Chapter 2 Installing Internet Express

  Table of Contents

  Index

You can use either a browser-based interface or a command-line interface to perform the Internet Express installation. This chapter shows the browser-based procedure.

To control the progress of the browser-based installation procedure, and for data collection on some of the forms in the Administration utility for Internet Express, your browser must be enabled to use JavaScript.

Section : Internet Express Components and Subsets lists and describes the Internet Expresscomponents. If you choose to install all the components, the installation can take up to 45 minutes.

Note:

Update installations from Internet Express Version 6.4 and Version 6.5 to Internet Express Version 6.6 are fully supported. (Updates from versions earlier than Version 6.4 should work but are not supported.)

You can rerun the browser-based installation procedure at any time to change the subsets that are installed on your system. The script verifies that the system configuration is correct, and then presents an interactive menu for installing, updating, or removing subsets.

Note:

Some subsets are required by other subsets and cannot be removed unless the subsets that depend on them are also removed.

You can also use the Administration utility after installation to install or remove subsets.

Note:

The command-line installation procedure only allows you to install subsets. To remove subsets, use one of the following:

  • ix_install in browser mode

  • Administration utility. Choose Install/Remove Components on the Manage Components menu.

  • setld command

  • ix_cleanup script (Section : Using the Cleanup Script) — This script is only used for removing components.

TruCluster Server Support

If you are installing Internet Express on a cluster running TruCluster Server Version 5.0 or higher, the following notes apply:

  • Any member-specific configuration will automatically be performed for all cluster members at installation time. If Internet Express is installed on a noncluster system that is subsequently upgraded to a cluster system, all services will be automatically reconfigured to run properly in a cluster as part of the cluster upgrade process.

  • During installation, performance tuning recommendations will be made for all cluster members, but no action can be taken. To make modifications, use the Administration utility for Internet Express.

Verifying the Installed Version of Tru64 UNIX

Before you begin the installation procedure, make sure that you have a complete backup of your system.

If Tru64 UNIX is already installed on your system, you can verify the version number by entering the following command:

# /usr/sbin/sizer -v
Tru64 UNIX V5.1A  (Rev. 1094); Wed Mar 12 14:26:59 EDT 2003

The version of Tru64 UNIX must be 5.1A (Revision 1094) or higher.

Starting the Installation Procedure

Insert the CD–ROM labeled Internet Express for Tru64 UNIX Installation and Documentation into the CD–ROM drive on your system. Make sure you are logged in as root and enter the following command to mount the drive, where drive is the name of the CD–ROM drive on your system:

# mount /dev/drive /mnt

Usually this will be:

# mount /dev/disk/cdrom0c /mnt

Change the directory to the topmost (root) directory in your system by entering the following command:

# cd /

Enter the following command to start the installation procedure:

# /mnt/ix_install

Setting Up the Internet Express Account

As shown in Example 2-1: Setting Up the Internet Express Account, the installation procedure (ix_install), does the following:

  • Creates a number of pty and tty devices (if they do not already exist) to increase the system's remote login capability.

  • Prompts you for a password that will be used for all administration accounts (the Web-based installation procedure, the iass account, the Administration utility, the Secure Web ServerAdministration Server, and the Internet Monitor Administration Server). This password must be between 5 to 8 characters in length.

  • Notifies you that it is adding the IASS_Adm group to the /etc/group file (if this group does not exist) and adding the user iass with the password you specified to the /etc/passwd file (if this user does not exist).

Example 2-1 Setting Up the Internet Express Account

# /mnt/ix_install



******************* Internet Express Installation *******************
******************* Tue Oct 14 10:19:10 EDT 2003  *******************

    You must now specify one password to be used in all of the following
    cases:

	1.  Access to the Internet Express installation
	    (if you choose the web-browser installation mode)

	2.  The login password for the 'iass' administrator's account (if 
	    it needs to be created -- existing passwords are not changed)

	3.  Access to the Administration utility for Internet Express
	    (if it needs to be created -- existing passwords
	    are not changed)

	4.  Access to the Secure Web Server (if it needs to be created 
            -- existing passwords are not changed)

	5.  The Root Distinguished Name password for administrator
	    access to the Directory Server (if you choose to install
	    a Directory Server)
		
Please enter a password (won't echo as you type). 
Password: password
Repeat Password to confirm: 
Adding group 'IASS_Adm' to /etc/group

Choosing an Installation Interface

The installation procedure presents a series of prompts aimed at determining which of the following interfaces you want to use to continue the installation.

