Line 14:
 
Instead of setting the time manually, you can use a network time server. A time server is a device on the Internet that keeps accurate time and is able to communicate the time to other computers over the Internet using the Network Time Protocol (NTP) . Many organizations around the world provide Internet time servers for free.
 
Instead of setting the time manually, you can use a network time server. A time server is a device on the Internet that keeps accurate time and is able to communicate the time to other computers over the Internet using the Network Time Protocol (NTP) . Many organizations around the world provide Internet time servers for free.
  
{{DrawBoxWarning|content=After you start using a network time server, you should NOT set the time or date manually. If you do so, the network time synchronization will no longer function.}}
+
{{Warning box|After you start using a network time server, you should NOT set the time or date manually. If you do so, the network time synchronization will no longer function.}}
  
 
This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server. To do this, simply check the box for "Enable NTP Service", add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". Using a time server is optional but doing so can greatly increase the accuracy of your system.
 
This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server. To do this, simply check the box for "Enable NTP Service", add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". Using a time server is optional but doing so can greatly increase the accuracy of your system.
For more information about using a network time server, visit http://www.ntp.org/. You can also find a list of publicly available time servers at http://www.eecis.udel.edu/~mills/ntp/servers.htm. You should always use a secondary time server (also called a stratum 2 server) to lighten the load on the primary time servers.
+
For more information about using or becoming a network time server, visit http://www.pool.ntp.org
  
{{DrawBoxTip|content=In order to make sure the network time server is set to your timezone, you should go through this screen once and manually set the time to be correct and with the correct timezone. After doing that, go back to this panel and set the server to use a network time server.}}
+
{{Tip box|In order to make sure the network time server is set to your timezone, you should go through this screen once and manually set the time to be correct and with the correct timezone. After doing that, go back to this panel and set the server to use a network time server.}}
  
 
====Workgroup====
 
====Workgroup====
 
If you are using a computer on a local network and you wish to access the server via Windows file sharing, it is important that you are logged onto the same workgroup as your SME Server. This screen allows you to enter the name of the Windows workgroup the server should appear in. You should also enter the Windows server name. In order that you may later connect multiple locations using IPSEC VPNs, we suggest that you use a different name for each server. If you wish you can change the workgroup name to correspond with an existing workgroup.   
 
If you are using a computer on a local network and you wish to access the server via Windows file sharing, it is important that you are logged onto the same workgroup as your SME Server. This screen allows you to enter the name of the Windows workgroup the server should appear in. You should also enter the Windows server name. In order that you may later connect multiple locations using IPSEC VPNs, we suggest that you use a different name for each server. If you wish you can change the workgroup name to correspond with an existing workgroup.   
  
[[Image:workGroup.png]]
+
[[Image:Workgroup.png]]
  
 
Macintosh users need only enter a server name or accept the defaults.
 
Macintosh users need only enter a server name or accept the defaults.
Line 29: Line 30:
 
Also in this section, you can specify whether the server should be the domain master for your Windows workgroup. Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master.
 
Also in this section, you can specify whether the server should be the domain master for your Windows workgroup. Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master.
  
{{DrawBoxWarning|content=If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server, you should most likely answer "no" because that other server will act as the domain master.}}
+
{{Warning box|If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server, you should answer "no" as that other server will act as the domain master.}}
  
 
If you do configure your system to be the domain master, a special Windows share called NETLOGON is created with a DOS batch file called netlogon.bat. This batch file is executed by Windows clients that have been configured to "Logon to domain". The netlogon.bat file we provide by default does very little, but advanced users can, if they wish, modify this script to set environment variables for their clients or provide automatic drive mappings.
 
If you do configure your system to be the domain master, a special Windows share called NETLOGON is created with a DOS batch file called netlogon.bat. This batch file is executed by Windows clients that have been configured to "Logon to domain". The netlogon.bat file we provide by default does very little, but advanced users can, if they wish, modify this script to set environment variables for their clients or provide automatic drive mappings.
  
 
As the NETLOGON share is only writable by the "admin" user, you modify the netlogon.bat script by logging on to a Windows system as "admin", connecting to the share and then modifying the script using a Windows text editor. Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools. As the "admin" user, you will need to connect to the share or map a drive to it, by using the specific path:
 
As the NETLOGON share is only writable by the "admin" user, you modify the netlogon.bat script by logging on to a Windows system as "admin", connecting to the share and then modifying the script using a Windows text editor. Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools. As the "admin" user, you will need to connect to the share or map a drive to it, by using the specific path:
\\ servername \NETLOGON\
+
\\servername\NETLOGON\
  
The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client.
+
The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client.<br />
 +
 
 +
Note: The [[SME_Server:Documentation:Administration_Manual:Chapter7#Setting_up_network_drives|Chapter 7]] has a method for admin to edit the netlogon.bat file using the command line.
  
 
====Directory====
 
====Directory====
Line 54: Line 57:
 
If you choose "Network printer", you will see an additional screen that will ask for the hostname or IP address and the network printer name. Enter that information where requested. For the network printer name, you can use the default setting, raw, unless you have some reason to do otherwise. (raw is the name used by most network printers for their main print queues.)
 
