Solutions Newsletter - Spring 2007 - Volume 12 Issue 1

MultiNet v5.2 is Available back to top

MultiNet v5.2 is now available. This release offers an unprecedented number of new features that focus on security, performance, and advanced functionality. Here are the highlights:

Maintenance customers with the update service will automatically receive a CD and documentation set in the mail in the next several weeks. If you would like to download the update from our FTP site, please contact our customer support department for instructions.

New MultiNet v5.2 Release Resources:
New feature overview http://www.process.com/tcpip/mn50.html
Data sheet http://www.process.com/tcpip/multinetds.pdf
SPD http://www.process.com/tcpip/MULTINETspd.pdf
Documentation http://www.process.com/tcpip/mndocs.html
Compatibility chart http://www.process.com/techsupport/multinet_vms_compat.html

SSH for OpenVMS v2.3 is now available back to top

It includes the following new features:

Maintenance customers will automatically receive a CD in the mail in the next several weeks. If you would like to download the update from our FTP site, please contact our customer support department for instructions.

New SSH for OpenVMS v2.3 Release Resources:
New feature overview: http://www.process.com/tcpip/newinssh.html
Data sheet: http://www.process.com/tcpip/sshds.pdf
SPD: http://www.process.com/tcpip/sshspd.pdf
Documentation: http://www.process.com/tcpip/sshdocs.html

Process Software 2007 Product Roadmap back to top

PMDF v6.3-2 with Linux support is being beta tested. It will be released by mid May.

PreciseMail Anti-Spam Gateway v3.0 beta will begin the week of June 4th and will be released early August. New features included:

TCPware next version is scheduled for beta in the summer and will be released in the fall. It includes the following features:
Whitepapers back to top

Overcoming the Challenges of Spyware in an Enterprise Whitepaper

Download Now: http://www.process.com/spycatcher/SpywareChallenges.pdf

The effects of spyware on a corporation can be disastrous. The FBI estimates that spyware and other computer-related crimes cost US businesses $67 billion dollars per year.

Many businesses are unknowingly susceptible to spyware, including organizations that take every precaution by deploying firewalls, viruses, web filters and anti-spam technology. An antispyware solution should be easy to install, manage, and upgrade whether your environment has 100 computers or thousands of computers.

Deploying the wrong solution can be costly. This white paper outlines the effects of spyware within an organization and provides an overview of antispyware deployment options.

Migrating to PreciseMail from Spam Assassin Whitepaper

Download Now:http://www.process.com/techsupport/migrate_from_sa.pdf

The freeware package SpamAssassin is one of the most popular anti-spam filters in use today, but it does have limitations that make it unsuitable for most organizations. PreciseMail Anti-Spam Gateway is a versatile high-performance filter designed to overcome those limitations. This white paper explains the simple steps required to migrate your site’s spam filtering from SpamAssassin to PreciseMail.

Patch Corner - Recommended Patches for January 2007 - April 2007 back to top

Here is a list of recommended patches between January 1 and April 25th. This list is updated frequently. Please go to our recommended patch web page for the most current information http://www.process.com/techsupport/patches.html.

PMDF v6.3-1

Dispatcher:http://www.pmdf.process.com/ftp/pmdf_631_patches/index.html

ECO: DISPATCHER.EXE
Description: Fixed a problem with the cleanup of terminated threads
Release date: 06-FEB-2007
Platforms: OpenVMS/I64
Versions: V6.3-1

PreciseMail Anti-Spam Gateway

PreciseMail Anti-Spam Gateway V2.4-3 ECO released April 2, 2007. The ECO kit includes enhancements and bug fixes. Contact support for download access.

