Sun Java logo     Copyright      Index      Next     

Sun logo
Sun Java System Messaging Server 6 2005Q1 Administration Guide 


List of Tables

List of Figures

Who Should Use This Book
Before You Read This Book
How This Book Is Organized
Conventions Used in This Book
Typographic Conventions
Default Paths and File Names
Command Line Prompts
Related Documentation
Messaging Server Documents
Communications Services Documents
Where to Find This Manual Online
Accessing Sun Resources Online
Contacting Sun Technical Support
Related Third-Party Web Site References
Sun Welcomes Your Comments

Chapter 1   Post-install Tasks and Layout
To Create UNIX System Users and Groups
To Prepare Directory Server for Messaging Server Configuration
Location of Requirements
To Run the Script
To Create the Initial Messaging Server Runtime Configuration
Messaging Server Pre-requisites
Messaging Server Configuration Checklist
Running the configure Program
To Perform a Silent Installation
To Install Messaging Server against a Directory Server Replica
To Install Messaging Server Provisioning Tools
Delegated Administrator for Messaging
LDAP Provisioning Tools
SMTP Relay Blocking
Enabling Start-up After a Reboot
Handling sendmail Clients
Solaris 8
Solaris 9 and Above
Configuring Messenger Express and Communications Express Mail Filters
Performance and Tuning
Post-Installation Directory Layout
Post-Installation Port Numbers

Chapter 2   Upgrading to Sun Java Systems Messaging Server
Before You Begin
Overview of the Upgrade Process
Creating Upgrade Files to Update your Configuration
About Upgrade Files
Running the Perl Script
Running the Upgrade Utility
Overview of the Upgrade Utility
Running the Utility
MTA Configuration
configutil Parameters
Backup Configuration
mboxlist Database
Migrating User Mailboxes
Migration Instructions

Chapter 3   Configuring High Availability
Cluster Agent Installation
Messaging Server and High Availability Notes
Using the useconfig Utility
Veritas Cluster Server Agent Installation
Veritas Cluster Server Requirements
VCS 3.5 Installation and Configuration Notes
MsgSrv Attributes
Sun Cluster Agent Installation
Sun Cluster Requirements
About HAStoragePlus
Configuring Messaging Server with Sun Cluster and HA StoragePlus
Binding IP Addresses on a Server
Unconfiguring High Availability
Unconfiguring Veritas Cluster Server
Unconfiguring Messaging Server HA Support for Sun Cluster 3.x

Chapter 4   Configuring General Messaging Capabilities
To Modify Your Passwords
Managing Mail Users, Mailing Lists and Domains
To Remove a User from Messaging Server
To Remove a Domain from Messaging Server
Managing Messaging Server with Sun ONE Console
Starting and Stopping Services
To Start and Stop Services in an HA Environment
To Start and Stop Services in a non-HA Environment
Automatic Restart of Failed or Unresponsive Services
Automatic Restart in High Availability Deployments
To Schedule Automatic Tasks
To Configure a Greeting Message
To Set a Per-Domain Greeting Message
To Set a User-Preferred Language
To Set a Domain Preferred Language
To Configure a Server Site Language
To Customize Directory Lookups
Encryption Settings
Setting a Failover LDAP Server

Chapter 5   Configuring POP, IMAP, and HTTP Services
General Configuration
Enabling and Disabling Services
Specifying Port Numbers
Ports for Encrypted Communications
Service Banner
Login Requirements
To Set the Login Separator for POP Clients
To Allow Log In without Using the Domain Name
Password-Based Login
Certificate-Based Login
Performance Parameters
Number of Processes
Number of Connections per Process
Number of Threads per Process
Dropping Idle Connections
Logging Out HTTP Clients
Client Access Controls
To Configure POP Services
To Configure IMAP Services
To Configure HTTP Services

Chapter 6   Enabling Single Sign-On (SSO)
Access Manager SSO for Sun Java System Servers
SSO Limitations and Notices
Configuring Messaging Server to Support SSO
Troubleshooting SSO
Trusted Circle SSO (Legacy)
Trusted Circle SSO Overview and Definitions
Trusted Circle SSO Applications
Trusted Circle SSO Limitations
Example Trusted Circle SSO Deployment Scenarios
Setting Up Trusted Circle SSO
Messenger Express Trusted SSO Configuration Parameters

Chapter 7   Configuring and Administering Multiplexor Services
Multiplexor Services
Multiplexor Benefits
About Messaging Multiplexor
How the Messaging Multiplexor Works
Encryption (SSL) Option
Certificate-Based Client Authentication
User Pre-Authentication
MMP Virtual Domains
About SMTP Proxy
Setting Up the Messaging Multiplexor
Before You Configure MMP
Multiplexor Configuration
Multiplexor Files
Starting the Multiplexor
Modifying an Existing MMP
Configuring MMP with SSL
A Sample Topology
MMP Tasks
To Configure Mail Access with MMP
To Set a Failover MMP LDAP Server
About Messenger Express Multiplexor
How Messenger Express Multiplexor Works
Setting Up the Messenger Express Multiplexor
Testing Your Setup
Administering Your Messenger Express Multiplexor

Chapter 8   MTA Concepts
The MTA Functionality
MTA Architecture and Message Flow Overview
The Dispatcher
Creation and Expiration of Server Processes
To Start and Stop the Dispatcher
Rewrite Rules
Master and Slave Programs
Channel Message Queues
Channel Definitions
The MTA Directory Information
The Job Controller
To Start and Stop the Job Controller

Chapter 9   MTA Address Translation and Routing
The Direct LDAP Algorithm and Implementation
Domain Locality Determination
Alias expansion of local addresses
Processing the LDAP Result
Address Reversal
Asynchronous LDAP Operations
Settings Summary

Chapter 10   About MTA Services and Configuration
Compiling the MTA Configuration
The MTA Configuration File
Mappings File
File Format in the Mappings File
Mapping Operations
Other MTA Configuration Files
Alias File
TCP/IP (SMTP) Channel Option Files
Conversion File
Dispatcher Configuration File
Mappings File
Option File
Tailor File
Job Controller File
The Alias Database
The Alias File
Including Other Files in the Alias File
Command Line Utilities
SMTP Security and Access Control
Log Files
To Convert Addresses from an Internal Form to a Public Form
To Set Address Reversal Controls
The Forward Lookup Table and FORWARD Address Mapping
Controlling Delivery Status Notification Messages
To Construct and Modify Status Notifications
To Customize and Localize Delivery Status Notification Messages
Internationalization of Generated Notices
Additional Status Notification Message Features
Controlling Message Disposition Notifications
To Customize and Localize Message Disposition Notification Messages

Chapter 11   Configuring Rewrite Rules
Rewrite Rule Structure
Rewrite Rule Patterns and Tags
A Rule to Match Percent Hacks
A Rule to Match Bang-Style (UUCP) Addresses
A Rule to Match Any Address
Tagged Rewrite Rule Sets
Rewrite Rule Templates
Ordinary Rewriting Templates: A%B@C or A@B
Repeated Rewrites Template, A%B
Specified Route Rewriting Templates, A@B@C@D or A@B@C
Case Sensitivity in Rewrite Rule Templates
How the MTA Applies Rewrite Rules to an Address
Step 1. Extract the First Host or Domain Specification
Step 2. Scan the Rewrite Rules
Step 3. Rewrite Address According to Template
Step 4. Finish the Rewrite Process
Rewrite Rule Failure
Syntax Checks After Rewrite
Handling Domain Literals
Template Substitutions and Rewrite Rule Control Sequences
Username and Subaddress Substitution, $U, $0U, $1U
Host/Domain and IP Literal Substitutions, $D, $H, $nD, $nH, $L
Literal Character Substitutions, $$, $%, $@
LDAP Query URL Substitutions, $]...[
General Database Substitutions, $(...)
Apply Specified Mapping, ${...}
Customer-supplied Routine Substitutions, $[...]
Single Field Substitutions, $&, $!, $*, $#
Unique String Substitutions
Source-Channel-Specific Rewrite Rules ($M, $N)
Destination-Channel-Specific Rewrite Rules ($C, $Q)
Direction-and-Location-Specific Rewrite Rules ($B, $E, $F, $R)
Host-Location-Specific Rewrites ($A, $P, $S, $X)
Changing the Current Tag Value, $T
Controlling Error Messages Associated with Rewriting ($?)
Handling Large Numbers of Rewrite Rules
Testing Rewrite Rules
Rewrite Rules Example

Chapter 12   Configuring Channel Definitions
Channel Keywords Listed Alphabetically
Channel Keywords Categorized by Function
Configuring Channel Defaults
Configuring SMTP Channels
Configuring SMTP Channel Options
SMTP Command and Protocol Support
TCP/IP Connection and DNS Lookup Support
SMTP Authentication, SASL, and TLS
Using Authenticated Addresses from SMTP AUTH in Header
Specifying Microsoft Exchange Gateway Channels
Transport Layer Security
Configuring Message Processing and Delivery
Setting Channel Directionality
Implementing Deferred Delivery Dates
Specifying the Retry Frequency for Messages that Failed Delivery
Processing Pools for Channel Execution Jobs
Service Job Limits
Setting Connection Transaction Limits
Message Priority Based on Size
SMTP Channel Threads
Expansion of Multiple Addresses
Enable Service Conversions
Configuring Address Handling
Address Types and Conventions
Interpreting Addresses that Use ! and %
Adding Routing Information in Addresses
Disabling Rewriting of Explicit Routing Addresses
Address Rewriting Upon Message Dequeue
Specifying a Host Name to Use When Correcting Incomplete Addresses
Legalizing Messages Without Recipient Header Lines
Stripping Illegal Blank Recipient Headers
Enabling Channel-Specific Use of the Reverse Database
Enabling Restricted Mailbox Encoding
Generating of Return-path: Header Lines
Constructing Received: Header Lines from Envelope To: and From: Addresses
Handling Comments in Address Header Lines
Handling Personal Names in Address Header Lines
Specifying Alias File and Alias Database Probes
Subaddress Handling
Enabling Channel-specific Rewrite Rules Checks
Removing Source Routes
Specifying Address Must be from an Alias
Configuring Header Handling
Rewriting Embedded Headers
Removing Selected Message Header Lines
Generating/Removing X-Envelope-to: Header Lines
Converting Date to Two- or Four-Digits
Specifying Day of Week in Date
Automatic Splitting of Long Header Lines
Header Alignment and Folding
Specifying Maximum Length Header
Sensitivity Checking
Setting Default Language in Headers
Attachments and MIME Processing
Ignoring the Encoding: Header Line
Automatic Defragmentation of Message/Partial Messages
Automatic Fragmentation of Large Messages
Imposing Message Line Length Restrictions
Limits on Messages, Quotas, Recipients, and Authentica Attempts
Limits on Unsuccessful Authentication Attempts
Specifying Absolute Message Size Limits
Retargeting Messages Exceeding Limit on Size or Recipients
Handling Mail Delivery to Over Quota Users
Handling SMTP Mail with Lines Exceeding 1000 Characters
Controlling the Length of General and Filename Content-type and Content-disposition Parameters
Limiting Message Recipients
Limiting Header Size
File Creation in the MTA Queue
Controlling How Multiple Addresses on a Message are Handled
Spreading a Channel Message Queue Across Multiple Subdirectories
Setting Session Limits
Configuring Logging and Debugging
Logging Keywords
Debugging Keywords
Setting Loopcheck
Miscellaneous Keywords
Process Channel Overrides
Channel Operation Type
Pipe Channel
Specifying Mailbox Filter File Location
Spam Filter Keywords
Routing After Address Validation But Before Expansion
NO-SOLICIT SMTP Extension Support
Setting Limits on Bad RCPT TO: Addresses

Chapter 13   Using Pre-defined Channels
To Deliver Messages to Programs Using the Pipe Channel
To Configure the Native (/var/mail) Channel
To Temporarily Hold Messages Using the Hold Channel
The Conversion Channel
MIME Overview
Selecting Traffic for Conversion Processing
To Control Conversion Processing
To Bounce, Delete, or Hold Messages Using the Conversion Channel Output
Conversion Channel Example
Automatic Arabic Character Set Detection
Character Set Conversion and Message Reformatting
Character Set Conversion
Message Reformatting
Service Conversions

