Difference between revisions of "SME Server:Documentation:Technical Manual:Chapter3"

From SME Server
Jump to navigationJump to search
m
(replace with DB_Variables_Configuration)
 
(2 intermediate revisions by one other user not shown)
Line 1: Line 1:
==Chapter 3. Configuration Guide==
+
{{ :DB_Variables_Configuration }}
For more detailed information refer to the [[SME_Server:Documentation:Developers_Manual|Developers Manual]]
 
 
 
===db commands===
 
type db for usage
 
 
 
db
 
 
 
dbfiles are in /home/e-smith/db
 
 
 
To set a db property manually
 
 
db accounts show james
 
db accounts setprop james EmailForward local
 
 
 
More information about the internal configuration database of SME Server can be found in the [[http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/c382.htm SME Server Developer's Guide]].
 
 
 
===Actions and Events===
 
Actions and Events are used to apply configuration changes and most of them are fired through the panels of the server-manager. An event can consist of multiple actions.
 
 
 
To fire an event from the SME Server shell you simply type
 
 
 
  signal-event event-name
 
 
 
To reboot your server for instance you would type:
 
 
 
  signal-event reboot
 
 
 
More information about [[http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/c382.htm#AEN384 Actions]] and [[http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/x409.htm Events]] can be found in the [[http://mirror.contribs.org/smeserver/contribs/gordonr/devguide/html/c382.htm SME Server Developer's Guide]].
 
 
 
===Custom Templates===
 
Custom templates allow for site specific overrides of normal behaviour.
 
 
 
For example make a change to the firewall.
 
 
 
mkdir -p /etc/e-smith/templates-custom/etc/rc.d/init.d/masq
 
 
cp /etc/e-smith/templates/etc/rc.d/init.d/masq/35transproxy \
 
/etc/e-smith/templates-custom/etc/rc.d/init.d/masq/
 
 
nano -w nano -w /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/35transproxy
 
 
signal-event remoteaccess-update
 
 
 
Note, they are not to be used in contrib rpms, if a change is needed in the original fragment raise a bug
 
see http://forums.contribs.org/index.php?topic=35156.0
 

Latest revision as of 03:33, 15 June 2007

Is this article helpful to you?
Please consider donating or volunteering
Thank you!

Database variables

Important.png Note:
See following wiki pages for the syntax of access to the configuration database entries from the command line Access from the Command Line and a db command tutorial


SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME_Server:Documentation:Developers_Manual:Section2 to understand the template and database process.

These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted.

For example, suppose you need to increase "memory-limit" in php.

You would simply execute these commands at the server console:

db configuration setprop php MemoryLimit 64M
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart

The first line changes the value for the memory limit of PHP, the second line regenerates the configuration file and the last line will reload Apache (and subsequently also PHP as this is configured as a module of Apache).


Warning.png Warning:
Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a typo.


The database system is based on a flat file system, but you should never edit them directly. Instead you should use the db command. More details on using the database system can be found in the SME Server Developer's Guide.


Setting db variables to default values

Important.png Note:
Use of 'config' is a shorthand version for 'db configuration' and therefore only works with the configuration database


Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows:

config delprop <key> <prop>
/etc/e-smith/events/actions/initialize-default-databases

Delete a property value

To delete the property

db accounts delprop <key> <prop>

Reset a property value

To reset to an empty value

db accounts setprop <key> <prop> ''


Warning.png Warning:
Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a mistake.


Concept of the signal-event command

Due to the efforts of the developers, you can further simplify the commands using the signal-event proccess.

For full details see SME_Server:Documentation:Developers_Manual:Section2

Overview of database variables

The next section describes the standard variables defined on SME Server. Please update this list with new standard variables in future SME Server versions.

The tables below have three columns. The first is the variable, the second is the target variable (located in the final configuration file), and the third is the default value.

A lot of the variables can be set using the server-manager but some can not. For example the variable DomainMaster for samba is not important here, because this can be set through server-manager. On the other hand, the variable RecycleBin is important, because it is not accessible through the server-manager.

