Release Notes: Netscape Messaging Server 4.15 Patch 2

Netscape Messaging Server 4.15
Patch 2

Last update: June 12, 2000

These release notes contain important information about Netscape Messaging Server 4.15 Patch 2. Please read these notes before using the product.

Important: Messaging Server 4.15 Patch 2 is available in two versions; a patch version and a complete version. The complete version of Messaging Server 4.15 Patch 2 can be installed on top of any previous Messaging Server release; the patch version can only be installed on top of Messaging Server 4.15.

If you are running a Messaging Server earlier than 4.15 and you want to install the patch version of Messaging Server 4.15 Patch 2, you must first upgrade to version 4.15 before upgrading to version 4.15 Patch 2. 4.15 Patch 2 contains all fixes also included in 4.15 Patch 1.

Messaging Server 4.15 Patch 2 is available for the following platforms (refer to the Messaging Server Tuning Guide for required and recommended patches):

Solaris 2.6 for Sparc with required patches
HP-UX 11.0 with required patches
Windows NT 4.0 SP4
IBM AIX 4.3.2 with recommended patch
Tru64 Unix 4.0d
Red Hat 6.0 (Linux 2.2)

For Messenger Express access, Messaging Server 4.15 Patch 2 requires a Javascript-enabled browser. For optimal performance, Netscape recommends using the following browsers:

Netscape Navigator 4.7 or later
Internet Explorer 5.0 or later

For information on installing Netscape Messaging Server 4.15 Patch 2, see http://docs.iplanet.com/docs/manuals/messaging/nms41/install/contents.htm.

These release notes contain the following sections:

What's New in This Release
Personal Address Book
Known Limitations and Considerations
Potential Problems and Solutions
Corrections to The Documentation
How to Report Problems
Where to Go for More Information
Legal Notices

What's New in this Release

Netscape Messaging Server 4.15 Patch 2 enables ESPs and ISPs to quickly build business-grade messaging services for conducting communication and commerce with entire communities of employees, partners, suppliers, and customers.

Features
Features of Messaging Server 4.15 Patch 2 include:

Configurable Security and Privacy fixes for Messenger Express.

Netscape 6/Mozilla access fix to Messenger Express.

MTA refresh enabled for specific configuration parameters.

Store Recovery checkpoint enhancements.

Updated Console for supporting Simplified Chinese.

Features of Messaging Server 4.15 Patch 1 include:

Personal Address Book support on Solaris.

Authenticated SMTP for Messenger Express.

Mailstone support for Messenger Express.

An improved UI for Mailstone.

Features of Messaging Server 4.15 include:

Support for multiple platforms.

U.S. domestic security support with Federal Information Processing Standard (FIPS) 140a.

Messaging Multiplexor support of SSL, which enables offloading SSL handling from a Messaging Server to an MMP.

Mailstone, a stress-testing tool that lets system administrators determine Netscape Messaging Server capacity by testing how the server performs under heavy loads.

Messenger Express - an integrated email interface to Netscape Messaging Server. Specific features of Messenger Express include:

High Scalability for support of millions of users

Highly customizable and extensible

Advertising enabled

Core email service feature support, including:

Automatically create Inbox, Drafts, Sent, and Trash folders at first login

View messages headers; sort by date, from, size, subject, or type (new/read)

View received message; reply, reply all, forward
Search for message within folder using the subject, from, body, or to fields

Compose message, allow attachments, add recipients from LDAP search, set priority, return receipts

Folder management, create, delete, rename

Account summary: display email address, mailbox quota limit, current disk consumption

Personal information settings: passwords, preferred language, reply to email address, vcard, text signature, forward email information, vacation message

Other settings: Number of messages per page, delete style (IMAP style or trash style), purge deleted messages on logout, save copy of sent messages, save messages for draft, message display wrap, set color scheme, set toolbar (icons & text, icons only, text only), display font, font size

POP collection allows users to collect messages from remote mailboxes and store them in a selected folder

Updated and New Configuration Options in 4.15 Patch 2
A variety of new configuration options have been added to provide additional flexibility and workarounds to known problems.
Note: After you set or change a parameter, be sure to stop/start or refresh the service.

Deliver command should update quota information. (389534)
The deliver program is unable to update the quota information on a mailbox. Quota information is updated by smptd. Thus the deliver program is not able to push a message into the store itself (it requires a push through smtpd).
The deliver program has been changed so that the autocreate command will create the user's mailbox automaticall when the user does not exist. Autocreate gts the quota from LDAP. Quota check and update will work correctly. Use the autocreate -c command to automatically create user's mailboxes.

Option to disable LDAP address search in the Personal Address Book. (389784)
This option has been added to address security and privacy concerns. Messenger Express allows a user could create an LDAP query that would give information about other users from the LDAP directory. The following parameter has been added:
local.service.http.allowldapaddresssearch
If the parameter is set to no, no LDAP queries will be allowed except for Personal Address Book queries. By default, LDAP queries are allowed by any user through modification of Messenger Express URLs.

HTTP service Proxy Domain behavior. (390241)
This option addresses security and privacy concerns. The following existing parameter is discussed:
service.http.proxydomainallowed
When set, the value is http:[SERVER_IP], where [SERVER_IP] is the IP address of the Messaging Server (or any other unlikely to match a client's address). This will only allow proxy logins from clients whose source IP addresses match the [SERVER_IP] part of the filter.
This is described under Creating Access Filters for HTTP Proxy Authentication.

Mail Access Domain syntax. (390241)
The following existing parameter is discussed:
LDAP entry: mailAccessDomain
Starting with 4.15, the mailAccessDomain parameter supports multiple filters in a single attribute, separated by $, with either + or - denoting their disposition.
Full mailAccessDomain filter syntax is:

[+-] servicelist : clientlist ( $ [+-] servicelist : clientlist )*

like this:

+imap imapmmp:ALL$-pop popmmp:ALL

This will make it so that user can only access imap and imapmmp (no ssl).

Configuration Options in 4.15 Patch 1

Messenger Express now supports sending authenticated SMTP messages. (383050)
The following parameters have been added:
local.service.http.smtpauthuser local.service.http.smtpauthpassword
These parameters allow someone using Messenger Express to receive the same authenticated SMTP messages that they would normally receive using Netscape Communicator.
For this to work properly, the user ID and password given to the mshttpd must be a store administrator; they must exist in the store.admins list (for example, admin and admin).
After setting these parameters, any mail received in Messenger Express from an authenticated ME user should have the word "Internal" appearing next to the From header in the Message View window. Authenticated mail from ME will display the authenticated SMTP user name in the header instead of the actual user.

The Resent-From header is always added when a message is expanded from a mailing list. (381555)
The following parameter has been added to give you the option of modifying this behavior:
local.service.smtp.smtp-router.addresentfrom
When this parameter is set to no, and a message is submitted to a group, the recipients of that message will not see the Resent-From header. In all other cases, the Resent-From header will appear.

New Parameter Added to adjust MTA Throttling. (386272)
The following parameter has been added to adjust MTA throttling:
local.service.smtp.throttlethreshold
Once the control queue is over the number set to this parameter, the server starts to throttle back the speed with which it accepts incoming connections. This makes it more difficult to grow the queue to an overwhelming number of messages.
If you set the throttle level too high, the accept rate will overwhelm the ability over the server to deliver all the messages it accepts.
The local.service.smtp.throttlethreshold parameter defines the throttle level. The default value is 2000 messages.
This parameter defines the maximum number of messages that will be processed at one time.

Raw 8-bit header causes Javascript errors in Messenger Express. (367500, 368796)
To avoid these errors, you can set the following parameters:
local.rfc822header.fixlang local.rfc822header.fixcharset local.rfc822header.allow8bit
The fixlang parameter specifies the two-letter language ID (for example, ko for Korean). This parameter must be used in conjunction with the fixcharset parameter, which specifies the character set name (for example, EUC-KR). Setting these two parameters causes Messenger Express to lose its multilingual capability, but it will avoid the Javascript errors that result from setting the allow8bit parameter.
If the local.rfc822header.allow8bit parameter is set to no then any 8-bit data encountered in a header is displayed as ?. If this parameter is set to yes then headers are run through a validity checker so that valid 8-bit characters can be displayed intact and invalid characters are shown as ?.
These parameters should be modified only under special circumstances. Contact Technical Support for assistance.

Configurable received header required for High Availability or other multi-instance environments where you want to know which server is handling the mail. (383012)
The following parameter has been added:
local.service.smtp.smtp-accept.receivedcomment
This replaces the default Received: field that the message store puts into the header of each message received by the message store. The string can have a mixture of text and the positionally-dependent arguments (each %s). For example:
Field 1: Product Name      "Netscape Messaging Server" Field 2: Product Version   "4.15"
Thus, a default release build received header looks similar to the following:
Received: from netscape.com ([207.1.151.156]) by <host>.<domain>.com           (Netscape Messaging Server 4.15) with ESMTP id FOM48800.N00 for           <user@netscape.com>; Wed, 19 Jan 2000 18:28:56 -0800
Setting the local.service.smtp.smtp-accept.receivedcomment configuration parameter as follows:
# ./setconf local.service.smtp.smtp-accept.receivedcomment "AOL-%s v%s msg-system1"
produces received headers similar to the following:
Received: from netscape.com ([207.1.151.156]) by <host>.<domain>.com           (AOL-Netscape Messaging Server v4.15 msg-system1) with           ESMTP id FOM6N700.S00 for <user@netscape.com>;           Wed, 19 Jan 2000 19:21:07 -0800
The parameter will be truncated to a max of 200 characters. You could even configure the parameter as "" and you should get the minimal received comment of ().
There are a few related extensions to the Protocol plugin properties:
SMTP_PPP_RECEIVEDCOMMENT: overrides comment per-connection SMTP_PPP_PRODUCTNAME: read-only access to the product name SMTP_PPP_PRODUCTVERSION: read-only access to the product version SMTP_PPP_INSTANCENAME: read-only access to the server instance name

The service.listenaddr parameter prevents Sendmail from listening to the localhost SMTP socket. (382098)
This issue has to do with the Sendmail emulator, which redirects the SMTP connections to the MTA from the standard connection. The following parameters can be set to solve this problem:
local.service.sendmail.port local.service.sendmail.listenaddr
If you set the local.service.sendmail.listenaddr, which is the IP address to listen on, the you should also set the local.service.sendmail.port
For the port number, sendmail looks first for the value defined by local.service.sendmail.port (for example, 25). If this is not set, then it looks for the value defined by service.smtp.port, then for the smtp/tcp port number. If none of these is set, it defaults to 25.
To find the listen address, sendmail looks first for the value defined by the local.service.sendmail.listenaddr parameter (for example, localhost). If this is not set, then it looks for the value defined by service.listenaddr. If neither is set, then it defaults to localhost.

The MTA can leave deferred message bodies in the messages directory without references to the original messages. (382456)
Due to a race condition, deferred message bodies could be left in the messages directory without references to the original. This problem is fixed, and a configuration parameter is also available for tuning this.
The service.smtp.fileretry parameter is used to specify the number of times to retry internal renaming of a file before concluding an error exists. There is no default value; the internal value is 30.