  • A new Web browser (either local or a remote)

  • An existing Web browser (either local or remote)

  • No browser (command-line interface)

You can use Netscape Navigator Version 4.5 and higher or Microsoft Internet Explorer Version 4.0 or higher, with JavaScript enabled to install Internet Express Version 6.6 for Tru64 UNIX.

Note:

If the system is running in single-user mode (run level s), only the command-line interface is available.

Table 2-1 summarizes how to respond to installation prompts to choose an installation interface.

Table 2-1 Choosing an Installation Interface

PromptNew Web BrowserExisting Web BrowserCommand-Line Interface
DISPLAY not definedDISPLAY defined
Would you like to use the Internet Express Installation graphical user interface?yyyn
Do you want to start a Netscape Web Browser on an X Window System display?yyn 
Would you like to specify an X Window System Display?y   

 

If you want to use a new Netscape Web browser and your X Windows display (DISPLAY environment variable) is not defined, the installation procedure prompts you to specify one. The system on which you are installing Internet Express must be able to connect to the display you specify. (See Table 2-1.)

If you want to end the installation procedure before it completes, and you chose to use an existing browser, exit the procedure using one of the following methods:

  • On the first page of the installation procedure, click on Cancel.

  • On the page that lists the subsets to install, scroll to the bottom and click on Cancel. On the Canceling the Internet Express Installation page, click on Exit.

  • In the terminal window from which you started the installation procedure, press Ctrl/C.

If you close the browser without exiting the installation procedure as previously described, the procedure remains running on your system. You can reconnect to port 8090 and click on Continue to resume at the beginning of the last step that was not completed.

If you are using a new browser started by the installation procedure, you can exit the installation procedure before completion by choosing Exit from the File menu in the browser window. The installation procedure cleans up and exits. If you restart the installation (using the ix_install script), the procedure resumes where you left off when you exited.

Example 2-2 shows how to choose to install Internet Express from a remote X Window System/Motif Netscape browser.

Example 2-2 Choosing to Install Internet Express from a Remote Netscape Browser

   You must now specify one password to be used in all of the following
    cases:

	1.  Access to the Internet Express installation
	    (if you choose the web-browser installation mode)

	2.  The login password for the 'iass' administrator's account (if 
	    it needs to be created -- existing passwords are not changed)

	3.  Access to the Administration utility for Internet Express
	    (if it needs to be created -- existing passwords
	    are not changed)

	4.  Access to the Secure Web Server (if it needs to be created 
            -- existing passwords are not changed)

	5.  The Root Distinguished Name password for administrator
	    access to the Directory Server (if you choose to install
	    a Directory Server)

Please enter a password (won't echo as you type). 
Password: password
Repeat Password to confirm: 


    Now you must choose whether to use the Internet Express
    Installation graphical user interface using a Web browser
    or continue with the installation using this command-line script.

    If you choose the Web browser interface, you can use an existing Web
    browser or the installation procedure can start a Netscape Web
    browser if an X Window System graphical display is available.

  
Would you like to use the  Internet Express Installation
        graphical user interface? (y/n) [y] y


Do you want to start a Netscape Web Browser
        on an X Window System display? (y/n) [y] y

Starting Web browser installation using the following username and password:

    User ID:   admin
    Password:  the password specified.


Starting a Netscape Navigator using X Display 

This installation procedure will exit when the Netscape Navigator exits.

If you chose to use the Web browser interface to complete the installation, the procedure starts a minimal Web server that is bundled with the Internet Express kit and required to support browser-based installation. If you chose to complete the installation using a new Netscape browser, and this is the first time you are using the Netscape browser, you will see the following:

  • A license form. Accept the license.

  • A message indicating that the browser is establishing a cache. Click on OK to create the browser cache.

The browser displays a confirmation message asking you to continue or cancel the installation. Click on Continue to proceed to Tru64 UNIX subset verification.

As you proceed through the installation, you are prompted to enter information on forms and submit them as input to the procedure. The browser might display a message box, warning you that information sent over the network is not secure. You can shut off this warning; however, it is good practice to reset the browser preferences after the installation to display this warning.

