Topic: first experiences with SME 6.5 Beta1

[slords]

OK, then please tell me, why you have not updated openSSH and ZLib, which can be found in the smeplus script and there being considered as security fixes?

Why do you think these are necessary.  What research have you done to verify that the security patches haven't been backported into the current packages included.  You can't trust the version numbers to tell you if a security patch has been applied or not. (btw this is all rkhunter does)

-kernel-2.4.20-18.7.i386.rpm
+kernel-2.4.20-37.7.legacy.i386.rpm

Is any S-ATA support added here now?

Unless the stock RH kernel supports SATA then no we don't support that yet.  When we move to RHEL4/CentOS4 then the support should be there.

Additionally, I think, that SMTP Auth towards the provider is very important, and since I have written an article about SME server for a german network magazine and have searched for a solution to send mails to the provider, which - at least in Germany - are using SMTP Auth, I can state, that there is no (legally available) solution to get this to work.

You are more then welcome to develop this support and suggest that it be included in the next distro.  As far as I know, no one has stepped up and found a way to reliably do this and provide a panel to configure it.

Why would you release a beta with known vulnerabilities ?

Back on your high horse again Dick.  You always seem to come in saying that this is vulnerable and this has problems.  If you have so much experience in all of this why don't you quit your complaining and start helping.  You have been asked many times to point out problems or security issues and have yet to step up and do either.

Whenever I have released betas in the past I've always - always - had latest shipping versions of stable services in them so as then to make sure testing 1) worked 2) could be documented.

This is exactly what we have done.  If you look at the fedoralegacy and what we have they are identical.  Just because there is a newer version out there doesn't make it necessary or more stable.

Will 6.5 include the hard work of Jesper K etc etc or is that seen as then competing with a Lycoris version that could be easily handbuilt anyway from scripts I assume Jesper will eventually modify.

He is welcome to modify his script to work with 6.5.  The reason that many of the packages in that script weren't included was because they aren't really necessary (security fixes, see version crap above), or the contrib packages aren't integrated very well with the template system, or are extras that may either affect stability or security of the base distro.

Not overly impressed so far and only 15 mins into testing.

Well since you are never impressed with anything anyone but you does this really doesn't hold much weight with me and probably a lot of others.  Please either be a contributing member of this community or go crawl back in your hole.

-Shad

[smeghead]

.. to achieve the best support for SATA it looks like the kernel will need to be 2.4.27 or newer:

http://www.linuxmafia.com/faq/Hardware/sata.html

[wallyrp]

Good Afternoon,

I don't know if anyone has been keeping up with the kernel iso that has been recently released from I believe skavenger? I know it has some SATA support but I'm not sure as to where it will go. I understand that the Official community release may not ever support SATA until the porting over to CENTOS but would exchanging any information with skavenger's release be any help to upgrading the kernel in the official community release?

Just a thought.

[CharlieBrady]

Additionally, I think, that SMTP Auth towards the provider is very important, and since I have written an article about SME server for a german network magazine and have searched for a solution to send mails to the provider, which - at least in Germany - are using SMTP Auth, I can state, that there is no (legally available) solution to get this to work.

The e-smith-email RPM included in 6.5beta1 includes an
an SMTP authentication proxy. The server can be configured so that qmail uses this proxy for all outgoing SMTP connections. Mitel made this software available in e-smith-email-4.15.1-06 in the devel directory on the various mirrors, and Shad has picked that version up as the basis for his work on 6.5.

Because qmail has not been modified in any way, there's no legal restriction on distribution of this solution.

As I understand it, there is no panel support for this feature. To enable it from the command line, do:

config setprop smtp-auth-proxy status enabled
config setprop smtp-auth-proxy Userid aaaaa
config setprop smtp-auth-proxy Passwd xxxxxxxxx
config set SMTPSmartHost smtp.your.isp
signal-event email-update

[marsa_matruh]

Unless the stock RH kernel supports SATA then no we don't support that yet.  When we move to RHEL4/CentOS4 then the support should be there.

-Shad

So, you are planning to move to a RHLE4 basis which is still at beta stage  

For SME 7.0?

Any roadmap?

[slords]

The e-smith-email RPM included in 6.5beta1 includes an
an SMTP authentication proxy. The server can be configured so that qmail uses this proxy for all outgoing SMTP connections. Mitel made this software available in e-smith-email-4.15.1-06 in the devel directory on the various mirrors, and Shad has picked that version up as the basis for his work on 6.5.

Because qmail has not been modified in any way, there's no legal restriction on distribution of this solution.

As I understand it, there is no panel support for this feature. To enable it from the command line, do:

config setprop smtp-auth-proxy status enabled
config setprop smtp-auth-proxy Userid aaaaa
config setprop smtp-auth-proxy Passwd xxxxxxxxx
config set SMTPSmartHost smtp.your.isp
signal-event email-update

Thanks for this update Charlie.  I saw that this was in there but wasn't sure what it was.  Glad to have some explination as to what it is doing.

