Messaging Server Administrator's Guide: Messaging Multiplexor

Chapter 13 Messaging Multiplexor

This chapter describes Netscape Messaging Multiplexor and provides installation and configuration instructions. This chapter contains the following sections:

About Messaging Multiplexor

Multiplexor Configuration

Installing and Configuring Multiplexor (Unix)

Installing and Configuring Multiplexor (NT)

Running Multiplexor

Uninstalling Multiplexor

About Messaging Multiplexor

Netscape Messaging Multiplexor is a specialized messaging server that acts as a single point of connection to multiple messaging servers. With the Multiplexor, large-scale messaging-service providers can distribute POP and IMAP user mailboxes across many machines to increase messaging capacity. All users connect to the single Multiplexor server, which redirects each connection to the appropriate messaging server.

If you provide electronic mail service to many users, you can install and configure Messaging Multiplexor so that an entire array of messaging servers will appear to your mail users to be a single host.

Messaging Multiplexor is provided as part of Netscape Messaging Server. You can install Messaging Multiplexor when first installing Messaging Server or other Netscape servers, or at a later time.

Netscape Messaging Multiplexor supports:

Both unencrypted and encrypted (SSL) communications with mail clients.

Client certificate-based authentication, described in Certificate-Based Client Authentication.

User pre-authentication, described in User Pre-Authentication.

Virtual domains that listen on different IP addresses and automatically append domain names to user IDs, described in Virtual Domains.

Multiple installations of Multiplexor on different machines (one installation per machine).

Multiple instances of Multiplexor on a server machine, described in Multiple Multiplexor Instances. Multiple instances can be used for alternate configurations such as SSL or the listen port that cannot be handled through virtual domains.

Enhanced LDAP searching.

Multiplexor Benefits

Message stores on heavily used messaging servers can grow quite large. Spreading user mailboxes and user connections across multiple servers can therefore improve capacity and performance. In addition, it may be more cost-effective to use several small server machines than one large, high-capacity, multiprocessor machine.

If the size of your mail-server installation requires the use of multiple messaging servers, your organization can benefit in several ways from using the Messaging Multiplexor. The indirect connection between users and their message stores, coupled with the ease of reconfiguration of user accounts among messaging servers allows for the following benefits:

Simplified user management

Because all users connect to one server (or two, if you have separate Multiplexors for POP and IMAP), you can preconfigure email clients and distribute uniform login information to all users. This simplifies your administrative tasks and reduces the possibility of distributing erroneous login information.

For especially high-load situations, you can run multiple Multiplexor servers and manage connections to them by DNS round robin or by using a load- balancing program, such as LocalDirector from Cisco Systems.

Because Multiplexor uses information stored in the LDAP directory to locate each user's messaging server, moving a user to a new server is simple for the system administrator and transparent to the user. The administrator can move a user's mailbox from one messaging server to another, and then update the user's entry in the directory. The user's mail address, mailbox access, and other client preferences need not change.

Improved performance

If a message store grows prohibitively large for a single machine, you can balance the load by moving some of the message store to another machine.

You can assign different classes of users to different machines. For example, you can choose to locate premium users on a larger and more powerful machine.

Multiplexor performs some buffering, so that slow client connections (through a modem, for example) do not slow down the messaging server.

Decreased cost

Because you can efficiently manage multiple messaging servers with Messaging Multiplexor, you can decrease overall costs by purchasing several small server machines that together cost less than one very large machine.

Better scalability

With Messaging Multiplexor, your configuration can expand easily. You can incrementally add machines as your performance or storage-capacity needs grow, without replacing your existing investment.

Minimum user downtime

Using Messaging Multiplexor to spread a large user base over many small store machines isolates user downtime. When an individual server fails, only its users are affected.

Increased security

You can use the server machine on which Messaging Multiplexor is installed as a firewall machine. By routing all client connections through the Multiplexor machine, you can restrict access to the internal message store machines by outside computers. Messaging Multiplexor supports both unencrypted and encrypted communications with clients.

How Multiplexor Works

Messaging Multiplexor is a multithreaded server that facilitates distributing mail users across multiple server machines. Multiplexor handles incoming client connections destined for other server machines (the machines on which user mailboxes reside). Clients connect to Multiplexor itself, which then redirects the session to the server with the correct mailbox. This capability allows Internet service providers and other large installations to spread message stores across multiple machines (to increase capacity) while providing the appearance of a single mail host for users (to increase efficiency) and for external clients (to increase security).

Figure 13.1 shows how servers and clients relate to each other in a Messaging Multiplexor installation.

Figure 13.1 How the Messaging Multiplexor interacts with clients and servers

All POP and IMAP clients work with Messaging Multiplexor. Messaging Multiplexor accepts connections, performs LDAP directory lookups, and routes the connections appropriately. As is typical with other mail-server installations, each user is assigned a specific address and mailbox on a specific messaging server. However, all connections are routed through Multiplexor.

In more detail, these are the steps involved in establishing a user connection:

A user's client connects to Multiplexor, which accepts preliminary authentication information (user name).

Multiplexor queries an LDAP directory server to determine which messaging server contains that user's mailbox.

Multiplexor connects to the proper messaging server, replays authentication, then acts as a pass-through pipe for the duration of the connection.

Encryption (SSL) Option

The Netscape Multiplexor supports both unencrypted and encrypted (SSL) communications between the IMAP server and mail clients.

In SSL mode, Multiplexor listens by default on port 993. You can specify a different port if you wish. The IMAP Multiplexor SSL supports STARTTLS which allows Multiplexor to promote non-SSL connections to SSL.

To enable SSL encryption for your IMAP service:

When using the mmp-setup script, answer yes to the "Should the IMAP MMP do SSL" prompt. Then specify port, secmodfile, certfile, keyfile, keypass, ciphers, and certname parameters. See Table 13.9 for details about configuration prompts.

When specifying Multiplexor configuration options from the command line, use the -s parameters (secmodfile, certfile, keyfile, keypass, ciphers, and certname) parameters. See Table 13.4 for details.

Certificate-Based Client Authentication

Multiplexor can use certmap to match a client's certificate to the correct user in the user-group LDAP database.

In order to use certificate-based client authentication, you must also enable SSL encryption as described in Encryption (SSL) Option.

You also have to configure a store administrator. You can use the mail administrator, but Netscape recommends that you create a unique user ID, such as mmpstore for this purpose so that you can set permissions as needed.

Note that Multiplexor does not support certmap plug-ins. Instead, Multiplexor accepts enhanced DNComps and FilterComps property value entries in the certmap.conf file. These enhanced format entries use the form:

mapname:DNComps FROMATTR=TOATTR
mapname:FilterComps FROMATTR=TOATTR

So that a FROMATTR value in a certificate's subjectDN can be used to form an LDAP query with the TOATTR=value element. For example, a certificate with a subjectDN of "cn=Pilar Lorca, ou=pilar o=airius.com" could be mapped to an LDAP query of "(uid=pilar)" with the line:

mapname:FilterComps ou=uid

To enable certificate-based authentication for your IMAP service:

Decide on the user ID you intend to use as store administrator.

While you can use the mail administrator for this purpose, Netscape recommends that you create a unique user ID for store administrator. For example, mmpstore.

Make sure that SSL encryption is (or will be) enabled as described in Encryption (SSL) Option.

Configure Multiplexor to use certificate-based client authentication:

When using the mmp-setup script, answer yes to the "Do you have a certmap.conf (Should MMP do client-cert auth)" prompt. Then specify the location of the certmap.conf file, the store administrator user ID, and password. See Table 13.9 for details.

When specifying Multiplexor configuration options from the command line, use the -cm cmfile, -d storeadmin, and -W password options. See Table 13.4 for details about these configuration prompts.

