Known Issues and Limitations in Messaging Server

This section contains a list of the known issues with Messaging Server 6.3. The following product areas are covered:

• Messaging Server Installation, Upgrade, and Uninstallation

• Messaging Server Issues

• Messaging Server Localization and Globalization Issues

• Messaging Server Documentation Issues

Messaging Server Installation, Upgrade, and Uninstallation

This section describes known issues with installing, upgrading, and uninstalling Messaging Server.

4991650

This version of Messaging Server does not support a staged rolling upgrade with minimum downtime in a symmetric HA environment.

With Messaging Server 5.2, you could install the Messaging Server more than once on the same machine and patch the different installations separately. This capability enabled support for minimal-downtime staged rolling upgrades.

6175770

You must use the Communications Services installer to install a cluster agent for Messaging Server.

To install Messaging Server in a Sun Cluster environment, see Sun Cluster Software Example in Sun Java Communications Suite 5 Installation Guide.

6373070

The Select Components to Configure screen displays 0 bytes.

When Messaging Server is configured (immediately after installation), the Select Components to Configure screen displays the following components: Message Transfer Agent, Message Store, Messenger Express, Delegated Administrator LDAP entries, and Messaging Multiplexor.

However, all selected components show 0 bytes on the screen.

6547399, 6559466

/opt/etc directory created during SUNWma installation

Workaround: Manually delete the directory after product installation. This issue will be fixed in a future release.

Messaging Server Issues

This section describes known issues in the Messaging Server product.

4534356

LDAP search performance is slightly impacted by ACIs in Directory Server version 5.x.

This issue affects many searches performed by Messaging Server.

Workaround: For faster searches, use directory manager credentials with the following commands to access the directory:

msg-svr-base/sbin/configutil -o local.ugldapbinddn -v "rootdn"

msg-svr-base/sbin/configutil -o local.ugldapbindcred -v "rootdn_passwd"

where rootdn and rootdn_passwd are the credentials of Directory Server’s administrator.

4538366

To take effect, changes made using configutil often require a restart of the affected server or servers.

Workaround: None.

4543930

If you use Microsoft Outlook Express as your IMAP mail client, the read and unread flags might not work properly.

This is a known problem with the Microsoft Outlook Express client.

Workaround: Set the following configuration variable:

configutil -o local.imap.immediateflagupdate -v yes

If, while using the workaround, you experience performance issues, it is recommended that you discontinue using the workaround.

4629001

Access control filters do not work if the short form domain in used in the /etc/hosts file.

If there is a short form version of a domain name in the /etc/hosts file, there will be problems if you use a host name in an access control filter. When the IP address lookup returns a short form version of the domain name, the match will fail. Therefore, you should make sure you use a fully qualified domain name in the /etc/hosts file.

Workaround: None.

4737262

MoveUser utility does not work on a mailbox that contains over 1024 subfolders.

It has been reported that the MoveUser utility stops when attempting to move a user’s account that has a mailbox containing over 1024 subfolders.

Workaround: None.

4823042

Messenger Express Multiplexor (MEM) does not have a configuration option to make use of the OS resolver or NSCD.

Workaround: Configure system as a caching-only DNS server in order to gain the benefit of caching MX and A records.

4883192

GB18030 (Chinese National Standard) is a character set now recognized by the MTA.

---

Note –

Implementing this support caused a change to compiled character set data. The imsimta chbuild may need to be run after an upgrade.

---

4910371

The XSTA, XADR commands are enabled by default.

After installation, the SMTP extension commands XSTA and XADR are enabled by default, which may enable remote and local users to retrieve sensitive information.

Workaround: Add the following lines to the <msg-svr-base>/config/tcp_local_option file (create this file if necessary) to disable the XSTA and XADR commands:

DISABLE_ADDRESS=1
DISABLE_CIRCUIT=1
DISABLE_STATUS=1
DISABLE_GENERAL=1

4916996

imsimta start doesn’t start dispatcher and job controller.

