test

Sun Java System Messaging Server 6 2005Q4 Administration Guide

Chapter 1 Post-install Tasks and Layout

This chapter assumes that you have read the Sun Java System Communications Services 6 2005Q4 Deployment Planning Guide) and installed Messaging Server with the Sun JavaTM Enterprise System installer. See the Sun Java Enterprise System 2005Q4 Installation Guide. Performing the following tasks should get you to a point where you have a functioning Messaging Server. You will still want to customize your deployment as well as provision and/or migrate users and groups. Customizing is described in the later chapters of this guide. Provisioning is described in theSun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.

This chapter consists of the following sections:

Creating UNIX System Users and Groups

System users run specific server processes, and privileges need to be given to these users so that they have appropriate permissions for the processes they are running.

Set up a system user account and group for all Sun Java System servers, and set permissions for the directories and files owned by that user. To do so, follow the steps below.

Note –

For security reasons, in some deployments it may be desirable to have different system administrators for different servers. This is done by creating different system users and groups per server. For example, the system user for Messaging Server would be different from the system user for Web Server, and system administrators Messaging Server would not be able to administer the Web Server.

ProcedureTo Create UNIX System Users and Groups

Steps

  1. Log in as superuser.

  2. Create a group to which your system users will belong.

    In the following example, the mailsrv group is created:


    # groupadd mail

  3. Create the system user and associate it with the group you just created. In addition, set the password for that user.

    In the following example, the user mail is created and associated with the mailsrv group:


    #useradd -g mail mailsrv

    useradd and usermod commands are in /usr/sbin. See UNIX man pages for more information.

  4. You might also need to check the /etc/group and /etc/passwd files to be sure that the user has been added to the system group that you created.

    Note –

    Should you decide not to set up UNIX system users and groups prior to installing Messaging Server, you will be able to specify them when you run the Creating the Initial Messaging Server Runtime Configuration.

To Prepare Directory Server for Messaging Server Configuration

This section provides instructions on how to run the Directory Server Setup script (comm_dssetup.pl) that configures your LDAP Directory Server to work with your Messaging Server, Calendar Server, or User Management Utility configurations. The comm_dssetup.pl script prepares the Directory Server by setting up new schema, index, and configuration data in your Directory Server. It must be run for new installations of Messaging Server and Communications Express. It is also a good idea to run the latest comm_dssetup.pl if you are upgrading any of the component products that depend on Directory Server.

The following topics are explained:

Location of comm_dssetup.pl

In earlier versions of Java Enterprise System, this utility was bundled with Messaging Server and Calendar Server and did not have to be separately installed. However, starting with Java Enterprise System 2005Q1, the script is now a separately installable shared component.

To install comm_dssetup.pl, choose one of the following methods:

As installed, comm_dssetup.pl is found in the following directory:

Solaris: /opt/SUNWcomds/sbin

Linux: /opt/sun/comms/dssetup/sbin

comm_dssetup.pl Requirements

Before you run the comm_dssetup.pl script, be sure to read the following requirements:

Running the comm_dssetup.pl Script

You can either run comm_dssetup.pl in interactive or silent mode as described in the following sections:

Use the Installation Worksheets in Table E–3 to record your answers.

ProcedureTo Run comm_dssetup.pl in Interactive Mode

The following questions will be asked if you specify comm_dssetup.pl without any arguments:

Steps

  1. Introduction


    # perl comm_dssetup.pl

Welcome to the Directory Server preparation tool for Java Enterprise 
Communications Server.(Version X.X Revision X.X)
This tool prepares your directory server for Sun Java System Messaging 
Server install.

The logfile is /var/tmp/dssetup_YYYYMMDDHHSS

Do you want to continue [y]:

    Press Enter to continue. Type No to exit.

  2. Installation Root of Directory Server


    Please enter the full path to the directory where the Java 
Enterprise Directory Server was installed.

Directory server root [/var/opt/mps/serverroot]

    Indicate the location of the installation root of the Directory Server on the Directory Server machine. Note that the Directory server root location is different on Linux.

  3. Directory Server Instance


    Please select a directory server instance from the following list:

[1]   slapd-varrius

Which instance do you want [1]:

    If multiple instances of Directory Server reside on the machine, choose the one that will be configured with Messaging Server.

  4. Directory Manager Distinguished Name (DN)


    Please enter the directory manager DN [cn=Directory Manager]:

Password:

    The Directory Manager DN (cn=Directory Manager) is the administrator who is responsible for the user and group data in the Organization Tree. Be sure that the Directory Manager DN you specify in this script is the same DN that you set up in your Directory Server installation as well as your Messaging Server installation.

  5. User and Group Directory Server


    Will this directory server be used for users/groups [Yes]:

    If you type Yes, more questions will be asked regarding the user/group tree.

    If you type No, it is assumed that this directory instance is only used to store configuration data; you will skip to the question about updating schema files. After you finish running this script against the configuration directory instance, you need to run this script against the directory instance that stores user and group data before moving on in the installation process.

  6. User and Group Base Suffix


    Please enter the Users/Groups base suffix [o=usergroup]:

    The User and Group base suffix is the top entry in the Organization Tree which holds the namespace for user and group entries. Be sure that the User and Group base suffix you select is the same as what you specified during your Directory Server installation and in your Messaging Server installation.

