Sun ONE Messaging Server 6.0 Patch 1 Release Notes |
Sun ONE Messaging Server 6.0
Release NotesVersion 6.0 Patch 1 Update 1
Part Number 817-5035-11
February 2004
These release notes contain important information available after the time of release of Version 6.0 of Sun Open Net Environment (Sun ONE) Messaging Server. New features and enhancements, known limitations and problems, technical notes, and other information are addressed here. Read this document before you begin using Sun ONE Messaging Server 6.0 (Messaging Server).
The most up-to-date version of these release notes can be found at the Sun ONE documentation web site: http://docs.sun.com/prod/sunone. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
Revision History
Table 1 Revision History
Date
Description of Changes
February 3, 2004
- Information on Sun Cluster 3.0 update 3 bug. See "Messaging Server does not start under Sun Cluster 3.0 Update 3 (4947465)" on page 46.
January 15, 2004
Initial release of Messaging Server 6.0 patch 1 release notes.
December 8, 2003
Initial release of the Messaging Server 6.0 release notes.
About Messaging Server, Version 6.0 P1Messaging Server is a high-performance, highly secure messaging platform that can scale from thousands to millions of users. It provides extensive security features that help ensure the integrity of communications through user authentication, session encryption, and the appropriate content filtering to prevent spam and viruses. With Messaging Server, enterprises and service providers can provide secure, reliable messaging services for entire communities of employees, partners, and customers.
What’s New in Messaging Server, Version 6.0 P1Messaging Server provides a powerful and flexible solution to the email needs of enterprises and messaging hosts of all sizes by using open Internet standards.
This section describes the following topics:
New Features
This section describes the new features added to Messaging Server in this release. The information is organized as follows:
Automatic Arabic Character Set Detection
A new auto_ef program was added to automatically detect Arabic character sets.
You can call the auto_ef program from the conversion channel to automatically detect and label most unlabeled or incorrectly labeled text messages in Arabic character sets. These unlabeled or mislabeled messages are usually sent from Yahoo or Hotmail in Arabic.
Without the correct character set labeling, many mail clients cannot display the messages correctly.
If a message has MIME content-type headers, the auto_ef program examines and processes only those with text/plain content type. If the message is not labeled with a MIME content-type header, then auto_ef adds a text/plain content-type unconditionally.
To activate or enable this program, you must:
- Edit your mappings file in the msg_svr_base/config directory to enable a conversion channel for the source and destination channel of your choosing. To enable a conversion channel for all mail coming in from the Internet to your local users, add a section to your mappings file similar to the following:
CONVERSIONS
IN-CHAN=tcp*;OUT-CHAN=ims-ms;CONVERT YES
Note that the IN and OUT channels depend on your configuration. If you are deploying on a relay MTA, you must modify the channels to fit your configuration. For example,
IN-CHAN=tcp*;OUT-CHAN=tcp*;CONVERT YES
Or, you could turn it on for all channels as follows:
IN-CHAN=*;OUT-CHAN=*;CONVERT YES
- Create a conversions file in the msg_svr_base/config directory that is owned and readable by the Messaging Server user, and that contains the following:
!
in-channel=*; out-channel=*;
in-type=text; in-subtype=*;
parameter-copy-0=*; dparameter-copy-0=*;
original-header-file=1; override-header-file=1;
command="msg_svr_base/lib/arabicdetect.sh"
!- Compile your MTA configuration with the following command:
msg_svr_base/sbin/imsimta cnbuild
- Restart with the command:
msg_svr_base/sbin/imsimta restart
Documentation
The following books have been added to the Messaging Server documentation set:
Installation
The following new features were added to the Messaging Server installation:
Message Store and Message Store Access
The following new features were added to Message Store and Message Store Access:
- IMAP4 Binary Content Extension (RFC 3516), which allows IMAP clients and servers to exchange message body data without using a MIME content-transfer-encoding.
- Reconstruct quota for a single user.
- Hard and soft quota configuration.
- New scheduler daemon to schedule message expiration and purging.
- Shared folders across multiple message stores.
- Automation of many Message Store recovery operations such as database snapshots and automatic fast recovery.
- Posix regular expressions support in mboxutil and in backup, expire and purge utilities. The usage of wildcard characters is no longer supported (for example: *, %).
Messenger Express
The following new features were added to Messenger Express:
MMP
New MMP features include:
- Alias domain support (4636378)
- POP3 CAPA support (RFC2449)
- Integrated MMP with start-msg, stop-msg, and refresh commands
- New RestrictPlainPasswords option (4871953)
- Third-party authentication sample code for MMP (4616192)
- Distinguish authentication failed from server unavailable errors with RFC 3206 support (4765470)
Monitoring
New monitoring features include:
- New utilities:
- New processes: watcher and msprobe enable you to configure Messaging Server so that faults automatically trigger a pre-configured number of restarts, thus increasing availability in the face of recoverable faults.
- watcher functionality also improves availability for Messaging Multiplexor (MMP) when used without High Availability (HA).
- New watcher log file (available in msg_svr_base/data/log/watcher): Server failures are reported in this file, which makes the watcher log file an important monitoring tool.
Note: This file is not managed by the logging system (no rollover or purging). (4929765)
MTA
New MTA features include:
- New ACCESS_ORCPT MTA option (possible values 1 or 0):
- Setting the value to 1 adds another vertical bar delimited field to the probe value that is passed to the SEND_ACCESS, ORIG_SEND_ACCESS, MAIL_ACCESS, and ORIG_MAIL_ACCESS mappings containing the original recipient (ORCPT) address.
- If the message does not have an ORCPT address the original, unmodified RCPT TO address is used instead.
- New MAX_SIEVE_LIST_SIZE MTA option: Specify an integer value (default is 64) to control how many strings can appear in a list construct in MTA sieve scripts.
Note
Previously, this MTA option was called MAX_LIST_SIZE.
The old name was changed because it might be construed as having something to do with mailing lists.
- Enhanced Q log entries to contain additional information about the error(s) causing the entry to be made. (4539521)
- MTA DELIVERY_OPTIONS option now supports two new prefix characters:
- # (sharp): Indicates that the following entry is mailhost-independent, which lets MTA check whether all of a given user’s or group's delivery options are independent of the mailhost. If this condition is satisfied, MTA can act on the entry immediately rather than having to forward the message to the mailhost.
- / (slash): Causes all addresses produced by the current delivery option to be held, which means the recipient addresses will end up in message files with a .HELD extension.
- New NOTARY_DECODE MTA option (4629743): Specify one of the following values
- 1: Causes a subset of the original message headers (that are added to the first part of a DSN by the %H substitution) to be decoded and converted to match the charset of the first part.
Note
Use this setting with caution because you can lose information and confusion can result when you convert a rich charset like UTF-8 to a limited charset like ISO-8859-1 or US-ASCII.
- 0 (Default): Decodes a subset of encoded-words in the header that match the charset of the first part; no charset conversion is done.
- -1: Disables decoding of encoded-words unconditionally.
- A new facility provides the ability to retarget messages that exceed a specified limit for number of recipients, message size, or message lines to an alternate destination channel.
This facility is implemented as a set of new channel keywords (see the following list), which can be placed on any destination channel:
A message that exceeds any of these thresholds will be enqueued to the alternate channel instead of the original destination channel.
- Setting the LDAP_HOST, LDAP_USERNAME, LDAP_PASSWORD, and LDAP_PORT MTA options overrides the MTA's use of the local.ugldaphost, local.ugldapbinddn, local.ugldapbindcred, and local.ugldapport configutil parameters (respectively) in accessing the LDAP directory server. (4537015)
- Setting the LINES_TO_RETURN MTA option to 0 disables partial content return, and instead returns only the message part headers.
- The MTA now checks for 8-bit characters in the local parts of addresses (as well as the received fields it constructs) and replaces those characters with asterisks. (4694916)
- The MTA now creates J records in the log file when a MAIL FROM command fails for an administrative reason. J records were previously created only when the failure occurred at the RCPT TO.
- The ALIAS_ENTRY_CACHE_NEGATIVE option was expanded to work in the general case where no matching LDAP entries are found. Previously this option only worked when a NO_SUCH_OBJECT LDAP error was returned.
- The various priority overrides based on size channel keywords (such as urgentblocklimit, normalblocklimit, and nonurgentblocklimit) are now effective for conversion or defragment channels — even when that channel is used implicitly. Previously these keywords only worked when the channel was explicitly included in the message routing.
- New CACHE_DEBUG MTA option (Boolean valued 0, 1): Setting this option to 1 tells various MTA components to dump information about the domain, alias, and reverse caches just prior to exiting. (4668998)
- The default value for the ALLOW_RECIPIENTS_PER_TRANSACTION TCP channel option was changed from infinite to 128.
- The default value for the DISABLE_SEND TCP channel option was changed from 0 (false) to 1 (true).
- The default value for the HEADER_LIMIT MTA option was changed from infinite to 2000 (blocks).
