Netscape Messaging Server 4.15
Patch 1

Last update: April 07, 2000


These release notes contain important information about Netscape Messaging Server 4.15 Patch 1. Please read these notes before using the product.

Important: Messaging Server 4.15 Patch 1 is available in two versions; a patch version and a complete version. The complete version of Messaging Server 4.15 Patch 1 can be installed on top of any previous Messaging Server release; the patch version can only be installed on top of Messaging Server 4.15. If you are running a Messaging Server earlier than 4.15 and you want to install the patch version of Messaging Server 4.15 Patch 1, you must first upgrade to version 4.15 before upgrading to version 4.15 Patch 1.

Messaging Server 4.15 Patch 1 is available for the following platforms (refer to the Messaging Server Tuning Guide for required and recommended patches):

  • Solaris 2.6 for Sparc with required patches
  • HP-UX 11.0 with required patches
  • Windows NT 4.0 SP4
  • IBM AIX 4.3.2 with recommended patch
  • Tru64 Unix 4.0d
  • Red Hat 6.0 (Linux 2.2)

For Messenger Express access, Messaging Server 4.15 Patch 1 requires a Javascript-enabled browser. For optimal performance, Netscape recommends using the following browsers:

  • Netscape Navigator 4.7 or later
  • Internet Explorer 5.0 or later

For information on installing Netscape Messaging Server 4.15 Patch 1, see http://docs.iplanet.com/docs/manuals/messaging/nms41/install/contents.htm.

These release notes contain the following sections:

What's New in this Release

Netscape Messaging Server 4.15 Patch 1 enables ESPs and ISPs to quickly build business-grade messaging services for conducting communication and commerce with entire communities of employees, partners, suppliers, and customers.

Features

Features of Messaging Server 4.15 Patch 1 include:

  • Personal Address Book support on Solaris.
  • Authenticated SMTP for Messenger Express.
  • Mailstone support for Messenger Express.
  • An improved UI for Mailstone.

Features of Messaging Server 4.15 include:

  • Support for multiple platforms.
  • U.S. domestic security support with Federal Information Processing Standard (FIPS) 140a.
  • Messaging Multiplexor (MMP) support of SSL, which enables offloading SSL handling from a Messaging Server to an MMP.
  • Mailstone, a stress-testing tool that lets system administrators determine Netscape Messaging Server capacity by testing how the server performs under heavy loads.
  • Messenger Express - an integrated email interface to Netscape Messaging Server. Specific features of Messenger Express include:

    • High Scalability for support of millions of users
    • Highly customizable and extensible
    • Advertising enabled
    • Core email service feature support, including:

      • Automatically create Inbox, Drafts, Sent, and Trash folders at first login
      • View messages headers; sort by date, from, size, subject, or type (new/read)
      • View received message; reply, reply all, forward
      • Search for message within folder using the subject, from, body, or to fields
      • Compose message, allow attachments, add recipients from LDAP search, set priority, return receipts
      • Folder management, create, delete, rename
      • Account summary: display email address, mailbox quota limit, current disk consumption
      • Personal information settings: passwords, preferred language, reply to email address, vcard, text signature, forward email information, vacation message
      • Other settings: Number of messages per page, delete style (IMAP style or trash style), purge deleted messages on logout, save copy of sent messages, save messages for draft, message display wrap, set color scheme, set toolbar (icons & text, icons only, text only), display font, font size
      • POP collection allows users to collect messages from remote mailboxes and store them in a selected folder

New Configuration Options

A variety of new configuration options have been added to provide additional flexibility and workarounds to known problems.

Note: After you set or change a parameter, be sure to stop and start (MTA) or refresh (IMAP, POP, HTTP) the service.

  • Messenger Express now supports sending authenticated SMTP messages. (383050)

    The following parameters have been added:

    local.service.http.smtpauthuser
    local.service.http.smtpauthpassword

    These parameters allow someone using Messenger Express to receive the same authenticated SMTP messages that they would normally receive using Netscape Communicator.

    For this to work properly, the user ID and password given to the mshttpd must be a store administrator; they must exist in the store.admins list (for example, admin and admin).

    After setting these parameters, any mail received from a local user should have the word "Internal" appearing next to the From header in the Message View window.

  • The Resent-From header is always added when a message is expanded from a mailing list. (381555)

    The following parameter has been added to give you the option of modifying this behavior:

    local.service.smtp.smtp-router.addresentfrom

    When this parameter is set to no, and a message is submitted to a group, the recipients of that message will not see the Resent-From header. In all other cases, the Resent-From header will appear.

  • MTA Throttling. (386272)

    The following parameter has been added to adjust MTA throttling:

    local.service.smtp.throttlethreshold

    Once the control queue is over 2000 messages, the server starts to throttle back the speed with which it accepts incoming connections. This makes it more difficult to grow the queue to an overwhelming number of messages.

    If you set the throttle level too high, the accept rate will overwhelm the ability of the server to deliver all the messages it accepts.

    The local.service.smtp.throttlethreshold parameter defines the throttle level. There is no default value; the internal value is 2000.

    This parameter defines the maximum number of messages that will be processed at one time.

  • Raw 8-bit header causes Javascript errors in Messenger Express. (367500, 368796)

    To avoid these errors, you can set the following parameters:

    local.rfc822header.fixlang
    local.rfc822header.fixcharset
    local.rfc822header.allow8bit

    The fixlang parameter specifies the two-letter language ID (for example, ko for Korean). This parameter must be used in conjunction with the fixcharset parameter, which specifies the character set name (for example, EUC-KR). Setting these two parameters causes Messenger Express to lose its multilingual capability, but it will avoid the Javascript errors that result from setting the allow8bit parameter.

    If the local.rfc822header.allow8bit parameter is set to no then any 8-bit data encountered in a header is displayed as ?. If this parameter is set to yes then headers are run through a validity checker so that valid 8-bit characters can be displayed intact and invalid characters are shown as ?.

    These parameters should be modified only under special circumstances. Contact Technical Support for assistance.

