Re: [e-smith-devinfo] Is this alowed?
On Tuesday 30 December 2003 02:35, Brian Luerssen wrote: Unless they have modified gpl sourcecode, at which point they are obligated (i think..) to release their changes/improvements back to the world. To the best of my knowledge (IANAL), if the source is distributed with the product at the time, the source code only has to be made available to the recipients of the GPLed binairies in question. They (the recipients) of course are free to make such source available to 'the world' at large - the GPL gives them that right. It is generally considered good form for the person/company releasing the binaries to make the code available to 'the world' at large via the internet, but section 3 of the GPL does *not* explicity require this. Read section 3 of the GPL for further details. :-) As many have noticed, it is also common practice to create and distribute a 'system' Foo, based on program A (released under the GPL) and program B (release under a propriatary license). This then creates a system that cannot be redistributed as a whole, although certain components can. Mitel does this with SME, and SmoothWall does this. So do quite a few Linux distro's. This is presumable what Richard Morrell meant when he said SmoothWall corporate products take GPL code and make it proprietary, since the literal intepretation of that sentance is clearly false. A 'fine line' can occur since it is not always clear at what point program B becomes a derived work of program A, and thus ceases to be proprietary and instead falls under the GPL. The point is that there is nothing in the GPL the prohibits the creation of proprietary systems based on GPLed components in this way, although some care does need to be taken, due to (occasionally) fuzzy nature of deciding when something is a 'derived work'. Personally, I think the SME team at Mitel have gone to great lenghts to comply both with the black-letter requirements of the GPL, and its spirit. That being said, I am even happier that E-Smith is now being passed over to the development community at large. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Thank you Mitel!
On Friday 19 December 2003 18:56, Wayne Bollinger wrote: Christmas Greetings Everyone, Before this list shuts down, I want to express my gratitude to all of the Mitel employees who have worked so hard over the years to produce a simply amazing product. I would also like to add my thanks to the SME team at Mitel, and in particular of going to the effort of doing a proper handover to contribs.org. I know nothing of Mitel's internal structure or politics, but it is not a small company and SME is only a small part of it. It is my assumption (perhaps I'm being too hard on the rest of Mitel here) that the rest of Mitel is not very 'open-source aware' and that Charlie, Dan York, Gordon et al have worked very hard to keep the open-source spirit of SME alive, and I think they have done a great job. I believe that they have all acted well beyond the call of duty, and I honour their efforts and their huge gift to the community. Seasons greetings too all. Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] dyndns.org update behind NAT?
On Wednesday 29 October 2003 04:10, Charlie Brady wrote: On Tue, 28 Oct 2003, Gordon Rowell wrote: The SME server is unlikely to ever see an ip-change event - it's external address will be effectively static. True, so neither the original proposal nor my much simpler one would work. [Did I ever mention that external NAT boxes are almost always more trouble than they're worth? Search the boards for problems if you don't believe me.] A solution that does work, which I used for several years, is # ping -R -c1 a.machine.at.your.isp | head -n 5 | tail -n 1 You have to adjust the head -n N to some N that depends on exactly your setup. It is best to ping the server at your isp that is the known gateway for the IP block you get allocated a dynamic IP address from, since the -R option can only record the ip addresses for 9 hops. Also, your ISP may have configured their servers to ignore the RECORD_ROUTE option, in which case you are out of luck, but I've personally not seen that yet. It has always worked for me. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Exchange for SME
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Monday 06 October 2003 08:27, Cyrus Bharda wrote: Well as with a lot of people I am still looking for an exchange alteranative that will run on SME, and there was a lot of talk about Samsung Contact On a related note, has anyone tried exchange4linux (http://sourceforge.net/projects/exchange4linux/)? exchange4linux is a production/stable server solution to store/exchange workgroup data on Linux in a style simular to Exchange. Main goal is to provide Outlook users a free and open server alternative on Linux. Please check also www.exchange4linux.org It is fully GPL, and written in Python. It says it is stable, but I have no idea just how stable it really is, since I've not tried it. (Ran across it by mistake just a few days ago.) Anyway, I thought this might interest some people here. Cheers, Rasjid. - -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/gK86Ky47Gpt+QCERAosLAJ43XjVnzXFy2ZpzkjKFchpriTTjlwCeNsUk 2qFMInvoOOXwjgYsbGjzAJ8= =/5gl -END PGP SIGNATURE- -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Shadow Copy
Kevin Tollison wrote: A friend sent this link to me today with the message: I finally found at least one reason to use Windows Server! I have not found anything similar to this for Linux. Is it out there and if not would it be feasible to attempt a project like this project? http://www.microsoft.com/windowsserver2003/techinfo/overview/scr.mspx Unix has been technically able to do this since the creation of hardlinks and cron (ie, most likely since before Microsoft even existed as PC in Bill's garage). It has, or course, only been very recently (last year or two) that harddrive storage space has dropped in price to the point where it is economical to do this. I implemented my own version of this for SME a while back, using a second 'backup' server that also gets all the users and permissions etc, and set with a 2 hourly cron, so that each user can restore their own files. No admin assistance required - just browse the network and restore the file as it was 2, 4, 6 hours ago, or yesterday, or last week. And as all permissions are kept, users can only access the files they normally have access to. Rsync is then used once a night to move the data offsite for recovery in the case of a fire etc. Go to http://www.openminddev.net/twiki/bin/view/Main/MitelSME#Rsync_Snapshot_style_backups if you wish to have a look at my scripts. They are based on (an old version of) Mike Rubel's rsync backup scripts. (See http://www.mikerubel.org/computers/rsync_snapshots/ for the most recent version of Mike's howto.) NOTE: I really never got around to 'polishing' my scripts at all - and now I know Perl I would probably use a (modified?) version of rsback (http://sourceforge.net/project/showfiles.php?group_id=59547) or something similar. Or I'd just code the whole thing in Python because I like Python. Certainly I recommend staying away from Bash scripts - debugging them is an absolute pain. Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Getting webmail to work after PHP upgrade
