Novell Documentation: NetMail 3.5

Messaging Server

A messaging server is any server on the network that hosts one or more Novell NetMail agents. In eDirectory^TM, the messaging server is represented as a Container object with server attributes: it defines the messaging server properties and it contains all NetMail agents running on that server.

Messaging Server and Agents within WebAdmin

Creating the Messaging Server

NetMail 3.5 gives administrators the option of creating the Messaging Server object during installation or creating it after installation using WebAdmin. For ease of use, it might seem logical to simply create the Messaging Server object during installation; however, doing so assumes that you want to create the messaging server in the Internet Services container, that you want the server to function in distributed mode, and that you want to run the NMAP Agent on the server.

These are large assumptions that impact the functionality of your overall messaging system. Therefore, before deciding whether to create the Messaging Server object during or after installation, you need to consider the preceding issues of whether the messaging server is going to function in distributed or standalone mode, where you want to create the Messaging Server object, and what agents you want to run on the server.

The following sections discuss these issues and review how to create the Messaging Server object during or after installation:

Distributed or Standalone?

The first issue to consider before creating your Messaging Server object is whether the messaging server is going to run in distributed or standalone mode.

By default, messaging servers are created in distributed mode; that is, they look for other Messaging Server objects in the Internet Services container. This enables messaging system functions to be distributed over several servers.

Standalone messaging servers do not search the Directory tree for Internet Services and its associated messaging servers. Instead, they act as independent messaging systems, exclusively providing all NetMail services to the users within their assigned contexts.

To configure a standalone messaging server, you must disable Distributed Processing in the messaging server's configuration menu. This prevents the messaging server from looking for other Messaging Server objects in the Internet Services container.

For an overview of standalone and distributed messaging servers, see Messaging Server. For help in determining whether distributed or standalone messaging servers best suit your messaging system environment, see Selecting Your NetMail System Configuration.

Where Should the Messaging Server Object Be Located?

Associated with the question of whether the messaging server is going to run in distributed or standalone mode is the issue of where the Messaging Server object should be located.

Typically, messaging servers are created in the Internet Services container because most messaging systems function in distributed mode and distributed messaging servers look for other Messaging Server objects in the Internet Services container.

In some instances, however, messaging systems require standalone configurations. Messaging Server objects located outside the Internet Services container are not recognized by other messaging servers. Consequently, standalone messaging servers are usually created outside Internet Services.

It is important to remember, however, that creating a Messaging Server object outside the Internet Services container only prevents other messaging servers from interacting with the messaging server. All messaging servers, even those located outside the Internet Services container, search the Directory tree for other Messaging Server objects in Internet Services. Therefore, to define a standalone messaging server, you must disable Distributed Processing in the messaging server's configuration menu, even if it is created outside Internet Services.

Creating Distributed Messaging Servers Outside Internet Services

In some situations, you might want to create a Messaging Server object outside the Internet Services container and have it continue to function in distributed mode. For example, to easily delegate system administration, you can create Messaging Server objects in the same containers as the users they service and simply grant administrative rights on a container basis.

Messaging servers located outside the Internet Services container can continue to operate in distributed mode if you create Alias objects for them within Internet Services. Alias objects enable distributed messaging servers to locate and interact with messaging servers outside the Internet Services container in the same way they interact with messaging servers inside the Internet Services container.

NOTE: You cannot create Alias objects in WebAdmin; therefore, you must use another administrative tool, such as iManager, to create the Alias object in the Internet Services container.

What Agents Do I Want to Run on the Messaging Server?

The final issue to consider before deciding whether to create the Messaging Server object during or after installation is which agents you want to run on the messaging server. This again, depends on whether the messaging server is going to run in distributed or standalone mode.

Agent Distribution in Distributed Environments

Distributed messaging systems can share agent services among multiple messaging servers. Therefore, in planning your distributed messaging system, you need to decide which agent services you want to provide to your users and how to distribute those agents.

