Performing Post-Installation Procedures

This chapter describes post-installation procedures you need to perform prior to starting Messaging Server. The following topics are described:

Post-Installation File Directory Layout

After you install Sun ONE Messaging Server, its directories and files are arranged in the organization depicted in Table 5-1. The table is not exhaustive; it shows only those directories and files of most interest for typical server administration tasks.

Table 5-1 Post-Installation Directories and Files
Directory	Default Location and Description
Messaging Server Base (msg_svr_base)	/opt/SUNWmsgsr/ (default location) The directory on the Messaging Server machine dedicated to holding the server program, configuration, maintenance, and information files. Note that only one Messaging Server Base directory per machine is permitted.
Configuration config	msg_svr_base/config/ (required location) Contains all of the Messaging Server configuration files such as the imta.cnf and the msg.conf files. On UNIX platforms only: This directory is symbolically linked to the config sub-directory of the data and configuration directory (default: /var/opt/SUNWmsgsr/) that you specified in the initial runtime configuration.
Log log	msg_svr_base/log/ Contains the Messaging Server log files like the mail.log_current file. On UNIX platforms only: This directory is symbolically linked to the log sub-directory of the data and configuration directory (default: /var/opt/SUNWmsgsr/) that you specified in the initial runtime configuration.
Data data	msg_svr_base/data/ (required location) Contains databases, configuration, log files, site-programs, queues, store and message files. The data directory includes the config and log directories. On UNIX platforms only: This directory is symbolically linked to the data and configuration directory (default: /var/opt/SUNWmsgsr/) that you specified in the initial runtime configuration.
System Administrator Programs sbin	msg_svr_base/sbin/ (required location) Contains the Messaging Server system administrator executable programs and scripts such as imsimta, configutil, stop-msg, start-msg, and uninstaller.
Library lib	msg_svr_base/lib/ (required location) Contains shared libraries, private executable programs and scripts, daemons, and non-customizable content data files. For example: imapd and qm_maint.hlp.
SDK Include Files include	msg_svr_base/include/ (required location) Contains Messaging header files for SDKs.
Examples examples	msg_svr_base/examples/ (required location) Contains the examples for various SDKs, such as Messenger Express AUTH SDK.
Installation Data install	msg_svr_base/install/ (required location) Contains installation-related data files such as installation log files, silent installation files, factory default configuration files, and the initial runtime configuration log files.

Modifying Your Configuration

After the Messaging Server installation and initial runtime configuration, you may choose to make some additional modifications to your configuration. For detailed information, see the Sun ONE Messaging Server Administrator’s Guide.

Passwords

Refer to Table 5-2, which shows the parameters where default passwords are set up during initial runtime configuration and the utilities you can use to change them. For those parameters that use the configutil utility to change passwords, see the Sun ONE Messaging Server Reference Manual for complete syntax and usage.

Table 5-2 Passwords Set in Messaging Server Initial Runtime Configuration
Parameter	Description
local.ugldapbindcred	Password for the user/group administrator set through the configutil utility.
local.service.pab.ldappasswd	Password for user specified by Bind DN for PAB searches set through the configutil utility.
SSL passwords for keyfiles	Passwords that are directly set in the sslpassword.conf file.
Service Administrator Credentials	These are credentials that are directly set in your LDAP Directory (with the ldapmodify command).
Service Administrator for Sun ONE Delegated Administrator	You will only need to change the password of this administrator if you have enabled Sun ONE LDAP Schema, v.1 and you are using the Sun ONE Delegated Administrator utility. To change the password of the Delegated Administrator Service Administrator, you can do so in the Sun ONE Console, your LDAP Directory (with the ldapmodify command), or the Delegated Administrator UI.
Store Administrator	To change the password of the Store Administrator, you can do so in either the Sun ONE Console or in your LDAP Directory (with the ldapmodify command).

The following example uses the local.enduseradmincred configutil parameter to change the password of the end user administrator.

Port Numbers

In the installation and initial runtime configuration programs, port numbers will be chosen for various services. These port numbers can be any number from 1 to 65535.

Table 5-3 Port Numbers Designated During Installation
Port Number	Service
389	Standard Directory Server LDAP Port on the machine where you install Directory Server. (This port is specified in the Directory Server installation program)
110	Standard POP3 Port (This port may conflict with the MMP port if installed on the same machine)
143	Standard IMAP4 Port (This port may conflict with the MMP port if installed on the same machine)
25	Standard SMTP Port
80	Messenger Express HTTP Port (This port may conflict with the Web Server port if installed on the same machine.)
992	POP3 over SSL port (For encrypted communications)
993	IMAP over SSL Port (For encrypted communications) (This port may conflict with the MMP port if installed on the same machine)
443	HTTP over SSL Port (For encrypted communications)
7997	Messaging and Collaboration ENS (Event Notification Service) Port
27442	Port that is used Job Controller for internal product communication.
49994	Port that is used by the Watcher for internal product communication. See the Sun ONE Messaging Server 6.0 Administrator’s Guide for more information on the Watcher.
user-specified	Administration Server HTTP Port (For listening to Sun ONE Console requests)

If certain products are installed on the same machine, you will encounter port number conflicts. Table 5-4 shows potential port number conflicts:

Table 5-4 Potential Port Number Conflicts
Conflicting Port Number	Port	Port
143	IMAP Server	MMP IMAP Proxy
110	POP3 Server	MMP POP3 Proxy
993	IMAP over SSL	MMP IMAP Proxy with SSL
80	Identity Server (Web Server port)	Messenger Express

If possible, it is recommended that you install products with conflicting port numbers on separate machines. If you are unable to do so, then you will need to change the port number of one of conflicting products.

To change port numbers, use the configutil utility. See the Sun ONE Messaging Server Reference Manual for complete syntax and usage.

The following example uses the service.http.port configutil parameter to change the Messenger Express HTTP port number to 8080.

Managing Messaging Server with Sun ONE Console

When the messaging server installation process and initial runtime configuration program completes, you can start your Messaging server through the Sun ONE Console. If your directory and messaging server reside on a single machine, you can use the Console interface to manage both servers.

For more information on running Messaging Server through the Console, see the Sun ONE Messaging Server Administrator’s Guide and the Sun ONE Messaging Server Administrator’s Online Help which can be invoked through the Console.

SMTP Blocking

By default, Messaging Server is configured to block attempted SMTP relays; that is, it rejects attempted message submissions to external addresses from unauthenticated external sources (external systems are any other system than the host on which the server itself resides). This default configuration is quite aggressive in blocking SMTP relaying in that it considers all other systems to be external systems.

After installation, it is important to manually modify your configuration to match the needs of your site. Specifically, your messaging server should recognize its own internal systems and subnets from which SMTP relaying should always be accepted. If you do not update this configuration, you might encounter problems when testing your MTA configuration.

IMAP and POP clients that attempt to submit messages via the Messaging Server system’s SMTP server destined for external addresses, and who do not authenticate using SMTP AUTH (SASL), will find their submission attempts rejected. Which systems and subnets are recognized as internal is typically controlled by the INTERNAL_IP mapping table, which may be found in the file msg_svr_base/config/mappings.

For instance, on a Messaging Server system whose IP address is 192.45.67.89, the default INTERNAL_IP mapping table would appear as follows:

The initial entry, using the $(IP-pattern/significant-prefix-bits) syntax, is specifying that any IP address that matches the first 24 bits of 192.45.67.89 should match and be considered internal. The second entry recognizes the loopback IP address 127.0.0.1 as internal. The final entry specifies that all other IP addresses should not be considered internal.

You may add additional entries by specifying additional IP addresses or subnets before the final $N entry. These entries must specify an IP address or subnet (using the $(.../...) syntax to specify a subnet) on the left side and $Y on the right side. Or you may modify the existing $(.../...) entry to accept a more general subnet.

For instance, if this same sample site has a class-C network, that is, it owns all of the 192.45.67.0 subnet, then the site would want to modify the initial entry so that the mapping table appears as follows:

Or if the site owns only those IP addresses in the range 192.45.67.80-192.45.67.99, then the site would want to use:

Note that the msg_svr_base/sbin/imsimta test -match utility can be useful for checking whether an IP address matches a particular $(.../...) test condition. The imsimta test -mapping utility can be more generally useful in checking that your INTERNAL_IP mapping table returns the desired results for various IP address inputs.

After modifying your INTERNAL_IP mapping table, be sure to issue the msg_svr_base/sbin/imsimta cnbuild and the msg_svr_base/sbin/imsimta restart utilities so that the changes take effect.

Further information on the mapping file and general mapping table format, as well as information on imsimta command line utilities, can be found in the Sun ONE Messaging Server Reference Manual. In addition, information on the INTERNAL_IP mapping table can be found in the Sun ONE Messaging Server Administrator’s Guide.

Enabling Start-up Across Reboots

You can enable Messaging Server start-up across system reboots by using the bootup script: msg_svr_base/lib/SunONE_MsgSvr. In addition, this script can start up your MMP, if enabled.

Copy the SunONE_MsgSvr script into the /etc/init.d directory.

Change the following ownerships and access modes of the SunONE_MsgSvr script:

Table 5-5 Ownership and Access Mode Changes to SunONE_MsgSvr
Ownership (chown(1M))	Group Ownership (chgrp(1M))	Access Mode (chmod(1M))
root (superuser)	sys	744

Go to the /etc/init.d/rc2.d and create the following symbolic link:

ln /etc/init.d/SunONE_MsgSvr S92SunONE_MsgSvr

Go to the /etc/init.d/rc0.d directory and create the following symbolic link:

ln /etc/init.d/SunONE_MsgSvr K08SunONE_MsgSvr

Handling sendmail Clients

If end users send messages through sendmail clients, you can configure Messaging Server to work with those clients over protocol. Users can continue to use the UNIX sendmail client.

To create compatibility between sendmail clients and Messaging Server, you can create and modify a sendmail configuration file.

Solaris 8


Note	Each time a new sendmail patch is applied to your system, you will need to modify the submit.cf file as described in the following instructions for Solaris 8 and Solaris 9.

Find the file main-v7sun.mc file in directory /usr/lib/mail/cf and create a copy of this file.

In the example in this section, a copy called sunone-msg.mc is created.

In the sunone-msg.mc file, add the following lines before the MAILER macros:

FEATURE(‘nullclient’, ‘smtp:rhino.west.sesta.com’)dnl

MASQUERADE_AS(‘west.sesta.com’)dnl

define(‘confDOMAIN_NAME’, ‘west.sesta.com’)dnl

Note that rhino.west.sesta.com is the localhost name and west.sesta.com is the default email domain as described in Step 11 Default Email Domain in Create the Initial Messaging Server Runtime Configuration. In an HA environment, use the logical host name. See Chapter 3, "Configuring High Availability Solutions" for more information about logical host names for High Availability.

Compile the sunone-msg.mc file:

/usr/ccs/bin/make sunone-msg.cf

The sunone-msg.mc will output sunone-msg.cf.

Make a backup copy of the existing sendmail.cf file located in the /etc/mail directory.

Copy and rename /usr/lib/mail/cf/sunone-msg.cf to sendmail.cf file.

Move the new sendmail.cf file to /etc/mail directory.

Solaris 9

On Solaris 9 platforms, sendmail is no longer a setuid program. Instead, it is a a setgid program.

Find the file submit.mc file in directory /usr/lib/mail/cf and create a copy of this file.

In the example in this section, a copy called sunone-submit.mc is created.

Change the following line in the file sunone-submit.mc:

FEATURE(‘msp’)dn

FEATURE(‘msp’, ‘rhino.west.sesta.com’)dnl

where rhino.west.sesta.com is the localhost name.

Compile the sunone-submit.mc file:

/usr/ccs/bin/make sunone-submit.cf

The sunone-submit.mc will output sunone-submit.cf.

Make a backup copy of the existing submit.cf file in /etc/mail directory.

Copy and rename /usr/lib/mail/cf/sunone-submit.cf file to submit.cf file.

Move the new submit.cf file to the /etc/mail directory.

Configuring Messenger Express Mail Filters

When you installed Messaging Server (using the directions in Chapter 2, "Installing Messaging Server"), the mail filter package (SUNWmsgmf) was one of many Messaging Server packages that you installed.

Verify that the MailFilter.war file, which implements management of sieve filters, is in the msg_svr_base/SUNWmsgmf directory.

Be sure that Sun ONE Web Server 6.1 is already installed and configured through the Java Enterprise System installer.



Note	Web Server needs to be installed on the same system where Messenger Express is configured.

Set the environment variable IWS_SERVER_HOME to the Web Server installation root directory. For example:

setenv IWS_SERVER_HOME webserver_install_root

Issue the following Web Server command:

web_svr_base/bin/https/httpadmin/bin/wdeploy deploy -u /MailFilter -i \
https-vs_id -v https-vs_id msg_svr_base/SUNWmsgmf/MailFilter.war

where web_svr_base is the web server root directory, vs_id is the virtual server ID of the web server, and msg_svr_base is the messaging root directory.

Refer to the Web Server documentation for detailed information on the wdeploy command.

When you have completed installing the mail filters, a MailFilter directory will be placed in the Web Server’s docs directory.

Use the configutil utility to set the following option:

local.webmail.sieve.port = port

where port is the Web Server port number.

Stop and restart the HTTP daemon:

# msg_svr_base/sbin/stop-msg http

# msg_svr_base/sbin/start-msg http

Refer to the Sun ONE Messenger Express Customization Guide for mail filter usage information.

If you want to delete the *.war file in order to install a new version of it, use the following command:

web_svr_base/bin/https/httpadmin/bin/wdeploy delete -u /MailFilter -i https-vs_id -v https-vs_id -n hard

where web_svr_base is the web server root directory and vs_id is the virtual server ID of the web server.



Note	With the -n option, you have the choice of specifying a hard or soft value. If you use the hard value, it denotes a hard delete and the mail filter is physically removed. The hard value should only be used when the new *.war file is available.