- The REJECT_RECIPIENTS_PER_TRANSACTION TCP channel option now applies to the SMTP VRFY command as well as RCPT TO.
- New HEADER_LIMIT MTA option: Imposes a limit on the maximum size the primary (outermost) message header can attain. Primary message headers are silently truncated when they reach the specified limit.
- Operations on content type and content disposition parameters no longer invert the order in which the parameters appear.
- New -[no]reprocessing qualifier was added to the imsimta test -rewrite command to control whether rewrite_test acts as if it were the reprocessing channel. In particular, this switch affects whether deferred list expansion is done. Normally, deferred list expansion should be done, so this switch defaults to on. Use -noreprocessing to disable expansion.
- New ROUTE_TO_ROUTING_HOST MTA option (Possible values are 0 or 1):
- 0 (Default): Causes the domain to be treated as non-local when a failure to match an extant mailRoutingHosts attribute causes the domain to be treated as non-local; addresses simply will be routed onward according to the rewrite rules. This was the only behavior available in Messaging Server 5.2.
- 1: Tells Messaging Server to route all addresses associated with the domain to the first host listed in the mailRoutingHosts attribute.
- New LOG_FILTER MTA option (Default is 0): Specify 1 to write the list of active filters enclosed by single quotes into enqueue (E) records in the log file just prior to the diagnostics field. (4672405)
- New rejectsmtplonglines keyword: Adds the option of rejecting messages that contain lines longer than the 1000 characters (including CRLF) allowed by SMTP.
To activate this facility, use imsimta test -exp -mm -message=<message-file>.
Where <message-file> is a text file containing the RFC 822 message you want to test against.
The following table lists these new options and the text strings they override:
MDNs are now used for reject actions in user sieve definitions. An additional mapping was defined to support internationalization of MDNs. This mapping (called the DISPOSITION_LANGUAGE mapping) parallels the notification_language mapping used to internationalize DSNs. Probes to this mapping take the following form:
Where:
- type is disposition type, which can be one of the following: displayed, dispatched, processed, deleted, denied, or failed.
- modifiers is a comma-separated list of disposition modifiers. The current list is: error, warning, superseded, and expired.
- source-channel is the source channel producing the MDN.
- header-language is the language specified in one of the following: accept-language, preferred-language, or x-accept-language. (MTA uses the first option present.)
- return is the address to which the notification is being returned.
- recipient is the address that the disposition is about.
The result of the disposition mapping consists of two or three pieces of information separated by vertical bars (|). The first piece of information is the directory where the template files for the disposition notification can be found. The second piece of information is the character set into which the standalone disposition text should be forced. (This information is required because some dispositions — notably the dispositions produced by autoreply echo or the use of the :mime parameter to the vacation sieve action — do not employ template files and consequently, cannot inherit the character set from those files.) Finally, the third piece of information is an override subject line for the notification. This information is only used if the $T flag is also set by the mapping.
The following additional template files are used to construct MDNs:
Using these template files parallels the use of various return_*.txt files for DSNs. (4662616)
- New imsimta cache -walk -debug=xxx MTA command: Causes the job controller to write its current state to its log file and/or sets the job controller debug mask to a specified value.
- The default value for the threaddepth channel keyword changed from 128 to 10 — resulting from escalations where the common answer was to set threaddepth to 10.
- The number of spare LDAP attributes available for substitution in direct LDAP was raised from 2 to 5. $nE or $nG substitutes the nth spare. $E subs the first spare and $G subs the second for backwards compatibility.
- The $= metacharacter sequence was added to the set of $\ $^, $_ format selector sequences that are available in mappings and rewrite rules. When selected, $= specifies that subsequent substituted characters are to undergo quoting appropriate for insertion into LDAP search filters.
- Symbol substitutions into conversion and character set conversion parameter values (such as out-dparameter-name-0) are allowed from the content-type parameter but not from the content-disposition parameter list, which seemed unnecessarily restrictive. Consequently, the ability to substitute things from the content-disposition parameter list was enabled.
- The conversion channel program now defines the following, additional environment symbols:
- The $nX metacharacter sequence was added to the MTA's URL template facility. Use $nX to insert the nth component of the mailhost. If you omit n, the entire mailhost will be inserted.
- The $nA metacharacter sequence was added to the MTA's URL template facility. Use $nA to insert the nth character of the current address. If you omit n, the entire address will be inserted.
- New LDAP_MAX_CONNECTIONS MTA option (Default is 1024): Limits the number of LDAP connections the MTA users can make to the LDAP pool.
- New logheader channel keyword (Accepts an integer argument): Overrides the LOG_HEADER MTA option on a per-channel basis.
- Messaging Server now checks the local.imta.schematag configutil option value or the LDAP_SCHEMATAG MTA option value to insure each specified schema name is valid.
- New personalmap channel keyword: Added to the personalinc/ personalomit/
personalstrip keyword set. If enabled, personalmap causes a probe to the PERSONAL_NAMES mapping in the general form:
Where:
Additionally, following flags may be set:
- $I flag: Set initially if the material is a message ID rather than an address.
- $R flag: Set if this is from a "backward pointing" header.
- $F flag: Set if this is from a "forward pointing" header.
- $Y or $T flags: If an entry matches and sets one of these flags, the mapping result replaces the original personal name.
The authrewrite keyword takes a single integer argument, and possible values are:
- 0: Does not change anything (Default)
- 1: Adds a Sender: or a Resent-sender: header field containing the address provided by the authentication operation. The Resent- variant is used if other resent- fields are present.
- 2: Adds a Sender: header field containing the address provided by the authentication operation.
- 3: Constructs a probe of the following form mail-from|sender|from|auth-sender.
- The default use for identnonelimited was changed to identnonenumeric in newly generated configurations. The new default avoids DNS lookups out of the box.
- The $K metacharacter was added to the URL determination machinery: Substitutes a search filter that checks the objectclass to see if it matches the current criteria established for users or groups. Using this metacharacter in the REVERSE_URL MTA option prevents spurious matches against entries such as personal address book entries.
- The configuration created initially now includes three new entries in the ORIG_SEND_ACCESS mapping table. These entries block “external” submission of explicitly source-routed addresses to the tcp_intranet channel in an attempt to block relaying “through” “internal” systems. In other words, the entries prevent relay attempts that try to evade normal relay blocking by explicitly source-routing through one or more internal systems.
In addition, the dequeue_removeroute channel keyword was added to the tcp_intranet channel definition so that “front line” and “back end” system configurations can be uniform. Use this keyword to prevent back end systems from being presented with @mailhost:user@host sorts of source-routed addresses by front line systems, thus reducing the need to be certain that back end systems have been properly configured to recognize IP addresses of the front line systems as internal.
Note, however, that this use of dequeue_removeroute does imply that back end systems are expected to do message routing (e.g., LDAP lookups) themselves.
- The USE_ERRORS_TO and USE_WARNINGS_TO MTA options were removed (along with the code to support them) because these options were grossly noncompliant with standards.
- Setting the mailDomainStatus attribute to unused for a domain tells MTA to ignore the domain entirely.
- The $G metacharacter was added to the following access mappings:
jettison is similar to discard in that it causes messages to be silently discarded. The difference between jettison and discard is that discard does nothing but cancel the implicit keep, while jettison forces a discard to be performed. This behavioral difference is relevant only when multiple sieves are involved. For example, a system-level discard can be overridden by a user sieve explicitly specifying keep, whereas a system-level jettison will override anything done by a user sieve.
- Support for RFC 3431, the sieve relational extension, was added to Messaging Server.
- The following new MTA options were added to support Schema 2:
- LDAP_SCHEMALEVEL: Integer value specifying schema level to support.
- LDAP_DOMAIN_FILTER_SCHEMA1 (Default is (|(objectclass=inetDomain)
(objectclass=inetdomainalias))): String specifying filter used to identify Schema 1 domains.- LDAP_DOMAIN_FILTER_SCHEMA2 (Default is an empty string): String specifying additional filter elements used to identify Schema 2 domains.
- LDAP_ATTR_DOMAIN1_SCHEMA2 (Default is sunPreferredDomain): String specifying attribute used to store the primary domain in Schema 2.
- LDAP_ATTR_DOMAIN2_SCHEMA2 (Default is associatedDomain): String specifying attribute used to store any secondary domains in Schema 2.
- LDAP_GLOBAL_CONFIG_TEMPLATES (Default is an empty string): String specifying DN where global configuration templates can be found.
- LDAP_ATTR_DOMAIN_SEARCH_FILTER (Default is inetDomainSearchFilter): String specifying attribute in the global configuration template area that is used to store the domain search filter template.
- A new facility was added to store information that previously went into the general, forward, and reverse databases into the compiled configuration instead.
A new USE_TEXT_DATABASES MTA option was added to control this capability. This option is bit encoded.
- Set bit 0 (value 1) to read the IMTA_TABLE:general.txt file as the MTA configuration is initialized and use the information from the IMTA_TABLE:general.txt file to replace all uses of the general database.
