Sun ONE Messaging Server 6.0 Release Notes |
Sun ONE Messaging Server 6.0 Release Notes
Version 6.0
Part Number 816-6736-10
December 8, 2003
These release notes contain important information available at the time of release of Version 6.0 of Sun Open Net Environment (Sun ONE) Messaging Server. New features and enhancements, known limitations and problems, technical notes, and other information are addressed here. Read this document before you begin using Sun ONE Messaging Server 6.0 (Messaging Server).
The most up-to-date version of these release notes can be found at the Sun ONE documentation web site: http://docs.sun.com/prod/sunone. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
Note
Do not use Sun ONE Messaging Server, v6.0 for production until you have installed Sun ONE Messaging Server 6.0 patch 1.
Revision History
Table 1 Revision History
Date
Description of Changes
December 8, 2003
Initial release of these release notes.
About Messaging Server, Version 6.0Messaging Server is a high-performance, highly secure messaging platform that can scale from thousands to millions of users. It provides extensive security features that help ensure the integrity of communications through user authentication, session encryption, and the appropriate content filtering to prevent spam and viruses. With Messaging Server, enterprises and service providers can provide secure, reliable messaging services for entire communities of employees, partners, and customers.
What’s New in Messaging Server, Version 6.0Messaging Server provides a powerful and flexible solution to the email needs of enterprises and messaging hosts of all sizes by using open Internet standards.
This section describes the following topics:
New Features
This section describes the new features added to Messaging Server in this release. The information is organized as follows:
Automatic Arabic Character Set Detection
A new auto_ef program was added to automatically detect Arabic character sets.
You can call the auto_ef program from the conversion channel to automatically detect and label most unlabeled or incorrectly labeled text messages in Arabic character sets. These unlabeled or mislabeled messages are usually sent from Yahoo or Hotmail in Arabic.
Without the correct character set labeling, many mail clients cannot display the messages correctly.
If a message has MIME content-type headers, the auto_ef program examines and processes only those with text/plain content type. If the message is not labeled with a MIME content-type header, then auto_ef adds a text/plain content-type unconditionally.
To activate or enable this program, you must:
- Edit your mappings file in the /opt/SUNWmsgsr/config directory to enable a conversion channel for the source and destination channel of your choosing. To enable a conversion channel for all mail coming in from the Internet to your local users, add a section to your mappings file similar to the following:
CONVERSIONS
IN-CHAN=tcp*;OUT-CHAN=ims-ms;CONVERT YES
Note that the IN and OUT channels depend on your configuration. If you are deploying on a relay MTA, you must modify the channels to fit your configuration. For example,
IN-CHAN=tcp*;OUT-CHAN=tcp*;CONVERT YES
Or, you could turn it on for all channels as follows:
IN-CHAN=*;OUT-CHAN=*;CONVERT YES
- Create a conversions file in the /opt/SUNWmsgsr/config directory that is owned and readable by the Messaging Server user, and that contains the following:
!
in-channel=*; out-channel=*;
in-type=text; in-subtype=*;
parameter-copy-0=*; dparameter-copy-0=*;
original-header-file=1; override-header-file=1;
command="/opt/SUNWmsgsr/lib/arabicdetect.sh"
!
- Compile your MTA configuration with the following command:
/opt/SUNWmsgsr/sbin/imsimta cnbuild
- Restart with the command:
/opt/SUNWmsgsr/sbin/imsimta restart
Documentation
The following books have been added to the Messaging Server documentation set:
Installation
The following new features were added to the Messaging Server installation:
Message Store and Message Store Access
The following new features were added to Message Store and Message Store Access:
- IMAP4 Binary Content Extension (RFC 3516), which allows IMAP clients and servers to exchange message body data without using a MIME content-transfer-encoding.
- Reconstruct quota for a single user.
- Hard and soft quota configuration.
- New scheduler daemon to schedule message expiration and purging.
- Shared folders across multiple message stores.
- Automation of many Message Store recovery operations such as database snapshots and automatic fast recovery.
- Posix regular expressions support in mboxutil and in backup, expire and purge utilities. The usage of wildcard characters is no longer supported (for example: *, %).
Messenger Express
The following new features were added to Messenger Express:
MMP
New MMP features include:
- Alias domain support (4636378)
- POP3 CAPA support (RFC2449)
- Integrated MMP with start-msg, stop-msg, and refresh commands
- New RestrictPlainPasswords option (4871953)
- Third-party authentication sample code for MMP (4616192)
- Distinguish authentication failed from server unavailable errors with RFC 3206 support (4765470)
Monitoring
New monitoring features include:
- New utilities:
- New processes: watcher and msprobe enable you to configure Messaging Server so that faults automatically trigger a pre-configured number of restarts, thus increasing availability in the face of recoverable faults.
- watcher functionality also improves availability for Messaging Multiplexor (MMP) when used without High Availability (HA).
- New watcher log file (available in msg_svr_base/data/log/watcher): Server failures are reported in this file, which makes the watcher log file an important monitoring tool.
Note: This file is not managed by the logging system (no rollover or purging). (4929765)
MTA
New MTA features include:
- New ACCESS_ORCPT MTA option (possible values 1 or 0):
- Setting the value to 1 adds another vertical bar delimited field to the probe value that is passed to the SEND_ACCESS, ORIG_SEND_ACCESS, MAIL_ACCESS, and ORIG_MAIL_ACCESS mappings containing the original recipient (ORCPT) address.
- If the message does not have an ORCPT address the original, unmodified RCPT TO address is used instead.
- New MAX_SIEVE_LIST_SIZE MTA option: Specify an integer value (default is 64) to control how many strings can appear in a list construct in MTA sieve scripts.
Note
Previously, this MTA option was called MAX_LIST_SIZE.
The old name was changed because it might be construed as having something to do with mailing lists.
- Enhanced Q log entries to contain additional information about the error(s) causing the entry to be made. (4539521)
- MTA DELIVERY_OPTIONS option now supports two new prefix characters:
- # (sharp): Indicates that the following entry is mailhost-independent, which lets MTA check whether all of a given user’s or group's delivery options are independent of the mailhost. If this condition is satisfied, MTA can act on the entry immediately rather than having to forward the message to the mailhost.
- / (slash): Causes all addresses produced by the current delivery option to be held, which means the recipient addresses will end up in message files with a .HELD extension.
- New NOTARY_DECODE MTA option (4629743): Specify one of the following values
- 1: Causes a subset of the original message headers (that are added to the first part of a DSN by the %H substitution) to be decoded and converted to match the charset of the first part.
Note
Use this setting with caution because you can lose information and confusion can result when you convert a rich charset like UTF-8 to a limited charset like ISO-8859-1 or US-ASCII.
- 0 (Default): Decodes a subset of encoded-words in the header that match the charset of the first part; no charset conversion is done.
- -1: Disables decoding of encoded-words unconditionally.
- A new facility provides the ability to retarget messages that exceed a specified limit for number of recipients, message size, or message lines to an alternate destination channel.
This facility is implemented as a set of new channel keywords (see the following list), which can be placed on any destination channel:
A message that exceeds any of these thresholds will be enqueued to the alternate channel instead of the original destination channel.
- Setting the LDAP_HOST, LDAP_USERNAME, LDAP_PASSWORD, and LDAP_PORT MTA options overrides the MTA's use of the local.ugldaphost, local.ugldapbinddn, local.ugldapbindcred, and local.ugldapport configutil parameters (respectively) in accessing the LDAP directory server. (4537015)
- Setting the LINES_TO_RETURN MTA option to 0 disables partial content return, and instead returns only the message part headers.
- The MTA now checks for 8-bit characters in the local parts of addresses (as well as the received fields it constructs) and replaces those characters with asterisks. (4694916)
- The MTA now creates J records in the log file when a MAIL FROM command fails for an administrative reason. J records were previously created only when the failure occurred at the RCPT TO.
- The ALIAS_ENTRY_CACHE_NEGATIVE option was expanded to work in the general case where no matching LDAP entries are found. Previously this option only worked when a NO_SUCH_OBJECT LDAP error was returned.
- The various priority overrides based on size channel keywords (such as urgentblocklimit, normalblocklimit, and nonurgentblocklimit) are now effective for conversion or defragment channels — even when that channel is used implicitly. Previously these keywords only worked when the channel was explicitly included in the message routing.
- New CACHE_DEBUG MTA option (Boolean valued 0, 1): Setting this option to 1 tells various MTA components to dump information about the domain, alias, and reverse caches just prior to exiting. (4668998)
- The default value for the ALLOW_RECIPIENTS_PER_TRANSACTION TCP channel option was changed from infinite to 128.
