Solutions Newsletter - Fall 2007 - Volume 12 Issue 2

Email to a friend

Process Software Product Roadmap back to top

TCPware v5.8 is currently being beta tested. It will be released by the end of the year. The new features include BIND 9 server, FTP over TLS (FTPS), NTP v4.2, and an SSH upgrade.

PMDF v6.4 is in development and will include SPF, disclaimer channel, LDAP over TLS, resetting of users passwords by administrators, and other features. Look for more information on this release in 2008.

VMS Authentication Module (VAM) v2.1 has been extended to include support for performing authentication via a RADIUS server. In addition, a new keyword (LDAP_PW_PROMPT) has been added to the LDAP support to make the password prompt for an LDAP session to be configurable by a system manager. VAM v2.1 will be released by the end of the year.

PreciseMail Anti-Spam Gateway v3.1 is in the planning stages. The current plan is to add support for Sender Policy Framework (SPF) and the development of the Advanced Infrastructure (AI) module will be completed so that all tasks can be clustered and distributed across multiple systems. It will be released the first half of 2008.

MultiNet v5.3 is being planned. New features will include FTP over TLS (FTPS) to provide secure FTP, an update to BIND, and performance improvements. We are investigating NFS enhancements and would appreciate your suggestions. Please email them to maschio@process.com.

A Comparison of Secure File Transfer Mechanisms Whitepaper back to top

Abstract: In the interest of protecting customer data or securing trade secrets many companies are modifying their mechanisms of transferring data across the Internet. There are a number of things to consider when improving the security of data transfer procedures, these include:

A variety of mechanisms are discussed. These mechanisms are: separate encryption, SFTP (Secure Shell File Transfer Program), FTP over Secure Shell (SSH), IPSec, Virtual Private Networks, and FTP over Transport Layer Security (TLS). Each mechanism has arguments for and against it so no one can be declared the solution to all problems. For the full article, go to http://www.process.com/tcpip/sft.pdf

PreciseMail Anti-Spam Gateway's New Advanced Infrastructure back to top

PreciseMail 3.0 which was released in August includes a new Advanced Infrastructure (AI). The Advanced Infrastructure module provides a scalable backbone for organizations that have deployed multiple high traffic email systems. It allows organizations to easily manage filtering distributed among multiple MTAs. Sharing data among many systems simplifies both management and end-user access. Currently, AI allows sites to consolidate configuration and filtering statistics. Administrators can run AI in simple mode, which is a basic client/server system with one master server, and one or more clients who depend on it. Advanced mode allows cluster tasks to be distributed across multiple systems.

In order to provide the reliability and high performance required in this environment, AI includes:

In addition to its ability to scale to large volume sites with multiple MTAs, AI will also be incorporating all of the functionality that is currently in Data Synchronization Cluster module in the next release of PreciseMail.

More Information:

PreciseMail Anti-Spam Gateway Home Page: http://www.process.com/precisemail/antispam.html

Documentation: http://www.pmas.process.com/documentation/html/index.html

New Product - Process Software Webmail back to top

Process Software is now selling and supporting WebMail, a complete web-based email and collaboration solution that works with any POP3 or IMAP mailbox. After evaluating dozens of web mail software products on the market, we chose to partner with Calacode because their software is intuitive, fully customizable (full source code is provided), and it supports multiple platforms. Process Software offers customers first line sales and technical support. We are backed by Calacode’s fully committed growing international development team.

Process Software’s initial release of WebMail includes support for Linux. Windows support is in development. WebMail offers the following:

More Information:

Process WebMail Home Page - http://www.process.com/webmail/index.html

Process WebMail Support Home Page: http://www.process.com/techsupport/webmail.html

New Process Software Discussion Forums back to top

In order to provide another support avenue for our customers, we've set up discussion forums that can be used to discuss product features, ask for help, and report problems. In addition, there are a couple of generic forums for OpenVMS discussions and other topics.

It is our hope that you'll find the forums to be an effective alternative to the various mailing lists we run, and we encourage you to participate in the discussions there, as well. You'll need to create an account in order to post, but there is no charge for the account or for posting, of course.

http://forums.process.com/

Patch Corner back to top

Here is a list of recommended patches between May 1 and October 12, 2007. This list is updated frequently. Please go to our recommended patch web page for the most current information http://www.process.com/techsupport/index.html.