In Messenger Express, a "File too large" message may appear after a large file is uploaded. (382477)
The service.http.maxpostsize parameter defines the maximum size of an HTTP POST that the server will attempt to upload.
If the file to be uploaded is larger than the value defined by service.http.maxpostsize, Messenger Express will upload at most 32K before returning the File too large error message.

Turning off the MTA's DNS cache.
DNS caching by the MTA can be turned off if you wish to have more control over the DNS behavior. To turn off the MTA's DNS cache, set the service.smtp.dnscachesize parameter to -1.
An entry in the log will show that the DNS cache was disabled.

Skipping the LDAP query in the MTA (useful for out-going mail relays). (379424)
To skip the LDAP query in the MTA, you can set the service.smtp.smtp-router.remotemaildomains parameter. For example, setting it to *.siroe.com makes the server treat <everything>.siroe.com as remote and skip the LDAP lookup on them. Setting the service.smtp.smtp-router.remotemaildomains parameter to an asterisk (*) character makes the server treat everything as remote.
Any regular expresion can be used to set this parameter; for example, you could set the value to (*.siroe.com && *.company22.com) to make these addresses remote.

Fallback host for the MTA. (379426)
To define a "host of last resort" for the MTA, set the service.smtp.smtp-deliver.fallbackhosts to a list of x:y separated by $ as the delimiter. x represents the pseudo-regular expression specifying the domain and y represents the host name or IP address.
If y has multiple IP addresses, they are treated as the lowest priority MXs by the name server. If the "real" MXs for the domain are dead, then these pseudo MX IP addresses float to the top and stay there for the duration of the TTL.
If you set this parameter to *.<host>, then all deferred mail is forwarded to <host>.

Personal Address Book

Overview
The Personal Address Book enables users to manage their personal address book entries including people and groups, and address to these entries when composing mail messages.
Note: Personal Address Book is only supported on Solaris.
Users can create, edit, or delete entries and groups in the address book.
From the Messenger Express main window, a user can click on the Addresses tab to go to the address book window, from which the following operations are available:

Create a new address book entry (either a person or a group). After selecting the object you want to create, a new window prompts the user to enter the corresponding attributes (for example, first name, last name, address, phone numbers, etc.). A newly created entry is put into the address book.
Delete an address book entry (either a person or a group). Deleting a group does not delete all of its members; only the specified group.
Edit an address book entry (either a person or a group). A window lists all the attributes of the selected object and the user can modify them as necessary. In the case of a group, there is a mechanism to allow users to select from current and potential members.

Installation
If you do not already have Messaging Server 4.15 Patch 2 installed, refer to the installation instructions provided at http://docs.iplanet.com/docs/manuals/messaging/nms41/install/contents.htm.
Note: The Messaging Server 4.15 Patch 2 installs the bits for the Personal Address Book but does not perform any configuration. In order to run the personal address book, you must do the following after successfully installing Messaging Server 4.15 Patch 2:

Run the pabinst.pl script to configure the Personal Address Book.
Run dssetup to configure the Directory Server for the Personal Address Book.

Configuring the Personal Address Book
The perl script pabinst.pl is located in the <serverroot>/bin/msg/install/bin directory. You can run perl with this script and the -d option as follows:
# <serverroot>/install/perl <serverroot>/bin/msg/install/bin/pabinst.pl -d <serverroot>
You will be asked the following series of questions. Answer them as instructed:

Do you want to (re)configure the Personal Address Book service (yes|no) [no] ?
Enter yes to configure the Personal Address Book; enter no or press Return if you do not want to continue with the configuration.
Personal Address Book Directory Server Host name [<hostname>.<domain>] :
Enter the hostname of the Directory Server that will be the server for the Personal Address Book or press Return to accept the default.
Personal Address Book Directory Server port [<port_number>] :
Enter the LDAP port of the Directory Server or press Return to accept the default.
Personal Address Book Directory Server Base DN [o=<base DN>] :
Enter a new base DN in the format o=<base DN> (for PAB, it should be o=pab).
Important: The base DN you specify here must match the base suffix you specify when running dssetup. Do not press return and accept the default value unless it is the correct value for your configuration.
Bind DN [admin] :
Enter cn=directory manager (or equivalent) or press Return to accept the default. Using the default bind DN and the base DN of o=pab as an example, the bind DN is set to uid=admin, o=pab.
Important: The bind DN you specify here must match the Users/Groups Administrator's UID you specify when running dssetup.
Password:
Enter the bind DN's password.
Important: The password you specify here must match the Users/Groups Administrator's password you specify when running dssetup.
Warning: If directory manager is used as the bind DN, the directory manager password you specify is exposed as ASCII text in the local.service.pab.ldappasswd parameter. Users can view this password with the configutil utility. Thus, it is recommended that ordinary users not be granted access to the directory that can access this parameter.
Personal Address Book Maximum Number of Entries [500] :
Enter the maximum number of Personal Address Book entries or press Return to accept the default.
After entering this information, the LDAP URL and Bind DN are displayed. For example:
Summary of selections: PAB LDAP URL: ldap://<directory_server_hostname>:<directory_server_port>/o=pab PAB Bind DN: cn=directory manager Maximum Number of Entries: 500
Then, you are asked if you want to continue with the configuration:
Continue PAB configuration with the above selections [yes] ?
Answer yes or press Return to accept the default if you want to continue with the configuration. Otherwise, answer no.
The Personal Address Book server is configured with the input values you specified.
The Messaging Server must be restarted for these settings to take effect. Restart now [yes] ?
Answer yes or press Return to accept the default if you want to restart the messaging (mshttpd) service. Otherwise, answer no.

Configuring the Directory Server for the Personal Address Book
After you have run the pabinst.pl script to configure the Personal Address Book, you should run the dssetup utility to configure the Directory Server for the Personal Address Book. To obtain the dssetup executable, untar the dssetup.tar file:
# tar -xvf dssetup.tar
Note: The dssetup utility can also be downloaded separately from the Messaging Server 4.15 Patch 2 archive file. If you downloaded the archive dssetup-4.15p2.tar.gz file, you should uncompress this file first, then untar the dssetup.tar file contained within it. The dssetup version you need will be located in the SunOS5.6 subdirectory:
# gunzip dssetup-4.15p2.tar.gz # tar -xvf dssetup-4.15p2.tar
After all the files are extracted, update the Personal Address Book schema by running dssetup (either from the /msg or /SunOS5.6 subdirectories) on the machine where the Directory Server is installed. You will see the questions listed below and you should answer them as instructed:

Do you wish to continue [yes]:
Answer yes or press Return if you want to continue; enter no if you do not.
Directory server root [/usr/netscape/server4]:
Enter your directory server root location.
Messaging Server schema in the directory server appears to be up to date. Do you wish to update the schema anyway [y] ?
Answer yes or press Return.
Note: This question will not be asked if you are installing Messaging Server for the first time.
Do you wish to configure this directory for Server Configuration [y] ?
Answer no since the Personal Address Book needs to update user/group schema, not the server configuration.
Do you wish to use this directory for managing Users/Groups [y] ?
Answer yes or press Return to continue with the update of the user/group schema for the Personal Address Book.
Please enter the Directory Administrator's DN [cn=Directory Manager] :
Enter cn=directory manager (or equivalent) or press Return to accept the default.
Please enter the Directory Administrator's Password :
Enter the directory manager's (or equivalent) password.
Please enter the base suffix under which the Users/Groups data should be setup [o=<domain>.com] :
Answer in the format o=<base DN> (for example, o=pab) to set up the organization for the Personal Address Book; this is where the Personal Address Book entry/group data will be stored.
Important: The base suffix you specify here must match the base DN you specified when you ran pabinst.pl.
Do you want to enable anonymous search access on the Users/Groups suffix 'o=pab' [y] :
Answer yes or press Return to enable anonymous search access for the Personal Address Book.
Please enter the Users/Groups Administrator's uid [admin] :
Enter admin (or equivalent) and notice that the user uid=admin,o=<base DN> is created.
Important: The UID you specify here must match the bind DN you specified when you ran pabinst.pl.
Please enter the Users/Groups Administrator's Password :
Enter the admin's password.
Important: The password you specify here must match the bind DN's password you specified when you ran pabinst.pl.
Enter the Users/Groups Administrator's Password again to verify :
Enter the admin's password again.
At this point, you will be given a listing of all the settings you specified. After the list, the following question will appear:
Do you want to continue [yes] :
Answer yes or press Return if all the settings are correct; answer no to start over.
The dssetup utility will update the Personal Address Book schema on the Directory Server and then restart the Directory Server.
After the dssetup configuration is complete, the Personal Address Book installation and configuration is complete and the mshttpd service is restarted for the new configuration to be effective. New user accounts may be created from the Administration Console; users can then login to Messenger Express and start using the Personal Address Book.

Configuration
To enable the Personal Address Book feature, set the local.service.pab.enabled parameter to 1. Set this parameter to 0 to turn this feature off. By default, this parameter is set to 1.
You can use configutil to set the local.service.pab.enabled parameter. For example, to set this parameter to 1, use the following command:
# ./configutil -o local.service.pab.enabled -v 1
Other configuration variables include:

local.service.pab.ldaphost
This parameter specifies the name of the LDAP server you want to use for the Personal Address Book.
local.service.pab.ldapport
This parameter specifies the port number on the LDAP server.
local.service.pab.ldapbinddn
This parameter specifies the bind DN used by Personal Address Book on the LDAP server (for example, cn=Directory Manager).
local.service.pab.ldappasswd
This parameter defines the password for the bind DN used by Personal Address Book.
local.service.pab.ldapbasedn
This parameter specifies the base DN in which Personal Address Book entries end up. The default is o=pab.
local.service.pab.attributelist
This parameter is used to add new attributes to a personal address book entry (for example, you want to create an attribute that doesn't already exist).
local.service.pab.maxnumberofentries
This parameter specifies the maximum number of entries per user ID. By default, this parameter is set to 500.

Maintenance
The pabdelete utility is installed in shared/bin. It is used to delete address book data after a user has been removed; it can also be used to remove all address book data if the Personal Address Book is uninstalled.
Note: If you run the uninstall utility, you must still run the pabdelete utility to remove address book data. The pabdelete utility is not run by uninstall.
Important: Before you run the pabdelete utility, check to see whether or not it has the correct permissions. The mode for pabdelete should be 755. If this is not the case, change the permissions on pabdelete with the following command:
# chmod 755 pabdelete
The syntax for the pabdelete utility is as follows:
# ./pabdelete -D <binddn> -w <password> [options] <uid>
The <binddn> and <password> parameters represent the Bind DN and Bind password; respectively, and <uid> represents the user ID of the owner of the Personal Address Book you want to remove. Use ALL for the uid parameter to specify all users; however, the Personal Address Book root will not be removed.
The optional parameters are described below:

Option
Description

-h <host>
LDAP server name or IP address

-p <port>
LDAP server TCP port number

-b <basedn>
Personal Address Book Base DN. The default value is o=pab.

-n
Preview the actions that would be performed by this pabdelete operation but do not actually perform those actions.

-v
Run in verbose mode (diagnostics to standard output).

-help or -H
Display usage information.

Shown below are some usage examples:
# pabdelete -H # pabdelete -D "cn=admin, o=siroe.com" -w xyz -b "ou=abooks, o=siroe.com" jsmith # pabdelete -D "cn=admin, o=siroe.com" -w xyz -b "ou=abooks, o=siroe.com" -v -n ALL

Known Limitations and Considerations

Messaging Server 4.15 Patch 2 includes the following limitations and considerations (see also Potential Problems and Solutions later in this document for other issues that might affect product capability or use):

Installation and Upgrade Issues

Users/Groups Directory Server info missing during In-place Upgrade to 4.15(369067)
While Upgrading from MS 4.15 to 4.15 patch 1, you will get a fatal error if you select the Directory Server option or any combination of options that includes Directory Server. `

FATAL : Required Users/Groups Directory Server info is missing or incorrect.
The installation options are as follows:

Netscape Server Product Core Components
Netscape Directory Suite
Administration Services
Netscape Directory Server 4.1 Synch Services
Netscape Messaging Suite

To upgrade the Messaging Server, select Netscape Messaging Suite, and select those components you wish to install.

When you upgrade to Messaging Server 4.15 Patch 2, the service.pop.numprocesses, service.imap.numprocesses, and service.http.numprocesses parameters are all reset to 1. (387695)
After upgrading, you must reset these configuration parameters as required.

In a sun cluster environment, the setup installation program hangs instead of generating an error message. (387593)
The setup installation program hangs when the logical host is not accessible (for example, if the sun cluster is not properly configured).

Messaging Server 4.15 Patch 2 Export version cannot be installed in the same server root as the Directory Server Domestic version. (350547)
Install Messaging Server Export version 4.15 Patch 2 with Directory Server Export version (which comes packaged with Netscape Messaging Server 4.15 Patch 2). Or, install Messaging Server and Directory Server in separate server roots.

If you are upgrading from Messaging Server 4.01 to 4.15 Patch 2, the warning message "NLS libraries are missing" appears during installation. (379258)
This warning message is harmless and does not affect the installation in any way.

Installation fails after entering an account that should have write access to the User & Groups Directory Server. (356622)
If anonymous search is not available on the User and Groups Directory Server, then during installation the DN for the User/Groups Administrator should be used, not the user ID for the User/Groups Administrator. If the user ID is used, the following error message is displayed:
ERROR: Authentication failed. Either you have entered an invalid user ID or password, or the directory server is having some problem. Please check and re-enter. Press any key to continue.

If the LANG environment variable is set to 'ko' then the following error message will appear during the installation: 'assert: line 92, file enconv.cpp'. (367037, 367214)
Set the LANG environment variable to another value before you begin the installation to avoid this error message. For example:
% setenv LANG C

You cannot specify a symbolic-link directory or a mount-point directory as your server root. (353740)
If you attempt to do this, the setup program displays a misleading error message and you will not be able to continue with the installation.

Netscape Console installs natively on the machine running the Messaging Server, but may be used from any machine to administer your Netscape Servers remotely.
To obtain Netscape Console for platforms other than the installed platform, you'll need to obtain the appropriate platform version of Netscape Console by visiting http://home.netscape.com/eng/server/console/.
Netscape Console and Administration Server Issues

Administration Server must be run as root. (341197)

If the Number of Process setting in the Messaging Server Console is set too high, the system could hang. (369118)
If this occurs, you will receive the Virtual Memory Low error message. Reset the Number of Process setting in the Messaging Server Console.

Netscape Console does not display any warning messages if the numerical value entered into the connection settings is too large. (369126)
The numeric value entered is converted to the maximum integer value without warning.

The Netscape Console has problems dealing With Simplified Chinese data on Solaris. (367814)
The workarounds for this limitation are:

Use the Netscape Console on Windows NT for Simplified Chinese.
Use the command line interface.

Uninstall does not stop the Netscape Console JRE (Java Runtime Environment). (337877)
All Netscape Console Java environments must be shut down before running uninstall. Close and exit all instances of the Netscape Console before running uninstall. Be sure there are no Netscape Console instances running on remote machines.

To launch the help screens from the Netscape Console, you must include the Netscape browser client in your PATH environment variable. (339214)
Linux Issues

The Linux mshttpd daemon may die under heavy stress. (380796)
If you encounter this problem, contact Technical Support.

A large number of daemons appear to be running after the Messaging Server is started.
This is normal. On Linux, threads within a process show up the same as processes under ps or top. There is really only one daemon with many threads. The exact number of threads depends on configuration and load.

The Java CLASSPATH must be set to run the JMailstone master or client.
If the server is installed in /usr/netscape/server4, the setup steps for C-shell users are listed below.
For running the GUI:
cd /usr/netscape/server4/jmailstone ../bin/base/jre/bin/jre -green -classpath \ ./JMailstone.jar:../bin/base/jre/lib/rt.jar JMailstone

For running the client:
cd /usr/netscape/server4/jmailstone ../bin/base/jre/bin/jre -green -classpath \ ./JMailstone.jar:../bin/base/jre/lib/rt.jar JMailclient

Other Limitations and Considerations

sendmail confused by nsserver.cfg with two entries (387459)
Sendmail fails to run successfully on an nsserver.cfg file with two-instance servers.
The following error message may be displayed:
[03/Mar/2000:15:28:04 -0500] nccmail [3349]: General Warning: CONFIGROOT environment variable is not set and cannot find unique messaging server instance. [03/Mar/2000:15:28:04 -0500] nccmail [3349]: General Critical: Failed to open config file (./configdb). Make sure you set CONFIGROOT environment variable to the directory containing configdb file. sendmail: Could not initialize Messaging Server configuration.

4.05p1, 4.1p2 and 4.15p1 all support the ability to customize more aspects of which port and address Sendmail uses. Check the path used by mailx and set status=p2, which should break any normal multi-instance deployments.

LDAP mail access domains not working in 4.15 or 4.15P1(389998)
Setting mail access domains on a user to user basis does not work. Users can login and get mail from domain and IP's not listed in users LDAP entry.
According to the manual, setting mailaccessdomain to "none" should block the user from access the mailserver. This doesn't work. Setting specific domains doesn't work either.
mailAccessDomain syntax has multiple filters in a single attribute, separated by '$', with either '+' or '-' denoting their disposition. Full mailAccessDomain filter syntax is:
"[+-]" servicelist ":" clientlist ( "$" "[+-]" servicelist ":" clientlist )*

For example:
+imap imapmmp:ALL$-pop popmmp:ALL

This would make it so the user could only access imap and imapmmp (no ssl). If you want to do more than one IP address per service, you need to use the following syntax, ensuring that there are no spaces, as shown:
+imap:ip1,ip2

imapd cores with service.imap.maxthread set to 1000 (388049)
To avoid this problem, the total number of threads actively accessing the message store should be well under 1000. To keep the thread count under 1000, adjust the values of the following parameters so that their sum is less than 1000:
service.http.maxthreads service.imap.maxthreads service.pop.maxthreads service.smtp.mailbox-deliver.minruncount
The parameter service.smtp.mailbox-deliver.minruncount controls the number of MTA threads accessing the store. The corresponding service.smtp.mailbox-deliver.maxruncount is not used.

In Messenger Express, the dates of messages with invalid years may be displayed incorrectly. (385657)
RFCs 822 and 1123 specify that two-digit year strings (for example, "00") are improper. Messenger Express systems that send out two-digit year strings may fail to be displayed properly.

In Messenger Express and Personal Address Book, quotation marks in the Display Name are not displayed in the addresses in the Recipients field. (380488)
Additionally, in Internet Explorer 5.0, if you enter %22 (or some other similar two-digit string) in the Display Name field, it becomes encoded as a double quote, causing the MTA to generate an SMTP error.

If you create a new user whose preferred language is Chinese, the First Name and Last Name fields are empty when you view the entry (even if you specified a first and last name when you created the entry). (387389)
The preferred language for Chinese must be specified as "Chinese/China" or "Chinese/Taiwan."

If you create a new user whose preferred language is Chinese, the user is sent an English greeting message rather than a Chinese one. (387704)

In Messenger Express, if the user does not explicitly logoff their session, there is a short time period between when the browser is closed and the session times out that can be exploited by someone with access to the history for that browser. (379157)
To avoid this problem, the user should explicitly log off before closing his/her browser window.

For general security purposes, it is suggested that UNIX Messenger Express users close their browser windows when they are finished with their mail session. (380283)

If a server process crashes, shut down all services before restarting or another process might hang.
If the server process terminates unexpectedly, shut down all Messaging Server processes before restarting the server. Otherwise, the remaining processes might stop responding while waiting for locks held by the terminated process.

If the Directory Server goes down during the send of a large mailing list, the deferral which should occur fails and the messages are not sent. (370061)
When this occurs, an error message is sent to the postmaster.

Large number of folders cause client memory exhaustion. (379459)
Messenger Express only supports a certain number of viewable folders (less than 200 with 128MB of memory) before it exhausts the available memory. When this occurs, you may see a mostly blank screen and/or a message in your browser status bar telling you about a Javascript error.
To see the entire error message, type 'javascript:' in the Location bar. The error message looks similar to the following:
Javascript Error: http://./fldr_fs.html, line 85 out of memory.

For a short period of time (default is 15 minutes), it is still possible to login the account of a user after that user is deleted in Netscape Console. (379080)
If you elect to turn the authentication cache on (for performance reasons), you must restart all the services on the server to make the deletion of a user(s) immediately effective.
If not, then turn off the authentication cache by setting the service.authcachettl to zero and restarting all the services.

If you use Netscape Communicator to send just a link, and then try to view the message in Messenger Express, the body of the message is blank. The same message in IMAP contains the link. (370998)
If you type some text before the link, then the message can be viewed without any problems.

On HP-UX 9000/800 systems, the SNMP sub-agent is unable to communicate with the master agent. (370650, 370694)
SNMP cannot be used on HP-UX 9000/800 systems.

With the Users and Groups Directory Server replicated, changes to the user preferences take time to propagate to the replicas. (368971)
The amount of time it takes for the changes to propagate to the replicas depends on the replication schedule for the Directory Server.

Users of Outlook Express (any version) using IMAP may see read messages revert back to an unread state.(363547)
This is due to Outlook Express incorrectly using multiple connections to the same mailbox.

Inconsistency in creating folders/subfolders with white spaces (359809)
On NT, when trying to create a folder name that ends with white spaces, or a subfolder name with white spaces only or ending with white spaces, an error message will be displayed: 'System I/O error, Administrator, check server log for details.' It is unable to create these folders. However, this worked fine on Solaris.

Program delivery suspend mode does not work.(352333)
Creating a suspend file and suspending programs works properly; however, once you remove the suspend file, program delivery does not work.

Messages that are deferred to an alternate queue do not default back to the main queue when the alternate queue is deleted. (358478)
Do not delete alternate queues that still contain messages.

Messaging Server 4.15 Patch 2 does not support certmap plugins. (337413)

The RUN and SCAN commands in the Unsolicited Bulk Email (UBE) plugin are disbaled and are not supported. (334886)

Reconstruct -r loses authenticated sender info. (115193)
Netscape supports the XSERVER private extension for authenticating message submissions. Reconstructing a mailbox causes all of the authenticated sender information to be discarded.

If the upgrade process from Messaging Server 3.x to 4.15 Patch 2 is interrupted, run reconstruct -m before starting the server.
The reconstruct -m command corrects an inconsistent message store.

