Glossary

A record. A type of DNS record containing a host name and its associated IP address. A records are used by messaging servers on the Internet to route email. See also Domain Name System (DNS), MX record.

access control. A method for controlling access to a server or to folders and files on a server.

access control information. (ACI) A single item of information from an access control list.

access control list. (ACL) A set of data associated with a directory that defines the permissions that users and/or groups have for accessing it.

access control rules. Rules specifying user permissions for a given set of directory entries or attributes.

access domain. Limits access to certain Messaging Server operations from within a specified domain. For example, an access domain can be used to limit where mail for an account can be collected.

account. Information that defines a specific user or user group. This information includes the user or group name, valid email address or addresses, and how and where email is delivered.

address. Information in an email message that determines where and how the message must be sent. Addresses are found both in message headers and in message envelopes. Envelope addresses determine how the message gets routed and delivered; header addresses are present merely for display purposes.

address handling. The actions performed by the MTA to detect errors in addressing, to rewrite addresses if necessary, and to match addresses to recipients.

addressing protocol. The addressing rules that make email possible. RFC 822 is the most widely used protocol on the Internet and the protocol supported by iPlanet Messaging Server. Other protocols include X.400 and UUCP (UNIX to UNIX Copy Protocol).

address token. The address element of a rewrite rule pattern.

administration console . See Console.

administration domain. A region of administraive control. See also domain.

administration privileges. A set of privileges that define a users administrative role.

administration server administrator. User who has administrative privileges to start or stop a server even when there is no Directory Server connection. The administration server administrator has restricted server tasks (typically only Restart Server and Stop Server) for all servers in a local server group. When an administration server is installed, this administrator's entry is automatically created locally (this administrator is not a user in the user directory).

administrator. A user with a defined set of administrative privileges. See also configuration administrator, Directory Manager, administration server administrator, server administrator, message store administrator, top-level administrator, domain administrator, organization administrator, family group administrator, mail list owner.

alias. An alternate name of an email address.

alias file. A file used to set aliases not set in a directory, such as the postmaster alias.

Allow filter. A Messaging Server access-control rule that identifies clients that are to be allowed access to one or more of the following services: POP, IMAP, or HTTP. See also Deny filter.

allowed attributes. The attributes that optionally can be present in entries using a particular object class, but are not required to be present. See also attributes, required attributes.

alternate address. A secondary address for an account, generally a variation on the primary address. In some cases it is convenient to have more than one address for a single account.

APOP. Authenticated Post Office Protocol. Similar to the Post Office Protocol (POP), but instead of using a plaintext password for authentication, it uses an encoding of the password together with a challenge string.

attributes. LDAP data is represented as attribute-value pairs. Any specific piece of information is associated with a descriptive attribute. See also allowed attributes, required attributes.

AUTH. An SMTP command enabling an SMTP client to specify an authentication method to the server, perform an authentication protocol exchange, and, if necessary, negotiate a security layer for subsequent protocol interactions.

authentication. (1) The process of proving the identity of a client user to iPlanet Messaging Server. (2) The process of proving the identity of iPlanet Messaging Server to a client or another server.

authentication certificate. A digital file sent from server to client or client to server to verify and authenticate the other party. The certificate ensures the authenticity of its holder (the client or server). Certificates are not transferable.

autoreply option file. A file used for setting options for autoreply, such as vacation notices.

AutoReply utility. A utility that automatically responds to messages sent to accounts with the AutoReply feature activated. Every account in iPlanet Messaging Server can be configured to automatically reply to incoming messages.

backbone. The primary connectivity mechanism of a distributed system. All systems that have connectivity to an intermediate system on the backbone are connected to each other. This does not prevent you from setting up systems to bypass the backbone for reasons of cost, performance, or security.

backend server. An email server whose only function is to store and retrieve email messages. Also called a message store server.

backup. The process of backing up the contents of folders from the message store to a backup device. See also restore.

banner. A text string displayed by a service such as IMAP when a client first connects to it.

base DN. A distinguished name entry in the directory from which searches will occur. Also known as a search base. For example, ou=people, o=siroe.com.

Berkeley DB. A transactional database store intended for high-concurrency read-write workloads, and for applications that require transactions and recoverability. iPlanet Messaging Server uses Berkeley databases for numerous purposes.

bind DN. A distinguished name used to authenticate to the Directory Server when performing an operation.

body . One part of an email message. Although headers and envelopes must follow a standard format, the body of the message has a content determined by the sender—the body can contain text, graphics, or even multimedia. Structured bodies follow the MIME standard.

class path. A path to directories and .jar files needed to run the servlet engine and servlet templates.

capability. A string, provided to clients, that defines the functionality available in a given IMAP service.

CA. Certificate Authority. An organization that issues digital certificates (digital identification) and makes its public key widely available to its intended audience.

Certificate Authority. See CA.

certificate-based authentication. Identification of a user from a digital certificate submitted by the client. See also password authentication.

certificate database. A file that contains a server's digital certificate(s). Also called a certificate file.

certificate name. The name that identifies a certificate and its owner.

channel. The fundamental MTA component that processes a message. A channel represents a connection with another computer system or group of systems. Each channel consists of one or more channel programs and an outgoing message queue for storing messages that are destined to be sent to one or more of the systems associated with the channel. See also channel block, channel host table, channel program.

channel block. A single channel definition. See also channel host table.

channel host table. The collective set of channel definitions.

channel program. Part of a channel that performs the following functions: (1) transmits messages to remote systems and deletes messages from the queue after they are sent and (2) accepts messages from remote systems placing them in the appropriate channel queues. See also master channel program, slave channel program.

cipher. An algorithm used in encryption.

ciphertext. Text that has been encrypted. Opposite of cleartext.

client. A software entity that requests services or information from a server.

CNAME record. A type of DNS record that maps a domain name alias to a domain name.

cleartext. Unencrypted text.

CLI. See command line interface.

client-server model. A computing model in which networked computers provide specific services to other client computers. Examples include the name-server/name-resolver paradigm of the DNS and file-server/file-client relationships such as NFS and diskless hosts.

cn. LDAP alias for common name.

command line interface. Command that can be executed from the command-line. Also called utility.

comment character. A character that, when placed at the beginning of a line, turns the line into a nonexecutable comment.

configuration administrator. Person who has administrative privileges to manage servers and configuration directory data in the entire iPlanet topology. The configuration administrator has unrestricted access to all resources in the iPlanet topology. This is the only administrator who can assign server access to other administrators. The configuration administrator initially manages administrative configuration until the administrators group and its members are in place.

Configuration Directory Server . A Directory Server that maintains configuration information for a server or set of servers.

configuration file. A file that contains the configuration parameters for a specific component of the iPlanet Messaging system.

congestion thresholds. A disk space limit that can be set by the system administrator that prevents the database from becoming overloaded by restricting new operations when system resources are insufficient.

Console. A GUI (graphical user interface) that enables you to configure, monitor, maintain, and troubleshoot many iPlanet components.

cookie. Text-only strings entered into the browser's memory automatically when you visit specific web sites. Cookies are programmed by the web page author. Users can either accept or deny cookies. Accepting the cookies allows the web page to load more quickly and is not a threat to the security of your machine.

CRAM-MD5. A lightweight standards track authentication mechanism documented in RFC 2195. It provides a fast (albeit somewhat weaker) alternative to TLS (SSL) when only the user's login password needs to be protected from network eavesdroppers.

cronjob. UNIX only. A task that is executed automatically by the cron daemon at a configured time. See also crontab file.

crontab file. UNIX only. A list of commands, one per line, that executes automatically at a given time.

daemon. A UNIX program that runs in the background, independent of a terminal, and performs a function whenever necessary. Common examples of daemon programs are mail handlers, license servers, and print daemons. On Windows NT machines, this type of program is called a service. See also service.

data store. A store that contains directory information, typically for an entire directory information tree.

DC Tree. Domain Component tree. A directory information tree that mirrors the DNS network syntax. An example of a distinguished name in a DC Tree would be cn=billbob,dc=bridge,dc=net,o=internet.

defragmentation. The Multipurpose Internet Mail Extensions (MIME) feature that enables a large message that has been broken down into smaller messages or fragments to be reassembled. A Message Partial Content-Type header field that appears in each of the fragments contains information that helps reassemble the fragments into one message. See also fragmentation.

Delegated Administrator Console. A web browser-based software console that allows domain administrators to add and modify users and groups to a hosted domain. Also allows end users to change their password, set message forwarding rules, set vacation rules, and list mail list subscriptions.

Delegated Administrator for Messaging and Collaboration. A set of interfaces (GUI and utilities) that allow domain administrators to add and modify users and groups to a hosted domain.

delegated administrator server. A daemon program that handles access control to the directory by hosted domains.

delete message. The act of marking a message for deletion. The deleted message is not removed from the message store until it is expunged or purged in a separate action by the user. See also purge message, expunge message.

delivery. See message delivery.

delivery status notification. A message giving status information about a message in route to a recipient. For example, a message indicating that delivery has been delayed because of network outages.

denial of service attack. A situation where an individual intentionally or inadvertently overwhelms your mail server by flooding it with messages. Your server's throughput could be significantly impacted or the server itself could become overloaded and nonfunctional.

Deny filter. A Messaging Server access-control rule that identifies clients that are to be denied access to one or more of the following services: POP, IMAP, or HTTP. See also Allow filter.

dereferencing an alias. Specifying, in a bind or search operation, that a directory service translate an alias distinguished name to the actual distinguished name of an entry.

DIGEST-MD5. A lightweight standards track authentication mechanism that is more secure then CRAM-MD5. Documented in RFC 2831 which also provides an option to protect the entire connection without the setup overhead of TLS (SSL).

directory context. The point in the directory tree information at which a search begins for entries used to authenticate a user and password for message store access. See also base DN.

directory entry. A set of directory attributes and their values identified by its distinguished name. Each entry contains an object class attribute that specifies the kind of object the entry describes and defines the set of attributes it contains.

directory information tree. The tree-like hierarchical structure in which directory entries are organized. Also called a DIT. DITs can be organized along the DNS (DC Trees) or Open Systems Interconnect networks (OSI trees).

directory lookup. The process of searching the directory for information on a given user or resource, based on that user or resource's name or other characteristic.

Directory Manager. User who has administrative privileges to the directory server database. Access control does not apply to this user (think of the directory manager as the directory's superuser).

directory schema. The set of rules that defines the data that can be stored in the directory.

Directory Server. The iPlanet directory service based on LDAP. See also directory service, Lightweight Directory Access Protocol, Configuration Directory Server, User/Groups Directory Server.

directory service. A logically centralized repository of information about people and resources within an organization. See also Lightweight Directory Access Protocol.

directory synchronization. The process of updating—that is, synchronizing—the MTA directory cache with the current directory information stored in the directory service. See also MTA directory cache.

disconnected state. The mail client connects to the server, makes a cache copy of selected messages, then disconnects from the server.

Dispatcher. The MTA component that handles connection requests for defined TCP ports. The Dispatcher is a multi-threaded connection dispatching agent that permits multiple multi-threaded servers to share responsibility for a given service. When using the Dispatcher, it is possible to have several multi-threaded SMTP server processes running concurrently.

distinguished name. The comma-separated sequence of attributes and values that specify the unique location of an entry within the directory information tree. Often abbreviated as DN.

distribution list. See mail list.

distribution list owner. See mail list owner.

DIT. See directory information tree.

DN. See distinguished name.

dn. LDAP alias for distinguished name. See also distinguished name.

DNS. See Domain Name System.

DNS alias. A host name that the DNS server recognizes as pointing to a different host—specifically a DNS CNAME record. Machines always have one real name, but they can have one or more aliases. For example, www.siroe.domain might be an alias that points to a real machine called realthing.siroe.domain where the server currently exists.

DNS database. A database of domain names (host names) and their corresponding IP addresses.

DNS domain. A group of computers whose host names share a common suffix, the domain name. Syntactically, an Internet domain name consists of a sequence of names (labels) separated by periods (dots), for example, corp.mktng.siroe.com. See also domain.

DNS spoofing. A form of network attack in which a DNS server has been subverted to provide false information.

document root. A directory on the server machine that contains files, images, and data that will be displayed to users accessing iPlanet Web Server.

domain. Resources under control of a single computer system. See also administration domain, DNS domain, hosted domain, virtual domain.

domain administrator. User who has administrative privileges to create, modify, and delete mail users, mail lists, and family accounts in a hosted domain by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs. By default, this user can act as a message store administrator for all messaging servers in the topology.

domain alias. A domain entry that points to another domain. By using aliases, hosted domains can have several domain names.

domain hosting. The ability to host one or more domains on a shared messaging server. For example, the domains siroe.com and sesta.org might both be hosted on the siroe.net mail server. Users send mail to and receive mail from the hosted domain—the name of the mail server does not appear in the email address.

domain name. (1) A host name used in an email address. (2) A unique name that defines an administrative organization. Domains can contain other domains. Domain names are interpreted from right to left. For example, siroe.com is both the domain name of the Siroe Company and a subdomain of the top-level com domain. The siroe.com domain can be further divided into subdomains such as corp.siroe.com, and so on. See also host name, fully-qualified domain name.

Domain Name System (DNS). A distributed name resolution software that allows computers to locate other computers on a network or the Internet by domain name. The system associates standard IP addresses with host names (such as www.siroe.com). Machines normally get this information from a DNS server. DNS servers provide a distributed, replicated, data query service for translating hostnames into Internet addresses. See also A record, MX record, CNAME record.

domain organization. A sub-domain below a hosted domain in the Organization Tree. Domain organizations are useful for companies that wish to organize their user and group entries along departmental lines.

domain part. The part of an email address to the right of the @ sign. For example, siroe.com is the domain part of the email address dan@siroe.com.

domain quota. The amount of space, configured by the system administrator, allocated to a domain for email messages.

domain rewrite rules. See rewrite rules.

domain template. The part of a rewrite rule that defines how the host/domain portion of an address is rewritten. It can include either a full static host/domain address or a single field substitution string, or both.

DSN. See Delivery Status Notification.

dsservd. A daemon that accesses the database files that hold the directory information, and communicates with directory clients using the LDAP protocol.

dssetup. A Directory Server preparation tool that makes an existing Directory Server ready for use by an iPlanet Messaging Server.

dynamic group. A mail group defined by an LDAP search URL. Users usually join the group by setting an LDAP attribute in their directory entry.

EHLO command. An SMTP command that queries a server to find out if the server supports extended SMTP commands. Defined in RFC 1869.

encryption. The process of disguising information so that it cannot be deciphered (decrypted) by anyone but the intended recipient who has the code key.

enterprise network. A network that consists of collections of networks connected to each other over a geographically dispersed area. The enterprise network serves the needs of a widely distributed company and is used by the company's mission-critical applications.

envelope . A container for transport information about the sender and the recipient of an email message. This information is not part of the message header. Envelopes are used by various email programs as messages are moved from place to place. Users see only the header and body of a message.

envelope field. A named item of information, such as RCPT TO, in a message envelope.

error handler . A program that handles errors. In Messaging Server, issues error messages and processes error action forms after the postmaster fills them out.

Error-Handler Action form. A form sent to the postmaster account that accompanies a received message that Messaging Server cannot handle. The postmaster fills out the form to instruct the server how to process the message.

error message. A message reporting an error or other situation. iPlanet Messaging Server generates messages in a number of situations, notably when it gets an email message that it can't handle. Others messages, called notification errors, are for informational purposes only.

ESMTP. See Extended Simple Mail Transfer Protocol.

ESP. Enterprise Service Provider.

ETRN. An SMTP command enabling a client to request that the server start the processing of its mail queues for messages that are waiting at the server for the client machine. Defined in RFC 1985.

expander. Part of an electronic mail delivery system that allows a message to be delivered to a list of addressees. Mail expanders are used to implement mail lists. Users send messages to a single address (for example, hacks@somehost.edu) and the mail expander takes care of delivery to the mailboxes in the list. Also called mail exploders. See also EXPN.

expansion. This term applies to the MTA processing of mail lists. The act of converting a message addressed to a mail list into enough copies for each mail list member.

EXPN. An SMTP command for expanding a mail list. Defined in RFC 821.

expunge message. The act of marking a message for deletion and then permanently removing it from the INBOX. See also delete message, purge message.

Extended Simple Mail Transfer Protocol (ESMTP). An Internet message transport protocol. ESMTP adds optional commands to the SMTP command set for enhanced functionality, including the ability for ESMTP servers to discover which commands are implemented by the remote site.

extranet. The part of a company intranet that customers and suppliers can access. See also intranet.

facility. In a Messaging Server log-file entry, a designation of the software subsystem (such as Network or Account) that generated the log entry.

failover. The automatic transfer of a computer service from one system to another to provide redundant backup.

family group administrator. User who has administrative privileges to add and remove family members in a family group. This user can grant family group administrative access to other members of group.

firewall. A network configuration, usually both hardware and software, that forms a barrier between networked computers within an organization and those outside the organization. A firewall is commonly used to protect information such as a network's email, discussion groups, and data files within a physical building or organization site.

folder. A named collection of messages. Folders can contain other folders. Also called a mailbox. See also personal folder, shared folder, INBOX.

forwarding. See message forwarding.

FQDN. See fully-qualified domain name.

fragmentation. The Multipurpose Internet Mail Extensions (MIME) feature that allows the breaking up of a large message into smaller messages. See also defragmentation.

fully-qualified domain name (FQDN). The unique name that identifies a specific Internet host. See also domain name.

gateway. The terms gateway and application gateway refer to systems that do translation from one native format to another. Examples include X.400 to/from RFC 822 electronic mail gateways. A machine that connects two or more electronic mail systems (especially dissimilar mail systems on two different networks) and transfers messages between them. Sometimes the mapping and translation can be complex, and it generally requires a store-and-forward scheme whereby the message is received from one system completely before it is transmitted to the next system after suitable translations.

greeting form. A message usually sent to users when an account is created for them. This form acts as confirmation of the new account and verification of its contents.

group. A group of LDAP mail entries that are organized under a distinguished name. Usually used as a mail list, but may also be used to grant certain administrative privileges to members of the group. See also dynamic group, static group.

group folders. These contain folders for shared and group folders. See also shared folder.

GUI. Graphical User Interface

HA. See High Availability.

hashdir. A command-line utility for determining which directory contains the message store for a particular user.

header. The portion of an email message that precedes the body of the message. The header is composed of field names followed by a colon and then values. Headers contain information useful to email programs and to users trying to make sense of the message. For example, headers include delivery information, summaries of contents, tracing, and MIME information; they tell whom the message is for, who sent it, when it was sent, and what it is about. Headers must be written according to RFC 822 so that email programs can read them.

header field. A named item of information, such as From: or To:, in a message header. Often referred to as a "header line".

High Availability. Enables the detection of a service interruption and provides recovery mechanisms in the event of a system failure or process fault. In addition, it allows a backup system to take over the services in the event of a primary system failure.

hop. A transmission between two computers.

host. The machine on which one or more servers reside.

hosted domain. An email domain that is outsourced by an ISP. That is, the ISP provides email domain hosting for an organization by operating and maintaining the email services for that organization. A hosted domain shares the same Messaging Server host with other hosted domains. In earlier LDAP-based email systems, a domain was supported by one or more email server hosts. With Messaging Server, many domains can be hosted on a single server. For each hosted domain, there is an LDAP entry that points to the user and group container for the domain. Hosted domains are also called virtual hosted domains or virtual domains. See also domain, virtual domain.

host name. The name of a particular machine within a domain. The host name is the IP host name, which might be either a "short-form" host name (for example, mail) or a fully qualified host name. The fully qualified host name consists of two parts: the host name and the domain name. For example, mail.siroe.com is the machine mail in the domain siroe.com. Host names must be unique within their domains. Your organization can have multiple machines named mail, as long as the machines reside in different subdomains; for example, mail.corp.siroe.com and mail.field.siroe.com. Host names always map to a specific IP address. See also domain name, fully-qualified domain name, IP address.

host name hiding. The practice of having domain-based email addresses that do not contain the name of a particular internal host.

HTTP. See HyperText Transfer Protocol.

hub. A host that acts as the single point of contact for the system. When two networks are separated by a firewall, for example, the firewall computer often acts as a mail hub.

HyperText Transfer Protocol. A standard protocol that allows the transfer of hypertext documents over the Web. iPlanet Messaging Server provides an HTTP service to support web-based email. See also Messenger Express.

IDENT. See Identification Protocol.

Identification Protocol. A protocol that provides a means to determine the identity of a remote process responsible for the remote end of a particular TCP connection. Defined in RFC 1413.

IMAP4. See Internet Message Access Protocol Version 4.

imsadmin commands. A set of command line utilities for managing domain administrators, users, and groups.

imsimta commands. A set of command line utilities for performing various maintenance, testing, and management tasks for the Message Transfer Agent (MTA).

INBOX. The name reserved for a user's default mailbox for mail delivery. INBOX is the only folder name that is case-insensitive. For example: INBOX, Inbox, and inbox are all valid names for a users default mailbox.

installation directory. The directory into which the binary (executable) files of a server are installed. For the Messaging Server, it is a subdirectory of the server root: server-root/bin/msg/. Se also instance directory, server root.

instance. A separately executable configuration of a server or other software entity on a given host. With a single installed set of binary files, it is possible to create multiple instances of iPlanet servers that can be run and accessed independently of each other.

instance directory. The directory that contains the files that define a specific instance of a server. For the Messaging Server, it is a subdirectory of the server root: server-root/msg-instance/, where instance is the name of the server as specified at installation. See also installation directory, server root.

Internet. The name given to the worldwide network of networks that uses TCP/IP protocols.

Internet Message Access Protocol Version 4 (IMAP4). A standard protocol that allows users to be disconnected from the main messaging system and still be able to process their mail. The IMAP specification allows for administrative control for these disconnected users and for the synchronization of the users' message store once they reconnect to the messaging system.

Internet Protocol (IP). The basic network-layer protocol on which the Internet and intranets are based.

internet protocol address. See IP address.

intranet. A network of TCP/IP networks within a company or organization. Intranets enable companies to employ the same types of servers and client software used for the World Wide Web for internal applications distributed over the corporate LAN. Sensitive information on an intranet that communicates with the Internet is usually protected by a firewall. See also firewall, extranet.

invalid user. An error condition that occurs during message handling. When this occurs, the message store sends a communication to the MTA, the message store deletes its copy of the message. The MTA bounces the message back to the sender and deletes its copy of the message.

IP. See Internet Protocol.

IP address. A set of numbers, separated by dots, such as 198.93.93.10, that specifies the actual location of a machine on an intranet or the Internet. A 32-bit address assigned to hosts using TCP/IP.

iPlanet Setup. The installation program for all iPlanet servers and for iPlanet Console.

ISP. Internet Service Provider. A company that provides Internet services to its customers including email, electronic calendaring, access to the world wide web, and web hosting.

Job Controller. The MTA component responsible for scheduling and executing tasks upon request by various other MTA components.

key database. A file that contains the key pair(s) for a server's certificate(s). Also called a key file.

knowledge information. Part of the directory service infrastructure information. The directory server uses knowledge information to pass requests for information to other servers.

LDAP. See Lightweight Directory Access Protocol.

LDAP Data Interchange Format (LDIF). The format used to represent Directory Server entries in text form.

LDAP filter. A method of specifying a set of entries, based on the presence of a particular attribute or attribute value.

LDAP referrals. An LDAP entry that consists of a symbolic link (referral) to another LDAP entry. An LDAP referral consists of an LDAP host and a distinguished name. LDAP referrals are often used to reference existing LDAP data so that this data does not have to be replicated. They are also used to maintain compatibility for programs that depend on a particular entry that may have been moved.

LDAP search string. A string with replaceable parameters that defines the attributes used for directory searches. For example, an LDAP search string of "uid=%s" means that searches are based on the user ID attribute.

LDAP Server. A software server that maintains an LDAP directory and services queries to the directory. The iPlanet Directory Services are implementations of an LDAP Server.

LDAP server failover. A backup feature for LDAP servers. If one LDAP server fails, the system can switch over to another LDAP server.

LDBM. LDAP Data Base Manager.

LDIF. See LDAP Data Interchange Format.

Legato Networker. A third-party backup utility distributed by Legato®.

level. A designation of logging verbosity, meaning the relative number of types of events that are recorded in log files. At a level of Emergency, for example, very few events are logged; at a level of Informational, on the other hand, very many events are logged.

Lightweight Directory Access Protocol (LDAP). Directory service protocol designed to run over TCP/IP and across multiple platforms. A simplification of the X.500 Directory Access Protocol (DAP) that allows a single point of management for storage, retrieval, and distribution of information, including user profiles, mail lists, and configuration data across iPlanet servers. The iPlanet Directory Server uses the LDAP protocol.

listen port. The port that a server uses to communicate with clients and other servers.

local part. The part of an email address that identifies the recipient. See also domain part.

log directory. The directory in which all of a service's log files are kept.

log expiration. Deletion of a log file from the log directory after it has reached its maximum permitted age.

log rotation. Creation of a new log file to be the current log file. All subsequent logged events are to be written to the new current file. The log file that was the previous current file is no longer written to, but remains in the log directory.

lookup. Same as a search, using the specified parameters for sorting data.

mailbox . A place where messages are stored and viewed. See also folder.

mail client. The programs that help users send and receive email. This is the part of the various networks and mail programs that users have the most contact with. Mail clients create and submit messages for delivery, check for new incoming mail, and accept and organize incoming mail.

mail exchange record . See MX record.

mail list. A list of email addresses to which a message can be sent by way of a mail list address. Sometimes called a group.

mail list owner. A user who has administrative privileges to add members to and delete members from the mail list.

mail relay. A mail server that accepts mail from a MUA or MTA and relays it to the mail recipient's message store or another router.

mail router. See mail relay.

mailing list. See mail list.

mailing list owner. See mail list owner.

managed object. A collection of configurable attributes, for example, a collection of attributes for the directory service.

master channel program. A channel program that typically initiates a transfer to a remote system. See also slave channel program.

master directory server. The directory server that contains the data that will be replicated.

MD5. A message digest algorithm by RSA Data Security. MD5 can be used to produce a short digest of data that is unique with high probability. It is mathematically extremely hard to produce a piece of data that produces the same message digest email.

member. A user or group who receives a copy of an email addressed to a mail list. See also mail list, expansion, moderator, and owner.

message . The fundamental unit of email, a message consists of a header and a body and is often contained in an envelope while it is in transit from the sender to the recipient.

message access services. The protocol servers, software drivers, and libraries that support client access to the Messaging Server message store.

message delivery. The act that occurs when an MTA delivers a message to a local recipient (a mail folder or a program).

message forwarding. The act that occurs when an MTA sends a message delivered to a particular account to one or more new destinations as specified by the account's attributes. Forwarding may be configurable by the user. See also message delivery, message routing.

Message Handling System (MHS). A group of connected MTAs, their user agents, and message stores.

message routing. The act of transferring a message from one MTA to another when the first MTA determines that the recipient is not a local account, but might exist elsewhere. Routing is normally configurable only by a network administrator. See also message forwarding.

message queue. The directory where messages accepted from clients and other mail servers are queued for delivery (immediate or deferred).

message quota. A limit defining how much disk space a particular folder can consume.

message store. The database of all locally delivered messages for a Messaging server instance. Messages can be stored on a single physical disk or stored across multiple physical disks.

message store administrator. User who has administrative privileges to manage the message store for a Messaging Server installation. This user can view and monitor mailboxes, and specify access control to the store. Using proxy authorization rights, this user can run certain utilities for managing the store.

message store partition. A message store or subset of a message store residing on a single physical file system partition.

message submission. The client User Agent (UA) transfers a message to the mail server and requests delivery.

Message Transfer Agent (MTA). A specialized program for routing and delivering messages. MTAs work together to transfer messages and deliver them to the intended recipient. The MTA determines whether a message is delivered to the local message store or routed to another MTA for remote delivery.

Messaging Multiplexor. A specialized iPlanet Messaging Server that acts as a single point of connection to multiple mail servers, facilitating the distribution of a large user base across multiple mailbox hosts.

Messaging Server administrator. The administrator whose privileges include installation and administration of an iPlanet Messaging Server instance.

Messenger Express. A mail client that enables users to access their mailboxes through a browser-based (HTTP) interface. Messages, folders, and other mailbox information are displayed in HTML in a browser window. See also webmail.

Messenger Express Multiplexor . A proxy messaging server that acts as a Multiplexor; it allows you to connect to the HTTP service of iPlanet Messaging Server (Messenger Express). The Messenger Express Multiplexor facilitates distributing mail users across multiple server machines.

MHS. See Message Handling System.

MIME. See Multipurpose Internet Mail Extension.

MMP. See Messaging Multiplexor.

moderator. A person who first receives all email addressed to a mail list before (A) forwarding the message to the mail list, (B) editing the message and then forwarding it to the mail list, or (C) not forwarding the message to the mail list. See also mail list, expansion, member.

MTA. See Message Transfer Agent.

MTA configuration file. The file (imta.cnf) that contains all channel definitions for the Messaging Server as well as the rewrite rules that determine how addresses are rewritten for routing. See also channel, rewrite rules.

MTA directory cache. a snapshot of the directory service information about users and groups required by the MTA to process messages. See also directory synchronization.

MTA hop. The act of routing a message from one MTA to another.

MUA. See user agent.

Multiplexor. See Messaging Multiplexor.

Multipurpose Internet Mail Extension (MIME). A protocol you can use to include multimedia in email messages by appending the multimedia file in the message.

MX record. Mail Exchange Record. A type of DNS record that maps one host name to another.

name resolution. The process of mapping an IP address to the corresponding name. See also DNS.

namespace. The tree structure of an LDAP directory. See also directory information tree.

naming attribute. The final attribute in a directory information tree distinguished name. See also relative distinguished name.

naming context. A specific suffix of a directory information tree that is identified by its DN. In iPlanet Directory Server, specific types of directory information are stored in naming contexts. For example, a naming context which stores all entries for marketing employees in the Siroe Corporation at the Boston office might be called ou=mktg, ou=Boston, o=siroe, c=US.

NDN. See nondelivery notification.

network manager. A program that reads, formats, and displays SNMP data. Also called an SNMP client.

next-hop list. A list of adjacent systems a mail route uses to determine where to transfer a message. The order of the systems in the next-hop list determines the order in which the mail route transfers messages to those systems.

node. An entry in the DIT.

nondelivery notification. During message transmission, if the MTA does not find a match between the address pattern and a rewrite rule, the MTA sends a nondelivery report back to the sender with the original message.

notary messages. Nondelivery notifications (NDNs) and delivery status notifications (DSNs) that conform to the NOTARY specifications RFC 1892.

notification message. A type of message, sent by the Messaging Server providing the status of message delivery processing, as well as the reasons for any delivery problems or outright failures. It is for information al purposes and requires no action from the postmaster. See also delivery status notifications.

object class. A template specifying the kind of object the entry describes and the set of attributes it contains. For example, iPlanet Directory Server specifies an emailPerson object class which has attributes such as commonname, mail (email address), mailHost, and mailQuota.

off-line state. A state in which the mail client downloads messages from a server system to a client system where they can be viewed and answered. The messages might or might not be deleted from the server.

online state. A state in which messages remain on the server and are remotely responded to by the mail client.

organization administrator. User who has administrative privileges to create, modify, and delete mail users and mail lists in an organization or suborganization by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs.

OSI tree. A directory information tree that mirrors the Open Systems Interconnect network syntax. An example of a distinguished name in an OSI tree would be cn=billt,o=bridge,c=us.

partition. See message store partition.

password authentication. Identification of a user through user name and password. See also certificate-based authentication.

pattern. A string expression used for matching purposes, such as in Allow and Deny filters.

permanent failure. An error condition that occurs during message handling. When this occurs, the message store deletes its copy of an email message. The MTA bounces the message back to the sender and deletes its copy of the message.

personal folder. A folder that can be read only by the owner. See also shared folder.

plaintext. Refers to a method for transmitting data. The definition depends on the context. For example, with SSL plaintext passwords are encrypted and are therefore not sent as cleartext. With SASL, plaintext passwords are hashed, and only a hash of the password is sent as text. See also SSL and SASL.

plaintext authentication. See password authentication.

POP3. See Post Office Protocol Version 3.

port number. A number that specifies an individual TCP/IP application on a host machine, providing a destination for transmitted data.

postmaster account. An alias for the email group and email addresses who receive system-generated messages from the Messaging Server. The postmaster account must point to a valid mailbox or mailboxes.

Post Office Protocol Version 3 (POP3). A protocol that provides a standard delivery method and that does not require the message transfer agent to have access to the user's mail folders. Not requiring access is an advantage in a networked environment, where often the mail client and the message transfer agent are on different computers.

process. A self-contained, fully functional execution environment set up by an operating system. Each instance of an application typically runs in a separate process. See also thread.

protocol. A formal description of messages to be exchanged and rules to be followed for two or more systems to exchange information.

provisioning. The process of adding, modifying or deleting entries in the iPlanet Directory Server. These entries include users and groups and domain information.

proxy. The mechanism whereby one system "fronts for" another system in responding to protocol requests. Proxy systems are used in network management to avoid having to implement full protocol stacks in simple devices, such as modems.

public key encryption. A cryptographic method that uses a two-part key (code) that is made up of public and private components. To encrypt messages, the published public keys of the recipients are used. To decrypt the messages, the recipients use their unpublished private keys known only to them.

purge message. The process of permanently removing messages that have been deleted and are no longer referenced in user and group folders and returning the space to the message store file system. See also delete message, expunge message.

queue. See message queue.

RC2. A variable key-size block cipher by RSA Data Security.

RC4. A stream cipher by RSA Data Security. Faster than RC2.

RDN. Relative distinguished name. The name of the actual entry itself, before the entry's ancestors have been appended to the string to form the full distinguished name.

referral. A process by which the directory server returns an information request to the client that submitted it, with information about the Directory Service Agent (DSA) that the client should contact with the request. See also knowledge information.

regular expression. A text string that uses special characters to represent ranges or classes of characters for the purpose of pattern matching.

relative distinguished name. See RDN.

relaying. The process of passing a message from one messaging server to another messaging server.

replica directory server. The directory that will receive a copy of all or part of the data.

required attributes. Attributes that must be present in entries using a particular object class. See also allowed attributes, attributes.

restore. The process of restoring the contents of folders from a backup device to the message store. See also backup.

reverse DNS lookup. The process of querying the DNS to resolve a numeric IP address into the equivalent fully qualified domain name.

rewrite rules. Also known as domain rewrite rules. A tool that the MTA uses to route messages to the correct host for delivery. Rewrite rules perform the following functions: (1) extract the host/domain specification from an address of an incoming message, (2) match the host/domain specification with a rewrite rule pattern, (3) rewrite the host/domain specification based on the domain template, and (4) decide which channel queue the message should be placed in.

RFC. Request For Comments. The document series, begun in 1969, describes the Internet suite of protocols and related experiments. Not all (in fact very few) RFCs describe Internet standards, but all Internet standards are published as RFCs. See http://www.imc.org/rfcs.html.

root entry. The top-level entry of the directory information tree (DIT) hierarchy.

router. A system responsible for determining which of several paths network traffic will follow. It uses a routing protocol to gain information about the network, and algorithms to choose the best route based on several criteria known as "routing matrix." In OSI terminology, a router is a Network Layer intermediate system. See also gateway.

routing. See message routing.

routing tables. The internal databases that hold the information about message originators and recipients. See also SMTP mail routing table.

safe file system. A file system performs logging such that if a system crashes it is possible to rollback the data to a pre-crash state and restore all data. An example of a safe file system is Veritas File System, VxFS.

SASL. See Simple Authentication and Security Layer.

schema. Definitions—including structure and syntax—of the types of information that can be stored as entries in iPlanet Directory Server. When information that does not match the schema is stored in the directory, clients attempting to access the directory might be unable to display the proper results.

SCM. See Service Control Manager.

search base. See base DN.

Secure Sockets Layer (SSL). A software library establishing a secure connection between two parties (client and server).

security-module database. A file that contains information describing hardware accelerators for SSL ciphers. Also called secmod.

sendmail. A common MTA used on UNIX machines. In most applications, iPlanet Messaging Server can be used as a drop-in replacement for sendmail.

server administrator. Person who performs server management tasks. The server administrator provides restricted access to tasks for a particular server, depending upon task ACIs. The configuration administrator must assign user access to a server. Once a user has server access permissions, that user is a server administrator who can provide server access permissions to users.

server instance. The directories, programs, and utilities representing a specific server software installation.

server root. The directory into which all iPlanet servers associated with a given Administration Server on a given host are installed. Typically designated server-root. See also installation directory, instance directory.

server side rules (SSR). A set of rules for enabling server-side filtering of mail. Based on the Sieve mail filtering language.

service. (1) A function provided by a server. For example, iPlanet Messaging Server provides SMTP, POP, IMAP, and HTTP services. (2) A background process on Windows NT that does not have a user interface. iPlanet servers on Windows NT platforms run as services. Equivalent to daemon on UNIX platforms.

Service Control Manager. Windows NT administrative program for managing services.

servlet. server-side Java programs that Web servers run to generate content in response to a client request. Servlets are similar to applets in that they run on the server-side but do not use a user interface.

session. An instance of a client-server connection.

shared folder. A folder that can be read by more than one person. Shared folders have an owner who can specify read access to the folder and who can delete messages from the shared folder. The shared folder can also have a moderator who can edit, block, or forward incoming messages. Only IMAP folders can be shared. See also personal folder.

Sieve. A proposed language for filtering mail.

Simple Authentication and Security Layer (SASL). A means for controlling the mechanisms by which POP, IMAP or SMTP clients identify themselves to the server. iPlanet Messaging Server support for SMTP SASL use complies with RFC 2554 (ESMTP AUTH). SASL is defined in RFC 2222.

Simple Mail Transfer Protocol (SMTP). The email protocol most commonly used by the Internet and the protocol supported by the iPlanet Messaging Server. Defined in RFC 821, with associated message format descriptions in RFC 822.

SIMS. Sun Internet Mail Server.

single field substitution string. In a rewrite rule, part of the domain template that dynamically rewrites the specified address token of the host/domain address. See also domain template.

single sign-on . The ability for a user to authenticate once and gain access to multiple services (mail, directory, file services, and so on).

SIZE. An SMTP extension enabling a client to declare the size of a particular message to a server. The server may indicate to the client that it is or is not willing to accept the message based on the declared message size; the server can declare the maximum message size it is willing to accept to a client. Defined in RFC 1870.

slave channel program. A channel program that accepts transfers initiated by a remote system. See also master channel program.

smart host. The mail server in a domain to which other mail servers forward messages if they do not recognize the recipients.

SMTP. See Simple Mail Transfer Protocol.

SMTP AUTH. See AUTH.

sn. Aliased directory attribute for surname.

spoofing. A form of network attack in which a client attempting to access or send a message to a server misrepresents its host name.

SSL. See Secure Sockets Layer.

SSR. See Server Side Rules.

static group. A mail group defined statically by enumerating each group member. See also dynamic group.

subdomain. A portion of a domain. For example, in the domain name corp.siroe.com, corp is a subdomain of the domain siroe.com. See also host name, fully-qualified domain name.

subnet. The portion of an IP address that identifies a block of host IDs.

subordinate reference. The naming context that is a child of the naming context held by your directory server. See also knowledge information.

synchronization. (1) The update of data by a master directory server to a replica directory server. (2) The update of the MTA directory cache.

TCP. See Transmission Control Protocol.

TCP/IP. See Transmission Control Protocol/Internet Protocol.

thread. A lightweight execution instance within a process.

TLS. See Transport Layer Security.

top-level administrator. User who has administrative privileges to create, modify, and delete mail users, mail lists, family accounts, and domains in an entire Messaging Server namespace by using the Delegated Administrator for Messaging and Collaboration GUI or CLIs. By default, this user can act as a message store administrator for all messaging servers in the topology.

transient failure. An error condition that occurs during message handling. The remote MTA is unable to handle the message when it's delivered, but may be able to later. The local MTA returns the message to the queue and schedules it for retransmission at a later time.

Transmission Control Protocol (TCP). The basic transport protocol in the Internet protocol suite that provides reliable, connection-oriented stream service between two hosts.

Transmission Control Protocol/Internet Protocol (TCP/IP). The name given to the collection of network protocols used by the Internet protocol suite. The name refers to the two primary network protocols of the suite: TCP (Transmission Control Protocol), the transport layer protocol, and IP (Internet Protocol), the network layer protocol.

Transport Layer Security (TLS). . The standardized form of SSL. See also Secure Sockets Layer.

transport protocols. Provides the means to transfer messages between MTAs, for example SMTP and X.400.

UA. See user agent.

UBE. See Unsolicited Bulk Email.

UID. (1) User identification. A unique string identifying a user to a system. Also referred to as a userID. (2) Aliased directory attribute for userID (login name).

unified messaging. The concept of using a single message store for email, voicemail, fax, and other forms of communication. iPlanet Messaging Server provides the basis for a complete unified messaging solution.

Unsolicited Bulk Email (UBE). Unrequested and unwanted email, sent from bulk distributors, usually for commercial purposes.

upper reference. Indicates the directory server that holds the naming context above your directory server's naming context in the directory information tree (DIT).

user account. An account for accessing a server, maintained as an entry on a directory server.

user agent (UA). The client component, such as Netscape Communicator, that allows users to create, send, and receive mail messages.

User/Groups Directory Server . A Directory Server that maintains information about users and groups in an organization.

user entry or user profile. Fields that describe information about each user, required and optional, examples are: distinguished name, full name, title, telephone number, pager number, login name, password, home directory, and so on.

user folders. A user's email mailboxes.

user quota. The amount of space, configured by the system administrator, allocated to a user for email messages.

UUCP. UNIX to UNIX Copy Program. A protocol used for communication between consenting UNIX systems.

vanity domain. A domain name associated with an individual user—not with a specific server or hosted domain. A vanity domain is specified by using the MailAlternateAddress attribute. The vanity domain does not have an LDAP entry for the domain name. Vanity domains are useful for individuals or small organizations desiring a customized domain name, without the administration overhead of supporting their own hosted domain. Also called custom domain.

/var/mail. A name often used to refer to Berkeley-style inboxes in which new mail messages are stored sequentially in a single, flat text file.

Veritas Cluster Server . High availability clustering software from Veritas Software with which iPlanet Messaging Server can integrate.

virtual domain. (1) An ISP hosted domain. (2) A domain name added by the Messaging Multiplexor to a client's user ID for LDAP searching and for logging into a mailbox server. See also domain, hosted domain.

VRFY. An SMTP command for verifying a user name. Defined in RFC 821.

Web server. A software program or server computer equipped to offer World Wide Web access. A Web server accommodates requests from users, retrieves requested files or applications, and issues error messages.

webmail. A generic term for browser-based email services. A browser-based client—known as a "thin" client because more processing is done on the server—accesses mail that is always stored on a server. See also Messenger Express.

wildcard. A special character in a search string that can represent one or more other characters or ranges of characters.

workgroup. Local workgroup environment, where the server performs its own routing and delivery within a local office or workgroup. Interdepartmental mail is routed to a backbone server. See also backbone.

X.400. A message handling system standard.