MultiNet

kernel-update-040_a052.zip

Description:

Correct errors in NTYDRIVER on Integrity systems

ECO Ranking (max ranking):

1

Release date:

3-OCT-2007

Full description:

KERNEL-UPDATE-040_A052 README

NAMED-030_A052.zip

Description:

ISC Bind 9 Cache Poisoning fix

ECO Ranking (max ranking):

0

Release date:

26-JUL-2007

Full description:

NAMED-030_A052 README

SSH-020_A052.zip
      AXP
      I64
      VAX

Description:

Various fixes

ECO Ranking (max ranking):

2

Release date:

7-SEP-2007

Full description:

SSH-020_A052 README

TCPware 5.7-2

ssh_v572p050.zip

Description:

Various fixes

ECO Ranking (this version):

2

ECO Ranking (maximum):

0

Release date:

7-SEP-2007

Full description:

SSH_V572P050 README

TCPware versions:

5.7-2

SSH for OpenVMS v2.3 Patches

SSHVMS-010_A023

Description:

Various fixes

ECO Ranking (max ranking):

0

Release date:

5-OCT-2007

Full description:

SSHVMS-010_A023.readme  

PMDF v6.3 and 6.3-2

1. New versions of the PMDF shared library, job controller, and SMTP client are now available for download for Unix and Windows platforms. Note that there are multiple bug fixes and enhancements included in this set of patch files for Unix and Windows.

For links to the READMEs and the images, please visit the following pages:

http://www.pmdf.process.com/ftp/pmdf_63_patches/index.html (for V6.3) http://www.pmdf.process.com/ftp/pmdf_632_patches/index.html (for V6.3-2)

2. PMDF TLS Shared Library

ECO: tlsshr.exe, libtls.so, libtls.dll
Description: Multiple bug fixes and enhancements, see README.
Release date: 1-JUN-2007
Platforms: all
Versions: V6.3

http://www.pmdf.process.com/ftp/pmdf_63_patches/index.html

PreciseMail Anti-Spam Gateway

The PreciseMail V3.0-1 ECO kit includes a few new enhancements, as well as some bug fixes. It was released on October 12, 2007. To obtain the patch, please contact technical support at support@process.com

FAQs back to top

MultiNet and TCPware

NTP FAQ

Q. What patches are necessary for NTP to change the time correctly this fall (2:00 AM on November 4)?

A. The patches that we issued last spring also contain the changes for this fall. For MultiNet V4.4 these are:

MultiNet V5.0:

MultiNet V5.1:

MultiNet V5.2 – no patches needed.

TCPware 5.7-2

TCPware 5.6-2

Q. Will NTP take care of setting the VMS logicals?

A. If you are running NTP (MultiNet 5.0 and later or TCPware 5.7-2), then NTP will set the logicals SYS$TIMEZONE_DIFFERENTIAL, SYS$TIMEZONE_DAYLIGHT_SAVING and SYS$TIMEZONE_NAME if set_vms_logicals is included in the NTP.CONF file. Another configuration option that can be used to do additional things that need to be done is call_dst_proc. This will execute the procedure MULTINET:NPTD_DST_PROC.COM with the following parameters:

Q. Should I use the VMS system parameter AUTO_DLIGHT_SAV?

A. No. This will cause VMS to change the time also and will have unpredictable results.

Q. Have there been any more recent changes to the time zone rules in MultiNet/TCPware than what is in the patches?

A. The only one that we are currently aware of is for New Zealand, which can be added by placing the following rule in MULTINET:LOCAL_TIMEZONES.DAT:

NZ rule change http://www.dia.govt.nz/diawebsite.nsf/wpg_URL/Services-Daylight-Saving-Index

Rule NZ 2007 REV_DST 1:00 Last Sunday September 2:00 First Sunday April       2:00       

PMDF

Q. How do PMDF databases on Unix/Linux and Windows work?

A. The PMDF databases used in address manipulation such as the aliases, forward, reverse, and general as well as the databases used by the directory channel still use the Sleepy Cat database utility. In PMDF version 6.2-1 and later, this has not changed even though the queue cache database has been changed to eliminate the use of Sleepy Cat.

As your CRDB databases grow they will approach a point at which they will have insufficient resources allocated to function properly. By default, PMDF is configured to work with a cachesize of 10 meg. For smaller organizations this is sufficient and they will not notice any performance issues. The SCDB environment will be able to expand its allocated cachesize by as much as 25% without any change in the configuration. However if the need for expanding the database cachesize exceeds that limit, PMDF performance will start to erode and eventually will cease to perform. Restarting the application will give temporary relief, but the timing of eroded performance will become more frequent as the databases grow and require more system resources.

You can provide additional resources to the application and the SCDB databases by adding a configuration file to the SCDB environment.

