Difference between revisions of "DB Variables Configuration"
RayMitchell (talk | contribs) m (corrected mispelling) |
(config setprop setings) |
||
(145 intermediate revisions by 23 users not shown) | |||
Line 1: | Line 1: | ||
+ | {{usefulnote}} | ||
== Database variables == | == Database variables == | ||
− | SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the [ | + | {{Note box|See following wiki pages for the syntax of access to the configuration database entries from the command line [http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual:Section2#Access_from_the_command_line Access from the Command Line] and a [http://wiki.contribs.org/Db_command_tutorial db command tutorial]}} |
+ | |||
+ | SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the [[SME_Server:Documentation:Developers_Manual:Section2]] to understand the template and database process. | ||
These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted. | These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted. | ||
Line 20: | Line 23: | ||
=== Setting db variables to default values === | === Setting db variables to default values === | ||
+ | {{Note box| Use of 'config' is a shorthand version for 'db configuration' and therefore only works with the configuration database}} | ||
+ | |||
Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows: | Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows: | ||
− | config delprop key prop | + | config delprop <key> <prop> |
/etc/e-smith/events/actions/initialize-default-databases | /etc/e-smith/events/actions/initialize-default-databases | ||
+ | ==== Delete a property value ==== | ||
+ | To delete the property | ||
+ | db accounts delprop <key> <prop> | ||
+ | |||
+ | ==== Reset a property value ==== | ||
+ | To reset to an empty value | ||
+ | db accounts setprop <key> <prop> <nowiki>''</nowiki> | ||
+ | |||
+ | {{Warning box|Database parameters are case sensitive so take great care when typing at the server shell because no error messages are given should you make a mistake.}} | ||
===Concept of the signal-event command=== | ===Concept of the signal-event command=== | ||
− | + | Due to the efforts of the developers, you can further simplify the commands using the signal-event proccess. | |
− | |||
− | |||
+ | For full details see [[SME_Server:Documentation:Developers_Manual:Section2]] | ||
=== Overview of database variables === | === Overview of database variables === | ||
Line 47: | Line 60: | ||
db configuration setprop atalk variable value | db configuration setprop atalk variable value | ||
signal-event workgroup-update | signal-event workgroup-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/atalk/netatalk.conf | |+Affected file: /etc/atalk/netatalk.conf | ||
!Variable | !Variable | ||
Line 58: | Line 71: | ||
|} | |} | ||
+ | {{Warning box|The AppleTalk protocol has been removed from SME Server as of version 8.x}} | ||
+ | |||
+ | ==== Backup ==== | ||
+ | ''Usage'' | ||
+ | db configuration setprop backup variable value | ||
+ | signal-event conf-backup | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/e-smith/events/post-backup/S90eject-tape | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |Device | ||
+ | |$device | ||
+ | |/dev/st0 | ||
+ | |- | ||
+ | |Eject | ||
+ | |''Logical operation'' | ||
+ | |no | ||
+ | |} | ||
==== Console Mode ==== | ==== Console Mode ==== | ||
Line 64: | Line 97: | ||
signal-event post-upgrade | signal-event post-upgrade | ||
signal-event reboot | signal-event reboot | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
!Variable | !Variable | ||
!Target | !Target | ||
Line 74: | Line 107: | ||
|} | |} | ||
+ | {{Warning box|This functionality has been deprecated as of SME Server 9.x}} | ||
==== Clam AntiVirus (clamav) ==== | ==== Clam AntiVirus (clamav) ==== | ||
+ | ===== clamav ===== | ||
+ | |||
''Usage'' | ''Usage'' | ||
db configuration setprop clamav variable value | db configuration setprop clamav variable value | ||
signal-event clamav-update | signal-event clamav-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/clamd.conf | |+Affected file: /etc/clamd.conf | ||
!Variable | !Variable | ||
Line 116: | Line 152: | ||
|DetectBrokenExecutables | |DetectBrokenExecutables | ||
|no | |no | ||
+ | |- | ||
+ | |FilesystemScanExclude | ||
+ | |FilesystemScanExclude | ||
+ | |/proc,/sys,/usr/share,/var | ||
|- | |- | ||
|IdleTimeout | |IdleTimeout | ||
Line 182: | Line 222: | ||
|} | |} | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
− | {| width="100%" | ||
|+Affected file: /etc/freshclam.conf | |+Affected file: /etc/freshclam.conf | ||
!Variable | !Variable | ||
Line 209: | Line 248: | ||
|6 | |6 | ||
|} | |} | ||
− | + | ===== clamd ===== | |
− | + | ''Usage'' | |
− | {| width="100%" | + | db configuration setprop clamd variable value |
+ | signal-event clamav-update | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
|+Affected file: /var/service/clamd/env/MEMLIMIT | |+Affected file: /var/service/clamd/env/MEMLIMIT | ||
!Variable | !Variable | ||
Line 219: | Line 260: | ||
|MemLimit | |MemLimit | ||
|MEMLIMIT | |MEMLIMIT | ||
− | | | + | |1400000000 |
|} | |} | ||
Line 226: | Line 267: | ||
db configuration setprop dhcpd variable value | db configuration setprop dhcpd variable value | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/dhcpd.conf | |+Affected file: /etc/dhcpd.conf | ||
!Variable | !Variable | ||
Line 235: | Line 276: | ||
|bootp | |bootp | ||
|deny | |deny | ||
+ | |- | ||
+ | |startDynamicIPRange | ||
+ | |range | ||
+ | | | ||
+ | |- | ||
+ | |endDynamicIPRange | ||
+ | |range | ||
+ | | | ||
+ | |- | ||
|} | |} | ||
+ | Note: the end of the dynamic IP range will be set to the value of 'endDynamicIPRange' ''minus'' the value of pptpd:sessions. | ||
− | + | ==== DNS Cache Forwarder (dnscache / dnscache.forwarder) ==== | |
− | ==== DNS Cache Forwarder (dnscache.forwarder) ==== | ||
''Usage'' | ''Usage'' | ||
db configuration setprop dnscache variable value | db configuration setprop dnscache variable value | ||
− | signal-event dns-update | + | signal-event dns-update |
− | {| width="100%" | + | or for some settings |
− | |+Affected | + | signal-event console-save |
+ | |||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected files: /var/service/dnscache.forwarder/config, var/service/dnscache.forwarder/root/servers/@ | ||
!Variable | !Variable | ||
!Target | !Target | ||
!Default | !Default | ||
+ | !Options | ||
|- | |- | ||
|CacheSize | |CacheSize | ||
|CACHESIZE | |CACHESIZE | ||
− | |1000000 | + | |1000000 (SME9 10000000) |
+ | |Variable | ||
|- | |- | ||
|DataLimit | |DataLimit | ||
|DATALIMIT | |DATALIMIT | ||
− | |3000000 | + | |3000000 (SME9 12000000) |
+ | |Variable | ||
+ | |- | ||
+ | |Forwarder | ||
+ | |Forwarder | ||
+ | |not configured | ||
+ | |a.b.c.d - address of remote DNS server | ||
+ | |- | ||
+ | |Forwarder | ||
+ | |Forwarder2 | ||
+ | |not configured | ||
+ | |a.b.c.d - address of remote DNS server | ||
|} | |} | ||
+ | ==== TinyDNS ==== | ||
+ | ''Usage'' | ||
+ | db configuration setprop tinydns variable value | ||
+ | signal-event dns-update | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /var/service/tinydns/env | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |ListenIP | ||
+ | |IP | ||
+ | |127.0.0.1 | ||
+ | |- | ||
+ | |DataLimit | ||
+ | |DATALIMIT | ||
+ | |300000 | ||
+ | |} | ||
==== FlexBackup ==== | ==== FlexBackup ==== | ||
Line 262: | Line 346: | ||
db configuration setprop flexbackup variable value | db configuration setprop flexbackup variable value | ||
signal-event conf-backup | signal-event conf-backup | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/flexbackup.conf | |+Affected file: /etc/flexbackup.conf | ||
!Variable | !Variable | ||
Line 292: | Line 376: | ||
|tar | |tar | ||
|} | |} | ||
− | |||
==== Horde (webmail) ==== | ==== Horde (webmail) ==== | ||
Line 298: | Line 381: | ||
db configuration setprop horde variable value | db configuration setprop horde variable value | ||
− | expand-template /home/httpd/html/horde/conf.menu. | + | expand-template /home/httpd/html/horde/conf.menu.apps.php |
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /home/httpd/html/horde/conf.menu.aps.php | |+Affected file: /home/httpd/html/horde/conf.menu.aps.php | ||
!Variable | !Variable | ||
Line 309: | Line 392: | ||
|enabled | |enabled | ||
|} | |} | ||
− | |||
expand-template /home/httpd/html/horde/config/conf.php | expand-template /home/httpd/html/horde/config/conf.php | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /home/httpd/html/horde/config/conf.php | |+Affected file: /home/httpd/html/horde/config/conf.php | ||