The imsimta start, imsimta restart, and imsimta refresh commands work only when the watcher process is running.

---

Note –

New start-msg and stop-msg commands have replaced imsimta start and imsimta stop, which are deprecated and will be removed in a future release.

For more information about the start-msg and stop-msg commands, refer to the Messaging Server Administration Guide.

---

Workaround: None.

4967344

Correct certmap.conf file content required for client certificate authentication.

The certmap.conf configuration file specifies how to map a certificate to an entry in the LDAP directory. By default, the certificate subject (with two lines commented out) contains the exact DN of the LDAP directory entry.

However, a very common alternative behavior is to extract a particular attribute from the subject of the certificate and to search the directory for that attribute.

Workaround: To achieve this alternative behavior, change:

certmap default default
#default:DNComps
#default:FilterComps e, uid
		 

to:

certmap default default
default:DNComps
default:FilterComps e
		 

5043607

Cannot log in to Messaging Server from Internet Explorer 6.0 SP1 when using a proxy server.

When using an HTTP proxy in Internet Explorer 6.0 SP1 on a PC as a client, you may experience difficulty in logging into Messaging Server. This problem is likely to be due to a non-standard compliant proxy server and cannot be fixed in Messaging Server.

6194236

The configure program fails with non-standard organization DNs.

The configure program does not construct intermediate RDNs between the organization DN and the User/Group suffix. This problem occurs both with Schema 1 and Schema 2.

Workaround: Create the Organization DN prior to running the configure program (or at least to the DN above the Organization DN).

6200993

NSS errors in the imta logfile when SSL is not configured.

These are not harmful errors. They are caused by the system's inability to find SSL certificates in the SSL configuration.

Workaround: You can disable SSL in the MTA as well as the Message Store:

1. Edit imta.cnf file and remove the channel keyword maytlsserver from tcp_local and tcp_intranet channels.

2. Change the following configutil configuration parameters by setting service.imap.sslusessl to 'no' and service.pop.sslusessl to 'no'.

3. Recompile the MTA configuration with the imsimta cnbuild command.

4. Restart the services (stop-msg/start-msg). This will disable the support for SSL. Please make sure that, if you need to configure the server in SSL mode after creating certificates, you will need to revert back to the changes you made previously.

6299309, 6290934

Messaging Server fails to start when SNMP is enabled on Solaris 10.

Workaround: Direct snmpwalk to snmpdx instead of snmpd and go directly to port 16161 instead of port 161.

6337631

Approach of store.idx 2 Gigabyte limit should act like a quota.

The message store has a hard limit of 2 gigabytes for the store.idx file. If a folder grows to the point that the store.idx file attempts to exceed 2 gigabytes, errors will appear in the mail.log_current file.

Workaround: If possible, set a quota. Also, it is recommended that policies are set so aging rules are used to ensure folders do not grow very large.

6397522

REVERSE_URL behavior has changed.

---

Note –

It is not recommended that you change this attribute.

---

If you want to use an alternate attribute for address reversal and for primary address storage, you should not use REVERSE_URL. Instead, you set the LDAP_PRIMARY_ADDRESS to the attribute you want to use. The problem with this is the semantic overlap between the addresses you want to use for alias lookups and the ones you want to use for alias reversal. You might be able to shuffle attributes around between the LDAP_PRIMARY_ADDRESS, LDAP_EQUIVALENCE_ADDRESSES, and LDAP_ALIAS_ADDRESSES slots. The simplest case would be that you simply want to use meEndRemetente instead of mail for both. In this case all you do is set the LDAP_PRIMARY_ADDRESS MTA option to meEndRemetente and you're done. If, on the other hand, you want to continue to use the mail attribute for alias lookups, you'd have to put it in one of the other slots for that to work. Whether or not that will be allowed depends on whether or not you use mailAlternateAddress and mailEquivalentAddress attributes. Messaging Server 6.2 and earlier allow multiple attributes in each slot, but each directory entry can have at most one attribute that ends up in a given slot. This version of Messaging Server relaxes this restriction for the attributes where it makes sense (like LDAP_ALIAS_ADDRESSES or LDAP_EQUIVALENCE_ADDRESSES but not LDAP_PRIMARY_ADDRESS).

