Difference between revisions of "Updating from SME 7.1.x or earlier"
RayMitchell (talk | contribs) (removed defunct bogusmx.rfc-ignorant.org) |
RayMitchell (talk | contribs) (modified Note box content) |
||
(14 intermediate revisions by 3 users not shown) | |||
Line 79: | Line 79: | ||
RHSBL or ''Right-Hand Side Black List'': Search for known spam hosts by host name. | RHSBL or ''Right-Hand Side Black List'': Search for known spam hosts by host name. | ||
− | If you want to try out the RHSBL servers configured by default in SME | + | If you want to try out the RHSBL servers configured by default in SME: |
<nowiki>config delprop qpsmtpd SBLList | <nowiki>config delprop qpsmtpd SBLList | ||
− | config setprop qpsmtpd SBLList multi.surbl.org:black.uribl.com | + | config setprop qpsmtpd SBLList dbl.spamhaus.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net |
− | :rhsbl.sorbs.net | ||
− | |||
signal-event email-update</nowiki> | signal-event email-update</nowiki> | ||
This will enable the following SBL servers for your system. Be sure to check them out to see if they are consistent with your policies before enabling them. Don't forget that RHSBL is '''disabled''' by default in SME! | This will enable the following SBL servers for your system. Be sure to check them out to see if they are consistent with your policies before enabling them. Don't forget that RHSBL is '''disabled''' by default in SME! | ||
− | * [http://www. | + | * [http://www.spamhaus.org/ dbl.spamhaus.org] |
* [http://www.surbl.org/ multi.surbl.org] | * [http://www.surbl.org/ multi.surbl.org] | ||
* [http://www.uribl.com/about.shtml black.uribl.com] | * [http://www.uribl.com/about.shtml black.uribl.com] | ||
* [http://www.au.sorbs.net/using.shtml rhsbl.sorbs.net] | * [http://www.au.sorbs.net/using.shtml rhsbl.sorbs.net] | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
<br> | <br> | ||
{{Warning box|[http://wiki.openrbl.org/wiki/Blackhole.securitysage.com blackhole.securitysage.com] was a default SBL server but is no longer working and was removed on Oct 5, 2008. If you have blackhole.securitysage.com in your SBLList and have RHSBL enabled then <b>ALL INCOMING EMAIL WILL BOUNCE.</b> You must remove blackhole.securitysage.com from your SBLList for your email server to work properly. Follow the instructions above to reset the default SBLList.}} | {{Warning box|[http://wiki.openrbl.org/wiki/Blackhole.securitysage.com blackhole.securitysage.com] was a default SBL server but is no longer working and was removed on Oct 5, 2008. If you have blackhole.securitysage.com in your SBLList and have RHSBL enabled then <b>ALL INCOMING EMAIL WILL BOUNCE.</b> You must remove blackhole.securitysage.com from your SBLList for your email server to work properly. Follow the instructions above to reset the default SBLList.}} | ||
− | {{Note box|Some of the SBLList above are | + | {{Note box|Some of the SBLList above are quite aggressive. As a result, genuine mail may be blocked. You should check your qpsmtpd logs at regular intervals to assess the impact of your selection. To reduce the amount of information presented in the logs, filter with "logterse". |
+ | |||
+ | A conservative (& some would consider safe) setting for RHSBL would be as follows: | ||
+ | config setprop qpsmtpd SBLList dbl.spamhaus.org | ||
+ | signal-event email-update | ||
+ | |||
+ | This will enable the following SBL server for your system. Don't forget that RHSBL is '''disabled''' by default in SME! | ||
+ | * [http://www.spamhaus.org/ dbl.spamhaus.org]}} | ||
====DNSBL Servers==== | ====DNSBL Servers==== | ||
DNSBL (DNS Block List): Block spam hosts based on the IP address of the remote system. | DNSBL (DNS Block List): Block spam hosts based on the IP address of the remote system. | ||
− | If you want to try out the DNSBL servers configured by default in SME | + | If you want to try out the DNSBL servers configured by default in SME: |
<nowiki>config delprop qpsmtpd RBLList | <nowiki>config delprop qpsmtpd RBLList | ||
− | config setprop qpsmtpd RBLList bl.spamcop.net | + | config setprop qpsmtpd RBLList bl.spamcop.net\ |
− | :dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net | + | :dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net\ |
− | + | :psbl.surriel.com:zen.spamhaus.org | |
signal-event email-update</nowiki> | signal-event email-update</nowiki> | ||
