1,574
edits
Changes
Jump to navigation
Jump to search
Line 1:
Line 1: + Line 59:
Line 60: − + Line 70:
Line 71: + Line 75:
Line 77: − + Line 89:
Line 91: − Line 96:
Line 97: − + Line 106:
Line 107: + + + − + Line 218:
Line 222: − + − Line 245:
Line 248: − + − + − + + + Line 255:
Line 260: − + Line 262:
Line 267: − + Line 283:
Line 288: − + − + − + − + + + + + − + + − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 307:
Line 346: − + Line 337:
Line 376: − Line 344:
Line 382: − + Line 354:
Line 392: − − + Line 369:
Line 406: − + Line 379:
Line 416: − − + Line 398:
Line 434: + + − + Line 432:
Line 470: − + + + + + + + − + + + + + + + + + + + + + + − + Line 450:
Line 507: − Line 456:
Line 512: − + Line 476:
Line 532: + + + + + + + + + + + + + + + − + Line 499:
Line 570: + + + − {{Tip box|You can see if you are running out of the number of available connections in your log file /var/log/imaps/current and look for messages like the log extract below where the ConcurrencyLimitPerIP was set to 20. A 21st connection was attempted and was denied.+ + − tcpsvd: info: pid 30693 from 10.1.0.104 − tcpsvd: info: concurrency 30693 10.1.0.104 21/20 − tcpsvd: info: deny 30693 0:10.1.0.21 ::10.1.0.104:49332 ./peers/10.1.0 Line 510:
Line 582: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 515:
Line 658: − + Line 529:
Line 672: − Line 555:
Line 697: − + Line 562:
Line 704: − + − Line 586:
Line 727: − + − + Line 602:
Line 743: − + − + Line 662:
Line 803: − + Line 682:
Line 823: − + Line 693:
Line 834: − + Line 726:
Line 867: + + − + Line 754:
Line 897: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 763:
Line 937: − + Line 785:
Line 959: + + + + − + − Line 798:
Line 975: − Line 804:
Line 980: − + Line 814:
Line 990: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 820:
Line 1,144: − + Line 873:
Line 1,197: + + + + Line 880:
Line 1,208: − + Line 900:
Line 1,228: + + + + + + + + + + + + + + + + Line 907:
Line 1,251: − + Line 937:
Line 1,281: − + Line 948:
Line 1,292: − + − Line 959:
Line 1,302: − − + Line 983:
Line 1,325: − + Line 1,008:
Line 1,350: + + + + Line 1,021:
Line 1,367: − Line 1,029:
Line 1,374: + + + + + + + + + + + + + + + + + + + + + + + + − + − + Line 1,052:
Line 1,421: − + + + Line 1,063:
Line 1,434: − + + + Line 1,078:
Line 1,451: − + Line 1,089:
Line 1,462: − + Line 1,119:
Line 1,492: + + + + + + + + − + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Line 1,133:
Line 1,556: − + − Line 1,220:
Line 1,642: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
config setprop setings
{{usefulnote}}
== Database variables ==
== Database variables ==
{{Note box|See following wiki pages for the syntax of access to the configuration database entries from the command line [http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual:Section2#Access_from_the_command_line Access from the Command Line] and a [http://wiki.contribs.org/Db_command_tutorial db command tutorial]}}
{{Note box|See following wiki pages for the syntax of access to the configuration database entries from the command line [http://wiki.contribs.org/SME_Server:Documentation:Developers_Manual:Section2#Access_from_the_command_line Access from the Command Line] and a [http://wiki.contribs.org/Db_command_tutorial db command tutorial]}}
db configuration setprop atalk variable value
db configuration setprop atalk variable value
signal-event workgroup-update
signal-event workgroup-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/atalk/netatalk.conf
|+Affected file: /etc/atalk/netatalk.conf
!Variable
!Variable
|}
|}
{{Warning box|The AppleTalk protocol has been removed from SME Server as of version 8.x}}
==== Backup ====
==== Backup ====
db configuration setprop backup variable value
db configuration setprop backup variable value
signal-event conf-backup
signal-event conf-backup
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/e-smith/events/post-backup/S90eject-tape
