What is this Layer42/Barracuda Spam Firewall?
I can't get my mail.
I can't send my mail.
Basic commands like ls don't work.
I can't create any files.
Can I set up virtual hosting?
FTP is turned off. How do I transfer files?
How do I prevent mail from being marked as spam?
What is my URL to see my files on the web server?
Why can't I see my files from the web server? The server says Forbidden!
What permissions/owner/group should my web directories have?
My PHP scripts don't work!
My CGI scripts don't work!
Where is htpasswd for creating Apache password files?
My pages are coming out in the wrong character set! How can I fix this?
Are new accounts being accepted?
Help! I lost my Password - can I get it reset?
I no longer need my account, how can I get rid of it?
How do I log into employees.org
Can we install a particular Perl module?
How do I configure Dreamweaver to work with SSH?
What perl should I use?
What is Mailman?
How do I create a new mailing list?
How do I delete an existing mailing list?
Can I have a MySQL Database?
Can I run MovableType on my Employees.org account?
Help! I can't find the answer to my question here!

[spamfilter] What is this Layer42/Barracuda Spam Firewall?

We have started sending all incoming mail through a Barracuda Networks spam firewall hosted at Layer42.Net. You can change your personal settings and even opt-out via the web interface. You access the spam firewall at:

https://spamfilter.layer42.net

You may get a prompt from your web-browser warning you that it does not recognize the SSL certificate for the site - this is to be expected and is OK. The certificate is through the CACert.org CA, and it contains the following fingerprints:

  SHA1: 9D F7 8B A3 D8 C0 AC 01 D4 D9 4D A6 74 16 A0 6C CB 09 6B 9D
  MD5: 19 D5 7A 0E 15 F1 FB A1 59 78 47 08 F1 42 16 01

Once you get to the login page, put your @employees.org address as the username and click the "Create New Password" button on the bottom. The new password will be E-mailed to you within a minute or two. Once you get that E-mail, you can click the URL in that message or just come back to the page above and use the password from the E-mail to login. For example:

  Username: example@employees.org
  Password:  <put password from E-mail here>

Note that this password has no relationship with your Employees.org password. It is solely used to access your Spam Filter settings.

Once you have logged in, there two tabs across the top - "QUARANTINE INBOX" and "PREFERENCES". The "Inbox" page shows mail that is being held as suspected spam. You can click on mail to confirm as spam or as not spam (which will cause it to deliver the mail to you) to help train the Bayesian filters on your account.

Clicking the "PREFERENCES" tab will show 4 more tabs below it: "Whitelist/ Blacklist", "Quarantine Settings", "Spam Settings" and "Password". From the whitelist/blacklist page you can directly enter email addresses to allow or block. In "Quarantine Settings", you can opt-out of having the messages held in quarantine by setting "Enable Quarantine" to "No". Also, you can change the notification interval on how often you are reminded about held mail from "Daily" to, say, "Never" and you will not get reminders about held mail. Many people prefer that setting.

Under the "Spam Settings" tab there is the "Enable Spam Filtering" which allows users to opt-out of spam scanning. If you find too much spam is leaking through or you are having false positive issues, you can adjust the spam scoring levels away from the system defaults on this page as well.

[mail] I can't get my mail.

See SSL-Howto.

[mailrelay] I can't send my mail.

Many ISPs (Earthlink, for one) and Companies block access to external SMTP server from their networks. This will make it impossible for you to use mail.employees.org as your outbound mail server.

You can test connectivity by doing:

    telnet mail.employees.org 25

from your operating system's command line (OS X, use "Terminal"; Windows, use "Start, Run, cmd.exe").

If connections to tcp/25 are blocked, you can either:

• send SMTP via a server inside your company or your ISP. Contact your company's IT department or your ISP's technical support for information on that server, or;
• try using willer's alternative mail submission port, 1025. Test it first using "telnet mail.employees.org 1025" and if it works, configure your mailer to use tcp/1025 on mail.employees.org

If you are using Thunderbird with IMAP, you may be running into the cached TCP connection problem. Currently, Employees.org monitors the IMAP and POP3 authentication events in the logs to determine what IP addresses are allowed to use mail.employees.org as a relay. This is why we tell you to do a Get Mail before Send Mail (this is also called pop-before-smtp). Thunderbird caches and reuses it's TCP connection, so getting new mail no longer causes a new authentication event in the logs, breaking pop-before-smtp.

Currently, the only work-around is to make Thunderbird go offline and then back online before sending mail. This will cause a new authentication event and the pop-before-smtp daemon will allow your IP address to relay mail. In the near future, we will be upgrading our SMTP server to speak STARTTLS and SMTP AUTH to allow mail relaying.

[path] Basic commands like ls don't work.

Your PATH doesn't include both /bin and /usr/bin. This wasn't required on Solaris, but is required on FreeBSD.

You can update PATH by editing either ~/.profile (if you use a shell like bash) or ~/.login (if you use a shell like csh). If you're not sure, start with .login; we default to csh. The easiest editor to use on UNIX is pico:

   pico .login

[files] I can't create any files.

Disk quotas have been turned on, with a hard quota of 150 MB. If you have more than 150 MB in your home area, you will not be allowed to create new files until you have freed up some disk space. You can find out how much disk space you are using by typing the command:

/usr/bin/quota -v

[virthost] Can I set up virtual hosting?

We don't currently have the scripts in place to take new virtual hosting requests. It will probably be a quite a while before we are ready to do this again.

[ftp] FTP is turned off. How do I transfer files?

Use ssh-based tools like scp, sftp or rsync (with ssh). On UNIX, SSH is available from OpenSSH and includes scp and sftp. For Windows, you can do ssh-based transfers with WinSCP.

Another option for Windows is FileZilla

[whitelist] How do I prevent mail from being marked as spam?

Add the sender to your whitelist. In ~/.spamassassin/user_prefs, add the following:

   whitelist_from mailinglist@example.com

Where mailinglist@example.com is the From: address for the mailinglist. You can also use whitelist_to to whitelist the To: address. More information is available in the SpamAssassin Configuration Docs.

[webhomeurl] What is my URL to see my files on the web server?

We use the Apache "UserDir" directive to point user URLs to the files. The format for this is to append a Tilde ("~") followed by the account's username to the end of the host URL. Thus the file:

  /users/joeuser/WWW/index.html

would be referenced as:

  http://www.employees.org/~joeuser/index.html

[index] Why can't I see my files from the web server? The server says Forbidden!

The Apache installation on employees.org is configured to REQUIRE an index.html (or index.php, index.cgi, etc.) in a directory to show a web page for a given URL. This means that users must take deliberate action to expose their data and are less likely to expose data by accident. Yes, this is different from the default settings used in a lot of other Apache installations.

[webperms] What permissions/owner/group should my web directories have?

We'll consider the example user example below, with the ideal (minimal) permissions.

Your /users symlink should be owned by you. It doesn't matter what group or permissions:

lrwxr-xr-x  1 example example 21 May 31 23:15 /users/example -> /export/homea/example

Your home directory should be owned by you, group owned by www and at least executable by group:

drwx--x---  40 example www 2.5K Jun 14 07:02 /export/homeaa/example/

Your WWW (and SWWW if you have one) directory should be owned by you, group owned by www, group readable and executable and setgid:

drwxr-s---  27 example www 1.5K Jun  8 18:01 WWW/

If any of these are broken, you can fix it yourself with the "webit" program located in "/usr/local/bin/". Give the directory or files you need the permissions and group ownership changed on as an argument to "webit". For example, to fix your entire WWW diretory, you would:

/usr/local/bin/webit -r WWW

and then all files and directories under WWW will have group ownership of "www" and permissions set properly for the web server to read the files in that directory.

[php] My PHP scripts don't work!

We use the suPHP apache module to run PHP as the user. On the new FreeBSD system, it requires that the directory with the script be group readable. This was not a requirement under Solaris and as a result, older accounts do not have the group-readable bit set on your WWW directory. You can reset the permissions on your account by using "webit" described above

[cgi] My CGI scripts don't work!

Make sure your CGI script ends in .cgi and outputs a valid Content-Type: header. Check the "httpd-errors.log", "httpd-access.log", "httpd-suexec.log" and "suphp.log" (if using PHP) found in the "/var/log/" directory for more information on your script action. If you see an access log entry but not an error log entry, your script is most likely doing something wrong. If you want your CGI scripts to end in another file extension, you can create a ".htaccess" in your web directory containing something along the lines of:

AddHandler cgi-script .not-a-cgi

This will then cause files ending in .not-a-cgi to be executed as CGI scripts.

[htpasswd] Where is htpasswd for creating Apache password files?

/usr/local/sbin/htpasswd

[webcharsets] My pages are coming out in the wrong character set! How can I fix this?

The server by default is sending the HTTP header::

[ Omitted due to Zope/Plone Structured Text bug! It causes Zope to change the object encoding on the fly. See the original content here ]

[newaccts] Are new accounts being accepted?

New accounts are now being accepted. The same Operating Policy as used before applies to the accounts. Be sure to read the Operating Policy. Most importantly, the total amount of disk space PER SPONSOR is 150MB.

To request a new account, use the online form at New Accounts and follow the instructions there.

[lostpassword] Help! I lost my Password - can I get it reset?

To request a password reset use the online form at Reset Password and follow the instructions there.

[nukeme] I no longer need my account, how can I get rid of it?

First off - Thank You for not just abandoning the account!

To request an account deletion, send mail to nukeme@employees.org

from either the Employees.org account or the account's sponsor.

This will be sent to the humans currently handling account deletion. You may be asked to confirm if you really want the account deleted. The "nukeme" existed before the lost password facility and many folks requesting deletion are unaware of the password reset mechanism. The majority of the deletion requests are recinded once the users learn of it.

[ssh] How do I log into employees.org

Employees.org currently consists of a single host - willers.employees.org. This is the same physical host as mail.employees.org, www.employees.org, etc as well as the A record for just plain ol' employees.org. If we start splitting services onto more hosts in the future, this situation could change. However, after 10 years the shell host will most likley still be willers.employees.org.

You need an SSH client. Most UNIX variants have a built-in one called ssh. For Windows, we recommend a free client called Putty.

It is preferred that you use the SSH v2 protocol. If you are using an old SSH client that only speaks SSH v1, be forewarned that you may see:

  Password: 
  Response: 

If you have not configured your account to use OPIE, just hit return and you will then see a prompt like:

  foo@employees.org's password:

where you can then use your Employees.Org unix password.

[perlmods] Can we install a particular Perl module?

First, make sure you're using /usr/local/bin/perl rather than /usr/bin/perl. Then, if the module still doesn't appear to be installed, contact help to request it.

[dreamweaver] How do I configure Dreamweaver to work with SSH?

This is untested, but Steve Richey has pointed out the instructions at Macromedia's site.

[perl] What perl should I use?

/usr/local/bin/perl

[mailman] What is Mailman?

Mailman is a web-based mailing list management interface.

We moved the lists from the old Willers system into Mailman. List administrators old majordomo passwords will work with the Mailman web interface. To administer your mailing list, go to the administration interface found at http://www.employees.org/mailman/admin/LISTNAME where LISTNAME is the name of your mailing list. Your mailing list subscribers can change their settings at http://www.employees.org/listinfo/LISTNAME. These URLs are in List-* headers of each message sent through the list, as well as at the message footer.

[mailing-lists] How do I create a new mailing list.

We do not currently have an automated system in place for this yet. We will be working on this after we get more fundamental services like account creation and virtual hosting going. If you want a list, you can send your request to mailman and the human behind it will create the list when they can get to it. No guarantees on how long that may be (could be weeks).

In your email, specify your preferred Mailing List address. It is better if the Mailing List name is over 8 characters in length so it won't accidentally collide with the username space. A good way to do this is to end the list name with "-list", such as "foohighschool-list@employees.org".

You also need to say who the "owner" of the list is and this MUST be an @employees.org account. You can add other E-mail addresses to administrate the list after it is created, but we need this information to track who is responsible for what mailing list.

[delete-mailing-lists] How do I delete an existing mailing list.

This is still a manual process. Send E-mail to mailman with the name of the list to be deleted. The mailman administrators will check that the request is valid by asking the list administrator of the list in question for confirmation. When confirmation is received, the mailman administrators will then delete the list.

[mysql] Can I have a MySQL Database?

We are now allowing MySQL databases again. To create yourself a database, run the "mysqlme" located in "/usr/local/bin/". The program will create a MySQL user entry for your userid and then create a database for you with the name of your userid. You can have more than one database by specifying a database name with the "-db dbname" option. A database will then be created called "userid_dbname".

For example, if userid "john" wanted to create a second DB for his account to hold recipies, he could type:

/usr/local/bin/mysqlme -db recipies

and the program would create a new database named "john_recipies" with userid "john" having appropriate rights.

If you forget your userid's mysql password, you can force a reset of it with the program "mysqlpwr".

[movabletype] Can I run MovableType on my Employees.org account?

Yes, if you use version v3.14 or greater of MovableType. On Dec. 15th, 2004,

Employees.org was brought to a crawl by Comment Spammers attacking the comment facilities of MovableType. As a result, any installation of MovableType on employees.org MUST be version 3.14 or later. Details on MT3 can be found here:

MovableType 3.14

MT3 is now free for personal, limited use. See the "Limited Free Version" available here:

MT pricing

Note that tricks like renaming mt-comments.cgi in older MovableType installations no longer work as the Comment Spammers have taught their tools to scrap pages to find the new CGI script name. At this point, we must insist on upgraded installations.

If you have an old MT installation that you no longer care about, please delete it.

[help] Help! I can't find the answer to my question here!

There is a mailing list of highly experienced employees.org users that have a broad variety of expertise that can help with your questions. Send mail to help@employees.org with as much detail of your question as possible. Note that the list has a limit on the size of mail it will accept. Rather than send long files, such as log entries, you should save them to a file in your personal web space (under WWW/) and mail a link to the file in your message.