Chapter 2. Configuration and Administration

Table of Contents

Administrative Interfaces
Server Manager
Preferences Manager
Command line utilities and scripts
Graphical utilities
The admin Administrative Account
Aliasing root Mail to Messaging Server admin Mailbox
Importing User Data
Importing Mailboxes
Importing Users
Importing Aliases
System Settings
Changing the admin Password
Managing Global User Access Privileges
Managing Mail Services
Managing Junk Mail
at Command Output to root Mailbox
Running Messaging Server Utilities From Scripts
Enabling Webmail Service
Using Volution System Management Services
Working With Volution Manager

Administrative Interfaces

The Messaging Server includes these administrative interfaces:

We also recommend that you familiarize yourself with platform-specific graphical administrative tools.

Server Manager

The principle graphical interface for Messaging Server administration. It provides mail server administrative screens accessible only by administrators with the login name "admin".

By default, the Server Manager is served by the Apache webserver at:

https://hostname/msg

where hostname is the value returned by the hostname(1) on the Messaging Server system.

Note

SSL (Secure Socket Layer) connections are enabled by default in the Messaging Server, allowing you to log in to the Server Manager immediately using an https URL. We strongly recommend that you use secure SSL connections provided by the https URL whenever possible.

Preferences Manager

The Messaging Server mail client user interface. It provides client mail preference screens accessible to all users with an active Messaging Server mail account and an Internet browser. Like the Server Manager screens, it is served by the Apache webserver at:

https://hostname/msg

although logging in with a user mail account displays a different set of screens. For more information about client preference screens, see “Managing Client Preferences”.

Command line utilities and scripts

Although most administrative functions can be managed with the Server Manager, the following command lines utilities are also available:

imapcp(8)

migrate existing IMAP mailboxes to Messaging Server

msgaclget(8)

get current state of LDAP access controls

msgaclset(8)

modify the state of LDAP access controls

msgaliasadd(8)

add a member to a Messaging Server alias

msgaliascreate(8)

create a new Messaging Server alias

msgaliasdelete(8)

delete a Messaging Server alias

msgaliaslist(8)

list attributes of a Messaging Server alias

msgaliaslistall(8)

list attributes of all Messaging Server aliases

msgaliasmigrate(8)

migrate mail alias file members to Messaging Server LDAP datastore

msgaliasremove(8)

delete a member from a Messaging Server alias

msgaliasreplace(8)

modify the restricted setting or the description of a Messaging Server alias

msgcalendarlistnodes(8)

query Messaging Server calendar node information

msgdomaincount(8)

list the names and descriptions of all Messaging Server mail domains

msgdomaincreate(8)

create a new Messaging Server mail domain

msgdomaindelete(8)

delete a Messaging Server mail domain

msgdomainlist(8)

list the description of a Messaging Server mail domain

msgdomainlistall(8)

list the descriptions of all Messaging Server mail domains

msgdomainmodify(8)

modify the description of a Messaging Server mail domain

msgdomainmove(8)

rename a Messaging Server mail domain

msgimpsetup(8)

configure IMP mail client to work with the Messaging Server Cyrus server

msgldaphost(8)

configure the Messaging Server LDAP host

msgservicelist(8)

list the status of a Messaging Server system service

msgservicelistall(8)

list the status of all Messaging Server system services

msgsievebuild(8)

rebuild Messaging Server user mail filters

msguninstall(8)

remove the Messaging Server from a host system

msgusercreate(8)

create a new Messaging Server user

msguserdelete(8)

delete a Messaging Server user

msgusergetaliases(8)

list Messaging Server alias membership for a specified user

msguserisadmin(8)

determine admin privileges of a specified Messaging Server user

msguserlist(8)

list Messaging Server user attributes

msguserlistall(8)

list all Messaging Server users' attributes

msgusermigrate(8)

migrate /etc/passwd members to Messaging Server LDAP datastore

msgusermod(8)

modify Messaging Server user attributes

msguserpw(8)

change a Messaging Server user's password

These utilities are called from the /opt/lsb-caldera.com-volution/msg/bin directory. If you use them frequently, you might want to add /opt/lsb-caldera.com-volution/msg/bin to your PATH environment variable. For more information, see their respective manual pages.