    Note –

    If you installed Access Manager, be sure the suffix specified in Access Manager installation is the same as what you specify for this question. If you do not use the same suffix, Messaging Server will not recognize your Access Manager installation.

    For more information on the Organization Tree, see LDAP Directory Information Tree Requirements in Sun Java System Communications Services 6 2005Q4 Deployment Planning Guide and Chapter 12, “Provisioning and Schema Concepts for Messaging Server 6.0” in the Sun Java Enterprise System 2003Q4 Installation Guide.

  7. Schema Type


    There are 3 possible schema types:
  1   - schema 1 for systems with iMS 5.x data
  1.5 - schema 2 compatibility for systems with iMS 5.x data
        that has been converted with commdirmig
  2   - schema 2 native for systems using Access Manager

Please enter the Schema Type (1, 1.5, 2) [1]:

    Choose Option 1 if you are planning to use Sun LDAP Schema 1.

    Choose Option 1.5 if you plan to use Sun LDAP Schema 2, Compatibility Mode. For more information, see the Sun Java System Communications Services 6 2005Q4 Schema Migration Guide.

    Choose Option 2 if you plan to use Sun LDAP Schema 2, Native Mode.

    comm_dssetup.pl will no longer terminate if Access Manager is not installed. Instead it will warn you that Access Manager is not installed and offer to install schema 2 for you. The warning screen looks like this:


    Please enter the Schema Type (1, 1.5, 2) [1]: 2

Access Manager has not been configured for this new user/group suffix

You can opt to continue, but you will not be able to use features
that depend on Access Manager

Are you sure you want this schema type? [n]:

    For more information on your schema options, see Chapter 8, Understanding Schema and Provisioning Options, in Sun Java System Communications Services 6 2005Q4 Deployment Planning Guide.

  8. Domain Component (DC) Tree Base Suffix


    Please enter the DC Tree base suffix [o=internet]:
    Note –

    In Step 7, if you choose Option 1 or 1.5, you will be asked to provide your DC Tree Base Suffix. If you choose Option 2 - Sun LDAP Schema 2 - Native Mode, you will not be asked this question.

    The DC Tree mirrors the local DNS structure and is used by the system as an index to the Organization Tree that contain the user and group data entries. The DC Tree base suffix is the name of the top entry on the DC tree. You can either choose the default o=internet or another name.

    For more information on the DC Tree or the Organization Tree, see LDAP Directory Information Tree Requirements in Sun Java System Communications Services 6 2005Q4 Deployment Planning Guide and Chapter 12, “Provisioning and Schema Concepts for Messaging Server 6.0” in the Sun Java Enterprise System 2003Q4 Installation Guide.

  9. Updating Schema Files


    Do you want to update the schema files [yes]:

    If you answer Yes, new elements will be added to your schema. It is recommended that you update the Directory with the new schema files each time you install newer versions of Messaging Server.

  10. Configuring New Indexes


    Do you want to configure new indexes [yes]:

    If you answer Yes to the question of whether or not this directory server be used for users/groups (Step 5), you will be asked if you want to configure new indexes, which are used to create caches to improve efficiency of directory searches. It is recommended that you answer Yes to this question. However, there are several conditions under which you wouldn’t want to create the indexes:

    • If this is for a master user/group Directory Server that is only used to serve replicas, that is, there are no direct queries done against the user/group Directory Server.

    • If you have a production user/group Directory Server with lots of entries in which you don’t want a lot of downtime while the indexes are created.

  11. Summary of Settings


    Here is a summary of the settings that you chose:
  Server Root                        : /var/opt/mps/serverroot/
  Server Instance                    : slapd-varrius
  Users/Groups Directory             : Yes
  Update Schema                      : yes
  Schema Type                        : 1
  DC Root                            : o=internet
  User/Group Root                    : o=usergroup
  Add New Indexes                    : yes
  Directory Manager DN               : cn=Directory Manager

Now ready to generate a shell script and ldif file to modify 
the Directory.
No changes to the Directory Server will be made this time.

Do you want to continue [y]:

    A summary of your settings will be displayed before your directory configuration is updated. No changes will be made at this time.

    Note –

    In Step 7, if you choose Option 2: Sun LDAP Schema 2 - Native Mode, the DC Root in the Summary of Settings will be the same value that you entered for the User/Group Root.

    If you want to change any of your settings, enter No and run the script again.

    If you enter Yes to continue, the comm_dssetup.pl script will create an LDIF file and a shell script that will be used to update the indexes and schema in your directory server:


    /var/tmp/dssetup_YYYYMMDDHHMMSS.sh
/var/tmp/dssetup_YYYYMMDDHHMMSS.ldif

    where YYYYMMDDHHMMSS indicates the time and date stamps when the files were created.

    Note –

    You can either choose to run the script now or later. If you choose to run the script now, type Yes when asked if you want to continue. If you want to run the script later, you can invoke the script by using /var/tmp/dssetup_YYYYMMDDHHMMSS.sh.