- The default value for the DISABLE_SEND TCP channel option was changed from 0 (false) to 1 (true).
- The default value for the HEADER_LIMIT MTA option was changed from infinite to 2000 (blocks).
- The REJECT_RECIPIENTS_PER_TRANSACTION TCP channel option now applies to the SMTP VRFY command as well as RCPT TO.
- New HEADER_LIMIT MTA option: Imposes a limit on the maximum size the primary (outermost) message header can attain. Primary message headers are silently truncated when they reach the specified limit.
- Operations on content type and content disposition parameters no longer invert the order in which the parameters appear.
- New -[no]reprocessing qualifier was added to the imsimta test -rewrite command to control whether rewrite_test acts as if it were the reprocessing channel. In particular, this switch affects whether deferred list expansion is done. Normally, deferred list expansion should be done, so this switch defaults to on. Use -noreprocessing to disable expansion.
- New ROUTE_TO_ROUTING_HOST MTA option (Possible values are 0 or 1):
- 0 (Default): Causes the domain to be treated as non-local when a failure to match an extant mailRoutingHosts attribute causes the domain to be treated as non-local; addresses simply will be routed onward according to the rewrite rules. This was the only behavior available in Messaging Server 5.2.
- 1: Tells Messaging Server to route all addresses associated with the domain to the first host listed in the mailRoutingHosts attribute.
- New LOG_FILTER MTA option (Default is 0): Specify 1 to write the list of active filters enclosed by single quotes into enqueue (E) records in the log file just prior to the diagnostics field. (4672405)
- New rejectsmtplonglines keyword: Adds the option of rejecting messages that contain lines longer than the 1000 characters (including CRLF) allowed by SMTP.
To activate this facility, use imsimta test -exp -mm -message=<message-file>.
Where <message-file> is a text file containing the RFC 822 message you want to test against.
- New MTA options enable you to configure text strings returned by the MTA (4720378).
The following table lists these new options and the text strings they override:
- New USE_PERMANENT_ERRORS MTA option (Default is 0): Controls whether or not certain errors returned by the MTA are marked as temporary or permanent. Each bit in this option corresponds to a specific error condition and; when set, instructs the MTA to return a permanent error.
MDNs are now used for reject actions in user sieves. An additional mapping was defined to support internationalization of MDNs. This mapping (called the DISPOSITION_LANGUAGE mapping) parallels the notification_language mapping used to internationalize DSNs. Probes to this mapping take the following form:
Where:
- type is disposition type, which can be one of the following: displayed, dispatched, processed, deleted, denied, or failed.
- modifiers is a comma-separated list of disposition modifiers. The current list is: error, warning, superseded, and expired.
- source-channel is the source channel producing the MDN.
- header-language is the language specified in one of the following: accept-language, preferred-language, or x-accept-language. (MTA uses the first option present.)
- return is the address to which the notification is being returned.
- recipient is the address that the disposition is about.
The result of the disposition mapping consists of two or three pieces of information separated by vertical bars (|). The first piece of information is the directory where the template files for the disposition notification can be found. The second piece of information is the character set into which the standalone disposition text should be forced. (This information is required because some dispositions — notably the dispositions produced by autoreply echo or the use of the :mime parameter to the vacation sieve action — do not employ template files and consequently, cannot inherit the character set from those files.) Finally, the third piece of information is an override subject line for the notification. This information is only used if the $T flag is also set by the mapping.
The following additional template files are used to construct MDNs:
Using these template files parallels the use of various return_*.txt files for DSNs. (4662616)
- New imsimta cache -walk -debug=xxx MTA command: Causes the job controller to write its current state to its log file and/or sets the job controller debug mask to a specified value.
- The default value for the threaddepth channel keyword changed from 128 to 10 — resulting from escalations where the common answer was to set threaddepth to 10.
- The number of spare LDAP attributes available for substitution in direct LDAP was raised from 2 to 5. $nE or $nG substitutes the nth spare. $E subs the first spare and $G subs the second for backwards compatibility.
- The $= metacharacter sequence was added to the set of $\ $^, $_ format selector sequences that are available in mappings and rewrite rules. When selected, $= specifies that subsequent substituted characters are to undergo quoting appropriate for insertion into LDAP search filters.
- Symbol substitutions into conversion and character set conversion parameter values (such as out-dparameter-name-0) are allowed from the content-type parameter but not from the content-disposition parameter list, which seemed unnecessarily restrictive. Consequently, the ability to substitute things from the content-disposition parameter list was enabled.
- The conversion channel program now defines the following, additional environment symbols:
- The $nX metacharacter sequence was added to the MTA's URL template facility. Use $nX to insert the nth component of the mailhost. If you omit n, the entire mailhost will be inserted.
- The $nA metacharacter sequence was added to the MTA's URL template facility. Use $nA to insert the nth character of the current address. If you omit n, the entire address will be inserted.
- New LDAP_MAX_CONNECTIONS MTA option (Default is 1024): Limits the number of LDAP connections the MTA users can make to the LDAP pool.
- New logheader channel keyword (Accepts an integer argument): Overrides the LOG_HEADER MTA option on a per-channel basis.
- Messaging Server now checks the local.imta.schematag configutil option value or the LDAP_SCHEMATAG MTA option value to insure each specified schema name is valid.
- New personalmap channel keyword: Added to the personalinc/ personalomit/
personalstrip keyword set. If enabled, personalmap causes a probe to the PERSONAL_NAMES mapping in the general form:
Where:
Additionally, following flags may be set:
- $I flag: Set initially if the material is a message ID rather than an address.
- $R flag: Set if this is from a "backward pointing" header.
- $F flag: Set if this is from a "forward pointing" header.
- $Y or $T flags: If an entry matches and sets one of these flags, the mapping result replaces the original personal name.
The authrewrite keyword takes a single integer argument, and possible values are:
- 0: Does not change anything (Default)
- 1: Adds a Sender: or a Resent-sender: header field containing the address provided by the authentication operation. The Resent- variant is used if other resent- fields are present.
- 2: Adds a Sender: header field containing the address provided by the authentication operation.
- 3: Constructs a probe of the following form mail-from|sender|from|auth-sender.
- The default use for identnonelimited was changed to identnonenumeric in newly generated configurations. The new default avoids DNS lookups out of the box.
- The $K metacharacter was added to the URL determination machinery: Substitutes a search filter that checks the objectclass to see if it matches the current criteria established for users or groups. Using this metacharacter in the REVERSE_URL MTA option prevents spurious matches against entries such as personal address book entries.
- The configuration created initially now includes three new entries in the ORIG_SEND_ACCESS mapping table. These entries block “external” submission of explicitly source-routed addresses to the tcp_intranet channel in an attempt to block relaying “through” “internal” systems. In other words, the entries prevent relay attempts that try to evade normal relay blocking by explicitly source-routing through one or more internal systems.
In addition, the dequeue_removeroute channel keyword was added to the tcp_intranet channel definition so that “front line” and “back end” system configurations can be uniform. Use this keyword to prevent back end systems from being presented with @mailhost:user@host sorts of source-routed addresses by front line systems, thus reducing the need to be certain that back end systems have been properly configured to recognize IP addresses of the front line systems as internal.
Note, however, that this use of dequeue_removeroute does imply that back end systems are expected to do message routing (e.g., LDAP lookups) themselves.
- The USE_ERRORS_TO and USE_WARNINGS_TO MTA options were removed (along with the code to support them) because these options were grossly noncompliant with standards.
- Setting the mailDomainStatus attribute to unused for a domain tells MTA to ignore the domain entirely.
- The $G metacharacter was added to the following access mappings:
jettison is similar to discard in that it causes messages to be silently discarded. The difference between jettison and discard is that discard does nothing but cancel the implicit keep, while jettison forces a discard to be performed. This behavioral difference is relevant only when multiple sieves are involved. For example, a system-level discard can be overridden by a user sieve explicitly specifying keep, whereas a system-level jettison will override anything done by a user sieve.
- Support for RFC 3431, the sieve relational extension, was added to Messaging Server.
- The following new MTA options were added to support Schema 2:
- LDAP_SCHEMALEVEL: Integer value specifying schema level to support.
- LDAP_DOMAIN_FILTER_SCHEMA1 (Default is (|(objectclass=inetDomain)
(objectclass=inetdomainalias))): String specifying filter used to identify Schema 1 domains.- LDAP_DOMAIN_FILTER_SCHEMA2 (Default is an empty string): String specifying additional filter elements used to identify Schema 2 domains.
- LDAP_ATTR_DOMAIN1_SCHEMA2 (Default is sunPreferredDomain): String specifying attribute used to store the primary domain in Schema 2.
