SME Server Changelog

New in version 9.0

June 30th, 2014
  • Backups:
  • Workstation Backup, do not exclude dar files by default in line with console backup.
  • Workstation Backup, fix selective restore by requesting array of results from CGI.pm.
  • Workstation Backup, new method to show files being restored is needed when using dar 2.4.
  • Simplify the workstation backup report.
  • Workstation Backup, count backup sets from 1.
  • Update the text in the Backup panel.
  • Allow more time for cifs mounts before reporting errors.
  • Dar updated to 2.4.10.
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, remove temporary directory on success.
  • Refactor directory tree creation and removal.
  • Workstation Backup, inconsistent formatting of host share name in messages.
  • Workstation Backup, more reliable catalog creation.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, do not access /proc/mounts
  • Incremental backup fix.
  • Workstation Backup, allow spaces in the backup destination. Includes fix for disk usage broken with spaces.
  • Desktop Backup, allow user setting of compression level.
  • Use Wake on LAN before starting Backup with DAR.
  • NFS syntax is deprecated for CIFS mount.
  • Require cifs-utils and use UNC paths for cifs mount.
  • Improve text in console backup for success and failure.
  • Console USB Backup, allow user setting of compression level. Compression level of the console backup is now -6 by default.
  • Patch to exclude trying to backup aquota.* files so that backups to tape will succeed.
  • Update to the latest version of console restore.
  • Boostrap console should only offer restore if no password set.
  • Delete items from dar catalog in descending order
  • Minor non-functional updates based on PerlCritic and review comments
  • Move console backup to e-smith-backup
  • Workstation Backup, selective restore of deleted files
  • Remove migrate fragment 30vfstype
  • Workstation Backup, Don't delete old sets, only empty them.
  • Workstation Backup, Mail and WOL now subroutines
  • Workstation Backup, remove the need for a temporary directory, updated.
  • Workstation Backup, backupname includes seconds.
  • Simplification of the time routines.
  • Workstation Backup, remove the need for a temporary directory.
  • Allow configuration of workstation backup if no removable disk present
  • Create simplified function for updating the DarCatalog
  • Workstation Backup, do not create folder in /
  • Workstation Backup, suppress ctime error message on incremental backups
  • File Server:
  • Also remove the empty template-begin file in pam.d/proftpd templates.
  • Remove unused pam templates.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add template for wide links.
  • Add templates for max protocol.
  • Add support for Windows 8 domain joining & user login.
  • Add windows network performance enhancements registry file.
  • Update default ServerName in 30smbServerName
  • Add ability to configure waiting for network Win7 registry option.
  • Change default Workgroup and Domain to sme-server.
  • Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Remove 20smb as migrating from pre-SME7 is not supported
  • LDAP (Optional in SME 9.0, and considered experimental):
  • Adjust slapd ACL to change dn.subtree to dn.children.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Only present one auth method at a time, in order, to NET::SMTP.
  • Remove limit properties from the imaps DB entry.
  • Apply process limits to dovecot.
  • Include /usr/bin/refreshclam
  • Allow webmail-only-local-network.
  • Fix handling of messages with no body and no trailing \n after headers (eq was used in attempted assignment).
  • Fetchmail multidrop mode follows TCPPort setting.
  • Always enable imap, listen on loopback is disabled.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Simplify qmail concurrency templates.
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Fix Net::DNS update breaks qpsmtpd.
  • allows the spamassassin plugin to read the size limit from its arguments
  • Move clamscan scheduling to complete before 99-raid-check.
  • Listen on loopback if disabled.
  • Fix permissions on imapd.pem as it's used by pop3s.
  • Do not obsolete bglibs, it's required for cvm.
  • Allow plaintext (unless explicitly disabled).
  • Do not obsolete cvm, it's still needed for qpsmtpd.
  • Fix size_limit initialization.
  • reads MaxMessageSize prop of spamassassin and adds it to the arguments of the plugin if defined.
  • Requires e-smith-cvm-unix-local.
  • Load TextCat plugin if ok_languages is enabled.
  • Fix how qpsmtpd tags spam email.
  • Remove Packager and Vendor from spec file.
  • Revert last change.
  • Sources are local, do not download them.
  • Updates to release 0.98.1
  • Handle exceptions during attempted SASL auth. Add more debug tracing.
  • Remove DENYSOFT on SPF softfail
  • Remove insecure ciphers
  • Remove workarounds for how qpsmtpd tags spam email
  • Fix whitespace in 10required_score
  • Update SBL and RBL Lists
  • Server manager:
  • Renew donation text in server-manager.
  • Do not load mod_ssl.
  • Remove log noise from Create starter web site panel.
  • Add security fix for CVE-2013-4113.
  • Renew donation text and graphic in server-manager.
  • Update footer copyright and renew full copyright text.
  • Change wording of Software Update button.
  • Roll new stream to remove obsolete images
  • Remove references to obsolete images, by Stephane de Labrusse
  • Fix new starter website.
  • Update location of Primary index.html.
  • Webmail and Groupware:
  • Allow webmail-only-local-network.
  • Don't use SSL over loopback.
  • Replace last change with a default value for horde access
  • Ensure initialisation of variables in webmail-only-local-network.
  • Web Server:
  • Force magic_quotes Off.
  • Remove insecure ciphers
  • Other fixes and updates:
  • Add ssh-autoblock for external interface. See: http://wiki.contribs.org/AutoBlock
  • Do not hardcode NIC names to eth0 and eth1.
  • Return nic names in probeAdapters so we can drop HWAddress.
  • Remove HWAddress prop from interfaces.
  • Remove the "swap interface" feature.
  • Remove obsolete VLAN code.
  • Load the bonding module if NIC bonding is enabled.
  • Define the udev-post service in the DB.
  • Provide the ability to restrict ibay access to http.
  • Restart rsyslog in logrotate event.
  • Set smb ServerName if unset.
  • Don't reload init in bootstrap-console-save and console-save.
  • Fix add_new_disk_to_raid1.
  • Provide the ability to force https per ibay.
  • Add an audit for groups. See: http://wiki.contribs.org/Audit_Tools#groups-users
  • Update the full names of users added in %pre.
  • Fix uid and gid to be the same for the users added in %pre.
  • Changed Prereq to Requires(pre) as Prereq is deprecated.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Update ServerName (Samba netbios name) when SystemName is updated.
  • Remove old System Name from the Hosts DB.
  • Fix group creation when LDAP auth is enabled.
  • Disable IPv6 on a default install.
  • Continue escaping control chars in rsyslog, just replace LF with space.
  • Use UTF-8 in the console.
  • Remove redundant parts of init-accounts.
  • Add_template_to_ssl.pem, codes by JP Pialasse.
  • Require diald.
  • Removal of rc.e-smith now functionality is in e-smith-service.
  • Replacement of rc.e-smith by moving code into e-smith-service.
  • Fix the way '.' works in bash.
  • rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret).
  • Always define InternalInterface NICBonding.
  • In the console refer to removable media instead of USB disk.
  • Fix a few more syslog => rsyslog items.
  • Remove modprobe stuff.
  • Don't be as agressive on rate limiting.
  • Change syslog templates to rsyslog.
  • Ensure existing_hwaddr is always initialized.
  • Change System Name from mitel-networks-server to sme-server.
  • Patch to remove symlink to Primary ibay from /home/e-smith/files/primary.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Correctly display accented letters in the console.
  • Add e-smith as a Requires(pre) and remove adding users in %pre.
  • Fix uid and gid to be the same in create-system-user.
  • Ignore mysql.event table.
  • Use --single-transaction in mysql-dump-tables.
  • Use mysql_upgrade instead of fix_privilege_tables.
  • Increase memory limit for ntp.
  • Make rsyslog listen to our socket.
  • Remove rc.quota_create.
  • the config file is radiusclient.conf, not radiusclient-ng.conf.
  • Add templates for radiusclient-ng.conf file to remove binaddr directive.
  • Add directive to options.pptpd so that radius plugin can find the radiusclient configuration file..
  • Fix permissions of /etc/radiusclient-ng/servers.
  • Add hack for running rc7.d script during runlevel 4.
  • Apply SME Server config file changes to pwauth.
  • Fix libgomp obsoletes to not obsolete el6 version.
  • Change order of mail options in check4updates.
  • Fix parsing issues with "manage RAID" menu option in the console.
  • Remove SSH v1 legacy support.
  • Support nolvm boot option.
  • Create degraded RAID1 array with single disk install.
  • nodmraid is the default for SME 9.0 installs.
  • Give more time to the grub menu.
  • Update installer hard drive warning.
  • Customize confirmation dialogs during fresh install.
  • Run installer in 'text' mode.
  • Roll new stream to really remove obsolete images
  • Roll new stream to remove obsolete images
  • Move console backup to e-smith-backup
  • Remove support.pl from e-smith-base and move to smeserver-support
  • Console restore should reboot
  • Boostrap console should only offer restore if no password set
  • Add restore backup as a console item for freshly installed servers
  • Non-code changes to perform_restore.pm
  • Refer to removable media not CDROM in console restore
  • Remove insecure SSL ciphers
  • Add more PHP options to ibays only by db commands. See: http://wiki.contribs.org/DB_Variables_Configuration
  • Add SSLRequireSSL to ibays when SSL is set to enabled
  • Force https per ibay should not be the default for existing ibays
  • Add textbox() to console.pm, getLicenseFile to util.pm
  • Update frame header and footer
  • Use mysql_upgrade in 00_restore_dumped_dbs, by Terje Edseth
  • Use mysql_upgrade --force due to upgrade to MySQL 5.1
  • Prevent server being used in NTP amplification attacks.
  • Code by Jesper Holck
  • Modify template to allow Squid proxy https access to ports other than 443,563 using db command. See: http://wiki.contribs.org/DB_Variables_Configuration
  • Add -n 1 to the dmesg line in rc.sysinit to prevent unwanted messages appearing on the console
  • Correct offest in runlevel7 patch to avoid .orig file
  • Remove CentOS Branding patch
  • Add logcheck to help analyse errors in the log files
  • Roll new stream to remove obsolete images
  • Move support.pl from e-smith-base to smeserver-support
  • The console license page now uses dialog's textbox.
  • Ensure console is run with taint checking.
  • Add a verification in the console of number of pptp clients against ip allowed in dhcpd
  • Add a verification in remoteaccess panel of number of pptp clients against ip allowed in dhcpd
  • Display a warning with the domain name before to remove it.
  • Move mysql logging to multilog
  • Remove the information_schema
  • Fix error with flush of xt_recent SSH connections.
  • Add option to tcpsvd to set socket keepalive.
  • General features:
  • Based on CentOS 6.5 and all available updates

