MMP LDAP and Messaging server setup
I have install 3 Solaris 8 boxes with the various components to setup a new mail system. All the software comes from the iPlanet Messaging server 5.1 disks. One box is an LDAP server. One box is the messaging store. And the last box is a MMP.All the boxes can see each other and can communicate with one another.I setup a user account on the LDAP server as a mail account.If I do a command line ldapsearch on the newly created user from the MMP it works fine.The problem is that if I connect to the MMP with my mail client setup as that user I just get authentication failed. So I guess the question is, what could I be missing? I have read a pile of documentation and haven't found a clue on what is wrong yet. Any help would be appreciated. If I haven't provided enough data just let me know and I can supply whatever data you need on how this stuff is setup. Thanks in advance for any help.
[909 byte] By [
706743] at [2007-11-25 8:21:45]
First, check your LDAP parameters in MMP:
ImapProxyAService.cfg and PopProxyAService.cfg should have this line:
default:LdapUrl "ldap://host:port/o=internet"
If this setting is correct, I suggest you tail your LDAP access logs while you attempt a login and see what exactly your MMP is looking for. If logging in with a domain name that is not your default (under a different tree in your ldap) you must specify "uid@domain" on login.
hope this helps,
-p
Hmmm...... now I am even more confused than ever.I checked the access logs on the LDAP server and I don't even see the MMP hitting the LDAP server at all?When I login in via my mail client..... It first says Sending authenticate login information, then it says Sending login information. Then is says login to server mailman failed. mailman is the MMP.My LDAP parameters are correct in both of the confige files. I also tried fiddling with my username on my mail client.So first it was just brianand when the login prompt asked for my password it asked for the password for brian@mailman.I tried adding my domain to my username like so brian@domain and the login prompt then asked for the password for brian@domain@mailman which looks really odd.
My two cents are:
First, focus on seeing MMP hits in your LDAP access logs (tail -f access while authenticating to the MMP); don't worry about the rest of funny messages displayed by your mail client. You can worry about that once you know you MMP is authenticating to LDAP.
Second, when doing your tests, don't use a client at all. telnet to port 110 or 143 on mailman and do it yourself. It'll make things clearer...
For pop:
telnet mailman 110
+OK Messaging Multiplexor (iPlanet Messaging Server 5.2 (bla bla))
user <userid>
+OK password required for user <userid>@<defaultdomain>
pass <password>
+OK Maildrop ready
list
+OK scan listing follows
.
Could you please send the values of "default:SearchFormat" on your MMP?
Good Luck!
Okay my default SearchFormat was set to uid=%sI changed it to uid=%U and this started popping up in my access log when I try to login in. The other thing that I find strange is that there is a significant delay between when I get authenticate failed (like when telneting in) and when anything pops up in the access logs. But I don't know if that is really important or not.
[08/Oct/2002:09:03:34 -0800] conn=4669 op=2 SRCH base="o=internet" scope=2 filter="(uid=brian@jnu.searhc.org)"
[08/Oct/2002:09:03:34 -0800] conn=4669 op=2 RESULT err=0 tag=101 nentries=0 etime=0
[08/Oct/2002:09:04:12 -0800] conn=4669 op=3 SRCH base="o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:09:04:12 -0800] conn=4669 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[08/Oct/2002:09:04:17 -0800] conn=446 op=22 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:09:04:17 -0800] conn=446 op=22 RESULT err=0 tag=101 nentries=0 etime=0
[08/Oct/2002:09:04:20 -0800] conn=446 op=23 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
Further info.
I upped the log level on the MMP and did a telnet into the pop port on the MMP.
This is what showed up in the log file.