The login shell must be valid for Program Delivery to work. (326785, 336039)
The program delivery option will not work with shells that are not considered valid. On several UNIX systems, the /etc/shells file contains the path for all valid shells. If the file is missing or empty, the following are valid login shells for the user to which the message is addressed:
/bin/sh /usr/bin/sh /bin/csh /usr/bin/csh /bin/ksh /usr/bin/ksh

For more information about program delivery, see the Messaging Server Administrator's Guide.

If you change the quota limit for a user, the new limit does not immediately take effect. (319715)
If the user is already over quota, the limit will also take effect when the user logs in. This means a user might still receive "over quota" messages until the user receives a new message or until the user logs off and logs in again.
You can cause the new limit to take effect by sending mail to the user after you reset the quota limit.

Some configuration settings require server restart to take effect. (341854)
All SMTP configuration settings require server restart; most POP, IMAP, and HTTP settings do not.
If you have questions about a particular configuration setting, contact Technical Support.

Potential Problems and Solutions

The following section details the known problems and solutions for the Messaging Server 4.15 Patch 2 release. If a bug-report number follows the problem, please use that number when communicating with Technical Support concerning the problem.
See also the previous section, Known Limitations and Considerations, and the following section, Corrections to the Documentation, for other issues that might affect product capability or use.

Installation and Upgrade Problems and Solutions

Installing 4.15 p1 NT on top of an existing installation installs MMP and Mailstone tools by default. (393848)
Mail Multiplexor (MMP) and Mailstone tools are installed by default when 4.15 patch 1 NT is installed on an existing 4.15 server. The PopProxy and ImapProxy services are then running on the default ports and can cause various problems with popd crashes and high CPU usage.
The workaround is to disable the MMP services. The problem does not appear on a clean install of the patch.

Installer fails silently when there is no domain name. (381850)
A "localhost" installation on a system that was not connected to the network failed when only a hostname was defined. No "msg-localhost" directory was created, but the installer did not report any errors.
The install will work after changing the fully qualified host name from "localhost.localdomain" to "localhost.local.domain."

If you install the product without enabling SSL, error messages appear in the log file when the corresponding server is started.(363752)
These messages can be safely ignored.
Solution: By default, SSL is enabled for all services. To disable SSL for each service without generating any error messages, use the following command (for example, to disable SSL for SMTP):
configutil service.smtp.sslusessl no

During upgrade, Messaging Server does not always rewrite the /etc/nsserver.cfg file properly. (351603)
Solution: If you install Messaging Server on the same Unix machine more than once, make sure the /etc/nsserver.cfg file contains, on the first line, the <server-root> of the Messaging Server you will be using.

The uninstall process does not remove alternate queues or non-primary message store partitions. (355963)
If you have multiple queues, the uninstall process will remove the default queue, but not alternate queues. If you have multiple partitions, the uninstall process will remove only the primary partition, not the non-primary message store partitions.
Solution: You will need to delete any alternate queues or subpartitions manually.

If you are upgrading from a 3.x Messaging Server to Messaging Server 4.15 Patch 2, the autoreply messages and mail routing table entries are not migrated. (357053)
Solution: You will need to save the 3.x information and re-create the entries for Messaging Server 4.15 Patch 2.

If you are upgrading from a 3.x Messaging Server to Messaging Server 4.15 Patch 2, and you have more than one LocalMailDomain entry in the 3.x /etc/netscape.mail.conf file, the entries are not migrated. (357055)
Solution: You will need to save the 3.x information and re-create the entries for Messaging Server 4.15 Patch 2.

End-user administrator user DN and group DN are not configurable. (355146)
Solution: If you want to create a custom DN for the end-user administrator, you must create these entries manually before the installation. You must create the end-user administrator group DN with the common name Enduser Administrators ("cn=Enduser Administrators"). You can create the end-user administrator user DN using any UID.

Directory Server installation will attempt to restart SNMP services on Windows NT. (357053)
The Messaging Server properly stops all dependent services before stopping the SNMP service, but if the Directory Server is installed on the same machine, it will attempt to restart the SNMP service, which causes the installation to hang.
Solution: Manually stop the SNMP service before installing the Messaging and Directory Servers on a Windows NT system. Alternatively, install the Directory Server on a different system (recommended to avoid resource contention).
Linux Problems and Solutions

You may receive the following error message during installation: "The network port number is invalid." (341627)
This message may appear even though the first port tested is genuinely not in use.
Solution: Re-enter the port number and it will be accepted the second time. If the install still reports the port is in use, then there is something active on the port.

There is a bug in glibc 2.1.1 that can cause SEGV faults of multi-threaded processes on SMP (symmetric multi-processor) systems. (355966)
Solution: Upgrade to glibc 2.1.2.
To determine which verson of glibc you are running, type:
# rpm -q glibc
Other Problems and Potential Solutions

Mail for root or other local users cannot be delivered.
You should create these accounts on the Directory Server using the Netscape Console or the MigrateUnixSpool utility. The messaging server does not consult /etc/passwd for local accounts.