In part, agent distribution depends on the server resources required for any given service and its volume of usage. For example, in messaging systems with a high volume of e-mail client usage, you might want to run the POP, IMAP, and Modular Web Agents on a dedicated, high-performance e-mail server. Or, in environments with heavy proxy usage, you can create a dedicated Proxy server and configure the Proxy Agent to query its user accounts every hour.

Another point to consider in agent distribution is fault tolerance. Identify your most critical services and distribute those agents accordingly. For example, you can run the SMTP Agent with an NMAP Agent on a dedicated server to insulate your messaging system from denial-of-service attacks. By not assigning any user contexts to the NMAP Agent, the NMAP Agent functions as a dedicated queue server, exclusively handling all incoming messages from the SMTP Agent. With this configuration, no users are impacted in the event of a spam attack and the messaging system's remaining NMAP Agents are free to continue processing and delivering internal messages. For more information on providing fault tolerance through agent distribution, see Building Fault Tolerance in NetMail.

Finally, in planning agent distribution, you must consider the message path. The message path is where a message goes from the time it enters the message system to the time it is delivered to a user's mailbox.

All messages enter the messaging system through the SMTP, Proxy, or Modular Web agents. These agents, in turn, queue incoming messages to a queue server. The NMAP Agent on the queue server places the messages in the message queue where they can be processed by NetMail queue agents. After messages are processed in the message queue, the NMAP Agent on the queue server delivers the messages to the NMAP Agents responsible for the recipients' mailboxes.

NOTE: The AntiVirus, AntiSpam, List, Alias, AutoReply, Rule, Calendar, and SMTP agents are all queue agents. For a complete description of how messages are processed in the message queue, see Message Processing in the Message Queue. For an overview of each agent's function, see NetMail Agents. For a detailed explanation of each agent's configuration options, see NetMail Configuration.

When you create and configure NetMail Agents in a distributed messaging system, you must ensure that the message path is linear---that is, each queue agent should only process the message one time as it goes from the queue server to the message store.

In a distributed messaging system with one NMAP Agent, there is only one queue server and one message store. They are both managed by the same NMAP Agent. Consequently, the message path is always linear.

However, in distributed messaging systems with multiple NMAP Agents, there can be multiple queue servers and multiple message stores. It is, therefore, possible for a message to be processed twice by the same agents on its way from the queue server to the message store.

Messaging system with redundant processing

For example, in the preceding diagram, Server A is the queue server for the SMTP Agent and Server B is the queue server for the Proxy Agent. Both queue servers are monitored by the AntiSpam and AutoReply agents. Server B also hosts the message store.

In this scenario, the message path for a message entering the message system through the Proxy Agent is as follows:

The Proxy Agent queues the message to Server B.
The NMAP Agent on Server B puts the message in the message queue where it is processed by the AntiSpam and AutoReply agents.
The NMAP Agent on Server B then delivers the message to the recipient's mailbox.

This message path is linear; that is each queue agent only processes the message one time as it goes from the queue server to the message store.

However, when a message enters the message system through the SMTP Agent, the message path is as follows:

The SMTP Agent queues the message to Server A.
The NMAP Agent on Server A puts the message in the message queue where it is processed by the AntiSpam and AutoReply agents.
The NMAP Agent on Server A hands the message off to the NMAP Agent on Server B so it can be delivered to the recipient's mailbox.
The NMAP Agent on Server B puts the message in its own message queue where it is reprocessed by the AntiSpam and AutoReply Agents.
The NMAP Agent on Server B then delivers the message to the recipient's mailbox.

This message path is redundant; that is, messages are processed twice by the same agents. Reprocessing messages wastes your system resources and duplicates agent actions. In this sample scenario, autoreply messages are sent twice for every message and forwarded messages are sent twice if the recipient configured message forwarding to keep a local copy of the message. Messages are also scanned twice for viruses. Depending on messaging traffic, this can place a significant load on the virus scanning engine and create a bottleneck in the message queue, slowing overall system performance.

To avoid reprocessing messages in distributed messaging systems with multiple NMAP Agents, you can do one of the following:

Manage queue server and message store functions on different NMAP servers. This means that the NMAP Agents on queue servers (that is, the servers to which the SMTP, Proxy, and Modular Web agents queue messages) do not have any users in their assigned contexts.
NOTE: All NMAP Agents with users in their assigned contexts have a message store. For more information on the NMAP Agent's Context property, see Configuring the NMAP Agent

You must then configure the queue agents (the AntiVirus, AntiSpam, List, Alias, AutoReply, Rule, Calendar, and SMTP agents) to monitor all the queue servers or all the message stores, but not both. This ensures that no agent is processing messages at both ends of the message path.

Ideally, we recommend that all queue agents only monitor queue servers and that no queue agents, other than the SMTP Agent, monitor the message store.

NOTE: You must configure an SMTP Agent to monitor the message store because the NMAP Agents responsible for the message store can generate bounced messages and quota return messages.
If you cannot have dedicated queue servers and dedicated messages stores, configure the SMTP, Proxy, and Modular Web agents to queue to the same queue server. You must then configure the queue agents to monitor only that queue server. This is the only way you can avoid reprocessing yet still ensure the queue agents process every message.

Agent Distribution in Standalone Environments

Because standalone messaging servers function independently of each other, they must have all the NetMail agents required for a self-contained messaging system.

At a minimum, each messaging server must have the following agents:

NMAP
SMTP
A client agent (POP, IMAP, or the Modular Web Agents)

Additional agents depend on the services you want to provide to your users.

The NMAP, SMTP, POP, IMAP, Modular Web Agent, AutoReply, Rule, Proxy, Alias, AntiSpam, AntiVirus, List, and Connection Manager agents must run locally on standalone messaging servers.

If you run the Address Book Agent on a standalone messaging server, it returns only local users in address book queries. To provide a system-wide address book, you can run the Address Book Agent on a distributed messaging server and configure the local e-mail clients to access the distributed Address Book Agent as an LDAP server.

For an overview of each agent's function, see NetMail Agents. For a detailed explanation of each agent's configuration options, see NetMail Configuration.

Creating the Messaging Server During Installation

Creating the messaging server during installation automatically creates a distributed Messaging Server object with an NMAP Agent in the Internet Services container. If these conditions do not meet your criteria, you must create the object after installation using WebAdmin.

When you select the Configure Messaging Server option during installation, the installation program prompts you for the following information:

Option

Function

Server Name

A unique name for the Messaging Server object in eDirectory.

Official Domain

The Internet domain serviced by the current messaging server (such as abc.com or 123.net). All system messages, such as those sent to the postmaster, use this domain. Additionally, if the messaging server is running the NMAP Agent, the Official Domain is the default domain for users within the NMAP Agent's context.

IMPORTANT: For the Official Domain, a Global Domain is required; a Hosting Domain is not allowed. For more information on Global and Hosting Domains, see Global Domains and Hosting Domains.

You must register the Official Domain in DNS before the messaging system can send and receive mail via the Internet.

NetMail can share an Internet domain with other messaging systems. NetMail can run alongside any application that supports Internet standards, including groupware applications such as Novell GroupWise^®, Lotus Notes*, and Microsoft Exchange. For information about domain sharing, see Domain Sharing.

Primary and Secondary DNS Servers

The IP address of a primary and secondary (optional) DNS server that resolves host names into IP addresses for your NetMail system.

The installation program automatically creates a Messaging Server object with an NMAP Agent in the Internet Services container.

Creating the Messaging Server after Installation

After installing NetMail 3.5, you can create Messaging Server objects using WebAdmin. To create the messaging server object, select the container in which you want to create the messaging server and choose Messaging Server from the Create menu.

In creating the Messaging Server object, you are prompted for the following information:

Option	Function
Server Name	A unique name for the Messaging Server object in eDirectory.
Host Server	The distinguished name of the messaging server's NCP Server object.
Postmaster	The user assigned to manage the messaging server. This user can also receive copies of bounced messages. See the CC Postmaster property in Configuring the NMAP Agent . Click the browse button to select the postmaster in the Directory tree. IMPORTANT: The postmaster must belong to a Global Domain. You cannot designate Hosting Domain users as the messaging server postmaster. For more information on Global and Hosting Domains, see Global Domains and Hosting Domains. IMPORTANT: Do not delete the User object designated as the messaging server postmaster. You must reassign the postmaster before deleting an existing postmaster User object. Deleting the postmaster's User object changes the Messaging Server object to type "Unknown." Consequently, the Messaging Server object appears with a "?" in eDirectory. To reset the Messaging Server object type, you must run the IMSPMFIX utility. You can download this utility at http://www.novell.com/coolsolutions/netmail/features/a_product_updates_nm.html.
Official Domain	The Internet domain serviced by the current messaging server (such as abc.com or 123.net). All system messages, such as those sent to the postmaster, use this domain. Additionally, if the messaging server is running the NMAP Agent, the Official Domain is the default domain for users within the NMAP Agent's context. IMPORTANT: For the Official Domain, a Global Domain is required; a Hosting Domain is not allowed. For more information on Global and Hosting Domains, see Global Domains and Hosting Domains. You must register the Official Domain in DNS before the messaging system can send and receive mail via the Internet. NetMail can share an Internet domain with other messaging systems. NetMail can run alongside any application that supports Internet standards, including groupware applications such as Novell GroupWise, Lotus Notes, and Microsoft Exchange. For information about domain sharing, see Domain Sharing.

Configuring the Messaging Server

From the Messaging Server's configuration menu, you can configure the following options:

Option	Function
Identification
Host Server	The fully distinguished name of the messaging server. The host is selected when creating the Messaging Server object. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
Postmaster	The user assigned to manage the messaging server. This user can also receive copies of bounced messages. See the CC Postmaster property in Configuring the NMAP Agent . Click the browse button to select the postmaster in the Directory tree. IMPORTANT: The postmaster must belong to a Global Domain. You cannot designate Hosting Domain users as the messaging server postmaster. For more information on Global and Hosting Domains, see Global Domains and Hosting Domains IMPORTANT: Do not delete the User object designated as the messaging server postmaster. You must reassign the postmaster before deleting an existing postmaster User object. Deleting the postmaster's User object changes the Messaging Server object to type "Unknown." Consequently, the Messaging Server object appears with a question mark (?) in eDirectory. To reset the Messaging Server object type, you must run the IMSPMFIX utility. You can download this utility at http://www.novell.com/coolsolutions/netmail/features/a_product_updates_nm.html. You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
Official Domain	The Internet domain serviced by the current messaging server (such as abc.com or 123.net). All system messages, such as those sent to the postmaster, use this domain. Additionally, if the messaging server is running the NMAP Agent, the Official Domain is the default domain for users within the NMAP Agent's context. IMPORTANT: For the Official Domain, a Global Domain is required; a Hosting Domain is not allowed. For more information on Global and Hosting Domains, see Global Domains and Hosting Domains. You must register the Official Domain in DNS before the messaging system can send and receive mail via the Internet. NetMail can share an Internet domain with other messaging systems. NetMail can run alongside any application that supports Internet standards including groupware applications such as Novell GroupWise, Lotus Notes, and Microsoft Exchange. For information about domain sharing, see Domain Sharing. Changes to this property are effective within 5 minutes.
Temp Directory	The drive or volume and, optionally, the directory where NetMail agents write temporary files. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
DBF Directory	The directory where the NetMail alias database, address book database, and queue client file are stored. On Linux, SSL certificates are also stored in the DBF directory. The queue client file tracks every NetMail agent that has registered with NMAP so, if the NMAP server goes down, the NMAP Agent can re-establish its client connections. Queue client files are most pertinent in distributed environments where NMAP clients can reside on different messaging servers than the NMAP Agent. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
Resolver(s)	The IP address of one or more DNS servers that resolve host names into IP addresses. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
Distributed Processing	Determines if the messaging server interacts with other messaging servers in the Internet Services container using the NMAP protocol. By default, Distributed Processing is enabled. This creates a distributed messaging server; that is, the messaging server searches the Directory tree for Internet Services and its associated messaging servers. If Distributed Processing is disabled, the messaging server does not search the Directory tree for Internet Services and its associated messaging servers. You must disable distributed processing to create a standalone messaging server. For help in determining whether distributed or standalone messaging servers best suit your messaging system environment, see Selecting Your NetMail System Configuration and Distributed or Standalone?. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
Connection Manager	If enabled, enter the fully distinguished name of the server running the Connection Manager. You must have a Connection Manager running in your messaging system to configure this option. IMPORTANT: For Connection Manager to have a comprehensive record of all authenticated users, you can only have one Connection Manager per messaging system. Connection Manager tracks the IP addresses of authenticated users. If this field is completed, any agent running on the current messaging server can query the Connection Manager Agent to verify that a user has authenticated with the system. For example, the SMTP Agent utilizes the Connection Manager Agent for SMTP-after-POP authentication. Changes to this property are effective within 5 minutes. For more information, see SMTP-after-POP or Connection Manager. When you install NetMail 3.5 with Novell Nterprise^TM Linux Services, Connection Manager is automatically configured and enabled.
Security
	NetMail supports Secure Socket Layer (SSL) security. SSL secures information passed between mail clients and the messaging server through public key encryption. SSL does not secure messages leaving your mail system nor does it secure message content. However, you can use TLS to encrypt server-to-server Internet communications as long as both sides of the transaction support TLS. To secure message content, users must have a X.509 certificate installed on the workstation and the e-mail client or browser must be configured to use the certificate to sign and/or encrypt their messages. To enable SSL and TLS, you must first have a server certificate installed on your messaging server. For information on setting up your server certificate, see Setting Up TLS and SSL.
SSL and TLS	Enabling SSL and TLS option allows mail clients to connect to the messaging server over an SSL or TLS connection. It also enables the messaging server to automatically switch into encrypted mode when communicating with other TLS-enabled mail servers. You must have a server certificate installed on your messaging server before you can enable this option. See Setting Up TLS and SSL for more information. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
Server Managers	Users who are given rights to access NetMail administrative utilities like RMBOX. The designated users must authenticate to these utilities by providing their NetMail username and password. For more information on the RMBOX utility, see RMBOX.
SNMP Configuration
	NetMail supports SNMP (Simple Network Management Protocol) so management tools such as HP OpenView* or Novell ManageWise^® can be used to detect problems, optimize server performance, and obtain long-term trending information. The options in this page provide organization, location, contact, and name information for the messaging server to pass to SNMP applications that request information about the messaging server. IMPORTANT: You must restart NetMail to effect any changes in this property. See Starting and Stopping NetMail for more information.
License
	This read-only page lists the available features. The list of available features varies depending on whether the Foundation or Advanced license for NetMail 3.5 is installed on the messaging server.
Status
IP Address	The messaging server's IP address.
Force IP Address	If enabled, forces the messaging server to be associated with a specific IP address. Changes to this property is effective within 5 minutes.
Force Agents to Bind to Specified Address Only	If enabled, forces NetMail agents running on other messaging servers use the designated IP address to communicate with the current messaging server. This option is useful for clustering applications, such as Novell Cluster Services^TM (NCS), that use secondary IP addresses. Changes to this property is effective within 5 minutes.
Server Status	By default, the messaging server is enabled. To disable the messaging server: Select Disabled. Click Save. When the messaging server is disabled, the ims executable does not launch any agents at server startup. However, to immediately disable the messaging server, you must manually unload the ims executable or restart the server. For more information on unloading the messaging server, Starting and Stopping NetMail. After the messaging server is disabled, the server does not launch NetMail again until you select Enabled and restart the server.