This will enable the following DNSBL servers for your system. Be sure to check them out before enabling them. (List updated 7/31/2007 to replace ''sbl-xbl.spamhaus.org'' with the new ''zen.spamhaus.org''). | This will enable the following DNSBL servers for your system. Be sure to check them out before enabling them. (List updated 7/31/2007 to replace ''sbl-xbl.spamhaus.org'' with the new ''zen.spamhaus.org''). | ||
+ | |||
+ | NOTE: as of January 1, 2015, [http://www.ahbl.org/ dnsbl.ahbl.org] service is no longer active. If you have added this service to your DNSBL record, please remove it. Leaving it in will cause a great many false positives. | ||
Don't forget that DNSBL is '''disabled''' by default in SME! | Don't forget that DNSBL is '''disabled''' by default in SME! | ||
* [http://www.spamcop.net/ bl.spamcop.net] | * [http://www.spamcop.net/ bl.spamcop.net] | ||
− | |||
− | |||
* [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-1.uceprotect.net] Conservative (blocks single IPs) | * [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-1.uceprotect.net] Conservative (blocks single IPs) | ||
* [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-2.uceprotect.net] More agressive (blocks class C networks) | * [http://www.uceprotect.net/en/index.php?m=1&s=0 dnsbl-2.uceprotect.net] More agressive (blocks class C networks) | ||
− | |||
− | |||
* [http://psbl.surriel.com/ psbl.surriel.com] | * [http://psbl.surriel.com/ psbl.surriel.com] | ||
* [http://www.spamhaus.org/zen/ zen.spamhaus.org] ''formerly sbl-xbl.spamhaus.org'' | * [http://www.spamhaus.org/zen/ zen.spamhaus.org] ''formerly sbl-xbl.spamhaus.org'' | ||
− | {{Note box|Some of the RBLList above are | + | {{Note box|Some of the RBLList above are quite aggressive. As a result, genuine mail may be blocked. |
Many will argue what's best but most would agree that you can set best-practice recommended settings by: | Many will argue what's best but most would agree that you can set best-practice recommended settings by: | ||
− | config setprop qpsmtpd RBLList zen.spamhaus | + | config setprop qpsmtpd RBLList zen.spamhaus.org |
signal-event email-update | signal-event email-update | ||
Latest revision as of 09:27, 27 November 2015
There seem to be a lot of questions about updating to SME Server version 7.2 and higher from releases of SME Server 7.1.x and before. This document will attempt to compile the various questions and answers in one place.
CD Update
- Insert the CD into your server and issue a reboot, follow the instructions presented to you on the server screen to update to SME Server 7.2.
- Reset yum to the new default configuration as described here: SME Server:Adding_Software#Restoring_Default_Yum_Repositories
- Reset other settings to new defaults as shown here: Updating_to_SME_7.2#Updating_Configuration_Database_with_New_Default_Values
- Perform a final yum update to obtain updates or patches released after the generation of the 7.2 iso.
Yum Update
- Clear out any lingering yum confusion and install the latest yum support files: yum clean all yum update smeserver-yum yum sqlite python-sqlite
- Reset your repository configuration and reboot: cd /home/e-smith/db/ mv yum_repositories yum_repositories.po /etc/e-smith/events/actions/initialize-default-databases signal-event yum-modify signal-event post-upgrade; signal-event reboot
- Obtain the remaining support files yum update dbus dbus-glib smeserver-support
- Obtain remaining updates and reboot yum update signal-event post-upgrade; signal-event reboot
- Reset other settings to new defaults as shown here: Updating_to_SME_7.2#Updating_Configuration_Database_with_New_Default_Values
- Perform a final yum update to confirm that you have installed all available updates.
Cleanup Tasks
Upgrading from a system prior to 7.1
To install the kmods for smp kernel type at command line:
yum install kmod*smp* signal-event post-upgrade signal-event-reboot
Ensuring the correct yum repository configuration
The default yum repository configuration changed with the release of SME version 7.1.1 in order to allow installation of unmodified and non-conflicting CentOS packages directly from the CentOS repositories.
The SME update process does not reconfigure your yum repositories automatically in order to preserve any existing custom configurations you have created.