6479461

Enabled SSL Ciphers are adjusted; Weak SSL Ciphers can be disabled by default.

For Messaging Server 6.3 and going forward, the weak SSL cipher suites will be disabled by default. This is an incompatible change, so it's possible some old mail clients which only support export-grade SSL will break.

The following configuration options can be used to turn on all cipher suites including the weak ones (but excluding the NULL ciphers):

• For MMP: default:SSLAdjustCipherSuites weak+all

• For IMAP/POP/SMTP/MSHTTPD: configutil -o local.ssladjustciphersuites -v weak+all

  However, be advised to instead only turn on the specific cipher suite needed for inter-operability. For example, the common SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suite can be enabled with: +SSL_RSA_EXPORT_WITH_RC4_40_MD5. The 56-bit ciphers are not as weak as the 40-bit ciphers so if it's possible to only enable those, the following cipher suite works: +TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA .

6524704

imapd ENS resubscriber leaks file descriptors.

If ENS is configured, then IDLE must be configured as well. If ENS is configured and IDLE is not configured, the imapd and popd will leak file handles .

Workaround: None

No ID

The following are additional issues related to the Messaging Server product that do not have IDs.

Maximum Mailbox Size

The mailbox index (store.idx) file has a hard limit of two gigabytes. More than this will cause messages to stop being delivered to the user and could cause message store performance problems. See User Mail Not Delivered Due to Mailbox Overflow in Sun Java System Messaging Server 6.3 Administration Guide for details. Note that the sum of the message sizes in the mailbox may exceed the two gigabyte limit.

In option.dat, lines starting with #, !, or ; symbols are treated as comment lines.

In option.dat files, Messaging Server treats lines beginning with pound sign (#), exclamation point (!), or semicolon (;) characters as comment lines— even if the preceding line has a trailing backslash (\), which means the line is being continued. Consequently, you must be careful when working with long options (particularly delivery options) containing these characters.

There is a workaround for delivery options in which a natural layout could lead to continuation lines starting with a # or !.

Workaround: In delivery options, Messaging Server ignores spaces following the commas that separate individual delivery option types.

For example, instead of:

		 DELIVERY_OPTIONS=\
		 #*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
		 #&members=*,\
		 *native=@$X.lmtpnative:$M,\
		 *unix=@$X.lmtpnative:$M,\
		 /hold=$L%$D@hold,\
		 *file=@$X.lmtpnative:+$F,\
		 &@members_offline=*,\
		 program=$M%$P@pipe-daemon,\
		 forward=**,\
		 *^!autoreply=$M+$D@bitbucket
		 

You can workaround the problem by adding spaces as follows:

		 DELIVERY_OPTIONS=\
		           #*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
				   #&members=*,\
				   #*native=@$X.lmtpnative:$M,\
				   #*unix=@$X.lmtpnative:$M,\
				   #/hold=$L%$D@hold,\
				   #*file=@$X.lmtpnative:+$F,\
				   #&@members_offline=*,\
				   #program=$M%$P@pipe-daemon,\
				   #forward=**,\
				   #*^!autoreply=$M+$D@bitbucket

DOMAIN_UPLEVEL has been modified.

The DOMAIN_UPLEVEL default value has changed from 1 to 0.

The following characters cannot be used in the User ID: $ ~ = # * + % ! @ , { } ( ) / < \> ; : " ” [ ] & ?

This constraint is enforced by MTA. Allowing these characters in the User ID can cause problems in the message store. If you want to change the list of characters forbidden by the MTA, set the following option by listing a comma-separated string of the characters’ ASCII values:

LDAP_UID_INVALID_CHARS=32,33,34,35,36,37,38,40,41,
42,43,44,47,58,59,60,61,62,63,64,91,92,93,96,123,125,126

in the msg-svr-base/config/options.dat file. Note that you are strongly advised against relaxing this constraint.