!Variable | !Variable | ||
Line 323: | Line 405: | ||
|} | |} | ||
+ | expand-template /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |Name | ||
+ | |'My Company' | ||
+ | |'Horde Webmail' | ||
+ | |} | ||
expand-template /home/httpd/html/horde/turba/config/sources.php | expand-template /home/httpd/html/horde/turba/config/sources.php | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /home/httpd/html/horde/turba/config/sources.php | |+Affected file: /home/httpd/html/horde/turba/config/sources.php | ||
!Variable | !Variable | ||
Line 340: | Line 433: | ||
|} | |} | ||
+ | ==== Apache server ibay specific (httpd-e-smith) ==== | ||
+ | see [[PHP]] for specific php options for ibays, or see [[Webhosting]] contrib. | ||
− | |||
''Usage'' | ''Usage'' | ||
db accounts setprop ibayname variable value | db accounts setprop ibayname variable value | ||
signal-event ibay-modify ibayname | signal-event ibay-modify ibayname | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/httpd/conf/httpd.conf | |+Affected file: /etc/httpd/conf/httpd.conf | ||
!Variable | !Variable | ||
Line 370: | Line 464: | ||
|open_basedir | |open_basedir | ||
|/home/e-smith/files/ibays/ibayname | |/home/e-smith/files/ibays/ibayname | ||
+ | |- | ||
+ | |SSLv2 | ||
+ | |SSLProtocol | ||
+ | |disabled | ||
+ | |- | ||
+ | |SSL | ||
+ | |Force https access to ibay through Apache. | ||
+ | |disabled | ||
|} | |} | ||
+ | <br /> | ||
+ | |||
+ | * these options are specific to SME Server 9 and are not backported to SME Server 8. See [[bugzilla:8239]] | ||
+ | ''Usage'' | ||
+ | db accounts setprop ibayname variable value | ||
+ | signal-event ibay-modify ibayname | ||
==== Apache server-manager (httpd-admin) ==== | ==== Apache server-manager (httpd-admin) ==== | ||
− | ''Usage'' | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
+ | |+Affected file: /etc/httpd/conf/httpd.conf | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |PermitPlainTextAccess | ||
+ | | | ||
+ | |no | ||
+ | |- | ||
+ | |ValidFrom | ||
+ | | | ||
+ | |ip/mask coma separated list | ||
+ | |}''Usage'' | ||
db configuration setprop httpd-admin variable value | db configuration setprop httpd-admin variable value | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services | |+Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services | ||
!Variable | !Variable | ||
Line 386: | Line 507: | ||
|980 | |980 | ||
|} | |} | ||
− | |||
==== IMAP (imap) ==== | ==== IMAP (imap) ==== | ||
Line 392: | Line 512: | ||
db configuration setprop imap variable value | db configuration setprop imap variable value | ||
signal-event email-update | signal-event email-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /var/service/imap/config | |+Affected file: /var/service/imap/config | ||
!Variable | !Variable | ||
Line 411: | Line 531: | ||
|} | |} | ||
+ | {{Tip box|The notes on the concurrency limits noted under IMAPS also apply here. See below.}} | ||
+ | {{Note box| for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically}} | ||
+ | * only for SME Server 9 | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /var/service/imap/config | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |AllowPlainText | ||
+ | |if set to disabled, dovecot will still listen on port 143, but will only accept TLS connexions, even from the local networks | ||
+ | |enabled/disabled, default is enabled | ||
+ | |} | ||
==== IMAPS (imaps) ==== | ==== IMAPS (imaps) ==== | ||
+ | |||
+ | These properties apply to SME versions before 9.0 only. After 9.0, the imap properties are used to control imaps concurrency and memory limits. | ||
+ | |||
''Usage'' | ''Usage'' | ||
db configuration setprop imaps variable value | db configuration setprop imaps variable value | ||
signal-event email-update | signal-event email-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /var/service/imaps/config | |+Affected file: /var/service/imaps/config | ||
!Variable | !Variable | ||
Line 433: | Line 569: | ||
|ulimitdata | |ulimitdata | ||
|128000000 | |128000000 | ||
+ | |} | ||
+ | {{Note box| For sme9, only the key imap has properties ConcurrencyLimitPerIP, checkConcurrencyLimit, ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically. Look at /etc/dovecot/dovecot.conf for default values. ProcessMemoryLimit defaults to 256MB. | ||
+ | }} | ||
+ | {{Tip box|msg=You can see if you are running out of the number of available connections in your log file /var/log/dovecot/current (for sme8, it is /var/log/imap/current and /var/log/imaps/current) and look for messages like the log extract below where the ConcurrencyLimitPerIP was set to 12. A 13th connection was attempted and was denied. | ||
+ | |||
+ | @400000005396a2d215b40d9c imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=12): | ||
+ | user=<stephane>, method=PLAIN, rip=90.84.144.xxx, lip=192.168.xx.15, TLS | ||
+ | |||
+ | }} | ||
+ | {{Tip box|Mobile devices have a tendency to frequently disconnect and connect from the network. When this disconnect happens, the sessions on the server are not always immediately cleaned up (they get cleaned up after a time out of some minutes). When the email client reconnects, they create new network connections and you get into the situation that these new connections get denied because of the concurrency limit. On the mobile device this may be noted as a "Unable to connect to server" message. | ||
+ | }} | ||
+ | {{Tip box|Some email clients use a separate connection per imap folder, so the concurrency limits may occur for users that have many imap folders. | ||
+ | }} | ||
+ | |||
+ | ==== Dovecot ==== | ||
+ | * Only for SME Server 9 | ||
+ | With smeserver-dovecot installed, 4 services in the configuration DB are used<br /> | ||
+ | |||
+ | imap and imaps are used to be backward compatible with e-smith-imap (and are used to control the TCPPort of the service, and if it's accessible from local network or from the internet)<br /> | ||
+ | |||
+ | dovecot is now the main service entry in the configuration DB. It's used to control various optional features of dovecot | ||
+ | |||
+ | |||
+ | ''Usage'' | ||
+ | db configuration setprop dovecot variable value | ||
+ | signal-event email-update | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/dovecot/dovecot.conf | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |AdminIsMaster | ||
+ | | if enabled, the admin user will be a [http://wiki2.dovecot.org/Authentication/MasterUsers master user], and will be able to login as any user. To do so use user1*admin as login and the admin password to log as user1 | ||
+ | |enabled/disabled, default is disabled | ||
+ | |- | ||
+ | |FullTextIndexing | ||
+ | |will turn on or off the full text indexing. When this option is enabled, a first search in an IMAP folder will trigger indexation. Next searches will be much faster. Read [http://wiki2.dovecot.org/Plugins/FTS/Squat this page] before enabling this option | ||
+ | |enabled/disabled, default is disabled | ||
+ | |- | ||
+ | |LogActions | ||
+ | |will turn on or off extra logging (flag change, move, copy etc…). !! Warning !!: enabling this can generate a huge amount of logs | ||
+ | |enabled/disabled, default is disabled | ||
+ | |- | ||
+ | |Quotas | ||
+ | |will report the actual [http://wiki2.dovecot.org/Quota/FS used space and the remaining one if the user has a quota limit] | ||
+ | |enabled/disabled, default is enabled | ||
+ | |} | ||
+ | |||
+ | |||
+ | ==== Fetchmail ==== | ||
+ | Various fetchmail settings for email collection | ||
+ | |||
+ | ''Usage'' | ||
+ | db configuration setprop fetchmail variable value | ||
+ | signal-event email-update | ||
+ | |||
+ | See the man page for more settings: | ||
+ | |||
+ | https://www.fetchmail.info/fetchmail-man.html | ||
+ | |||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/fetchmail | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |Verbosity | ||
+ | | For debugging | ||
+ | |silent/verbose, default is silent | ||
+ | |- | ||
+ | |SSL | ||
+ | |Use SSL | ||
+ | |enabled/disabled, default is disabled | ||
+ | |- | ||
+ | |Protocol | ||
+ | |POP3 | ||
+ | |POP/Other, default is POP3 | ||
+ | |- | ||
+ | |TCPPort | ||
+ | |Retrieved from smtpd | ||
+ | |default 25 | ||
|} | |} | ||
Line 440: | Line 658: | ||
db configuration setprop masq variable value | db configuration setprop masq variable value | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/rc.d/init.d/masq | |+Affected file: /etc/rc.d/init.d/masq | ||
!Variable | !Variable | ||
Line 454: | Line 672: | ||
|no | |no | ||
|} | |} | ||
− | |||