If you choose "Network printer", you will see an additional screen that will ask for the hostname or IP address and the network printer name. Enter that information where requested. For the network printer name, you can use the default setting, raw, unless you have some reason to do otherwise. (raw is the name used by most network printers for their main print queues.)
  
{{DrawBoxNote|content=For maximum flexibility in making changes later, we suggest that you enter the hostname for a network printer here and enter the IP address of the printer through the Hostnames and addresses panel of the server manager. This allows you to have one central location listing IP addresses and allowing you to make changes. Note that many modern network printers can be configured automatically. To do so, enter their hostname, IP address and Ethernet address in the Hostnames and addresses panel.}}
+
{{Note box|For maximum flexibility in making changes later, we suggest that you enter the hostname for a network printer here and enter the IP address of the printer through the Hostnames and addresses panel of the server manager. This allows you to have one central location listing IP addresses and allowing you to make changes. Note that many modern network printers can be configured automatically. To do so, enter their hostname, IP address and Ethernet address in the Hostnames and addresses panel.}}
  
 
Note also that the server printing system does not perform any filtering and passes the print requests directly from the client computers to the printer in the "raw" or "pass-through" machines. For this reason, the SME Server does not have a list of "supported printers". Most printers are supported as long as the appropriate driver is installed in the operating system on your client computers.
 
Note also that the server printing system does not perform any filtering and passes the print requests directly from the client computers to the printer in the "raw" or "pass-through" machines. For this reason, the SME Server does not have a list of "supported printers". Most printers are supported as long as the appropriate driver is installed in the operating system on your client computers.
Line 69: Line 72:
 
[[Image:Hostnames.png]]
 
[[Image:Hostnames.png]]
  
'''Using the Hostnames Panel'''
+
====Modify Hostname====
Throughout the screens linked to from the Hostnames panel, you will find the text "Publish globally?" with a checkbox next to it.
+
 
Suppose, for example, your company's web site was hosted at some other location, such as on your ISP's web servers. If you wanted "www.mycompany.xxx" to point to your ISP's server, you would modify the entry here by clicking the "Modify..." link next to "www". The image below shows the screen in which you would perform the task:
+
'''Using the Hostnames Panel''' Suppose, for example, your company's web site was hosted at some other location, such as on your ISP's web servers. If you wanted "www.mycompany.xxx" to point to your ISP's server, you would modify the entry here by clicking the "Modify..." link next to "www". The image below shows the screen in which you would perform the task:
 +
 
  
 
[[Image:Modify-hostname.png]]
 
[[Image:Modify-hostname.png]]
  
You would first change the location to "Remote" and then enter the IP address of your ISP's server in the field marked "Global IP".
 
  
=====Creating New Hostnames=====
+
You would first change the location to "Remote" and then enter the IP address or Fully Qualified Domain Name (FQDN) of your ISP's server in the field marked "IP Address or FQDN". See [[Bugzilla: 6297]]
Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.
+
 
 +
=====Rename Server=====
 +
If you were to rename a SME server (eg. myserver.mydomain.com) for any reason, you would go to the [[SME_Server:Documentation:Administration_Manual:Chapter6|server console]] (logged in as admin) and choose configure the server and change the name and then reboot. However, the various parts of the server listed in server-manager (Hostnames and addresses) would still show the old name and would not be able to be deleted. See [[Bugzilla: 5953]]
  
Note that if your system is configured with any virtual domains, you will have the choice of the domain in which you want to create the hostname. This allows you, for instance, to have "www.tofu-dog.com" pointing to one IP address and "www.mycompany.xxx" pointing to a completely separate IP address.
+
To remove old entries:
  
The hostnames you can create on this panel fall into three categories:
+
db hosts delprop myserver.mydomain.com static
  
Additional names for your server: For instance, you might want to set up "intranet.mycompany.xxx" to point to your server. All you do here is enter the hostname and, if appropriate, choose the domain for the hostname.
+
To check:
  
Remote hosts: As mentioned in the example earlier, you might want to point a hostname such as "www" to a remote system. While "www" is created by default, you can create other names such as "home", "research", or any other appropriate name. In the form, you simply enter the hostname, choose the domain, and enter the remote IP address.
+
db hosts show
  
Local hosts: This screen is a bit more complicated because you have more options. At a basic level, you can create a hostname in a domain that points to another computer on your local network. To do this, just type in the hostname and enter the IP address in the "Local IP" field. For instance, you might want "research" to point to a computer system inside your network.
+
====Creating New Hostnames====
 +
 +
Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.
 +
 +
Note that if your system is configured with any virtual domains, you will have the choice of the domain in which you want to create the hostname. This allows you, for instance, to have "www.tofu-dog.com" pointing to one IP address and "www.mycompany.xxx" pointing to a completely separate IP address.
 +
 +
The hostnames you can create on this panel fall into three categories and are available from the drop box "Location":See [[Bugzilla: 6297]]
  