User Pre-Authentication

Multiplexor has the option of pre-authenticating users by binding to the directory as the incoming user and logging the result.

Note: Enabling the pre-authentication option will reduce server performance.

The log entries are in the format:

date time (sid 0x%p) user name pre-authenticated - client IP address

Where date is in the format yyyymmdd, time is in the format hhmmss, sid is the session object, the user name includes the virtual domain (if any), and the IP address is in dot-quad format.

Virtual Domains

Multiplexor supports the 4.0 format virtual domain file syntax.

Virtual domains listen on different IP addresses and automatically append domain names to user IDs. They can also be used to specify alternate configurations.

Multiplexor can map IP addresses to domain names for searching an LDAP directory and for logging in to the store server. When a connection is accepted from a client, if the server's IP address is in the virtual domain mapping file, the domain is appended to the user ID and used for the LDAP search and for subsequent replay of authentication. This capability is useful for hosting multiple domains with overlapping user ID name spaces.

To enable virtual domains:

When installing in Unix environments, answer yes to the "Should this MMP do virtual domain mapping?" prompt. Then specify the location (name) of the virtual domain mapping file and the domain delimiters it uses. See Table 13.7 for details.

When specifying Multiplexor with the Server Setup program in Windows NT environments, answer yes to the "Use Virtual Domain Mapping" prompt. See Table 13.9 for details.

When specifying Multiplexor configuration options from the command line in Windows NT environments, use the -vd file option followed by the -vdd str option. See Table 13.4 for details.

Each entry of a virtual domain file has the following syntax:

vdmap name IPaddr
name:property value

Where name is whatever name you choose to use, IPaddr is in dot-quad format, and property and value pairs configure the virtual domain as described in Table 13.1. When set, virtual domain properties override global configuration parameters.

Table 13.1 describes the properties you can specify for a virtual domain. (See Table 13.3 for a description of configuration variables you can specify for Multiplexor.)

Table 13.1 Virtual domain properties


Property	Description
BindDN BindPass	User-group LDAP credentials. This property is ignored if the LdapUrl property is not set. In most cases it is not necessary to specify this property.
CanonicalVirtual DomainDelim	The delimiter used by the Multiplexor to separate the user ID from the appended virtual domain when talking to the message store server and LDAP server.
CertMapFile	If certificate-based authentication is enabled, the certmap.conf file for this domain.
LdapUrl	The URL for user-group LDAP information using the format: ldap[s]://HOST[:PORT]/BASEDN
MailHostAttrs	A comma-separated list of LDAP attributes to be treated as the users' mailhost. Multiplexor tries to connect to each server returned by the search in turn.
PreAuth	If set to "Yes," pre-authentication is enabled. Note that enabling pre-authentication reduces server performance.
StoreAdmin StoreAdminPass	The store administrator credentials (user ID and password). For proxy-authentication to the store server when the client is authenticated to the Multiplexor via an SSL client certificate.
UidSearch	A printf-style format string with which to construct a user-group LDAP query for the user's mailhost. These are the valid escapes for UidSearch: %s - For userd+virtualdomain %U - For userid only %V - For virtual domain only %C - Client IP address %S - Server IP address %D - Client cert DN
VDomain	The virtual domain name to append to incoming user names (for sites that have virtual domains enabled). If omitted, no domain name is appended to the replayed credentials.
VirtualDomainDelim	A string listing all of the virtual domain delimiters that the Multiplexor accepts. This is just a string of characters not separated by spaces or commas. Any character in the string is treated as a delimiter.
VirtualDomainFile	The name of the file containing your virtual domain mapping. If a filename is entered for this variable, virtual domains are enabled. See Table 13.1 for a description of configuration variables that apply to virtual domains.

Multiple Multiplexor Instances

You can create multiple instances of Multiplexor, all of which must be on the same server. In other words, you can have multiple installations of Multiplexor on different servers, and on any given machine you can have multiple instances.

Using multiple instances of Multiplexor allows you to create alternate configurations, such as SSL or the listen port, that cannot be handled through virtual domains.

You can configure a single instance of Multiplexor to support both POP and IMAP protocols (as shown in Figure 13.1), or you can create separate Multiplexor instances for each protocol, as shown in Figure 13.2. By splitting messaging services across different machines, you can tune the resources on each computer for maximum performance.

Figure 13.2 Separate Multiplexors and messaging servers for POP and IMAP support

For instructions on creating multiple instances of Multiplexor, see Installing and Configuring Multiplexor (Unix) or Installing and Configuring Multiplexor (NT).

Multiplexor Configuration

You control how Multiplexor operates by setting configuration parameters.

There are two ways to set configuration parameters:

Configuration environment variables are parameters that are permanently stored and applied each time Multiplexor is run. There are several methods of specifying configuration environment variables as described in Table 13.2.

Command line configuration options are parameters that are specified on the command line at the time Multiplexor is run. A configuration parameter specified on the command line at the time Multiplexor is run overrides any corresponding value specified as an environment variable. For example, if you have specified a value for the capability parameter as an environment variable, but you enter a different capability value from the command line, the command line value will be used by that Multiplexor session.

Note that the only difference between environment variable and command-line option parameters is how you choose to set them. Any configuration parameter can be set as either an environment variable or a command-line option.

In Unix environments, environment variables for each Multiplexor instance are stored in configuration files named ImapMMP.config and PopMMP.config. These files are stored in the directory MMPRoot/MMP_instanceName.

In NT environments, environment variables for each Multiplexor instance are stored in the Windows registry.

Table 13.2 describes different ways to set environment variables. Table 13.3 describes the configuration parameters you can set for Multiplexor.

Table 13.2 Methods of setting Multiplexor configuration parameters


Unix Environment Configuration Methods	NT Environment Configuration Methods
Run the Server Setup program to install and configure the first Multiplexor instance as described in Multiplexor Installation (Unix) which takes you through the configuration prompts described in Table 13.7. You can also use this method to configure subsequent Multiplexor instances.	Run the Server Setup program as to install and configure the first Multiplexor instance described in Multiplexor Installation (NT) which takes you through the configuration prompts described in Table 13.9. You can also use this method to configure subsequent Multiplexor instances.
Once Multiplexor has been installed with the Server Setup program, you can configure Multiplexor instances with the mmp-setup script as described in Multiplexor Installation (Unix) which takes you through the configuration prompts described in Table 13.7.	(The mmp-setup script is not available on NT platforms.)
An alternate method of configuring Multiplexor instances is to run the PopProxy or ImapProxy commands with the install and command-line options. This displays configuration syntax on your screen which you can paste into Multiplexor configuration files.	An alternate method of configuring Multiplexor instances is to run the PopProxy or ImapProxy commands with the install option and use command-line options to specify configuration variables as described in Command-Line Configuration Options and Table 13.4.
You can also directly edit the configuration parameters in the Multiplexor configuration files as described in Directly Setting Configuration Variables (Unix).	You can also directly edit the configuration parameters in the Windows NT Registry as described in Directly Specifying Configuration Variables (NT).

Note: You cannot run the mmp-setup script or PopProxy or ImapProxy commands, or directly edit variables, until your first instance of Multiplexor has been set up through the Server Setup program.

Multiplexor Configuration Parameters

You control how Multiplexor operates by specifying various configuration parameters, either as environment variables or as command-line options.

Table 13.3 describes the parameters you can set. (Table 13.1 describes the parameters that you can set for virtual domains.)

Note: The names and values of configuration parameters are case-sensitive.