MultiNet v5.2

kernel-update-010_a052.zip - Correct invalid setting of FIN flag on second to last packet. KERNEL-UPDATE-010_A052 README (23-APR-2007)

MultiNet v5.1

UCX_LIBRARY_EMULATION-030_A051.zip - Corrections to getaddrinfo. UCX_LIBRARY_EMULATION-030_A051 README (24-Jan-2007)

ntp-010_a051.zip - Update for U.S. and Canada 2007 DST rules. ntp-010_a051 README. (25-JAN-2007)

MASTER_SERVER-030_A051.zip - Include a context parameter in calls to $getuai for Alpha and Integrity. MASTER_SERVER-030_A051 README (12-FEB-2007)

NAMED-020_A051.zip - Correct recursive resolution problem. NAMED-020_A051 README (14-MAR-2007)

KERNEL-UPDATE-151_A051.zip - Correct invalid setting of FIN flag on second to last packet. KERNEL-UPDATE-151_A051 README (12-APR-2007)

TCPware

DRIVERS_V572P030.zip - Correct errors in getaddrinfo. DRIVERS_V572P030 README (24-Jan-2007)

ntp_v572p011.zip - Update for U.S. and Canada 2007 DST rules. ntp_v572p011 README (6-FEB-2007)

SMTP_V572P020.zip Correct timezone offset used in mail processing. SMTP_V572P020 README (14-MAR-2007)

New RADIUS Authentication Module for PreciseMail back to top

Thanks to Ruslan R. Laishev, an OpenVMS version of SITE authentication module for PreciseMail Anti-Spam Gateway is now available.

This module performs authentication & access authorization of users using the RADIUS protocol.

http://starlet.deltatel.ru/~laishev/aaa-vms/pmas*.*

FAQs back to top

MultiNet

Q - How can I run Multiple FTP servers on different ports?

A - The following steps will help you do this with MultiNet:

 $ copy multinet:ftp_server.com multinet_common_root:[multinet]ftp_2121_server.com 
Then edit multinet:ftp_2121_server.com to establish a default directory, etc
 $ multinet configure/server 
 SERVER-CONFIG>copy ftp ftp_2121 
 SERVER-CONFIG>select ftp_2121 
 SERVER-CONFIG>set socket-port 2121 
 SERVER-CONFIG>set program multinet:ftp_2121_server.com enable ftp_2121 
 SERVER-CONFIG>write restart 

Q - I would like to shorten the amount of time a connection is attempted before it is timed out and an error is returned. Can this be done in MultiNet?

A - This is controlled by the TCP_CONNINIT kernel which is in terms of 0.5 second units. TCP_CONNINIT defaults to 150, so by default, initial TCP connection attempts will time out after about 75 seconds.

To adjust the initial connection attempt timeout,

 $ MULTINET SET/KERNEL TCP_CONNINIT <newvalue> 

Add this command to to the multinet:local_initialization.com file to have it executed each time MultiNet starts.

Q. I'm using Multinet V5.2 and the accept-hosts on the TELNET service is not working correctly. Addresses on the accept-hosts are not allowed access to the service.

A. In MultiNet v5.2, the socket-family parameter for TELNET was changed from AF_INET to AF_INET6 and TELNET6 was eliminated in the final kit. The simple, quick fix is:

 $ multinet configure/server 
 SERVER-CONFIG>select telnet 
 SERVER-CONFIG>set socket-family af_inet 
 SERVER-CONFIG>write 
 SERVER-CONFIG>exit 
 $ @multinet:start_server restart 

TCPware/MultiNet

Q - I have to configure SMTP on the system to send all messages out through our sites SMTP relay server, what do I have to do to configure Multinet/TCPware to do this?

A - You have to set a FORWARDER and the FORWARD-REMOTE-MAIL to true in the mail configuration. You can do this with as follows (for MultiNet systems replace all TCPWARE references to MULTINET -

$ TCPWARE CONFIGURE/MAIL
   SET FORWARDER <name-of-forwarder>
   SET FORWARD-REMOTE-MAIL TRUE
   EXIT
   $ @TCPWARE:START_SMTP

PMDF

Q - Can I use the chained certificates Verisign now issues with PMDF TLS implementation?