|+Affected file: /etc/e-smith/events/post-backup/S90eject-tape
!Variable
!Variable
|no
|no
|}
|}
==== Console Mode ====
==== Console Mode ====
signal-event post-upgrade
signal-event post-upgrade
signal-event reboot
signal-event reboot
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
!Variable
!Variable
!Target
!Target
|}
|}
{{Warning box|This functionality has been deprecated as of SME Server 9.x}}
==== Clam AntiVirus (clamav) ====
==== Clam AntiVirus (clamav) ====
===== clamav =====
''Usage''
''Usage''
db configuration setprop clamav variable value
db configuration setprop clamav variable value
signal-event clamav-update
signal-event clamav-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/clamd.conf
|+Affected file: /etc/clamd.conf
!Variable
!Variable
|}
|}
{| width="100%" cellspacing="0" cellpadding="5" border="1"
{| width="100%" border="1" cellpadding="5" cellspacing="0"
|+Affected file: /etc/freshclam.conf
|+Affected file: /etc/freshclam.conf
!Variable
!Variable
|6
|6
|}
|}
===== clamd =====
''Usage''
{| width="100%" border="1" cellpadding="5" cellspacing="0"
db configuration setprop clamd variable value
signal-event clamav-update
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/clamd/env/MEMLIMIT
|+Affected file: /var/service/clamd/env/MEMLIMIT
!Variable
!Variable
|MemLimit
|MemLimit
|MEMLIMIT
|MEMLIMIT
|600000000
|1400000000
|}
|}
db configuration setprop dhcpd variable value
db configuration setprop dhcpd variable value
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/dhcpd.conf
|+Affected file: /etc/dhcpd.conf
!Variable
!Variable
Note: the end of the dynamic IP range will be set to the value of 'endDynamicIPRange' ''minus'' the value of pptpd:sessions.
Note: the end of the dynamic IP range will be set to the value of 'endDynamicIPRange' ''minus'' the value of pptpd:sessions.
==== DNS Cache Forwarder (dnscache.forwarder) ====
==== DNS Cache Forwarder (dnscache / dnscache.forwarder) ====
''Usage''
''Usage''
db configuration setprop dnscache variable value
db configuration setprop dnscache variable value
signal-event dns-update
signal-event dns-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
or for some settings
|+Affected file: /var/service/dnscache.forwarder/config
signal-event console-save
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected files: /var/service/dnscache.forwarder/config, var/service/dnscache.forwarder/root/servers/@
!Variable
!Variable
!Target
!Target
!Default
!Default
!Options
|-
|-
|CacheSize
|CacheSize
|CACHESIZE
|CACHESIZE
|1000000
|1000000 (SME9 10000000)
|Variable
|-
|-
|DataLimit
|DataLimit
|DATALIMIT
|DATALIMIT
|3000000
|3000000 (SME9 12000000)
|Variable
|-
|Forwarder
|Forwarder
|not configured
|a.b.c.d - address of remote DNS server
|-
|Forwarder
|Forwarder2
|not configured
|a.b.c.d - address of remote DNS server
|}
|}
==== TinyDNS ====
''Usage''
db configuration setprop tinydns variable value
signal-event dns-update
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/tinydns/env
!Variable
!Target
!Default
|-
|ListenIP
|IP
|127.0.0.1
|-
|DataLimit
|DATALIMIT
|300000
|}
==== FlexBackup ====
==== FlexBackup ====
db configuration setprop flexbackup variable value
db configuration setprop flexbackup variable value
signal-event conf-backup
signal-event conf-backup
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/flexbackup.conf
|+Affected file: /etc/flexbackup.conf
!Variable
!Variable
|tar
|tar
|}
|}
==== Horde (webmail) ====
==== Horde (webmail) ====
expand-template /home/httpd/html/horde/conf.menu.apps.php
expand-template /home/httpd/html/horde/conf.menu.apps.php
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /home/httpd/html/horde/conf.menu.aps.php
|+Affected file: /home/httpd/html/horde/conf.menu.aps.php
!Variable
!Variable
|enabled
|enabled
|}
|}
expand-template /home/httpd/html/horde/config/conf.php
expand-template /home/httpd/html/horde/config/conf.php
