Table of Contents
The Messaging Server includes these administrative interfaces:
We also recommend that you familiarize yourself with platform-specific graphical administrative tools.
The principle graphical interface for Messaging Server administration. It provides mail server administrative screens accessible only by administrators with the login name "admin".
By default, the Server Manager is served by the Apache webserver at:
https://hostname/msg
SSL (Secure Socket Layer) connections are enabled by default in the Messaging Server, allowing you to log in to the Server Manager immediately using an https URL. We strongly recommend that you use secure SSL connections provided by the https URL whenever possible.
The Messaging Server mail client user interface. It provides client mail preference screens accessible to all users with an active Messaging Server mail account and an Internet browser. Like the Server Manager screens, it is served by the Apache webserver at:
https://hostname/msg
Although most administrative functions can be managed with the Server Manager, the following command lines utilities are also available:
migrate existing IMAP mailboxes to Messaging Server
get current state of LDAP access controls
modify the state of LDAP access controls
add a member to a Messaging Server alias
create a new Messaging Server alias
delete a Messaging Server alias
list attributes of a Messaging Server alias
list attributes of all Messaging Server aliases
migrate mail alias file members to Messaging Server LDAP datastore
delete a member from a Messaging Server alias
modify the restricted setting or the description of a Messaging Server alias
query Messaging Server calendar node information
list the names and descriptions of all Messaging Server mail domains
create a new Messaging Server mail domain
delete a Messaging Server mail domain
list the description of a Messaging Server mail domain
list the descriptions of all Messaging Server mail domains
modify the description of a Messaging Server mail domain
rename a Messaging Server mail domain
configure IMP mail client to work with the Messaging Server Cyrus server
configure the Messaging Server LDAP host
list the status of a Messaging Server system service
list the status of all Messaging Server system services
rebuild Messaging Server user mail filters
remove the Messaging Server from a host system
create a new Messaging Server user
delete a Messaging Server user
list Messaging Server alias membership for a specified user
determine admin privileges of a specified Messaging Server user
list Messaging Server user attributes
list all Messaging Server users' attributes
migrate /etc/passwd members to Messaging Server LDAP datastore
modify Messaging Server user attributes
change a Messaging Server user's password
These utilities are called from the /opt/lsb-caldera.com-volution/msg/bin directory. If you use them frequently, you might want to add /opt/lsb-caldera.com-volution/msg/bin to your PATH environment variable. For more information, see their respective manual pages.
Many of these utilities form the back end for the administrative interface. This listing does not include those utilities in /opt/lsb-caldera.com-volution/msg/bin that should only be run by the administrative interface. Do not run the following utilities from the command line:
msgencrypt
msgexec
msggenclientconfig
msginboxcreate
msgroot
msgvscan
Webmin™ is the browser-based system administration interface for Caldera OpenLinux. It is the prefered utility for managing system functions used by the Messaging Server, such as:
network configuration, including DNS/BIND
SSL certificate and key management
MySQL management for Webmail components
For more information, see "Introduction to Webmin" in the Caldera OpenLinux System Administration Guide.
The Messaging Server has a single administrative account named admin. This is the name you use to log into the Server Manager for administering your messaging server. It is a valid mail account and can receive mail.
Do not configure a local system account named admin; doing so will prevent the Messaging Server administrator from receiving mail.
The admin account is managed like other user accounts as described in “Managing Mail Users”. You can also change the admin password by clicking on Admin Password under the System menu in the Server Manager.
Before proceeding with Messaging Server configuration, we recommend that you change the initial admin password, set by default to "admin." Neither the admin password nor any user password can be a null string. You must enter a string of at least one character; we recommend that you follow conventional password precautions as described in Chapter 8 “Changing Your Messaging Server Password” in the Client User's Guide.
You must select and maintain passwords carefully to ensure the security of your Messaging Server. Insufficient password protection is a security risk.
The root mail account is used by several OpenLinux programs to log various activities. This mail is normally sent to the root mailbox in /var/spool/mail/root. However, because root's mail is not kept in a Messaging Server mailbox, this mail is not accessible using either POP or IMAP protocols.
If you wish to have root's mail accessible using IMAP or POP, we recommend that you create an alias called root in the primary mail domain and add admin as its only member. This will cause all mail addressed to root to go to the Messaging Server mailbox for the admin user. Since the admin account is privileged, we recommend accessing that account from SSL sessions only.
The Messaging Server enables you to migrate user data from existing UNIX system mail configurations by converting existing data files into LDAP datastores. You can import:
mailboxes
users
aliases
In this Messaging Server release, user data can only be imported from UNIX and Linux systems. Future Messaging Server releases will include the capability of importing data from Microsoft® Windows and Exchange systems.
Existing mailboxes can be imported to the Messaging Server using any IMAP-capable mail client.
Administrators can migrate existing IMAP mailboxes from the command line using the imapcp(8) utility.
Mail client users can drag their IMAP mailbox from the previous server to the IMAP mailbox on the Messaging Server.
Once mail client users have downloaded their POP mail, they can upload it from their client to their Messaging Server IMAP mailbox.
Use the msgusermigrate migration utility to convert UNIX system /etc/passwd entries to an LDAP datastore. To do so, copy the existing /etc/passwd and /etc/shadow files to a tmp directory on the Messaging Server system and run msgusermigrate. For more information, see the msgusermigrate(8) manual page.
Make sure that none of the UIDs in the imported /etc/passwd file exist as system users on the Messaging Server system. Do not use the msgusermigrate utility in an attempt to create Messaging Server mailboxes for existing system users; doing so will result in failed mail delivery to the Messaging Server accounts. If you must have system users on your Messaging Server system, make sure that their Messaging Server UserID is different from their system uids.
Also, be sure that the imported /etc/passwd does not contain an admin account. If you attempt to import a duplicate admin account, you might disable the Messaging Server.
We recommend that you carefully review the contents of the imported /etc/passwd file before running the msgusermigrate utility.
Use the msgaliasmigrate migration utility to convert UNIX system mail alias file entries to an LDAP datastore. To do so, run it on an imported aliases file or the local /etc/mail/aliases file. For more information, see the msgaliasmigrate(8) manual page.
You can use the Server Manager to change the password for the admin administrator account:
In the System menu, click on Admin Password.
Enter and confirm the new password value in the Change Password screen
Click on Apply to complete the change.
You can also change the admin password in the View Users but it is more direct to use this method in the System menu.
You can use the Server Manager to set global access privileges for users in all mail domains controlled by the Messaging Server.
In the System menu, click on User Access. You can grant or deny these privileges globally:
Controls whether users can change the value of their mail account password via the Messaging Server admin user configuration interface.
Controls whether users can change their profile parameters as described in “Managing Mail Users”.
Controls whether users can create mail aliases within the Messaging Server directory using the Server Manager user configuration interface.
When you change these settings, Preferences Manager screens for users currently logged in are not changed dynamically. We recommend that you alert Messaging Server users when global or individual changes are made to their privileges.
The Server Manager allows you to view the status and perform certain actions on the Messaging Server component servers. In the System menu, click on Mail Services to view the list of configured services. Click on the service name to display its status, the PID of the active process, and the command that launched it. You can also take the following Service Actions:
cyrus IMAP/POP Server
Start or stop the server
docview - OpenLinux Documentation Server
Start or stop the server
Stop and restart the server
Reload DocView configuration files
ldap - OpenLDAP Directory Server
Stop and restart the server
Stopping the LDAP server disables the Server Manager; this can only be done manually.
postfix - Mail Transport Agent (MTA)
Start or stop the MTA
Stop and restart the MTA
Reload MTA configuration files
steltor_cts - Steltor CorporateTime Server (displayed only when CorporateTime Server is installed)
Start or stop the CorporateTime Server
Stop and restart the CorporateTime Server
Mail services can also be controlled from the command line using standard init scripts:
/etc/rc.d/init.d/service [ start|stop|restart|reload ]
The Server Manager allows you to control access to the Realtime Blackhole List (RBL) mail filtering service. Click on:
to enable RBL service
to disable RBL service
Then click on Apply to complete the change.
RBL is a subsciption service that must be contracted before mail is filtered. For more information, see “Junk Mail Filtering”.
You can also make the simple BCC filter available by granting individual User Access privileges for junk mail filtering or by setting a default for user creation; see “Junk Mail Filtering” for more information.
Several Server Manager backend utilities schedule jobs with the at(1) command, which sends output to the root user's system mailbox. The following actions will generate spurious warning mail to root:
creating or deleting a domain
changing any of the User Access values in the Server Manager System menu
The warning message varies on the supported platforms, but in all cases it will be output captured by the at command. These messages can be safely ignored.
The root user's mailbox is /var/spool/mail/root; you should examine and clear this file regularly. You might also want to alias root's mail to the Messaging Server mailbox for the admin user, as described in “Aliasing root Mail to Messaging Server admin Mailbox”.
All Messaging Server utilities require some form of authentication, but it is not practical to enter the administrator's password every time a Messaging Server utilities is invoked, especially if many executions are desired.