Messaging Server Localization and Globalization Issues

At present, there are no localization or globalization issues.

Messaging Server Documentation Issues

This section describes known issues in the Communications Services and Messaging Server-specific documentation.

6554954

The ha_ip_config script does not set all of the required ENS configuration parameters for ENS execution.

If you want to run ENS in an HA environment, you must set the following parameters in the ha_ip_config script:

• local.ens.port– Port (and optionally IP address) on which ENS will listen. Format: [address:]port. For example, 7997 or 192.168.1.1:7997. If local.ens.port is set, local.store.notifyplugin.enshost and local.store.notifyplugin.ensport must also be configured.

• local.storenotify.enshost— IP address or host name of the ENS server. This setting must correspond to the setting in local.ens.port

• local.storenotify.ensport– TCP port for the ENS server. This must correspond to the setting in local.ens.port .

6307201

Correction to bug 5076486 regarding imadmin user purge with iPlanet Delegated Administrator 1.2 Patch 2

You are able to use the imadmin user purge command with iPlanet Delegated Administrator 1.2 Patch 2 and Messaging Server 6.x. This legacy version of Delegated Administrator should not be confused with the current Delegated Administrator product documented in Chapter 5, Sun Java System Delegated Administrator 6.4 Release Notes. To use the legacy version of Delegated Administrator, you need to follow the procedures outlined in the iPlanet Delegated Administrator installation documentation on http://docs.sun.com along with the following modification:

Change the MsgSvrN-cgipath line in the iDA_install_directory/nda/classes/netscape/nda/servlet/resource.properties file to MsgSvr0–cgipath=msg-config/Tasks/operation and restart the Web Server.

In addition, if you are running on a cluster, you need to make sure that an Administration Server is always running on the same node as Messaging Server (for releases prior to 6.3).

Workaround: None.

6381669

The Messenger Express Customization Guide displays the wrong directory name in the section on customizing hosted domains.

When the user is asked to create a separate directory for each domain, the correct directory should be msg-svr-base/config/html not msg-svr-base/html .

6385833

The Messenger Express Customization Guide specifies the wrong file path for the SDK files and functions.

The SDK files and functions are located in msg-svr-base /examples/meauthsdk

6461000

Messenger Express Online Help Describes Some Features that Aren't in the Product

The following features are described in the Messenger Express Online Help but are not in the product:

• Secure Messaging, also called S/MIME is only available to S/MIME customers. For information on S/MIME, see: Chapter 24, Administering S/MIME for Communications Express Mail, in Sun Java System Messaging Server 6.3 Administration Guide.

• Automatic Spell Checker; this feature was removed in a previous release.

• Mail Filters; this feature requires additional configuration. See: Configuring Messenger Express and Communications Express Mail Filters in Sun Java System Messaging Server 6.3 Administration Guide.

• Navigation Path; you can view navigation paths when you are viewing customer-created folders. However, navigational paths will not display in default folders like the INBOX, Sent Folder, Drafts, Trash, and so on.

Since Messenger Express has been deprecated, the Messenger Express Online Help will not be updated.

5091281

No documentation available on new shared defragment database feature.

No documentation available on a new feature whereby MTA systems can share the defragment database and thereby defragmentation can be done on MTA systems instead of the store system.

Workaround: None.

No ID

The imarchive —s option is not enabled but is documented.

The imarchive -s option is not currently enabled. However, it is documented in the Sun Java System Messaging Server 6.3 Administration Reference. This option will be enabled in a future update release.

No ID

Different server-root notations are used in the product documentation.

The server-root directory (where the Messaging Server configuration files are housed) is referred to as msg-svr-base. In the Java Enterprise System documentation, it is referred to as MessagingServer-base . Both notations refer to the Messaging Server server-root directory.