New in version 9.0 RC1 (May 13th, 2014)

  • Backups:
  • Workstation Backup, do not exclude dar files by default in line with console backup.
  • Workstation Backup, fix selective restore by requesting array of results from CGI.pm.
  • Workstation Backup, new method to show files being restored is needed when using dar 2.4.
  • Simplify the workstation backup report.
  • Workstation Backup, count backup sets from 1.
  • Update the text in the Backup panel.
  • Allow more time for cifs mounts before reporting errors.
  • Dar updated to 2.4.10.
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, remove temporary directory on success.
  • Refactor directory tree creation and removal.
  • Workstation Backup, inconsistent formatting of host share name in messages.
  • Workstation Backup, more reliable catalog creation.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, do not access /proc/mounts
  • Incremental backup fix.
  • Workstation Backup, allow spaces in the backup destination. Includes fix for disk usage broken with spaces.
  • Desktop Backup, allow user setting of compression level.
  • Use Wake on LAN before starting Backup with DAR.
  • NFS syntax is deprecated for CIFS mount.
  • Require cifs-utils and use UNC paths for cifs mount.
  • Improve text in console backup for success and failure.
  • Console USB Backup, allow user setting of compression level. Compression level of the console backup is now -6 by default.
  • Patch to exclude trying to backup aquota.* files so that backups to tape will succeed.
  • Update to the latest version of console restore.
  • Boostrap console should only offer restore if no password set.
  • Delete items from dar catalog in descending order
  • Minor non-functional updates based on PerlCritic and review comments
  • Move console backup to e-smith-backup
  • Workstation Backup, selective restore of deleted files
  • Remove migrate fragment 30vfstype
  • Workstation Backup, Don't delete old sets, only empty them.
  • Workstation Backup, Mail and WOL now subroutines
  • Workstation Backup, remove the need for a temporary directory, updated.
  • Workstation Backup, backupname includes seconds.
  • Simplification of the time routines.
  • Workstation Backup, remove the need for a temporary directory.
  • Allow configuration of workstation backup if no removable disk present
  • Create simplified function for updating the DarCatalog
  • Workstation Backup, do not create folder in /
  • Workstation Backup, suppress ctime error message on incremental backups
  • File Server:
  • Also remove the empty template-begin file in pam.d/proftpd templates.
  • Remove unused pam templates.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add template for wide links.
  • Add templates for max protocol.
  • Add support for Windows 8 domain joining & user login.
  • Add windows network performance enhancements registry file.
  • Update default ServerName in 30smbServerName
  • Add ability to configure waiting for network Win7 registry option.
  • Change default Workgroup and Domain to sme-server.
  • Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Remove 20smb as migrating from pre-SME7 is not supported
  • LDAP (Optional in SME 9.0, and considered experimental):
  • Adjust slapd ACL to change dn.subtree to dn.children.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Only present one auth method at a time, in order, to NET::SMTP.
  • Remove limit properties from the imaps DB entry.
  • Apply process limits to dovecot.
  • Include /usr/bin/refreshclam
  • Allow webmail-only-local-network.
  • Fix handling of messages with no body and no trailing \n after headers (eq was used in attempted assignment).
  • Fetchmail multidrop mode follows TCPPort setting.
  • Always enable imap, listen on loopback is disabled.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Simplify qmail concurrency templates.
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Fix Net::DNS update breaks qpsmtpd.
  • allows the spamassassin plugin to read the size limit from its arguments
  • Move clamscan scheduling to complete before 99-raid-check.
  • Listen on loopback if disabled.
  • Fix permissions on imapd.pem as it's used by pop3s.
  • Do not obsolete bglibs, it's required for cvm.
  • Allow plaintext (unless explicitly disabled).
  • Do not obsolete cvm, it's still needed for qpsmtpd.
  • Fix size_limit initialization.
  • reads MaxMessageSize prop of spamassassin and adds it to the arguments of the plugin if defined.
  • Requires e-smith-cvm-unix-local.
  • Load TextCat plugin if ok_languages is enabled.
  • Fix how qpsmtpd tags spam email.
  • Remove Packager and Vendor from spec file.
  • Revert last change.
  • Sources are local, do not download them.
  • Updates to release 0.98.1
  • Handle exceptions during attempted SASL auth. Add more debug tracing.
  • Remove DENYSOFT on SPF softfail
  • Remove insecure ciphers
  • Remove workarounds for how qpsmtpd tags spam email
  • Fix whitespace in 10required_score
  • Update SBL and RBL Lists
  • Server manager:
  • Renew donation text in server-manager.
  • Do not load mod_ssl.
  • Remove log noise from Create starter web site panel.
  • Add security fix for CVE-2013-4113.
  • Renew donation text and graphic in server-manager.
  • Update footer copyright and renew full copyright text.
  • Change wording of Software Update button.
  • Roll new stream to remove obsolete images
  • Remove references to obsolete images, by Stephane de Labrusse
  • Fix new starter website.
  • Update location of Primary index.html.
  • Webmail and Groupware:
  • Allow webmail-only-local-network.
  • Don't use SSL over loopback.
  • Replace last change with a default value for horde access
  • Ensure initialisation of variables in webmail-only-local-network.
  • Web Server:
  • Force magic_quotes Off.
  • Remove insecure ciphers
  • Other fixes and updates:
  • Add ssh-autoblock for external interface.
  • Do not hardcode NIC names to eth0 and eth1.
  • Return nic names in probeAdapters so we can drop HWAddress.
  • Remove HWAddress prop from interfaces.
  • Remove the "swap interface" feature.
  • Remove obsolete VLAN code.
  • Load the bonding module if NIC bonding is enabled.
  • Define the udev-post service in the DB.
  • Provide the ability to restrict ibay access to http.
  • Restart rsyslog in logrotate event.
  • Set smb ServerName if unset.
  • Don't reload init in bootstrap-console-save and console-save.
  • Fix add_new_disk_to_raid1.
  • Provide the ability to force https per ibay.
  • Add an audit for groups.
  • Update the full names of users added in %pre.
  • Fix uid and gid to be the same for the users added in %pre.
  • Changed Prereq to Requires(pre) as Prereq is deprecated.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Update ServerName (Samba netbios name) when SystemName is updated.
  • Remove old System Name from the Hosts DB.
  • Fix group creation when LDAP auth is enabled.
  • Disable IPv6 on a default install.
  • Continue escaping control chars in rsyslog, just replace LF with space.
  • Use UTF-8 in the console.
  • Remove redundant parts of init-accounts.
  • Add_template_to_ssl.pem, codes by JP Pialasse.
  • Require diald.
  • Removal of rc.e-smith now functionality is in e-smith-service.
  • Replacement of rc.e-smith by moving code into e-smith-service.
  • Fix the way '.' works in bash.
  • rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret).
  • Always define InternalInterface NICBonding.
  • In the console refer to removable media instead of USB disk.
  • Fix a few more syslog => rsyslog items.
  • Remove modprobe stuff.
  • Don't be as agressive on rate limiting.
  • Change syslog templates to rsyslog.
  • Ensure existing_hwaddr is always initialized.
  • Change System Name from mitel-networks-server to sme-server.
  • Patch to remove symlink to Primary ibay from /home/e-smith/files/primary.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Correctly display accented letters in the console.
  • Add e-smith as a Requires(pre) and remove adding users in %pre.
  • Fix uid and gid to be the same in create-system-user.
  • Ignore mysql.event table.
  • Use --single-transaction in mysql-dump-tables.
  • Use mysql_upgrade instead of fix_privilege_tables.
  • Increase memory limit for ntp.
  • Make rsyslog listen to our socket.
  • Remove rc.quota_create.
  • the config file is radiusclient.conf, not radiusclient-ng.conf.
  • Add templates for radiusclient-ng.conf file to remove binaddr directive.
  • Add directive to options.pptpd so that radius plugin can find the radiusclient configuration file..
  • Fix permissions of /etc/radiusclient-ng/servers.
  • Add hack for running rc7.d script during runlevel 4.
  • Apply SME Server config file changes to pwauth.
  • Fix libgomp obsoletes to not obsolete el6 version.
  • Change order of mail options in check4updates.
  • Fix parsing issues with "manage RAID" menu option in the console.
  • Remove SSH v1 legacy support.
  • Support nolvm boot option.
  • Create degraded RAID1 array with single disk install.
  • nodmraid is the default for SME 9.0 installs.
  • Give more time to the grub menu.
  • Update installer hard drive warning.
  • Customize confirmation dialogs during fresh install.
  • Run installer in 'text' mode.
  • Roll new stream to really remove obsolete images
  • Roll new stream to remove obsolete images
  • Move console backup to e-smith-backup
  • Remove support.pl from e-smith-base and move to smeserver-support
  • Console restore should reboot
  • Boostrap console should only offer restore if no password set
  • Add restore backup as a console item for freshly installed servers
  • Non-code changes to perform_restore.pm
  • Refer to removable media not CDROM in console restore
  • Remove insecure SSL ciphers
  • Add more PHP options to ibays only by db commands
  • Add SSLRequireSSL to ibays when SSL is set to enabled
  • Force https per ibay should not be the default for existing ibays
  • Add textbox() to console.pm, getLicenseFile to util.pm
  • Update frame header and footer
  • Use mysql_upgrade in 00_restore_dumped_dbs, by Terje Edseth
  • Use mysql_upgrade --force due to upgrade to MySQL 5.1
  • Prevent server being used in NTP amplification attacks.
  • Code by Jesper Holck
  • Modify template to allow Squid proxy https access to ports other than 443,563 using db command
  • Codes by Ray Mitchell and Ian Wells
  • Add -n 1 to the dmesg line in rc.sysinit to prevent unwanted messages appearing on the console
  • Correct offest in runlevel7 patch to avoid .orig file
  • Remove CentOS Branding patch
  • Add logcheck to help analyse errors in the log files
  • Roll new stream to remove obsolete images
  • Move support.pl from e-smith-base to smeserver-support
  • The console license page now uses dialog's textbox.
  • Ensure console is run with taint checking.
  • Add a verification in the console of number of pptp clients against ip allowed in dhcpd
  • Add a verification in remoteaccess panel of number of pptp clients against ip allowed in dhcpd
  • Display a warning with the domain name before to remove it [SME : 8333]
  • Move mysql logging to multilog
  • Remove the information_schema
  • Fix error with flush of xt_recent SSH connections.
  • Add option to tcpsvd to set socket keepalive.
  • General features:
  • Based on CentOS 6.5 and all available updates

