Sun Java System Communications Services 2005Q4 Release Notes

Messaging Server

This section describes known issues in the Messaging Server product.

In option.dat, lines starting with #, !, or ; symbols are treated as comment lines. (no bugid)

In option.dat files, Messaging Server treats lines beginning with pound sign (#), exclamation point (!), or semicolon (;) characters as comment lines— even if the preceding line has a trailing backslash (\), which means the line is being continued. Consequently, you must be careful when working with long options (particularly delivery options) containing these characters.

There is a workaround for delivery options in which a natural layout could lead to continuation lines starting with a # or !.


In delivery options, Messaging Server ignores spaces following the commas that separate individual delivery option types.

For example, instead of:


You can workaround the problem by adding spaces as follows:


DOMAIN_UPLEVEL has been modified. (no bugid)

The DOMAIN_UPLEVEL default value has changed from 1 to 0.

The following characters cannot be used in the User ID: $ ~ = # * + % ! @ , { } ( ) / < \> ; : " ” [ ] & ? (no bugid)

This constraint is enforced by MTA when operating in direct LDAP mode. Allowing these characters in the User ID can cause problems in the message store. If you want to change the list of characters forbidden by the MTA, set the following option by listing a comma-separated string of the characters’ ASCII values:


in the msg_svr_base/config/options.dat file. Note that you are strongly advised against relaxing this constraint.

Messaging Server fails to start when SNMP is enabled on Solaris 10. (6299309/6290934)


Direct snmpwalk to snmpdx instead of snmpd and go directly to port 16161 instead of port 161.

The imsimta refresh command generates confusing error messages. (6263066)

When the watcher process is enabled, imsimta refresh command generates confusing messages.


Run imsimta cnbuild to compile the configuration. Then, run start-msg. The imsimta refresh command will be deprecated in a future release.

The destinationspamfilter<>X optin channel keyword doesn’t work. (6214039)

This keyword will be fixed in the upcoming Messaging Server patch release.

NSS errors in the imta logfile when SSL is not configured (6200993)

These are not harmful errors. They are caused by the system's inability to find SSL certificates in the SSL configuration.


You can disable SSL in the MTA as well as the Message Store:

  1. Edit imta.cnf file and remove the channel keyword maytlsserver from tcp_local and tcp_intranet channels.

  2. Change the following configutil configuration parameters by setting service.imap.sslusessl to 'no' and service.pop.sslusessl to 'no'.

  3. Recompile the MTA configuration with the imsimta cnbuild command.

  4. Restart the services (stop-msg/start-msg). This will disable the support for SSL. Please make sure that, once you need to configure the server in SSL mode after having certificates, you need to revert back the changes you have made for it.

The configure program fails with non-standard organization DNs. (6194236)

The configure program does not construct intermediate RDNs between the organization DN and the User/Group suffix. This problem occurs both with Schema 1 and Schema 2.


Create the Organization DN prior to running the configure program (or at least to the DN above the Organization DN).

Cannot log in to Messaging Server from Internet Explorer 6.0 SP1 when using a proxy server. (5043607)

When using an HTTP proxy in Internet Explorer 6.0 SP1 on a PC as a client, you may experience difficulty in logging into Messaging Server. This problem is likely to be due to a non-standard compliant proxy server and cannot be fixed in Messaging Server.

Correct certmap.conf file content required for client certificate authentication. (4967344)

The certmap.conf configuration file specifies how to map a certificate to an entry in the LDAP directory. By default, the certificate subject (with two lines commented out) contains the exact DN of the LDAP directory entry.

However, a very common alternative behavior is to extract a particular attribute from the subject of the certificate and to search the directory for that attribute.


To achieve this alternative behavior, change:

         certmap default         default
		 #default:FilterComps    e, uid


		 certmap default         default
		 default:FilterComps     e

For a complete description of certmap.conf, please refer to the Sun Java System Server Console 5.2 Server Management Guide.

Will not see channel is stopped if jobc was recently started. (4965338)

In Messaging Server 5.2, if you issued a #imsimta qm summarize command you could view the channels that had been stopped with the imsimta qm stop <chan> command.

This behavior changed in 6.0. If you have not used a channel yet, you will not get the 0 lines and you will not see the stopped channels.

Manage Certificate wizard not creating Secure Sockets Layer (SSL) certificates under Messaging Server/Configuration. (4939810)

When you use the Manage Certificate option (Administration Server->Messaging Server->Configuration->Manage Certificate) to create an SSL certificate request, the Manage Certificate wizard should create a certificate and key database in the Messaging_Server_Base/config area and not in the Admin_Server_Root/alias area. In addition, the file prefixes should change from the msg-config value (msg-config-cert7.db and msg-config-key3.db) to NULL (cert7.db and key3.db).


  1. Copy the msg-config-cert7.db and msg-config-key3.db files from Admin_Server_Base/alias area to Messaging_Server_Base/config area as cert7.db and key3.db with proper permissions and ownerships.

  2. Create soft links for the files under Messaging_Server_Base/config area with the proper permissions and ownerships used in the Admin_Server_Base/alias area.

imsimta start doesn’t start disp and job controller. (4916996)

The imsimta start, imsimta restart, and imsimta refresh commands work only when the watcher process is running.