ProcedureTo Run comm_dssetup.pl in Silent Mode

Step

    To enable the silent mode, specify all the arguments at one time on a single line:


    # perl comm_dssetup.pl -i yes|no -R yes|no -c \
Directory_Svr_Root -d Directory_instance \
 -r DC_tree -u User_Group_suffix -s yes|no \
-D "DirectoryManagerDN" \
  -w password -b yes|no -t 1|1.5|2 \
-m yes|path-to-schema-files]

    For example:


    # perl comm_dssetup.pl -i yes -c /var/opt/mps/serverroot -d slapd-budgie 
-r o=internet -u o=usergroup -s yes -D "cn=Directory Manager"  
-w password -b yes -t 1 -m yes

    The options for this command are:

    Option 

    Description 

    -i yes|no

    Answers the following question: “Do you want to configure new indexes?” Specify yes to configure new indexes. Specify no if you don’t want to configure new indexes.

    -R yes|no

    Execute reindexing if new indexes found and -m yes is given 

    -c Directory_Svr_Root

    Directory Server Root path name. For example: /var/opt/mps/serverroot

    -d Directory_instance

    Directory Server instance subdirectory. For example: slapd-budgie

    -r DC_tree

    DC tree suffix. For example: o=internet

    -u User_Group_suffix

    User/Group suffix. Example: o=usergroup

    -s yes|no

    Answers the following question: “Do you want to update the schema?” Specify yes to update the schema files. Specify no if you don’t want to update the schema files.

    -D DirectoryManagerDN

    Directory Manager DN. For example, "cn=Directory Manager"

    -w password

    Directory Manager password 

    -b yes|no

    Answers the following question: “Will this directory server be used for users and groups?” Specify yes if the directory server will be used for configuration and user/groups. Specify no if this directory will be only used for configuration data.

    -t 1|1.5|2

    Determines the schema version that you want to use for your Messaging Server: 

    • Choose 1 for Sun LDAP Schema 1.

    • Choose 1.5 for Sun LDAP Schema 2 (Compatibility Mode). See the Sun Java System Communications Services Schema Migration Guide for more information.

    • Choose 2 for Sun LDAP Schema 2 (Native Mode).

    -m yes|no

    Answers the following question: “Do you want to modify the directory server?” Specify yes to modify the directory. Specify no if you don’t want to modify the directory.

    -S path-to-schema-files

    Specifies the directory path to schema files. For example: ./schema.

    Once you set all the options for the comm_dssetup.pl script, you will see the following summary screen before the script runs:


    Here is a summary of the settings that you chose:
  Server Root                        : /var/opt/mps/serverroot/
  Server Instance                    : slapd-budgie
  Users/Groups Directory             : Yes
  Update Schema                      : yes
  Schema Type                        : 1
  DC Root                            : o=internet
  User/Group Root                    : o=usergroup
  Add New Indexes                    : yes
  Schema Directory                   : ./schema
  Directory Manager DN               : "cn=Directory Manager"

    Each option is further described in To Run comm_dssetup.pl in Interactive Mode.

Creating the Initial Messaging Server Runtime Configuration

The initial runtime configuration program provides a configuration to get your Messaging Server up and running. It is meant to create an initial runtime configuration to setup a generic functional messaging server configuration. Thus it gives you a base working configuration from which you can make your specific customization. The program is only meant to be run once. Subsequent running of this program will result in your configuration being overwritten. To modify your initial runtime configuration, use the configuration utilities described here and in the Sun Java System Messaging Server 6 2005Q4 Administration Reference.

Messaging Server Prerequisites

Before running the initial runtime configuration program, you must:

Messaging Server Configuration Checklist

When you run the Messaging Server initial runtime configuration program, record your parameters in Table E–2. To answer certain questions, refer to your Directory and Administration Server installation checklists in Appendix E, Installation Worksheets.

ProcedureTo Run the Configure Program

This procedure walks you through configuring the Messaging Server initial runtime configuration.

Steps

  1. Ensure in your setup that DNS is properly configured and that it is clearly specified how to route to hosts that are not on the local subnet.

    • The /etc/defaultrouter should contain the IP address of the gateway system. This address must be on a local subnet.

    • The /etc/resolv.conf exists and contains the proper entries for reachable DNS servers and domain suffixes.

    • In /etc/nsswitch.conf, the hosts: and ipnodes: line has the files, dns and nis keywords added. The keyword files must precede dns and nis. So if the lines look like this:


      hosts:  nis dns files
ipnodes:  nis dns files

      They should be changed to this:


      hosts:  files nis dns
ipnodes:  files nis dns

    • Make sure that the FQDN is the first host name in the /etc/hosts file.

      If your Internet host table in your /etc/hosts file looks like this:


      123.456.78.910 budgie.west.sesta.com
123.456.78.910 budgie loghost mailhost

      Change it so that there is only one line for the IP address of the host. Be sure the first host name is a fully qualified domain name. For example:


      123.456.78.910 budgie.west.sesta.com budgie loghost mailhost

    • You can verify that the lines are read correctly by running the following commands:


      # getent hosts ip_address
# getent ipnodes ip_address

      If the lines are read correctly, you should see the IP address followed by the FQDN and then the other values. For example:


      # getent hosts 192.18.126.103
192.18.126.103  budgie.west.sesta.com budgie loghost mailhost

  2. Invoke the Messaging Server initial runtime configuration with the following command:


    /msg_svr_base/sbin/configure [flag]

    You might need to use the xhost(1) command if you are configuring Messaging Server on a remote system.

    The table below describes optional flags you can set with the configure program:

    Flag 

    Description 

    -nodisplay

    Invokes a command-line configuration program. 

