版本 6.3
此版本說明包含 Sun Java Messaging Server 6.3 發行時可用的重要資訊。此處將介紹新功能和增強功能、已知問題和限制,以及其他資訊。使用 Messaging Server 6.3 前,請先閱讀本文件。
Sun 對於本文件中所提及之協力廠商網站的使用不承擔任何責任。Sun 對於此類網站或資源中的 (或透過它們所取得的) 任何內容、廣告、產品或其他材料不做背書,也不承擔任何責任。對於因使用或依靠此類網站或資源中的 (或透過它們所取得的) 任何內容、產品或服務而造成的或連帶產生的實際或名義上之損壞或損失,Sun 概不負責,也不承擔任何責任。
此版本說明含有以下小節:
本文件中提供了協力廠商 URL 以供參考,另亦提供其他相關的資訊。
日期 |
變更說明 |
---|---|
2007 年 7 月 |
透過指向「Communications Express」一章闡明了 Web 瀏覽器支援。 |
2007 年 6 月 |
闡明了 Sun Cluster 和 Veritas Cluster 版本支援;增加了 HA 環境中 ENS 的新錯誤以及安裝過程中建立的錯誤目錄。 |
2007 年 5 月 |
增加了 Red Hat Linux 3.1 支援的已停用陳述式。 |
2007 年 3 月 |
Sun JavaTM System Messaging Server 6.3 正式版 |
2006 年 9 月 |
Sun Java System Messaging Server 6.3 後期測試版 |
Messaging Server 是高度安全的高效能郵件傳送平台,可從數千使用者擴充到數百萬使用者。它提供了廣泛的安全功能,可透過使用者認證、階段作業加密和用於防止垃圾郵件和病毒的適當內容篩選功能,幫助確保通訊的完整性。透過 Messaging Server,企業和服務提供者可為整個社群的雇員、合作夥伴和客戶提供安全可靠的郵件傳送服務。
Messaging Server 使用開放式網際網路標準提供功能強大而靈活的解決方案,可滿足企業和各種容量之郵件傳送主機的電子郵件需求。
Messaging Server 6.3 發行版本中增加了以下新功能與增強功能:
Messaging Server 支援透過 Sun Content Management、Sun Compliance 和 Content Management 解決方案進行歸檔。郵件歸檔系統會將內送和外寄郵件的所有或部分指定子集,儲存在 Messaging Server 以外的系統上。在歸檔系統中可以儲存並擷取已傳送、接收、刪除和移動的郵件。郵件歸檔之後,電子郵件使用者即無法再修改或移除,這可維護內送和外寄郵件的完整性。郵件歸檔對於規範遵循記錄的保存、郵件存放區管理和郵件備份來說,是相當實用的。如需更多資訊,請參閱「Message Archiving Using the Sun Compliance and Content Management Solution」。
雖然文件也說明作業歸檔,但是此功能已經在 Sun Java System Messaging Server 6.3 Patch 1 發行版本中停用。
Webmail 伺服器亦稱為 mshttpd (Messaging Server HTTP 常駐程式),為 Messenger Express 和 Communications Express 用戶端提供電子郵件服務。現在,Webmail 伺服器經由 IMAP 伺服器存取郵件存放區。這項功能帶來諸多好處:
現在,Messenger Express 和 Communications Express 用戶端可以存取位於不同後端郵件存放區的共用資料夾。
無需在每部後端伺服器上安裝 Webmail 伺服器。
Webmail 伺服器可以做為前端伺服器,執行先前由 Messenger Express Multiplexor (MEM) 執行的多重訊號組合功能。
不再使用 MEM。請參閱已停用和移除的 Messaging Server 功能。
在用戶端,唯一的變更是現在使用者可以存取位於其郵件存放區之外的共用資料夾。在先前的版本中,MEM 接收 HTTP 用戶端請求,然後轉寄至適當的 Webmail 伺服器 (位於適當的後端郵件存放區)。因此,必須在每部後端伺服器上都安裝 mshttpd 的副本。現在,Webmail 伺服器可做為前端伺服器,來接收 HTTP 用戶端電子郵件請求,將這些請求轉譯為 SMTP 或 IMAP 呼叫,並將呼叫轉寄至 MTA 或後端郵件存放區中適當的 IMAP 伺服器。
藉由確定 IP 位址最近連線是否過於頻繁並應關閉一段時間,MeterMaid 可允許阻塞功能。MeterMaid 就像延街巡守的警官一樣,查看有誰超過其指定的範圍。這個取代 conn_throttle.so 的儲存庫程序提供類似的功能,但將功能延伸至 Messaging Server 產品。此外,MeterMaid 的配置性也優於 conn_throttle.so。
目前不會針對 conn_throttle.so 提供進一步的增強功能。
Messaging Server 支援使用常見且可免費取得的協力廠商病毒掃描程式 ClamAV,以偵測受到病毒和特洛伊木馬感染的郵件。
基於 Sendmail Content Management API 的程式亦稱為 Milter (郵件篩選器的簡稱),現在可以在 Messaging Server 上執行。Milter 提供協力廠商軟體外掛程式介面,以在郵件通過 MTA 時,加以驗證和修改。Milter 可以處理郵件的連線 (IP) 資訊、訊息封協定元素、郵件標題和/或郵件內文,並修改郵件的收件者、標題和內文。篩選器可用於垃圾郵件拒絕、病毒篩選及內容控制。總之,Milter 以可延伸的方式,試圖涵蓋整個網站的篩選需求。請參閱「Sun Java System Messaging Server 6.3 管理指南」中的「使用 Milter」。
IMAP SORT
IMAP 協定的 SORT 延伸提供一系列基於伺服器的郵件排序功能,不需要用戶端下載所需的檔案,即可自動完成。請參閱:http://www.ietf.org/internet-drafts/draft-ietf-imapext-sort-18.txt,以取得更多資訊。
IMAP COMPARATOR
IMAP IDLE
IMAP 規格的 IMAP IDLE 延伸 (在 RFC 2177 中定義) 允許 IMAP 伺服器在新郵件送達以及使用者電子信箱發生其他更新時,通知郵件用戶端。IMAP IDLE 功能具有以下優點:
郵件用戶端無須針對內送郵件輪詢 IMAP 伺服器。
消除用戶端輪詢可以減少 IMAP 伺服器的工作負荷量,並提升伺服器效能。當使用者僅接收少量郵件或是沒有郵件時,進行用戶端輪詢是極為浪費的;用戶端繼續以配置的間隔 (通常是每 5 或 10 分鐘) 進行輪詢。
郵件用戶端在更接近郵件實際送達使用者電子信箱的時間,向使用者顯示新郵件。同時以幾近即時的時間顯示郵件狀態變更。
IMAP 伺服器無須等到下次輪詢,就可以通知用戶端有新的郵件訊息或已更新郵件訊息,而在新郵件送達或郵件狀態變更時,立即收到通知。接著,伺服器透過 IMAP 協定通知用戶端。
IMAP IDLE 預設關閉。
高效能使用者查詢和認證 (HULA) 為 Communications Suite 提供程式庫,以取得一致的使用者查詢語義,就如 domainmap 對網域查詢的作用一樣。使用 HULA 時,以下的介面變更會影響 MMP:
已在多個發行版本中實作 HULA。此發行版本支援 HULA 的 MMP 實作。下個發行版本在郵件存放區和 MTA 中支援 HULA 實作。
以下介面變更會影響 MMP:
現在 MMP 支援使用者狀態屬性。在此發行版本之前,MMP 依賴後端伺服器強制使用者狀態。這項變更可以減少使用者遷移期間的後端負載。
MMP 記錄訊息已經過正規化,永遠包含在 MMP 程序使用期限內未重複使用的整數連線 ID。先前,MMP 訊息使用十六進制連線環境位址 (可重複使用)。而且,lpool 層使用其他環境位址 (難以相關聯)。現在,MMP、hula 和 lpool 層將使用相同的 ID。
現在,MMP 除錯記錄層級配置設定使用 syslog-style 記錄層級,而非未指定的數值層級。LogLevel 選項先前預設為 1,現在預設為 5 (LOG_NOTICE)。3 以下的值不產生輸出。3 (LOG_ERR) 到 7 (LOG_DEBUG) 之間的值在除錯記錄中提供不同數量的輸出。
現在 MMP 將支援 option.dat 中的以下附加 MTA 選項:LDAP_DOMAIN_FILTER_SCHEMA1、LDAP_DOMAIN_FILTER_SCHEMA2、LDAP_ATTR_DOMAIN1_SCHEMA2、LDAP_ATTR_DOMAIN2_SCHEMA2、LDAP_ATTR_DOMAIN_SEARCH_FILTER、LDAP_DOMAIN_ATTR_BASEDN、LDAP_DOMAIN_ATTR_CANONICAL、LDAP_DOMAIN_ATTR_ALIAS, LDAP_UID、LDAP_DOMAIN_ATTR_UID_SEPARATOR、LDAP_DOMAIN_ATTR_STATUS、LDAP_DOMAIN_ATTR_MAIL_STATUS、LDAP_USER_STATUS 和 LDAP_USER_MAIL_STATUS。
已實作 TCP 存取篩選器 ident 支援,但未在先前的發行版本中測試。手冊中也警告說 ident 支援在數個發行版本前就已停用。新的程式碼不實作對 ident 的支援。需要 ident 的篩選器會導致認證出現錯誤而失敗。
雖然未經測試,先前的 MMP 版本仍允許使用者名稱包含任何 UTF-8 字元。HULA 強制要求正確的 UTF-8 語法,並禁止過長的編碼與代用字元。
imsconnutil 公用程式的新選項 -k 會中斷使用者與 IMAP 和 POP 階段作業的連線。登入 Communications Express 的使用者會失去基本的 IMAP 連線,同時也因此中斷連線。
JMQ 通知外掛程式讓您可以使用 Java Messaging Service (JMS) 標準遞送通知郵件。現在,您可以配置外掛程式將通知傳送至兩個不同的郵件傳送服務:
Sun Java System Message Queue 3.6 或更高版本 (實作 JMS 標準)
事件通知服務
使用 Message Queue,您就能夠為訊息和/或佇列 (兩種遞送方法) 產生主題。Message Queue 還提供增強的負載平衡、延展性和穩定性。請參閱「Sun Java System Messaging Server 6.3 管理指南」中的第 22 章「配置 JMQ 通知外掛程式以產生郵件佇列的郵件」。
寄件者策略架構 (SPF) 是一種可以在 SMTP 對話期間,偵測並拒絕偽造電子郵件的技術。具體講,SPF 是一種方法,允許網域明確授權可使用其網域名稱的主機。此外,可配置接收主機檢查此項授權。因此,SPF 可以顯著減少偽造電子郵件的實例。請參閱:「Sun Java System Messaging Server 6.3 管理指南」中的第 15 章「使用寄件者策略架構處理偽造的電子郵件」。
現在可以針對特定資料夾和郵件類型,設定郵件存放區配額。郵件類型配額允許您指定語音郵件和電子郵件等郵件類型的限制。資料夾配額以位元組或郵件為單位,設定使用者資料夾的大小限制。例如,您可以在 [垃圾箱] 資料夾上設定配額。Messaging Server 允許您為網域和使用者設定預設配額以及自訂配額。請參閱「Sun Java System Messaging Server 6.3 管理指南」中的「關於郵件儲存配額」。
您已無法透過管理主控台取得憑證,而改為使用名為 msgcert 的新指令取得憑證。舊的 certutil 指令仍然可以使用,但該指令相當複雜,而且尚未國際化。如需詳細資訊,請參閱「Sun Java System Messaging Server 6.3 管理指南」中的「取得憑證」。
如需 Sun Java Enterprise System Monitoring Framework 的有關資訊,請參閱「Sun Java Enterprise System 5 Monitoring Guide 」。
先前的 MMP 版本並不檢查 inetUserStatus、mailUserStatus、inetDomainStatus、mailDomainStatus 等屬性。當帳號為非使用中、已停用或已刪除狀態時,MMP 依賴後端伺服器來拒絕連線。現在,目前的 MMP 版本支援這些屬性,並能在「使用中」、「超過配額」或空之外的其他狀態下,於 MMP 層終止連線。這樣可以在遷移使用者時,改善部署的延展性。
MMP 除錯記錄層級和階段作業 ID:已變更 MMP「LogLevel」配置選項的意義,以便遵循 syslog 慣例。在先前的發行版本中,它可以是任意值 (預設為 1)。在本發行版本中,它遵循 syslog 慣例。預設值是 5 (LOG_NOTICE),而 3 (LOG_ERR) 到 7 (LOG_DEBUG) 之間的值會改變所顯示的郵件集,並與它們對 syslog() 的意義相同。另外,現在 MMP 除錯記錄檔中的郵件使用階段作業/連線 ID,此 ID 以數值表示,而且在 MMP 程序的使用期限內是唯一的。
本小節描述多項 MTA 新功能的部份已經合併到 Messaging Server 文件中。這裡仍然列出這些功能,以保持文件的完整,並藉此宣佈新功能。
(54) A new facility has been added to store information that previously would have gone in the general, forward, and reverse databases in the compiled configuration instead. A new MTA option, USE_TEXT_DATABASES, has been added to control this capability. This option is bit encoded. If bit 0 (value 1) is set the file IMTA_TABLE:general.txt is read as the MTA configuration is initialized and the information from that file replaces all uses of the general database. If bit 1 (value 2) is set the file IMTA_TABLE:reverse.txt is read and used in instead of the reverse database. Finally, if bit 2 (value 4) is set the file IMTA_TABLE:forward.txt is read and used instead of the forward database. The default value for this option is 0, which disables all use of text databases. Note that use of the text database option means that changes to the underlying files will only be seen after a cnbuild, and in the case of running processes, after a reload. Several additional MTA options can be used to set the initial size of the various text database tables: GENERAL_DATA_SIZE - Initial number of entries in the general text database. REVERSE_DATA_SIZE - Initial number of entries in the reverse text database. FORWARD_DATA_SIZE - Initial number of entries in the forward text database. The MTA stores the database template strings in string pool 3, so the STRING_POOL_SIZE_3 MTA option controls the initial allocation of space for this purpose. Note that these various options only control initial sizes; the various tables and arrays will resize automatically up to the maximum allowed size. The maximum string pool size in 6.2P8 and earlier is 10Mb, after 6.2P8 is has been increased to 50Mb. Up to 1 million entries are allowed in 6.2P8 and earlier, this has been increased to 2 million entries in later releases. (144) A new MTA option, USE_CANONICAL_RETURN, has been added. This option is bit-encoded with the various bits matching those of the USE_ORIG_RETURN option. Each place where the MTA performs a comparison operation against the envelope from (MAIL FROM) address has an assigned bit. If the bit in USE_CANONICAL_RETURN is clear normal rewriting is applied to the envelope from address prior to use. In particular rewriting from mailAlternateAddress attributes to mail attributes will be performed; mailEqvuialentAddress attributes won't be rewritten to the corresponding mail attribute. If, however, the bit is set, the corresponding address will be rewritten if it appears in a mailEquivalentAddress attribute. It should be noted that the bit USE_ORIG_RETURN will, if set, disable rewriting entirely. So setting a bit in USE_ORIG_RETURN makes the corresponding bit in USE_CANONICAL_RETURN a noop. Note that the various bits of USE_ORIG_RETURN don't appear to be documented at this time, so here's a list of them: Bit Value Usage 0 1 When set, use the original envelope From: address in ORIG_SEND_ACCESS mapping table probes 1 2 When set, use the original envelope From: address in SEND_ACCESS mapping table probes 2 4 When set, use the original envelope From: address in ORIG_MAIL_ACCESS mapping table probes 3 8 When set, use the original envelope From: address in MAIL_ACCESS mapping table probes 4 16 When set, use the original envelope From: address in mailing list [AUTH_LIST], [MODERATOR_LIST], [SASL_AUTH_LIST], and [SASL_MODERATOR_LIST] checks 5 32 When set, use the original envelope From: address in mailing list [CANT_LIST] and [SASL_CANT_LIST] checks 6 64 When set, use the original envelope From: address in mailing list [AUTH_MAPPING], [MODERATOR_MAPPING], [SASL_AUTH_MAPPING], and [SASL_MODERATOR_MAPPING] checks 7 128 When set, use the original envelope From: address in mailing list [CANT_MAPPING] and [SASL_CANT_MAPPING] checks 8 256 When set, use the original envelope From: address in mailing list [ORIGINATOR_REPLY] comparisons 9 512 When set, use the original envelope From: address in mailing list [DEFERRED_LIST], [DIRECT_LIST], [HOLD_LIST], and [NOHOLD_LIST] checks 10 1024 When set, use the original envelope From: address in mailing list [DEFERRED_MAPPING], [DIRECT_MAPPING], [HOLD_MAPPINGS], and [NOHOLD_MAPPING] checks 11 2048 When set, use the original envelope From: address in mailing list checks for whether the sender is the list moderator 12 4096 When set, use the original envelope From: address in mailing list LDAP_AUTH_DOMAIN LDAP attribute (e.g., mgrpAllowedDomain) checks 13 8192 When set, use the original envelope From: address in mailing list LDAP_CANT_DOMAIN LDAP attribute (e.g., mgrpDisallowedDomain) checks 14 16384 When set, use the original envelope From: address in mailing list LDAP_AUTH_URL LDAP attribute (e.g., mgrpAllowedBroadcaster) checks 15 32768 When set, use the original envelope From: address in mailing list LDAP_CANT_URL LDAP attribute (e.g., mgrpDisallowedBroadcaster) checks 16 65536 OBSOLETE. In Messaging Server 5.0 and Messaging Server 5.1, when set use the original envelope From: address in mailing list LDAP_MODERATOR_RFC822 comparisons; since as of Messaging Server 5.2 there is no longer any such global MTA option nor need for such an attribute (since the LDAP_MODERATOR_URL attribute value can, in fact, specify a mailto: URL pointing to an RFC 822 address), this bit no longer has any meaning. 