Note –

New start-msg and stop-msg commands have replaced imsimta start and imsimta stop, which are deprecated and will be removed in a future release.

For more information about the start-msg and stop-msg commands, refer to the Messaging Server Administration Guide.

The XSTA, XADR commands are enabled by default. (4910371)

After installation, the SMTP extension commands XSTA and XADR are enabled by default, which may enable remote and local users to retrieve sensitive information.


Add the following lines to the imta/config/tcp_local_options file (create this file if necessary) to disable the XSTA and XADR commands:


Searching for a home phone number does not work in the Personal Address Book. (4877800)

A Personal Address Book search based on “Phone #” searches for the work phone number attribute only. You cannot use “Phone #” to search for home or mobile phone numbers.

If indirect dependencies already exist between Sun Cluster resources, scds_hasp_check() may prevent HAStoragePlus from being supported with those existing configurations. (4827911)

This behavior is observed in Sun Cluster 3.0 Update 3.


Create a weak dependency for the existing resources on the HAStoragePlus resource.

Messenger Express Multiplexor (MEM) does no have a configuration option to make use of the OS resolver or NSCD (4823042)


Configure system as a caching-only DNS server in order to gain the benefit of caching MX and A records.

MoveUser utility does not work on a mailbox that contains over 1024 subfolders. (4737262)

It has been reported that the MoveUser utility stops when attempting to move a user’s account that has a mailbox containing over 1024 subfolders.

Access control filters do not work if the short form domain in used in the /etc/hosts file. (4629001)

If there is a short form version of a domain name in the /etc/hosts file, there will be problems if you use a host name in an access control filter. When the IP address lookup returns a short form version of the domain name, the match will fail. Therefore, you should make sure you use a fully qualified domain name in the /etc/hosts file.

Connections aborted with TCP_IOC_ABORT_CONN in syslog. (4616287)

If a failover occurs for an HA configuration running Sun Cluster 3.1 on the Solaris 8 U7 or Solaris 9 Operating System and active TCP connections are aborted with the TCP_IOC_ABORT_CONN ioctl, messages such as the following are logged on the console and to system logs.

	Jul 24 16:41:15 shemp ip: TCP_IOC_ABORT_CONN: local =, 
	remote =, start = -2, end = 6
	Jul 24 16:41:15 shemp ip: TCP_IOC_ABORT_CONN: aborted 0 connection

These messages are informational only and should not show up in non-debug mode.

If you use Microsoft Outlook Express as your IMAP mail client, the read and unread flags might not work properly. This is a known problem with the Microsoft Outlook Express client. (4543930)

To enable the workaround, set the following configuration variable:

configutil -o local.imap.immediateflagupdate -v yes

If, while using the workaround, you experience performance issues, it is recommended that you discontinue using the workaround.

To take effect, changes made using configutil often require a restart of the affected server or servers. (4538366)

Administration Server access control host names are case-sensitive. (4541448)

When you configure “Host Names to allow” for the Administration Server, the access control list is case-sensitive. If the DNS server uses mixed-case host names in the IN-ADDR records (used when translating from an IP address to a domain name), the access control list must use the same case. For example, if your host is test.Sesta.Com, then the access control list must include *.Sesta.Com. Due to this problem, * will not suffice.

For example, if the user/group base suffix is o=isp, then the DN of the service administrator group is cn=Service Administrators,ou=groups,o=isp. To designate the account uid=ofanning,, o=isp as a service administrator, you should add the account’s DN to the group. In the following modify record, the designated user is added as a group member in the LDIF:

dn: cn=Service Administrators,ou=groups,o=isp
changetype: modify
add: uniquemember
uniquemember: uid=ofanning,, o=isp

Furthermore, for users to have service administrator privileges, the attribute memberof must be added to the user entry and set to the Service Administrator Group, for example:

dn: uid=ofanning,, o=isp
changetype: modify
add: memberof
memberof: cn=Service Administrators, ou=groups, o=isp

The MMP BadGuy configuration parameter, BGExcluded, does not work. (4538273)


Deploy separate MMP servers to handle the clients that are excluded from bad guy rules. These servers must have BadGuy turned off.

LDAP search performance is slightly impacted by ACIs in Directory Server version 5.x. (4534356)

This issue affects many searches performed by Messaging Server. For faster searches, use directory manager credentials with the following commands to access the directory:

msg_svr_base/sbin/configutil -o local.ugldapbinddn -v "rootdn" -l

msg_svr_base/sbin/configutil -o local.ugldapbindcred -v "rootdn_passwd" -l

where rootdn and rootdn_passwd are the credentials of Directory Server’s administrator.

If you enable Sun Cluster 3.0 Update 3, you may encounter a harmless error message. (4490877)

The following harmless error message appears in the Sun Cluster console and also in /var/adm/messages, when starting High Availability (HA) services or when switching HA services from one node to another:

Cluster.PMF.pmfd: Error opening procfs control file </proc/20700/ctl> for tag <falcon,habanero_msg,4.svc>: No such file or directory