SME Server:Documentation:User Manual:Booklet

From SME Server
Revision as of 14:12, 17 February 2007 by Snoble (talk | contribs) (New page: {{ SME_Server:Documentation:User_Manual:Chapter1 }} {{ SME_Server:Documentation:User_Manual:Chapter2 }} {{ SME_Server:Documentation:User_Manual:Chapter3 }} {{ SME_Server:Documentation:User...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


Chapter 1 - Access

Passwords

The user's password gives access to server login, file storage, email accounts and the like. If a user's password is lost the administrator can reset to a new value, but not retrieve the old one. Passwords must be sufficiently complex, with the rules controlled by the server administrator.

Users can reset their passwords at www.yourserver.net/user-password

For windows clients, If the server is the domain PDC the user can reset his password after issuing a Ctrl+Alt+Del, Note that windows error messages may not explain clearly enough that the user password isn't sufficiently complex.

Admin/root passwords

Unlike user passwords, the admin/root passwords can not be set via www.yourserver.net/user-password, nor can they be set on a windows client via Ctrl+Alt+Del. Admin/root passwords must be set via the server manager or via the console commands passwd, either on the console directly or via SSH.

VPN Access

  Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


  Warning:
PPTP is UNSAFE and has been DEPRECATED. This section is in the process of being rewritten. Use VPN (qv) instead of PPTP



  Note:
When setting up VPN make sure your subnet is not the same as your VPN, for example your location "home" has a subnet of 192.168.1.0 and your "office" is 192.168.1.0 will not allow you to VPN, you will either need to change your "home" subnet to be different or set up your server to be a unique subnet.


Shell Access

  • Password access

If your admin allows it you can connect with just a username and password.

  • SSH Keys access

If you need to get SSH access to your server from outside the LAN (e.g. you want to get to your work server from home) then the advised method is to use Public / Private Keys.

During Logon, the server runs a check to see if your Private Key corresponds to its stored Public key for the user that you are trying to log on as. If they don't match then the server simply drops the TCP session.

Setup your keys with the information at SSH_Public-Private_Keys

When you have SSH Keys working, the server Admin can disable logging in using passwords.

  • Improve user remote shell cosmetics

Create a .bash_profile file for the user in ~

# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
   source ~/.bashrc
fi


Chapter 2 - Configuring Applications on your Computer

Configuring an email client

  Note:
You can simplify this process by using the following contrib which helps client auto configuring email access simply giving the email and password Autodiscover



  Work in Progress:
This page is a Work in Progress. The contents off this page may be in flux, please have a look at this page history the to see list of changes.


Your email client application (e.g.: Outlook, Thunderbird, Evolution) requires setting up with information about your email accounts: how to route outgoing email and credentials required to pick up your incoming email. This information is usually entered in the "preferences" or "options" section of the email client.

Most email clients require you to enter the following information:

User's email address: This is the user account name (as created in the server-manager) followed by @domain name. Typically it will be in the form of username@yourdomain.xxx (e.g. afripp@tofu-dog.com).

Email server (outgoing SMTP mail server): The address of the mail server. As you prefer, you can enter the ip address of the SME Server, or you should be able to use the server's full domain name, like mail.yourdomain.xxx (e.g. mail.tofu-dog.com).

Email account name or username: this is the name before the @ in the email address. For example, the username for "afripp@tofu-dog.com" is " afripp ".

The mail client may offer you the choice between POP3 and IMAP operation modes.


  Warning:
In general we strongly recommend that you use IMAPs which is a much more modern protocol, but POP is supported if you have no other choice


IMAP versus POP3 email

There are two common standards for email management, IMAP and POP3. Your server supports both protocols. You will need to select the protocol that is right for your organization, although IMAP is favoured for almost all situations.

IMAP email, is designed to permit interactive access to multiple mailboxes from multiple client machines. You manage your email on the mail server over the network. You read your email over the network from your desktop, but the email is not stored on your desktop machine - rather, it is permanently stored and managed on the server.

Benefits of IMAP: You can access all of your new and stored email from any machine connected to a network. Because all employee email is stored on the server, backup of email is easily accomplished.