- Set bit 1 (value 2) to read the IMTA_TABLE:reverse.txt file and use the information from this file instead of the reverse database.
- Set bit 2 (value 4) to read the IMTA_TABLE:forward.txt file and use the information from this file instead of the forward database.
- A new overquota status value was added to the list of possible mail user and mail domain statuses. When set, this new value generates a “user is over quota” error.
Note
You can use the USE_PERMANENT_ERRORS MTA option (described on page 11) to control whether this is a temporary or permanent failure.
- The capability to access per-domain attributes was added to the MTA mapping facility.
These files can make the internationalization of generated notices more flexible, and they support the following options:
- RETURN_PERSONAL (DSN and MDN): Override for the personal name field to be used in conjunction with the From: field. This field should be RFC 2047 encoded.
- SUBJECT (DSN and MDN): Override for the Subject: field. This value is used only if the notification did not provide a subject field of its own. This field should be UTF-8 encoded.
- RECIPIENT_ADDRESS (DSN): Override for the Recipient address: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- ORIGINAL_ADDRESS (DSN): Override for the Original address: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- REASON (DSN): Override for the Reason: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- DIAGNOSTIC_CODE (DSN): Override for the Diagnostic code: text used in the construction of the per-recipient section in the first part of a DSN. This field should be specified in the same charset that is used for the first part of the DSN.
- TEXT_CHARSET (MDN): Charset text for the first part and subject of the MDN should be converted to n.n.n (DSN).
When constructing the per-recipient part of a DSN, a check is made to see if there is an option whose name matches the numeric per-recipient status. If there is a match, the corresponding text will be inserted into the DSN. Additionally, if the REASON option (described above) produces a zero length result, the REASON field will not be inserted.
- HOUR (DSN): Text to insert for a %U or %u substitution when RETURN_UNITS=1 is set.
Note that there is no distinction made between %U and %u (unlike the default case where English “Hour” or “hour” (respectively) would be substituted).- DAY (DSN): Text to insert for a %U or %u substitution when RETURN_UNITS=0 (Default) is set. Note that no distinction is made between %U and %u (unlike the default case where English “Day” or “day” (respectively) would be substituted).
- Charset-conversion mapping was extended to provide several additional capabilities:
- Specify the IN-CHARSET option in the output template of a mapping entry to override the charset specified in the encoded-word. Use the IN-CHARSET option to set the input charset to *, and the charset will be “sniffed” to determine an appropriate label.
- Specify the RELABEL-ONLY option that accepts the following integer values:
- New 552_permanent_error_string SMTP option (goes into the relevant tcp_*_option file): Determines if a 552 response should be treated as a permanent error.
Normally (per RFC 2821), 552 responses are treated as if they were 4xx responses and temporary in nature. Some older SMTP servers use the 552 response to indicate a permanent error, so this new SMTP option was added to allow for this behavior.
When a 552 response is received, the text associated with it (including any xx.xx.xx extended error code, but excluding any leading spaces) is compared with the value of the 552_permanent_error_string option. If, and only if, the text matches, the response will be treated as permanent. Otherwise, response will be treated as a retryable error.
- The default value for the MISSING_RECIPIENT_POLICY MTA option was changed from
1 (do not do anything about illegal headers if they do not contain a To:, Cc:, or Bcc: field) to 0 (add a To: field to these headers to make them legal) for consistency and best practice policies.- Transport and application information strings set by SMTP will be carried through the reprocess channel.
- The [auth_channel] and [cant_channel] nonpositional alias parameters now accept a list of channel patterns separated by spaces.
- New disabled status value was added to the list of possible mail user, mail group, and mail domain statuses. Setting this value generates a user/group is disabled permanent failure.
- MTA now caches URL results from look-ups done in rewrite rules and mappings. This new URL result cache is controlled by two new MTA options:
- Asynchronous LDAP look-ups support was added to MTA. Asynchronous look-ups avoid the need to store an entire large LDAP result in memory, which in some cases seems to cause performance problems.
A new LDAP_USE_ASYNC MTA option (Bit-encoded value. Default is 0): Controls how asynchronous LDAP look-ups are used. Each bit (if set) enables using asynchronous LDAP look-ups with a specific use of LDAP within MTA. The following bits are defined:
The LDAP_USE_ASYNC default (0) disables asynchronous LDAP lookups in the Messaging Server MTA.
Two new channel keywords control this facility (Both accept a single integer argument):
- recipientlimit: Limits the total number of recipient addresses that will be accepted for the message to the specified value.
- recipientcutoff: Compares the total number of recipients presented to the MTA to the specified value. No messages will be accepted for delivery when the number of recipients exceeds the specified limit.
- New Messaging Server MTA facilities enable you to override personal name information associated with header addresses — without having to use LDAP callouts from the PERSONAL_NAME mapping. Specifically, you can set a new LDAP_PERSONAL_NAME MTA option to the name of the attribute associated with user LDAP entries containing override personal name information.
- You can now use the mgrpMsgPrefixText and mgrpMsgSuffixText LDAP attributes to insert prefix or suffix text into messages as they undergo group expansion. These are the default attributes used for this purpose; different attributes can be specified using the LDAP_PREFIX_TEXT and LDAP_SUFFIX text MTA options, respectively.
- The alias processing machinery now keeps track of any personal name information specified in the attribute named by the LDAP_PERSONAL_NAME MTA option, and uses this information to construct From: fields for any MDNs or vacation replies generated. (4618559)
- The REJECT_RECIPIENTS_PER_TRANSACTION SMTP channel option now can be set usefully to values bigger than the ALLOW_RECIPIENTS_PER_TRANSACTION SMTP channel option. Also, the code now tracks attempts to add recipients in addition to tracking successful recipient additions, and uses this value in the REJECT_RECIPIENTS_PER_TRANSACTION comparison. (4870897)
- MTA now uses specialized machinery to keep track of whether or not a given address expansion result should be employed in DSNs and MDNs as a final recipient address. In addition, if the result should not be so employed, this machinery tracks the address that should be used.
The semantics of the various sorts of address expansions implemented through LDAP are well-defined and set this information automatically. Entries in alias files and databases, however, do not have such clear semantics and, in practice, are used for multiple purposes. A mechanism to explicitly call for a given expansion address to be hidden has therefore been added. Prefixing an expansion address with a colon causes it not to be used in DSNs and MDNs. The address input to the alias expansion operation will be used instead. An example of an alias file entry that uses this facility is:
- Some useful flags are now set prior to calling the FROM_ACCESS, SEND_ACCESS, MAIL_ACCESS, ORIG_SEND_ACCESS, and ORIG_MAIL_ACCESS mappings. These flags are:
- The application information string supplied to the FROM_ACCESS, MAIL_ACCESS, and ORIG_MAIL_ACCESS mappings now includes the system name claimed in the HELO/EHLO SMTP command. This name appears at the end of the string and is separated from the rest of the string (normally “SMTP”) by a slash (/). (The claimed system name can be useful in blocking some worms and viruses.)
- New USE_PERSONAL_NAMES and USE_COMMENT_STRINGS MTA options were added to optionally include source and destination channel information in PERSONAL_NAMES and COMMENT_STRINGS mapping probes.
Setting either option to bit 0 (value 1) will add the usual source-channel|destination-channel| prefix to the corresponding mapping probe.
Note that these new options do not control whether the PERSONAL_NAMES or COMMENT_STRINGS options are used; the PERSONAL_NAMES or COMMENT_STRINGS options are controlled by various channel keywords.
- Support for RFC 3598, the sieve subaddress extension, was added to Messaging Server.
- New LDAP_DOMAIN_TIMEOUT MTA option (Expressed in seconds. Default is 60 * 15 or 15 minutes.): Controls the retention time for entries in the domain map cache.
- The FILTER_DISCARD MTA option used to control whether the filter_discard channel was used by the jettison sieve action. This control was separated out as a new FILTER_JETTISON option. The FILTER_JETTISON default is taken from the FILTER_DISCARD setting, and FILTER_DISCARD in turn defaults to 1 (discards go to the bitbucket channel) as it always has.
- The $# sequence number generation mapping and rewrite rule metacharacters now accept a fourth argument: an optional modulus. If you specify this fourth argument m the value inserted is the sequence number retrieved from the file mod m.
- Per-user conversion tags are now applied before mailhost information is considered, which enables front-end systems to perform user-specific conversion operations.
- Previously, the simple presence of a spam filter optin attribute in a user entry turned on filtering; and all the value could determine was what sort of filtering would be done. This behavior is not compatible with some directory maintenance tools that always provide the attribute, but assume an “off” or “null” value for the attribute is available that does not enable filtering.
- The LDAP_TIMEOUT MTA option was added (actually re-enabled; formerly part of PMDF): Sets time-outs for LDAP searches performed by MTA. Note that this option does not affect LDAP searches performed by domain map (either the old or new versions). (4859069)
- The $V metacharacter was added to following access mappings:
- Consolidated new API.
- New MTA vacation and auto-reply facility. The MTA uses message disposition notifications (MDNs) and the SIEVE filtering language for automatically generated responses to email.
- Integration and support of Brightmail and Spamassassin spam filtering utilities.
- LMTP protocol support in a two-tier architecture that enables messages to be sent directly into recipient mailboxes unlike the SMTP protocol, where messages go through an MTA channel queue on the back-end store machine.
- MTA Direct LDAP Lookup, which enables the MTA to interact directly with Sun ONE Directory Server (Directory Server). Messaging Server therefore now requires the use of RFC 2821 standards-compliant email addresses in the directory attributes mail, mailAlternateAddress, and mailEquivalentAddress.
- The SMTP server’s default behavior has changed. (4890252). The SMTP server’s default behavior permissively accepts various line terminators. Currently, the smtp keyword is synonymous to the smtp_crorlf channel keyword on the tcp channels. Not only does this behavior comply with the original SMTP specification (RFC 821), it also now complies with the most recent revision of the SMTP specification (RFC 2821).
Miscellaneous
Messaging Server now provides:
- Per-domain welcome messages
- User and group provisioning with Sun ONE Identity Server (Identity Server)
Note
The User Management Utility is the recommended mechanism for provisioning Messaging Server and Sun ONE Calendar Server (Calendar Server) users. (See the Sun ONE Messaging and Collaboration 1.0 User Management Utility Installation and Reference Guide (http://docs.sun.com/doc/817-4216-10), for more information.)
The Identity Server Services (as described in the Sun Java Enterprise System Installation Guide) provide only minimal Messaging and Calendar Server LDAP user entry provisioning. Because the Identity Server Services interface does not provide input validation, user entries that cannot receive email or otherwise do not function will be created without reporting any errors. Consequently, we recommend using the Identity Server Services interface for demonstration purposes only.
- Compatibility with Sun ONE Directory Server 5.2
- Sun ONE Administration Console 5.2 compatibility with Messaging Server
- Sun Cluster 3.1 and High Availability Storage Plus support
- Bidirectional SMS, which allows two-way delivery between messaging servers and an SMS gateway
- Additional notification events for quotas; login and logout connections; reconstructs; peruserflag changes; expunge; append, and non-INBOX events
Deprecated Features
Support for the following features may be eliminated in a future release:
MTA access to database files and the imsimta tools to manipulate MTA database files.
Direct editing of MTA or MMP configuration files.
A command line tool will be provided in a future release.
Use of the [PERIODIC_JOB=] sections in the job_controller.cnf file. (4907007)
The default entries shipped with iMS have been moved to the new scheduler process and removed from the default job_controller.cnf file. Specifically,
- The MTA’s default periodic jobs will now be scheduled by the new scheduler process.
- Sites that modify the defaults must apply their changes to the new scheduler process configuration.
- Use of the MTA Job Controller to schedule periodic jobs is deprecated, and this functionality will be removed from the MTA Job Controller in a future release.
Customer supplied plug-ins with IMAP, POP, or Messenger Express.
The Messenger Express authentication plug-in API is supported for this release, but it is preferable to use Identity Server to configure single-sign-on. Client certificate mapping plug-ins are no longer supported.
Support for ident protocol.
Deprecated features include the MTA ident* keywords and support for ident user names in access control filters. The indentnone* keywords continue to be supported.
Delegated Administrator web command-line interfaces.
These interfaces have been replaced with new command line tools that integrate with Identity Server. The new tools do not support the previous Sun ONE Delegated Administrator for Messaging (Delegated Administrator) utilities.
MMP SECTION option.
The optional SECTION option for the INSTANCENAME option of the ServiceList MMP configuration parameter is deprecated and will be removed in a future release.
imsimta start and imsimta stop commands.
New start-msg and stop-msg commands have replaced imsimta start and imsimta stop. The imsimta start and imsimta stop commands will be removed in a future release.
Note
For more information about the start-msg and stop-msg commands, refer to the Sun ONE Messaging Server Administrator’s Guide.
No Longer Available
The following features were deprecated in a previous release and are no longer supported:
Bugs Fixed in Messaging Server 6.0, 6.0 P1, and User Management Utility
The following tables describe the most important bugs fixed for Messaging Server 6.0, Messaging Server 6.0 P1, and the User Management Utility for Messaging and Collaboration.
Table 7 describes the most important bugs fixed in the Messaging Server 6.0 release.
Table 8 describes the most important bugs fixed in the Messaging Server 6.0 P1 release.
Table 8
Fixed Bugs in Messaging Server 6.0 P1
Table 9 describes the most important bugs fixed in the User Management Utility for Sun ONE Messaging and Collaboration.
Hardware and Software RequirementsThis section describes the hardware and software required for this release of Messaging Server as follows:
Supported Platforms
This release supports the following platforms:
- Solaris 8 Operating System with required patches (SPARC� Platform Edition)
- Solaris 9 Operating System Update 2 (SPARC� and x86 Platform Editions) with required patches
Additionally, ensure that your Solaris setup specifies how to route to hosts that are not on the local subnet. To do this, ensure that:
- The /etc/defaultrouter file contains the IP address of the gateway system. This address must be on a local subnet.
- The /etc/resolv.conf file exists and contains the proper entries for reachable DNS servers and domain suffixes.
- The /etc/nsswitch.conf file includes the files and dns keywords in the hosts: line.
- The /etc/hosts should contain the Fully Qualified Domain Name (FQDN) immediately after the IP address.
Messaging Server 6.0 P1 Patches
The Messaging Server 6.0 P1 release consists of two Solaris patches:
Use the Solaris patchadd utility to apply the 6.0 P1 patches.
Note
Consult the README file in the patch for more detailed information — in particular, you must be sure to read any special instructions in the README.
msg_svr_base/config/imta.cnf
msg_svr_base/config/mappings
msg_svr_base/config/option.dat
msg_svr_base/config/dispatcher.cnf
msg_svr_base/config/locale/de/return_option.opt
msg_svr_base/config/locale/es/return_option.opt
msg_svr_base/config/locale/fr/return_option.opt
msg_svr_base/config/return_header.opt
msg_svr_base/config/html/main.js
msg_svr_base/config/html/mbox_fs.html
msg_svr_base/config/html/opts_fs.html
msg_svr_base/config/html/spell.html
- For HA (High Availability) systems, you should remove the Messaging Server from the cluster prior to applying the patch. For example, you can do this by removing the messaging services from the cluster resource groups.
- Note that changes made to the MTA configuration files will not take effect until you run the following commands:
Solaris 8 Operating System
The supported Solaris 8 (SPARC Platform Edition) platforms require the following patches:
- 108993-31 libthread patch
- 111308-04 mtmalloc patch (see Bug 4887044)
- 114045-07 (for SUNWtls)
- 116103-04 (for SUNWicu)
- 115328-01 (for SUNWsasl)
- 116568-02 (required core patch for 6.0 P1)
- 116570-01 (optional l10n patch for 6.0 P1)
Note
Go to http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
for more information about these patches.
If you are installing Messaging Server in a hardened environment, the minimum packages required on a Solaris 8 operating system include Solaris Core packages as well as SUNWxwdv, SUNWxwdvx, SUNWxwmod, SUNWxwmox, SUNWxwplt, SUNWxwrtl.
Solaris 9 Operating System
The supported Solaris 9 (SPARC and x86 Platform Editions) Update 2 platforms require the following patches:
- For SPARC Platform Edition:
- For x86:
- 114050-07 (for (SUNWtls)
- 114678-05 (for SUNWicu)
- 115343-01 (for SUNWsasl)
- 116569-02 (required core patch for 6.0 P1)
- 116571-01 (optional l10n patch for 6.0 P1)
Note
Go to http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access
for more information about these patches.
- On Solaris 9 platforms, you can use Directory Server that is bundled in the operating system if you wish.
- If you choose to perform a rolling upgrade from Solaris 8 to Solaris 9, the Solaris 9 Live Upgrade substantially reduces the service outages that are sometimes associated with an operating system upgrade. You can duplicate your current running boot environment. While the original boot environment runs, you can upgrade the duplicate environment.
User Management Utility Patches
The User Management Utility for Sun ONE Messaging and Collaboration requires the following patches on Solaris platforms:
Use patchadd to apply these Solaris patches on the machine where you installed the User Management Utility. Consult the patch README file for further details.
Hardware Requirements
The minimum hardware requirements for Messaging Server are:
- Approximately 1 GB of disk space to support the product binaries and a minimum message store.
- 256 MB of RAM.
- Adequate file system space for your user mailboxes (message store), configuration directory, database, log files, and message queue directory. These items can grow in size dramatically depending on the size of your site, so be sure to allocate space accordingly.
Client Software Requirements
For Messenger Express access, Messaging Server requires a JavaScript-enabled browser. For optimal performance, Sun recommends the browsers listed in Table 10:
Product Version Compatibility Requirements
Messaging Server is compatible with the product versions listed in Table 11:
New InformationThis section contains the latest information that is not contained in the core product documentation, and is organized into the following topics:
Installation Notes
Review the following installation notes. Specific installation bugs are listed in "Known Issues" on page 46.