    -noconsole

    Invokes a GUI user interface program. 

    -state [statefile]

    Uses a silent installation file. Must be used with -nodisplay and -noconsole flags. See To Perform a Silent Installation.

    Once you run the configure command, the configuration program will start:

  3. Welcome

    The first panel in the configure program is a copyright page. Select Next to continue or Cancel to exit. If you didn’t configure the administration server you will be warned, select okay to continue.

  4. Enter the Fully Qualified Host Name (FQHN).

    This is the machine on which Messaging Server will operate. When you installed the server using the Java Enterprise System installer, you probably specified the physical host name. However, if you are installing a cluster environment, you will want to use the logical hostname. Here is the chance to change what you originally specified.

  5. Select directory to store configuration and data files.

    Select the directory where you want to store the Messaging Server configuration and data files. Specify a pathname that is not under the msg_svr_base. Symbolic links will be created under msg_svr_base to the configuration and data directory. For more information on these symbolic links, see Post-Installation Directory Layout.

    Make sure you have large enough disk space set aside for these files.

  6. You will see a small window indicating that components are being loaded.

    This may take a few minutes.

  7. Select Components to Configure.

    Select the Messaging components that you want to configure.

    • Message Transfer Agent: Handles routing, delivering user mail, and handling SMTP authentication. The MTA provides support for hosted domains, domain aliases, and server-side filters.

    • Message Store: Provides the foundation for unified messaging services through its universal Message Store. Access to the message store is available through multiple protocols (HTTP, POP, IMAP). If you are only configuring a Message Store, you must also select the MTA.

    • Messenger Express: Handles the HTTP protocol retrieval of messages from the Message Store. If you are only configuring Messenger Express, you must also select the Message Store and the MTA.

    • Messaging Multiplexor: Acts as a proxy to multiple messaging server machines within an organization. Users connect to the Multiplexor server, which redirects each connection to the appropriate mail server. This component is not enabled by default. If you do check the MMP as well as the Message Store, they will be enabled on the same system; a warning message will appear for you to change your change port numbers after configuration. For instructions on doing so, see Post-Installation Port Numbers.

      To configure the MMP, see Chapter 7, Configuring and Administering Multiplexor Services.

      Check any components you want to configure, and uncheck those components you do not wish to configure.

  8. Enter the system user name and the group that will own the configured files.

    For information on setting up system users and groups, see Creating UNIX System Users and Groups.

  9. Configuration Directory Server Panel

    Enter your Configuration Directory LDAP URL, Administrator and Password. This is taken from the Administration Server configuration.

    Gather the Configuration Server LDAP URL from your Directory Server installation. See the Directory Server Installation worksheet from Table E–1.

    The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, the Messaging Server). It also has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is cn=Directory Manager and is set during Directory Server configuration.

    Note –

    If you select something other than the default, you will have a mismatch between the Administration Server and the configuration Directory Server. This will require manual post-configuration steps. So modify this entry only if you really know what you are doing.

  10. User/Group Directory Server Panel

    Enter your Users and Groups Directory LDAP URL, Administrator and Password.

    Gather the User/Group Server LDAP URL information from the host and post number information from your Directory Server installation. See the Directory Server Installation worksheet from Table E–1.

    The Directory Manager has overall administrator privileges on the Directory Server and all Sun Java System servers that make use of the Directory Server (for example, the Messaging Server) and has full administration access to all entries in the Directory Server. The default and recommended Distinguished Name (DN) is cn=Directory Manager and is set during Directory Server configuration.

    If you are installing against a replicated Directory Server instance, you must specify the credentials of the replica, not the master directory.

  11. Postmaster Email Address

    Enter a Postmaster Email Address.

    Select an address that your Administrator will actively monitor. For example, pma@siroe.com for a postmaster on the siroe domain. This address cannot begin with “Postmaster.”

    The user of the email address is not automatically created. Therefore, you will need create it by using a provisioning tool.

  12. Password for administrator accounts

    Enter an initial password that will be used for service administrator, server, user/group administrator, end user administrator privileges as well as PAB administrator and SSL passwords.

    After the initial runtime configuration, you might change this password for individual administrator accounts. For more information, see To Modify Your Passwords.

  13. Default Email Domain

    Enter a Default Email Domain.

    This email domain is the default that is used if no other domain is specified. For example, if siroe.com is the default email domain, then the is the domain to which messages addressed to user IDs without a domain will be sent.

    If you are using the User Management Utility, the command-line interface for provisioning users and groups with Sun LDAP Schema 2, you will want to specify the same default domain during its configuration. For more information, see the Sun Java System Communications Services 6 2005Q4 Delegated Administrator Guide.

  14. Organization DN

    Enter an Organization DN under which users and groups will be created. The default is the email domain prepended to the user/group suffix.

    For example, if your user/group suffix is o=usergroup, and your email domain is siroe.com, then the default is o=siroe.com, o=usergroup (where o=usergroup is your user/group Directory suffix which was specified in Creating UNIX System Users and Groups.

    If you choose the same your user/group Directory suffix as your Organization DN, you may have migration problems if you decide to create a hosted domain. If you want to set up a hosted domain during initial runtime configuration, then specify a DN one level below the User/Group suffix.

  15. Ready to Configure

    The configuration program will check for enough disk space on your machine and then outline the components it is ready to configure.