On Thursday 28 August 2003 13:04, Dan Brown wrote: From: Rasjid Wilcox [mailto:[EMAIL PROTECTED] libraries from horde) and I have not been able to get webmail to work after upgrading to php 4.3.2. Have you tried following the steps from http://www.leiinc.com/repository/Linux/Mitel_SME_Server/HowToGuides/sme56_imp-horde-php_upgrade.htm ? They seem to cover everything you'd need to do. Just what I was looking for! And thanks to Greg Zartman, Dan and Hsign-Foo Wang for the HOWTO. Rasjid. -- Rasjid Wilcox Canberra, Australia UTC + 10 http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Getting webmail to work after PHP upgrade
I have done a short howto on installing the MySource content management system on SME (http://www.openminddev.net/twiki/bin/view/Main/MitelSME#Installing_http_mysource_squiz_n). I have tried various things (upgrading horde, imp etc, installing the pear libraries from horde) and I have not been able to get webmail to work after upgrading to php 4.3.2. My next idea was to detail files are under /usr/share/pear/ and try an install all the missing libraries manually. Unfortunately my php knowledge is zip, and so I'd really just making stabs in the dark. My guess is that simply doing 'pear install module' for each one that seems missing may do the trick, but will I end up with module versions incomplatible with SME? Before I proceed on another wild goose chase, any suggestions or pointers to existing howto's would be greatly appreciated. Thanks, Rasjid. -- Rasjid Wilcox Canberra, Australia UTC + 10 http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Developing printer queue web interface
-Original Message- From: Charlie Brady [mailto:[EMAIL PROTECTED] Now, having said all this, I think you may be trying to reinvent the wheel. I vaguely recall someone already having a contrib to manage printer queues. My guess is that Charlie is thinking of the following contrib. http://www.contribs.org/contribs/saco/contrib/saco-mitel-lprng-monitor/ I installed it for a friend not that long ago, and have had no complaints. From the notes is seems that it requires admin access, but the source is provided, so the potential to add user-level authentication is there. Still probably easier than re-inventing the wheel. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Modifying tcpserver and rblsmtpd
On Saturday 07 June 2003 10:51, Tom Carroll wrote: Thanks Rasjid. I will take a look at it. Any chance you will be updating your how-to for Server Gateway mode? I'll hopefully update it later this week. It looks like I currently have the following on my server to allow port 25 through when running qpsmtpd instead of smtpfront-qmail. # cat /etc/e-smith/templates-custom/etc/rc.d/init.d/masq/45AllowSMTP { my $status = ${'smtpfront-qmail'}{'status'} || disabled; my $access = ${'smtpfront-qmail'}{'access'} || public; $OUT = allow_tcp_in(25, 1); #($status eq enabled) ($access eq public)); } This is not the 'right' thing to do of course since it now ignores the 'status' and 'access' flags, but it will do for the moment. I would suggest that the 'right' thing to do is to decouple whether 'smtpfront-qmail: status' is enabled from whether 'mail' is enabled, and rename 'smtpfront-qmail: access' to 'mail: access'. However, this kind of change is really a choice for the Mitel developers to make. In the mean time I'll think about how to code a fragment that will work regardless of whether smtpfront-qmail or qpsmtpd is being used. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia UTC + 10 http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Plone/Zope for SME 5.5+
On Sat, 15 Feb 2003 9:00 am, Brian High wrote: snip 3) install RPMs: # rpm -Uvh --nodeps db4-4.0.14-14.i386.rpm # rpm -Uvh python-2.2.1-17.i386.rpm # rpm -Uvh Plone-1.0-2.2_1.i386.rpm I think you will find that a # rpm -Uvh db4-4.0.14-14.i386.rpm python-2.2.1-17.i386.rpm removes the --nodeps requirement. IMO, --nodeps should be avoided if at all possible. To start Plone: # /etc/init.d/plone start (Will restart on next reboot as well.) To access plone: http://SERVER_ADDRESS:8080 To admin Zope: http://SERVER_ADDRESS:8080/manage login as 'admin'. password is 'plone'. Note, you can change the port it runs on by editing /usr/sbin/plone-zserver. I have had issues in the past with ISP's transparently redirecting any traffic to this port to their webproxy, on the grounds that when people change ISP they often forget to change their proxy settings in their browser, and this way they don't have too. Brian, I have successfully installed the rpms provided on SME 5.6. However, some of the components do not seem to work. In particular, when trying to add a forum, I get the following error: Our apologies... The item you requested does not exist on this server or cannot be served. Please double check the web address or use the search function on this page to find what you are looking for... 404 Not Found At this point I have no idea whether it is my setup, the rpms or simply a misconfiguration. I'm curious to know if it works for you, as it narrows the field slightly. Anyway, thanks a lot Brian for the compilation. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +11 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] MySql Remote Connection
On Tue, 11 Feb 2003 8:06 pm, Ed Form wrote: snip When you broach the idea of a Linux server with a client and demonstrate it, he falls about laughing at the suggestion that he would swap Outlook for something like PHP Groupware or Twiggi - not because these products are weak, or incapable of doing the job, but because he isn't willing to even think about using something so backyard-looking. In other words, one of the things that devinfo could be really usefully engaged in is supporting the development of a small set of Windows applications that remove *every* need to buy MS business software and which, when offered with SME as an office-in-a-box solution, make potential clients confident that they really can do without that execrable business rip-off MS Exchange server. As much as I love E-Smith/SME, I must say that one of my personal pet hates is the web-based interface for anything trying to be an application (as opposed to a web-site). I hold out great hopes for Chandler (http://www.osafoundation.org/index.htm) as the eventual MS Outlook/MS Exchange killer, and I expect it will be only a 18 months to two years before it has some chance of meeting the needs of the average business. It depends somewhat on how much active interest it gets from the rest of the open-source community. For those wanting to *quickly* develop cross-platform GUI apps, I can highly recommend Python and wxWindows/wxPython, at least for small apps. And since the Open Source Applicaitotns Foundation has chosen to write Chandler in it, that looks like a vote of confidence for large apps too. If anyone wants to start writing some wxPython apps for SME, let me know, as I'd be happy to help. I may even start my own as soon as I get some of my other projects out of the way. (For example, I'd like to write a 'find file' application that runs using locate and grep on the SME server. The amount of network traffic created by doing a windows 'find file' on a workstation to find a file on a server has always struck me as absurd!) Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +11 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] MySql Remote Connection