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /home/httpd/html/horde/config/conf.php
|+Affected file: /home/httpd/html/horde/config/conf.php
!Variable
!Variable
expand-template /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
expand-template /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
|+Affected file: /etc/e-smith/templates/home/httpd/html/horde/config/prefs.php/200personal
!Variable
!Variable
|'Horde Webmail'
|'Horde Webmail'
|}
|}
expand-template /home/httpd/html/horde/turba/config/sources.php
expand-template /home/httpd/html/horde/turba/config/sources.php
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /home/httpd/html/horde/turba/config/sources.php
|+Affected file: /home/httpd/html/horde/turba/config/sources.php
!Variable
!Variable
==== Apache server ibay specific (httpd-e-smith) ====
==== Apache server ibay specific (httpd-e-smith) ====
see [[PHP]] for specific php options for ibays, or see [[Webhosting]] contrib.
''Usage''
''Usage''
db accounts setprop ibayname variable value
db accounts setprop ibayname variable value
signal-event ibay-modify ibayname
signal-event ibay-modify ibayname
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/httpd/conf/httpd.conf
|+Affected file: /etc/httpd/conf/httpd.conf
!Variable
!Variable
|-
|-
|SSL
|SSL
|Https access to ibay trough Apache.
|Force https access to ibay through Apache.
|disabled
|disabled
|}
|}
<br />
* these options are specific to SME Server 9 and are not backported to SME Server 8. See [[bugzilla:8239]]
''Usage''
db accounts setprop ibayname variable value
signal-event ibay-modify ibayname
==== Apache server-manager (httpd-admin) ====
==== Apache server-manager (httpd-admin) ====
''Usage''
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/httpd/conf/httpd.conf
!Variable
!Target
!Default
|-
|PermitPlainTextAccess
|
|no
|-
|ValidFrom
|
|ip/mask coma separated list
|}''Usage''
db configuration setprop httpd-admin variable value
db configuration setprop httpd-admin variable value
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services
|+Affected file: /etc/httpd/admin-conf/httpd.conf and /etc/services
!Variable
!Variable
|980
|980
|}
|}
==== IMAP (imap) ====
==== IMAP (imap) ====
db configuration setprop imap variable value
db configuration setprop imap variable value
signal-event email-update
signal-event email-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/imap/config
|+Affected file: /var/service/imap/config
!Variable
!Variable
{{Tip box|The notes on the concurrency limits noted under IMAPS also apply here. See below.}}
{{Tip box|The notes on the concurrency limits noted under IMAPS also apply here. See below.}}
{{Note box| for sme9, only the key imap has properties ConcurrencyLimitPerIP,checkConcurrencyLimit,ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically}}
* only for SME Server 9
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/imap/config
!Variable
!Target
!Default
|-
|AllowPlainText
|if set to disabled, dovecot will still listen on port 143, but will only accept TLS connexions, even from the local networks
|enabled/disabled, default is enabled
|}
==== IMAPS (imaps) ====
==== IMAPS (imaps) ====
These properties apply to SME versions before 9.0 only. After 9.0, the imap properties are used to control imaps concurrency and memory limits.
''Usage''
''Usage''
db configuration setprop imaps variable value
db configuration setprop imaps variable value
signal-event email-update
signal-event email-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/imaps/config
|+Affected file: /var/service/imaps/config
!Variable
!Variable
|128000000
|128000000
|}
|}
{{Note box| For sme9, only the key imap has properties ConcurrencyLimitPerIP, checkConcurrencyLimit, ProcessMemoryLimit. If you set these properties to the key imaps, a migrate fragment will remove them automatically. Look at /etc/dovecot/dovecot.conf for default values. ProcessMemoryLimit defaults to 256MB.