A - Yes, the new Verisign certificates require a patch to the PMDF library. Once that is applied you should all be concatenate the chained certificates into the same file. The local server certificate should be first, followed by one or more intermediary certificates, and finally the root certificate. Make sure all of the separators (e.g., "-----BEGIN CERTIFICATE----") remain intact.

For PMDF, the concatenated chain should be in the server_pub.pem file.

PreciseMail Anti-Spam Gateway

Q. What is the best way to exempt all mail to the subdomain example2.example1.com from any PreciseMail processing?

A. There are three ways this could be done.

The best way would be to create a record in the PMAS user database for "$default$@ example2.example1.com" and then opt it out:

 $ pmasadmin :== $pmas_exe:pmasadmin.exe 
 $ pmasadmin user create "$default$@ example2.example1.com" 
 $ pmasadmin user optout "$default$@ example2.example1.com" 

Assuming no user @ example2.example1.com has their own opted-in record, all mail to such users will be passed through without scanning.

The second method is add rule allow envelope_to matches_wild "*@ example2.example1.com" to 00_ALLOWBLOCKLISTS.CF

 rule allow envelope_to matches_wild "*@ example2.example1.com" 

A third method would involve a wildcard alias that writes example2.example1.com addresses to some specific email address that is opted out. If you wanted to ensure that all messages for example2.example1.com were opted out, regardless of whether or not a user had opted in, you could add the $default$ record as shown above, then add this alias to ALIASES.TXT:

*@ example2.example1.com $default$@ example2.example1.com 

Q. Does PreciseMail support "include files"?

A. Yes, it does. Both the .CF rule files and the ALIASES.TXT will include files using "@filename":

 @pmas_data:my-local-aliases.txt 

They're read in and applied wherever the include line appears, relative to the other lines in the files.

Also note that the included files cannot include other files (i.e, only the master file can include files, but it can include however many files you wish to include.

PMDF and PreciseMail

Q. Do we need to create certificates both in PMDF and in PreciseMail, or only in 1 of these products?

A. You can use the same files for both products. For PreciseMail, just define the configuration variables to point to the .PEM files, wherever you put them (in PMDF_TABLE:, for example).

 ptsmtp_tls_public_cert pmdf_table:server-pub.pem ptsmtp_tls_private_cert       pmdf_table:server-priv.pem 

And, typically how should the DISPATCHER.CNF file in PMDF and the PMAS_CONFIG.DAT file in PMAS be configured so they can work together?

A working example of a pair of these files showing the [SERVICE=####] sections in the DISPATCHER.CNF file and the values of the TLS-related parameters in the PMAS_CONFIG.DAT file helps in understanding how to configure files.

For PreciseMail, the PMAS_CONFIG.DAT file has comments for all of the TLS-related variables (and using the admin GUI is even easier).

If you're not using the PTSMTP, then there's nothing you have to do for PreciseMail. If you are, then you need to define the following variables:

 ptsmtp_listen_host_tls * 
 ptsmtp_listen_port_tls 465 
 ptsmtp_mailserver_host_tls 127.0.0.1 
 ptsmtp_mailserver_port_tls 465 
 ptsmtp_enable_starttls yes 
 ptsmtp_tls_public_cert pmas_data:server-pub.pem ptsmtp_tls_private_cert       pmas_data:server-priv.pem 

On the PMDF side, the only thing that needs to be added to the PMDF.CNF file is the keyword "maytls" to the appropriate TCP_* channels.


Contacting Process Software

E-mail:
info@process.com - General information
sales@process.com - Sales
international@process.com - International Sales information
support@process.com - Technical Support
careers@process.com - Human Resources
webmaster@process.com - Webmaster

Phone/Fax/Address:
U.S.A./Canada - (800)722-7770

International - (508)879-6994

Fax - (508)879-0042

Mail:
959 Concord Street
Framingham, MA 01701-4682


Home > Newsletters > Spring 2007 - Volume 12 Issue 1

Search: