Contents


About This Guide

Who Should Read This Book
What You Need to Know
How This Book is Organized
Document Conventions

Monospaced Font
Bold Monospaced Font
Italicized Font
Square or Straight Brackets
Command Line Prompts

Where to Find Related Information
Where to Find This Book Online

Chapter 1 Introduction

Support for Standard Protocols
Support for Hosted Domains
Support for User Provisioning
Support for Unified Messaging
Support for Webmail
Powerful Security and Access Control
Convenient User Interfaces
Post-Installation Directory and File Organization

Chapter 2 Configuring General Messaging Capabilities

Viewing Basic Server Information
Starting and Stopping Services

Starting and Stopping Services in an HA Environment
Starting and Stopping Services in a non-HA Environment

Configuring a Greeting Message
Configuring Languages for Auto-Reply Messages

Choosing a User-Preferred Language
Configuring a Server Site Language

Enabling Single Sign-On (SSO)

Messenger Express SSO Configuration Parameters
Messenger Express and Delegated Administrator for Messaging

Step 1a. Create a Proxy User Account
Step 1b. Create an ACI for Proxy Authentication
Step 2a. Add the Proxy User Credentials to the resource.properties File
Step 2b. Add the Single Sign-On Cookie Information
Step 2c. Add the Participating Servers Verification URL
Step 3. Restart the Enterprise Server

Customizing Directory Lookups
Encryption Settings

Chapter 3 Managing Mail Users and Mailing Lists

Introduction
Managing Mail Users

Accessing Mail Users

Creating a New User
Accessing an Existing User

Specifying User Email Addresses
Configuring Delivery Options

Specifying POP/IMAP Delivery
Specifying Program Delivery
Specifying UNIX Delivery

Specifying Forwarding Addresses
Configuring Auto-Reply Settings
Configuring Authorized Services

Managing Mailing Lists

Accessing Mailing Lists

Creating a New Group
Accessing an Existing Group

Specifying Mailing List Settings
Specifying List Members

Defining Dynamic Membership Criteria
Adding Mailing-List Members

Defining Message-Posting Restrictions
Defining Moderators

Chapter 4 Configuring POP, IMAP, and HTTP Services

General Configuration

Enabling and Disabling Services
Specifying Port Numbers
Ports for Encrypted Communications

IMAP Over SSL
HTTP Over SSL

Service Banner

Login Requirements

Password-Based Login
Certificate-Based Login

Performance Parameters

Number of Processes
Number of Connections per Process
Number of Threads per Process
Dropping Idle Connections
Logging Out HTTP Clients

Client Access Controls
Configuring POP Services
Configuring IMAP Services
Configuring HTTP Services

Chapter 5 Messaging Multiplexor

About Messaging Multiplexor

Multiplexor Benefits
How Multiplexor Works
Encryption (SSL) Option
Certificate-Based Client Authentication
User Pre-Authentication
Virtual Domains
Multiple Multiplexor Instances

Configuring Multiplexor
Starting Multiplexor

UNIX Systems
Windows NT Systems

A Sample Topology

IMAP Configuration Example
POP Configuration Example

Chapter 6 About MTA Services and Configuration

The Message Transfer Agent (MTA)
Channels

Master and Slave Programs
Channel Message Queues

Rewrite Rules
The Job Controller
The Dispatcher

Creation and Expiration of Server Processes
Controlling the Dispatcher

The MTA Configuration File
Other MTA Configuration Files

Autoreply Option File
Alias File
TCP/IP Channel Option Files
Conversion File
Dirsync Option File
Dispatcher Configuration File
Mapping File
Option File
Tailor File
Job Controller File
Examples of Use

Aliases

The Alias Database
The Alias File
Including Other Files in the Alias File

Command Line Utilities
The MTA Directory Cache

Synchronization Configuration Parameters

SMTP Security and Access Control
Log Files

Chapter 7 Configuring Rewrite Rules

Rewrite Rule Structure
Rewrite Rule Patterns and Tags

A Rule to Match Percent Hacks
A Rule to Match Bang-Style (UUCP) Addresses
A Rule to Match Any Address
Tagged Rewrite Rule Sets

Rewrite Rule Templates

Ordinary Rewriting Templates: A%B@C or A@B
Repeated Rewrites Template, A%B
Specified Route Rewriting Templates, A@B@C@D or A@B@C
Case Sensitivity in Rewrite Rule Templates

How the MTA Applies Rewrite Rules to an Address

Step 1. Extract the First Host or Domain Specification
Step 2. Scan the Rewrite Rules
Step 3. Rewrite Address According to Template
Step 4. Finish the Rewrite Process
Rewrite Rule Failure
Syntax Checks After Rewrite
Handling Domain Literals

Template Substitutions and Rewrite Rule Control Sequences

Username and Subaddress Substitution, $U, $0U, $1U
Host/Domain and IP Literal Substitutions, $D, $H, $nD, $nH, $L
Literal Character Substitutions, $$, $%, $@
LDAP Query URL Substitutions, $]...[
General Database Substitutions, $(...)
Apply Specified Mapping, ${...}
Customer-supplied Routine Substitutions, $[...]
Single Field Substitutions, $&, $!, $*, $#
Unique String Substitutions
Source-Channel-Specific Rewrite Rules ($M, $N)
Destination-Channel-Specific Rewrite Rules ($C, $Q)
Direction-and-Location-Specific Rewrite Rules ($B, $E, $F, $R)
Host-Location-Specific Rewrites ($A, $P, $S, $X)
Changing the Current Tag Value, $T
Controlling Error Messages Associated with Rewriting ($?)

Handling Large Numbers of Rewrite Rules
Testing Rewrite Rules
Rewrite Rules Example

Chapter 8 Configuring Channel Definitions

Channel Structure
Predefined Channels
Configuring SMTP Channels

SMTP Command and Protocol Support

Channel Protocol Selection and Line Terminators
EHLO Command Support
ETRN Command Support
VRFY Command Support
DNS Domain Verification
Character Set Labeling and Eight-Bit Data
Protocol Streaming

TCP/IP Connection and DNS Lookup Support

TCP/IP Port Number and Interface Address
Caching for Channel Connection Information
DNS Lookups
IDENT Lookups
TCP/IP MX Record Support
Nameserver Lookups
Last Resort Host
Alternate Channels for Incoming Mail
Target Host Choice

SMTP Authentication and SASL
Transport Layer Security
Channel Operation Type

Configuring Message Processing and Delivery

Delivery of Messages
Processing Pools for Channel Execution Jobs
Service Job Limits
Message Priority Based on Size
SMTP Channel Threads
Expansion of Multiple Addresses
Undeliverable Message Notification Times

Configuring Messages Sent to the Postmaster
Configuring Channel Options
Configuring Channel Defaults
Configuring Logging for Channels
Configuring Debugging for Channels
Setting Up Program Delivery
Using the Hold Channel
Using the Conversion Channel

Selecting Traffic for Conversion Processing
Configuration of the Conversion Channel
Conversion Control

Understanding Conversions

Character Set Conversion and Message Reformatting Mapping

Character Set Conversion
Message Reformatting

Service Conversions

Chapter 9 Mail Filtering and Access Control

PART 1. MAPPING TABLES
Controlling Access with Mapping Tables

SEND_ACCESS and ORIG_SEND_ACCESS Tables
MAIL_ACCESS and ORIG_MAIL_ACCESS Mapping Tables
FROM_ACCESS Mapping Table
PORT_ACCESS Mapping Table
Limiting Specified IP Address Connections to the MTA

When Access Controls Are Applied
Testing Access Control Mappings
Adding SMTP Relaying

Allowing SMTP Relaying for External Sites

Configuring SMTP Relay Blocking

Differentiate Between Internal and External Mail
Differentiate Authenticated Users' Mail
Prevent Mail Relay
Allowing localhost Submissions to the SMTP Port
Using DNS Lookups Including RBL Checking for SMTP Relay Blocking

Handling Large Numbers of Access Entries
Mapping Table Flags
PART 2. MAILBOX FILTERS
Introduction
Creating Per-User Filters
Creating Channel-Level Filters
Creating MTA-Wide Filters

Routing Discarded Messages out The FILTER_DISCARD Channel

Debugging User Filters

Chapter 10 Managing the Message Store

Overview
Message Store Directory Layout
How the Store Erases Message
Specifying Administrator Access to the Store

Adding an Administrator
Modifying an Administrator Entry
Deleting an Administrator Entry

About Message Store Quotas

User Quotas
Domain Quotas and Family Group Quotas
Exceptions for Telephony Application Servers

Configuring Message Store Quotas

Specifying a Default User Quota
Enabling Quota Enforcement and Notification

Enabling Quota Enforcement
Enabling Quota Notification
Defining a Quota Warning Message
Specifying a Quota Threshold

Setting a Grace Period

Specifying Aging Policies
Configuring Message Store Partitions

Adding a Partition
Moving Mailboxes to a Different Disk Partition

Performing Maintenance and Recovery Procedures

Managing Mailboxes

The mboxutil Utility
The hashdir Utility
The readership Utility

Monitoring Quota Limits
Monitoring Disk Space
Using the stored Utility
Repairing Mailboxes and the Mailboxes Database

Rebuilding Mailboxes
Checking and Repairing Mailboxes
Removing Orphaned Accounts
reconstruct Performance

Moving a User's Account

Backing Up and Restoring the Message Store

Creating a Backup Policy

Peak Business Loads
Full and Incremental Backups
Parallel or Serial Backups

Creating Backup Groups
Messaging Server Backup and Restore Utilities

The imsbackup Utility
The imsrestore Utility

Considerations for Partial Restore
Using Legato Networker

Backing Up Data Using Legato Networker
Restoring Data Using Legato Networker

Chapter 11 Configuring Security and Access Control

About Server Security
About HTTP Security
Configuring Authentication Mechanisms

Configuring Access to Plaintext Passwords

Configure Directory Server
Configure Messaging Server

Transitioning Users

User Password Login

IMAP, POP, and HTTP Password Login
SMTP Password Login

Configuring Encryption and Certificate-Based Authentication

Obtaining Certificates

Managing Internal and External Modules
Requesting a Server Certificate
Installing the Certificate
Installing Certificates of Trusted CAs
Managing Certificates and Trusted CAs
Creating a Password File

Enabling SSL and Selecting Ciphers

About Ciphers

Setting Up Certificate-Based Login

Configuring Administrator Access to Messaging Server

Hierarchy of Delegated Administration
Providing Access to the Server as a Whole
Restricting Access to Specific Tasks

Configuring Client Access to POP, IMAP, and HTTP Services

How Client Access Filters Work
Filter Syntax

Wildcard Names
Wildcard Patterns
EXCEPT Operator
Server-Host Specification
Client User-Name Specification

Filter Examples

Mostly Denying
Mostly Allowing
Allowing Only Identified Users
Denying Access to Spoofed Domains
Controlling Access to Virtual Domains
Denying an Individual User

Creating Access Filters for Services
Creating Access Filters for HTTP Proxy Authentication

Configuring Client Access to SMTP Services

Chapter 12 Logging and Log Analysis

PART 1: Introduction

Logged Services
Analyzing Logs with Third-Party Tools

PART 2: Service Logs (Message Store and Administration Server)

Log Characteristics

Logging Levels
Categories of Logged Events
Filename Conventions for Message Store and Administration Logs
Log-File Directories

Log File Format
Defining and Setting Logging Options

Flexible Logging Architecture
Planning the Options You Want
Setting Logging Options

Searching and Viewing Logs

Search Parameters
Specifying a Search and Viewing Results

PART 3: Service Logs (MTA)

Enabling MTA Logging
Specifying Additional MTA Logging Options
MTA Log Entry Format
Managing the MTA Log Files
Examples of MTA Message Logging

Appendix A SNMP Support

SNMP Implementation

SNMP Operation in the Messaging Server

Configuring SNMP Support for the iPlanet Messaging Server on Solaris 8
Monitoring from an SNMP Client
Co-existence with Other iPlanet Products on Unix Platforms
SNMP Information from the Messaging Server

applTable

applTable Usage

assocTable

assocTable Usage

mtaTable

mtaTable Usage

mtaGroupTable

mtaGroupTable Usage

mtaGroupAssociationTable
mtaGroupErrorTable

mtaGroupErrorTable Usage

Glossary

Index