Table 13.3 Multiplexor configuration parameters


Variable	Description
BacksidePort	Port on which to connect to message store server. This parameter lets you run a multiplexor and a store server on the same machine, with the store server on a different port. You might want to do this if you want a flat configuration--that is, if you want to run Multiplexors on all machines. For information about specifying ports, see Configuration Prompts (NT). Default = 110 for POP3; 143 for IMAP (the standard ports) (select n on Unix installer to choose defaults)
Banner	Banner replacement string. Multiplexor will use the string you specify instead of its default banner for its greeting line. Default = "Netscape Messaging Multiplexor ready" (select n on Unix installer to choose default)
BaseDN	BaseDN is where Multiplexor begins its search in the LDAP database. Some LDAP servers may require that a client (in this case Messaging Multiplexor) be authenticated before it can search the database for certain information. If your server has ACLs that require some level of authentication for getting a user's mail information, set this parameter. The BaseDN must specify an entry to which the bind distinguished name (binddn) has access privileges for operations on the directory database. Default: o=mcom.com (Change this to your base DN.)
BindDN	LDAP bind DN to use to authenticate to the LDAP server. Default = Anonymous
BindPass	LDAP bind password. There is no default.
CanonicalVirtual DomainDelim	Canonical virtual domain delimiter. The character used by Multiplexor to separate the user ID from the appended virtual domain when talking to the message store server and LDAP server. The default is +, so user IDs passed to LDAP and the message store servers have the form userid+virtual.domain. Default = "+" (default string passed to directory is "userid+virtual.domain")
Capability	Capability replacement string. Multiplexor will use the string you specify for Capability instead of its default (own) capability to tell IMAP clients what it (or the servers behind it) can do. This variable has no effect in POP3. If you are using Netscape servers and want to use the Manage Mail Account feature, you must specify this Capability configuration parameter to change Multiplexor's capability. A suggested string to support Manage Mail Account is: IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=PLAIN X-NETSCAPE Default = IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=PLAIN (select n on Unix installer to choose default)
CertMapFile	The name of the certmap.conf file. Default = certmap.conf
LDAPHost	LDAP server and port to use for user information. The host machine name and port of the LDAP server that contains your user database (among other things). You must set up the LDAP host before the Multiplexor can work properly. Default = Localhost:IPPORT_LDAP (port 389)
ListenPort	The port on which to listen for incoming client connections. An IP address may be specified for an optional bind address, for multi-homed hosts (hosts that have more than one IP address). For information about specifying ports, see Choosing a Port Number (Unix) or Configuration Prompts (NT). Default = 110 for POP3; 143 for IMAP (the standard ports) (select n on Unix installer to choose defaults)
LogDir	The directory in which the Multiplexor creates log files. If you specify a directory that does not exist, no log file is created. Log file names have the following format: MMP_yyyymmdd.log Default = current directory (the directory that contains Multiplexor)
LogLevel	The logging verbosity level--the amount of information written into log files. You can specify a number from 0 through 10, with 10 representing the highest level of verbosity. At higher levels, more events are logged. The higher the level, the more information in the log. Default = 1
MailHostAttrs	Comma-separated list of LDAP attributes identifying the user's mail host. Multiplexor tries to connect to each server returned by the search in the order specified by the list. Default = mailHost
NumThreads	The maximum number of worker threads to allocate. If the machine has multiple CPUs, running the Multiplexor with worker threads will improve performance. The optimal number of work threads is the number of processors on the machine. For example if your machine has two CPUs, specify 2. If this is a single-processor machine, specify 0 for optimal performance. Default = 0 (the main thread does all the work)
PreAuth	Enables Global Roaming preauthentication. With preauthentication, clients authenticate to Multiplexor and Multiplexor relays authentication information to the message store. If set to "Yes," pre-authentication is enabled. Note that enabling pre-authentication reduces server performance. Default = off
ServerDownAlert	IMAP only. String returned to client in an IMAP ALERT message when Multiplexor cannot connect to a user's store server. Default = "Your IMAP server appears to be temporarily out of service."
SpoofMessageFile	The file to use for POP3 inbox spoofing. Multiplexor can imitate a base-functionality POP3 server in case Multiplexor can't connect to a client's store machine. In such a situation, Multiplexor creates an inbox for the user and places this one message into it. The format of the message contained in this file should conform to RFC 822 (including the final '.'). Default = no spoof message
SSLBacksidePort	Port on which to connect to message store server using SSL.
SSLCertFile	Server certificate database file location (defined when you obtained a certificate for this server). Multiplexor needs a server certificate to offer to clients in the handshake phase of SSL. The location specified here should be absolute, not relative to the Multiplexor installation directory. Default = cert7.db
SSLCertName	Name of this server's SSL server certificate (defined when you obtained the certificate). Multiplexor uses this string to identify the certificate in its certificate database (certfile).
SSLCipherSecs	A colon-separated list of ciphers (or the string "all") representing the cipher algorithms that this server can use to encrypt SSL sessions. The client and server agree to one of them when a session is established. The available cipher specifications are: SSL_RSA_WITH_RC4_128_ MD5 SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_FIPS_WITH_DES_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL_RSA_WITH_NULL_MD5 Default = all
SSLEnable	Whether or not to enable SSL. If set to "True" or "Yes", Multiplexor will listen on both normal and SSL ports. If SSL is enabled, all of the following variables must be set. You can specify an empty parameter with empty quotes (""). SSLSecmodFile SSLCertFile SSLKeyFile SSLKeyPasswd SSLCipherSpecs SSLCertNickname Default = n (SSL not enabled)
SSLKeyFile	Key database file location (defined when you obtained a certificate for this server). Multiplexor needs a private key corresponding to its SSL server certificate. The location specified here should be absolute, not relative to the Multiplexor installation directory. Default = key3.d
SSLKeyPasswd	Password that protects access to the private key file. The password may be null if the key is not password-protected. Default = no password protection
SSLListenPort	Port on which to listen for incoming SSL connections. Default = 993 for IMAP (the standard SSL IMAP port) (select n on Unix installer to choose default)
SSLSecmodFile	Security module database file location (usually null). If you have hardware accelerators for SSL ciphers, this file describes them to the Multiplexor. Default = no secmod database (select n on Unix installer to choose default)
StoreAdmin	The user name of the store administrator for proxy authentication during SSL. Default = Null Recommended = mmpstore
StoreAdminPass	Password of store admin for proxy-authentication during SSL. There is no default.
VirtualDomainDelim	String of acceptable virtual domain delimiters. Any character in this string will be treated as a domain delimiter in a user ID received by Multiplexor. (Multiplexor searches user IDs from the end.)
VirtualDomainFile	The name of the file containing your virtual domain mapping. If a filename is entered for this variable, virtual domains are enabled. See Table 13.1 for a description of configuration variables that apply to virtual domains.
UidSearch	A printf-style format string with which to construct user-group LDAP query for the user's mailhost when virtual domains are enabled.

Command-Line Configuration Options

Once an instance of Multiplexor has been installed using the Server Setup program, you can run Multiplexor directly from the command line using either the PopProxy or ImapProxy commands as described in Running Multiplexor.

Note: In NT environments, the preferred method of running Multiplexor is from the Service Control Manager as described in Running Multiplexor (NT). Normally, you would run Multiplexor from the command line only if you wanted to override one or more configuration options by specifying different options on the command line.

If you choose to run Multiplexor from a command line, configuration options you specify on the command line itself take precedence over any corresponding configuration environment variables contained in Unix configuration files or the Windows registry. For example, if there is a UidSearch environment variable set, but you specify a different UidSearch value from the command line, the one you specify on the command line is used for that Multiplexor session. When starting Multiplexor from the command line, configuration options that you do not specify on the command line are taken from environment variables if they exist, or set to default values if there is no existing configuration variable.