- Except on cluster systems, you must run cnbuild after applying the Messaging Server 6.0 P1 patch, even if you don’t copy in new configuration files. Cluster systems, which typically run without a compiled configuration, do not require cnbuild.
- If you installed previous versions of Messaging Server with Sun ONE Directory Server 5.1 or 5.2, and you now want to use Messaging Server 6.0, you can install it against your existing Directory Server. However, you must reconfigure the existing Directory Server by running the comm_dssetup.pl script that is bundled with Messaging Server 6.0, not the version that is bundled with previous Messaging Server releases.
- If you installed Directory Server, Messaging Server, and Admin Server, and then decide to uninstall and reinstall Directory Server without uninstalling Messaging Server or Admin Server, you will have to reconfigure both servers — and you must unconfigure Admin Server before you can reconfigure it.
Uninstalling Directory Server, removes Admin Server configuration data from the configuration directory. Consequently, if you do not run Admin Server configuration again, Messaging Server will fail. If you do not unconfigure Admin Server prior to uninstalling Directory Server and then try to run Admin Server unconfigure, the unconfigure will fail.
Workaround
Unconfigure the Admin Server before uninstalling Directory Server.If you uninstall then reinstall Directory Server without unconfiguring Admin Server first, you must remove the AS_server-root/admin-serv/config/adm.conf file and then run the Admin Server configuration.
- The server-root directory (as documented in previous Messaging Server releases) has been replaced by msg_svr_base, a directory on the messaging server machine that is dedicated to holding the server program, maintenance, and information files as well as a link to the configuration data.
- You must install and run Admin Server as root or the Messaging Server console will not start and the ERR cannot setuid or setgid error message will display.
- When configuring the Admin Server, do not select a server-root directory that is the same directory in which Messaging Server is installed.
Compatibility Issues
- Single-sign on (SSO) through Sun ONE Identity Server (Identity Server) is available if you have installed and configured Identity Server. Note that you can still use the old version of Single-sign on by using the previous version of Delegated Administrator.
- The User Management Utility is the supported mechanism for provisioning Messaging Server users that are compatible with Identity Server.
The Identity Server Services (as described in the Sun Java Enterprise System Installation Guide) provide only minimal Messaging and Calendar Server LDAP user entry provisioning. Because the Identity Server Services interface does not provide input validation, user entries that cannot receive email or otherwise do not function will be created without reporting any errors. Consequently, we recommend using the Identity Server Services interface for demonstration purposes only.
- If you provision users and groups through Delegated Administrator and if you enable mail filters in Messenger Express, you cannot use the mail filter functionality in Delegated Administrator. Similarly, if you use the mail filter functionality in Delegated Administrator, you cannot use mail filters in Messenger Express. You should disable one of these filters.
Redistributable Files
The following redistributable files are provided with Messaging Server 6.0:
- You can copy and use (but not modify) the following header files solely to create and distribute programs to interface with Messaging Server APIs, to compile customer written code using the documented API to interoperate or integrate with Messaging Server, and only as expressly provided in the Messaging Server documentation:
- The following files are provided solely as reference for writing programs that use the documented API to integrate with Messaging Server:
Errata and Messaging Server Documentation Updates
The following information was added to the Sun ONE Messaging Server Administrator’s Guide:
The following list describes errors or limitations in the Messaging Server documentation set:
When you create new vacation attributes with Webmail, no mailautoreplymode value is set and the sender receives a simple reply, not an MDN-style notice. Similarly, a vacation sieve action also produces a non-MDN formatted reply.
Specifying echo mode (autoreplytextmode: echo) will return an MDN-style reply. Echo mode autoreply message formats comply with RFC 2298.
Configuring LMTP DeliveryConfiguring the LMTP delivery mechanism requires configuration on both the relay machines and on the back end stores. On the relays, the DELIVERY_OPTIONS MTA option (in option.dat) has to be changed so that messages being delivered to the stores are passed to the LMTP channel. The back end store must be configured with the dispatcher, but does not need the job controller. The dispatcher must be configured to run the LMTP server.
In a typical multi-tier deployment, users are provisioned on different backend message store machines. One or more of these backend machines may not have LMTP turned on and therefore the front-end relays need to be aware of which store machines are LMTP aware. This is achieved by using the General Database facility to explicitly name those message stores which are configured to accept LMTP delivery.
To Configure the Inbound MTA Relays with LMTP
To configure inbound MTA relays to use LMTP, do the following:
- Activate text databases by adding the following line to option.dat.
USE_TEXT_DATABASES=1
In this step, the use of a flat text file for the General Database is enabled in the MTA. Note that if you already use the general database, you may want to skip this step.
- Create or modify the General Database text file.
As you can see, there two types of entries, one for handling user specific deliveries to the lmtpnative and one for handling store wide settings for delivery via the tcp_lmtpcs channel.
- Create or modify a new DELIVERY_OPTIONS variable in the options.dat file.
The value of DELIVERY_OPTIONS must be changed. The current default for delivery options is:
DELIVERY_OPTIONS=\
*mailbox=$M%$\$2I$_+$2S@ims-ms-daemon,\
&members=*,\
*native=$M@native-daemon,\
*unix=$M@native-daemon,\
/hold=$L%$D@hold-daemon,\
&file=+$F@native-daemon,\
&@members_offline=*,\
program=$M%$P@pipe-daemon,\
#forward=**,\
*^!autoreply=$M+$D@bitbucket
Change this to:
DELIVERY_OPTIONS=\
#*mailbox=@$X:$M$_+$2S%$\$2I@ims-ms-daemon,\
#&members=*,\
#*native=@$X:$M,\
#*unix=@$X:$M,\
#/hold=$L%$D@hold,\
#*file=@$X:+$F,\
#&@members_offline=*,\
#program=$M%$P@pipe-daemon,\
#forward=**,\
#*^!autoreply=$M+$D@bitbucket
Note the change in the pattern for the mailbox delivery option and that the autoreply delivery option is now preceded by the character # to force action on the relay machine. The $X substitution inserts the value of the mailhost attribute for the user. This generates a source routed address.
Also note that for native, unix, file and program delivery methods to be useful, the MTA must be running on the target machine.
- Add an LMTP rewrite rule to imta.cnf file:
# cd /opt/SUNWmsgsr/config/
# cp imta.cnf imta.cnf.orig
# vi imta.cnf
!
! pipe
.pipe-daemon $U%$H.pipe-daemon@pipe-daemon
!
! tcp_local
! Rules for top level internet domains
<IMTA_TABLE:internet.rules
!
! Do mapping lookup for internal IP addresses
[] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
!
! Do general.txt lookup for lmtp hosts
.domain-name.com $S$U%$H$D@$(LMTP_CN|$U@$H$D)
.domain-name.com $S$U%$H$D@$(LMTP_CS|$H$D)
!
! tcp_intranet
! Do mapping lookup for internal IP addresses
[] $E$R${INTERNAL_IP,$L}$U%[$L]@tcp_intranet-daemon
.domain-name.com $U%$H.domain-name.com@tcp_intranet-daemon
In this step, a pair of rewrite rules do a tagged probe of the General Database to see if the source route portion of the address matches any entries for doing LMTP delivery. In the general.txt file, which was created in step 2, there are tagged entries to designate delivery to the backend message store via the appropriate channel. Here, the $S in the rewrite rule means that it will only apply when the address contains a source route. If there is a match to an entry in the General Database, the rewrite rule succeeds and the message is sent to the source route backend host via the tcp_lmtpX channel which does delivery via LMTP.
If a match is not found, the rewrite process will continue until a match is found in some other rewrite rule. In most cases, if a match is not found via a probe of the General Database, then message is routed via the tcp_intranet channel which does delivery via SMTP.
- Add new channel blocks to imta.cnf
You must also include channel definitions for the lmtp and lmtpn channels in the channel definition section of the imta.cnf file. For example:
! tcp_lmtpcs (LMTP client - store)
tcp_lmtpcs defragment lmtp port 225 nomx single_sys subdirs 20 maxjobs 7 pool SMTP_POOL dequeue_removeroute
lmtpcs-daemon
!
! tcp_lmtpcn (LMTP client - native)
tcp_lmtpcn defragment lmtp port 226 nomx single_sys subdirs 20 maxjobs 7 pool SMTP_POOL dequeue_removeroute
!lmtpcn-daemon
- Commit your configuration changes.
Known IssuesThis section contains a list of the more important known issues at the time of the Messaging Server 6.0 release. This section contains the following subsections:
Installation and Uninstallation Problems
The following are known issues with the Messaging Server installation and uninstallation programs and processes:
MS 6.0 requires HP-UX 11.11 patch PHSS_28871 (4937616)
Without this patch, the MTA cannot be started on HP machines.
Messaging Server does not start under Sun Cluster 3.0 Update 3 (4947465)
Messaging Server cluster agents dump core due to a bug in Sun Cluster 3.0 u\Udate 3. Use Sun Cluster 3.1 to solve this problem.
