------------------------------------------------------------ SME Server 6.0 Release notes - Dec 10, 2003 ------------------------------------------------------------ Copyright (C) 1999-2003 Mitel Networks Corporation This is an unsupported developer release of the Mitel Networks SME Server. MITEL NETWORKS DOES NOT PROVIDE ANY SUPPORT FOR THIS DEVELOPER RELEASE. Mitel Networks also sells a commercial release of this software which has additional features and is fully supported by Mitel Networks and its resellers. For details on the commercial release, please visit http://www.mitel.com/6000MAS/ THIS SOFTWARE COMES WITH ABSOLUTELY NO WARRANTY AND IS PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. ------------------------------------------------------------ Mitel Networks is pleased to announce the availability of the final version of the 6.0 SME Server. The changes in this release include engineering improvements, a new look and feel and Spanish language support for the server manager web interface, and the inclusion of a port forwarding panel. Comments or bug reports should be sent to smebugs@mitel.com (and only there, please) Kernel update ------------- - The kernel has been updated to RedHat's 2.4.20-18.7 version, for improved reliability, security and hardware compatibility - The installer now always installs both the SMP and uniprocessor kernels Name server ----------- - The "bind" name server has been replaced by the more reliable and secure tinydns/dnscache program set written by Dan Bernstein. IMAP daemon replacement ----------------------- - The dovecot IMAP daemon (http://dovecot.procontrol.fi/) has been integrated, in place of the previously used University of Washington daemon. Other package updates --------------------- - RedHat 7.3 update packages have been used wherever available. - imp (webmail) has been upgraded to 3.2.1 - the horde framework has been upgraded to 2.2.1 - proftpd has been upgraded to 1.2.9 - Samba has been upgraded to 2.2.8a Changes in Mitel packages ------------------------- - The look and feel of the server manager web interface has been changed - Spanish language support has been added to the server manager - The navigation function of the server manager now includes caching to improve performance, which should be noticeable on lower end hardware. - A port forwarding web interface panel has been included. - A group of infrastructure changes has been introduced which allow a significant reduction in the code in service "interface" packages: - the "primary" file space is now a pre-defined (and unremovable) i-bay - the primary domain appears in the domains database - the local network appears in the networks database. - Many other small changes and bug fixes. See the changelog for individual packages for details. - The default tape format is now 'tar', rather than 'dump'. Old 'dump' tapes will be recognized for restores - The mysql database daemon is configured by default to accept only local connections (i.e. it is not accessible via the network). This is a security precaution. We only use mysql for webmail preferences, and only require access from localhost. If you wish to enable local network access, you can do so via: /sbin/e-smith/config setprop mysqld LocalNetworkingOnly no /sbin/e-smith/expand-template /etc/my.cnf /etc/rc.d/init.d/mysqld restart - A "router" setting must now be defined for any local network. This implies that all "local networks" must truly be local, i.e. not Internet addresses. This change is introduced to strongly discourage insecure configurations. - A transparent SMTP proxy has been added, to force all outgoing SMTP connections to go through the SME server. This feature enhances security with respect to viruses and worms that use SMTP to propagate themselves. If you wish to disable this proxy, you can do so via: /sbin/e-smith/config setprop smtpfront-qmail Proxy disabled /sbin/e-smith/signal-event remoteaccess-update Simplified database initialization and migration ------------------------------------------------ A new system for initializing system databases has been introduced. - For each database, a directory tree /etc/e-smith/db/xxx/migrate may contain template fragments which contain code to perform schema migration between existing database entries and a new format for those entries. - For each database, a directory tree is set up rooted at /etc/e-smith/db/xxx/defaults. Within that directory, directories containing small files set up a set of default property values for a set up database entries. - For each database, a directory tree is set up rooted at /etc/e-smith/db/xxx/force which may contain forced property values for database entries. This directory tree can be used by packages to enforce particular policies. Changes from 6.0beta1 to 6.0beta2 --------------------------------- A big "Thank you" to all of the testers and bug reporters - The "multilink" option has been added to the PPTP configuration. This appears to improve compatibility with Windows XP. - The Samba configuration wrongly enabled netlogons when the domain master setting was disabled - The domains panel now allows domains to be added - The DNS forwarder configuration has been fixed - The Quotas panel and reports now work correctly - The Download option of View Log Files now generates filenames which will be automatically opened in Notepad under Windows XP - Internet Explorer appears to ignore valid HTTP headers. - The dovecot IMAP server has been upgraded with the latest fixes - The generation of usb aliases in /etc/modules.conf has been corrected - The mail button was missing from the IMP address book - Tape restore is now working - A cosmetic startup problem with the 'masq' script has been corrected - Public access to the imap server is now possible (though discouraged) - Icons have been added to the success/failure messages of most panels - The fetchmail/ETRN configuration has been corrected - An error in the dhcpd.conf configuration has been corrected - The 'fr-ca' browser language is now detected correctly as French Changes from 6.0beta2 to 6.0beta3 --------------------------------- A big "Thank you" to all of the testers and bug reporters - The dovecot IMAP server has been upgraded with to the latest version (0.99.10) with a sort-by-date fix applied - Memory limits for IMAP server processes have been relaxed (128MB per process) to allow reliable operation with mailboxes with very large numbers of very large messages - An error with virtual domain to i-bay mapping in httpd.conf has been corrected - Problems with modification of FTP access settings via the remote access panel have been corrected - Remote access to the server manager can now be delegated to single IP addresses (i.e. a netmask of 255.255.255.255) - A number of problems with the merging of exising and restored password, group and smbpasswd files have been resolved. - The startup sequence has been modified so that ctrlaltdel is enabled and logins are setup on tty2 and tty3 before rc7.d services are started. - A problem with caching of group details in the groups panel has been resolved - A problem which caused some services to revert to "private" access during upgrade has been corrected. - dhcpcd is now always disabled in serveronly mode - Spanish localization of the navigation frame has been completed - All newly added users now have a pre-created junkmail IMAP folder - Various problems with the initialization and migration of webmail mysql databases have been corrected - Webmail now allows composition of saved draft messages to be resumed - Delete preferred master and local master settings from smb.conf templates - this allows the samba defaults to do the correct thing - Set wins support to follow domain master setting - Remove explicit fill-in of destination port (if left blank), and update text, in portforwarding panel. - Eliminate duplicate host records in tinydns data file. - Remove intermediate page from logfile download page in viewlogfiles panel. - Add Epoch header to proftpd rpm to allow smooth upgrade over 1.2.5-fr1. - Include RedHat's security update version of unzip. - Miscellaneous other minor bug fixes. See package changelogs for details. Changes from 6.0beta3 to 6.0 final ---------------------------------- A big "Thank you" to all of the testers and bug reporters - Samba's two daemons, smbd and nmbd, are now under supervision such that they will be restarted automatically if they fail for any reason. - A new limiting feature to inbound smtp connections has been added, defaulting to 40 simultaneous connections. - Upgrading by performing a desktop backup, installing 6.0 and restoring the backup broke the trust relationship between the samba server and all clients. This has been fixed. - iptraf has been added to assist in diagnosing network-related issues. - An error in the firewall rules with Stealth enabled has been fixed. - Groups with periods or hyphens in the name were mismanaged by the Users panel. - There was a potential vulnerability in OpenSSL. - If the primary language requested by the browser was not an available translation, the server failed to return any of the lower priority localizations, and the panel was returned with raw lexicon tags. - There was a potential vulnerability in mod_ssl. - There was a potential root exploit in proftpd. - The remove summary on the local networks panel had a look and feel inconsistent with the other panels. - Upgrades to 6.0 with NICs requiring the old_tulip driver were mismanaged. - The /etc/fetchmail file was not being generated properly, resulting in a failure to download mail from remote POP3 servers. - A potential security vulnerability in the webmail system was patched. - Improvements were made to the reliability of Windows file sharing services. - The success message for the domains panel is now green instead of red. - To prevent denial-of-service attacks, a new limiting feature to inbound SMTP connections has been added, defaulting to 40 simultaneous connections. - DNS services now correctly publish virtual domains to the private network. - Using the new ability to change the content of the primary i-bay to another ibay resulted in the inability to access the server's other i-bays as sub-urls of the primary domain. This has been fixed. - Roaming profiles for Windows file sharing are no longer enabled by default. - Local passwords were being denied for ftp if the server was configured to accept only local passwords. This has been fixed. - Other minor changes and bugfixes were made.