To run Multiplexor for POP service with command-line configuration options, use this syntax:

PopProxy [install] [options]

To run Multiplexor for IMAP service with command-line configuration options, use this syntax:

ImapProxy [install] [options]

Where the configuration options you can set are described in Table 13.4. For the environment variables that the command-line options specify, see Table 13.3.

Table 13.4 Multiplexor command-line option descriptions


Option	Description
-a str	IMAP only. IMAP ALERT message. Specifies the message returned to IMAP clients when the Multiplexor cannot connect to a user's store server. Configuration parameter = ServerDownAlert
-b basedn	The distinguished name (DN) to use as the search base for LDAP user queries. Configuration parameter = BaseDN
-ba str	Banner replacement string. Multiplexor uses str instead of its default banner for its greeting line. Configuration parameter = Banner
-c port	The port on which to connect to the message store server. Configuration parameter = BacksidePort
-cm cmfile	Specifies the certmap.conf file. Configuration parameter = CertMapFile
-d storeadmin	The user name of the store administrator for proxy authentication during SSL. Configuration parameter = StoreAdmin Recommended = mmpstore
-D binddn	The distinguished name used by Multiplexor to authenticate to an LDAP server when performing an operation. Configuration parameter = BindDN
h host[:port]	The host machine name and port of the LDAP server that contains your user database (among other things). Configuration parameter = LDAPHost
install	In Unix environments, the install option simply prints out the configuration syntax you specify on the command line. In NT environments, the install option changes the configuration variables you specify in the Windows registry. See Using the install Option for details. Note: If you use the install option, Multiplexor does not run as a server.
-m file	The file to use for POP3 inbox spoofing. Configuration parameter = SpoofMessageFile
-ma str	Comma-separated list of LDAP attributes identifying the user's mail host. Multiplexor tries to connect to each server returned by the search in the order specified by the list. Configuration parameter = MailHostAttrs
-n instance	The name of the instance that is displayed in service control manager. If the Multiplexor instance of this name already exists, the configuration options you specify on the command line will be applied to that instance. If no instance of this name exists, a new one will be created.
-o dir	The directory in which Multiplexor creates log files. If you specify a directory that does not exist, no log file is created. Log file names have the following format: MMP_yyyymmdd.log Configuration parameter = LogDir
-p [IP:]port	The port on which to listen for incoming client connections. IP is an optional bind address for a machine that is multihomed (has more than one IP address). For information about specifying ports, see Choosing a Port Number (Unix) or Configuration Prompts (NT). Configuration parameter = ListenPort
-pre	Enables Global Roaming preauthentication; clients can authenticate to Multiplexor; Multiplexor relays authentication information to the message store. Configuration parameter = PreAuth
-ps port	The port on which to listen for incoming client SSL connections. Configuration parameter = SSLListenPort
-s SSLSecmodFile SSLCertFile SSLKeyFile SSLkeypass SSLCipherSecs SSLCertNickname	Specify whether to enable SSL connections with clients. If you enable SSL, Multiplexor listens on both normal and SSL ports. If you do enable SSL by using the -s option in the command line, you must set the six required SSL parameters in the following order, on the command line: -s SSLSecmodFile SSLCertFile SSLKeyFile SSLkeypass SSLCipherSecs SSLCertNickname See Table 13.5 for descriptions of these six parameters, and Table 13.3 for a description of the variables that they set. You can specify an empty parameter with empty quotes ("").
-t num	The maximum number of worker threads to allocate to the machine on which Multiplexor runs. Configuration parameter = NumThreads
-us str	String for user ID search. When performing LDAP directory searches, Multiplexor uses str instead of the default. Configuration parameter = UidSearch
-v num	The logging verbosity level--the amount of information written into log files. You can specify a number from 0 through 10, with 10 representing the highest level of verbosity. At higher levels, more events are logged. Configuration parameter = LogLevel
-vd file	Virtual domain file location. Configuration parameter = VirtualDomainFile
-vdd str	Virtual domain delimiter list. A string containing the acceptable delimiter characters for virtual domains. Configuration parameter = VirtualDomainDelim
-vddc char	Canonical virtual domain delimiter. Configuration parameter = CanonicalVirtualDomainDelim
-w pass	The password associated with the bind distinguished name, for authenticating to an LDAP server. Configuration parameter = BindPassword
-W pass	The password of the store administrator for proxy authentication during SSL. Configuration parameter = StoreAdminPass
-x str	Capability replacement string. Configuration parameter = Capability

Table 13.5 SSL command line parameters for -s command


Option	Description
SSLSecmodFile	Security module database file location (usually null). Configuration parameter = SSLSecmodFile
SSLCertFile	Server certificate database file location (defined when you obtained a certificate for this server). Configuration parameter = SSLCertFile
SSLKeyFile	Key database file location (defined when you obtained a certificate for this server). Configuration parameter = SSLKeyFile
SSLKeyPasswd	Password that protects access to the private key file. The password may be null if the key is not password-protected. Configuration parameter = SSLKeyPasswd
SSLCipherSpecs	A colon-separated list of ciphers (or the string "all") representing the cipher algorithms that this server can use to encrypt SSL sessions. See Table 13.3 for the available cipher specifications. Configuration parameter = SSLCipherSpecs
SSLCertNickname	Name of this server's SSL server certificate (defined when you obtained the certificate). Configuration parameter = SSLCertNickname

Using the install Option

Note that using the install option aborts loading Multiplexor. In other words, if you run PopProxy or ImapProxy with the install option, Multiplexor does not start.

When running Multiplexor from the command line, you can use the install option:

In NT environments, if you run PopProxy or ImapProxy with the install option, any options you specify on the command line are added to or changed in the NT registry. In other words, options you specify on the command line become environment variables. The next time Multiplexor is started, it will take those variables from the registry. Note that if a parameter is specified in the registry, and you do not include it on the command line, it remains as it was in the registry.

In Unix environments, the install option does not make any changes to any of the configuration files. In other words, the install option does not create any environment variables. Instead, the configuration options you specified on the command line are printed out, and you can copy those into a configuration file.

Installing and Configuring Multiplexor (Unix)

Messaging Multiplexor is available as part of Netscape Messaging Server. You can install Multiplexor at the same time as you install Messaging Server, or you can install it later using the Server Setup program. Either way, you first need to prepare the system to support Multiplexor.

Before You Install (Unix)

Before you install Messaging Multiplexor on a Unix machine, perform the following tasks:

Choose the machine on which you will install Multiplexor. Netscape recommends against installing Multiplexor on a system that is also running Messaging Server or Directory Server. It is best to use a separate machine for Multiplexor.

Check that the system meets all the hardware and software requirements for using Netscape Messaging Server. For more information about installation requirements, see the Messaging Server Installation Guide.

On the machine that Messaging Multiplexor is to be installed on, create a new user to be used exclusively by Multiplexor. This new user must belong to a group. Suggested names for the user are nsmmp ("Netscape Messaging Multiplexor") or nsmail.

Set up the LDAP directory server and its host machine for use with Messaging Server, if they are not already set up. For more information, see the Directory Server documentation.

If you already have an older version of the Multiplexor installed and want to replace it, you must remove the old version of Multiplexor before you can install the new one. To remove Multiplexor, remove the mmp server root directory and the /etc/netscape.mmp.conf file.

HP-UX. If you're using Messaging Multiplexor on HP-UX, you must install the operating-system patches that are required to run Messaging Server 4.1. For more information, see the Messaging Server Installation Guide.