-Shad

[adamperry]

Thanks to everyone for working on the new beta.  There's always a bit of glee when I see a new SME version available!  I've been using SME as my home file server for years and it's been solid as a rock.  

Also, thanks for clearing up the confusion as to who released this.  I figured this was Lycoris code before I read Greg's message.  

Though I don't use SME as anything other than a file server, I would be very interested to see more of what Dick (who has expertise in this arena from his prior development of Smoothwall) has to say with regard to specific vulnerabilities in the beta.  That's why there are betas.  Tell us more.  It seems like you could make a significant contribution here.

Why would you release a beta with known vulnerabilities ?

What are you talking about Dick?

Whenever I have released betas in the past I've always - always - had latest shipping versions of stable services in them so as then to make sure testing 1) worked 2) could be documented.

You are always talking about all these betas that you put out, but I've yet to see you contribute a single line of code to SME, ever.  

Will 6.5 include the hard work of Jesper K etc etc or is that seen as then competing with a Lycoris version that could be easily handbuilt anyway from scripts I assume Jesper will eventually modify.

First, this is not a Lycoris release, this is a community release.  Lycoris had nothing to do with this.  Shad Lords was the driving force behind getting this release out and therefore he deserves the credit.

Second, SME 6.5 includes what you see in the changelog.  Any work that was in the community that added to the "Core" OS w/o sacrificing stability was included.

Not overly impressed so far and only 15 mins into testing.

Spend more than 15min with SME 6.5.  There's alot more there than can be seen by looking at server-manager.  As I previously stated in this thread, we know this isn't an earth shattering major release.  However, it is a significant improvement of 6.0.1.  Basically, we've moved from a RH 7.3 core to a RH 9 core.  I think this will position us well for a move to a RHEL core.

Greg

[jcoleman]

Posting in these forums that this is a vulnerable release without defining those vulnerabilities in writing to security@contribs.org is the same as yelling "Tsunami!" at the beach without proof.

There has always been, and will always be, immediate attention paid to all security reports.  If you know of a vulnerability, report it.  Otherwise, posting that the distro is vulnerable is of little value to anyone and potentially scares off users who may not know better.  

So, how do you like the new iso?  

Have fun playing with it and constructive feedback is always welcome.

-jeff

[jahlewis]

What sort of testing are you hoping for?  What would be great for us users is a list of things to try out...

Like installing the contribs we are using now and reporting to the owners the problems
or restoring backups etc.

Any ideas for us?

[CharlieBrady]

.. to achieve the best support for SATA it looks like the kernel will need to be 2.4.27 or newer:

http://www.linuxmafia.com/faq/Hardware/sata.html

Many of  the features of 2.4.27 have been backported to earlier kernels. RedHat backport features all the time.

AIUI, RHEL3/CentOS3 has good support for SATA hardware. The latest RHEL kernel is 2.4.21-27.0.1.EL.

[CharlieBrady]

Hi!
In the port forwarding panel there is no hint, that port forwarding is now deactivated, when the server is in server-only mode. (which I found in the Changelog)

Port forwarding has always been deactivated in server-only mode.   It only makes any sense in server-gateway mode.

[mrjhb3]

Hi!
In the port forwarding panel there is no hint, that port forwarding is now deactivated, when the server is in server-only mode. (which I found in the Changelog)

Port forwarding has always been deactivated in server-only mode.   It only makes any sense in server-gateway mode.

This might be true, but one gets the false sense that it can be done in server-only mode because in server-manager you have the ability to create port-forwarding rules.  Whether they really take effect of not.  6.5 just now clearly states that port-forwarding isn't supported in server-only mode.

[SSBN]

I look forward to testing the new SME. Good to se people debating newest versions vs. older proven versions. We have that one in our office all the time. Proven wins most of the time. Good job guys.

[stefan24]

OK, then please tell me, why you have not updated openSSH and ZLib, ...

Why do you think these are necessary.  What research have you done to verify that the security patches haven't been backported into the current packages included.  You can't trust the version numbers to tell you if a security patch has been applied or not. (btw this is all rkhunter does)

openSSH is not listed as changed in the changelog, and yes, rkhunter complains about it. And I already said,  "I cannot check, if the security fixes have been included." Maybe you could have written that to a changelog file.

Unless the stock RH kernel supports SATA then no we don't support that yet.  When we move to RHEL4/CentOS4 then the support should be there.

OK. But please read the forums, where some users ask for S-ATA support. And I think many others have read the negative answers and are waiting for this support.

You are more then welcome to develop this support (for Auth SMTP) and suggest that it be included in the next distro.

Come on! If I could do this for myself, I won't have to ask. I can test solutions like the one from Charlie, but I tried this already with 6.01 and it did not work. I give it another try with SME 6.5.

[marsa_matruh]

So, how do you like the new iso?  

-jeff

Why so big?

6.01 ISO : 350 Mb
6.5beta1 ISO : 440 Mb

Samba 2 -> Samba 3 : 15 Mb

Missing 65 Mb.