Patch Fails on Inactive Node of a Cluster Which Was Configured with useconfig (4979135)
If you configured messaging server using useconfig (typically for a cluster), and you attempt to patch the node, the patch will hang.
The work around is to copy the install/configure_YYYYMMHHMMSS/ that was passed to useconfig to the msg_svr_base/install directory before running the patch.
User Calendar Service Not Updated During This Patch Process (4974063)
UserCalendarService definition can only be reverted manually to previous state after the patch is applied. To revert manually, do the following:
# cd /opt/SUNWcomm/lib/services/
# /opt/SUNWam/bin/amadmin -u admin_login -w password -t deletecaluserAttributes.xmladmin_login - Identity Server admin user
password - Identity Server admin password
Note that you have to provide the full path to the amadmin command from the Identity Server bin directory.
If you don’t revert the UserCalendarService definition manually and you run the patch twice an error will be logged the second time because the change was already made.
Patch Install Does Not Update Messaging Server’s Version Number in Admin Console (4967598)
These are the LDAP entries (in LDIF format) that need to change msgadmin60.jar to msgadmin60p1.jar.
Substitute for the following variables:
msg.product.Name - Sun ONE Messaging Suite, msg.GroupName, msg.ServerHostName, msg.AdminDomain, AdminServer_sie
These variables are defined in msg_svr_base/lib/config-templates/Devsetup.properties. Here are some sample entries from Devsetup.properties:
# used for DNs in config dir
set msg.ServerHostName=ketu.west.sun.com
# the "Server Group" RDN for the Admin Server
set msg.GroupName=Server Group (1)
# the Admin Domain
set msg.AdminDomain=west.sun.com
# the AdminServer sie in the config directory
set AdminServer_sie=cn=admin-serv-ketu, cn=Administration Server, cn=Server Group (1), cn=ketu.west.sun.com, ou=west.sun.com, o=NetscapeRoot=== Start of ldif file===
dn: cn=configuration, cn=msg-config, cn=<msg.product.Name>,
cn=<msg.GroupName>, cn=<msg.ServerHostName>,
ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.MsgServer@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=inetorgPerson, cn=ResourceEditorExtension, ou=4.0, ou=Admin,
ou=Global Preferences, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsadminaccountinfo
nsadminaccountinfo: [com.netscape.management.msgserv.ug.MailUserAccountPage@msgadmin60p1.jar@<AdminServer_sie>]
dn: cn=groupofuniquenames, cn=ResourceEditorExtension, ou=4.0, ou=Admin,
ou=Global Preferences, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsadminaccountinfo
nsadminaccountinfo: [com.netscape.management.msgserv.ug.MailGroupAccountPage@msgadmin60p1.jar@<AdminServer_sie>]
dn: cn=inetMailUser, cn=ResourceEditorExtension, ou=4.0, ou=Admin,
ou=Global Preferences, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.ug.ResourceEditorMailRecipientPage@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=inetMailGroup, cn=ResourceEditorExtension, ou=4.0, ou=Admin,
ou=Global Preferences, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.ug.ResourceEditorMailGroupPage@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=processcontrol, cn=operation, cn=tasks, cn=msg-config,
cn=<msg.product.Name>, cn=<msg.GroupName>,
cn=<msg.ServerHostName>, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.task.ServerStart@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=viewimaplog, cn=operation, cn=tasks, cn=msg-config,
cn=<msg.product.Name>, cn=<msg.GroupName>,
cn=<msg.ServerHostName>, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.task.ViewIMAPLog@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=viewpoplog, cn=operation, cn=tasks, cn=msg-config,
cn=<msg.product.Name>, cn=<msg.GroupName>,
cn=<msg.ServerHostName>, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.task.ViewPOPLog@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=viewhttplog, cn=operation, cn=tasks, cn=msg-config,
cn=<msg.product.Name>, cn=<msg.GroupName>,
cn=<msg.ServerHostName>, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.task.ViewHTTPLog@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=viewadminlog, cn=operation, cn=tasks, cn=msg-config,
cn=<msg.product.Name>, cn=<msg.GroupName>,
cn=<msg.ServerHostName>, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.task.ViewAdminLog@msgadmin60p1.jar@<AdminServer_sie>
dn: cn=viewdefaultlog, cn=operation, cn=tasks, cn=msg-config,
cn=<msg.product.Name>, cn=<msg.GroupName>,
cn=<msg.ServerHostName>, ou=<msg.AdminDomain>, o=NetscapeRoot
changetype: modify
replace: nsclassname
nsclassname: com.netscape.management.msgserv.task.ViewDefaultLog@msgadmin60p1.jar@<AdminServer_sie>See "Installation Notes" on page 39 for additional installation issues.
Upgrade Problems
This section describes known issues when upgrading from Messaging Server 5.2 to Messaging Server 6.0 P1.
Administrators cannot migrate from Sun ONE LDAP Schema, v.1 to Sun ONE LDAP Schema, v.2.
(no bugid)Sun ONE Messaging Server 6.0 will ship without a migration tool that enables administrators to migrate from Sun ONE LDAP Schema, v.1 to Sun ONE LDAP Schema, v.2. A migration tool will be forthcoming.
If you refresh your Messaging Server 6.0 product binary with updated versions of the product, the MTA compile configuration must be rebuilt. (no bugid)
If you do not rebuild your MTA compile configuration, you will see a compile configuration mismatch error.
Workaround
On a stand-alone system:On a clustered system:
- Apply the Messaging Server 6.0 P1 patch to upgrade an inactive node.
- On a node that has not been upgraded, run the imsimta cnbuild -remove command to clear the configuration.
- Failover your system to the upgraded node.
- Immediately run the imsimta cnbuild command on the upgraded node.
- Manually copy the new configuration files (generated by the patch) into your “live” configuration area.
- Upgrade the node that has not yet been upgraded.
Do not run the UpgradeMsg5toMsg6.pl upgrade script provided with Messaging Server 6.0 (no bugid)
Do not run the UpgradeMsg5toMsg6.pl (Perl) upgrade script shipped with 6.0.
You must wait for Messaging Server 6.0 patch 1 to upgrade.Netscape Directory Server 4.16 PAB entries with multi-valued mail attributes cannot be migrated to Directory Server 5.1 because it only accepts single-valued mail attributes. (4869706)
Objectclass violations occur if you try to add these entries.
Workaround
Turn off schema checking if you are porting PAB entries from Netscape Directory Server 4.16 to Directory Server 5.1.End users cannot manage their mailing lists in Messaging Server 6.0. (4904736)
Sun ONE Messaging Server 6.0 will ship without a web-based tool that allows end users to manage their own mailing lists (a regression relative to iPlanet Messaging Server 5.2).
Workarounds
- Install a third-party product for mailing list expansion and management, such as Mailman (http://www.list.org/) or Majordomo (http://www.greatcircle.com/majordomo/).
- Alternately, do not use Sun ONE LDAP Schema, v.2, but instead use Sun ONE LDAP Schema, v.1, which is supported by the graphical user interface found in iPlanet Delegated Administrator for Messaging. Also in Schema v.1, you can provision the directory directly to create Delegated Administrator-compatible LDAP entries as described in the iPlanet Messaging Server 5.2 Provisioning Guide and the iPlanet Messaging and Collaboration 5.2 Schema Reference.
Messaging Server Problems
This section describes known issues in the Messaging Server product.
Cannot Create a User Through the Administration Console (4852026 & 4852004)
Messaging Server no longer supports user or group creation using the Admin Console. User and group entries should be created uisng the User Management Utilities. The following error messages may appear when logging in as, or sending mail to, a user created using Admin Console:
Quota root does not exist
4.0.0 temporary error returned by alias expansion: . . ."
In option.dat, lines starting with #, !, or ; symbols are treated as comment lines. (no bugid)
In option.dat files, Messaging Server treats lines beginning with pound sign (#), exclamation point (!), or semicolon (;) characters as comment lines — even if the preceding line has a trailing backslash (\), which means the line is being continued. Consequently, you must be careful when working with long options (particularly delivery options) containing these characters.
There is a workaround for delivery options in which a natural layout could lead to continuation lines starting with a # or !.
Workaround
In delivery options, Messaging Server ignores spaces following the commas that separate individual delivery option types.For example, instead of:
DELIVERY_OPTIONS=\
#*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
#&members=*,\
*native=@$X.lmtpnative:$M,\
*unix=@$X.lmtpnative:$M,\
/hold=$L%$D@hold,\
*file=@$X.lmtpnative:+$F,\
&@members_offline=*,\
program=$M%$P@pipe-daemon,\
forward=**,\
*^!autoreply=$M+$D@bitbucketYou can workaround the problem by adding spaces as follows:
DELIVERY_OPTIONS=\
#*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
#&members=*,\
#*native=@$X.lmtpnative:$M,\
#*unix=@$X.lmtpnative:$M,\
#/hold=$L%$D@hold,\
#*file=@$X.lmtpnative:+$F,\
#&@members_offline=*,\
#program=$M%$P@pipe-daemon,\
#forward=**,\
#*^!autoreply=$M+$D@bitbucketDOMAIN_UPLEVEL has been modified. (no bugid)
The DOMAIN_UPLEVEL default value has changed from 1 to 0.
