Topic: A bunch of questions.

[Troels]

Hi Everyone,

I have a couple of questions:

First Question:
If a spammer is sending an email to a user account that does not exist on my server, what happens if i choose the reject option?. I believe that the "return to sender option" is a bad option, because a spammer could just fake his mail address, and then I would become the spammer right?. Would it possible to just drop the mail (send it to /dev/null ). Maybe this is handled by spamassasin in version 7.2, or is it?

Next question:
I only need the e-mail/webmail portion of the SME-Server is it possible to disable the unneeded services, such as apple talk, smb shares, primary website etc..

Third question:
Is it possible to put a quota on the amount of log data generated. The reason for wanting this is: if my server was under attack it would generate huge amounts log data, and eventually fill up the root partition, normally i would put the logs on a separate partition to prevent this.

[mmccarn]

First Question:
If a spammer is sending an email to a user account that does not exist on my server, what happens if i choose the reject option?. I believe that the "return to sender option" is a bad option, because a spammer could just fake his mail address, and then I would become the spammer right?. Would it possible to just drop the mail (send it to /dev/null Smile). Maybe this is handled by spamassasin in version 7.2, or is it?

If you set "E-mail to unknown users" to "reject", then SME will generate an SMTP error to the sending server as soon as the offending RCPT TO is received.  This is the best option, in my opinion; there never is an "email" to worry about or to send to null, it is simply refused by your SME.
Some more info: http://wiki.contribs.org/Email#qpsmtpd

Next question:
I only need the e-mail/webmail portion of the SME-Server is it possible to disable the unneeded services, such as apple talk, smb shares, primary website etc..

Sorry, no simple answer here.  With some trial and error you could test disabling services one by one until you get to the configuration you're hoping for using config setprop servicename status disabled, but beware of unintended side-effects - if you disable "httpd-e-smith" (in order to disable the Primary i-bay) then webmail won't work any more either.  SME is designed to be stable and secure "out of the box"; if you pick a good root password, disable ssh password logins, keep your patches up to date, don't install everything ever mentioned in the forums, and don't add "0.0.0.0/0" to your "local networks", you'll stay secure.

Third question:
Is it possible to put a quota on the amount of log data generated. The reason for wanting this is: if my server was under attack it would generate huge amounts log data, and eventually fill up the root partition, normally i would put the logs on a separate partition to prevent this.

SME log files are already size-limited.  Most SME services use multilog, which rotates logs according to file size rather than date (keep x log files with maximum size y).  If you are attacked you risk losing log file depth but not disk space.  The largest log file collection on any of my SME servers is just over 500MB.
For more info take a look at http://wiki.contribs.org/Log_Files

[Troels]

Hi mmccarn,

Thank you for your quick response.

If you set "E-mail to unknown users" to "reject", then SME will generate an SMTP error to the sending server as soon as the offending RCPT TO is received.  This is the best option, in my opinion; there never is an "email" to worry about or to send to null, it is simply refused by your SME.
Some more info: http://wiki.contribs.org/Email#qpsmtpd

OK, so this takes care of the obvious spammers.

Sorry, no simple answer here.  With some trial and error you could test disabling services one by one until you get to the configuration you're hoping for using config setprop servicename status disabled, but beware of unintended side-effects - if you disable "httpd-e-smith" (in order to disable the Primary i-bay) then webmail won't work any more either.  SME is designed to be stable and secure "out of the box"; if you pick a good root password, disable ssh password logins, keep your patches up to date, don't install everything ever mentioned in the forums, and don't add "0.0.0.0/0" to your "local networks", you'll stay secure.

For the Primary I-Bay, i think the solution then must be to make a HTML script that redirects the incoming requests to /webmail instead.

SME log files are already size-limited.  Most SME services use multilog, which rotates logs according to file size rather than date (keep x log files with maximum size y).  If you are attacked you risk losing log file depth but not disk space.  The largest log file collection on any of my SME servers is just over 500MB.
For more info take a look at http://wiki.contribs.org/Log_Files

I have been looking at the link, but i cannot find anything on size limits, but a lot of other useful information though.

New question:
I have successfully been able to restore a SME server using Darryl's backup2ws, but this tool doesn't give a very fine grained control of what to restore. Say if i would restore a couple of mails from a single user that lies on an old backup, how can i do that?. I have looked under the /home/e-smith/users/username/, but i cant figure out what to copy where. If I could figure this out, then SME Server is the mailserver that i need 

[CharlieBrady]

I have successfully been able to restore a SME server using Darryl's backup2ws, but this tool doesn't give a very fine grained control of what to restore. Say if i would restore a couple of mails from a single user that lies on an old backup, how can i do that?.