Also for HP-UX, you should increase the values of the configurable kernel parameters maxfiles, maxfiles_lim, and nfiles to a much larger number. For example, with the settings shown below, Multiplexor can support approximately 8,000 simultaneous sessions. (The more RAM you have in your machine, the higher these values can be.)

maxfiles 16384
maxfiles_lim 16384
nfiles 32768

See your platform documentation for information on how to set these parameters.

Multiplexor Files (Unix)

In Unix environments, Multiplexor executable files are stored in the Multiplexor installation directory (MMPRoot in this document), and two subdirectories of MMPRoot: MMPRoot/bin and MMPRoot/lib. At installation time you specify the directory that you want to use as MMPRoot. For example,
/usr/netscape/server4/bin/mmp.

When you install Multiplexor, you create one or more Multiplexor instances. Different instances can use different configuration variables. Each instance has its own directory that contains the configuration files for that instance. Instance directories are created as subdirectories of MMPRoot. For example,
MMPRoot/mplex1.

Table 13.6 lists the principal files that make up a Messaging Multiplexor installation in a Unix environment.

Table 13.6 Messaging Multiplexor files (Unix)


File	Description
PopProxy, ImapProxy	The executable Messaging Multiplexor programs for IMAP and POP services, respectively (installed in directory MMPRoot/bin).
ImapMMP.config, PopMMP.config	Configuration files specifying environment variables used for IMAP and POP services, respectively (installed in directory MMPRoot/MMP_instanceName).
ImapMMP, PopMMP	Shell scripts that set environment variables and execute Multiplexor for IMAP and POP services, respectively (installed in directory MMPRoot/MMP_instanceName). May be included in the init directory to automatically start up Multiplexor.
mmp-setup	The Multiplexor Installer (installed in directory MMPRoot).
libldapv30 (or libldap32v30), libnspr21, libplc21, libplds21	Shared libraries used by Messaging Multiplexor (installed in directory MMPRoot/lib).
$CONFIG_FILE	Identifies the location of MMPRoot (installed in /etc/netscape.mmp.conf).

Multiplexor Installation (Unix)

In Unix environments, there are two ways to install Messaging Multiplexor on a machine:

When you install Messaging Server or other Netscape components, the Server Setup program gives you the option of choosing to install Messaging Multiplexor at the same time. You can run the Server Setup program to install Multiplexor at any time. See Creating a Multiplexor Instance (Unix) for details. (For instructions on using the Server Setup program, see the Messaging Server Installation Guide.)

Once Multiplexor has been installed on a machine, you can also use the Multiplexor Installer to create additional Multiplexor instances by running the mmp-setup script on that machine. See Creating Additional Instances (Unix) for details.

Note: Netscape recommends that Multiplexor not be installed on a machine that is also running either Messaging Server or Directory Server.

Creating a Multiplexor Instance (Unix)

You must use the Server Setup program to create your first Multiplexor instance. This program sets up and then uses the Netscape Messaging Multiplexor Installer. (Note that Multiplexor installation is not the default; you must select it as part of the Messaging Server suite.) For subsequent installations of additional instances, you can call the Multiplexor Installer directly by running the mmp-setup script.

When the Multiplexor Installer starts (either from the Server Setup program or from running mmp-setup), follow these steps to install and configure the Multiplexor:

When prompted for the user name that Multiplexor should run as, enter the user name that you created for exclusive use of Multiplexor as explained in Before You Install (Unix).

The default value is nobody. Change this to the user name that you created.

At the next prompt, enter the installation directory (called MMPRoot/ in this document), the directory path into which you want Multiplexor to be installed.

To accept the default (/usr/netscape/suitespot4/mmp), press Enter. In this example the /mmp directory is the MMPRoot.

The installation program creates the directories for the Multiplexor installation and installs the files. (If you are creating a second or subsequent instance of Multiplexor on this machine, the installation program uses the existing installed files.)

The installer program starts to create an instance of Multiplexor from those files. (If there is a previously installed instance of Multiplexor, you can at this point choose to either configure the existing instance or create a new one.)

If you choose to configure a new instance of Multiplexor, enter the name you want to give it.

To accept the default name (the host name of the machine you are installing Multiplexor onto) press Enter. The installation program finishes creating the new instance, installing it into the subdirectory MMPRoot/ MMP-instanceName/ where instanceName is the name you specified.

Enter one of the following numbers to specify which kind of mail service you want this instance to support:

1 - Configure this instance for IMAP mail service
2 - Configure this instance for POP3 mail service
3 - Configure this instance for both IMAP4 and POP3 mail service

You are then stepped through a series of configuration prompts that allow you to specify environment variables that will control how this instance of Multiplexor operates. See Configuration Prompts (Unix) for a description of these prompts.

The installer shows you a summary of the information you have entered. If the information is correct, type y. If you need to make changes, type n, in which case the install program takes you back through the prompts again.

After you have approved the configuration parameters and the Multiplexor Installer has implemented them, the program displays the following information:

The location of shell scripts you can use to start Multiplexor. Depending on your system's capabilities, you may be able to put these scripts in your init directory to start Multiplexor automatically at system startup. Alternatively, you can run the scripts from the command line by typing ImapMMP.sh start or PopMMP.sh start. These shell scripts set environment variables that control Multiplexor configuration and then execute the Multiplexor program.

The location of the Netscape Messaging Multiplexor Installer (mmp-setup). When you use the Netscape Servers installation program to install the Messaging Multiplexor, the Multiplexor Installer installs itself (at the top level of the installation directory, under MMPRoot/), so that you can later execute it directly to modify the configuration of this instance.

Instructions for removing Messaging Multiplexor, in case you ever need to. To remove all instances of Multiplexor from the host, remove the entire installation directory (MMPRoot/) and the Multiplexor configuration file (netscape.mp.conf, in the directory /etc/). To remove only a single instance of Multiplexor, remove just the subdirectory MMPRoot/MMP_instanceName/.

Creating Additional Instances (Unix)

Use the Multiplexor Installer to create a new instance after an initial installation.

To run the Multiplexor Installer, follow these steps:

Go to the directory that contains the Multiplexor Installer.

The program is installed at the top of the installation directory, under MMPRoot/.

From the command line, type mmp-setup.

The Multiplexor Installer asks whether you want to change an existing instance or create a new one. If you choose to create a new instance, the installer takes you through the installation process, as described in Creating a Multiplexor Instance (Unix).

Modifying an Instance (Unix)

Use the Multiplexor Installer to modify the configuration of a previously installed instance of the Multiplexor.

To run the Multiplexor Installer, follow these steps:

Go to the directory that contains the Multiplexor Installer. The program is installed at the top of the installation directory, under MMPRoot/.

From the command line, type mmp-setup.

The Multiplexor Installer asks whether you want to change an existing instance or create a new one. To change an existing instance, select the name of that instance. The installer takes you back through the prompts for configuring the Multiplexor so you can make the changes you want. For information about each parameter, see Multiplexor Configuration.

Multiplexor Configuration (Unix)

Multiplexor is controlled by setting the configuration parameters that are described in Table 13.3. See Table 13.2 for different methods you can use to set configuration parameters.

This section describes how to set Multiplexor configuration variables by:

Using the configuration prompts invoked by running the Server Setup program or the mmp-setup script. See Configuration Prompts (Unix).

Directly editing the Multiplexor configuration files. See Directly Setting Configuration Variables (Unix).

You can also set Multiplexor configuration variables by running the PopProxy and ImapProxy commands with the install option as described in Command-Line Configuration Options, then copying the screen output into the configuration files.

Listing Options (Unix)

To display a list of the current configuration parameters, you can execute Multiplexor for either POP or IMAP by running either PopProxy or ImapProxy from the command line, using the -h option with no attributes:

PopProxy -h
ImapProxy -h

Choosing a Port Number (Unix)

Keep the following in mind when entering a port number:

Port numbers can be any number from 1 to 65535.

If you choose a port number 1024 or lower, you must start all processes as root (superuser).

Make sure the port you choose isn't already in use or reserved for another service. Look at the file /etc/services on the Multiplexor machine to make sure you don't assign a port number that is used by another service.

Configuration Prompts (Unix)

Table 13.7 lists the Multiplexor configuration prompts and associated environment variables in Unix environments. See Table 13.3 for environment variable descriptions.

Table 13.7 Multiplexor configuration prompts (Unix)


Installer prompt	Environment variable
LDAP Host:	LDAPHost
Base DN:	BaseDN
[IMAP4/POP3] MMP LogDir:	LogDir
Log Level:	LogLevel
Should the MMP bind to LDAP as someone in particular (y/n): If you answer yes, the following two questions are asked: What user should the MMP authenticate as: What's the password for "BindDN":	LDAPAuth LDAPAuth BindPassword
Number of Threads:	NumThreads
Should the MMP listen on a non-default port (y/n): (See Choosing a Port Number (Unix) for additional information about choosing a port.) If you answer yes, the following question is asked: Which port:	ListenPort
Do your main [IMAP4/POP3] servers listen on non-default ports (y/n): If you answer yes, the following question is asked: Which port:	BacksidePort
Would you like to override the IMAP4 MMP's CAPABILITY response (y/n): If you answer yes, the following question is asked: Please type in the new CAPABILITY, and hit return.	Capability
Would you like to override the MMP's banner (y/n): If you answer yes, the following prompt is displayed: Please type in the new banner, and hit return.	Banner
Would you like to override the MMP's LDAP search string (y/n): If you answer yes, the following prompt is displayed: Please type in the new search string, and hit return.	UidSearch
Would you like MMP to use a particular attribute for auth replay (y/n): If you answer yes, the following prompt is displayed: Please type in attribute, and hit return.	UidAttr
Would you like the MMP to use a non-default attribute for the mailhost? (y/n): If you answer yes, the following prompt is displayed: Please type in the list of attributes, and hit return. (Comma-delimited list.)	MailHostAttrs
Should this MMP do virtual domain mapping(y/n): If you answer yes, the following prompt is displayed: Please type the location of the mapping file, and hit return:	VirtualDomainFile
Do you want to specify a list of virtual domain delimiters? (y/n) If you answer yes, the following prompts are displayed: Please type in the new delimiter and hit return: Do you want to specify a canonical virtual domain delimiter? (y/n) Please type in the new delimiter and hit return:	VirtualDomainDelim VirtualDomainDelim CanonicalVirtual DomainDelim CanonicalVirtual DomainDelim
Would you like to provide a "spoof" message for POP3 (y/n): This prompt is only displayed for POP Multiplexors. If you answer yes, the following prompt is displayed: Please type in the location of the file to be used, and hit return:	SpoofMessageFile
Would you like to override the Server Down Alert for the MMP? (y/n) If you answer yes, the following prompt is displayed: Please type in the alert string and hit return:	ServerDownAlert
Should the IMAP4 MMP do SSL (y/n): (This prompt is only displayed for IMAP Multiplexors.) If you answer yes, the following five prompts are displayed:	SSLEnable
1 - Should the MMP listen for SSL on a non-default port (y/n) If you answer yes, you are asked: Which port?	ListenPort
2 - Do your main servers listen on non-default SSL ports? (y/n): If you answer yes, you are asked: Which port?	SSLBacksidePort
3 - Do you have a secmod database (y/n): If you answer yes, you are asked: Please type the location of the secmod database: Please type the location of the certificate database: Please type the location of the key database:	SSLSecmodFile SSLSecmodFile SSLCertFile SSLKeyFile
4 - Is the key file password protected (y/n) If you answer yes, you are asked: Please type the key file password: Please type the names of the desired cipher specs, separated by colons, or the word "all": Please type the name of the certificate in the database:	SSLKeyPasswd SSLKeyPasswd SSLCipherSpecs SSLCertNicknname
5 - Do you have a certmap.conf (Should MMP do client-cert auth) (y/n): If you answer yes, the following prompts are displayed: Please type in the location of the certmap.conf file: Who should the MMP authenticate as for the proxy-auth? What's the password for StoreAdmin?	CertMapFile CertMapFile StoreAdmin StoreAdminPass
Should the MMP pre-authenticate clients? (y/n)	PreAuth

Directly Setting Configuration Variables (Unix)

On Unix, Multiplexor configuration parameters are stored in the configuration files ImapMMP.config and PopMMP.config. These files are stored in the directory MMPRoot/MMP_instanceName. You can set configuration parameters by directly modifying the parameter specifications in these files.

For example, on Unix you can specify the Capability configuration parameter by adding it as an environment variable to the ImapMMP.config file. For example, you would add this line:

Capability="IMAP IMAP4rev1 AUTH=LOGIN AUTH=PLAIN X-NETSCAPE"

Example Messaging Topology

In the example shown in Figure 13.3, the fictional Airius Corporation has two Multiplexors (on separate machines), each supporting several Netscape Messaging Servers. POP and IMAP user mailboxes are split across the Messaging Server machines, with each server dedicated exclusively to POP or exclusively to IMAP. (You can restrict client access to POP services alone by removing the IMAP-server binary; likewise, you can restrict client access to IMAP services alone by removing the POP-server binary.) Each Multiplexor also supports only POP or only IMAP. The LDAP directory service is on a separate, dedicated machine.

Figure 13.3 Example Multiplexor Topology

IMAP Configuration Example

The IMAP Multiplexor in Figure 13.3 is installed on sandpit, a machine with 2 processors. This Multiplexor is listening to the standard port for IMAP connections (143). Multiplexor communicates with the LDAP server on the host phonebook for user mailbox information, and it routes the connection to the appropriate IMAP server. It overrides the IMAP capability string, provides a virtual domain file, and supports SSL communications.

This is its ImapMMP.config configuration file:

LDAPHost=phonebook
BaseDN="o=Airius.com"
LogDir="/usr/netscape/suitespot/mmp/MMP_sandpit/log"
LogLevel=5
BindDN="cn=Directory Manager"
BindPassword="password"
NumThreads=2
ListenPort=143
BacksidePort=143
Capability="IMAP4 IMAP4rev1 AUTH=LOGIN AUTH=PLAIN X-NETSCAPE"
VirtualDomainFile="/usr/netscape/suitespot/mmp/vdfile.txt"
SSLEnable=y
SSLListenPort=993
SSLSecmodFile="/usr/netscape/suitespot/mmp/secmod.db"
SSLCertFile="/usr/netscape/suitespot/mmp/cert7.db"
SSLKeyFile="/usr/netscape/suitespot/mmp/key3.db"
SSLKeyPasswd=""
SSLCipherSpecs="all"
SSLCertNickname="Airius.com Server Cert"

POP Configuration Example

The POP Multiplexor example in Figure 13.3 is installed on tarpit, a machine with 4 processors. This Multiplexor is listening to the standard port for POP connections (110). Multiplexor communicates with the LDAP server on the host phonebook for user mailbox information, and it routes the connection to the appropriate POP server. It also provides a spoof message file.

This is its PopMMP.config configuration file:

LDAPHost=phonebook
BaseDN="o=Airius.com"
LogDir="/usr/netscape/suitespot/mmp/MMP_tarpit/log"
LogLevel=10
BindDN="cn=Directory Manager"
BindPassword="password"
NumThreads=4
ListenPort=
BacksidePort=
SpoofMessageFile="/usr/netscape/suitespot/mmp/pop3spoof.txt"
SSLEnable=n

Installing and Configuring Multiplexor (NT)

Before You Install (NT)

Before you install Messaging Multiplexor on a Windows NT machine, perform the following tasks:

Choose the machine on which you will install Multiplexor. Netscape recommends against installing Multiplexor on a system that is also running Messaging Server or Directory Server. It is best to use a separate machine for Multiplexor.

Check that the system meets all the hardware and software requirements for using Netscape Messaging Server. For more information about installation requirements, see the Messaging Server Installation Guide.

On the machine that Messaging Multiplexor is to be installed on, create a new user to be used exclusively by Multiplexor. This new user must belong to a group. Suggested names for the user are nsmmp ("Netscape Messaging Multiplexor") or nsmail.

Set up the LDAP directory server and its host machine if it's not already set up.

If you already have an older version of Multiplexor installed and want to replace it, you must remove the old Multiplexor before you can install the new one. To remove it, open a command prompt window, change to the directory containing Multiplexor, and type the following commands:

c:\MultiPlex\ImapProxy uninstall
c:\MultiPlex\PopProxy uninstall

Multiplexor Files (NT)

Multiplexor installation and executable files are initially installed in server-root\bin\mmp. (In this document, server-root refers to the Messaging Server root directory, for example, C:\Netscape\Server4.)

When you install Multiplexor you also create one or more Multiplexor instances. It is the instances that are actually run. When a Multiplexor instance is installed, an instance directory is created immediately under the server-root using the naming convention of: mmp-instancename. All executable files needed to run that instance are then copied into the instance directory from server-root\bin\mmp. The instance is then run from the instance directory. (In other words, the files in server-root\bin\mmp are never run; they are just copied into instance directories.)

For example, if you create an instance and give it the name mplex1, its files are stored in the directory: server-root\mmp-mplex1. And the mplex1 instance is run from the files in its instance directory.

Table 13.8 lists the principal files that make up a Messaging Multiplexor installation in a Windows NT environment.

Table 13.8 Multiplexor files (NT)


File	Description
PopProxy.exe, ImapProxy.exe	The executable Messaging Multiplexor programs for POP and IMAP services, respectively.
libldap32v30.dll, libnspr21.dll, libplc21.dll, libplds21.dll, libsh.dll	Shared libraries used by Messaging Multiplexor.

Multiplexor Installation (NT)

In NT environments, there are two different ways to install Messaging Multiplexor on a machine:

When you install Messaging Server or other Netscape components, the Server Setup program gives you the option of choosing to install Messaging Multiplexor at the same time. You can also use the Server Setup program to install a Multiplexor instance at a later time. See Creating a Multiplexor Instance (NT) for details. (For instructions on using the Server Setup program, see the Messaging Server Installation Guide.)

Once Multiplexor has been installed on a machine, you can create additional Multiplexor instances by running the PopProxy (for a POP instance) or ImapProxy (for an IMAP instance) programs. See Creating Additional Instances (NT) for details.

Note: Netscape recommends that Multiplexor not be installed on a machine that is also running either Messaging Server or Directory Server.

Creating a Multiplexor Instance (NT)

You must use the Server Setup program to create your first Multiplexor instance. (For subsequent installations of additional instances, you can re-run the Server Setup program or use the ImapProxy or PopProxy commands.)

Follow these steps to install and configure your first Messaging Multiplexor on a Windows NT system:

Run the Server Setup program (setup.exe), as described in the Messaging Server Installation Guide.

When you run the Server Setup program, you are asked to choose between three types of installation: Express, Typical, and Custom. If you choose Express, you are asked to specify a minimum number of variables and all other variables are automatically set to the default. If you choose Custom, you are asked to specify all values. If you choose Typical the number of variables you are asked to specify is greater than with an Express installation, but fewer than with a Custom installation.

When the Select Components screen is displayed, select Netscape Messaging Suites and click the Change button.

The Select Sub-Components window is displayed.

Unselect the server itself and select Netscape Messaging Multiplexor.

The Messaging Multiplexor Upgrade window is displayed.

Select Create a new multiplexor instance.

The Messaging Multiplexor Instance window is displayed.

Note: The "Upgrade all existing multiplexor instances" selection in the Messaging Multiplexor Upgrade window is for repairing or upgrading Multiplexor software, not for re-configuring an instance. If you choose this selection, all currently running Multiplexor instances are halted, the software files are recopied into each instance's directory, and those instances that were running at the time you chose to upgrade are restarted.

Enter information about your installation and configuration in response to the windows and prompts as they are displayed.

The windows and prompts you see will vary depending on the kind of installation you chose (Express, Typical, or Custom) and the choices you make as you proceed. See Configuration Prompts (NT) for a description of these windows and prompts.

When you see the summary of the information you've entered, make sure the information is correct, and then click Next.

The program files are now copied to your hard disk.

The setup program then runs each of the Multiplexors (first POP, then IMAP) in a special configuration mode to configure them according to the information you have entered.

Once the installation is complete, open the Services Control Panel to start the new Multiplexor services. The new services for POP and IMAP appear as "Netscape POP3 MMP" and "Netscape IMAP4 MMP," respectively, with the instance name in parentheses.

Creating Additional Instances (NT)

To install an additional instance of Multiplexor on a machine that already has an installed instance, you can either:

Re-run the Netscape Servers installation program as described in Creating a Multiplexor Instance (NT). Enter a new instance name in the Messaging Multiplexor Instance window.

Create a directory for the new instance under the server-root directory (server-root \mmp-instancename). Copy all of the files in server-root\bin\mmp to the new instance directory. Then run the PopProxy (for a POP instance) or ImapProxy (for an IMAP instance) program from the command line with the install option. See Command-Line Configuration Options for additional details. Note that each instance name must be unique.

Modifying an Instance (NT)

To make permanent configuration changes to a Multiplexor instance, you can:

Uninstall and then re-install Multiplexor.

Go to the directory containing the instance you want to modify and run the PopProxy or ImapProxy programs from the command line with the install option as described in Command-Line Configuration Options.

Modify the information in the NT Registry as described in Directly Specifying Configuration Variables (NT).

Multiplexor Configuration (NT)

Multiplexor is controlled by setting the configuration parameters that are described in Table 13.3. See Table 13.2 for the different methods you can use to set these configuration parameters.

In a Windows NT environment, Multiplexor configuration environment variables are stored in the NT Registry. When the Multiplexor program executes, it receives its configuration information from the environment variables in the Registry. As an alternative, you can also directly specify configuration options when running Multiplexor from the command line. When specified on the command line, a given configuration option overrides any value stored for that parameter in the Registry.

This section describes how to set Multiplexor configuration variables by:

Using the configuration prompts invoked by running the Server Setup program. See Configuration Prompts (NT).

Directly editing the Windows NT Registry. See Directly Specifying Configuration Variables (NT).

You can also set Multiplexor configuration variables by running the PopProxy and ImapProxy commands with the install option as described in Command-Line Configuration Options.

Listing Options (NT)

To display a list of the command-line configuration options stored in the Registry, you can execute Multiplexor for either POP or IMAP from the command line, using the -h option with no attributes:

PopProxy -h
ImapProxy -h

Configuration Prompts (NT)

Table 13.9 lists the Multiplexor configuration prompts and associated configuration parameters for Windows NT. (Table 13.3 describes the configuration parameters that the prompts specify.) Configuration variables are stored in the Windows NT registry key: HKEY_LOCAL_MACHINE/SOFTWARE/Netscape/MMP/instance.

Note: The installation windows that you see are determined by the kind of installation you choose to perform: Express, Typical, or Custom, and by the choices you make. If you do not see a particular window or prompt shown below, it is because that window is not displayed for the type of installation you are doing.