New in version 9.0 Beta 4 (April 12th, 2014)

  • The installer has been substantially modified in Beta 3.
  • The remaining relevant patches from SME Server 8 have been ported.
  • Note: The spare handling for RAID arrays is not implemented.
  • A new feature has been introduced to block SSH login attempts, http://wiki.contribs.org/AutoBlock
  • It is set by default to reject SSH connections when there have been 3 or more requests in the previous 15 minutes.
  • See the link above to tune the defaults, or to disable: db configuration setprop sshd AutoBlock enabled signal-event remoteaccess-update

New in version 8.1 (March 1st, 2014)

  • Backups:
  • Latest version of Dar, 2.4.11, for workstation backup.
  • Workstation Backup allows the day of the week to be specified on which a full backup occurs. This now works correctly for all days of the week.
  • To increase reliability of backups to a Microsoft Vista drive, a one
  • second delay was added to the backup. This issue is not seen on the newer
  • Microsoft OS.
  • Allow user setting of compression level for Desktop and Console Backups. For example: config setprop backupconsole CompressionLevel -6 The default is -6, where -1 is fastest and -9 is optimal compression.
  • In the console, under item 8, refer to removable media instead of USB device.
  • After a restore from the console the post-upgrade event was not being performed.
  • Add an option to use Wake on LAN before starting Workstation Backup.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, remove temporary directory on success .
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, ensure that the pathname passed to dar_manager is
  • quoted to allow backup destinations with spaces, eg some USB drives.
  • Workstation Backup, count backup sets from 1 and delete the obsolete set0 when it goes out of scope.
  • Workstation Backup, do not fail backup for mtime/ctime mismatch
  • Workstation Backup, fix selective restore by requesting array of results from CGI.pm
  • Workstation Backup, new method to show files being restored is needed when using dar 2.4
  • Don't remove the apache group during restore.
  • Workstation Backup, suppress ctime error message on incremental backups.
  • Workstation Backup, selective restore of deleted files.
  • File Server:
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add support for Windows 8 domain joining & user login with a new registry file. /server-resources/regedit/win8samba.reg
  • New optional samba property smb{WideLinks}, valid values are 'no' or
  • 'yes'. The current samba default is 'no'. see
  • http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS For example to enable samba Wide Links # config setprop smb WideLinks yes
  • Add windows network performance enhancements registry file that can help Windows slow logons. /server-resources/regedit/windows_samba_performance.reg
  • Two new optional samba properties smb{ServerMaxProtocol} & smb{ClientMaxProtocol}. For example: # config setprop smb ServerMaxProtocol NT1
  • Remove the samba_audit specific logrotate configuration which was
  • causing an email to be sent to the admin every night.
  • Enable smb auditing per ibay, it is disabled by default. Auditing is enabled via # db accounts setprop ibayname Audit enabled # signal-event ibay-modify ibayname
  • Prevent emailing about the normal, weekly, checks of RAID arrays
  • Update ServerName (Samba netbios name) when SystemName is updated
  • Workaround a deficiency in the proftpd package where it does not
  • handle long lines correctly in its configuration file. This caused FTP to fail when large numbers of local networks were configured.
  • Ensure Deny from all is on its own line in 15LimitLOGIN
  • Update default ServerName in 30smbServerName, and change default Workgroup and Domain to sme-server
  • LDAP (Optional in SME 8.1, and considered experimental):
  • Fix init-account script when LDAP auth is enabled.
  • Fix group creation/modification when LDAP auth is enabled.
  • The ldap.init script which starts just after the ldap service waits for slapd to be to available. The logic to check if slapd is ready was corrected.
  • Add missing dependency on openldap-servers.
  • The ldap log files can take significant space on servers with a lot of users. This update will ensure old BDB log files are removed.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Updated to latest Antivirus, ClamAV, 0.98.1
  • Fetchmail multidrop mode follows TCPPort setting.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Allow smtp_auth_proxy to use port 587 with STARTTLS.
  • Due to SMTP servers not handling SMTP Auth well only present one auth method at a time, in order, to NET::SMTP and enable the use of a blacklist to remove the troublesome methods. For example to remove CRAM-MD5: # db configuration setprop smtp-auth-proxy Blacklist CRAM-MD5 # sv t /service/smtp-auth-proxy More than one method can be removed: # db configuration setprop smtp-auth-proxy Blacklist "CRAM-MD5
  • DIGEST-MD5" # sv t /service/smtp-auth-proxy
  • Handle exceptions during attempted SASL auth. Add more debug tracing.
  • imap-relocate-maildirs action was removed.It was no longer necessary
  • and was sometimes very slow.
  • The soft memory limits for pop3 and pop3s were increased. Two new optional database properties pop3{MemLimit} and pop3s{MemLimit} For example to increase the memory limit # config setprop pop3s MemLimit 50000000 # expand-template /var/service/pop3s/env/MEMLIMIT # config setprop pop3 MemLimit 50000000 # expand-template /var/service/pop3/env/MEMLIMIT
  • New optional qmail property qmail{ConcurrencyLocal} and default for /var/qmail/control/concurrencylocal changed to 20. For example to decrease the local concurrecny limit # config setprop qmail ConcurrencyLocal 6
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Prevent email delivery failure with required updates for perl-Net-DNS and qpsmtpd.
  • New optional spamassassin property spamassassin{MaxMessageSize} to
  • allow for spamassassin qpsmtpd's plugin size limit to be changed. For example to also scan larger files # config setprop spamassassin MaxMessageSize 1500000
  • Make CipherSuite secure by default and tls ciphers defaults to disallow SSLv2.
  • Fix how qpsmtpd tags spam email.
  • Add template to extend the functionality of SSL verified certificate
  • to IMAP and SSMTP transactions
  • Update ClamAV to release 0.97.8.
  • Load TextCat plugin if ok_languages is enabled.
  • Removed the databytes file from qpsmtpd config to honor the maximum
  • message size settings. See http://wiki.contribs.org/Email#Set_max_email_size
  • Include /usr/bin/refreshclam
  • Remove workarounds for how qpsmtpd tags spam email.
  • Remove insecure SSL ciphers.
  • Add keepalive option for tcpsvd for imap and imaps services.
  • Use stunnel-tls instead of sslio to wrap imaps service.
  • Server manager:
  • Added donation text and graphic to login page and server-manager.
  • Update footer copyright and renew full copyright text.
  • Do not load mod_ssl for httpd-admin as it is not needed and creates log noise.
  • If the browser used to access the server-manager used lower case for %escapes a blank screen would be shown. The server manager URL
  • processing is now case-insensitive for %escapes.
  • Fix more uninitialized warnings in log (httpd/admin_error_log) from
  • HTML.pm.
  • Remove log noise (httpd/admin-error-log) when accessing the Create Starter Web panel in server-manager.
  • Webmail and Groupware:
  • If IMAP is disabled in the server manager email panel, IMAP will now
  • listen to the loopback interface to allow webmail to function.
  • Webmail no longer uses SSL over loopback interface.
  • Allow webmail access to be selected for only the local network.
  • Web Server:
  • Modules necessary to implement .htaccess have now been loaded by default.
  • Disable index listing of Apache icons folder.
  • PHP's magic_quotes are deprecated so should no longer be used. The php.ini will now have "magic_quotes Off" instead of fully removing it as the
  • default is ON.
  • Change wording of Software Update button.
  • Remove insecure SSL ciphers.
  • Other fixes and updates:
  • Remove old System Name from the Hosts DB
  • Fix warning in /var/log/messages by correctly initialising the relevant variable. The warning related to the HW Address of a NIC.
  • user-modify-unix script could take many minutes, it has now been optimised to take only seconds
  • The memory limit for pppoe was increased to 100Mb.
  • On upgrading from SME Server 7 to SME Server 8 an email could be sent
  • to the admin everyday due to a modified /etc/updatedb.conf file. This update ensures the correct /etc/updatedb.conf file.
  • Updated SME root server template as D-root changed its IPv4 address on the 3rd of January 2013.
  • The console would crash when no value is entered as static gateway in servergateway(-private) mode. Improved error-checking in isValidIP() prevents this.
  • Use file locking to make sure that only one copy of the masq script is running at any particular time.
  • Add python-hashlib so we can read newer repodata signatures.
  • Point mirrorlist to mirrorlist.contribs.org
  • Increase memory limit for ntpd.
  • Add an audit for groups.
  • Set sme-server as the default workgroup and domain name for new installations.
  • Provide the ability to force https per ibay.
  • Prevent server being used in NTP amplification attacks.
  • Modify template to allow Squid proxy https access to ports other than 443,563
  • Add logcheck to help analyse errors in the log files.
  • Refer to removable media not CDROM in console restore.
  • Remove old images.
  • Update with ca-bundle.crt from SME 9
  • General features:
  • Based on CentOS 5.10 and all available updates

New in version 9.0 Beta 3 (January 29th, 2014)

