Important Product Alert: Root Certificate Expiration
If you are using SSL with Netscape Messaging Server, you need to be aware of important information related to root certificate expiration. At a minimum, you may need to ask your users to upgrade their browsers to Communicator 4.7. Depending on how you are using SSL, you may also need to update the root certificate in your server. For important and urgent information on root certificate expiration, see Digital Certificate Security Alert.
These release notes contain important information about Netscape Messaging Server 4.05 Patch 2. Please read these notes before using the product. Messaging Server 4.05 Patch 2 is available for the Solaris 2.6 and HP/UX 11.00 platforms. Use of this product is subject to the terms detailed in the license agreement accompanying it.
For information on Installing the Netscape Messaging Server 4.05 Patch 2, visit this site: http://home.netscape.com/eng/server/messaging/4.0/relnotes/install.htm.
These release notes contain the following sections:
Certain arguements in LIST/LSUB, for example, can cause a buffer overflow.
Messaging server (stored) hangs if messages are being sent at very high speed (5 users per 1 second) and at the same time extensively running mboxutil command ( mboxutil -l). A deadlock situation was arising as one of them (stored or mboxutil) failed to release a lock. This fix allows that if a process fails to release a lock, then tries again to release the lock, it works on the second attempt.
This symptom happens under very high stress conditions and if 'service.smtp.domainlangtable' parameter contains long list of domain-language mapping table. Instead of having a long list, this fix ignores the table and returns in the language specified as "gen.sitelanguage" parameter. This feature is enabled by setting "local.service.smtp.sitelanguageonly" to true.
Whenever a long header stream is sent after a DATA command, its size is not checked against configured limits and creates memory growth problems. This has been fixed.
NMS Post-Accept plugins that modified the incoming message were not effective due to the message being cached in memory too early in processing.
Resource serialization problems and a memory leak in LDAP caching routines caused LDAP connections to drop randomly and server memory to be used up.
Internally, the depth of the DNS caching tree was not limited and could result in stack overflow. This fix limits the search tree depth.
The NMS MTA did not allow pipe characters ('|') in either sender or recipient addresses.
Several methods were added so that shared folders could be accessed. One implementation is an automatic subscription of a user to shared folder. One user shares a folder via the ACL section using the admin server, and the destination user automatically gets subscribed.
If the ressh binary can not be accessed, a message is generated indicating that ressh is disabled.
A new tool was created for the quotacheck.
The installation program doesn't set the file and directory permissions to user "nobody".
This is a known limitation. Because the MMP is a separately installable component, you may install the NMS 4.15 MMP (which has SSL) which has a workaround to this issue.
The Program Delivery option will not work with shells that are not considered valid. On HP/UX and Solaris, the /etc/shells file contains the paths for valid shells. If the file is missing or empty, the following are valid login shells for the user to which the message is addressed:
/bin/sh
/usr/bin/sh
/bin/csh
/usr/bin/csh
/bin/ksh
/usr/bin/ksh
Messaging Server 4.05 Patch 1 fixes a case where UTF-8 encoded headers were not being parsed properly and caused an smtp daemon failure.
The limits in size of 1 KByte if the Administration console is used, and 2 KBytes if text is entered using the configutil command has been fixed.
This has been fixed through the use of an updated shared library in
Messaging Server 4.05 Patch 1 fixes several problems with inappropriate process growth by the smtp daemon. Note: none of these are related to load capacities.
Messaging Server 4.05 Patch 1 fixes several issues with regard to the Unsolicited Bulk E-mail filtering and plugins.
Messaging Server 4.05 Patch 1 fixes several issues with queueing behavior of the smtp daemon.
Messaging Server 4.05 Patch 1 adds support for a new configuration parameter which can be used to change the existing limit of 2000 messages that occurs when the the MTA throttles:
local.service.smtp.throttlethreshold
By default, this parameter is not set; the 2000 message limit is an internal limit.
Messaging Server did not check whether or not the remote server supported DSNs (ESMTP), resulting in inappropriate delivery failures.
If local.service.smtp.ldapcachelimit is set to 50, the 50th local recipient of a message would a bounce.
The service.smtp.domain configuration parameter was sometimes used rather than service.smtp.defaultdomain for address completion.
If you included a $ in your greeting message text, it now shows up as a $, rather than a /25 in the message that is delivered to the mailbox.
Messaging Server 4.05 Patch 1 changes a case where the default message sync level on the file system was not doing an explicit fdatasync() after each new message in the queue.
Messaging Server 4.05 Patch 1 fixes a case on HP/UX where sending messages with large attachments would be deferred.