Configuration files may use database values from a single configuration key, or may use multiple keys. The latter is the case for the /etc/rc.d/init.d/masq configuration file. This file takes it values from multiple database keys such as squid and masq.

It is also possible that multiple configuration files use the same key. An example of this is the httpd-admin key. This key has a variable TCPPort which is used in multiple files (/etc/httpd/admin-conf/httpd.conf and /etc/services).


AppleTalk (atalk)

Usage

db configuration setprop atalk variable value
signal-event workgroup-update
Affected file: /etc/atalk/netatalk.conf
Variable Target Default
MaxClients AFPD_MAX_CLIENTS 20


Warning.png Warning:
The AppleTalk protocol has been removed from SME Server as of version 8.x


Backup

Usage

db configuration setprop backup variable value
signal-event conf-backup
Affected file: /etc/e-smith/events/post-backup/S90eject-tape
Variable Target Default
Device $device /dev/st0
Eject Logical operation no

Console Mode

Usage - Choose either login or auto DB variable.

config set ConsoleMode login
signal-event post-upgrade
signal-event reboot
Variable Target Default
ConsoleMode Console Setting login


Warning.png Warning:
This functionality has been deprecated as of SME Server 9.x


Clam AntiVirus (clamav)

clamav

Usage

db configuration setprop clamav variable value
signal-event clamav-update
Affected file: /etc/clamd.conf
Variable Target Default
ArchiveBlockEncrypted ArchiveBlockEncrypted no
ArchiveBlockMax ArchiveBlockMax no
ArchiveMaxCompressionRatio ArchiveMaxCompressionRatio 300
ArchiveMaxFiles ArchiveMaxFiles 1500
ArchiveMaxFileSize ArchiveMaxFileSize 15M
ArchiveMaxRecursion ArchiveMaxRecursion 8
Debug Debug no
DetectBrokenExecutables DetectBrokenExecutables no
FilesystemScanExclude FilesystemScanExclude /proc,/sys,/usr/share,/var
IdleTimeout IdleTimeout 60
LeaveTemporaryFiles LeaveTemporaryFiles no
LogClean LogClean yes
LogTime LogTime yes
LogVerbose LogVerbose yes
MaxConnectionQueueLength MaxConnectionQueueLength 30
MaxDirectoryRecursion MaxDirectoryRecursion 20
MaxThreads MaxThreads 20
ReadTimeout ReadTimeout 300
ScanArchive ScanArchive yes
ScanHTML ScanHTML yes
ScanMail ScanMail yes
ScanOLE2 ScanOLE2 yes
ScanPE ScanPE yes
SelfCheck SelfCheck 1800
StreamMaxLength StreamMaxLength 25M
Affected file: /etc/freshclam.conf
Variable Target Default
Checks Checks 24
DatabaseMirror DatabaseMirror db.local.clamav.net
DNSDatabaseInfo DNSDatabaseInfo current.cvd.clamav.net
LogVerbose LogVerbose yes
MaxAttempts MaxAttempts 6
clamd

Usage

db configuration setprop clamd variable value
signal-event clamav-update
Affected file: /var/service/clamd/env/MEMLIMIT
Variable Target Default
MemLimit MEMLIMIT 1400000000

DHCP daemon (dhcpd)

Usage

db configuration setprop dhcpd variable value
signal-event remoteaccess-update
Affected file: /etc/dhcpd.conf
Variable Target Default
Bootp bootp deny
startDynamicIPRange range
endDynamicIPRange range

Note: the end of the dynamic IP range will be set to the value of 'endDynamicIPRange' minus the value of pptpd:sessions.

DNS Cache Forwarder (dnscache / dnscache.forwarder)

Usage

db configuration setprop dnscache variable value
signal-event dns-update 

or for some settings

signal-event console-save
Affected files: /var/service/dnscache.forwarder/config, var/service/dnscache.forwarder/root/servers/@
Variable Target Default Options
CacheSize CACHESIZE 1000000 (SME9 10000000) Variable
DataLimit DATALIMIT 3000000 (SME9 12000000) Variable
Forwarder Forwarder not configured a.b.c.d - address of remote DNS server
Forwarder Forwarder2 not configured a.b.c.d - address of remote DNS server

TinyDNS

Usage

db configuration setprop tinydns variable value
signal-event dns-update
Affected file: /var/service/tinydns/env
Variable Target Default
ListenIP IP 127.0.0.1
DataLimit DATALIMIT 300000

FlexBackup

Usage

db configuration setprop flexbackup variable value
signal-event conf-backup
Affected file: /etc/flexbackup.conf
Variable Target Default
Blocksize $blksize 32
TapeBlocksize $mt_blksize 0
BufferProg $buffer buffer
BufferMegs $buffer_megs 20
erase_rewind_only $erase_rewind_only false
Type $type tar

Horde (webmail)

Usage

db configuration setprop horde variable value
expand-template /home/httpd/html/horde/conf.menu.apps.php
Affected file: /home/httpd/html/horde/conf.menu.aps.php
Variable Target Default
MenuArray MenuArray enabled
expand-template /home/httpd/html/horde/config/conf.php
Affected file: /home/httpd/html/horde/config/conf.php
Variable Target Default
Administration Administration disabled
expand-template /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
Affected file: /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
Variable Target Default
Name 'My Company' 'Horde Webmail'
expand-template /home/httpd/html/horde/turba/config/sources.php
Affected file: /home/httpd/html/horde/turba/config/sources.php
Variable Target Default
freebusy freebusy disabled
SharedAddressBooks SharedAddressBooks disabled

Apache server ibay specific (httpd-e-smith)

see PHP for specific php options for ibays, or see Webhosting contrib.

Usage

db accounts setprop ibayname variable value
signal-event ibay-modify ibayname
Affected file: /etc/httpd/conf/httpd.conf
Variable Target Default
AllowOverride AllowOverride None
FollowSymLinks FollowSymLinks disabled
Indexes Indexes enabled
PHPRegisterGlobals register_globals disabled
PHPBaseDir open_basedir /home/e-smith/files/ibays/ibayname
SSLv2 SSLProtocol disabled
SSL Force https access to ibay through Apache. disabled


  • these options are specific to SME Server 9 and are not backported to SME Server 8. See bugzilla:8239

Usage

db accounts setprop ibayname variable value
signal-event ibay-modify ibayname

Apache server-manager (httpd-admin)

Affected file: /etc/httpd/conf/httpd.conf
Variable Target Default
PermitPlainTextAccess no
ValidFrom ip/mask coma separated list

Usage

db configuration setprop httpd-admin variable value
signal-event remoteaccess-update
Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services
Variable Target Default
TCPPort TCPPort 980

IMAP (imap)

Usage

db configuration setprop imap variable value
signal-event email-update
Affected file: /var/service/imap/config
Variable Target Default
ConcurrencyLimit INSTANCES 2000
ConcurrencyLimitPerIP INSTANCES_PER_IP 12
ProcessMemoryLimit ulimitdata 128000000


Information.png Tip:
The notes on the concurrency limits noted under IMAPS also apply here. See below.


Important.png Note:
for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically


  • only for SME Server 9
Affected file: /var/service/imap/config
Variable Target Default
AllowPlainText if set to disabled, dovecot will still listen on port 143, but will only accept TLS connexions, even from the local networks enabled/disabled, default is enabled

IMAPS (imaps)

These properties apply to SME versions before 9.0 only. After 9.0, the imap properties are used to control imaps concurrency and memory limits.

Usage

db configuration setprop imaps variable value
signal-event email-update
Affected file: /var/service/imaps/config
Variable Target Default
ConcurrencyLimit INSTANCES 2000
ConcurrencyLimitPerIP INSTANCES_PER_IP 12
ProcessMemoryLimit ulimitdata 128000000
Important.png Note:
For sme9, only the key imap has properties ConcurrencyLimitPerIP, checkConcurrencyLimit, ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically. Look at /etc/dovecot/dovecot.conf for default values. ProcessMemoryLimit defaults to 256MB.