  • Backups:
  • Workstation Backup, do not exclude dar files by default in line with console backup.
  • Workstation Backup, fix selective restore by requesting array of results from CGI.pm.
  • Workstation Backup, new method to show files being restored is needed when using dar 2.4.
  • Simplify the workstation backup report.
  • Workstation Backup, count backup sets from 1.
  • Update the text in the Backup panel.
  • Allow more time for cifs mounts before reporting errors.
  • Dar updated to 2.4.10.
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, remove temporary directory on success.
  • Refactor directory tree creation and removal.
  • Workstation Backup, inconsistent formatting of host share name in messages.
  • Workstation Backup, more reliable catalog creation.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, do not access /proc/mounts
  • Incremental backup fix.
  • Workstation Backup, allow spaces in the backup destination. Includes fix for disk usage broken with spaces.
  • Desktop Backup, allow user setting of compression level.
  • Use Wake on LAN before starting Backup with DAR.
  • NFS syntax is deprecated for CIFS mount.
  • Require cifs-utils and use UNC paths for cifs mount.
  • Improve text in console backup for success and failure.
  • Console USB Backup, allow user setting of compression level. Compression level of the console backup is now -6 by default.
  • Patch to exclude trying to backup aquota.* files so that backups to tape will succeed.
  • File Server:
  • Also remove the empty template-begin file in pam.d/proftpd templates.
  • Remove unused pam templates.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add template for wide links.
  • Add templates for max protocol.
  • Add support for Windows 8 domain joining & user login.
  • Add windows network performance enhancements registry file.
  • Update default ServerName in 30smbServerName
  • Add ability to configure waiting for network Win7 registry option.
  • Change default Workgroup and Domain to sme-server.
  • Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots. LDAP (Optional in SME 9.0, and considered experimental) ----
  • Adjust slapd ACL to change dn.subtree to dn.children.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Only present one auth method at a time, in order, to NET::SMTP.
  • Remove limit properties from the imaps DB entry.
  • Apply process limits to dovecot.
  • Include /usr/bin/refreshclam
  • Allow webmail-only-local-network.
  • Fix handling of messages with no body and no trailing \n after headers (eq was used in attempted assignment).
  • Fetchmail multidrop mode follows TCPPort setting.
  • Always enable imap, listen on loopback is disabled.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Simplify qmail concurrency templates.
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Fix Net::DNS update breaks qpsmtpd.
  • allows the spamassassin plugin to read the size limit from its arguments
  • Move clamscan scheduling to complete before 99-raid-check.
  • Listen on loopback if disabled.
  • Fix permissions on imapd.pem as it's used by pop3s.
  • Do not obsolete bglibs, it's required for cvm.
  • Allow plaintext (unless explicitly disabled).
  • Do not obsolete cvm, it's still needed for qpsmtpd.
  • Fix size_limit initialization.
  • reads MaxMessageSize prop of spamassassin and adds it to the arguments of the plugin if defined.
  • Requires e-smith-cvm-unix-local.
  • Load TextCat plugin if ok_languages is enabled.
  • Fix how qpsmtpd tags spam email.
  • Server manager:
  • Renew donation text in server-manager.
  • Do not load mod_ssl.
  • Remove log noise from Create starter web site panel.
  • Add security fix for CVE-2013-4113.
  • Renew donation text and graphic in server-manager.
  • Update footer copyright and renew full copyright text.
  • Change wording of Software Update button.
  • Webmail and Groupware:
  • Allow webmail-only-local-network.
  • Don't use SSL over loopback.
  • Web Server:
  • Force magic_quotes Off.
  • Other fixes and updates:
  • Do not hardcode NIC names to eth0 and eth1.
  • Return nic names in probeAdapters so we can drop HWAddress.
  • Remove HWAddress prop from interfaces.
  • Remove the "swap interface" feature.
  • Remove obsolete VLAN code.
  • Load the bonding module if NIC bonding is enabled.
  • Define the udev-post service in the DB.
  • Provide the ability to restrict ibay access to http.
  • Restart rsyslog in logrotate event.
  • Set smb ServerName if unset.
  • Don't reload init in bootstrap-console-save and console-save.
  • Fix add_new_disk_to_raid1.
  • Provide the ability to force https per ibay.
  • Add an audit for groups.
  • Update the full names of users added in %pre.
  • Fix uid and gid to be the same for the users added in %pre.
  • Changed Prereq to Requires(pre) as Prereq is deprecated.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Update ServerName (Samba netbios name) when SystemName is updated.
  • Remove old System Name from the Hosts DB.
  • Fix group creation when LDAP auth is enabled.
  • Disable IPv6 on a default install.
  • Continue escaping control chars in rsyslog, just replace LF with space.
  • Use UTF-8 in the console.
  • Remove redundant parts of init-accounts.
  • Add_template_to_ssl.pem, codes by JP Pialasse.
  • Require diald.
  • Removal of rc.e-smith now functionality is in e-smith-service.
  • Replacement of rc.e-smith by moving code into e-smith-service.
  • Fix the way '.' works in bash.
  • rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret).
  • Always define InternalInterface NICBonding.
  • In the console refer to removable media instead of USB disk.
  • Fix a few more syslog => rsyslog items.
  • Remove modprobe stuff.
  • Don't be as agressive on rate limiting.
  • Change syslog templates to rsyslog.
  • Ensure existing_hwaddr is always initialized.
  • Change System Name from mitel-networks-server to sme-server.
  • Patch to remove symlink to Primary ibay from /home/e-smith/files/primary.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Correctly display accented letters in the console.
  • Add e-smith as a Requires(pre) and remove adding users in %pre.
  • Fix uid and gid to be the same in create-system-user.
  • Ignore mysql.event table.
  • Use --single-transaction in mysql-dump-tables.
  • Use mysql_upgrade instead of fix_privilege_tables.
  • Increase memory limit for ntp.
  • Make rsyslog listen to our socket.
  • Remove rc.quota_create.
  • the config file is radiusclient.conf, not radiusclient-ng.conf.
  • Add templates for radiusclient-ng.conf file to remove binaddr directive.
  • Add directive to options.pptpd so that radius plugin can find the radiusclient configuration file..
  • Fix permissions of /etc/radiusclient-ng/servers.
  • Add hack for running rc7.d script during runlevel 4.
  • Apply SME Server config file changes to pwauth.
  • Fix libgomp obsoletes to not obsolete el6 version.
  • Change order of mail options in check4updates.
  • Fix parsing issues with "manage RAID" menu option in the console.
  • Remove SSH v1 legacy support.
  • Support nolvm boot option.
  • Create degraded RAID1 array with single disk install.
  • nodmraid is the default for SME 9.0 installs.
  • Give more time to the grub menu.
  • Update installer hard drive warning.
  • Customize confirmation dialogs during fresh install.
  • Run installer in 'text' mode.

New in version 8.1 Beta 3 (January 16th, 2014)

  • Backups:
  • Latest version of Dar, 2.4.11, for workstation backup.
  • Workstation Backup allows the day of the week to be specified on which a full backup occurs. This now works correctly for all days of the week.
  • To increase reliability of backups to a Microsoft Vista drive, a one
  • second delay was added to the backup. This issue is not seen on the newer
  • Microsoft OS.
  • Allow user setting of compression level for Desktop and Console Backups. For example: config setprop backupconsole CompressionLevel -6 The default is -6, where -1 is fastest and -9 is optimal compression.
  • In the console, under item 8, refer to removable media instead of USB device.
  • After a restore from the console the post-upgrade event was not being performed.
  • Add an option to use Wake on LAN before starting Workstation Backup.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, remove temporary directory on success .
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, ensure that the pathname passed to dar_manager is
  • quoted to allow backup destinations with spaces, eg some USB drives.
  • Workstation Backup, count backup sets from 1 and delete the obsolete set0 when it goes out of scope.
  • Workstation Backup, do not fail backup for mtime/ctime mismatch
  • Workstation Backup, fix selective restore by requesting array of results from CGI.pm
  • Workstation Backup, new method to show files being restored is needed when using dar 2.4
  • File Server:
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add support for Windows 8 domain joining & user login with a new registry file. /server-resources/regedit/win8samba.reg
  • New optional samba property smb{WideLinks}, valid values are 'no' or
  • 'yes'. The current samba default is 'no'. see
  • http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS For example to enable samba Wide Links # config setprop smb WideLinks yes
  • Add windows network performance enhancements registry file that can help Windows slow logons. /server-resources/regedit/windows_samba_performance.reg
  • Two new optional samba properties smb{ServerMaxProtocol} & smb{ClientMaxProtocol}. For example: # config setprop smb ServerMaxProtocol NT1
  • Remove the samba_audit specific logrotate configuration which was
  • causing an email to be sent to the admin every night.
  • Enable smb auditing per ibay, it is disabled by default. Auditing is enabled via # db accounts setprop ibayname Audit enabled # signal-event ibay-modify ibayname
  • Prevent emailing about the normal, weekly, checks of RAID arrays
  • Update ServerName (Samba netbios name) when SystemName is updated
  • Workaround a deficiency in the proftpd package where it does not
  • handle long lines correctly in its configuration file. This caused FTP to fail when large numbers of local networks were configured.
  • Ensure Deny from all is on its own line in 15LimitLOGIN
  • LDAP (Optional in SME 8.1, and considered experimental):
  • Fix init-account script when LDAP auth is enabled.
  • Fix group creation/modification when LDAP auth is enabled.
  • The ldap.init script which starts just after the ldap service waits for slapd to be to available. The logic to check if slapd is ready was corrected.
  • Add missing dependency on openldap-servers.
  • The ldap log files can take significant space on servers with a lot of users. This update will ensure old BDB log files are removed.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Updated to latest Antivirus, ClamAV, 0.98.
  • Fetchmail multidrop mode follows TCPPort setting.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Allow smtp_auth_proxy to use port 587 with STARTTLS.
  • Due to SMTP servers not handling SMTP Auth well enable the use of a blacklist to remove the troublesome methods. For example to remove CRAM-MD5: # db configuration setprop smtp-auth-proxy Blacklist CRAM-MD5 # sv t /service/smtp-auth-proxy More than one method can be removed: # db configuration setprop smtp-auth-proxy Blacklist "CRAM-MD5
  • DIGEST-MD5" # sv t /service/smtp-auth-proxy
  • imap-relocate-maildirs action was removed.It was no longer necessary
  • and was sometimes very slow.
  • The soft memory limits for pop3 and pop3s were increased. Two new optional database properties pop3{MemLimit} and pop3s{MemLimit} For example to increase the memory limit # config setprop pop3s MemLimit 50000000 # expand-template /var/service/pop3s/env/MEMLIMIT # config setprop pop3 MemLimit 50000000 # expand-template /var/service/pop3/env/MEMLIMIT
  • New optional qmail property qmail{ConcurrencyLocal} and default for /var/qmail/control/concurrencylocal changed to 20. For example to decrease the local concurrecny limit # config setprop qmail ConcurrencyLocal 6
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Prevent email delivery failure with required updates for perl-Net-DNS and qpsmtpd.
  • New optional spamassassin property spamassassin{MaxMessageSize} to
  • allow for spamassassin qpsmtpd's plugin size limit to be changed. For example to also scan larger files # config setprop spamassassin MaxMessageSize 1500000
  • Make CipherSuite secure by default and tls ciphers defaults to disallow SSLv2.
  • Fix how qpsmtpd tags spam email.
  • Add template to extend the functionality of SSL verified certificate
  • to IMAP and SSMTP transactions
  • Update ClamAV to release 0.97.8.
  • Load TextCat plugin if ok_languages is enabled.
  • Removed the databytes file from qpsmtpd config to honor the maximum
  • message size settings. See http://wiki.contribs.org/Email#Set_max_email_size
  • Include /usr/bin/refreshclam
  • Remove workarounds for how qpsmtpd tags spam email.
  • Server manager:
  • Added donation text and graphic to login page and server-manager.
  • Update footer copyright and renew full copyright text.
  • Do not load mod_ssl for httpd-admin as it is not needed and creates log noise.
  • If the browser used to access the server-manager used lower case for %escapes a blank screen would be shown. The server manager URL
  • processing is now case-insensitive for %escapes.
  • Fix more uninitialized warnings in log (httpd/admin_error_log) from
  • HTML.pm.
  • Remove log noise (httpd/admin-error-log) when accessing the Create Starter Web panel in server-manager
  • Webmail and Groupware:
  • If IMAP is disabled in the server manager email panel, IMAP will now
  • listen to the loopback interface to allow webmail to function.
  • Webmail no longer uses SSL over loopback interface.
  • Web Server:
  • Modules necessary to implement .htaccess have now been loaded by default.
  • Disable index listing of Apache icons folder.
  • PHP's magic_quotes are deprecated so should no longer be used. The php.ini will now have "magic_quotes Off" instead of fully removing it as the
  • default is ON.
  • Change wording of Software Update button.
  • Other fixes and updates:
  • Remove old System Name from the Hosts DB
  • Fix warning in /var/log/messages by correctly initialising the relevant variable. The warning related to the HW Address of a NIC.
  • user-modify-unix script could take many minutes, it has now been optimised to take only seconds
  • The memory limit for pppoe was increased to 100Mb.
  • On upgrading from SME Server 7 to SME Server 8 an email could be sent
  • to the admin everyday due to a modified /etc/updatedb.conf file. This update ensures the correct /etc/updatedb.conf file.
  • Updated SME root server template as D-root changed its IPv4 address on the 3rd of January 2013.
  • The console would crash when no value is entered as static gateway in servergateway(-private) mode. Improved error-checking in isValidIP() prevents this.
  • Use file locking to make sure that only one copy of the masq script is running at any particular time.
  • Add python-hashlib so we can read newer repodata signatures.
  • Point mirrorlist to mirrorlist.contribs.org
  • Increase memory limit for ntpd.
  • Add an audit for groups.
  • General features:
  • Based on CentOS 5.10 and all available updates