    To configure the Messaging components, select Configure Now. To change any of your configuration variables, select Back. Or to exit from the configuration program, select Cancel.

  16. Starting Task Sequence, Sequence Completed, and Installation Summary Panels

    You can read the installation status by selecting Details on the final Installation Summary page. To exit the program, select Close.

    A log file is created in /msg_svr_base/install/configure_YYYYMMDDHHMMSS.log, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the configuration.

    An initial runtime configuration is now set up for your Messaging Server. To change any configuration parameter, refer to other parts of this document for instructions on doing so.

    To start Messaging Server, use the following command:


    /opt/SUNWmsgsr/sbin/start-msg

ProcedureTo Perform a Silent Installation

The Messaging Server initial runtime configuration program automatically creates a silent installation state file (called saveState) that can be used to quickly configure additional Messaging Server instances in your deployment where the Messaging Server Solaris packages have been installed. All of your responses to the configuration prompts are recorded in that file.

By running the silent installation, you instruct the configure program to read the silent installation state file. The configure program uses the responses in this file rather than ask the same installation questions again for subsequent initial runtime configurations of Messaging Server. When you use the state file in a new installation, you are not asked any questions. Instead, all of the state file responses are automatically applied as the new installation parameters.

The silent installation saveState state file is stored in the msg_svr_base/install/configure_YYYYMMDDHHMMSS directory, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the saveState file.

To use the silent installation state file to configure another Messaging Server instance on another machine in the deployment, follow these steps:

Steps

  1. Copy the silent installation state file to a temporary area on the machine where you are performing the new installation.

  2. Review and edit the silent installation state file as necessary.

    You will probably want to change some of the parameters and specifications in the state file. For example, the default email domain for the new installation may be different than the default email domain recorded in the state file. Remember that the parameters listed in the state file will be automatically applied to this installation.

  3. Run the following command to configure other machines with the silent installation file:


    msg_svr_base/sbin/configure -nodisplay -noconsole -state \ 
fullpath/saveState

    where fullpath is the full directory path of where the saveState file is located. (See Step 1 of this section).

    Note –

    After running the silent installation program, a new state file is created from the silent installation in directory location: msg_svr_base/install/configure_YYYYMMDDHHMMSS/saveState, where YYYYMMDDHHMMSS identifies the 4-digit year, month, date, hour, minute, and second of the directory containing the saveState file.

Installing Messaging Server Against a Directory Server Replica

There might be limitations that prevent you from installing Messaging Server against a Directory Server master:

ProcedureTo Install Messaging Server Against a Directory Server Replica

Steps

  1. Run the comm_dssetup.pl program against all Directory Servers including the Directory Server replicas as noted in comm_dssetup.pl Requirements.

  2. Run the Messaging configure program using the replicated Directory Server credentials as described in Creating the Initial Messaging Server Runtime Configuration.

    By default, this program is located in msg_svr_base/sbin/configure.

    Because of invalid privileges, the configure program will fail in trying to configure the Directory Server Administrators. It will, however, produce the msg_svr_base/config/*.ldif files that are needed to allow proper privileges to the Directory Server replicas.

  3. Move the *.ldif files to the Directory Server master.

  4. Run the ldapmodify command on the *.ldif files.

    See the Sun Java System Directory Server documentation for more information on ldapmodify or in the msg_svr_base/install/configure_YYYYMMDDHHMMSS.log.

  5. Run the configure program again.

    Your Directory Server replica (and master) are now configured to work with your Messaging Server.

Installing Messaging Server Provisioning Tools

The following sections provide a summary of install information about the supported provisioning tools:

Schema 1 Delegated Administrator for Messaging

Two GUI provisioning tools are available for Messaging Server, the iPlanet Delegated Administrator (Sun LDAP Schema 1) and the Communications Services Delegated Administrator (Sun LDAP Schema 2). This section discusses the former. For details on the latter see the Sun Java Enterprise System 2005Q4 Installation Guide.

To install the iPlanet Delegated Administrator (Sun LDAP Schema 1), you need to download it from the Sun Software page. Contact your Sun Java System representative for information on the download location information.

Note –

The iPlanet Delegated Administrator can only be installed after Messaging Server and Web Server are installed and configured. For more information on installing iPlanet Delegated Administrator, see the iPlanet Delegated Administrator documentation.

iPlanet Delegated Administrator is only available for those customers with existing Messaging Server 5.x installations and who are currently installing Messaging Server 6. It is not available to those customers new to the Messaging Server product.

iPlanet Delegated Administrator must be used with Sun Java System Web Server 6.0 (which is only bundled with the previous Messaging Server 5.2 product). You cannot use Web Server 6.1 (bundled with the Java Enterprise System installer) with iPlanet Delegated Administrator.

Summary of Installation Steps: To install and configure iPlanet Delegated Administrator for Messaging with Messaging Server:

Note –

When you install the following products, use the Java Enterprise System installer. Note that some of these products have their own configuration whereas other product configurators are embedded in the Java Enterprise System installer/configurator. For more information, refer to specific product documentation.

ProcedureTo Install iPlanet Delegated Administrator

Steps

  1. Be sure that either Sun Java System Directory Server 5.2 is installed and configured.

    For more information, read the appropriate Sun Java System Directory Server Installation Guide.