17 131072 When set, use the original envelope From: address in mailing list LDAP_MODERATOR_URL LDAP attribute (e.g., mgrpModerator) comparisons 18 262144 When set, use the original envelope From: address in any source-specific FORWARD mapping tables probes 19 524288 When set, use the original envelope From: address in any source-specific FORWARD database probes Bit 0 is the least significant bit. (145) The SPAMFILTERn_OPTIONAL MTA options now accept two additional values: -2 and 2. -2 and 2 are the same as 0 and 1 respectively except that they also cause a syslog message to be sent in the event of a problem reported by the spam filter plugin. (146) Old-style mailing lists defined in the aliases file or aliases database now accept a nonpositional [capture] parameter. If used the [capture] parameter specifies a capture address with the same semantics as capture addresses specified by the LDAP_CAPTURE attribute applied to a user or group in LDAP. (147) The default value for the MISSING_RECIPIENT_POLICY MTA option has been changed from 2 (add envelope recipient list as a To: field) to 1 (ignore missing recipient condition). This brings Messaging Server in line with what RFC 2822 recommends. (148) Although it will rarely make sense to do so, the x_env_to keyword can now be used without also setting single on a channel. (149) The MTA now has the ability to process multiple different LDAP attributes with the same semantics. Note that this is not the same as processing of multiple values for the same attribute, which has always been supported. The handling attributes receive depends on the semantics of the attribute. The possible options are: (a) Multiple different attributes don't make sense and render the user entry invalid. In 6.2 and later this handling is the default for all attributes unless otherwise specified. (b) If multiple different attribute are specified one is chosen at random and used. LDAP_AUTOREPLY_SUBJECT, LDAP_AUTOREPLY_TEXT, and LDAP_AUTOREPLY_TEXT_INT all receive this handling in 6.2 only; in 6.3 and later they receive the handling described in item 153 below. 6.3 adds the LDAP_SPARE_3 and LDAP_PERSONAL_NAME attribute to this category. Note that this was how all attributes were handled prior to 6.2. (c) Multiple different attributes do make sense and should all be acted on. This handling is currently in effect for LDAP_CAPTURE, LDAP_ALIAS_ADDRESSES, LDAP_EQUIVALENCE_ADDRESSES and LDAP_DETOURHOST_OPTIN. Note that LDAP_DETOURHOST_OPTIN attribute was first added to Messaging Server in 6.3. (150) The MTA now has the ability to chose between multiple LDAP attributes and attribute values with different language tags and determine the correct value to use. The language tags in effect are compared against the preferred language information associated with the envelope from address. Currently the only attributes receiving this treatment are LDAP_AUTOREPLY_SUBJECT (normally mailAutoReplySubject), LDAP_AUTOREPLY_TEXT (normally mailAutoReplyText), LDAP_AUTOREPLY_TEXT_INT (normally mailAutoReplyTextInternal), LDAP_SPARE_4, LDAP_SPARE_5, LDAP_PREFIX_TEXT and LDAP_SUFFIX_TEXT. It is expected that each attribute value will have a different language tag value; if different values have the same tag value the choice between them will be essentially random. 151) The length of URLs that can be specified in a mapping URL lookup has been increased from 256 to 1024. The same increase also applies to expressions evaluated by mappings and mapping calls to other mappings. (152) A new MTA option, LOG_REASON, controls storage of error reason information in log records. Setting the option to 1 enables this storage, 0 (the default) disables it. This information, if present, appears just before diagnostic information in log records. (153) A :percent argument has been added to spamtest. If present it changes the range of the spamtest result from 0-10 to 0-100. See the Internet Draft draft-ietf-sieve-spamtestbis-05.txt for additional information on this change. (154) The SpamAssassin spam filter plugin's DEBUG option setting now accepts an integer value instead of a boolean 0 or 1. The larger the value the more debugging will be generated. In particular, a setting of 2 or greater reports exactly what was received from spamd. (155) The conversion mapping now allows a new "PREPROCESS" directive. If specified it allows charset conversions to be done on messages prior to sending them to the conversion channel. (156) The $. metacharacter sequence can now be used in a mapping or rewrite rule to establish a string which will be processed as the mapping entry result in the event of a temporary LDAP lookup failure. By default temporary LDAP failures cause the current mapping entry to fail. This is problematic in cases where different actions need to be taken depending on whether the LDAP lookup failed to find anything versus the directory server being unavailable or misconfigured. The temporary failure string is terminated by an unescaped ".". In the case of mappings once a failure string has been set using this construct it will remain set until current mapping processing is completed. Rewrite rules behave differently; a temporary failure string remains set only for the duration of the current rule. "$.." can be used to return to the default state where no temporary failure string is set and temporary LDAP failures cause mapping entry or rewrite rule failure. Note that all errors other than failure to match an entry in the directory are considered to be temporary errors; in general it isn't possible to distinguish between errors caused by incorrect LDAP URLs and errors caused by directory server configuration problems. (157) Setting the LOG_FORMAT MTA option to 4 now causes log entries to be written in an XML-compatible format. Entry log entry appears as a single XML element containing multiple attributes and no subelements. Three elements are currently defined, en for enqueue/dequeue entries, co for connection entries, and he for header entries. Enqueue/dequeue (en) elements can have the following attributes: ts - time stamp (always present) no - node name (present if LOG_NODE=1) pi - process id (present if LOG_PROCESS=1) sc - source channel (always present) dc - destination channel (always present) ac - action (always present) sz - size (always present) so - source address (always present) od - original destination address (always present) de - destination address (always present) de - destination address (always present) rf - recipient flags (present if LOG_NOTARY=1) fi - filename (present if LOG_FILENAME=1) ei - envelope id (present if LOG_ENVELOPE_ID=1) mi - message id (present if LOG_MESSAGE_ID=1) us - username (present if LOG_USERNAME=1) ss - source system (present if bit 0 of LOG_CONNECTION is set and source system information is available) se - sensitivity (present if LOG_SENSITIVITY=1) pr - priority (present if LOG_PRIORITY=1) in - intermediate address (present if LOG_INTERMEDIATE=1) ia - initial address (present if bit 0 of LOG_INTERMEDIATE is set and intermediate address information is available) fl - filter (present if LOG_FILTER=1 and filter information is available) re - reason (present if LOG_REASON=1 and reason string is set) di - diagnostic (present if diagnostic info available) tr - transport information (present if bit 5 of LOG_CONNECTION is set and transport information is available) ap - application information (present if bit 6 of LOG_CONNECTION is set and application information is available) Here is a sample en entry: en ts="2004-12-08T00:40:26.70" pi="0d3730.10.43" sc="tcp_local" dc="l" ac="E" sz="12" so="info-E8944AE8D033CB92C2241E@whittlesong.com" od="rfc822;ned+2Bcharsets@mauve.sun.com" de="ned+charsets@mauve.sun.com" rf="22" fi="/path/ZZ01LI4XPX0DTM00IKA8.00" ei="01LI4XPQR2EU00IKA8@mauve.sun.com" mi="<11a3b401c4dd01$7c1c1ee0$1906fad0@elara>" us="" ss="elara.whittlesong.com ([208.250.6.25])" in="ned+charsets@mauve.sun.com" ia="ietf-charsets@innosoft.com" fl="spamfilter1:rvLiXh158xWdQKa9iJ0d7Q==, addheader, keep" Here is a sample co entry: co ts="2004-12-08T00:38:28.41" pi="1074b3.61.281" sc="tcp_local" dr="+" ac="O" tr="TCP|209.55.107.55|25|209.55.107.104|33469" ap="SMTP"/ Header (he) entries have the following attributes: ts - time stamp (always present, also used in en entries) no - node name (present if LOG_NODE=1, also used in en entries) pi - process id (present if LOG_PROCESS=1, also used in en entries) va - header line value (always present) Here is a sample he entry: he ts="2004-12-08T00:38:31.41" pi="1074b3.61.281" va="Subject: foo"/ (158b) Added list authorization policy values SMTP_AUTH_USED and AUTH_USED. These are similar in effect to the old SMTP_AUTH_REQUIRED and AUTH_REQ but unlike the old values do not require posters to authenticate. (159) Sieve errors are now logged as such in mail.log when LOG_FILTER is enabled. (160) The ALLOW_TRANSACTION_PER_SESSION limit kicked in one transaction too early; it now allows the specified number of transaction instead of one less. (161) The type of transport protocol in use (SMTP/ESMTP/LMTP) is now logged and made available to the various access mappings. In particular, two new modifier characters have been added to the set that can appear after an action indicator in the mail.log* files: E - An EHLO command was issued/accepted and therefore ESMTP was used L - LMTP was used Previously the only modifier characters that would appears were A (SASL authentication used) and S (TLS/SSL used). Additionally, the $E and $L flags respectively will be set as appropriate for the various *_ACCESS mappings. (162) Wildcards are now allowed in the strings used to match verdicts returned by spam filters. (163) imsimta encode now supports three new switches: -disposition=VALUE Sets the content-disposition to the specified VALUE -parameters=NAME=VALUE Specifies one or more additional content-type parameters and their values -dparameters=NAME=VALUE Specifies one or more additional content-disposition parameters and their values (164) Bit 4 (value 16) of the DOMAIN_UPLEVEL MTA option is now used to control whether address reversal rewriting is: (1) Skipped if the address is a mailEquivalentAddress (bit clear) (2) Performed only if the address is a mailAlternateAddress (bit set) (165) A value "/" given as an [envelope_from] nonpositional alias parameter, as an errors to positional alias parameter, or as a value of the mgrpErrorsTo LDAP attribute is now interpreted as a request to revert to using the original envelope from address for the incoming message while retaining mailing list semantics. This can be useful for setting up mailing lists that report all forms of list errors to the original sender. (166) The Job controller directory sweep is now more sophisticated. Instead of reading all the files in the queue directory in the order in which they are found, it reads several channel queue directories at once. This makes for much more reasonable behaviour on startup, restart, and after max_messages has been exceeded. The number of directories to be read at once is controlled by the job controller option Rebuild_Parallel_Channel. This can take any value between 1 and 100. The default is 12. (167) The sieve interpreter now keeps track of whether a response message was generated by a notify or vacation action and logs this information as needed. (168) Add the option Rebuild_In_Order parameter to the job_controller. If this is set to a non zero value, then on startup the job controller adds previously untried (ZZ*) messages to the delivery queue in creation order. Previous (and default) behavior is to add the messages in the order in which they are found on disk. There is a cost associated with recreating the queues in order. (169) Some additional reasons why a requested vacation response isn't sent are now logged. (170) Add the command imsimta cache -change command. This command allows certain job controller parameters to be changed on the fly. The allowed formats of this command are: imsimta cache -change -global -debug=<integer> imsimta cache -change -global -max_messages=<integer> imsimta cache -change -channel_template=<name> master_job=<command> imsimta cache -change -channel_template=<name> slave_job=<command> imsimta cache -change -channel=<name> master_job=<command> imsimta cache -change -channel=<name> slave_job=<command> imsimta cache -change -channel=<name> thread_depth=<integer> imsimta cache -change -channel=<name> job_limit=<integer> Changing parameters for a channel template (e.g. tcp_*) changes that parameter for all channels derived from that template. (171) Add the command imsimta qm jobs. This command displays what messages are being processed by what jobs for what channels. Typical output might be: channel <channel name> job <pid> host <host name> host <host name> <count of hosts> HOSTS BEING PROCESSED BY JOB <pid> message <subdir/message name> message <subdir/message name> processed messages: <# messages sucessfully dequeued> failed processing attempts: <# messages reenqueued> <count of messages> MESSAGES BEING PROCESSED BY JOB <pid> <count of jobs> JOBS ACTIVE FOR CHANNEL foo <count of active channels> ACTIVE CHANNELS In the past they were only available to the various *_ACCESS mappings. E - Incoming connection used ESMTP/EHLO. L - Incoming connection used LMTP/LHLO. F - NOTIFY=FAILURES active for this recipient. S - NOTIFY=SUCCESSES active for this recipient. D - NOTIFY=DELAYS active for this recipient. A - SASL used to authenticate connection. T - SSL/TLS used to secure connection. (174) The buffer used for spamfilter verdict destination strings has been increased in size from 256 to 1024 characters. This was done to accomodate the much longer verdict destination strings that Brightmail 6.0 can return. (175) Two new values now have meaning for the various SPAMFILTERx_OPTIONAL MTA options: 3 and 4. A value of 3 causes spamfilter failures to accept the message but queue it to the reprocess chanel for later processing. A value of 4 does the same thing but also logs the spam filter temporary failure to syslog. (176) The ability to log the amouint of time a message has spent in the queue has been added to the MTA logging facility. A new option, LOG_QUEUE_TIME, enables this capability. Setting the option to 1 enables queue time logging, while the default value of 0 disables it. The queue time is logged as an integer value in seconds. It appears immediately after the application information string in non-XML format logs. The attribute name in XML formatted logs for this value is "qt". (177) Source channel switching based on user or domain settings is now possible. There are three new settings involved: (a) A new channel keyword userswitchchannel. This keyword must be present on the initial source channel for user channel switching to occur. (b) A new MTA option LDAP_DOMAIN_ATTR_SOURCE_CHANNEL that specifies the name of a domain-level attribute containing the name of the channel to switch to. (c) A new MTA option LDAP_SOURCE_CHANNEL that specified is the name of a user-level attribute containing the name of the channel to switch to. Additionally, the channel being switched to must be set to allow channel switches, that is, it cannot be marked with the noswitchchannel keyword. Switching is done based on information returned by rewriting the MAIL FROM address. Note that MAIL FROM addresses are easily forged so this functionality should be used with extreme care. (178) List expansion in the context of the mgrpallowedbroadcaster LDAP attribute now includes all the attributes used to store email addresses (normally mail, mailAlternateAddress, and mailEquivalentAddress). Previously only mail attributes were returned, making it impossible to send to lists restricted to their own members using alternate addresses. (179) The default for the GROUP_DN_TEMPLATE MTA option has been changed to ""ldap:///$A??sub?mail=*". It used to be ""ldap:///$A?mail?sub?mail=*". This change makes the change described in item 178 work correctly in the case of lists defined using DNs. a domain-level attribute containing the default mailhost for the domain. If set and the attribute is present on the domain the mailhost attribute is no longer required on user entries in the domain. This option currently has no default, but preferredmailhost is the logical attribute to use as long as some other, conflicting usage doesn't exist. (181) New channel keywords generatemessagehash, keepmessagehash, and deletemessagehash. Generatemessage will, if specified on a destination channel, cause a Message-hash: header field to be inserted into the message. Keepmessagehash will cause any existing Message-hash: field to be retained. Deletemessagehash will delete any existing Message-hash: field. Deletemessagehash is the default. The value placed in Message-Hash: fields is (obviously) a hash of the message. Several new MTA options control how the hash is generated: MESSAGE_HASH_ALGORITHM - The hash algorithm. Can be any of "md2", "md4", "md5" (the default), "sha1", "md128" (for RIPE-MD128), or "md160" (for RIPE-MD160). MESSAGE_HASH_FIELDS - Comma separated list of fields from the header to hash (in order). Any known header field can be specified. If this option is not specified it defaults to "message-id,from,to,cc,bcc, resent-message-id,resent-from,resent-to,resent-cc,resent-bcc, subject,content-id,content-type,content-description". (182) New MTA option UNIQUE_ID_TEMPLATE. This option specifies a template used to convert an address into a unique identifier. The template's substitution vocabulary is the same as that for delivery options. The resulting unique identifier is intended for use by message archiving tools. (183) Per-user aliasdetourhost is now possible through the following set of features: (a) Added a aliasoptindetourhost channel keyword. This is similar in function to aliasdetourhost except detouring only occurs if the user has opted in via the following attribute. The keyword's value is a comma-separated list of potential detour hosts. (b) Added a LDAP_DETOURHOST_OPTIN MTA option, which specifies the name of an attribute used to opt the user in to the detour (assuming of course the source channel has aliasoptindetourhost set). If the values of this attribute contain periods they will be compared against the list of potential detour hosts and the first host on the list that matches will be the chosen detour. If the value doesn't contain a period the first detour host will be used unconditionally. (c) Added a ALIASDETOURHOST_NULL_OPTIN MTA option. This is similar to SPAMFILTERx_NULL_OPTIN - it specifies a "special" value which if used in the optin attribute is treated as the same as the attribute being omitted. The default valueis "", which means that an empty attribute value is ignored. (184) Support for a new IP_ACCESS table has been added. This access mapping is consulted during SMTP client operations just prior to attempting to open connections to a remote server. The mapping probe has the following format: source-channel|address-count|address-current|ip-current|hostname source-channel is the channel the message is being dequeued from, address-count is the total number of IP addresses for the remote server, address-current is the index of the current ip address being tried, ip-current is the current IP address, and hostname is the symbolic name of the remote server. The mapping can set the following flags: $N - Immediately reject the message with an "invalid host/domain error" Any supplied text will be logged as the reason for rejection but will not be included in the DSN. $I - Skip the current IP without attempting to connect. $A - Replace the current IP address with the mapping result. (185) The ACCESS_ORCPT MTA option has been changed from a simple boolean (0 or 1) to a bit-encoded value. Bit 0 (value 1) has the same effect it always had: It enables the addition of the ORCPT to all the various access mappings. Bits 1-4 (values 2-16), if set, selectivey enable the addition to the ORIG_SEND_ACCESS, SEND_ACCESS, ORIG_MAIL_ACCESS, and MAIL_ACCESS mappings respectively. (186) The new ACCESS_COUNTS MTA option provides a way to get at various types of recipient count information in the various recipient *_ACCESS mappings. ACCESS_COUNTS is bit-encoded in the same way as ACCESS_ORCPT now is (see the previous item for specifics) and if set enables the addition of a set of counts to the end of the access mapping probe string. Currently the format of the count addition is: RCPT-TO-count/total-recipient-count/ Note the trailing slash. It is expected that additional counter information will be added to this field in the future; all mappings making use of this information should be coded to ignore anything following the (current) last slash or they may break without warning. (187) Support for SMTP chunking (RFC 3030) has been added to both the SMTP client and server. This support is enabled by default. Four new channel keywords can be used to control whether or not chunking is allowed. They are chunkingclient - Enable client chunking support (default) chunkingserver - Enable server chunking support (default) nochunkingclient - Disable client chunking support nochunkingserver - DIsable server chunking support The log file action field has been extended to indicate whether or not chunking was used to transfer a given message. Specifically, a C will be appended if chunking is used. Note that ESMTP has to be used for chunking to work, so you'll typically see field values like "EEC" or "DEC". (188) Support has been added for a new caption channel keyword. This keyword is similar to the existing description channel keyword in that it takes a quoted string as an argument that is intended for use in channel displays. The difference is presumably that a "caption" is short than a "description". JES MF appears to need both. (189) A new utility routine has been written to verify domain-level Schema 1 and 2 information in the directory. This utilty routine is accessible to user through a new verify command in the imsimta test -domain program: % imsimta test -domain DOMAIN_MAP> verify Various checks are done by this utility, but the most important by far is verification of canonical domain settings for domains with overlapping user entries. The verification utility can return the following fatal errors: %DMAP-F-CANTGETDN, Cannot obtain DN of domain entry, directory error %DMAP-F-INTDEFERROR, Internal defined flag error on domain '%.*s', aborting %DMAP-F-INTHASHERROR, Internal hash error, aborting %DMAP-F-INTTREESTRUCTERROR, Internal tree structure error, aborting These are all indicative of an internal error in the verification code and should never occur. The following domain errors can be reported: %DMAP-E-ALIASTOOLONG, Domain alias '%s' in entry with DN '%s' is too long %DMAP-E-BASEDNTOOLONG, Base DN pointer '%s' in entry for domain '%.*s' is too long %DMAP-E-CANONICAL, Overlapping domains '%.*s' and '%.*s' defined by entries '%.*s' and '%.*s' have different canonical domains '%.*s' and '%.*s' %DMAP-E-CANONICALINVALID, Canonical domain '%.*s' defined/referenced by domain entry with DN '%.*s' is syntactically invalid %DMAP-E-CANONICALTOOLONG, Canonical name '%s' in entry for domain '%.*s' is too long %DMAP-E-CANTCONVDCDN, Cannot convert DN '%s' in DC tree to domain name %DMAP-E-CANTEXTALIAS, Empty alias pointer attribute in '%.*s' domain alias entry %DMAP-E-DOMAININVALID, Domain name '%.*s' defined/referenced by domain entry with DN '%.*s' is syntactically invalid %DMAP-E-DOMAINMULTDEF, Domain '%s' multiply defined by entries with DNs '%s' and '%s' %DMAP-E-DOMAINTOOLONG, Domain '%s' in entry with DN '%s' is too long %DMAP-E-DOMAINUNDEF, Domain name '%.*s' referenced by domain entry with DN '%.*s' never defined %DMAP-E-EMPTYCANONICAL, Domain '%.*s' has an empty canonical name %DMAP-E-INVALIDBASEDN, Base DN pointer '%.*s' in entry for domain '%.*s' is not a valid DN %DMAP-E-MULTICANONICAL, Multivalued canonical name in entry for domain '%.*s', used value '%s' ignored '%s' %DMAP-E-NOBASEDN, Domain '%.*s' has no base DN %DMAP-E-EMPTYBASEDN, Domain '%.*s' has an empty base DN %DMAP-E-NODOMAINNAME, Domain entry with DN '%s' does not have a domain name The following warnings can be reported: %DMAP-W-DISALLLOWEDATTR, Domain '%.*s' has a disallowed attribute '%s' with value '%s' %DMAP-W-DNTOOLONG, Domain entry DN '%s' is too long %DMAP-W-EMPAPPSTAT, Domain '%.*s' has an empty application status %DMAP-W-EMPDISALLLOWED, Domain '%.*s' has an empty disallowed attribute '%s' %DMAP-W-EMPDOMSTAT, Domain '%.*s' has an empty domain status %DMAP-W-EMPUIDSEP, Domain '%.*s' has an empty UID separator %DMAP-W-INVALIDAPPSTAT, Application status '%s' for domain '%.*s' is invalid %DMAP-W-INVALIDDOMSTAT, Domain status '%s' for domain '%.*s' is invalid %DMAP-W-INVALIDUIDSEP, UID separator '%s' for domain '%.*s' is invalid %DMAP-W-MULTDOMAINNAMES, Domain entry with DN '%s' has multiple domain names, used value '%s' ignored '%s' %DMAP-W-MULTIAPPSTAT, Multivalued application status in entry for domain '%.*s', used value '%s' ignored '%s' %DMAP-W-MULTIBASEDN, Multivalued base DN pointer in entry for domain '%.*s', used value '%s' ignored '%s' %DMAP-W-MULTIDOMSTAT, Multivalued domain status in entry for domain '%.*s', used value '%s' ignored '%s' %DMAP-W-MULTIUIDSEP, Multivalued UID separator in entry for domain '%.*s', used value '%s' ignored '%s' %DMAP-W-MULTIVALIAS, Multivalued alias pointer in entry for domain alias '%.*s', used value '%s' ignored '%s' %DMAP-W-NOBASEDNNODE, Base DN pointer '%.*s' in entry for domain '%.*s' doesn't point at anything %DMAP-W-NODOMAINNAME, Domain entry with DN '%s' has a blank domain alias %DMAP-W-NOENTRIES, No domain entries found, aborting Additional messages will undoubtedly be added to this list over time. (190) The ability to generate :addresses arguments to sieve vacation via an LDAP autoeply attribute has been added to Messaging Server. The new MTA option LDAP_AUTOREPLY_ADDRESSES provides the name of the attribute to use. This option has no value by default. The attribute can be multivalued, with each value specifying a separate address to pass to the :addresses vacation parameter. (191) The new LDAP_DOMAIN_ATTR_CATCHALL_MAPPING can now be used to specify the name of a LDAP domain attribute. This option is not set by default. If set the option specifies the name of a mapping which is consulted when an address associated with the domain fails to match any user entries. The format of the mapping probe is the same as that of the forward mapping, and the USE_FORWARD_DATABASE MTA option controls the format of the probe of this mapping in the same way as the forward mapping. If the mapping sets the $Y metacharacter the resulting string will replace the address being processed. (192) The MTA now fetches the block limit associated with the envelope return address and will set RET=HDRS if no return policy is specified and the message size exceeds the block limit. This prevents nondelivery reports for large messages from being undeliverable themselves. No new options or settings are associated with this change. (193) The $E metacharacter in a mapping template means "exit after processing the current template". There are cases where it is desireable to exit immediately without interpreting the rest of the template. The $+1E metacharacter sequence now produces this behavior. (194) Use of POP-before-SMTP via the MMP is now indicated in mail.log E records by the addition of a "P" to the action code. (195) Use of POP-before-SMTP can now be checked in the various *_ACCESS mappings (except PORT_ACCESS, which occurs before the necessary information has been communicated to the server), the FORWARD mapping, and any domain catchall mapping. The $P metacharacter flag is set if POP-before-SMTP is used. (196) The restriction that the same attribute cannot be assigned to multiple "slots" and hence can have multiple semantics during alias expansion and address reversal. (197) The internal separator character used to delimit multiple subject line tag additions has been changed from space to vertical bar. This makes it possible to add a tag containing spaces, as some spam filters want to do. This change effectively prevents vertical bars from being used in tags, but such usage is almost certainly nonexistant. (198) The MIME specification prohibits the use of a content-transfer-encoding other than 7bit, 8bit, and binary on multipart or message/rfc822 parts. It has long been the case that some agents violate the specification and encode multiparts and message/rfc822 objects. Accordingly, the Messaging Server MTA has code to accept such encodings and remove them. However, recently a different standards violation has shown up, one where a CTE field is present with a value of quoted-printable or base63 but the part isn't actually encoded! If the MTA tries to decode such a message the result is typically a blank messages, which is pretty much what you'd expect. Messages with this problem have become sufficiently prevalent that two new pairs of channel keywords have been added to deal with the problem - interpretation of content-transfer-encoding fields on multiparts and message/rfc822 parts can be enabled or disabled. The first pair is interpretmultipartencoding and ignoremultipartencoding and the second is interpretmessageencoding and ignoremessageencoding. The defaults are interpretmultipartencoding and interpretmessageencoding. (199) Several additional error messages the SMTP server either returns or places in DSNs have been made configurable. The new options and their default values are: ERROR_TEXT_MAILFROMDNSVERIFY invalid/host-not-in-DNS return address not allowed ERROR_TEXT_INVALID_RETURN_ADDRESS invalid/unroutable return address not allowed" ERROR_TEXT_UNKNOWN_RETURN_ADDRESS invalid/no-such-user return address ERROR_TEXT_ACCEPTED_RETURN_ADDRESS return address invalid/unroutable but accepted anyway ERROR_TEXT_SOURCE_SIEVE_ACCESS source channel sieve filter access error ERROR_TEXT_SOURCE_SIEVE_SYNTAX source channel sieve filter syntax error: ERROR_TEXT_SOURCE_SIEVE_AUTHORIZATION source channel sieve filter authorization error ERROR_TEXT_TRANSACTION_LIMIT_EXCEEDED number of transactions exceeds allowed maximum" ERROR_TEXT_INSUFFICIENT_QUEUE_SPACE insufficient free queue space available ERROR_TEXT_TEMPORARY_WRITE_ERROR error writing message temporary file ERROR_TEXT_SMTP_LINES_TOO_LONG lines longer than SMTP allows encountered; message rejected ERROR_TEXT_UNNEGOTIATED_EIGHTBIT message contains unnegotiated 8bit (200) We're seeing cases of overly agressive SMTP servers which will issue a "5xy bad recipient" response to the first RCPT TO and then disconnect immediately. (This is of course a flagrant standards violation.) The problem is Messaging Server treats this as a temporary error (which of course it is) and tries later, only to get the same result. A better thing to do which works around this server bug is to handle the one recipient as bad and requeue any remaining recipients for a later retry. (201) Two new actions are availabile to system sieves: addconversiontag and setconversiontag. Both accept a single argument: A string or list of conversion tags. Addconversiontag adds the conversion tag(s) to the current list of tags while setconversiontag empties the existing list before adding the new ones. Note that these actions are performed very late in the game so setconversiontag can be used to undo all other conversion tag setting mechanisms. (202) A new MTA option, INCLUDE_CONVERSIONTAG, has been added to selectively enable the inclusion of conversion tag information in various mapping probes. This is a bit-encoded value. The bits are assigned as follows: pos value mapping 0 1 CHARSET_CONVERSIOn - added as ;TAG= field before ;CONVERT 1 2 CONVERSION - added as ;TAG= field before ;CONVERT 2 4 FORWARD - added just before current address (| delim) 3 8 ORIG_SEND_ACCESS - added at end of probe (| delim) 4 16 SEND_ACCESS - added at end of probe (| delim) 5 32 ORIG_MAIL_ACCESS - added at end of probe (| delim) 6 64 MAIL_ACCESS - added at end of probe (| delim) In all cases the current set of tags appears in the probe as a comma separated list. (203) The sieve envelope test now accepts "conversiontag" as an envelope field specifier value. The test checks the current list of tags, one at a time. Note that the :count modifier, if specified, allows checking of the number of active conversion tags. This type of envelope test is restricted to system sieves. Also note that this test only "sees" the set of tags that were present prior to sieve processing - the effects of setconversiontag and addconversiontag actions are not visible. (204) Trailing dots on domains, e.g. "foo@bar.", are illegal in email but have been tolerated in some contexts by Messaging Server for a long time. RFC 1123 points out that trailing dots are syntactically illegal in email but notes that some convention needs to exist in user interfaces where short form names can be used. Accordingly, it may be handy in contexts like SMTP submission to be able to accept addresses with trailing dots, remove the dot while attaching special semantics to its presence. Accordingly, Messaging Server has modified in two ways: (1) Trailing dots are now accepted by the low-level address parser, making it possible to use them in context where they could not previously be used, like addresses inside of group constructs. (2) Trailing dots, when specified will cause a rewrite of the address with a trailing dot. If the rewrite with a trailing dot isn't found or otherwise fails rewriting will continue as before without the trailing dot. (205) Metacharacter substitutions can now be specified in mgrpModerator, mgrpAllowedBroadcaster and mgrpDisallowedBroadcaster attributes. In particular, the various address-related metacharacter sequences ($A for the entire address, $U for the mailbox part, $D for the domain part) refer to the current envelope from address and can in some cases be used to limit the results returned by the URL to entries that are likely (or guaranteed) to match. This may make authorization checks much more efficient. The new MTA option PROCESS_SUBSTITUTIONS controls whether or not substitutions are performed in various LDAP attributes that specify a URL. This is a bit-encoded value, with the bits defined as follows: Bit Value 0 1 Enables substitutions in mgrpDisallowedBroadcaster if set 1 2 Enables substitutions in mgrpAllowedBroadcaster if set 2 4 Enables substitutions in mgrpModerator if set 3 8 Enables substitutions in mgrpDeliverTo if set 4 16 Enables substitutions in memberURL The PROCESS_SUBSTITUTIONS MTA option defaults to 0, meaning that all of these substitutions are disabled by default. Note that the information available for substitution varies depending on whether the attribute is used for authorization checks or for actual list expansion. For authorization attributes the whole address ($A), domain ($D), host ($H), and local-part ($L) are all derived from the authenticated sender address. In the case of list expansion attributes all of these substitution values are derived from the envelope recipient address that specified the list. In both cases, however, the subaddress substitution ($S) is derived from the current envelope recipient address. The ability to access subaddress information in list expansion URLs makes it possible to define "metagroups", that is, a single group entry that in effect creates an entire collection of different groups. For example, a group with a mgrpDeliverTo value of: ldap:///o=usergroup?mail?sub?(department=$S) would make it possible to send mail to every member of a given department with an address of the form group+department@domain.com. Note that a mechanism like a forward mapping could be used to alter the syntax if subaddresses are seen as too difficult. 206) New MTA option LDAP_DOMAIN_ATTR_UPLEVEL. This option specifies the name of a domain-level attribute used to store a domain-specific uplevel value which overrides the value of the DOMAIN_UPLEVEL MTA option for this one domain. Note that this attribute is only consulted if the domain is looked up. This means that setting bit 0 of this value to 1 for a domain won't make subdomains of the domain match unless bit 0 of DOMAIN_UPLEVEL is also set. As such, the way to get subdomain matching for some domains but not others is to set bit 0 of DOMAIN_UPLEVEL (this enabling subdomain matches for all domains) then clear bit 0 of the attribute for the domains where you don't want uplevel matching to occur. (207) Rewrite rules can now be used to override the default ALIAS_MAGIC setting. Specifically, a construct of the form $nT, where n is an appropriate value for the ALIAS_MAGIC MTA option, overrides the setting for the domain when the rule matches during alias expansion. ((208) $U in a PORT_ACCESS mapping template can now be used to selectively enable channel level debugging. (209) In 6.2 and earlier the PORT_ACCESS mapping was only reevaluated by the SMTP server (as opposed to the dispatcher) when bit 4 (value 16) of the LOG_CONNECTION MTA option is set, SMTP auth is enabled, or both. Additionally, evaluation only occurred when an AUTH, EHLO, or HELO command was issued. This has now been changed; PORT_ACCESS is now evaluated unconditionally as soon as the SMTP server thread starts, before the banner is sent. PORT_ACCESS may be reevaluated with different transport information when proxying from the MMP is used. (210) A useful spam-fighting strategy is to delay sending the SMTP banner for a brief time (half a second, say), then clear the input buffer, and finally send the banner. The reason this works is that many spam clients are not standards-compliant and start blasting SMTP commands as soon as the connection is open. Spam clients that do this when this capability is enabled will lose the first few commands in the SMTP dialogue, rendering the remainder of the dialogue invalid. This feature has now been implemented in Messaging Server. It can be enabled unconditionally by setting the BANNER_PURGE_DELAY SMTP channel option to the number of centiseconds to delay before purging and sending the banner. A value of 0 disabled both the delay and purge. The PORT_ACCESS mapping can also be used to control this capability. Specifying $D in the template causes an additional argument to be read from the template result, after the mandatory SMTP auth rulset and realm and optional application info addition. This value must be an integer with the same semantics as the BANNER_PURGE_DELAY value. Note that any PORT_ACCESS mapping setting overrides the BANNER_PURGE_DELAY SMTP channel option. (211) Added channel keywords acceptalladdresses and acceptvalidaddresses. Keyword acceptvalidaddresses is the default and corresponds to the MTA's standard behavior where any recipient errors are reported immediately during the SMTP dialogue. If the keyword acceptalladdresses is specified on a channel, then all recipient addresses are accepted during the SMTP dialogue. Any invalid addresses will have a DSN sent later. (212) Support has been added for postprocessing LDAP expansion results with a mapping. The new LDAP_URL_RESULT_MAPPING MTA option can be used to specify the name of a group attribute which in turn specifies the name of a mapping. This mapping will be applied to any results returned by expanding either a mgrpDeliverTo or memberURL attribute. The mapping probe will be of the form: LDAP-URL|LDAP-result If the mapping returns with $Y set the mapping result string will replace the LDAP result for alias processing purposes. If the mapping returns with $N set the result will be skipped. This mechanism can be used to define groups based on attributes that don't contain proper email address. For example, suppose a company has placed pager numbers in all their user entries. Messages can be sent to these numbers via email by suffixing them with a particular domain. A group could then be defined as follows: (a) Define a new mgrpURLResultMapping attribute in the directory and set the LDAP_URL_RESULT_MAPPING MTA option to this attribute's name. (b) Define a page-all group with the following attributes: mgrpDeliverto: ldap:///o=usergroup?pagerTelephoneNumber?sub mgrpURLResultMapping: PAGER-NUMBER-TO-ADDRESS (c) Define the mapping: PAGER-NUMBER-TO-ADDRESS *|* "$1"@pagerdomain.com$Y Even more interesting effects can be acheived by combining this mechanism with the PROCESS_SUBSTITUTION mechanism described in item 205 above. For example, it would be easy to create a metagroup where sending to an address of the form pager+user@domain.com sends a page to the user named "user". (213) Setting the LOG_QUEUE_TIME MTA option to 1 now causes an additional field to be selectively written to connection log records. This new field appears immediately after any diagnostic information and is labelled as "ct" in the XML-based log format. The value of this field is an integer count of the number of seconds that elapsed when performing the operation. So, for connection open ("O") records, the time shown is the number of seconds needed to open the connection. For connection close ("C") records it indicates the number of seconds the connection was open. For connection failure records ("Y") the value indicates the amount of time that was spent attempting to open the connection. (214) "S" transaction log entries now increment the various submitted message counters associated with the channel. (215) The $( metacharacter in a FROM_ACCESS specifies that an address should be read from the result string and used to replace the current overriding postmaster address. $) has the same effect with the added constraint that the overriding postmaster address must not be set prior to invoking the mapping. This allows for specific postmaster addresses to be used with addresses in nonlocal domains - domain postmaster addresses by definition only work with locally defined domains. The override address is (currently) the last string read from the FROM_ACCESS result prior to reading any $N/$F failure result. (216) The capture sieve action now has two optional nonpositional parameter: :dsn and :message. Only one of these can be specified in a single capture action. :dsn is the default, and encapsulates the captured message inside a special type of DSN. :message eliminates the enacapsulation and behaves more like a redirect. But unlike redirect, capture :message is only available to system sieves, always takes effect even when a more specific sieve specifies some other sort of action, and the envelope from address will be overridden with the address of the sieve owner. (217) The MTA now checks to make sure the UID attribute has a single value and reports an alias expansion error if it does not. The UID attribute is required to be single-valued in order to insure the user has a single, unique mailbox. (218) Two additional MTA options have been added to support more efficient domain lookups from user base DNs. They are: LDAP_BASEDN_FILTER_SCHEMA1 String specifying filter used to identify Schema 1 domains when performing baseDN searches. Default is the value of LDAP_DOMAIN_FILTER_SCHEMA1 if that MTA option is specified. If neither option is specified the default is "(objectclass=inetDomain)". LDAP_BASEDN_FILTER_SCHEMA2 String specifying additional filter elements used to identify Schema 2 domains when performing baseDN searches. Default is the value of LDAP_DOMAIN_FILTER_SCHEMA2 if that MTA option is specified. If neither option is specified the default is an empty string. (219) A new MTA option MESSAGE_SAVE_COPY_FLAGS has been added to control how the probes are constructed for the MESSAGE-SAVE-COPY mapping. If bit 0 (value 1) is set it adds the transport and application information to the beginning of the probe, if bit 1 (value 2) is set the original source channel is added, if bit 2 (value 4) is set the most recent conversion tag string is added. If all three bits are set the overall probe format is: transport|orig-source-channel|conversion-tags|queue-channel|return-address|D|filename (220) The LDAP_OPTIN1 through LDAP_OPTIN8 MTA options specify attributes for per-user optins to spam filtering based on destination addresses. There are now 8 new MTA options, LDAP_SOURCE_OPTIN1 through LDAP_SOURCE_OPTIN8, that provide comparable originator-address-based per-user spam filter optins. (221) Some additional switches have been added to imsimta test -rewrite: -saslused - Set internal flag indicating SASL authentication was used -tlsused - Set internal flag indication TLS is in use -esmtpused - Set internal flag indicating ESMTP is in use -lmtpused - Set internal flag indicating LMTP is in use -proxyused - Set internal flag indicating proxy authentication was used Only -saslused and -tlsused are available in 6.2; the other depend on other changes made in 6.3 and hence cannot be implemented in earlier versions. -lmtpused and -esmtpused cannot be set at the same time. -proxyused requires that -esmtpused or -lmtpused also be set. (222) New LMTP channel option MAILBOX_BUSY_FAST_RETRY. If set to 1 (the default) a 4.2.1 Mailbox busy error in response to LMTP message data is handled by retrying the message after a random but short interval; normal message backoff values do not apply. Setting the option to 0 disables this behavior. |
對以下功能的支援可能在將來的發行版本中移除,或者已經在此發行版本中移除:
在未來版本中,將不會對 Messenger Express 和 Calendar Express 使用者介面增加新功能。這兩種使用者介面已被停用,以支持新的 Communications Express 使用者介面。下一個產品的主要發行版本將移除 Messenger Express 和 Calendar Express。
已停用的功能也包括 Messenger Express 郵件篩選器使用者介面 (msg-svr-base /SUNWmsgmf/MailFilter.war)。
以下錯誤會影響停用的 Messenger Express 產品:
[向上] 和 [向下] 按鈕已被移除。
用於指定篩選器排序的 [向上] 和 [向下] 按鈕已被移除。
使用代理伺服器設定時,在 Internet Explorer 6 上使用 Messenger Express 可能會出現問題。
解決方法:啟用或停用 Internet Explorer 編碼功能表中的 [自動偵測] 選項。使用直接連線或切換至不同的代理伺服器。
已從 [進階郵件篩選器條件] 視窗中移除的功能。
對於 Messaging Server 6.0 Patch 1 發行版本,已從 [進階郵件篩選器條件] 視窗 (位於郵件篩選器使用者介面) 移除了為篩選器指定時間區段的功能。移除該功能的原因是基本支援不可用。
如果您要在現有的群組內建立群組,可能會遇到以下錯誤:pab::PAB_ModifyAttribute:ldap 錯誤 (無此類物件)。
本土化的 Messenger Express 未合併某些由 Outlook Express 建立的資料夾。
有時需要將 Messenger Express 中的預設 [已傳送] 資料夾,替代為 Outlook Express 所建立的 [寄件備份項目] 資料夾,因此這兩個用戶端傳送的所有郵件都會被複製到 [寄件備份項目] 資料夾中。這不適用於日文本土化。
解決方法:
使用 Directory Server 5.1 或 5.2,您將無法在個人通訊錄中為一位連絡人輸入多個電子郵件 ID。
這是目錄伺服器的正確運作方式。正是由於 Netscape Directory Server 4.x 中的問題,您才可以輸入多個電子郵件 ID。
Sun Java System Administration Console 已從 Messaging Server 產品中移除。
您應該從 Messaging Server 指令行介面或配置檔執行管理功能。文件中使用主控台的參照尚未更正。
當用戶端經由 IMAP、POP 或 SMTP 連線至 Messaging Server 時,必須使用 SASL (RFC 2222) 認證機制或簡單的密碼,向伺服器證明其身份。配置 LDAP 目錄明文方式儲存使用者密碼時,系統會將所有使用者密碼遷移至此格式,並設定 Messaging Server 上的 sasl.default.ldap.has_plain_passwords 選項,同時啟用其他三項認證機制:APOP、CRAM-MD5 和 DIGEST-MD5。這三項機制都會透過線路傳送密碼的單向編碼,而非密碼本身。因為有限的部署和複雜性,已停用 DIGEST-MD5 而僅保留 APOP 和 CRAM-MD5 機制。
LMTP 原生通道已停用,並會從將來的發行版本中移除。
已移除 Messenger Express Multiplexor,支持 Webmail 伺服器。請參閱:Webmail 伺服器支援 IMAP。
已停用此指令。而是視情況使用「Sun Java System Messaging Server 6.3 Administration Reference」中的「imsimta cnbuild」和「Sun Java System Messaging Server 6.3 Administration Reference」中的「imsimta restart」。
新的 start-msg 和 stop-msg 指令已替代了 imsimta start 和 imsimta stop (後一組指令已停用,並會在將來版本中移除)。
如需更多資訊,請參閱「Sun Java System Messaging Server 6.3 Administration Reference」中的「start-msg」和「Sun Java System Messaging Server 6.3 Administration Reference」中的「stop-msg」。
在 MMP 配置參數 ServiceList 中,INSTANCENAME 選項的選擇性選項 SECTION 已停用,並會從將來的發行版本中移除。
已停用 MTA 存取資料庫檔案和 imsimta 工具來處理 MTA 資料庫之功能。
將來也會移除對 Netscape 瀏覽器的支援。
此發行版本中已停用 Red Hat Linux 3 平台支援,並且將來的發行版本中會移除 Red Hat Linux 3 平台支援。Communications Suite 5 繼續在 Red Hat Linux 4 上受支援。
此發行版本針對事件通知和警示,提供兩項通知服務:Sun Java System Message Queue (JMQ) 和事件通知服務 (ENS)。在將來的發行版本中,Communications Suite 產品將專門使用 JMQ,而停用 ENS。然而,在此發行版本中,Messaging Server、Calendar Server、Instant Messaging 對於 ENS 仍具有內部相依性,因此您可以繼續使用 ENS。
在此發行版本中,Messaging Server IMAP IDLE 功能需要使用 ENS。Messaging Server 對於 ENS 沒有其他相依性。若您不使用 IMAP IDLE,可以專門使用 JMQ 進行事件通知。
如果您要使用 IMAP IDLE,則必須配置 ENS 通知外掛程式。您還可以透過配置 JMQ 通知外掛程式,使用 JMQ 進行事件通知。(Messaging Server 允許您配置多個通知外掛程式。
表 3–2 所列的 configutil 參數已經無效,並已從 Messaging Server 產品中移除。
如果 Messaging Server 是從舊的發行版本升級至 Messaging Server 6.3,則升級後會從配置中刪除表 3–2 所列的參數。Sun 建議您在升級前,將 configutil 輸出儲存至檔案。
參數 |
說明 |
---|---|
Messaging Server 6.0 中已移除。無替代。 |
|
改用 local.ssldbpath 和 local.ssldbprefix。 |
|
改用 local.ssldbpath 和 local.ssldbprefix。 |
|
已淘汰 SSL v2 支援,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 SSL v2 支援,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 SSL v2 支援,不再相關 (適用於 Messaging Server 6.0)。現在始終啟用 SSL v3。 |
|
Messaging Server 6.0 中已移除。無替代。 |
|
Messaging Server 6.0 中已移除。改用 service.*.sessiontimeout。 |
|
Messaging Server 6.0 中已移除。現在,如果憑證資料庫中存在有效的 certmap.conf 和有效的用戶端憑證 CA,SSL 永遠要求用戶端憑證。 |
|
Messaging Server 6.0 中已移除。改用 service.*.sessiontimeout。 |
|
Messaging Server 6.0 中已移除。無替代。 |
|
Messaging Server 6.0 中已移除。改用 encryption.rsa.nssslpersonalityssl 和 local.*.sslnicknames。記號名稱可作為 SSL 暱稱的字首:例如,token-name:nick-name。 |
|
從未使用。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
Messaging Server 6.2 中已移除。改用 alarm.serverresponse.msgalarmstatinterval。 |
|
從未使用。只要定義 local.webmail.sso.amnamingurl 和相關參數,就會啟用 SSO。 |
|
改用 local.enduseradmincred。 |
|
改用 local.enduseradmindn。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
改用 MTA 選項 LDAP_TIMEOUT。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
改用 MTA 選項 LOG_MESSAGES_SYSLOG。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
已淘汰 dirsync,不再相關 (適用於 Messaging Server 6.0)。 |
|
改用 MTA 選項 DOMAIN_MATCH_URL。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
Messaging Server 6.2 中已移除。無替代。 |
|
不再需要。 |
|
已淘汰 MEM,Webmail 經由 IMAP 與存放區通訊 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
改用 local.snmp.servertimeout。 |
|
改用 local.schedule.expire。 |
|
改用 local.store.maxlog。 |
|
改用 local.store.notifyplugin.*.deletemsg.enable。 |
|
改用 local.store.notifyplugin.*.debuglevel。 |
|
改用 local.store.notifyplugin.*.maxbodysize。 |
|
改用 local.store.notifyplugin.*.maxheadersize。 |
|
改用 local.store.notifyplugin.*.jmqhost。 |
|
改用 local.store.notifyplugin.*.jmqport。 |
|
改用 local.store.notifyplugin.*.jmqpwd。 |
|
改用 local.store.notifyplugin.*.jmqtopic。 |
|
改用 local.store.notifyplugin.*.jmquser。 |
|
改用 local.store.notifyplugin.*.loguser.enable。 |
|
改用 local.store.notifyplugin.*.newmsg.enable。 |
|
改用 local.store.notifyplugin.*.noneinbox.enable。 |
|
改用 local.store.notifyplugin.*.purgemsg.enable。 |
|
改用 local.store.notifyplugin.*.readmsg.enable。 |
|
改用 local.store.notifyplugin.*.updatemsg.enable。 |
|
從未使用。 |
|
從未使用。 |
|
改用 sasl.default.ldap.has_plain_passwords。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
改用 local.webmail.cert.enable。 |
|
改用 local.webmail.cert.port。 |
|
必要時,改用 local.service.http.ims5compat。 |
|
Calendar Server 參數。Messaging Server 並未使用。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
已淘汰 Administration Server,不再相關 (適用於 Messaging Server 6.3)。 |
|
改用 sasl.default.auto_transition。 |
|
改用 LDAP 屬性 mailAllowedServiceAccess。 |
|
改用 LDAP 屬性 mailAllowedServiceAccess。 |
|
Messaging Server 5.2p2 中已移除。改用 service.experimentalldapmemcache。 |
|
Messaging Server 5.0 中已移除。無替代。 |
|
SIMS 4.0 中已移除。無替代。 |
|
已於 Administration Server 無效時移除 (適用於 Messaging Server 6.3)。改用 msgcert 管理憑證資料庫。 |
|
改用 local.ssldbpath 和 local.ssldbprefix。 |
|
改用 local.ssldbpath 和 local.ssldbprefix。 |
|
改用 local.ssldbpath 和 local.ssldbprefix。 |
|
改用 msgcert request-cert。 |
|
改用 local.store.*synclevel。 |
|
改用 local.schedule.expire。 |
本小節說明對此發行版本 Messaging Server 的以下平台、用戶端產品以及其他軟體需求:
如需從舊版 Messaging Server 升級到 Messaging Server 6.3 的有關資訊,請參閱Messaging Server 安裝注意事項。
如需最新的 Sun Java System Messaging Server 所需修補程式清單,請至 http://sunsolve.sun.com 並選取「修補程式」或「修補程式入口」。由於作業系統修補程式需求隨時在變更且會不定時發行可用的 Java Enterprise System 元件的修補程式,更新資訊最初將以建議的修補程式叢集的形式在 SunSolve 上發佈。
在 Sun Java Communications Suite 5 的一般發行時,已可取得以下的 Messaging Server 6.3 更新修補程式:
平台 |
修補程式編號 (英文) |
修補程式編號 (本土化的語言) |
---|---|---|
Solaris、SPARC |
120228-16 |
117784-17 |
x86 |
120229-16 |
117785-17 |
Linux |
120230-16 |
117786-17 |
此發行版本支援以下平台:
Solaris 9 作業系統 Update 2 (SPARC® Platform Edition 和 x86 Platform Edition) 及所需的修補程式
Solaris 10 作業系統 (SPARC Platform Edition 和 x86 Platform Edition) (包含區域支援)
Red Hat Enterprise Linux Advanced Server (32 位元和 64 位元版本) 版本 3 (全部更新) 和版本 4 (全部更新)。請參閱已停用和移除的 Messaging Server 功能。
Red Hat Enterprise Linux Enterprise Server (32 位元和 64 位元版本) 版本 3 (全部更新) 和版本 4 (全部更新)
HP-UX 或 Windows 平台已不再支援 Messaging Server。
如需有關 Solaris 和 Linux 需求 (包括所需的升級修補程式與核心版本) 的詳細資訊,請參閱「Sun Java Communications Suite 5 Installation Guide」。
如需 Messaging Server 套裝軟體的清單,請參閱「Sun Java Communications Suite 5 Installation Guide」中的附錄 E「Product Components for This Release」。
安裝程式會檢查所需要的平台修補程式。您必須安裝全部所需的修補程式,否則安裝程序將無法繼續。
Messaging Server 的效能取決於多種因素,包括 CPU 處理能力、可用記憶體、磁碟空間、檔案系統效能、使用式樣以及網路頻寬等。例如,檔案系統效能會直接關係到流量。如果您遇到有關大小和效能的問題,請與您的 Sun Java System 代表連絡。
Messaging Server 的 Communications Express 存取需要啟用了 JavaScript 的瀏覽器。請遵循Communications Express 瀏覽器需求中的瀏覽器建議,以取得最佳效能。
Messaging Server 與本小節列出的產品版本相容:
表 3–3 Messaging Server 產品版本相容性需求
產品 |
版本 |
---|---|
Sun Java System Directory Server |
5.1、5.2、6.0 |
Sun Java System Message Queue |
3.7 |
Sun Java System Access Manager (以前稱為 Identity Server) |
舊有 (6.x);支援 Access Manager 6 的功能,包括 Access Manager 6 主控台和目錄資訊樹狀結構 (DIT)。如果您要將 Access Manager 與 Portal Server、Messaging Server、Calendar Server、Delegated Administrator 或 Instant Messaging 一起安裝,則必須選取 [Access Manager 相容 (6.x)] 安裝類型。 範圍 (7.x);支援 Access Manager 7 的功能,包括新的 Access Manager 7 主控台。僅當您不安裝 Portal Server、Messaging Server、Calendar Server、Delegated Administrator 或 Instant Messaging 時,方可使用增強 (7.x) 安裝類型。 |
Sun Java System Web Server |
7.x |
Sun Java System Application Server |
8.2 |
Messaging Server 6.3 需要使用共用安全性元件 NSS 3.9.3 版。
如需有關產品相依性的詳細資訊,請參閱「Sun Java Enterprise System 5 Installation Guide for UNIX」和「Sun Java Enterprise System 5 Release Notes for UNIX」
Messaging Server 的生產部署需要在本地網路上具有高品質快取 DNS 伺服器。Messaging Server 很大程度上依賴於 DNS 伺服器的回應性和延展性。
此外,請確保在設定中正確配置了 DNS,並確保已明確指定如何路由至不在本地子網路中的主機:
/etc/defaultrouter 應包含閘道系統的 IP 位址。此位址必須在本地子網路上。
/etc/resolv.conf 存在可到達 DNS 伺服器和網域尾碼的正確項目。
在 /etc/nsswitch.conf 中,hosts: 行增加了 files、dns 和 nis 關鍵字。關鍵字 files 必須在 dns 和 nis 之前。
請確保 FQDN 是 /etc/hosts 檔案中的第一個主機名稱。
如果 /etc/hosts 檔案中的網際網路主機表類似於:
123.45.67.89 budgie.west.sesta.com 123.45.67.89 budgie loghost mailhost |
請變更該表,以使主機的 IP 位址僅有一行。請確保第一個主機名稱是完全合格的網域名稱。例如:
123.45.67.89 budgie.west.sesta.com budgie loghost mailhost |
Messaging Server 可在 Solaris 9 或 Solaris 10 環境中以下版本的 Sun Cluster 和 Veritas Cluster Server 上執行:
產品 |
支援的版本 |
---|---|
Sun Cluster (SC) |
SPARC:3.0、3.1 x86:3.1 Update 4 Linux︰不支援 |
Veritas Cluster Server (VCS) |
SPARC:3.5、4.0、4.1、5.0 x86:3.5、4.0、4.1、5.0 Linux︰不支援 |
建議使用以下檔案系統儲存郵件:
LUFS (記錄 UFS)。
VxFS (Veritas 檔案系統)。如果配置正確,Veritas 檔案系統可提供良好的系統效能。如果使用 VxVM ( Veritas Volume Manager) 則需要仔細查看容體和容體的記錄檔是否已設定為定期資料分置。
用於 Sun Cluster 安裝的 HAStoragePlus 檔案系統。HAStoragePlus 檔案系統提供比預設 Sun Cluster 全域檔案系統更高的效能。
NFS (網路檔案系統)
您可以在 MTA 轉送機器 (用於 LMTP、自動回覆歷程記錄和郵件重組) 上使用 NFS。請參閱「Sun Java System Messaging Server 6.3 管理指南」。此外,在 BSD 樣式的電子信箱上 (/var/mail/ ) 除支援郵件存放區外,還支援 NFS。以下 NFS 版本已經過認證,可用於 Messaging Server:Sun StorEdge 5310 NAS Appliance。
這些安裝注意事項適用於 Messaging Server 6.3 發行版本:
請使用 Communications Services 安裝程式來安裝 Messaging Server。
如需安裝指示,請參閱「Sun Java Communications Suite 5 Installation Guide」。
然後,您必須透過以下方式配置 Messaging Server:
執行目錄伺服器準備工具 comm_dssetup.pl。
執行 Messaging Server 配置程式。
如需配置指示,請參閱「Sun Java System Messaging Server 6.3 管理指南」。
以下變更已實作於最新版本的 comm_dssetup.pl (準備目錄伺服器以供 Messaging Server 使用的程式) 中:
無訊息安裝:密碼變更
-w dirmanager_passwd 已停用,改用 -j passwd_file
以取得有關 comm_dssetup.pl 的其他變更。
若您要從舊的發行版本升級至 Messaging Server 6.3,請遵循「Sun Java Communications Suite 5 Upgrade Guide」中的升級指示。
如果您是首次安裝 Messaging Server 或從舊的 Messaging Server 版本升級,請確保 Solaris 系統的 /etc/hosts 檔案中包含以下項目:
<ip-of system> <FQHN> <hostname>
例如,129.158.230.64 budgie.siroe.varrius.com budgie
在 Solaris 10 平台上,您不僅要將完全合格的網域名稱 (FQDN) 增加至 /etc/hosts 檔案,還要將其增加至 /etc/inet/ipnodes 檔案。否則,您將接收到錯誤,指示您的主機名稱不是完全合格的網域名稱。
升級 Messaging Server 之後,您必須設定 ulimit,以增加檔案描述元的數目,如下所示:
ulimit -n number_of_file_descriptors
例如:
ulimit -n 100000
如需有關升級程序的更多資訊,請參閱「Sun Java Communications Suite 5 Upgrade Guide」。
如果您選擇搭配 Messaging Server 6 2005Q4 前端使用 Messaging Server 6.3 後端,您必須將前端配置為不需要 Administration Server 即可執行,如下所示:
使用 Communications Suite 5 安裝程式,安裝和配置 Messaging Server 6.3 後端。
執行 Java Enterprise System 2005Q4 安裝程式,安裝 Messaging Server 6 2005Q4 前端,並且在出現提示時,選擇 [稍後配置] 選項。
在文字編輯器中,開啟 msg-svr-base/lib/config-templates/DevsetupDefaults.properties。
將下一行:
ADMINSERVER_SERVERROOT_CONF = /etc/mps/admin/v.5.2/shared/config/serverroot.conf
變更為:
ADMINSERVER_SERVERROOT_CONF = NO_ADMIN_SERVER
執行 Messaging Server 6.3 時,若您要以 iPlanet Delegated Administrator 清除使用者,請參閱使用 iPlanet Delegated Administrator 和 Messaging Server 6.3 清除使用者。
下表說明 Messaging Server 的相容性問題:
不相容性 |
解決方法 |
說明 |
---|---|---|
comm_dssetup.pl 程式可準備目錄伺服器供 Messaging Server (Calendar Server 和 Delegated Administrator) 使用,經修改後,可以和 Directory Server 6.0 及 Directory Server 5.x 一起使用:互動模式:Server-root 和目錄伺服器實例 |
目錄伺服器實例常駐於 server-root 或是明確的目錄伺服器實例目錄。先前版本的目錄伺服器使用 server-root 的概念,其中含有多重實例和配置資訊。Directory Server 6 不再使用 server-root。實例可以位於任何位置。在此問題上,使用者必須:1) 指定實例目錄。或者,如果使用者使用先前版本的目錄伺服器,則可以:2) 指定其中含有實例的 server-root 目錄。系統會出現另一個問題,提示您從 server-root 挑選一個實例。或者,3) 原本使用 Directory Server 5x 但現在使用 Directory Server 6 的使用者,可以手動將目錄伺服器的所有實例都置於父系目錄下 (即用來呼叫 server-root 的目錄)。 備註 – Directory Server 6 已移除 Server-root 術語。 |
無附加說明。 |
comm_dssetup.pl 程式可準備目錄伺服器供 Messaging Server (Calendar Server 和 Delegated Administrator) 使用,經修改後,可以和 Directory Server 6.0 及 Directory Server 5.x 一起使用:無訊息安裝:server-root 目錄 |
在先前版本的無訊息安裝中,您要指定 server-root 和實例目錄。若您使用 Directory Server 5.x,依然如此。由於 Directory Server 6.0 中沒有 server-root 目錄,因此您需要指定目錄伺服器實例的父系目錄。 |
無附加說明。 |
Directory Preparation Tool (comm_dssetup.pl) 的位置已經變更。 |
現在 comm_dssetup.pl 位於其自己的套裝軟體中。對於 Solaris,該套裝軟體安裝在 /opt/SUNcomds 中,而對於 Linux,則安裝在 /opt/sun/comms/dssetup 中。 需要更新指定舊路徑的現有程序檔。 |
若要安裝套裝軟體,請確定已在適當的安裝程式面板中選取 Directory Preparation Tool。 |
在 Messaging Server 5.x 中,管理員可以使用 IMAP list 指令顯示郵件存放區中的所有資料夾。在典型的郵件存放區中,這會導致伺服器顯示過長的清單。 在 Messaging Server 6.x 中,當管理員執行 IMAP list 指令時,將僅顯示明確的共用資料夾。 |
若要列出郵件存放區中的所有資料夾,請使用 mboxutil 公用程式。 |
如需有關 mboxutil 公用程式的更多資訊,請參閱「Sun Java System Messaging Server 6.3 管理指南」。 |
Delegated Administrator 的配置程式已變更。 |
安裝 Delegated Administrator 並執行配置程式。目前程式位於︰ 對於 Solaris,/opt/SUNWcomm/sbin/ config-commda 對於 Linux,/opt/sun/comms/config-commda |
安裝此版本的 Messaging Server 時,請升級至新的 Delegated Administrator。 |
透過 Webmail over IMAP 協定變更升級 Messaging Server (6397425、6397451、 2137362) |
升級前端伺服器之前,必須先升級後端伺服器。Webmail over IMAP 協定和後端郵件存放區的產品版本必須相同。如需詳細資訊,請參閱「Sun Java Communications Suite 5 Upgrade Guide」。 |
無附加說明。 |
此發行版本的 Communications Express 與先前版本的 Messaging Server 不相容。 |
如果要升級 Communications Express,您還必須升級 Messaging Server。 |
此操作也適用於 Calendar Server。 如需有關 Communications Express 的更多資訊,請參閱第 6 章, Sun Java System Communications Express 6.3 版本說明。 |
對於 Messenger Express 和 Communications Express,需要對其 RTF/HTML 編輯和瀏覽器的相容性進行說明。 (6311363) |
|
無附加說明。 |
當您按一下 Portal Server 中的 Communications Express 時,會顯示「階段作業逾時。請重新登入」快顯錯誤。(6417988) |
請忽略快顯錯誤,關閉視窗,然後繼續使用 Communications Express。 |
無附加說明。 |
如果您以 Access Manager 單次登入使用 Messaging Server,則不支援 Java Enterprise System 2004Q2 Access Manager Server,但支援 Manager 6.3 與更高版本。 |
不支援 Java Enterprise System 2004Q2 Access Manager Server 的特定 Messaging Server 版本為:
|
升級 Messaging Server 之前,先升級 Access Manager (JES 2004Q2)。 |
現在,Access Manager 具有兩種安裝類型:範圍 (7.x 版樣式) 和舊有 (6.x 版樣式)。 |
如果您要將 Access Manager 與 Messaging Server、Calendar Server、Instant Messaging、Delegated Administrator 或 Portal Server 一起安裝,則必須選取舊有模式 (6.x 版樣式)。請參閱:「Sun Java System Access Manager 7 2005Q4 Release Notes」。 |
如果安裝了錯誤的 Access Manager,您將無法執行 Delegated Administrator。 |
若您使用 iPlanet Delegated Administrator 並升級至 Messaging Server 6.3,則無法像先前版本的 Messaging Server 一樣,使用 imadmin user purge 指令移除目錄中的使用者 (6486836)。而應遵循以下步驟來清除使用者。
因為 Messaging Server 6.3 中已移除管理主控台和 Administration Server,所以會發生此相容性問題。在舊版的 Messaging Server 中,您可以像過去一樣繼續使用 imadmin user purge。
iPlanet Delegated Administrator 是已停用的公用程式 (原本和 Messaging Server 5.x 一起使用)。它和 Communications Suite Delegated Administrator (隨 Messaging Server 6.x 引入) 是不同的工具。Communications Suite Delegated Administrator 支援 Schema 2,iPlanet Delegated Administrator 支援 Schema 1。(有些管理員已將 Messaging Server 升級至 6.x,但仍保留 Schema 1,在這種情況下,他們可繼續使用 iPlanet Delegated Administrator 佈建使用者。)
套用 iPlanet Delegated Administrator 修補程式 1.2p3。
您可以從以下網站下載此修補程式:
http://www.sun.com/download/index.jsp?cat=Collaboration%20%26%20Communication&tab=3
請至 Delegated Administrator 1.2 Patch 3 for Messaging。此修補程式可以讓 imadmin user purge 指令以和 Messaging Server 6.3 相容的方式運作。請遵循此程序的剩餘步驟啟用新的運作方式。
修改 iPlanet Delegated Administrator resource.properties 檔案中的 MsgSvrN-adminurl 特性。
MsgSvrN-adminurl 特性設定 Administration Server 的 url。將此特性設定為實際的 url 時,imadmin user purge 指令會嘗試找到 Administration Server 的位置,但卻得不到回應。imadmin user purge 指令傳回錯誤。
您必須將 MsgSvrN-adminurl 設定為這個值:NO_ADMIN_SERVER。
resource.properties 檔案預設位於以下路徑:
iDA_Install_Directory /nda/classes/netscape/nda/servlet/resource.properties
多個郵件存放區已升級至 Messaging Server 6.3:
MsgSvrN-adminurl 中的值 N 是變數,必須以用來識別已升級至 Messaging Server 6.3 的郵件存放區系統之特定的值 (例如 0) 替代。若您已在 Messaging Server 6.3 中部署多個後端郵件存放區,則必須針對 MsgSvrN-adminurl 特性的每個實例變更此值。
例如,若您有三個後端郵件存放區,則必須在 resource.properties 檔案中,為所有這三個存放區變更此特性。舉例來說,您需要變更 MsgSvr0-adminurl、MsgSvr1-adminurl 和 MsgSvr2-adminurl 特性。
多個郵件存放區使用不同版本的 Messaging Server:
假設您已部署多個郵件存放區,但僅將某些存放區升級至 Messaging Server 6.3,其他存放區則保留先前版本的 Messaging Server。在此情況下,請僅變更已升級至 Messaging Server 6.3 之存放區的 MsgSvrN-adminurl 特性。
在已經將 MsgSvrN-adminurl 特性變更為 NO_ADMIN_SERVER 的存放區上執行 imadmin user purge 指令時,這個指令會以下列步驟 5 所描述的方式運作。
當您在 MsgSvrN-adminurl 特性並未發生變更 (仍然指向 Administration Server url) 的存放區上,執行 imadmin user purge 指令時,這個指令會以和過去相同的方式運作。
重新啟動您已在其上部署了 iPlanet Delegated Administrator 的 Web Server。
您必須重新啟動執行 iPlanet Delegated Administrator 的 Web Server,resource.properties 檔案的變更才能生效。
使用 imadmin user delete 指令,將使用者標記為已刪除。
imadmin user delete 將 inetUserStatus 屬性設定為「已刪除」。若要刪除多名使用者,請使用 -i 選項。例如:
imadmin user delete -D chris -L user1 -n siroe.com -w bolton
使用 msuserpurge 指令移除使用者電子信箱。
msuserpurge 會尋找 inetUserStatus 或 mailUserStatus 設定為已刪除的所有使用者項目,然後從郵件存放區清除這些使用者電子信箱,並將 mailUserStatus 設定為已移除。例如:
msuserpurge -d domain
在您執行下個步驟 (將使用者項目從目錄中移除) 之前,必須先執行 msuserpurge,否則使用者電子信箱會受到孤立。
您可以使用 configutil 參數 local.schedule.userpurge 以排程 msuserpurge 指令。例如:
configutil -o local.schedule.userpurge -v "30 2 * * 0 /opt/SUNWmsgsr/lib/msuserpurge -g 20" |
在前述的範例中,msuserpurge 將於星期天凌晨 2:30 執行。它會移除每位使用者標記為超過 20 天即刪除的電子信箱。
使用 imadmin user purge 指令,將使用者項目從目錄中移除。
在舊的發行版本中,此指令會執行以下動作:
搜尋使用者標記為已刪除的目錄。
從目錄中刪除每位使用者的個人通訊錄。
從郵件存放區中刪除每位使用者的電子信箱。
如果使用者的 inetUserStatus 屬性設定為已刪除,則移除該使用者項目。如果使用者的 mailUserStatus 設定為已刪除,則從項目中移除郵件屬性。
現在,由於您修改了 MsgSvr0-adminurl 特性,因此不會呼叫 Administration Server。系統會出現一則訊息,通知您並未呼叫 Administration Server。因此不會執行上述的步驟 c。電子信箱已在步驟 3 中,由 msuserpurge 移除。
在 Messaging Server 6.3 中,如果將 mailuserstatus 設定為己移除 (藉由 msuserpurge),而使用者項目中不存在其他服務,則 imadmin user purge 指令會將使用者項目從目錄中移除。
如果使用者項目中存在其他服務 (如行事曆服務) 的屬性,則不移除該項目。
Messaging Server 6.3 文件集包括以下文件:
請使用以下 URL 參閱所有 Messaging Server 6.3 文件。
http://docs.sun.com/coll/1312.2 和 http://docs.sun.com/coll/1422.2
Messaging Server 6.3 提供以下全新和更新文件:
請使用以下任一 URL 參閱適用於所有 Communications Services 產品的文件:
http://docs.sun.com/app/docs/coll/1312.2 和 http://docs.sun.com/app/docs/coll/1422.2
或http://docs.sun.com/coll/1313.2 和 http://docs.sun.com/coll/1417.2
以下列出了可用的文件:
「Sun Java Communications Suite 5 Event Notification Service Guide 」
「Sun Java System Communications Express 6.3 Customization Guide」
以下指南尚未針對此發行版本進行更新。不過,您可以使用這些指南的先前版本:
「Sun Java System Messaging Server 6 2005Q4 MTA Developer’s Reference」
「Sun Java System Messenger Express 6 2005Q4 Customization Guide」
「Sun Java System Communications Services 6 2005Q4 Schema Migration Guide」
如需此發行版本中已修正問題的完整清單,請參閱 Messaging Server 核心軟體修補程式隨附的讀我檔案。
此小節包含 Messaging Server 6.3 的已知問題清單。涵蓋下列產品區域:
本小節說明了有關安裝、升級和解除安裝 Messaging Server 的已知問題。
此版本的 Messaging Server 不支援在對稱式 HA 環境中,於最短當機時間內進行階段性串聯式升級。
使用 Messaging Server 5.2,可以在同一台機器上多次安裝 Messaging Server,並可以分別對這些不同的安裝進行修補程式安裝。此功能啟用了對最短當機時間階段性串聯式升級的支援。
必須使用 Communications Services 安裝程式為 Messaging Server 安裝叢集代理程式。
若要在 Sun Cluster 環境中安裝 Messaging Server,請參閱「Sun Java Communications Suite 5 Installation Guide」中的「Sun Cluster Software Example」。
[選取要配置的元件] 畫面顯示 0 位元組。
配置 Messaging Server 時 (安裝後立即進行),[選取要配置的元件] 畫面顯示以下元件:Message Transfer Agent、Message Store、Messenger Express、Delegated Administrator LDAP 項目和 Messaging Multiplexor。
然而,畫面中所有選取的元件都顯示 0 位元組。
SUNWma 安裝過程中建立了 /opt/etc 目錄
解決方法:安裝產品之後手動刪除此目錄。此問題會在將來的發行版本中加以修正。
本小節說明 Messaging Server 產品中的已知問題。
在 Directory Server 5.x 版中,LDAP 搜尋效能會略受 ACI 的影響。
這個問題會影響到 Messaging Server 執行的多項搜尋。
解決方法:若要更快地搜尋,請透過以下指令,使用目錄管理員憑證來存取目錄:
msg-svr-base/sbin/configutil -o local.ugldapbinddn -v "rootdn"
msg-svr-base/sbin/configutil -o local.ugldapbindcred -v "rootdn_passwd"
其中,rootdn 和 rootdn_passwd 是目錄伺服器的管理員憑證。
使用 configutil 進行的變更通常需要重新啟動受影響的伺服器才能生效。
解決方法:無。
如果使用 Microsoft Outlook Express 做為 IMAP 郵件用戶端,則已讀取旗標和未讀取旗標可能無法正常工作。
這是 Microsoft Outlook Express 用戶端的已知問題。
解決方法:設定以下配置變數:
configutil -o local.imap.immediateflagupdate -v yes
如果在使用上述解決方法時遇到效能問題,建議不要繼續使用該方法。
如果在 /etc/hosts 檔案中使用縮寫形式的網域,存取控制篩選器將不起作用。
如果 /etc/hosts 檔案中包含縮寫形式的網域名稱,則您在存取控制篩選器中使用主機名稱時,就會發生問題。IP 位址查找傳回縮寫形式的網域名稱時,相符將失敗。因此,請務必在 /etc/hosts 檔案中使用完全合格的網域名稱。
解決方法:無。
MoveUser 公用程式無法處理包含 1024 個以上子資料夾的電子信箱。
據報告,MoveUser 公用程式在嘗試移動電子信箱中包含 1024 個以上子資料夾的使用者帳號時會停止。
解決方法:無。
Messenger Express Multiplexor (MEM) 不包含允許使用作業系統解析程式或 NSCD 的配置選項。
解決方法:將系統配置為僅快取 DNS 伺服器,以獲得快取 MX 和 A 記錄的優勢。
現在 MTA 已能夠識別 GB18030 (中國國家標準) 字元集。
實作此支援導致已編譯字元集資料變更。升級後,您可能需要執行 imsimta chbuild。
預設啟用 XSTA 和 XADR 指令。
安裝之後,預設會啟用 SMTP 延伸指令 XSTA 和 XADR,而遠端使用者和本機使用者可用其擷取機密資訊。
解決方法:將以下行增至 <msg-svr-base>/config/tcp_local_option 檔案 (必要時請建立此檔案),以停用 XSTA 和 XADR 指令:
DISABLE_ADDRESS=1 DISABLE_CIRCUIT=1 DISABLE_STATUS=1 DISABLE_GENERAL=1
imsimta start 不啟動派送程序和工作控制器。
只有當 watcher 程序在執行中時,imsimta start、imsimta restart 和 imsimta refresh 指令才能正常運作。
新的 start-msg 和 stop-msg 指令已替代了 imsimta start 和 imsimta stop (後一組指令已停用,並會在將來版本中移除)。
如需有關 start-msg 和 stop-msg 指令的更多資訊,請參閱「Messaging Server 管理指南」。
解決方法:無。
校正用戶端憑證認證所需的 ertmap.conf 檔案內容。
certmap.conf 配置檔案指定如何將憑證對映至 LDAP 目錄中的項目。依預設,憑證主體 (其中有兩行為註釋) 包含 LDAP 目錄項目的精確 DN。
但是,十分常用的替代運作方式是從憑證主體中擷取特殊屬性,並搜尋該屬性的目錄。
解決方法:若要完成此替代運作方式,請將:
certmap default default #default:DNComps #default:FilterComps e, uid
變更為:
certmap default default default:DNComps default:FilterComps e
使用代理伺服器時,無法從 Internet Explorer 6.0 SP1 登入 Messaging Server。
如果在 PC 上將 Internet Explorer 6.0 SP1 中的 HTTP 代理伺服器用做用戶端,可能會在登入 Messaging Server 時遇到麻煩。此問題可能是由非標準相容代理伺服器導致的,且無法在 Messaging Server 中修正。
存在非標準組織 DN,配置程式失敗。
configure 程式不會在組織 DN 和使用者/群組尾碼之間建構互聯 RDN。Schema 1 和 Schema 2 都會出現此問題。
解決方法:執行 configure 程式前建立組織 DN (或者至少在組織 DN 上的 DN 之前建立)
未配置 SSL 時,imta 記錄檔中發生 NSS 錯誤
這些錯誤沒有負面影響。導致這些錯誤發生的原因是:系統在 SSL 配置中找不到 SSL 憑證。
解決方法:可以在 MTA 中停用 SSL,也可以在郵件存放區中停用 SSL:
編輯 imta.cnf 檔案,並將通道關鍵字 maytlsserver 從 tcp_local 和 tcp_intranet 通道中移除。
將 service.imap.sslusessl 和 service.pop.sslusessl 設定為「no」,以變更以下 configutil 配置參數。
使用 imsimta cnbuild 指令重新編譯 MTA 配置。
重新啟動服務 (stop-msg/start-msg)。這將停用對 SSL 的支援。請確保建立憑證後如果您要在 SSL 模式下配置伺服器,則需要復原先前所做的變更。
在 Solaris 10 上啟用了 SNMP 時,Messaging Server 無法啟動。
解決方法:將 snmpwalk 導向 snmpdx 而非 snmpd,並直接移至連接埠 16161 而非連接埠 161。
store.idx 2 GB 限制的方法應該類似配額。
郵件存放區強制限制 store.idx 檔案的大小上限為 2 GB。如果資料夾增大到導致 store.idx 檔案超過 2 GB,則 mail.log_current 檔案中會出現錯誤。
解決方法:如果可能,請設定配額。另外,在設定策略時,建議使用時效規則,以確保資料夾不會過度增長。
已變更 REVERSE_URL 運作方式。
建議您不要變更此屬性。
如果您要為位址反向和主要的位址儲存使用其他屬性,則不應使用 REVERSE_URL。而是要將 LDAP_PRIMARY_ADDRESS 設定為您要使用的屬性。這種情形的問題是,您要用於別名查詢和別名反向的位址之間,發生了語義重疊。您可以在 LDAP_PRIMARY_ADDRESS、 LDAP_EQUIVALENCE_ADDRESSES 和 LDAP_ALIAS_ADDRESSES 槽之間切換屬性。最簡單的情況是,您只想要針對別名查詢和別名反向都使用 meEndRemetente,而非郵件屬性。在這種情況下,只需將 MTA 選項 LDAP_PRIMARY_ADDRESS 設定為 meEndRemetente 即可。另一方面,如果您要繼續將郵件屬性用於別名查詢,則必須將它置於其他某個槽中,以便其順利運作。是否可以如此,取決於您是否使用 mailAlternateAddress 和 mailEquivalentAddress 屬性。Messaging Server 6.2 和舊版本允許每個槽有多個屬性,但是每個目錄項目最多只能有一個在指定槽中結束的屬性。在合理情況下,此版本的 Messaging Server 放寬了這項屬性限制 (如 LDAP_ALIAS_ADDRESSES 或 LDAP_EQUIVALENCE_ADDRESSES,但不包括 LDAP_PRIMARY_ADDRESS)。
調整已啟用的 SSL 加密;可預設停用弱式 SSL 加密。
對於 Messaging Server 6.3 和將來的版本,將預設弱式 SSL 加密套件為停用。這是一項不相容的變更,因此有些僅支援匯出等級 SSL 的舊郵件用戶端可能會中斷。
以下配置選項可用來開啟所有加密套件,包括弱式套件 (但不包括 NULL 加密):
對於 MMP:default:SSLAdjustCipherSuites weak+all
對於 IMAP/POP/SMTP/MSHTTPD:configutil -o local.ssladjustciphersuites -v weak+all
然而,最好只開啟互通操作所需的特定加密套件。例如,共用 SSL_RSA_EXPORT_WITH_RC4_40_MD5 加密套件可藉由:+SSL_RSA_EXPORT_WITH_RC4_40_MD5 啟用。56 位元加密不像 40 位元加密那樣脆弱,如果能夠只啟用這些加密,則以下加密套件就能運作:+TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA。
imapd ENS resubscriber 洩漏檔案描述元。
如果已配置 ENS,則也必須配置 IDLE。如果已配置 ENS,而未配置 IDLE,則 imapd 和 popd 會洩漏檔案處理。
解決方法:無
以下是其他和 Messaging Server 產品有關,但是沒有 ID 的問題。
電子信箱大小上限
電子信箱索引 (store.idx) 檔案大小固定為 2 GB。若超過此上限,將停止將郵件遞送至使用者,並會導致郵件存放區出現效能問題。如需詳細資訊,請參閱「Sun Java System Messaging Server 6.3 管理指南」中的「使用者郵件因電子信箱溢位而未遞送」。請注意,電子信箱中的郵件大小總和可以超過 2 GB 的限制。
在 option.dat 中,以 #、! 或 ; 符號開始的行為註釋行。
在 option.dat 檔案中,即使前一行具有尾隨反斜線 (\) (反斜線表示該行尚未結束),凡是以井字號 (#)、驚嘆號 (!) 或分號 (;) 字元開始的行,Messaging Server 都將視為註釋行。因此,在使用包含這些字元的長選項 (尤其是遞送選項) 時,必須小心謹慎。
對於因自然版面配置而導致遞送選項中的續行以 # 或 ! 開始這個問題,有一種解決方法。
解決方法:在遞送選項中,Messaging Server 會忽略逗號 (用於分隔各遞送選項類型) 後的空格。
例如,原先為:
DELIVERY_OPTIONS=\ #*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\ #&members=*,\ *native=@$X.lmtpnative:$M,\ *unix=@$X.lmtpnative:$M,\ /hold=$L%$D@hold,\ *file=@$X.lmtpnative:+$F,\ &@members_offline=*,\ program=$M%$P@pipe-daemon,\ forward=**,\ *^!autoreply=$M+$D@bitbucket
您可以透過如下增加空格的方式來解決該問題:
DELIVERY_OPTIONS=\ #*mailbox=@$X.LMTP:$M$_+$2S%$\$2I@ims_daemon,\ #&members=*,\ #*native=@$X.lmtpnative:$M,\ #*unix=@$X.lmtpnative:$M,\ #/hold=$L%$D@hold,\ #*file=@$X.lmtpnative:+$F,\ #&@members_offline=*,\ #program=$M%$P@pipe-daemon,\ #forward=**,\ #*^!autoreply=$M+$D@bitbucket
DOMAIN_UPLEVEL 已修改。
DOMAIN_UPLEVEL 預設值已從 1 變更為 0。
以下字元不能用於使用者 ID:$ ~ = # * + % !@ , { } ( ) / < \> ; :" ” [ ] & ?
此限制由 MTA 強制執行。允許使用者 ID 中使用這些字元會導致郵件存放區出問題。如果您要變更 MTA 禁止使用的字元清單,請設定以下選項:
LDAP_UID_INVALID_CHARS=32,33,34,35,36,37,38,40,41, 42,43,44,47,58,59,60,61,62,63,64,91,92,93,96,123,125,126
方法是:透過在 msg-svr-base/config/options.dat 檔案中列出這些字元 ASCII 值的逗號分隔字串。請注意,強烈建議您切勿放寬此限制。
目前沒有本土化和全球化問題。
本小節說明 Communications Services 和 Messaging Server 專用文件中的已知問題。
ha_ip_config 程序檔未設定執行 ENS 所需的全部 ENS 配置參數。
如果要在 HA 環境中執行 ENS,您必須在 ha_ip_config 程序檔中設定以下參數:
local.ens.port– ENS 將要偵廳的連接埠 (及選擇性 IP 位址)。格式:[address:]port。例如,7997 或 192.168.1.1:7997。若設定了 local.ens.port,則亦必須配置 local.store.notifyplugin.enshost 和 local.store.notifyplugin.ensport。
local.storenotify.enshost— ENS 伺服器的 IP 位址或主機名稱。此設定必須對應 local.ens.port 中的設定。
local.storenotify.ensport– ENS 伺服器的 TCP 連接埠。此設定必須對應 local.ens.port 中的設定。
使用 iPlanet Delegated Administrator 1.2 Patch 2,對 imadmin user purge 錯誤 (5076486) 進行校正。
您可以經由 iPlanet Delegated Administrator 1.2 Patch 2 和 Messaging Server 6.x 使用 imadmin user purge 指令。不應將此舊版的 Delegated Administrator 與第 5 章, Sun Java System Delegated Administrator 6.4 版本說明中說明的當前 Delegated Administrator 產品混淆。若要使用舊版的 Delegated Administrator,則需要遵循 http://docs.sun.com 上 iPlanet Delegated Administrator 安裝文件中略述的程序以及下面的修改進行操作:
將 iDA_install_directory/nda/classes/netscape/nda/servlet/resource.properties 檔案中的 MsgSvrN-cgipath 一行變更為 MsgSvr0–cgipath=msg-config/Tasks/operation,然後重新啟動 Web Server。
此外,若您正在叢集上執行,則必須確定 Administration Server 和 Messaging Server 始終在相同節點上執行 (適用於 6.3 之前的發行版本)。
解決方法:無。
自訂託管網域時,「Messenger Express Customization Guide」在區段上顯示錯誤的目錄名稱。
當系統要求使用者為每個網域建立獨立的目錄時,正確的目錄應該是 msg-svr-base/config/html,而非 msg-svr-base/html。
「Messenger Express Customization Guide」指定 SDK 檔案和函數的錯誤檔案路徑。
SDK 檔案和函數位於 msg-svr-base/examples/meauthsdk 中。
Messenger Express 線上說明描述產品中不存在的部分功能
雖然在 Messenger Express 線上說明中描述了以下功能,但是產品中並沒有這些功能:
安全郵件傳送 (亦稱為 S/MIME) 僅供 S/MIME 客戶使用。如需有關 S/MIME 的資訊,請參閱:「Sun Java System Messaging Server 6.3 管理指南」中的第 24 章「為 Communications Express Mail 管理 S/MIME」。
自動拼字檢查程式,先前的發行版本已移除這項功能。
郵件篩選器,這項功能需要附加配置。請參閱:「Sun Java System Messaging Server 6.3 管理指南」中的「配置 Messenger Express 和 Communications Express 郵件篩選器」。
瀏覽路徑,當您在檢視客戶建立的資料夾時,可以檢視瀏覽路徑。然而,瀏覽路徑不會顯示在預設資料夾 (如 [收件匣]、[寄件匣]、[草稿]、[垃圾箱] 等) 中。
由於 Messenger Express 已停用,因此將不再更新 Messenger Express 線上說明。
未提供有關新的共用磁碟重組資料庫功能的文件。
未提供有關新功能的文件。藉由該功能,MTA 系統可以共用磁碟重組資料庫,並因此可以在 MTA 系統而不是儲存系統中完成磁碟重組。
解決方法:無。
imarchive —s 選項未啟用,但已加以說明。
imarchive -s 選項目前未啟用。然而,「Sun Java System Messaging Server 6.3 Administration Reference」中已加以說明。此選項會在將來的更新版本中啟用。
產品文件中使用不同的 server-root 表示法。
server-root 目錄 (Messaging Server 配置檔案所在的位置) 也稱為 msg-svr-base。在 Java Enterprise System 文件中,則稱為 MessagingServer-base。這兩種說法都是指 Messaging Server server-root 目錄。
Messaging Server 6.x 中隨附以下可再分發的檔案:
僅可在經授權的 Messaging Server 發行檔中以原始碼 (HTML 和 Javascript) 或二進位 (GIF 檔案) 形式再分發以下檔案:
msg-svr-base/config/html (及子目錄)
msg-svr-base/install/config/html (及子目錄)
請勿對這些檔案進行自身分發。
僅能按照 Messaging Server 文件中明確提供的方式來複製和使用 (而不是修改) 以下標頭檔案,並且僅能用來建立和分發要與 Messaging Server API 交互的程式、使用說明的 API 編譯客戶編寫的代碼以與 Messaging Server 互通或整合:
msg-svr-base/examples/meauthsdk/expapi.h
msg-svr-base/examples/tpauthsdk/authserv.h
msg-svr-base /include 目錄 (預設位置) 中的所有檔案
以下檔案僅供編寫使用說明的 API 與 Messaging Server 整合的程式時進行參照:
msg-svr-base/examples/meauthsdk/
msg-svr-base/examples/tpauthsdk/
msg-svr-base/examples/mtasdk/