Important Product Alert: Root Certificate Expiration
If you are are using SSL with Netscape Messaging server, you need to be aware of important information related to root certificate expiration by the end of 1999. At a minimum, you may need to ask your users to upgrade their browsers to Communicator 4.7. Depending on how you are using SSL, you may also need to update the root certificate in your server. For important and urgent information on root certificate expiration, see Digital Certificate Security Alert.
These release notes contain important information about Netscape Messaging Server 4.03. Please read these notes before using hte product. Messaging Server 4.03 is available for the Solaris 2.6 platform. Use of this product is subject to the terms detailed in the license agreement accompanying it. For information on Installing the Netscape Messaging Server 4.03, visit this site: http://home.netscape.com/eng/server/messaging/4.0/relnotes/install.htm.
These release notes contain the following sections:
Netscape Messaging Server 4.03 fixes the following bugs. The fixed bug numbers follow the bug description to facilitate communications with Netscape Technical support.
Messaging Server 4.0 or 4.01, when it is receives a connection from a remote machine that is on its TCP Wrappers deny list, would print a 4xx SMTP greeting message and then close the connection, without waiting for any data. Messaging Server 4.03 sends a 5xx response (permanent instead of transient error), and waits a default of 10 seconds for the sending SMTP to send a QUIT message before closing the connection. If the QUIT message is received before the 10 seconds have passed, the connection will be closed immediately.
The messaging server's default configuration settings are optimized for workstation-class (single-CPU) hardware. When the server is being deployed on enterprise server-class (multi-CPU) hardware, it is necessary to tune the following settings. Incorrect tuning of the server could lead to poor performance and high-CPU utilization.
Messaging Server 4.03 uses an internal database to store information. A dedicated thread periodically checks the database for deadlocks and resolves them. local.store.deadlock.checkinterval specifies how long the dedicated thread should sleep before it resumes deadlock resolution.
This value is measured in microseconds (1/1000000 second) and can be set to any positive integer between 1 and 1000000. The default value is 1000 (so every 1/1000 of a second the database will be checked for deadlocks). Generally, for larger machines and deployments, this number should be reduced to 100-200. For a small machine (especially a single CPU machine) the value should be left at 1000 or increased.
If stored consumes more than 10% of CPU on an idle server, this value should be increased.
Messaging Server 4.03 allows the administrator to configure the number of threads per process for different services like IMAP and POP. If threads per process are set incorrectly, then stored will consume too much CPU. At peak load and when the user population on the server is still relatively small, it is appropriate for stored to consume as much as 50% of CPU. To prevent or correct stored from consuming more than 50% of CPU at peak times, configure the threads per process as outlined below.
service.imap.maxthreads has a default value of 1000. For Solaris operating systems, Netscape recommends setting this to 250. service.pop.maxthreads has a default value of 1000. For Solaris operating systems, Netscape recommends setting this to 250.
The most important thing is that the TOTAL access threads be appropriate. That number can be calculated with this equation:
The TOTAL should be below 1000 in all cases, and ideally, under 500, for all deployments. Because deployments and environments are different, if testing in your specific environment shows a TOTAL greater than 1000 to be practical, then Netscape recommends using those values.
Messaging Server 4.03 shipped with an incorrect default value for one setting. Please execute the command
setconf local.dbtxnsync 1
The consequence of the incorrect default value is decreased performance of all services. This is bug 352305, which will be fixed in Messaging Server 4.1.
This section calls out items in the release note that are of particular interest if you are upgrading from Messaging Server 4.01 to 4.03. It is important to read the Release Notes in their entirety.
As noted in the "Other Bug Fixes" section of this document, the functions PPGetHostByName and PPGetHostByAddr in the library file protplug.h have been updated.
Due to a change in database formats, a 4.0 or 4.01 upgrade to 4.03 must be run on a cleanly shutdown server.
Solution: When doing an upgrade or migration from Messaging Server 4.0 or 4.01 to 4.03, all 4.01 server components should be shut down. Then the stored process should be started alone and shut down again. Then all log files in store/mboxlist/ should be deleted.