{{Tip box|Special case is TCPPort and UDPPort from any DB key. | {{Tip box|Special case is TCPPort and UDPPort from any DB key. | ||
Line 480: | Line 697: | ||
db configuration setprop <servicename> UDPPorts <portnumbers> | db configuration setprop <servicename> UDPPorts <portnumbers> | ||
db configuration setprop <servicename> status enabled|disabled | db configuration setprop <servicename> status enabled|disabled | ||
− | db configuration setprop <servicename> access public|private | + | db configuration setprop <servicename> access public|private|localhost |
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 | db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 | ||
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24 | db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24 | ||
Line 487: | Line 704: | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
− | {| width="100%" | ||
|+Affected file: /etc/rc.d/init.d/masq | |+Affected file: /etc/rc.d/init.d/masq | ||
!Variable | !Variable | ||
Line 511: | Line 727: | ||
|- | |- | ||
|status | |status | ||
− | |enabled | disabled | + | | enabled | disabled |
|AllowHosts is set to "" (an empty string) unless the status is 'enabled' | |AllowHosts is set to "" (an empty string) unless the status is 'enabled' | ||
|- | |- | ||
|access | |access | ||
− | |public | private | + | | public | private |
|AllowHosts is set to "" (an empty string) unless access is 'public' | |AllowHosts is set to "" (an empty string) unless access is 'public' | ||
|- | |- | ||
Line 527: | Line 743: | ||
|} | |} | ||
− | ==== | + | ==== SpamAssassin ==== |
''Usage'' | ''Usage'' | ||
db configuration setprop spamassassin variable value | db configuration setprop spamassassin variable value | ||
signal-event email-update | signal-event email-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/mail/spamassassin/local.cf | |+Affected file: /etc/mail/spamassassin/local.cf | ||
!Variable | !Variable | ||
Line 578: | Line 794: | ||
|} | |} | ||
+ | Sometimes certain spamassassin update servers [http://bugs.contribs.org/show_bug.cgi?id=7116 get corrupted or are not updated frequently]. | ||
+ | The list is available at: | ||
+ | '''/var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY''' | ||
==== MySQL (mysqld) ==== | ==== MySQL (mysqld) ==== | ||
Line 584: | Line 803: | ||
expand-template /etc/my.cnf | expand-template /etc/my.cnf | ||
sv t /service/mysqld | sv t /service/mysqld | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/my.cnf | |+Affected file: /etc/my.cnf | ||
!Variable | !Variable | ||
Line 603: | Line 822: | ||
db configuration setprop ntpd variable value | db configuration setprop ntpd variable value | ||
signal-event timeserver-update | signal-event timeserver-update | ||
− | {| width="100%" | + | |
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
|+Affected file: /var/service/ntpd/env/MEMLIMIT | |+Affected file: /var/service/ntpd/env/MEMLIMIT | ||
!Variable | !Variable | ||
Line 611: | Line 831: | ||
|MemLimit | |MemLimit | ||
|MEMLIMIT | |MEMLIMIT | ||
− | | | + | |35000000 |
|} | |} | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
− | {| width="100%" | ||
|+Affected file: /etc/ntp/step-tickers and /etc/ntp.conf | |+Affected file: /etc/ntp/step-tickers and /etc/ntp.conf | ||
!Variable | !Variable | ||
Line 630: | Line 849: | ||
|} | |} | ||
+ | =====SupportLargeDrift===== | ||
+ | A new db key for ntpd: SupportLargeDrift. | ||
+ | Default value is disabled, which doesn't change the current behaviour. [[bugzilla: 7979]] | ||
+ | |||
+ | If set to enabled, it will | ||
+ | - add tinker panic 0 at the begening of the ntp.conf | ||
+ | - remove the lines | ||
+ | server 127.127.1.0 # local clock | ||
+ | fudge 127.127.1.0 stratum 10 | ||
+ | |||
+ | With SupportLargeDrift enabled, the guest is able to resync the clock with the | ||
+ | configured ntp server, even after resuming from a suspended state (tested with | ||
+ | a ~10min drift, it took about 3 or 4 minutes for the guest to resync the clock | ||
+ | after resuming). | ||
+ | |||
+ | db configuration setprop ntpd SupportLargeDrift enabled | ||
==== Php ==== | ==== Php ==== | ||
+ | see [[PHP]] page for all the available options | ||
+ | |||
''Usage'' | ''Usage'' | ||
db configuration setprop php variable value | db configuration setprop php variable value | ||
expand-template /etc/php.ini | expand-template /etc/php.ini | ||
/etc/init.d/httpd-e-smith restart | /etc/init.d/httpd-e-smith restart | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/php.ini | |+Affected file: /etc/php.ini | ||
!Variable | !Variable | ||
Line 660: | Line 897: | ||
|AllowUrlFopen | |AllowUrlFopen | ||
|allow_url_fopen | |allow_url_fopen | ||
+ | |Off | ||
+ | |- | ||
+ | |ExposePHP | ||
+ | |expose_php : Exposes to the world that PHP is installed on the server | ||
|Off | |Off | ||
|} | |} | ||
''Don't forget "M" unit because you get a lot of httpd errors and apache can't start!'' | ''Don't forget "M" unit because you get a lot of httpd errors and apache can't start!'' | ||
+ | |||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/php-fpm.d/{ibays.conf,www.conf,custom.conf} and /etc/e-smith/templates/etc/httpd/conf/httpd.conf/ | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |AllowUrlFopen | ||
+ | |AllowUrlfOpen | ||
+ | |disabled, set to enabled | ||
+ | |- | ||
+ | |MemoryLimit | ||
+ | |MemoryLimit | ||
+ | |disabled, set a M as unit, eg 64M | ||
+ | |- | ||
+ | |UpMaxFileSize | ||
+ | |UpMaxFileSize | ||
+ | |disabled, set a M as unit, eg 64M | ||
+ | |- | ||
+ | |PostMaxSize | ||
+ | |PostMaxSize | ||
+ | |disabled, set a M as unit, eg 64M | ||
+ | |- | ||
+ | |MaxExecTime | ||
+ | |MaxExecTime | ||
+ | |disabled, set time in second without units, eg 60 or unlimited | ||
+ | |} | ||
==== Virtual Private Network (VPN) (pptpd) ==== | ==== Virtual Private Network (VPN) (pptpd) ==== | ||
Line 669: | Line 937: | ||
db configuration setprop pptpd variable value | db configuration setprop pptpd variable value | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/ppp/options.pptpd | |+Affected file: /etc/ppp/options.pptpd | ||
!Variable | !Variable | ||
Line 678: | Line 946: | ||
|debug | |debug | ||
|no | |no | ||
+ | |- | ||
+ | |mtu | ||
+ | |mtu | ||
+ | |not set by default, add your value (1404) after mtu | ||
+ | |- | ||
+ | |mru | ||
+ | |mru | ||
+ | |not set by default, add your value (1404) after mru | ||
+ | - | ||
|- | |- | ||
|Passive | |Passive | ||
|passive | |passive | ||
|enabled | |enabled | ||
+ | |- | ||
+ | |Interfaces | ||
+ | |Unknown | ||
+ | |not set by default | ||
|} | |} | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
− | {| width="100%" | ||
|+Affected file: /etc/pptpd.conf | |+Affected file: /etc/pptpd.conf | ||
!Variable | !Variable | ||
Line 695: | Line 975: | ||
|no | |no | ||
|} | |} | ||
− | |||
==== Pro FTP (proftpd) ==== | ==== Pro FTP (proftpd) ==== | ||
Line 701: | Line 980: | ||
db configuration setprop ftp variable value | db configuration setprop ftp variable value | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/proftpd.conf | |+Affected file: /etc/proftpd.conf | ||
!Variable | !Variable | ||
Line 711: | Line 990: | ||
|no | |no | ||
|} | |} | ||
+ | ==== Qmail ==== | ||
+ | You can set the maximum size of email to be sent<br /> | ||
+ | |||
+ | ''Usage'' | ||
+ | expressed in bytes | ||
+ | db configuration setprop qmail MaxMessageSize 15000000 | ||
+ | signal-event email-update | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/proftpd.conf | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |MaxMessageSize | ||
+ | |The maximum email size for sending | ||
+ | |15000000 | ||
+ | |} | ||
+ | |||
+ | |||
+ | ====Qpsmptd==== | ||
+ | {{Note box |For KOOZALI SME 10 server, qpsmtpd replaces smtpd.}} | ||
+ | |||
+ | Work in progress !! | ||
+ | |||
+ | ''Usage'' | ||
+ | config show qpsmtpd | ||
+ | config setprop qpsmtpd variable value | ||
+ | signal-event email-update | ||
+ | |||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: | ||
+ | .conf | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |Authentication | ||
+ | |Authentication | ||
+ | |enabled | ||
+ | |- | ||
+ | |Bcc | ||
+ | |Bcc | ||
+ | |disabled | ||
+ | |- | ||
+ | |BccMode | ||
+ | |BccMode | ||
+ | |cc | ||
+ | |- | ||
+ | |BccUser | ||
+ | |BccUser | ||
+ | |maillog | ||
+ | |- | ||
+ | |DKIMSigning | ||
+ | |DKIMSigning | ||
+ | |enabled | ||
+ | |- | ||
+ | |DNSBL | ||
+ | |DNSBL | ||
+ | |disabled | ||
+ | |- | ||
+ | |Instances | ||
+ | |Instances | ||
+ | |40 | ||
+ | |- | ||
+ | |InstancesPerIP | ||
+ | |InstancesPerIP | ||
+ | |5 | ||
