Changes

Jump to navigation Jump to search
m
Clarify use of secondary mail server
Line 17: Line 17:     
This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server. To do this, simply check the box for "Enable NTP Service", add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". Using a time server is optional but doing so can greatly increase the accuracy of your system.
 
This screen in the server manager allows you to configure your server to connect regularly to a time server and synchronize the clock on the server with the time provided by the time server. To do this, simply check the box for "Enable NTP Service", add the domain name or IP address of the time server in the space provided and click "Save NTP Settings". Using a time server is optional but doing so can greatly increase the accuracy of your system.
For more information about using a network time server, visit http://www.ntp.org/. You can also find a list of publicly available time servers at http://www.eecis.udel.edu/~mills/ntp/servers.htm. You should always use a secondary time server (also called a stratum 2 server) to lighten the load on the primary time servers.
+
For more information about using or becoming a network time server, visit http://www.pool.ntp.org
    
{{Tip box|In order to make sure the network time server is set to your timezone, you should go through this screen once and manually set the time to be correct and with the correct timezone. After doing that, go back to this panel and set the server to use a network time server.}}
 
{{Tip box|In order to make sure the network time server is set to your timezone, you should go through this screen once and manually set the time to be correct and with the correct timezone. After doing that, go back to this panel and set the server to use a network time server.}}
Line 30: Line 30:  
Also in this section, you can specify whether the server should be the domain master for your Windows workgroup. Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master.
 
Also in this section, you can specify whether the server should be the domain master for your Windows workgroup. Most sites should choose "Yes" unless you are adding an server to an existing network which already has a domain master.
   −
{{Warning box|If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server, you should most likely answer "no" because that other server will act as the domain master.}}
+
{{Warning box|If you have a Windows NT server or Windows 2000 server on your network that is functioning as a network server, you should answer "no" as that other server will act as the domain master.}}
    
If you do configure your system to be the domain master, a special Windows share called NETLOGON is created with a DOS batch file called netlogon.bat. This batch file is executed by Windows clients that have been configured to "Logon to domain". The netlogon.bat file we provide by default does very little, but advanced users can, if they wish, modify this script to set environment variables for their clients or provide automatic drive mappings.
 
If you do configure your system to be the domain master, a special Windows share called NETLOGON is created with a DOS batch file called netlogon.bat. This batch file is executed by Windows clients that have been configured to "Logon to domain". The netlogon.bat file we provide by default does very little, but advanced users can, if they wish, modify this script to set environment variables for their clients or provide automatic drive mappings.
    
As the NETLOGON share is only writable by the "admin" user, you modify the netlogon.bat script by logging on to a Windows system as "admin", connecting to the share and then modifying the script using a Windows text editor. Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools. As the "admin" user, you will need to connect to the share or map a drive to it, by using the specific path:
 
As the NETLOGON share is only writable by the "admin" user, you modify the netlogon.bat script by logging on to a Windows system as "admin", connecting to the share and then modifying the script using a Windows text editor. Be aware that the NETLOGON share will not be visible in Network Neighborhood or other similar tools. As the "admin" user, you will need to connect to the share or map a drive to it, by using the specific path:
\\ servername \NETLOGON\
+
\\servername\NETLOGON\
   −
The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client.
+
The sample file contains a few examples of setting the system time for each machine and also for mapping a common drive for all Windows client.<br />
 +
 
 +
Note: The [[SME_Server:Documentation:Administration_Manual:Chapter7#Setting_up_network_drives|Chapter 7]] has a method for admin to edit the netlogon.bat file using the command line.
    