20021008 181013 PopProxyAService.cfg (sid 0x38e11c) session start, client IP 192
.9.202.97:39828, server IP 192.9.202.14:110
20021008 181017 PopProxyAService.cfg (sid 0x38e11c) USER login
20021008 181022 PopProxyAService.cfg (sid 0x38e11c) user brian redirected to fai
rweather
20021008 181026 PopProxyAService.cfg (sid 0x38e11c) 6 C->S bytes, 33 S->C bytes
in 13 seconds
20021008 181026 PopProxyAService.cfg (sid 0x38e11c) session end
I am still getting authentication failed.But this log which says I am being redirected to fairweather (the actual message store) leads me to believe that the LDAP directory might be doing some of what it is supposed to be doing. Do I have to set up these sun boxes to authenticate via LDAP or is that all a function of the MMP and the message store?
Hi,
SearchFormat (uid=%s) is working fine with me. I'm not that knowledgeable about it so I can't really say...
Now in terms of delays and the like, you may want to look into tuning your ldap if you have more than 10K users under o=internet.
Regarding the redirect to your mail store, this means that the MMP was able to find you in LDAP and determine what your mailstore is. Typically, this is what happened in:
[08/Oct/2002:09:04:12 -0800] conn=4669 op=3 SRCH base="o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:09:04:12 -0800] conn=4669 op=3 RESULT err=0 tag=101 nentries=1 etime=
The next thing you should see is a BIND operation as "brian".
Finally, you don't need to setup anything else in your Sun boxes. All the LDAP work is done by the MMP/MTA/Store independently of OS
Cheers!
Well it seems to me that your saying that if I get redirected to the correct mailstore then it should work.But it isn't working. So where should I look next? Any ideas?
look at the bind operation in your ldap logs that follows the search operation which found you. check out what the result for this is. a successful ldap bind returns a err=0
if you're binding properly to ldap, then start looking at your MMP logs AND your mailstore pop/imap logs to see what is going wrong.
Strange......This is what pops up in the log on the message store.
08/Oct/2002:14:50:20 -0800] fairweather popd[439]: Account Notice: badlogin: [192.9.202.14] plaintext brian Authentication failed
Which has me a bit confused. Shouldn't the MMP be authenticating me through the LDAP server? Why would the message store want to authenticate me again?
Unless you have pre-authentication explicitly set in your MMP, the MMP will not authenticate you itself, but rather it will only proxy you to your mailstore. The reason the MMP does an ldapsearch at all is to know to which store it should forward your connection.
Does your "bind" operation show in the ldap logs?
Also, try popping straight from the store and see if you can login.
I telneted directly into the pop server on the message store. Still got this.[08/Oct/2002:15:10:33 -0800] fairweather popd[10850]: Account Notice: badlogin: [192.9.202.97] plaintext brian Authentication failedSo the problem must be on the message store somewhere.
Again, my advice is to look into your LDAP logs for the "BIND" operation that follows the search for "uid=brian" and check out the results. ALL authentication is done in LDAP. MMP and Store will only format your credentials and forward them to LDAP, then act according to the response they get.
Also, imho restore uid=%s in your MMP, test after you successfully login from store, and then change the value if need be.
I guess that is the problem...... I don't see any BIND going on.This is all that happens in the access log when I try to login. It looks to me like from the message store the LDAP search for brian is failing.
[08/Oct/2002:15:27:21 -0800] conn=5274 op=1 SRCH base="dc=jnu,dc=searhc,dc=org,o=Internet" scope=0 filter="(|(objectclass=inetDomain)(objectclass=inetdomainalias))"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[08/Oct/2002:15:27:21 -0800] conn=5274 op=2 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(&(objectclass=groupOfUniqueNames)(objectclass=inetMailAdministrato r))"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[08/Oct/2002:15:27:21 -0800] conn=5274 op=3 SRCH base="cn=Domain Administrators,ou=Groups,o=jnu.searhc.org,o=internet" scope=0 filter="(objectclass=*)"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=3 RESULT err=0 tag=101 nentries=1 etime=0
[08/Oct/2002:15:27:21 -0800] conn=5274 op=4 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=4 RESULT err=0 tag=101 nentries=0 etime=0
I think this is the relevant part. I have a feeling that is should be searching under base="o=internet" not base="o=jnu.searhc.org,o=internet" Unless that is just telling it to look under both?