On Windows NT, the -F option of the deliver command does not work.(381927) Solution: A -g option has been added as a synonym to the -F option. Use the -g option instead: # deliver -a <sender> -g \SEEN <recipient> <test_message_file> Note: The Windows NT shell does not do backslash quoting and therefore requires only one backslash (/) character.
Some window managers will not place the Netscape Console login window over the logo window. (367239) Solution: Either use a different window manager, or run startconsole with the -x,nologo parameter. For example: # <server-root>/startconsole -x,nologo
Authentication may fail if the hostname returned by NIS is not the same as the one returned by DNS. Solution: Edit /etc/nsswitch.conf to search DNS before searching NIS. Change the following line: hosts: files nisplus nis dns to: hosts: files dns nisplus nis
On Windows NT, If more than one popd process is running, then none of them accept a TCP connection. (379203) Solution: Change the service.pop.numprocesses, server.imap.numprocesses, and service.http.numprocesses to their default value of one (1).
The Messaging Server and Directory Server cannot be upgraded at the same time. (369067, 369057) The Directory Server holds the installation information for the Messaging Server. During an upgrade, the Directory Server is stopped and is unavailable to the installer. Solution: To upgrade both servers, simply upgrade the Directory Server and the Messaging Server seperately.
For Windows NT, the version of NativeToAscii shipped with the product does not work with Korean or Simplified Chinese. (366604) Solution: Set the NS_NLS_DATADIRECTORY variable: Go to <server-root>/shared/bin Open a text editor and create a file called NativeToAscii.bat Type the following in the file: set NS_NLS_DATADIRECTORY=<server-root>\bin\msg\admin\bin <server-root>\shared\bin\NativeToAscii.exe %1 %2 %3 %4 %5 %6 %7 %8 %9
Messaging Server sends incorrect timezone information for Singapore. (341272) Solution: In the /etc/NscpMsg script, set the timezone (TZ) for Messaging Server by adding the following line after the LANG= variable: # export TZ=GMT-8
Using a back-slash character (\) in an over-quota message can cause problems. (352208) If you include a back-slash character (\) in an over-quota message, Messaging Server cannot parse the message and will not deliver the message to the user. Solution: When specifying an over-quota message, do not use a back-slash character (\) in the message.
Messaging Multiplexor might not handle the "e" attribute in FilterComps in the certmap.conf file. (337269) Solution: You can correct this problem by changing the line in the certmap.conf file from: #default:FilterComps e, uid, ... to: #default:FilterComps mail, uid, ...

Corrections to the Documentation

Please note the following corrections to the Messaging Server 4.15 and 4.15 patch 1 documentation:

Webmail PAB installation instructions should say to use o=pab. (393032)
The Webmail PAB installation instructions documented in http://docs.iplanet.com/docs/manuals/messaging/nms415/patch1/relnotes.html#pab are unclear at the step where you configuring the Personal Address Book Directory Server Base DN [ o=<base DN> ]. The instructions say that you should press Return to accept this default value. The correct value is o=pab, but the default may not be defined as such. Make sure that the correct value is selected.
The instructions contained in this patch have been corrected.

Duplicate 'Searching for Addresses' links in Webmail Help (387536)
Under the 'Working for Addresses' section in Webmail Help, there are two 'Searching for Addresses' links. The first one should be titled,'Creating a New Address Entry' instead.

UBE RUN option documented in 4.1 Administrator's Guide is no longer available. (387439)
The NMS 4.1 Administrator's Guide documents a particular action for Unsolicited Bulk Email (UBE) filters that is not supported in the NMS 4.0x, 4.1, and 4.15 releases. Table 8.1 lists an action, RUN, at http://docs.iplanet.com/docs/manuals/messaging/nms41/ag/ubefiltr.htm#1064628, also on p.223 of the guide, that is disabled and not supported.

If you are installing Messaging Server 4.15 from a CD, the installation instructions contain an extra step. (380827)
On the CD, the Messaging Server 4.15 bits are already untar'd; therefore, there is no need to untar them as described in the Installation Guide.

Disabling Language Lookup Capability. (367811, 362966)
The MTA looks up the language to be used when it performs international functionality as explained in the Administration Guide.
A new configurable parameter, local.service.smtp.sitelanguageonly, can be set to yes to disable the MTA language lookup capability so that it sticks to the value defined by gen.sitelanguage. This might be preferable if you want to automatically see generated messages in a particular language.

Messenger Express online help provides incorrect instructions for localizing the Messenger Express UI. (357517)
The instructions read as follows:
Localization. To localize the user interface, copy mail-en.html to a new file named mail-xx.html, where xx is the two letter abbreviation for a specific language. Translate all the string values associated with the i18n array elements. To localize the online help, modify the help.html file.
Instead, the instructions should be:
Localization. The <server-root>/msg-<instance>/html directory contains a directory for each language. Contained within each language directory is a copy of the i18n.js file. This file contains all the string values associated with the i18n array elements. Replace the string pair with the relevant language. To localize the online help, modify the help.html file.

How to Report Problems

See the Technical Support site at http://iplanet.com/support/index.html.

Where to go for More Information

For Messaging Server 4.15 Patch 2 installation instructions, visit http://docs.iplanet.com/docs/manuals/messaging/nms41/install/contents.htm.
The administrator's guide and related documents are posted at the location http://developer.iplanet.com/docs/manuals/messaging.html.
Installation instructions and release notes for all Netscape servers are posted at the location http://developer.iplanet.com/docs/manuals/index.html.
If you can't find the information you need, please contact Technical Support.

Legal Notices

Messaging Server 4.15 Patch 2
Use of Messaging Server 4.15 Patch 2 is subject to the terms detailed in the license agreement accompanying it.
NSPR 3.1.x, NSS 2.6.2, and LDAP SDK 3.1
Messaging Server 4.15 Patch 2 incorporates the following software module(s): NSPR 3.1.x, NSS 2.6.2, and LDAP SDK 3.1. The source code for these module(s) as well as any updates produced by Sun Microsystems, Inc. or Netscape Communications Corporation is available from the Mozilla.org website under terms of the Mozilla Public License (MPL).
This product's license is different from the MPL. Any license terms for this product which differ from the MPL are offered by Sun Microsystems, Inc. and Netscape Communications Corporation, not by the "Initial Developer" or any "Contributor" (as those terms are defined in the MPL).