====Directory====
 
====Directory====
Line 70: Line 72:  
[[Image:Hostnames.png]]
 
[[Image:Hostnames.png]]
   −
'''Using the Hostnames Panel'''
+
====Modify Hostname====
Throughout the screens linked to from the Hostnames panel, you will find the text "Publish globally?" with a checkbox next to it.
+
 
Suppose, for example, your company's web site was hosted at some other location, such as on your ISP's web servers. If you wanted "www.mycompany.xxx" to point to your ISP's server, you would modify the entry here by clicking the "Modify..." link next to "www". The image below shows the screen in which you would perform the task:
+
'''Using the Hostnames Panel''' Suppose, for example, your company's web site was hosted at some other location, such as on your ISP's web servers. If you wanted "www.mycompany.xxx" to point to your ISP's server, you would modify the entry here by clicking the "Modify..." link next to "www". The image below shows the screen in which you would perform the task:
 +
 
    
[[Image:Modify-hostname.png]]
 
[[Image:Modify-hostname.png]]
   −
You would first change the location to "Remote" and then enter the IP address of your ISP's server in the field marked "Global IP".
     −
=====Creating New Hostnames=====
+
You would first change the location to "Remote" and then enter the IP address or Fully Qualified Domain Name (FQDN) of your ISP's server in the field marked "IP Address or FQDN". See [[Bugzilla: 6297]]
Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.
+
 
 +
=====Rename Server=====
 +
If you were to rename a SME server (eg. myserver.mydomain.com) for any reason, you would go to the [[SME_Server:Documentation:Administration_Manual:Chapter6|server console]] (logged in as admin) and choose configure the server and change the name and then reboot. However, the various parts of the server listed in server-manager (Hostnames and addresses) would still show the old name and would not be able to be deleted. See [[Bugzilla: 5953]]
   −
Note that if your system is configured with any virtual domains, you will have the choice of the domain in which you want to create the hostname. This allows you, for instance, to have "www.tofu-dog.com" pointing to one IP address and "www.mycompany.xxx" pointing to a completely separate IP address.
+
To remove old entries:
   −
The hostnames you can create on this panel fall into three categories:
+
db hosts delprop myserver.mydomain.com static
   −
Additional names for your server: For instance, you might want to set up "intranet.mycompany.xxx" to point to your server. All you do here is enter the hostname and, if appropriate, choose the domain for the hostname.
+
To check:
   −
Remote hosts: As mentioned in the example earlier, you might want to point a hostname such as "www" to a remote system. While "www" is created by default, you can create other names such as "home", "research", or any other appropriate name. In the form, you simply enter the hostname, choose the domain, and enter the remote IP address.
+
db hosts show
   −
Local hosts: This screen is a bit more complicated because you have more options. At a basic level, you can create a hostname in a domain that points to another computer on your local network. To do this, just type in the hostname and enter the IP address in the "Local IP" field. For instance, you might want "research" to point to a computer system inside your network.
+
====Creating New Hostnames====
 +
 +
Creating new hostnames simply involves selecting one of the links at the top of the Hostnames and addresses panel and filling out the appropriate fields.
 +
 +
Note that if your system is configured with any virtual domains, you will have the choice of the domain in which you want to create the hostname. This allows you, for instance, to have "www.tofu-dog.com" pointing to one IP address and "www.mycompany.xxx" pointing to a completely separate IP address.
 +
 +
The hostnames you can create on this panel fall into three categories and are available from the drop box "Location":See [[Bugzilla: 6297]]
   −
Where this gets complicated is when you want "research.mycompany.xxx" to be accessible both inside and outside your local network. The challenge is that your local IP addresses are only accessible inside your network. For that reason, the target computer system will need to have two network interface cards - one connected to the internal network and one connected to the external network. You would then enter both IP addresses in this screen in the "Local IP" and "Global IP" fields.
+
'''Self:'''  Additional names for your server: For instance, you might want to set up "intranet.mycompany.xxx" to point to your server. All you do here is enter the hostname and, if appropriate, choose the domain for the hostname.
 +
 +
'''Remote:''' As mentioned in the example earlier, you might want to point a hostname such as "www" to a remote system. While "www" is created by default, you can create other names such as "home", "research", or any other appropriate name. In the form, you simply enter the hostname, choose the domain, and enter the remote IP address or FQDN. See [[Bugzilla: 6295]]
 +
 +
'''Local:''' This screen is a bit more complicated because you have more options. At a basic level, you can create a hostname in a domain that points to another computer on your local network. To do this, just type in the hostname and enter the IP address in the "Local IP" field. For instance, you might want "research" to point to a computer system inside your network.
 +
 +
Where this gets complicated is when you want "research.mycompany.xxx" to be accessible both inside and outside your local network. The challenge is that your local IP addresses are only accessible inside your network. For that reason, the target computer system will need to have two network interface cards - one connected to the internal network and one connected to the external network.
   −
{{Note box|The "Ethernet address" field when creating a hostname pointing to a local host is only used for reserving IP addresses through DHCP as mentioned in the next section.}}
+
{{Note box|At this stage, one cannot create a Hostname under local using a FQDN. However, it is possible to point to a local machine entering the FQDN of this machine as "remote" if this FQDN is valid.}}
    
