|
Features
Features of Messaging Server 4.15 Patch 1 include:
- Personal Address Book support on Solaris.
- Authenticated SMTP for Messenger Express.
- Mailstone support for Messenger Express.
- An improved UI for Mailstone.
Features of Messaging Server 4.15 include:
- Support for multiple platforms.
- U.S. domestic security support with Federal Information
Processing Standard (FIPS) 140a.
- Messaging Multiplexor (MMP) support of SSL, which enables
offloading SSL handling from a Messaging Server to an MMP.
- Mailstone, a stress-testing tool that lets system administrators
determine Netscape Messaging Server capacity by testing how the
server performs under heavy loads.
- Messenger Express - an integrated email interface to Netscape
Messaging Server. Specific features of Messenger Express include:
- High Scalability for support of millions of users
- Highly customizable and extensible
- Advertising enabled
- Core email service feature support, including:
- Automatically create Inbox, Drafts, Sent, and Trash
folders at first login
- View messages headers; sort by date, from, size,
subject, or type (new/read)
- View received message; reply, reply all, forward
- Search for message within folder using the subject, from,
body, or to fields
- Compose message, allow attachments, add recipients from
LDAP search, set priority, return receipts
- Folder management, create, delete, rename
- Account summary: display email address, mailbox quota
limit, current disk consumption
- Personal information settings: passwords, preferred
language, reply to email address, vcard, text signature,
forward email information, vacation message
- Other settings: Number of messages per page, delete style
(IMAP style or trash style), purge deleted messages on
logout, save copy of sent messages, save messages for draft,
message display wrap, set color scheme, set toolbar (icons
& text, icons only, text only), display font, font size
- POP collection allows users to collect messages from
remote mailboxes and store them in a selected folder
New Configuration Options
A variety of new configuration options have been added to provide
additional flexibility and workarounds to known problems.
Note: After you set or change a parameter, be sure to stop
and start (MTA) or refresh (IMAP, POP, HTTP) the service.
- Messenger Express now supports sending authenticated
SMTP messages. (383050)
The following parameters have been added:
local.service.http.smtpauthuser
local.service.http.smtpauthpassword
These parameters allow someone using Messenger Express
to receive the same authenticated SMTP messages that they
would normally receive using Netscape Communicator.
For this to work properly, the user ID and password given to
the mshttpd must be a store administrator; they must
exist in the store.admins list (for example,
admin and admin).
After setting these parameters, any mail received from a local
user should have the word "Internal" appearing next to the From
header in the Message View window.
- The Resent-From header is always added when a
message is expanded from a mailing list. (381555)
The following parameter has been added to give you the
option of modifying this behavior:
local.service.smtp.smtp-router.addresentfrom
When this parameter is set to no, and a message
is submitted to a group, the recipients of that message
will not see the Resent-From header. In all other cases,
the Resent-From header will appear.
- MTA Throttling. (386272)
The following parameter has been added to adjust MTA throttling:
local.service.smtp.throttlethreshold
Once the control queue is over 2000 messages, the server starts
to throttle back the speed with which it accepts incoming
connections. This makes it more difficult to grow the queue
to an overwhelming number of messages.
If you set the throttle level too high, the accept rate will
overwhelm the ability of the server to deliver all the messages
it accepts.
The local.service.smtp.throttlethreshold parameter
defines the throttle level. There is no default value; the
internal value is 2000.
This parameter defines the maximum number of messages
that will be processed at one time.
- Raw 8-bit header causes Javascript errors
in Messenger Express. (367500, 368796)
To avoid these errors, you can set the following parameters:
local.rfc822header.fixlang
local.rfc822header.fixcharset
local.rfc822header.allow8bit
The fixlang parameter specifies the two-letter
language ID (for example, ko for Korean). This parameter
must be used in conjunction with the fixcharset
parameter, which specifies the character set name (for
example, EUC-KR). Setting these two parameters causes
Messenger Express to lose its multilingual capability, but
it will avoid the Javascript errors that result from setting
the allow8bit parameter.
If the local.rfc822header.allow8bit parameter is set
to no then any 8-bit data encountered in a header is
displayed as ?. If this parameter is set to yes
then headers are run through a validity checker so that valid
8-bit characters can be displayed intact and invalid
characters are shown as ?.
These parameters should be modified only under special
circumstances. Contact
Technical Support
for assistance.
- Configurable received header required for High
Availability or other multi-instance environments where you
want to know which server is handling the mail.
(383012)
The following parameter has been added:
local.service.smtp.smtp-accept.receivedcomment
The string can have a mixture of text and the
positionally-dependant arguments (each %s). For example:
Field 1: Product Name "Netscape Messaging Server"
Field 2: Product Version "4.15"
Thus, a default release build received header looks similar
to the following:
Received: from netscape.com ([207.1.151.156]) by <host>.<domain>.com
(Netscape Messaging Server 4.15 Patch 1) with ESMTP id FOM48800.N00 for
<user@netscape.com>; Wed, 19 Jan 2000 18:28:56 -0800
Setting the
local.service.smtp.smtp-accept.receivedcomment
configuration parameter as follows:
# ./setconf local.service.smtp.smtp-accept.receivedcomment "AOL-%s v%s msg-system1"
produces received headers similar to the following:
Received: from netscape.com ([207.1.151.156]) by <host>.<domain>.com
(AOL-Netscape Messaging Server v4.15 Patch 1 msg-system1) with
ESMTP id FOM6N700.S00 for <user@netscape.com>;
Wed, 19 Jan 2000 19:21:07 -0800
The parameter will be truncated to a max of 200 characters.
You could even configure the parameter as "" and you should
get the minimal received comment of ().
There are a few related extensions to the Protocol plugin
properties:
SMTP_PPP_RECEIVEDCOMMENT: overrides comment per-connection
SMTP_PPP_PRODUCTNAME: read-only access to the product name
SMTP_PPP_PRODUCTVERSION: read-only access to the product version
SMTP_PPP_INSTANCENAME: read-only access to the server instance name
- The service.listenaddr parameter prevents
sendmail from listening to the localhost
SMTP socket. (382098)
The following parameters can be set to solve this problem:
local.service.sendmail.port
local.service.sendmail.listenaddr
For the port number, sendmail looks first for the
value defined by local.service.sendmail.port (for
example, 25). If this is not set, then it looks for the
value defined by service.smtp.port, then for the
smtp/tcp port number. If none of these is set, it
defaults to 25.
To find the listen address, sendmail looks first
for the value defined by the
local.service.sendmail.listenaddr parameter (for
example, localhost). If this is not set, then it looks
for the value defined by service.listenaddr. If neither
is set, then it defaults to localhost.
- The MTA can leave deferred message bodies in the
messages directory without references to the original
messages. (382456)
Due to a race condition, deferred message bodies could be
left in the messages directory without references to the
original. This problem is fixed, and a configuration parameter
is also available for tuning this.
The service.smtp.fileretry parameter is used to
specify the number of times to retry internal renaming of a
file before concluding an error exists. There is no default
value; the internal value is 30.
- In Messenger Express, a "File too large" message may
appear after a large file is uploaded. (382477)
The service.http.maxpostsize parameter defines the
maximum size of an HTTP POST that the server will accept. The
default value is 5MB.
If the file to be uploaded is larger than the value defined by
service.http.maxpostsize, the server will upload no
more than that specified amount before returning the
File too large error message.
- Turning off the MTA's DNS cache.
DNS caching by the MTA can be turned off if you wish to have
more control over the DNS behavior. To turn off the MTA's DNS
cache, set the service.smtp.dnscachesize parameter to
-1.
An entry in the log will show that the DNS cache was
disabled.
- Skipping the LDAP query in the MTA
(useful for out-going mail relays). (379424)
To skip the LDAP query in the MTA, you can set the
service.smtp.smtp-router.remotemaildomains parameter.
For example, setting it to *.siroe.com makes the
server treat <everything>.siroe.com as
remote and skip the LDAP lookup on them. Setting the
service.smtp.smtp-router.remotemaildomains parameter
to an asterisk (*) character makes the server treat
everything as remote.
Any regular expresion can be used to set this parameter; for
example, you could set the value to (*.siroe.com &&
*.company22.com) to make these addresses remote.
- Fallback host for the MTA. (379426)
To define a "host of last resort" for the MTA, set the
service.smtp.smtp-deliver.fallbackhosts to a list
of x:y separated by $ as the delimiter.
x represents the pseudo-regular expression specifying
the domain and y represents the host name or IP address.
If y has multiple IP addresses, they are treated as
the lowest priority MXs by the name server. If the "real" MXs
for the domain are dead, then these pseudo MX IP addresses
float to the top and stay there for the duration of the TTL.
If you set this parameter to *.<host>, then
all deferred mail is forwarded to <host>.
Fixes in Messaging Server 4.15 Patch 1 since 4.15
A variety of fixes have been made to bring 4.15 Patch 1 up
to date with the fixes also made in 4.05 Patch 1 and 4.1 Patch 2,
as well as fixes specific to 4.15.
These include:
- CERT Security Advisory CA-2000-02 - Messenger Express script vulnerability (384446)
The CERT advisory at http://www.cert.org/advisories/CA-2000-02.html describes two
methods of attack whereby an e-mail may contain malicious HTML tags or
scripts based on unvalidated input and/or from untrustworthy sources.