[08/Oct/2002:15:27:21 -0800] conn=5274 op=4 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=4 RESULT err=0 tag=101 nentries=0 etime=0
OK, let's have a look at those logs:
[08/Oct/2002:15:27:21 -0800] conn=5274 op=1 SRCH base="dc=jnu,dc=searhc,dc=org,o=Internet" scope=0
filter="(|(objectclass=inetDomain)(objectclass=inetdomainalias))"
>>The server is looking for the domain properties of jnu.searhc.org, meaning it is assuming you belong to this domain: either this is your defaultdomain, or you have logged in as brian@jnu.searhc.org
[08/Oct/2002:15:27:21 -0800] conn=5274 op=1 RESULT err=0 tag=101 nentries=1 etime=0
>> One result returned. The domain exists.
[08/Oct/2002:15:27:21 -0800] conn=5274 op=2 SRCH base="o=jnu.searhc.org,o=internet" scope=2
filter="(&(objectclass=groupOfUniqueNames)(objectclass=inetMailAdministrato r))"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=2 RESULT err=0 tag=101 nentries=1 etime=0
[08/Oct/2002:15:27:21 -0800] conn=5274 op=3 SRCH base="cn=Domain Administrators,ou=Groups,o=jnu.searhc.org,o=internet" scope=0
filter="(objectclass=*)"
[08/Oct/2002:15:27:21 -0800] conn=5274 op=3 RESULT err=0 tag=101 nentries=1 etime=0
>> let's skip this part
[08/Oct/2002:15:27:21 -0800] conn=5274 op=4 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
>>ok, the info in domain jnu.searhc.org said 'the domain container for this domain is "o=jnu.searhc.org,o=internet"', ie: this is where the users for this domain are stored, so this is the base of the search. The filter of the search is "uid=brian", fair enough.
[08/Oct/2002:15:27:21 -0800] conn=5274 op=4 RESULT err=0 tag=101 nentries=0 etime=0
>> It didn't find you there. Are you in there at all? Try doing this: from <server-root>/shared/bin
./ldapsearch -h <ldaphost> -p <ldapport> -D"cn=Directory Manager" -w <password> -b "o=jnu.searhc.org,o=internet" "uid=brian"
Do the search as Directory Manager: let's see if you get a result. (don't forget to tail your access log on that search too)
Okay I ran the ldapsearch from the command line. No results. here is the log file.
[08/Oct/2002:15:50:00 -0800] conn=5322 fd=72 slot=72 connection from 192.9.202.97 to 192.9.202.155
[08/Oct/2002:15:50:00 -0800] conn=5322 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[08/Oct/2002:15:50:00 -0800] conn=5322 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[08/Oct/2002:15:50:00 -0800] conn=5322 op=1 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:15:50:00 -0800] conn=5322 op=1 RESULT err=0 tag=101 nentries=0 etime=0
[08/Oct/2002:15:50:00 -0800] conn=5322 op=2 UNBIND
[08/Oct/2002:15:50:00 -0800] conn=5322 op=2 fd=72 closed - U1
So I went into my LDAP directory and started poking around.
In my LDAP directory I have to sub dirs.internet and jnu.searhc.org. Which I believe matches up with the o=jnu.searhc.org and o=internet bit. The strange this is, both of these sub dirs have a People and Groups section. brian is listed in the internet people section but not listed in the jnu.searhc.org people section. Since I added this user with the Console utility I assumed that it added the user into the correct locations. But just in case I copied the entry from internet to jnu.searhc.org.
Then I ran the search by hand again. And got a hit.
