Complete Contents
Chapter 1 Getting Started With Netscape Messaging Server
Chapter 2 Configuring IMAP and POP Services
Chapter 3 Configuring SMTP Services
Chapter 4 Managing Mail Users and Mailing Lists
Chapter 5 Managing the Message Store
Chapter 6 Security and Access Control
Chapter 7 Working With SMTP Plugins
Chapter 8 Filtering Unsolicited Bulk Email
Chapter 9 Message Routing
Chapter 10 Monitoring and Maintaining Your Server
Chapter 11 Logging and Log Analysis
Appendix A Command Line Utilities
Appendix B Program Delivery
Appendix C sendmail Migration and Compatibility
Appendix D SNMP MIB
Glossary
Messaging Server Administrator's Guide: Configuring IMAP and POP Services
Previous Next Contents Index Bookshelf


Chapter 2 Configuring IMAP and POP Services

Netscape Messaging Server 4.0 supports both the Internet Mail Access Protocol 4 (IMAP4) and the Post Office Protocol 3 (POP3) for client access to mailboxes. IMAP and POP are both Internet-standard mailbox protocols. This chapter describes how to use Netscape Console to configure your server to support either or both of these services. For information on configuring Simple Mail Transfer Protocol (SMTP) services, see Chapter 3, Configuring SMTP Services.

You can also perform many IMAP and POP configuration tasks through the command-line utility configutil. That process is not described here; see Appendix A, Command-line Utilities, for instructions.

This chapter does not discuss how to configure client access controls for IMAP or POP; see Chapter 6, Security and Access Control, for information on that topic.

This chapter has the following sections:


General Configuration
Configuring the general features of the Messaging Server IMAP and POP services includes enabling or disabling IMAP or POP service, assigning port numbers, and optionally modifying service banners sent to connecting clients. This section provides background information; see Configuring IMAP and POP with Netscape Console for the steps you follow to make these settings.

Enabling and Disabling IMAP and POP

You can control whether any particular instance of Messaging Server makes its IMAP or POP service available for use. This is not the same as turning IMAP or POP on or off (see Starting and Stopping Services); to function, IMAP or POP must be both enabled and turned on.

Enabling is a more "global" process than turning on or off. For example, the Enable setting persists across system reboots, whereas you must restart a previously "on" service after a reboot.

There is no need to enable services that you do not plan to use. For example, if a Messaging Server instance is used only as a message transfer agent (MTA), you should disable both POP and IMAP. If it is used only as a POP post office, you should disable IMAP.

IMAP and POP Port Numbers

If you enable the IMAP service, you can specify the port number that the server is to use for IMAP connections. The default is 143.

Likewise, if you enable the POP service, you can specify the port number that the server is to use for POP connections. The default is 110.

You might need to specify a port number other than the default if you have, for example, two or more IMAP server instances on a single host machine, or if you are using the same host machine as both an IMAP server and a Messaging Multiplexor server. (See the document Netscape Messaging Multiplexor for information about the Multiplexor.)

Keep the following in mind when you specify a port:

Port for IMAP over SSL

Messaging Server supports encrypted communications with IMAP and POP clients by using the Secure Sockets Layer (SSL) protocol. See Configuring SSL Encryption and Authentication for general information on support for SSL in Messaging Server.

You can accept the default IMAP over SSL port number (993) or you can specify a separate port for IMAP over SSL.

Messaging Server provides the option of using separate ports for IMAP and IMAP over SSL because most current IMAP clients require separate ports for them. Same-port communication with both IMAP and IMAP over SSL is an emerging standard; as long as your Messaging Server has an installed SSL certificate (see Obtaining Certificates), it can support same-port IMAP over SSL.

Note: Messaging Server 4.0 supports POP over SSL, but not through a separate port from POP. In any case, some client software (such as the current release of Netscape Messenger, the Netscape mail client) does not support POP over SSL.

Service Banner

When a client first connects to the Messaging Server IMAP or POP port, the server sends an identifying text string to the client. This service banner (not normally displayed to the client's user) identifies the server as Netscape Messaging Server, gives the server's version number, and notes the time of connection. The banner is most typically used for client debugging or problem-isolation purposes.

You can replace the default banner for the IMAP or POP service if you want a different message sent to connecting clients.


Login Requirements
You can control how users are permitted to log in to the IMAP or POP service to retrieve mail. You can allow anonymous login (for IMAP only), password-based login, and certificate-based login. This section provides background information; see Configuring IMAP and POP with Netscape Console for the steps you follow to make these settings.

Anonymous Login

Anonymous login refers to a user logging in under the special user name anonymous, which requires no password. (By convention analogous to that of FTP, users enter their email addresses as passwords, so that their accesses are logged.) One reason for permitting anonymous login might be to provide read-only access to, for example, archived messages of a mailing list.

By default, anonymous login for IMAP is disabled. Anonymous login is not available for the POP service.

Password-Based Login

In typical messaging installations, users access their IMAP or POP mailboxes by entering a password into their mail client. The client sends the password to the server, which uses it to authenticate the user. If the user is authenticated, the server decides, based on access-control rules, whether or not to grant the user access to certain mailboxes stored on that server.

If you allow password login, users can access IMAP or POP by entering a password. Passwords are stored in an LDAP directory and can be either clear text or encrypted. Directory policies determine what password policies, such as minimum length, are in effect.

If you disallow password login, password-based authentication is not permitted. Users are then required to use certificate-based login, as described in the next section.

To increase the security of password transmission when you have selected password-based login, you can specify that passwords be encrypted before they are sent to your server. You do this by selecting a minimum cipher-length requirement for login.

If the client is configured to require encryption with key lengths greater than the maximum your server supports, or if your server is configured to require encryption with key lengths greater than what the client supports, password-based login cannot occur. See Enabling SSL for information on setting up your server to support various ciphers and key lengths.

Certificate-Based Login

In addition to password-based authentication, Netscape servers support the authentication of users through examination of their digital certificates. Instead of presenting a password, the client presents the user's certificate when it establishes an SSL session with the server. If the certificate is validated, the user is considered authenticated.

For instructions on setting up Messaging Server to accept certificate-based user login to the IMAP service, see Setting Up Certificate-Based Login.

You don't need to uncheck the "Allow plaintext-password login" box in the IMAP System form to enable certificate-based login. If the box is checked (its default state), and if you have performed the tasks required to set up certificate-based login, both password-based and certificate-based login are supported. Then, if the client establishes an SSL session and supplies a certificate, certificate-based login is used. If the client does not use SSL or does not present a client certificate, the server requests a password.


Performance Parameters
You can set some of the basic performance parameters for the IMAP and POP services of Messaging Server. Based on your hardware capacity and your user base, you can adjust these parameters for maximum efficiency of service. This section provides background information; see Configuring IMAP and POP with Netscape Console for the steps you follow to make these settings.

Number of Processes

Messaging Server can divide its work among several executing processes, which in some cases can increase efficiency. This capability is especially useful with multiprocessor server machines, in which adjusting the number of server processes can allow more efficient distribution of multiple tasks among the hardware processors.

There is a performance overhead, however, in allocating tasks among multiple processes and in switching from one process to another. The advantage of having multiple processes diminishes with each new one added. A simple rule of thumb for most configurations is to have one process per hardware processor on your server machine, up to a maximum of perhaps 4 processes. Your optimum configuration may be different; this rule of thumb is meant only as a starting point for your own analyses.

Note: On some platforms you might also want to increase the number of processes to get around certain per-process limits (such as the maximum number of file descriptors), specific to that platform, that may affect performance.

The default number of processes is 1 for both IMAP and POP.

Number of Connections per Process

The more simultaneous client connections your IMAP or POP service can maintain, the better it is for clients. If clients are denied service because no connections are available, they must then wait until another client disconnects.

On the other hand, each open connection consumes memory resources and makes demands on the I/O subsystem of your server machine, so there is a practical limit to the number of simultaneous sessions you can expect the server to support. (You might be able to increase that limit by increasing server memory or I/O capacity.)

IMAP and POP have different needs in this regard:

Thus, at a given moment for a given user demand, Messaging Server may be able to support many more open IMAP connections than POP connections.

The default value for IMAP is 4000 sessions per process; the default value for POP is 600. These values represent roughly equivalent demands that can be handled by a typically configured server machine. Your optimum configuration may be different; these defaults are meant only as general guidelines.

Number of Threads per Process

Besides supporting multiple processes, Messaging Server further improves performance by subdividing its work among multiple threads. The server's use of threads greatly increases execution efficiency, because commands in progress are not holding up the execution of other commands.

Threads are created and destroyed, as needed during execution, up to the maximum number you have set.

Having more simultaneously executing threads means that more client requests can be handled without delay, so that a greater number of clients can be serviced quickly. However, there is a performance overhead to dispatching among threads, so there is a practical limit to the number of threads the server can make use of.

For both IMAP and POP, the default maximum value is 1000 threads per process. (The numbers are equal despite the fact that the default number of connections for IMAP is greater than for POP. It is assumed that the more numerous, but more often idle, IMAP connections can be handled efficiently with the same maximum number of threads as the fewer, but busier, POP connections.)Your optimum configuration may be different, but these defaults are high enough that it is unlikely you would ever need to increase them; the defaults should provide reasonable performance for most installations.

Dropping Idle Clients

To reclaim system resources used by connections from unresponsive clients, both the IMAP4 and POP3 protocols provide for the server to unilaterally drop connections that have been idle for a certain amount of time.

The default times (10 minutes for POP, 30 minutes for IMAP) are the minimum times that idle connections must remain open, according to the respective protocol specifications. You can increase the idle times beyond the default values, but you cannot make them less.

Idle POP connections are usually caused by some problem (such as a crash or hang) that makes the client unresponsive. Idle IMAP connections, on the other hand, are a normal occurrence. To keep IMAP users from being disconnected unilaterally, IMAP clients typically send a command to the IMAP server at some regular interval that is less than 30 minutes.


Client Access Controls
Netscape Messaging Server includes access-control features that allow you to determine which clients can gain access to its IMAP or POP messaging services (and SMTP as well). You can create flexible access filters that can allow or deny access to clients based on a variety of criteria.

Client access control is an important security feature of Netscape Messaging Server. For information on creating client access-control filters and examples of their use, see Configuring Client Access to TCP Services.


Configuring IMAP and POP with Netscape Console
You can perform basic configuration of the Messaging Server IMAP and POP services through Netscape Console. To configure your IMAP or POP service, take these steps (to configure both IMAP and POP, you need to follow this process twice):

  1. From Netscape Console, open the Messaging Server you want to configure.
  2. Click the Configuration tab and open the Services folder in the left pane.
  3. Select IMAP or POP.
  4. Select the System tab in the right pane.
  5. Make general configuration settings:
  6. Set login requirements:
  7. Set performance parameters:
See IMAP System Tab or POP System Tab for detailed information on the contents of those forms.


Interface Reference: IMAP and POP Configuration
This section describes the Netscape Console interface elements that allow you to configure and execute the Messaging Server IMAP and POP services. See Managing Servers With Netscape Console for information on using Netscape Console to manage Messaging Server and other servers.


IMAP System Tab
You use the form accessed through this tab to set basic configuration parameters for the Messaging Server IMAP service.

For more information, see also

The IMAP System form has these elements:

Enable IMAP service at port. Check this box to enable the IMAP service; use the field to enter the number of the port this server will use for IMAP. (Default = 143.

Use separate port for IMAP over SSL. Check this box to enable IMAP over SSL; use the field to enter the number of the port this server will use for IMAP over SSL. (Default = 993, the standard port number for IMAP over SSL).

Allow anonymous login. Check this box to allow users to log in to the IMAP service without using a password, under the name anonymous. (Default = not enabled.) The state of the "Allow password login" checkbox has no effect on anonymous login.

Allow password login. Check this box to allow users to log in to the IMAP service by supplying a user name and password. (Default = enabled.)

If this box is checked, you can specify password-encryption requirements in the following field. If this box is not checked, certificate-based login to IMAP is required.

Minimum cipher length for password encryption. Use this field to select the minimum length of encryption cipher that the server will accept for transmission of IMAP passwords. (Default = 0.) A length of 0 means that no encryption is required; passwords can be sent in the clear.

IMAP service banner. (Optional). Use this field to enter a replacement banner for the default IMAP banner that is sent to an IMAP clients when it first connects to the IMAP port. (The default banner identifies the server version and the time of connection.)

Connection Settings

Maximum network sessions. Use this field to specify how many simultaneous IMAP sessions this server is permitted to maintain per process. (Default = 4000.)

Drop client if idle for. Use this field to specify how long (in seconds, minutes, or hours) an idle IMAP connection to a client can remain open before the server drops the connection. (Default = 30 minutes.)

Process Settings

Maximum number of threads per process. Use this field to specify the maximum number of threads the IMAP service is permitted to execute at a time. (Default = 1000.)

Number of processes. Use this field to specify the maximum number of processes that the IMAP service can employ. (Default = 1.)

Action Buttons

Save. Click this button to commit any settings you have made in the IMAP System form.

Reset. Click this button to return the form to the settings it displayed when you opened it (unless you have previously clicked Save, in which case the form returns to the settings it had when you last clicked Save).

Help. Click this button to display online help (this document) that describes the IMAP System form.


POP System Tab
You use the form accessed through this tab to set basic configuration parameters for the Messaging Server POP service.

For more information, see also

The POP System form has these elements:

Enable POP service at port. Check this box to enable POP service; use the field to enter the number of the port this server will use for POP. (Default = 110.)

Allow password login. Check this box to allow users to log into the POP service by supplying a user name and password. (Default = enabled.)

If this box is checked, you can specify password-encryption requirements in the following field. If this box is not checked, certificate-based login to POP is required.

Minimum cipher length for password encryption. Use this field to select the minimum length of encryption cipher that the server will accept for transmission of POP passwords. (Default = 0.) A length of 0 means that no encryption is used; passwords are sent in the clear.

POP service banner. (Optional.) Use this field to enter a replacement banner for the default POP banner that is sent to a POP client when it first connects. (The default banner identifies the server version and the time of connection.)

Connection Settings

Maximum network sessions. Use this field to specify how many simultaneous POP sessions per process this server is permitted to maintain. (Default = 600.)

Drop client if idle for. Use this field to specify how long (in seconds, minutes, or hours) an idle POP connection to a client can remain open before the server drops the connection. (Default = 10 minutes.)

Process Settings

Maximum number of threads per process. Use this field to specify the maximum number of threads the POP service is permitted to have executing at a time. (Default = 1000.)

Number of processes. Use this field to specify the maximum number of processes that the POP service can employ. (Default = 1.)

Action Buttons

Save. Click this button to commit any settings you have made in the POP System form.

Reset. Click this button to return the form to the settings it displayed when you opened it (unless you have previously clicked Save, in which case the form returns to the settings it had when you last clicked Save).

Help. Click this button to display online help (this document) that describes the POP System form.

 

© Copyright 1998 Netscape Communications Corporation