Notes:

If a step in the browser-based installation procedure appears to be taking a long time to complete, scroll to the bottom of the form to check its status.

You can stop the browser-based installation at any time by pressing Ctrl/C in the terminal window from which you started the installation.

Verifying Tru64 UNIX Subsets

The installation procedure checks your system to make sure that all required Tru64 UNIX subsets are present. (A default Tru64 UNIX installation includes all the subsets required by Internet Express.) If so, the procedure moves on to the next step. If any Tru64 UNIX subsets are missing, the procedure displays a list of the missing subsets and prompts you to insert the CD–ROM containing the operating system software.

The installation procedure locates the missing subsets, if any, and automatically installs them. As it installs the subsets, the procedure displays a log of the copy and verification process. This process can take five minutes or longer.

When all the subsets are installed, scroll to the bottom of the form and click on Continue to proceed with verification of the Tru64 UNIX kernel options. Note that some updated subsets may take effect when the system reboots.

Note:

JavaScript is required to control the progress of the Internet Express browser-based installation. The installation procedure checks that your browser is enabled to use JavaScript. If not, the procedure displays a warning message. You must enable JavaScript in your browser preferences before continuing with the installation.

Verifying Tru64 UNIX Kernel Options

The installation procedure checks for the following kernel options required by Internet Express:

  • LDTTY

  • RPTY

  • STREAMS

  • STRKINFO

If these kernel options are defined on the system, the procedure moves on to the next step. (A default Tru64 UNIX installation configures all the kernel options required by Internet Express.)

If any required kernel options are missing, the procedure:

  • Displays a list of kernel configuration files on your system and prompts you to select one. Unless you have renamed your system's configuration file, accept the default name. (Do not choose the generic kernel configuration file, GENERIC.)

  • Rebuilds the kernel (/vmunix) automatically. This process can take 8 to 10 minutes.

After the kernel is rebuilt, the installation procedure prompts you to reboot the system. Scroll to the bottom of the page and click on Reboot Now. After a one-minute delay, the system reboots and you can restart the installation as follows:

  1. Log in as root.

  2. Restart the installation procedure by entering the following command:

    # /tmp/ix_install

    Note that the installation procedure is now located in the /tmp directory.

  3. Indicate whether you want to continue the installation using a Web browser.

  4. Specify the user name iass and the password you specified.

The procedure verifies the required Tru64 UNIX kernel options and continues.

Verifying PAK Information

The installation procedure verifies the presence of Product Authorization Key (PAK) information required for the OSF_BASE and OSF_USR licenses. If any PAK information is missing, the script displays a form that prompts you for the missing information. (PAK information is included with the licensing materials you received with your hardware.) Enter the requested information and click on Continue. For more information on registering PAKs, see lmf(8) and lmfsetup(8).

After verifying the PAK information, the installation procedure prompts you to choose a Web server.

Configuring the Network

If the procedure detects that the network has been configured, it proceeds with DNS client configuration (Section : Configuring the DNS Client).

If the installation procedure detects that your system's network needs to be configured, the procedure displays a form prompting you for network configuration information. You can use the worksheet you prepared (Section : Network Configuration Worksheet) as a reference when responding to prompts for configuration data.

The routed daemon with the -q option is appropriate when your system needs to monitor Routing Information Protocol (RIP) updates from other systems but does not need to supply routes (that is, it serves as a client only). The -q option inhibits the routed daemon from supplying RIP data. (The -q option conflicts with the -s option; do not use the -q and -s options together.)

The gated daemon supports multiple routing protocols, and is appropriate for more complex configurations (for example, when your system needs to act as a gateway and, therefore, must provide updated RIP data to other systems). You can customize the gated daemon through settings in the /etc/gated.conf file. If you running Tru64 UNIX Version 5.0 and plan on creating a cluster, you must configure and run gated.

Choose whether to run the routed daemon, gated daemon, or neither, and click on Submit. The procedure prompts you to confirm the information you entered, informs you when the network has been successfully configured, and starts the network.

Click on Continue to proceed with the installation.

Configuring the DNS Client

If the procedure detects that the DNS client has been configured, it proceeds with configuring the SMTP Server (Section : Configuring the SMTP Server).

If the installation procedure detects that your system's Domain Name System (DNS) client needs to be configured, the procedure displays a form that prompts you for domain name, name server, and IP address information. You can use the worksheet you prepared (Section : DNS Client Configuration Worksheet) as a reference when responding to prompts for configuration data.

The installation performs a minimal DNS client configuration. Internet users may require a more complete configuration. See the DNS documentation for more information on how to completely configure DNS. If you intend to use this system as a name server, you must use the tools provided with Tru64 UNIX (bindsetup, bindconfig, or the CDE Motif tools available with DIGITAL UNIX Version 4.0B or higher) to configure Berkeley Internet Name Domain (BIND).

After entering the required information, click on Submit.

Configuring the SMTP Server

If the procedure detects that mail has been configured, it proceeds with Internet server performance tuning (Section : Tuning Internet Server Performance).

If the installation procedure detects that mail needs to be configured for the system, the procedure displays a form prompting you for mail configuration information.

Use the Configure SMTP Server form to set up the routing and delivery of mail for your system. You can configure your system as one of the following:

Configuring a Standalone Mail System

To configure your system as a standalone mail system, follow these steps:

  1. Choose Standalone under Select Configuration Mode.

  2. Click on Configure.

  3. Click on Continue to proceed with the installation.

Configuring a Mail Client

To configure your system as a mail client, follow these steps:

  1. Choose Client under Select Configuration Mode, then click on Configure.

  2. Enter the fully qualified name of the mail server that will address and route mail for your system in the Mail Server field. If a default server name is provided, add the domain name to fully qualify the mail server name. For example, if mailhub is shown as the default, the fully qualified name might be mailhub.domain.name.

  3. Click on Configure Client.

    The installation procedure checks the syntax of your entry. If the syntax is valid, the installation procedure informs you that the mail configuration is successful, and starts the SMTP daemon.

  4. Click on Continue to proceed with the installation.

Configuring a Mail Server

To configure your system as a mail server for SMTP, follow these steps:

  1. Choose Server under Select Configuration Mode, then click on Configure. A top domain is needed if your organization uses any other protocols besides TCP/IP to deliver mail (for example, DECnet or UUCP). The top domain is used to:

    • Encapsulate mail addresses for non-IP protocols before sending mail out over the Internet

    • Determine whether to omit the host name when rewriting the address on the From: line

  2. Accept the default top domain or enter another domain in the Top Domain field. (The top domain is usually your company name and Internet domain; for example, hp.com or isc.org.) You can enter from 1 to 21 alphanumeric characters (including special characters). The address cannot start or end with a hyphen (-).

  3. Choose one of the routing options for this mail server:

    • None — Send mail directly to the addresses. (So not use routing.)

    • Internet — Forward addresses outside your corporation (top domain) to the host specified in the Relay Hostname field.

    • Nonlocal — Forward addresses outside your local site to the host specified in the Relay Hostname field.

    • Local — Forward all mail with destinations other than this server to the host specified in the Relay Hostname field.

    If you choose None, go to step 5; otherwise, go to step 4.

  4. If you are routing mail to another system for processing, enter the fully qualified system name in the Relay Hostname field. You can accept the default value (if any), or specify another system name.

  5. Click on Configure Server.

    If the information you provided is valid, then mail configuration will take place; otherwise, the erroneous information is identified and you must provide new configuration information. The installation procedure informs you when the mail configuration is successful, and starts the SMTP daemon.

  6. Click on Continue to proceed with the installation.

Tuning Internet Server Performance

The installation procedure checks several system configuration options that affect the performance of Internet services on your system and recommends configuring these options to improve performance. You can choose to configure your system swap mode to deferred mode and tune several kernel subsystem attribute values to their recommended settings.

Note:

You must reboot the system for the lazy swap mode and most of the recommended kernel attribute values to take effect.

To accept all the recommended configuration options, click on Submit. To avoid configuring any one of the recommended options, click on the toggle button next to the option before clicking on Submit.

Note:

To revert back to the original kernel attribute values, copy the saved /etc/sysconfigtab.preIASS.PID file to /etc/sysconfigtab and reboot. The PID is the process ID (PID) of the Internet Express installation procedure.

There are several other kernel attributes values that you can tune to improve performance.

The Tuning Tru64 UNIX for Internet Servers document contains the latest information on tuning a variety of Web services running HP Tru64 UNIX. As new data becomes available, HP will update this document.

Documentation on tuning your system to improve the performance of your mail and news servers is also available. You can obtain tuning information at the following URL:

http://h30097.www3.hp.com/docs/internet/TITLE.HTM
Note:

The kernel subsystem attribute settings described in Tuning Tru64 UNIX for Internet Servers are meant for use on systems that are primarily used as Web servers (or other servers that handle a large number of connections, such as a proxy/caching server, mail server, news server, or FTP server) and that are configured with an adequate amount of RAM. In some cases, settings that differ from those recommended in this document could improve the performance of a Web service. Only a knowledgable Tru64 UNIX system administrator should modify kernel subsystem attributes.

Specifying a Mail Forwarding Address for the iass Account

The installation procedure determines whether a mail forwarding address exists for the iass account. If the mail forwarding address field is blank, it has not been set and the current mail forwarding address for the iass account is displayed.

You can change the mail forwarding address or accept the currently specified address. Leave the field blank if you do not want to forward messages mailed to the iass account.

Click on Submit to continue the installation.

Checking /usr/local Directories

The installation procedure checks to ensure that /usr/local/ directories are local (not NFS mounted) and have write permission for root.

If the directories do not have write permission for root, you must correct this condition before continuing with the installation. To exit the installation, click on Cancel.

If the directories are not local, the installation procedure warns you that the /usr/local/ file system should not be shared with other systems. The procedure gives you a chance to correct the problem, continue the installation without making any changes, or exit the installation.

Click on Submit to continue the installation.

Creating /data and /data/spool Directories

The installation procedure prompts you for information about the Internet Express /data directory. The /data directory contains the default public Web server document root, the user accounts created by Internet Express(for example, /data/IASS_Usr/users/sarah), log directories, and so on.

Note:

If you are updating a previously installed version of Internet Express, the IASS user directories might have been created under /data/Lkr_Usr_. If this directory exists, it remains as is. Any new user accounts that are created after Internet Express Version 6.6 for Tru64 UNIX is installed will be added to this directory.

When the installation procedure creates a /data directory, it displays a series of forms that you use to make the following choices:

  1. Choose one of the following file systems:

    • Create a link to an existing file system on a partition other than root.

    • Create a UNIX File System (UFS) partition. (This is the default if the Advanced File System (AdvFS) is not supported on your system.)

    • Create an AdvFS partition. (This is the default if AdvFS is supported on your system.)

    Choose the appropriate file system and click on Continue.

  2. Choose the disk partition where you want to allocate the /data directory and click on Continue.

    If any disks on your system are unlabeled, a form is displayed at the top of the disk partition selection page that allows you to write default labels on the unlabeled disks. If you want to choose a partition from the unlabled disks, select the checkbox next to the disk name and click on the Write Disk Labels button. The disk labels will be written on the disks you selected and the form will redisplay including the partitions from these disks.

    If you do not want to write labels on these disks, you can select a different partition from the already labeled disks and click on the Continue button at the bottom of the form.

    Choose an available disk partition to allocate to the /data directory and click on Continue.

    The procedure displays a message indicating completion and proceeds with the /data/spool/news directory allocation.

  3. Choose whether you want to create a separate file system for the /data/spool directory. If you plan to receive an external newsfeed that requires a large amount of disk space, you should create /data/spool as a separate file system. (Linking to an existing file system is not an option for /data/spool.) Select this option and click on Continue.

  4. Select a file system and separate disk partition for the /data/spool directory. After you make the selections, the installation procedure creates the directories. This process can take up to a minute. The installation procedure displays a message indicating completion.

    Click on Continue to proceed to selecting the Internet Express subsets you want to install.

Installing, Updating, or Removing Internet Express Subsets

You can use the browser-based installation procedure to install, update, or remove selected Internet Express subsets (Table 2). The procedure displays a form that lists each subset, showing the size (in bytes), and offering an installation option based on the subset's current status (namely, whether the subset is already installed). All subsets are optional; however, a selected subset may have other subsets on which it depends. The installation procedure automatically selects the prerequisite subsets when you choose a subset. For example, when you select the Internet Express administration utility, the installation procedure also selects its prerequisite component subsets: Secure Web Server Administration utility, Secure Web Server, Secure Web Server documentation, Tcl runtime components, and UNIX client applications for mail and news.

When you install an Internet Express Version 6.6 for Tru64 UNIX subset to update an earlier version of a component, customizations for that component are preserved to the greatest possible extent. All configuration files and user data are preserved and restored for use by the new version of the component.

Table 2 Installation Options for Internet Express Subsets

OptionEffect
InstallInstalls the selected subset from the CD–ROM onto your system. This option is highly recommended if an older version of a subset exists on the system.
RemoveRemoves an existing subset from your system. The Remove option is available only if the subset has already been installed. It is not an option for prerequisite subsets.

 

To return to the initial settings, click on Reset.

After selecting the subsets you want to install, click on Submit. A full installation of all the subsets can take 20 to 30 minutes or longer depending on your processor speed.

The installation procedure checks for conflicts with existing services (see Section : Checking for Conflicts with Existing Services). Then, if you choose to install the Secure Web Server subset, the installation procedure prompts you for additional information required to complete the installation (Section : Providing Secure Web Server Information) of this component.

The installation procedure displays information on each subset as it installs it. Scroll down to the bottom of the page to monitor the progress of the installation. After the selected subsets are installed, scroll to the bottom of the page and click on Continue.

To rerun the installation procedure (for example, to change the selections you made from the list of subsets or to remove an installed subset), click on Reinstall.

When updating a previous installation of Internet Express, you may choose to update some subsets but not others. The Administration Utility (IAEADM subset) can be updated and administration pages of older components will still work, however if you update any component with administration pages, you must also update the IAEADM subset or it will not be able to use the newer administration pages.

Checking for Conflicts with Existing Services

If you choose to install any of the following services, the Internet Express installation procedure checks to see if any existing services are running on the standard ports used by these servers:

  • Internet Relay Chat (IRC) server (ircd)

  • InterNetNews (INN) server (nntpd)

  • Lightweight Directory Access Protocol (LDAP) server (slapd)

  • Sendmail (SMTP)

  • Post Office Protocol (POP)

  • Cyrus IMAP or University of Washington IMAP

  • Squid Proxy/Caching Server

If the installation procedure detects a service on a standard port, the procedure identifies the conflict and prompts you to decide whether to install the Internet Express component that uses the same port. After deciding whether or not to install the components in question, click on Continue to continue the installation.

Providing Secure Web Server Information

The installation procedure allows you to choose to install either Version 1.3 or Version 2.0 of the Secure Web Server, or both. Each of these Web Servers offers different advantages for delivering your Web content. More information on the advantages and disadvantages of each server can be found in the Secure Web Server Administration Guide.

When you choose to install the Secure Web Server 1.3, you can choose not to install or start a Public Web Server instance. When you choose to install the Administration utility, an instance of the Secure Web Server 1.3 is automatically installed on port 8081.

When updating from Internet Express Version 5.9 or later, if a public Web server configuration exists, it will be preserved and used. Otherwise, you have the option of creating a public version of the Secure Web Server 1.3 on port 80 (or your choice of any port) or continuing without creating this instance. You will also be asked whether or not you want the public Web server to be started when the installation completes and to be configured to restart when the system boots.

When you choose to install the Secure Web Server 2.0, a public Web server will be created on the port of your choosing (although if you also configured a public 1.3 Web server, they must use different ports). You will also be asked whether or not you want the public Web server to be started when the installation completes and to be configured to restart when the system boots.

Choosing an IMAP Server

If you choose to install both the University of Washington IMAP server (UW-IMAP) and the Carnegie Mellon University Cyrus IMAP server (Cyrus) subsets, you must indicate which of these servers you want to enable after installation.

If you choose to install both the UW-IMAP and the Cyrus IMAP servers, you must indicate which IMAP server you want to enable on your system. Because these servers share the same port, you can enable only one IMAP server on the system at any given time. You can switch from one server to another at any time. See the Administration Guide for more information.

This section compares and contrasts the UW-IMAP server with the Cyrus server by considering several factors (mail file format, user setup, administrative overhead, mail folder sharing, and disk quota management). HP recommends the Cyrus IMAP server for its superior performance and scalability features, especially at sites having a large number of users who might store a large volume of mail. Cyrus also provides automated disk quota management, which is a benefit to Internet service providers (ISPs), who need to control the disk space consumed by users' mail.

The Cyrus server is also included in Tru64 UNIX.

Mail File Format

The UW-IMAP server relies on the standard UNIX mbox mail folders to hold the mail it serves. The messages in each folder are stored in a single file and are separated using a From header. This is the format that Sendmail uses to store messages in the /var/spool/mail directory. Mail-reading programs like dtmail and mailx also use this format. Because it relies on a standard mailbox format, the UW-IMAP server provides the following benefits:

  • Users can easily access messages in existing mbox mail folders without assistance from a system administrator.

  • Legacy mail agents can share mail folders. (But you must ensure that IMAP clients and mail readers do not manipulate mail folders directly at the same time; otherwise, the folders might be corrupted.)

  • Users can directly access mail folders from the command line.

  • The user's INBOX is /var/spool/mail/username.

The mbox folder format has the following drawbacks:

  • Performance decreases significantly when folders get large, because all folder operations require rewriting the folder when the folder is closed.

  • The UW-IMAP server writes a temporary copy of open folders to the /tmp directory, requiring this directory to be sufficiently large. This use of the /tmp directory can also limit the number of simultaneous connections.

  • With the UW-IMAP server, multilevel folder hierarchies are possible only when using UNIX directories that contain other directories or mail folder files. Some IMAP clients cannot create directory hierarchies; you must manually create them on the server using the mkdir command. This limitation can also cause some mail clients to display warning messages if they attempt to treat these directories as real mail folders.

The Cyrus server uses a private mailbox format. Mail is stored in a spool area that is not accessible by users. Each mail folder is stored in a directory with caching files, and each mail message is stored as an individual file in one of the folder directories. The Cyrus mailbox format provides the following benefits:

  • Excellent performance of all folder operations.

  • Requests are handled with lower I/O overhead. Note, however, that the one file per message storage scheme tends to result in a large number of small files, which may require file system tuning.

User Setup

With the UW-IMAP server, mail is normally stored in a subdirectory of the user's home directory (usually named ./mail). Many IMAP mail clients allow the user to specify which directory to use as the mail directory. Some mail clients can to correctly determine which directories are mail folders, even when the mail directory is not specified. Other clients list all files and directories, including those that are not mail folders.

Mail folder names are constructed using the slash (/) as a separator, usually as children of the top-level mail directory (for example, mail/save/stuff). The UW-IMAP server uses the special name INBOX for the user's mail spool file, which is the name expected by all mail clients.

The Cyrus server does not require a top-level mail directory. Folder names are constructed using the period (.) as a separator and are generally children of the INBOX folder (for example, INBOX.save.stuff).

Administrative Overhead

The UW-IMAP server requires no administrative overhead. Any user who can be authenticated has access to mail folders under his or her home directory.

Before a user can use the Cyrus IMAP server, the user's existing mail folders must be converted to the Cyrus format. The Internet Express kit includes a modified version of the Tru64 UNIX mail conversion utility, /usr/internet/mail/bin/mailcv, which can convert UNIX (“From” style) folders to the Cyrus format and vice versa. See the Administration Guide for information on how to use the modified version of the mailcv utility. You can read the reference page for the modified version of the mailcv utility by entering the following command:

% man n mailcv

Mail Folder Sharing

Cyrus supports the use of access control lists (ACLs) to allow customized access to mail folders. The ACLs provide a means of allowing users to share mail folders with a user-specific level of privileges.

Cyrus also supports the creation of common folders (that is, folders that are not specific to a given user). Visibility and access to common folders are controlled through ACLs.

With Cyrus, folders can be accessed concurrently by more than one mail client (even by different users).

The UW-IMAP server does not support ACLs or shared write access to folders. If a second client opens a mail folder that another client has open, the first client's connection is closed.

Disk Quota Management

Cyrus supports disk quota management, allowing for automated management of the disk space allocated to users' mail. When the disk quota for a user's mail would be exceeded by the receipt of a mail message, the message is automatically rejected.

UW-IMAP does not provide automated disk quota management.

Configuring the OpenLDAP Server

The installation procedure prompts for the following information required to set up the OpenLDAP Directory Server:

  • Searchbase (otherwise known as organization name)

  • Root Distinguished Name (rootdn)

  • Root password (rootpw)

Defaults for all of the above are provided as follows:

  1. If an existing OpenLDAP installation is detected, the existing configuration information is used.

  2. If no prior installation exists, but the LDAP Module for System Authentication has been installed and configured on this system, default values are taken from /etc/ldapcd.conf.

  3. If neither of the above are true, then the default searchbase is set to o=<hostname>, where hostname is the name of the local system. The root dn is set to root. The rootpw is set to the password specified at the beginning of the installation (if it is 8 characters long), otherwise, it is set to diradmin. It is strongly recommended as a security precaution that you do not use the default password of diradmin.

Note:

You should not use the system's root password for the Root DN password.

Configuring the LDAP Module for System Authentication

If you choose to install the LDAP Module for System Authentication, you must provide the following information to permit the installation procedure to initially configure the module:

  • Directory Server — Host name of the directory server that the LDAP authentication module is to use. If you choose to install an Internet Express Directory Server subset, the default is the host name of the local system. If you are using a directory server other than one installed on the local system, specify the name of the host on which the directory server is running in this field.

  • Search Base — Top level of the branch in the LDAP database that will contain the user authentication information. If you choose to install an Open Sourcre Internet Solutions-supplied directory server, and supplied a searchbase for that server, that value is displayed in this field.

  • Root Distinguished Name — Used with the Root DN Password to bind to the LDAP directory server. If installing with the OpenLDAP directory server, the default is root.

  • Root DN Password — Used with the Root Distinguished Name to bind to the LDAP directory server. The default value for the password is derived as follows:

    1. If Netscape is not detected, but the OpenLDAP server is being or was previously installed, uses the OpenLDAP rootpw.

    2. If neither server was detected, uses the password specified at the beginning of the installation (if it is 8 characters long), otherwise, it is set to diradmin. It is strongly recommended as a security precaution that you do not use the default password of diradmin.

Completing Subset Installation

When you click on Continue, the installation procedure displays information about each component as the installation of the component software progresses. Scan this information for warning or error messages. You can cut and paste the information to save it in a file for future reference.

The installation procedure checks the validity of the configuration information you supplied and tries to connect to the LDAP server you specified. If the connection is successful, and the required schema attributes are found, the LDAP Module for System Authentication is enabled. If the connection fails, or if the required schema attributes are not found, the Module for System Authentication is enabled, but may not work correctly. The procedure used to verify the LDAP schema depends on the following cirteria:

  • You have a properly configured, running LDAP server.

  • The LDAP server uses the LDAP V3 protocol, although the Module for System Authentication will work properly with LDAP V2 protocol servers.

After correcting the problems, you must use the Administration utility after the installation is complete to enable it.

Directory servers provided with Internet Express are automatically configured for use by the LDAP Module for System Authentication. The standard schema includes attributes that are mapped to UNIX passwd(4) and group(4) field names. The authentication of users for login and mail or any other service is completely transparent to the users. To improve performance, the ldapcd caching daemon can cache password and group data locally and can also cache LDAP connection information. You control the daemon's caching activity through definitions in the /etc/ldapcd.conf file. See the Administration Guide for more information.

Click on Continue to begin the installation of the software for all the subsets you selected.

When subset installation is complete, a button labeled Continue is displayed at the bottom of the page. Click on the Continue button to formally exit the installation procedure (Section : Exiting the Installation Procedure).

Exiting the Installation Procedure

Click on Exit if you are satisfied with the installation. The installation procedure displays instructions for starting the Administration utility, performs a cleanup of files and directories, and sends a message to the terminal window from which you started the installation indicating that the installation is complete.

If you want to make changes to the installation, you can restart the installation procedure by clicking on Reinstall.

If you want to set up your system to serve as a firewall, see the Administration Guide for information on installing and configuring FireScreen.

Complete the installation as described in Chapter 3. Section : Verifying the Installation lists some tests you can perform to verify the installation.

Note:

If you installed the TCP Wrapper subset, the default security level for all Internet Express services (except the poppassd password-changing server) is set to world access. (By default, no access is permitted to the poppassd server.) After the installation is complete, you can set the appropriate level of access for each service with the Administration utility. From the Manage Components menu, choose Security Administration, as described in the Administration Guide.