=====Reserving IP Addresses Through DHCP=====
 
=====Reserving IP Addresses Through DHCP=====
Line 100: Line 116:  
Rather than configuring the machine manually, you can reserve an IP address from the DHCP server for that specific machine. This has the same result as manually configuring a static IP address, but offers two benefits. First, you have one location to keep track of all assigned static address. Second, through the DHCP server you will provide network settings. If you wish to change those settings, the change can be simply done on your server. All DHCP clients will then receive those updated changes when they renew their DHCP-provided addresses.
 
Rather than configuring the machine manually, you can reserve an IP address from the DHCP server for that specific machine. This has the same result as manually configuring a static IP address, but offers two benefits. First, you have one location to keep track of all assigned static address. Second, through the DHCP server you will provide network settings. If you wish to change those settings, the change can be simply done on your server. All DHCP clients will then receive those updated changes when they renew their DHCP-provided addresses.
   −
To reserve an IP address, you must first determine the Ethernet address of your client system. Windows NT/2000 users can type the command ipconfig /all . Windows 95/98 users can run the command winipcfg . Linux/UNIX users can type ifconfig.
+
To reserve an IP address, you must first determine the Ethernet address of your client system. Windows NT/2000 users can type the command  
 +
ipconfig /all
 +
Windows 95/98 users can run the command
 +
winipcfg
 +
Linux/UNIX users can type
 +
ifconfig
    
Once you have determined the client's Ethernet address, click on the link to create a new hostname for a local host. Add the hostname of the target system, the Ethernet address along with the desired IP address into the web panel. From this point on specified IP address will only be provided to a client system with the matching Ethernet address.
 
Once you have determined the client's Ethernet address, click on the link to create a new hostname for a local host. Add the hostname of the target system, the Ethernet address along with the desired IP address into the web panel. From this point on specified IP address will only be provided to a client system with the matching Ethernet address.
Line 137: Line 158:  
====E-mail====
 
====E-mail====
 
As shown below, this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail.
 
As shown below, this section of the server manager allows you to specify the protocol used to retrieve e-mail from your ISP and configure other settings regarding the retrieval of e-mail.
 +
 +
There is a comprehensive [[:email]] howto with alternative and advanced suggestions.
    
[[Image:Email.png]]
 
[[Image:Email.png]]
Line 146: Line 169:  
* POP and IMAP server access: The options are "Private" and "Secure Public". The former allows access only from your local network. The latter allows access from anywhere on the Internet.
 
* POP and IMAP server access: The options are "Private" and "Secure Public". The former allows access only from your local network. The latter allows access from anywhere on the Internet.
   −
{{Note box|Even with POP and IMAP configured for public access, users outside your local network are not able to send e-mail using your server as their SMTP host. Allowing this would open your server to abuse by spammers as a mail relay. Users who are travelling should either:<br />
+
* Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. More information can be found in the [[SME_Server:Documentation:User_Manual:Chapter4|Chapter on Webmail.]]
  a. use the STMP server of their local ISP;<br />
  −
  a. use PPTP to connect to your internal network; or<br />
  −
  a. use webmail to read and send their mail.<br />
  −
}}
  −
 
  −
* Enable/Disable Webmail: With this option you can enable or disable the webmail component of your server. More information can be found in Chapter 16. Webmail.
      