+ | |- | ||
+ | |LogLevel | ||
+ | |LogLevel | ||
+ | |6 | ||
+ | |- | ||
+ | |MaxScannerSize | ||
+ | |MaxScannerSize | ||
+ | |25000000 | ||
+ | |- | ||
+ | |MaximumDateOffset | ||
+ | |MaximumDateOffset | ||
+ | |0 | ||
+ | |- | ||
+ | |PatternScan | ||
+ | |PatternScan | ||
+ | |disabled | ||
+ | |- | ||
+ | |Proxy | ||
+ | |Proxy | ||
+ | |blocked | ||
+ | |- | ||
+ | |RBLList | ||
+ | |RBLList | ||
+ | |bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org | ||
+ | |- | ||
+ | |RHSBL | ||
+ | |RHSBL | ||
+ | |disabled | ||
+ | |- | ||
+ | |RelayRequiresAuth | ||
+ | |RelayRequiresAuth | ||
+ | |enabled | ||
+ | |- | ||
+ | |SBLList | ||
+ | |SBLList | ||
+ | |multi.surbl.org,black.uribl.com,rhsbl.sorbs.net | ||
+ | |- | ||
+ | |TCPPort | ||
+ | |TCPPort | ||
+ | |25 | ||
+ | |- | ||
+ | |TCPProxyPort | ||
+ | |TCPProxyPort | ||
+ | |25 | ||
+ | |- | ||
+ | |TlsBeforeAuth | ||
+ | |TlsBeforeAuth | ||
+ | |1 | ||
+ | |- | ||
+ | |UBLList | ||
+ | |UBLList | ||
+ | |multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net | ||
+ | |- | ||
+ | |URIBL | ||
+ | |URIBL | ||
+ | |disabled | ||
+ | |- | ||
+ | |VirusScan | ||
+ | |VirusScan | ||
+ | |enabled | ||
+ | |- | ||
+ | |access | ||
+ | |access | ||
+ | |public | ||
+ | |- | ||
+ | |qplogsumm | ||
+ | |qplogsumm | ||
+ | |disabled | ||
+ | |- | ||
+ | |status | ||
+ | |status | ||
+ | |enabled | ||
+ | |- | ||
+ | |tnef2mime | ||
+ | |tnef2mime | ||
+ | |enabled | ||
+ | |- | ||
+ | | | ||
+ | | | ||
+ | | | ||
+ | |} | ||
==== Samba global settings (smbd) ==== | ==== Samba global settings (smbd) ==== | ||
Line 717: | Line 1,144: | ||
db configuration setprop smb variable value | db configuration setprop smb variable value | ||
signal-event ibay-modify | signal-event ibay-modify | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/samba/smb.conf | |+Affected file: /etc/samba/smb.conf | ||
!Variable | !Variable | ||
Line 770: | Line 1,197: | ||
|use client driver | |use client driver | ||
|yes | |yes | ||
+ | |- | ||
+ | |LogLevel | ||
+ | |log level | ||
+ | |1 | ||
|} | |} | ||
− | |||
==== Samba per i-bay settings (smbd) ==== | ==== Samba per i-bay settings (smbd) ==== | ||
Line 778: | Line 1,208: | ||
db accounts setprop ibay_name variable value | db accounts setprop ibay_name variable value | ||
signal-event ibay-modify | signal-event ibay-modify | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/samba/smb.conf | |+Affected file: /etc/samba/smb.conf | ||
!Variable | !Variable | ||
Line 784: | Line 1,214: | ||
!Default | !Default | ||
|- | |- | ||
− | | | + | |Browseable |
|browseable | |browseable | ||
|enabled | |enabled | ||
Line 798: | Line 1,228: | ||
|VetoOplockFiles | |VetoOplockFiles | ||
|veto oplock files | |veto oplock files | ||
+ | |(not set) | ||
+ | |- | ||
+ | |Audit | ||
+ | |full_audit | ||
+ | |disabled | ||
+ | |- | ||
+ | |KeepVersions | ||
+ | |If RecycleBin is enabled in smbd, then you can keep version of recycle bin | ||
+ | |disabled, set it to enabled | ||
+ | |- | ||
+ | |ShadowCopy | ||
+ | |If Shadowcopy is enabled in the smbd, then you can turn off per ibay | ||
+ | |enabled, set it to disabled | ||
+ | |- | ||
+ | |cscPolicy | ||
+ | |set the csc policy (manual, documents, programs, disable) | ||
|(not set) | |(not set) | ||
|} | |} | ||
Line 805: | Line 1,251: | ||
db configuration setprop squid variable value | db configuration setprop squid variable value | ||
signal-event proxy-update | signal-event proxy-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/squid/squid.conf | |+Affected file: /etc/squid/squid.conf | ||
!Variable | !Variable | ||
!Target | !Target | ||
!Default | !Default | ||
+ | |- | ||
+ | |SSLPorts | ||
+ | |Configure additional https ports (use single port or multiple ports separated by coma (,) | ||
+ | |no default value (443 and 563 are hard coded) | ||
|- | |- | ||
|SafePorts | |SafePorts | ||
Line 820: | Line 1,270: | ||
|} | |} | ||
+ | How to configure additional https ports | ||
+ | * only one port | ||
+ | config setprop squid SSLPorts 2083 | ||
+ | signal-event proxy-update | ||
+ | * several ports | ||
+ | config setprop squid SSLPorts 2083,569,1,568,965 | ||
+ | signal-event proxy-update | ||
+ | * remove ports | ||
+ | config setprop squid SSLPorts "" | ||
+ | signal-event proxy-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq | |+Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq | ||
!Variable | !Variable | ||
Line 832: | Line 1,292: | ||
|} | |} | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
− | {| width="100%" | ||
|+Affected file: /etc/rc.d/init.d/masq | |+Affected file: /etc/rc.d/init.d/masq | ||
!Variable | !Variable | ||
Line 843: | Line 1,302: | ||
|3128 | |3128 | ||
|} | |} | ||
− | |||
''Alternate Usage for Configuration of an Up-Stream Proxy Server'' | ''Alternate Usage for Configuration of an Up-Stream Proxy Server'' | ||
db configuration set squid-parent-variable value | db configuration set squid-parent-variable value | ||
signal-event proxy-update | signal-event proxy-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/squid/squid.conf | |+Affected file: /etc/squid/squid.conf | ||
!squid-parent-variable | !squid-parent-variable | ||
Line 862: | Line 1,320: | ||
|(none) | |(none) | ||
|}(un-do using 'db configuration delete SquidParent', 'signal-event proxy-update') | |}(un-do using 'db configuration delete SquidParent', 'signal-event proxy-update') | ||
− | |||
==== SSH (sshd) ==== | ==== SSH (sshd) ==== | ||
Line 868: | Line 1,325: | ||
db configuration setprop sshd variable value | db configuration setprop sshd variable value | ||
signal-event remoteaccess-update | signal-event remoteaccess-update | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/ssh/sshd_config | |+Affected file: /etc/ssh/sshd_config | ||
!Variable | !Variable | ||
Line 893: | Line 1,350: | ||
|MaxStartups | |MaxStartups | ||
|10:30:60 | |10:30:60 | ||
+ | |- | ||
+ | | MotdStatus | ||
+ | | MotdStatus (display or not the motd) | ||
+ | | enabled | ||
|- | |- | ||
|PasswordAuthentication | |PasswordAuthentication | ||
Line 906: | Line 1,367: | ||
|IP address(es) list | |IP address(es) list | ||
|} | |} | ||
− | |||
{{Note box|Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu. | {{Note box|Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu. | ||
Line 914: | Line 1,374: | ||
Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.}} | Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.}} | ||
+ | =====Autoblock_ssh===== | ||
+ | |||
+ | see [[AutoBlock#Public_SSH_Acess]] | ||
+ | |||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/ssh/sshd_config | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |AutoBlockTime | ||
+ | |AutoBlockTime | ||
+ | |900 | ||
+ | |- | ||
+ | |AutoBlockTries | ||
+ | |AutoBlockTries | ||
+ | |4 | ||
+ | |- | ||
+ | |AutoBlock | ||
+ | |AutoBlock | ||
+ | |enabled for sme9/disabled for sme8 | ||
+ | |} | ||
==== smtpd ==== | ==== smtpd ==== | ||
+ | {{Warning box| OBSOLETE. smtpd has been deprecated in sme10. now the variable is qpsmtpd.}} | ||
+ | |||
''Usage'' | ''Usage'' | ||
config setprop smtpd variable value | config setprop smtpd variable value | ||
signal-event email-update | signal-event email-update | ||
− | {| width="100%" | + | |
− | |+Affected file: /var/service/qpsmtpd/runenv | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
+ | |+Affected file: /var/service/qpsmtpd/runenv<br> | ||
+ | '''[[bugzilla:7846]]''': Changes to <code>'''Instances'''</code> or <code>'''InstancesPerIP'''</code> require a restart of qpsmtpd:<br> | ||
+ | <code>expand-template /var/service/qpsmtpd/runenv && sv t /service/qpsmtpd /service/sqpsmtpd</code> | ||
!Variable | !Variable | ||
!Target | !Target | ||
Line 934: | Line 1,421: | ||
|} | |} | ||
+ | <br /> | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |||
+ | |+Affected file: /var/service/qpsmtpd/config/smtpgreeting | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |Greeting | ||
+ | |Hostname portion of the greeting provided by your server to inbound SMTP connections | ||
+ | |$SystemName.$DomainName | ||
+ | |} | ||
+ | |||
+ | <br /> | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |||
+ | |+Affected file: /var/qmail/control/helohost | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |HeloHost | ||
+ | |SMTP Helo / Ehlo value provided by your server when connecting to external SMTP servers to send email | ||
+ | |$DomainName | ||
+ | |} | ||
==== yum ==== | ==== yum ==== | ||
Line 939: | Line 1,451: | ||
config setprop yum variable value | config setprop yum variable value | ||
signal-event yum-modify | signal-event yum-modify | ||