The preferred method is to pipe the admin user's fully qualified LDAP name (distinguished name) and password to the utility. This is because it is a security risk to store a password in a file or to pass it as a command line argument, which would be visible to a ps(1) listing. The administrator's LDAP distinguished name is contained in the /etc/opt/lsb-caldera.com-volution/msg/msg.conf file in the ADMINDN variable. A script can prompt for the admin password once and pipe it to as many Messaging Server utilities as needed after that.
Here is an example using a Messaging Server utility in an OpenLinux bash(1) shell script:
# Get the password in a safe way. # If you need to run the script non-interactively, you can enter # the password directly in the script and bypass this section. echo -n "Enter administrators password : " stty -echo read password stty echo
# Need to echo a newline after getting the password. echo
# Get the admin distinguished name from msg.conf. admindn=`grep ADMINDN /etc/opt/lsb-caldera.com-volution/msg/msg.conf | sed s/ADMINDN://`
# Issue a command; use ADMINDN from msg.conf, # although you can specify any user's DN there if desired. cat << DONE | /opt/lsb-caldera.com-volution/msg/bin/msgusercreate --uid=user0 --domain=`hostname -f` $admindn $password DONE
The Messaging Server provides Webmail service with the IMP (Internet Messaging Program) webmail client and Horde framework, which are enabled by default. At installation, the Messaging Server:
configures the mysql database engine to work with the horde database, which is used to store user information.
sets the horde database password to the value of the PW attribute, which is stored in the msg.conf(5) file. The system administrator can change this password using the utility:
/usr/libexec/horde/database/dbpasswd.sh
Later versions of the horde package might store this utility in /usr/lib/horde/database/dbpasswd.sh
You will need this password if you want to make changes to your Horde or IMP configuration files.
starts the mysql daemon and sets it to run by default.
Messaging Server users can access the IMP webmail client immediately by pointing their browsers at https://hostname/horde/imp, as described in “Enabling IMP Webmail Client Users”.
To disable Webmail service:
Disable default mysql daemon startup by editing the /etc/sysconfig/daemons/mysql file and changing the ONBOOT parameter to "no".
Stop the mysql daemon using either:
In the Servers screen, click on MySQL Database Server, then click on Stop MySQL Server.
Enter /etc/rc.d/init.d/mysql stop.
For more information, see the Horde and IMP documentation, available from the Messaging Server webpage in DocView.
The Caldera Volution platform includes two system management and administration products that are compatible with the Messaging Server:
This Web-based management system enables administrators to manage the network with profiles and policies, without having to individually manage each system. Based on LDAP directory services, it can be configured to provide hardware and software inventory, software distribution, health monitoring of systems, printer configuration and scripted scheduled actions. It consists of:
A Caldera OpenLinux server system running VM Server software. This includes the computer creation daemon (volutionccd) which adds VM Client computers to the directory structure, the DENS daemon (densd) which acts as an event scheduler, and the software repository daemon (volutionsrd) which adds distributable package objects to the software repository.
A Linux or UNIX system that can be managed by the VM Server. Each installed client runs the VM Client daemon (volutiond) which includes support for OpenSLP, the protocol the client uses to locate the VM Server.
A browser-based interface used to perform management tasks. Once the VM Server and VM Clients are installed and configured, the VM Management Console is where Volution system management takes place.
A proactive, subscription package management system. It tracks thousands of RPM packages, tracks alerts against these packages, and facilitates updates to your systems.
Volution Manager and the Messaging Server can reside:
Both the Manager Server and Messaging Server Volution services can coexist on the same Caldera OpenLinux server, sharing the same OpenLDAP directory server. No special installation or configuration is required, simply run the Caldera installations for both products on the same system.
The Manager Client and Messaging Server can also coexist together on the same machine, facilitating simple remote management of the Messaging Server platform.
The Manager Server and Messaging Server can also share the same OpenLDAP server but reside on different systems. In this configuration, the Messaging Server has to be configured to recognize a remote LDAP server as described in “Configuring a Remote OpenLDAP Server”.
The Volution Manager and Messaging Server can work together to provide:
Volution Manager can be used to supply updates, patches, fixes, or advanced configuration changes to a Messaging Server system when the VM Client is installed on the same system.
Volution Manager can detect system problems on a Messaging Server system with the VM Client installed. Volution Manager can be configured to notify staff or take corrective action for a range of problems, such as poor network performance and approaching disk space limits. Many standard alerts are pre-configured with the Volution Manager product.
Volution Manager can also be configured to notify administrators of problems using email messages. In this case, the Messaging Server can be used as the email server that delivers these notifications to designated recipients. The Messaging Server can also redirect messages to Linux applications (such as a helpdesk application).
For more information, see the Volution Manager Administration Guide.