Where this gets complicated is when you want "research.mycompany.xxx" to be accessible both inside and outside your local network. The challenge is that your local IP addresses are only accessible inside your network. For that reason, the target computer system will need to have two network interface cards - one connected to the internal network and one connected to the external network. You would then enter both IP addresses in this screen in the "Local IP" and "Global IP" fields.
+
'''Self:'''  Additional names for your server: For instance, you might want to set up "intranet.mycompany.xxx" to point to your server. All you do here is enter the hostname and, if appropriate, choose the domain for the hostname.
 +
 +
'''Remote:''' As mentioned in the example earlier, you might want to point a hostname such as "www" to a remote system. While "www" is created by default, you can create other names such as "home", "research", or any other appropriate name. In the form, you simply enter the hostname, choose the domain, and enter the remote IP address or FQDN. See [[Bugzilla: 6295]]
 +
 +
'''Local:''' This screen is a bit more complicated because you have more options. At a basic level, you can create a hostname in a domain that points to another computer on your local network. To do this, just type in the hostname and enter the IP address in the "Local IP" field. For instance, you might want "research" to point to a computer system inside your network.
 +
 +
Where this gets complicated is when you want "research.mycompany.xxx" to be accessible both inside and outside your local network. The challenge is that your local IP addresses are only accessible inside your network. For that reason, the target computer system will need to have two network interface cards - one connected to the internal network and one connected to the external network.
  
{{DrawBoxNote|content=The "Ethernet address" field when creating a hostname pointing to a local host is only used for reserving IP addresses through DHCP as mentioned in the next section.}}
+
{{Note box|At this stage, one cannot create a Hostname under local using a FQDN. However, it is possible to point to a local machine entering the FQDN of this machine as "remote" if this FQDN is valid.}}
  
 
=====Reserving IP Addresses Through DHCP=====
 
=====Reserving IP Addresses Through DHCP=====
Line 99: Line 116:
 
Rather than configuring the machine manually, you can reserve an IP address from the DHCP server for that specific machine. This has the same result as manually configuring a static IP address, but offers two benefits. First, you have one location to keep track of all assigned static address. Second, through the DHCP server you will provide network settings. If you wish to change those settings, the change can be simply done on your server. All DHCP clients will then receive those updated changes when they renew their DHCP-provided addresses.
 
Rather than configuring the machine manually, you can reserve an IP address from the DHCP server for that specific machine. This has the same result as manually configuring a static IP address, but offers two benefits. First, you have one location to keep track of all assigned static address. Second, through the DHCP server you will provide network settings. If you wish to change those settings, the change can be simply done on your server. All DHCP clients will then receive those updated changes when they renew their DHCP-provided addresses.
  
To reserve an IP address, you must first determine the Ethernet address of your client system. Windows NT/2000 users can type the command ipconfig /all . Windows 95/98 users can run the command winipcfg . Linux/UNIX users can type ifconfig.
+
To reserve an IP address, you must first determine the Ethernet address of your client system. Windows NT/2000 users can type the command  
 +
ipconfig /all
 +
Windows 95/98 users can run the command
 +
winipcfg
 +
Linux/UNIX users can type
 +
ifconfig
  
 
Once you have determined the client's Ethernet address, click on the link to create a new hostname for a local host. Add the hostname of the target system, the Ethernet address along with the desired IP address into the web panel. From this point on specified IP address will only be provided to a client system with the matching Ethernet address.
 
Once you have determined the client's Ethernet address, click on the link to create a new hostname for a local host. Add the hostname of the target system, the Ethernet address along with the desired IP address into the web panel. From this point on specified IP address will only be provided to a client system with the matching Ethernet address.
  
 
====Domains====
 
====Domains====
When you are supporting multiple domains on a single server, each domain being served is referred to as a virtual domain . (The strict definition of virtual domain is when a single IP address is shared between multiple domains.) When you create a virtual domain using this section of the server manager, your SME Server will be able to receive e-mail for that domain and will be able to host a web site for that domain.
+
When you create a domain using this section of the server manager, your SME Server will be able to receive e-mail and host a web site for that domain.
  
 
[[Image:Domains.png]]
 
[[Image:Domains.png]]
  
To create a virtual domain, fill in the domain name and a description of the site. You then tell the server where to find the content for that domain - it can be the same as your primary web site, or you can create a new set of web pages and store them in one of your i-bays. Clicking the arrow in the "Content" field will show you a list of your current i-bays and allow you to make a selection. This feature allows you to host multiple web sites from a single server.
+
To create a domain, fill in the domain name and a description of the site. You then tell the server where to find the content for that domain - it can be the same as your primary web site, or you can create a new set of web pages and store them in one of your i-bays. Clicking the arrow in the "Content" field will show you a list of your current i-bays and allow you to make a selection. This feature allows you to host multiple web sites from a single server.
Be aware that you can point the virtual domain to either the primary web site or to one of the i-bays . You cannot point a virtual domain to a subdirectory that you simply create inside of the primary web site file area. You need to use an i-bay instead.
+
Be aware that you can point the domain to either the primary web site or to one of the i-bays . You cannot point a domain to a subdirectory that you simply create inside of the primary web site file area. You need to use an i-bay instead.
  
