To Configure Messaging Server on FE Servers (Deployment Example: Sun Java System Communications Services for Access Anywhere (EdgeMail))

Deployment Example: Sun Java System Communications Services for Access Anywhere (EdgeMail)

To Configure Messaging Server on FE Servers

Before You Begin

All steps under in Chapter 3, Solaris Installation and Configuration must be completed, especially parts pertaining to FE nodes.
Directory Server on port 34389 in /opt/ds must be installed and configured.
Admin Server must be installed and configured.
Web Server must be installed for MailFilters.
Messaging Server must be installed and patched.
FOUNDRY: set up loopback for mail-amer.example.com and use mail VIP for install and configuration.
NAUTICUS: use hostname of d1 server for install and configuration: d1-amer-01.example.com.

Steps

Run configure Always check the silent install file before using it.

#  cd /opt/SUNWmsgsr/sbin
# ./configure -nodisplay -noconsole -state /var/bits/silent/BE/FE_RAMESH/d1-msg-configure.cnf

Backup configdir with db2ldif to ensure a good copy is saved
# cd /opt/ds/slapd-cfg # ./db2ldif

Disable POP and IMAP

# configutil -o service.pop.enable -v 0
# configutil -o service.pop.enablesslport -v 0
# configutil -o service.imap.enable -v 0
# configutil -o service.imap.enablesslport -v 0

Verify msg-admin account for your geo; setup if needed; add to group similar to BE process

1. ldapsearch -h ds-amer-0[123] -b dc=example,dc=com uid=msg-admin-mail-amer.example.com dn

IF uid is NOT in ldap , create ldap entry for your msg-admin user. Create ldap file .e.g call it msg-admin.ldif with contents (modify contents for your geo):

dn: uid=msg-admin-mail-sfbay.example.com,ou=People, dc=example,dc=com givenName: Messaging End User SFBAY userPassword: {SSHA}ttW9Pash8si8u81XCWAXwV9Hfk9JRBti/yOJMw== objectClass: top objectClass: person objectClass: inetorgperson objectClass: iplanet-am-managed-person objectClass: organizationalPerson cn: Messaging End User SFBAY Administrator sn: Administrator uid: msg-admin-mail-sfbay.example.com

Add the entry to ldap

ldapmodify -h ds-amer-0[123] -D "cn=Directory Manager" -w password -a -f ./msg-admin.ldif

IF uid IS in ldap, then verify the msg-admin user for your geo is a uniqueMember in the ou=groups entry for cn=Messaging End User Administrators
ldapsearch -h ds-amer-01 -b dc=example,dc=com cn="Messaging End User Administrators Group" uniqueMember |\ grep msg-admin-mail-amer
If necessary add in your msg-admin user to the Administrators Group using an ldap browser or ldapmodify command. Note: any entries with long time stamps should probably be removed in a clean up effort. However, it is suggested that you clean up entries only for geo you are configuring.

Change the following:

ImapProxyAservice.cfg 
        default:BindDN    "uid=msg-admin-mail-amer.example.com, ou=People, dc=example, dc=com"
        default:BindPass (verify PW for your msg-admin user and reset if needed)
  configutil values
        local.service.pab.ldapbinddn  (same DN as above)
        local.ugldapbinddn            (same DN as above)
        local.ugldapbindcred          (same PW as above)
        local.service.pab.ldappasswd  (same PW as above)

Restart messaging and test. Use e.g. ImapProxy log to see if authentication is working as expected. Edit LDIF or configuration information as needed; it all needs to match.

Enable SSL by following the procedures To Request an SSL Certificate and To Install an SSL Certificate. Messaging Server uses the /opt/SUNWmsgsr/config/sslpassword.conf file.