e-smith Announce v4.1.1

e-smith Announce v4.1.1

---

Release notes - February 15, 2001

e-smith, inc. is pleased to announce the availability of the e-smith server and gateway version 4.1.1. E-smith 4.1.1 is a bug fix release - see CORRECTIONS and UPDATES below for details.

e-smith version 4.1 contains many new features, as well as many minor improvements and corrections. The documentation has been updated and includes additional information. This release is based on RedHat 7.0, with all available updates, except as noted. General

• The Copyright: and Vendor: tags of all e-smith-xxxx RPMS is set to "Mitel Networks Corporation"
• All e-smith-xxxx RPMS which are licensed under the GPL are marked as such in the License: tag of the RPMS, and include the GPL "COPYING" file

NEW INTERNET CONNECTIVITY OPTIONS 1. PPP over Ethernet

PPP over Ethernet (PPPoE) enables users to connect their e-smith server to the Internet using residential ADSL connections (in addition to the cablemodem, dialup, and other connectivity options that were previously supported).

NEW REMOTE ACCESS FEATURES 1. PPTP based virtual private networking

PPTP enables remote users to connect to their corporate network via their regular ISP Internet connection. The e-smith PPTP configuration uses (and requires) 128-bit encryption to make the connection completely secure and private. PPTP is disabled by default and can be enabled or disabled via the "Remote Access" function in the e-smith manager.

2. Web based email

Web based email enables remote users to access their email from anywhere on the Internet via a web browser (like a secure, private version of Hotmail) using the open-source IMP server application. Users can access their email by visiting the web site "https://www.mycompany.com/webmail" (where "www.mycompany.com" is the users' own web site).

Web based email is disabled by default, but is configurable via the "Other Email Settings" function in the e-smith manager. Access can be enabled via HTTP and HTTPS, or can be restricted to HTTPS for additional security. (HTTPS encrypts the web session using SSL - secure sockets layer - for a secure, private connection. Requires an SSL enabled web browser such as Netscape or Internet Explorer.)

3. SSH remote access

SSH enables remote users to connect to their corporate network via their regular ISP Internet connection using the SSH suite of programs. (See http://www.ssh.com/ and http://www.openssh.com/ for more information about SSH.)

Options allow plain password or secure key authentication, and enable or disable root logins. SSH is disabled by default, and can be enabled via the "Remote Access" function in the e-smith manager.

NEW DATA PROTECTION FEATURES 1. RAID-1 support (disk mirroring)

RAID-1 support enables the e-smith server to use dual hard disks, and writes all data to both disks during server operation. This protects against loss of data in the event of a hard disk failure, and also tends to improve system performance because data can be read from both disks in parallel.

e-smith 4.1 supports both hardware RAID-1 controllers and software RAID-1 configurations (simply connect two hard drives to your e-smith server and select software RAID-1 during installation). The two hard drives should be the same size (the RAID size will be as large as the smallest disk).

2. Tape backup

The e-smith manager has a new "Backup and restore" function to configure tape backup to run daily at a specified time using the flexbackup program. Restoring from tape backups can now be done via the "Restore from tape" function. All SCSI tape drives are supported, as well as the following IDE drives:

• Seagate STT220000A Hornet 20GB IDE Tape Drive
• HP SureStore T20XAI 20GB IDE Tape Drive
• other models to be announced...

3. Reinstall floppy diskette

The "reinstall floppy diskette" function allows you to create a customized floppy diskette that can be used to perform future e-smith installations that automatically restore the system configuration. Note: User data is NOT backed up when using the reinstall floppy.

SECURITY ENHANCEMENTS 1. Packet filtering (IPchains) rules have been added to provide another

layer of security filtering.

2. Email (SMTP) server changes allow for tighter anti-spam rules.

3. User accounts are now locked when first created, and unlocked when

the password is first changed.

4. All of the latest available software updates and security fixes are

included for the software packages used by e-smith.

