Table of Contents
What is this IronPort Spam Firewall?
All incoming mail is processed by an IronPort spam firewall. It is configured to drop incoming mail that it determines is spam, and to mark messages it suspects are spam. If you would prefer, instead, that it tag and deliver your spam, please email a request to admin.
I can't get my mail.
You can configure your email client (Thunderbird, Outlook, Mail, etc.) to use either:
- IMAPS to mail.employees.org port 993 (also called "IMAP with TLS")
- POP3S to mail.employees.org port 995 (also called "POP3 with TLS")"
I can't send my mail.
Configure your mail user agent (Thunderbird, Outlook, etc.) to use mail.employees.org port 25, with TLS and "plain" authentication, using your username and password. Only your username needs to be specified (not @employees.org).
Many ISPs (Earthlink, for one), companies, and some hotels block access to external SMTP server from their networks. This will make it impossible for you to use mail.employees.org as your outbound mail server.
You can test connectivity by doing::
telnet mail.employees.org 25
from your operating system's command line (OS X, use "Terminal";
Windows, use "Start, Run, cmd.exe").
If connections to tcp/25 are blocked, you can:
- Try using our alternative mail submission ports, 465, 587 or 1025. Test it first using 'telnet mail.employees.org 1025' or 'telnet mail.employees.org 587' and if it connects, configure your mailer to use that port. The TCP/587 port requires TLS and STARTTLS; the TCP/1025 port requires STARTTLS.
- (less preferred) send SMTP via a server inside your company, or send SMTP via your ISP's mail server. Contact your company's IT department or your ISP's technical support for information on that server. This is less preferred because it will be impossible for your email to be signed by DKIM using this method, increasing the likelyhood it will be rejected by the recipient's system.
Basic commands like 'ls' don't work.
Your PATH doesn't include both '/bin' and '/usr/bin'. This wasn't required on Solaris, but is required on FreeBSD.
You can update PATH by editing either '~/.profile' (if you use a shell like bash) or '~/.login' (if you use a shell like csh). If you're not sure, start with .login; we default to csh. The easiest editor to use on UNIX is pico::
I can't create any files.
Disk quotas have been turned on, with a hard quota of 150 MB. If you have more than 150 MB in your home area, you will not be allowed to create new files until you have freed up some disk space. You can find out how much disk space you are using by typing the command::
Can I set up virtual hosting?
Yes, please email your request to admin
FTP is turned off. How do I transfer files?
What is my URL to see my files on the web server?
We use the Apache "UserDir" directive to point user URLs to the files. The format for this is to append a Tilde ("~") followed by the account's username to the end of the host URL. Thus the file::
would be referenced as::
would be referenced as::
Why can't I see my files from the web server? The server says Forbidden!
The Apache installation on employees.org is configured to REQUIRE an index.html (or index.php, index.cgi, etc.) in a directory to show a web page for a given URL. This means that users must take deliberate action to expose their data and are less likely to expose data by accident. Yes, this is different from the default settings used in a lot of other Apache installations.
What permissions/owner/group should my web directories have?
At the bottom of this section are instructions for using webit, which will adjust permissions.
The web server accesses your files using file system ACLs, which is indicated by a "+" in the directory permissions.
This is an explanation of the ideal permissions for the user example. These are the minimal permissions necessary.
Your /users symlink should be owned by you. It doesn't matter what group or permissions:
> ls -lad /users/example
lrwxr-xr-x 1 example example 21 May 31 23:15 /users/example -> /export/homea/example
Your home directory should be owned by you, group owned by you, and at least executable by group, and have an ACL ("+"). Your WWW directory (and SWWW directory, if you have one) should be owned by you, group owned by you, group readable and executable, and have an ACL ("+"). The ACL can be viewed with the getfacl command, and should be the same for both your top-level directory and the WWW directory itself:
> # your home directory
> ls -lad /export/homeaa/example
drwx--x---+ 40 example example 2.5K Jun 14 07:02 /export/homeaa/example
> # your WWW directory
> ls -lad /users/example/WWW
drwxr-x---+ 27 example example 1.5K Jun 8 18:01 WWW/
> getfacl ~/WWW
# file: /home/example
# owner: example
# group: example
If any of these are broken, you can fix it yourself with the webit program located in "/usr/local/bin/". As its parameter, give webit the directory or files you need the permissions and group ownership changed on as an argument to webit. For example, to fix your WWW and SWWW directories, enter the commands:
> /usr/local/bin/webit -R ~/WWW
> /usr/local/bin/webit -R ~/SWWW
My PHP scripts don't work!
We use the suPHP apache module to run PHP as the user. On Banjo, it requires that the directory with the script be group readable. This was not a requirement under Solaris and as a result, older accounts do not have the group-readable bit set on your WWW directory. You can reset the permissions on your account by using webit described above
My CGI scripts don't work!
Make sure your CGI script ends in .cgi and outputs a valid Content-Type: header. Check the files
/var/log/httpd/employees.org-error_log /var/log/httpd/employees.org-access_log /var/log/httpd-suexec.log
for more information on your script action. If you see an access log entry but not an error log entry, your script is most likely doing something wrong. If you want your CGI scripts to end in another file extension, you can create a ".htaccess" in your web directory containing something along the lines of:
AddHandler cgi-script .not-a-cgi
This will then cause files ending in .not-a-cgi to be executed as CGI scripts.