New in version 9.0 Beta 2 (November 11th, 2013)

  • Backups:
  • Dar updated to 2.4.10
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, remove temporary directory on success.
  • Refactor directory tree creation and removal.
  • Workstation Backup, inconsistent formatting of host share name in
  • messages.
  • Workstation Backup, more reliable catalog creation.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, do not access /proc/mounts
  • Incremental backup fix.
  • Workstation Backup, allow spaces in the backup destination. Includes fix for disk usage broken with spaces.
  • Desktop Backup, allow user setting of compression level.
  • Use Wake on LAN before starting Backup with DAR.
  • NFS syntax is deprecated for CIFS mount.
  • Require cifs-utils and use UNC paths for cifs mount.
  • Improve text in console backup for success and failure.
  • Console USB Backup, allow user setting of compression level. Compression level of the console backup is now -6 by default.
  • Patch to exclude trying to backup aquota.* files so that backups to
  • tape will succeed.
  • File Server:
  • Also remove the empty template-begin file in pam.d/proftpd templates.
  • Remove unused pam templates.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add template for wide links.
  • Add templates for max protocol.
  • Add support for Windows 8 domain joining & user login.
  • Add windows network performance enhancements registry file.
  • Update default ServerName in 30smbServerName
  • Add ability to configure waiting for network Win7 registry option.
  • Change default Workgroup and Domain to sme-server.
  • Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Fetchmail multidrop mode follows TCPPort setting.
  • Always enable imap, listen on loopback is disabled.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Simplify qmail concurrency templates.
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Fix Net::DNS update breaks qpsmtpd.
  • allows the spamassassin plugin to read the size limit from its arguments
  • Move clamscan scheduling to complete before 99-raid-check.
  • Listen on loopback if disabled.
  • Fix permissions on imapd.pem as it's used by pop3s.
  • Do not obsolete bglibs, it's required for cvm.
  • Allow plaintext (unless explicitly disabled).
  • Do not obsolete cvm, it's still needed for qpsmtpd.
  • Fix size_limit initialization.
  • reads MaxMessageSize prop of spamassassin and adds it to the arguments of the plugin if defined.
  • Requires e-smith-cvm-unix-local.
  • Load TextCat plugin if ok_languages is enabled.
  • Fix how qpsmtpd tags spam email.
  • Server manager:
  • Renew donation text in server-manager.
  • Do not load mod_ssl.
  • Remove log noise from Create starter web site panel.
  • Add security fix for CVE-2013-4113.
  • Renew donation text and graphic in server-manager.
  • Update footer copyright and renew full copyright text.
  • Change wording of Software Update button.
  • Webmail and Groupware:
  • Don't use SSL over loopback.
  • Web Server:
  • Force magic_quotes Off.
  • Other fixes and updates:
  • Update the full names of users added in %pre.
  • Fix uid and gid to be the same for the users added in %pre.
  • Changed Prereq to Requires(pre) as Prereq is deprecated.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Update ServerName (Samba netbios name) when SystemName is updated.
  • Remove old System Name from the Hosts DB.
  • Fix group creation when LDAP auth is enabled.
  • Disable IPv6 on a default install.
  • Continue escaping control chars in rsyslog, just replace LF with space.
  • Use UTF-8 in the console.
  • Remove redundant parts of init-accounts.
  • Add_template_to_ssl.pem, codes by JP Pialasse.
  • Require diald.
  • Removal of rc.e-smith now functionality is in e-smith-service.
  • Replacement of rc.e-smith by moving code into e-smith-service.
  • Fix the way '.' works in bash.
  • rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret).
  • Always define InternalInterface NICBonding.
  • In the console refer to removable media instead of USB disk.
  • Fix a few more syslog => rsyslog items.
  • Remove modprobe stuff.
  • Don't be as agressive on rate limiting.
  • Change syslog templates to rsyslog.
  • Ensure existing_hwaddr is always initialized.
  • Change System Name from mitel-networks-server to sme-server.
  • Patch to remove symlink to Primary ibay from /home/e-smith/files/primary.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Correctly display accented letters in the console.
  • Add e-smith as a Requires(pre) and remove adding users in %pre.
  • Fix uid and gid to be the same in create-system-user.
  • Ignore mysql.event table.
  • Use --single-transaction in mysql-dump-tables.
  • Use mysql_upgrade instead of fix_privilege_tables.
  • Increase memory limit for ntp.
  • Make rsyslog listen to our socket.
  • Remove rc.quota_create.
  • the config file is radiusclient.conf, not radiusclient-ng.conf.
  • Add templates for radiusclient-ng.conf file to remove binaddr directive.
  • Add directive to options.pptpd so that radius plugin can find the radiusclient configuration file..
  • Fix permissions of /etc/radiusclient-ng/servers.
  • Add hack for running rc7.d script during runlevel 4.
  • Apply SME Server config file changes to pwauth.
  • Fix libgomp obsoletes to not obsolete el6 version.
  • Change order of mail options in check4updates.
  • Fix parsing issues with "manage RAID" menu option in the console.
  • Remove SSH v1 legacy support.
  • Support nolvm boot option.
  • Create degraded RAID1 array with single disk install.
  • nodmraid is the default for SME 9.0 installs.
  • Give more time to the grub menu.
  • Update installer hard drive warning.
  • Customize confirmation dialogs during fresh install.
  • Run installer in 'text' mode.