Table 13.9 Multiplexor configuration prompts (NT)


Window and prompt	Environment variable
Enter the instance name you wish to use for this Messaging Multiplexor Instance Name:
Specify the connection information for the LDAP server you wish to use. Host Name: Server Port: Base Distinguished Name:	LDAPHost ListenPort BaseDN
Enter the response you want the Messaging IMAP Multiplexor to respond with when queried about its IMAP4 capabilities. IMAP Capability Response:	Capability
For security reasons you may wish to specify an account for the Messaging Multiplexor to use when accessing the LDAP service. Bind as anonymous Bind as this account: LDAP Bind DN: Password:	BindDN BindDN BindDN BindPass
Please choose a directory path to place log files created by the Messaging Multiplexor. Log Directory:	LogDir
Enter the banners you wish the Messaging Multiplexor to display when a client connects. POP3 Banner: IMAP Banner:	Banner IMAP Banner
The Messaging Multiplexor will issue the following LDAP search to try to find a user who is attempting to log in. You may change the search if you wish. LDAP Search:	UidSearch
The Messaging Multiplexor supports Virtual Domain mapping. To do virtual domain mapping, enter the file name here. Do not use Virtual Domain Mapping: Use Virtual Domain Mapping: Virtual Domain File:	(See Table 13.1 for information on virtual domain variables) VDomain VDomain VirtualDomainFile
Do you want the IMAP Multiplexor to use Secure Socket Layer (SSL) for its connections? Do not allow IMAP over SSL: Allow IMAP over SSL: IMAP4 SSL Port:	SSLenable SSLenable SSLlistenPort
Enter the incoming and outgoing ports the Messaging POP3 and IMAP4 Multiplexors should use. POP3 Ports: Incoming: Outgoing: IMAP Ports: Incoming: Outgoing:	ListenPort BacksidePort ListenPort BacksidePort
Enter the location of the Certificate Database that the Messaging IMAP4 Multiplexor will use. Certificate Database File:	SSLCertFile
Enter the name of a server certificate the Messaging IMAP Multiplexor should use. The Multiplexor will use the certificate with the given name from the server certificate database. Certificate Name:	SSLCertNickname
SSL uses a set of widely-known cipher algorithms to encrypt sessions. The client and server agree to one of them. If you do not want to support a specific cipher, unselect it from the list. Ciphers Checkboxes: (Check those that you want to use.)	SSLCipherSecs
Enter the location of the Key Database the Messaging IMAP4 Multiplexor will use. If the Key Database is password protected, enter the password in the field below. Key Database File: Password:	SSLKeyFile SSLKeyPasswd
If you have a secmod database click "Yes, I have a secmod database" and enter the location of the database file. Otherwise, click "No, I do not have a secmod database" and click Next to continue. No, I do not have a secmod database: Yes, I have a secmod database: Secmod Database File:	SSLSecmodFile SSLSecmodFile SSLSecmodFile
For security reasons, you may want to provide the Messaging POP3 Multiplexor with a "Spoof" message. Enter the file name containing the message here. Do not use a "spoof" message: Use a "spoof" message: "Spoof" message file:	SpoofMessageFile SpoofMessageFile SpoofMessageFile

Directly Specifying Configuration Variables (NT)

In a Windows NT environment, you can set configuration environment variables by modifying entries in the NT Registry at:

\\HKEY_LOCAL_MACHINE\SOFTWARE\Netscape\MMP

For example, to specify IMAP capability with Netscape servers you would add this line:

Capability="IMAP IMAP4rev1 AUTH=LOGIN AUTH=PLAIN X-NETSCAPE"

Running Multiplexor

Once a Multiplexor instance has been installed it must be configured before it can be run. There are two basic ways of setting configuration parameters for Multiplexor:

Environment variables. You can specify and store configuration environment variables prior to running Multiplexor. When you run Multiplexor, it uses these environment variables as its configuration parameters. For general information about setting configuration parameters, see Multiplexor Configuration; for platform specific information, see Multiplexor Configuration (Unix) and Multiplexor Configuration (NT); for a description of available configuration parameters, see Table 13.3.

Command-line options. You can specify configuration parameters as command-line options at the time you run Multiplexor. When you use command-line options, they are used instead of any corresponding environment variable for that session of Multiplexor only. For more information, see Command-Line Configuration Options; for a description of available options, see Table 13.4.

Running Multiplexor (Unix)

To run an installed Multiplexor instance in a Unix environment, you can use either the PopProxy command or PopMMP script to start up POP service, or either the ImapProxy command or the ImapMMP script to start up IMAP service.

Using PopProxy and ImapProxy (Unix)

When you start Multiplexor with either the PopProxy or ImapProxy commands, you can specify configuration options on the command line. Configuration parameters that you do not specify on the command line are taken from previously set environment variables or set to default values.

The PopProxy or ImapProxy commands are stored in MMPRoot/bin.

To run Multiplexor for POP service in a Unix environment, use this syntax:

PopProxy [options]

To run Multiplexor for IMAP service, use this syntax:

ImapProxy [mode] [options]

For both POP and IMAP, options are optional configuration parameters as described in Table 13.4.

Using PopMMP and ImapMMP (Unix)

You can start Multiplexor by running either the PopMMP or ImapMMP scripts. These scripts can be placed in your init directory for automatic startup, or used in the same way as any other Unix command scripts.

When you start Multiplexor with either the PopMMP or ImapMMP scripts, configuration parameters are taken from the corresponding PopMMP.config and ImapMMP.config files. You do not directly specify command-line options with the scripts. You specify the configuration variables in the config files by running the mmp-setup program as described in Configuration Prompts (Unix) or by directly editing the config file as described in Directly Setting Configuration Variables (Unix).

The PopMMP and ImapMMP scripts and the PopMMP.config and ImapMMP.config files are all stored in MMPRoot/MMP_instanceName.

To run Multiplexor for POP service in a Unix environment, use this syntax:

PopMMP

To run Multiplexor for IMAP service, use this syntax:

ImapMMP

Running Multiplexor (NT)

The preferred method of running an installed Multiplexor instance in a Windows NT environment is with the Service Control Manager in the Windows Control Panel. You can use the Service Control Manager to start and stop Multiplexor instances.

The Service Control Manager runs each instance as it has been configured. However, if you want to override an instance's configuration options, you can start it up with either the PopProxy or ImapProxy command and specify different options on the command line. Configuration parameters that you do not specify on the command line are taken from previously set environment variables as stored in the Windows Registry or set to default values.

The PopProxy or ImapProxy commands are stored in the Multiplexor instance directory. Only run these commands from the instance directory; do not run these commands from server-root\bin\mmp.

To run Multiplexor from the command line for POP service in an NT environment, use this syntax:

PopProxy start [options]

To run Multiplexor from the command line for IMAP service, use this syntax:

ImapProxy start [options]

For both POP and IMAP, options are optional configuration parameters as described in Table 13.4.

You can use the PopProxy or ImapProxy command to change the Service Control Manager as follows:

PopProxy service [options]

ImapProxy service [options]

For both POP and IMAP, service is one of the options shown in Table 13.10:

Table 13.10 Command-line service control options (NT)


Option	Description
start	Starts running Multiplexor service. May be used with command-line options.
stop	Stops Multiplexor. Command-line options have no effect when used with stop.
install	Writes any command-line options into the Registry so that they become environment variables. Sets the Service Control Manager to automatically run Multiplexor whenever the system starts up.
refresh	Instructs a running instance of Multiplexor to reload configuration parameters from the Registry or as specified with command-line options.
uninstall	Removes this instance of Multiplexor. Command-line options have no effect when used with uninstall.