  2. Install and configure Messaging Server.

    Messaging Server will detect that you are using Sun LDAP Schema 1 since Sun Java System Access Manager will not be installed.

  3. Install Sun Java System Web Server 6.0 from your previous Messaging Server 5.2 bundle.

    Review the Sun Java System Web Server documentation and the Sun Java System Delegated Administrator documentation.

  4. Install iPlanet Delegated Administrator for Messaging 1.2 Patch 2.

    Contact your Sun support representative to obtain the latest version.

    Refer to the iPlanet Delegated Administrator documentation.

LDAP Provisioning Tools

Sun LDAP Schema 1 users and groups can be provisioned using the LDAP Directory tools (Schema 2 is not supported).

ProcedureTo Install Schema 1 LDAP Provisioning Tools

Steps

  1. If Directory Server is not already installed, be sure to install and configure it.

    For more information, refer to the Sun Java Enterprise System 2005Q4 Installation Guide.

  2. Configure Access Manager to recognize data in your Directory Server.

    Before Access Manager can recognize the data in your LDAP directory, you must add special object classes to entries for all organizations, groups and users that will be managed by Access Manager. If you have not done this already, do it before you start provisioning new accounts. Sample scripts are bundled in the Access Manager product to help you automatically add these object classes to your directory. For more information on these post-installation steps, see the Sun Java System Access Manager 6 2005Q1 Migration Guide.

  3. Install and configure Messaging Server with help from this guide.

    Messaging Server will detect which Sun Java System LDAP Schema you are using, depending on whether or not Access Manager is installed.

  4. Install and configure Sun Java System Web Server 6.1 to enable mail filtering in Messenger Express.

    For more information on enabling mail filtering, see Configuring Messenger Express and Communications Express Mail Filters.

    Though mail filtering is not a provisioning tool, its functionality existed in the previous GUI version of Delegated Administrator for Messaging.

  5. Refer to the Sun Java System Messaging Server documentation to perform LDAP provisioning.

    For Sun LDAP Schema 1 LDAP provisioning, use the iPlanet Messaging Server 5.2 Provisioning Guide and Sun Java System Communications Services 6 2005Q4 Schema Reference. The Schema Reference contains object classes and attributes for both Sun LDAP Schema 1 and v.2.

SMTP Relay Blocking

By default, Messaging Server is configured to block attempted SMTP relays; that is, it rejects attempted message submissions to external addresses from unauthenticated external sources (external systems are any other system than the host on which the server itself resides). This default configuration is quite aggressive in blocking SMTP relaying in that it considers all other systems to be external systems.

After installation, it is important to manually modify your configuration to match the needs of your site. Specifically, your messaging server should recognize its own internal systems and subnets from which SMTP relaying should always be accepted. If you do not update this configuration, you might encounter problems when testing your MTA configuration.

IMAP and POP clients that attempt to submit messages via Messaging Server system’s SMTP server destined for external addresses, and who do not authenticate using SMTP AUTH (SASL), will find their submission attempts rejected. Which systems and subnets are recognized as internal is typically controlled by the INTERNAL_IP mapping table, which may be found in the file msg_svr_base/config/mappings.

For instance, on a Messaging Server system whose IP address is 192.45.67.89, the default INTERNAL_IP mapping table would appear as follows:


INTERNAL_IP

  $(192.45.67.89/24)  $Y
  127.0.0.1  $Y
  *  $N

The initial entry, using the $(IP-pattern/significant-prefix-bits) syntax, is specifying that any IP address that matches the first 24 bits of 192.45.67.89 should match and be considered internal. The second entry recognizes the loopback IP address 127.0.0.1 as internal. The final entry specifies that all other IP addresses should not be considered internal.

You may add additional entries by specifying additional IP addresses or subnets before the final $N entry. These entries must specify an IP address or subnet (using the $(.../...) syntax to specify a subnet) on the left side and $Y on the right side. Or you may modify the existing $(.../...) entry to accept a more general subnet.

For instance, if this same sample site has a class C network, that is, it owns all of the 192.45.67.0 subnet, then the site would want to modify the initial entry so that the mapping table appears as follows:


INTERNAL_IP

  $(192.45.67.89/24)  $Y
  127.0.0.1  $Y
  *  $N

Or if the site owns only those IP addresses in the range 192.45.67.80-192.45.67.99, then the site would want to use:

INTERNAL_IP

! Match IP addresses in the range 192.45.67.80-192.45.67.95
  $(192.45.67.80/28)  $Y
! Match IP addresses in the range 192.45.67.96-192.45.67.99
  $(192.45.67.96/30)  $Y
  127.0.0.1  $Y
  *  $N

Note that the msg_svr_base/sbin/imsimta test-match utility can be useful for checking whether an IP address matches a particular $(.../...) test condition. The imsimta test -mapping utility can be more generally useful in checking that your INTERNAL_IP mapping table returns the desired results for various IP address inputs.

After modifying your INTERNAL_IP mapping table, be sure to issue the msg_svr_base/sbin/imsimta cnbuild and the msg_svr_base/sbin/imsimta restart utilities so that the changes take effect.

Further information on the mapping file and general mapping table format, as well as information on imsimta command line utilities, can be found in the Chapter 2, Message Transfer Agent Command-line Utilities, in Sun Java System Messaging Server 6 2005Q4 Administration Reference. In addition, information on the INTERNAL_IP mapping table can be found in To Add SMTP Relaying.