}}
{{Tip box|msg=You can see if you are running out of the number of available connections in your log file /var/log/dovecot/current (for sme8, it is /var/log/imap/current and /var/log/imaps/current) and look for messages like the log extract below where the ConcurrencyLimitPerIP was set to 12. A 13th connection was attempted and was denied.
@400000005396a2d215b40d9c imap-login: Info: Maximum number of connections from user+IP exceeded (mail_max_userip_connections=12):
user=<stephane>, method=PLAIN, rip=90.84.144.xxx, lip=192.168.xx.15, TLS
}}
}}
{{Tip box|Mobile devices have a tendency to frequently disconnect and connect from the network. When this disconnect happens, the sessions on the server are not always immediately cleaned up (they get cleaned up after a time out of some minutes). When the email client reconnects, they create new network connections and you get into the situation that these new connections get denied because of the concurrency limit. On the mobile device this may be noted as a "Unable to connect to server" message.
{{Tip box|Mobile devices have a tendency to frequently disconnect and connect from the network. When this disconnect happens, the sessions on the server are not always immediately cleaned up (they get cleaned up after a time out of some minutes). When the email client reconnects, they create new network connections and you get into the situation that these new connections get denied because of the concurrency limit. On the mobile device this may be noted as a "Unable to connect to server" message.
{{Tip box|Some email clients use a separate connection per imap folder, so the concurrency limits may occur for users that have many imap folders.
{{Tip box|Some email clients use a separate connection per imap folder, so the concurrency limits may occur for users that have many imap folders.
}}
}}
==== Dovecot ====
* Only for SME Server 9
With smeserver-dovecot installed, 4 services in the configuration DB are used<br />
imap and imaps are used to be backward compatible with e-smith-imap (and are used to control the TCPPort of the service, and if it's accessible from local network or from the internet)<br />
dovecot is now the main service entry in the configuration DB. It's used to control various optional features of dovecot
''Usage''
db configuration setprop dovecot variable value
signal-event email-update
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/dovecot/dovecot.conf
!Variable
!Target
!Default
|-
|AdminIsMaster
| if enabled, the admin user will be a [http://wiki2.dovecot.org/Authentication/MasterUsers master user], and will be able to login as any user. To do so use user1*admin as login and the admin password to log as user1
|enabled/disabled, default is disabled
|-
|FullTextIndexing
|will turn on or off the full text indexing. When this option is enabled, a first search in an IMAP folder will trigger indexation. Next searches will be much faster. Read [http://wiki2.dovecot.org/Plugins/FTS/Squat this page] before enabling this option
|enabled/disabled, default is disabled
|-
|LogActions
|will turn on or off extra logging (flag change, move, copy etc…). !! Warning !!: enabling this can generate a huge amount of logs
|enabled/disabled, default is disabled
|-
|Quotas
|will report the actual [http://wiki2.dovecot.org/Quota/FS used space and the remaining one if the user has a quota limit]
|enabled/disabled, default is enabled
|}
==== Fetchmail ====
Various fetchmail settings for email collection
''Usage''
db configuration setprop fetchmail variable value
signal-event email-update
See the man page for more settings:
https://www.fetchmail.info/fetchmail-man.html
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/fetchmail
!Variable
!Target
!Default
|-
|Verbosity
| For debugging
|silent/verbose, default is silent
|-
|SSL
|Use SSL
|enabled/disabled, default is disabled
|-
|Protocol
|POP3
|POP/Other, default is POP3
|-
|TCPPort
|Retrieved from smtpd
|default 25
|}
==== IPTables firewall (masq) ====
==== IPTables firewall (masq) ====
db configuration setprop masq variable value
db configuration setprop masq variable value
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/rc.d/init.d/masq
|+Affected file: /etc/rc.d/init.d/masq
!Variable
!Variable
|no
|no
|}
|}
{{Tip box|Special case is TCPPort and UDPPort from any DB key.
{{Tip box|Special case is TCPPort and UDPPort from any DB key.
db configuration setprop <servicename> UDPPorts <portnumbers>
db configuration setprop <servicename> UDPPorts <portnumbers>
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> status enabled|disabled
db configuration setprop <servicename> access public|private
db configuration setprop <servicename> access public|private|localhost
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> AllowHosts a.b.c.d,x.y.z.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
db configuration setprop <servicename> DenyHosts e.f.g.h,l.m.n.0/24
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" cellspacing="0" cellpadding="5" border="1"
{| width="100%" border="1" cellpadding="5" cellspacing="0"
|+Affected file: /etc/rc.d/init.d/masq
|+Affected file: /etc/rc.d/init.d/masq
!Variable
!Variable
|-
|-
|status
|status
|enabled | disabled
| enabled | disabled
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
|AllowHosts is set to "" (an empty string) unless the status is 'enabled'
|-
|-
|access
|access
|public | private
| public | private
|AllowHosts is set to "" (an empty string) unless access is 'public'
|AllowHosts is set to "" (an empty string) unless access is 'public'
|-
|-
|}
|}
==== SpamAssasin ====
==== SpamAssassin ====
''Usage''
''Usage''
db configuration setprop spamassassin variable value
db configuration setprop spamassassin variable value
signal-event email-update
signal-event email-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/mail/spamassassin/local.cf
|+Affected file: /etc/mail/spamassassin/local.cf
!Variable
!Variable
expand-template /etc/my.cnf
expand-template /etc/my.cnf
sv t /service/mysqld
sv t /service/mysqld
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/my.cnf
|+Affected file: /etc/my.cnf
!Variable
!Variable
signal-event timeserver-update
signal-event timeserver-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/ntpd/env/MEMLIMIT
|+Affected file: /var/service/ntpd/env/MEMLIMIT
!Variable
!Variable
|}
|}
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/ntp/step-tickers and /etc/ntp.conf
|+Affected file: /etc/ntp/step-tickers and /etc/ntp.conf
!Variable
!Variable
==== Php ====
==== Php ====
see [[PHP]] page for all the available options
''Usage''
''Usage''
db configuration setprop php variable value
db configuration setprop php variable value
expand-template /etc/php.ini
expand-template /etc/php.ini
/etc/init.d/httpd-e-smith restart
/etc/init.d/httpd-e-smith restart
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/php.ini
|+Affected file: /etc/php.ini
!Variable
!Variable
|AllowUrlFopen
|AllowUrlFopen
|allow_url_fopen
|allow_url_fopen
|Off
|-
|ExposePHP
|expose_php : Exposes to the world that PHP is installed on the server
|Off
|Off
|}
|}
''Don't forget "M" unit because you get a lot of httpd errors and apache can't start!''
''Don't forget "M" unit because you get a lot of httpd errors and apache can't start!''
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/php-fpm.d/{ibays.conf,www.conf,custom.conf} and /etc/e-smith/templates/etc/httpd/conf/httpd.conf/
!Variable
!Target
!Default
|-
|AllowUrlFopen
|AllowUrlfOpen
|disabled, set to enabled
|-
|MemoryLimit
|MemoryLimit
|disabled, set a M as unit, eg 64M
|-
|UpMaxFileSize
|UpMaxFileSize
|disabled, set a M as unit, eg 64M
|-
|PostMaxSize
|PostMaxSize
|disabled, set a M as unit, eg 64M
|-
|MaxExecTime
|MaxExecTime
|disabled, set time in second without units, eg 60 or unlimited
|}
==== Virtual Private Network (VPN) (pptpd) ====
==== Virtual Private Network (VPN) (pptpd) ====
db configuration setprop pptpd variable value
db configuration setprop pptpd variable value
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/ppp/options.pptpd
|+Affected file: /etc/ppp/options.pptpd
!Variable
!Variable
|passive
|passive
|enabled
|enabled
|-
|Interfaces
|Unknown
|not set by default
|}
|}
{| width="100%" cellspacing="0" cellpadding="5" border="1"
{| width="100%" border="1" cellpadding="5" cellspacing="0"
|+Affected file: /etc/pptpd.conf
|+Affected file: /etc/pptpd.conf
!Variable
!Variable
|no
|no
|}
|}
==== Pro FTP (proftpd) ====
==== Pro FTP (proftpd) ====
db configuration setprop ftp variable value
db configuration setprop ftp variable value
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/proftpd.conf
|+Affected file: /etc/proftpd.conf
!Variable
!Variable
|no
|no
|}
|}
==== Qmail ====
You can set the maximum size of email to be sent<br />
''Usage''
expressed in bytes
db configuration setprop qmail MaxMessageSize 15000000
signal-event email-update
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/proftpd.conf
!Variable
!Target
!Default
|-
|MaxMessageSize
|The maximum email size for sending
|15000000
|}
====Qpsmptd====
{{Note box |For KOOZALI SME 10 server, qpsmtpd replaces smtpd.}}
Work in progress !!
''Usage''
config show qpsmtpd
config setprop qpsmtpd variable value
signal-event email-update
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file:
.conf
!Variable
!Target
!Default
|-
|Authentication
|Authentication
|enabled
|-
|Bcc
|Bcc
|disabled
|-
|BccMode
|BccMode
|cc
|-
|BccUser
|BccUser
|maillog
|-
|DKIMSigning
|DKIMSigning
|enabled
|-
|DNSBL
|DNSBL
|disabled
|-
|Instances
|Instances
|40
|-
|InstancesPerIP
|InstancesPerIP
|5
|-
|LogLevel
|LogLevel
|6
|-
|MaxScannerSize
|MaxScannerSize
|25000000
|-
|MaximumDateOffset
|MaximumDateOffset
|0
|-
|PatternScan
|PatternScan
|disabled
|-
|Proxy
|Proxy
|blocked
|-
|RBLList
|RBLList
|bl.spamcop.net,dnsbl-1.uceprotect.net,dnsbl-2.uceprotect.net,psbl.surriel.com,zen.spamhaus.org
|-
|RHSBL
|RHSBL
|disabled
|-
|RelayRequiresAuth
|RelayRequiresAuth
|enabled
|-
|SBLList
|SBLList
|multi.surbl.org,black.uribl.com,rhsbl.sorbs.net
|-
|TCPPort
|TCPPort
|25
|-
|TCPProxyPort
|TCPProxyPort
|25
|-
|TlsBeforeAuth
|TlsBeforeAuth
|1
|-
|UBLList
|UBLList
|multi.surbl.org:8-16-64-128,black.uribl.com,rhsbl.sorbs.net
|-
|URIBL
|URIBL
|disabled
|-
|VirusScan
|VirusScan
|enabled
|-
|access
|access
|public
|-
|qplogsumm
|qplogsumm
|disabled
|-
|status
|status
|enabled
|-
|tnef2mime
|tnef2mime
|enabled
|-
|
|
|
|}
==== Samba global settings (smbd) ====
==== Samba global settings (smbd) ====
db configuration setprop smb variable value
db configuration setprop smb variable value
signal-event ibay-modify
signal-event ibay-modify
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/samba/smb.conf
|+Affected file: /etc/samba/smb.conf
!Variable
!Variable
|use client driver
|use client driver
|yes
|yes
|-
|LogLevel
|log level
|1
|}
|}
db accounts setprop ibay_name variable value
db accounts setprop ibay_name variable value
signal-event ibay-modify
signal-event ibay-modify
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/samba/smb.conf
|+Affected file: /etc/samba/smb.conf
!Variable
!Variable
|VetoOplockFiles
|VetoOplockFiles
|veto oplock files
|veto oplock files
|(not set)
|-
|Audit
|full_audit
|disabled
|-
|KeepVersions
|If RecycleBin is enabled in smbd, then you can keep version of recycle bin
|disabled, set it to enabled
|-
|ShadowCopy
|If Shadowcopy is enabled in the smbd, then you can turn off per ibay
|enabled, set it to disabled
|-
|cscPolicy
|set the csc policy (manual, documents, programs, disable)
|(not set)
|(not set)
|}
|}
db configuration setprop squid variable value
db configuration setprop squid variable value
signal-event proxy-update
signal-event proxy-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/squid/squid.conf
|+Affected file: /etc/squid/squid.conf
!Variable
!Variable
signal-event proxy-update
signal-event proxy-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq
|+Affected file: /etc/squid/squid.conf and /etc/rc.d/init.d/masq
!Variable
!Variable
|}
|}
{| width="100%" cellspacing="0" cellpadding="5" border="1"
{| width="100%" border="1" cellpadding="5" cellspacing="0"
|+Affected file: /etc/rc.d/init.d/masq
|+Affected file: /etc/rc.d/init.d/masq
!Variable
!Variable
|3128
|3128
|}
|}
''Alternate Usage for Configuration of an Up-Stream Proxy Server''
''Alternate Usage for Configuration of an Up-Stream Proxy Server''
