Release Notes for Netscape Messaging Server

Version 4.15 patch 3

Release Notes

Updated October 25, 2000

These release notes contain important information available at the time of the patch 3 release of Netscape Messaging Server 4.15. New features and enhancements, installation notes, known problems, and other late-breaking issues are addressed here. Read this document before you begin using Netscape Messaging Server 4.15.

An electronic version of these release notes can be found at the iPlanet documentation web site: Check the web site prior to installing and setting up your software and then periodically thereafter to view the most up-to-date release notes and manuals.

These release notes contain the following sections:

What's New in Netscape Messaging Server 4.15 patch 3

Netscape Messaging Server 4.15 patch 3 enables ESPs and ISPs to quickly build business-grade messaging services for conducting communication and commerce with entire communities of employees, partners, suppliers, and customers.


Features of Messaging Server 4.15 Patch 3 include:

Features of Messaging Server 4.15 Patch 2 include:

  • Configurable Security and Privacy Fixes for Messenger Express.
  • Netscape 6/Mozilla access fix to Messenger Express.
  • MTA refresh enabled for specific configuration parameters.
  • Store Recovery checkpoint enhancements.
  • Updated Console for supporting Simplified Chinese.

Features of Messaging Server 4.15 Patch 1 include:

  • Personal Address Book support on Solaris.
  • Authenticated SMTP for Messenger Express.
  • Mailstone support for Messenger Express.
  • An improved UI for Mailstone.

Features of Messaging Server 4.15 include:

Support for multiple platforms.

  • U.S. domestic security support with Federal Information Processing Standard (FIPS) 140a.
  • Messaging Multiplexor support of SSL, which enables offloading SSL handling from a Messaging Server to an MMP.
  • Mailstone, a stress-testing tool that lets system administrators determine Netscape Messaging Server capacity by testing how the server performs under heavy loads.
  • Messenger Express - an integrated email interface to Netscape Messaging Server. Specific features of Messenger Express include:
    • High Scalability for support of millions of users
    • Highly customizable and extensible
    • Advertising enabled
    • Core email service feature support, including:
      • Automatically create Inbox, Drafts, Sent, and Trash folders at first login
      • View messages headers; sort by date, from, size, subject, or type (new/read)
      • View received message; reply, reply all, forward
      • Search for message within folder using the subject, from, body, or to fields
      • Compose message, allow attachments, add recipients from LDAP search, set priority, return receipts
      • Folder management, create, delete, rename
      • Account summary: display email address, mailbox quota limit, current disk consumption
      • Personal information settings: passwords, preferred language, reply to email address, vcard, text signature, forward email information, vacation
      • Other settings: Number of messages per page, delete style (IMAP style or trash style), purge deleted messages on logout, save copy of sent messages, save messages for draft, message display wrap, set color scheme, set toolbar (icons & text, icons only, text only), display font, font size
POP collection allows users to collect messages from remote mailboxes and store them in a selected folder.

Bugs Fixed in NMS 4.15 patch 3

The following bugs have been fixed in Netscape Messaging Server 4.15 patch 3:

Table 1 Fixed Bug List



Bug ID

Bug Description


387389 If user preferred language is Chinese, then some fields in PAB are empty.


359020 Rec. SMTP error for invalid address with some special chars \cr\lf, will defer forever


417008 PAB java script error when preferred language is non-english


394710 SMTP: Deferred message file missing \cr\lf, will defer forever


513879 Blank PAB Search screen


410101 ASock_GetLine() not retrying I/O in non-blocking mode.


395964 Getting "Couldn't open message file" errors in logs (HP)


387549 PAB : All addresses after an entry w/ ( will not receive the msg.


387298 PAB : Nav 4.04: Fail to Compose message from compose recipient win


385162 Utility pabdelete should be 755, not 644 during installation


392187 PAB will not function for MAC users (8/9)


396760 PAB creates too many ACIs - causes Directory Server to crash


385657 If date header contains 00, WebMail may not display properly


394935 The personal address book in webmail does not scale.


399446 Whenever receiving encoded strange subject, user can't login to webmail (7/17)


387969 vacation year says 3999 in ME (6/26)


362965 MMP is too slow to handle load


396137 SMTP: DoS exposure receiving very long header streams


386321 mshttpd core (7/25)


419789 smtpd uses unsafe value for maximum line length (DOS issue) (8/8)


389534 deliver command should update quota information (8/4)


396938 popd and imapd dumped core with setting access privilege.


396321 Installation Problem in NMS 4.15 patch1 Japanese version specific (8/16)


384354 smtpd core dump in ReaderLock_Read()


385256 smtpd process growth - reproducible


354510 console does not recognize or clean up 3.x vacation messages in LDAP


419789 smtpd can use up memory if async call has unusual RC (DOS issue) (8/14)


387953 SMTP: Deferred delivery directory vanishing on restart of slapd (8/4)


385922 stored core, mshttpd not starting, smtpd hanging


384684 SMTP: min queue timeout needs reduced


436789 inconsistent behavior of smtpd, wrt to recipient addresses


382240 popd core


393732 SMTP: Nonstandard smtp port setting affects ability to send out


359084 SMTP Error recips get appended to invisible list


362204 L10N: Rename dialog box: default mail box names are in english


361195 Search string including HTML tags not filtered


394544 core dump with MS415p1 in function _comparePvTB


395803 Over-quota bounce notification does not include who is over quota


387147 smtpd does not allow pipe characters in local addresses


368008 SMTP: Return receipt message content do not display rcpt addresses


388506 Memory leaks and other problems in Hide plugin


392480 blank line inserted in TO: Header in Japanese configuration


387619 L10N:Vacation Message / user page


387617 end-user admin with multiple instances has problems


396177 Smtpd crash with core file as the result of recursive calls.


396048 mshttpd core dump


397590 smtpd should not be configured to use more than 256 fds (8/7)


395638 program delivery doesn't work with service.listenaddr set (8/10)


