Novell Documentation: NetMail 3.5

Server Utilities

This section reviews the server utilities that you can run from a NetMail messaging server.

MailCon (NetWare)

NetWare systems use the MailCon utility to monitor a messaging server's performance. Using the Available Options menu, you can select which server you want to monitor, set monitoring options, open the Statistics Details window, or exit the program.

On NetWare systems, MailCon dynamically updates the server data. Under Monitoring Options, you can configure the Statistics Details window to update every minute, every second, or every 10 seconds.

The Statistics Details window provides much of the same information available in the messaging server object's Status tab. It displays

The number of local and remote messages that are queued, received, and delivered
The total number of recipients of inbound and outbound messages
The total number of client connections; that is, the number of people logged in at that moment through the POP, IMAP, or Modular Web agents
The total number of server connections; that is, the number of users and other messaging servers that are sending SMTP or ModWeb messages to the messaging server for processing in the message queue
The volume of inbound and outbound mail processed by the messaging server
Server uptime

The MailCon utility does not report the total number of NMAP connections. That statistic is only available through the MAIL STAT command. See the MAIL STAT property in MAIL (NetWare).

In addition to the basic statistics reported in the messaging server's Status page, the MailCon utility displays

The number of failed messages
The number of wrong passwords provided
The number of unauthorized NMAP connections

MailCon (Windows)

On Windows systems, MailCon provides a static snapshot of the messaging server's statistics at a command prompt. You must type the command again to update the statistics.

On Windows, MailCon provides the same information as the NetWare commands MAIL STAT and MAIL SPAM. Reported statistics include the following:

The number of local and remote messages that are queued, received, and delivered.
The total number of recipients of inbound and outbound messages.
The total number of client connections; that is, the number of people logged in at that moment through the POP, IMAP, or Modular Web agents.
The total number of server connections; that is, the number of users and other messaging servers that are sending SMTP or ModWeb messages to the messaging server for processing in the message queue.
The volume of inbound and outbound mail processed by the messaging server.
Server uptime.
The number of failed messages.
The number of wrong passwords provided.
The number of unauthorized NMAP connections.
The total number of NMAP connections.
Bounces Refused corresponds to the Bounced Message Control option in the NMAP Agent's Parameters page. See the Bounced Message Control property in NMAP Agent.
The reported value is the number of bounced messages previously deleted. Values vary on the NMAP Agent's bounced message threshold.
Access from Blocked Addresses corresponds to the Block Hosts in Blocked List option in the SMTP Agent's UBE Blocking page. See the Block Hosts in "Blocked" List property in SMTP Agent.
The reported value is the number of hosts in the SMTP Agent's blocked hosts list that have attempted to connect with the current messaging server.
Access Blocked Due to RBL List corresponds to the Check Against RBL List at Server option in the SMTP Agent's UBE Blocking page. See RBL Check property in SMTP Agent.
The reported value is the number of hosts on the RBL list that have attempted to connect with the current messaging server.
Remote Routing Attempts Denied corresponds to the Require Sender To Be in the Allowed List for Remote Sending option in the SMTP Agent's UBE Relaying page. See the Require Sender to Be in the Allowed List for Remote Sending property in SMTP Agent.
The reported value is the number of hosts not included in the SMTP Agent's Allowed hosts list that have attempted to send remote messages.
Access Blocked Due to Missing DNS Entry corresponds to the Deny Hosts Not in DNS option in the SMTP Agent's UBE Blocking page. See the Deny Hosts Not in DNS property in SMTP Agent.
The reported value is the number of hosts without valid DNS entries that have attempted to connect with the current messaging server.
Messages scanned: The total number of messages scanned for viruses.
Message-Attachments scanned: The total number of message attachments scanned for viruses.
Messages with Attachments blocked: The total number of scanned messages with attachments that were blocked because they contained a virus.
Messages with viruses found: The total number of scanned messages that contained a virus.
Messages with viruses blocked: The total number of scanned messages that were blocked because they contained a virus.
Messages with viruses cured: The total number of scanned messages that contained a virus and were fixed. Currently, this feature is not implemented, so the value is always "0."