Create a DB_CONFIG (uppercase is important) file in the same location as the __db.00x files. On UNIX (Solaris,Tru64) this will be in the /var/tmp directory. On Linux, this will be the /pmdf/tmp directory, and on Windows this will be \pmdf\tmp. This file will need to have the following directives in it.

 set_cachesize 0 20971520 1 
 set_lk_max_locks 5000 
 set_lk_max_lockers 5000 

After you have created this file, you need to shut down PMDF, remove the __db.00x files, and remove the pmdf memory segments on Unix and Linux, and then restart PMDF.

Q. When PMDF reaches its daily license limit (e.g. 5000 msgs/day) it continues to process messages, but displays a warning. Where are the messages logged in Solaris?

A. In Solaris, the messages are written to syslog.

The exact location of where these messages go is determined by the syslog config file, usually at /etc/syslog.conf.

This may or may not be the same location on all servers, depending on how the configuration is defined. It is usually the file /var/adm/messages.

PreciseMail

Q. How do I disable the addressbook upload to the allowlist (a new feature in PreciseMail v3.0)?

A. You can edit PMAS_HTML:PMAS_ALLOWLIST.TEMPLATE and remove the section that offers that option (and saving it as .HTML). PMAS V3.0-1 includes a configuration variable that can be used to hide this feature.

Q. Are DNSBL rejections logged?

A. Yes, they're logged in PMAS_LOG:PMAS.LOG, code "L".

You can also turn on the logs for the PMAS PTSMTP worker processes by defining this logical:

 $ define/system/exec pmas_ptsmtp_worker_log true 

and restarting PMAS. Those logs will include debugging information from the DNSBLplug.

Q. Can you tell me if the performance of PMAS using PTSMTP is better than with PMDF?

A. Performance is much better with PMAS PTSMTP than with the PMDF channel. All scanning of messages is done in-memory before they're handed off to PMDF, which saves the multiple file copies as PMDF hands the message off to each channel that it passes through. Also, each time a PMDF PMAS channel is started, the rules have to be reloaded.

With the compiled rules, this is pretty fast on VMS, but the PMAS PTSMTP workers keep the rules in memory at all times, so there is no reloading.

A post on Info-PMAS provides more information on this topic:

http://www.pmas.process.com/scripts/mxarchive/archive_search.com?TEXT=R56284-60518-mail%24archives%3A%5Binfo-pmas%5Dinfo-pmas.2006-08

Q. Which is the PMAS processing order between an allow and the quarantine? For example, an incoming message matches both an allow rule (user or system rule) and a quarantine rule (user or system). Which will be the message disposition - quarantined or allowed?

A. Allowed. The order is this:

  1. User allow -> user block & reject -> user quarantine ->
  2. system allow -> system block & reject -> system quarantine ->
  3. normal PMAS rules and scoring

If a message matches an allow rule, the rest of the tests are ignored. If not, the block and reject tests are run; if one matches, the rest are ignored. Next the quarantine rules are run; if one matches, the message is quarantined, and the normal PMAS rules are never run. Only when a message does not match an allow, block, reject, or quarantine rule are the normal PMAS rules run.

And user rules always override system rules, so a user block will override a system allow (as, in fact, the system rules are never applied).

Q. If a message size exceeds the limit for processing, are the global block-list rules still applied? Are user block/allow rules applied?

A. There is no limit in PMAS V3.0, unless you define the site limit. And even if you define a site limit, the allow/block/rule rules are all applied.

Previous versions of PMAS would not process messages larger than 1,000 512-byte blocks-messages larger than that size were effectively ignored by PMAS. The reasoning behind the limit was that spam wasn't that large, and there was no point in scanning a message that wasn't likely to be spam. Unfortunately, these days, some spam is larger than that, so this limitation has been removed, and a new, site-controlled size limit has been implemented.

A new configuration variable, MAXIMUM_SCAN_SIZE, can be defined to specify the largest size a message can be and still be scanned by PMAS. Unlike the old limit, the user and system allow/block lists are applied to the messages before the size is checked, providing more control over a large message's disposition. If the variable is undefined or defined as 0, there are no message size limits enforced.


Contacting Process Software

E-mail:
info@process.com - General information
sales@process.com - Sales
international@process.com - International Sales information
support@process.com - Technical Support
careers@process.com - Human Resources
webmaster@process.com - Webmaster

Phone/Fax/Address:
U.S.A./Canada - (800)722-7770

International - (508)879-6994

Fax - (508)879-0042

Mail:
959 Concord Street
Framingham, MA 01701-4682


Home > Newsletters > Fall 2007 - Volume 12 Issue 2

Search: