Sun Java Communications Suite 5 Release Notes

Messaging Server Issues

This section describes known issues in the Messaging Server product.

4534356

LDAP search performance is slightly impacted by ACIs in Directory Server version 5.x.

This issue affects many searches performed by Messaging Server.

Workaround: For faster searches, use directory manager credentials with the following commands to access the directory:

msg-svr-base/sbin/configutil -o local.ugldapbinddn -v "rootdn"

msg-svr-base/sbin/configutil -o local.ugldapbindcred -v "rootdn_passwd"

where rootdn and rootdn_passwd are the credentials of Directory Server’s administrator.

4538366

To take effect, changes made using configutil often require a restart of the affected server or servers.

Workaround: None.

4543930

If you use Microsoft Outlook Express as your IMAP mail client, the read and unread flags might not work properly.

This is a known problem with the Microsoft Outlook Express client.

Workaround: Set the following configuration variable:

configutil -o local.imap.immediateflagupdate -v yes

If, while using the workaround, you experience performance issues, it is recommended that you discontinue using the workaround.

4629001

Access control filters do not work if the short form domain in used in the /etc/hosts file.

If there is a short form version of a domain name in the /etc/hosts file, there will be problems if you use a host name in an access control filter. When the IP address lookup returns a short form version of the domain name, the match will fail. Therefore, you should make sure you use a fully qualified domain name in the /etc/hosts file.

Workaround: None.

4737262

MoveUser utility does not work on a mailbox that contains over 1024 subfolders.

It has been reported that the MoveUser utility stops when attempting to move a user’s account that has a mailbox containing over 1024 subfolders.

Workaround: None.

4823042

Messenger Express Multiplexor (MEM) does not have a configuration option to make use of the OS resolver or NSCD.

Workaround: Configure system as a caching-only DNS server in order to gain the benefit of caching MX and A records.

4883192

GB18030 (Chinese National Standard) is a character set now recognized by the MTA.


Note –

Implementing this support caused a change to compiled character set data. The imsimta chbuild may need to be run after an upgrade.


4910371

The XSTA, XADR commands are enabled by default.

After installation, the SMTP extension commands XSTA and XADR are enabled by default, which may enable remote and local users to retrieve sensitive information.

Workaround: Add the following lines to the <msg-svr-base>/config/tcp_local_option file (create this file if necessary) to disable the XSTA and XADR commands:

DISABLE_ADDRESS=1
DISABLE_CIRCUIT=1
DISABLE_STATUS=1
DISABLE_GENERAL=1
4916996

imsimta start doesn’t start dispatcher and job controller.

The imsimta start, imsimta restart, and imsimta refresh commands work only when the watcher process is running.


Note –

New start-msg and stop-msg commands have replaced imsimta start and imsimta stop, which are deprecated and will be removed in a future release.

For more information about the start-msg and stop-msg commands, refer to the Messaging Server Administration Guide.


Workaround: None.

4967344

Correct certmap.conf file content required for client certificate authentication.

The certmap.conf configuration file specifies how to map a certificate to an entry in the LDAP directory. By default, the certificate subject (with two lines commented out) contains the exact DN of the LDAP directory entry.

However, a very common alternative behavior is to extract a particular attribute from the subject of the certificate and to search the directory for that attribute.

Workaround: To achieve this alternative behavior, change:

certmap default default
#default:DNComps
#default:FilterComps e, uid
		 

to:

certmap default default
default:DNComps
default:FilterComps e
		 
5043607

Cannot log in to Messaging Server from Internet Explorer 6.0 SP1 when using a proxy server.

When using an HTTP proxy in Internet Explorer 6.0 SP1 on a PC as a client, you may experience difficulty in logging into Messaging Server. This problem is likely to be due to a non-standard compliant proxy server and cannot be fixed in Messaging Server.

6194236

The configure program fails with non-standard organization DNs.

The configure program does not construct intermediate RDNs between the organization DN and the User/Group suffix. This problem occurs both with Schema 1 and Schema 2.

Workaround: Create the Organization DN prior to running the configure program (or at least to the DN above the Organization DN).

6200993

NSS errors in the imta logfile when SSL is not configured.

These are not harmful errors. They are caused by the system's inability to find SSL certificates in the SSL configuration.

Workaround: You can disable SSL in the MTA as well as the Message Store:

  1. Edit imta.cnf file and remove the channel keyword maytlsserver from tcp_local and tcp_intranet channels.

  2. Change the following configutil configuration parameters by setting service.imap.sslusessl to 'no' and service.pop.sslusessl to 'no'.

  3. Recompile the MTA configuration with the imsimta cnbuild command.

  4. Restart the services (stop-msg/start-msg). This will disable the support for SSL. Please make sure that, if you need to configure the server in SSL mode after creating certificates, you will need to revert back to the changes you made previously.

6299309, 6290934

Messaging Server fails to start when SNMP is enabled on Solaris 10.

Workaround: Direct snmpwalk to snmpdx instead of snmpd and go directly to port 16161 instead of port 161.

6337631

Approach of store.idx 2 Gigabyte limit should act like a quota.

The message store has a hard limit of 2 gigabytes for the store.idx file. If a folder grows to the point that the store.idx file attempts to exceed 2 gigabytes, errors will appear in the mail.log_current file.

Workaround: If possible, set a quota. Also, it is recommended that policies are set so aging rules are used to ensure folders do not grow very large.

6397522

REVERSE_URL behavior has changed.


Note –

It is not recommended that you change this attribute.


If you want to use an alternate attribute for address reversal and for primary address storage, you should not use REVERSE_URL. Instead, you set the LDAP_PRIMARY_ADDRESS to the attribute you want to use. The problem with this is the semantic overlap between the addresses you want to use for alias lookups and the ones you want to use for alias reversal. You might be able to shuffle attributes around between the LDAP_PRIMARY_ADDRESS, LDAP_EQUIVALENCE_ADDRESSES, and LDAP_ALIAS_ADDRESSES slots. The simplest case would be that you simply want to use meEndRemetente instead of mail for both. In this case all you do is set the LDAP_PRIMARY_ADDRESS MTA option to meEndRemetente and you're done. If, on the other hand, you want to continue to use the mail attribute for alias lookups, you'd have to put it in one of the other slots for that to work. Whether or not that will be allowed depends on whether or not you use mailAlternateAddress and mailEquivalentAddress attributes. Messaging Server 6.2 and earlier allow multiple attributes in each slot, but each directory entry can have at most one attribute that ends up in a given slot. This version of Messaging Server relaxes this restriction for the attributes where it makes sense (like LDAP_ALIAS_ADDRESSES or LDAP_EQUIVALENCE_ADDRESSES but not LDAP_PRIMARY_ADDRESS).

6479461

Enabled SSL Ciphers are adjusted; Weak SSL Ciphers can be disabled by default.

For Messaging Server 6.3 and going forward, the weak SSL cipher suites will be disabled by default. This is an incompatible change, so it's possible some old mail clients which only support export-grade SSL will break.

The following configuration options can be used to turn on all cipher suites including the weak ones (but excluding the NULL ciphers):

  • For MMP: default:SSLAdjustCipherSuites weak+all

  • For IMAP/POP/SMTP/MSHTTPD: configutil -o local.ssladjustciphersuites -v weak+all

    However, be advised to instead only turn on the specific cipher suite needed for inter-operability. For example, the common SSL_RSA_EXPORT_WITH_RC4_40_MD5 cipher suite can be enabled with: +SSL_RSA_EXPORT_WITH_RC4_40_MD5. The 56-bit ciphers are not as weak as the 40-bit ciphers so if it's possible to only enable those, the following cipher suite works: +TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA .

6524704

imapd ENS resubscriber leaks file descriptors.

If ENS is configured, then IDLE must be configured as well. If ENS is configured and IDLE is not configured, the imapd and popd will leak file handles .

Workaround: None

No ID

The following are additional issues related to the Messaging Server product that do not have IDs.

Maximum Mailbox Size

The mailbox index (store.idx) file has a hard limit of two gigabytes. More than this will cause messages to stop being delivered to the user and could cause message store performance problems. See User Mail Not Delivered Due to Mailbox Overflow in Sun Java System Messaging Server 6.3 Administration Guide for details. Note that the sum of the message sizes in the mailbox may exceed the two gigabyte limit.

In option.dat, lines starting with #, !, or ; symbols are treated as comment lines.

In option.dat files, Messaging Server treats lines beginning with pound sign (#), exclamation point (!), or semicolon (;) characters as comment lines— even if the preceding line has a trailing backslash (\), which means the line is being continued. Consequently, you must be careful when working with long options (particularly delivery options) containing these characters.

There is a workaround for delivery options in which a natural layout could lead to continuation lines starting with a # or !.

Workaround: In delivery options, Messaging Server ignores spaces following the commas that separate individual delivery option types.

For example, instead of:

		 DELIVERY_OPTIONS=\
		 #*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
		 #&members=*,\
		 *native=@$X.lmtpnative:$M,\
		 *unix=@$X.lmtpnative:$M,\
		 /hold=$L%$D@hold,\
		 *file=@$X.lmtpnative:+$F,\
		 &@members_offline=*,\
		 program=$M%$P@pipe-daemon,\
		 forward=**,\
		 *^!autoreply=$M+$D@bitbucket
		 

You can workaround the problem by adding spaces as follows:

		 DELIVERY_OPTIONS=\
		           #*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\
				   #&members=*,\
				   #*native=@$X.lmtpnative:$M,\
				   #*unix=@$X.lmtpnative:$M,\
				   #/hold=$L%$D@hold,\
				   #*file=@$X.lmtpnative:+$F,\
				   #&@members_offline=*,\
				   #program=$M%$P@pipe-daemon,\
				   #forward=**,\
				   #*^!autoreply=$M+$D@bitbucket

DOMAIN_UPLEVEL has been modified.

The DOMAIN_UPLEVEL default value has changed from 1 to 0.

The following characters cannot be used in the User ID: $ ~ = # * + % ! @ , { } ( ) / < \> ; : " ” [ ] & ?

This constraint is enforced by MTA. Allowing these characters in the User ID can cause problems in the message store. If you want to change the list of characters forbidden by the MTA, set the following option by listing a comma-separated string of the characters’ ASCII values:

LDAP_UID_INVALID_CHARS=32,33,34,35,36,37,38,40,41,
42,43,44,47,58,59,60,61,62,63,64,91,92,93,96,123,125,126

in the msg-svr-base/config/options.dat file. Note that you are strongly advised against relaxing this constraint.