db configuration set squid-parent-variable value
db configuration set squid-parent-variable value
signal-event proxy-update
signal-event proxy-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/squid/squid.conf
|+Affected file: /etc/squid/squid.conf
!squid-parent-variable
!squid-parent-variable
db configuration setprop sshd variable value
db configuration setprop sshd variable value
signal-event remoteaccess-update
signal-event remoteaccess-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/ssh/sshd_config
|+Affected file: /etc/ssh/sshd_config
!Variable
!Variable
|MaxStartups
|MaxStartups
|10:30:60
|10:30:60
|-
| MotdStatus
| MotdStatus (display or not the motd)
| enabled
|-
|-
|PasswordAuthentication
|PasswordAuthentication
|IP address(es) list
|IP address(es) list
|}
|}
{{Note box|Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu.
{{Note box|Currently in SME 7.2 and up, TCPPort is configurable via server-manager, under Remote Access menu.
Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.}}
Ssh will then only be allowed from those IP addresses. The firewall code will drop ssh connections from any other hosts.}}
=====Autoblock_ssh=====
see [[AutoBlock#Public_SSH_Acess]]
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/ssh/sshd_config
!Variable
!Target
!Default
|-
|AutoBlockTime
|AutoBlockTime
|900
|-
|AutoBlockTries
|AutoBlockTries
|4
|-
|AutoBlock
|AutoBlock
|enabled for sme9/disabled for sme8
|}
==== smtpd ====
==== smtpd ====
{{Warning box| OBSOLETE. smtpd has been deprecated in sme10. now the variable is qpsmtpd.}}
''Usage''
''Usage''
config setprop smtpd variable value
config setprop smtpd variable value
signal-event email-update
signal-event email-update
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/qpsmtpd/runenv<br>
|+Affected file: /var/service/qpsmtpd/runenv<br>
'''[[bugzilla:7846]]''': Changes to <code>'''Instances'''</code> or <code>'''InstancesPerIP'''</code> require a restart of qpsmtpd:<br>
'''[[bugzilla:7846]]''': Changes to <code>'''Instances'''</code> or <code>'''InstancesPerIP'''</code> require a restart of qpsmtpd:<br>
<code>expand-template /var/service/qpsmtpd/config && sv t /service/qpsmtpd /service/sqpsmtpd</code>
<code>expand-template /var/service/qpsmtpd/runenv && sv t /service/qpsmtpd /service/sqpsmtpd</code>
!Variable
!Variable
!Target
!Target
|}
|}
{| width="100%" border="1" cellpadding="5" cellspacing="0"
<br />
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/service/qpsmtpd/config/smtpgreeting
|+Affected file: /var/service/qpsmtpd/config/smtpgreeting
!Variable
!Variable
|}
|}
{| width="100%" border="1" cellpadding="5" cellspacing="0"
<br />
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /var/qmail/control/helohost
|+Affected file: /var/qmail/control/helohost
!Variable
!Variable
config setprop yum variable value
config setprop yum variable value
signal-event yum-modify
signal-event yum-modify
{| width="100%" border="1" cellpadding="5" cellspacing="0"
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/yum.conf
|+Affected file: /etc/yum.conf
!Variable
!Variable
|-
|-
|check4updates
|check4updates
|Frequency of Update Checking [[:SME_Server:Documentation:FAQ#Frequency|see here]]
