If you provide electronic mail service to many users, you can install and configure the Messaging Multiplexor so that an entire array of mail servers will appear to your mail users to be a single host.
The Messaging Multiplexor supports both unencrypted and encrypted (SSL) communications with mail clients.
The Messaging Multiplexor is provided as part of Netscape Messaging Server 4.0. You can install the Messaging Multiplexor when first installing Messaging Server or other Netscape servers, or at a later time.
This document contains the following sections:
The Messaging Multiplexor is a multithreaded server that facilitates distributing mail users across multiple server machines. The Multiplexor handles incoming client connections destined for other server machines (the machines on which user mailboxes reside). Clients connect to the Multiplexor itself, which then redirects the session to the server with the correct mailbox. This capability allows Internet service providers and other large installations to spread message stores across multiple machines (to increase capacity) while providing the appearance of a single mail host for users (to increase efficiency) and for external clients (to increase security).
Figure 1 shows how servers and clients relate to each other in a Messaging
Multiplexor installation.
Figure 1. How the Messaging Multiplexor interacts with clients and servers
All POP and IMAP clients work with the Messaging
Multiplexor. The Messaging Multiplexor accepts
connections, performs LDAP directory lookups, and routes the connections
appropriately. As is typical with other mail-server installations, each
user is assigned a specific address and mailbox on a specific mail server.
However, all connections are routed through the Multiplexor. In slightly
more detail, these are the steps involved in establishing a user connection:
Figure 2. Separate Multiplexors and mail servers for POP and IMAP support
Table 1 lists the principal files that make up
a Messaging Multiplexor installation. (See Creating
an Instance of the Messaging Multiplexor for definitions of
the directories mmpRoot and instanceName.)
Table 1. Messaging Multiplexor
files
File | Description |
PopProxy, ImapProxy [Unix]
PopProxy.exe, ImapProxy.exe [NT] |
The executable Messaging Multiplexor programs
for IMAP and POP services, respectively
(installed in directory mmpRoot/bin/) |
ImapMMP.config, PopMMP.config [Unix] | Configuration files specifying environment variables used for IMAP
and POP services, respectively
(installed in directory mmpRoot/MMP_instanceName) |
ImapMMP.sh, PopMMP.sh [Unix] | Shell scripts that set environment variables and execute Multiplexor
for IMAP and POP services, respectively
(installed in directory mmpRoot/MMP_instanceName) |
mmp-setup [Unix] | The Multiplexor Installer
(installed in directory mmpRoot/) |
libldapv30 (or libldap32v30),
libnspr21, libplc21, libplds21 |
Shared libraries used by the Messaging
Multiplexor; libraries have suffixes of .dll on NT, .so
on most Unix platforms, .sl on HP-UX
(installed in directory mmpRoot/lib/) |
|
|
1 | Configure this instance for IMAP4 mail service |
|
|
|
|
To install an additional instance of the Multiplexor on a machine that
already has an installed instance, re-run the Netscape Servers installation
program. Choose a different directory into which to install the Multiplexor.
Usage: [Pop,Imap]Proxy [options] Options: -t NUM number of threads (0 by default) -p [IP:]NUM address on which to listen (IPPORT_PROTOCOL by default) -c PORT backend connect port (IPPORT_PROTOCOL by default) -h HOST[:PORT] LDAP server (localhost:IPPORT_LDAP by default) -b DN Root DN ("" by default) -D DN Bind DN (anonymous by default) -w PASS Bind passwd (none by default) -v NUM Verbosity level (0 by default) -o DIR Verbosity destination directory ($CWD by default) -x STR Capability replacement string ("IMAP4 IMAP4rev1 AUTH=LOGIN" by default) -ba STR Banner replacement string ("Netscape Messaging Multiplexor ready" by default) -us STR UidSearch replacement string ("(uid=%s)" by default) -ps PORT SSL listen port (IPPORT_SSLPROTOCOL by default) -s SSLPARMS To enable SSL, where SSLPARMS = SECMODFILE CERTFILE KEYFILE KEYPASS CIPHERS CERTNAME -vd FILENAME Virtual domain file location -vdd STR Virtual domain delimiter list ("+" by default) -vddc CHAR Canonical virtual domain delimiter ("+" by default) -m FILENAME Spoof message file location
To make permanent configuration changes, use the
Multiplexor Installer (on Unix) or uninstall and then re-install the Multiplexor
(on Windows NT). (see Changing
the Configuration of a Messaging Multiplexor Instance).
