These release notes contain important information available at the time of the version 5.0 release of iPlanet Messaging Server. Features and enhancements, installation notes, known problems, and other late-breaking issues are addressed here. Read this document before you begin using iPlanet Messaging Server.
An electronic version of these release notes can be found at the iPlanet documentation web site: http://docs.iplanet.com/docs/manuals/messaging/ims50/relnotes/relnotes.htm. Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.
These release notes contain the following sections:
iPlanet Messaging Server 5.0 provides a powerful and flexible solution to the email needs of enterprises and messaging hosts of all sizes using open Internet standards.
iPlanet Messaging Server 5.0 is a "best of breed" integration of the Netscape Messaging Server and Sun Internet Messaging Server. The most robust and highest performing components of each product have been combined to produce the iPlanet Messaging Server. For example, the message store, LDAP directory, and Administration Console come from Netscape Messaging Server, while the message transfer agent (MTA) and delegated administrator command line interface comes from Sun Internet Mail Server.
Because this is an integrated product, Netscape Messaging Server and Sun Internet Messaging Server customers may find that many processes and procedures for those products are different for the iPlanet Messaging Server. For complete information refer to the iPlanet Messaging Server 5.0 documentation at http://docs.iplanet.com/docs/manuals/messaging.html as well as the iPlanet Messaging Server 5.0 Migration Guide to be available in November.
iPlanet Messaging Server 5.0 includes the following features:
This section contains important information you should know before installing the product. For complete installation-related information and instructions, refer to the iPlanet Messaging Server 5.0 Installation Guide.
The minimum hardware requirements for iPlanet Messaging Server are:
For Webmail access, Messaging Server requires a JavaScript-enabled browser. For optimal performance, iPlanet recommends using the following browsers:
iPlanet Messaging Server is supported on the following platforms:
A list of recommended patches for Solaris 2.6 and Solaris 8 can be found at http://access1.sun.com/patch.public/.
Messaging Server 5.0 requires the following:
These products are all included on the Messaging Server CD and in the archive file. Enterprise Server is required for iPlanet Delegated Administrator.
Both Enterprise Server and Messenger Express use port 80 as the default port; be sure to specify different port numbers for one or both of these servers to avoid any conflicts. Additionally, both sendmail and SMTP use port 25 by default; it is recommended that you stop sendmail before installing the Messaging Server.
It is recommended that you record all of the port numbers you specify during the installation, along with the specific component using that port number.
Tip
Although the Directory Server is included, you may choose to use an existing Directory Server and not install the one that is included with the Messaging Server. If you do so, you must run ims_dssetup against that existing Directory Server prior to installing the Messaging Server. If you do not have an existing Directory Server or you chose to install the one included with the Messaging Server, you do not have to run ims_dssetup.
The Enterprise Server must be installed on the same machine as the Delegated Administrator, but the Messaging Server can be installed on a separate machine. Since the existence of the Enterprise Server is required for the Delegated Administrator, you must install the Enterprise Server before you install the Delegated Administrator.
The Delegated Administrator should be installed immediately after the Messaging Server; if you start to provision the Messaging Server before installing the Delegated Administrator, you may encounter some complications in the Delegated Administrator installation.
Regardless of whether the Messaging Server is installed on the same machine as the Administration Server or the Delegated Administrator, it is recommended that you install the Messaging Server first, then the Enterprise Server, then the Delegated Administrator.
The Messaging Server 5.0 suite of products include the problems, limitations and considerations described in the following subsections.
The following are known issues with the Messaging Server installation:
In the Messaging Server installation, if you point to an existing Directory Server as the Users/Groups Directory Server, and that server had been set up for replication, the installation will fail. The workaround to this is to install the message server before setting up the replication.
You must install the Messaging Server in an empty directory or a directory which does not already exist. Moreover, this directory cannot contain any subdirectories which serve as mount points.
Once you complete the Messaging Server installation, you can create mount points as desired.
If you upgrade from the Beta version of iPlanet Messaging Server 5.0 to the RTM version of iPlanet Messaging Server 5.0, you need to perform the following tasks:
The following are known problems with the Messaging Server:
By default, the authentication cache is on; you must restart all the services on the server to make the deletion of a user immediately effective.
To eliminate this behavior, turn off the authentication cache by setting service.authcachettl to zero using the configutil utility and restarting all the services.
Because non-anonymous LDAP searches can take a long time (up to ten times as long as anonymous LDAP searches), dirsync will take a very long time to run as well.
A workaround is to use directory manager credentials to access the directory by using the following commands:
msg-instance/configutil -o local.ugldapbinddn -v "rootdn" -l
msg-instance/configutil -o local.ugldapbindcred -v "rootdn_passwd" -l
where rootdn and rootdn_passwd are the credentials of the Directory Server's administrator.
The installation does not automatically check for required OS patches. A list of recommended patches for Solaris 2.6 and Solaris 8 can be found at http://access1.sun.com/patch.public/.
The Solaris patch 106980-10 for Solaris 2.7 is required for the MTA to function properly. Please note that Solaris 2.7 is not a supported platform for iPlanet Messaging Server 5.0.
Note
From this release forward, the mgrpErrorsTo attribute will not support multiple values. If you want to specify multiple recipients for error message, create a mailing list and specify the mailing list address as the value for the mgrpErrorsTo attribute.
To provision users, use the iPlanet Delegated Administrator and/or its command line utilities, or the Users/Groups tab in the Administration Console.
The password you specify when requesting an SSL certificate in the Administration Console certificate wizard for encrypting the private key in the trust database is not saved to sslpassword.conf.
The workaround is to either use the default password "netscape!" or manually edit the sslpassword.conf file and specify the password of your choice.
Many of the files in the Messaging Server installation are protected against access by login users. This has the side effect of preventing unprivileged users from invoking sendmail. Login users can still send mail via clients which use SMTP such as Pine. Do not attempt to change the Messaging Server file permissions; doing so may incorrectly result in problems and security exposures (e.g., incorrectly allowing read access to the mail queues).
After installing Messaging Server 5.0, you should disable end user access to the Administration Server by opening the Administration Server Console and unchecking the checkbox for "Enable End User Access" in the Configuration->Access tab.
Occasionally, error messages appear in the installation log even if the installation was successful. A successful install ends with the following message: "Go to /usr/iplanet/server5 and type startconsole to begin managing your servers."
While all iPlanet Messaging Server products require an sslpassword.conf file to enable SSL, the format used by the MMP is different from the format used by the other Messaging Server servers. The MMP requires the file to contain the following:
Communicator Certificate DB:password
The rest of the Messaging Server servers use:
Internal (Software) Token:password
In the above examples, password should be replaced with the password you selected when installing your certificate.
These servers cache the LDAP entries of the users who have recently logged in for the time specified in the configuration parameter service.authcachettl.
The Job Controller listens on all interfaces, so it is necessary to change the tcp_port option in the job_controller.cnf file when performing an HA installation.
It is not possible to configure an expire rule through the command line. For example, the following command returns an error:
configutil -o store.expirerule.name.folderpattern -v pattern
The workaround is to use the console. After an expire rule is created, the parameters can be modified through the configutil utility.
If a service administrators group already exists, adding a second Messaging Server fails to add its own service administrator into the group. As a workaround, manually add the second service administrator user to the service administrator group.
Due to the caching scheme, changing domain properties like authorized services or status in LDAP does not take effect in IMAP, POP, and HTTP until these services are restarted.
In order for the imsimta dirsync utility to work efficiently, the following lines need to be added to the slapd.ldbm.conf file:
index modifytimestamp eq
index createtimestamp eq
In the console, if you specify a % character in the expire rules, it changes to \r. For example, if you specify user/%/Trash, looking up the store.expirerule.*.folderpattern, it displays user/\rrash. As a workaround, if you want a % character in the expire rules, perform this function using the configutil command.
The sslpassword.conf file is not created when an SSL certificate is created from the console. This occurs when only the console, administration server, and MMP are installed (no Messaging Server or Directory Server).
During a new installation process, all existing instances are shut down. After the installation, only the new instance is restarted.
When running an upgrade on a multiple-instance installation, if the Directory Server installation is selected, the upgrade fails. The installer prompts for directory manager information twice and fails after the second time.
In order to avoid running out of address space in a single process the following procedures should be done:
max_users * avg_message / 200000
max_users is the maximum number of simultaneously connected users and avg_message is the average number of messages per user.
The following are known problems with iPlanet Delegated Administrator for Messaging.
If a domain is added down a list of subdomains, it is best to create each subdomain before creating the target domain. The reason for this is that if the target subdomain is created without the intervening domains, those domains will be created without a container and it is not possible to add a container to those domains in the future.
If a node already exists and serves as the root for a collection of users and mail lists, the Create Domain function does not allow you to use that root as the domain container node.
In the Change Password screen, if you enter a new password that contains spaces, you will receive an error message. Hitting the Shift and Reload keys simultaneously will get rid of the error message, as will closing down the browser and then restarting it again. It is suggested that you do not use spaces in your passwords.
It is not possible to create a user with the same user ID as a deleted user until the user has been purged from the system.
The following are known problems with iPlanet Messenger Express:
When the MTA insists on authentication, Messenger Express gives up and drops the message without forwarding any type of error message.
The workaround is to configure the SMTP server to allow unauthenticated relay from the Messenger Express server host (this is the default setting).
From the Personal Address Book page, if you resize the browser window, you are taken back to the message list and you also receive a JavaScript error.
This problem only occurs with Netscape Navigator and appears to be fixed in the 6.0 release of Navigator.
Note
This section describes any errors or changes to the iPlanet Messaging Server 5.0 documentation set.
This section describes any errors or changes to the iPlanet Messaging Server 5.0 Administrator's Guide.
In chapter 10, "Managing the Message Store," the section "Using the stored Utility" states:
"The stored utility automatically performs cleanup and expiration operations once a day at midnight."
The cleanup and expire operations are actually performed at 11:00 pm.
The following information should be added to the "Configuring SMTP Relay Blocking" section of chapter 9, "Mail Filtering and Access Control."
The iPlanet Messaging Server is by default configured to block attempted SMTP relays; that is, it rejects attempted message submissions to external addresses from unauthenticated external sources (external systems are any other system than the host on which the server itself resides). This default configuration is quite aggressive in blocking SMTP relaying in that it considers all other systems to be external systems.
IMAP and POP clients that attempt to submit messages via the iPlanet Messaging Server system's SMTP server destined for external addresses, and who do not authenticate using SMTP AUTH (SASL), will find their submission attempts rejected. Thus, you will likely want to manually modify your configuration so that it recognizes your own internal systems and subnets from which relaying should always be accepted.
Which systems and subnets are recognized as internal is normally controlled by the INTERNAL_IP mapping table, which may be found in the directory server-instance/imta/config
For instance, on an iPlanet Messaging Server system whose IP address is 123.45.67.89, the default INTERNAL_IP mapping table would appear as follows:
INTERNAL_IP
$(123.45.67.89/32) $Y
127.0.0.1 $Y
* $N
Here the initial entry, using the $(IP-pattern/signicant-prefix-bits) syntax, is specifying that any IP address that matches all 32 bits of 123.45.67.89 should match and be considered internal. The second entry recognizes the loopback IP address 127.0.0.1 as internal. The final entry specifies that all other IP addresses should not be considered internal.
You may add additional entries by specifying additional IP addresses or subnets before the final $N entry. These entries must specify an IP address or subnet (using the $(.../...) syntax to specify a subnet) on the left side and $Y on the right side. Or you may modify the existing $(.../...) entry to accept a more general subnet.
For instance, if this same sample site has a class-C network, that is, it owns all of the 123.45.67.0 subnet, then the site would want to modify the initial entry so that the mapping table appears as follows:
INTERNAL_IP
$(123.45.67.89/24) $Y
127.0.0.1 $Y
* $N
Or if the site owns only those IP addresses in the range 123.45.67.80-123.45.67.99, then the site would want to use:
INTERNAL_IP
! Match IP addresses in the range 123.45.67.80-123.45.67.95
$(123.45.67.80/28) $Y
! Match IP addresses in the range 123.45.67.96-123.45.67.99
$(123.45.67.96/30) $Y
127.0.0.1 $Y
* $N
Note that the server-instance/imsimta test -match utility can be useful for checking whether an IP address matches a particular $(.../...) test condition. The imsimta test -mapping utility can be more generally useful in checking that your INTERNAL_IP mapping table returns the desired results for various IP address inputs.
After modifying your INTERNAL_IP mapping table, be sure to issue the server-instance/imsimta restart command (if you are not running with a compiled configuration) or the server-instance/imsimta refresh command (if you are running with a compiled configuration) so that the changes take effect.
Further information on the mapping file and general mapping table format, as well as information on imsimta command line utilities, can be found in the iPlanet Messaging Server Reference Manual.
The documentation for the MTA SDK is included in the iPlanet Messaging Server 5.0 packaging. The documentation and man pages included were originally developed for Sun Messaging Server 3.5 and were not updated for iPlanet Messaging Server 5.0. The name and path references may be out of date, but the technical information is still valid.
If you have problems with iPlanet Messaging Server, contact iPlanet customer support using one of the following mechanisms:
So that we can best assist you in resolving problems, please have the following information available when you contact support:
Useful iPlanet information can be found at the following Internet locations:
Copyright © 2000 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.
Sun, Sun Microsystems, the Sun logo, Java, iPlanet, and all Sun, Java, and iPlanet based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the U.S. and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries.
Last Updated October 19, 2000