New in version 9.0 Beta 1 (October 16th, 2013)

  • Backups:
  • Dar updated to 2.4.10
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • Workstation Backup, remove temporary directory on success.
  • Refactor directory tree creation and removal.
  • Workstation Backup, inconsistent formatting of host share name in
  • messages.
  • Workstation Backup, more reliable catalog creation.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, do not access /proc/mounts
  • Incremental backup fix.
  • Workstation Backup, allow spaces in the backup destination. Includes fix for disk usage broken with spaces.
  • Desktop Backup, allow user setting of compression level.
  • Use Wake on LAN before starting Backup with DAR.
  • NFS syntax is deprecated for CIFS mount.
  • Require cifs-utils and use UNC paths for cifs mount.
  • Improve text in console backup for success and failure.
  • Console USB Backup, allow user setting of compression level. Compression level of the console backup is now -6 by default.
  • File Server:
  • Also remove the empty template-begin file in pam.d/proftpd templates.
  • Remove unused pam templates.
  • Replace vfs_shadow_copy with vfs_shadow_copy2 for shadow snapshots.
  • Add template for wide links.
  • Add templates for max protocol.
  • Add support for Windows 8 domain joining & user login.
  • Add windows network performance enhancements registry file.
  • Update default ServerName in 30smbServerName
  • Add ability to configure waiting for network Win7 registry option.
  • Change default Workgroup and Domain to sme-server.
  • Fix mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Fetchmail multidrop mode follows TCPPort setting.
  • Always enable imap, listen on loopback is disabled.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Simplify qmail concurrency templates.
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Fix Net::DNS update breaks qpsmtpd.
  • allows the spamassassin plugin to read the size limit from its arguments
  • Move clamscan scheduling to complete before 99-raid-check.
  • Listen on loopback if disabled.
  • Fix permissions on imapd.pem as it's used by pop3s.
  • Do not obsolete bglibs, it's required for cvm.
  • Allow plaintext (unless explicitly disabled).
  • Do not obsolete cvm, it's still needed for qpsmtpd.
  • Fix size_limit initialization.
  • reads MaxMessageSize prop of spamassassin and adds it to the arguments of the plugin if defined.
  • Requires e-smith-cvm-unix-local.
  • Load TextCat plugin if ok_languages is enabled.
  • Fix how qpsmtpd tags spam email.
  • Server manager:
  • Renew donation text in server-manager.
  • Do not load mod_ssl.
  • Remove log noise from Create starter web site panel.
  • add security fix for CVE-2013-4113.
  • Webmail and Groupware:
  • Don't use SSL over loopback.
  • Web Server:
  • Force magic_quotes Off.
  • Other fixes and updates:
  • Update the full names of users added in %pre.
  • Fix uid and gid to be the same for the users added in %pre.
  • Changed Prereq to Requires(pre) as Prereq is deprecated.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Update ServerName (Samba netbios name) when SystemName is updated.
  • Remove old System Name from the Hosts DB.
  • Fix group creation when LDAP auth is enabled.
  • Disable IPv6 on a default install.
  • Continue escaping control chars in rsyslog, just replace LF with space.
  • Use UTF-8 in the console.
  • Remove redundant parts of init-accounts.
  • Add_template_to_ssl.pem, codes by JP Pialasse.
  • Require diald.
  • Removal of rc.e-smith now functionality is in e-smith-service.
  • Replacement of rc.e-smith by moving code into e-smith-service.
  • Fix the way '.' works in bash.
  • rename /etc/ldap.conf to /etc/pam_ldap.conf (and same for .secret).
  • Always define InternalInterface NICBonding.
  • In the console refer to removable media instead of USB disk.
  • Fix a few more syslog => rsyslog items.
  • Remove modprobe stuff.
  • Don't be as agressive on rate limiting.
  • Change syslog templates to rsyslog.
  • Ensure existing_hwaddr is always initialized.
  • Change System Name from mitel-networks-server to sme-server.
  • Patch to remove symlink to Primary ibay from /home/e-smith/files/primary.
  • Patch to correct issue with not being able to access a password protected ibay.
  • Correctly display accented letters in the console.
  • Add e-smith as a Requires(pre) and remove adding users in %pre.
  • Fix uid and gid to be the same in create-system-user.
  • Ignore mysql.event table.
  • Use --single-transaction in mysql-dump-tables.
  • Use mysql_upgrade instead of fix_privilege_tables.
  • Increase memory limit for ntp.
  • Make rsyslog listen to our socket.
  • Remove rc.quota_create.
  • the config file is radiusclient.conf, not radiusclient-ng.conf.
  • Add templates for radiusclient-ng.conf file to remove binaddr directive.
  • Add directive to options.pptpd so that radius plugin can find the radiusclient configuration file..
  • Fix permissions of /etc/radiusclient-ng/servers.
  • Add hack for running rc7.d script during runlevel 4.
  • Apply SME Server config file changes to pwauth.
  • Renew donation text and add donation graphic.
  • Fix /etc/system-release.
  • Fix libgomp obsoletes to not obsolete el6 version.
  • Change order of mail options in check4updates.
  • Change wording of Software Update button.
  • General features:
  • Based on CentOS 6.4 and all available updates

New in version 8.1 Beta 1 (October 1st, 2013)