IMAP allows better overall management of email across a number of end user devices. Whatever you do on one, is reflected to all others, even adding new folders and moving messages to archive folders. eg you can send on a workstation and see all your sent messages on the phone and so on.

Whatever email you send or receive, folder changes etc at any email client including workstations, phones, remote workstations and even webmail (accessed via web browser from home or anywhere), will all show the same. You can set the email clients to retain local copies of messages if that is important.

Drawbacks of IMAP: If you are not connected to a network, new and remote stored email messages are not available to you.(stored emails can be solved with current email clients for desktop - i.e. Thunderbird option to cache the mails for offline working - some clients for mobile devices do this also, practically you'll have the last snapshot from the moment when you were online )

POP3 is an earlier and ageing email legacy protocol. POP3 was designed to permit on-demand retrieval to a single client machine. Email is stored on the mail server until you retrieve it, at which time it is transferred over the network to your desktop machine and stored in your email box there.

Benefits of POP3: Even when you are not connected to your network, you have access to the email stored on your desktop.

Drawbacks of POP3: POP3 was not originally intended to support users accessing and managing their email from remote systems. Because your email is stored on your desktop, setting up remote access of your email when you are at a different computer can be complex.

Incoming POP3 email service

Enable POP3 protocol: Typically, to enable the POP3 protocol for incoming email, you click on a POP3 checkbox or select POP3 from a pull-down menu in the section of your email application dedicated to the incoming mail server.

  • Disable IMAP protocol: To disable the IMAP protocol for outgoing mail (not all email client applications have IMAP protocol) click the IMAP checkbox "off".
  • Delete read email from server: We recommend you configure your pop3 email client application to delete each message from the server when it has been downloaded to your client application. To do this, click off the checkbox marked "leave mail on server" or click on the checkbox marked "delete mail from server".
Setting your POP3 account for username@domain.tld
pop3s pop3
server name domain.tld
Port 995 110
User Name username
connectivity security SSL/TLS startTLS
Authentication method normal password

Incoming IMAP email service

  • Enable IMAP protocol: Typically, to enable the IMAP protocol for incoming email (note that not all email client applications offer IMAP support) you click on the IMAP checkbox or select IMAP from a pull-down menu in the section of your email client application dedicated to the incoming mail server.
  • Disable POP3 protocol: To disable the POP3 protocol for outgoing mail, click the POP3 checkbox "off".

The images below show you the setup sequence in the Mozilla Thunderbird mail client.

First you choose Preferences from the Edit menu and click on Mail Servers as shown in:

 


If you have not entered details about your mail server yet, you will need to press the Add button and enter some information. Otherwise, you will select the default mail server listed and click on the the Edit button. This will bring up a screen where you enter the username and choose whether you are using IMAP or POP3:

Thunderbird should now be ready to send and receive email.

Setting your IMAP account for username@domain.tld
imaps imap
server name domain.tld
Port 993 143
User Name username
connectivity security SSL/TLS startTLS
Authentication method normal password

Outgoing SMTP Email Service

There are 3 usual port for submitting an outgoing email. SME Server offers two of them.

You can submit on port 25, which is also the regular SMTP port for email exchange between SMTP servers. This method will Require startTLS method after the initial clear connection in order to encrypt the login process and protect your password. SME Server allows you to use this method.

The legacy 465 port offer implicit SSL encryption upon connection and is the default we suggest with SME. It is not considered a RFC compliant port, but is still used for historical reason in many places.

The official submission port is 587, offers usually startTLS after initial clear connection, but does not accept any email without an actual login. SME Server does not offers this method.

Setting your SMTP account for username@domain.tld
smtps smtp
server name domain.tld
Port 465 25
User Name username
connectivity security SSL/TLS startTLS
Authentication method normal password

Horde Agenda

It needs webmail enabled for your server. You can also setup additional agenda from your webmail for every user.

  1. type Caldav
  2. address https://domain.tld/horde/rpc.php/principals/username/
  3. user username
  4. email username@domain.tld
  5. use SSL: yes

Horde Tasks

It needs webmail enabled for your server. You can also setup additional task lists from your webmail for every user.