On Tue, 11 Feb 2003 2:02 pm, Gordon Rowell wrote: snip And you are correct (apologies). We do block MySQL access via packet filters on the external interface, but do not currently block it from the local network, though we intend to do so. Hopefully this will be done a db entry, so it will be easy to enable local network access again. -- Rasjid Wilcox Canberra, Australia (UTC +11 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Qmail environment variables
On Sat, 8 Feb 2003 3:37 am, Greg J. Zartman wrote: Does anyone know how to set qmail environment variables? Try /etc/tcprules/tcp.smtp (or rather, the template(s) that create it). -- Rasjid Wilcox Canberra, Australia (UTC +11 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Setting qmail environment (was Re: your mail)
On Sat, 8 Feb 2003 10:37 am, Greg J. Zartman wrote: PS In an off line discussion, Greg has said that we can ignore his question regarding these environment variables. So I guess we'll never know which varialbes he wnated. I'm working on a SpamAssassin contrib and was looking at different options for routing mail to the spamd daemon. I was looking for the qmail env. variable QMAILQUEUE. I've talked with several spamassassin gurus on the spamassassin mailing list and they've pointing me in various directions and solutions. My first preference is to route messages to spamd at the mail queue, but this isn't going well. The spamassassin gurus recommend a qmail-queue wrapper that is written in perl. Not a great option due to the overhead associated with compiling a perl script every time a message is queued. Does the suggested wrapper work with pperl (persistent perl)? If so, then the wrapper can be compiled once, and then stays in memory. On a related note, the latest CVS version of qpsmtpd (http://develooper.com/code/qpsmtpd/) now works with pperl, and it already has a spamassassin plugin builtin. It is what I'm using on my home system. I have done a basic HOWTO (tested on SME 5.5 only) at http://www.openminddev.net/twiki/bin/view/Main/MitelSME. I have almost finished the first cut of an email accounting system to go with it. It records the amount of email traffic each user is receiving, the number of messages blocked by the spamfilters etc. Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +11 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Central contrib and howto location
On Tue, 28 Jan 2003 8:33 am, Jeff Coleman wrote: Any comments or suggestions? I also think it is a very good idea. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] CVS over ssh HOWTO
On Wed, 22 Jan 2003 1:52 pm, Michael P. Soulier wrote: Greetings, I recently had to grant access to my SME server at home to a few developers working with me on a project. I've set it up so that they can access my CVS repository via ssh, but not login to the box, since they don't need to (principle of least access). I took a few minutes and documented it into a HOWTO. Constructive criticism welcome. http://www.e-smith.org/docs/howto/cvs_ssh_howto.html For those wanting a good CVS GUI frontend for any Java enabled platform, I would highly recommend SmartCVS. It is not open-source, but it comes in two versions - a free version which is good for a single developer who just wants to use CVS to track or share their own code, and the professional version which has all the features you want for multi-developer collaboration. I would rate SmartCVS as vastly superiour to WinCVS or any of the other CVS frontends I could get working on Windows. For windows, I would suggest getting the version with the bundled JRE, as I could not get the Java only version to work (although I have not tried the latest update). For Linux, the Java only version worked fine with Sun's JRE. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Php applications in Virtual domains
I've got FUDforum working with SME, with the easist way just to have it as a 'global' application (ie, before the virtual domain definitions). The downside is that all virtual domains see same forums. I have also installed it in an Ibay, as the obvious way of having separate forum installations for different virtual domains. However, I have a strong memory of someone on this list saying not to install php applications in ibays (for security reasons IIRC), but if the ibay is set up for read/write by the admin group only, is this a problem? (I also don't really have any local users besides myself.) OTOH, perhaps my memory is completely wrong. Could someone who knows about php security in SME and the 'right' way of doing things please set me straight. I've got both FUDforum and TikiWiki working on SME, but want to get some of the details clarified before I put up some draft HOWTO's. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Backup to disc
On Wed, 18 Dec 2002 3:37 pm, Andre Joanisse wrote: Hi, have you looked at unison? Peter W at ifost did a port for the SME Server. It uses rsync between servers, similar to Rasjid. I haven't used it myself, but sounds like what you are looking for and it's available now. http://www.ifost.org.au/Software/ http://www.cis.upenn.edu/~bcpierce/unison/ HTH, André On Wed, 18 Dec 2002 03:21 pm, Greg Orange wrote: I finished the first cut of my script last week, and other than moving our 'offsite backup box' offsite, it is in production. (Which is not to say it is bug free, although I hope not). We have around 27 Gig of files, but so far the daily rsync transfer would generally be between 100-300 MB. I just need to wait for formal approval from our CEO before posting to the list. Should be next week. Rasjid. Are you likely to release it any time soon? From what it sounds like, I'm trying to implement almost exactly the same thing, and would love to have your script (: Offsite backup went into full production last Sunday and I have permission to share. I just need to tidy it up a little (ie, add explanations etc) and I will post a link with details to the list. I'm on holidays now, so probably won't get to it until after Christmas. Most of the though has gone into creating the hourly or daily 'snapshots' using hardlinks to save diskspace. It does *not* just do a simply copy/backup of the SME server. I'm sure it could be adapted to use Unison or whatever, rather than rsync as the transport protocol. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Backup to disc
-Original Message- From: Ian Wells [mailto:[EMAIL PROTECTED]] Last month there was some discussion on this list on Backups to disc. Rasjid had a rsync script, and also mentioned rsback Noah was looking at BackupPC, which looks interesting, http://backuppc.sourceforge.net/info.html Did anything come of these initiatives? I finished the first cut of my script last week, and other than moving our 'offsite backup box' offsite, it is in production. (Which is not to say it is bug free, although I hope not). We have around 27 Gig of files, but so far the daily rsync transfer would generally be between 100-300 MB. I just need to wait for formal approval from our CEO before posting to the list. Should be next week. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] [Beta] qpsmtpd HOWTO