Chapter 14   Integrating Spam and Virus Filtering Programs Into Messaging Server
Integrating Spam Filtering Programs Into Messaging Server—Theory of Operations
Deploying and Configuring Third Party Spam Filtering Programs
Loading and Configuring the Spam Filtering Software Client Library
Specifying the Messages to Be Filtered
Specifying Actions to Perform on Spam Messages
Using Symantec Brightmail Anti-Spam
How Brightmail Works
Brightmail Requirements and Performance Considerations
Deploying Brightmail
Brightmail Configuration Options
Using SpamAssassin
SpamAssassin Overview
SpamAssassin/Messaging Server Theory of Operations
SpamAssassin Requirements and Usage Considerations
Deploying SpamAssassin
SpamAssassin Configuration Examples
Testing SpamAssassin
SpamAssassin Options
Using Symantec Anti-Virus Scanning Engine (SAVSE)
SAVSE Overview
SAVSE Requirements and Usage Considerations
Deploying SAVSE
SAVSE Configuration Example
SAVSE Options
Support for Sieve Extensions

Chapter 15   LMTP Delivery
LMTP Delivery Features
Messaging Processing in a Two-Tier Deployment Without LMTP
Messaging Processing in a Two-Tier Deployment With LMTP
LMTP Overview
Configuring LMTP Delivery
To Configure the Inbound MTA Relays with LMTP
Configuring the Back End Stores with LMTP and No MTA
Configuring Relays for Sending Messages Via LMTP to Back End Systems with Message Stores and Full MTAs
Configuring LMTP on Back End Message Store Systems Having Full MTAs
LMTP Protocol as Implemented

Chapter 16   Vacation Automatic Message Reply
Vacation Autoreply Overview
Configuring Autoreply
Configuring Autoreply on the Back-end Store System
Configuring Autoreply on the Relay
Vacation Autoreply Theory of Operation
Vacation Autoreply Attributes

Chapter 17   Mail Filtering and Access Control
Controlling Access with Mapping Tables
Access Control Mapping Tables—Operation
Access Control Mapping Table Flags
FROM_ACCESS Mapping Table
PORT_ACCESS Mapping Table
To Limit Specified IP Address Connections to the MTA
When Access Controls Are Applied
To Test Access Control Mappings
To Add SMTP Relaying
Allowing SMTP Relaying for External Sites
Configuring SMTP Relay Blocking
How the MTA Differentiates Between Internal and External Mail
Differentiate Authenticated Users' Mail
Prevent Mail Relay
To Use DNS Lookups Including RBL Checking for SMTP Relay Blocking
Handling Large Numbers of Access Entries
Sieve Filter Support
Sieve Filtering Overview
To Create User-level Filters
To Create Channel-level Filters
To Create MTA-Wide Filters
Routing Discarded Messages Out the FILTER_DISCARD Channel
To Debug User-level Filters
imsimta test -exp Output
imsimta test -exp Syntax

Chapter 18   Managing the Message Store
Message Store Directory Layout
How the Message Store Removes Messages
Specifying Administrator Access to the Store
To Add an Administrator
To Modify an Administrator Entry
To Delete an Administrator Entry
About Shared Folders
Shared Folder Access Rights
Shared Folder Tasks
To Create a Public Folder
To Change a Public Folder’s Access Control Rights
To Enable or Disable Listing of Shared Folders
To Set Up Distributed Shared Folders
To Monitor and Maintain Shared Folder Data
About Message Store Quotas
User Quotas
Domain Quotas
Exceptions for Telephony Application Servers
Configuring Message Store Quotas
To Specify a Default User Quota
To Specify Individual User Quotas
To Specify Domain Quotas
To Deploy Quota Notification
To Enable or Disable Quota Enforcement
To Set a Grace Period
Netscape Messaging Server Quota Compatibility Mode
To Set the Automatic Message Removal (Expire and Purge) Feature
imexpire Theory of Operation
To Deploy the Automatic Message Removal Feature
Configuring Message Store Partitions
To Add a Partition
To Move Mailboxes to a Different Disk Partition
Changing the Default Message Store Partition Definition
Performing Message Store Maintenance Procedures
To Manage Mailboxes
To Monitor Quota Limits
To Monitor Disk Space
Using the stored Utility
Reducing Message Store Size Due to Duplicate Storage of Identical Messages
Backing Up and Restoring the Message Store
Creating a Mailbox Backup Policy
To Create Backup Groups
Messaging Server Backup and Restore Utilities
Excluding Bulk Mail When You Perform Backups
Considerations for Partial Restore
To Restore Messages from a Mailbox that has Been Incrementally Backed-up
To Use Legato Networker
To Use a Third Party Backup Software (Besides Legato)
Troubleshooting Backup and Restore Problems
Message Store Disaster Backup and Recovery
Monitoring User Access
Troubleshooting the Message Store
Standard Message Store Monitoring Procedures
Message Store Startup and Recovery
Repairing Mailboxes and the Mailboxes Database
Common Problems and Solutions

Chapter 19   Configuring Security and Access Control
About Server Security
About HTTP Security
Configuring Authentication Mechanisms
To Configure Access to Plaintext Passwords
To Transition Users
User Password Login
IMAP, POP, and HTTP Password Login
SMTP Password Login
Configuring Encryption and Certificate-Based Authentication
Obtaining Certificates through the Administration Console
To Create Self-signed Certificates
To Enable SSL and Selecting Ciphers
To Set Up Certificate-Based Login
How to Optimize SSL Performance Using the SMTP Proxy
Network Security Services Tools
Managing Certificates and Keys
Configuring Administrator Access to Messaging Server
Hierarchy of Delegated Administration
To Provide Access to the Server as a Whole
To Restrict Access to Specific Tasks
Configuring Client Access to POP, IMAP, and HTTP Services
How Client Access Filters Work
Filter Syntax
Filter Examples
To Create Access Filters for Services
To Create Access Filters for HTTP Proxy Authentication
Enabling POP Before SMTP
To Install the SMTP Proxy
Configuring Client Access to SMTP Services
User/Group Directory Lookups Over SSL

Chapter 20   Administering S/MIME for Communications Express Mail
What is S/MIME?
Concepts You Need to Know
Required Software and Hardware Components
Requirements for Using S/MIME
Private and Public Keys
Keys Stored on Smart Cards
Keys Stored on the Client Machine
Publish Public Keys in LDAP Directory
Give Mail Users Permission to Use S/MIME
Multi-language Support
Getting Started After Installing Messaging Server
The S/MIME Applet
A Basic S/MIME Configuration
Accessing LDAP for Public Keys, CA certificates and CRLs Using Credentials
Parameters of the smime.conf File
Messaging Server Options
Securing Internet Links With SSL
Securing the Link Between Messaging Server and Communications Express Mail
Securing the Link Between the Messaging Server and S/MIME Applet
Key Access Libraries for the Client Machines
Verifying Private and Public Keys
Finding a User’s Private or Public Key
When is a Certificate Checked Against a CRL?
Accessing a CRL
Proxy Server and CRL Checking
Using a Stale CRL
Determining Which Message Time to Use
Trouble Accessing a CRL
When a Certificate is Revoked
Granting Permission to Use S/MIME Features
S/MIME Permission Examples
Managing Certificates
CA Certificates in an LDAP Directory
Public Keys and Certificates in an LDAP Directory
Verifying That Keys and Certificates Exist in the LDAP Directory
Network Security Services Certificates
Communications Express S/MIME End User Information
Logging In for the First Time
Signature and Encryption Settings
Enabling the Java Console

Chapter 21   Managing Logging
Overview of Logging
Types of Logging Data
Types of Messaging Server Log Files
Tracking a Message Across the Various Log Files
Tools for Managing Logging
Managing MTA Message and Connection Logs
Understanding the MTA Log Entry Format
Enabling MTA Logging
Specifying Additional MTA Logging Options
MTA Message Logging Examples
Enabling Dispatcher Debugging
Managing Service Logs
Understanding Service Log Characteristics
Understanding Service Log File Format
Defining and Setting Service Logging Options
Searching and Viewing Service Logs
Working With Service Logs
Using Message Tracing for Message Store Logging
Message Store Logging Examples

Chapter 22   Troubleshooting the MTA
Troubleshooting Overview
Standard MTA Troubleshooting Procedures
Check the MTA Configuration
Check the Message Queue Directories
Check the Ownership of Critical Files
Check that the Job Controller and Dispatcher are Running
Check the Log Files
Run a Channel Program Manually
Starting and Stopping Individual Channels
An MTA Troubleshooting Example
Common MTA Problems and Solutions
TLS Problems
Changes to Configuration Files or MTA Databases Do Not Take Effect
The MTA Sends Outgoing Mail but Does Not Receive Incoming Mail
Dispatcher (SMTP Server) Won’t Start Up
Timeouts on Incoming SMTP connections
Messages are Not Dequeued
MTA Messages are Not Delivered
Messages are Looping
Received Message is Encoded
Server-Side Rules (SSR) Are Not Working
Asterisks in the Local Parts of Addresses or Received Fields
General Error Messages
Errors in mm_init
Compiled Configuration Version Mismatch
Swap Space Errors
File open or create errors
Illegal Host/Domain Errors
Errors in SMTP channels: os_smtp_* errors

Chapter 23   Monitoring the Messaging Server
Automatic Monitoring and Restart
Daily Monitoring Tasks
Checking postmaster Mail
Monitoring and Maintaining the Log Files
Setting Up the msprobe Utility
Monitoring System Performance
Monitoring End-to“stored” on page 816-end Message Delivery Times
Monitoring Disk Space
Monitoring CPU Usage
Monitoring the MTA
Monitoring the Size of the Message Queues
Monitoring Rate of Delivery Failure
Monitoring Inbound SMTP Connections
Monitoring the Dispatcher and Job Controller Processes
Monitoring LDAP Directory Server
Monitoring slapd
Monitoring Message Access
Monitoring imapd, popd and httpd
Monitoring stored
Monitoring the Message Store
Monitoring the State of Message Store Database Locks
Monitoring the Number of Database Log Files in the mboxlist Directory
Utilities and Tools for Monitoring
Log Files
imsimta counters
imsimta qm counters
MTA Monitoring Using SNMP
imquotacheck for Mailbox Quota Checking
Monitoring Using msprobe and watcher Functions

Appendix A   SNMP Support
SNMP Implementation
SNMP Operation in the Messaging Server
Configuring SNMP Support for the Messaging Server on Solaris 8
Monitoring from an SNMP Client
Co-existence with Other Sun Java System Products on Unix Platforms
SNMP Information from the Messaging Server

Appendix B   Administering Event Notification Service in Messaging Server
Loading the ENS Publisher in Messaging Server
To Load the ENS Publisher on Messaging Server
Running Sample Event Notification Service Programs
To Run the Sample ENS Programs
Administering Event Notification Service
Starting and Stopping ENS
To Start and Stop ENS
iPlanet Event Notification Service Configuration Parameters

Appendix C   Managing Mail Users and Mailing Lists with the Console Interface (NOT RECOMMENDED)
Managing Mail Users
To Access Mail Users
To Specify User Email Addresses
To Configure Delivery Options
To Specify Forwarding Addresses
To Configure Auto-Reply Settings
To Configure Authorized Services
Managing Mailing Lists
To Access Mailing Lists
To Specify Mailing List Settings
To Specify List Members
To Define Message-Posting Restrictions
To Define Moderators

Appendix D   Short Message Service (SMS)
SMS Channel Theory of Operation
Directing Email to the Channel
The Email to SMS Conversion Process
The SMS Message Submission Process
Site-defined Address Validity Checks and Translations
Site-defined Text Conversions
SMS Channel Configuration
Adding an SMS Channel
Creating an SMS Channel Option File
Available Options
Adding Additional SMS Channels
Adjusting the Frequency of Delivery Retries
Sample One-Way Configuration (MobileWay)
Configuring the SMS Channel for Two-Way SMS
SMS Gateway Server Theory of Operation
Function of the SMS Gateway Server
Behavior of the SMPP Relay and Server
Remote SMPP to Gateway SMPP Communication
SMS Reply and Notification Handling
SMS Gateway Server Configuration
Setting Up Bidirectional SMS Routing
Enabling and Disabling the SMS Gateway Server
Starting and Stopping the SMS Gateway Server
SMS Gateway Server Configuration File
Configuring Email-To-Mobile on the Gateway Server
Configuring Mobile-to-Email Operation
Configuration Options
Global Options
SMPP Relay Options
SMPP Server Options
Gateway Profile Options
Configuration Example for Two-Way SMS
SMS Gateway Server Storage Requirements

Appendix E   Installation Worksheets
Directory Server Installation
Administration Server Initial Runtime Configuration
Directory Server Setup Script (
Messaging Server Initial Runtime Configuration



Copyright      Index      Next     

Copyright 2005 Sun Microsystems, Inc. All rights reserved.