{{DrawBoxNote|content=When you are entering the name for the virtual domain, you should supply the fully-qualified domain name . This is the full name of the domain, including any extensions like ".com", but without any prefixes like "www" or "ftp". For instance, you can create a virtual domain by entering "tofu-bird.com", but not by entering "tofu-bird" or "www.tofu-bird.com".}}
+
{{Note box|When you are entering the name for the domain, you should supply the fully-qualified domain name . This is the full name of the domain, including any extensions like ".com", but without any prefixes like "www" or "ftp". For instance, you can create a virtual domain by entering "tofu-bird.com", but not by entering "tofu-bird" or "www.tofu-bird.com".}}
  
Once you have created a virtual domain, your server will be automatically configured to answer to web requests for www.domainname.xxx and will accept e-mail for your virtual domain as well.
+
'''Public DNS Records'''
  
In most cases the DNS for the server is *not* handled by the server but by some Internet DNS servers. So, the default is to pass DNS requests for anything but the primary domain to the Internet DNS servers.
+
Once you have created a domain, your server will be automatically configured to answer to web requests for www.domainname.xxx and will accept e-mail for your virtual domain as well.
 +
 
 +
In most cases the DNS for the server is '''not''' handled by the server but by some Internet DNS servers. So, the default is to pass DNS requests for anything but the primary domain to the Internet DNS servers.
  
 
The primary domain is resolved locally as we generate (fairly) complete DNS records for that domain, including all local hostnames.
 
The primary domain is resolved locally as we generate (fairly) complete DNS records for that domain, including all local hostnames.
Line 128: Line 152:
 
Note that in all cases the server will act as a DNS cache/proxy/forwarder and so all domains will actually _technically_ be "resolve locally", but the dns cache will forward them to the chosen DNS servers.
 
Note that in all cases the server will act as a DNS cache/proxy/forwarder and so all domains will actually _technically_ be "resolve locally", but the dns cache will forward them to the chosen DNS servers.
  
{{DrawBoxWarning|content=While the server is prepared to offer web and e-mail services for this virtual domain, there is one more step that must occur. In order for users on the Internet to successfully connect to your machine using the virtual domain, you will need to work with your ISP or whoever controls the DNS entries for your virtual domain to have the appropriate DNS entries pointed to the IP address of your server. For instance, your ISP will need to configure an MX record for the domain in order for you to receive inbound e-mail to that domain.}}
+
{{Warning box|While the server is prepared to offer web and e-mail services for this domain, there is one more step that must occur. In order for users on the Internet to successfully connect to your machine using the domain, you will need to work with your ISP or whoever controls the DNS entries for your domain to have the appropriate DNS entries pointed to the IP address of your server. For instance, your ISP will need to configure an MX record for the domain in order for you to receive inbound e-mail to that domain.<br>
 +
See [http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Appendix#Appendix_B._DNS Appendix B. DNS] for more information.
 +
}}
  
 
====E-mail====
 
====E-mail====
 +
As shown below, this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail.
  
=====E-mail Retrieval=====
+
There is a comprehensive [[:email]] howto with alternative and advanced suggestions.  
As shown below, this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail.
 
  
 
[[Image:Email.png]]
 
[[Image:Email.png]]
 +
 +
=====E-mail Access=====
  
 
[[Image:Email-access.png]]
 
[[Image:Email-access.png]]
 +
 +
* POP and IMAP server access: The options are "Private" and "Secure Public". The former allows access only from your local network. The latter allows access from anywhere on the Internet.
 +
 +
* Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. More information can be found in the [[SME_Server:Documentation:User_Manual:Chapter4|Chapter on Webmail.]]
 +
 +
=====E-mail Filtering=====
 +
Extra types of email attachments can be blocked with the instructions at [[:Virus_blocking_tutorial]]
 +
 +
[[Image:Email-filtering-1.png]]
 +
 +
[[Image:Email-filtering-2.png]]
 +
 +
=====E-mail Retrieval=====
  
 
[[Image:Email-reception-1.png]]
 
[[Image:Email-reception-1.png]]
Line 144: Line 185:
  
 
Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider:
 
Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider:
* If you have a dedicated connection, set E-mail retrieval mode to "Standard".
+
* If you have a dedicated connection, set E-mail retrieval mode to "Standard". The secondary mail server setting does not operate in this mode and any attempt to set one will not be accepted. See ETRN or multidrop for use of secondary mail server.
 
* If you arranged "ETRN" support with your ISP, choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet.
 
* If you arranged "ETRN" support with your ISP, choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet.
 
* If you arranged "multidrop" mail service from your ISP, choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. Further down the screen, you will need to specify the user account and password assigned by your ISP for this POP mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.)
 
* If you arranged "multidrop" mail service from your ISP, choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. Further down the screen, you will need to specify the user account and password assigned by your ISP for this POP mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.)
  
If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network.
+
If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network.<br />
Note: Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering)
+
 
 +
{{Note box| Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering)}}
 +
If you intend to have an external mail server handle mail for your domain, just
 +
send the mail directly to that mail server, via the MX record for your domain.
  
 
If you have a dialup connection, the server allows you to control how frequently it fetches e-mail from your ISP. This is particularly useful in situations where you incur phone or Internet charges each time your system contacts your ISP. The default settings are every 15 minutes during standard office hours and every hour outside normal office hours on weekdays or on weekends. The fields allow you to customize those settings.
 
