Topic: SME Server using Satellite Link

[RGlenister]

Good Afternoon All,

I have recently setup a SME server after using Redhat / Fedora in the past.

The setup that I have is rather strange and I am looking for some guidance if at all possible. (I have seen some of the great advice on here already!)

I have setup mail accounts on the SME server which connect to the company exchange server using a multi-drop POP account (I know this is not ideal, but there is only ever going to be 6 users.) So far the setup works fine but this is only the beginning of my problems.

The server is being built to act as an email / file server on a boat that the company own. This will get its internet connection via an Inmarsat Fleetbroadband Satellite connection using a Thrane & Thrane router. The router (It is not actually called a router but for the purpose of this it is acting as a router) will accept PPPOE to activate / deactivate the connection.

The reason for needing to activate / deactivate the connection is the $9 per MB charge for data!

What I am looking to do (and I have spent hours trying to work out how) is to get SME to connect, send & receive email then disconnect (Due to the above mentioned charges!). The only two ways to activate / deactivate the connection is either via the web interface or PPPOE. What I was looking to do is either write a script or get “Fetchmail” to do the connecting / disconnecting but I seem to have come to a stop.

Any advice would be greatly appreciated!

Kind Regards,

Roy.

[RGlenister]

Please help.  (The boat is due to sail in the next couple of days!)

[mmccarn]

Note: these notes probably don't include everything you should do!

According to http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter5#Configuring_the_Server_for_Server_and_Gateway_Mode_-_Dialup_Access, you can configure your SME for 'server and gateway mode - dialup access', then set the dialup connection to the 'short' policy, and the system will connect when requested, then disconnect 3min after the last http access or 30 seconds after the last other (non-http) access.

Once you've done that, you'll need to configure 'fetchmail' to run as frequently as you want, then locate and turn off any auto-update features (yum update checking, smolt check-in, clam updates, spamassassin updates, etc).

If there will be windows (or mac) workstations behind the SME, you'll want to turn off all the auto-update features on these boxes, too.  You might consider blocking all out-bound traffic from workstations as described in http://wiki.contribs.org/Firewall#Block_outgoing_ports

Finally, when I set this up years ago I modified the default squid settings to use a larger cache and cache larger files - you may get some useful hints from http://wiki.contribs.org/Squid#Caching_WindowsUpdate_download_.28and_others_too.29

Once you think you have it setup, fire up 'iptraf' on the SME, or connect through some connection that will give you traffic stats, and see how much traffic you generate.

[RGlenister]

Thank you for your reply.

I have explored the Dialup feature but I am not sure if this will be usable (The only way I know of starting the connection is PPPOE at the moment).

I am waiting for the supplier of the equipment to respond with some details of how to activate the connection.

The SME server is currently behind a firewall router which is blocking all ports except 25, 110 & 53 (DNS) so I have not currently shut down any running processes. On a slight side note, could you please advise how to stop certain services from starting at boot?

Thanks for your help!

[CharlieBrady]

On a slight side note, could you please advise how to stop certain services from starting at boot?

I'll show you how to search for that information:

http://lmgtfy.com/?q=site%3Acontribs.org+stop+certain+services+from+starting+at+boot

or, a little more information can be found via:

http://lmgtfy.com/?q=site%3Acontribs.org+disable+services

[RGlenister]

Good Morning,

Thanks for that.. Not so sure the sarcastic way of showing me was overly nice though.

I have googled the issue of services starting but I am looking more for what services actually use the internet.

I will do some more research myself today. (I am trying to set this up and work at the same time!)

[mmccarn]

I am pretty sure I was using "server and gateway mode - dialup access" using a PPPoE connection to a dual ISDN router - but this was 9 or 10 years ago on SME 6.0.1.  It's possible that I had my ISDN modem setup to disconnect on inactivity, with the SME server in 'server-only' mode.

When my current SME 7.5.1 server was configured for PPPoE, my internet connection was named "ppp0", so I think the PPPoE connection is using the dialup code to control connections.

If you aren't able to set the dialup profile (with timeouts, etc), you should still be able to setup your SME for PPPoE then customize the persistence and timeout values of the connection as follows:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ppp0
cd /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ppp0
cp /etc/e-smith/templates/etc/sysconfig/network-scripts/ifcfg-ppp0/00default 00default
then edit /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ppp0/00default. 

Looking at http://linux.die.net/man/5/pppoe.conf, I think you can get what you want by adding the following lines:

Code: [Select]

DEMAND=30
PPPOE TIMEOUT=30
Expand the templates and restart the network when you're done with signal-event console-save
signal-event remoteaccess-update

If you have any errors, you can completely un-do these mods using:

Code: [Select]

rm -f /etc/e-smith/templates-custom/etc/sysconfig/network-scripts/ifcfg-ppp0/00default
signal-event console-save
signal-event remoteaccess-update

If all else fails, you can tell the crew to unplug the network cable between the SME and the Thrane & Thrane when they're not using it...

[RGlenister]

Thank you! That has given me a lot to work from.

I have one more thing that I am trying to achieve.

On previous versions of Linux I have used if I wanted to do anything, I would edit / add commands into the config file etc. What I would ideally like to do is run a Cron job which runs “Fetchmail” but have fetchmail call for the connection, then close it afterwards.

That way, I will not have to worry too much about other services using the connection as the connection will only be active when mail is being received / sent.

I can't rely on the crew to unplug.. I wish!

I know I am not making too much sense, but I am trying to do too much at once!

[RGlenister]

OKay.. I have found some commands that might help me.. I have found adsl-start etc.. The problem I have is I need to know that mail has finished sending etc before disconnecting.

I also will need to ensure that nothing else is trying to use the connection (I am not too sure exactly what will try to access the net.)

I know it sounds like I am being overly fussy, but if I get this wrong, it will be a VERY expensive mistake at $9 per MB!

[purvis]

Well testing cost money and you will learn quickly and maybe get some support when a  large bill comes in.

How about this, some basic routers let you set access by time, ok i know that is not what you want.
How about this, turn on and off the ethernet port using ifdown and ifup.
Could you use "ethtools -S eth0" to see how much ethernet activity is being sent by comparing periods.
Yes, scripts might be your answer.
Is there a way to find how much traffic comes across a particular port?
Also you may want to monitor any errors and retransmissions of an ethernet port.
Can email activity be forced to retry on demand.
Do you need SME server, look at PROXY+ for windows.
Get some sleep, i doubt you complete  what you want in a short period of time.
Wish i could help you more.

[RGlenister]

Thank you for your reply.

I will be leaving my current employer a week today.. I am under pressure to finish this before I leave. I have no problem setting up the server on the boat.. I would just like a list of services that demand internet access (Updates etc) so I can disable. (I have searched and searched for this but can't seem to find a list!)

I will then install, and as harsh as it sounds, it will no longer be my problem!

[purvis]

I just shopped internet by satellite prices.
I saw some plans that where much cheaper than 9 dollars per MB.
Of course there is the equipment to purchase.
Maybe it is time to have an alternative second satellite system or replace the one being used.

Some promises we make are hard to keep when there are other things beyond our control.
If the people cannot push a computer button on and off to the server , that is their problem.
I believe you have to too much to learn in too short of a time, plus the help you will get on any forum is not tied to your time frame.

I do like your questions on turning off services.
Please write back when you are done and share some information on what you where able and not able to do.

 

[mmccarn]

To find services that run "in the background" on  your SME, dig through the files and scripts in
  /etc/cron.d
  /etc/cron.daily
  /etc/cron.hourly
  /etc/cron.weekly
  /etc/cron.monthly

and the template fragments that make up /etc/crontab, which you'll find in:
  /etc/e-smith/templates/etc/crontab

If you *only* need email on the SME, you could do this:
* Configure SME and fetchmail, get everything working
* Reconfigure SME as "serveronly" using an imaginary default gateway (so that all traffic goes nowhere by default)
* locate the script used to fetch mail (/etc/startmail?)
* write your own script that:
- checks to see if it is already running; if it is running:
  - send a warning email to someone who is responsible locally
  - abort (or possibly force the open connection to close, then abort)
- if it is not running:
  - start the PPPoE interface
  - set a route *for the mail server only* through the PPPoE interface (rather than a "default route")
  - run the script that fetches mail
  - either wait for fetchmail to complete, or check to see if fetchmail is still running every 15 seconds or so.  when fetchmail is complete:
    - drop the extra route
    - drop the PPPoE connection
   
You may not need to do the "route" stuff I've described here - you may only need to define a "local network" in server-manager consisting of the ip address of the mail server with a netmask of "255.255.255.255" and a gateway IP of the thrane & thrane pppoe IP address.  That is, if the SME server's PPPoE IP address is "10.1.10.100", the gateway for this "local network" would probably be "10.1.10.1"

[purvis]

thank you mmccarn, i needed that info as well on one of my projects.


 RGlenister
also you might want to consider a paid mx backup.
Dyndns.com has what use to be called "MailHop", now i believe it is called "SendLabs Mx Backup"
I purchased this service last year for an office where we host our own email server for the branch office and we where having the most terrible time with out internet provider being down a lot then even days.
I have all my domains registered there at Dyndns.com and they provide all my internet DNS services.
Even thought now my services from them is up there in dollars, they have always talked to me for how ever long it took when i was just a tiny customer.
They have always not been the cheapest, but if service counts, they maybe able to help you out.
Give them a call.
And by the way, it is going to cost me 40 dollars a year to renew the mx backup service for two years and that renewal comes up next week.

[RGlenister]

Good Morning All,

Thank you for all your help. It turns out, none of it was needed as I have been informed that it would actually be cheaper if the connection was always on, as we get charged a connection charge!

I have everything working fine, except for one thing.

I have all ports blocked except the ports that are needed. I have allowed the IP address of the company to access the server-manager and if I remove the port block, it works fine.

If I block all the ports again, it stops! Now.. I have allowed port 443 through the firewall. I am confused.. Does server-manager use more than one port? (As it works without the port restrictions in place.)

Thanks!