WebMail proxy in iMS5.2

Similar Messages

• Problem with multiple webmail proxy

  We need four different installations of messaging server for our webmail proxy needs. (With and without PAB and with and without folders management). Soon these webmail proxies will have to be redundant... 8 installations on 2 machines (4 each). I tried to use the mailallowedserviceaccess attribute to restrict the access to a specific webmail for a specific user. Let's say that [email protected] should access only the webmail webmailgt.commerciel.com (142.169.xx.94). I don't want this user to access the webmail webmailtq.commerciel.com (142.169.xx.96). I configured a proxy authentification on the mailhost that host the mailbox of this user on another machine (142.169.xx.72). When the user will use the webmail two auths will be made on the Ldap, one from the proxy and one from the deposit.
  The two installations of the webmail proxies are on the same machine (The interfaces 142.169.xx.94 and 142.169.xx.96 are configured on the machine that have the IP adress 142.169.xx.31)
  The value that I wanted to set at the mailallowedserviceaccess attribute was "-http:142.169.xx.96". That mean that user1 could use the webmail if the request is not coming from 142.169.xx.96. The problem is that it doesn't work because the first Bind works fine because the client acces the proxy from is PC, but the second Bind (the one on the store server) works too, because it is initiated from the 142.169.xx.31 machine. (Not the interface 142.169.xx.96). How can I restrict the access to a webmail proxy if many proxies are installed on the same server? I tried some other things with the console (in the HTTP Access and Proxy tabs) without success.

  I'm sorry for the confusion. I'll try to resume the situation.
  We are an ISP and we offer four classes of service of webmail to our customers depending on there domain name. With and without Corporate Adresse Book and with and without Folder management. To do this, we have installed four webmail proxies and customized these installations to respond to our needs.
  Let's say that a platinum user have acces to a Corporate adress book (with all the entries of the users in his domain name) and have the possibility to manage his folders. A gold user don't have access to his Corporate Adress Book but can manage his folders, etc.... The Platinum user use the url webmail.platinum.com, the gold user use the url webmail.gold.com, etc...
  Here is my problem. What can I do, to restrict the access to the webmail proxy level platinum to platinum users only. If a 'wood' user (without Corporate address book and without folders management)) log in at the url webmail.platinum.com, he will have the same templates that a platinum user. So he will access to the informations about the users in the same domain name and he will be able to create folders. (We don't want this!)
  What I tried, is to restrict the access using the mailallowedaerviceaccess. But, it doesn't work, because the address validation used the adress of the machine, not the one of the interface. I remind you that the four webmail proxies installation are on the same machine, on different interface.
  I hope that I clarified the situation. Sorry, for my poor english!

• Slow response from Webmail Proxy on the first SSL connection

  Hi,
  I encounter a queer problem with Messenger Express 5.2 patch1, acting as a http proxy (Mesenger Express Multiplexor) for another Messaging 5.2P1.
  The first time a user tries to connect through HTTPS since a certain amount of time, it takes about one minute to get the webmail login page. And then it takes one more minute to have the user authenticated after it enters the credentials.
  The next connections are almost immediate.
  Has anyone already seen this problem ?
  The same server doesn't show this problem when connecting on port 80 without SSL.
  It looks like the encryption keys exchange negociation takes a very long time.
  Can this come from a compatibility problem between the client (Communicator 4.75, IE5 or IE6) and the server ?
  Are there recommandations regarding Internal Encryption modules and/or server certificates ?
  (Algorithms , key length...)
  Any answer would be appreciated.
  Regards,
  Vincent MAZARD
  [email protected]
  DML France

  1. Basically, there's a problem on one of the servers which the ASC is hosted on.
  2. It's not at your end. Nothing needs to be or can be done on your devices to resolve it.
  3. No.
  (106571)

• Webmail Proxy slow

  Hi,
  Webmail Prxy ims 5.2 on one machine to second ims52 webmail/mstore.
  The initial login is very slow, once logged in speed is good.
  any ideas?
  thanks

  Hi Jay,
  I looked at the network device between the
  etween the ldap and the webmail,
  i found the below deny from my pix.
  106015: Deny TCP (no connection) from Y.Y.Y.Y/9267 to
  X.X.X.X/389 flags PSH ACK on interface dmz_A.
  This message means that there was a connection
  without traffic, and the pix drop this tcp
  connection.
  To avoid this problem the webmail must send keep
  alive packet to the ldap.No, actually, you don't want MEM sending a keep-alive. What you do want to do is to set the ldaprefreshinterval to be less than your firewall's idle drop. You also need to set your LDAP server's idel timeout to be less than the firewall's idle drop.
  Letting the firewall drop a connection is a Bad Thing, in that it simply disconnects both parties, without any kind of RESET or other notification. You will leak file descriptors on LDAP, and will cause hanging on the MEM due to this.
  Start with LDAP idletimeout. Then set the ldap refresh interval on your MEM.
  >
  Another thing, i changed the position of my webmail
  so there is no pix or other device only switch (the
  same dmz). And i will monitor the problem tomorow.
  Please I looked at the tuning of the ldap, there is
  only a litle bit of parameters to tune, please have
  you a book reference for monitoring ?
  Regards.
  Mourad.

• How do I set up a proxy server for webmail services to assist in migrating from NMS 4.15p6 on NT to iMS 5.1 on HP-UX.

  I want to have minimal if no downtime at all when moving the message store. iPlanet support hinted at an "unsupported" proxy server solution, and would give no further information. I am running the MMP with 5.1 and that supports IMAP and POP migration, but I need support for webmail services as well to complete the migration from NT to UNIX with minimal distruption of thousands of users. I am using the MoveUser utility to move the message store in hopes that will clear up some store corruption we have been seeing.

  To get this in a 'supported' fashion you might want to wait until the iMS 5.2 release. iPlanet has said this release would include a webmail proxy/mmp server to do exactly what you desire.
  A proxy server would not be a solution to your problem as it would have to have access and knowledge to the users mailhost attribute to determine to which host to route the webmail connection. The webmail proxy/mmp will have this functionality.
  You might want to contact your iPlanet rep about this product and maybe you could get a copy of it as part of a beta program. I know iPlanet is always looking for oppourtunities for feedback like this.
  -Chris

• Setting reverse proxy

  Hello Team,
  We have running squirrel webmail on top of the qmail application...we are inphase of integerating the exchange 2010 on it...The users will be in both qmail and exchange....The question how should i set reverse proxy in cisco asa firewall to re-direct by
  the webmail access from squirrel webmail to owa 2010 based upon the user location of mailbox on the application...
  Most of the users are in qmail as of now and planned to migrate only ten user for testing it out...Got stucked on the webmail proxy and redirection between cross platform...
  Exchange Queries

  I would ask this question to CISCO as you will have to make the changes on the device.
  You might want to open a thready in CISCO forum
  https://supportforums.cisco.com/index.jspa
  Gulab Prasad,
  MCITP: Exchange Server 2010 | MCITP: Exchange Server 2007
  MCITP: Lync Server 2010 | MCITP: Windows Server 2008
  My Blog |
  Z-Hire Employee Provisioning App
  Skype: Exchange.Ranger

• IMS 5.2: smtp server hangs

  Running on Solaris 8, the smtp server seems to hang every few days, with the result that mail for my site ends up being hung up for hours until we restart the process.
  Is this a known bug?! Any way to fix it?
  It doesn't make iMS a very attractive solution for an enterprise that relies heavily on email.

