Chapter 1 Getting Started with Netscape Messaging Server

Welcome to Netscape Messaging Server 4.0. Messaging Server provides a powerful and flexible cross-platform solution to the email needs of enterprises and messaging hosts of all sizes. It uses an open, Internet-standard approach to messaging while providing lightning-fast processing of messages that is scalable to many thousands of simultaneous users.

• Messaging Server Features


• Deployment and Installation


• Using Netscape Console


• Using the Command Line


• Configuring General Messaging Capabilities


• Where to Go from Here


• Interface Reference: General Messaging Services

• Fast and reliable, multithreaded message transfer agent (MTA) that uses Internet-standard Simple Mail Transfer Protocol (SMTP) to handle both internal and Internet mail messages


• Extremely efficient, high-capacity, and fast multithreaded Internet Mail Access Protocol (IMAP4) service for mailbox delivery, supporting thousands of simultaneous users


• Full-featured, fast, multithreaded Post Office Protocol (POP3) service for mailbox delivery, providing complete support for the most widely used Internet mailbox protocol


• Centralized database for server configuration, based on the Lightweight Directory Access Protocol (LDAP)


• Centralized LDAP database for mail-user account storage, user authentication, and mail-routing control


• High scalability of services to support greatly increased usage over time

• Flexible message store with fast indexed access, configurable partitions, quotas, and aging rules


• Highly configurable logging features with automated rollover


• Monitoring capabilities through Simple Network Management Protocol (SNMP)


• Multiplexor service for providing mail users a single point of connection to many POP and IMAP mailbox servers


• Plug-in architecture for developing extensions to server capabilities


• Mailstone stress-testing utility for capacity planning and testing

• Support for password login (to POP, IMAP, or SMTP) and certificate-based login


• Delegated administration through access-control instructions (ACIs)


• Client access filters (to POP, IMAP, or SMTP)


• Filtering of unsolicited bulk email (UBE)

• Graphical Netscape Console interface for managing multiple servers from a single location


• End-user self-management of account information through HTML forms

• If you have already installed Netscape Messaging Server and are ready to start configuring it, see Configuring General Messaging Capabilities.
• If you want information about using the Netscape Console graphical interface or the command line to configure and run Netscape Messaging Server, see Using Netscape Console or Using the Command Line.
• If you are interested in an overview of the process of deploying and installing Netscape Messaging Server, see the next section, Deployment and Installation.

A successful messaging installation requires careful planning and execution. This section discusses some of the most basic topics to be considered in implementing a messaging solution with Messaging Server, including

• calculation of network topologies and server sizes


• resolution of host names for routing messages among servers


• resolution of user names for routing messages to mailboxes


• deployment of additional servers for specialization and redundancy


• integration of messaging with firewall security


• creation and migration of mail accounts

Messaging installations that use Netscape Messaging Server are highly scalable. One or more servers can be organized into a messaging infrastructure that supports anywhere from a few users up to potentially millions of users.

1. Start by assuming your total anticipated number of users.
2. Estimate your peak load: how many of your users need simultaneous access their POP or IMAP mailboxes? Compare that to benchmark results of the maximum number of simultaneous connections possible with Messaging Server 4.0 on a given hardware configuration. Given those figures, estimate how many servers you need to handle your users.
3. Estimate your message traffic: how many total messages need to be sent through your messaging system per day? Compare that to benchmark results of the maximum message-transfer rate possible with Messaging Server 4.0 on a given hardware configuration. Given those figures, estimate how many servers you need to handle the message flow.

The Domain Name Service (DNS) is an integral part of Internet communication; it converts names to machine addresses. DNS is a requirement for routing mail in a Netscape messaging installation. Unix and Windows NT operating-system vendors make DNS available with their operating systems. For complete information on setting up and using DNS, see DNS and BIND, 2nd ed., by Paul Albitz and Cricket Liu (O'Reilly).

Messaging Server 4.0 requires the use of an LDAP directory, such as Netscape Directory Server, for storing both server-configuration settings and mail-account information (Figure 1.2). A Directory Server must already have installed somewhere on your network before you can install Messaging Server.

For increased performance and security, large enterprises may want to separate their messaging services by placing them on different host machines. As noted in Figure 1.1, for example, mailbox services might be separated from centralized message-transfer services at a mail hub. Furthermore, different mailbox servers might be specialized for only POP or only IMAP. Other enterprises might in addition separate outgoing messages from incoming messages, channeling them through different SMTP mail hubs.

Server software is not perfect, nor are the host machines and network hardware it relies on. Almost any enterprise needs to plan for backup and for failover in case any of its important servers go down.

Most enterprises connected to the Internet maintain some form of firewall, a hardware or software barrier intended to prevent unauthorized external users from accessing the enterprise's servers and host machines. You can increase security by locating Messaging Servers behind the firewall, and channeling all mail access to the enterprise through one or more mail hubs, as shown in Figure 1.1. Channeling all outgoing mail through another hub provides additional control and security, allowing you to rewrite addresses or otherwise control information that leaves your enterprise.

Installing Messaging Server does not by itself create any user or group accounts or migrate existing proprietary mail accounts to the user directory. Messaging Server provides the Netscape Console graphical interface for entering user and group information for individual accounts; it provides command-line utilities for batch migration of large numbers of users to Netscape messaging from existing mail systems.

Enterprises with messaging intranets for employees are similar to Internet service providers (ISPs) with messaging hosting for subscribers, in that can both be required to support many thousands of accounts and a high volume of daily traffic. Typical network topologies and server configurations may differ, however.

To deploy a messaging solution that meets your needs and addresses the issues raised in the previous section, you may need to install Netscape Messaging Server on different host machines in different installation configurations. Depending on the size and purpose of your enterprise and the nature of your network and system hardware, your messaging deployment can consist of one or many instances of Messaging Server, on one or many host machines, with identical or different messaging capabilities. Required supporting software--such as Netscape Console, Administration Server, Directory Server, and the DNS service--may also be concentrated or distributed across your network.

A one-host configuration (shown in Figure 1.4) can be practical for smaller installations. It economizes on server hardware at the expense of performance and capacity. (It also provides no backup, should the one server fail.)Nevertheless, it is possible to use a single host machine to house everything. Note that, in this configuration, the single server root (the directory into which all Netscape servers are installed) contains the three required Netscape servers--Messaging Server, Directory Server, and Administration Server--as a single server group (the set of servers managed by a single Administration Server). The single Directory Server in this case manages both the user directory (which contains mail-account information) and the configuration directory (which contains server-configuration information). The DNS service and Netscape Console are also on the same host machine.

A common deployment configuration is to have a dedicated host machine for each Messaging Server instance. As Figure 1.5 shows, the LDAP directory (or directories, if user and configuration directories are separated), the DNS service, and possibly Netscape Console are on separate hosts from the installed Messaging Server. There may be one or several messaging host machines, but each contains a single server root in which a single Messaging Server and its Administration Server make up the server group.

Another common deployment configuration, especially in larger installations, is to implement only certain messaging services on each host machine. As shown in Figure 1.6, for example, a centralized mail hub server, using only SMTP, connects to individual mailbox servers that use only POP or only IMAP to send mail to their users.

If appropriate for your needs, you can install multiple server instances on a single host machine. As the example in Figure 1.7 shows, a single server root contains a server group consisting of one Administration Server and multiple instances of Messaging Server. All Messaging Server instances run from a single installed set of executable programs and libraries.

If a single host machine includes Netscape servers that have different version numbers, it may be necessary to create separate server groups, and thus separate server root directories, on the machine. Figure 1.8 shows an example in which some employees in an enterprise are using Netscape Messaging Server 3.0, while others have upgraded to Netscape Messaging Server 4.0. Both servers are running on the same host machine.

All Netscape servers, and also the Netscape Console application that you use to manage them, are installed by running the Netscape Server Setup program. The program is provided with every Netscape server product.

1. Obtain the Messaging Server installation package and unpack the files.
Whether you have obtained the package from a CD-ROM or through a network download, copy the package into a temporary directory and unpack the files into that directory.
2. Configure your LDAP Directory Server appropriately for messaging, using the tools provided.
The configuration tools add Messaging Server schema extensions to the configuration directory and prepare it for holding server-configuration information for this server instance.
3. Run the Netscape Server Setup Program (setup).
Read the Welcome message and the Licensing Agreement, select the products to be installed (servers, components, or Netscape Console), choose a level of installation (Express, Typical, or Custom), and answer the prompts.

If this is the first installation of Netscape servers on this host machine, the setup program also installs an instance of Netscape Administration Server. See Managing Servers with Netscape Console for information on how the Administration Server works and how to install and configure it.

4. At the last prompt, confirm the correctness of the information you have entered.
At this point, the installer extracts the appropriate files, configures the Administration Server (if it is being installed) and the Messaging Server, and starts the servers.

Once you have installed Messaging Server 4.0, its directories and files are arranged in the organization depicted in Table 1.1. The table is not exhaustive; it shows only those directories and files of most interest for typical server administration tasks.

After you have launched Netscape Console, take these steps to access the instance of Messaging Server you want to manage:

1. In the Netscape Console window, click the Console tab if it is not already frontmost.
2. Open the icon of the host machine containing the server.
3. Open the folder icon representing the server group that contains the server.
4. Select the icon of the server itself. The Server Information form for the selected server appears, as shown in Figure 1.11.
5. Open the selected Messaging Server. Either click the Open Server button in the Server Information form or double-click the selected server icon below the Console tab. The Messaging Server Tasks form, described next, appears.

When you open Messaging Server from Netscape console, the first item displayed is the Tasks form (Figure 1.12). The Tasks form contains a list of common Messaging Server administration tasks; clicking the button beside a task opens windows through which you can perform the task.

You can use the Configuration Tab to access all task and configuration forms available through Netscape Console. Access through the Configuration tab is more complete, though not always as direct, as through the Tasks form. Take these steps to access a task through the Configuration tab:

1. In Netscape Console, open the Messaging Server that you want to configure. (See Getting to a Messaging Server if you need instructions.)
2. Click the Configuration tab.
The left pane of the window displays a hierarchical set of icons that represent the services and features of Messaging Server. The Messaging Server icon itself is at the top; directly below it are icons for Services, Message Store, and Log files. These icons can be individually selected, and some can also be opened to reveal other icons that can themselves be selected or opened.
3. Select an icon, or open an icon and select one of the icons that appear below it.
The right pane displays a form, possibly including tabs for accessing additional forms. For forms that include tabs, clicking a tab displays another form related specifically to that tab.The form or forms are the interface to a configuration or administration task represented by the selected icon.
4. View or enter information into the forms, as appropriate, to complete the task.

Note: The set of tasks available in this manner is a superset of the tasks available through the Tasks form described in the previous section. Also note that some server tasks can be performed from the command line; see Using the Command Line (next).

You can review some of the basic information about an installed Messaging Server by viewing its Information form in Netscape Console.

1. In Netscape Console, open the Messaging Server whose information you want to view.
2. Select the server's icon in the left pane.
3. Click the Information tab in the right pane, if it is not already frontmost.
The Information form appears. It displays the server name, server root directory, installation directory, and instance directory. (See Table 1.1 for an explanation of these terms.)

You can use Netscape Console to set up and enable the Simple Network Management Protocol (SNMP) subagent for your Messaging Server. By using SNMP, an administrator can monitor multiple servers remotely through an SNMP network management station.

Messaging Server provides end users with limited server access, through which they can manage certain aspects of their own mail accounts and also create or subscribe to mailing lists. The server employs HTML forms that users fill out to make these changes.

• Personal Account Manager. This form allows users to perform tasks such as changing their passwords or modifying their personal information (home phone number, vacation message, and so on).
• Mail Account Manager. This form allows users to manage parts of their mail-account configuration, including changing the access permissions for their own mail folders so that they can share folders with other users.

1. Generate the HTML forms you need, or modify and use the forms provided with Messaging Server 4.0.
2. Store the forms in an appropriate location. The default location for the forms provided with Messaging Server 4.0 is serverRoot/bin/user/admin/html/.
3. In Netscape Console, open the Messaging Server whose end-user access you want to configure.
4. Click the Configuration tab. If the server's icon in the left pane is not already highlighted, select it.
5. Click the "End user" tab in the right pane. The End User Configuration form appears.
6. Make changes to the form URLs as needed. The default URLs are consistent with the default locations of the HTML files.
7. Create a new-user greeting or make changes, as needed.
You must format the greeting as an email message, with a header (containing at least a subject line), then a blank line, then the message body.

When you create a message, specify its language with the popup menu above the message field. You can create several messages in several languages, if desired. If you do, the locale of each new user is compared to the language of the message, and the server sends the correct message to the new user.

8. Click Save.

Netscape Console provides a form that allows you to start and stop individual services and view status information about each of them.

Note: You must first enable the POP and IMAP services before starting or stopping them. See Enabling and Disabling IMAP and POP.

1. From Netscape Console, open the Messaging Server whose services you want to start or stop.
2. Get to the Services General Configuration form in either of these two ways:

• Click the Tasks tab, then click "Start/Stop Services".
• Click the Configuration tab and select the Services folder in the left pane. Then select the General tab in the right pane.
3. The Services General Configuration form appears.
The left column of the Process Control field lists the services supported by the server; the right column gives the basic status of each of the services (ON or OFF, plus--if it is ON--the time it was last started).
4. To view status information about a service that is currently on, select the service in the Process Control field. The Service Status field displays status information about the service.
For POP and IMAP, the field shows the last connection time, the total number of connections, the current number of connections, the number of failed connections since the service last started, and the number of failed logins since the service last started.

For SMTP, the field shows the current number of queued messages, the total number of messages sent and received since startup, and the current numbers of messages waiting for both external and internal delivery.

The information in this field helps you to understand the load on the server and the reliability of its service, and it can help spotlight attacks against the server's security.

5. To turn a service on, select it in the Process Control field and click Start.
6. To turn a service off, select it in the Process Control field and click Stop.
7. To turn all enabled services on or off simultaneously, click the Start All or Stop All button.

Netscape Messaging Server 4.0 cannot function without an LDAP-based directory system such as the Netscape Directory Server. Messaging Server and Netscape Console require directory access for three purposes:

• When you first install a Messaging Server, you enter configuration settings for the server. These settings are stored in a central configuration directory. Part of the installation process includes configuring the connection to that directory.
• When you create or update account information for mail users or mail groups, you enter that information through the Users and Groups interface of Netscape Console. The information is stored in a directory called the user directory. Your server group's Administration Server is configured at installation so that when you access Users and Groups, Netscape Console connects by default to the user directory that defines your administrative domain--the set of Netscape servers that all share the same configuration directory and user directory.
• When routing messages and delivering mail to mailboxes, Messaging Server looks up information about the sender or recipient(s) in the user directory. By default, Messaging Server looks in the same user directory that its Administration Server has been configured to use.

• The Administration Server interface of Netscape Console lets you change the connection settings for the configuration directory. (See the Administration Server chapter of Managing Servers with Netscape Console for more information.)
• The Users and Groups interface of Netscape Console lets you temporarily connect to a different user directory from the default when making changes to user and group information. (See the Users and Groups chapter of Managing Servers with Netscape Console for more information.)
• The Messaging Server interface of Netscape Console lets you configure your Messaging Server to connect to a different user directory from the default defined by the Administration Server. This is the configuration task discussed in this section.

Important: If you specify a custom user directory for your Messaging Server lookups, you must also specify that same directory whenever you access the Users and Groups interface of Netscape Console to make changes to the directory's user or group information. See Chapter 4, Managing Mail Users and Mailing Lists, for more information.

1. From Netscape Console, open the Messaging Server whose LDAP connection you want to customize.
2. Click the Configuration tab.
3. Select the Services folder in the left pane.
4. Select the LDAP tab in the right pane. The LDAP form appears.
The LDAP form displays the configuration settings for both the configuration directory and the user directory. The configuration-directory settings, however, are read-only in this form. See the Administration Server chapter of Managing Servers with Netscape Console if you need to change them.
5. To change the user-directory connection settings, click the box labeled "Use messaging server specific directory settings".
6. Update the LDAP configuration by entering or modifying any of the following information (for explanations of directory concepts, including definitions of terms such as distinguished name, see the Directory Server Administrator's Guide):
Host name: The name of the host machine on which the directory containing your installation's user information resides. This is typically not the same as the Messaging Server host, although for very small installations it might be.

Port number: The port number on the directory host that Messaging Server must use to access the directory for user lookup. This number is defined by the directory administrator, and may not necessarily be the default port number (389).

Bind DN: The distinguished name that your Messaging Server uses to represent itself when it connects to the directory server for lookups. The bind DN must be the distinguished name of an entry in the user directory itself that has been given search privileges to the user portion of the directory. If the directory allows anonymous search access, you can leave this entry blank.

Base DN: The search base--the distinguished name of a directory entry that represents the starting point for user lookups. To speed the lookup process, the search base should be as close as possible in the directory tree to the information being sought. If your installation's directory tree has a "people" or "users" branch, that is a reasonable starting point.

7. To change the password used, in conjunction with the Bind DN, to authenticate this Messaging Server to the LDAP directory for user lookups, click the Change password button. A Password-Entry window opens, into which you can enter the updated password.
Your own security policies should determine what password you use in this situation. Initially, the password is set to no password. The password is not used if you have specified anonymous access by leaving the Bind DN field blank.

You can use Netscape Console to enable Secure Sockets layer (SSL) encryption and authentication for Messaging Server and to select the specific encryption ciphers that the server will support across all of its services.

• To configure services:

• Chapter 2, Configuring IMAP and POP Services
• Chapter 3, Configuring SMTP Services
• Chapter 5, Managing the Message Store
• Chapter 6, Security and Access Control
• Chapter 9, Message Routing
• Appendix B, Program Delivery
• Appendix A, Command-line Utilities
• Netscape Messaging Multiplexor
• To set up mail users and mailing lists:

• Chapter 4, Managing Mail Users and Mailing Lists
• Appendix C, sendmail Migration and Compatibility
• To work with plug-ins and UBE filters:

• Chapter 7, Working With SMTP Plug-Ins
• Chapter 8, Filtering Unsolicited Bulk Email
• To monitor and maintain the server:

• Chapter 10, Monitoring and Maintaining Your Server
• Chapter 11, Logging and Log Analysis
• Appendix D, SNMP MIB
• Netscape Mailstone Utility

• Server Information Tab


• SNMP Tab


• End-User Configuration Tab

Help. Click this button to display online help (this document) that describes the Information form.

Save. Click this button to commit any settings you have made in the End-User Configuration form.

Help. Click this button to display online help (this document) that describes the Services General Configuration form.

• Customizing Directory Lookups


• Installing Messaging Server 4.0 (for setting configuration-directory parameters)

Host name. A non-editable field that lists the host name of the LDAP directory server on which the configuration information for this Messaging Server is stored.

Use Messaging Server-specific directory settings. Check this box if you want to customize the LDAP connection for user lookup by changing any of the following fields: Host name, Port number, Bind DN, Base DN. Uncheck this box to return to using the default user directory for your server group.

Save. Click this button to commit any settings you have made in the LDAP Configuration form.

OK. Click this button to commit to the changed password and close the Password-Entry window.