  • Backups:
  • Workstation Backup allows the day of the week to be specified on which a full backup occurs. This now works correctly for all days of the week.
  • To increase reliability of backups to a Microsoft Vista drive, a one second delay was added to the backup.
  • Allow user setting of compression level for Desktop and Console Backups. For example: config setprop backupconsole CompressionLevel -6 The default is -6, where -1 is fastest and -9 is optimal compression.
  • In the console, under item 8, refer to removable media instead of USB device.
  • After a restore from the console the post-upgrade event was not being performed.
  • Add an option to use Wake on LAN before starting Workstation Backup.
  • Workstation Backup, report cifs mount errors.
  • Workstation Backup, be compatible with destinations that include spaces.
  • Workstation Backup, remove temporary directory on success .
  • Workstation Backup, add a choice to delete old backup before or after backup.
  • File Server:
  • Add support for Windows 8 domain joining & user login with a new registry file. /server-resources/regedit/win8samba.reg
  • New optional samba property smb{WideLinks}, valid values are 'no' or 'yes'. The current samba default is 'no'. see http://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WIDELINKS For example to enable samba Wide Links # config setprop smb WideLinks yes
  • Add windows network performance enhancements registry file that can help Windows slow logons. /server-resources/regedit/windows_samba_performance.reg
  • Two new optional samba properties smb{ServerMaxProtocol} & smb{ClientMaxProtocol}. For example: # config setprop smb ServerMaxProtocol NT1
  • Remove the samba_audit specific logrotate configuration which was causing an email to be sent to the admin every night.
  • Enable smb auditing per ibay, it is disabled by default. Auditing is enabled via # db accounts setprop ibayname Audit enabled # signal-event ibay-modify ibayname
  • Prevent emailing about the normal, weekly, checks of RAID arrays
  • Update ServerName (Samba netbios name) when SystemName is updated
  • Workaround a deficiency in the proftpd package where it does not handle long lines correctly in its configuration file. This caused FTP to fail when large numbers of local networks were configured.
  • Ensure Deny from all is on its own line in 15LimitLOGIN
  • LDAP (Optional in SME 8.1, and considered experimental):
  • Fix init-account script when LDAP auth is enabled.
  • Fix group creation/modification when LDAP auth is enabled.
  • The ldap.init script which starts just after the ldap service waits for slapd to be to available. The logic to check if slapd is ready was corrected.
  • Add missing dependency on openldap-servers.
  • The ldap log files can take significant space on servers with a lot of users. This update will ensure old BDB log files are removed.
  • Localisation:
  • Latest translations included.
  • Mail Server:
  • Fetchmail multidrop mode follows TCPPort setting.
  • Avoid use of unitialised variables in smtp migrate fragments.
  • Allow smtp_auth_proxy to use port 587 with STARTTLS.
  • Due to SMTP servers not handling SMTP Auth well enable the use of a blacklist to remove the troublesome methods. For example to remove CRAM-MD5: # db configuration setprop smtp-auth-proxy Blacklist CRAM-MD5 # sv t /service/smtp-auth-proxy More than one method can be removed: # db configuration setprop smtp-auth-proxy Blacklist "CRAM-MD5 DIGEST-MD5" # sv t /service/smtp-auth-proxy
  • imap-relocate-maildirs action was removed.It was no longer necessary and was sometimes very slow.
  • The soft memory limits for pop3 and pop3s were increased. Two new optional database properties pop {MemLimit} and pop3s{MemLimit} For example to increase the memory limit # config setprop pop3s MemLimit 50000000 # expand-template /var/service/pop3s/env/MEMLIMIT # config setprop pop3 MemLimit 50000000 # expand-template /var/service/pop3/env/MEMLIMIT
  • New optional qmail property qmail{ConcurrencyLocal} and default for /var/qmail/control/concurrencylocal changed to 20. For example to decrease the local concurrecny limit # config setprop qmail ConcurrencyLocal 6
  • Modify domain style pseudonym pointing to user with dot in name.
  • Accept messages with no body and no trailing \n after headers.
  • Prevent email delivery failure with required updates for perl-Net-DNS and qpsmtpd.
  • New optional spamassassin property spamassassin{MaxMessageSize} to allow for spamassassin qpsmtpd's plugin size limit to be changed. For example to also scan larger files # config setprop spamassassin MaxMessageSize 1500000
  • Make CipherSuite secure by default and tls ciphers defaults to disallow SSLv2.
  • Fix how qpsmtpd tags spam email.
  • Add template to extend the functionality of SSL verified certificate to IMAP and SSMTP transactions
  • Update ClamAV to release 0.97.8.
  • Load TextCat plugin if ok_languages is enabled.
  • Server manager:
  • Do not load mod_ssl for httpd-admin as it is not needed and creates log noise.
  • If the browser used to access the server-manager used lower case for %escapes a blank screen would be shown. The server manager URL processing is now case-insensitive for %escapes.
  • Fix more uninitialized warnings in log (httpd/admin_error_log) from HTML.pm.
  • Remove log noise (httpd/admin-error-log) when accessing the Create Starter Web panel in server-manager
  • Webmail and Groupware:
  • If IMAP is disabled in the server manager email panel, IMAP will now listen to the loopback interface to allow webmail to function.
  • Webmail no longer uses SSL over loopback interface.
  • Web Server:
  • Disable index listing of Apache icons folder.
  • PHP's magic_quotes are deprecated so should no longer be used. The php.ini will now have "magic_quotes Off" instead of fully removing it as the default is ON.
  • Change wording of Software Update button.
  • Other fixes and updates:
  • Remove old System Name from the Hosts DB
  • Fix warning in /var/log/messages by correctly initialising the relevant variable. The warning related to the HW Address of a NIC.
  • user-modify-unix script could take many minutes, it has now been optimised to take only seconds
  • The memory limit for pppoe was increased to 100Mb.
  • On upgrading from SME Server 7 to SME Server 8 an email could be sent to the admin everyday due to a modified /etc/updatedb.conf file. This update ensures the correct /etc/updatedb.conf file.
  • Updated SME root server template as D-root changed its IPv4 address on the 3rd of January.
  • The console would crash when no value is entered as static gateway in
  • servergateway(-private) mode. Improved error-checking in isValidIP() prevents this.
  • Use file locking to make sure that only one copy of the masq script is running at any particular time.
  • Add python-hashlib so we can read newer repodata signatures.
  • Point mirrorlist to mirrorlist.contribs.org
  • Increase memory limit for ntpd .
  • General features:
  • Based on CentOS 5.9 and all available updates

New in version 7.5 (May 27th, 2010)

  • Backups:
  • The backup service has been made more robust: Allow many backups in the same day. Prevent launching a restore if all needed backups are not available. Do not allow a restore from a partial backup.
  • Some valid passwords would fail due to how the backup directory was mounted, the use of a credentials file for mount.cifs now avoids this limitation.
  • The e-mail now correctly identifies incremental and full backups.
  • Make Workstation Backup 'full backup allowed on' setting stick across revisits of the Configure page when set to 'Sunday'.
  • Workstation Backup emails now include a To: header. File Server:
  • A patch was added to support multiple samba roles, the change is transparent. However installing smeserver-adv-samba allows the user to take advantage of additional server roles as detailed in http://wiki.contribs.org
  • Advanced_Samba Localisation:
  • As part of a major update with translations we have added seven new languages: Thai, Polish, Romanian, Estonian, Chinese, Norwegian (Bokmal), Russian.
  • Other fixes include updated translations for the existing languages.
  • Mail Server:
  • Transport Layer Security (TLS) authentication capability has been added for incoming smtp ehlo requests.
  • Implement correctly the subject line SPAM tagging functionality.
  • The syntax of the smtproutes and SMTPSmartHost templates have been updated to avoid MX lookups
  • Incoming mail could be incorrectly rejected by qpsmtpd plugin require_resolvable_fromhost.
  • Update to qpsmtpd 0.83
  • Update to ClamAV 0.96.1
  • Increase MemLimit to 600M for clamav-0.96
  • Remove spamassassin jobs from cron.daily that are no longer needed.
  • HeuristicScanPrecedence is a new option in clamav 0.94. See http://wiki.contribs.org/Email#Heuristic_Scan
  • Rotate Virus scanning log files
  • Remove the external preloaded library, qmail-workaround, which was needed for qmail loopback connections if a domain MX resolves to 0.0.0.0. This has now been replaced by a patch to qmail itself.
  • Use HeloHost (if present) for SMTP auth proxy
  • Server manager:
  • The reconfigure warning is displayed in subsequent browser sessions of the server-manager when the server is updated from the Command Line, or after a reboot, if a full reconfiguration has not been performed.
  • Allow to select "check for updates" daily, weekly or monthly in the Software Installer. Check for updates can also be disabled.
  • Fix yum warnings about "another instance is running" when running a second instance of yum from another terminal.
  • Improve the HTML formatting of the modify quota panel to work in IE8.
  • Webmail and Groupware:
  • Horde, imp, turba and ingo have been updated to the latest versions
  • Patch to make sure username is always saved in lowercase to horde db's
  • Allow FQDN and non-FQDN access to webmail.
  • The spell checker in Horde Mail has been enabled for HTML composition.
  • Obsolete smeserver-trean < 0.1-8 as it makes the sidebar menu of the webmail interface disappear.
  • Web Server:
  • Implement a database key (SSLv2) which allows to disable certificates signed with SSLv2, enabled by default to keep current behaviour.
  • Add support for more MIME Types to Apache: Openoffice 1.x, Openoffice 2.x Microsoft Office 2007 XML
  • SSL Certificates will now use a SHA1
  • SSL Certificates will now use a 2048 bits key size
  • Other fixes and updates:
  • From June 2009 smeserver-rkhunter was removed from smeos and made a contrib.
  • Do not allow re-allocation of deleted Windows user profiles.
  • Template sshd login grace time
  • Correct the configuration of smartd to monitor hard disk status, but default to disabled.
  • Display the boot time menu by default by removing the hiddenmenu entry from the default grub.conf to be in line with the documentation.
  • Enable error logging for MySQL.
  • When user or group names with a "." in the names exist, running /sbin/e-smith/audittools/aliases will show more than the expected list.
  • Improve the quality of the mirrors by using a network mirror-list. The list is automatically generated hourly based on the status of the current mirrors. By using these mirror-lists it is ensured that people are directed to an updated mirror. When a mirror is added or removed the change will be available quickly and automatically. It also centralizes control of the mirror lists.
  • Add yum-protect-packages support to prevent removal of needed packages. This stops accidental removal of core SME Server packages.
  • Introduced (weak) kernel modules which are independent of kernel version. This means there is no need to update/rebuild kmods for each kernel update.
  • Fix for VPN access failed with buffer too small errors.
  • Require /sbin/mdassemble so mkinitrd works correctly.
  • Reduce drive size requirements from 5G to 1.5G

New in version 7.4 (November 22nd, 2008)

  • This release is based on CentOS 4.7. Other major changes in this release are the use of dar for backups and the change to UTF-8, along with translation to six additional languages. All SME Server users should upgrade to this release. Changes: fix GRUB label to keep consistent with the SME Server brand; introduce a web interface to configure the pseudonym 'visible' property; fix the ugly log messages (Use of uninitialized value) when spam checking results in 0 hits; emails sent to a null address without the username part are now rejected; support for sending mail to ISP via secure SMTP; enable the auth plugin for local LAN connections; migrate ordb.net from the RBL lists to prevent mail bouncing....