[08/Oct/2002:15:54:45 -0800] conn=5329 fd=72 slot=72 connection from 192.9.202.97 to 192.9.202.155
[08/Oct/2002:15:54:45 -0800] conn=5329 op=0 BIND dn="cn=Directory Manager" method=128 version=3
[08/Oct/2002:15:54:45 -0800] conn=5329 op=0 RESULT err=0 tag=97 nentries=0 etime=0
[08/Oct/2002:15:54:45 -0800] conn=5329 op=1 SRCH base="o=jnu.searhc.org,o=internet" scope=2 filter="(uid=brian)"
[08/Oct/2002:15:54:45 -0800] conn=5329 op=1 RESULT err=0 tag=101 nentries=1 etime=0
[08/Oct/2002:15:54:45 -0800] conn=5329 op=2 UNBIND
[08/Oct/2002:15:54:45 -0800] conn=5329 op=2 fd=72 closed - U1
This encouraged me to try to telnet in again. After quite a long delay, I got this in my message store log.
[08/Oct/2002:15:53:50 -0800] fairweather popd[11344]: Account Notice: SASL [192.9.202.97] Access to this service for brian@jnu.searhc.org denied from client address (*mailAllowedServiceAccess)
[08/Oct/2002:15:53:50 -0800] fairweather popd[11344]: Account Notice: badlogin: [192.9.202.97] plaintext brian Not authorized to login as specified user
I didn't see anything pop up in the LDAP logs oddly enough.
Brian,
firstly, use iDA to provision users with iMS5, not the console. I'm not sure Console will give your users all the attributes they need.
So now that your user is in the right place in ldap, maybe you can give me the results of your ldapsearch. I'd like to check his attributes. maybe you can also do an ldapsearch with -b o=internet "dc=jnu" and send me the results as well.
Is your LDAP populated yet, by the way?
What I mean by Console is the clever little Java Netscape Console 4.2 that comes on the CD's.Is this what your telling me that I shouldn't be using to add users with?
The ldapsearch with brian being in both internet people and jnu.searhc.org people returns this.
o=internet" "uid=brian"
uid=brian,ou=People, o=jnu.searhc.org, o=internet
maildeliveryoption=mailbox
mailuserstatus=active
mail=brian.avis@jnu.searhc.org
inetuserstatus=active
cn=Brian Avis
uid=brian
datasource=iPlanet Messaging Server 5.0 Admin Console
givenname=Brian
sn=Avis
telephonenumber=463-4049
mailhost=fairweather
objectclass=top
objectclass=person
objectclass=organizationalPerson
objectclass=inetorgperson
objectclass=inetUser
objectclass=inetSubscriber
objectclass=ipUser
objectclass=nsManagedPerson
objectclass=inetmailuser
objectclass=inetlocalmailrecipient
objectclass=userpresenceprofile
objectclass=nslicenseuser
nslicensedfor=msg
nslicensedfor=slapd
mailallowedserviceaccess=+all:jnu.searhc.org$+all:internet
Doing the search with -b o=internet "dc=jnu" returns this.
dc=jnu,dc=searhc,dc=org,o=internet
Yep, I meant the Netscape Java Console: it works wonderfully well for LDAP alone, for server management (except the MTA- and MMP-related parts), but it will always cause you trouble when you provision users for iMS since you may "misplace" them like you did. As far as objectclasses are concerned, they all seem to be there, so it's OK. The reason you cannot access your mailstore is the last attribute in your entry:
mailallowedserviceaccess=+all:jnu.searhc.org$+all:internet
Change it to
mailAllowedServiceAccess=+imap, pop, http:*
Brilliant.... thanks for all the help.So I guess I have one more question.
I can log in fine now as brian. Seems to work fine so far.Except that I haven't actually tried to send any e-mail to anyone yet. But so far so good.
Since the console will only allow me to do the mailallowedserviceaccess bit by specifying a section it applies to (ie internet or jnu.searhc.org) I am a believer in using the iDA to add users.The question is where do I find the info on how to add a user with the iDA? The manuals say to use the console?
since when are we supposed to follow the manual? ;-)
The tricky part in iDA is installing it, not using it :-) iDA is very intuitive: just go in, you will find the domain component "org", click on it, you'll see "searhc". click on that, you'll get "jnu" and there click on "add user".
If you need any help with iDA installation / usage, do post a follow-up
Sigh.... this setup is driving me nuts.
First it asked for an administration url. If I am setting up the iDA how would I know what the admin url is going to be before the install is done.
Then it said that my ldap server needed some class of services plugins. I have no idea what those are. Are they on the CD somewhere?
And once it is installed (albeit sort of half baked), how do you start it up? Should it be installed on a different box than the message store? Because it looks like the message store is already using port 80.So many questions.
More strange stuff. I have two users setup on the same mail server. But I cannot send e-mail between the two of them? Do I need to add smtp to the list of allowed mail services?Or am I missing something else?The e-mails go out fine. But they never arrive.
First it asked for an administration url: That's the admin URL of your mail store server. it should be something like http://fairweather.<domain>:<admin-port>. If you're unsure about it, go to the <server-root> on fairweather and type ./restart-admin, it'll display the port on which it is listening in a message...
Then it said that my ldap server needed some class of services plugins. It also mentions something like "it's okay to keep going and install them later", so just keep on going at this point. This is not needed. Look at the iMS delegated admin guide for more info about this.
And once it is installed (albeit sort of half baked), how do you start it up? As I told you yesterday, iDA sits on top of a web server. Is this server installed? iDA installation asks for the configuration path of this server...
The iDA and its webserver may or may not be on one of your mail servers. If it is, then the webserver for iDA should be listening on a port diff from 80.
No, you shouldn't need to add smtp to the list of allowedmailservices (not to my knowledge). your user will be a valid mail recipient if he has the objectclass inetLocalMailRecipient and inetmailuser (which 'brian' has).
I suggest you do this:
1- ./imsimta test -rewrite <usersMail@domain> and let's see what the final outcome is.
if this shows nothing we can make sense of, then
2- edit imta.cnf (in msg-fairweather/imta/config) and add the word "logging" at the end of the line starting with "default", then do ./imsimta cnbuild and ./imsimta restart. Try sending a mail again and go look in msg-fairweather/log/imta/mail.log_current to see what is going on with it.
Okay, I ran that and I got this. The significant bit is at the bottom I think.
forward channel= l
channel description=
channel user filter=
dest channel filter=
source channel filter =
channel flags #0= BIDIRECTIONAL MULTIPLE IMMNONURGENT NOSERVICEALL
channel flags #1= NOSMTP DEFAULT
channel flags #2= COPYSENDPOST COPYWARNPOST POSTHEADONLY HEADERINC NOEXPROUTE
channel flags #3= NOLOGGING NOGREY NORESTRICTED
channel flags #4= EIGHTBIT NOHEADERTRIM NOHEADERREAD RULES
channel flags #5=
channel flags #6= LOCALUSER REPORTHEADER
channel flags #7= NOSWITCHCHANNEL NOREMOTEHOST DATEFOUR DAYOFWEEK
channel flags #8= NODEFRAGMENT EXQUOTA REVERSE NOCONVERT_OCTET_STREAM
channel flags #9= NOTHURMAN INTERPRETENCODING INCLUDEFINAL RECEIVEDFROM VALIDATELOCALSYSTEM NOTURN
defaulthost= jnu.searhc.org jnu.searhc.org
linelength = 1023
channel env addr type = SOURCEROUTE
channel hdr addr type = SOURCEROUTE
channel official host = fairweather.jnu.searhc.org
channel queue 0 name= LOCAL_POOL
channel queue 1 name= LOCAL_POOL
channel queue 2 name= LOCAL_POOL
channel queue 3 name= LOCAL_POOL
channel after param=
channel user name=
urgentnotices = 1 2 4 7
normalnotices = 1 2 4 7
nonurgentnotices= 1 2 4 7
channel rightslist ids =
backward channel= l
header To: address= brian.avis@jnu.searhc.org
header From: address= brian.avis@jnu.searhc.org
envelope To: address= brian.avis@jnu.searhc.org (route (fairweather.jnu.searhc.org,fairweather.jnu.searhc.org)) (host jnu.searhc.org)
envelope From: address = brian.avis@jnu.searhc.org
name=
mbox= brian.avis
Extracted address action list:
brian.avis@jnu.searhc.org
Extracted 733 address action list:
brian.avis@jnu.searhc.org
Address list expansion:
0 expansion total.