Messaging Server 4.05 Patch 1 fixes a case where updates to the libUBEfilter or hide shared libraries would not get update in both the installation and the instance-specific location.
Messaging Server 4.05 Patch 1 fixes a case on HP/UX where if the Directory Server goes off-line in the middle of a large dynamic group send, the message would not be properly deferred to the rest of the recipients.
Messaging Server 4.05 Patch 1 fixes a case where setting the service.smtp.authmaildomain parameter did not force SMTP authentication with those domains.
The parameter is set using one of the following methods:
./setconf service.smtp.authmaildomain "xxx. 0.0.0.0"
(with a tab between the xxx. and 0.0.0.0 values).
or
./configutil -o service.smtp.authmaildomain -v - < tabfile
(where tabfile is a file containing tab-separated entries).
The message returned to the sender appears as:
Your message was rejected by mail-host for the following reason:
Authentication required for this domain
In some situations, the stored may end up looping. This can be seen by running the command:
stored -v -v -1
Since this is supposed to only pass through the database once, if you see the same entry being processed, then looping is occuring.
If one of the services core dumps and leaves a mismatched set of opens and closes, then it's possible that stored will fail during recovery.
A message fetched during an IMAP session having an internal date prior to 1980 may cause imapd to fail. In 4.05 Patch 1, the offending message will have a log entry output instead of failing.
Messaging Server 4.05 Patch 1 fixes a case where running the nsds3setup command against an existing Administration domain setup in Directory Server 4.1 would fail.
Messaging Server 4.05 and later corrects the path used to search for the secmod.db file.
Messaging Server 4.04 and later does not suffer from load-induced lockup.
Messaging Server 4.04 and later starts up only the stored instance specified if the -i flag is used.
Messaging Server 4.04 and later has been updated to correct the problem.
The Messaging Server 4.04 and later installer properly stops the Messaging Server 3.x instance.
Messaging Server 4.0 or 4.01, when it is receives a connection from a remote machine that is on its TCP Wrappers deny list, would print a 4xx SMTP greeting message and then close the connection, without waiting for any data. Messaging Server 4.04 and later sends a 5xx response (permanent instead of transient error), and waits a default of 10 seconds for the sending SMTP to send a QUIT message before closing the connection. If the QUIT message is received before the 10 seconds have passed, the connection will be closed immediately.
Messaging Server 4.05 and later corrects this problem.
Messaging Server 4.05 and later corrects this problem.
Messaging Server 4.05 fixes a case in Messaging Server 4.04 on HP/UX where sending mail to a group will cause the messages to contain only the headers and not the body of the message, and causes mailing list messages to be deferred.
Messaging Server 4.05 and later corrects this problem.
Messaging Server 4.04 and later fixes AUTH SMTP compatability with Outlook.
Messaging Server 4.04 and later is not sensitive to properly formatted comments in /etc/resolv.conf.
The stored utility in Messaging Server 4.04 and later will remove these files, so the manual workaround suggested in the 4.01 release notes is no longer necessary.
The bug is actually fixed in 4.04 and later. The functions PPGetHostByName() and PPGetHostByAddr() in the library file protplug.h have been updated to correct the problem. All Messaging Server 4.0 plug-ins should be recompiled after upgrading to Messaging Server 4.04 and later.
This command with Messaging Server 4.04 and later will clear the SMTP banner.
This causes the number of deferred messages reported by the mailq command to be overreported. This is fixed in 4.04 and later.
See the following document for more tuning information: http://home.netscape.com/eng/server/messaging/4.15/TuningGuide.html
Messaging Server 4.04 and later allows the administrator to tune the maximum number of recipients of a message. Care should be taken to modify this values because ISPs and other systems receiving mailing lists may need to accept a large number of recipients in each mail.
By default, this value is set to 100000.
Messaging Server 4.04 and later uses an internal database to store information. A dedicated thread periodically checks the database for deadlocks and resolves them. local.store.deadlock.checkinterval specifies how long the dedicated thread should sleep before it resumes deadlock resolution.
This value is measured in microseconds (1/1000000 second) and can be set to any positive integer between 1 and 1000000. The default value is 1000 (so every 1/1000 of a second the database will be checked for deadlocks). Generally, for larger machines and deployments, this number should be reduced to 100-200. For a small machine (especially a single CPU machine) the value should be left at 1000 or increased.
If stored consumes more than 10% of CPU on an idle server, this value should be increased.
Messaging Server 4.04 and later allows the administrator to configure the number of threads per process for different services like IMAP and POP. If threads per process are set incorrectly, then stored will consume too much CPU. At peak load and when the user population on the server is still relatively small, it is appropriate for stored to consume as much as 50% of CPU. To prevent or correct stored from consuming more than 50% of CPU at peak times, configure the threads per process as outlined below.
service.imap.maxthreads has a default value of 1000. Netscape recommends setting this to 250. service.pop.maxthreads has a default value of 1000. Netscape recommends setting this to 250.
The most important thing is that the TOTAL access threads be appropriate. That number can be calculated with this equation:
The TOTAL should be below 1000 in all cases, and ideally, under 500, for all deployments. Because deployments and environments are different, if testing in your specific environment shows a TOTAL greater than 1000 to be practical, then Netscape recommends using those values.
Messaging Server 4.04 and later shipped with an incorrect default value for one setting. Please execute the command
./setconf local.dbtxnsync 1
The consequence of the incorrect default value is decreased performance of all services. This bug is fixed in Messaging Server 4.1.
Messaging Server 4.0x shipped such that service.smtp.smtp-accept.allowqsnd setting does not work for turning off ETRN. Please execute one of the following to turn off ETRN:
configutil -l -o service.smtp.smtp-accept.allowqsnd -v no
Remember to use the -l option. This option forces any setting (even ones without local.* prefix) to be stored locally, thus getting around the schema issue.
./configutil -o service.smtp.smtp-accept.allowqsnd -v no
Messaging Server 4.05 Patch 1 adds support for a new configuration parameter which can be used to change the existing limit of 2000 messages that occurs when the the MTA throttles:
local.service.smtp.throttlethreshold
By default, this parameter is not set; the 2000 message limit is an internal limit.
Provide the same server root as you did for the existing 4.0, 4.01, 4.03, 4.04 or 4.05 installation. The setup utility will determine that the server is being upgraded from a 4.0, 4.01, 4.03, 4.04 or 4.05 server, and will guide you through the appropriate dialogs.
As noted in the "Other Bug Fixes" section of this document, the functions PPGetHostByName() and PPGetHostByAddr() in the library file protplug.h have been updated.
Due to a change in database formats, a 4.0 or 4.01 upgrade to 4.05 Patch 1 must be run on a cleanly shutdown server.
Solution: When doing an upgrade or migration from Messaging Server 4.0 or 4.01 to 4.05 Patch 1, all server components should be shut down. Then the stored process should be started alone and shut down again. Then all log files in <server-root>/msg-<instance>/store/mboxlist/ should be deleted.
# /etc/NscpMsg stop
# /etc/NscpMsg start store
# /etc/NscpMsg stop store
# rm <server-root>/msg-<instance>/store/mboxlist/log.*
# rm <server-root>/msg-<instance>/store/mboxlist/__*
# /etc/NscpMsg start
Messaging Server 4.05 Patch 1 includes the following limitations:
Restarting the server after changing the configuration information will refresh the configuration information.
Messaging Server 4.05 Patch 1 does not support Directory Server referrals. Note these requirements:
If a user goes over quota and then deletes mail to get back under quota, the user account summary still reports the old quota value. To update the user's quota, send mail to the user.
In the SMTP Configuration option of the GUI, there are Alternate MTA actions available. These do not work as desired in 4.05 Patch 1. These do work in 4.1.
Netscape supports the XSERVER private extension for authenticating message submissions. Reconstructing a mailbox causes all of the authenticated sender information to be discarded.
Otherwise, the remaining processes may stop responding while waiting for locks held by the terminated process. It is very important that stored start up before any of the other processes.
If you wish to create both a new Messaging Server 4.05 Patch 1 installation and a new Directory Server 3.x or 4.0 Users and Groups LDAP server, you must manually update the MS 4.05 Patch 1 Users and Groups server setting after installation. The MS 4.05 Patch 1 install process will use the default Users and Groups LDAP server setting in the Configuration LDAP server you provide during the MS 4.05 Patch 1 installation.
Solution: After installing MS 4.05 Patch 1 with the proper Configuration LDAP server, go to the Console and reconfigure the Users and Groups LDAP server setting to point at your new Users and Groups server.
When components are selected for installation, if only the Messaging Server is selected, the installation will not verify the dependent components have also been selected.
Solution: For Messaging Server 4.05 Patch 1, the Core and Admin Server are required components for the installation. If this is an upgrade, the Core and Admin Server will have already been installed, and do not need to be selected.