Exceptions:

• RedHat has released a kernel update 2.2.17-14. This update fixes a number of vulnerabilities which do not affect the e-smith server, as they require local shell access to be exploited. This kernel is also incompatible with a number of e-smith specific modifications.
• RedHat has released an updated version of glibc (2.2-12) which fixes a number of vulnerabilities which do not affect the e-smith server, as they require local shell access to be exploited. As RedHat also split the glibc into glibc-common and glibc RPMs, and did not specify dependency relationships correctly, these new RPMs could not be used on a fresh installation. They can, however, safely be applied as an update.
• RedHat has released PHP updates to address a number of security and reliability issues. These issues do not affect the webmail application which is included in the e-smith 4.1 software. Conversely, the updated PHP RPMs do not work correctly withe IMP webmail software. If you run other PHP software, you should evaluated the RedHat advisary and apply the PHP updates if security would otherwise be compromised.

5. FTP has a new setting to limit access to the FTP server.

6. Telnet has a new setting to enable/disable administrative command

line access.

7. FTP support has been updated to latest ProFTPd release.

ADDITIONAL SOFTWARE Several open source applications used by e-smith 4.1 are included with this product. However e-smith only provides support for the applications as used by e-smith 4.1.

1. Apache web server is now SSL enabled (a certificate is automatically

created for each virtual domain declared by the user), and supports PHP scripting. PHP is an HTML-embedded scripting language (see http://www.php.net for more information).

2. MySQL database server is included and automatically enabled. MySQL

is a multi-threaded, multi-user, SQL (Structured Query Language) database server (see http://www.mysql.com for more information).

MISCELLANEOUS OTHER ENHANCEMENTS 1. New "upgrade" option enables users to upgrade an older version of

e-smith without erasing existing data.

2. Many improvements to the e-smith console (for initial server

configuration). Dialogs are presented in a more logical sequence, and the e-smith manager and on-line documentation can both be accessed via the console (using a text mode web browser).

3. Improved ethernet auto-detection, with many additional ethernet

cards supported.

4. Reboots are now required only if hostname, domain name, system mode

or network interface parameters are changed. Other configuration changes are made without rebooting the server.

5. New e-smith manager function enables users to view mail server

statistics.

6. Support for definition of local and remote network hostnames and

addresses.

7. New "pseudonyms" function in the e-smith-manager allows the creation

of additional email addresses which automatically forward email to existing users or groups. The pseudonym "everyone" is automatically declared to forward email to every user account (accessible only from the local network).

8. The H323 IP masquerading module has been installed, enabling the use

of popular videoconferencing software packages on the local network which use this protocol (calls can be initiated from behind the e-smith server and gateway, but cannot be received).

9. An ICQ IP masquerading module has been installed, enabling the use

of ICQ 99x compatible clients on the local network.

10. The i-bay setting "public access via web or anonymous ftp" has been

changed slightly. If this parameter is set to "None" (i.e. the user does not want to provide any access to the i-bay via the web), then Samba and Netatalk are reconfigured to define their root as the "files" subdirectory within the i-bay, making them act more like an ordinary Windows shared directory. (As a consequence of this change, any applications using a mapping directly to the i-bay network share will need to be changed to "sharename/" instead of "sharename/files/".)

11. New services model for starting/restarting/stopping services (for

developers only - not normally supported for e-smith customers).

12. Hard disk optimization available for IDE disk drives.

13. Customizable email virtual domain handling (for developers only -

not normally supported for e-smith customers).bled via the "Remote Access" function in the e-smith manager.

CORRECTIONS AND UPDATES 1. The following RPMS contained kernel modules which were not correctly

built for operation with the SMP kernel:

ppp appletalk-fixed ip_masq_h323 ip_masq_icq

These have now been built correctly and operate with the SMP kernel.

2. The DNS resolution daemon named was restarted too late in the boot

process to be used by the Dynamic DNS client used to register new external IP addresses. The bootup sequence has been started to bring up the loopback interface and start named before any other network interfaces are initialised.

3. Some configuration of tape backup drives was not correctly restored

after a tape restore, and tape backups would not resume until the tape drive was reconfigured via the web interface. This has been corrected.

---

Back to the Documentation