Warning

Many of these utilities form the back end for the administrative interface. This listing does not include those utilities in /opt/lsb-caldera.com-volution/msg/bin that should only be run by the administrative interface. Do not run the following utilities from the command line:

  • msgencrypt

  • msgexec

  • msggenclientconfig

  • msginboxcreate

  • msgroot

  • msgvscan

See also Running Messaging Server Utilities From Scripts.

Graphical utilities

Webmin

Webmin™ is the browser-based system administration interface for Caldera OpenLinux. It is the prefered utility for managing system functions used by the Messaging Server, such as:

  • network configuration, including DNS/BIND

  • SSL certificate and key management

  • MySQL management for Webmail components

For more information, see "Introduction to Webmin" in the Caldera OpenLinux System Administration Guide.

The admin Administrative Account

The Messaging Server has a single administrative account named admin. This is the name you use to log into the Server Manager for administering your messaging server. It is a valid mail account and can receive mail.

Note

Do not configure a local system account named admin; doing so will prevent the Messaging Server administrator from receiving mail.

The admin account is managed like other user accounts as described in “Managing Mail Users”. You can also change the admin password by clicking on Admin Password under the System menu in the Server Manager.

Before proceeding with Messaging Server configuration, we recommend that you change the initial admin password, set by default to "admin." Neither the admin password nor any user password can be a null string. You must enter a string of at least one character; we recommend that you follow conventional password precautions as described in Chapter 8 “Changing Your Messaging Server Password” in the Client User's Guide.

Caution

You must select and maintain passwords carefully to ensure the security of your Messaging Server. Insufficient password protection is a security risk.

Aliasing root Mail to Messaging Server admin Mailbox

The root mail account is used by several OpenLinux programs to log various activities. This mail is normally sent to the root mailbox in /var/spool/mail/root. However, because root's mail is not kept in a Messaging Server mailbox, this mail is not accessible using either POP or IMAP protocols.

If you wish to have root's mail accessible using IMAP or POP, we recommend that you create an alias called root in the primary mail domain and add admin as its only member. This will cause all mail addressed to root to go to the Messaging Server mailbox for the admin user. Since the admin account is privileged, we recommend accessing that account from SSL sessions only.

Importing User Data

The Messaging Server enables you to migrate user data from existing UNIX system mail configurations by converting existing data files into LDAP datastores. You can import:

  • mailboxes

  • users

  • aliases

Note

In this Messaging Server release, user data can only be imported from UNIX and Linux systems. Future Messaging Server releases will include the capability of importing data from Microsoft® Windows and Exchange systems.

Importing Mailboxes

Existing mailboxes can be imported to the Messaging Server using any IMAP-capable mail client.

For existing IMAP mailboxes:
  • Administrators can migrate existing IMAP mailboxes from the command line using the imapcp(8) utility.

  • Mail client users can drag their IMAP mailbox from the previous server to the IMAP mailbox on the Messaging Server.

For existing POP mailboxes:

Once mail client users have downloaded their POP mail, they can upload it from their client to their Messaging Server IMAP mailbox.

Importing Users

Use the msgusermigrate migration utility to convert UNIX system /etc/passwd entries to an LDAP datastore. To do so, copy the existing /etc/passwd and /etc/shadow files to a tmp directory on the Messaging Server system and run msgusermigrate. For more information, see the msgusermigrate(8) manual page.

Warning

Make sure that none of the UIDs in the imported /etc/passwd file exist as system users on the Messaging Server system. Do not use the msgusermigrate utility in an attempt to create Messaging Server mailboxes for existing system users; doing so will result in failed mail delivery to the Messaging Server accounts. If you must have system users on your Messaging Server system, make sure that their Messaging Server UserID is different from their system uids.

Also, be sure that the imported /etc/passwd does not contain an admin account. If you attempt to import a duplicate admin account, you might disable the Messaging Server.

We recommend that you carefully review the contents of the imported /etc/passwd file before running the msgusermigrate utility.

Importing Aliases

Use the msgaliasmigrate migration utility to convert UNIX system mail alias file entries to an LDAP datastore. To do so, run it on an imported aliases file or the local /etc/mail/aliases file. For more information, see the msgaliasmigrate(8) manual page.

System Settings

Changing the admin Password

You can use the Server Manager to change the password for the admin administrator account:

  1. In the System menu, click on Admin Password.

  2. Enter and confirm the new password value in the Change Password screen

  3. Click on Apply to complete the change.

You can also change the admin password in the View Users but it is more direct to use this method in the System menu.

Managing Global User Access Privileges

You can use the Server Manager to set global access privileges for users in all mail domains controlled by the Messaging Server.

In the System menu, click on User Access. You can grant or deny these privileges globally:

Users can change their own password

Controls whether users can change the value of their mail account password via the Messaging Server admin user configuration interface.

Users can change their own profile

Controls whether users can change their profile parameters as described in “Managing Mail Users”.

Users can create mail aliases

Controls whether users can create mail aliases within the Messaging Server directory using the Server Manager user configuration interface.

Note

When you change these settings, Preferences Manager screens for users currently logged in are not changed dynamically. We recommend that you alert Messaging Server users when global or individual changes are made to their privileges.

Managing Mail Services

The Server Manager allows you to view the status and perform certain actions on the Messaging Server component servers. In the System menu, click on Mail Services to view the list of configured services. Click on the service name to display its status, the PID of the active process, and the command that launched it. You can also take the following Service Actions:

  • cyrus IMAP/POP Server

    Start/Stop

    Start or stop the server

  • docview - OpenLinux Documentation Server

    Start/Stop

    Start or stop the server

    Restart

    Stop and restart the server

    Reload

    Reload DocView configuration files

  • ldap - OpenLDAP Directory Server

    Restart

    Stop and restart the server

    Note

    Stopping the LDAP server disables the Server Manager; this can only be done manually.

  • postfix - Mail Transport Agent (MTA)

    Start/Stop

    Start or stop the MTA

    Restart

    Stop and restart the MTA

    Reload

    Reload MTA configuration files

  • steltor_cts - Steltor CorporateTime Server (displayed only when CorporateTime Server is installed)

    Start/Stop

    Start or stop the CorporateTime Server

    Restart

    Stop and restart the CorporateTime Server

Mail services can also be controlled from the command line using standard init scripts:


/etc/rc.d/init.d/service [ start|stop|restart|reload ]

Managing Junk Mail

The Server Manager allows you to control access to the Realtime Blackhole List (RBL) mail filtering service. Click on:

Reject messages

to enable RBL service

Don't use RBL

to disable RBL service

Then click on Apply to complete the change.

Note

RBL is a subsciption service that must be contracted before mail is filtered. For more information, see “Junk Mail Filtering”.

You can also make the simple BCC filter available by granting individual User Access privileges for junk mail filtering or by setting a default for user creation; see “Junk Mail Filtering” for more information.

at Command Output to root Mailbox

Several Server Manager backend utilities schedule jobs with the at(1) command, which sends output to the root user's system mailbox. The following actions will generate spurious warning mail to root:

  • creating or deleting a domain

  • changing any of the User Access values in the Server Manager System menu

The warning message varies on the supported platforms, but in all cases it will be output captured by the at command. These messages can be safely ignored.

The root user's mailbox is /var/spool/mail/root; you should examine and clear this file regularly. You might also want to alias root's mail to the Messaging Server mailbox for the admin user, as described in “Aliasing root Mail to Messaging Server admin Mailbox”.

Running Messaging Server Utilities From Scripts

All Messaging Server utilities require some form of authentication, but it is not practical to enter the administrator's password every time a Messaging Server utilities is invoked, especially if many executions are desired.

The preferred method is to pipe the admin user's fully qualified LDAP name (distinguished name) and password to the utility. This is because it is a security risk to store a password in a file or to pass it as a command line argument, which would be visible to a ps(1) listing. The administrator's LDAP distinguished name is contained in the /etc/opt/lsb-caldera.com-volution/msg/msg.conf file in the ADMINDN variable. A script can prompt for the admin password once and pipe it to as many Messaging Server utilities as needed after that.

Here is an example using a Messaging Server utility in an OpenLinux bash(1) shell script:

# Get the password in a safe way.
# If you need to run the script non-interactively, you can enter
# the password directly in the script and bypass this section.
echo -n "Enter administrators password : "
stty -echo
read password
stty echo
# Need to echo a newline after getting the password.
echo
# Get the admin distinguished name from msg.conf.
admindn=`grep ADMINDN /etc/opt/lsb-caldera.com-volution/msg/msg.conf | sed s/ADMINDN://`
# Issue a command; use ADMINDN from msg.conf,
# although you can specify any user's DN there if desired.
cat << DONE | /opt/lsb-caldera.com-volution/msg/bin/msgusercreate --uid=user0 --domain=`hostname -f`
$admindn
$password
DONE

Enabling Webmail Service

The Messaging Server provides Webmail service with the IMP (Internet Messaging Program) webmail client and Horde framework, which are enabled by default. At installation, the Messaging Server:

  • configures the mysql database engine to work with the horde database, which is used to store user information.

  • sets the horde database password to the value of the PW attribute, which is stored in the msg.conf(5) file. The system administrator can change this password using the utility:

    /usr/libexec/horde/database/dbpasswd.sh

    Note

    Later versions of the horde package might store this utility in /usr/lib/horde/database/dbpasswd.sh

    You will need this password if you want to make changes to your Horde or IMP configuration files.

  • starts the mysql daemon and sets it to run by default.

Messaging Server users can access the IMP webmail client immediately by pointing their browsers at https://hostname/horde/imp, as described in “Enabling IMP Webmail Client Users”.

To disable Webmail service:

  1. Disable default mysql daemon startup by editing the /etc/sysconfig/daemons/mysql file and changing the ONBOOT parameter to "no".

  2. Stop the mysql daemon using either:

    Webmin (Caldera OpenLinux only)

    In the Servers screen, click on MySQL Database Server, then click on Stop MySQL Server.

    command line

    Enter /etc/rc.d/init.d/mysql stop.

For more information, see the Horde and IMP documentation, available from the Messaging Server webpage in DocView.

Using Volution System Management Services

The Caldera Volution platform includes two system management and administration products that are compatible with the Messaging Server:

Volution Manager (VM)

This Web-based management system enables administrators to manage the network with profiles and policies, without having to individually manage each system. Based on LDAP directory services, it can be configured to provide hardware and software inventory, software distribution, health monitoring of systems, printer configuration and scripted scheduled actions. It consists of:

Volution Manager Server

A Caldera OpenLinux server system running VM Server software. This includes the computer creation daemon (volutionccd) which adds VM Client computers to the directory structure, the DENS daemon (densd) which acts as an event scheduler, and the software repository daemon (volutionsrd) which adds distributable package objects to the software repository.

Volution Manager Client

A Linux or UNIX system that can be managed by the VM Server. Each installed client runs the VM Client daemon (volutiond) which includes support for OpenSLP, the protocol the client uses to locate the VM Server.

Volution Manager Console

A browser-based interface used to perform management tasks. Once the VM Server and VM Clients are installed and configured, the VM Management Console is where Volution system management takes place.

Volution Online

A proactive, subscription package management system. It tracks thousands of RPM packages, tracks alerts against these packages, and facilitates updates to your systems.

Working With Volution Manager

Volution Manager and the Messaging Server can reside:

on the same machine

Both the Manager Server and Messaging Server Volution services can coexist on the same Caldera OpenLinux server, sharing the same OpenLDAP directory server. No special installation or configuration is required, simply run the Caldera installations for both products on the same system.

The Manager Client and Messaging Server can also coexist together on the same machine, facilitating simple remote management of the Messaging Server platform.

on different machines

The Manager Server and Messaging Server can also share the same OpenLDAP server but reside on different systems. In this configuration, the Messaging Server has to be configured to recognize a remote LDAP server as described in “Configuring a Remote OpenLDAP Server”.

The Volution Manager and Messaging Server can work together to provide:

software distribution and maintenance

Volution Manager can be used to supply updates, patches, fixes, or advanced configuration changes to a Messaging Server system when the VM Client is installed on the same system.

system monitoring

Volution Manager can detect system problems on a Messaging Server system with the VM Client installed. Volution Manager can be configured to notify staff or take corrective action for a range of problems, such as poor network performance and approaching disk space limits. Many standard alerts are pre-configured with the Volution Manager product.

email alerts

Volution Manager can also be configured to notify administrators of problems using email messages. In this case, the Messaging Server can be used as the email server that delivers these notifications to designated recipients. The Messaging Server can also redirect messages to Linux applications (such as a helpdesk application).

For more information, see the Volution Manager Administration Guide.