------------------------------------------------------------
E-SMITH SERVER AND GATEWAY 4.1
Release notes - February 12, 2001
------------------------------------------------------------
e-smith, inc. is pleased to announce the availability of the e-smith
server and gateway version 4.1.
e-smith version 4.1 contains many new features, as well as many minor
improvements and corrections. The documentation has been updated and
includes additional information. This release is based on RedHat 7.0,
with all available updates, except as noted.
NEW INTERNET CONNECTIVITY OPTIONS
1. PPP over Ethernet
PPP over Ethernet (PPPoE) enables users to connect their e-smith
server to the Internet using residential ADSL connections (in
addition to the cablemodem, dialup, and other connectivity options
that were previously supported).
NEW REMOTE ACCESS FEATURES
1. PPTP based virtual private networking
PPTP enables remote users to connect to their corporate network via
their regular ISP Internet connection. The e-smith PPTP
configuration uses (and requires) 128-bit encryption to make the
connection completely secure and private. PPTP is disabled by
default and can be enabled or disabled via the "Remote Access"
function in the e-smith manager.
2. Web based email
Web based email enables remote users to access their email from
anywhere on the Internet via a web browser (like a secure, private
version of Hotmail) using the open-source IMP server
application. Users can access their email by visiting the web site
"https://www.mycompany.com/webmail" (where "www.mycompany.com" is
the users' own web site).
Web based email is disabled by default, but is configurable via the
"Other Email Settings" function in the e-smith manager. Access can
be enabled via HTTP and HTTPS, or can be restricted to HTTPS for
additional security. (HTTPS encrypts the web session using SSL -
secure sockets layer - for a secure, private connection. Requires an
SSL enabled web browser such as Netscape or Internet Explorer.)
3. SSH remote access
SSH enables remote users to connect to their corporate network via
their regular ISP Internet connection using the SSH suite of
programs. (See http://www.ssh.com/ and http://www.openssh.com/ for
more information about SSH.)
Options allow plain password or secure key authentication, and
enable or disable root logins. SSH is disabled by default, and can
be enabled via the "Remote Access" function in the e-smith manager.
NEW DATA PROTECTION FEATURES
1. RAID-1 support (disk mirroring)
RAID-1 support enables the e-smith server to use dual hard disks,
and writes all data to both disks during server operation. This
protects against loss of data in the event of a hard disk failure,
and also tends to improve system performance because data can be
read from both disks in parallel.
e-smith 4.1 supports both hardware RAID-1 controllers and software
RAID-1 configurations (simply connect two hard drives to your
e-smith server and select software RAID-1 during installation). The
two hard drives should be the same size (the RAID size will be as
large as the smallest disk).
2. Tape backup
The e-smith manager has a new "Backup and restore" function to
configure tape backup to run daily at a specified time using the
flexbackup program. Restoring from tape backups can now be done via
the "Restore from tape" function. All SCSI tape drives are
supported, as well as the following IDE drives:
- Seagate STT220000A Hornet 20GB IDE Tape Drive
- HP SureStore T20XAI 20GB IDE Tape Drive
- other models to be announced...
3. Reinstall floppy diskette
The "reinstall floppy diskette" function allows you to create a
customized floppy diskette that can be used to perform future
e-smith installations that automatically restore the system
configuration. Note: User data is NOT backed up when using the
reinstall floppy.
SECURITY ENHANCEMENTS
1. Packet filtering (IPchains) rules have been added to provide another
layer of security filtering.
2. Email (SMTP) server changes allow for tighter anti-spam rules.
3. User accounts are now locked when first created, and unlocked when
the password is first changed.
4. All of the latest available software updates and security fixes are
included for the software packages used by e-smith.
Exceptions:
- RedHat has released a kernel update 2.2.17-14. This update fixes
a number of vulnerabilities which do not affect the e-smith
server, as they require local shell access to be exploited. This
kernel is also incompatible with a number of e-smith specific
modifications.
- RedHat has released an updated version of glibc (2.2-12) which
fixes a number of vulnerabilities which do not affect the e-smith
server, as they require local shell access to be exploited. As RedHat
also split the glibc into glibc-common and glibc RPMs, and did not
specify dependency relationships correctly, these new RPMs could not
be used on a fresh installation. They can, however, safely be applied
as an update.
- RedHat has released PHP updates to address a number of security and
reliability issues. These issues do not affect the webmail application
which is included in the e-smith 4.1 software. Conversely, the updated
PHP RPMs do not work correctly withe IMP webmail software. If you run
other PHP software, you should evaluated the RedHat advisary and apply
the PHP updates if security would otherwise be compromised.
5. FTP has a new setting to limit access to the FTP server.
6. Telnet has a new setting to enable/disable administrative command
line access.
7. FTP support has been updated to latest ProFTPd release.
ADDITIONAL SOFTWARE
Several open source applications used by e-smith 4.1 are included with
this product. However e-smith only provides support for the applications
as used by e-smith 4.1.
1. Apache web server is now SSL enabled (a certificate is automatically
created for each virtual domain declared by the user), and supports
PHP scripting. PHP is an HTML-embedded scripting language (see
http://www.php.net for more information).
2. MySQL database server is included and automatically enabled. MySQL
is a multi-threaded, multi-user, SQL (Structured Query Language)
database server (see http://www.mysql.com for more information).
MISCELLANEOUS OTHER ENHANCEMENTS
1. New "upgrade" option enables users to upgrade an older version of
e-smith without erasing existing data.
2. Many improvements to the e-smith console (for initial server
configuration). Dialogs are presented in a more logical sequence,
and the e-smith manager and on-line documentation can both be
accessed via the console (using a text mode web browser).
3. Improved ethernet auto-detection, with many additional ethernet
cards supported.
4. Reboots are now required only if hostname, domain name, system mode
or network interface parameters are changed. Other configuration
changes are made without rebooting the server.
5. New e-smith manager function enables users to view mail server
statistics.
6. Support for definition of local and remote network hostnames and
addresses.
7. New "pseudonyms" function in the e-smith-manager allows the creation
of additional email addresses which automatically forward email to
existing users or groups. The pseudonym "everyone" is automatically
declared to forward email to every user account (accessible only
from the local network).
8. The H323 IP masquerading module has been installed, enabling the use
of popular videoconferencing software packages on the local network
which use this protocol (calls can be initiated from behind the
e-smith server and gateway, but cannot be received).
9. An ICQ IP masquerading module has been installed, enabling the use
of ICQ 99x compatible clients on the local network.
10. The i-bay setting "public access via web or anonymous ftp" has been
changed slightly. If this parameter is set to "None" (i.e. the user
does not want to provide any access to the i-bay via the web), then
Samba and Netatalk are reconfigured to define their root as the
"files" subdirectory within the i-bay, making them act more like an
ordinary Windows shared directory. (As a consequence of this change,
any applications using a mapping directly to the i-bay network share
will need to be changed to "sharename/" instead of
"sharename/files/".)
11. New services model for starting/restarting/stopping services (for
developers only - not normally supported for e-smith customers).
12. Hard disk optimization available for IDE disk drives.
13. Customizable email virtual domain handling (for developers only -
not normally supported for e-smith customers).