As a result:
- Even if your server now says it is running SME 7.1.3 your system may not be up to date, and you may be missing vital updates from the CentOS repositories that will only be installed after correcting your yum repository configuration!
- You will STILL need to correct your yum repository configuration even after updating from the 7.2 CD.
- A fresh install from the SME 7.2 CD is the only instance in which you do not need to reconfigure your yum repositories.
Therefore, unless you are an expert with yum and have made specific sme-related customizations for some reason, you must reset your yum repository configuration to the SME defaults using the instructions found at SME Server:Adding_Software#Restoring_Default_Yum_Repositories or your yum updates will fail sooner or later.
All SME updates assume that the default repositories are enabled, and that any 3rd party repositories you may have configured are
- disabled by default
- created with appropriate "Exclude" paramaters
- accessed manually when necessary using the yum --enablerepo=xxx syntax.
Updating Configuration Database with New Default Values
SME 7.2 includes different default values for some settings. This section tells you how to change those values.
Generic Instructions
Any configuration database item that has a "default" value can be set to the default value using
config delprop key prop /etc/e-smith/events/actions/initialize-default-databases
Afterwards, you will need to re-expand the affected templates and restart the affected services:
signal-event post-upgrade; signal-event reboot
qpsmtpd LogLevel
SME 7.0 - 7.1.3 all defaulted to qpsmtpd LogLevel 8 (or 'debug') in order to make sure that the logfile contained all plugin results.
SME 7.2 now includes the qpsmtpd logterse plugin allowing LogLevel to be reduced to 6 without losing any critical tracking information yet significantly reducing overall log activity, consequently extending log retention times.
config delprop qpsmtpd LogLevel /etc/e-smith/events/actions/initialize-default-databases signal-event email-update svc -t /var/service/qpsmtpd
RHSBL Servers
RHSBL or Right-Hand Side Black List: Search for known spam hosts by host name.
If you want to try out the RHSBL servers configured by default in SME:
config delprop qpsmtpd SBLList config setprop qpsmtpd SBLList dbl.spamhaus.org:multi.surbl.org:black.uribl.com:rhsbl.sorbs.net signal-event email-update
This will enable the following SBL servers for your system. Be sure to check them out to see if they are consistent with your policies before enabling them. Don't forget that RHSBL is disabled by default in SME!
DNSBL Servers
DNSBL (DNS Block List): Block spam hosts based on the IP address of the remote system.
If you want to try out the DNSBL servers configured by default in SME:
config delprop qpsmtpd RBLList config setprop qpsmtpd RBLList bl.spamcop.net\ :dnsbl-1.uceprotect.net:dnsbl-2.uceprotect.net\ :psbl.surriel.com:zen.spamhaus.org signal-event email-update
This will enable the following DNSBL servers for your system. Be sure to check them out before enabling them. (List updated 7/31/2007 to replace sbl-xbl.spamhaus.org with the new zen.spamhaus.org).
NOTE: as of January 1, 2015, dnsbl.ahbl.org service is no longer active. If you have added this service to your DNSBL record, please remove it. Leaving it in will cause a great many false positives.
Don't forget that DNSBL is disabled by default in SME!
- bl.spamcop.net
- dnsbl-1.uceprotect.net Conservative (blocks single IPs)
- dnsbl-2.uceprotect.net More agressive (blocks class C networks)
- psbl.surriel.com
- zen.spamhaus.org formerly sbl-xbl.spamhaus.org
sa-update
SME 7.2 introduces /etc/cron.daily/sa_update to automatically update your Spamassassin rules daily.
Brian Read had published /etc/cron.daily/sa-update (with a dash instead of an underline) for updating Spamassassin in SME versions prior to 7.2.
If you had installed this script on an earlier version of SME 7.x you may want to delete it now using:
rm -f /etc/cron.daily/sa-update
Known Issues or Problems
Yum Problems
More info on general Yum issues can be found here: SME_Server:Documentation:FAQ#General
Public key for perl-version-0.7203-1.el4.1.i386.rpm is not installed
This error should be resolved by following the standard #Yum_Update procedure above.
[Errno 256] No more mirrors to try.
This probably indicates that your yum repositories are misconfigured. You should follow the standard #Yum_Update procedure above.
Existing lock /var/run/yum.pid: another copy is running. Aborting.