Information.png Tip:
You can see if you are running out of the number of available connections in your log file /var/log/dovecot/current (for sme8, it is /var/log/imap/current and /var/log/imaps/current) and look for messages like the log extract below where the ConcurrencyLimitPerIP was set to 12. A 13th connection was attempted and was denied.
@400000005396a2d215b40d9c imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=12): 
user=<stephane>,  method=PLAIN, rip=90.84.144.xxx, lip=192.168.xx.15, TLS


Information.png Tip:
Mobile devices have a tendency to frequently disconnect and connect from the network. When this disconnect happens, the sessions on the server are not always immediately cleaned up (they get cleaned up after a time out of some minutes). When the email client reconnects, they create new network connections and you get into the situation that these new connections get denied because of the concurrency limit. On the mobile device this may be noted as a "Unable to connect to server" message.


Information.png Tip:
Some email clients use a separate connection per imap folder, so the concurrency limits may occur for users that have many imap folders.


Dovecot

  • Only for SME Server 9

With smeserver-dovecot installed, 4 services in the configuration DB are used

imap and imaps are used to be backward compatible with e-smith-imap (and are used to control the TCPPort of the service, and if it's accessible from local network or from the internet)

dovecot is now the main service entry in the configuration DB. It's used to control various optional features of dovecot


Usage

db configuration setprop dovecot variable value
signal-event email-update
Affected file: /etc/dovecot/dovecot.conf
Variable Target Default
AdminIsMaster if enabled, the admin user will be a master user, and will be able to login as any user. To do so use user1*admin as login and the admin password to log as user1 enabled/disabled, default is disabled
FullTextIndexing will turn on or off the full text indexing. When this option is enabled, a first search in an IMAP folder will trigger indexation. Next searches will be much faster. Read this page before enabling this option enabled/disabled, default is disabled
LogActions will turn on or off extra logging (flag change, move, copy etc…). !! Warning !!: enabling this can generate a huge amount of logs enabled/disabled, default is disabled
Quotas will report the actual used space and the remaining one if the user has a quota limit enabled/disabled, default is enabled


Fetchmail

Various fetchmail settings for email collection

Usage

db configuration setprop fetchmail variable value
signal-event email-update

See the man page for more settings:

https://www.fetchmail.info/fetchmail-man.html

Affected file: /etc/fetchmail
Variable Target Default
Verbosity For debugging silent/verbose, default is silent
SSL Use SSL enabled/disabled, default is disabled
Protocol POP3 POP/Other, default is POP3
TCPPort Retrieved from smtpd default 25


IPTables firewall (masq)

Usage

db configuration setprop masq variable value
signal-event remoteaccess-update
Affected file: /etc/rc.d/init.d/masq
Variable Target Default
Logging Logging most
Stealth Stealth no


Information.png Tip:
Special case is TCPPort and UDPPort from any DB key.

Any Db key named "TCPPort" or "UDPPort" affect masq file.

Currently the following keys are included in masq:

TCPPort:

httpd-admin - sshd - smtpd - ssmtpd



Additional information on customizing iptables

Create a custom-named service definition in the configuration database.

db configuration set <servicename> service

Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.

db configuration setprop <servicename> TCPPort <portnumber>
db configuration setprop <servicename> TCPPorts <portnumbers>
db configuration setprop <servicename> UDPPort <portnumber>
db configuration setprop <servicename> UDPPorts <portnumbers>
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private|localhost
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24

Effectuate the changes you have made

signal-event remoteaccess-update
Affected file: /etc/rc.d/init.d/masq
Variable Target Default
TCPPort --proto tcp --dport <Ports> Pre-configured for default services; no default for custom services
TCPPorts --proto tcp --dports <Ports> No default for custom services; Ranges of ports are defined with a : not a -
UDPPort --proto udp --dport <Ports> Pre-configured for default services; no default for custom services
UDPPorts --proto udp --dports <Ports> No default for custom services; Ranges of ports are defined with a : not a -
status disabled AllowHosts is set to "" (an empty string) unless the status is 'enabled'
access private AllowHosts is set to "" (an empty string) unless access is 'public'
AllowHosts --src ..... --jump ACCEPT Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is enabled and public.
DenyHosts --src ..... --jump denylog Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq.

SpamAssassin

Usage

db configuration setprop spamassassin variable value
signal-event email-update
Affected file: /etc/mail/spamassassin/local.cf
Variable Target Default
DNSAvailable dns_available yes
OkLanguages ok_languages all
OkLocales ok_locales all
ReportSafe report_safe 0
Subject rewrite_header Subject [SPAM]
SkipRBLChecks skip_rbl_checks 0
TrustedNetworks trusted_networks 127.
UseAutoWhitelist use_auto_whitelist 0
UseBayes use_bayes 0
Sensitivity required_hits medium

Sometimes certain spamassassin update servers get corrupted or are not updated frequently. The list is available at: /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY

MySQL (mysqld)

Usage

db configuration setprop mysqld variable value
expand-template /etc/my.cnf
sv t /service/mysqld
Affected file: /etc/my.cnf
Variable Target Default
InnoDB InnoDB disabled
LocalNetworkingOnly LocalNetworkingOnly yes

Network Time Protocol (ntpd)

Usage

db configuration setprop ntpd variable value
signal-event timeserver-update
Affected file: /var/service/ntpd/env/MEMLIMIT
Variable Target Default
MemLimit MEMLIMIT 35000000
Affected file: /etc/ntp/step-tickers and /etc/ntp.conf
Variable Target Default
NTPServer server pool.ntp.org
SyncToHWClockSupported SyncToHWClockSupported yes
SupportLargeDrift

A new db key for ntpd: SupportLargeDrift. Default value is disabled, which doesn't change the current behaviour. bugzilla: 7979

If set to enabled, it will - add tinker panic 0 at the begening of the ntp.conf - remove the lines

server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10

With SupportLargeDrift enabled, the guest is able to resync the clock with the configured ntp server, even after resuming from a suspended state (tested with a ~10min drift, it took about 3 or 4 minutes for the guest to resync the clock after resuming).

db configuration setprop ntpd SupportLargeDrift enabled

Php

see PHP page for all the available options

Usage

db configuration setprop php variable value
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart
Affected file: /etc/php.ini
Variable Target Default
MaxExecutionTime max_execution_time 30
MemoryLimit memory_limit 32M
PostMaxSize post_max_size 20M
UploadMaxFilesize upload_max_filesize 10M
AllowUrlFopen allow_url_fopen Off
ExposePHP expose_php : Exposes to the world that PHP is installed on the server Off

Don't forget "M" unit because you get a lot of httpd errors and apache can't start!


Affected file: /etc/php-fpm.d/{ibays.conf,www.conf,custom.conf} and /etc/e-smith/templates/etc/httpd/conf/httpd.conf/
Variable Target Default
AllowUrlFopen AllowUrlfOpen disabled, set to enabled
MemoryLimit MemoryLimit disabled, set a M as unit, eg 64M
UpMaxFileSize UpMaxFileSize disabled, set a M as unit, eg 64M
PostMaxSize PostMaxSize disabled, set a M as unit, eg 64M
MaxExecTime MaxExecTime disabled, set time in second without units, eg 60 or unlimited

Virtual Private Network (VPN) (pptpd)

Usage

db configuration setprop pptpd variable value
signal-event remoteaccess-update
Affected file: /etc/ppp/options.pptpd
Variable Target Default
debug debug no
mtu mtu not set by default, add your value (1404) after mtu
mru mru not set by default, add your value (1404) after mru

-

Passive passive enabled
Interfaces Unknown not set by default
Affected file: /etc/pptpd.conf
Variable Target Default
debug debug no

Pro FTP (proftpd)

Usage

db configuration setprop ftp variable value
signal-event remoteaccess-update
Affected file: /etc/proftpd.conf
Variable Target Default
DisableAnonymous DisableAnonymous no

Qmail

You can set the maximum size of email to be sent

Usage expressed in bytes

db configuration setprop qmail MaxMessageSize 15000000
signal-event email-update
Affected file: /etc/proftpd.conf
Variable Target Default
MaxMessageSize The maximum email size for sending 15000000


Qpsmptd

Important.png Note:
For KOOZALI SME 10 server, qpsmtpd replaces smtpd.