If you have a dialup connection, the server allows you to control how frequently it fetches e-mail from your ISP. This is particularly useful in situations where you incur phone or Internet charges each time your system contacts your ISP. The default settings are every 15 minutes during standard office hours and every hour outside normal office hours on weekdays or on weekends. The fields allow you to customize those settings.
Line 155: Line 199:
 
Finally, if you have "multidrop" mail service you need to select the sort method used by the server to decide which user each message should be delivered to. Your server has a default method for this (it examines various headers such as "To" and "Resent-To") which works in most circumstances but is not suitable for certain purposes such as mailing list messages. Some ISPs add a header to each e-mail message which can help your server determine the correct recipient. If your ISP does not add a header to multidrop e-mail, select the "Default" sort method and ignore the "select sort header" field. If your ISP does add a header to multidrop e-mail, then select "Specify below" and enter the header tag provided by your ISP. Because you will experience problems with mailing-lists when using multi-drop e-mail, we strongly recommend that you work with your ISP to have a special header added to each message. The "Default" sort method should be only used as a last resort.
 
Finally, if you have "multidrop" mail service you need to select the sort method used by the server to decide which user each message should be delivered to. Your server has a default method for this (it examines various headers such as "To" and "Resent-To") which works in most circumstances but is not suitable for certain purposes such as mailing list messages. Some ISPs add a header to each e-mail message which can help your server determine the correct recipient. If your ISP does not add a header to multidrop e-mail, select the "Default" sort method and ignore the "select sort header" field. If your ISP does add a header to multidrop e-mail, then select "Specify below" and enter the header tag provided by your ISP. Because you will experience problems with mailing-lists when using multi-drop e-mail, we strongly recommend that you work with your ISP to have a special header added to each message. The "Default" sort method should be only used as a last resort.
  
=====Other E-mail Settings=====
+
=====E-mail Delivery=====
 
This screen presents you with additional options for controlling how your system handles e-mail.
 
This screen presents you with additional options for controlling how your system handles e-mail.
  
 
[[Image:Email-delivery.png]]
 
[[Image:Email-delivery.png]]
  
* Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here.
+
* Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here. Note, This option has been moved to the Collaboration > User > admin panel.
  
{{DrawBoxNote|content=Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.}}
+
{{Note box|Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.}}
  
 
* E-mail to unknown users: This field allows you to choose whether incoming messages to unknown users are bounced back to the sender or forwarded to the system administrator. Some users prefer the latter setting because it allows them to catch and reroute e-mail that was incorrectly addressed.
 
* E-mail to unknown users: This field allows you to choose whether incoming messages to unknown users are bounced back to the sender or forwarded to the system administrator. Some users prefer the latter setting because it allows them to catch and reroute e-mail that was incorrectly addressed.
  
{{DrawBoxNote|content=If you choose to have messages forwarded to the system administrator, they will be sent to either "admin" or the e-mail address specified in the forwarding address field mentioned above.}}
+
{{Note box|If you choose to have messages forwarded to the system administrator, they will be sent to either "admin" or the e-mail address specified in the forwarding address field mentioned above.}}
  
 
* Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here.
 
* Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here.
 
In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet.
 
In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet.
  
* POP and IMAP server access: The options are "Private" and "Public". The former allows access only from your local network. The latter allows access from anywhere on the Internet. Think about this carefully. On the positive side, choosing "Public" access allows any of your users to retrieve their e-mail via POP/IMAP from anywhere on the Internet. The negative side is that when you do this, you are reducing your level of security, as you will now have two more services (POP and IMAP) that are listening for connections across the Internet. Both protocols also involve transmitting your password across the Internet in plain, unencrypted text, opening up the possibility that someone could intercept the packets and learn your username and password. Allowing such access can be a great convenience to your users, but if security is a concern you should consider using encrypted webmail instead.
+
====Antivirus (ClamAV)====
 
+
Default for SME8 is Sunday morning. With SME8.1 ISO (or as soon as smeserver-clamav-2.2.0-13.sme is released) default will be Saturday morning.
{{DrawBoxNote|content=Even with POP and IMAP configured for public access, users outside your local network are not able to send e-mail using your server as their SMTP host. Allowing this would open your server to abuse by spammers as a mail relay. Users who are travelling should either:<br />
 
  a. use the STMP server of their local ISP;<br />
 
  a. use PPTP to connect to your internal network; or<br />
 
  a. use webmail to read their mail.<br />
 
Webmail provides your users with secure access to both read and send mail via your server.
 
}}
 
 
 
* ~Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. More information can be found in|Chapter 16. Webmail.
 
 
 
=====E-mail Filtering=====
 
 
 
[[Image:Email-filtering-1.png]]
 
  
[[Image:Email-filtering-2.png]]
+
When set to occur weekly Clamav weekly scan has been configured to run Saturday morning (typically between 00:00 to 01:00 local time). Users with large systems may wish to only schedule a weekly AV scan (taking place on Saturday morning) in order to avoid overlap with disk-check scheduled on Sunday morning. [[Bugzilla:7656]]
  
 
====Review Configuration====
 
====Review Configuration====

Latest revision as of 23:55, 21 January 2019


Configuration

Software Installer Panel

The Software installer Panel allows you to configure and install updates to SME Server. You can install additional software from enabled repositories by setting 'Manage individual packages' to enabled.

Software-installer.png

Set date and time

Accessing this section allows you to set the system date and time either manually or using a network time server. Pull-down menus for month and time zone ensure accurate entry. The server manager will reset the time automatically during daylight savings time. There are worldwide time zones with multiple selections for countries with multiple time zones. (including standard time zones, states/provinces and even cities). This ensures that regional variations in time zones and daylight savings time are accurately reflected.

Date.png

Instead of setting the time manually, you can use a network time server. A time server is a device on the Internet that keeps accurate time and is able to communicate the time to other computers over the Internet using the Network Time Protocol (NTP) . Many organizations around the world provide Internet time servers for free.


Warning.png Warning:
After you start using a network time server, you should NOT set the time or date manually. If you do so, the network time synchronization will no longer function.


This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server. To do this, simply check the box for "Enable NTP Service", add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". Using a time server is optional but doing so can greatly increase the accuracy of your system. For more information about using or becoming a network time server, visit http://www.pool.ntp.org


Information.png Tip:
In order to make sure the network time server is set to your timezone, you should go through this screen once and manually set the time to be correct and with the correct timezone. After doing that, go back to this panel and set the server to use a network time server.


Workgroup

If you are using a computer on a local network and you wish to access the server via Windows file sharing, it is important that you are logged onto the same workgroup as your SME Server. This screen allows you to enter the name of the Windows workgroup the server should appear in. You should also enter the Windows server name. In order that you may later connect multiple locations using IPSEC VPNs, we suggest that you use a different name for each server. If you wish you can change the workgroup name to correspond with an existing workgroup.

Workgroup.png

Macintosh users need only enter a server name or accept the defaults.

Also in this section, you can specify whether the server should be the domain master for your Windows workgroup. Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master.


Warning.png Warning:
If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server, you should answer "no" as that other server will act as the domain master.


If you do configure your system to be the domain master, a special Windows share called NETLOGON is created with a DOS batch file called netlogon.bat. This batch file is executed by Windows clients that have been configured to "Logon to domain". The netlogon.bat file we provide by default does very little, but advanced users can, if they wish, modify this script to set environment variables for their clients or provide automatic drive mappings.

As the NETLOGON share is only writable by the "admin" user, you modify the netlogon.bat script by logging on to a Windows system as "admin", connecting to the share and then modifying the script using a Windows text editor. Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools. As the "admin" user, you will need to connect to the share or map a drive to it, by using the specific path:

\\servername\NETLOGON\

The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client.

Note: The Chapter 7 has a method for admin to edit the netlogon.bat file using the command line.

Directory

Your SME Server provides an easy mechanism for creating a company directory. Each time you create or delete an e-mail account, your directory will be automatically updated with the new information.

Directory.png

In this section of the server manager, you specify the default directory information for new accounts - the user's department, company, street address, city and phone number. Each time you create an e-mail account, the fields will contain the information entered here as the default. If you wish, you can change the information for each user.

At any time in the future, you can change the default information and have the new information apply to all new users or to all existing users as well. The field to do this is located near the bottom of the screen. Choosing "update with new defaults" is a convenient one-click method of revising your directory when, for example, your company has moved to a new address.

Printers

Your SME Server enables all users on your network to easily share a printer. The printer can be either locally attached to a parallel or USB port on your server or can be a network printer. All the server needs is some basic information: the printer name (which can be anything you want, as long as it starts with a lower-case letter and consists only of lower-case letters and numbers, with no spaces), a brief description (for example, "the printer down the hall") and the location of the printer - whether it's on the network or directly connected to your server through a parallel or USB port.

Printers.png

If you choose "Network printer", you will see an additional screen that will ask for the hostname or IP address and the network printer name. Enter that information where requested. For the network printer name, you can use the default setting, raw, unless you have some reason to do otherwise. (raw is the name used by most network printers for their main print queues.)


Important.png Note:
For maximum flexibility in making changes later, we suggest that you enter the hostname for a network printer here and enter the IP address of the printer through the Hostnames and addresses panel of the server manager. This allows you to have one central location listing IP addresses and allowing you to make changes. Note that many modern network printers can be configured automatically. To do so, enter their hostname, IP address and Ethernet address in the Hostnames and addresses panel.


Note also that the server printing system does not perform any filtering and passes the print requests directly from the client computers to the printer in the "raw" or "pass-through" machines. For this reason, the SME Server does not have a list of "supported printers". Most printers are supported as long as the appropriate driver is installed in the operating system on your client computers.

However, there are some newer printers that only have a Windows driver available and rely heavily on that operating system to perform their print functions. These printers cannot be used on the server. If you are concerned about whether your printer will work with your server, you can visit Red Hat's Hardware Compatibility List (http://hardware.redhat.com/hcl/) or explore the information found at LinuxPrinting.org.

As a final item, you should be aware that in order to use the printers available through your server a user must be logged in to their client system with a user name and password that is valid on the server. For instance, if a user is logged in as tturtle on their Windows desktop and that user account does not exist on the server, the user will not be able to print to the printers managed by the server. Either the user will have to logout and log back in as a valid user or the tturtle account will need to be created on the server.

Hostnames and addresses

When you installed your SME Server, you were asked to provide a name for your system. That name and several other "standard" names are automatically configured in your system's host table during the installation process. This host table is consulted as part of the name resolution process. The "Hostnames and address" web panel allows you to modify this table and specify different host "names" for each domain on your system, as well as to control how those names resolve both for systems on your local network and also for systems on the larger Internet.

