Table of Contents
The SCOoffice Mail Server includes these administrative interfaces:
We also recommend that you familiarize yourself with platform-specific graphical administrative tools.
The principle graphical interface for SCOoffice Mail Server administration. It provides mail server administrative screens accessible only by administrators with the login name "admin".
By default, the Server Manager is served by the Apache webserver at:
https://hostname/msg
SSL (Secure Socket Layer) connections are enabled by default in the SCOoffice Mail Server, allowing you to log in to the Server Manager immediately using an https URL. We strongly recommend that you use secure SSL connections provided by the https URL whenever possible.
The SCOoffice Mail Server mail client user interface. It provides client mail preference screens accessible to all users with an active SCOoffice Mail Server mail account and an Internet browser. Like the Server Manager screens, it is served by the Apache webserver at:
https://hostname/msg
Although most administrative functions can be managed with the Server Manager, the following command lines utilities are also available:
migrate existing IMAP mailboxes to SCOoffice Mail Server
get current state of LDAP access controls
modify the state of LDAP access controls
add a member to a SCOoffice Mail Server alias
create a new SCOoffice Mail Server alias
delete a SCOoffice Mail Server alias
list attributes of a SCOoffice Mail Server alias
list attributes of all SCOoffice Mail Server aliases
migrate mail alias file members to SCOoffice Mail Server LDAP datastore
delete a member from a SCOoffice Mail Server alias
modify the restricted setting or the description of a SCOoffice Mail Server alias
query SCOoffice Mail Server calendar node information
list the names and descriptions of all SCOoffice Mail Server mail domains
create a new SCOoffice Mail Server mail domain
delete a SCOoffice Mail Server mail domain
list the description of a SCOoffice Mail Server mail domain
list the descriptions of all SCOoffice Mail Server mail domains
modify the description of a SCOoffice Mail Server mail domain
rename a SCOoffice Mail Server mail domain
configure IMP mail client to work with the SCOoffice Mail Server Cyrus server
configure the SCOoffice Mail Server LDAP host
list the status of a SCOoffice Mail Server system service
list the status of all SCOoffice Mail Server system services
rebuild SCOoffice Mail Server user mail filters
remove the SCOoffice Mail Server from a host system
create a new SCOoffice Mail Server user
delete a SCOoffice Mail Server user
list SCOoffice Mail Server alias membership for a specified user
determine admin privileges of a specified SCOoffice Mail Server user
list SCOoffice Mail Server user attributes
list all SCOoffice Mail Server users' attributes
migrate /etc/passwd members to SCOoffice Mail Server LDAP datastore
modify SCOoffice Mail Server user attributes
change a SCOoffice Mail Server user's password
These utilities are called from the /opt/lsb-sco.com/msg/bin directory. If you use them frequently, you might want to add /opt/lsb-sco.com/msg/bin to your PATH environment variable. For more information, see their respective manual pages.
Many of these utilities form the back end for the administrative interface. This listing does not include those utilities in /opt/lsb-sco.com/msg/bin that should only be run by the administrative interface. Do not run the following utilities from the command line:
msgencrypt
msgexec
msggenclientconfig
msginboxcreate
msgroot
msgvscan
See also Running SCOoffice Mail Server Utilities From Scripts.
Webmin™ is the browser-based system administration interface for SCO Linux and Caldera OpenLinux. It is the prefered utility for managing system functions used by the SCOoffice Mail Server, such as:
network configuration, including DNS/BIND
SSL certificate and key management
MySQL management for Webmail components
For more information, see "Introduction to Webmin" in the Caldera OpenLinux System Administration Guide.
The SCOoffice Mail Server has a single administrative account named admin. This is the name you use to log into the Server Manager for administering your messaging server. It is a valid mail account and can receive mail.
Do not configure a local system account named admin; doing so will prevent the SCOoffice Mail Server administrator from receiving mail.
The admin account is managed like other user accounts as described in “Managing Mail Users”. You can also change the admin password by clicking on Admin Password under the System menu in the Server Manager.
Before proceeding with SCOoffice Mail Server configuration, we recommend that you change the initial admin password, set by default to "admin." Neither the admin password nor any user password can be a null string. You must enter a string of at least one character; we recommend that you follow conventional password precautions as described in Chapter 8 “Changing Your SCOoffice Mail Server Password” in the Client User's Guide.
You must select and maintain passwords carefully to ensure the security of your SCOoffice Mail Server. Insufficient password protection is a security risk.
The root mail account is used by several OpenLinux programs to log various activities. This mail is normally sent to the root mailbox in /var/spool/mail/root. However, because root's mail is not kept in a SCOoffice Mail Server mailbox, this mail is not accessible using either POP or IMAP protocols.
If you wish to have root's mail accessible using IMAP or POP, we recommend that you create an alias called root in the primary mail domain and add admin as its only member. This will cause all mail addressed to root to go to the SCOoffice Mail Server mailbox for the admin user. Since the admin account is privileged, we recommend accessing that account from SSL sessions only.
The SCOoffice Mail Server enables you to migrate user data from existing UNIX system mail configurations by converting existing data files into LDAP datastores. You can import:
mailboxes
users
aliases
In this SCOoffice Mail Server release, user data can only be imported from UNIX and Linux systems. Future SCOoffice Mail Server releases will include the capability of importing data from Microsoft® Windows and Exchange systems.
Existing mailboxes can be imported to the SCOoffice Mail Server using any IMAP-capable mail client.
Administrators can migrate existing IMAP mailboxes from the command line using the imapcp(8) utility.
Mail client users can drag their IMAP mailbox from the previous server to the IMAP mailbox on the SCOoffice Mail Server.
Once mail client users have downloaded their POP mail, they can upload it from their client to their SCOoffice Mail Server IMAP mailbox.
Use the msgusermigrate migration utility to convert UNIX system /etc/passwd entries to an LDAP datastore. To do so, copy the existing /etc/passwd and /etc/shadow files to a tmp directory on the SCOoffice Mail Server system and run msgusermigrate. For more information, see the msgusermigrate(8) manual page.
Make sure that none of the UIDs in the imported /etc/passwd file exist as system users on the SCOoffice Mail Server system. Do not use the msgusermigrate utility in an attempt to create SCOoffice Mail Server mailboxes for existing system users; doing so will result in failed mail delivery to the SCOoffice Mail Server accounts. If you must have system users on your SCOoffice Mail Server system, make sure that their SCOoffice Mail Server UserID is different from their system uids.
Also, be sure that the imported /etc/passwd does not contain an admin account. If you attempt to import a duplicate admin account, you might disable the SCOoffice Mail Server.
We recommend that you carefully review the contents of the imported /etc/passwd file before running the msgusermigrate utility.
Use the msgaliasmigrate migration utility to convert UNIX system mail alias file entries to an LDAP datastore. To do so, run it on an imported aliases file or the local /etc/mail/aliases file. For more information, see the msgaliasmigrate(8) manual page.
You must License and Register the SCOoffice Mail Server. You license the SCOoffice Mail Server when you install it. Other SCO products will prompt you for license information during their installation process. Registration is done through the SCO registration application available on the web at http://www.sco.com/registration Registration activates your one year subscription to SCO Update, a repository for SCOoffice software fixes and updates, for a period of one year.
If you defer licensing during installation, your software product is in 60 day evaluation mode and will expire unless a license is provided within that timeframe. The number of user licenses provided in 60 day evaluation mode is not limited. After the expiration period, you must supply both user and server licenses or the SCOoffice Mail Server management tools will cease to function.
Use the Licenses screen to license the SCOoffice Mail Server software and manage user licenses. The following three items on the Certificate of License and Authenticity are your "license" and are always used in conjunction with one and another:
A unique number identifying each SCO product.
A license code which activates the product.
Additional license information needed to activate some products. This field is not always present on the Certificate of License and Authenticity, and is not required for licensing in those cases.
Should the 60 Day evaluation period expire, before a license is applied, the web-based management interface will cease to function. It is still possible to enable licensing from the command line using:
brand -g serial_number activation_key [optional_license_data]
You can use the Server Manager to change the password for the admin administrator account:
In the System menu, click on Admin Password.
Enter and confirm the new password value in the Change Password screen
Click on Apply to complete the change.
You can also change the admin password in the View Users but it is more direct to use this method in the System menu.
You can use the Server Manager to set global access privileges for users in all mail domains controlled by the SCOoffice Mail Server.
In the System menu, click on User Access. You can grant or deny these privileges globally:
Controls whether users can change the value of their mail account password via the SCOoffice Mail Server admin user configuration interface.
Controls whether users can change their profile parameters as described in “Managing Mail Users”.
Controls whether users can create mail aliases within the SCOoffice Mail Server directory using the Server Manager user configuration interface.
When you change these settings, Preferences Manager screens for users currently logged in are not changed dynamically. We recommend that you alert SCOoffice Mail Server users when global or individual changes are made to their privileges.
The Server Manager allows you to view the status and perform certain actions on the SCOoffice Mail Server component servers. In the System menu, click on Mail Services to view the list of configured services. Click on the service name to display its status, the PID of the active process, and the command that launched it. You can also take the following Service Actions:
cyrus IMAP/POP Server
Start or stop the server
docview - OpenLinux Documentation Server
Start or stop the server
Stop and restart the server
Reload DocView configuration files
ldap - OpenLDAP Directory Server
Stop and restart the server
Stopping the LDAP server disables the Server Manager; this can only be done manually.
postfix - Mail Transport Agent (MTA)
Start or stop the MTA
Stop and restart the MTA
Reload MTA configuration files
Mail services can also be controlled from the command line using standard init scripts:
/etc/rc.d/init.d/service [ start|stop|restart|reload ]
The Server Manager allows you to control access to the Realtime Blackhole List (RBL) mail filtering service. Click on:
to enable RBL service
to disable RBL service
Then click on Apply to complete the change.
RBL is a subsciption service that must be contracted before mail is filtered. For more information, see “Junk Mail Filtering”.
You can also make the simple BCC filter available by granting individual User Access privileges for junk mail filtering or by setting a default for user creation; see “Junk Mail Filtering” for more information.
Several Server Manager backend utilities schedule jobs with the at(1) command, which sends output to the root user's system mailbox. The following actions will generate spurious warning mail to root:
creating or deleting a domain
changing any of the User Access values in the Server Manager System menu
The warning message varies on the supported platforms, but in all cases it will be output captured by the at command. These messages can be safely ignored.
The root user's mailbox is /var/spool/mail/root; you should examine and clear this file regularly. You might also want to alias root's mail to the SCOoffice Mail Server mailbox for the admin user, as described in “Aliasing root Mail to SCOoffice Mail Server admin Mailbox”.
All SCOoffice Mail Server utilities require some form of authentication, but it is not practical to enter the administrator's password every time a SCOoffice Mail Server utilities is invoked, especially if many executions are desired.
The preferred method is to pipe the admin user's fully qualified LDAP name (distinguished name) and password to the utility. This is because it is a security risk to store a password in a file or to pass it as a command line argument, which would be visible to a ps(1) listing. The administrator's LDAP distinguished name is contained in the /etc/opt/lsb-sco.com/msg/msg.conf file in the ADMINDN variable. A script can prompt for the admin password once and pipe it to as many SCOoffice Mail Server utilities as needed after that.
Here is an example using a SCOoffice Mail Server utility in an OpenLinux bash(1) shell script:
# Get the password in a safe way. # If you need to run the script non-interactively, you can enter # the password directly in the script and bypass this section. echo -n "Enter administrators password : " stty -echo read password stty echo
# Need to echo a newline after getting the password. echo
# Get the admin distinguished name from msg.conf. admindn=`grep ADMINDN /etc/opt/lsb-sco.com/msg/msg.conf | sed s/ADMINDN://`
# Issue a command; use ADMINDN from msg.conf, # although you can specify any user's DN there if desired. cat << DONE | /opt/lsb-sco.com/msg/bin/msgusercreate --uid=user0 --domain=`hostname -f` $admindn $password DONE
The SCOoffice Mail Server provides Webmail service with the IMP (Internet Messaging Program) webmail client and Horde framework, which are enabled by default. At installation, the SCOoffice Mail Server:
configures the mysql database engine to work with the horde database, which is used to store user information.
sets the horde database password to the value of the PW attribute, which is stored in the msg.conf(5) file. The system administrator can change this password using the utility:
/usr/libexec/horde/database/dbpasswd.sh
Later versions of the horde package might store this utility in /usr/lib/horde/database/dbpasswd.sh
You will need this password if you want to make changes to your Horde or IMP configuration files.
starts the mysql daemon and sets it to run by default.
SCOoffice Mail Server users can access the IMP webmail client immediately by pointing their browsers at https://hostname/horde/imp, as described in “Enabling IMP Webmail Client Users”.
To disable Webmail service:
Disable default mysql daemon startup by editing the /etc/sysconfig/daemons/mysql file and changing the ONBOOT parameter to "no".
Stop the mysql daemon using either:
In the Servers screen, click on MySQL Database Server, then click on Stop MySQL Server.
Enter /etc/rc.d/init.d/mysql stop.
For more information, see the Horde and IMP documentation, available from the SCOoffice Mail Server webpage in DocView.
The Caldera Volution platform includes two system management and administration products that are compatible with the SCOoffice Mail Server:
This Web-based management system enables administrators to manage the network with profiles and policies, without having to individually manage each system. Based on LDAP directory services, it can be configured to provide hardware and software inventory, software distribution, health monitoring of systems, printer configuration and scripted scheduled actions. It consists of:
A server system running VM Server software. This includes the computer creation daemon (volutionccd) which adds VM Client computers to the directory structure, the DENS daemon (densd) which acts as an event scheduler, and the software repository daemon (volutionsrd) which adds distributable package objects to the software repository.
A Linux or UNIX system that can be managed by the VM Server. Each installed client runs the VM Client daemon (volutiond) which includes support for OpenSLP, the protocol the client uses to locate the VM Server.
A browser-based interface used to perform management tasks. Once the VM Server and VM Clients are installed and configured, the VM Management Console is where Volution system management takes place.
A proactive, subscription package management system. It tracks thousands of RPM packages, tracks alerts against these packages, and facilitates updates to your systems.
Volution Manager and the SCOoffice Mail Server can reside:
Both the Manager Server and SCOoffice Mail Server Volution services can coexist on the same Caldera OpenLinux server, sharing the same OpenLDAP directory server. No special installation or configuration is required, simply run the installations for both products on the same system.
The Manager Client and SCOoffice Mail Server can also coexist together on the same machine, facilitating simple remote management of the SCOoffice Mail Server platform.
The Manager Server and SCOoffice Mail Server can also share the same OpenLDAP server but reside on different systems. In this configuration, the SCOoffice Mail Server has to be configured to recognize a remote LDAP server as described in “Configuring a Remote OpenLDAP Server”.
The Volution Manager and Messaging Server can work together to provide:
Volution Manager can be used to supply updates, patches, fixes, or advanced configuration changes to a SCOoffice Mail Server system when the VM Client is installed on the same system.
Volution Manager can detect system problems on a SCOoffice Mail Server system with the VM Client installed. Volution Manager can be configured to notify staff or take corrective action for a range of problems, such as poor network performance and approaching disk space limits. Many standard alerts are pre-configured with the Volution Manager product.
Volution Manager can also be configured to notify administrators of problems using email messages. In this case, the SCOoffice Mail Server can be used as the email server that delivers these notifications to designated recipients. The SCOoffice Mail Server can also redirect messages to Linux applications (such as a helpdesk application).
For more information, see the Volution Manager Administration Guide.