Work in progress !!

Usage

config show qpsmtpd
config setprop qpsmtpd variable value
signal-event email-update
Affected file: .conf
Variable Target Default
Authentication Authentication enabled
Bcc Bcc disabled
BccMode BccMode cc
BccUser BccUser maillog
DKIMSigning DKIMSigning enabled
DNSBL DNSBL disabled
Instances Instances 40
InstancesPerIP InstancesPerIP 5
LogLevel LogLevel 6
MaxScannerSize MaxScannerSize 25000000
MaximumDateOffset MaximumDateOffset 0
PatternScan PatternScan disabled
Proxy Proxy blocked
RBLList RBLList bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
RHSBL RHSBL disabled
RelayRequiresAuth RelayRequiresAuth enabled
SBLList SBLList multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
TCPPort TCPPort 25
TCPProxyPort TCPProxyPort 25
TlsBeforeAuth TlsBeforeAuth 1
UBLList UBLList multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
URIBL URIBL disabled
VirusScan VirusScan enabled
access access public
qplogsumm qplogsumm disabled
status status enabled
tnef2mime tnef2mime enabled

Samba global settings (smbd)

Usage

db configuration setprop smb variable value
signal-event ibay-modify 
Affected file: /etc/samba/smb.conf
Variable Target Default
RecycleBin recycle disabled
ShadowCopy shadow_copy disabled
DeadTime deadtime 10080
DisplayCharSet display charset ISO8859-1
DosCharSet dos charset 850
LogonDrive logon drive Z
OpLocks oplocks enabled
OsLevel os level 65
ServerString server string SME Server
SMBPorts smb ports 139
UnixCharSet unix charset UTF8
UseClientDriver use client driver yes
LogLevel log level 1

Samba per i-bay settings (smbd)

Usage

db accounts setprop ibay_name variable value
signal-event ibay-modify 
Affected file: /etc/samba/smb.conf
Variable Target Default
Browseable browseable enabled
OpLocks oplocks enabled
RecycleBin recycle disabled
VetoOplockFiles veto oplock files (not set)
Audit full_audit disabled
KeepVersions If RecycleBin is enabled in smbd, then you can keep version of recycle bin disabled, set it to enabled
ShadowCopy If Shadowcopy is enabled in the smbd, then you can turn off per ibay enabled, set it to disabled
cscPolicy set the csc policy (manual, documents, programs, disable) (not set)

Squid Proxy (squid)

Usage

db configuration setprop squid variable value
signal-event proxy-update
Affected file: /etc/squid/squid.conf
Variable Target Default
SSLPorts Configure additional https ports (use single port or multiple ports separated by coma (,) no default value (443 and 563 are hard coded)
SafePorts acl Safe_ports port 80
EnforceSafePorts EnforceSafePorts no

How to configure additional https ports

  • only one port
 config setprop squid SSLPorts 2083
 signal-event proxy-update
  • several ports
 config setprop squid SSLPorts 2083,569,1,568,965
 signal-event proxy-update
  • remove ports
config setprop squid SSLPorts ""
signal-event proxy-update
Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq
Variable Target Default
Transparent Transparent yes
Affected file: /etc/rc.d/init.d/masq
Variable Target Default
TransparentPort TransparentPort 3128

Alternate Usage for Configuration of an Up-Stream Proxy Server

db configuration set squid-parent-variable value
signal-event proxy-update
Affected file: /etc/squid/squid.conf
squid-parent-variable Target Default
SquidParent name-or-ip-of-upstream-proxy-server (none)
SquidParentPort port-number-used-by-upstream-proxy-server (none)

(un-do using 'db configuration delete SquidParent', 'signal-event proxy-update')

SSH (sshd)

Usage

db configuration setprop sshd variable value
signal-event remoteaccess-update
Affected file: /etc/ssh/sshd_config
Variable Target Default
TCPPort Port 22
Protocol Protocol 2
UsePAM UsePAM no
MaxAuthTries MaxAuthTries 2
MaxStartups MaxStartups 10:30:60
MotdStatus MotdStatus (display or not the motd) enabled
PasswordAuthentication PasswordAuthentication no
PermitRootLogin PermitRootLogin no
AllowHosts AllowHosts IP address(es) list


Important.png Note:
Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu.