|Frequency of Update Checking daily(default but monthly or weekly available)
|daily
|daily
|-
|-
|All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer'
|All or part of an RPM name to be excluded from 'Available Packages' in the 'Software Installer'
|none
|none
|-
|DeltaRpmProcess
| Only changes between the installed package and the new one are downloaded. Once the delta rpm loaded, a rebuilding process is started only SME10 see [[bugzilla:8834]])
| disabled (by default)/enabled
|-
| DownloadOnlyHour XX (0-23)
| Set the time when to download rpm updates by yum (only sme10 see [bugzilla:1502]])
| default is 04 AM if no property
|}
|}
See also 'db yum_repositories'
See also 'db yum_repositories' [http://wiki.contribs.org/Category:Yum_Repository All available repositories]<br />
''Usage''
db yum_repositories setprop RepositoryName variable value
signal-event yum-modify
{| width="100%" cellspacing="0" cellpadding="5" border="1"
|+Affected file: /etc/yum.smerepos.d/sme-base.repo
!Variable
!Target
!Default
|-
|EnableGroups
|Enable groupinstall with yum
|Yes(default)/no
|-
|GPGCheck
|Enable the rpm verification by GPG of the repository signature
|Yes(default)/no
|-
|MirrorList
|It is the base url where the repository can be found
|no default value
|-
|status
|Enable the repository in yum, all updates will be installed if enabled
|disabled/enabled
|-
|Visible
|The repository can be selected from 'Enabled repositories' in the 'Software Installer' in order to be Enabled by Yum if set to yes
|no
|-
|IncludePkgs 'rpm1,rpm2,rpm3'
|Only rpms mentioned here will be available for installation or upgrade.
|
|-
|Exclude 'rpm1,rpm2,rpm3'
| rpms mentioned here will be excluded by yum
|
|-
|DeltaRpmPercentage XX
| Defines the maximum ratio allowed between the delta rpm size and the package size on a per-repository basis: by default, delta rpms can’t be bigger than 75% of the size of the associated rpms, otherwise they are not used. Set to disabled if you don't want to use deltarpm for this repository (only SME10 see [[bugzilla:8834]])
| default is '75' if no property
|}
==== Miscellaneous Other DB Variables ====
==== Miscellaneous Other DB Variables ====
Note that any command listed here is to be executed on one line!}}
Note that any command listed here is to be executed on one line!}}
{| width="100%" cellspacing="0" cellpadding="5" border="1"
{| width="100%" border="1" cellpadding="5" cellspacing="0"
!Command
!Command
!service(s)
!service(s)
|}
|}
==== Port Forwarding ====
Server manager will create two databases, one for TCP and one for UDP
db portforward_tcp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port}
db portforward_udp set {port} forward AllowHosts {some.host.ip} Comment {Test} Denyhosts {0.0.0.0/0} DestHost {dest.host.ip} DestPort {port}
Apply with:
signal-event portforwarding-update
----
----
{| width="100%" cellspacing="0" cellpadding="5" border="1"
!Variable
!Target
!Default
|-
|port
|Incoming Port for Forwarding
|none
|-
|DestPort
|Destination Target Port
|port
|-
|DestHost
|Destination Host IP
|none
|-
|AllowHosts
|Allowed Hosts
|0.0.0.0/0
|-
|DenyHosts
|Denied Hosts
|0.0.0.0/0
|-
|Comment
|Notes for this rule
|none
|}
[[Category:Howto]]
[[Category:Howto]]
[[Category:Developer]]
[[Category:Developer]]