The following characters cannot be used in the User ID: $ ~ = # * + % ! @ , { } ( ) / < > ; : " ‘ [ ] & ? (no bugid)
This constraint is enforced by MTA when operating in direct LDAP mode. Allowing these characters in the User ID can cause problems in the message store. If you want to change the list of characters forbidden by the MTA, set the following option by listing a comma-separated string of the characters’ ASCII values:
LDAP_UID_INVALID_CHARS=32,33,34,35,36,37,38,40,41,42,43,44,47,58,59,60,61,62,63,64,91,92,93,96,123,125,126
in the msg_svr_base/config/options.dat file. Note that you are strongly advised against relaxing this constraint.
NFS is not supported for mail stores. (no bugid)
NFS is not supported for several reasons, including: open with O_EXCL is non-atomic. This technique is used for synchronizing deferred handling between various threads.
When using the MTA direct LDAP operation, you should run the imsimta restart command to immediately implement newly modified alias cache sizes or timeout values, or to immediately clear the alias cache. (no bugid)
If the name service cache daemon (nscd) is not running in a Solaris operating environment, the services can fail. (4353836)
This is a known Solaris bug. To avoid this problem, be sure to run the nscd(1M) service. In addition, you must enable the cache for host lookups or the mshttpd service will not work.
If you enable Sun Cluster 3.0 Update 3, you may encounter a harmless error message. (4490877)
The following harmless error message appears in the Sun Cluster console and also in /var/adm/messages, when starting High Availability (HA) services or when switching HA services from one node to another:
Cluster.PMF.pmfd: Error opening procfs control file </proc/20700/ctl> for tag <falcon,habanero_msg,4.svc>: No such file or directory
The ldapsearch command fails in the ko locale on Solaris platforms. (4533913)
The Messaging Server installation fails if it is installed in the ko locale as a result of this problem.
Workaround
This problem no longer occurs with Sun ONE Directory Server 5.2. However, if you are using earlier versions of Directory Server, run comm_dssetup.pl on Directory Server, using the default C locale instead of the ko locale.Alternatively, you can install Messaging Server using another Korean locale, such as ko_KR.EUC, ko.UTF-8, or ko_KR.UTF-8.
LDAP search performance is slightly impacted by ACIs in Directory Server version 5.x. (4534356)
This issue affects many searches performed by Messaging Server. For faster searches, use directory manager credentials with the following commands to access the directory:
msg_svr_base/sbin/configutil -o local.ugldapbinddn -v "rootdn" -l
msg_svr_base/sbin/configutil -o local.ugldapbindcred -v "rootdn_passwd" -lwhere rootdn and rootdn_passwd are the credentials of Directory Server’s administrator.
The MMP BadGuy configuration parameter, BGExcluded, does not work. (4538273)
Workaround
Deploy separate MMP servers to handle the clients that are excluded from bad guy rules. These servers must have BadGuy turned off.To take effect, changes made using configutil often require a restart of the affected server or servers. (4538366)
Admin Server access control host names are case-sensitive. (4541448)
When you configure “Host Names to allow” for the Admin Server, the access control list is case-sensitive. If the DNS server uses mixed-case host names in the IN-ADDR records (used when translating from an IP address to a domain name), the access control list must use the same case. For example, if your host is test.Sesta.Com, then the access control list must include *.Sesta.Com. Due to this bug, *.sesta.com will not suffice.
For example, if the user/group base suffix is o=isp, then the DN of the service administrator group is cn=Service Administrators,ou=groups,o=isp. To designate the account uid=ofanning, o=sesta.com, o=isp as a service administrator, you should add the account’s DN to the group. In the following modify record, the designated user is added as a group member in the LDIF:
dn: cn=Service Administrators,ou=groups,o=isp
changetype: modify
add: uniquemember
uniquemember: uid=ofanning, o=sesta.com, o=ispFurthermore, for users to have service administrator privileges, the attribute memberof must be added to the user entry and set to the Service Administrator Group, for example:
dn: uid=ofanning, o=sesta.com, o=isp
changetype: modify
add: memberof
memberof: cn=Service Administrators, ou=groups, o=ispIf you use Microsoft Outlook Express as your IMAP mail client, the read and unread flags might not work properly. This is a known problem with the Microsoft Outlook Express client. (4543930)
To enable the workaround, set the following configuration variable:
configutil -o local.imap.immediateflagupdate -v yes
If, while using the workaround, you experience performance issues, it is recommended that you discontinue using the workaround.
Connections aborted with TCP_IOC_ABORT_CONN in syslog. (4616287)
If a failover occurs for an HA configuration running Sun Cluster 3.1 on the Solaris 8 U7 or Solaris 9 Operating System and active TCP connections are aborted with the TCP_IOC_ABORT_CONN ioctl, messages such as the following are logged on the console and to system logs.
Jul 24 16:41:15 shemp ip: TCP_IOC_ABORT_CONN: local = 192.018.076.081:0,
remote = 000.000.000.000:0, start = -2, end = 6
Jul 24 16:41:15 shemp ip: TCP_IOC_ABORT_CONN: aborted 0 connection
These messages are informational only and should not show up in non-debug mode.
Access control filters do not work if the short form domain in used in the /etc/hosts file. (4629001)
If there is a short form version of a domain name in the /etc/hosts file, there will be problems if you use a host name in an access control filter. When the IP address lookup returns a short form version of the domain name, the match will fail. Therefore, you should make sure you use a fully qualified domain name in the /etc/hosts file.
MoveUser utility does not work on a mailbox that contains over 25,000 subfolders. (4737262)
It has been reported that the MoveUser utility stops when attempting to move a user’s account that has a mailbox containing over 25,000 subfolders.
Messenger Express Multiplexor (MEM) does not have a configuration option to make use of the OS resolver as well as NSCD. (4823042)
Workaround
Configure system as a caching-only DNS server in order to gain the benefit of caching MX and A records.If indirect dependencies already exist between Sun Cluster resources, scds_hasp_check() may prevent HAStoragePlus from being supported with those existing configurations. (4827911)
This behavior is observed in Sun Cluster 3.0 Update 3.
Workaround
Create a weak dependency for the existing resources on the HAStoragePlus resource.Searching for a home phone number does not work in the Personal Address Book. (4877800)
A Personal Address Book search based on “Phone #” searches for the work phone number attribute only. You cannot use “Phone #” to search for home or mobile phone numbers.
New autoreply function has limitations with language tags. (4896231 and 4898193)
If you are using Delegated Administrator and Sun ONE LDAP Schema v1, and you need to enable multi-language support when provisioning vacation messages, use the old autoreply channel described in the iPlanet Messaging Server 5.2 Administrator’s Guide.
The XSTA, XADR commands are enabled by default. (4910371)
After installation, the SMTP extension commands XSTA and XADR are enabled by default, which may enable remote and local users to retrieve sensitive information.
Workaround
Add the following lines to the imta/config/tcp_local_options file (create this file if necessary) to disable the XSTA and XADR commands:DISABLE_ADDRESS=1
DISABLE_CIRCUIT=1
DISABLE_STATUS=1
DISABLE_GENERAL=1Selecting MS in Admin Console displays “ERR cannot setuid or setgid.” (4916259)
The Messaging Server console will not start and an ERR cannot setuid or setgid error message will result if you run the Admin Server as a user other than root.
Workaround
You must install and run the Admin Server as root.If Admin Server is already installed, change the User parameter in admin-serv/config/magnus.conf and change the ownership of admin-serv/tmp.
imsimta start doesn’t start disp and job controller. (4916996)
The imsimta start, imsimta restart, and imsimta refresh commands work only when the watcher process is running.
Note
New start-msg and stop-msg commands have replaced imsimta start and imsimta stop, which are deprecated and will be removed in a future release.
For more information about the start-msg and stop-msg commands, refer to the Sun ONE Messaging Server Administrator’s Guide.
New Watcher log file not managed by the logging system—no rollover or purging. (4929765)
A new Watcher log file is available in default_log_path/watcher. This log file is not managed by the logging system (no rollover or purging).
Webmail’s default behavior for Arabic/Hebrew users has changed since version 5.2. (4933096)
When you log in as a user with preferredlanguage=ar, the user interface displays left-to-right instead of right-to-left.
Workaround
User create -c option creates an invalid calendar identifier. (4937705)
When you use the -S cal option the -c suboption becomes available, which is the calendar identifier. Specifying commadmin .... -d domain101.com -l test1 -S cal -c defaultCalendar results in the following entry:
icscalendar: defaultCalendar
However, the entry should be:
icscalendar: test1@domain101.com:defaultCalendar
Workaround:
Do not use the -c option when creating a user.Manage Certificate wizard not creating Secure Sockets Layer (SSL) certifications under Messaging Server/Configuration. (4939810)
When you use the Manage Certificate option (Admin Server->Messaging Server->
Configuration->Manage Certificate) to create an SSL certification request, the Manage Certificate wizard should create a certificate and key database in the Messaging_Server_Base/config area and not in the Directory_Server_Root/alias area. In addition, the file prefixes should change from the msg-config value (msg-config-cert7.db and msg-config-key3.db) to NULL (cert7.db and key3.db).Workarounds:
- Copy the msg-config-cert7.db and msg-config-key3.db files from Directory_Server_Base/alias area to Messaging_Server_Base/config area as cert7.db and key3.db with proper permissions and ownerships.
- Create soft links for the files under Messaging_Server_Base/config area with the proper permissions and ownerships used in the Directory_Server_Base/alias area.
Korean PAB text corrupt in Internet Explorer 6.0 when auto-select encoding is enabled. (4951813)
Using Internet Explorer 6.0, if you create a user with preferredlanguage=ko, select View ->
Encoding -> Auto-Select, and log into Webmail as the ko user, when you open the Addresses page the text display will be corrupted.Workaround
Disable Auto-Select and reopen the Addresses page. The text will display appropriately.
Output from return_debug=1 missing. (4957856)
In previous releases, the output from return_debug=1 was logged to job_controller.log.
In Messaging Server 6.0, the scheduler program runs the return job, but does not send the output to any log file.LMTP does not work with conversions. (4963632)
You must not perform conversions on relays before LMTP delivery. If conversions are required, use SMTP delivery to the backend store.
Workaround:
Add an entry to the CONVERSIONS mapping so conversions are not performed if out-chan=tcp_lmtpcs. For example:CONVERSIONS
IN-CHAN=*;OUT-CHAN=tcp_lmtpcs;CONVERT No
IN-CHAN=*;OUT-CHAN=*;CONVERT Yesimsimata cache -walk -debug=15 issues an error message. (4964696)
The imsimata cache -walk -debug=15 command works as intended, but issues an “Unknown command specified” error message.
Will not see channel is stopped if jobc was recently started. (4965338)
In Messaging Server 5.2, if you issued a #imsimta qm summarize command you could view the channels that had been stopped with the imsimta qm stop <chan> command.
This behavior changed in 6.0. If you have not used a channel yet, you will not get the 0 lines and you will not see the stopped channels. Messages could be logged without you being aware of it.
Correct certmap.conf file content required for client-based SSL. (4967344)
The certmap.conf configuration file specifies how to map a certificate to an entry in the LDAP directory. By default, the certificate subject (with two lines commented out) contains the exact DN of the LDAP directory entry.
However, a very common alternative behavior is to extract a particular attribute from the subject of the certificate and to search the directory for that attribute.
Workaround:
To achieve this alternative behavior, change:certmap default default
#default:DNComps
#default:FilterComps e, uidto:
certmap default default
default:DNComps
default:FilterComps e
Note
For a complete description of certmap.conf, please refer to the Sun ONE Server Console 5.2 Server Management Guide.
Messenger Express Problems
This section describes known issues in the Messenger Express product.
With Directory Server 5.1 or later, you will not be able to enter multiple email IDs for a single contact in the Personal Address Book. (4633171)
Note that Directory Server is exhibiting correct behavior. Due to a bug in Netscape Directory Server 4.x, you are able to enter multiple email IDs.
If you create groups within an existing group, you may encounter the following error: pab::PAB_ModifyAttribute: ldap error (No Such object). (4883651)
Feature removed from the Advanced Mail Filter Conditions window. (4908625)
The ability to specify a time frame for your filters has been removed from the Advanced Mail Filter Conditions window (of the Mail Filters user interface) for the Messaging Server 6.0 Patch 1 release. The feature was removed because the underlying support is not available.
User Management Utility
This section describes known issues in User Management Utility for Sun ONE Messaging and Collaboration.
User create -c option creates an invalid calendar identifier. (4937705)
When you use the -S cal option the -c suboption becomes available, which is the calendar identifier. Specifying commadmin .... -d domain101.com -l test1 -S cal -c defaultCalendar results in the following entry:
icscalendar: defaultCalendar
However, the entry should be:
icscalendar: test1@domain101.com:defaultCalendar
Workaround:
Do not use the -c option when creating a user.Cannot modify non-ASCII groups. (4934768)
If a group is created with a group name that contains non-ASCII characters, it cannot be modified with the commadmin group modify command.
For example, if a group with the non-ASCII characters XYZ is specified with the -G option in the commadmin group create command, an email address of XYZ is automatically added to the group’s LDAP entry. Since non-ASCII characters are not allowed in email addresses, modifying the group with commadmin group modfiy fails.
Workaround:
Use the -E email option when creating a group. This option will specify the group’s email address. For example: commadmin group create -D admin -w password -d siroe.com -G XYZ -S mail \ -E testgroup@siroe.com.Creating a group with multiple -f options adds only one attribute. (4931958)
If you specify multiple -f options for creating dynamic groups in the commadmin group create command, only the value specified with the last -f option is added to the LDAP entry. The other values are not added.
Workaround:
Do not specify the -f option multiple times when using the commadmin group create command.Group’s email address is not validated against the domain in which group is created. (4931802)
When creating a group with the commadmin group create command, the group’s email address (specified with the -E option) is not validated against the domain of the group (specified with the -d option).
Workaround:
Verify that value specified with the -E option is a valid email address for the group’s domain.mgrpModerator attribute is not set correctly by commadmin group create -r command. (4931765)
Specifying the -r option for the commadmin group create command should create a moderator for the group. The -r option requires the moderator’s email address. When this option is specified, the mgrpModerator attribute is not correctly set. For example, if the option is specified as -r moderator, the mgrpModerator attribute should be set to mailto:moderator@siroe.com where siroe.com is the default domain. However, in this case, the mgrpModerator attribute is set only to moderator.
Workaround:
Verify that the value entered with the -r option is a complete email address, for example -r moderator@siroe.com.Need to specify -M with -S option for commadmin group create. (4930618)
For the commadmin group create and commadmin group modify commands, the -M option must be specified with the -S option.
Localization Issues
The following items are not necessarily il8n or l10n specific.
(i18n) Intermittent Javascript errors may be seen in Japanese Webmail (Internet Explorer 6 only) when proxy server is used. (4925995)
Workaround:
Enable or disable “auto-detection” option in Internet Explorer’s encoding menu. Use direct connection or switch to different proxy server.(i18n) Webmail composer sometimes folds Japanese sentences that contain certain characters. (4923143)
No workaround exists.
(i18n/l10n) Localized Webmail does not merge some of the folders created by Outlook Express. (4653960)
It is sometimes desired that default “Sent” folder in Webmail can be replaced with “Sent Items” folder created by Outlook Express, hence all the messages sent by both client is copied to “Sent Items” folder. This operation is difficult, particularly in Japanese.
Workaround (in two parts):
How to Report Problems and Provide FeedbackIf you have problems with Messaging Server, contact Sun customer support using one of the following mechanisms:
- Sun Software Support services online at
http://www.sun.com/service/sunone/softwareSo that we can best assist you in resolving problems, please have the following information available when you contact support:
- Description of the problem, including the situation where the problem occurs and its impact on your operation
- Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem
- Detailed steps on the methods you have used to reproduce the problem
- Any error logs or core dumps
You might also find it useful to subscribe to the following interest group, where Messaging Server topics are discussed:
Sun Welcomes Your Comments
Sun is interested in improving its documentation and welcomes your comments and suggestions. Email your comments to Sun at this address:
Please include the part number (817-5035-11) of the document in the subject line and the book title (Sun ONE Messaging Server 6.0 Release Notes) in the body of your email.
Additional Sun ResourcesUseful Sun ONE information can be found at the following Internet locations:
- Documentation for Sun ONE Messaging Server
http://docs.sun.com/coll/S1_MsgServer_60- Sun ONE Documentation
http://docs.sun.com/prod/sunone- Sun ONE Professional Services
http://www.sun.com/service/sunps/sunone- Sun ONE Software Products and Service
http://www.sun.com/software- Sun ONE Software Support Services
http://www.sun.com/service/sunone/software- Sun ONE Support and Knowledge Base
http://www.sun.com/service/support/software- Sun Support and Training Services
http://www.sun.com/supportraining- Sun ONE Consulting and Professional Services
http://www.sun.com/service/sunps/sunone- Sun ONE Developer Information
http://sunonedev.sun.com- Sun Developer Support Services
http://www.sun.com/developers/support- Sun ONE Software Training
http://www.sun.com/software/training- Sun Software Data Sheets
http://wwws.sun.com/software
Copyright � 2004 Sun Microsystems, Inc. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Solaris, Java and the Java Coffee Cup logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Use of Messaging Server is subject to the terms described in the license agreement accompanying it.
This product includes software developed by Computing Services at Carnegie Mellon University (http://www.cmu.edu/computing/).