SME Server 6.0

Mitel Networks is pleased to announce the availability of our SME Server 6.0 unsupported developer release

from our mirrorsites listed at:

http://www.esmith.org/downloads/

(Note that at the current moment not all of the mirrors havefinished updating.)

As has been mentioned on this list previously, this will be the last "official" release by Mitel Networks of our

unsupported developer release. Future releases will be up to you, the members of the developer community.

Thank you for all the feedback and bug reports.Enjoy this release!

SME Server 6.0 unsupported developer release

Release notes Dec 10, 2003

Copyright (C) 1999 - 2003 Mitel Networks Corporation

This is an unsupported developer release of the Mitel Networks SME Server.

MITEL NETWORKS DOES NOT PROVIDE ANY SUPPORT FOR THIS DEVELOPER RELEASE.

Mitel Networks also sells a commercial release of this software which has additional features

and is fully supportedby Mitel Networks and its resellers.

For details on thecommercial release, please visit http://www.mitel.com/6000MAS/

THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY AND ISPROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES,INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OFMERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

Mitel Networks is pleased to announce the availability of the final version of the 6.0 SME Server

The changes in this release include engineering improvements, a newlook and feel and Spanish language support

for the server manager webinterface, and the inclusion of a port forwarding panel.

Comments or bug reports should be sent to [EMAIL PROTECTED] (and only there, please)

Kernel update

The kernel has been updated to RedHat's 2.4.2018.7 version, for improved reliability, security and hardware compatibility The installer now always installs both the SMP and uniprocessor kernels

Name server

The "bind" name server has been replaced by the more reliable and secure tinydns/dnscache

program set written by Dan Bernstein.

IMAP daemon replacement

The dovecot IMAP daemon (http://dovecot.procontrol.fi/) has been integrated, in place of the

previously used University of Washington daemon.

Other package updates

RedHat 7.3 update packages have been used wherever available. imp (webmail) has been upgraded to 3.2.1 the horde framework has been upgraded to 2.2.1 proftpd has been upgraded to 1.2.9 Samba has been upgraded to 2.2.8a

Changes in Mitel packages

The look and feel of the server manager web interface has been changed Spanish language support has been added to the server manager The navigation function of the server manager now includes caching to improve performance,

which should be noticeable on lower end hardware.

A port forwarding web interface panel has been included. A group of infrastructure changes has been introduced which allow a significant reduction

in the code in service "interface" packages: the "primary" file space is now a predefined (and unremovable) ibay the primary domain appears in the domains database the local network appears in the networks database.

Many other small changes and bug fixes. See the changelog for individual packages for details.

Default tape format

The default tape format is now 'tar', rather than 'dump'. Old 'dump' tapes will be recognized for restores

MySQL accepts only local connections

The mysql database daemon is configured by default to accept only local connections

(i.e. it is not accessible via the network). This is a security precaution.

We only use mysql for webmail preferences, and only require access from localhost.

If you wish to enable local network access, you can do so via
/sbin/e-smith/config setprop mysqld LocalNetworkingOnly no
/sbin/e-smith/expand-template /etc/my.cnf
/etc/rc.d/init.d/mysqld restart

Local network must have router setting

A "router" setting must now be defined for any local network. This implies that all "local networks" must truly be local,

i.e. not Internet addresses. This change is introduced to strongly discourage insecure configurations.

SMTP Proxy

A transparent SMTP proxy has been added, to force all outgoing SMTP connections to go through the SME server. This feature enhances security with respect to viruses and worms that use SMTP to propagate themselves.

If you wish to disable this proxy, you can do so via
/sbin/e-smith/config setprop smtpfrontqmail Proxy disabled
/sbin/e-smith/signal-event remoteaccess-update

Simplified database initialization and migration

A new system for initializing system databases has been introduced.

For each database, a directory tree /etc/esmith/db/xxx/migrate may contain template fragments which contain code to perform schema migration between existing database entries and a new format for those entries.
For each database, a directory tree is set up rooted at /etc/esmith/db/xxx/defaults.
Within that directory, directories containing small files set up a set of default property values for a set up database entries.
For each database, a directory tree is set up rooted at /etc/esmith/db/xxx/force which may contain forced property values for database entries. This directory tree can be used by packages to enforce particular policies.