From: Les Mikesell [mailto:[EMAIL PROTECTED]] snip ... it is hard to beat the combination of: sendmail (8.12.x+) MimeDefang (running concurrently with sendmail with the 'milter' interface) SpamAssassin (run internally by MimeDefang) Clam Antivirus (running as the 'clamd' daemon) Mimedefang and clamd run as daemons communicating over sockets back to sendmail during the SMTP conversation so (a) you don't start and initialize big programs for each message and (b) you can tell sendmail to reject or alter handling of a message based on the scan results - other methods force you to accept it first and then deal with generating a bounce message if you want to reject it. Actually, qpsmtpd will allow you to do this. You certainly do not need to accept the message first and then bounce it. This was my whole reason for being interested in qpsmtpd. I don't want to pay for the download of a message I'm going to reject. Of course, for things like mimedefang, spamassassin and clam, you need to have basically got the message before you can tell anyway, but you can still return the error message via the SMTP transaction, not sending a bounce. I will be very interested to look at Charlie's MessageWall Contrib, as it sounds like it will allow the same kind of things, only faster. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] [Beta] qpsmtpd HOWTO and sql_maillog
I have a beta HOWTO on how to install qpsmtpd on SME. The HOWTO is available at http://www.openminddev.net/twiki/bin/view/Main/MitelSME qpsmtpd is a qmail-smtpd replacement written in perl, written by Ask Bjørn Hansen. Its main feature is that it is easy to create 'plugins' to do things with your mail. A number of plugins for removing spam (including dropping it at the SMTP level) have been written (can query relays.ordb.org and spamsources.fabel.dk for example). There is also a plugin for checking mail with clamav anti-virus, and a few people have written plugins for dropping mail to non-existant users. I have not tested the spamain and clamav plugins on SME yet. That is next on my TODO list. [BETA] sql_maillog plugin for qpsmtpd. I've done a plugin to qpsmtpd that logs a fair amount of connection info to a mysql database. In particular it logs: The time, remote_host dns name and ip address, the sender return address, the recipient, the size of the mail header and body, and the actual header of the mail. This allows precise tracking of how much data an indiviual user is sending and receiving via email. It also allows for dynamic spam blocking. For example, if an IP address sends mail to 5 non-existant users, we could immediately add them to our personal 'blacklist'. See http://www.openminddev.net/twiki/bin/view/Main/QpsmtpdPlugins for info on the sql_maillog plugin. Cheers, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] [Beta] qpsmtpd HOWTO and sql_maillog - NOW CONSIDERED ALPHA
On Tue, 3 Dec 2002 12:42 am, Rasjid Wilcox wrote: I have a beta HOWTO on how to install qpsmtpd on SME. The HOWTO is available at http://www.openminddev.net/twiki/bin/view/Main/MitelSME ### I have revised this HOWTO to ALPHA status ### DO NOT USE ON A PRODUCTION SERVER. It has been pointed out to me that this is forking a key component of SME (mailfront), and that it will not currently survive upgrades to either mailfront or SME in general. Also, some of the steps are not the 'SME way' and may have unforseen consequences. Thanks muchly to Darrell May for quickly bringing this to my attention. * Assistance Sort * I would be delighted by any assistance in integrating qpsmtpd into SME so that it conforms with the SME configuration format and will survive upgrades etc. I see a lot of potential for qpsmtpd to help fight the SPAM problem and other useful things. Thanks, Rasjid. -- Rasjid Wilcox Canberra, Australia (UTC +10 hrs) http://www.openminddev.net -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] 5.6beta install problems
On Thu, 28 Nov 2002 6:51 am, Craig Genner wrote: snip And before I do that I will try another download of the ISO :-) If you use rsync with the -P option, with your current (bad) ISO as the target (and a good copy as the source) it will fix your ISO at the cost of probably under a Meg of data transferred. It will be much quicker (and depending on how you are charged over in the UK) much cheaper than downloading the whole ISO over again. Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] templates-*
I've been meaning to ask this for ages. I know what /etc/e-smith/templates and templates-custom are for, but what are templates-user and templates-user-custom for?? Are they ever used, or are they just a leftover from a bygone era? Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] [ALPHA] mailrules for SME5.5 available
-Original Message- From: Gordon Rowell [mailto:[EMAIL PROTECTED]] I'm not clear why you're trying to impose relay rules on the local interface(s). Gordon is right. There is not need to worry about mailrules on local interfaces. I have not looked at SME 5.6 yet, but I imagine that it has all the setup we need to implement this on 5.5. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] GUI Backup/ restore - current software
-Original Message- From: Rasjid Wilcox [mailto:[EMAIL PROTECTED]] snip That being said, I have almost finished putting together an 'incremental snapshot rsync backup' which backs up to another PC running SME. A base level PC with a 80Gig drive is probably less than a tape drive. Or you can even use that old P200 sitting in the corner. We will also be using this to do automated offsite backups over the net. Given the level of interest, I will attempt to clean up the code a little and put up some files and a HOWTO within the next week or so. Feel free to remind my if I get distracted, I won't take offense. ;-) You can also look at rsback. (http://www.pollux.franken.de/hjb/rsback/) I found this after having almost finished my own version. I am actually fairly keen to see if I can adapt it to our needs, and it is likely to be more stable than my bash hack. Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] GUI Backup/ restore - current software
On Mon, 18 Nov 2002 2:01 pm, Stewart Evans wrote: After sorting through a pile of datasheets, and noticing the last big discussion on backup software was back in July. Is there a GUI/Web based software that you would recommend to a customer who needs single file recovery access to their backups and is more familiar with something like retrospect ( for example ) They have seen Backup edge for one and have not sadly found it easy to use for this purpose. The system must have onboard tape drive, therefore network backups are not being considered ( 5-10GB per day of data ) We have been using TapeWare for almost 2 years on an SME Server, and have found it to be quite good. The Windows clients talks quite happily to the Linux server. See http://www.tapeware.com. That being said, I have almost finished putting together an 'incremental snapshot rsync backup' which backs up to another PC running SME. A base level PC with a 80Gig drive is probably less than a tape drive. Or you can even use that old P200 sitting in the corner. We will also be using this to do automated offsite backups over the net. With a bit of trickery with rsync, hardlinks and samba, you can have 'snapshot' backups that (except for the first copy) only take up the harddrive space of the differences. eg, the first backup might be 10Gig. Each days backup after that is only 100MB, but it looks like you have a complete copy of the all files for each day. The files are shared via samba, so users just go to //backup/files/snapshots/2002-11-17-13.15/ibays/files/some.file.doc and restore their file. They don't even have to talk to the sysadmin. :-) The idea came from Mike Rubel's 'Easy Automated Snapshot-Style Backups with Linux and Rsync'. Unfortunately Mike's site seems to be down. (Normally http://www.mikerubel.org/computers/rsync_snapshots/.) See the Google cache - http://216.239.37.100/search?q=cache:o1j8_RqeSIcC:www.mikerubel.org/computers/rsync_snapshots/+%27rotating+backups%27+mike+rubelhl=enie=UTF-8 You can also look at rsback. (http://www.pollux.franken.de/hjb/rsback/) I could probably post my rsync backup script if there is interest, as it is designed with SME in mind. I'd need to clear that with work though. The script is also a little 'rough and ready' at the moment. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Possible mailfront replacement