− | {| width="100%" | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" |
|+Affected file: /etc/yum.conf | |+Affected file: /etc/yum.conf | ||
!Variable | !Variable | ||
Line 948: | Line 1,460: | ||
|Install updates automatically? | |Install updates automatically? | ||
|disabled | |disabled | ||
+ | |- | ||
+ | |check4updates | ||
+ | |Frequency of Update Checking daily(default but monthly or weekly available) | ||
+ | |daily | ||
|- | |- | ||
|EnableGroups | |EnableGroups | ||
Line 976: | Line 1,492: | ||
|All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' | |All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' | ||
|none | |none | ||
+ | |- | ||
+ | |DeltaRpmProcess | ||
+ | | Only changes between the installed package and the new one are downloaded. Once the delta rpm loaded, a rebuilding process is started only SME10 see [[bugzilla:8834]]) | ||
+ | | disabled (by default)/enabled | ||
+ | |- | ||
+ | | DownloadOnlyHour XX (0-23) | ||
+ | | Set the time when to download rpm updates by yum (only sme10 see [bugzilla:1502]]) | ||
+ | | default is 04 AM if no property | ||
|} | |} | ||
− | See also 'db yum_repositories' | + | See also 'db yum_repositories' [http://wiki.contribs.org/Category:Yum_Repository All available repositories]<br /> |
+ | ''Usage'' | ||
+ | db yum_repositories setprop RepositoryName variable value | ||
+ | signal-event yum-modify | ||
+ | {| width="100%" cellspacing="0" cellpadding="5" border="1" | ||
+ | |+Affected file: /etc/yum.smerepos.d/sme-base.repo | ||
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |EnableGroups | ||
+ | |Enable groupinstall with yum | ||
+ | |Yes(default)/no | ||
+ | |- | ||
+ | |GPGCheck | ||
+ | |Enable the rpm verification by GPG of the repository signature | ||
+ | |Yes(default)/no | ||
+ | |- | ||
+ | |MirrorList | ||
+ | |It is the base url where the repository can be found | ||
+ | |no default value | ||
+ | |- | ||
+ | |status | ||
+ | |Enable the repository in yum, all updates will be installed if enabled | ||
+ | |disabled/enabled | ||
+ | |- | ||
+ | |Visible | ||
+ | |The repository can be selected from 'Enabled repositories' in the 'Software Installer' in order to be Enabled by Yum if set to yes | ||
+ | |no | ||
+ | |- | ||
+ | |IncludePkgs 'rpm1,rpm2,rpm3' | ||
+ | |Only rpms mentioned here will be available for installation or upgrade. | ||
+ | | | ||
+ | |- | ||
+ | |Exclude 'rpm1,rpm2,rpm3' | ||
+ | | rpms mentioned here will be excluded by yum | ||
+ | | | ||
+ | |- | ||
+ | |DeltaRpmPercentage XX | ||
+ | | Defines the maximum ratio allowed between the delta rpm size and the package size on a per-repository basis: by default, delta rpms can’t be bigger than 75% of the size of the associated rpms, otherwise they are not used. Set to disabled if you don't want to use deltarpm for this repository (only SME10 see [[bugzilla:8834]]) | ||
+ | | default is '75' if no property | ||
+ | |} | ||
==== Miscellaneous Other DB Variables ==== | ==== Miscellaneous Other DB Variables ==== | ||
Line 991: | Line 1,556: | ||
Note that any command listed here is to be executed on one line!}} | Note that any command listed here is to be executed on one line!}} | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
− | {| width="100%" | ||
!Command | !Command | ||
!service(s) | !service(s) | ||
Line 998: | Line 1,562: | ||
!notes | !notes | ||
|- | |- | ||
− | |db domains setprop test.com '''MailServer''' a.b.c.d | + | |db domains setprop test.com '''MailServer''' a.b.c.d <br>or use FQDN in place of a.b.c.d<br> eg db domains setprop test.com '''MailServer''' aspmx.l.google.com |
|qpsmtpd; qmail; fetchmail | |qpsmtpd; qmail; fetchmail | ||
− | |/var/service/qpsmtpd/config/goodrcptto | + | |/var/service/qpsmtpd/config/goodrcptto |
+ | |||
+ | /var/service/qpsmtpd/config/peers/local | ||
+ | |||
+ | /var/service/qpsmtpd/config/peers/ | ||
+ | |||
+ | /var/service/qpsmtpd/plugins | ||
+ | |||
+ | /var/service/qmail/control/virtualdomains | ||
+ | |||
+ | /var/service/qmail/control/smtproutes | ||
+ | |||
+ | /etc/fetchmail | ||
|Forward all email for the specified domain to the IP address ''a.b.c.d''. ''a.b.c.d'' can be either local or remote. By default, the recipient address will be verified as valid on ''a.b.c.d'' before SME accepts the inbound message. | |Forward all email for the specified domain to the IP address ''a.b.c.d''. ''a.b.c.d'' can be either local or remote. By default, the recipient address will be verified as valid on ''a.b.c.d'' before SME accepts the inbound message. | ||
|- | |- | ||
Line 1,037: | Line 1,613: | ||
|various | |various | ||
|Restore the developers' default value for each property belonging to the key ''key'' | |Restore the developers' default value for each property belonging to the key ''key'' | ||
+ | |- | ||
+ | |config set '''AdminIsNotRoot''' enabled | ||
+ | |n/a | ||
+ | |n/a | ||
+ | |In server-manager panel, changing admin password no more change root password. root password is managed through '''passwd''' shell command and admin and root passwords can be distinct passwords. | ||
+ | |- | ||
+ | |config setprop smtp-auth-proxy PeerPort xxx; signal-event email-update | ||
+ | |smtp-auth-proxy | ||
+ | |none - the smtp-auth-proxy executable (//usr/local/sbin/smtp-auth-proxy.pl) reads the config database directly. | ||
+ | |Used to change the port number used to connect to the upstream mail server ("SMTPSmartHost" or "Address of Internet provider's mail server"). Defaults to port 25 if PeerPort is not set; uses SSL if port 465 is selected. | ||
+ | |- | ||
+ | |db configuration setprop qpsmtpd tlsCipher '''XXX'''; signal-event email-update | ||
+ | |qpsmtpd | ||
+ | |/var/service/qpsmtpd/config/tls_ciphers | ||
+ | |By default qpsmtpd only accepts the stronger SSL 3.0 or TLS 1.0 protocols for securing SMTPS connections. If needed, one can set qpsmtpd to also allow the weaker SSL 2.0 protocol. For '''XXX''' one can use:<br /><br /> '''<tt>'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM'</tt>''' (SSLv2/SSLv3/TLSv1)<br />'''<tt>'HIGH:!SSLv2'</tt>''' (=Default: only allow stronger SSLv3/TLSv1 protocols)<br /><br />''Note: don't forget to use the quotes!!'' | ||
+ | |- | ||
+ | |config setprop pppoe Mlimit <value> | ||
+ | |pppoe | ||
+ | |/service/wan/run.pppoe.conf | ||
+ | |notes. - <value> cannot be set below 100000000 - <value> can be set above 100000000. | ||
+ | If pppoe Mlimit is set to a value '''below the MIN_MEMORY_LIMIT''', currently 100000000, this lower value will not be accepted '''and Mlimit will be set to the default value (100000000)'''. | ||
+ | |||
|- | |- | ||
|command | |command | ||
Line 1,044: | Line 1,642: | ||
|} | |} | ||
+ | ==== Port Forwarding ==== | ||
+ | Server manager will create two databases, one for TCP and one for UDP | ||
+ | db portforward_tcp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port} | ||
+ | |||
+ | db portforward_udp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port} | ||
+ | |||
+ | Apply with: | ||
+ | |||
+ | signal-event portforwarding-update | ||
---- | ---- | ||
− | + | {| width="100%" cellspacing="0" cellpadding="5" border="1" | |
+ | !Variable | ||
+ | !Target | ||
+ | !Default | ||
+ | |- | ||
+ | |port | ||
+ | |Incoming Port for Forwarding | ||
+ | |none | ||
+ | |- | ||
+ | |DestPort | ||
+ | |Destination Target Port | ||
+ | |port | ||
+ | |- | ||
+ | |DestHost | ||
+ | |Destination Host IP | ||
+ | |none | ||
+ | |- | ||
+ | |AllowHosts | ||
+ | |Allowed Hosts | ||
+ | |0.0.0.0/0 | ||
+ | |- | ||
+ | |DenyHosts | ||
+ | |Denied Hosts | ||
+ | |0.0.0.0/0 | ||
+ | |- | ||
+ | |Comment | ||
+ | |Notes for this rule | ||
+ | |none | ||
+ | |} | ||
+ | |||
+ | [[Category:Howto]] | ||
+ | [[Category:Developer]] |
Latest revision as of 00:18, 2 January 2024
Is this article helpful to you?
Please consider donating or volunteering
Thank you!
Database variables
SME Server comes with the most used parameters set as variables in its internal configuration databases. These variables are used to store values to be used in the final configuration files. Please, read the SME_Server:Documentation:Developers_Manual:Section2 to understand the template and database process.
These variables are useful to configure your system more easily, as you do not need to modify configuration files directly for most common cases. It also makes it possible to administer the server through its server-manager as the database variables are used to set and change configuration parameters. After editing, the configuration files must be regenerated and affected services need to be restarted.