  Hello,
  I know that there has been a number of fixes on solaris as well as NT since Feb dist. Here is what I have of the bugfixes, there may have been more since this hotfix. If you have a license you should be able to ask sun support for the latest hotfix.
  # BUGLIST
  # Copyright (c) 2002. Sun Microsystems Inc. All Rights Reserved.
  # $Name: $
  NAME: iMS 5.2hf0.9 distribution
  DATE: Tue Jul 30 02:43:12 GMT 2002
  List of bugs that are fixed in this patch kit:
  Synopsis
  Bugtraq (comments) [subcategory] {bugsplat}
  ===========================================
  ------- Bugs listed after this line are fixed in 5.2p0.1
  4659265 mailDomainCatchAllAddress doesn't work
       () [mta] {}
  4642210 MMP LDAP code causes high CPU usage and can wedge under stress test
  () [mmp] {}
  4661139 Sieve interpretation of multiple filters not working quite right?
       () [mta] {}
  4660227 PMDFdisposeHeader() does not free all header memory
       () [mta] {}
  4632998 Charset of Arabic, Hebrew, Thai auto-reply messages set to iso-8859-1
       () [webmail] {}
  4648771 Incremental dirsync can miss newly added users
       () [mta] {}
  4539563 (Icelandic) ISO-8859-1 vacation responder Subject corrupt in Webmail
       () [webmail] {}
  4645870 Subject composed of 1 accented char encoded incorrectly
       () [webmail] {}
  4641974 Welcome message with non ascii characters corrupted
       () [store] {}
  4631706 Arabic/Hebrew (rtl) IE users can't subscribe to shared folders
       () [webmail] {}
  4643137 JA specific problem: Display of iDA gets corrupted.
       () [l10n_ja] {}
  4651806 Security exploit with vcard using Netscape Communicator 4.x
       () [webmail] {}
  4627060 'filename' argument is set even though it's never used when accessing attachment
       () [webmail] {}
  4647148 Invalid encoded characters in Subject line causes javascript error in webmail
       () [webmail] {}
  4634079 Webmail should remove \recent flag after opening mailbox
       () [webmail] {}
  4653818 PAB_CMD_GET_PABS error when user dn contains Capital letters
       () [webmail] {}
  4647798 imsimta db utility broken
       () [mta] {}
  4523668 Dirsync hangs - memory pool related???
       (for NT only, Unix fix is in 5.2) [mta] {}
  4657857 Program delivery fails if hostname is too long
       () [mta] {}
  4519531 sendmail -Ac option not accepted, now used by Solaris 9 startup scripts
       () [mta] {}
  4519546 sendmail -- option not accepted, now used by Solaris 9 mail program
       () [mta] {}
  4654456 Autoreply echo mode not honored
       () [mta] {}
  4650087 imsimta cnbuild error trying to migrate from SIMS4.0 to iMS5.2
       () [mta] {}
  4644932 mshttpd core dump in decodeOutput
       () [webmail] {}
  4666989 Security hole in cfg.msc command
       () [webmail] {}
  4631223 JS error in subscribe to shared folders
       () [webmail] {}
  4657356 Webmail interface giving javascript errors when pab disabled
       () [webmail] {}
  4662739 JavaScript error on logout
       () [webmail] {}
  4666448 When maximum number of PAB users' entries reached, webmail interface gives javascript error.
       () [webmail] {}
  4531386 Unreadable chinese (zh_cn) chars in header if preferred language is zh_tw
       () [webmail] {}
  4636633 popd core analysis
       () [store] {}
  4549165 mboxutil -p doesn't work for Japanese characters
       () [store] {}
  4641089 Scalability problem with ever growing INBOX
       () [store] {}
  4624538 ims_master dequeing slowly/imsbackup still running
       () [store] {}
  4643466 stored does not stop after mboxlist_recover failed
       () [store] {}
  4620764 MoveUser gives error number 0, even when it fails
       () [store] {}
  4659213 Scheduling of jobs is not quite as specified by backoff (return job affects it)
       () [mta] {}
  4640225 Return job consuming high CPU
       () [mta] {}
  4532419 ims_master contends with itself "mailbox is busy"
  (partial workaround) [mta] {}
  4628992 job controller not scheduling agressively enough
  () [mta] {}
  ------- Bugs listed after this line are fixed in 5.2p0.2
  4543495 Leak with NSS2.8.2
       (memory leak causes mshttpd to grow) [other] {399608)
  4665450 PAB group with no 'un' attr crashes pab
       () [webmail] {}
  4665018 Empty memberofpabgroup crashes pab
       () [webmail] {}
  4634668 Closing compose window after saving draft kills netscape on HPUX
       () [webmail] {}
  4620075 Cannot use toolbars on a message with View HTML Source checked
       () [webmail] {}
  4667354 process_held broken in direct-ldap mode
       () [mta] {}
  4654805 imapd dumps core in copy command if cache data invalid
       () [store] {}
  4658078 Adding a group to itself gives ldap error
       () [webmail] {}
  4618565 Unqualified mail-ids not accepted in fields like mail-fwdng,reply-to
       () [webmail] {}
  4670862 Hosted domains view english instead of localized webmail
       () [webmail] {}
  4672649 imsimport: incorrect internal date
       () [store] {}
  4673300 Problems with quotagraceperiod
  () [store] {}
  4659585 iminitquota -a should continue if orphaned mailbox found
  () [store] {}
  4658077 PAB-Renaming an entry does not check for duplicates
       () [webmail] {}
  4665069 WebMail "compose message" and "spell check" windows too tall and not resizable.
       () [webmail] {}
  4658082 Pagination issues with PAB
       () [webmail] {}
  4673036 Job Controller child process hung in exit handler
       () [mta] {}
  4657502 Double Clicking "save" in webmail options writes preferences twice, can break us
       () [webmail] {}
  4668749 A blank character is trimmed in WebMail
       () [webmail] {}
  4546178 IE 5.5 JavaScript error with WebMail
       () [webmail] {}
  4672958 Long HTTP URL gets broken in WebMail
  () [webmail] {}
  ------- Bugs listed after this line are fixed in 5.2p0.3
  4672290 recipient addresses are incorrectly formatted for vanity domain by dirsync
       () [mta] {}
  4659879 mshttpd 5.2 hotfixes break spellchecking
       () [webmail] {}
  4648195 Auto spell checking and S/MIME enabled result in javascript error
  () [webmail] {}
  4673761 /usr/lib/sendmail spinning reading from /dev/zero
  () [mta] {}
  4665735 Japanese characters in "To" and "CC" feild are corrupted on Webmail.
  (bsparser) [webmail] {}
  4662835 imsbackup doesn't produce consistent backups
       (NT only, changed semaphore init in libyasr) [store] {}
  4677285 Defragment may skip messages already seen
       () [mta] {}
  4672012 configutil options to specify host/port of iDA on webmail not used.
       () [webmail] {}
  4657610 Rename nested inbox folder with MoveUser
       () [store] {}
  4678182 Security issues with javascript and http-equiv=refresh
       () [webmail] {}
  4678917 Time stamps not updated correctly in some TZ when LDAP_TIME_LAG is used in dirsync
       () [mta] {}
  4679824 Reconstruct cores when moving 100+ messages from folder to new folder
       () [store] {}
  4628827 test -mapping utility's -mapping_file switch doesn't work
       () [mta] {}
  4670612 Error message loop after logout in some situations if SSO configured
       () [webmail] {}
  4680849 Create mailbox with long acl crashes message access server
  () [store] {}
  4682060 Change Default setting for webmail vacation reply setting
  (setting default to 1) [webmail] {}
  ------- Bugs listed after this line are fixed in 5.2p0.4
  4684058 Pathological MIME part header usage causes SMTP server slowdown
       () [mta] {}
  4658592 popd process
       () [store] {}
  4682721 NLS_EncodingConverterExists crashes by a long *from_charset
       () [nls] {}
  4540006 mboxutil -r has some sort of trouble renaming folders
       () [store] {}
  4683469 WebMail vacation days between send default is different from iDA's
  (setting default to 7) [webmail] {}
  4655771 Cannot backup/restore Japanese folder from Legato Networker
       () [store] {}
  4671362 Thai attachments show incorrect filenames
       () [webmail] {}
  4541432 PAB does not work with Replica LDAP Servers (Latency issuse)
       () [pab] {}
  4685743 conn_throttle.so fix for hash table re-use
       () [mta] {}
  4689138 ETRN host schedules all delayed messages for the channel to be attempted