=====E-mail Filtering=====
 
=====E-mail Filtering=====
 +
Extra types of email attachments can be blocked with the instructions at [[:Virus_blocking_tutorial]]
    
[[Image:Email-filtering-1.png]]
 
[[Image:Email-filtering-1.png]]
Line 167: Line 185:     
Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider:
 
Your choice of e-mail retrieval mode will depend on the arrangements you made with your Internet service provider:
* If you have a dedicated connection, set E-mail retrieval mode to "Standard".
+
* If you have a dedicated connection, set E-mail retrieval mode to "Standard". The secondary mail server setting does not operate in this mode and any attempt to set one will not be accepted. See ETRN or multidrop for use of secondary mail server.
 
* If you arranged "ETRN" support with your ISP, choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet.
 
* If you arranged "ETRN" support with your ISP, choose that setting and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will provide temporary e-mail storage when your server is not connected to the Internet.
 
* If you arranged "multidrop" mail service from your ISP, choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. Further down the screen, you will need to specify the user account and password assigned by your ISP for this POP mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.)
 
* If you arranged "multidrop" mail service from your ISP, choose "multidrop" and then scroll down to the field that asks for the IP address or hostname of your ISP's secondary mail server. This secondary mail server will receive all e-mail for your domain and store it in a single POP mailbox. Further down the screen, you will need to specify the user account and password assigned by your ISP for this POP mailbox. Your server will periodically fetch this mail and distribute it to individual POP mailboxes on the server. (Note that due to problems receiving mail for mailing lists, we strongly encourage people to NOT use multi-drop e-mail.)
   −
If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network.
+
If you want to forward e-mail to another mail server for processing, enter the mail server IP address in the box marked Delegate mail server . A common use for this is if your server is receiving inbound e-mail from the Internet, but you would like to pass that mail to a different mail server on your internal network.<br />
Note: Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering)
+
 
 +
{{Note box| Delegate mail server implies that all mail which is accepted is passed on to the delegate mail server (IOW, that other guy is the mail server, I'm not, so I expect him to do everything, eg spam filtering)}}
 
If you intend to have an external mail server handle mail for your domain, just
 
If you intend to have an external mail server handle mail for your domain, just
 
send the mail directly to that mail server, via the MX record for your domain.
 
send the mail directly to that mail server, via the MX record for your domain.
Line 185: Line 204:  
[[Image:Email-delivery.png]]
 
[[Image:Email-delivery.png]]
   −
* Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here. Note, This option has been moved to the Collaboration > User panel.
+
* Forwarding address for administrative notices: The default address for administrative notices (i.e. undeliverable mail, backup notifications and other status/error messages) is "admin". If you'd like those messages to be sent elsewhere, enter the address here. Note, This option has been moved to the Collaboration > User > admin panel.
    
{{Note box|Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.}}
 
{{Note box|Be aware that all messages sent to postmaster, root or mailer-daemon at your domain are sent to either admin or the address that you enter in this field.}}
Line 195: Line 214:  
* Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here.
 
* Internet provider's SMTP server: Normally the server will send outgoing messages directly to their intended destination. If, however, you have an unreliable connection or are using a residential Internet service, it may be advisable to route e-mail via your provider's SMTP server. In that case, you should enter the SMTP server's hostname or IP address here.
 
In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet.
 
In fact, if you have a temporary dial-up connection to the Internet, you may find that you need to use your ISP's mail server in order to deliver mail to some locations. As a reaction to the huge volume of unsolicited commercial e-mail ("spam"), many Internet sites are refusing direct SMTP connections from IP addresses that are known to be temporary dial-up accounts. For this reason, you may need to use your ISP's mail server since it will have a permanent connection to the Internet.
 +
 +
====Antivirus (ClamAV)====
 +
Default for SME8 is Sunday morning. With SME8.1 ISO (or as soon as smeserver-clamav-2.2.0-13.sme is released) default will be Saturday morning.
 +
 +
When set to occur weekly Clamav weekly scan has been configured to run Saturday morning (typically between 00:00 to 01:00 local time). Users with large systems may wish to only schedule a weekly AV scan (taking place on Saturday morning) in order to avoid overlap with disk-check scheduled on Sunday morning. [[Bugzilla:7656]]
    
====Review Configuration====
 
====Review Configuration====

Navigation menu