- LDAP_ATTR_DOMAIN2_SCHEMA2 (Default is associatedDomain): String specifying attribute used to store any secondary domains in Schema 2.
- LDAP_GLOBAL_CONFIG_TEMPLATES (Default is an empty string): String specifying DN where global configuration templates can be found.
- LDAP_ATTR_DOMAIN_SEARCH_FILTER (Default is inetDomainSearchFilter): String specifying attribute in the global configuration template area that is used to store the domain search filter template.
- A new facility was added to store information that previously went into the general, forward, and reverse databases into the compiled configuration instead.
A new USE_TEXT_DATABASES MTA option was added to control this capability. This option is bit encoded.
- Set bit 0 (value 1) to read the IMTA_TABLE:general.txt file as the MTA configuration is initialized and use the information from the IMTA_TABLE:general.txt file to replace all uses of the general database.
- Set bit 1 (value 2) to read the IMTA_TABLE:reverse.txt file and use the information from this file instead of the reverse database.
- Set bit 2 (value 4) to read the IMTA_TABLE:forward.txt file and use the information from this file instead of the forward database.
- A new overquota status value was added to the list of possible mail user and mail domain statuses. When set, this new value generates a “user is over quota” error.
Note
You can use the USE_PERMANENT_ERRORS MTA option (described on page 11) to control whether this is a temporary or permanent failure.
- The capability to access per-domain attributes was added to the MTA mapping facility.
These files can make the internationalization of generated notices more flexible, and they support the following options:
- RETURN_PERSONAL (DSN and MDN): Override for the personal name field to be used in conjunction with the From: field. This field should be RFC 2047 encoded.
- SUBJECT (DSN and MDN): Override for the Subject: field. This value is used only if the notification did not provide a subject field of its own. This field should be UTF-8 encoded.
- RECIPIENT_ADDRESS (DSN): Override for the Recipient address: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- ORIGINAL_ADDRESS (DSN): Override for the Original address: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- REASON (DSN): Override for the Reason: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- DIAGNOSTIC_CODE (DSN): Override for the Diagnostic code: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- TEXT_CHARSET (MDN): Charset text for the first part and subject of the MDN should be converted to n.n.n (DSN).
When constructing the per-recipient part of a DSN, a check is made to see if there is an option whose name matches the numeric per-recipient status. If there is a match, the corresponding text will be inserted into the DSN. Additionally, if the REASON option (described above) produces a zero length result, the REASON field will not be inserted.
- HOUR (DSN): Text to insert for a %U or %u substitution when RETURN_UNITS=1 is set.
Note that there is no distinction made between %U and %u (unlike the default case where English “Hour” or “hour” (respectively) would be substituted).- DAY (DSN): Text to insert for a %U or %u substitution when RETURN_UNITS=0 (Default) is set. Note that no distinction is made between %U and %u (unlike the default case where English “Day” or “day” (respectively) would be substituted).
- Charset-conversion mapping was extended to provide several additional capabilities:
- Specify the IN-CHARSET option in the output template of a mapping entry to override the charset specified in the encoded-word. Use the IN-CHARSET option to set the input charset to *, and the charset will be “sniffed” to determine an appropriate label.
- Specify the RELABEL-ONLY option that accepts the following integer values:
- New 552_permanent_error_string SMTP option (goes into the relevant tcp_*_option file): Determines if a 552 response should be treated as a permanent error.
Normally (per RFC 2821), 552 responses are treated as if they were 4xx responses and temporary in nature. Some older SMTP servers use the 552 response to indicate a permanent error, so this new SMTP option was added to allow for this behavior.
When a 552 response is received, the text associated with it (including any xx.xx.xx extended error code, but excluding any leading spaces) is compared with the value of the 552_permanent_error_string option. If, and only if, the text matches, the response will be treated as permanent. Otherwise, response will be treated as a retryable error.
- The default value for the MISSING_RECIPIENT_POLICY MTA option was changed from
1 (do not do anything about illegal headers if they do not contain a To:, Cc:, or Bcc: field) to 0 (add a To: field to these headers to make them legal) for consistency and best practice policies.- Transport and application information strings set by SMTP will be carried through the reprocess channel.
- The [auth_channel] and [cant_channel] nonpositional alias parameters now accept a list of channel patterns separated by spaces.
- New disabled status value was added to the list of possible mail user, mail group, and mail domain statuses. Setting this value generates a user/group is disabled permanent failure.
- MTA now caches URL results from look-ups done in rewrite rules and mappings. This new URL result cache is controlled by two new MTA options:
- Asynchronous LDAP look-ups support was added to MTA. Asynchronous look-ups avoid the need to store an entire large LDAP result in memory, which in some cases seems to cause performance problems.
A new LDAP_USE_ASYNC MTA option (Bit-encoded value. Default is 0): Controls how asynchronous LDAP look-ups are used. Each bit (if set) enables using asynchronous LDAP look-ups with a specific use of LDAP within MTA. The following bits are defined:
The LDAP_USE_ASYNC default (0) disables asynchronous LDAP lookups in the Messaging Server MTA.
Two new channel keywords control this facility (Both accept a single integer argument):
- recipientlimit: Limits the total number of recipient addresses that will be accepted for the message to the specified value.
- recipientcutoff: Compares the total number of recipients presented to the MTA to the specified value. No messages will be accepted for delivery when the number of recipients exceeds the specified limit.
- New Messaging Server MTA facilities enable you to override personal name information associated with header addresses — without having to use LDAP callouts from the PERSONAL_NAME mapping. Specifically, you can set a new LDAP_PERSONAL_NAME MTA option to the name of the attribute associated with user LDAP entries containing override personal name information.
- You can now use the mgrpMsgPrefixText and mgrpMsgSuffixText LDAP attributes to insert prefix or suffix text into messages as they undergo group expansion. These are the default attributes used for this purpose; different attributes can be specified using the LDAP_PREFIX_TEXT and LDAP_SUFFIX text MTA options, respectively.
- The alias processing machinery now keeps track of any personal name information specified in the attribute named by the LDAP_PERSONAL_NAME MTA option, and uses this information to construct From: fields for any MDNs or vacation replies generated. (4618559)
- The REJECT_RECIPIENTS_PER_TRANSACTION SMTP channel option now can be set usefully to values bigger than the ALLOW_RECIPIENTS_PER_TRANSACTION SMTP channel option. Also, the code now tracks attempts to add recipients in addition to tracking successful recipient additions, and uses this value in the REJECT_RECIPIENTS_PER_TRANSACTION comparison. (4870897)
- MTA now uses specialized machinery to keep track of whether or not a given address expansion result should be employed in DSNs and MDNs as a final recipient address. In addition, if the result should not be so employed, this machinery tracks the address that should be used.
The semantics of the various sorts of address expansions implemented through LDAP are well-defined and set this information automatically. Entries in alias files and databases, however, do not have such clear semantics and, in practice, are used for multiple purposes. A mechanism to explicitly call for a given expansion address to be hidden has therefore been added. Prefixing an expansion address with a colon causes it not to be used in DSNs and MDNs. The address input to the alias expansion operation will be used instead. An example of an alias file entry that uses this facility is:
- Some useful flags are now set prior to calling the FROM_ACCESS, SEND_ACCESS, MAIL_ACCESS, ORIG_SEND_ACCESS, and ORIG_MAIL_ACCESS mappings. These flags are:
- The application information string supplied to the FROM_ACCESS, MAIL_ACCESS, and ORIG_MAIL_ACCESS mappings now includes the system name claimed in the HELO/EHLO SMTP command. This name appears at the end of the string and is separated from the rest of the string (normally “SMTP”) by a slash (/). (The claimed system name can be useful in blocking some worms and viruses.)
- New USE_PERSONAL_NAMES and USE_COMMENT_STRINGS MTA options were added to optionally include source and destination channel information in PERSONAL_NAMES and COMMENT_STRINGS mapping probes.
Setting either option to bit 0 (value 1) will add the usual source-channel|destination-channel| prefix to the corresponding mapping probe.
Note that these new options do not control whether the PERSONAL_NAMES or COMMENT_STRINGS options are used; the PERSONAL_NAMES or COMMENT_STRINGS options are controlled by various channel keywords.
- Support for RFC 3598, the sieve subaddress extension, was added to Messaging Server.
- New LDAP_DOMAIN_TIMEOUT MTA option (Expressed in seconds. Default is 60 * 15 or 15 minutes.): Controls the retention time for entries in the domain map cache.
- The FILTER_DISCARD MTA option used to control whether the filter_discard channel was used by the jettison sieve action. This control was separated out as a new FILTER_JETTISON option. The FILTER_JETTISON default is taken from the FILTER_DISCARD setting, and FILTER_DISCARD in turn defaults to 1 (discards go to the bitbucket channel) as it always has.
- The $# sequence number generation mapping and rewrite rule metacharacters now accept a fourth argument: an optional modulus. If you specify this fourth argument m the value inserted is the sequence number retrieved from the file mod m.
- Per-user conversion tags are now applied before mailhost information is considered, which enables front-end systems to perform user-specific conversion operations.
- Previously, the simple presence of a spam filter optin attribute in a user entry turned on filtering; and all the value could determine was what sort of filtering would be done. This behavior is not compatible with some directory maintenance tools that always provide the attribute, but assume an “off” or “null” value for the attribute is available that does not enable filtering.
- The LDAP_TIMEOUT MTA option was added (actually re-enabled; formerly part of PMDF): Sets time-outs for LDAP searches performed by MTA. Note that this option does not affect LDAP searches performed by domain map (either the old or new versions). (4859069)
- The $V metacharacter was added to following access mappings:
- Consolidated new API.
- New MTA vacation and auto-reply facility. The MTA uses message disposition notifications (MDNs) and the SIEVE filtering language for automatically generated responses to email.
- Integration and support of Brightmail and Spamassassin spam filtering utilities.
- LMTP protocol support in a two-tier architecture that enables messages to be sent directly into recipient mailboxes unlike the SMTP protocol, where messages go through an MTA channel queue on the back-end store machine.
- MTA Direct LDAP Lookup, which enables the MTA to interact directly with Sun ONE Directory Server (Directory Server). Messaging Server therefore now requires the use of RFC 2821 standards-compliant email addresses in the directory attributes mail, mailAlternateAddress, and mailEquivalentAddress.
Miscellaneous
Messaging Server now provides:
- Per-domain welcome messages
- User and group provisioning with Sun ONE Identity Server (Identity Server)
Note
The User Management Utility is the recommended mechanism for provisioning Messaging Server and Sun ONE Calendar Server (Calendar Server) users. (See the Sun ONE Messaging and Collaboration 1.0 User Management Utility Installation and Reference Guide (http://docs.sun.com/doc/817-4216-10), for more information.)
The Identity Server Services (as described in the Sun Java Enterprise System Installation Guide) provide only minimal Messaging and Calendar Server LDAP user entry provisioning. Because the Identity Server Services interface does not provide input validation, user entries that cannot receive email or otherwise do not function will be created without reporting any errors. Consequently, we recommend using the Identity Server Services interface for demonstration purposes only.
- Compatibility with Sun ONE Directory Server 5.2
- Sun ONE Administration Console 5.2 compatibility with Messaging Server
- Sun Cluster 3.1 and High Availability Storage Plus support
- Bidirectional SMS, which allows two-way delivery between messaging servers and an SMS gateway
- Additional notification events for quotas; login and logout connections; reconstructs; peruserflag changes; expunge; append, and non-INBOX events
Deprecated Features
Support for the following features may be eliminated in a future release:
MTA access to database files and the imsimta tools to manipulate MTA database files.
Direct editing of MTA or MMP configuration files.
A command line tool will be provided in a future release.
Use of the [PERIODIC_JOB=] sections in the job_controller.cnf file. (4907007)
The default entries shipped with iMS have been moved to the new scheduler process and removed from the default job_controller.cnf file. Specifically,
- The MTA’s default periodic jobs will now be scheduled by the new scheduler process.
- Sites that modify the defaults must apply their changes to the new scheduler process configuration.
- Use of the MTA Job Controller to schedule periodic jobs is deprecated, and this functionality will be removed from the MTA Job Controller in a future release.
Customer supplied plug-ins with IMAP, POP, or Messenger Express.
The Messenger Express authentication plug-in API is supported for this release, but it is preferable to use Identity Server to configure single-sign-on. Client certificate mapping plug-ins are no longer supported.
Support for ident protocol.
Deprecated features include the MTA ident* keywords and support for ident user names in access control filters. The indentnone* keywords continue to be supported.
Delegated Administrator web command-line interfaces.
These interfaces have been replaced with new command line tools that integrate with Identity Server. The new tools do not support the previous Sun ONE Delegated Administrator for Messaging (Delegated Administrator) utilities.
MMP SECTION option.
The optional SECTION option for the INSTANCENAME option of the ServiceList MMP configuration parameter is deprecated and will be removed in a future release.
imsimta start and imsimta stop commands.
New start-msg and stop-msg commands have replaced imsimta start and imsimta stop. The imsimta start and imsimta stop commands will be removed in a future release.
Note
For more information about the start-msg and stop-msg commands, refer to the Sun ONE Messaging Server Administrator’s Guide.
No Longer Available
The following features were deprecated in a previous release and are no longer supported:
Bugs Fixed in Messaging Server 6.0
Table 7 describes the most important bugs fixed in the Messaging Server 6.0 release.
Hardware and Software RequirementsThis section describes the hardware and software required for this release of Messaging Server, as follows:
Supported Platforms
This release supports the following platforms:
- Solaris 8 Operating System with required patches (SPARC� Platform Edition)
- Solaris 9 Operating System Update 2 (SPARC� and x86 Platform Editions) with required patches
Additionally, ensure that your Solaris setup specifies how to route to hosts that are not on the local subnet. To do this, ensure that:
- The /etc/defaultrouter file contains the IP address of the gateway system. This address must be on a local subnet.
- The /etc/resolv.conf file exists and contains the proper entries for reachable DNS servers and domain suffixes.
- The /etc/nsswitch.conf file includes the files and dns keywords in the hosts: line.
- The /etc/hosts should contain the Fully Qualified Domain Name (FQDN) immediately after the IP address.
Solaris 8 Operating System
The supported Solaris 8 (SPARC Platform Edition) platforms require the following patches:
- 108993-25 libthread patch
- 111308-03 mtmalloc patch (see Bug 4887044)
- 114045-03 (for SUNWtls)
- 116103-01 (for SUNWicu)
- 15328-01 (for SUNWsasl)
Note
Go to http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
for more information about these patches.
If you are installing Messaging Server in a hardened environment, the minimum packages required on a Solaris 8 operating system include Solaris Core packages as well as SUNWxwdv, SUNWxwdvx, SUNWxwmod, SUNWxwmox, SUNWxwplt, SUNWxwrtl.
Solaris 9 Operating System
The supported Solaris 9 (SPARC and x86 Platform Editions) Update 2 platforms require the following patches:
- For SPARC Platform Edition:
- For x86:
- 114050-04 (for (SUNWtls)
- 114678-03 (for SUNWicu)
- 115343-01 (for SUNWsasl)
Note
Go to http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
for more information about these patches.
- On Solaris 9 platforms, you can use Directory Server that is bundled in the operating system if you wish.
- If you choose to perform a rolling upgrade from Solaris 8 to Solaris 9, the Solaris 9 Live Upgrade substantially reduces the service outages that are sometimes associated with an operating system upgrade. You can duplicate your current running boot environment. While the original boot environment runs, you can upgrade the duplicate environment.
Hardware Requirements
The minimum hardware requirements for Messaging Server are:
- Approximately 1 GB of disk space to support the product binaries and a minimum message store.
- 256 MB of RAM.
- Adequate file system space for your user mailboxes (message store), configuration directory, database, log files, and message queue directory. These items can grow in size dramatically depending on the size of your site, so be sure to allocate space accordingly.
Client Software Requirements
For Messenger Express access, Messaging Server requires a JavaScript-enabled browser. For optimal performance, Sun recommends the browsers listed in Table 8:
Product Version Compatibility Requirements
Messaging Server is compatible with the product versions listed in Table 9:
New InformationThis section contains the latest information that is not contained in the core product documentation, and is organized into the following topics:
Installation Notes
Review the following installation notes. Specific installation bugs are listed in Known Issues.
- If you installed previous versions of Messaging Server with Sun ONE Directory Server 5.1 or 5.2, and you now want to use Messaging Server 6.0, you can install it against your existing Directory Server. However, you must reconfigure the existing Directory Server by running the ims_dssetup.pl script that is bundled with Messaging Server 6.0, not the version that is bundled with previous Messaging Server releases.
- If you installed Directory Server, Messaging Server, and Admin Server, and then decide to uninstall and reinstall Directory Server without uninstalling Messaging Server or Admin Server, you will have to reconfigure both servers — and you must unconfigure Admin Server before you can reconfigure it.
Uninstalling Directory Server, removes Admin Server configuration data from the configuration directory. Consequently, if you do not run Admin Server configuration again, Messaging Server will fail. If you do not unconfigure Admin Server prior to uninstalling Directory Server and then try to run Admin Server unconfigure, the unconfigure will fail.
Workaround
Unconfigure the Admin Server before uninstalling Directory Server.If you uninstall then reinstall Directory Server without unconfiguring Admin Server first, you must remove the AS_server-root/admin-serv/config/adm.conf file and then run the Admin Server configuration.
- The server-root directory (as documented in previous Messaging Server releases) has been replaced by msg_svr_base, a directory on the messaging server machine that is dedicated to holding the server program, maintenance, and information files as well as a link to the configuration data.
- You must install and run Admin Server as root (Default) or Messaging Server and Directory Server will not start. The ERR cannot setuid or setgid error message will display. It is strongly recommended that you do not change the default value.
Compatibility Issues
- Single-sign on (SSO) through Sun ONE Identity Server (Identity Server) is available if you have installed and configured Identity Server. Note that you can still use the old version of Single-sign on by using the previous version of Delegated Administrator.
- The User Management Utility is the supported mechanism for provisioning Messaging Server users that are compatible with Identity Server.
The Identity Server Services (as described in the Sun Java Enterprise System Installation Guide) provide only minimal Messaging and Calendar Server LDAP user entry provisioning. Because the Identity Server Services interface does not provide input validation, user entries that cannot receive email or otherwise do not function will be created without reporting any errors. Consequently, we recommend using the Identity Server Services interface for demonstration purposes only.
- If you provision users and groups through Delegated Administrator and if you enable mail filters in Messenger Express, you cannot use the mail filter functionality in Delegated Administrator. Similarly, if you use the mail filter functionality in Delegated Administrator, you cannot use mail filters in Messenger Express. You should disable one of these filters.
Redistributable Files
The following redistributable files are provided with Messaging Server 6.0:
- You can copy and use (but not modify) the following header files solely to create and distribute programs to interface with Messaging Server APIs, to compile customer written code using the documented API to interoperate or integrate with Messaging Server, and only as expressly provided in the Messaging Server documentation:
- The following files are provided solely as reference for writing programs that use the documented API to integrate with Messaging Server:
Errata and Messaging Server Documentation Updates
The following information was added to the Sun ONE Messaging Server Administrator’s Guide:
The following list describes errors or limitations in the Messaging Server documentation set:
When you create new vacation attributes with Webmail, no mailautoreplymode value is set and the sender receives a simple reply, not an MDN-style notice. Similarly, a vacation sieve action also produces a non-MDN formatted reply.
Specifying echo mode (autoreplytextmode: echo) will return an MDN-style reply. Echo mode autoreply message formats comply with RFC 2298.
Known IssuesThis section contains a list of the more important known issues at the time of the Messaging Server 6.0 release. This section contains the following subsections:
Installation and Uninstallation Problems
The following is a known issue with the Messaging Server installation and uninstallation programs and processes:
Messaging Server component sizes are not listed when running the initial runtime configuration.
(4914843)Each selected component displays 0 bytes.
See Installation Notes for additional installation issues.
Upgrade Problems
This section describes known issues when upgrading from Messaging Server 5.2 to Messaging Server 6.0.
Do not run the UpgradeMsg5toMsg6.p1 upgrade script provided with Messaging Server 6.0 (no bugid)
Do not run the UpgradeMsg5toMsg6.p1 upgrade script shipped with 6.0. You must wait for 6.0 patch 1 to upgrade.
Administrators cannot migrate from Sun ONE LDAP Schema, v.1 to Sun ONE LDAP Schema, v.2.
(no bugid)Sun ONE Messaging Server 6.0 will ship without a migration tool that enables administrators to migrate from Sun ONE LDAP Schema, v.1 to Sun ONE LDAP Schema, v.2. A migration tool will be forthcoming.
If you refresh your Messaging Server 6.0 product binary with updated versions of the product, the MTA compile configuration must be rebuilt. (no bugid)
If you do not rebuild your MTA compile configuration, you will see a compile configuration mismatch error.
Workaround
On a stand-alone system: run the imsimta cnbuild command immediately after you upgrade your mail system.On a clustered system:
End users can’t manage their mailing lists in Messaging Server 6.0. (4904736)
Sun ONE Messaging Server 6.0 will ship without a web-based tool that allows end users to manage their own mailing lists (a regression relative to iPlanet Messaging Server 5.2).
Workarounds
- Install a third-party product for mailing list expansion and management, such as Mailman (http://www.list.org/) or Majordomo (http://www.greatcircle.com/majordomo/).
- Alternately, do not use Sun ONE LDAP Schema, v.2, but instead use Sun ONE LDAP Schema, v.1, which is supported by the graphical user interface found in iPlanet Delegated Administrator for Messaging. Also, in Schema v.1, you can provision the directory directly to create Delegated Administrator-compatible LDAP entries as described in the iPlanet Messaging Server 5.2 Provisioning Guide and the iPlanet Messaging and Collaboration 5.2 Schema Reference.
In addition, you must download iPlanet Messaging Server 5.2p1 (http://wwws.sun.com/software/download/products/3ed69967.html), extract the delegated administration tools from that package, and then contact Sun Support to ask for the most recent “hotfix bundle” for iPlanet Delegated Administrator for Messaging.
Incorrect Welcome Message displays. (4867160)
If the specified site language and domain language differ, the Welcome Message will not display in the language specified for the domain. For example, the Welcome Message may display in French when the specified domain language preference is Turkish.
Netscape Directory Server 4.16 PAB entries with multi-valued mail attributes cannot be migrated to Directory Server 5.1 because it only accepts single-valued mail attributes. (4869706)
Objectclass violations occur if you try to add these entries.
Workaround
Turn off schema checking if you are porting PAB entries from Netscape Directory Server 4.16 to Directory Server 5.1.Messaging Server Problems
This section describes known issues in the Messaging Server product.
In option.dat, lines starting with #, !, or ; symbols are treated as comment lines. (no bugid)
In option.dat files, Messaging Server treats lines beginning with pound sign (#), exclamation point (!), or semicolon (;) characters as comment lines — even if the preceding line has a trailing backslash (\), which means the line is being continued. Consequently, you must be careful when working with long options (particularly delivery options) containing these characters.
There is a workaround for delivery options in which a natural layout could lead to continuation lines starting with a # or !.
Workaround
In delivery options, Messaging Server ignores spaces following the commas that separate individual delivery option types.For example, instead of:
DELIVERY_OPTIONS=\
#*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
#&members=*,\
#*native=@$X.lmtpnative:$M,\
#*unix=@$X.lmtpnative:$M,\
#/hold=$L%$D@hold,\
#*file=@$X.lmtpnative:+$F,\
#&@members_offline=*,\
#program=$M%$P@pipe-daemon,\
#forward=**,\
#*^!autoreply=$M+$D@bitbucket
You can workaround the problem by adding spaces as follows:
DELIVERY_OPTIONS=\
#*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
#&members=*,\
#*native=@$X.lmtpnative:$M,\
#*unix=@$X.lmtpnative:$M,\
#/hold=$L%$D@hold,\
#*file=@$X.lmtpnative:+$F,\
#&@members_offline=*,\
#program=$M%$P@pipe-daemon,\
#forward=**,\
#*^!autoreply=$M+$D@bitbucket
DOMAIN_UPLEVEL has been modified. (no bugid)
The DOMAIN_UPLEVEL default value has changed from 1 to 0.
The following characters cannot be used in the User ID: $ ~ = # * + % ! @ , { } ( ) / < > ; : " ‘ [ ] & ? (no bugid)
This constraint is enforced by MTA when operating in direct LDAP mode. Allowing these characters in the User ID can cause problems in the message store. If you want to change the list of characters forbidden by the MTA, set the following option by listing a comma-separated string of the characters’ ASCII values:
LDAP_UID_INVALID_CHARS=32,33,34,35,36,37,38,40,41,42,43,44,47,58,59,60,61,62,63,64,91,92,93,96,123,125,126
in the msg_svr_base/config/options.dat file. Note that you are strongly advised against relaxing this constraint.
NFS is not supported for mail stores. (no bugid)
NFS is not supported for several reasons, including: open with O_EXCL is non-atomic. This technique is used for synchronizing deferred handling between various threads.
When using the MTA direct LDAP operation, you should run the imsimta restart command to immediately implement newly modified alias cache sizes or timeout values, or to immediately clear the alias cache. (no bugid)
If the name service cache daemon (nscd) is not running in a Solaris operating environment, the services can fail. (4353836)
This is a known Solaris bug. To avoid this problem, be sure to run the nscd(1M) service. In addition, you must enable the cache for host lookups or the mshttpd service will not work.
If you enable Sun Cluster 3.0 Update 3, you may encounter a harmless error message. (4490877)
The following harmless error message appears in the Sun Cluster console and also in /var/adm/messages, when starting High Availability (HA) services or when switching HA services from one node to another:
Cluster.PMF.pmfd: Error opening procfs control file </proc/20700/ctl> for tag <falcon,habanero_msg,4.svc>: No such file or directory
The ldapsearch command fails in the ko locale on Solaris platforms. (4533913)
The Messaging Server installation fails if it is installed in the ko locale as a result of this problem.
Workaround
This problem no longer occurs with Sun ONE Directory Server 5.2. However, if you are using earlier versions of Directory Server, run ims_dssetup.pl on Directory Server, using the default C locale instead of the ko locale.Alternatively, you can install Messaging Server using another Korean locale, such as ko_KR.EUC, ko.UTF-8, or ko_KR.UTF-8.
LDAP search performance is slightly impacted by ACIs in Directory Server version 5.x. (4534356)
This issue affects many searches performed by Messaging Server. For faster searches, use directory manager credentials with the following commands to access the directory:
msg_svr_base/sbin/configutil -o local.ugldapbinddn -v "rootdn" -l
msg_svr_base/sbin/configutil -o local.ugldapbindcred -v "rootdn_passwd" -lwhere rootdn and rootdn_passwd are the credentials of Directory Server’s administrator.
As of Messaging Server 5.1, logging to mail.log_current is turned off by default. (4535717 and 4564207)
Refer to the chapter on logging and log analysis in the Sun ONE Messaging Server Administrator’s Guide on how to enable logging.
Testing dynamic criteria for email-only membership does not work correctly. (4537597)
While trying to add dynamic criteria to groups for email-only membership through Sun ONE Console, using the test button to test the dynamic criterion (also known as the LDAP URL) does not work. The functionality of email membership of the group will not be broken by this limitation.
The stored process doesn’t recognize that servers may be bound to a specific interface address instead of INADDR_ANY. (4538253)
For example, if you have enabled HA, you need to bind a server to a specific interface address.
The MMP BadGuy configuration parameter, BGExcluded, does not work. (4538273)
Workaround
Deploy separate MMP servers to handle the clients that are excluded from bad guy rules. These servers must have BadGuy turned off.To take effect, changes made using configutil often require a restart of the affected server or servers. (4538366)
The Personal Address Book within Messenger Express only supports a limited number of objectclasses when creating nodes in the directory server. (4539553)
When the user tree hierarchy contains nodes other than "ou", "o", "dc", or "c", the parallel PAB hierarchy must be created manually. For example, if you have users under dept=1234,o=acme.com you need to create dept=1234,o=acme.com,o=pab.
On a Solaris client with a Netscape browser, Sun ONE Console can only launch Help if a browser is already open. (4539844 and 4541748)
If Help does not launch from Sun ONE Console, create a script called “netscape” (similar to the following example), and place this script in your path:
mailautoreplysubject does not have multi-language support from Sun ONE Console. (4540780)
The auto-reply subject line in Sun ONE Console does not provide multi-language support. If the mailautoreplysubject;lang-XX (where XX is the language) attribute is already set in Messenger Express or in Delegated Administrator, the mailautoreplysubject attribute cannot be viewed or changed through Sun ONE Console because the Console looks for the mailautoreplysubject, not mailautoreplysubject;lang-XX attribute.
Workaround
When provisioning using multi-language support, use Delegated Administrator.Admin Server access control host names are case-sensitive. (4541448)
When you configure “Host Names to allow” for the Admin Server, the access control list is case-sensitive. If the DNS server uses mixed-case host names in the IN-ADDR records (used when translating from an IP address to a domain name), the access control list must use the same case. For example, if your host is test.Sesta.Com, then the access control list must include *.Sesta.Com. Due to this bug, *.sesta.com will not suffice.
For example, if the user/group base suffix is o=isp, then the DN of the service administrator group is cn=Service Administrators,ou=groups,o=isp. To designate the account uid=ofanning, o=sesta.com, o=isp as a service administrator, you should add the account’s DN to the group. In the following modify record, the designated user is added as a group member in the LDIF:
dn: cn=Service Administrators,ou=groups,o=isp
changetype: modify
add: uniquemember
uniquemember: uid=ofanning, o=sesta.com, o=ispFurthermore, for users to have service administrator privileges, the attribute memberof must be added to the user entry and set to the Service Administrator Group, for example:
dn: uid=ofanning, o=sesta.com, o=isp
changetype: modify
add: memberof
memberof: cn=Service Administrators, ou=groups, o=ispIf you use Microsoft Outlook Express as your IMAP mail client, the read and unread flags might not work properly. This is a known problem with the Microsoft Outlook Express client. (4543930)
To enable the workaround, set the following configuration variable:
configutil -o local.imap.immediateflagupdate -v yes
If, while using the workaround, you experience performance issues, it is recommended that you discontinue using the workaround.
On Solaris, upon startup, Console might display spurious error messages related to the Sun Cluster environment. (4562861)
For example, you might see an error message such as:
Cluster.PMF.pmfd: Error opening procfs control file
/proc/384/ctl for tag rg.rs.0.svc: No such file or directoryYou can ignore these messages.
For a short period of time (Default is 15 minutes), it might be possible to log in to the account of a user marked for deletion. (4576530 and 4588068)
The IMAP, POP, and HTTP servers cache the LDAP entries of users who have recently logged in for the amount of time specified in the service.authcachettl configuration parameter. To make the deletion of a user immediately effective, you can run the servers with no authentication cache or turn off the authentication cache by setting service.authcachettl to 0 using the configutil utility and restarting all the services. Note, a setting of 0 will have an impact on performance.
This problem also applies to Messaging Multiplexor (MMP); however, MMP does not use configutil. It has a separate AuthCachTTL option in its configuration file.
Connections aborted with TCP_IOC_ABORT_CONN in syslog. (4616287)
If a failover occurs for an HA configuration running Sun Cluster 3.1 on the Solaris 8 U7 or Solaris 9 Operating System and active TCP connections are aborted with the TCP_IOC_ABORT_CONN ioctl, messages such as the following are logged on the console and to system logs.
Jul 24 16:41:15 shemp ip: TCP_IOC_ABORT_CONN: local = 192.018.076.081:0,
remote = 000.000.000.000:0, start = -2, end = 6
Jul 24 16:41:15 shemp ip: TCP_IOC_ABORT_CONN: aborted 0 connection
These messages are informational only and should not show up in non-debug mode.
Access control filters do not work if the short form domain in used in the /etc/hosts file. (4629001)
If there is a short form version of a domain name in the /etc/hosts file, there will be problems if you use a host name in an access control filter. When the IP address lookup returns a short form version of the domain name, the match will fail. Therefore, you should make sure you use a fully qualified domain name in the /etc/hosts file.
In Sun Cluster 3.0 U2 (Update 2), the nsldap resource goes into STOP_FAILED state and the resource group does not failover, even after reaching the Retry_count limit. (4638310)
This is a known Sun Cluster 3.0 U2 (Update 2) problem that is due to a condition between the monitoring thread and an incoming stop. See Sun Cluster bugs: 4498808 and 4368936.
Workaround
Add -y Retry_count = 1 to the scrgadm command (described in “Configuring Messaging Server HA Support for Sun Cluster” in the Sun ONE Messaging Server Installation Guide):Note that if you upgrade to Sun Cluster 3.0 U3 (Update 3), you will longer have this race condition.
MoveUser incorrectly moves users mailboxes on same Messaging Server. (4662961)
The MoveUser utility appears to allow you to move mailboxes between partitions on the same message store but does not move them correctly; it moves user mailbox messages from the original partition back to the original partition, leaving you with double your messages, but also changes the LDAP attribute mailmessagestore for the user, so that the user cannot get email.
Workaround
The proper way to perform this operation is to use mboxutil.If you have already used MoveUser, you should set the user’s LDAP attribute mailmessagestore to the original partition. Then, have the user log into the message store and remove all duplicate emails.
Note that if you fail to change the LDAP attribute and run mboxutil, then mboxutil will look in the new partition and report an error.
MoveUser utility does not work on a mailbox that contains over 25,000 subfolders. (4737262)
It has been reported that the MoveUser utility stops when attempting to move a user’s account that has a mailbox containing over 25,000 subfolders.
Messaging Server ENS does not start when Calendar ENS is running. (4773665)
If you install Messaging Server and Calendar Server on the same machine, Messaging Server ENS will not start if Calendar Server ENS is running.
Server-Side Rules (SSR) do not reject messages of certain encodings. (4788099)
Many mail clients use encoded words in headers in a way that is inconsistent with RF1522.
In particular, these mail clients can have very different rules for when white space is significant. One effect of these differences is that it can be difficult to guess where spaces might “appear in” or “disappear from” non-ASCII headers when they are being checked in sieve scripts.Workaround
If you are not seeing matches as expected, try adding rules that use different spacing.
Also, see the HEADERFOLDPRESERVE and HEADERTRAILINGPRESERVE channel keywords.Messenger Express Multiplexor (MEM) does not have a configuration option to make use of the OS resolver as well as NSCD. (4823042)
Workaround
Configure system as a caching-only DNS server in order to gain the benefit of caching MX and A records.Difference in behavior between imsimta dirsync and the Direct LDAP mode exposes syntactically illegal addresses. (4825161)
When previous versions of Messaging Server supported the dirsync mode, the MTA changed illegal addresses such as:
jane.b.doe.@siroe.com
.jane.b.doe@siroe.com
jane..doe@siroe.comto:
"jane.b.doe."@siroe.com
".jane.b.doe"@siroe.com
"jane..doe"@siroe.comso that these addresses were legal (as explained in RFC822) and were found in the LDAP Directory Server. The corrected entries were first stored in the alias database and the users were found in Directory Server.
However, in the Direct LDAP mode, the MTA no longer has a place to store corrected addresses. Consequently, the LDAP lookup is directly performed with the unquoted, illegal form of the address. If such an address is not quoted, the LDAP server does not recognize the address and the message is rejected.
If indirect dependencies already exist between Sun Cluster resources, scds_hasp_check() may prevent HAStoragePlus from being supported with those existing configurations. (4827911)
This behavior is observed in Sun Cluster 3.0 Update 3.
Workaround
Create a weak dependency for the existing resources on the HAStoragePlus resource.Notifications can be customized and localized. (4832584)
To customize or localize notifications, you would create a complete set of return_*.txt files for each locale and/or customization and store it in a separate directory. For example, you could have French notification files stored in one directory, Spanish for another, and notifications for a special unsolicited bulk email channel stored in a third. Sample files for French, German, and Spanish are included in this release. These files can be modified to suit your specific needs. Refer to the Sun ONE Messaging Server Administrator’s Guide for complete information on Customizing and Localizing Notification Messages.
Client certificate authentication does not support Sun ONE LDAP Schema, v.2. (4864144)
Note that client certificate authentication does not currently work as designed with Sun ONE LDAP Schema, v1 either.
Searching for a home phone number does not work in the Personal Address Book. (4877800)
A Personal Address Book search based on “Phone #” searches for the work phone number attribute only. You cannot use “Phone #” to search for home or mobile phone numbers.
If you stop channels and then restart the Job Controller, the channels continue to run. (4881164)
ims_master loops and many messages are stuck in the ims-ms queue. (4887729)
Do not create files in the Messaging Server directory hierarchy. Doing so can cause unexpected behavior in the logging facility or other components of the server.
The SMTP server’s default behavior has changed. (4890252)
The SMTP server’s default behavior permissively accepts various line terminators. Currently, the smtp keyword is synonymous to the smtp_crorlf channel keyword on the tcp channels. Not only does this behavior comply with the original SMTP specification (RFC 821), it also now complies with the most recent revision of the SMTP specification (RFC 2821). Specifically, the smtp keyword is synonymous with the smtp_crlf channel keyword. For more information, see the section on Channel Protocol Selection and Line Terminators in the chapter on Configuring Channel Definitions in the Sun ONE Messaging Server Administrator’s Guide.
New autoreply function has limitations with language tags. (4896231 and 4898193)
If you are using Delegated Administrator and Sun ONE LDAP Schema v1, and you need to enable multi-language support when provisioning vacation messages, use the old autoreply channel described in the iPlanet Messaging Server 5.2 Administrator’s Guide.
The XSTA, XADR commands are enabled by default. (4910371)
After installation, the SMTP extension commands XSTA and XADR are enabled by default, which may enable remote and local users to retrieve sensitive information.
Workaround
Add the following lines to the imta/config/tcp_local_options file (create this file if necessary) to disable the XSTA and XADR commands:DISABLE_ADDRESS=1
DISABLE_CIRCUIT=1
DISABLE_STATUS=1
DISABLE_GENERAL=1
Selecting MS in Admin Console displays “ERR cannot setuid or setgid.” (4916259)
Messaging Server and Directory Server will not start if you run the Admin Server as a user other than root (Default).
Workaround
You must install and run the Admin Server as root. It is strongly recommended that you do not change the default user.imsimta start doesn’t start disp and job controller. (4916996)
The imsimta start, imsimta restart, and imsimta refresh commands work only when the watcher process is running.
Note
New start-msg and stop-msg commands have replaced imsimta start and imsimta stop, which are deprecated and will be removed in a future release.
For more information about the start-msg and stop-msg commands, refer to the Sun ONE Messaging Server Administrator’s Guide.
“Unable to open configuration list” error in Sun ONE Server Console. (4922003)
If you install Messaging Server in a location other than the default msg_svr_base (/opt/SUNWmsgsr), you will see the following error when you open Messaging Server through the Sun ONE Server Console: “ERR Cannot Open Configuration List.” Consequently, you will be unable to open Messaging Server.
Workaround
Create a directory /opt/SUNWmsgsr/config/ and copy the msg.conf file from your current Messaging Server root installation, <your_server_root>/config/msg.conf to this new directory. Make sure that the permissions to the new directory are owned by the <msg_svr_user>.Vacation start and end dates are not saved correctly in Webmail. (4929706)
If a Webmail vacation start or end date includes a double-digit month (October, November, or December), Webmail does not save the date correctly and will send vacation responses at unexpected times.
Webmail’s default behavior for Arabic/Hebrew users has changed since version 5.2. (4933096)
When you log in as a user with preferredlanguage=ar, the user interface displays left-to-right instead of right-to-left.
Workaround
Manage Certificate wizard not creating Secure Sockets Layer (SSL) certifications under Messaging Server/Configuration. (4939810)
When you use the Manage Certificate option (Admin Server->Messaging Server->
Configuration->Manage Certificate) to create an SSL certification request, the Manage Certificate wizard should create a certificate and key database in the Messaging_Server_Base/config area and not in the Directory_Server_Root/alias area. In addition, the file prefixes should change from the msg-config value (msg-config-cert7.db and msg-config-key3.db) to NULL (cert7.db and key3.db).Workarounds:
- Copy the msg-config-cert7.db and msg-config-key3.db files from Directory_Server_Base/alias area to Messaging_Server_Base/config area as cert7.db and key3.db with proper permissions and ownerships.
- Create soft links for the files under Messaging_Server_Base/config area with the proper permissions and ownerships used in the Directory_Server_Base/alias area.
Korean PAB text corrupt in Internet Explorer 6.0 when auto-select encoding is enabled. (4951813)
Using Internet Explorer 6.0, if you create a user with preferredlanguage=ko, select View ->
Encoding -> Auto-Select, and log into Webmail as the ko user, when you open the Addresses page the text display will be corrupted.Workaround
Disable Auto-Select and reopen the Addresses page. The text will display appropriately.
Messenger Express Problems
This section describes known issues in the Messenger Express product.
If you are using Netscape Communicator, messages might shut down your browser on rare occasions. (4549239)
Workaround
Use Internet Explorer version 5.5 SP2 (Service Pack 2) on the rare instance that you experience this behavior.On Internet Explorer 5.5SP1 and earlier, very large messages are truncated when placed into the Sent folder. (4558055)
Due to timing issues in Internet Explorer versions before 5.5 SP1, very large messages are truncated on slower machines with small amounts of memory.
Workaround:
Use the recommended build of Internet Explorer 5.5 SP2 or higher.Messenger Express with Greek on Netscape Communicator creates various issues. (4560999)
Several minor glitches occur related to either Javascript or IMAP folder issues; users who run into these issues might want to use another browser.
Japanese EUC locale issues when using Netscape Communicator browser on Solaris. (4561469 and 4561550).
When using Netscape Communicator 4.x on Solaris in a Japanese EUC locale, the vcard of a message is displayed as gibberish.
A user will not be able to attach files with Japanese file names using Netscape Communicator 4.x browser on Solaris.
When using Netscape Communicator 4.x with Messenger Express, any window resize causes the session to return to the Inbox message list. (4579429)
With Directory Server 5.1 or later, you will not be able to enter multiple email IDs for a single contact in the Personal Address Book. (4633171)
Note that Directory Server is exhibiting correct behavior. Due to a bug in Netscape Directory Server 4.x, you are able to enter multiple email IDs.
Clicking Send or Save Draft generates an error if your client web browser is Internet Explorer 6.0. (4633206)
When you open the Compose window from the Folders tab, compose a message, and click Send or Save Draft, you will see a Javascript error if you are using Internet Explorer 6.0 as your client web browser. Despite the error, the message is sent (if you click Send) or saved (if you click Save Draft) as expected.
A blank character is trimmed in Messenger Express. (4668749)
In Messenger Express, when there is a blank character at the beginning of a line in a plain text message, that character is trimmed.
When Single Sign-On is enabled, a user might unable to logout from Messenger Express. (4670621)
Note
The Sun ONE Delegated Administrator for Messaging and Collaboration product is available for existing customers only. New customers should refer to the product documentation for information about new provisioning tools.
If you log on to Delegated Administrator, and you open another web browser to login to Messenger Express, you will not be prompted for your user ID and password if you have Single Sign-On enabled.
However, with Single Sign-on enabled, you will not be able to log out of Messenger Express successfully while you’re still logged on to Delegated Administrator.
Note
You will not encounter this issue if, instead of using Delegated Administrator, you enable Single-Sign On through Identity Server.
Workaround
Enable Single Sign-Off so that when you log out of Messenger Express, you also log out of other applications. Another workaround is to modify Messenger Express so that when you log out, you are sent to a web page which is different from where you originally logged into Messenger Express. To do this, edit the main.js and to change the restart() routine.Messenger Express incorrectly allows users to change their passwords to non-ASCII characters. (4745337)
If the user changes his password to non-ASCII characters, he will not be able to re-login to Messenger Express with his new or old password.
If you create groups within an existing group, you may encounter the following error: pab::PAB_ModifyAttribute: ldap error (No Such object). (4883651)
User Management Utility
This section describes known issues in User Management Utility for Sun ONE Messaging and Collaboration.
User create -c option creates an invalid calendar identifier. (4937705)
When you use the -S cal option the -c suboption becomes available, which is the calendar identifier. Specifying commadmin .... -d domain101.com -l test1 -S cal -c defaultCalendar results in the following entry:
icscalendar: defaultCalendar
However, the entry should be:
icscalendar: test1@domain101.com:defaultCalendar
Workaround:
Do not use the -c option when creating a user.Need to specify -M with -S option for commadmin group create. (4930618)
For the commadmin group create and commadmin group modify commands, the -M option must be specified with the -S option.
mgrpModerator attribute is not set correctly by commadmin group create -r command. (4931765)
Specifying the -r option for the commadmin group create command should create a moderator for the group. The -r option requires the moderator’s email address. When this option is specified, the mgrpModerator attribute is not correctly set. For example, if the option is specified as -r moderator, the mgrpModerator attribute should be set to mailto:moderator@siroe.com where siroe.com is the default domain. However, in this case, the mgrpModerator attribute is set only to moderator.
Workaround:
Verify that the value entered with the -r option is a complete email address, for example -r moderator@siroe.com.Group’s email address is not validated against the domain in which group is created. (4931802)
When creating a group with the commadmin group create command, the group’s email address (specified with the -E option) is not validated against the domain of the group (specified with the -d option).
Workaround:
Verify that value specified with the -E option is a valid email address for the group’s domain.Cannot modify non-ASCII groups. (4934768)
If a group is created with a group name that contains non-ASCII characters, it cannot be modified with the commadmin group modify command.
For example, if a group with the non-ASCII characters XYZ is specified with the -G option in the commadmin group create command, an email address of XYZ is automatically added to the group’s LDAP entry. Since non-ASCII characters are not allowed in email addresses, modifying the group with commadmin group modfiy fails.
Workaround:
Use the -E email option when creating a group. This option will specify the group’s email address. For example: commadmin group create -D admin -w password -d siroe.com -G XYZ -S mail \ -E testgroup@siroe.com.commadmin user create -c option creates an invalid Calendar identifier. (4937705)
When the -c option is specified for the commadmin user create command, an invalid calendar identifier is created.
Workaround:
Do not use the -c option. The user ID specified with the -l option is used as the default.Creating a group with multiple -f options adds only one attribute. (4931958)
If you specify multiple -f options for creating dynamic groups in the commadmin group create command, only the value specified with the last -f option is added to the LDAP entry. The other values are not added.
Workaround:
Do not specify the -f option multiple times when using the commadmin group create command.Localization Issues
The following items are not necessarily il8n or l10n specific.
Mailfilter doesn’t work unless webmail is running on port 80. (4931052)
Workaround:
Configure mshttpd port to 80 as workaround.(i18n) Non-ASCII vacation messages cannot display correctly. (4906625)
Log onto Webmail with valid user then enable vacation with non-ASCII message on it.
The vacation message is corrupted on disposition report.No workaround exists. See Messaging Server 6.0 patch 1 for remedy - downloadable from http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access.
(i18n) Simplified Chinese Admin Console online help files are used in zh_TW environment on Netscape Browser 4.7x. (4881871)
Launch Traditional Chinese version of Directory Server 5.2 Admin Console, then click [Help] button to launch view help content through browser. If default browser is set to Netscape 4.7x, then instead of Traditional Chinese online help Simplified Chinese online help will be displayed.
Workaround:
Use Netscape 7 (or Internet Explorer)(i18n) Webmail composer sometimes folds Japanese sentences that contain certain characters. (4923143)
No workaround exists.
(i18n) International chars in Mail Filter displayed as codepoints in Filter Preview. (4983208)
No workaround exists. See Messaging Server 6.0 patch 1 for remedy - downloadable from http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access.
(i18n/l10n) Mail Filter: cannot select user’s preference items in localized Mail Filter UI. (4937628)
Saved Mail Filter rules through localized UI always have “contains” for the condition rule regardless of condition choices made during rule creations.
No workaround exists. See Messaging Server 6.0 patch 1 for remedy - downloadable from http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access.
Mail Filter: missing help links in Advanced Mail Filter Action windows. (4936676)
No workaround exists.
(i18n/l10n) Localized Webmail does not merge some of the folders created by Outlook Express. (4653960)
It is sometimes desired that default “Sent” folder in Webmail can be replaced with “Sent Items” folder created by Outlook Express, hence all the messages sent by both client is copied to “Sent Items” folder.
This operation is difficult, particularly in Japanese.
Workaround (in two parts):
(i18n) Intermittent Javascript errors may be seen in Japanese Webmail (Internet Explorer 6 only) when proxy server is used. (4925995)
Workaround:
Enable or disable “auto-detection” option in Internet Explorer’s encoding menu. Use direct connection or switch to different proxy server.
How to Report Problems and Provide FeedbackIf you have problems with Messaging Server, contact Sun customer support using one of the following mechanisms:
- Sun Software Support services online at
http://www.sun.com/service/sunone/softwareSo that we can best assist you in resolving problems, please have the following information available when you contact support:
- Description of the problem, including the situation where the problem occurs and its impact on your operation
- Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
- Detailed steps on the methods you have used to reproduce the problem
- Any error logs or core dumps
You might also find it useful to subscribe to the following interest group, where Messaging Server topics are discussed:
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions. Email your comments to Sun at this address:
Please include the part number (816-6736-10) of the document in the subject line and the book title (Sun ONE Messaging Server 6.0 Release Notes) in the body of your email.
Additional Sun ResourcesUseful Sun ONE information can be found at the following Internet locations:
- Documentation for Sun ONE Messaging Server
http://docs.sun.com/coll/S1_MsgServer_60- Sun ONE Documentation
http://docs.sun.com/prod/sunone- Sun ONE Professional Services
http://www.sun.com/service/sunps/sunone- Sun ONE Software Products and Service
http://www.sun.com/software- Sun ONE Software Support Services
http://www.sun.com/service/sunone/software- Sun ONE Support and Knowledge Base
http://www.sun.com/service/support/software- Sun Support and Training Services
http://www.sun.com/supportraining- Sun ONE Consulting and Professional Services
http://www.sun.com/service/sunps/sunone- Sun ONE Developer Information
http://sunonedev.sun.com- Sun Developer Support Services
http://www.sun.com/developers/support- Sun ONE Software Training
http://www.sun.com/software/training- Sun Software Data Sheets
http://wwws.sun.com/software
Copyright � 2003 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Solaris, Java and the Java Coffee Cup logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Use of Messaging Server is subject to the terms described in the license agreement accompanying it.
This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/).