Sun Java System Messaging Server 6.3 Administration Guide

5.7 To Configure HTTP Services

Messaging Server supports the HTTP mail clients called Messenger Express and Communications Express. While POP and IMAP clients send mail directly to a Messaging Server MTA for routing or delivery, HTTP clients send mail to a specialized web server called the Webmail Server (also called mshttpd or Messaging Server http daemon). Depending on where the message is addressed, the Webmail Server will direct the mail to an outbound MTA for routing or to one of the backend message stores using IMAP. This is shown in Figure 5–1. Note that the Communications Express Server simply routes requests to and from the Webmail Server.

Figure 5–1 HTTP Service Components

This image shows HTTP Service Components for the Messaging
Server.

In previous versions, the Webmail Server accessed the message store directly. Now, it accesses the message store through the IMAP server. This provides several advantages:

In previous versions, the MEM received HTTP client requests and forwarded it to the appropriate Webmail Server on the back-end message store. Because of this, a copy of mshttpd had to be installed on every back-end server. Now, the Webmail Server operates as a front-end server receiving HTTP client email requests. It translates these requests to SMTP or IMAP calls and forwards the calls to either the MTA or the appropriate IMAP server on the back-end message store. If Messaging Server is used only for web-based email, make sure that IMAP is enabled.

5.7.1 Configuring Your HTTP Service

Many of the HTTP configuration parameters are similar to the parameters available for the POP and IMAP services. These include parameters for connection settings and process settings. Some of the more common HTTP service options are given in this section. A complete listing can be found in the configutil Parameters in Sun Java System Messaging Server 6.3 Administration Reference. For more information, see also:

For each IMAP server that users access, the Webmail Server needs to know the IMAP port, whether to use SSL, and the admin credentials to use for user log-in. The configutil parameters to do this are as follows:

local.service.proxy.imapport[.hostname] — IMAP port on which to connect (default 143).

local.service.proxy.imapssl — Enable SSL (default no).

local.service.proxy.admin[.hostname] — Admin ID.

local.service.proxy.adminpass[.hostname] — Admin password.

These parameters can be set globally (applying to every IMAP backend server), or for each individual IMAP backend server by appending the backend's fully qualified domain name to the option name.

In order to use IMAP over SSL, the mshttpd must be also configured as an SSL HTTP server, and the mshttpd certificate database must trust the IMAP backend's CA. You MUST enable service.http.sslusessl. If the backend message store running IMAP is using a self-signed certificate (for example, as created by generate-certDB) then this certificate needs to be added to the front-end mshttpd daemon server.

Note that if local.service.proxy.admin/pass isn't set, logins will be rejected with the error Mail server unavailable. Administrator, check server log for details. and the http log will list the missing configuration options.

Additional values for HTTP attributes can be set at the command line as follows:

To enable or disable the HTTP service:

configutil -o service.http.enable -v [ yes | no ]

By default, the HTTP service sends outgoing web mail to the local MTA for routing or delivery. You might want to configure the HTTP service to send mail to a remote MTA, for example, if your site is a hosting service and most recipients are not in the same domain as the local host machine. To send web mail to a remote MTA, you need to specify the remote host name and the SMTP port number for the remote host. To specify the port number:

configutil -o service.http.port -v number

To enable a separate port for HTTP over SSL:

configutil -o service.http.enablesslport -v [ yes | no ]

To specify a port number for HTTP over SSL:

configutil -o service.http.sslport -v number

To enable or disable password login:

configutil -o service.http.plaintextmincipher -v value

If valueis > 0, then disable use of plaintext passwords unless a security layer (SSL or TLS) is activated. This forces users to enable SSL or TLS on their client to login which prevents exposure of their passwords on the network. Default is 0.

To set the maximum number of network connections per process (for more information, see 5.3.2 Number of Connections per Process):

configutil -o service.http.maxsessions -v number

To set the maximum idle time for connections (for more information, see 5.3.4 Dropping Idle Connections)

configutil -o service.http.idletimeout -v number

To set the maximum idle time for client sessions (for more information, see 5.3.5 Logging Out HTTP Clients):

configutil -o service.http.sessiontimeout -v number

To set the maximum number of threads per process:

configutil -o service.http.maxthreads -v number

To set the maximum number of processes:

configutil -o service.http.numprocesses -v number

When an HTTP client constructs a message with attachments, the attachments are uploaded to the server and stored in a file. The HTTP service retrieves the attachments and constructs the message before sending the message to an MTA for routing or delivery. You can accept the default attachment spool directory or specify an alternate directory. You can also specify a maximum size allowed for attachments. To specify the attachment spool directory for client outgoing mail use the following command. Note that this includes all the attachments encoded in base64, and that base64 encoding requires an extra 33% more space. Thus a 5 megabyte limit in the parameter results in the maximum size of one message and attachments being about 3.75 megabytes.

configutil -o service.http.spooldir -v dirpath

To specify the maximum message size:

configutil -o service.http.maxmessagesize -v size

where size is a number in bytes. Note that this includes all the attachments encoded in base64, and that base64 encoding requires an extra 33% more space. Thus a 5 megabyte limit in the parameter results in the maximum size of one message and attachments being about 3.75M.

To specify an alternate MTA host name:

configutil -o service.http.smtphost -v hostname

To specify the port number for the alternate MTA host name:

configutil -o service.http.smtpport -v portnum