  • Configurable received header required for High Availability or other multi-instance environments where you want to know which server is handling the mail. (383012)

    The following parameter has been added:

    local.service.smtp.smtp-accept.receivedcomment

    The string can have a mixture of text and the positionally-dependant arguments (each %s). For example:

    Field 1: Product Name      "Netscape Messaging Server"
    Field 2: Product Version   "4.15"

    Thus, a default release build received header looks similar to the following:

    Received: from netscape.com ([207.1.151.156]) by <host>.<domain>.com
              (Netscape Messaging Server 4.15 Patch 1) with ESMTP id FOM48800.N00 for
              <user@netscape.com>; Wed, 19 Jan 2000 18:28:56 -0800

    Setting the local.service.smtp.smtp-accept.receivedcomment configuration parameter as follows:

    # ./setconf local.service.smtp.smtp-accept.receivedcomment "AOL-%s v%s msg-system1"

    produces received headers similar to the following:

    Received: from netscape.com ([207.1.151.156]) by <host>.<domain>.com
              (AOL-Netscape Messaging Server v4.15 Patch 1 msg-system1) with
              ESMTP id FOM6N700.S00 for <user@netscape.com>;
              Wed, 19 Jan 2000 19:21:07 -0800

    The parameter will be truncated to a max of 200 characters. You could even configure the parameter as "" and you should get the minimal received comment of ().

    There are a few related extensions to the Protocol plugin properties:

    SMTP_PPP_RECEIVEDCOMMENT: overrides comment per-connection
    SMTP_PPP_PRODUCTNAME:     read-only access to the product name
    SMTP_PPP_PRODUCTVERSION:  read-only access to the product version
    SMTP_PPP_INSTANCENAME:    read-only access to the server instance name
             
  • The service.listenaddr parameter prevents sendmail from listening to the localhost SMTP socket. (382098)

    The following parameters can be set to solve this problem:

    local.service.sendmail.port
    local.service.sendmail.listenaddr

    For the port number, sendmail looks first for the value defined by local.service.sendmail.port (for example, 25). If this is not set, then it looks for the value defined by service.smtp.port, then for the smtp/tcp port number. If none of these is set, it defaults to 25.

    To find the listen address, sendmail looks first for the value defined by the local.service.sendmail.listenaddr parameter (for example, localhost). If this is not set, then it looks for the value defined by service.listenaddr. If neither is set, then it defaults to localhost.

  • The MTA can leave deferred message bodies in the messages directory without references to the original messages. (382456)

    Due to a race condition, deferred message bodies could be left in the messages directory without references to the original. This problem is fixed, and a configuration parameter is also available for tuning this.

    The service.smtp.fileretry parameter is used to specify the number of times to retry internal renaming of a file before concluding an error exists. There is no default value; the internal value is 30.

  • In Messenger Express, a "File too large" message may appear after a large file is uploaded. (382477)

    The service.http.maxpostsize parameter defines the maximum size of an HTTP POST that the server will accept. The default value is 5MB.

    If the file to be uploaded is larger than the value defined by service.http.maxpostsize, the server will upload no more than that specified amount before returning the File too large error message.

  • Turning off the MTA's DNS cache.

    DNS caching by the MTA can be turned off if you wish to have more control over the DNS behavior. To turn off the MTA's DNS cache, set the service.smtp.dnscachesize parameter to -1.

    An entry in the log will show that the DNS cache was disabled.

  • Skipping the LDAP query in the MTA (useful for out-going mail relays). (379424)

    To skip the LDAP query in the MTA, you can set the service.smtp.smtp-router.remotemaildomains parameter. For example, setting it to *.siroe.com makes the server treat <everything>.siroe.com as remote and skip the LDAP lookup on them. Setting the service.smtp.smtp-router.remotemaildomains parameter to an asterisk (*) character makes the server treat everything as remote.

    Any regular expresion can be used to set this parameter; for example, you could set the value to (*.siroe.com && *.company22.com) to make these addresses remote.

  • Fallback host for the MTA. (379426)

    To define a "host of last resort" for the MTA, set the service.smtp.smtp-deliver.fallbackhosts to a list of x:y separated by $ as the delimiter. x represents the pseudo-regular expression specifying the domain and y represents the host name or IP address.

    If y has multiple IP addresses, they are treated as the lowest priority MXs by the name server. If the "real" MXs for the domain are dead, then these pseudo MX IP addresses float to the top and stay there for the duration of the TTL.

    If you set this parameter to *.<host>, then all deferred mail is forwarded to <host>.

Fixes in Messaging Server 4.15 Patch 1 since 4.15

A variety of fixes have been made to bring 4.15 Patch 1 up to date with the fixes also made in 4.05 Patch 1 and 4.1 Patch 2, as well as fixes specific to 4.15.

These include:

  • CERT Security Advisory CA-2000-02 - Messenger Express script vulnerability (384446)

    The CERT advisory at http://www.cert.org/advisories/CA-2000-02.html describes two methods of attack whereby an e-mail may contain malicious HTML tags or scripts based on unvalidated input and/or from untrustworthy sources.

    The Messenger Express function of Messaging Server 4.15 was vulnerable to one of these methods whereby it allowed tags such as <IMG>, <APPLET>, <OBJECT> and <EMBED> to be embedded in e-mail. This fix is that these tags are now stripped, along with previously stripped tags of <SCRIPT> and "onHandlers".

  • Security Advisory - buffer overflow vulnerability (365955)

    The ISS X-Force found a potential security vulnerability in the Netscape Enterprise and FastTrack web servers which also affects the Messenger Express function of the Messaging Server. The details are described at http://xforce.iss.net/alerts/advise37.php3.

    This vulnerability has been fixed in Messaging Server 4.15 Patch 1.

  • service.listenaddr parameter is not obeyed on Windows NT (367548)

    Messaging Server 4.15 on Windows NT did not obey the service.listenaddr parameter for binding to a particular IP address. This is fixed in 4.15 Patch 1.

  • Forcing SMTP Authentication with AuthMailDomains didn't work (364925)

    Messaging Server 4.15 Patch 1 fixes a case where setting the service.smtp.authmaildomain parameter did not force SMTP authentication with those domains.

    The parameter is set using one of the following methods:

      ./setconf service.smtp.authmaildomain "xxx. 0.0.0.0"
      (with a tab between the xxx. and 0.0.0.0 values).
    or
      ./configutil -o service.smtp.authmaildomain -v - < tabfile
      (where tabfile is a file containing tab-separated entries).