# /etc/NscpMsg start store
# /etc/NscpMsg stop store
# rm <server-root>/<msg-instance>/store/mboxlist/log.*
# rm <server-root>/<msg-instance>/store/mboxlist/__*
Messaging Server 4.03 includes the following limitations:
The Program Delivery option will not work with shells that are not considered valid. The /etc/shells file contains the path for all valid shells. If the file is missing or empty, the following are valid login shells for the user to which the message is addressed:
The tool nsdssetup that is included to prepare the Directory Server for Messaging Server installation, cannot currently prepare a Directory Server 4.1. Future versions of Messaging Server will support Directory Server 4.1. Messaging Server 4.03 cannot be installed directly against Directory Server 4.1, but if Messaging Server 4.03 is installed against a Directory Server 3.11 or 4.0x that has been preprared with the utility, then the Directory Server can be upgraded to Directory Server 4.1.
Messaging Server 4.03 does not support Directory Server referrals. Note these requirements:
If you wish to create both a new Messaging Server 4.03 installation and a new Directory Server 3.x or 4.0 Users and Groups LDAP server, you must manually update the MS 4.03 Users and Groups server setting after installation. The MS 4.03 install process will use the default Users and Groups LDAP server setting in the Configuration LDAP server you provide during the MS 4.03 installation.
Solution: After installing MS 4.03 with the proper Configuration LDAP server, go to the Console and reconfigure the Users and Groups LDAP server setting to point at your new Users and Groups server.
Using 4.03 to host multiple domains, you get the following error when trying to start the server:
ERROR: The following services failed to start, or were already: SMTP daemon and the logs indicate that the postmaster was not found.
Solution: If you are hosting more than one domain, you need to set service.smtp.messagehostname to the same value that 'local.hostname' was set to before you can start up the Messaging Server.
During the 4.03 custom migration if you choose 'yes' to migrate from the previous Messaging Server configuration, it prompts again for the mail queue and mail store paths from the previous version of the Messaging Server. The installation uses the normal default value instead of the actual Messaging Server values.
Solution: You need to find out what these values were for the previously installed server and set them during the custom installation.
Solution: Netscape Console may be used from any machine to administer your Netscape Servers remotely. To obtain the necessary version of Netscape Console for your platform and operating system, visit http://home.netscape.com/eng/server/console/4.0/download/.
ERROR: Duplicate partition: [foo] found in checking mail store path, [foo],
[var/spool/foo2]
ERROR: Please correct it. See release notes for more details.
NOTICE: Initial User with path [foo] is [username].
When upgrading the mail store, Messaging Server 4.03 strips the begining part of the mail store path and strips non-alphanumeric characters. If the resulting paths for users are not unique, this error will occur.
Solution: If there are users who show up as duplicate partitions, upgrade their mailboxes individually with the upgrade -u option.
Solution: If something interrupts the upgrade process, the process can be resumed. The upgrade process will not attempt to upgrade mailboxes that have already been upgraded to the 4.x format. However, if the upgrade process stops, then you must run reconstruct -m before starting up the Messaging Server.
Migrating from previous versions of Messaging Server to Messaging Server 4.03, the SNMP configuration information, such as organization name, contact person, and server location, is not migrated to the newly installed Messaging Server.
Solution: Manually configure the SNMP from the Netscape Console.
The problem is caused by an incorrect 3.x MailStorePath attribute in the __up.<non-primary>.txt file. When running the upgrade utility against a non-primary 3.x mail store, the __up.<non-primary>.txt file uses the primary store path for the 3.x MailStorePath attribute instead of the non-default one.
Solution: Manually edit the file point to the correct custom defined MailStorePath value.
Currently the Messaging Server 4.03 upgrade utility won't remove the Messaging Server 3.5 messages if the -r option is specified with the -u option. Netscape recommends that you upgrade manually. For help with a manual upgrade refer to Installing the Netscape Messaging Server 4.03 at http://home.netscape.com/eng/server/messaging/4.0/relnotes/install.htm.
Solution: Specify the -r option during the folder upgrade:
# ./upgrade -s -r
# ./upgrade -u <userlist file>
If you shut down the Messaging Server while it is in the middle of migrating the messages in a folder, when you later start the server, the owner of the folder will get an invalid mailbox format error message when attempting to access that folder.
Solution: Use mboxutil -d to delete the corrupted mailbox. Then re-run upgrade -s to create the mailbox in transition state.
This is a permissions conflict caused by running the Administration Server as a user other than root.
Solution: Administration Server must be run as root.
If you install messaging server on a host that has multiple hostnames, you may have key/cert file names that do not match the server instance name.
Solution: When you enable SSL on any of the messaging services, you need to make sure that the key/cert files that you specify actually exist in the <server-root>/alias directory.
In some cases, if you highlight a string and delete the values, your configuration changes will not be saved properly.
Solution: Place the cursor at the end of the values you wish to delete and use the backspace key to remove them. When you commit the changes, the values will be reset to null.
The Send Error To field under the Mail property of a group incorrectly allows multiple email address entries.
Solution: Enter one address in the Send Error To field. Do not attempt to use comma-separated multiple addresses.
Uninstalling doesn't remove the /usr/lib/sendmail, /usr/lib/processq or /usr/bin/mailq links.
Solution: If uninstalling doesn't remove all files or directories, see the "Uninstalling Messaging Server Components" section of Installing Messaging Server 4.0 for UNIX for a complete list of manual uninstallation instructions.
All server processes must be shut down before running uninstall.
Solution: Manually run the command: /etc/NscpMsg stop
All Netscape Console Java environments must be shut down before running uninstall.
Solution: Close and exit all instances of the Netscape Console before running uninstall. Be sure there are no Netscape Console instances running on remote machines.
You may see the following error message adding store partitions:
Server error, not all attributes are saved. See logfiles for details.
Solution: You must use the configutil utility to add partitions.
Alternate message queues cannot be created via the Netscape Console. The SMTP service cannot be started after any creation of multiple alternate queues.
Solution: The workaround is to use configutil to modify service.smtp.altqueues directly. The format is <dir path>[, <dir path>]. Note that there is a space after the comma.
Solution: Click on the mail account box twice.
Solution: CGI scripts check the <server-root>/bin/msg/admin/Instances.conf configuration file to find the proper server instance. If more than one is found, the script uses the first listed. Make sure the proper CGI script server is listed first in <server-root>/bin/msg/admin/Instances.conf configuration file.
Solution: This error will only occur the first time the admin user logs in. The workaround is to log in a second time.
In the Administrator's Guide documentation for the MoveUser command-line utility, the example for moving one user from host1 to host2 based on account informationin Directory Server is inaccurate. (325370)
The example should be changed to the following:
The following paragraph should be added to the end of the description of MoveUser: (325370)
When using the configutil utility to retrieve attributes (such as store.quotaexceededmsg) that are user strings and thus may exist in more than one language, you can specify a language parameter in addition to the attribute option itself. For example, you use the command
configutil -o store.quotaexceededmsg
to retrieve the notification string that users see when they have exceeded their message quota. If the administrator has defined any language-specific strings, the above command will not retrieve them. To see the English string or the Japanese string, for example, use the following commands, respectively:
configutil -o "store.quotaexceededmsg;lang-en"
configutil -o "store.quotaexceededmsg;lang-jp"
If these language-specific strings exist, they are the strings that are seen by users whose language preference matches the language parameter. If no language-specific strings exist, all users see the default string.
On some platforms, it is not possible to use the
counterutil command-line
utility to list the set of counter objects in a given server's counter registry.
The following list includes all counterobjects recognized by the utility: (330433)
The file description in the Mailstone Utility document states that the script tools for generating LDAP entries for the test user base are installed in the following locations: (311122)
whereas the scripts to use with Messaging 4.03 are actually in these locations:
Note also that the directory mailstone/admin/2.X contains untested scripts, originally developed for earlier versions of Mailstone and Messaging Server, that should not be used.
In the Security chapter of the Administrator's Guide under Configuring SSL Encryption and Authentication, both the text and the diagram state that the Netscape Messaging Server supports POP over the SSL layer. This is not the case. MS 4.0x only supports SMTP and IMAP over SSL. (340469)
For Messaging Server 4.03 administrator documentation, see the online help that accompanies the product. The administrator's guide and related documents are also posted at the location http://home.netscape.com/eng/server/messaging/.
Installation instructions and release notes for all Netscape servers are posted at the location http://home.netscape.com/eng/server.
If you can't find the information you need, please contact technical support.