394679 smtp core dump with 4.15p1


384904 No options>summary in webmail if many mailAlternateAddresses


380588 Removing case-sensitivity from uid entry?


386346 WebMail: OPTS: Changes to vacation msg are not reflected in the UI (8/2)


370798 PAB: Confusion in searching by Full Name with numbers (1-9)


391514 Plugin architecture can produce bad control entries (7/31)


390369 HA setting using local.ugldaphost isn't working (7/21)


369846 Quoted address local parts in MS4.05


387727 MMP:Avoid showing Netscape info at end of IMAP session


393871 MTA:Incorrect vacation processing (8/8)


399934 Vacation Message date interval feature not working


391904 Some Returned mails don't show destination address


387363 Options Summary bad display of single mailAlternateAddress


385217 WebMail: cannot dload attach. from messages in Korean folder using IE


364245 MTA:Wrong error messages returned to end users


393491 MTA:Not removing zero-byte messages from queue.


357150 Shared Folders access to username when only UID should be


408522 quotacheck utility tool


515160 NMS 4.15p2 Buffer overflow DoS and hacker exploit


Configuration Options in 4.15 Patch 3

Note: After you set or change a parameter, be sure to stop/start or refresh the service.

The deliver command delivers mail directly to the message store accessible by IMAP or POP mail clients. (389534)

The deliver program has been changed so that the deliver command will create the user's mailbox automatically when the user does not exist. Deliver gets the quota from LDAP. Quota check and update will work correctly. Use the deliver -c command to automatically create user's mailboxes.

Previously installed MS 4.05 appears in Netscape console even if it is uninstalled. (370712)

This is a mis-configuration problem. When uninstalling NSM 4.0, the directory server should be running. Otherwise the entries in the config LDAP server will not be removed. The console will still show that the server instance exists (based on the config LDAP entries).

Configuration Options in 4.15 Patch 2

  Deliver command should update quota information. (389534)

The deliver program is unable to update the quota information on a mailbox. Quota information is updated by smtpd. Thus the deliver program is not able to push a message into the store itself (it requires a push through smtpd.)

Option to disable LDAP address search in the Personal Address Book. (389784)

This option has been added to address security and privacy concerns. Messenger Express allows a user could create an LDAP query that would give information about other users from the LDAP directory. The following parameter has been added:


If the parameter is set to no, no LDAP queries will be allowed except for Personal Address Book queries. By default, LDAP queries are allowed by any user through modification of Messenger Express URLs.

HTTP service Proxy Domain behavior. (390241)

This option addresses security and privacy concerns. The following existing parameter is discussed:


When set, the value is http:[SERVER_IP], where [SERVER_IP] is the IP address of the Messaging Server (or any other unlikely to match a client's address). This will only allow proxy logins from clients whose source IP addresses match the [SERVER_IP] part of the filter.

This is described under Creating Access Filters for HTTP Proxy Authentication.

Mail Access Domain syntax. (390241)

The following existing parameter is discussed:

LDAP entry: mailAccessDomain

Starting with 4.15, the mailAccessDomain parameter supports multiple filters in a single attribute, separated by $, with either + or - denoting their disposition.

Full mailAccessDomain filter syntax is:

    [+-] servicelist : clientlist ( $ [+-] servicelist : clientlist *

like this:

    +imap imapmmp:ALL$-pop popmmp:ALL

This will make it so that user can only access imap and imapmmp (no ssl).

Configuration Options in 4.15 Patch 1

Messenger Express now supports sending authenticated SMTP messages (383050)

The following parameters have been added:



These parameters allow someone using Messenger Express to receive the same authenticated SMTP messages that they would normally receive using Netscape Communicator.

For this to work properly, the user ID and password given to the mshttpd must be a store administrator; they must exist in the store.admins list (for example, admin and admin).

After setting these parameters, any mail received in Messenger Express from an authenticated ME user should have the word "Internal" appearing next to the From header in the Message View window. Authenticated mail from ME will display the authenticated SMTP user name in the header instead of the actual user.

The Resent-From header is always added when a message is expanded from a mailing list. (381555)

The following parameter has been added to give you the option of modifying this behavior:


When this parameter is set to no, and a message is submitted to a group, the recipients of that message will not see the Resent-From header. In all other cases, the Resent-From header will appear.

New Parameter Added to adjust MTA Throttling. (386272)

The following parameter has been added to adjust MTA throttling:


Once the control queue is over the number set to this parameter, the server starts to throttle back the speed with which it accepts incoming connections. This makes it more difficult to grow the queue to an overwhelming number of messages.

If you set the throttle level too high, the accept rate will overwhelm the ability over the server to deliver all the messages it accepts.

The local.service.smtp.throttlethreshold parameter defines the throttle level. The default value is 2000 messages.

This parameter defines the maximum number of messages that will be processed at one time.

Raw 8-bit header causes Javascript errors in Messenger Express. (367500, 368796)

To avoid these errors, you can set the following parameters:




The fixlang parameter specifies the two-letter language ID (for example, ko for Korean). This parameter must be used in conjunction with the fixcharset parameter, which specifies the character set name (for example, EUC-KR). Setting these two parameters causes Messenger Express to lose its multilingual capability, but it will avoid the Javascript errors that result from setting the allow8bit parameter.

If the local.rfc822header.allow8bit parameter is set to no then any 8-bit data encountered in a header is displayed as ?. If this parameter is set to yes then headers are run through a validity checker so that valid 8-bit characters can be displayed intact and invalid characters are shown as ?.

Configurable received header required for High Availability or other multi-instance environments where you want to know which server is handling the mail. (383012)

The following parameter has been added:


This replaces the default Received: field that the message store puts into the header of each message received by the message store. The string can have a mixture of text and the positionally-dependent arguments (each %s). For example:

Field 1: Product Name "Netscape Messaging Server"

Field 2: Product Version "4.15"

Thus, a default release build received header looks similar to the following:

Received: from ([]) by <host>.<domain>.com

    (Netscape Messaging Server 4.15) with ESMTP id FOM48800.N00 for>; Wed, 19 Jan 2000 18:28:56 -0800

Setting the local.service.smtp.smtp-accept.receivedcomment configuration parameter as follows:

# ./setconf local.service.smtp.smtp-accept.receivedcomment "AOL-%s v%s msg-system1"

produces received headers similar to the following:

Received: from ([]) by <host>.<domain>.com

    (AOL-Netscape Messaging Server v4.15 msg-system1) with

    ESMTP id FOM6N700.S00 for <>;

    Wed, 19 Jan 2000 19:21:07 -0800

The parameter will be truncated to a max of 200 characters. You could even configure the parameter as "" and you should get the minimal received comment of ().

There are a few related extensions to the Protocol plugin properties:

SMTP_PPP_RECEIVEDCOMMENT: overrides comment per-connection

SMTP_PPP_PRODUCTNAME: read-only access to the product name

SMTP_PPP_PRODUCTVERSION: read-only access to the product version

SMTP_PPP_INSTANCENAME: read-only access to the server instance name

The service.listenaddr parameter prevents Sendmail from listening to the localhost SMTP socket. (382098)

This issue has to do with the Sendmail emulator, which redirects the SMTP connections to the MTA from the standard connection. The following parameters can be set to solve this problem:



If you set the local.service.sendmail.listenaddr, which is the IP address to listen on, then you should also set the local.service.sendmail.port.

For the port number, sendmail looks first for the value defined by local.service.sendmail.port (for example, 25). If this is not set, then it looks for the value defined by service.smtp.port, then for the smtp/tcp port number. If none of these is set, it defaults to 25.

To find the listen address, sendmail looks first for the value defined by the local.service.sendmail.listenaddr parameter (for example, localhost). If this is not set, then it looks for the value defined by service.listenaddr. If neither is set, then it defaults to localhost.

The MTA can leave deferred message bodies in the messages directory without references to the original messages. (382456)

Due to a race condition, deferred message bodies could be left in the messages directory without references to the original. This problem is fixed, and a configuration parameter is also available for tuning this.

The service.smtp.fileretry parameter is used to specify the number of times to retry internal renaming of a file before concluding an error exists. There is no default value; the internal value is 30.

In Messenger Express, a "File too large" message may appear after a large file is uploaded. (382477)

The service.http.maxpostsize parameter defines the maximum size of an HTTP POST that the server will attempt to upload.

If the file to be uploaded is larger than the value defined by service.http.maxpostsize, Messenger Express will upload at most 32K before returning the File too large error message.

Turning off the MTA's DNS cache.

DNS caching by the MTA can be turned off if you wish to have more control over the DNS behavior. To turn off the MTA's DNS cache, set the service.smtp.dnscachesize parameter to -1.

An entry in the log will show that the DNS cache was disabled.

Skipping the LDAP query in the MTA (useful for out-going mail relays). (379424)

To skip the LDAP query in the MTA, you can set the service.smtp.smtp-router.remotemaildomains parameter. For example, setting it to * makes the server treat <everything> as remote and skip the LDAP lookup on them. Setting the service.smtp.smtp-router.remotemaildomains parameter to an asterisk (*) character makes the server treat everything as remote.

Any regular expression can be used to set this parameter; for example, you could set the value to (* && * to make these addresses remote.

Fallback host for the MTA. (379426)

To define a "host of last resort" for the MTA, set the service.smtp.smtp-deliver.fallbackhosts to a list of x:y separated by $ as the delimiter. X represents the pseudo-regular expression specifying the domain and y represents the host name or IP address.

If y has multiple IP addresses, they are treated as the lowest priority MXs by the name server. If the "real" MXs for the domain are dead, then these pseudo MX IP addresses float to the top and stay there for the duration of the TTL.

If you set this parameter to *.<host>, then all deferred mail is forwarded to <host>.

Personal Address Book


The Personal Address Book enables users to manage their personal address book entries including people and groups, and address to these entries when composing mail messages.

Note: Personal Address Book is only supported on Solaris.

Users can create, edit, or delete entries and groups in the address book.

From the Messenger Express main window, a user can click on the Addresses tab to go to the address book window, from which the following operations are available:

  • Create a new address book entry (either a person or a group). After selecting the object you want to create, a new window prompts the user to enter the corresponding attributes (for example, first name, last name, address, phone numbers, etc.). A newly created entry is put into the address book.
  • Delete an address book entry (either a person or a group). Deleting a group does not delete all of its members; only the specified group.
  • Edit an address book entry (either a person or a group). A window lists all the attributes of the selected object and the user can modify them as necessary. In the case of a group, there is a mechanism to allow users to select from current and potential members.


If you do not already have Messaging Server 4.15 patch 3 installed, refer to the installation instructions provided at

Note: The Messaging Server 4.15 patch 3 installs the bits for the Personal Address Book but does not perform any configuration. In order to run the personal address book, you must do the following after successfully installing Messaging Server 4.15 patch 3:

    1. Run the script to configure the Personal Address Book.

    2. Run dssetup to configure the Directory Server for the Personal Address Book.

Configuring the Personal Address Book

The perl script is located in the <serverroot>/bin/MSG/install/bin directory. You can run perl with this script and the -d option as follows:

# <serverroot>/install/perl <serverroot>/bin/MSG/install/bin/ -d <serverroot>

You will be asked the following series of questions. Answer them as instructed:

  • Do you want to (re)configure the Personal Address Book service (yes|no) [no] ?

    Enter yes to configure the Personal Address Book; enter no or press Return if you do not want to continue with the configuration.

  • Personal Address Book Directory Server Host name [<hostname>.<domain>] :

    Enter the hostname of the Directory Server that will be the server for the Personal Address Book or press Return to accept the default.

  • Personal Address Book Directory Server port [<port_number>] :

    Enter the LDAP port of the Directory Server or press Return to accept the default.

  • Personal Address Book Directory Server Base DN [o=<base DN>] :

    Enter a new base DN in the format o=<base DN> (for PAB, it should be o=pab).

    Important: The base DN you specify here must match the base suffix you specify when running dssetup. Do not press return and accept the default value unless it is the correct value for your configuration.

  • Bind DN [admin] :

    You may enter the Directory Manager DN (e.g., cn=Directory Manager), or you may choose to specify a new DN of a PAB administrator. If you choose to specify a new PAB administrator DN, you must define a DN of the form:


    For example:


    Important: The bind DN you specify here must match the Users/Groups Administrator's UID you specify when running dssetup.

  • Password:

    Enter the bind DN's password.

    This password must be the same as the password of the Directory Manager (i.e., cn=Directory Manager).

    Important: The password you specify here must match the Users/Groups Administrator's password you specify when running dssetup.

    Warning: If directory manager is used as the bind DN, the directory manager password you specify is exposed as ASCII text in the local.service.pab.ldappasswd parameter. Users can view this password with the configutil utility. Thus, it is recommended that ordinary users not be granted access to the directory that can access this parameter.

  • Personal Address Book Maximum Number of Entries [500] :

    Enter the maximum number of Personal Address Book entries or press Return to accept the default.

    After entering this information, the LDAP URL and Bind DN are displayed. For example:

    Summary of selections:

    PAB LDAP URL: ldap://<directory_server_hostname>:<directory_server_port>/o=pab

    PAB Bind DN: cn=directory manager

    Maximum Number of Entries: 500

    Then, you are asked if you want to continue with the configuration:

  • Continue PAB configuration with the above selections [yes] ?

    Answer yes or press Return to accept the default if you want to continue with the configuration. Otherwise, answer no.

    The Personal Address Book server is configured with the input values you specified.

  • The Messaging Server must be restarted for these settings to take effect. Restart now [yes] ?

    Answer yes or press Return to accept the default if you want to restart the messaging (mshttpd) service. Otherwise, answer no.

Configuring the Directory Server for the Personal Address Book

After you have run the script to configure the Personal Address Book, you should run the dssetup utility to configure the Directory Server for the Personal Address Book. The dssetup utility may be found in the following location of the NMS4.15p3 install (CD-ROM) image:


For example, to run dssetup, do the following:

# cd /tmp
# tar -xf <NMS-CD-ROM>/msg/dssetup.tar
# .dssetup

Note: The dssetup utility can also be downloaded separately from the Messaging Server 4.15 patch 3 archive file. If you downloaded the archive dssetup-4.15p2.tar.gz file, you should uncompress this file first, then untar the dssetup.tar file contained within it. The dssetup version you need will be located in the SunOS5.6 subdirectory:

# gunzip dssetup-4.15p2.tar.gz

# tar -xvf dssetup-4.15p2.tar

After all the files are extracted, update the Personal Address Book schema by running dssetup (either from the /MSG or /SunOS5.6 subdirectories) on the machine where the Directory Server is installed. You will see the questions listed below and you should answer them as instructed:

  • Do you wish to continue [yes]:

    Answer yes or press Return if you want to continue; enter no if you do not.

  • Directory server root [/usr/netscape/server4]:

    Enter your directory server root location.

  • Messaging Server schema in the directory server appears to be up to date.

    Do you wish to update the schema anyway [y] ?

    Answer yes or press Return.

    Note: This question will not be asked if you are installing Messaging Server for the first time.

  • Do you wish to configure this directory for Server Configuration [y] ?

    Answer no since the Personal Address Book needs to update user/group schema, not the server configuration.

  • Do you wish to use this directory for managing Users/Groups [y] ?

    Answer yes or press Return to continue with the update of the user/group schema for the Personal Address Book.

  • Please enter the Directory Administrator's DN [cn=Directory Manager] :

    Enter cn=directory manager (or equivalent) or press Return to accept the default.

  • Please enter the Directory Administrator's Password :

    Enter the directory manager's (or equivalent) password.

  • Please enter the base suffix under which the Users/Groups data should be setup [o=<domain>.com] :

    Answer in the format o=<base DN> (for example, o=pab) to set up the organization for the Personal Address Book; this is where the Personal Address Book entry/group data will be stored.

    Important: The base suffix you specify here must match the base DN you specified when you ran

  • Do you want to enable anonymous search access on the Users/Groups suffix 'o=pab' [y] :

    Answer yes or press Return to enable anonymous search access for the Personal Address Book.

  • Please enter the Users/Groups Administrator's uid [admin] :

    You must enter the same value you specified for the PAB administrator's DN when running the utility. That is, if you entered the directory manager's DN (e.g., cn=Directory Manager), you must enter that now. If you specified a unique PAB admin DN, you must enter that now (e.g., uid=pabadmin,o=pab).

    Important: The UID you specify here must match the bind DN you specified when you ran

  • Please enter the Users/Groups Administrator's Password :

    Enter the admin's password.

    Important: The password you specify here must match the bind DN's password you specified when you ran

  • Enter the Users/Groups Administrator's Password again to verify :

    Enter the admin's password again.

    At this point, you will be given a listing of all the settings you specified. After the list, the following question will appear:

  • Do you want to continue [yes] :

    Answer yes or press Return if all the settings are correct; answer no to start over.

    The dssetup utility will update the Personal Address Book schema on the Directory Server and then restart the Directory Server.

    After the dssetup configuration is complete, the Personal Address Book installation and configuration is complete and the mshttpd service is restarted for the new configuration to be effective. New user accounts may be created from the Administration Console; users can then login to Messenger Express and start using the Personal Address Book.

    Sometimes the PAB may not function correctly, even though all installation steps were correctly performed. In this case, it may be helpful to restart both the LDAP (slapd) and messaging services.

Manually Configuring the Personal Address Book

(This does the same as described in the earlier section Configuring the Personal Address Book.) To enable the Personal Address Book feature, set the local.service.pab.enabled parameter to 1. Set this parameter to 0 to turn this feature off. By default, this parameter is set to 1.

You can use configutil to set the local.service.pab.enabled parameter. For example, to set this parameter to 1, use the following command:

# ./configutil -o local.service.pab.enabled -v 1

Other configuration variables include:

  • local.service.pab.ldaphost

    This parameter specifies the name of the LDAP server you want to use for the Personal Address Book.

  • local.service.pab.ldapport

    This parameter specifies the port number on the LDAP server.

  • local.service.pab.ldapbinddn

    This parameter specifies the bind DN used by Personal Address Book on the LDAP server (for example, cn=Directory Manager).

  • local.service.pab.ldappasswd

    This parameter defines the password for the bind DN used by Personal Address Book.

  • local.service.pab.ldapbasedn

    This parameter specifies the base DN in which Personal Address Book entries end up. The default is o=pab.

  • local.service.pab.attributelist

    This parameter is used to add new attributes to a personal address book entry (for example, you want to create an attribute that doesn't already exist).

  • local.service.pab.maxnumberofentries

    This parameter specifies the maximum number of entries per user ID. By default, this parameter is set to 500.


The pabdelete utility is installed in shared/bin. It is used to delete address book data after a user has been removed; it can also be used to remove all address book data if the Personal Address Book is uninstalled.

Note: If you run the uninstall utility, you must still run the pabdelete utility to remove address book data. The pabdelete utility is not run by uninstall.

Important: Before you run the pabdelete utility, check to see whether or not it has the correct permissions. The mode for pabdelete should be 755. If this is not the case, change the permissions on pabdelete with the following command:

# chmod 755 pabdelete

The syntax for the pabdelete utility is as follows:

# ./pabdelete -D <binddn> -w <password> [options] <uid>

The <binddn> and <password> parameters represent the Bind DN and Bind password; respectively, and <uid> represents the user ID of the owner of the Personal Address Book you want to remove. Use ALL for the uid parameter to specify all users; however, the Personal Address Book root will not be removed.

The optional parameters are described below:






-h <host>


LDAP server name or IP address

-p <port>


LDAP server TCP port number

-b <basedn>


Personal Address Book Base DN. The default value is o=pab.



Preview the actions that would be performed by this pabdelete operation but do not actually perform those actions.



Run in verbose mode (diagnostics to standard output).

-help or -H


Display usage information.


Shown below are some usage examples:

# pabdelete -H

# pabdelete -D "cn=admin," -w xyz -b "ou=abooks," jsmith

# pabdelete -D "cn=admin," -w xyz -b "ou=abooks," -v -n ALL

Installation Notes

Important: Messaging Server 4.15 patch 3 is available in two versions; a patch version and a complete version. The complete version of Messaging Server 4.15 patch 3 can be installed on top of any previous Messaging Server release; the patch version can only be installed on top of Messaging Server 4.15.

If you are running a Messaging Server earlier than 4.15 and you want to install the patch version of Messaging Server 4.15 patch 3, you must first upgrade to version 4.15 before upgrading to version 4.15 patch 3. 4.15 patch 3 contains all fixes also included in 4.15 Patch 1 and Patch 2.

Messaging Server 4.15 patch 3 is available for the following platforms (refer to the Messaging Server Tuning Guide for required and recommended patches):

  • Solaris 2.6 for SPARC with required patches

  • HP-UX 11.0 with required patches

  • Windows NT 4.0 SP4

  • IBM AIX 4.3.2 with recommended patch

  • Tru64 Unix 4.0d

  • Red Hat 6.0 (Linux 2.2)

For Messenger Express access, Messaging Server 4.15 patch 3 requires a Javascript-enabled browser. For optimal performance, Netscape recommends using the following browsers:

  • Netscape Navigator 4.7 or later

  • Internet Explorer 5.0 or later

For information on installing Netscape Messaging Server 4.15 patch 3, see

Known Problems and Limitations

Messaging Server 4.15 patch 3 includes the following limitations and considerations (see also Potential Problems and Solutions later in this document for other issues that might affect product capability or use):

PAB feature not supported on HP. (394398)

The install script offers to install Personal Address Book on an HP machine. This because PAB is only supported on Solaris as described in the prerequisites and readme file.

sendmail confused by nsserver.cfg with two entries (387459)

Sendmail fails to run successfully on an nsserver.cfg file with two-instance servers.

The following error message may be displayed:

[03/Mar/2000:15:28:04 -0500] nccmail [3349]: General Warning: CONFIGROOT

environment variable is not set and cannot find unique messaging server instance.

[03/Mar/2000:15:28:04 -0500] nccmail [3349]: General Critical: Failed to open

config file (./configdb). Make sure you set CONFIGROOT environment variable

to the directory containing configdb file. sendmail: Could not initialize Messaging Server configuration.

4.05p1, 4.1p2 and 4.15p1 all support the ability to customize more aspects of which port and address Sendmail uses. Check the path used by mailx and set status=p2, which should break any normal multi-instance deployments.

LDAP mail access domains not working in 4.15 or 4.15P1 (389998)

Setting mail access domains on a user to user basis does not work. Users can login and get mail from domain and IP's not listed in users LDAP entry.

According to the manual, setting mailaccessdomain to "none" should block the user from access the mailserver. This doesn't work. Setting specific domains doesn't work either.

mailAccessDomain syntax has multiple filters in a single attribute, separated by '$', with either '+' or '-' denoting their disposition. Full mailAccessDomain filter syntax is:

"[+-]" servicelist ":" clientlist ( "$" "[+-]" servicelist ":" clientlist )*

For example:

+imap imapmmp:ALL$-pop popmmp:ALL

This would make it so the user could only access imap and imapmmp (no ssl). If you want to do more than one IP address per service, you need to use the following syntax, ensuring that there are no spaces, as shown:


imapd cores with service.imap.maxthread set to 1000 (388049)

To avoid this problem, the total number of threads actively accessing the message store should be well under 1000. To keep the thread count under 1000, adjust the values of the following parameters so that their sum is less than 1000:





The parameter service.smtp.mailbox-deliver.minruncount controls the number of MTA threads accessing the store. The corresponding service.smtp.mailbox-deliver.maxruncount is not used.

In Messenger Express, the dates of messages with invalid years may be displayed incorrectly. (385657)

RFCs 822 and 1123 specify that two-digit year strings (for example, "00") are improper. Messenger Express systems that send out two-digit year strings may fail to be displayed properly.

In Messenger Express and Personal Address Book, quotation marks in the Display Name are not displayed in the addresses in the Recipients field. (380488)

Additionally, in Internet Explorer 5.0, if you enter %22 (or some other similar two-digit string) in the Display Name field, it becomes encoded as a double quote, causing the MTA to generate an SMTP error.