    The message returned to the sender appears as:

      Your message was rejected by mail-host for the following reason:
        Authentication required for this domain

  • SMTP daemon process growth fixes:
    • process growth if local part of recipient address > 50 characters (381297)
    • process growth due to internal buffers failing to be freed (384075)
    • process growth in UBE filter (381300)
    • DupMessage() leaks in PostAccept/PreDeliver plugins (384590)
    • DNS lookup failure or misconfigured DNS causes process growth (381303)
    • process growth if headers contain \r\n<LWSP> (381736)
    • process growth during DSN processing (381701)
    • memory exhaustion if message contains bad MIME separation tags (383686)
    • memory growth if mailbox-deliver fails to append a message repeatedly (385256)

    Messaging Server 4.15 Patch 1 fixes several problems with inappropriate process growth by the SMTP daemon. Note: none of these are related to load capacity.

  • MTA queueing fixes:
    • race condition during deferred message processing (382456)
    • mailq reporting runs out of file descriptors (364238, 369807)
    • envelope rewriting shouldn't quote uid's with . (RFC compliance) (384892)
    • queue processing (mailq) could dereference a NULL pointer (381492)
    • queue throttling parameter added for MTA (386272)

      An MTA queue throttling parameter has been added. See New Configuration Parameters for more information.

    Messaging Server 4.15 Patch 1 fixes several issues with queueing behavior of the SMTP daemon.

  • MTA stability fixes:
    • crash when doing DNS lookups and the nameserver timed out (370941)
    • parser crashed if large malformed message (356432, 383686)
    • heap corruption during long Received: header construction (383012)
    • failure during second message of a session is sent with good, bad and deferred recipients (384340)

      Normally, only one message is sent during a session, but it was possible that the MTA would fail if more than one message was sent during a single session, and there were good, bad and deferred recipients in the second message.

    • failure due to internal buffer overrun (381354)

    Messaging Server 4.15 Patch 1 fixes several stability problems when handling bad/malformed messages and dealing with network failure conditions.

  • regular expression messages output to stderr (387574)

    If a recipient contained an address of:

    rcpt to: <"you.there"@ace.domain>

    You will receive an error message to stderr:

    Regular expression error -- compile aborted. Reason:
        Regular expression terminated prematurely.
        The erroneous expression is '\\'.

    In 4.15 Patch 1 this is fixed so that this particular recipient format doesn'tcause an error, and all other regular expression parsing error messages will go to the smtp log.

  • after first authentication in an MTA session, the AUTH state is lost and ignored (381454)

    If multiple messages are sent through a single session of the MTA, the authentication state is lost and ignored after the first message.

  • headers aren't rewritten properly when mail forwarding addresses are set (370855)
  • service.smtp.defaultdomain was not always used for address completion (370136)

    The service.smtp.domain configuration parameter was sometimes used rather than service.smtp.defaultdomain for address completion.

  • EHLO protocol command only used if receiving MTA displays ESMTP in banner (384127)
  • illegal syntax in a SMTP header could cause rewrite looping (369127)
  • RFC 822 allows | (pipe) characters in addresses (387147)

    Previously this was considered a short-hand for invoking a program delivery, and was not supported, but that is not a problem with the Messaging Server 4.x and the RFC compliance issue has been fixed.

  • $ in greeting message text shows up incorrectly (363925)

    If you included a $ in your greeting message text, it now shows up as a $, rather than a /25 in the message that is delivered to the mailbox.

  • Default message sync level changed to sync after new messages (367509)

    Messaging Server 4.15 Patch 1 changes a case where the default message sync level on the file system was not doing an explicit fdatasync() after each new message in the queue.

  • program delivery didn't work on anything other than port 25 (386488)
  • log shows the SMTP daemon is listening on port 0 even though it listens on port 25 (369684)
  • configurable received header comments needed for HA and multiple instance configurations (383012)

    See New Configuration Parameters for more information.

  • suppress addition of Resent-From: header on list expansion (381555)

    See New Configuration Parameters for more information.

  • UBE and plugin fixes:
    • memory leak in UBE filter (381300)
    • DupMessage() fails in PostAccept/PreDeliver plugins (384590, 388305)
    • fix a problem with the Pre-SMTP-Deliver plugin API which could cause SMTP daemon failure (383322)
    • hide domains plugin could get into an infinite loop (349599)
    • antirelay plugin incorrectly truncated a log error message (380375)
    • antirelay plugin fails if white space exists between the protocol text RCPT TO and : (381967)
    • failure if greater than 1024 lines in UBE filter configuration file (365578)

      This limitation has been raised to 10000 lines. If this many lines of filtering are needed, it's suggested that a plugin be used instead.

    Messaging Server 4.15 Patch 1 fixes several issues with regard to the Unsolicited Bulk E-mail filtering and plugins.

  • HTTP service (mshttpd, Messenger Express) fixes:
    • unnecessary inserted boundary marker caused headers to disappear (369684)
    • vertical display of mail alternate addresses in Account Summary (388202)
    • saving JPEG files results in default filename as attach.msc (368005)
    • using Collect External Mail causes POP3 Communication Failure JavaScript errors (380031)
    • mshttpd failure occurs if nswmExtendedUserPrefs is empty (384914)
    • session database corruption causes mshttpd failure (384915)
    • memory corruption parsing headers with unmatched parentheses (370770, 378747)
    • vCard would fail to display on MacOS with Navigator (366862, 378906)
    • when converting leading spaces/tabs to &nbsp;, mshttpd could truncate messages (384691)
    • on-line help displayed an almost empty window (358361)
    • remove default URLs (Switchboard, Bigfoot) from lookup list (383045)

      No response is received from searches of the Switchboard and Bigfoot address book services. This fix removes them from the search list.

    • With Users and Groups Directory replicated, changes to the user preferences take time to propagate to replicas (368971)
    • Messenger Express now supports AUTH SMTP (383050)

      See New Configuration Parameters for more information.

    • File too large error when service.http.maxpostsize is exceeded (382477)

      The default maximum size of a message that can be attached during composition is 32K and is configurable with the parameter service.http.maxpostsize.

    Messaging Server 4.15 Patch 1 fixes many stability and display problems for the HTTP service.
  • Store service (stored) fixes:
    • stored looping (383377)

      In some situations, the stored may end up looping. This can be seen by running the command:

        stored -v -v -1

      Since this is supposed to only pass through the database once, if you see the same entry being processed, then looping is occuring.