  1. type Caldav
  2. address https://domain.tld/horde/rpc.php/principals/username/
  3. user username
  4. email username@domain.tld
  5. use SSL: yes

Horde Address Book

It needs webmail enabled for your server. You can also setup additional address books from your webmail for every user.

  1. type Cardav
  2. address https://domain.tld/horde/rpc.php/principals/username/
  3. user username
  4. email username@domain.tld
  5. use SSL: yes

LDAP Directory (SME Server internal Address Book)

Your SME Server automatically maintains a Directory and populates it with users names and contact details when Admin enters these in the server-manager. Any client program that uses LDAP (Lightweight Directory Access Protocol), such as the address book in Thunderbird, will be able to access the Directory - but by default this will be read-only access. For example, with Thunderbird, look under the "Tools" menu and choose "Address Book". Then look under the "File" - "New" menu and select "LDAP Directory".

You will see a dialog box similar to the one shown here.

 

The following table is a resume of what you will need to enter depending of your client available settings. There are 3 main configurations : Anonymous, authenticated using starttls and authenticated using the SSL port. Pay attention that some client won't accept to connect if you use a self signed certificate. Also, important to note:

  • For the name you wish to give your company directory - any name will do.
  • The LDAP server or Hostname is the name of your web server, in the form www.yourdomain.xxx.
  • The Server Root information can be found on the "Directory" screen in your server-manager (more information on this is available in the next chapter). The usual form, assuming your domain is yourdomain.xxx, is dc=yourdomain,dc=xxx . (No spaces should be entered between the "dc=" statements.)
LDAP Settings
clear STARTTLS SSL
Name My Koozali SME Server LDAP
Server domain.tld
Port 389 636
Encryption none startTLS SSL
Authentication Method Anonymous use Distinguished Name (DN)
Username / Bind DN uid=USERNAME,ou=Users,dc=domain,dc.tld
Base DN ou=Users,dc=domain,dc.tld
Snapshot      

Configuring Your Web Browser

Most browsers (Internet Explorer, Firefox etc) are configured using a dialog box called "preferences", "network preferences" or "options". Some browsers need to be configured to access the Internet either directly or via a proxy server. When required, most desktop applications, your web browser included, should be configured as though they were directly accessing the Internet. Although the server uses a security feature known as IP masquerading, thereby creating an indirect connection to the Internet, this is a transparent operation to most of your desktop applications. Hence, you should ensure that the "Direct connection to the Internet" check box is clicked "on" in your web browser.

Under certain circumstances, using a proxy server can improve the perceived performance of your network. The server includes HTTP, FTP and Gopher proxy servers. Normally, we recommend these be disabled in your browser.

If you decided that you do want to use proxy servers #3, you will need to enter the IP address or domain name of the proxy server (i.e. your server) into the configuration screens of your web browser. The port number you will need to enter to connect to the proxy server is 3128. This information is the same for HTTP, Gopher and FTP proxying. Alternatively your browser can find the proxy details for itself by entering http://proxy/proxy.pac into Automatic proxy configuration URL:

The image below shows how a proxy server would be configured in Mozilla Firefox.

 



#3 Note that laptop users should disable proxy servers when working away from their local area networks.


Chapter 3 - User File Storage on the SME Server

When you create a user account on your server, this not only creates an e-mail account but also a file directory for that user. This directory is set aside for files that the user would like to store on the server hard drive. It can only be accessed by the user. To access the directory, the user would navigate to the server via Windows file sharing or smb/cifs.

Windows

Note: you can use netlogon.bat with domain logins or permanently map drives with explorer.

For example, in Windows the user would open "Network Neighborhood". In the Network directory, you will see all machines accessible to you on your network. The SME server should be one of them. If it isn't viewable, you may not be logged onto your network under the correct name/password (see the section below on this) or your machine may not be in the same workgroup as the server.

 


When you click on the server, you will see all i-bays and directories available to you. You will also see the Primary directory (which houses the company web page information). In the example below, Kate Hedges is logged onto her local network as khedges (her account name) with her correct password. When she enters the server, she can see all the i-bays (mgabriel, samfarms, sharedfiles, menus and intranet), as well as her own user directory.