Expanded address:
brian.avis@jnu.searhc.org
Submitted address list:
Address list error -- 5.1.1 unknown or illegal user: brian.avis@jnu.searhc.org
Submitted notifications list:
That last error can't be good.I know that brian.avis@jnu.searhc.org is a good address I typed it in and checked it twice. :)So why doesn't it think it is valid? More mysteries to solve.
And for some reason I have a suspicion that the default host should be fairweather not jnu.searhc.org.
The install for the iDA goes fine now.At the end it automagically tries to get the browser to go the the address for the delegated administration stuff. All I get is a not found error.So as usual. I missed something there as well.
This whole install is making me feel a bit less than intelligent. :)
Hi Brian,
First, sorry if I'm a little off-phase, but I'm in GMT+3 right now so....
Anyway, regarding your users, are you using dirsync or directLDAP mode? if you don't know what I'm talking about, please write back and let me know (and go straight to the directLDAP section of the iMS admin guide).
If you're on dirsync, then I'd suggest you make sure there are no dirsync processes running, do ./imsimta stop, then ./imsimta dirsync -F -v, then ./imsimta start.
and then try the rewrite test again.
Regarding iDA, don't worry about it trying to start the browser on your Sun machine and failing. Just connect to it using a browser from your own machine! you didn't do anything wrong this time (well maybe you did, we'll know when you try to login to iDA...)
Okay I don't know what you mean by dirsync or directLDAP. And don't worry about being out of phase. I am pretty far out of phase myself on Alaska time. :)
It just occured to me that you're using iMS5.1... in that case, you don't have to worry about directLDAP, your only choice is dirsync (iMS5.2 came up with the option...). disrync is simply allowing your messaging server to build a cache from LDAP and refer to this cache for user/group/domain information.
When you first install iMS, you should run the command ./imsimta dirsync -F in order to sync between LDAP and iMS cache (-F is for Full sync). After that, it'll run automatically every 10mn in incremental mode, and once per 24 hours in full mode.
So that's it, just do that "./imsimta dirsync -F -v" (-v for verbose logging) from your <server-root>/msg-fairweather AND from all your front-end boxes, and you should be able to receive mail properly.
Cheers!
I rean ./imsimta dirsync -F -v on the message store. When you say and all your front end boxes.... do you mean the MMP? If so I can't find imsimta on that box?
So I don't have to do anything with the smtp server to tell it to start delivering mail? Or to allow mail from here to there sort of thing?
Oh and after I run the dirsync. Should I be able to see any process associated with it running?
tell me something about your MMP's: do you have an MTA on those boxes? do you have the SMTP proxy running on them?
When you said earlier that you sent a mail and it went fine but you never received it, to which machine were you sending mail? if it was to fairweather, you should have gotten a 5.1.1 response and the messages shouldn't have been sent....
Regarding dirsync, try to run it and do "ps -ef|grep sync" from another window while it's running, you should see the process. otherwise, it won't show permanently.
I only have the one MMP. And as far as I know there are no MTA's running on it. My understanding was that it was basically a sort of mail proxy server. So are you saying that I have to setup a SMTP proxy as well? Should I try sending mail directly through the mail store and see what happens?
On a seperate note. Does Sun have a good webmail product that works with all this stuff that you know about? So that users can get their mail from any where with a web browser?
I just tried sending the smtp traffic directly to the mail store and it is still not going through. And I am not getting any bounce back messages either.
And further more. Do I need to add the IP address of the MMP to the mappings file for the mail store to tell it that the MMP is an allowed relay?
So are you saying that I have to setup a SMTP proxy as well?
Well, you don't HAVE to, it all depends on your architecture. If you want to have a secure back-end, then you'll want to have a front-end box proxying ALL your traffic: smtp, pop, imap, http. But it will work well without one all the same... though if you go through the trouble of buying and setting up an extra box, you might as well want to have a solid architecture in place. It's entirely up to you...
Does Sun have a good webmail product
Well, the webmail interface is built-in... just point your browser to http://fairweather... you may want to upgrade to iMS5.2 for a more evolved webmail interface.
Do I need to add the IP address of the MMP to the mappings file for the mail store to tell it that the MMP is an allowed relay
IP's in the mappings file are for OUTBOUND mail only. Now if you want to setup an smtp proxy or an MTA on your MMP box, you will want to route all outgoing mail from the back-end via the front-end, and then you'll want to define the IP of your mailstore in the mappings file of your current MMP...
But there are more of architectural matters here: i'd recommend you do some reading from the SunONE site white papers and deployment guides.
regards,
-p
Well the latest update.I can telnet into port 25 of the message store and send out e-mail.If I telnet to port 25 of the MMP though I get this error.
Relaying denied. IP name lookup failed <ip of my workstation>
I am not sure what that means? Why would it show my ip address instead of the ip address of the MMP? Hmmm.
Okay. Apparently I was wildly mis-informed about the purpose of the MMP. I thought it was a sort of mail relay that we could stick out on our DMZ and everyone (internal and external) could send mail through it to however many mail servers that were inside hiding behind our firewall. I just talked to Sun tech support and he told me that the MMP is only for internal mail. Which isn't very useful.So is there some other mail relay system I can setup?
The other thing he told me was that I need to use the fully qualified domain name of the mail server when setting up my mail clients. And that doesn't really make much sense to me either? If I telnet in and send mail I don't use the FQDN so why would the mail client need it?
Strange stuff.
Okay this is pretty strange.I can send and recieve mail just fine through the mail store with outlook express.I can recieve mail just fine with mozilla and netscape.But mozilla and netscape won't send mail through the mail store. Is there somewhere I can check for errors on why this isn't working? Or have I just gone insane when I wasn't looking?
Thanks for all the help.
Gets even stranger.I turned on logging on the mta.When I send mail via outlook express I can see the e-mail get enqueued and dequeued (if that is how you spell those two words) as you would expect.When I send mail via netscape I never see it arrive at the mail server? And I am positive that I have the correct outgoing mail server. There are only so many ways to spell fairweather. Very odd.
Alright. If you go into advanced on the smtp setting in netscape and mozilla you will find that some times they will keep your old smtp servers in there and apparently that is where netscape was trying to send mail through. So I removed all the ones except the new mail store. When I try to connect to it I get this.
An error occurred sending mail: Unable to connect to SMTP server %S. The server may be down or may be incorrectly configured. Please verify that your Mail/News account settings are correct and try again.
So why can Outlook express connect to the mail server but netscape cannot?
Update.I just tested an older version of netscape (4.76). It works fine sending mail as well. So apparently the problem is in the new netscapes built on the mozilla code.
Anyone have any idea why the older netscapes and outlook express can connect to my smtp server but the new netscapes and mozilla cannot?
This is just freaky. Okay I figured out what was up with mozilla. When you change your smtp server in mozilla (at least in 1.1) it adds and extra blank smtp server to the list of servers. This blank server is apparently the one that is failing. If you go in to the advanced section and click on the blank one, edit it and make it a duplicate of the the server you want to use then all works well. Go figure.
Thanks again for all the help.
Oh and the Delegated Administrator stuff still isn't working. :)
Hi,
I've been away for a while... i see you've posted quite a few updates. Glad to know your smtp trouble with mozilla are over :)
Now, regarding iDA... could you describe again in details what the problem was?
thanks
-p
ps: might be a couple of days before you hear from me again...
The install for iDA looked like it went just fine. But when I try to connect to the web page that it is supposed to be at (the one that it automatically tries to load after install), all I get is 'Not Found' in my web browser.