    • stored failure during recovery (385901)

      If one of the services core dumps and leaves a mismatched set of opens and closes, then it's possible that stored will fail during recovery.

    Messaging Server 4.15 Patch 1 fixes some rare stability problems for the Store service.

  • IMAP service (imapd) fixes:
    • Messages with bad internal date values can cause imapd failure (386867)

      A message fetched during an IMAP session having an internal date prior to 1980 may cause imapd to fail. In 4.15 Patch 1, the offending message will have a log entry output instead of failing.

  • Mail Multiplexor (MMP) fixes:
    • MMP stops responding after a few hours on Windows NT (379498)
    • ImapProxy using SSL will hang due to asynchronous writes (381111)

  • Utilities (mboxutil, MoveUser, upgrade, serverstart) fixes:
    • deliver utility -F option fails to work (381927)

      See Potential Problems and Solutions for more information.

    • MoveUser utility fails to handle folders with " (double quotes) (367485)
    • mboxutil -r fails to move folders to different partitions on Windows NT (381674)
    • mboxutil -k fails with unknown code 255 on Windows NT (358593)

      When mboxutil -k is run on Windows NT with an invalid command referenced, an error message is output:

         Unknown Code ____ 255

      In 4.15 Patch 1, mboxutil -k will return an error code of the form:

         No such file or directory

    • serverstart utility did not support service.listenaddr properly (349579)
    • upgrade utility mangled Japanese folder names (379008)
    • sendmail ignored the service.listenaddr and service.smtp.port values (382098)

      The sendmail utility would use localhost and port 25 by default. Now sendmail not only supports the service.listenaddr and service.smtp.port configuration parameters, but to handle multiple instances of the messaging server, it also supports new configuration parameters:

          local.service.sendmail.port
          local.service.sendmail.listenaddr

      See New Configuration Parameters for more information.

  • Internationalization (I18N) and Localization (L10N) fixes:
    • with preferred language set to Japanese, user is unable to relogin to Messenger Express (370739)
    • upgrade utility mangled Japanese folder names (379008)
    • with preferred language set, Netscape could fail (368968, 385666)

      If the preferred language is set to a language that Messenger Express does not have language support for, the JavaScript could cause Navigator to fail.

      Messenger Express has been required that the user logout and login again to force preferred language changes to avoid this problem.

    • hard-coded English strings exist in the enduser user interface (367823, 369245, 381131)
    • Administration Console Chinese language settings were incorrect. (368103)

      Instead of:

         userPage-zh=Chinese

      the proper values are referenced in 4.15 Patch 1:

         userPage-zh-CN=Chinese/China    userPage-zh-TW=Chinese/Taiwan

    • raw 8-bit header causes JavaScript errors (367500, 368796)

      See New Configuration Parameters for more information.

Personal Address Book

Overview

The Personal Address Book enables users to manage their personal address book entries including people and groups, and address to these entries when composing mail messages.

Note: Personal Address Book is only supported on Solaris.

Users can create, edit, or delete entries and groups in the address book.

From the Messenger Express main window, a user can click on the Addresses tab to go to the address book window, from which the following operations are available:

  • Create a new address book entry (either a person or a group). After selecting the object you want to create, a new window prompts the user to enter the corresponding attributes (for example, first name, last name, address, phone numbers, etc.). A newly created entry is put into the default address book.
  • Delete an address book entry (either a person or a group). Deleting a group does not delete all of its members; only the specified group.
  • Edit an address book entry (either a person or a group). A window lists all the attributes of the selected object and the user can modify them as necessary. In the case of a group, there is a mechanism to allow users to select from current and potential members.

Installation

If you do not already have Messaging Server 4.15 Patch 1 installed, refer to the installation instructions provided at http://docs.iplanet.com/docs/manuals/messaging/nms41/install/contents.htm.

Note: The Messaging Server 4.15 Patch 1 installs the bits for the Personal Address Book but does not perform any configuration. In order to run the personal address book, you must do the following after successfully installing Messaging Server 4.15 Patch 1:

  1. Run the pabinst.pl script to configure the Personal Address Book.
  2. Run dssetup to configure the Directory Server for the Personal Address Book.

Configuring the Personal Address Book

The perl script pabinst.pl is located in the <serverroot>/bin/msg/install/bin directory. You can run perl with this script and the -d option as follows:

# <serverroot>/install/perl <serverroot>/bin/msg/install/bin/pabinst.pl -d <serverroot>

You will be asked the following series of questions. Answer them as instructed:

  • Do you want to (re)configure the Personal Address Book service (yes|no) [no] ?

    Enter yes to configure the Personal Address Book; enter no or press Return if you do not want to continue with the configuration.

  • Personal Address Book Directory Server Host name [<hostname>.<domain>] :

    Enter the hostname of the Directory Server that will be the server for the Personal Address Book or press Return to accept the default.

  • Personal Address Book Directory Server port [<port_number>] :

    Enter the LDAP port of the Directory Server or press Return to accept the default.

  • Personal Address Book Directory Server Base DN [o=<base DN>] :

    Enter a new base DN in the format o=<base DN> (for example, o=pab), or press Return to accept this default value.

    Important: The base DN you specify here must match the base suffix you specify when running dssetup.

  • Bind DN [admin] :

    Enter cn=directory manager (or equivalent) or press Return to accept the default. Using the default bind DN and the base DN of o=pab as an example, the bind DN is set to uid=admin, o=pab.

    Important: The bind DN you specify here must match the Users/Groups Administrator's UID you specify when running dssetup.

  • Password:

    Enter the bind DN's password.

    Important: The password you specify here must match the Users/Groups Administrator's password you specify when running dssetup.

    Warning: If directory manager is used as the bind DN, the directory manager password you specify is exposed as ASCII text in the local.service.pab.ldappasswd parameter. Users can view this password with the configutil utility. Thus, it is recommended that ordinary users not be granted access to the directory that can access this parameter.

  • Personal Address Book Maximum Number of Entries [500] :

    Enter the maximum number of Personal Address Book entries or press Return to accept the default.

    After entering this information, the LDAP URL and Bind DN are displayed. For example:

    Summary of selections:
    PAB LDAP URL: ldap://<directory_server_hostname>:<directory_server_port>/o=pab
    PAB Bind DN: cn=directory manager
    Maximum Number of Entries: 500

    Then, you are asked if you want to continue with the configuration:

  • Continue PAB configuration with the above selections [yes] ?