For example, suppose you need to increase "memory-limit" in php.
You would simply execute these commands at the server console:
db configuration setprop php MemoryLimit 64M expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
The first line changes the value for the memory limit of PHP, the second line regenerates the configuration file and the last line will reload Apache (and subsequently also PHP as this is configured as a module of Apache).
The database system is based on a flat file system, but you should never edit them directly. Instead you should use the db command. More details on using the database system can be found in the SME Server Developer's Guide.
Setting db variables to default values
Any db variable that has a default value can be reset to the default by deleting the variable entirely, then re-initializing the default database values as follows:
config delprop <key> <prop> /etc/e-smith/events/actions/initialize-default-databases
Delete a property value
To delete the property
db accounts delprop <key> <prop>
Reset a property value
To reset to an empty value
db accounts setprop <key> <prop> ''
Concept of the signal-event command
Due to the efforts of the developers, you can further simplify the commands using the signal-event proccess.
For full details see SME_Server:Documentation:Developers_Manual:Section2
Overview of database variables
The next section describes the standard variables defined on SME Server. Please update this list with new standard variables in future SME Server versions.
The tables below have three columns. The first is the variable, the second is the target variable (located in the final configuration file), and the third is the default value.
A lot of the variables can be set using the server-manager but some can not. For example the variable DomainMaster for samba is not important here, because this can be set through server-manager. On the other hand, the variable RecycleBin is important, because it is not accessible through the server-manager.
Configuration files may use database values from a single configuration key, or may use multiple keys. The latter is the case for the /etc/rc.d/init.d/masq configuration file. This file takes it values from multiple database keys such as squid and masq.
It is also possible that multiple configuration files use the same key. An example of this is the httpd-admin key. This key has a variable TCPPort which is used in multiple files (/etc/httpd/admin-conf/httpd.conf and /etc/services).
AppleTalk (atalk)
Usage
db configuration setprop atalk variable value signal-event workgroup-update
Variable | Target | Default |
---|---|---|
MaxClients | AFPD_MAX_CLIENTS | 20 |
Backup
Usage
db configuration setprop backup variable value signal-event conf-backup
Variable | Target | Default |
---|---|---|
Device | $device | /dev/st0 |
Eject | Logical operation | no |
Console Mode
Usage - Choose either login or auto DB variable.
config set ConsoleMode login signal-event post-upgrade signal-event reboot
Variable | Target | Default |
---|---|---|
ConsoleMode | Console Setting | login |
Clam AntiVirus (clamav)
clamav
Usage
db configuration setprop clamav variable value signal-event clamav-update
Variable | Target | Default |
---|---|---|
ArchiveBlockEncrypted | ArchiveBlockEncrypted | no |
ArchiveBlockMax | ArchiveBlockMax | no |
ArchiveMaxCompressionRatio | ArchiveMaxCompressionRatio | 300 |
ArchiveMaxFiles | ArchiveMaxFiles | 1500 |
ArchiveMaxFileSize | ArchiveMaxFileSize | 15M |
ArchiveMaxRecursion | ArchiveMaxRecursion | 8 |
Debug | Debug | no |
DetectBrokenExecutables | DetectBrokenExecutables | no |
FilesystemScanExclude | FilesystemScanExclude | /proc,/sys,/usr/share,/var |
IdleTimeout | IdleTimeout | 60 |
LeaveTemporaryFiles | LeaveTemporaryFiles | no |
LogClean | LogClean | yes |
LogTime | LogTime | yes |
LogVerbose | LogVerbose | yes |
MaxConnectionQueueLength | MaxConnectionQueueLength | 30 |
MaxDirectoryRecursion | MaxDirectoryRecursion | 20 |
MaxThreads | MaxThreads | 20 |
ReadTimeout | ReadTimeout | 300 |
ScanArchive | ScanArchive | yes |
ScanHTML | ScanHTML | yes |
ScanMail | ScanMail | yes |
ScanOLE2 | ScanOLE2 | yes |
ScanPE | ScanPE | yes |
SelfCheck | SelfCheck | 1800 |
StreamMaxLength | StreamMaxLength | 25M |
Variable | Target | Default |
---|---|---|
Checks | Checks | 24 |
DatabaseMirror | DatabaseMirror | db.local.clamav.net |
DNSDatabaseInfo | DNSDatabaseInfo | current.cvd.clamav.net |
LogVerbose | LogVerbose | yes |
MaxAttempts | MaxAttempts | 6 |
clamd
Usage
db configuration setprop clamd variable value signal-event clamav-update
Variable | Target | Default |
---|---|---|
MemLimit | MEMLIMIT | 1400000000 |
DHCP daemon (dhcpd)
Usage
db configuration setprop dhcpd variable value signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
Bootp | bootp | deny |
startDynamicIPRange | range | |
endDynamicIPRange | range |
Note: the end of the dynamic IP range will be set to the value of 'endDynamicIPRange' minus the value of pptpd:sessions.
DNS Cache Forwarder (dnscache / dnscache.forwarder)
Usage
db configuration setprop dnscache variable value signal-event dns-update
or for some settings
signal-event console-save
Variable | Target | Default | Options |
---|---|---|---|
CacheSize | CACHESIZE | 1000000 (SME9 10000000) | Variable |
DataLimit | DATALIMIT | 3000000 (SME9 12000000) | Variable |
Forwarder | Forwarder | not configured | a.b.c.d - address of remote DNS server |
Forwarder | Forwarder2 | not configured | a.b.c.d - address of remote DNS server |
TinyDNS
Usage
db configuration setprop tinydns variable value signal-event dns-update
Variable | Target | Default |
---|---|---|
ListenIP | IP | 127.0.0.1 |
DataLimit | DATALIMIT | 300000 |
FlexBackup
Usage
db configuration setprop flexbackup variable value signal-event conf-backup
Variable | Target | Default |
---|---|---|
Blocksize | $blksize | 32 |
TapeBlocksize | $mt_blksize | 0 |
BufferProg | $buffer | buffer |
BufferMegs | $buffer_megs | 20 |
erase_rewind_only | $erase_rewind_only | false |
Type | $type | tar |
Horde (webmail)
Usage
db configuration setprop horde variable value
expand-template /home/httpd/html/horde/conf.menu.apps.php
Variable | Target | Default |
---|---|---|
MenuArray | MenuArray | enabled |
expand-template /home/httpd/html/horde/config/conf.php
Variable | Target | Default |
---|---|---|
Administration | Administration | disabled |
expand-template /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
Variable | Target | Default |
---|---|---|
Name | 'My Company' | 'Horde Webmail' |
expand-template /home/httpd/html/horde/turba/config/sources.php
Variable | Target | Default |
---|---|---|
freebusy | freebusy | disabled |
SharedAddressBooks | SharedAddressBooks | disabled |
Apache server ibay specific (httpd-e-smith)
see PHP for specific php options for ibays, or see Webhosting contrib.
Usage
db accounts setprop ibayname variable value signal-event ibay-modify ibayname
Variable | Target | Default |
---|---|---|
AllowOverride | AllowOverride | None |
FollowSymLinks | FollowSymLinks | disabled |
Indexes | Indexes | enabled |
PHPRegisterGlobals | register_globals | disabled |
PHPBaseDir | open_basedir | /home/e-smith/files/ibays/ibayname |
SSLv2 | SSLProtocol | disabled |
SSL | Force https access to ibay through Apache. | disabled |
- these options are specific to SME Server 9 and are not backported to SME Server 8. See
bugzilla:8239
Usage
db accounts setprop ibayname variable value signal-event ibay-modify ibayname
Apache server-manager (httpd-admin)
Variable | Target | Default |
---|---|---|
PermitPlainTextAccess | no | |
ValidFrom | ip/mask coma separated list |
Usage
db configuration setprop httpd-admin variable value signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
TCPPort | TCPPort | 980 |
IMAP (imap)
Usage
db configuration setprop imap variable value signal-event email-update
Variable | Target | Default |
---|---|---|
ConcurrencyLimit | INSTANCES | 2000 |
ConcurrencyLimitPerIP | INSTANCES_PER_IP | 12 |
ProcessMemoryLimit | ulimitdata | 128000000 |
- only for SME Server 9
Variable | Target | Default |
---|---|---|
AllowPlainText | if set to disabled, dovecot will still listen on port 143, but will only accept TLS connexions, even from the local networks | enabled/disabled, default is enabled |
IMAPS (imaps)
These properties apply to SME versions before 9.0 only. After 9.0, the imap properties are used to control imaps concurrency and memory limits.
Usage
db configuration setprop imaps variable value signal-event email-update
Variable | Target | Default |
---|---|---|
ConcurrencyLimit | INSTANCES | 2000 |
ConcurrencyLimitPerIP | INSTANCES_PER_IP | 12 |
ProcessMemoryLimit | ulimitdata | 128000000 |
Dovecot
- Only for SME Server 9
With smeserver-dovecot installed, 4 services in the configuration DB are used
imap and imaps are used to be backward compatible with e-smith-imap (and are used to control the TCPPort of the service, and if it's accessible from local network or from the internet)
dovecot is now the main service entry in the configuration DB. It's used to control various optional features of dovecot
Usage
db configuration setprop dovecot variable value signal-event email-update
Variable | Target | Default |
---|---|---|
AdminIsMaster | if enabled, the admin user will be a master user, and will be able to login as any user. To do so use user1*admin as login and the admin password to log as user1 | enabled/disabled, default is disabled |
FullTextIndexing | will turn on or off the full text indexing. When this option is enabled, a first search in an IMAP folder will trigger indexation. Next searches will be much faster. Read this page before enabling this option | enabled/disabled, default is disabled |
LogActions | will turn on or off extra logging (flag change, move, copy etc…). !! Warning !!: enabling this can generate a huge amount of logs | enabled/disabled, default is disabled |
Quotas | will report the actual used space and the remaining one if the user has a quota limit | enabled/disabled, default is enabled |
Fetchmail
Various fetchmail settings for email collection
Usage
db configuration setprop fetchmail variable value signal-event email-update
See the man page for more settings:
https://www.fetchmail.info/fetchmail-man.html
Variable | Target | Default |
---|---|---|
Verbosity | For debugging | silent/verbose, default is silent |
SSL | Use SSL | enabled/disabled, default is disabled |
Protocol | POP3 | POP/Other, default is POP3 |
TCPPort | Retrieved from smtpd | default 25 |
IPTables firewall (masq)
Usage
db configuration setprop masq variable value signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
Logging | Logging | most |
Stealth | Stealth | no |
Additional information on customizing iptables
Create a custom-named service definition in the configuration database.
db configuration set <servicename> service
Apply your desired firewall restrictions to any existing SME 'service' or to a custom-named service that you have created. Combine a custom-named service with port-forwarding to create customized firewall rules.
db configuration setprop <servicename> TCPPort <portnumber> db configuration setprop <servicename> TCPPorts <portnumbers> db configuration setprop <servicename> UDPPort <portnumber> db configuration setprop <servicename> UDPPorts <portnumbers> db configuration setprop <servicename> status enabled|disabled db configuration setprop <servicename> access public|private|localhost db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24 db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
Effectuate the changes you have made
signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
TCPPort | --proto tcp --dport <Ports> | Pre-configured for default services; no default for custom services |
TCPPorts | --proto tcp --dports <Ports> | No default for custom services; Ranges of ports are defined with a : not a - |
UDPPort | --proto udp --dport <Ports> | Pre-configured for default services; no default for custom services |
UDPPorts | --proto udp --dports <Ports> | No default for custom services; Ranges of ports are defined with a : not a - |
status | disabled | AllowHosts is set to "" (an empty string) unless the status is 'enabled' |
access | private | AllowHosts is set to "" (an empty string) unless access is 'public' |
AllowHosts | --src ..... --jump ACCEPT | Pre-configured for default services; no default for custom services. Default is '0.0.0.0/0' if service is enabled and public. |
DenyHosts | --src ..... --jump denylog | Pre-configured for default services; no default for custom services. If 'DenyHosts' is empty or does not exist then there are no '... --jump denylog' entries created in /etc/init.d/masq. |
SpamAssassin
Usage
db configuration setprop spamassassin variable value signal-event email-update
Variable | Target | Default |
---|---|---|
DNSAvailable | dns_available | yes |
OkLanguages | ok_languages | all |
OkLocales | ok_locales | all |
ReportSafe | report_safe | 0 |
Subject | rewrite_header Subject | [SPAM] |
SkipRBLChecks | skip_rbl_checks | 0 |
TrustedNetworks | trusted_networks | 127. |
UseAutoWhitelist | use_auto_whitelist | 0 |
UseBayes | use_bayes | 0 |
Sensitivity | required_hits | medium |
Sometimes certain spamassassin update servers get corrupted or are not updated frequently. The list is available at: /var/lib/spamassassin/3.003001/updates_spamassassin_org/MIRRORED.BY
MySQL (mysqld)
Usage
db configuration setprop mysqld variable value expand-template /etc/my.cnf sv t /service/mysqld
Variable | Target | Default |
---|---|---|
InnoDB | InnoDB | disabled |
LocalNetworkingOnly | LocalNetworkingOnly | yes |
Network Time Protocol (ntpd)
Usage
db configuration setprop ntpd variable value signal-event timeserver-update
Variable | Target | Default |
---|---|---|
MemLimit | MEMLIMIT | 35000000 |
Variable | Target | Default |
---|---|---|
NTPServer | server | pool.ntp.org |
SyncToHWClockSupported | SyncToHWClockSupported | yes |
SupportLargeDrift
A new db key for ntpd: SupportLargeDrift.
Default value is disabled, which doesn't change the current behaviour. bugzilla: 7979
If set to enabled, it will - add tinker panic 0 at the begening of the ntp.conf - remove the lines
server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10
With SupportLargeDrift enabled, the guest is able to resync the clock with the configured ntp server, even after resuming from a suspended state (tested with a ~10min drift, it took about 3 or 4 minutes for the guest to resync the clock after resuming).
db configuration setprop ntpd SupportLargeDrift enabled
Php
see PHP page for all the available options
Usage
db configuration setprop php variable value expand-template /etc/php.ini /etc/init.d/httpd-e-smith restart
Variable | Target | Default |
---|---|---|
MaxExecutionTime | max_execution_time | 30 |
MemoryLimit | memory_limit | 32M |
PostMaxSize | post_max_size | 20M |
UploadMaxFilesize | upload_max_filesize | 10M |
AllowUrlFopen | allow_url_fopen | Off |
ExposePHP | expose_php : Exposes to the world that PHP is installed on the server | Off |
Don't forget "M" unit because you get a lot of httpd errors and apache can't start!
Variable | Target | Default |
---|---|---|
AllowUrlFopen | AllowUrlfOpen | disabled, set to enabled |
MemoryLimit | MemoryLimit | disabled, set a M as unit, eg 64M |
UpMaxFileSize | UpMaxFileSize | disabled, set a M as unit, eg 64M |
PostMaxSize | PostMaxSize | disabled, set a M as unit, eg 64M |
MaxExecTime | MaxExecTime | disabled, set time in second without units, eg 60 or unlimited |
Virtual Private Network (VPN) (pptpd)
Usage
db configuration setprop pptpd variable value signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
debug | debug | no |
mtu | mtu | not set by default, add your value (1404) after mtu |
mru | mru | not set by default, add your value (1404) after mru
- |
Passive | passive | enabled |
Interfaces | Unknown | not set by default |
Variable | Target | Default |
---|---|---|
debug | debug | no |
Pro FTP (proftpd)
Usage
db configuration setprop ftp variable value signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
DisableAnonymous | DisableAnonymous | no |
Qmail
You can set the maximum size of email to be sent
Usage expressed in bytes
db configuration setprop qmail MaxMessageSize 15000000 signal-event email-update
Variable | Target | Default |
---|---|---|
MaxMessageSize | The maximum email size for sending | 15000000 |
Qpsmptd
Work in progress !!