|
Command-line option | Environment Variable |
|
Unix
LDAP Host: NT Host Name: Server Port: |
-h host[:port] | LDAPHost | The host machine name and port of the LDAP server that contains your
user database (among other things). You must set up the LDAP host before
the Multiplexor can work properly.
Default = Localhost:IPPORT_LDAP ( = port 389) |
Unix
Base DN: NT Base Distinguished Name: |
-b baseDN | BaseDN | The distinguished name (DN) to use as the search base for LDAP
user queries. The BaseDN must specify an entry to which the bind
distinguished name (bindDN) has access privileges for operations
on the directory database.
Default = "" |
Unix
[IMAP4/POP3] MMP LogDir: NT Log Directory |
-o directory | LogDir | The directory in which the Multiplexor creates log files. If you specify
a directory that doesn't exist, no log file is created.
Log file names have the following format: MMP_yyyymmdd.log Default = current directory (the directory that contains Multiplexor) |
Unix
Log Level: NT (no prompt) |
-v num | LogLevel | The logging verbosity level--the amount of information written into
log files. You can specify a number from 0 through 10, with 10 representing
the highest level of verbosity. At higher levels, more events are logged.
Default = 1 |
Unix
Should the MMP bind to LDAP as someone in particular (y/n): NT LDAP Bind DN: |
-D bindDN | BindDN | The bind distinguished name--the DN used by the Multiplexor to authenticate
to an LDAP server when performing an operation. Some LDAP servers may require
that a client (in this case the Messaging Multiplexor) be authenticated
before it can search the database for certain information. If your
server has ACLs that require some level of authentication for getting a
user's mail information, set this option.
Default = Anonymous (select n on Unix installer to choose default) (leave field blank on NT installer to choose default) |
Unix
What's the password for "BindDN": NT Password: |
-w password | BindPassword | The password associated with the bind distinguished name, for authenticating
to an LDAP server.
Default = none |
Unix
Number of Threads: NT (no prompt) |
-t num | NumThreads | The maximum number of worker threads to allocate to the machine on
which Multiplexor runs. If the machine has
multiple CPUs, running the Multiplexor with
worker threads will improve performance. The optimal number of work threads
is the number of processors on the machine. For example if your machine
has two CPUs, specify 2 processes. If this is a single-processor machine,
specify zero for optimal performance.
Default = 0 (the main thread does all the work) |
Unix
Should the MMP listen on a non-default port (y/n): NT (POP3 Ports) Incoming: (IMAP4 Ports) Incoming: |
-p [IP:]port | ListenPort | The port on which to listen for incoming client connections.
Default = 110 for POP3; 143 for IMAP (the standard ports) (select n on Unix installer to choose defaults) Command line: IP is an optional bind address for a machine that is multihomed (has more than one IP address). Keep the following in mind when entering a port number:
|
Unix
Do your main [IMAP4/POP3] servers listen on non-default ports (y/n): NT (POP3 Ports) Outgoing: (IMAP4 Ports) Outgoing: |
-c port | BacksidePort | The port on which to connect to the store server. Using a non-default
value here allows you to, for example, run a store server on the same machine
as the Multiplexor. You might want to do this if you want a flat configuration--that
is, if you want to run Multiplexors on all machines.
Default = 110 for POP3; 143 for IMAP (the standard ports) (select n on Unix installer to choose defaults) Keep the following in mind when entering a port number:
|
Unix
Would you like to override the IMAP4 MMP's CAPABILITY response (y/n): NT IMAP4 Capability Response |
-x STR | Capability | Capability replacement string. If you are using Netscape Servers and
want to use the Manage Mail Account feature, you must specify this Capability
configuration parameter to change the Multiplexor's capability. The Multiplexor
uses the string you specify (STR) instead of its own (default)
capability to tell IMAP clients what the Multiplexor (or the servers behind
it) can do. This option has no effect on POP3.
Default: IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=PLAIN (select n on Unix installer to choose default) Suggested string to support Manage Mail Account: IMAP4 IMAP4rev1
AUTH=LOGIN AUTH=PLAIN X-NETSCAPE
|
Unix
Would you like to override the MMP's banner (y/n): NT POP3 Banner IMAP4 Banner |
-ba STR | Banner | Banner replacement string. The Multiplexor uses STR
instead of its default banner for its greeting line.
Default = "Netscape Messaging Multiplexor ready" (select n on Unix installer to choose default) |
Unix
Would you like to override the MMP's LDAP search string (y/n): NT LDAP Search |
-us STR | UidSearch | String for UID search. When performing LDAP directory searches, the
Multiplexor uses STR instead of the default.
You can use this option to change the attributes used in directory searches. You can replace the default with any valid LDAP search string (for example, "|(uid=%s)(cn=%s)"). %s in the search string is replaced by the user name the Multiplexor receives for user authentication. Default: "uid=%s" (select n on Unix installer to choose default) |
Unix
Should this MMP do virtual domain mapping (y/n): Please type the location of the mapping file, and hit return.: NT [Use | Do Not Use] Virtual Domain Mapping Virtual Domain File |
-vd filename | VirtualDomainFile | The Multiplexor can map IP addresses to domain names for searching
an LDAP directory and for logging in to the store server. When a
connection is accepted from a client, if the client's IP address is in
the virtual domain mapping file, the domain is appended to the userid
and used for the LDAP search and for subsequent replay of authentication.
This capability is useful for hosting multiple domains with overlapping
userid name spaces.
Each line in the virtual domain mapping file contains one IP-to-domain mapping (the IP address, then a space, then the domain name). Lines that start with '#' are ignored. Default = n (no virtual domain mapping)
|
Unix
Do you want to specify a list of virtual domain delimiters? (y/n) |
-vdd STR | VirtualDomainDelim | A string containing the acceptable delimiter characters for virtual
domains. If virtual-domain mapping is activated, the last character in
the ID string received by the Multiplexor that matches a character in this
string is considered a delimiter separating the userid from the
domain name. (The Multiplexor searches for the delimiter backwards from
the end of the received ID string.)
Default = "+"
|
Unix
Do you want to specify a canonical virtual domain delimiter? (y/n) |
-vddc CHAR | CanonicalVirtualDomainDelim | If virtual-domain mapping is activated, the character the the Multiplexor
itself inserts to separate the userid received by the Multiplexor
from the virtual domain that the Multiplexor appends to it for LDAP searching
or for authentication to the store server.
Default = "+"
|
Unix
Would you like to provide a "spoof" message for POP3 (y/n): Please type in the location of the file to be used, and hit return.: NT [Use | Do Not Use] a "spoof" message "Spoof" Message File |
-m filename | SpoofMessageFile | The file to use for POP3 inbox spoofing. The MMP can imitate a base-functionality
POP3 server in case the Multiplexor can't connect to a client's store machine.
In such a situation, the Multiplexor creates an inbox for the user
and places this one message into it.
The format of the message contained in this file should conform to
RFC 822 (including the final '.').
|
Unix
Should the IMAP4 MMP do SSL (y/n): NT [Allow | Do Not Allow] IMAP over SSL
|
-s SSLParms | SSLEnable | Whether or not to enable SSL connections with clients. If you enable
SSL, the Multiplexor listens on both normal and SSL ports.
Default = n (SSL not enabled) If you do enable SSL, you must set the following environment variables (SSLParms): SSLSecmodFile SSLCertFile SSLKeyFile SSLKeyPasswd SSLCipherSpecs SSLCertNickname If you specify the -s option in the command line, all six parameters
(SSLParms) must appear, in this order, on the command line:
The parameters are described below. You can specify an empty parameter
with empty quotes ("").
|
Unix
Should the MMP listen for SSL on a non-default port (y/n): NT IMAP4 SSL Port |
-ps port | SSLListenPort | The port on which to listen for incoming client SSL connections.
Default = 993 for IMAP (the standard SSL IMAP port) (select n on Unix installer to choose default) |
Unix
Do you have a secmod database (y/n): Please type the location of the secmod database.: NT [Yes, I have | No, I don't have] a secmod database Secmod Database File |
SECMODFILE (parameter of SSLParms) | SSLSecmodFile | Security module database file location (usually null). If you have
hardware accelerators for SSL ciphers, this file describes them to the
Multiplexor.
Default = no secmod database.
|
Unix
Please type the location of the certificate database.: NT Certificate Database File |
CERTFILE (parameter of SSLParms) | SSLCertFile | Server certificate database file
location (defined when you obtained a certificate for this server). The
Multiplexor needs a server certificate to offer to clients in the handshake
phase of SSL. The location specified here should be absolute, not relative
to the Multiplexor installation directory.
Default = cert7.db |
Unix
Please type the location of the key database.: NT Key Database File |
KEYFILE (parameter of SSLParms) | SSLKeyFile | Key database file location (defined when you obtained a certificate
for this server). The Multiplexor needs a private key corresponding to
its SSL server certificate. The location specified here should be
absolute, not relative to the Multiplexor installation directory.
Default = key3.db |
Unix
Is the key file password protected (y/n): Please type the key file password.: NT Password |
KEYPASS (parameter of SSLParms) | SSLKeyPasswd | Password that protects access to the private key file.
The password may be null if the key is not password-protected. Default = no password protection |
Unix
Please type the names of the desired cipher specs, separated by colons, or the word "all".: NT SSL uses a set of widely-known cipher algorithms... |
CIPHERS (parameter of SSLParms) | SSLCipherSpecs | A colon-separated list of ciphers (or the string "all") representing
the cipher algorithms that this server can use to encrypt SSL sessions.
The client and server agree to one of them when a session is established.
These are the available cipher specifications:
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_FIPS_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL_RSA_WITH_NULL_MD5 Default = all |
Unix
Please type the name of the certificate in the database.: NT Certificate Name |
CERTNAME (parameter of SSLParms) | SSLCertNickname | Name of this server's SSL server certificate (defined when you obtained
the certificate). The Multiplexor uses this string to identify the certificate
in its certificate database (SSLCertFile).
|
For example, on Unix you can specify the Capability configuration option by adding it as an environment variable to the ImapMMP.config file in the /MMPRoot/InstanceName directory (such as /home/netscape.mmp/mmp-sandpit) instead of specifying it from the command line. To specify IMAP capability with Netscape servers, as a specific example, you would add this line:
LDAPHost=phonebook BaseDN="o=Airius.com" LogDir="/usr/netscape/suitespot/mmp/MMP_sandpit/log" LogLevel=5 BindDN="cn=Directory Manager" BindPassword="password" NumThreads=2 ListenPort=143 BacksidePort=143 Capability="IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=PLAIN X-NETSCAPE" VirtualDomainFile="/usr/netscape/suitespot/mmp/vdfile.txt" SSLEnable=y SSLListenPort=993 SSLSecmodFile="/usr/netscape/suitespot/mmp/secmod.db" SSLCertFile="/usr/netscape/suitespot/mmp/cert7.db" SSLKeyFile="/usr/netscape/suitespot/mmp/key3.db" SSLKeyPasswd="" SSLCipherSpecs="all" SSLCertNickname="Airius.com Server Cert"
LDAPHost=phonebook BaseDN="o=Airius.com" LogDir="/usr/netscape/suitespot/mmp/MMP_tarpit/log" LogLevel=10 BindDN="cn=Directory Manager" BindPassword="password" NumThreads=4 ListenPort= BacksidePort= SpoofMessageFile="/usr/netscape/suitespot/mmp/pop3spoof.txt" SSLEnable=n