For instance, when someone tries to connect to "www.mycompany.xxx", they will be taken to wherever "www" has been set to point to. As seen in the image below, this screen in the server manager allows you to view these default settings, and also to modify the configuration.

Hostnames.png

Modify Hostname

Using the Hostnames Panel Suppose, for example, your company's web site was hosted at some other location, such as on your ISP's web servers. If you wanted "www.mycompany.xxx" to point to your ISP's server, you would modify the entry here by clicking the "Modify..." link next to "www". The image below shows the screen in which you would perform the task:


Modify-hostname.png


You would first change the location to "Remote" and then enter the IP address or Fully Qualified Domain Name (FQDN) of your ISP's server in the field marked "IP Address or FQDN". See Bugzilla: 6297

Rename Server

If you were to rename a SME server (eg. myserver.mydomain.com) for any reason, you would go to the server console (logged in as admin) and choose configure the server and change the name and then reboot. However, the various parts of the server listed in server-manager (Hostnames and addresses) would still show the old name and would not be able to be deleted. See Bugzilla: 5953

To remove old entries:

db hosts delprop myserver.mydomain.com static

To check:

db hosts show

Creating New Hostnames

Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.

Note that if your system is configured with any virtual domains, you will have the choice of the domain in which you want to create the hostname. This allows you, for instance, to have "www.tofu-dog.com" pointing to one IP address and "www.mycompany.xxx" pointing to a completely separate IP address.

The hostnames you can create on this panel fall into three categories and are available from the drop box "Location":See Bugzilla: 6297

Self: Additional names for your server: For instance, you might want to set up "intranet.mycompany.xxx" to point to your server. All you do here is enter the hostname and, if appropriate, choose the domain for the hostname.

Remote: As mentioned in the example earlier, you might want to point a hostname such as "www" to a remote system. While "www" is created by default, you can create other names such as "home", "research", or any other appropriate name. In the form, you simply enter the hostname, choose the domain, and enter the remote IP address or FQDN. See Bugzilla: 6295

Local: This screen is a bit more complicated because you have more options. At a basic level, you can create a hostname in a domain that points to another computer on your local network. To do this, just type in the hostname and enter the IP address in the "Local IP" field. For instance, you might want "research" to point to a computer system inside your network.

Where this gets complicated is when you want "research.mycompany.xxx" to be accessible both inside and outside your local network. The challenge is that your local IP addresses are only accessible inside your network. For that reason, the target computer system will need to have two network interface cards - one connected to the internal network and one connected to the external network.


Important.png Note:
At this stage, one cannot create a Hostname under local using a FQDN. However, it is possible to point to a local machine entering the FQDN of this machine as "remote" if this FQDN is valid.


Reserving IP Addresses Through DHCP

Another task you can perform through this panel is to reserve an IP address for a given system based on its Ethernet address. For instance, you might have another intranet web server within your company that you want to always have the same IP address. One method of assigning that address is to manually configure the client machine to have a static IP address. The negative aspect of doing this is that if you later want to change the network settings for that machine, you must manually go and configure that machine. An example would be if one of your DNS servers changed its IP address. Additionally, you have to keep track somewhere of the fact that you have assigned a specific IP address to that machine.

Rather than configuring the machine manually, you can reserve an IP address from the DHCP server for that specific machine. This has the same result as manually configuring a static IP address, but offers two benefits. First, you have one location to keep track of all assigned static address. Second, through the DHCP server you will provide network settings. If you wish to change those settings, the change can be simply done on your server. All DHCP clients will then receive those updated changes when they renew their DHCP-provided addresses.

To reserve an IP address, you must first determine the Ethernet address of your client system. Windows NT/2000 users can type the command

ipconfig /all

Windows 95/98 users can run the command

winipcfg

Linux/UNIX users can type

ifconfig

Once you have determined the client's Ethernet address, click on the link to create a new hostname for a local host. Add the hostname of the target system, the Ethernet address along with the desired IP address into the web panel. From this point on specified IP address will only be provided to a client system with the matching Ethernet address.

Domains

When you create a domain using this section of the server manager, your SME Server will be able to receive e-mail and host a web site for that domain.

Domains.png

To create a domain, fill in the domain name and a description of the site. You then tell the server where to find the content for that domain - it can be the same as your primary web site, or you can create a new set of web pages and store them in one of your i-bays. Clicking the arrow in the "Content" field will show you a list of your current i-bays and allow you to make a selection. This feature allows you to host multiple web sites from a single server. Be aware that you can point the domain to either the primary web site or to one of the i-bays . You cannot point a domain to a subdirectory that you simply create inside of the primary web site file area. You need to use an i-bay instead.


Important.png Note:
When you are entering the name for the domain, you should supply the fully-qualified domain name . This is the full name of the domain, including any extensions like ".com", but without any prefixes like "www" or "ftp". For instance, you can create a virtual domain by entering "tofu-bird.com", but not by entering "tofu-bird" or "www.tofu-bird.com".


Public DNS Records

Once you have created a domain, your server will be automatically configured to answer to web requests for www.domainname.xxx and will accept e-mail for your virtual domain as well.