To configure AllowHosts: IP address(es) list is a single IP or a comma separated list of IP addresses and/or netmasks (e.g. 16.17.18.19,203.14.64.0/24). Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.


Autoblock_ssh

see AutoBlock#Public_SSH_Acess

Affected file: /etc/ssh/sshd_config
Variable Target Default
AutoBlockTime AutoBlockTime 900
AutoBlockTries AutoBlockTries 4
AutoBlock AutoBlock enabled for sme9/disabled for sme8

smtpd

Warning.png Warning:
OBSOLETE. smtpd has been deprecated in sme10. now the variable is qpsmtpd.


Usage

config setprop smtpd variable value
signal-event email-update
Affected file: /var/service/qpsmtpd/runenv
bugzilla:7846: Changes to Instances or InstancesPerIP require a restart of qpsmtpd:
expand-template /var/service/qpsmtpd/runenv && sv t /service/qpsmtpd /service/sqpsmtpd
Variable Target Default
Instances Total smtp Instances 40
InstancesPerIP smtp-Instances-Per-IP 5


Affected file: /var/service/qpsmtpd/config/smtpgreeting
Variable Target Default
Greeting Hostname portion of the greeting provided by your server to inbound SMTP connections $SystemName.$DomainName


Affected file: /var/qmail/control/helohost
Variable Target Default
HeloHost SMTP Helo / Ehlo value provided by your server when connecting to external SMTP servers to send email $DomainName

yum

Usage

config setprop yum variable value
signal-event yum-modify
Affected file: /etc/yum.conf
Variable Target Default
AutoInstallUpdates Install updates automatically? disabled
check4updates Frequency of Update Checking daily(default but monthly or weekly available) daily
EnableGroups Enable Groups 0
GPGCheck Check GPG signature for repositories 0
PackageFunctions Display individual packages in 'Software Installer' disabled
RandomDelay Random Delay 120
status Yum's status enabled
RestrictRepo Repo names whose contents should be excluded from 'Available Packages' in the 'Software Installer' none
RestrictRPM All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' none
DeltaRpmProcess Only changes between the installed package and the new one are downloaded. Once the delta rpm loaded, a rebuilding process is started only SME10 see bugzilla:8834) disabled (by default)/enabled
DownloadOnlyHour XX (0-23) Set the time when to download rpm updates by yum (only sme10 see [bugzilla:1502]]) default is 04 AM if no property

See also 'db yum_repositories' All available repositories

Usage

db yum_repositories setprop RepositoryName variable value
signal-event yum-modify
Affected file: /etc/yum.smerepos.d/sme-base.repo
Variable Target Default
EnableGroups Enable groupinstall with yum Yes(default)/no
GPGCheck Enable the rpm verification by GPG of the repository signature Yes(default)/no
MirrorList It is the base url where the repository can be found no default value
status Enable the repository in yum, all updates will be installed if enabled disabled/enabled
Visible The repository can be selected from 'Enabled repositories' in the 'Software Installer' in order to be Enabled by Yum if set to yes no
IncludePkgs 'rpm1,rpm2,rpm3' Only rpms mentioned here will be available for installation or upgrade.
Exclude 'rpm1,rpm2,rpm3' rpms mentioned here will be excluded by yum
DeltaRpmPercentage XX Defines the maximum ratio allowed between the delta rpm size and the package size on a per-repository basis: by default, delta rpms can’t be bigger than 75% of the size of the associated rpms, otherwise they are not used. Set to disabled if you don't want to use deltarpm for this repository (only SME10 see bugzilla:8834) default is '75' if no property

Miscellaneous Other DB Variables

Important.png Note:
This is meant to be an easy place to add db variable information if you don't have time to put it into the correct section(s) above. You can find most of the template fragments affected by a given db variable if you execute:
cd /etc/e-smith
fgrep -lR variable templ*/* | less

where variable is the name of the variable using correct capitalization

Note that any command listed here is to be executed on one line!


Command service(s) config file(s) notes
db domains setprop test.com MailServer a.b.c.d
or use FQDN in place of a.b.c.d
eg db domains setprop test.com MailServer aspmx.l.google.com
qpsmtpd; qmail; fetchmail /var/service/qpsmtpd/config/goodrcptto

/var/service/qpsmtpd/config/peers/local

/var/service/qpsmtpd/config/peers/

/var/service/qpsmtpd/plugins

/var/service/qmail/control/virtualdomains

/var/service/qmail/control/smtproutes

/etc/fetchmail

Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message.
config set SquidParent <hostname or IP> squid, diald /etc/diald.filter, /etc/squid/squid.conf Configure squid to peform all web downloads from the specified upstream proxy server
config set SquidParentPort <portnumber> squid /etc/squid/squid.conf Connect to the upstream proxy server using <portnumber>. Defaults to 3128 if 'SquidParentPort' is unspecified. Ignored if SquidParent is not set.
config delete SquidParent squid, diald /etc/squid/squid.conf, /etc/diald.filter Return squid to normal operation (no upstream proxy server)
db accounts setprop username Visible internal ; signal-event email-update n/a n/a Make an email address invisible from outside? (see http://forums.contribs.org/index.php?topic=36302.0)
db accounts setprop pseudonym Visible internal ; signal-event email-update n/a n/a Make an pseudonym email address invisible from outside
db <database> delprop key property ; /etc/e-smith/events/actions/initialize-default-databases various various Restore the developers' default value for property
db <database> delete key ; /etc/e-smith/events/actions/initialize-default-databases various various Restore the developers' default value for each property belonging to the key key
config set AdminIsNotRoot enabled n/a n/a In server-manager panel, changing admin password no more change root password. root password is managed through passwd shell command and admin and root passwords can be distinct passwords.
config setprop smtp-auth-proxy PeerPort xxx; signal-event email-update smtp-auth-proxy none - the smtp-auth-proxy executable (//usr/local/sbin/smtp-auth-proxy.pl) reads the config database directly. Used to change the port number used to connect to the upstream mail server ("SMTPSmartHost" or "Address of Internet provider's mail server"). Defaults to port 25 if PeerPort is not set; uses SSL if port 465 is selected.
db configuration setprop qpsmtpd tlsCipher XXX; signal-event email-update qpsmtpd /var/service/qpsmtpd/config/tls_ciphers By default qpsmtpd only accepts the stronger SSL 3.0 or TLS 1.0 protocols for securing SMTPS connections. If needed, one can set qpsmtpd to also allow the weaker SSL 2.0 protocol. For XXX one can use:

'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM' (SSLv2/SSLv3/TLSv1)
'HIGH:!SSLv2' (=Default: only allow stronger SSLv3/TLSv1 protocols)

Note: don't forget to use the quotes!!
config setprop pppoe Mlimit <value> pppoe /service/wan/run.pppoe.conf notes. - <value> cannot be set below 100000000 - <value> can be set above 100000000.

If pppoe Mlimit is set to a value below the MIN_MEMORY_LIMIT, currently 100000000, this lower value will not be accepted and Mlimit will be set to the default value (100000000).

command service(s) config file(s) notes. Copy this block when adding new entries to this table.

Port Forwarding

Server manager will create two databases, one for TCP and one for UDP

db portforward_tcp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port}

db portforward_udp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port}

Apply with:

signal-event portforwarding-update

Variable Target Default
port Incoming Port for Forwarding none
DestPort Destination Target Port port
DestHost Destination Host IP none
AllowHosts Allowed Hosts 0.0.0.0/0
DenyHosts Denied Hosts 0.0.0.0/0
Comment Notes for this rule none