    Answer yes or press Return to accept the default if you want to continue with the configuration. Otherwise, answer no.

    The Personal Address Book server is configured with the input values you specified.

  • The Messaging Server must be restarted for these settings to take effect. Restart now [yes] ?

    Answer yes or press Return to accept the default if you want to restart the messaging (mshttpd) service. Otherwise, answer no.

Configuring the Directory Server for the Personal Address Book

After you have run the pabinst.pl script to configure the Personal Address Book, you should run the dssetup utility to configure the Directory Server for the Personal Address Book. To obtain the dssetup executable, untar the dssetup.tar file:

# tar -xvf dssetup.tar

Note: The dssetup utility can also be downloaded separately from the Messaging Server 4.15 Patch 1 archive file. If you downloaded the archive dssetup-4.15p1.tar.gz file, you should uncompress this file first, then untar the dssetup.tar file contained within it. The dssetup version you need will be located in the SunOS5.6 subdirectory:

# gunzip dssetup-4.15p1.tar.gz
# tar -xvf dssetup-4.15p1.tar

After all the files are extracted, update the Personal Address Book schema by running dssetup (either from the /msg or /SunOS5.6 subdirectories) on the machine where the Directory Server is installed. You will see the questions listed below and you should answer them as instructed:

  • Do you wish to continue [yes]:

    Answer yes or press Return if you want to continue; enter no if you do not.

  • Directory server root [/usr/netscape/server4]:

    Enter your directory server root location.

  • Messaging Server schema in the directory server appears to be up to date.
    Do you wish to update the schema anyway [y] ?

    Answer yes or press Return.

    Note: This question will not be asked if you are installing Messaging Server for the first time.

  • Do you wish to configure this directory for Server Configuration [y] ?

    Answer no since the Personal Address Book needs to update user/group schema, not the server configuration.

  • Do you wish to use this directory for managing Users/Groups [y] ?

    Answer yes or press Return to continue with the update of the user/group schema for the Personal Address Book.

  • Please enter the Directory Administrator's DN [cn=Directory Manager] :

    Enter cn=directory manager (or equivalent) or press Return to accept the default.

  • Please enter the Directory Administrator's Password :

    Enter the directory manager's (or equivalent) password.

  • Please enter the base suffix under which the Users/Groups data should be setup [o=<domain>.com] :

    Answer in the format o=<base DN> (for example, o=pab) to set up the organization for the Personal Address Book; this is where the Personal Address Book entry/group data will be stored.

    Important: The base suffix you specify here must match the base DN you specified when you ran pabinst.pl.

  • Do you want to enable anonymous search access on the Users/Groups suffix 'o=pab' [y] :

    Answer yes or press Return to enable anonymous search access for the Personal Address Book.

  • Please enter the Users/Groups Administrator's uid [admin] :

    Enter admin (or equivalent) and notice that the user uid=admin,o=<base DN> is created.

    Important: The UID you specify here must match the bind DN you specified when you ran pabinst.pl.

  • Please enter the Users/Groups Administrator's Password :

    Enter the admin's password.

    Important: The password you specify here must match the bind DN's password you specified when you ran pabinst.pl.

  • Enter the Users/Groups Administrator's Password again to verify :

    Enter the admin's password again.

    At this point, you will be given a listing of all the settings you specified. After the list, the following question will appear:

  • Do you want to continue [yes] :

    Answer yes or press Return if all the settings are correct; answer no to start over.

    The dssetup utility will update the Personal Address Book schema on the Directory Server and then restart the Directory Server.

    After the dssetup configuration is complete, the Personal Address Book installation and configuration is complete and the mshttpd service is restarted for the new configuration to be effective. New user accounts may be created from the Administration Console; users can then login to Messenger Express and start using the Personal Address Book.

Configuration

To enable the Personal Address Book feature, set the local.service.pab.enabled parameter to 1. Set this parameter to 0 to turn this feature off. By default, this parameter is set to 1.

You can use configutil to set the local.service.pab.enabled parameter. For example, to set this parameter to 1, use the following command:

# ./configutil -o local.service.pab.enabled -v 1

Other configuration variables include:

  • local.service.pab.ldaphost

    This parameter specifies the name of the LDAP server you want to use for the Personal Address Book.

  • local.service.pab.ldapport

    This parameter specifies the port number on the LDAP server.

  • local.service.pab.ldapbinddn

    This parameter specifies the bind DN used by Personal Address Book on the LDAP server (for example, cn=Directory Manager).

  • local.service.pab.ldappasswd

    This parameter defines the password for the bind DN used by Personal Address Book.

  • local.service.pab.ldapbasedn

    This parameter specifies the base DN in which Personal Address Book entries end up. The default is o=pab.

  • local.service.pab.attributelist

    This parameter is used to add new attributes to a personal address book entry (for example, you want to create an attribute that doesn't already exist).

  • local.service.pab.maxnumberofentries

    This parameter specifies the maximum number of entries per user ID. By default, this parameter is set to 500.

Maintenance

The pabdelete utility is installed in shared/bin. It is used to delete address book data after a user has been removed; it can also be used to remove all address book data if the Personal Address Book is uninstalled.

Note: If you run the uninstall utility, you must still run the pabdelete utility to remove address book data. The pabdelete utility is not run by uninstall.

Important: Before you run the pabdelete utility, check to see whether or not it has the correct permissions. The mode for pabdelete should be 755. If this is not the case, change the permissions on pabdelete with the following command:

# chmod 755 pabdelete

The syntax for the pabdelete utility is as follows:

# ./pabdelete -D <binddn> -w <password> [options] <uid>

The <binddn> and <password> parameters represent the Bind DN and Bind password; respectively, and <uid> represents the user ID of the owner of the Personal Address Book you want to remove. Use ALL for the uid parameter to specify all users; however, the Personal Address Book root will not be removed.

The optional parameters are described below:

Option
Description
-h <host>
LDAP server name or IP address
-p <port>
LDAP server TCP port number
-b <basedn>
Personal Address Book Base DN. The default value is o=pab.
-n
Preview the actions that would be performed by this pabdelete operation but do not actually perform those actions.
-v
Run in verbose mode (diagnostics to standard output).
-help or -H
Display usage information.

Shown below are some usage examples:

# pabdelete -H
# pabdelete -D "cn=admin, o=siroe.com" -w xyz -b "ou=abooks, o=siroe.com" jsmith
# pabdelete -D "cn=admin, o=siroe.com" -w xyz -b "ou=abooks, o=siroe.com" -v -n ALL

Known Limitations and Considerations

Messaging Server 4.15 Patch 1 includes the following limitations and considerations (see also Potential Problems and Solutions later in this document for other issues that might affect product capability or use):

Installation and Upgrade Issues

  • When you upgrade to Messaging Server 4.15 Patch 1, the service.pop.numprocesses, service.imap.numprocesses, and service.http.numprocesses parameters are all reset to 1. (387695)

    After upgrading, you must reset these configuration parameters as required.

  • In a sun cluster environment, the setup installation program hangs instead of generating an error message. (387593)

    The setup installation program hangs when the logical host is not accessible (for example, if the sun cluster is not properly configured).

  • Messaging Server 4.15 Patch 1 Export version cannot be installed in the same server root as the Directory Server Domestic version. (350547)

    Install Messaging Server Export version 4.15 Patch 1 with Directory Server Export version (which comes packaged with Netscape Messaging Server 4.15 Patch 1). Or, install Messaging Server and Directory Server in separate server roots.

  • If you are upgrading from Messaging Server 4.01 to 4.15 Patch 1, the warning message "NLS libraries are missing" appears during installation. (379258)

    This warning message is harmless and does not affect the installation in any way.

  • Installation fails after entering an account that should have write access to the User & Groups Directory Server. (356622)

    If anonymous search is not available on the User and Groups Directory Server, then during installation the DN for the User/Groups Administrator should be used, not the user ID for the User/Groups Administrator. If the user ID is used, the following error message is displayed:

    ERROR: Authentication failed. Either you have entered
           an invalid user ID or password, or the directory server
           is having some problem. Please check and re-enter.
    Press any key to continue.
             

  • If the LANG environment variable is set to 'ko' then the following error message will appear during the installation: 'assert: line 92, file enconv.cpp'. (367037, 367214)

    Set the LANG environment variable to another value before you begin the installation to avoid this error message. For example:

    % setenv LANG C

  • You cannot specify a symbolic-link directory or a mount-point directory as your server root. (353740)

    If you attempt to do this, the setup program displays a misleading error message and you will not be able to continue with the installation.

  • Netscape Console installs natively on the machine running the Messaging Server, but may be used from any machine to administer your Netscape Servers remotely.

    To obtain Netscape Console for platforms other than the installed platform, you'll need to obtain the appropriate platform version of Netscape Console by visiting http://home.netscape.com/eng/server/console/.

Netscape Console and Administration Server Issues

  • Administration Server must be run as root. (341197)

  • If the Number of Process setting in the Messaging Server Console is set too high, the system could hang. (369118)

    If this occurs, you will receive the Virtual Memory Low error message. Reset the Number of Process setting in the Messaging Server Console.

  • Netscape Console does not display any warning messages if the numerical value entered into the connection settings is too large. (369126)

    The numeric value entered is converted to the maximum integer value without warning.

  • The Netscape Console has problems dealing With Simplified Chinese data on Solaris. (367814)

    The workarounds for this limitation are:

    1. Use the Netscape Console on Windows NT for Simplified Chinese.
    2. Use the command line interface.

  • Uninstall does not stop the Netscape Console JRE (Java Runtime Environment). (337877)

    All Netscape Console Java environments must be shut down before running uninstall. Close and exit all instances of the Netscape Console before running uninstall. Be sure there are no Netscape Console instances running on remote machines.

  • To launch the help screens from the Netscape Console, you must include the Netscape browser client in your PATH environment variable. (339214)
Linux Issues

  • The Linux mshttpd daemon may die under heavy stress. (380796)

    If you encounter this problem, contact Technical Support.

  • A large number of daemons appear to be running after the Messaging Server is started.

    This is normal. On Linux, threads within a process show up the same as processes under ps or top. There is really only one daemon with many threads. The exact number of threads depends on configuration and load.

  • The Java CLASSPATH must be set to run the JMailstone master or client.

    If the server is installed in /usr/netscape/server4, the setup steps for C-shell users are listed below.

    For running the GUI:

    cd /usr/netscape/server4/jmailstone
    ../bin/base/jre/bin/jre -green -classpath \
     ./JMailstone.jar:../bin/base/jre/lib/rt.jar JMailstone
             

    For running the client:

    cd /usr/netscape/server4/jmailstone
    ../bin/base/jre/bin/jre -green -classpath \
     ./JMailstone.jar:../bin/base/jre/lib/rt.jar JMailclient
             
Other Limitations and Considerations

  • In Messenger Express, the dates of messages with invalid years may be displayed incorrectly. (385657)

    RFCs 822 and 1123 specify that two-digit year strings (for example, "00") are improper. Messenger Express systems that send out two-digit year strings may fail to be displayed properly.

  • In Messenger Express and Personal Address Book, quotation marks in the Display Name are not displayed in the addresses in the Recipients field. (380488)

    Additionally, in Internet Explorer 5.0, if you enter %22 (or some other similar two-digit string) in the Display Name field, it becomes encoded as a double quote, causing the MTA to generate an SMTP error.

  • If you create a new user whose preferred language is Chinese, the First Name and Last Name fields are empty when you view the entry (even if you specified a first and last name when you created the entry). (387389)

    The preferred language for Chinese must be specified as "Chinese/China" or "Chinese/Taiwan."

  • If you create a new user whose preferred language is Chinese, the user is sent an English greeting message rather than a Chinese one. (387704)

  • In Messenger Express, if the user does not explicitly logoff their session, there is a short time period between when the browser is closed and the session times out that can be exploited by someone with access to the history for that browser. (379157)

    To avoid this problem, the user should explicitly log off before closing his/her browser window.

  • For general security purposes, it is suggested that UNIX Messenger Express users close their browser windows when they are finished with their mail session. (380283)

  • If a server process crashes, shut down all services before restarting or another process might hang.

    If the server process terminates unexpectedly, shut down all Messaging Server processes before restarting the server. Otherwise, the remaining processes might stop responding while waiting for locks held by the terminated process.

  • If the Directory Server goes down during the send of a large mailing list, the deferral which should occur fails and the messages are not sent. (370061)

    When this occurs, an error message is sent to the postmaster.

  • Large number of folders cause client memory exhaustion. (379459)

    Messenger Express only supports a certain number of viewable folders (less than 200 with 128MB of memory) before it exhausts the available memory on the client. When this occurs, you may see a mostly blank screen and/or a message in your browser status bar telling you about a Javascript error.

    To see the entire error message, type 'javascript:' in the Location bar. The error message looks similar to the following:

    Javascript Error: http://./fldr_fs.html, line 85 out of memory.

  • For a short period of time (default is 15 minutes), it is still possible to login the account of a user after that user is deleted in Netscape Console. (379080)

    If you elect to turn the authentication cache on (for performance reasons), you must restart all the services on the server to make the deletion of a user(s) immediately effective.

    If not, then turn off the authentication cache by setting the service.authcachettl to zero and restarting all the services.

  • If you use Netscape Communicator to send just a link, and then try to view the message in Messenger Express, the body of the message is blank. The same message in IMAP contains the link. (370998)

    If you type some text before the link, then the message can be viewed without any problems.

  • On HP-UX 9000/800 systems, the SNMP sub-agent is unable to communicate with the master agent. (370650, 370694)

    SNMP cannot be used on HP-UX 9000/800 systems.

  • Users of Outlook Express (any version) using IMAP may see read messages revert back to an unread state. (363547)

    This is due to Outlook Express incorrectly using multiple connections to the same mailbox.

  • Program delivery suspend mode does not work. (352333)

    Creating a suspend file and suspending programs works properly; however, once you remove the suspend file, program delivery does not work.

  • Messages that are deferred to an alternate queue do not default back to the main queue when the alternate queue is deleted. (358478)

    Do not delete alternate queues that still contain messages.

  • Messaging Server 4.15 Patch 1 does not support certmap plugins. (337413)

  • The RUN and SCAN commands in the Unsolicited Bulk Email (UBE) plugin are disabled and are not supported. (334886)

  • Reconstruct -r loses authenticated sender info. (115193)

    Netscape supports the XSERVER private extension for authenticating message submissions. Reconstructing a mailbox causes all of the authenticated sender information to be discarded.

  • If the upgrade process from Messaging Server 3.x to 4.15 Patch 1 is interrupted, run reconstruct -m before starting the server.

    The reconstruct -m command corrects an inconsistent message store.

  • The login shell must be valid for Program Delivery to work. (326785, 336039)

    The program delivery option will not work with shells that are not considered valid. On several UNIX systems, the /etc/shells file contains the path for all valid shells. If the file is missing or empty, the following are valid login shells for the user to which the message is addressed:

      /bin/sh
      /usr/bin/sh
      /bin/csh
      /usr/bin/csh
      /bin/ksh
      /usr/bin/ksh

    For more information about program delivery, see the Messaging Server Administrator's Guide.

  • If you change the quota limit for a user, the new limit does not immediately take effect. (319715)

    If the user is already over quota, the limit will also take effect when the user logs in. This means a user might still receive "over quota" messages until the user receives a new message or until the user logs off and logs in again.

    You can cause the new limit to take effect by sending mail to the user after you reset the quota limit.

  • Some configuration settings require server restart to take effect. (341854)

    All SMTP configuration settings require server restart; most POP, IMAP, and HTTP settings do not.

    If you have questions about a particular configuration setting, contact Technical Support.

Potential Problems and Solutions

The following section details the known problems and solutions for the Messaging Server 4.15 Patch 1 release. If a bug-report number follows the problem, please use that number when communicating with Technical Support concerning the problem.

See also the previous section, Known Limitations and Considerations, and the following section, Corrections to the Documentation, for other issues that might affect product capability or use.

Installation and Upgrade Problems and Solutions

  • If you install the product without enabling SSL, error messages appear in the log file when the corresponding server is started. (363752)

    These messages can be safely ignored.

    Solution: By default, SSL is enabled for all services. To disable SSL for each service without generating any error messages, use the following command (for example, to disable SSL for SMTP):

    configutil service.smtp.sslusessl no

  • During upgrade, Messaging Server does not always rewrite the /etc/nsserver.cfg file properly. (351603)

    Solution: If you install Messaging Server on the same Unix machine more than once, make sure the /etc/nsserver.cfg file contains, on the first line, the <server-root> of the Messaging Server you will be using.

  • The uninstall process does not remove alternate queues or non-primary message store partitions. (355963)

    If you have multiple queues, the uninstall process will remove the default queue, but not alternate queues. If you have multiple partitions, the uninstall process will remove only the primary partition, not the non-primary message store partitions.

    Solution: You will need to delete any alternate queues or subpartitions manually.

  • If you are upgrading from a 3.x Messaging Server to Messaging Server 4.15 Patch 1, the autoreply messages and mail routing table entries are not migrated. (357053)

    Solution: You will need to save the 3.x information and re-create the entries for Messaging Server 4.15 Patch 1.

  • If you are upgrading from a 3.x Messaging Server to Messaging Server 4.15 Patch 1, and you have more than one LocalMailDomain entry in the 3.x /etc/netscape.mail.conf file, the entries are not migrated. (357055)

    Solution: You will need to save the 3.x information and re-create the entries for Messaging Server 4.15 Patch 1.

  • End-user administrator user DN and group DN are not configurable. (355146)

    Solution: If you want to create a custom DN for the end-user administrator, you must create these entries manually before the installation. You must create the end-user administrator group DN with the common name Enduser Administrators ("cn=Enduser Administrators"). You can create the end-user administrator user DN using any UID.

  • Directory Server installation will attempt to restart SNMP services on Windows NT. (357053)

    The Messaging Server properly stops all dependent services before stopping the SNMP service, but if the Directory Server is installed on the same machine, it will attempt to restart the SNMP service, which causes the installation to hang.

    Solution: Manually stop the SNMP service before installing the Messaging and Directory Servers on a Windows NT system. Alternatively, install the Directory Server on a different system (recommended to avoid resource contention).

Linux Problems and Solutions

  • You may receive the following error message during installation: "The network port number is invalid." (341627)

    This message may appear even though the first port tested is genuinely not in use.

    Solution: Re-enter the port number and it will be accepted the second time. If the install still reports the port is in use, then there is something active on the port.

  • There is a bug in glibc 2.1.1 that can cause SEGV faults of multi-threaded processes on SMP (symmetric multi-processor) systems. (355966)

    Solution: Upgrade to glibc 2.1.2.

    To determine which verson of glibc you are running, type:

    # rpm -q glibc

Other Problems and Potential Solutions

  • Mail for root or other local users cannot be delivered.

    You should create these accounts on the Directory Server using the Netscape Console or the MigrateUnixSpool utility. The messaging server does not consult /etc/passwd for local accounts.

  • On Windows NT, the -F option of the deliver command does not work. (381927)

    Solution: A -g option has been added as a synonym to the -F option. Use the -g option instead:

    # deliver -a <sender> -g \SEEN <recipient> < <test_message_file>

    Note: The Windows NT shell does not do backslash quoting and therefore requires only one backslash (/) character.

  • Some window managers will not place the Netscape Console login window over the logo window. (367239)

    Solution: Either use a different window manager, or run startconsole with the -x,nologo parameter. For example:

    # <server-root>/startconsole -x,nologo

  • Authentication may fail if the hostname returned by NIS is not the same as the one returned by DNS.

    Solution: Edit /etc/nsswitch.conf to search DNS before searching NIS. Change the following line:

    hosts:        files nisplus nis dns

    to:

    hosts:        files dns nisplus nis
  • On Windows NT, If more than one popd process is running, then none of them accept a TCP connection. (379203)

    Solution: Change the service.pop.numprocesses, server.imap.numprocesses, and service.http.numprocesses to their default value of one (1).

  • The Messaging Server and Directory Server cannot be upgraded at the same time. (369067, 369057)

    The Directory Server holds the installation information for the Messaging Server. During an upgrade, the Directory Server is stopped and is unavailable to the installer.

    Solution: To upgrade both servers, simply upgrade the Directory Server and the Messaging Server seperately.

  • For Windows NT, the version of NativeToAscii shipped with the product does not work with Korean or Simplified Chinese. (366604)

    Solution: Set the NS_NLS_DATADIRECTORY variable:

    1. Go to <server-root>/shared/bin
    2. Open a text editor and create a file called NativeToAscii.bat
    3. Type the following in the file:

      set NS_NLS_DATADIRECTORY=<server-root>\bin\msg\admin\bin
      <server-root>\shared\bin\NativeToAscii.exe %1 %2 %3 %4 %5 %6 %7 %8 %9
  • Messaging Server sends incorrect timezone information for Singapore. (341272)

    Solution: In the /etc/NscpMsg script, set the timezone (TZ) for Messaging Server by adding the following line after the LANG= variable:

    # export TZ=GMT-8

  • Base DNs with Japanese characters is not supported on Windows NT. (361497)

    Do not use Japanese Base DNs during installation on Windows NT.

  • Using a back-slash character (\) in an over-quota message can cause problems. (352208)

    If you include a back-slash character (\) in an over-quota message, Messaging Server cannot parse the message and will not deliver the message to the user.

    Solution: When specifying an over-quota message, do not use a back-slash character (\) in the message.

  • Messaging Multiplexor might not handle the "e" attribute in FilterComps in the certmap.conf file. (337269)

    Solution: You can correct this problem by changing the line in the certmap.conf file from:

    #default:FilterComps    e, uid, ... 

    to:

    #default:FilterComps    mail, uid, ... 

Corrections to the Documentation

Please note the following corrections to the Messaging Server 4.1 and 4.15 documentation:

  • If you are installing Messaging Server 4.15 from a CD, the installation instructions contain an extra step. (380827)

    On the CD, the Messaging Server 4.15 bits are already untar'd; therefore, there is no need to untar them as described in the Installation Guide.

  • Disabling Language Lookup Capability. (367811, 362966)

    The MTA looks up the language to be used when it performs international functionality as explained in the Administration Guide.

    A new configurable parameter, local.service.smtp.sitelanguageonly, can be set to yes to disable the MTA language lookup capability so that it sticks to the value defined by gen.sitelanguage. This might be preferable if you want to automatically see generated messages in a particular language.

  • Messenger Express online help provides incorrect instructions for localizing the Messenger Express UI. (357517)

    The instructions read as follows:

    Localization. To localize the user interface, copy mail-en.html to a new file named mail-xx.html, where xx is the two letter abbreviation for a specific language. Translate all the string values associated with the i18n array elements. To localize the online help, modify the help.html file.

    Instead, the instructions should be:

    Localization. The <server-root>/msg-<instance>/html directory contains a directory for each language. Contained within each language directory is a copy of the i18n.js file. This file contains all the string values associated with the i18n array elements. Replace the string pair with the relevant language. To localize the online help, modify the help.html file.

How to Report Problems

See the Technical Support site at http://iplanet.com/support/index.html.

Where to go for More Information

For Messaging Server 4.15 Patch 1 installation instructions, visit http://docs.iplanet.com/docs/manuals/messaging/nms41/install/contents.htm.

The administrator's guide and related documents are posted at the location http://developer.iplanet.com/docs/manuals/messaging.html.

Installation instructions and release notes for all Netscape servers are posted at the location http://developer.iplanet.com/docs/manuals/index.html.

If you can't find the information you need, please contact Technical Support.

Legal Notices
Messaging Server 4.15 Patch 1

Use of Messaging Server 4.15 Patch 1 is subject to the terms detailed in the license agreement accompanying it.

NSPR 3.1.x, NSS 2.6.2, and LDAP SDK 3.1

Messaging Server 4.15 Patch 1 incorporates the following software module(s): NSPR 3.1.x, NSS 2.6.2, and LDAP SDK 3.1. The source code for these module(s) as well as any updates produced by Sun Microsystems, Inc. or Netscape Communications Corporation is available from the Mozilla.org website under terms of the Mozilla Public License (MPL).

This product's license is different from the MPL. Any license terms for this product which differ from the MPL are offered by Sun Microsystems, Inc. and Netscape Communications Corporation, not by the "Initial Developer" or any "Contributor" (as those terms are defined in the MPL).




© Copyright 1999,2000 Netscape Communications Corp., a subsidiary of America Online, Inc.
All rights reserved.