In most cases the DNS for the server is not handled by the server but by some Internet DNS servers. So, the default is to pass DNS requests for anything but the primary domain to the Internet DNS servers.

The primary domain is resolved locally as we generate (fairly) complete DNS records for that domain, including all local hostnames.

The new settings are there to allow for various configurations:

  • Simple setup where the SME Server is a gateway, but DNS is handled by Internet DNS servers
  • Moderately complex setup where the SME Server DNS should take preference over the Internet DNS records. You need to be careful here as the external world view will not match the internal world view. That's why it is not the default.
  • Complex setup where some domains are handled by internal/corporate DNS servers and we want to choose those in preference to the Internet DNS servers. This is a conscious decision to run a split-horizon/internal fake root where the Internet and Intranet have different DNS records.

If you set a domain to "Resolve locally", the only DNS records seen will be the ones entered on the SME Server. However, since you need to set up the Internet DNS servers with the correct information anyway, why duplicate the work to enter it locally?

Note that in all cases the server will act as a DNS cache/proxy/forwarder and so all domains will actually _technically_ be "resolve locally", but the dns cache will forward them to the chosen DNS servers.


Warning.png Warning:
While the server is prepared to offer web and e-mail services for this domain, there is one more step that must occur. In order for users on the Internet to successfully connect to your machine using the domain, you will need to work with your ISP or whoever controls the DNS entries for your domain to have the appropriate DNS entries pointed to the IP address of your server. For instance, your ISP will need to configure an MX record for the domain in order for you to receive inbound e-mail to that domain.

See Appendix B. DNS for more information.


E-mail

As shown below, this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail.

There is a comprehensive email howto with alternative and advanced suggestions.

Email.png

E-mail Access

Email-access.png

  • POP and IMAP server access: The options are "Private" and "Secure Public". The former allows access only from your local network. The latter allows access from anywhere on the Internet.
  • Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. More information can be found in the Chapter on Webmail.
E-mail Filtering

Extra types of email attachments can be blocked with the instructions at Virus_blocking_tutorial

Email-filtering-1.png

Email-filtering-2.png

E-mail Retrieval

Email-reception-1.png

Email-reception-2.png

Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider:

  • If you have a dedicated connection, set E-mail retrieval mode to "Standard". The secondary mail server setting does not operate in this mode and any attempt to set one will not be accepted. See ETRN or multidrop for use of secondary mail server.
  • If you arranged "ETRN" support with your ISP, choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet.
  • If you arranged "multidrop" mail service from your ISP, choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. Further down the screen, you will need to specify the user account and password assigned by your ISP for this POP mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.)

If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network.


Important.png Note:
Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering)


If you intend to have an external mail server handle mail for your domain, just send the mail directly to that mail server, via the MX record for your domain.

If you have a dialup connection, the server allows you to control how frequently it fetches e-mail from your ISP. This is particularly useful in situations where you incur phone or Internet charges each time your system contacts your ISP. The default settings are every 15 minutes during standard office hours and every hour outside normal office hours on weekdays or on weekends. The fields allow you to customize those settings.

Finally, if you have "multidrop" mail service you need to select the sort method used by the server to decide which user each message should be delivered to. Your server has a default method for this (it examines various headers such as "To" and "Resent-To") which works in most circumstances but is not suitable for certain purposes such as mailing list messages. Some ISPs add a header to each e-mail message which can help your server determine the correct recipient. If your ISP does not add a header to multidrop e-mail, select the "Default" sort method and ignore the "select sort header" field. If your ISP does add a header to multidrop e-mail, then select "Specify below" and enter the header tag provided by your ISP. Because you will experience problems with mailing-lists when using multi-drop e-mail, we strongly recommend that you work with your ISP to have a special header added to each message. The "Default" sort method should be only used as a last resort.

E-mail Delivery

This screen presents you with additional options for controlling how your system handles e-mail.

Email-delivery.png

  • Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here. Note, This option has been moved to the Collaboration > User > admin panel.


Important.png Note:
Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.


  • E-mail to unknown users: This field allows you to choose whether incoming messages to unknown users are bounced back to the sender or forwarded to the system administrator. Some users prefer the latter setting because it allows them to catch and reroute e-mail that was incorrectly addressed.


Important.png Note:
If you choose to have messages forwarded to the system administrator, they will be sent to either "admin" or the e-mail address specified in the forwarding address field mentioned above.


  • Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here.

In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet.

Antivirus (ClamAV)

Default for SME8 is Sunday morning. With SME8.1 ISO (or as soon as smeserver-clamav-2.2.0-13.sme is released) default will be Saturday morning.

When set to occur weekly Clamav weekly scan has been configured to run Saturday morning (typically between 00:00 to 01:00 local time). Users with large systems may wish to only schedule a weekly AV scan (taking place on Saturday morning) in order to avoid overlap with disk-check scheduled on Sunday morning. Bugzilla:7656

Review Configuration

This section of the server manager summarizes how your server is configured. This is the data that you entered during the installation process and possibly changed later through the server console or the server manager. As you can see from the screen below, this is essentially a report that you can print out for your records. You do not have the ability to make changes from this screen.

Review-config.png