MailCon (Linux)

MailCon provides a static snapshot of the messaging server's statistics at a command prompt. You must enter the command again to update the statistics.

Before you can run MailCon from a terminal, you must set the library and binary paths as follows:

export LD_LIBRARY_PATH=/usr/lib:/usr/lib/nds:/opt/novell/netmail/lib:$LD_LIBRARY_PATH

IMPORTANT: Do not run MailCon before the messaging server is loaded. Doing so offsets how server uptime is reported in subsequent MailCon reports.

MailCon provides the same information as the NetWare commands, MAIL STAT and MAIL SPAM, except the mailcon spam command does not include anti-virus statistics.

The following table reviews the MailCon commands:

Command	Description
mailcon stat	Gives you a static snapshot of the messaging server's statistics at a command prompt. You must type the command again to update the statistics. Reported statistics include The number of local and remote messages that are queued, received and delivered The total number of recipients of inbound and outbound messages The total number of client connections; that is, the number of people logged in at that moment through the POP, IMAP, or Modular Web agents The total number of server connections; that is, the number of users and other messaging servers that are sending SMTP or ModWeb messages to the messaging server for processing in the message queue The volume of inbound and outbound mail processed by the messaging server Server uptime The number of failed messages The number of wrong passwords provided The number of unauthorized NMAP connections The total number of NMAP connections
mailcon spam	The mailcon spam command reports statistics that correspond to specific anti-spam features. Reported values are dependent on whether the associated properties are configured. The mailcon spam command also provides virus scanning statistics that require the AntiVirus Agent and a virus scanning engine. Anti-spam statistics include the following: Bounces Refused corresponds to the Bounced Message Control option in the NMAP Agent's Parameters page. See the Bounced Message Control property in Configuring the NMAP Agent . The reported value is the number of bounced messages previously deleted. Values vary on the NMAP Agent's bounced message threshold. Access from Blocked Addresses corresponds to the Block Hosts in "Blocked" List option in the SMTP Agent's UBE Blocking page. See the Block Hosts in "Blocked" List property in Configuring the SMTP Agent. The reported value is the number of hosts in the SMTP Agent's blocked hosts list that have attempted to connect with the current messaging server. Access Blocked Due to RBL List corresponds to the Check Against RBL List at Server option in the SMTP Agent's UBE Blocking page. See the RBL Check property in Configuring the SMTP Agent. The reported value is the number of hosts on the RBL list that have attempted to connect with the current messaging server. Remote Routing Attempts Denied corresponds to the Require Sender To Be in the Allowed List for Remote Sending option in the SMTP Agent's UBE Relaying page. See the Require Sender to Be in the Allowed List property in Configuring the SMTP Agent. The reported value is the number of hosts not included in the SMTP Agent's Allowed hosts list that have attempted to send remote messages. Access Blocked Due to Missing DNS Entry corresponds to the Deny Hosts Not in DNS option in the SMTP Agent's UBE Blocking page. See the Deny Hosts Not in DNS property in Configuring the SMTP Agent. The reported value is the number of hosts without valid DNS entries that have attempted to connect with the current messaging server.

Command

Description

mailcon stat

Gives you a static snapshot of the messaging server's statistics at a command prompt. You must type the command again to update the statistics.

Reported statistics include

The number of local and remote messages that are queued, received and delivered
The total number of recipients of inbound and outbound messages
The total number of client connections; that is, the number of people logged in at that moment through the POP, IMAP, or Modular Web agents
The total number of server connections; that is, the number of users and other messaging servers that are sending SMTP or ModWeb messages to the messaging server for processing in the message queue
The volume of inbound and outbound mail processed by the messaging server
Server uptime

The number of failed messages
The number of wrong passwords provided
The number of unauthorized NMAP connections
The total number of NMAP connections

mailcon spam

The mailcon spam command reports statistics that correspond to specific anti-spam features. Reported values are dependent on whether the associated properties are configured.

The mailcon spam command also provides virus scanning statistics that require the AntiVirus Agent and a virus scanning engine.