Usage
config show qpsmtpd
config setprop qpsmtpd variable value signal-event email-update
Variable | Target | Default |
---|---|---|
Authentication | Authentication | enabled |
Bcc | Bcc | disabled |
BccMode | BccMode | cc |
BccUser | BccUser | maillog |
DKIMSigning | DKIMSigning | enabled |
DNSBL | DNSBL | disabled |
Instances | Instances | 40 |
InstancesPerIP | InstancesPerIP | 5 |
LogLevel | LogLevel | 6 |
MaxScannerSize | MaxScannerSize | 25000000 |
MaximumDateOffset | MaximumDateOffset | 0 |
PatternScan | PatternScan | disabled |
Proxy | Proxy | blocked |
RBLList | RBLList | bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org |
RHSBL | RHSBL | disabled |
RelayRequiresAuth | RelayRequiresAuth | enabled |
SBLList | SBLList | multi.surbl.org,black.uribl.com,rhsbl.sorbs.net |
TCPPort | TCPPort | 25 |
TCPProxyPort | TCPProxyPort | 25 |
TlsBeforeAuth | TlsBeforeAuth | 1 |
UBLList | UBLList | multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net |
URIBL | URIBL | disabled |
VirusScan | VirusScan | enabled |
access | access | public |
qplogsumm | qplogsumm | disabled |
status | status | enabled |
tnef2mime | tnef2mime | enabled |
Samba global settings (smbd)
Usage
db configuration setprop smb variable value signal-event ibay-modify
Variable | Target | Default |
---|---|---|
RecycleBin | recycle | disabled |
ShadowCopy | shadow_copy | disabled |
DeadTime | deadtime | 10080 |
DisplayCharSet | display charset | ISO8859-1 |
DosCharSet | dos charset | 850 |
LogonDrive | logon drive | Z |
OpLocks | oplocks | enabled |
OsLevel | os level | 65 |
ServerString | server string | SME Server |
SMBPorts | smb ports | 139 |
UnixCharSet | unix charset | UTF8 |
UseClientDriver | use client driver | yes |
LogLevel | log level | 1 |
Samba per i-bay settings (smbd)
Usage
db accounts setprop ibay_name variable value signal-event ibay-modify
Variable | Target | Default |
---|---|---|
Browseable | browseable | enabled |
OpLocks | oplocks | enabled |
RecycleBin | recycle | disabled |
VetoOplockFiles | veto oplock files | (not set) |
Audit | full_audit | disabled |
KeepVersions | If RecycleBin is enabled in smbd, then you can keep version of recycle bin | disabled, set it to enabled |
ShadowCopy | If Shadowcopy is enabled in the smbd, then you can turn off per ibay | enabled, set it to disabled |
cscPolicy | set the csc policy (manual, documents, programs, disable) | (not set) |
Squid Proxy (squid)
Usage
db configuration setprop squid variable value signal-event proxy-update
Variable | Target | Default |
---|---|---|
SSLPorts | Configure additional https ports (use single port or multiple ports separated by coma (,) | no default value (443 and 563 are hard coded) |
SafePorts | acl Safe_ports port | 80 |
EnforceSafePorts | EnforceSafePorts | no |
How to configure additional https ports
- only one port
config setprop squid SSLPorts 2083 signal-event proxy-update
- several ports
config setprop squid SSLPorts 2083,569,1,568,965 signal-event proxy-update
- remove ports
config setprop squid SSLPorts "" signal-event proxy-update
Variable | Target | Default |
---|---|---|
Transparent | Transparent | yes |
Variable | Target | Default |
---|---|---|
TransparentPort | TransparentPort | 3128 |
Alternate Usage for Configuration of an Up-Stream Proxy Server
db configuration set squid-parent-variable value signal-event proxy-update
squid-parent-variable | Target | Default |
---|---|---|
SquidParent | name-or-ip-of-upstream-proxy-server | (none) |
SquidParentPort | port-number-used-by-upstream-proxy-server | (none) |
(un-do using 'db configuration delete SquidParent', 'signal-event proxy-update')
SSH (sshd)
Usage
db configuration setprop sshd variable value signal-event remoteaccess-update
Variable | Target | Default |
---|---|---|
TCPPort | Port | 22 |
Protocol | Protocol | 2 |
UsePAM | UsePAM | no |
MaxAuthTries | MaxAuthTries | 2 |
MaxStartups | MaxStartups | 10:30:60 |
MotdStatus | MotdStatus (display or not the motd) | enabled |
PasswordAuthentication | PasswordAuthentication | no |
PermitRootLogin | PermitRootLogin | no |
AllowHosts | AllowHosts | IP address(es) list |
Autoblock_ssh
see AutoBlock#Public_SSH_Acess
Variable | Target | Default |
---|---|---|
AutoBlockTime | AutoBlockTime | 900 |
AutoBlockTries | AutoBlockTries | 4 |
AutoBlock | AutoBlock | enabled for sme9/disabled for sme8 |
smtpd
Usage
config setprop smtpd variable value signal-event email-update
Variable | Target | Default |
---|---|---|
Instances | Total smtp Instances | 40 |
InstancesPerIP | smtp-Instances-Per-IP | 5 |
Variable | Target | Default |
---|---|---|
Greeting | Hostname portion of the greeting provided by your server to inbound SMTP connections | $SystemName.$DomainName |
Variable | Target | Default |
---|---|---|
HeloHost | SMTP Helo / Ehlo value provided by your server when connecting to external SMTP servers to send email | $DomainName |
yum
Usage
config setprop yum variable value signal-event yum-modify
Variable | Target | Default |
---|---|---|
AutoInstallUpdates | Install updates automatically? | disabled |
check4updates | Frequency of Update Checking daily(default but monthly or weekly available) | daily |
EnableGroups | Enable Groups | 0 |
GPGCheck | Check GPG signature for repositories | 0 |
PackageFunctions | Display individual packages in 'Software Installer' | disabled |
RandomDelay | Random Delay | 120 |
status | Yum's status | enabled |
RestrictRepo | Repo names whose contents should be excluded from 'Available Packages' in the 'Software Installer' | none |
RestrictRPM | All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer' | none |
DeltaRpmProcess | Only changes between the installed package and the new one are downloaded. Once the delta rpm loaded, a rebuilding process is started only SME10 see |
disabled (by default)/enabled |
DownloadOnlyHour XX (0-23) | Set the time when to download rpm updates by yum (only sme10 see [bugzilla:1502]]) | default is 04 AM if no property |
See also 'db yum_repositories' All available repositories
Usage
db yum_repositories setprop RepositoryName variable value signal-event yum-modify
Variable | Target | Default |
---|---|---|
EnableGroups | Enable groupinstall with yum | Yes(default)/no |
GPGCheck | Enable the rpm verification by GPG of the repository signature | Yes(default)/no |
MirrorList | It is the base url where the repository can be found | no default value |
status | Enable the repository in yum, all updates will be installed if enabled | disabled/enabled |
Visible | The repository can be selected from 'Enabled repositories' in the 'Software Installer' in order to be Enabled by Yum if set to yes | no |
IncludePkgs 'rpm1,rpm2,rpm3' | Only rpms mentioned here will be available for installation or upgrade. | |
Exclude 'rpm1,rpm2,rpm3' | rpms mentioned here will be excluded by yum | |
DeltaRpmPercentage XX | Defines the maximum ratio allowed between the delta rpm size and the package size on a per-repository basis: by default, delta rpms can’t be bigger than 75% of the size of the associated rpms, otherwise they are not used. Set to disabled if you don't want to use deltarpm for this repository (only SME10 see |
default is '75' if no property |
Miscellaneous Other DB Variables
Command | service(s) | config file(s) | notes |
---|---|---|---|
db domains setprop test.com MailServer a.b.c.d or use FQDN in place of a.b.c.d eg db domains setprop test.com MailServer aspmx.l.google.com |
qpsmtpd; qmail; fetchmail | /var/service/qpsmtpd/config/goodrcptto
/var/service/qpsmtpd/config/peers/local /var/service/qpsmtpd/config/peers/ /var/service/qpsmtpd/plugins /var/service/qmail/control/virtualdomains /var/service/qmail/control/smtproutes /etc/fetchmail |
Forward all email for the specified domain to the IP address a.b.c.d. a.b.c.d can be either local or remote. By default, the recipient address will be verified as valid on a.b.c.d before SME accepts the inbound message. |
config set SquidParent <hostname or IP> | squid, diald | /etc/diald.filter, /etc/squid/squid.conf | Configure squid to peform all web downloads from the specified upstream proxy server |
config set SquidParentPort <portnumber> | squid | /etc/squid/squid.conf | Connect to the upstream proxy server using <portnumber>. Defaults to 3128 if 'SquidParentPort' is unspecified. Ignored if SquidParent is not set. |
config delete SquidParent | squid, diald | /etc/squid/squid.conf, /etc/diald.filter | Return squid to normal operation (no upstream proxy server) |
db accounts setprop username Visible internal ; signal-event email-update | n/a | n/a | Make an email address invisible from outside? (see http://forums.contribs.org/index.php?topic=36302.0) |
db accounts setprop pseudonym Visible internal ; signal-event email-update | n/a | n/a | Make an pseudonym email address invisible from outside |
db <database> delprop key property ; /etc/e-smith/events/actions/initialize-default-databases | various | various | Restore the developers' default value for property |
db <database> delete key ; /etc/e-smith/events/actions/initialize-default-databases | various | various | Restore the developers' default value for each property belonging to the key key |
config set AdminIsNotRoot enabled | n/a | n/a | In server-manager panel, changing admin password no more change root password. root password is managed through passwd shell command and admin and root passwords can be distinct passwords. |
config setprop smtp-auth-proxy PeerPort xxx; signal-event email-update | smtp-auth-proxy | none - the smtp-auth-proxy executable (//usr/local/sbin/smtp-auth-proxy.pl) reads the config database directly. | Used to change the port number used to connect to the upstream mail server ("SMTPSmartHost" or "Address of Internet provider's mail server"). Defaults to port 25 if PeerPort is not set; uses SSL if port 465 is selected. |
db configuration setprop qpsmtpd tlsCipher XXX; signal-event email-update | qpsmtpd | /var/service/qpsmtpd/config/tls_ciphers | By default qpsmtpd only accepts the stronger SSL 3.0 or TLS 1.0 protocols for securing SMTPS connections. If needed, one can set qpsmtpd to also allow the weaker SSL 2.0 protocol. For XXX one can use: 'ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM' (SSLv2/SSLv3/TLSv1) 'HIGH:!SSLv2' (=Default: only allow stronger SSLv3/TLSv1 protocols) Note: don't forget to use the quotes!! |
config setprop pppoe Mlimit <value> | pppoe | /service/wan/run.pppoe.conf | notes. - <value> cannot be set below 100000000 - <value> can be set above 100000000.
If pppoe Mlimit is set to a value below the MIN_MEMORY_LIMIT, currently 100000000, this lower value will not be accepted and Mlimit will be set to the default value (100000000). |
command | service(s) | config file(s) | notes. Copy this block when adding new entries to this table. |
Port Forwarding
Server manager will create two databases, one for TCP and one for UDP
db portforward_tcp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port}
db portforward_udp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port}
Apply with:
signal-event portforwarding-update
Variable | Target | Default |
---|---|---|
port | Incoming Port for Forwarding | none |
DestPort | Destination Target Port | port |
DestHost | Destination Host IP | none |
AllowHosts | Allowed Hosts | 0.0.0.0/0 |
DenyHosts | Denied Hosts | 0.0.0.0/0 |
Comment | Notes for this rule | none |