Using 4.05 Patch 1 to host multiple domains, you get the following error when trying to start the server:
ERROR: The following services failed to start, or were already: SMTP daemon and the logs indicate that the postmaster was not found.
Solution: If you are hosting more than one domain, you need to set service.smtp.messagehostname to the same value that local.hostname was set to before you can start up the Messaging Server.
During the 4.05 Patch 1 custom migration if you choose 'yes' to migrate from the previous Messaging Server configuration, it prompts again for the mail queue and mail store paths from the previous version of the Messaging Server. The installation uses the normal default value instead of the actual Messaging Server values.
Solution: You need to find out what these values were for the previously installed server and set them during the custom installation.
Solution: Netscape Console may be used from any machine to administer your Netscape Servers remotely. To obtain the necessary version of Netscape Console for your platform and operating system, visit http://home.netscape.com/eng/server/console/.
ERROR: Duplicate partition: [foo] found in checking mail store
path, [foo], [var/spool/foo2]
ERROR: Please correct it. See release notes for more details.
NOTICE: Initial User with path [foo] is [username].
When upgrading the mail store, Messaging Server 4.05 Patch 1 strips the begining part of the mail store path and strips non-alphanumeric characters. If the resulting paths for users are not unique, this error will occur.
Solution: If there are users who show up as duplicate partitions, upgrade their mailboxes individually with the upgrade -u option.
Solution: If something interrupts the upgrade process, the process can be resumed. The upgrade process will not attempt to upgrade mailboxes that have already been upgraded to the 4.x format. However, if the upgrade process stops, then you must run reconstruct -m before starting up the Messaging Server.
Migrating from previous versions of Messaging Server to Messaging Server 4.05 Patch 1, the SNMP configuration information, such as organization name, contact person, and server location, is not migrated to the newly installed Messaging Server.
Solution: Manually configure the SNMP from the Netscape Console.
The problem is caused by an incorrect 3.x MailStorePath attribute in the __up.<non-primary>.txt file. When running the upgrade utility against a non-primary 3.x mail store, the __up.<non-primary>.txt file uses the primary store path for the 3.x MailStorePath attribute instead of the non-default one.
Solution: Manually edit the file point to the correct custom defined MailStorePath value.
Currently the Messaging Server 4.05 Patch 1 upgrade utility won't remove the Messaging Server 3.5 messages if the -r option is specified with the -u option. Netscape recommends that you upgrade manually. For help with a manual upgrade refer to Installing the Netscape Messaging Server 4.05 Patch 1 at http://home.netscape.com/eng/server/messaging/4.0/relnotes/install.htm.
Solution: Specify the -r option during the folder upgrade:
# ./upgrade -s -r
# ./upgrade -u <userlist file>
If you shut down the Messaging Server while it is in the middle of migrating the messages in a folder, when you later start the server, the owner of the folder will get an invalid mailbox format error message when attempting to access that folder.
Solution: Use mboxutil -d to delete the corrupted mailbox. Then re-run upgrade -s to create the mailbox in transition state.
If a new Administration Server or other server is installed in the same server root directory as the messaging server, the mailaclbody.cgi and lscgi commands under the <serverroot>/bin/user/admin/bin directory may be changed to be owned by root. When the Messaging Server CGIs are invoked through the Console, the Messaging Server database files may become owned by root. This will cause the stored or other server processes to fail.
Solution: Verify that the mailaclbody.cgi and lscgi commands under the <serverroot>/bin/user/admin/bin directory are owned by the user and group specified by the local.serveruid and local.servergid values.
If needed, cycle the db files per the instructions in the Upgrading to 4.05 Patch 1 section.
If your site uses a Configuration Directory and a User Directory, upgrading Messaging Server against an existing default Configuration Directory might cause Messaging Server to reference an incorrect User Directory or Bind by anonymous.
Solution: After upgrade, change your Messaging Server configuration to reference the correct User Directory. Or you may have to redefine the Bind user with the correct ACI in the Directory.
This is a permissions conflict caused by running the Administration Server as a user other than root.
Solution: Administration Server must be run as root.
If you install messaging server on a host that has multiple hostnames, you may have key/cert file names that do not match the server instance name.
Solution: When you enable SSL on any of the messaging services, you need to make sure that the key/cert files that you specify actually exist in the <server-root>/alias directory.
In some cases, if you highlight a string and delete the values, your configuration changes will not be saved properly.
Solution: Place the cursor at the end of the values you wish to delete and use the backspace key to remove them, or place the cursor at the beginning of the value and press delete. When you commit the changes, the values will be reset.
The Send Error To field under the Mail property of a group incorrectly allows multiple email address entries.