Anti-spam statistics include the following:

Bounces Refused corresponds to the Bounced Message Control option in the NMAP Agent's Parameters page. See the Bounced Message Control property in Configuring the NMAP Agent .
The reported value is the number of bounced messages previously deleted. Values vary on the NMAP Agent's bounced message threshold.
Access from Blocked Addresses corresponds to the Block Hosts in "Blocked" List option in the SMTP Agent's UBE Blocking page. See the Block Hosts in "Blocked" List property in Configuring the SMTP Agent.
The reported value is the number of hosts in the SMTP Agent's blocked hosts list that have attempted to connect with the current messaging server.
Access Blocked Due to RBL List corresponds to the Check Against RBL List at Server option in the SMTP Agent's UBE Blocking page. See the RBL Check property in Configuring the SMTP Agent.
The reported value is the number of hosts on the RBL list that have attempted to connect with the current messaging server.

Remote Routing Attempts Denied corresponds to the Require Sender To Be in the Allowed List for Remote Sending option in the SMTP Agent's UBE Relaying page. See the Require Sender to Be in the Allowed List property in Configuring the SMTP Agent.
The reported value is the number of hosts not included in the SMTP Agent's Allowed hosts list that have attempted to send remote messages.
Access Blocked Due to Missing DNS Entry corresponds to the Deny Hosts Not in DNS option in the SMTP Agent's UBE Blocking page. See the Deny Hosts Not in DNS property in Configuring the SMTP Agent.
The reported value is the number of hosts without valid DNS entries that have attempted to connect with the current messaging server.

IMSAudit

All platforms use IMSAudit to count the total number of people who have logged in to the messaging system. This utility allows administrators to determine the total number of NetMail mailboxes on their messaging system. Disabled users or users who have never logged in are not counted.

To get a complete record of user mailboxes, run IMSAudit on every server running the NMAP Agent (that is, every server that has a message store). On all platforms, the utility creates the imsaudit.log file in the server's dbf directory.

By default, IMSAudit provides the following data:

Item	Description
UserCount	Total number of users
Parent Count	Total number of Parent objects
Disabled	Total number of disabled User objects
Logged in	Total number of users who have logged in
Aged	Total number of days since account was last accessed
Forwarding	Total number of users forwarding mail
Vacation Reply	Total number of users who have a Vacation/Reply rule
Rules	Total number of rules
Proxies	Total number of proxy accounts
Aliases	Total number of Aliases
Spammers	This option is specific to MyRealBox.com and is not currently in use.

IMSAudit Parameters

Before you can run IMSAudit from a terminal, you must set the library and binary paths as follows:

export LD_LIBRARY_PATH=/usr/lib:/usr/lib/nds:/opt/novell/netmail/lib:$LD_LIBRARY_PATH

You can run IMSAudit with several parameters. The following is the command line syntax to run IMSAudit on Linux:

./imsaudit [-a:days] [-d] [-q] [-o:options] [-v] [-h | -?]

An explanation of the IMSAudit parameters is provided as follows:

Parameter	Description
-a:days	Counts accounts older than days.
-d	Creates a detailed comma-separated value (CSV) report, which you can use to facilitate billing and account maintenance. By default, the imsaudit.csv file is stored in the server's dbf directory. By default, -d provides all available information in the CSV report. You can narrow the report using the -o parameter.
-q	Causes IMSAudit to run in quiet mode.
-v	Displays IMSAudit version information.
-h \| -?	Displays the IMSAudit Help screen.
-o:options	Sets reporting options for imsaudit.csv . Use this parameter in conjunction with -d.
Options	The following are the options that can be used with the -o parameter.
u	Reports the total number of users in the current messaging system.
f	Provides a report of all features for each user. A value of zero (0) indicates the feature is not enabled. 1 indicates the feature is enabled.
w	Reports if each user has Message Forwarding enabled. A value of zero (0) indicates the feature is not enabled; 1 indicates the feature is enabled.
v	Indicates if each user has Vacation Reply enabled. A value of zero (0) value indicates the feature is not enabled; 1 indicates the feature is enabled.
r	Indicates if each user has Rules enabled. A value of zero (0) value indicates the feature is not enabled; 1 indicates the feature is enabled.
l	Reports the date each user last logged in.
a	Indicates the total number of days since each user's account was last accessed.
p	Lists each user's associated Parent object.
x	Indicates if each user has Proxy enabled. A value of zero (0) indicates the feature is not enabled; 1 indicates the feature is enabled.
n	Stores the IMSAudit data collected on each user in the associated User object's Novonyx:Accounting Data attribute. You can then use a DS editing tool, such as NDS Snoop, to view the data.
s	Reports the total mailbox space used for each user in bytes.

NIMSExt

The NIMSExt utility adds and removes NetMail objects from the eDirectory schema. The installation program uses NIMSExt to extend the eDirectory schema during initial installation. In some instances, you can also use NIMSExt to recreate NetMail objects in the tree. For more information, see Using NIMSExt to Extend the Schema.

In addition to adding NetMail objects to the eDirectory tree, NIMSExt can be used to create a self-signed certificate and private key in the messaging server's certificate directory. For more information, see Generating Self-Signed Certificates with NIMSExt.

Finally, NIMSExt is required to uninstall NetMail. For more information, see Uninstalling NNLS Components.

Before you can run NIMSExt from a terminal, you must set the library and binary paths as follows:

export LD_LIBRARY_PATH=/usr/lib:/usr/lib/nds:/opt/novell/netmail/lib:$LD_LIBRARY_PATH

For additional troubleshooting information, see the NetMail FAQ.

Using NIMSExt to Extend the Schema

Under normal circumstances, you should extend the schema only one time. Normally, this is done during the NetMail installation on the first server in the tree. If, for some reason, the initial schema extension fails, you can use NIMSExt to run the schema extension again. However, do not extend the schema again until the first schema extension is fully replicated.

NOTE: A common indicator that the NetMail schema extension has failed is when you create NetMail objects, but the objects don't get added to the tree. The problem is the tree doesn't know about the attribute, even though you are able to create the objects in WebAdmin.

In some instances, you can also use NIMSExt to recreate objects in the tree. If the Internet Services, Template, Mailing List, or Parent containers are deleted from the tree, you must use NIMSExt to re-create them.

To use NIMSExt to extend the eDirectory schema or re-create the Internet Services, Template, Mailing List, or Parent containers:

Launch NIMSExt.

Enter /opt/novell/netmail/bin/nimsext.sh at the server console.
Enter your admin username and password.
Select Add Schema Extensions, then press Enter.

NIMSExt adds the NetMail objects to the eDirectory schema.

Generating Self-Signed Certificates with NIMSExt

In addition to extending the directory schema and recreating objects in the tree, you can run NIMSExt with the -cert command to generate a self-signed certificate for the current messaging server. Running nimsext -cert generates the certificate files, osslcert.pem and osslpriv.pem, in the /var/opt/novell/netmail/dbf/ directory.

NOTE: NIMSExt will not overwrite existing certificates.

Self-signed certificates allow the messaging server to immediately support secure HTTP, SMTP, POP, and IMAP connections. However, although self-signed certificates conform to the X.509 certificate standards defined in RFC 2459, there is no trust associated with these certificates because they are self-signed. When users make a secure connection to a messaging server using a self-signed certificate, their mail client or Web browser displays a warning indicating that the certificate is not trusted. Consequently, we do not recommend you use self-signed certificates in live NetMail environments. For information on obtaining trusted certificates, see Requesting a New Certificate.

AuditExt

AuditExt is a Novell Nsure Audit utility. It adds Novell Nsure Audit objects (Logging Services and its associated containers, the Logging Server object, Channel objects, Notification objects, and Application objects) to the eDirectory schema. The installation program uses AuditExt to extend the eDirectory schema during initial installation. The AuditExt utility is also required to recreate the Logging Services container. For more information, see Using AuditExt to Extend the Schema .

Logging applications use AuditExt to create their associated Application objects and to populate the Application objects' log schema attribute. For more information, see Using AuditExt to Add LSC Files to Application Objects in the Nsure Audit 1.0.1 Administration Guide.

AuditExt is also required to uninstall Novell Nsure Audit. For information on this procedure, see Uninstalling Novell Nsure Audit in the Nsure Audit 1.0.1 Administration Guide.

Before you can run AuditExt from a terminal, you must set the library and binary paths as follows:

export LD_LIBRARY_PATH=/usr/lib:/usr/lib/nds:/opt/novell/netmail/lib:$LD_LIBRARY_PATH

Using AuditExt to Extend the Schema

The installation program uses AuditExt to extend the eDirectory schema during the initial installation. Under normal circumstances, the schema should only be extended one time. This is automatically done during the Novell Nsure Audit installation on the first server in the tree.

If, for some reason, the initial schema extension fails, you can run AuditExt to extend the schema again. However, you should not try to extend the schema again until the first schema extension is fully replicated.

NOTE: A common indicator that the Nsure Audit schema extension has failed is if you create Nsure Audit objects, but the objects don't get added to the tree. The problem is the tree doesn't know about the attribute even though you are able to create the objects in iManager or WebAdmin.

Another instance in which you might need to run the AuditExt utility is to re-create the Logging Services container. If Logging Services is deleted from the tree, it can only be re-created by running AuditExt.

To use AuditExt to extend the eDirectory schema or re-create the Logging Services container:

Launch Auditext.

Enter /opt/novell/naudit/auditext.sh at the server console.
Enter your admin username and password.
Select Add Schema Extensions, then press Enter.

AuditExt adds the Nsure Audit objects to the eDirectory schema.

MAIL LOAD

When server resources are abundantly available, the NMAP Agent attempts to instantaneously fulfill all mail requests. However, when the mail load is heavy, NMAP limits the number of threads for message delivery to preserve server resources.

Under normal conditions, NMAP creates two threads to deliver every message; one to receive the message and one to push the received message through the queue. This state is called Concurrent Mode.

When the number of delivery threads exceeds the Concurrent Limit, new threads both receive messages and push them through the queue. This state is called Sequential Mode.

When the number of threads exceeds the Sequential Limit, new threads receive messages, but defer delivery until the total number of threads drops back below the Concurrent Limit. Only when NMAP drops back into Concurrent Mode does it deliver queued messages.

When the NMAP Agent's Mail Load utility is enabled (by default) and the number of queued messages exceeds the trigger value, the Mail Load utility checks CPU utilization on a regular interval. If utilization exceeds the high threshold, NMAP lowers the Concurrent and Sequential Limits in an effort to lower utilization. If utilization drops below the low threshold, NMAP raises the Concurrent and Sequential Limits to ensure system resources are not wasted.

The MAIL LOAD command allows an administrator to observe and influence the NMAP Agent's load balancing settings. While load balancing functions without administrator interaction, an administrator can alter the MAIL LOAD settings to affect server performance.

MAIL LOAD Parameters

The MAIL LOAD utility is managed at the command line with the following parameters:

Parameter	Description
none	Displays a snapshot of the current server statistics: Limit Concurrent: the maximum number of delivery threads usable in Concurrent Mode. Thereafter, NMAP moves to Sequential Mode. This value fluctuates as moderated by the Mail Load utility. Limit Sequential: the maximum number of delivery threads usable in Sequential Mode. Thereafter, NMAP begins queueing messages. This value fluctuates as moderated by the Mail Load utility. Low utilization: the current low threshold for server utilization. High utilization: the current high threshold for server utilization. Interval: the interval that MAIL LOAD checks server utilization. Queue trigger: the current queue threshold. Thread load: the number of threads currently dedicated to message processing.
-l: low	Sets the low threshold for server utilization. The default value is 70%.
-h: high	Sets the high threshold for server utilization. The default value is 90%.
-i: seconds	Sets the interval that MAIL LOAD checks the server utilization. The default interval is 5 seconds.
-q: messages in queue	Sets the queue trigger. The queue trigger identifies the number of messages required in the queue before the monitor begins adjusting the concurrent and sequential limits. The monitor cannot adjust any parameters until the queue trigger is exceeded. The default value is 100 messages.
-r	Forces a queue restart. NMAP immediately tries to resend any messages in the queue when the total number of threads is below the concurrent limit. NOTE: NetMail never queues messages unless there is a problem. Under normal conditions, the NMAP Agent immediately tries to send messages after they are processed in the queue. If, for some reason, the message is not sent, it remains in the queue for the NMAP Agent's Retry Interval before NMAP tries to resend the message. This command bypasses the Retry Interval and forces the NMAP Agent to resend any messages in the queue.
-d	Disables the Load Monitor. It continues to monitor the NMAP Agent, but does not adjust any values in response to server utilization. The NMAP Agent continues operation at the current concurrent and sequential values.
-e	Enables the Load Monitor. By default, the Load Monitor is enabled.
-h	Displays a brief explanation of all MAIL LOAD parameters.

Configuration Examples

There are very few times when an administrator would need to override the MAIL LOAD default values; however, the following examples are instances in which it is practical to reconfigure the MAIL LOAD values.

You can use MAIL LOAD to keep utilization down during server maintenance.
The command, MAIL LOAD -h:12 -l:10 -t:10, causes NMAP to keep utilization between 10 and 12 percent while there are more than 10 queued messages.
You can use MAIL LOAD to dedicate all possible resources to a bulk message delivery.
The command, MAIL LOAD -h:99 -l:98, sets the High and Low thresholds to their upper limits.

Typically, use this command when responsiveness to client requests is limited. For example, at night time.

RMBOX

WARNING: Because you cannot undo an RMBOX action, use this utility with caution.

All platforms use RMBOX, a command line utility, to remove mailboxes and their associated directories and any associated SCMS files referenced in the mailstore. Use this utility in conjunction with IMSAudit to delete accounts not accessed in (x) number of days.

For a user to access and authenticate to the utility, you must designate the user as a server administrator.

NOTE: Server administrators are designated in the Security tab of the Messaging Server object. See Configuring the Messaging Server for more information.

RMBOX Parameters

Before you can run RMBOX from a terminal, you must set the library and binary paths as follows:

export LD_LIBRARY_PATH=/usr/lib:/usr/lib/nds:/opt/novell/netmail/lib:$LD_LIBRARY_PATH

The command line syntax to run the RMBOX utility is

./rmbox -u:server_administrator -p:password {user|-f:user_list} -l:log_file -c -s -d -v [-h|-?]

The following table lists the RMBOX parameters:

Parameter	Description
-u:server_manager	The server manager's NetMail username. For more information on server managers, see Configuring the Messaging Server.
-p:password	The server administrator's NetMail password.
user	An individual user's mailstore to be removed. Do not use this parameter with -f:userlist.
-f:user_list	A list of users' mailstores to be removed. The userlist must include a complete pathname. For example, volume:/path/filename
-c	In addition to removing the mailstore, removes the users from eDirectory.
-d	Enables debug output.
-s	Stops RMBOX when an error is encountered.
-l:logfile	Logs RMBOX activity to the designated log file. On NetWare^® systems, the log file is stored in the sys: directory. On Windows, and Linux systems, the log file is stored in the current directory.
-v	Returns the RMBOX version.
-h \| -?	Help

SCMSMove

NOTE: SCMSMove is not a supported utility nor is the upgrade from NetMail 2.65 to Netmail 3.5.

If you are upgrading from NIMS^TM 2.65 or earlier, you must update the SCMS directories on all messaging servers running NMAP agents.

IMPORTANT: Do not run NetMail when updating the SCMS directories.

To manually update the SCMS directories,

After installing NetMail 3.5, launch the SCMSMOVE utility.
1. On NetWare systems, enter load scmsmove at the server console.
2. On Linux systems, /opt/novell/netmail/bin/scmsmove at the server console.
Enter the current server's path to the SCMS directory and press Enter.

On Linux servers, the default path to the SCMS directories for NIMS 2.65 or earlier is /usr/nims/scms .

On NetWare servers, the default path to the SCMS directories for NIMS 2.65 or earlier is
sys:\novonyx\mail\scms .

The SCMS messages found in this path are moved to the directory structure required by NetMail 3.5. The new SCMS directory structure enhances the NMAP Agent's performance in retrieving messages stored in the SCMS directories. (See Single Copy Message Store Directory Structure for the new directory structure.)

IMPORTANT: NetMail must not be running while these files are being moved.