Base SME server software does not include any provision for selective restoring of files. You should be able, however, to extract files you are interested in from the backup file or files, using archive manipulation software on the workstation.

[mmccarn]

SME log files are already size-limited.  Most SME services use multilog, which rotates logs according to file size rather than date (keep x log files with maximum size y).  If you are attacked you risk losing log file depth but not disk space.  The largest log file collection on any of my SME servers is just over 500MB.
For more info take a look at http://wiki.contribs.org/Log_Files

I have been looking at the link, but i cannot find anything on size limits, but a lot of other useful information though.

Yeah - each service is configured individually, and the only one I've examined deeply (qpsmtpd) is not templated so changing the defaults gets tricky.

multilog keeps the last 10 logs by default; you can change this by adding "n##" to the desired /var/service/*/log/run file.  The default size for each logfile is 5,000,000 bytes.  This can be changed by editing the existing "s5000000" in the same /var/service/*/log/run files.
Here is the output of grep /usr/local/bin/multilog /var/service/*/log/run

Code: [Select]

/var/service/clamd/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/cvm-unix-local/log/run:    /usr/local/bin/multilog t s5000000      \
/var/service/dhcpd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/dnscache.forwarder/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/dnscache/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/freshclam/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/ftp/log/run:    /usr/local/bin/multilog t s5000000 \
/var/service/httpd-admin/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/imap/log/run:    /usr/local/bin/multilog t s5000000        \
/var/service/imaps/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/ippp/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/mysqld/log/run:     /usr/local/bin/multilog t s5000000  \
/var/service/nmbd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/ntpd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/pop3/log/run:    /usr/local/bin/multilog t s5000000        \
/var/service/pop3s/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/pptpd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/proftpd/log/run:    /usr/local/bin/multilog t s5000000     \
/var/service/qmail/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/qpsmtpd/log/run:    /usr/local/bin/multilog t s5000000     \
/var/service/radiusd/log/run:    /usr/local/bin/multilog t s5000000     \
/var/service/raidmonitor/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/smbd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/smtp-auth-proxy/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/spamd/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/sqpsmtpd/log/run:    /usr/local/bin/multilog t s5000000    \
/var/service/squid/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/sshd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/tinydns/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/ulogd/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/wan/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/yum/log/run:    /usr/local/bin/multilog t s5000000 \
Here's a note on how I changed the number of log files retained from 10 to 50 a while ago: http://forums.contribs.org/index.php?topic=32853.msg139334#msg139334

New question:
I have successfully been able to restore a SME server using Darryl's backup2ws, but this tool doesn't give a very fine grained control of what to restore. Say if i would restore a couple of mails from a single user that lies on an old backup, how can i do that?. I have looked under the /home/e-smith/users/username/, but i cant figure out what to copy where. If I could figure this out, then SME

Each user's email is stored in /home/e-smith/files/users/<username>/Maildir
Under Maildir you will have 3 directories - "cur", "tmp" and "new".  Everything you've ever seen in your email client will be in the "cur" folder.
Other IMAP folders you create will be under Maildir with a name beginning with a dot.  "junkmail" will be in the .../Maildir/.junkmail folder, for example. Inside each folder you will again have "cur", "tmp" and "new".

I haven't used backup2ws lately, so I'm not sure how to restore an email or two.  If I remember correctly, backup2ws creates a gzip'ed tar file and puts it on your workstation.  If I wanted just a few emails I'd try:

* opening the backup using a current copy of 7zip or pkzip, then see if I can locate the desired files and use WinSCP to put them back into the user's mail folder.  (perhaps they should go into "new" so that the IMAP indexes get properly maintained - but that's a complete guess). 

* If that didn't work I'd copy the backup file onto my SME and try to learn enough about tar to extract just a few files, or I'd load up cygwin on my Windows workstation and try to extract the emails there.

* If I had a spare system around, or a vmware image of SME, I might restore the backup to the spare or virtual server, then use imapcopy to copy the desired emails.

Personally, I use Affa for backups, so I could just browse to the backup folder containing my emails and copy them wherever I want...