 

By clicking on her own user directory, "khedges", she can see all of the work and personal files she has chosen to store on the server, as shown in the image below.

 


  Note:
Users who are on a Windows network must be logged onto the network with the name and password associated with the server user account.


Access to Ibays or group permissions created during a currently logged on session are unavailable until the next logon.

Macintosh OS

To use file sharing from a Macintosh computer, you will need to be set up to use smb/cifs.


  Note:
AppleTalk support was removed from SME 8.


Linux

Linux clients can be distribution specific so it is hard to generalise.


  Note:
further HowTo can be found for setting up Linux Clients at Client_Authentication


Chapter 4 - Webmail

If you wish, you can configure your SME Server so that users can access their email via a web interface. Once webmail is enabled, users will be able to access their email from the local network or anywhere in the world via the Internet using any web browser which supports Javascript and tables, which almost all browsers do.

For added security, SME Server supports the use of https Secure Socket Layer (SSL) connections. When users connect using SSL, all communication between their browser and the server is securely encrypted to prevent eavesdropping.


  Note:
The specific program SME Server uses for webmail is the Internet Messaging Program (IMP). If you would like more information about IMP, you can visit the project web site at: http://www.horde.org/imp/


If you intend to enable webmail, you should consider whether your users will use webmail exclusively or will use webmail part of the time (for example, when travelling) and a regular email client the rest of the time. If they plan to use webmail and another client, it may be easier if the other client uses the IMAP protocol. If the client uses POP3, email messages will be pulled down from the server into the local email client and most email clients default to deleting the message from the server at that time. Messages will therefore not be visible when the user later logs into webmail. If IMAP is enabled on the local client, messages remain on the server at all times and will be visible both from the local client and via webmail. For more information on IMAP and POP3, see the section in chapter 2.

A second issue is that using webmail will consume resources and bandwidth from your server. We recommend that you evaluate the suitability of your server hardware if you plan to use webmail, but webmail can always be disabled later if you find that your system is not performing well.

Enabling Webmail On Your System

Because the use of webmail can be resource-intensive, the server ships with webmail disabled by default. To enable the use of webmail, the server Admin must perform the following steps:

1. Connect to the server-manager and login as the admin user.

2. In the Configuration group, click on email and then the 'change email access settings' button. There are three webmail options:

  • Disabled
  • Allow HTTPS secure local and public
  • Allow HTTPS secure from local networks


After you enable webmail, your users should be able to connect and use webmail.

Starting Webmail

To use webmail, a user first needs a valid user account and password on the server. Next, the user opens up a web browser and points it to the server using an address resembling the following URL: https://www.tofu-dog.com/webmail/


  Note:
In the example above, www.tofu-dog.com points to the server located at The Pagan Vegan and https indicates secure communication using SSL encryption which, as from SME Server 7.0 , is the only option.


Note that if the server is behind another firewall, that firewall will need to allow traffic through on TCP port 443 in order for SSL connections to take place.

Logging In

Once connected, a user will be given a login screen similar to that shown in the screen below. From this screen you can read the help menu (by clicking on the link for New User Introduction at the top of the page) or login with your normal network user name and password. Note that IMP supports a wide variety of languages in addition to English.

 

Viewing The Inbox

Once logged in, you will see your Inbox, as shown in screen below.

 

Let's take a quick tour of the Inbox window.

In the top left corner is a pop-up menu that shows the list of your available mail folders. In your first webmail session, the only folder choice will be INBOX . As soon as you send an email message, a folder called sent-mail will be created and available in the menu. You can also create additional mail folders at any time.

In the top center portion of the window is a status message indicating the folder you are in and the number of new or recent messages in that folder.

On the left side is a navigation menu allowing you to compose new messages, modify contacts, create folders, modify preferences or logout of the webmail system.

In the main part of the window are the actual messages. Each message has an icon denoting its status at the far left, the date/time of the message, who it is from, the subject and the size. Messages may be sorted by clicking on the column heading. You can read a message simply by clicking on the subject or sender of a specific message. The envelope/arrow icon that you can see in the status area of the second message in the image above indicates that this message is new.