  () [mta] {}
  4689827 Backoff of delivery to store is short & random for all failures inc overquota
       () [mta] {}
  4689039 MMP ldap duplicate messageid bug misdirects users under high load
  (regression from 4642210) [mmp] {}
  4686224 User not allowed to enter correct email address in PAB
  () [webmail] {}
  4620738 Crash in libldap
  (workaround for 4536001, configutil local.ldapconnectionload no longer needed) [store] {}
  4686388 Corruption ims_master mailbox store
       (off by 1 error causing ims_master crashes) [mta] {}
  4617327 POP over SSL fails
       (was not completely fixed in 5.2p0.2) [store] {}
  4688847 Insufficient parsing of APOP arguments by POPD
       () [store] {}
  4676173 Implement single sign on in WebMail proxy
       (was not completely fixed in 5.2p0.3) [webmail] {}
  4644687 Welcome message inserted inappropriately during fast recovery, restore, etc.
       () [store] {}
  4684314 MMP preauth with bad password fails
       (regression from 4642210) [mmp] {}
  4686644 imsimport creates destination mailbox even if import fails
       () [store] {}
  4691088 Crash when displaying certain folded headers
  () [webmail] {}
  4618326 High ASCII characters in email address disappearing in PAB
  (Was not completely fixed in 5.2p0.2) [webmail] {}
  4670074 IMAP APPEND command returns error in a non-error condition
       () [store] {}
  4695080 ims5.2p0.3 hotfix bundle breaks MMP ldap failover
  (4642210 regression, fix checked in as part of 4684314 fix) [mmp] {}
  ------- Bugs listed after this line are fixed in 5.2p0.5
  4694023 Eliminate unnecessary debug log on abnormal connection termination
  to SMTP server () [mta] ()
  4691080 Availability of parameter which switches way of quota over
  () [store] {}
  4697003 mshttpd crash in sprint_rfchdr
       (introduced in p0.4) [webmail] {}
  4691433 maximum attatchments reached err
       () [webmail] {}
  4697051 Conversion channel can cause sieves to evaluate twice which can lead to duplicate deliveries
  () [mta] ()
  4697788 Domain aliases don't search for all reasonable address variants
       () [mta] {}
  4697385 replayformat doesn't work in hotfix bundle
  (4642210 regression) [mmp] ()
  4671682 Crash recover, run twice without dirsync -f, deleted alias db
       (don't run recover-crash if MTA is running, don't delete live DBs if no backups) [mta] {}
  4690492 Conversion channel incorrectly caches `dparameter-symbol-0`
       (Solaris fix, correct env symbol deletion) [mta] {}
  4696742 Message with Deferred-Delivery isn't delivered at the expected time
       (it is delivered early on job controller restart) [mta] {}
  ------- Bugs listed after this line are fixed in 5.2p0.6
  4697920 Two versions of Draft folders show up
  () [webmail] {}
  4699342 Message store delivers quota notification incorrectly when quota is set to -1
  () [store] {}
  4689856 Cannot add addresses in address book in certain format
       () [webmail] {}
  4699838 imsimta program -u -m method_name doesn't return anything
       () [mta] {}
  ------- Bugs listed after this line are fixed in 5.2p0.7
  4692876 Program delivery ldap configuration issue: using 2 separate DS instances
       (split, multi-instance LDAP config causes 'imsimta program' confusion, incomplete fix in 5.2p0.6) [mta] {}
  4553030 New folder does not work on NS6
       () [webmail] {}
  4553031     Cannot send message on NS6
       () [webmail] {}
  4638691 iMS 5.1 MMP appears to be losing IMAP requests between IMAP client and msg store
  () [mmp] {}
  4684513 Sharing folders using webmail is impossible for non-default domain users
       () [webmail] {}
  4702489 Fix problem with output encoding in header charset conversions
       () [mta] {}
  4634687 Make imsimta.bat call cleandb on NT to work the same as on Solaris
       () [mta] {}
  4677508 inetDomainAlias object with duplicate objectclass=alias crashses the MTA
       () [mta] {}
  4703985 SNMP subagent problem with multiple occurrences of "/msg-" in instance's directory path
       () [admin] {}
  4674649 Bypass LDAP lookup during failover
       (solaris patch 112882-02) [SC3.x HA agent] {}
  4702075 Defragment can produce "no room" error
       () [mta] {}
  4557940 Fix command syntax error when running imsimta recover-crash on NT
       () [mta] {}
  4703418 charsets.txt file incorrectly flags UTF-16-BE as being ASCII equivalent
       () [mta] {}
  4653291 quotacheck -n dumps core
  () [store] {}
  4705912 Add support for the inetCanonicalDomainName LDAP attribute
  () [mta,store] {}
  4689082 "compose message" and "spell check"windows to tall and not resizable W/W2K &IE 6
       () [webmail] {}
  4699959 webmail client in IE/rtf mode emits lines longer than 1000 chars
       () [webmail] {}
  ------- Bugs listed after this line are fixed in 5.2p0.8
  4706856 imsimta cache -view [channel] show all channels messages
  () [mta] {}
  4708583 quotacheck dumps core when mailQuotaAttribute is not specified in rulefile
  () [store] {}
  4707864 Timeout received / messageid mismatch in MMP log file, auth failed
       (4642210 regression, improves 4689039 fix) [mmp] {}
  4700406 mshttpd dumps core in NLS_NewNamedLocaleFromChar
       [webmail]
  4701694 messages encoded in unknown charset cause javascript errors
       [webmail Hebrew/Arabic/Thai]
  4703372 Fix sieve evaluation order problem
       () [mta] {}
  4703531 some message headers displayed truncated in webmail
       [webmail]
  4708218 Eliminate duplicate fileintos
       () [mta] {}
  4709988 Fix problem with envelope :domain sieve
       () [mta] {}
  4705711 Aging policy Not working as expected
  () [store] {}
  4709005 fix problem with redirected messages and relay block
       () [mta] {}
  4712194 Remove incorrect PMDF_QUEUE reference
       () [mta] {}
  4690122 support for inetCanonicalDomainName to disambiguates domain with same base dn
       [store]
  4713075 Return job exits abnormally if a message file removed from directory
  () [mta] {}
  4713536 in 5.2p07 only, finding a locked file during job controller rebuild is fatal
  () [mta] {}
  4711588 possible data corruption during job controller rebuild process
  () [mta] {}
  4709242 DB_CONFIG file is removed mysteriously.
  () [store] {}
  4706289: reconstruct does not remove folders on non existant partitions.
  () [store] {}
  ------- Bugs listed after this line are fixed in 5.2hf0.9
  4703448 IMAPD hangs on NT
       (workaround for 4707980) [store] {}
  4698857 Fix ims_master problem getting quota info
       () [mta, store] {}
  4563172 Add missing support for BANNER_HOST
       () [MTA] {}
  4714890 mail delivery undo ACL modification by mboxutil -r
       () [store] {}
  4706925 The Folders Windows comes in front of the Compose Window when clicked on swith to html button
  () [webmail] {538366}
  4717143 End User's can't delete spoof messages via pop (mmp)
  () [mmp] {}
  4718216 PabURI is differently formatted in iMS 5.2
  (esc 538882) [mshttpd] {}
  4616192 authentication server support for customer-supplied auth plug-ins
  () [mmp] {}
  4717588 autoreply crashes if recipient has no mail attribute
       () [mta] {}
  4710477 autoreply now tolerates @ in uid
       () [mta] {}
  4718583 Do a better job on message merging
       () [mta] {}
  4717233 Defrag hangs upon part expiration
       () [mta] {}
  4646601 stored ignores change of local.store.expire.workday from "" to -1
       () [store] {}
  4711230 make session ids more secure
       [webmail]
  4540006 mboxutil -r has some sort of trouble renaming folders
       (additional fix for NT only, Unix version fixed in 5.2p0.4) [store] {}
  4719745 service.*.enable = true prevents service from starting
       (introduced in 5.2p0.7) [store]
  4720110 iMS 5.2 mboxutil -a is not giving expected result
       () [store] {}
  4720670 imsimport error when mailbox is missing a newline at the end
       () [store] {}
  4719536 Imsimta (1.7.4.5) cleandb changes prolong recovery of HA iMS under VCS
       () [mta] {}
  4721058 sometimes failure to find first message file to be processed
       () [mta] {}
  4720377 imtacli removes pidfile even when it fails to terminate dispatcher
       () [mta] {}

• Messaging Server 7u2-7.02 + uwc error + aci erros

  Hello,
  I have
  bash-3.00# /opt/sun/comms/messaging64/sbin/imsimta version
  Sun Java(tm) System Messaging Server 7u2-7.02 64bit (built Apr 16 2009)
  libimta.so 7u2-7.02 64bit (built 02:28:03, Apr 16 2009)
  Using /opt/sun/comms/messaging64/config/imta.cnf (compiled)
  SunOS fe1.army.mil 5.10 Generic_137138-09 i86pc i386 i86pc
  Directory server -  Directory server 6.2I am seeing below messages in directory error log.
  I have resolved that "'" problem of aci by solution provided on one of the thread.
  [28/May/2009:16:38:37 +0530] - INFORMATION - NSACLPlugin - conn=-1 op=-1 msgId=-1 -  Warning: Bad targetfilter((!(|(nsroledn=cn=Top-level Admin Role,dc=army,dc=mil)(entrydn=ou=ericssonr320_r1a_(fast_wireless_crawler,ou=internaldata,ou=1.0,ou=sunamclientdata,ou=clientdata,dc=army,dc=mil)))) in aci: does not match
  [28/May/2009:16:38:39 +0530] - INFORMATION - NSACLPlugin - conn=-1 op=-1 msgId=-1 -  Warning: Bad targetfilter((!(|(nsroledn=cn=Top-level Admin Role,dc=army,dc=mil)(entrydn=ou=nokia7110_v0.13_(compatible_yospace_smartphone_emulator_1.0,ou=internaldata,ou=1.0,ou=sunamclientdata,ou=clientdata,dc=army,dc=mil)))) in aci: does not match
  [28/May/2009:16:38:39 +0530] - INFORMATION - NSACLPlugin - conn=-1 op=-1 msgId=-1 -  Warning: Bad targetfilter((!(|(nsroledn=cn=Top-level Admin Role,dc=army,dc=mil)(entrydn=ou=nokia_6210_v0.13_(compatible_yospace_smartphone_emulator_1.,ou=internaldata,ou=1.0,ou=sunamclientdata,ou=clientdata,dc=army,dc=mil)))) in aci: does not match
  [28/May/2009:16:38:39 +0530] - INFORMATION - NSACLPlugin - conn=-1 op=-1 msgId=-1 -  Warning: Bad targetfilter((!(|(nsroledn=cn=Top-level Admin Role,dc=army,dc=mil)(entrydn=ou=nokia_7110_v0.13_(compatible_yospace_smartphone_emulator_we,ou=internaldata,ou=1.0,ou=sunamclientdata,ou=clientdata,dc=army,dc=mil)))) in aci: does not match
  [28/May/2009:16:38:39 +0530] - INFORMATION - NSACLPlugin - conn=-1 op=-1 msgId=-1 -  Warning: Bad targetfilter((!(|(nsroledn=cn=Top-level Admin Role,dc=army,dc=mil)(entrydn=ou=sie-c3i_1.0_up_4.1.8c_up.browser_4.1.8c-xxxx_(compatible__yo,ou=internaldata,ou=1.0,ou=sunamclientdata,ou=clientdata,dc=army,dc=mil)))) in aci: does not match
  multiple messages for above Logging to UWC showing error of misconfiguration, and uwc logs says below.
  May 28, 2009 5:03:55 PM com.sun.uwc.common.auth.LDAPAuthFilter doFilter
  INFO: --------Inside ldapfilter-----
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper getUserValidation
  INFO: getUserEntry: Getting user entry now
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper getUserValidation
  INFO: Getting connection -----
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper getUserValidation
  INFO: binding ----
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper getUserValidation
  INFO: now making search -----
  May 28, 2009 5:03:55 PM com.sun.uwc.common.auth.LDAPAuthFilter doFilter
  INFO: login:10.77.45.29:sumant:login successful
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel initializeForAuthUser
  INFO: ObjectClass: sunUCPreferences for DN: uid=sumant,ou=People,o=army.mil,dc=army,dc=mil is present
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel initializeForAuthUser
  INFO: UC Prefs Initialized : sunUCInitialized is present and value is true
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel initializeAndObtainPrefs
  INFO: Value from LDAP for: sunUCExtendedUserPrefs:sunUCInitialized is sunUCInitialized=true
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel initializeAndObtainPrefs
  INFO: UC multi-val Attribute : sunUCExtendedUserPrefs: landingPage is not obtained
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCDefaultApplication value: addressbook
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCTheme value: uwc
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCColorScheme value: 2
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCDefaultEmailHandler value: uc
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCDateFormat value: M/D/Y
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCDateDelimiter value: /
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCTimeFormat value: 12
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val sunUCTimeZone value: America/Los_Angeles
  May 28, 2009 5:03:55 PM com.sun.uwc.common.model.UserPreferencesModel setAttrValuesInSession
  INFO: Not Multi-val preferredLanguage value: en
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper replayMailProxyAuth
  SEVERE: Connection refused
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper replayMailProxyAuth
  SEVERE: Proxy auth with mail for user sumant has failed. This may be due to
  i.wrong webmail proxy credentials in uwcconfig.properties or
  ii.MS config parmater local.http.uwcenabled is not set
  iii.Mismatch between webmail.cookiename in uwcconfig.properties and local.service.http.cookiename in webmail
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCApplicationHelper decryptPwrd
  INFO: -------Decrypt is done ----------
  May 28, 2009 5:03:55 PM com.sun.uwc.common.UWCUserHelper createCalStore
  SEVERE:          calsession  not created calstore connect has failed
  May 28, 2009 5:03:55 PM com.sun.uwc.calclient.CalModuleServlet onInitializeHandler
  SEVERE: Error[onBeforeRequest:getCalStore] [Error:getCalStore] - Could not create store
  May 28, 2009 5:04:00 PM com.sun.uwc.common.UWCUserHelper cleanWebmailSession
  SEVERE: Connection refused
  May 28, 2009 5:04:00 PM com.sun.uwc.common.auth.LDAPAuthFilter doFilter
  INFO: --------Inside ldapfilter-----I have configuration set as
  bash-3.00# /opt/sun/comms/messaging64/sbin/getconf local.webmail.sso.uwcenabled
  1
  bash-3.00# /opt/sun/comms/messaging64/sbin/getconf local.service.proxy.admin
  [email protected] has been set for local.service.http.cookiename and properties file have the default value webmailsid
  what's wrong going on...?
  I am able to send and receive message from front server using IMAP and SMTP
  thanks,
  Sumant

  Hello,
  now I have upgraded to 6.3.
  After recreating a test user I am able to see address book and options tab in UWC, however not Mail
  UWC logs says
  May 28, 2009 7:42:10 PM com.sun.uwc.common.UWCApplicationHelper decryptPwrd
  SEVERE: Error while decrypting javax.crypto.BadPaddingException: Given final block not properly padded
  May 28, 2009 7:42:10 PM com.sun.uwc.common.auth.LDAPConfig initUG
  SEVERE: Error in decrypting LDAP_BINDCRED
  May 28, 2009 7:42:10 PM com.sun.uwc.common.auth.MailProxyFilter init
  INFO: Initialized SecureDirFilter
  May 28, 2009 7:42:10 PM com.sun.uwc.calclient.MultipartFormServletFilter init
  INFO: /var/opt/sun/comms/ce/tempFileStore/already exist, check the file permission if file upload is not working
  May 28, 2009 7:42:11 PM com.sun.uwc.common.UWCApplicationHelper decryptPwrd
  SEVERE: Error while decrypting javax.crypto.BadPaddingException: Given final block not properly paddedPlease see that the some of the configuration parameter for uwc given in first message of thread.
  messaging http logs says
  [29/May/2009:11:25:00 +0530] fe1 httpd[3231]: Account Information: connect [127.0.0.1:51092]
  [29/May/2009:11:25:00 +0530] fe1 httpd[3231]: General Information: [127.0.0.1:51092] HEAD / HTTP/1.0
  [29/May/2009:11:25:00 +0530] fe1 httpd[3231]: Account Notice: close [127.0.0.1:51092] [unauthenticated] 2009/5/29 11:25:00 0:00:00 19 0 0
  [29/May/2009:11:35:00 +0530] fe1 httpd[3231]: Account Information: connect [127.0.0.1:53199]
  [29/May/2009:11:35:00 +0530] fe1 httpd[3231]: General Information: [127.0.0.1:53199] HEAD / HTTP/1.0
  [29/May/2009:11:35:00 +0530] fe1 httpd[3231]: Account Notice: close [127.0.0.1:53199] [unauthenticated] 2009/5/29 11:35:00 0:00:00 19 0 0
  [29/May/2009:11:36:43 +0530] fe1 httpd[3231]: Store Debug: session_expire: starting
  [29/May/2009:11:36:43 +0530] fe1 httpd[3231]: Store Debug: session_expire: donethanks,
  Sumant
  Edited by: mr.chhunchha on May 29, 2009 11:41 AM

• Problem from Outlook

  We have mail coming to us from Outlook. Any attachments are showing up as winmail.dat
  I know it is because the client (outlook) has RTF selected but there must be a way to get it open on webmail.
  Using iMS5.2hf1.21
  Any workaround for this?
  Don

  Hi Jay,
  I didn't mean to cause offence. I understand the root of the problem is Microsoft once again trying to control how we all do business.
  I was simply mentioning that there are other types of servers out there that can handle the issue. The response I recieved from Tech Support was 'we have no plans to implement a work around' (not a response my supervisor liked to hear!)
  For us that could force us to switch to a different system (like exchange UGGGG) This is something that I would hate to do since I find the iplanet suite very easy to work with.
  Anyway, I appologize if I caused offence...that wasn't my intention.

• Messenger express(iMS 5.2) through firewall using apache Proxypass and ProxyPassReverse

  I am trying to get a reverse proxy setup to server my internal email to the intranet. I have this code in my http.conf:
  <VirtualHost dmz.server.com>
  ServerName email.internal.com
  ProxyRequests on
  ProxyPass /webmail/ http://email.internal.com:180/
  ProxyPassReverse /webmail/ http://email.internal.com:180/
  ProxyVia on
  </VirtualHost>
  when I enter http://dmz.server.com/webmail/ I get my login screen. I enter my id and password and click continue, the browser gives me url not found.
  This url is now in the browser:
  http://dmz.server.com/en/mail.html?sid=sfdefrafefwe&lang=en&cert=false
  I can edit the url in the browser to add webmail as in:
  http://dmz.server.com/webmail/en/mail.html?sid=sfdefrafefwe&lang=en&cert=false
  and the browser will then display my email folders.
  Am I missing something here? How can I get the correct url to be returned with webmail in it?
  How do others handle serving internal email to the internet? I also have iWS6.0, which i have not tried.
  Any suggestions would be appreciated!

  Why not use the MEM of 5.2? The MEM is a webmail proxy that allows you to have users all use say webmail.domain.com while you have multiple mail stores.
  If you want to contine using the method you're testing now then you need to not use http://hostname/webmail/.
  Since you've set this up as a Virtual Host then you should be able to set the ProxyPassReverse to
  ProxyPassReverse / http://email.internal.com:180/
  If you've got something important at / then either move that or use another virtual host and use / under it.
  -Chad-

• Apache as Reverse Proxy for UWC and Webmail

  Hi,
  for several reasons i want to use apache 2 as reverse proxy and ssl accelerator for UWC.
  internet <-> apache/ssl <-> backend port 80
  I configured my apache with mod_proxy and mod_proxy_html.
  Here are the concerning config lines:
  LoadModule headers_module modules/mod_headers.so
  LoadModule proxy_module modules/mod_proxy.so
  LoadModule proxy_connect_module modules/mod_proxy_connect.so
  LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
  LoadModule proxy_http_module modules/mod_proxy_http.so
  LoadFile    /usr/lib/libxml2.so
  LoadModule  proxy_html_module    modules/mod_proxy_html.so
  ProxyPass / http://backend.domain.com/
  ProxyPassReverse / http://backend.domain.com/
  <Location />
          ProxyPassReverse /
          SetOutputFilter proxy-html
          ProxyHTMLURLMap / /
          ProxyHTMLURLMap http://backend.domain.com:80/ http://webplex.domain.com/
          ProxyHTMLExtended On
          RequestHeader unset Accept-Encoding
  </Location>For Webmail this configuration works most of the time. There are some minor problems in ie with the folder view. But the real problem is: I can't get UWC to work. The problem seems to be that mod_proxy_html can't replace all of the occurences of backend.domain.com in the html pages.
  Especially:
  onsubmit="handleSubmit()" action="http://webplex.domain.com/amserver/UI/Login?goto=http://backend.domain.com:80/uwc/&gotoOnFail=http://backend.domain.com:80/uwc/?err=1&module=LDAP" method="POST">in the uwc login page.
  So my question is:
  Is anybody out there who got apache working as reverse proxy for uwc?
  Thanks a lot.
  PS1:Solaris 10 on V20z, JES2005Q4
  PS2: I already configured UWC with the reverse plugin for sun webserver on backend host so that uwc is working through port 80 only. So there should be no problems arise from that.

  Hopefully, you'll hear from somebody. I have zero knowledge or experience with Apache.

• Admin proxy not allowed

  I am trying to run proxy authentication using the LDAP C SDK and the functions mentioned in the customization guide for ims 5.2.
  My http log file keeps passing the message:
  [14/Sep/2004:14:21:53 -0400] machinename httpd[10579]: Account Notice: badlogin: [ipaddress] admin proxy
  not allowed
  [14/Sep/2004:14:21:53 -0400] machinename httpd[10579]: Account Notice: close [ipaddress] [unauthenticated
  ] 2004/9/14 14:21:53 0:00:00 104 309 0
  does anyone know why?
  cheers

  alarm.diskavail.msgalarmdescription = "percentage mail partition diskspace available"
  alarm.diskavail.msgalarmstatinterval = 3600
  alarm.diskavail.msgalarmthreshold = 10
  alarm.diskavail.msgalarmthresholddirection = -1
  alarm.diskavail.msgalarmwarninginterval = 24
  alarm.msgalarmnoticeport = 25
  alarm.msgalarmnoticercpt = postmaster
  alarm.msgalarmnoticesender = postmaster
  alarm.serverresponse.msgalarmdescription = "server response time in seconds"
  alarm.serverresponse.msgalarmstatinterval = 600
  alarm.serverresponse.msgalarmthreshold = 10
  alarm.serverresponse.msgalarmthresholddirection = 1
  alarm.serverresponse.msgalarmwarninginterval = 24
  encryption.fortezza.nssslactivation = off
  encryption.nscertfile = alias/msg-hostdev-cert7.db
  encryption.nskeyfile = alias/msg-hostdev-key3.db
  encryption.nsssl2 = on
  encryption.nsssl3 = on
  encryption.nsssl3ciphers = "rsa_null_md5,rsa_fips_3des_sha,rsa_fips_des_sha,rsa_3des_sha,rsa_rc4_128_md5
  ,rsa_des_sha,tls_rsa_export1024_with_rc4_56_sha,tls_rsa_export1024_with_des_cbc_sha,rsa_rc2_40_md5,rsa_r
  c4_40_md5"
  encryption.nsssl3sessiontimeout = 0
  encryption.nssslclientauth = 0
  encryption.nssslsessiontimeout = 0
  encryption.rsa.nssslactivation = on
  encryption.rsa.nssslpersonalityssl = Server-Cert
  encryption.rsa.nsssltoken = "internal (software)"
  gen.accounturl = http://%[email protected]:3333/bin/user/admin/bin/enduser
  gen.configversion = 4.0
  gen.folderurl = http://%[email protected]:3333/bin/user/admin/bin/mailacl.cgi?folder=%M
  gen.installedlanguages = en
  gen.sitelanguage = en
  local.defdomain = emirates.net.ae
  local.enduseradmincred = [9E:[2rrP?
  local.enduseradmindn = "uid=msg-admin-hostdev.emirates.net.ae-20040831122450, ou=People, o=emirates.net.
  ae, o=eim"
  local.hostname = hostdev.emirates.net.ae
  local.imta.imta_tailor = /app2/iplanet/new/ims5.2/msg-hostdev/imta/config/imta_tailor
  local.imta.ssrenabled = yes
  local.installeddir = /app2/iplanet/new/ims5.2/bin/msg
  local.instancedir = /app2/iplanet/new/ims5.2/msg-hostdev
  local.lastconfigfetch = 1095619850
  local.ldapbasedn = o=NetscapeRoot
  local.ldapcachefile = /app2/iplanet/new/ims5.2/msg-hostdev/config/local.conf
  local.ldaphost = hostdev.emirates.net.ae
  local.ldapport = 389
  local.ldapsiecred = ~G^bHW}2|^
  local.ldapsiedn = "cn=msg-hostdev, cn=iPlanet Messaging Suite, cn=Server Group (2), cn=hostdev.emirates.
  net.ae, ou=net.ae, o=NetscapeRoot"
  local.ldapusessl = False
  local.servergid = nsgroup
  local.servername = hostdev
  local.serverroot = /app2/iplanet/new/ims5.2
  local.servertype = msg
  local.serveruid = mailsrv
  local.service.http.proxy = 1
  local.service.http.proxy.port.hostdev.emirates.net.ae = 8888
  local.service.pab.attributelist = pabattrs
  local.service.pab.enabled = 1
  local.service.pab.ldapbasedn = o=pab
  local.service.pab.ldapbinddn = "uid=msg-admin-hostdev.emirates.net.ae-20040831122450, ou=People, o=emira
  tes.net.ae, o=eim"
  local.service.pab.ldaphost = hostdev.emirates.net.ae
  local.service.pab.ldappasswd = [9E:[2rrP?
  local.service.pab.ldapport = 389
  local.service.pab.maxnumberofentries = 500
  local.supportedlanguages = "[en,de,fr,es,af,ca,da,nl,fi,gl,ga,is,it,no,pt,sv,ja,ko,zh-CN,zh-TW]"
  local.tmpdir = /app2/iplanet/new/ims5.2/msg-hostdev/tmp
  local.ugldapbasedn = o=eim
  local.ugldapbindcred = [9E:[2rrP?
  local.ugldapbinddn = "uid=msg-admin-hostdev.emirates.net.ae-20040831122450, ou=People, o=emirates.net.ae
  , o=eim"
  local.ugldapdeforgdn = "o=emirates.net.ae, o=eim"
  local.ugldaphost = hostdev.emirates.net.ae
  local.ugldapport = 389
  local.ugldapuselocal = yes
  local.webmail.da.host = hostdev.emirates.net.ae
  local.webmail.da.port = 8080
  local.webmail.sso.enable = 1
  local.webmail.sso.singlesignoff = 1
  logfile.admin.buffersize = 0
  logfile.admin.expirytime = 604800
  logfile.admin.flushinterval = 60
  logfile.admin.logdir = /app2/iplanet/new/ims5.2/msg-hostdev/log/admin
  logfile.admin.loglevel = Notice
  logfile.admin.logtype = NscpLog
  logfile.admin.maxlogfiles = 10
  logfile.admin.maxlogfilesize = 2097152
  logfile.admin.maxlogsize = 20971520
  logfile.admin.minfreediskspace = 5242880
  logfile.admin.rollovertime = 86400
  logfile.default.buffersize = 0
  logfile.default.expirytime = 604800
  logfile.default.flushinterval = 60
  logfile.default.logdir = /app2/iplanet/new/ims5.2/msg-hostdev/log/default
  logfile.default.loglevel = Notice
  logfile.default.logtype = NscpLog
  logfile.default.maxlogfiles = 10
  logfile.default.maxlogfilesize = 2097152
  logfile.default.maxlogsize = 20971520
  logfile.default.minfreediskspace = 5242880
  logfile.default.rollovertime = 86400
  logfile.http.buffersize = 0
  logfile.http.expirytime = 604800
  logfile.http.flushinterval = 60
  logfile.http.logdir = /app2/iplanet/new/ims5.2/msg-hostdev/log/http
  logfile.http.loglevel = Notice
  logfile.http.logtype = NscpLog
  logfile.http.maxlogfiles = 10
  logfile.http.maxlogfilesize = 2097152
  logfile.http.maxlogsize = 20971520
  logfile.http.minfreediskspace = 5242880
  logfile.http.rollovertime = 86400
  logfile.imap.buffersize = 0
  logfile.imap.expirytime = 604800
  logfile.imap.flushinterval = 60
  logfile.imap.logdir = /app2/iplanet/new/ims5.2/msg-hostdev/log/imap
  logfile.imap.loglevel = Notice
  logfile.imap.logtype = NscpLog
  logfile.imap.maxlogfiles = 10
  logfile.imap.maxlogfilesize = 2097152
  logfile.imap.maxlogsize = 20971520
  logfile.imap.minfreediskspace = 5242880
  logfile.imap.rollovertime = 86400
  logfile.imta.buffersize = 0
  logfile.imta.expirytime = 604800
  logfile.imta.flushinterval = 60
  logfile.imta.logdir = /app2/iplanet/new/ims5.2/msg-hostdev/log/imta
  logfile.imta.loglevel = Notice
  logfile.imta.logtype = NscpLog
  logfile.imta.maxlogfiles = 10
  logfile.imta.maxlogfilesize = 2097152
  logfile.imta.maxlogsize = 20971520
  logfile.imta.minfreediskspace = 5242880
  logfile.imta.rollovertime = 86400
  logfile.pop.buffersize = 0
  logfile.pop.expirytime = 604800
  logfile.pop.flushinterval = 60
  logfile.pop.logdir = /app2/iplanet/new/ims5.2/msg-hostdev/log/pop
  logfile.pop.loglevel = Notice
  logfile.pop.logtype = NscpLog
  logfile.pop.maxlogfiles = 10
  logfile.pop.maxlogfilesize = 2097152
  logfile.pop.maxlogsize = 20971520
  logfile.pop.minfreediskspace = 5242880
  logfile.pop.rollovertime = 86400
  logfiles.admin.alias = |logfile|admin
  logfiles.default.alias = |logfile|default
  logfiles.http.alias = |logfile|http
  logfiles.imap.alias = |logfile|imap
  logfiles.imta.alias = |logfile|imta
  logfiles.pop.alias = |logfile|pop
  nsclassname = "[email protected]@cn=admin-serv-hostdev, cn=Netsca
  pe Administration Server, cn=Server Group (2), cn=hostdev.emirates.net.ae, ou=net.ae, o=NetscapeRoot"
  nsserversecurity = on
  service.authcachesize = 10000
  service.authcachettl = 900
  service.dcroot = o=internet
  service.defaultdomain = emirates.net.ae
  service.dnsresolveclient = yes
  service.http.allowadminproxy = yes
  service.http.allowanonymouslogin = no
  service.http.enable = yes
  service.http.enablesslport = yes
  service.http.extrauserldapattrs = "myuserclass,homepage:w"
  service.http.fullfromheader = no
  service.http.idletimeout = 3
  service.http.ipsecurity = no
  service.http.maxmessagesize = 5242880
  service.http.maxpostsize = 5242880
  service.http.maxsessions = 6000
  service.http.maxthreads = 250
  service.http.numprocesses = 1
  service.http.plaintextmincipher = 0
  service.http.port = 80
  service.http.proxydomainallowed = hostdev.emirates.net.ae
  service.http.resourcetimeout = 900
  service.http.sessiontimeout = 7200
  service.http.smtpport = 25
  service.http.spooldir = /app2/iplanet/new/ims5.2/msg-hostdev/http
  service.http.sslcachesize = 0
  service.http.sslport = 443
  service.http.sslusessl = yes
  service.imap.allowanonymouslogin = no
  service.imap.banner = "%h %p service (%P %V)"
  service.imap.enable = yes
  service.imap.enablesslport = yes
  service.imap.idletimeout = 30
  service.imap.maxsessions = 4000
  service.imap.maxthreads = 250
  service.imap.numprocesses = 1
  service.imap.plaintextmincipher = 0
  service.imap.port = 143
  service.imap.sslcachesize = 0
  service.imap.sslport = 993
  service.imap.sslusessl = no
  service.ldapmemcache = no
  service.ldapmemcachesize = 131072
  service.ldapmemcachettl = 30
  service.listenaddr = INADDR_ANY
  service.loginseparator = @
  service.plaintextloginpause = 0
  service.pop.allowanonymouslogin = no
  service.pop.banner = "%h %p service (%P %V)"
  service.pop.enable = yes
  service.pop.idletimeout = 10
  service.pop.maxsessions = 600
  service.pop.maxthreads = 250
  service.pop.numprocesses = 1
  service.pop.plaintextmincipher = 0
  service.pop.popminpoll = 0
  service.pop.port = 110
  service.pop.sslusessl = no
  service.readtimeout = 10
  store.admins = admin
  store.cleanupage = 1
  store.dbcachesize = 16777216
  store.defaultacl = "anyone lrs"
  store.defaultmailboxquota = -1
  store.defaultmessagequota = -1
  store.defaultpartition = primary
  store.diskflushinterval = 15
  store.partition.primary.path = /app2/iplanet/new/ims5.2/msg-hostdev/store/partition/primary
  store.quotaenforcement = on
  store.quotaexceededmsginterval = 7
  store.quotagraceperiod = 120
  store.quotanotification = off
  store.quotawarn = 90
  store.serviceadmingroupdn = "cn=Service Administrators, ou=Groups, o=eim"
  store.umask = 077

• Unable to login on webmail

  I am using iMS5.2 on Solaris8 platform as my primary MX (host1.mydomain.com) which is working perfectly. Now I am trying to configure webmail only on host2.mydomain.com. I have put the alternate smtp server to myhost1.mydomain.com on myhost2's webmail but not working. Can anyone help me where I am doing mistake??
  Many thanks.

  If you're trying to log into webmail on another box, your account has to be in ldap, that webmail can get to, and you need to turn the MEM function on. . .
  Also, the webmail system needs to be able to get to your main store system, because your mail continues to be on the back-end system.
  MEM is turned on with the command
  configutil -o local.service.http.proxy -v on

• Send web proxy messages through another MTA

  Hello,
  We have an iMS5.2 platform consisting in one message store, two MTA's (relays), one LDAP and two frontends (MMP imap, pop and http proxy).
  External users access the frontends, that are balanced by an Alteon switch. When I send a message using webmail (through frontends), the message is delivered to mshttpd daemon on the store server, who then sends it back to the MTA's (using service.http.smtphost configuration).
  Is, by any change, possible to send the message directly from the frontends to the MTA's?
  I've activated the "service.http.smtphost" configuration on the Frontends, but the message is still deliverd to the mshttpd on the store server.
  Any ideas?
  Regards,
  Sergio Sousa

  Hello,
  We have an iMS5.2 platform consisting in one message store, two MTA's (relays), one LDAP and two frontends (MMP imap, pop and http proxy).
  External users access the frontends, that are balanced by an Alteon switch. When I send a message using webmail (through frontends), the message is delivered to mshttpd daemon on the store server, who then sends it back to the MTA's (using service.http.smtphost configuration).
  Is, by any change, possible to send the message directly from the frontends to the MTA's?
  I've activated the "service.http.smtphost" configuration on the Frontends, but the message is still deliverd to the mshttpd on the store server.
  Any ideas?
  Regards,
  Sergio Sousa

• There is a problem with the security certificate of the proxy server. Error code 18 and 38.

  Hi All,
  After several hours and a short night of sleep I'm out of ideas and hopefully someone here can help me trying to solve this one. First of all the situation:
  Exchange 2013 on a remote location with a CA-certificate.
  Outlook 2010 and 2013 on different locations, locally installed and on RDS.
  When I open Outlook on my laptop all is fine, no errors, good sync, no problem. But when I open Outlook on our Remote Desktop Servers with Outlook 2013 I'm getting errors like "There is a problem with the security certificate of the proxy server. The
  name on the security certificate is invalid or does not match the name of the site. Outlook is unable to connect to this server. (Error code 18)". Opening Outlook 2010 the message is the same, but the error code now is 38.
  After this Outlook opens and is working, there's one more error though. After a while an security warning pops up with the message: "Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the
  site's security certificate. * The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority. * The security certificate is valid. * The name on the security
  certificate is invalid or does not match the name of the site."
  Strangest thing is, it is the certificate of my RDS! It isn't my valid en officially bought certificate from my mailserver. What's going on? I'm out of options, what I've tried so far (in random order):
  - restarting mailserver and AD;
  - restarting switches;
  - restarting routers;
  - restarting RDS, AD and all other servers;
  - bypassed proxyserver for RDS;
  - created a new profile;
  - checked recently installed updates;
  - checked certificate on mailserver;
  - checked RDS on a different location, working fine.
  Nothing helped, what can I do next? Please advice.
  Regards.

  Found a thread that solves half my problem (https://social.technet.microsoft.com/Forums/office/en-US/70d18244-889a-4d95-ac3f-e234672a82b2/there-is-a-problem-with-the-proxy-servers-security-certificate-error-when-starting-outlook?forum=exchangesvrclients).
  The first message can be suppressed by adding this to the Exchange config:
  set-outlookprovider -Identity EXCH -CertprincipalName msstd:webmail.domain.tld
  set-outlookprovider -Identity EXPR -CertprincipalName msstd:webmail.domain.tld
  Giving the command get-outlookprovider, gives me empty information regarding the certprinipalname. Filled
  this and after recreating the profile or deleting the ost-file I still have the second alert with the local certificate of my RDS.
  Not completely where I want to be, any help regarding the second alert is greatly appreciated!