I have been looking at 'qpsmtpd' (http://develooper.com/code/qpsmtpd/) as a possible replacement for mailfront (or qmail-smtpd, depending on how you view things). It is written in perl, and can potentially do the 'drop spam at the doorstep' thing that many people (including myself) would like. I got a moderate way through configuring it and testing it out, but at the moment I seem to either end up with an open relay or a mailserver that can't send mail externally. Is the choice about whether to act as a relay (ie, if talking to someone on a local IP address, then I'll relay mail anywhere, otherwise I'll only deliver internally) decided by mailfront, or some other part of the qmail system?? Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Possible mailfront replacement
On Tue, 19 Nov 2002 12:58 am, Gordon Rowell wrote: On Tue, Nov 19, 2002 at 12:09:26AM +1100, Rasjid Wilcox [EMAIL PROTECTED] wrote: I have been looking at 'qpsmtpd' (http://develooper.com/code/qpsmtpd/) as a possible replacement for mailfront (or qmail-smtpd, depending on how you view things). It is written in Perl, and can potentially do the 'drop spam at the doorstep' thing that many people (including myself) would like. [...] The mailfront version in 5.6 has sender/recipient pattern matching, which should be able to provide what you are after (once you develop the appropriate match rules). I installed mailfront 0.81 on SME 5.5 and gave it a test. It does not quite do what I would expect. In detail: # rpm -Uvh mailfront-0.81-1.i386.rpm # touch /etc/mailrules # echo /etc/mailrules /service/smtpfront-qmail/env/MAILRULES Edit /etc/mailrules to: k*:[EMAIL PROTECTED] d*:*:There is no mailbox for that user here. Result: All mail is rejected, even stuff address to [EMAIL PROTECTED] The d*:* trumps the k*:[EMAIL PROTECTED] So I'm afraid that mailfront (as it currently stands) will not do the job, unless something can think of some other config to use. Be aware that simple sender/recipient matching will almost certainly drop some legitimate mail. qpsmtpd can do blocking by IP address, with quite complicated arrangements. It can forward mail through a virus scanner before placing it in the mail queue. It can be integrated with spamassassin. It is written in Perl and has an OO design for the easy creation of custom plugins. It can bake bread and then toast it for you. It is very cool. I was planning to do sender, recipient, date and IP logging of all mail, possibly to a MySQL table, and build up my own 'blacklist'. I may or may not use a third-party blacklist datasource. Hopefully I can set things up so that all mail to postmaster gets through regardless, so a legitimate user can complain (and get put on a whitelist) in the case that it is not their fault that their ISP allows spammers on its network. [...] Is the choice about whether to act as a relay (ie, if talking to someone on a local IP address, then I'll relay mail anywhere, otherwise I'll only deliver internally) decided by mailfront, or some other part of the qmail system?? It's done by mailfront (as a direct replacement for qmail-smtpd) based on the setting of RELAYCLIENT. Thanks Gordon. I take it that is what /etc/tcprules/tcp.smtp does. I think it all makes sense now. I just need to merge the existing run script for mailfront with the one for qpsmtpd, and I think it will all work. Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] developing on SME 5.x
On Mon, 21 Oct 2002 9:08 am, Charlie Brady wrote: On 20 Oct 2002, Rob Walker wrote: For e-smith 5.1.2, should I have a full build of redhat 7.3 available so that I can do the once in a while rpm --rebuild ?? RH 7.1 And for 5.5, what? RH 7.2 For 5.6, I suspect a redhat 7.3 setup? Rh 7.3. Remember though that 5.1.2 and 5.5 use a 7.0 update kernel, so for any kernel module development you'll need kernel-source version 2.2.19-7.0.8. Note also that rpm --rebuild is being phased out (gone in RH 8.0). Do rpmbuild --rebuild instead. I'd like to make sure I understand this correctly. Is it the case that creating an rpm for SME 5.5 can be done on a standard RH 7.2 system with all updates applied, except in the case of kernel module development? (This is despite the fact that it has a 2.4 kernel and SME 5.5 has a 2.2?) To build my MimerDesk perl module rpm's, I used an SME 5.5 machine with make, gcc etc installed. I did this to ensure that I had the right kernel. However, if this is unnecessary, I would much rather build on a standard RH 7.2 system, since then I would have rpms that I could release for RH 7.2 too. I guess my question is: Which is better to build and package on - a) a modified SME with make, gcc etc installed, or b) the relevant RedHat base distribution? Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] [BETA] freeswan contrib for SME5.5 available
On Wed, 6 Nov 2002 1:55 am, Abe Loveless wrote: too, but not yure if it is possible with two DSL Lines without fixed ip addresses at both wnds - did you use two fixed ip address end points or one/two of them are road warriors ? Michael Michael, My particular case used 2 static IP addresses. Search the forums, I know I saw a thread with instructions for setting up 1 end as dynamic. I don't know about dynamic addresses on both ends. AFAIK, you can do IPSec with only one fixed IP address, but not with none. Part of its security is that it authenticates against IP addresses, and I'm pretty sure it does not rely on DNS lookups. OTOH, I'm pretty sure that PPTP will work with dynamic addresses both ends, as long as you have some way of communicating the new addresses - Dynamic DNS perhaps. You would need to install the PPTP client on SME - but that should not be hard. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] MimerDesk 1.5.3.2 packaged for SME 5.5
MimerDesk is the best open-source HTML based groupware package that I've come across. See http://www.mimerdesk.org/. MimerDesk 1.5.3.2 is the current production release of MimerDesk, although I believe that 1.6 is nearing completion. I have done an initial packaging of the Perl modules required for MimerDesk 1.5.3.2. This makes the install take a few minutes, rather than, well, somewhat longer. This is my first time at packaging anything, and I've just used the cpan2rpm utility. I'm well aware I need to check SME naming conventions and dependancy issues. Please consider this PACKAGING a first draft. Any feedback would be most appreciated. The files are available from http://www.openminddev.net/files/mimerdesk/1.5.3.2/mitelsme/5.5/ I suspect that the rpm's will work okay on SME 5.1.2 too, but I have not tested it. I am only on a connection with a 64kb uplink, and so I have not hosted the MimerDesk tarball. Please get that from the MimerDesk site. http://www.mimerdesk.org/download/releases/mimerdesk-1.5.3.2.tar.bz2 Cheers, Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Devinfo co-operation (was Re: devfino - where is it going?)
On Sat, 2 Nov 2002 9:55 am, Charlie Brady wrote: All I ask is that you respect Mitel's right to do what it chooses to do in the interest of its customers and shareholders. I think one of the things that we need to be clear about is that while SME is an open-sourced product, it is not currently an 'openly developed' product. This list is not where the key development decision get made. Perhaps it was once. (I don't know since I've only been involved with SME since it was owned by Mitel.) Regardless of whether I think it is a wise decision by Mitel or not, I respect their commercial right to act as they see fit. There is another Linux based product that I use - Astaro Security Linux. Astaro takes a very similar approach to Mitel. The development of the product is 'closed', but they have a 'ASL Hackers / Beta Version' Forum, which is for beta version feedback and for discussion of non-supported user developed addons. Some of these contributions may (occasionaly) make it back into the core product. As it currently stands, I think this list is essentially here to provide the same functions: a place for feedback on beta versions and the discussion of user developed addons. In this context, the contributions made by Mitel employees should be appreciated for what they are - a gift to the 'SME Hacker community'. That all being said, I think there are things that we, the 'SME Hacker Community' (aka Devinfo) could do to make life better for ourselves. I think we could do with a better system for managing SME contributions (both HOWTO's and RPM's). We could possibly even do with our own website for news and running our own Groupware interface. This could be hosted by someone in the community, or we could use Sourceforge or Savanah (http://savanah.gnu.org). The important thing is that it has to be *our* effort. We cannot demand that Mitel provide anything more than they already do. They provide a great product, with source code. They offer to host user developed contributions for free. They provide a mailing list for discussing ideas. If we want more, then WE need to do it. For example, there is no reason that we (the Devinfo community) could not set up our own bug-tracking system, which would then be available to both us and Mitel. In my view, a publicly accessible bug tracking system (for non-security related bugs) would be a Good Thing(tm). One of the key benefits of open source is the 'many eyeball' effect, but it only works if the bug tracking system is public, since the person who finds a bug is rarely the person who can fix it. The best way to demonstrate this to Mitel would be to do it, and contribute back fixes. Oh, and just to be clear. I'm not in any way suggesting that we 'fork' SME in any way. It is mainly user developed contributions that I have in mind here, not a new version of SME. It is just that if we want utilities to make our life easier, we need to provide them. What do others think?? Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] multi-homed Internet redundancy project
-Original Message- From: Darrell May [mailto:dmay;netsourced.com] Rasjid Wilcox [EMAIL PROTECTED] said: our firewall is Linux based so I think much of what I plan to do will carry across. Great. Keep us posted. Unfortunately, not much positive to report. The load balancing from the Linux Advanced Routing and Traffic Control page works okay when you only have outgoing connections, but it all gets horribly messy when you have incoming connections like SMTP and PPTP. I did a lot of reading and a fair bit of playing around, but it was all looking like way too much work for not enough return. I am now planning to implement something along the lines of Brian's Stayalive, as it is relatively easy, understandable and is good enough for our needs. Sorry I can't offer more. :-( Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Anti-spam measures
On Tue, 15 Oct 2002 10:50 pm, Rasjid Wilcox wrote: I remember a while back (June to be precise) there was some discussion about SME 5.5 and the removal of obtuse smtp, which meant that one of the contribs that dropped spam 'at the door' (ie, you don't pay for the wasted bandwidth) no longer worked. Has this been resolved now (in 5.5), or will it be resolved in 5.6? I guess this is a yes (at least for 5.6), based on the post by Gordon that came in whilst I was composing the above. I should check my new mail before hitting send next time. On Tue, 15 Oct 2002 10:22 pm, Gordon Rowell wrote: We funded development of pattern matching support in mailfront specifically to ensure that such relay attempts could be dropped at the front door rather than within qmail itself. I presume the contrib would need updating to work with Mailfront rather than Obtuse SMTP? Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] Anti-spam measures
On Tue, 15 Oct 2002 10:56 pm, Brandon Friedman wrote: Which contrib was it? I think you mean Darrell May's? Yes, I do mean Darrell's. And by the comments just passed, I'm hoping that it can now be made to work with 5.6 (or even 5.5). I really don't like paying to download spam. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] multi-homed Internet redundancy project
-Original Message- From: Darrell May [mailto:[EMAIL PROTECTED]] Greetings, I would like to open for discussion a possible development project for designing multi-homed Internet redundancy into SME 5.5. By this I mean utilize three nics, two external network interfaces, each with a separate static ethernet Internet connection (ex. CABLE ADSL) and one internal nic deployed 'something' like this: Internet1/eth1 Internet2/eth2 --- SME --- eth0 --- Lan Definitely looking for Internet redundancy so that if one Internet connection goes down, SME continues to access the Internet. Load balancing would be a definite asset but not my key focus. Has anyone ventured down this path either with SME or any other relevant Linux distro/firewall/router product? Is anyone interested in this functionality for SME? We have just recently acquired a second ADSL connection, and plan to implement something along the lines of your suggestion within the next week or two. However, we don't use SME as our firewall (just our mail / web and file-server :-), but our firewall is Linux based so I think much of what I plan to do will carry across. They key information for load balancing seems to be http://lartc.org/howto/lartc.rpdb.multiple-links.html I have yet to discover whether the above solution 'automagically' provides redundancy or not. If people are interested, I will post back to the list when I have had a chance to play with this. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Searchable archive at http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Quotas
I have not installed 5.5 at work yet (still waiting for the CD's), but from memory it allows you to specify group quota as well as user quota. Setting the group quota will limit just the files in the users home directory. (Only files stored under users home directory are in the users group - anything in an ibay is in the ibay group.) Note that any mail stored on the server will also count against the users group quota. Rasjid. -Original Message- From: Greg J. Zartman [mailto:[EMAIL PROTECTED]] Sent: Thursday, 25 July 2002 7:18 AM To: Devinfo Subject: [e-smith-devinfo] Quotas Could someone please clarify for me the quota function under SME 5.5? Based on what I currently understand of this function, it seems of little value. The server-manager states that quotas include both data stored in a users home directory as well as information in an Ibay. Including data stored in an Ibay doesn't seem to make any sense. Here's why: Let's say that Engineer Fred here in my office creates an AutoCAD drawing that's 200mb in size and stores that file in a project directory located in an ibay. Later, my boss QCs the drawing and finds mistakes. Fred's gone on vacation, so the boss asks me to make the changes. I do so and save the file. Now SME thinks I'm storing 200mb of additional data on the server even though I didn't physically create or store the file on the server. Given a situation, or situations, like this, a persons quantity of stored data could vary significantly depending on what type of work they are engaged in. Seems it would make more sense to count only that data stored in a persons home directory when computing quotas. This insures that users are only limited on the amount of data that they personally store on the server. -- Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. 1243 West 7th Avenue Eugene, Oregon 97402 541-683-8383 541-683-8144 www.leiinc.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Quotas
-Original Message- From: Charlie Brady [mailto:[EMAIL PROTECTED]] On Wed, 24 Jul 2002, Gordon Rowell wrote: We don't currently have group quotas. That would be a great project for someone to implement. Indeed. Since each user has their own group, home directory quotas could be managed that way as well. When we (that is I) developed the quota support (based on earlier work by Damien Curtian), there was a bug in the perl CPAN module we use which meant that group quotas could not be manipulated. That could very well be fixed by now. I have been using group quota's on SME since 4.1.2. While we are waiting for someone to jump forward and offer to do some nice panels (or modify the existing one), I have some shell scripts to make it easy to do from the command line. I also have some documentation I did for work, which I can massage into a mini-HOWTO and will post on my website in the next day or so. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Exchange replacements
Another option for those looking for an MS Exchange / MS Outlook replacement that works with SME could be 'Time and Chaos' from http://www.isbister.com. They also have an Email Client (Express Plus) that integrates with 'Time and Chaos' to provide a complete Email / shared Calendar / shared Scheduling etc solution. I had a quick play with it a few months ago. It relys on nothing by Samba file sharing, and can in fact be run entirely in peer-peer mode (although it works better with all files on a central server like an SME box). It has some features that potentially make it far more powerful that MS Outlook. It has a reasonably generous licence arrangement (1 licence per user, not machine) and generally looks like good value. I can't say much more as I've only had a quick play with it. You can download an evaluation version for free. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] SCP rather ftp
-Original Message- From: Brandon Friedman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, 17 July 2002 4:22 AM To: Mitel Devinfo List Subject: [e-smith-devinfo] SCP rather ftp For those looking to move from insecure ftp... I have found a great little util called WinSCP... http://winscp.vse.cz/eng/ I don't know if it's been mention on the list yet, but I find to be a useful as putty! I've been using FileZilla as my FTP client for a while. It is a very nice FTP client and seems to be developing quite quickly. The latest version supports SFTP. Just had a quick play, and it looks very nice. http://sourceforge.net/projects/filezilla The downside of SFTP on E-Smith is that users get access to the whole directory tree, rather than just being restricted to /home/e-smith/files/. I had a quick look on the bulletin boards, but couldn't see any reference to enabling SSL on the FTP service. Has this already been done by someone? Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Some wish-list ideas for version 6.0
-Original Message- From: ed sharpe [mailto:[EMAIL PROTECTED]] note though on any of these MFH 2002 systems we do not have mail enabled yet! For around a month I had my home SME mail server running on a 486DX4 133MHz machine. If it wasn't for the fact that I wanted to enalble remote WebMail access and run TWiki, it probably would still be running on it. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: [e-smith-devinfo] Group Quota
-Original Message- From: Brandon Friedman [mailto:[EMAIL PROTECTED]] Sent: Friday, 17 May 2002 2:19 AM To: Mitel Devinfo List Subject: [e-smith-devinfo] Group Quota I have given up try to implement default quota on the filesystem - instead I intend to try use group quota. My previous experience (prior to 5.1.2) I could get user quota to work -not group quota. Anybody got experience on group quota? I assume you simply meaning passing the -g flag to the relevant quota commands? If so, I have been using group quota here for the last 3 releases. Group quota's enable you to limit user files in the home directory (and mail) but leave the amount of space for ibays unrestricted. (ie, my personal files and mail can only be 200MB, but my shared file use is unrestricted). This, IMO, is often what you want in an office environment. I would have thought the group quota worked almost 'out of the box' in 5.1.2. It certainly works here, but I may have made some minor adjustments that I don't remember. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
RE: Re: [e-smith-devinfo] LTSP
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 19 March 2002 8:03 AM To: [EMAIL PROTECTED] Subject: Fwd: Re: [e-smith-devinfo] LTSP Oops. Forgot the list on the reply. - Forwarded message from [EMAIL PROTECTED] - Date: Mon, 18 Mar 2002 14:50:20 -0600 (CST) From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Subject: Re: [e-smith-devinfo] LTSP To: Ole Schelde [EMAIL PROTECTED] It has been my experience that the server needs to be running an X Server manager of some sort... In the particular case of my experiment over the weekend, nothing worked until I had X running on the server. I have not actually looked used the LSTP yet (although I have known about it for some time), but my experience in setting up X-Terminals is that, yes, the server needs to be running xdm, kdm or gdm, and to have all files in place so that it can run X. However, it does not actually need to run X itself. In a standard RedHat setup, you can edit the xdm config files so that runlevel 5 starts xdm but not actually X. If using xdm or kdm, edit /etc/X11/xdm/Xservers. If using gdm, edit the [servers] section of /etc/X11/gdm/gdm.conf. Please refer to the LTSP documentation, specifically section 6 Trouble shooting (the answer to my problem lay in 6.6.1 point 1) http://www.ltsp.org/documentation/ltsp-3.0.0/ltsp-3.0.html#AEN707 Cheers! Ari Quoting Ole Schelde [EMAIL PROTECTED]: Why do you want the SME server to run X? It is not nessesary to run X on the server. The LTSP package contains the X server that the client need. Ole No, you don't need to run X on the server. However, for an X-Terminal to log onto the server via an XDMCP session, the server needs to have everything in place so that it can run X. Having said all this, and having wondered about adding X to SME myself, I personally came to the conclusion that if you are going to add X to SME then you may as well stick to a full-blown standard distribution. But if someone wants to work on it, I'd be happy to provide some feedback / testing and possibly even contribute a little. :-) Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] smtpd_check_rules bug
Darrell, On your 'Other e-mail settings', I take it you have 'E-mail to unknown users:' set to 'Send to administrator'? Perhaps try setting this to 'Return to Sender'. Rasjid. - Original Message - From: Darrell May [EMAIL PROTECTED] To: e-smith-devinfo [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, January 08, 2002 1:40 PM Subject: [e-smith-devinfo] smtpd_check_rules bug smtpd_check_rules/60AllowLocalDomains Problem: - the '60AllowLocalDomains' fragment allows all smtp connections to proceed simply if the domain name matches a local domain. This permits message traffic even if the message is addressed to an invalid e-mail account. Executive Summary: - Consider a large user base server, say a school, where during the term hundreds of students have an active e-mail account. The students sign up for multiple mailing lists etcetera. The term ends. The students leave and their usernames are removed from the system. Even though the account has been removed, e-mail coming to this account is still permitted by 60AllowLocalDomains. Of course what happens is the message is unable to be delivered and an error report is forwarded to the postmaster. This now becomes a _monumental_nightmare_ for the system admin to plough through all the hundreds of daily error messages. Suggestion: - remove '60AllowLocalDomains' and replace with a new '60AllowEmailAddresses' fragment. This could be built using the code similar in '30InternalOnly' to expand out the template for every valid email address only. Unfortunately with the one Qmail community I believe this would require expanding out: allow:ALL:ALL:every_valid_email@every_local_domain If anyone has a better solution please share your ideas. IMHO this needs to be 'addressed' asap :-) Comments are welcomed. -- Darrell May DMC Netsourced.com http://netsourced.com http://myEZserver.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Obtuse SMTPD and multi-drop workaround
Hi all, As mentioned previously, we are using multi-drop to get mail from our ISP. Unfortunately, all mail now seems to come from [EMAIL PROTECTED], but x-recip is a dummy account and causes problems when mail is forwarded back out of our local network. My workaround was to include an mda option in the fetchmail config, as given below. # multi-drop configuration; fetchmail retrieves all mail from a remote POP mailbox: /usr/bin/fetchmail --syslog --silent --fetchmailrc - EOF set postmaster postmaster set bouncemail set properties poll can-mail.tpg.com.au envelope X-Envelope-To: protocol POP3 localdomains austethical.local austethical.com.au username password to * here mda /var/qmail/bin/qmail-inject [EMAIL PROTECTED] %T smtphost localhost smtpaddress austethical.local fetchall forcecr EOF The problem is that this then bypasses the obtuse-smtpd daemon and the option to use the anti-spam features that it provides. Based on Gordon's post of 19 Nov 2001, I'm concerned that it may be also bypassing the anti-virus checking for incoming mail. I have tried using /usr/sbin/inject2queue instead of the qmail-inject, but that also seems bypass the SPAM/anti-relay checks. I'm unclear about what the best way to resolve this issues is. Is is possible to get part of the obtuse-smtpd package to rewrite the Return-Path, instead of having to do it in the fetchmail process? If so, how do I go about doing this? Or is there some other way to deal with this problem? Thanks, Rasjid. Rasjid Wilcox Senior Project Officer Australian Ethical Investment Ltd http://www.austethical.com.au Ph: 02 6242 1988Fax: 02 6242 1987 Direct Line: 02 6242 1980 Email: [EMAIL PROTECTED] -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
[e-smith-devinfo] Using SME as a mail server with a fake domain name
, /var/qmail/alias/.qmail-localdelivery-default seems like a good place (although it may be too late in the delivery process?) but I can't see where to do it for remote delivery. Cheers, Rasjid. PS. I think the SME server is a great product!!! It is a wonderful example of what can be done with Linux and Open Source. Rasjid Wilcox Senior Project Officer Australian Ethical Investment Ltd http://www.austethical.com.au Ph: 02 6242 1988Fax: 02 6242 1987 Direct Line: 02 6242 1980 Email: [EMAIL PROTECTED] -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
Re: [e-smith-devinfo] gpl
- Original Message - From: Rob Hillis [EMAIL PROTECTED] To: stephen noble [EMAIL PROTECTED]; [EMAIL PROTECTED] snip Not necessarily... I'm not all that impressed with the new format of APC, and as a result, I only skim through it nowadays, so it's quite possible that I missed it... I've been meaning to write to APC and complain about the format. Their new format looks flashy but is completely unreadable. It is a real pity to see what was a really great mag fall into the 'style over substance' trap. Rasjid. -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org