We will describe the various functions in greater detail later in this chapter, but this should be enough to get you started.

Logging Out of Webmail

Before we discuss the features of webmail, it is important to emphasize that you must always click on the Logout menu item when you are finished using webmail. If you do not do so, anyone else who uses your web browser on your computer (until you exit your web browser or logout of/shutdown your computer) will be able to read your messages and send messages from your account. After a successful logout, you will see the webmail login screen with a message at the top of the screen indicating that your logout was successful.

Composing Messages

To compose a new message, click on Compose in the menu on the left. You should see a screen similar to that below.

 


At the top of the compose screen, your available options include the ability to spell-check the message in your language of choice, or to cancel, save a draft or send the message.

If you choose to save a draft, your message will be saved in a folder called drafts . You may later retrieve this message by using the popup menu in the upper left corner to switch to the "drafts" folder.

Below that are the familiar email fields for you to fill out. At the bottom of the page, the menu of commands is repeated for your convenience.

Reading Messages

To read a message, click on the From or Subject fields of the message. You should see a screen similar to the one below.

 

You now have several options. You can:

  • Delete the message.
  • Reply only to the sender.
  • Reply to all of the original recipients.
  • Forward the message to someone else.
  • Bounce the message to another person (similar to "Forward" but without providing you the opportunity to comment). *5
  • Save As - save the message to a text file.

By clicking on the Reply button, you will be able to enter a reply window such as that shown below. Notice that the original message text is "quoted" with a ">" character in front of it. At this point, you can type more text or edit existing text, add or delete recipients, spell-check the message and do anything else that you could do in a normal compose window. Again, you can choose to cancel the message, save a draft or send the message.

 


#5 In fact, the bounce command will send the message on to a third-party without indicating that you were the one forwarding it. So if "ffrog" sent a message to the "sales" group (of which you are a member) and you then bounced it to another user, that user would see the message coming from "ffrog" and going to "sales", but your name would not appear anywhere in the visible headers. Compare that to a "forward" command where the recipient knows you are the person forwarding the message.

Deleting Messages

You can delete a message while reading it, as mentioned previously, or you can delete a message - or a group of messages - from the Inbox view.

 


To do so, check the box next to each message you wish to delete. After that, press the Delete text button directly above or below the list of messages on the left side. You will now see a trash icon next to the checkbox and a line through the messages.

As an example, in the image above, our user (ffrog) wants to delete the second and third messages. He can click on the checkbox next to each message and then click Delete . This will produce a screen such as that below.

 

If you do not want to see the deleted messages, you have two choices. If you click on the Hide Deleted text button on the right side, the messages will be hidden from view, but will still be there and could be recovered with the Undelete button. If you choose Expunge, the messages will be permanently deleted.

Using Contacts

The server webmail system provides two means of keeping track of e-mail addresses. First, you can have your own Contacts list. Second, you can easily access the company directory that lists all users and groups that have been created.

You can view and edit your contacts through two menu choices. From the left menu you can choose Contacts . This allows you to view or edit contacts, but does not allow you to add a contact to an e-mail list. To add a contact, you must open the Contacts window from the "Contacts" link in a Compose window, as highlighted in the image below.

When you create your own address book, you must then go to options, address book, column options, and choose which additional columns you want displayed.

 


In either case, you will find yourself viewing a window that looks like the one below.

 


If this is the first time you have entered the Contacts window, you will not see anything next to the "Select" button. Normally, though, you will see a pop-up menu with all of your contacts in it (as seen in the window above where "bob <bbass@e-smith.com>" appears). To enter a new contact, simply type the e-mail address, a "nickname" that will appear in the Contacts list, and the full name of the person. You must fill out all three fields. Then click Add Contact .

To update a contact's information, select the user's name/address from the contacts pop-up menu. The information should automatically appear in the fields. (If it does not, after selecting the entry from the pop-up menu, press the Select button next to the menu.) Enter the new information and click Update Contact . In a similar fashion you can delete a contact by selecting the contact from the pop-up menu and pressing the Delete Contact button.