If you create a new user whose preferred language is Chinese, the user is sent an English greeting message rather than a Chinese one. (387704)

In Messenger Express, if the user does not explicitly logoff their session, there is a short time period between when the browser is closed and the session times out that can be exploited by someone with access to the history for that browser. (379157)

For general security purposes, it is suggested that UNIX Messenger Express users close their browser windows when they are finished with their mail session. (380283)

If a server process crashes, shut down all services before restarting or another process might hang.

If the server process terminates unexpectedly, shut down all Messaging Server processes before restarting the server. Otherwise, the remaining processes might stop responding while waiting for locks held by the terminated process.

If the Directory Server goes down during the send of a large mailing list, the deferral which should occur fails and the messages are not sent. (370061)

When this occurs, an error message is sent to the postmaster.

Large number of folders cause client memory exhaustion. (379459)

Messenger Express only supports a certain number of viewable folders (less than 200 with 128MB of memory) before it exhausts the available memory. When this occurs, you may see a mostly blank screen and/or a message in your browser status bar telling you about a Javascript error.

To see the entire error message, type 'javascript:' in the Location bar. The error message looks similar to the following:

Javascript Error: http://./fldr_fs.html, line 85 out of memory.

For a short period of time (default is 15 minutes), it is still possible to login the account of a user after that user is deleted in Netscape Console. (379080)

If you elect to turn the authentication cache on (for performance reasons), you must restart all the services on the server to make the deletion of a user(s) immediately effective.

If not, then turn off the authentication cache by setting the service.authcachettl to zero and restarting all the services.

If you use Netscape Communicator to send just a link, and then try to view the message in Messenger Express, the body of the message is blank. The same message in IMAP contains the link. (370998)

If you type some text before the link, then the message can be viewed without any problems.

On HP-UX 9000/800 systems, the SNMP sub-agent is unable to communicate with the master agent. (370650, 370694)

SNMP cannot be used on HP-UX 9000/800 systems.

With the Users and Groups Directory Server replicated, changes to the user preferences take time to propagate to the replicas. (368971)

The amount of time it takes for the changes to propagate to the replicas depends on the replication schedule for the Directory Server.

Users of Outlook Express (any version) using IMAP may see read messages revert back to an unread state. (363547)

This is due to Outlook Express incorrectly using multiple connections to the same mailbox.

Inconsistency in creating folders/subfolders with white spaces. (359809)

On NT, when trying to create a folder name that ends with white spaces, or a subfolder name with white spaces only or ending with white spaces, an error message will be displayed: 'System I/O error, Administrator, check server log for details.' It is unable to create these folders. However, this worked fine on Solaris.

Program delivery suspend mode does not work. (352333)

Messages that are deferred to an alternate queue do not default back to the main queue when the alternate queue is deleted. (358478)

Do not delete alternate queues that still contain messages.

Messaging Server 4.15 Patch 2 does not support certmap plugins. (337413)

The RUN and SCAN commands in the Unsolicited Bulk Email (UBE) plugin are disbaled and are not supported. (334886)

Reconstruct -r loses authenticated sender info. (115193)

Netscape supports the XSERVER private extension for authenticating message submissions. Reconstructing a mailbox causes all of the authenticated sender information to be discarded.

If the upgrade process from Messaging Server 3.x to 4.15 Patch 2 is interrupted, run reconstruct -m before starting the server.

The reconstruct -m command corrects an inconsistent message store.

The login shell must be valid for Program Delivery to work. (326785, 336039)

The program delivery option will not work with shells that are not considered valid. On several UNIX systems, the /etc/shells file contains the path for all valid shells. If the file is missing or empty, the following are valid login shells for the user to which the message is addressed:







For more information about program delivery, see the Messaging Server Administrator's Guide.

If you change the quota limit for a user, the new limit does not immediately take effect. (319715)

If the user is already over quota, the limit will also take effect when the user logs in. This means a user might still receive "over quota" messages until the user receives a new message or until the user logs off and logs in again.

You can cause the new limit to take effect by sending mail to the user after you reset the quota limit.

Some configuration settings require server restart to take effect. (341854)

All SMTP configuration settings require server restart; most POP, IMAP, and HTTP settings do not.

If you have questions about a particular configuration setting, contact Technical Support.

Potential Problems and Solutions

The following section details the known problems and solutions for the Messaging Server 4.15 patch 3 release. If a bug-report number follows the problem, please use that number when communicating with Technical Support concerning the problem.

See also the previous section, Known Limitations and Considerations, and the following section, Corrections to the Documentation, for other issues that might affect product capability or use.

Installation and Upgrade Problems and Solutions

Installing 4.15 p1 NT on top of an existing installation installs MMP and Mailstone tools by default. (393848)

Mail Multiplexor (MMP) and Mailstone tools are installed by default when 4.15 patch 1 NT is installed on an existing 4.15 server. The PopProxy and ImapProxy services are then running on the default ports and can cause various problems with popd crashes and high CPU usage.

The workaround is to disable the MMP services. The problem does not appear on a clean install of the patch.

Installer fails silently when there is no domain name. (381850)

A "localhost" installation on a system that was not connected to the network failed when only a hostname was defined. No "msg-localhost" directory was created, but the installer did not report any errors.

The install will work after changing the fully qualified host name from "localhost.localdomain" to "localhost.local.domain."

If you install the product without enabling SSL, error messages appear in the log file when the corresponding server is started. (363752)

These messages can be safely ignored.

Solution: By default, SSL is enabled for all services. To disable SSL for each service without generating any error messages, use the following command (for example, to disable SSL for SMTP):

configutil service.smtp.sslusessl no

During upgrade, Messaging Server does not always rewrite the /etc/nsserver.cfg file properly. (351603)

Solution: If you install Messaging Server on the same UNIX machine more than once, make sure the /etc/nsserver.cfg file contains, on the first line, the <server-root> of the Messaging Server you will be using.

The uninstall process does not remove alternate queues or non-primary message store partitions. (355963)

If you have multiple queues, the uninstall process will remove the default queue, but not alternate queues. If you have multiple partitions, the uninstall process will remove only the primary partition, not the non-primary message store partitions.

Solution: You will need to delete any alternate queues or subpartitions manually.

If you are upgrading from a 3.x Messaging Server to Messaging Server 4.15 Patch 2, the autoreply messages and mail routing table entries are not migrated. (357053)

Solution: You will need to save the 3.x information and re-create the entries for Messaging Server 4.15 patch 3.

If you are upgrading from a 3.x Messaging Server to Messaging Server 4.15 Patch 2, and you have more than one LocalMailDomain entry in the 3.x /etc/netscape.mail.conf file, the entries are not migrated. (357055)

Solution: You will need to save the 3.x information and re-create the entries for Messaging Server 4.15 Patch 2.

End-user administrator user DN and group DN are not configurable. (355146)

Solution: If you want to create a custom DN for the end-user administrator, you must create these entries manually before the installation. You must create the end-user administrator group DN with the common name Enduser Administrators ("cn=Enduser Administrators"). You can create the end-user administrator user DN using any UID.

Directory Server installation will attempt to restart SNMP services on Windows NT. (357053)

The Messaging Server properly stops all dependent services before stopping the SNMP service, but if the Directory Server is installed on the same machine, it will attempt to restart the SNMP service, which causes the installation to hang.

Solution: Manually stop the SNMP service before installing the Messaging and Directory Servers on a Windows NT system. Alternatively, install the Directory Server on a different system (recommended to avoid resource contention).

Linux Problems and Solutions

You may receive the following error message during installation: "The network port number is invalid." (341627)

This message may appear even though the first port tested is genuinely not in use.

Solution: Re-enter the port number and it will be accepted the second time. If the install still reports the port is in use, then there is something active on the port.

There is a bug in glibc 2.1.1 that can cause SEGV faults of multi-threaded processes on SMP (symmetric multi-processor) systems. (355966)

Solution: Upgrade to glibc 2.1.2.

To determine which version of glibc you are running, type:

# rpm -q glibc

Other Problems and Potential Solutions

smtpd should not be configured to use more than 256 fds. (397590)

On Solaris, if the MTA (smtpd) uses all the file descriptors below 256, the MTAmay experience random failures opening files, particularly if plugins are used. Use caution when adjusting minruncounts for the MTA upward (especially forSMTP-Accept) and monitor the file descriptor usage to ensure it does not exceed256 under load.

Webmail Online Help doesn't explain Preferred Language Setting (351812)

The online help is unclear about what the Preferred Language setting applies to in the "Personal Information" Options screen. The text that has been added to the 5.0 release of help explains that the user interface elements can be presented in another language. The user can select one of the available languages from the drop-down list.

Mail for root or other local users cannot be delivered.

You should create these accounts on the Directory Server using the Netscape Console or the MigrateUnixSpool utility. The messaging server does not consult /etc/passwd for local accounts.

mailbox autocreate fails with multiple messagehostname's (388443)

When service.smtp.messagehostname is set to multiple values, like, ",", new user's mailboxes fail to autocreate. If service.smtp.messagehostname is set to just "", auto-creation works fine. It appears if the first entry in the service.smtp.messagehostname list does not match the user's mailhost name, the auto-create fails.

Solution: Running mboxutil -c user/newuser/INBOX creates the new user's mail box correctly, and login is then successful.

When first value is in MessageHostname,and it works fine. The user's mailhost attribute MUST be set to the first value in the MessageHostname parameter.

On Windows NT, the -F option of the deliver command does not work. (381927)

Solution: A -g option has been added as a synonym to the -F option. Use the -g option instead:

# deliver -a <sender> -g \SEEN <recipient> <test_message_file>

Note: The Windows NT shell does not do backslash quoting and therefore requires only one backslash (/) character.

Some window managers will not place the Netscape Console login window over the logo window. (367239)

Solution: Either use a different window manager, or run startconsole with the -x,nologo parameter. For example:

# <server-root>/startconsole -x,nologo

Authentication may fail if the hostname returned by NIS is not the same as the one returned by DNS.

Solution: Edit /etc/nsswitch.conf to search DNS before searching NIS. Change the following line:

hosts: files nisplus nis dns


hosts: files dns nisplus nis

On Windows NT, If more than one popd process is running, then none of them accept a TCP connection. (379203)

Solution: Change the service.pop.numprocesses, server.imap.numprocesses, and service.http.numprocesses to their default value of one (1).

The Messaging Server and Directory Server cannot be upgraded at the same time. (369067, 369057)

The Directory Server holds the installation information for the Messaging Server. During an upgrade, the Directory Server is stopped and is unavailable to the installer.

Solution: To upgrade both servers, simply upgrade the Directory Server and the Messaging Server separately.

For Windows NT, the version of NativeToAscii shipped with the product does not work with Korean or Simplified Chinese. (366604)

Solution: Set the NS_NLS_DATADIRECTORY variable:

1. Go to <server-root>/shared/bin

2. Open a text editor and create a file called NativeToAscii.bat

3. Type the following in the file:

set NS_NLS_DATADIRECTORY=<server-root>\bin\MSG\admin\bin <server-root>\shared\bin\NativeToAscii.exe %1 %2 %3 %4 %5 %6 %7 %8 %9

Messaging Server sends incorrect timezone information for Singapore. (341272)

Solution: In the /etc/NscpMsg script, set the timezone (TZ) for Messaging Server by adding the following line after the LANG= variable:

# export TZ=GMT-8

Using a back-slash character (\) in an over-quota message can cause problems. (352208)

If you include a backslash character (\) in an over-quota message, Messaging Server cannot parse the message and will not deliver the message to the user.

Solution: When specifying an over-quota message, do not use a backslash character (\) in the message.

Messaging Multiplexor might not handle the "e" attribute in FilterComps in the certmap.conf file. (337269)

Solution: You can correct this problem by changing the line in the certmap.conf file from:

#default:FilterComps e, uid, ...


#default:FilterComps mail, uid, ...

Corrections to the Documentation

Please note the following corrections and updates to the Messaging Server 4.15 and 4.15 patch 1 to patch 3 documentation:

Search by Truncated Domain does not work. (441949)

If a mail is sent to where "serverhost" is the name of the server, this feature is triggered and the host part is skipped and the search is resumed for the address "". It works only if the host part is that of this server.