SME Server runs yum automatically to check for available updates. If this background check is running you will see this error. Just wait a few minutes for the background process to finish.
GLib-CRITICAL **: file gtimer.c: line 106 (g_timer_stop)
This error indicates that you have installed yum packages that require later versions of sqlite and python-sqlite than you have installed on your system. You can recover using the commands shown below, which should:
- Download and install the latest versions of python-sqlite and sqlite (to make yum operational) and smeserver-yum (to provide proper repository defaults). cd /tmp wget ftp://ibiblio.org/pub/linux/distributions/smeserver/releases/7.2/smeos/i386/SME/RPMS/*sqlite-* wget ftp://ibiblio.org/pub/linux/distributions/smeserver/releases/7.2/smeos/i386/SME/RPMS/smeserver-yum-* yum localinstall sqlite python-sqlite smeserver-yum
- Reset your repository configuration cd /home/e-smith/db/ mv yum_repositories yum_repositories.po /etc/e-smith/events/actions/initialize-default-databases signal-event yum-modify
- Reboot to activate all changes signal-event post-upgrade; signal-event reboot
- After rebooting, make sure you have the basic files before beginning your major update: yum update dbus dbus-glib smeserver-support yum
- Then finish your update: yum update
Troubleshooting when yum install is broken
If yum is broken, then it's obviously not possible to use yum to do updates (to yum). If you are unable to install the sqlite and smeserver-yum packages with yum as per the above instructions, then you will need to manually download the packages & (dependency packages) & install them from the local machine using rpm -Uvh. You might receive this type of error when manually updating packages:
rpm -Uvh sqlite* python-sqlite* smeserver-yum* error: Failed dependencies: yum-plugin-fastestmirror is needed by smeserver-yum-1.2.0-37.el4.sme.noarch
This indicates you also need to download the dependency rpm, in this case yum-plugin-fastestmirror.
Manually download ALL the required packages to an empty folder, eg from http://mirror.contribs.org/smeserver/releases/7/ then do:
rpm -Uvh *.rpm signal-event post-upgrade reboot
Then continue on with the normal yum update process
yum update signal-event post-upgrade reboot
Webmail / Horde
If you have created custom templates designed to change the appearance of Webmail or Horde on your system, you may have to delete your existing custom templates, copy the new version of the same template fragments, and make your customizations on the new copies.
IMAP subfolders do not show in IMP
- The 'Folder' drop-down list in webmail only offers INBOX
- /var/log/messages shows entries like:
...: PHP Notice: Undefined index: a in /home/httpd/html/horde/lib/Horde/IMAP/Tree.php on line 1275 ...: PHP Notice: Undefined index: a in /home/httpd/html/horde/lib/Horde/IMAP/Tree.php on line 1438 ...: PHP Notice: Undefined index: value in /home/httpd/html/horde/imp/folders.php on line 361
From Bugzilla:1701(Courtesy of Alain):
- rm /etc/e-smith/templates-custom/var/service/imap/config/IMAP_CAPABILITY
- signal-event post-upgrade; signal-event reboot (note: signal-event email-update is not enough)
Remote Administration using SSH Tunnels
Prior versions of SME Server allowed you to access server-manager using http://localhost:980/server-manager after establishing an ssh tunnel on port 980 to your SME server.
You could also establish a tunnel from local port xxxx to port 443 on your SME server, then access server-manager at https://localhost:xxxx/server-manager
Both of these options will now generate a page not found error after entering your admin username & password, as the login page automatically redirects both of these to "https://localhost/server-manager".
You can work-around this issue in one of 3 ways:
- Tunnel port 443, then login at https://localhost/server-manager
- Tunnel whatever port you used previously, get the error message, then manually return to your original URL
- Enable PPTP on your SME server and use a PPTP VPN to access server-manager.
Missing email folders after upgrade
This link explains why you may appear to be missing your mail folders after an upgrade: After I upgrade my SME Server, my email folders have disappeared when using IMAP
10fix_privilege_tables in message log
These messages are generated by /usr/share/mysql/mysql_fix_privilege_tables.sql. The script itself says:
You can safely ignore all 'Duplicate column' and 'Unknown column' errors because these just mean that your tables are already up to date. This script is safe to run even if your tables are already up to date!
See also Bugzilla:3223.