As mentioned earlier, if you entered the Contacts window from the link in the Compose window, the three buttons - Insert into To:, Insert into Cc:, and Insert into Bcc: - will allow you to transfer the contact information directly into the Compose window.

To search the company directory, use the lower section of the Contacts window labeled LDAP Search *6. You have the ability to search either the entire name field or just the surname. Enter the text you are searching for in the entry box and choose how you want to compare the text against the directory. The default is to search for entries where the name is the text you enter, which requires an exact match. You may find it more useful to search for entries where the name contains the search text. A search with "contains" will find names where the search text appears somewhere in the name.

After entering your text and choosing your search options, press the Start Search button to query the directory. As shown in the screen below, your results will be returned in a new LDAP Results section of the same Contacts window. As with the section at the top of the screen, you choose your entry from the pop-up menu (or press the Select button if your entry is displayed already) and the information should appear in the entry box below. Assuming you entered Contacts from the link in the Compose window, you can now insert this information into the To, Cc or Bcc lines of the Compose window.

Note that you also have the option of inserting this entry directly into your Contacts list. If you have a large company directory, you may find this a useful way of ensuring that frequently used contacts are readily available.


  Note:
Unlike your local Contacts list, you cannot directly update entries that are in the company directory. Instead, those entries must be updated by the system administrator using the Directory panel in the server-manager. See the Directory section of Chapter 13 for more information.


 


#6 The search is called an LDAP search because the directory is queried using the Lightweight Directory Access Protocol (LDAP), one of the most common protocols used on the Internet for searching directories.

Changing Webmail Preferences

By clicking on the Preferences link on the navigation menu, you can modify preferences for your webmail session, as shown in the screen below.

 

You have four preferences you can configure:

  • Signature - You may include any text that you wish to appear by default at the bottom of your email messages. Once configured, it will always appear at the bottom of a Compose or Reply window when you enter that window. You can, however, delete it for a specific message simply by editing the text in the Compose or Reply text window.
  • Full Name - If you leave this blank, all of your messages will appear to recipients as having come from your email address. If you enter text here, recipients will usually see that text first instead of your e-mail address.
  • From Address - By default your From address is your regular system email. You do not need to set it here . Enter an address here only if you want people to see a different reply address than your normal system-generated e-mail address.
  • Preferred Language - This allows you to specify the language used in the menus.

When you are done modifying your preferences, press the Save Preferences button at the bottom of the page.

Helpful Webmail Plugins

A number of helpful plugins are available for use with Webmail. Some plugins such as Turba (address book) and Ingo (email filter rules manager) are already included in the base package. A partial list of other helpful plugins with links to convenient installation instructions follows below.

  • Nag is a task list application. It stores todo items, things due later this week, etc. It is very similar in functionality to the Palm ToDo application. Nag install HOW TO
  • Mnemo is a notes and memos application. It lets users keep free-text notes and other bits of information which doesn't fit as a contact, a todo item, an event, etc. It is very similar in functionality to the Palm Memo application. Mnemo install HOW TO
  • Kronolith is a web-based calendar system written in PHP and utilizing the built-in Horde Application Framework. Kronolith install HOW TO
  • Trean is a bookmarks manager, allowing you to store your bookmarks in one place and access them from any browser.
  • Gollem is a web-based file manager integrated with the rest of Horde.

Webmail Whitelists

Webmails whitelist has nothing to do with spamassassin or filtering into the junkmail folder. Messages are already sorted into the junkmail folder by spamassassin before webmail has any chance to look at them.

Webmail broken after upgrade

After the usual post-upgrade and reboot, webmail is broken with messages like the following in the messages log:

Apr 20 17:29:53 mail [4614]: PHP Fatal error:  Call to a member function on a non-object
in /home/httpd/html/horde/imp/lib/Block/tree_folders.php on line 65
Apr 20 17:29:53 mail [4614]: PHP Warning:  Unknown(): Unable to call () - function does not exist
in Unknown on line 0

As workaround, logout of Horde, close the browser, reopen, log in to Horde, Webmail should now be fully functional. (Based on suggested fix in Bugzilla:5177)