And of course, once you find the right solution, document it somewhere appropriate in the Wiki

[dmay]

I haven't used backup2ws lately,

and no one should as backup2ws is VERY deprecated. Upgrade to smeserver-dar2. This contrib uses 'dar' not tar/gzip. It is very easy to restore individual files using the server-manager panel or the mc-dar2 plugin which gives you visual access to your archive internal directory and file tree.

Darrell

[raem]

Troels

If you do selectively restore email messages (files), either as a logged in user on a workstation or as root user on the server, then make sure you change the ownership to the actual user, or your email clients won't be able to read those messages.
ie
cd /home/e-smith/files/users/username/Maildir/new
chown username:username *

[Troels]

I have been looking at the link, but i cannot find anything on size limits, but a lot of other useful information though.
Yeah - each service is configured individually, and the only one I've examined deeply (qpsmtpd) is not templated so changing the defaults gets tricky.

multilog keeps the last 10 logs by default; you can change this by adding "n##" to the desired /var/service/*/log/run file.  The default size for each logfile is 5,000,000 bytes.  This can be changed by editing the existing "s5000000" in the same /var/service/*/log/run files.
Here is the output of grep /usr/local/bin/multilog /var/service/*/log/run

Code: [Select]

/var/service/clamd/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/cvm-unix-local/log/run:    /usr/local/bin/multilog t s5000000      \
/var/service/dhcpd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/dnscache.forwarder/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/dnscache/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/freshclam/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/ftp/log/run:    /usr/local/bin/multilog t s5000000 \
/var/service/httpd-admin/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/imap/log/run:    /usr/local/bin/multilog t s5000000        \
/var/service/imaps/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/ippp/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/mysqld/log/run:     /usr/local/bin/multilog t s5000000  \
/var/service/nmbd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/ntpd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/pop3/log/run:    /usr/local/bin/multilog t s5000000        \
/var/service/pop3s/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/pptpd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/proftpd/log/run:    /usr/local/bin/multilog t s5000000     \
/var/service/qmail/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/qpsmtpd/log/run:    /usr/local/bin/multilog t s5000000     \
/var/service/radiusd/log/run:    /usr/local/bin/multilog t s5000000     \
/var/service/raidmonitor/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/smbd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/smtp-auth-proxy/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/spamd/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/sqpsmtpd/log/run:    /usr/local/bin/multilog t s5000000    \
/var/service/squid/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/sshd/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/tinydns/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/ulogd/log/run:    /usr/local/bin/multilog t s5000000       \
/var/service/wan/log/run:    /usr/local/bin/multilog t s5000000  \
/var/service/yum/log/run:    /usr/local/bin/multilog t s5000000 \
Here's a note on how I changed the number of log files retained from 10 to 50 a while ago: http://forums.contribs.org/index.php?topic=32853.msg139334#msg139334
Each user's email is stored in /home/e-smith/files/users/<username>/Maildir
Under Maildir you will have 3 directories - "cur", "tmp" and "new".  Everything you've ever seen in your email client will be in the "cur" folder.
Other IMAP folders you create will be under Maildir with a name beginning with a dot.  "junkmail" will be in the .../Maildir/.junkmail folder, for example. Inside each folder you will again have "cur", "tmp" and "new".

I haven't used backup2ws lately, so I'm not sure how to restore an email or two.  If I remember correctly, backup2ws creates a gzip'ed tar file and puts it on your workstation.  If I wanted just a few emails I'd try:

* opening the backup using a current copy of 7zip or pkzip, then see if I can locate the desired files and use WinSCP to put them back into the user's mail folder.  (perhaps they should go into "new" so that the IMAP indexes get properly maintained - but that's a complete guess). 

* If that didn't work I'd copy the backup file onto my SME and try to learn enough about tar to extract just a few files, or I'd load up cygwin on my Windows workstation and try to extract the emails there.

* If I had a spare system around, or a vmware image of SME, I might restore the backup to the spare or virtual server, then use imapcopy to copy the desired emails.

Personally, I use Affa for backups, so I could just browse to the backup folder containing my emails and copy them wherever I want...

And of course, once you find the right solution, document it somewhere appropriate in the Wiki

Good to know that there is a size limit and rotation system on the log files. As for backup and restore I have tried different types, the last couple of days. I used Darrells smeserver-dar2 with success. The following types i did was:
1. Full backup / restore
2. One mail restore from backup, and I could even move this mail to another users mailbox, and read it there Great!. When I get the time i will document this process in the wiki.