Previous Contents Index Next |
iPlanet Messaging Server 5.2 Installation Guide for Windows NT |
Chapter 4 Installing the Messaging Multiplexor
This chapter contains the following sections to help you install and configure the Messaging Multiplexor for Windows NT:
Installing and Configuring Multiplexor
Installing and Configuring Multiplexor
The iPlanet Messaging Multiplexor (MMP) is a specialized messaging server that acts as a single point of connection to multiple messaging servers. With the Multiplexor, large-scale messaging-service providers can distribute POP and IMAP user mailboxes across many machines to increase messaging capacity. All users connect to the single Multiplexor server that will direct each connection to the appropriate messaging server.
Note To configure HTTP user mailboxes (like Messenger Express), see the chapter on "Configuring and Administering Multiplexor Support" in the iPlanet Messaging Server Administrator's Guide.
You can install MMP at the same time as you install Messaging Server, or you can install it later using the setup program. Either way, you first need to prepare your system to support the MMP.
More information about the MMP can be found in the following:
Before You Install
Before installing the MMP:
Choose the machine on which you will install the MMP. It is best to use a separate machine for the MMP.
Note It is recommended that the MMP not be installed on a machine that is also running either Messaging Server or Directory Server.
Check that the system meets all the hardware and software requirements for using iPlanet Messaging Server. For more information about installation requirements, System Requirements.
Set up the LDAP Directory Server and its host machine for use with Messaging Server, if they are not already set up. For more information, see Chapter 2, "Installation Instructions."
Multiplexor Files
The Messaging Multiplexor files are stored in the mmp-hostname subdirectory of the server-root. Each MMP instance will have its own mmp-hostname directory that contains the files described in Table 4-1:
Table 4-1    Messaging Multiplexor Configuration Files
File
Description
Configuration file specifying configuration variables used for POP services.
POP services configuration template. If the PopProxyAService.cfg file does not exist, the PopProxyAService-def.cfg template is copied to create a new PopProxyAService.cfg file.
Configuration file specifying configuration variables used for IMAP services.
IMAP services configuration template. If the ImapProxyAService.cfg file does not exist, the ImapProxyAService-def.cfg template is copied to create a new ImapProxyAService.cfg file.
Configuration file specifying which services to start and a few options shared by both POP and IMAP services.
Configuration template specifying which services to start and a few options shared by both POP and IMAP services. If the AService.cfg file does not exist, the AService-def.cfg template is copied to create a new AService.cfg file.
Executable used to start, stop, restart, and reload the MMP. For more information, see Starting the Multiplexor.
Optional configuration file specifying configuration variables used for SMTP proxy services. Required if you enable POP before SMTP; useful for maximizing support for SSL hardware even if POP before SMTP is not enabled. For more information on POP before SMTP, see the iPlanet Messaging Server Administrator's Guide.
Configuration template specifying configuration variables used for SMTP proxy services. If the SmtpProxyAService.cfg file does not exist, the SmtpProxyAService-def.cfg template is copied to create a new SmtpProxyAService.cfg file.
Multiplexor Installation
To install the MMP, you must use the Messaging Server setup.exe program that gives you the option of choosing to install the Messaging Multiplexor. For detailed information about the setup.exe program refer to the Running the Setup Program.
Note The MMP is not installed by default; you must select it as part of the Messaging Server Applications component in the Messaging Server installation.
To install a stand-alone version of the MMP, follow these steps:
Login as Administrator on Windows NT.
Run the setup command from the install binaries, using optional parameters (See Table 2-1) if necessary.
- You must have super user privileges (logged in as Administrator) to run the installation program.
Note If you are going to perform a Silent Installation, you must first run the setup command with the -k option. This creates a file called install.inf which is used for the Silent Installation. For more information, see Silent Installation.
- This is the first screen you will see. Be sure to read this screen, then click Next to continue with the MMP installation.
License Agreement
- As part of the MMP installation process, you will be asked if you agree to the terms listed in the license agreement which is located in the LICENSE.txt file in the installation binaries. After reading the license agreement, click on Yes to continue with the installation.
Select Server or Console Installation
- You are given the option to install the iPlanet Servers (which includes the iPlanet Console and related components) or solely the iPlanet Console, also referred to as Netscape Console. For the MMP installation, you should choose "iPlanet Servers."
Installation Type
- You are given the option to choose the type of installation you want to use. For the MMP, you cannot use the Express Installation Type. You can choose either Typical or Custom Installation. However, if you want to install both the Messaging Server and MMP on the same machine, you must install a Custom Installation so the POP and IMAP servers can be set to non-standard ports.
Typical Installation. This level provides a balance between configuration options that you are asked to specify and those that are supplied automatically. This is the default level.
Custom Installation. This level provides the greatest amount of configuration options and is intended for expert users. After you select the installation level, you enter your installation and configuration information, according to the type of installation you selected.
Installation Location (server-root)
- Specify the desired installation location by clicking Browse. Or, you can click Next to accept the default.
Netscape Server Products Components
MMP Users and Groups Directory URL
- Specify which products in the Messaging Server Suite you want to install. For a detailed description on each product and component, see Installation Components.
- For the MMP installation, click on iPlanet Messaging Server component and then click Change (In a stand-alone MMP installation, make sure iPlanet Messaging Server component is unchecked before clicking Change to select MMP.).
- The Messaging Server component includes Messaging Server, iPlanet Internet Message Transport Agent, and iPlanet Messaging Multiplexor.
- Make sure that iPlanet Messaging Multiplexor is the only sub-component checked (in a stand-alone MMP installation) before clicking Next.
- Note that if you want to use SSL, you also have to install the Administration Server and Console on the same machine as MMP; in this case, select options 1, 3, and 4. You will need to answer additional questions to set up the Administration Server and Console. For more information on these questions, see Chapter 3, "Installation Questions."
MMP LDAP URL User Credentials
- Enter the LDAP URL of the DC tree so that the MMP will be able to access the DC tree in the Users and Groups Directory Server. This is usually in the following format: ldap://user-group_directory_server_hostname>:port/o=internet
- Enter the Bind DN and password of the Directory Manager or any LDAP user with read access to the Users and Groups Directory.
At this point, the installation begins. Various messages are displayed as the installation proceeds.
Configuring the MMP to use SSL
The MMP supports both unencrypted and encrypted (SSL) communications between the Messaging Server(s) and their mail clients. To configure the MMP to use SSL, do the following:
Note It is assumed that the MMP is installed on a machine that does not have a Message Store or MTA.
Install the Administration Console, Administration Server, and MMP on the machine.
Go to your server-root and double-click the iPlanet Console icon:
- Point the MMP to a Directory Server on a different machine that is already configured as a Messaging Server Message Store.
Open up the "Server Group" for the MMP server.
Click the "Configuration" tab and within that tab, click on the "Encryption" tab.
- The MMP server does not appear, but the Administration Server does; double-click on the Administration Server icon.
Click "Certificate Setup Wizard."
Install the certificate as the certificate for "This Server."
- The setup wizard walks you through a certificate request.
Copy the following files: cert7.db, key3.db, secmod.db, and sslpassword.conf from an existing Messaging or Directory Server. These servers must have a server certificate and a key appropriate for the same domain already installed.
Create an sslpassword.conf file in this directory.
Edit the ImapProxyAService.cfg file and uncomment all the SSL settings.
- This file contains:
- Internal (Software) Token:password
- where password is the password you specified in the Certificate Setup Wizard.
If you want SSL and POP, edit the PopProxyAService.cfg file and uncomment all the SSL settings.
Make sure that the BindDN and BindPass options are set in the ImapProxyAService.cfg and PopProxyAService.cfg files.
- Additionally, you must edit the AService.cfg file and add "|995" after the "110" in the ServiceList setting.
A "Trusted Certificate Authority" should be installed on Messaging or Directory Server with an installed server certificate for the same domain.
- It is possible to copy these values from the local.ugldapbinddn and local.ugldapbindcred configutil options on the Messaging Server, but you can also create a new user with search privileges (for plain text support) or search privileges and user password read privileges (for CRAM-MD5/APOP support). You should also set the DefaultDomain option to your default domain (the domain to use for unqualified user names).
- If you just want server-side SSL support, you are finished. Start the MMP through Services in the Control Panel.
- If you want client-side SSL support, do the following:
Use the Store Administrator you created during your Messaging Server installation.
Create a certmap.conf file for the MMP. For example:
- For more information, refer to the iPlanet Messaging Server Administrator's Guide.
Edit your ImapProxyAService.cfg file and:
- certmap default default
default:DNComps
default:FilterComps e=mail
- This means to search for a match with the "e" field in the certificate DN by looking at the "mail" attribute in the LDAP server.
Set CertMapFile to certmap.conf
If you want client certificates with POP3, repeat Step 15 for the PopProxyAService.cfg file.Set StoreAdmin and StorePass to values from Step 13.
Set CertmapDN to the root of your Users and Groups tree.
If the MMP is not already running, start it through Services in the Control Panel.
Import the client certificate into your client. In Netscape, click on the padlock (Security) icon, then select "Yours" under "Certificates," then select "Import a Certificate..." and follow the instructions.
Note All your users will have to perform this step if you want to use client certificates everywhere.
Creating Additional Instances
Use the Messaging Server setup program to create new instances of the MMP after an initial installation. You will run through the same installation procedure as when you created your first instance; you will be asked all the same questions. The setup program automatically creates a new instance in the server-root; for example, if you are installing on a machine called tarpit, the first instance you created would be called mmp-tarpit, and the second instance would be mmp-tarpit-1.
Modifying an Existing Instance
To modify an existing instance of the MMP, edit the ImapProxyAService.cfg or PopProxyAService.cfg configuration files as necessary. These configuration files are located in the mmp-hostname subdirectory.
Starting the Multiplexor
To start an instance of the MMP, go to Services in the Windows NT Control Panel and click on "Start." You can also click on "Stop" to stop the MMP. The service options are described below in Table 4-2.
Sample Messaging Topology
The fictional Siroe Corporation has two Multiplexors on separate machines, each supporting several Messaging Servers. POP and IMAP user mailboxes are split across the Messaging Server machines, with each server dedicated exclusively to POP or exclusively to IMAP. (You can restrict client access to POP services alone by removing the IMAP-server binary; likewise, you can restrict client access to IMAP services alone by removing the POP-server binary.) Each Multiplexor also supports only POP or only IMAP. The LDAP directory service is on a separate, dedicated machine.This topology is illustrated below in Figure 4-1.
Figure 4-1    Multiple MMPs Supporting Multiple Messaging Servers
IMAP Configuration Example
The IMAP Multiplexor in Figure 4-1 is installed on sandpit, a machine with two processors. This Multiplexor is listening to the standard port for IMAP connections (143). Multiplexor communicates with the LDAP server on the host phonebook for user mailbox information, and it routes the connection to the appropriate IMAP server. It overrides the IMAP capability string, provides a virtual domain file, and supports SSL communications.This is its ImapProxyAService.cfg configuration file:
POP Configuration Example
The POP Multiplexor example in Figure 4-1 is installed on tarpit, a machine with four processors. This Multiplexor is listening to the standard port for POP connections (110). Multiplexor communicates with the LDAP server on the host phonebook for user mailbox information, and it routes the connection to the appropriate POP server. It also provides a spoof message file.This is its PopProxyAService.cfg configuration file:
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated February 26, 2002