The Messenger Express function of Messaging Server 4.15 was
vulnerable to one of these methods whereby it allowed tags such
as <IMG>, <APPLET>,
<OBJECT> and <EMBED> to be embedded
in e-mail. This fix is that these tags are now stripped, along
with previously stripped tags of <SCRIPT> and
"onHandlers".
- Security Advisory - buffer overflow vulnerability (365955)
The ISS X-Force found a potential security vulnerability in the
Netscape Enterprise and FastTrack web servers which also affects the
Messenger Express function of the Messaging Server. The details
are described at http://xforce.iss.net/alerts/advise37.php3.
This vulnerability has been fixed in Messaging Server 4.15 Patch 1.
- service.listenaddr parameter is not obeyed on Windows NT (367548)
Messaging Server 4.15 on Windows NT did not obey the
service.listenaddr parameter for binding to a particular
IP address. This is fixed in 4.15 Patch 1.
- Forcing SMTP Authentication with AuthMailDomains didn't work (364925)
Messaging Server 4.15 Patch 1 fixes a case where setting the
service.smtp.authmaildomain parameter did not force SMTP
authentication with those domains.
The parameter is set using one of the following methods:
./setconf service.smtp.authmaildomain "xxx. 0.0.0.0"
(with a tab between the xxx. and 0.0.0.0 values).
or
./configutil -o service.smtp.authmaildomain -v - < tabfile
(where tabfile is a file containing tab-separated entries).
The message returned to the sender appears as:
Your message was rejected by mail-host for the following reason:
Authentication required for this domain
- SMTP daemon process growth fixes:
- process growth if local part of recipient address > 50 characters (381297)
- process growth due to internal buffers failing to be freed (384075)
- process growth in UBE filter (381300)
- DupMessage() leaks in PostAccept/PreDeliver plugins (384590)
- DNS lookup failure or misconfigured DNS causes process growth (381303)
- process growth if headers contain \r\n<LWSP> (381736)
- process growth during DSN processing (381701)
- memory exhaustion if message contains bad MIME separation tags (383686)
- memory growth if mailbox-deliver fails to append a message repeatedly (385256)
Messaging Server 4.15 Patch 1 fixes several problems with
inappropriate process growth by the SMTP daemon. Note: none of
these are related to load capacity.
- MTA queueing fixes:
Messaging Server 4.15 Patch 1 fixes several issues with
queueing behavior of the SMTP daemon.
- MTA stability fixes:
- crash when doing DNS lookups and the nameserver timed out (370941)
- parser crashed if large malformed message (356432, 383686)
- heap corruption during long Received: header construction (383012)
- failure during second message of a session is sent with good, bad and deferred recipients (384340)
Normally, only one message is sent during a session, but it was
possible that the MTA would fail if more than one message was sent
during a single session, and there were good, bad and deferred
recipients in the second message.
- failure due to internal buffer overrun (381354)
Messaging Server 4.15 Patch 1 fixes several stability problems
when handling bad/malformed messages and dealing with network
failure conditions.
- regular expression messages output to stderr (387574)
If a recipient contained an address of:
rcpt to: <"you.there"@ace.domain>
You will receive an error message to stderr:
Regular expression error -- compile aborted. Reason:
Regular expression terminated prematurely.
The erroneous expression is '\\'.
In 4.15 Patch 1 this is fixed so that this particular recipient
format doesn'tcause an error, and all other regular expression
parsing error messages will go to the smtp log.
- after first authentication in an MTA session, the AUTH state is lost and ignored (381454)
If multiple messages are sent through a single session of the MTA, the
authentication state is lost and ignored after the first message.
- headers aren't rewritten properly when mail forwarding addresses are set (370855)
- service.smtp.defaultdomain was not always used for
address completion (370136)
The service.smtp.domain configuration parameter was
sometimes used rather than service.smtp.defaultdomain for
address completion.
- EHLO protocol command only used if receiving MTA
displays ESMTP in banner (384127)
- illegal syntax in a SMTP header could cause rewrite looping (369127)
- RFC 822 allows | (pipe) characters in addresses (387147)
Previously this was considered a short-hand for invoking a program
delivery, and was not supported, but that is not a problem with the
Messaging Server 4.x and the RFC compliance issue has been fixed.
- $ in greeting message text shows up incorrectly (363925)
If you included a $ in your greeting message text, it
now shows up as a $, rather than a /25 in the
message that is delivered to the mailbox.
- Default message sync level changed to sync after new messages (367509)
Messaging Server 4.15 Patch 1 changes a case where the default
message sync level on the file system was not doing an explicit
fdatasync() after each new message in the queue.
- program delivery didn't work on anything other than port 25 (386488)
- log shows the SMTP daemon is listening on port 0 even though it listens on port 25 (369684)
- configurable received header comments needed for HA and multiple instance configurations (383012)
See New Configuration Parameters for more
information.
- suppress addition of Resent-From: header on list expansion (381555)
See New Configuration Parameters for more
information.
- UBE and plugin fixes:
Messaging Server 4.15 Patch 1 fixes several issues with regard to
the Unsolicited Bulk E-mail filtering and plugins.
- HTTP service (mshttpd, Messenger Express) fixes:
- unnecessary inserted boundary marker caused headers to disappear (369684)
- vertical display of mail alternate addresses in Account Summary (388202)
- saving JPEG files results in default filename as attach.msc (368005)
- using Collect External Mail causes POP3 Communication Failure JavaScript errors (380031)
- mshttpd failure occurs if nswmExtendedUserPrefs is empty (384914)
- session database corruption causes mshttpd failure (384915)
- memory corruption parsing headers with unmatched parentheses (370770, 378747)
- vCard would fail to display on MacOS with Navigator (366862, 378906)
- when converting leading spaces/tabs to , mshttpd could truncate messages (384691)
- on-line help displayed an almost empty window (358361)
- remove default URLs (Switchboard, Bigfoot) from lookup list (383045)
No response is received from searches of the Switchboard and Bigfoot
address book services. This fix removes them from the search list.
- With Users and Groups Directory replicated, changes to the
user preferences take time to propagate to replicas (368971)
- Messenger Express now supports AUTH SMTP (383050)
See New Configuration Parameters for more
information.
- File too large error when service.http.maxpostsize is exceeded (382477)
The default maximum size of a message that can be attached during
composition is 32K and is configurable with the parameter
service.http.maxpostsize.
Messaging Server 4.15 Patch 1 fixes many stability and display
problems for the HTTP service.
- Store service (stored) fixes:
- stored looping (383377)
In some situations, the stored may end up looping.
This can be seen by running the command:
stored -v -v -1
Since this is supposed to only pass through the database once,
if you see the same entry being processed, then looping is occuring.
- stored failure during recovery (385901)
If one of the services core dumps and leaves a mismatched set
of opens and closes, then it's possible that stored will
fail during recovery.
Messaging Server 4.15 Patch 1 fixes some rare stability problems
for the Store service.
- IMAP service (imapd) fixes:
- Mail Multiplexor (MMP) fixes:
- MMP stops responding after a few hours on Windows NT (379498)
- ImapProxy using SSL will hang due to asynchronous writes (381111)
- Utilities (mboxutil, MoveUser,
upgrade, serverstart) fixes:
- deliver utility -F option fails to work (381927)
See Potential Problems and Solutions for more
information.
- MoveUser utility fails to handle folders with " (double quotes) (367485)
- mboxutil -r fails to move folders to different partitions on Windows NT (381674)
- mboxutil -k fails with unknown code 255 on Windows NT (358593)
When mboxutil -k is run on Windows NT with an invalid command
referenced, an error message is output:
Unknown Code ____ 255
In 4.15 Patch 1, mboxutil -k will return an error code of
the form:
No such file or directory
- serverstart utility did not support service.listenaddr properly (349579)
- upgrade utility mangled Japanese folder names (379008)
- sendmail ignored the service.listenaddr and service.smtp.port values (382098)
The sendmail utility would use localhost and
port 25 by default. Now sendmail not only
supports the service.listenaddr and service.smtp.port
configuration parameters, but to handle multiple instances of the
messaging server, it also supports new configuration parameters:
local.service.sendmail.port
local.service.sendmail.listenaddr
See New Configuration Parameters for more
information.
- Internationalization (I18N) and Localization (L10N) fixes:
- with preferred language set to Japanese, user is unable to relogin to Messenger Express (370739)
- upgrade utility mangled Japanese folder names (379008)
- with preferred language set, Netscape could fail (368968, 385666)
If the preferred language is set to a language that Messenger
Express does not have language support for, the JavaScript could
cause Navigator to fail.
Messenger Express has been required that the user logout and login
again to force preferred language changes to avoid this problem.
- hard-coded English strings exist in the enduser user interface (367823, 369245, 381131)
- Administration Console Chinese language settings were incorrect. (368103)
Instead of:
userPage-zh=Chinese
the proper values are referenced in 4.15 Patch 1:
userPage-zh-CN=Chinese/China
userPage-zh-TW=Chinese/Taiwan
- raw 8-bit header causes JavaScript errors (367500, 368796)
See New Configuration Parameters for more
information.
|
What's New in this Release