Solution: Enter one address in the Send Error To field. Do not attempt to use comma-separated multiple addresses.
Uninstalling doesn't remove the /usr/lib/sendmail, /usr/lib/processq or /usr/bin/mailq links.
Solution: If uninstalling doesn't remove all files or directories, see the "Uninstalling Messaging Server Components" section of Installing Messaging Server 4.0 for UNIX for a complete list of manual uninstallation instructions.
All server processes must be shut down before running uninstall.
Solution: Manually run the command: /etc/NscpMsg stop
All Netscape Console Java environments must be shut down before running uninstall.
Solution: Close and exit all instances of the Netscape Console before running uninstall. Be sure there are no Netscape Console instances running on remote machines.
You may see the following error message adding store partitions:
Server error, not all attributes are saved. See logfiles for details.
Solution: You must use the configutil utility to add partitions.
With multiple Messaging Servers installed in multiple server roots, during an uninstall, the /etc/nsserver.cfg file may be wiped out instead of removing just the one entry.
Solution: Backup the /etc/nsserver.cfg file before uninstalling the server.
Alternate message queues cannot be created via the Netscape Console. The SMTP service cannot be started after any creation of multiple alternate queues.
Solution: The workaround is to use configutil to modify service.smtp.altqueues directly. The format is <dir path>[, <dir path>]. Note that there is a space after the comma.
Solution: Click on the mail account box twice.
Solution: CGI scripts check the <server-root>/bin/msg/admin/Instances.conf configuration file to find the proper server instance. If more than one is found, the script uses the first listed. Make sure the proper CGI script server is listed first in <server-root>/bin/msg/admin/Instances.conf configuration file.
Solution: This error will only occur the first time the admin user logs in. The workaround is to log in a second time.
These files touch the mailstore database logs, and if these files are not setuid it may cause the smtp and store daemons to core dump with permission errors.
Solution: Make sure the files mailaclbody.cgi and lscgi in
the <server-root>/bin/user/admin/bin directory have permissions set
that they are setuid (e.g. chmod 04555
Using the -p switch with -r causes reconstruct to run out of file descriptors.
Solution: Never use the -p switch of reconstruct.
In the Administrator's Guide documentation for the MoveUser command-line utility, the example for moving one user from host1 to host2 based on account informationin Directory Server is inaccurate. (325370)
The example should be changed to the following:
Also the example for moving a user's mailboxes from host1 to host2 when the user ID is specified in the command line should be changed to the following: (329880)
The following paragraph should be added to the end of the description of MoveUser: (325370)
When using the configutil utility to retrieve attributes (such as store.quotaexceededmsg) that are user strings and thus may exist in more than one language, you can specify a language parameter in addition to the attribute option itself. For example, you use the command
configutil -o store.quotaexceededmsg
to retrieve the notification string that users see when they have exceeded their message quota. If the administrator has defined any language-specific strings, the above command will not retrieve them. To see the English string or the Japanese string, for example, use the following commands, respectively:
configutil -o "store.quotaexceededmsg;lang-en"
configutil -o "store.quotaexceededmsg;lang-jp"
If these language-specific strings exist, they are the strings that are seen by users whose language preference matches the language parameter. If no language-specific strings exist, all users see the default string.
On some platforms, it is not possible to use the counterutil command-line utility to list the set of counter objects in a given server's counter registry. The following list includes all counterobjects recognized by the utility: (330433)
The counterutil command in 4.0, 4.01 or 4.03 did not allow you to specify either the interval to get counter information, nor the number of iterations. These options to counterutil are now available in 4.04 and later: (355869)
The file description in the Mailstone Utility document states that the script tools for generating LDAP entries for the test user base are installed in the following locations: (311122)
whereas the scripts to use with Messaging 4.04 and later are actually in these
locations:
Note also that the directory mailstone/admin/2.X contains untested scripts, originally developed for earlier versions of Mailstone and Messaging Server, that should not be used.
In the Security chapter of the Administrator's Guide under Configuring SSL Encryption and Authentication, both the text and the diagram state that the Netscape Messaging Server supports POP over the SSL layer. This is not the case (340469). MS 4.0x only supports SMTP and IMAP over SSL.
For Messaging Server 4.05 Patch 1 administrator documentation, see the online help that accompanies the product. The administrator's guide and related documents are also posted at the location http://home.netscape.com/eng/server/messaging/.
Installation instructions and release notes for all servers are posted at the location http://home.netscape.com/eng/server/.
If you can't find the information you need, please contact Technical Support.