Search using truncated domain. In some environments, you might want the server to ignore the first component of a domain when searching for an address in LDAP. This allows the server to handle mail sent to recipient@server instead of recipient@domain. For example, assume mail arrives for With the "search using truncated domain" feature enabled, if no LDAP entry for is found, the server will search for Consequently, Joe can receive messages addressed to as well as

Solution: Only rely on the truncation feature for searches on the current current machine. For example, the server will only truncate domain to on the server anothermachine.

Document the limitation of creating files under the Control Directory on IMS. (436949)

If files are created under the control directory there are likely to be problems for the Messaging server to deliver deferred messages to a user's mailbox or other hosts after restarting.

Solution: Do not create files under the Control Directory.

UBE docs in Admin Guide need revision (402057)

The Admin Guide incorrectly documents the following actions for UBE:




RUN has been disabled since NMS 4.02 and the variants of HOLD work differently in 4.x.

RUN should be removed as a valid action and noted that it was removed from 4.x.HOLDCOPY and HOLDONLY should be listed as deprecated. They place messages in a special hold directory, but messages are not handled as they were in 3.x as there is no special 'Held' status for messages (as there was in 3.x) and thus no postmaster action for these. The only tracking provided for messages processed by HOLDCOPY and HOLDONLY is their presence in the special 'Hold' directory and the fact that they are logged in the SMTP log.

Requesting Documentation Addition for smtprewritestyle value 'none'. (396168)

"set smtprewritestyle to 'none'" needs further documentation.

Webmail PAB installation instructions should say to use o=pab. (393032)

The Webmail PAB installation instructions documented in are unclear at the step where you configuring the Personal Address Book Directory Server Base DN [ o=<base DN> ]. The instructions say that you should press Return to accept this default value. The correct value is o=pab, but the default may not be defined as such. Make sure that the correct value is selected.

The instructions contained in this patch have been corrected.

Duplicate 'Searching for Addresses' links in Webmail Help (387536)

Under the 'Working for Addresses' section in Webmail Help, there are two 'Searching for Addresses' links. The first one should be titled,'Creating a New Address Entry' instead.

UBE RUN option documented in 4.1 Administrator's Guide is no longer available. (387439)

The NMS 4.1 Administrator's Guide documents a particular action for Unsolicited Bulk Email (UBE) filters that is not supported in the NMS 4.0x, 4.1, and 4.15 releases. Table 8.1 lists an action, RUN, at, also on p.223 of the guide, that is disabled and not supported.

If you are installing Messaging Server 4.15 from a CD, the installation instructions contain an extra step. (380827)

On the CD, the Messaging Server 4.15 bits are already untar'd; therefore, there is no need to untar them as described in the Installation Guide.

Disabling Language Lookup Capability. (367811, 362966)

The MTA looks up the language to be used when it performs international functionality as explained in the Administration Guide.

A new configurable parameter, local.service.smtp.sitelanguageonly, can be set to yes to disable the MTA language lookup capability so that it sticks to the value defined by gen.sitelanguage. This might be preferable if you want to automatically see generated messages in a particular language.

Messenger Express online help provides incorrect instructions for localizing the Messenger Express UI. (357517)

The instructions read as follows:

    Localization. To localize the user interface, copy mail-en.html to a new file named mail-xx.html, where xx is the two letter abbreviation for a specific language. Translate all the string values associated with the i18n array elements. To localize the online help, modify the help.html file.

Instead, the instructions should be:

    Localization. The <server-root>/MSG<instance>/html directory contains a directory for each language. Contained within each language directory is a copy of the i18n.js file. This file contains all the string values associated with the i18n array elements. Replace the string pair with the relevant language. To localize the online help, modify the help.html file.

How to Report Problems

If you have problems with iPlanet Product_Name, contact iPlanet customer support using one of the following mechanisms:

iPlanet online support web site at

From this location, the CaseTracker and CaseView tools are available for logging problems.

  • The telephone dispatch number associated with your maintenance contract

So that we can best assist you in resolving problems, please have the following information available when you contact support:

  • Description of the problem, including the situation where the problem occurs and its impact on your operation

  • Machine type, operating system version, and product version, including any patches and other software that might be affecting the problem

  • Detailed steps on the methods you have used to reproduce the problem

  • Any error logs or core dumps

For More Information

For Messaging Server 4.15 patch 3 installation instructions, visit

The administrator's guide and related documents are posted at the location

Installation instructions and release notes for all Netscape servers are posted at the location.

If you can't find the information you need, please contact Technical Support.

Useful iPlanet information can be found at the following Internet locations:

  • iPlanet release notes and other documentation ---

  • iPlanet product status ---

  • iPlanet Professional Services information ---

  • iPlanet developer information ---

  • iPlanet learning solutions ---

  • iPlanet product data sheets ---

Legal Notices

Messaging Server 4.15 patch 3

Use of Messaging Server 4.15 patch 3 is subject to the terms detailed in the license agreement accompanying it.

NSPR 3.1.x, NSS 2.6.2, and LDAP SDK 3.1

Messaging Server 4.15 patch 3 incorporates the following software module(s): NSPR 3.1.x, NSS 2.6.2, and LDAP SDK 3.1. The source code for these module(s) as well as any updates produced by Sun Microsystems, Inc. or Netscape Communications Corporation is available from the website under terms of the Mozilla Public License (MPL).

This product's license is different from the MPL. Any license terms for this product which differ from the MPL are offered by Sun Microsystems, Inc. and Netscape Communications Corporation, not by the "Initial Developer" or any "Contributor" (as those terms are defined in the MPL).

Use of iPlanet Product_Name is subject to the terms described in the license agreement accompanying it. [(See link_to_licensing_info.)]

Copyright 2000 Sun Microsystems, Inc. Some preexisting portions Copyright 2000 Netscape Communications Corp. All rights reserved.

[Sun, Sun Microsystems, the Sun logo, Java, iPlanet, and all Sun, Java, and iPlanet based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. Netscape and the Netscape N logo are registered trademarks of Netscape Communications Corporation in the US and other countries. Other Netscape logos, product names, and service names are also trademarks of Netscape Communications Corporation, which may be registered in other countries.

Last Updated October 25, 2000