Enabling Startup After a Reboot

You can enable Messaging Server startup after system reboots by using the bootup script: msg_svr_base/lib/Sun_MsgSvr. That is, by default, Messaging Server will not restart after a system reboot unless you run this script. In addition, this script can also start up your MMP, if enabled.

ProcedureTo Enable Messaging Server After a Reboot

Steps

  1. Copy the Sun_MsgSvr script into the /etc/init.d directory.

  2. Change the following ownerships and access modes of the Sun_MsgSvr script:

    Ownership (chown(1M)) 

    Group Ownership (chgrp(1M)) 

    Access Mode (chmod(1M))  

    root (superuser)

    sys

    0744 

  3. Go to the /etc/rc2.d directory and create the following link:


    ln /etc/init.d/Sun_MsgSvr S92Sun_MsgSvr

  4. Go to the /etc/rc0.d directory and create the following link:


    ln /etc/init.d/Sun_MsgSvr K08Sun_MsgSvr

Handling sendmail Clients

If end users send messages through sendmail clients, you can configure Messaging Server to work with those clients over protocol. Users can continue to use the UNIX sendmail client.

To create compatibility between sendmail clients and Messaging Server, you can create and modify a sendmail configuration file.

Note –

Each time a new sendmail patch is applied to your system, you will need to modify the submit.cf file as described in the following instructions in To Create the sendmail Configuration File on Solaris 9 Platforms. On Solaris 8, follow the instructions in To Obtain the Proper Version of the /usr/lib/sendmail on Solaris 8.

When you upgraded previous versions of Messaging Server, the /usr/lib/sendmail binary was replaced with a component of the sendmail product. In Messaging Server, this replacement during upgrade no longer occurs. Therefore, you need to obtain the proper version of the /usr/lib/sendmail binary from the most current sendmail patch.

On Solaris OS 9 platforms, sendmail is no longer a setuid program. Instead, it is a setgid program.

ProcedureTo Obtain the Proper Version of the /usr/lib/sendmail on Solaris 8

Steps

  1. Find the file main-v7sun.mc file in directory /usr/lib/mail/cf and create a copy of this file.

    In the example in this section, a copy called sunone-msg.mc is created.

  2. In the sunone-msg.mc file, add the following lines before the MAILER macros:


    FEATURE(”nullclient’, ”smtp:rhino.west.sesta.com’)dnl
MASQUERADE_AS(”west.sesta.com’)dnl
define(”confDOMAIN_NAME’, ”west.sesta.com’)dnl

    rhino.west.sesta.com is the localhost name and west.sesta.com is the default email domain as described in Creating the Initial Messaging Server Runtime Configuration. In an HA environment, use the logical host name. See Chapter 3, Configuring High Availability for more information about logical hostnames for High Availability.

  3. Compile the sunone-msg.mc file:


    /usr/ccs/bin/make sunone-msg.cf

    The sunone-msg.mc will output sunone-msg.cf.

  4. Make a backup copy of the existing sendmail.cf file located in the /etc/mail directory.

    1. Copy and rename /usr/lib/mail/cf/sunone-msg.cf to sendmail.cf file.

    2. Move the new sendmail.cf file to the /etc/mail directory.

ProcedureTo Create the sendmail Configuration File on Solaris 9 Platforms

Steps

  1. Find the file submit.mc file in directory /usr/lib/mail/cf and create a copy of this file.

    In the example in this section, a copy called sunone-submit.mc is created.

  2. Change the following line in the file sunone-submit.mc: 


    FEATURE(”msp’)dn

    to


    FEATURE(”msp’, ”rhino.west.sesta.com’)dnl

    where rhino.west.sesta.com is the localhost name.

    rhino.west.sesta.com is the localhost name and west.sesta.com is the default email domain as described in Creating the Initial Messaging Server Runtime Configuration. In an HA environment, use the logical host name. See Chapter 3, Configuring High Availability for more information about logical hostnames for High Availability.

  3. Compile the sunone-submit.mc file:


    /usr/ccs/bin/make sunone-submit.cf

    The sunone-submit.mc will output sunone-submit.cf.

  4. Make a backup copy of the existing submit.cf file in the /etc/mail directory.

    1. Copy and rename /usr/lib/mail/cf/sunone-submit.cf file to submit.cf file.

    2. Move the new submit.cf file to the /etc/mail directory.

Configuring Messenger Express and Communications Express Mail Filters

Mail filters are accessible through Messenger Express and Communications Express. There is no need to deploy the .war file if you use only Communications Express, but to deploy the mail filters within Messenger Express you need to issue the following commands:

If you’re using Web Server as your web container : 


# cd web_svr_base/bin/https/httpadmin/bin/
# ./wdeploy deploy -u /MailFilter -i https-srvr_instance \
-v https-virtual_srvr_instance msg_svr_base/SUNWmsgmf/MailFilter.war

If using Application Server as your Web container : 


# cd app_svr_base/sbin
# ./asadmin
asadmin> deploy --user admin msg_svr_base/SUNWmsgmf/MailFilter.war

In both cases, set the following configutil parameter and restart mshttpd:


# cd msg_svr_base/sbin/# ./configutil -o "local.webmail.sieve.port" \
-v "WS_port_no|AS_port_no"# \
./stop-msg http# ./start-msg http

You can also use the Administration Console to deploy .war files; for more information please consult the Sun Java System Web Server 7 2004Q2 Administrator's Guide), or the at Sun Java System Application Server Enterprise Edition 8.1 2005Q2 Administration Guide..