Where is htpasswd for creating Apache password files?
My pages are coming out in the wrong character set! How can I fix this?
[Omitted due to a Zope/Plone Structured Text bug that causes Zope to fail when the normal text of this entry is saved. Sigh....
Zope/Plone is really powerful. And it's about gotten to the point of power where it is completely unusuable....]
Are new accounts being accepted?
New accounts are now being accepted. The same Operating Policy as used before applies to the accounts. Be sure to read the Operating Policy. Most importantly, the total amount of disk space PER SPONSOR is 150MB.
Create a new account by clicking here.
Help! I lost my Password - can I get it reset?
To request a password reset use the online form at Reset Password and follow the instructions there.
I no longer need my account, how can I get rid of it?
First off - Thank You for not just abandoning the account!
To request an account deletion, send mail to firstname.lastname@example.org from either the Employees.org account or the account's sponsor.
This will be sent to the humans currently handling account deletion. You may be asked to confirm if you really want the account deleted. The nukeme existed before the lost password facility and many folks requesting deletion are unaware of the password reset mechanism. The majority of the deletion requests are rescinded once the users learn of it.
How do I log into employees.org
Employees.org currently consists of a single host - cowbell.employees.org. This is the same physical host as mail.employees.org, www.employees.org, etc., as well as the A record for just plain ol' employees.org. If we start splitting services onto more hosts in the future, this situation could change. However, after 10 years the shell host will still be employees.org.
To login, you need an SSH client. Most UNIX variants have a built-in one called *ssh*. For Windows, we recommend a free client called Putty
It is preferred that you use the SSHv2 protocol. If you are using an old SSH client that only speaks SSHv1, be forewarned that you may see:
If you have not configured your account to use OPIE, just hit return and you will then see a prompt like:
where you can then use your Employees.Org unix password.
Can we install a particular Perl module?
First, make sure you're using '/usr/local/bin/perl' rather than '/usr/bin/perl'. Then, if the module still doesn't appear to be installed, contact help to request it.
How do I configure Dreamweaver to work with SSH?
This is untested, but Steve Richey has pointed out the instructions at Macromedia's site.
What perl should I use?
What is Mailman?
Mailman is a web-based mailing list management interface.
To administer your mailing list, go to the administration interface found at http://www.employees.org/mailman/admin/*LISTNAME* where *LISTNAME* is the name of your mailing list. Your mailing list subscribers can change their settings at http://www.employees.org/listinfo/*LISTNAME*. These URLs are in List-* headers of each message sent through the list, as well as at the message footer.
How do I create a new mailing list.
Send your request to admin and the human behind it will create the list when they can get to it. No guarantees on how long that may be (could be weeks).
In your email, specify your preferred Mailing List address. It is better if the Mailing List name is over 8 characters in length so it won't accidentally collide with the username space. A good way to do this is to end the list name with "-list", such as "email@example.com".
You also need to say who the "owner" of the list is and this MUST be an @employees.org account. You can add other E-mail addresses to administrate the list after it is created, but we need this information to track who is responsible for what mailing list.
How do I delete an existing mailing list.
Send E-mail to admin with the name of the list to be deleted. The mailman administrators will check that the request is valid by asking the list administrator of the list in question for confirmation. When confirmation is received, the mailman administrators will then delete the list.
Can I have a MySQL Database?
We are now allowing MySQL databases again. To create yourself a database, run the mysqlme located in "/usr/local/bin/". The program will create a MySQL user entry for your userid and then create a database for you with the name of your userid. You can
have more than one database by specifying a database name with the "-db dbname" option. A database will then be created called "userid_dbname".
For example, if userid john wanted to create a second DB for his account to hold recipes, he could type:
/usr/local/bin/mysqlme -db recipes
and the program would create a new database named john_recipes with userid john having appropriate rights.
If you forget your userid's mysql password, you can force a reset of it with the program "mysqlpwr".
Can I run MovableType on my Employees.org account?
Yes, if you use version v3.14 or greater of MovableType. On Dec. 15th, 2004, Employees.org was brought to a crawl by Comment Spammers attacking the comment facilities of MovableType. As a result, any installation of MovableType on employees.org MUST be version 3.14 or later. Details on MT3 can be found here:
MT3 is now free for personal, limited use. See the "Limited Free Version" available here:
Note that tricks like renaming mt-comments.cgi in older MovableType installations no longer work as the Comment Spammers have taught their tools to scrape pages to find the new CGI script name. At this point, we must insist on upgraded installations.
If you have an old MT installation that you no longer care about, please delete it.
In an effort to reduce the CPU load caused by spammers, we restrict POSTs using various mechanisms. This shouldn't affect legitimate MovableType users or legitimate commenting, but if it does please send email to admin with the IP address and date/time (Pacific Time) of the legitimate user.
Help! I can't find the answer to my question here!
There is a mailing list of highly experienced employees.org users that have a broad variety of expertise that can help with your questions. Send mail to firstname.lastname@example.org with as much detail of your question as possible. Note that the list has a limit on the size of mail it will accept. Rather than send long files, such as log entries, you should save them to a file in your personal web space (under WWW/) and mail a link to the file in your message.