Changes from 6.0beta1 to 6.0beta2

A big "Thank you" to all of the testers and bug reporters

The "multilink" option has been added to the PPTP configuration. This appears to improve compatibility with Windows XP.
The Samba configuration wrongly enabled netlogons when the domain master setting was disabled

The domains panel now allows domains to be added
The DNS forwarder configuration has been fixed
The Quotas panel and reports now work correctly
The Download option of View Log Files now generates filenames which will be automatically opened in Notepad under Windows XP Internet Explorer appears to ignore valid HTTP headers.
The dovecot IMAP server has been upgraded with the latest fixes
The generation of usb aliases in /etc/modules.conf has been corrected
The mail button was missing from the IMP address book
Tape restore is now working
A cosmetic startup problem with the 'masq' script has been corrected
Public access to the imap server is now possible (though discouraged)
Icons have been added to the success/failure messages of most panels
The fetchmail/ETRN configuration has been corrected
An error in the dhcpd.conf configuration has been corrected
The 'frca' browser language is now detected correctly as French

Changes from 6.0beta2 to 6.0beta3

A big "Thank you" to all of the testers and bug reporters

The dovecot IMAP server has been upgraded with to the latest version (0.99.10) with a sortbydate fix applied
Memory limits for IMAP server processes have been relaxed (128MB per process) to allow reliable operation with mailboxes with very large numbers of very large messages
An error with virtual domain to ibay mapping in httpd.conf has been corrected
Problems with modification of FTP access settings via the remote access panel have been corrected
Remote access to the server manager can now be delegated to single IP addresses (i.e. a netmask of 255.255.255.255)
A number of problems with the merging of exising and restored password, group and smbpasswd files have been resolved.
The startup sequence has been modified so that ctrlaltdel is enabled and logins are setup on tty2 and tty3 before rc7.d services are started.
A problem with caching of group details in the groups panel has been resolved.
A problem which caused some services to revert to "private" access during upgrade has been corrected. dhcpcd is now always disabled in serveronly mode
Spanish localization of the navigation frame has been completed
All newly added users now have a precreated junkmail IMAP folder
Various problems with the initialization and migration of webmail mysql databases have been corrected Webmail now allows composition of saved draft messages to be resumed
Delete preferred master and local master settings from smb.conf templates this allows the samba defaults to do the correct thing
Set wins support to follow domain master setting
Remove explicit fillin of destination port (if left blank), and update text, in portforwarding panel.
Eliminate duplicate host records in tinydns data file.
Remove intermediate page from logfile download page in viewlogfiles panel.
Add Epoch header to proftpd rpm to allow smooth upgrade over 1.2.5fr1.
Include RedHat's security update version of unzip.
Miscellaneous other minor bug fixes. See package changelogs for details.

Changes from 6.0beta3 to 6.0 final

A big "Thank you" to all of the testers and bug reporters

Samba's two daemons, smbd and nmbd, are now under supervision such that they will be restarted automatically if they fail for any reason.
A new limiting feature to inbound smtp connections has been added, defaulting to 40 simultaneous connections. Upgrading by performing a desktop backup, installing 6.0 and restoring the backup broke the trust relationship between the samba server and all clients. This has been fixed. iptraf has been added to assist in diagnosing networkrelated issues.
An error in the firewall rules with Stealth enabled has been fixed.
Groups with periods or hyphens in the name were mismanaged by the Users panel.
There was a potential vulnerability in OpenSSL.
If the primary language requested by the browser was not an available translation, the server failed to return any of the lower priority localizations, and the panel was returned with raw lexicon tags.
There was a potential vulnerability in mod_ssl.
There was a potential root exploit in proftpd.
The remove summary on the local networks panel had a look and feel inconsistent with the other panels.
Upgrades to 6.0 with NICs requiring the old_tulip driver were mismanaged.
The /etc/fetchmail file was not being generated properly, resuting in a failure to download mail from remote POP3 servers.
A potential security vulnerability in the qmail virus scanner was patched.
A potential security vulnerability in the webmail system was patched.
Improvements were made to the reliability of Windows file sharing services.
The success message for the domains panel is now green instead of red.
To prevent denialofservice attacks, a new limiting feature to inbound SMTP connections has been added, defaulting to 40 simultaneous connections.
DNS services now correctly publish virtual domains to the private network.
Using the new ability to change the content of the primary ibay to another ibay resulted in the inability to access the server's other ibays as suburls of the primary domain. This has been fixed.
Roaming profiles for Windows file sharing are no longer enabled by default.
Local passwords were being denied for ftp if the server was configured to accept only local passwords.
This has been fixed. Other minor changes and bugfixes were made.