Information on mail filters for end-users is available in the Messenger Express and Communications Express online help files.

Performance and Tuning

Refer to Performance Considerations for a Messaging Server Architecture in Sun Java System Communications Services 6 2005Q4 Deployment Planning Guide.

Post-Installation Directory Layout

After installing the Sun Java System Messaging Server, its directories and files are arranged in the organization described in Table 1–1. The table is not exhaustive; it shows only those directories and files of most interest for typical server administration tasks.

Table 1–1 Post-Installation Directories and Files

Directory 

Default Location and Description 

Messaging Server Base 

(msg_svr_base)

/opt/SUNWmsgsr/

(default location) 

The directory on the Messaging Server machine dedicated to holding the server program, configuration, maintenance, and information files. 

Only one Messaging Server Base directory per machine is permitted. 

Configuration 

config

msg_svr_base/config/

Contains all of the Messaging Server configuration files such as the imta.cnf and the msg.conf files.

On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the config subdirectory of the data and configuration directory (default: /var/opt/SUNWmsgsr/) that you specified in the initial runtime configuration.

Log 

log

msg_svr_base/log/

Contains the Messaging Server log files like the mail.log_current file.

On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the log subdirectory of the data and configuration directory (default: /var/opt/SUNWmsgsr/) that you specified in the initial runtime configuration.

Data 

data

msg_svr_base/data/

(required location) 

Contains databases, configuration, log files, site-programs, queues, store and message files. 

The data directory includes the config and log directories.

On Solaris and Linux platforms only: This directory is symbolically linked (on UNIX platforms) to the data and configuration directory (default: /var/opt/SUNWmsgsr/) that you specified in the initial runtime configuration.

System Administrator Programs 

sbin

msg_svr_base/sbin/

(required location) 

Contains the Messaging Server system administrator executable programs and scripts such as imsimta, configutil, stop-msg, start-msg, and uninstaller.

Library 

lib

msg_svr_base/lib/

(required location) 

Contains shared libraries, private executable programs and scripts, daemons, and non-customizable content data files. For example: imapd and qm_maint.hlp.

SDK Include Files

include

msg_svr_base/include/

(required location) 

Contains Messaging header files for Software Development Kits (SDK).

Examples 

examples

msg_svr_base/examples/

(required location) 

Contains the examples for various SDKs, such as Messenger Express AUTH SDK.

Installation Data 

install

msg_svr_base/install/

(required location) 

Contains installation-related data files such as installation log files, silent installation files, factory default configuration files, and the initial runtime configuration log files. 

Post-Installation Port Numbers

In the installation and initial runtime configuration programs, port numbers will be chosen for various services. These port numbers can be any number from 1 to 65535.

Table 1–2 lists the port numbers that are designated after installation.

Table 1–2 Port Numbers Designated During Installation

Port Number 

Service (configutil parameter)

389 

Standard Directory Server LDAP Port on the machine where you install Directory Server. This port is specified in the Directory Server installation program. (local.ugldapport)

110 

Standard POP3 Port. This port may conflict with the MMP port if installed on the same machine. (service.pop.port)

143 

Standard IMAP4 Port. This port may conflict with the MMP port if installed on the same machine. (service.imap.port)

25 

Standard SMTP Port. (service.http.smtpport)

80 

Messenger Express HTTP Port. This port may conflict with the Web Server port if installed on the same machine. (service.http.port)

992 

POP3 over SSL port. For encrypted communications. (service.pop.sslport)

993 

IMAP over SSL Port. For encrypted communications. This port may conflict with the MMP port if installed on the same machine. (service.imap.sslport)

443 

HTTP over SSL Port. For encrypted communications. (service.http.sslport)

7997 

Messaging and Collaboration Event Notification Service (ENS) Port.

27442 

Port that is used Job Controller for internal product communication. 

49994 

Port that is used by the Watcher for internal product communication. See the Sun Java System Messaging Server Administration Guide for more information on the Watcher. (local.watcher.port)

user-specified 

Administration Server HTTP Port. (For listening to Console requests).

If certain products are installed on the same machine, you will encounter port number conflicts. Table 1–3 shows potential port number conflicts.

Table 1–3 Potential Port Number Conflicts

Conflicting Port Number 

Port 

Conflicting Port 

143 

IMAP Server

MMP IMAP Proxy

110 

POP3 Server

MMP POP3 Proxy

993 

IMAP over SSL

MMP IMAP Proxy with SSL

80 

Web Server port 

Messenger Express 

If possible, you should install products with conflicting port numbers on separate machines. If you are unable to do so, then you will need to change the port number of one of conflicting products.

ProcedureTo Change Port Numbers

Step

    Use the configutil utility to change port numbers.

    See the configutil in Sun Java System Messaging Server 6 2005Q4 Administration Reference for complete syntax and usage.

Example 1–1 Changing the Messenger Express HTTP Port Number

The following example uses the service.http.port configutil parameter to change the Messenger Express HTTP port number to 8080.


configutil -o service.http.port -v 8080