PMDF V6.3-2 Release Notes April 2007 This document contains release notes for PMDF V6.3- 2. The PMDF V6.3-2 release is for Linux only. This document describes all new features and bug fixes that have been made since PMDF V6.2-1 (i.e. that were included in PMDF V6.3 and V6.3-2). Note that some minor enhancements and bug fixes were in- cluded in the Windows release of V6.2-1 that were not included in the V6.2-1 release for the other platforms. Release notes items for those are also included here. Software Version: PMDF V6.3-2 Operating System and Version: Red Hat Enterprise Linux 4 update 4 or later on x86; (see text for other Linux distributions) __________ Copyright »2007 Process Software, LLC. Unpublished - all rights reserved under the copyright laws of the United States No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval sys- tem, or translated into any language or computer language, in any form or by any means electronic, mechanical, magnetic, optical, chemical, or oth- erwise without the prior written permission of: Process Software, LLC 959 Concord Street Framingham, MA 01701-4682 USA Voice: +1 508 879 6994; FAX: +1 508 879 0042 info@process.com Process Software, LLC ("Process") makes no rep- resentations or warranties with respect to the con- tents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Process Software reserves the right to revise this publication and to make changes from time to time in the content hereof without obligation of Process Software to notify any person of such revision or changes. Use of PMDF, PMDF-DIRSYNC, PMDF-FAX, PMDF-LAN, PMDF-MR, PMDF-MSGSTORE, PMDF-MTA, PMDF-TLS, PMDF- X400, PMDF-X500, PMDF-XGP, and/or PMDF-XGS soft- ware and associated documentation is authorized only by a Software License Agreement. Such license agree- ments specify the number of systems on which the software is authorized for use, and, among other things, specifically prohibit use or duplication of software or documentation, in whole or in part, except as authorized by the Software License Agree- ment. Restricted Rights Legend Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or as set forth in the Commercial Computer Software - Restricted Rights clause at FAR 52.227-19. The PMDF mark and AlphaMate is a registered all PMDF-based trademark of Motorola, Inc. trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries and are used under license. ALL-IN-1, Alpha AXP, cc:Mail is a trademark of AXP, Bookreader, cc:Mail, Inc., a wholly- DEC, DECnet, HP, owned subsidiary of Lotus I64, IA64, Integrity, Development Corporation. MAILbus, MailWorks, Lotus Notes is a registered Message Router, trademark of Lotus MicroVAX, OpenVMS, Development Corporation. Pathworks, PSI, RMS, TeamLinks, TOPS-20, Tru64, TruCluster, ULTRIX, VAX, VAX Notes, VMScluster, VMS, and WPS-PLUS are registered trademarks of Hewlett- Packard Company. iii AS/400, CICS, IBM, RC2 and RC4 are registered Office Vision, trademarks of RSA Data OS/2, PROFS, and Security, Inc. VTAM are registered trademarks of International Business Machines Corporation. CMS, DISOSS, OfficeVision/VM, OfficeVision/400, OV/VM, and TSO are trademarks of International Business Machines Corporation. dexNET is a registered Ethernet is a registered trademark of Fujitsu trademark of Xerox Imaging Systems of Corporation. America, Inc. FaxBox is a registered GIF and "Graphics Interchange trademark of DCE Format" are trademarks of Communications Group CompuServe, Incorporated. Limited. InterConnections InterDrive is a registered is a trademark of trademark of FTP Software, InterConnections, Inc. Inc. LANmanager and Memo is a trade mark of Microsoft are Verimation ApS. registered trademarks of Microsoft Corporation. MHS, Netware, and LaserJet and PCL are Novell are registered registered trademarks of trademarks of Novell, Hewlett-Packard Company. Inc. iv PGP and Pretty Good Jnet is a registered Privacy are registered trademark of Wingra, Inc. trademarks of Pretty Good Privacy, Inc. Attachmate is a Pine and Pico are trademarks registered trademark of the University of and PathWay is a Washington, used by trademark of Attachmate permission. Corporation. PostScript is a Solaris, Sun, and SunOS registered trademark are trademarks of Sun of Adobe Systems Microsystems, Inc. Incorporated. SPARC is a trademark TCPware and MultiNet are of SPARC International, registered trademarks of Inc. Process Software. UNIX is a registered TIFF is a trademark of Aldus trademark of UNIX Corporation. System Laboratories, Inc. Gold-Mail is a Copyright (c) 1990-2000 trademark of Data Sleepycat Software. All Processing Design, rights reserved. Inc. Copyright (c) 1990, Copyright (c) 1995, 1996 1993, 1994, 1995 The President and Fellows The Regents of of Harvard University. All the University of rights reserved. California. All rights reserved. v _______________________________________________________ Contents _______________________________________________________ CHAPTER 1 V6.3-2 RELEASE NOTES 1-1 1.1 LINUX SUPPORT 1-1 1.2 OTHER BUG FIXES AND NEW FEATURES 1-2 _______________________________________________________ CHAPTER 2 INSTALLATION OF PMDF V6.3-2 2-1 2.1 LICENSE DATE 2-1 2.2 GETTING HELP 2-1 2.3 RELEASE NOTES LOCATION 2-2 2.4 OBTAINING NEW FILES 2-2 _______________________________________________________ CHAPTER 3 INSTALLATION GOTCHAS 3-1 3.1 RECOMPILE COMPILED CONFIGURATIONS 3-1 3.2 KNOWN ISSUES 3-1 _______________________________________________________ CHAPTER 4 NEW FEATURES IN PMDF V6.3 4-1 4.1 OPENVMS I64 (INTEGRITY) SUPPORT 4-1 4.2 SOLARIS 10 SUPPORT 4-1 4.3 LDAP AUTHENTICATION AGAINST ACTIVE DIRECTORY 4-1 4.4 MANY ENHANCEMENTS AND BUG FIXES 4-2 _______________________________________________________ CHAPTER 5 RELEASE NOTES FOR PMDF V6.3 5-1 5.1 INSTALLATION AND STARTUP 5-1 5.2 CHANNELS 5-2 5.3 DISPATCHER AND SERVERS 5-3 5.4 JOB CONTROLLER 5-4 5.5 MAILSERV 5-4 iii Contents 5.6 MISCELLANEOUS 5-5 5.7 POPSTORE / MESSAGESTORE 5-6 5.8 SECURITY 5-6 5.9 TLS 5-6 5.10 UTILITIES 5-7 iv _______________________________________________________ 1 V6.3-2 Release Notes PMDF V6.3-2 is a release for Linux only. There are no major differences in features or function- ality between V6.3 and V6.3-2. __________________________________________________________________ 1.1 Linux Support Support has been added in this release for the Linux platform (on Intel x86 only). This release provides for Linux the same functionality as the other unix platforms (Tru64 and Solaris), with the following exceptions: o Support for PMDF-X400 is not provided. o Support for PMDF-XGS (SNADS) is not provided. o The utility pmdftune is not provided. The Linux kit is supplied as an RPM kit, and is built on Red Hat Enterprise Linux version 4 update 4 on an Intel 32-bit processor. It should work on any distribution of Linux that supports RPM instal- lations. It should work on 64-bit versions of Linux as long as it supports 32-bit images. The Linux core version supported is 2.6.9-42 or later. 1-1 V6.3-2 Release Notes Other Bug Fixes and New Features __________________________________________________________________ 1.2 Other Bug Fixes and New Features In addition to the new features and bug fixes which are listed later in this document which were added in V6.3, the following minor bug fixes and enhancements are also included in V6.3-2: 1. Added support for chained certificates in TLS. (D/E 8704) 2. The channel keyword validatelocalmsgstore (which validates msgstore accounts during the SMTP di- alog, and is on by default on the msgstore chan- nel) now checks for the DISMAIL flag, implements the REJECT_OVER_QUOTA option, and honors user- names that only appear in the msgstore forward database. (D/E 8988, 10314) 3. For PMAS users, PMDF counters no longer count messages twice that go through the PMAS chan- nel. (D/E 9272) 4. Fixed a problem with the ORIG_SEND_ACCESS map- ping table being incorrectly applied after a mes- sage was forwarded via a mailbox filter file. (D/E 9903) 5. Fixed a problem with msgstore mailboxes getting corrupted due to a malformed message. (D/E 10249) 6. Fixed a problem with the $A flag in the MAILSERV_ LISTS mapping table not being applied correctly. (D/E 10272) 7. If a disconnect occurs during an SMTP session, DSNs are now sent for addresses previously known to be invalid. (D/E 10278) 8. Added the following channel keywords: inter- pretmultipartencoding, ignoremultipartencoding, interpretmessageencoding, ignoremesageencoding. The default is still to interpret all Encoding: headers. The "ignore" keywords cause PMDF to not interpret the Encoding: headers. (D/E 10308) 1-2 V6.3-2 Release Notes Other Bug Fixes and New Features 9. Fixed problem with pmdf cnbuild not correctly checking for when the channel table size was ex- ceeded. (D/E 10347) 10. Changed the separator for mailing list tags from a space to a vertical bar. (D/E 10374) 11. Since a count of messages is not maintained for msgstore accounts (it is maintained for popstore accounts only), any display of a message count has been removed if the account is a msgstore account (previously it would always display as 0). (D/E 10407) 12. Fixed an assert error that would sometimes be generated by TLS, saying: Assertion failed: md_c[1] == md_count[1], file /pmdf_common/ssl/crypto/rand/md_rand.c, line 312 (D/E 10415) 13. Fixed a problem in the job controller which would cause the job controller to crash due to an in- ternal list getting corrupted. (D/E 10432) 14. Fixed a problem in which messages were not get- ting processed because they were not getting added to the job controller's in-memory queue cache database. (D/E 10390) 15. The job controller now honors the queue chan- nel keyword specified on the channel definition in the pmdf configuration file pmdf.cnf. The queue specified must be defined in the job con- troller configuration file (job_controller.cnf or job_controller.cnf_site). (D/E 10364) 16. Fixed a problem with the pmdf qm -maint clean command not deleting messages that it should. It now works properly. (D/E 10298) 17. The version of pine included in PMDF on unix plat- forms has been upgraded to 4.64. (D/E 9207) 1-3 V6.3-2 Release Notes Other Bug Fixes and New Features 18. Fixed a problem with the pmdf process command where sometimes it would complain about a syn- tax error because there were extra characters incorrectly included at the end of the command. (D/E 10489) 1-4 _______________________________________________________ 2 Installation of PMDF V6.3-2 PMDF V6.3-2 is the first release of PMDF for the Linux platform. See the PMDF Installation Guide, Linux Edition for full instructions on how to in- stall PMDF on Linux. This document contains installation gotchas and release notes for this version of PMDF. __________________________________________________________________ 2.1 License Date The release date for the PMDF V6.3-2 kit is: 30-APR-2007 Check your PMDF licenses to make sure they are valid for this release. The release date contained in each license must be later than the release date of the kit. See the PMDF Installation Guide, Linux Edition for more information about how PMDF licenses work. __________________________________________________________________ 2.2 Getting Help Contact your PMDF distributor or Process Soft- ware if you need assistance or have questions con- cerning the installation or configuration of PMDF. Process Software provides technical support if you have a current Maintenance Service Agreement [support@process.com; 800-394-8700 or 508-628-5074]. If you obtained PMDF from an authorized distrib- utor or partner, you receive your technical sup- port directly from them. Timely notices, point- ers to new PMDF images, and other PMDF news of in- 2-1 Installation of PMDF V6.3-2 Getting Help terest may also be found at the Process Software web site, www.process.com. __________________________________________________________________ 2.3 Release Notes Location The text version of these release notes is in- stalled on VMS in the SYS$HELP directory, and on UNIX and Windows in the PMDF documentation direc- tory. The postscript and PDF versions on all plat- forms are installed into the PMDF documentation di- rectory (/pmdf/doc on Linux). __________________________________________________________________ 2.4 Obtaining new files New files may be obtained from the anonymous FTP account on ftp.pmdf.process.com; use FTP to con- nect to the host ftp.pmdf.process.com and login as the user anonymous. Use your e-mail address as the login password. Move to the pmdf_632_patches subdirectory: ftp> cd pmdf_632_patches Patches will be located in platform-specific sub- trees, as follows: _______________________________________________ Platform_______Subdirectory____________________ Linux__________linux___________________________ 2-2 _______________________________________________________ 3 Installation Gotchas Make sure you read the PMDF Installation Guide, Linux Edition before starting the installation. Make sure you complete the Post-Installation Tasks for Upgrades or Post-Installation Tasks for New Sites in the installation guide after the installation. __________________________________________________________________ 3.1 Recompile Compiled Configurations As with every upgrade, it is required that all compiled configurations be recompiled. See the Post- Installation Tasks for Upgrades in the Linux Edi- tion of the installation guide. __________________________________________________________________ 3.2 Known Issues 1. There are no known issues at this time. 3-1 _______________________________________________________ 4 New Features In PMDF V6.3 __________________________________________________________________ 4.1 OpenVMS I64 (Integrity) Support Support has been added for OpenVMS I64 (Integrity) systems. This provides the same functionality as OpenVMS VAX and OpenVMS Alpha platforms, with the following exceptions: o The DEC Notes channel is not provided. o The BULLETIN utility is not provided. o Support for PMDF-X400 has been removed. o Support for PMDF-MB400 has been removed. o Support for PMDF-MR has been removed. __________________________________________________________________ 4.2 Solaris 10 Support PMDF has added support for Solaris version 10. __________________________________________________________________ 4.3 LDAP Authentication Against Active Directory The PMDF pmdf_table:security.cnf can now be con- figured to do username and password authentication with an AUTH_SOURCE of LDAP against Active Direc- tory servers. (D/E 9281) In order to specify the name of the attribute to use, specify the LDAP_ATTRIBUTE option. The stan- dard Active Directory attribute is "sAMAccountName". 4-1 New Features In PMDF V6.3 LDAP Authentication Against Active Directory In order to specify a domain name and password for an account to use to bind to the Active Direc- tory server in order to do the search for the user- name to authenticate, specify the LDAP_SEARCHACCT_ DN and LDAP_SEARCHACCT_PASSWORD options. For example, in your pmdf_table:security.cnf file, the AUTH_SOURCE LDAP section could look like this: [AUTH_SOURCE=LDAP] BASEDN=DC=Example,DC=com SERVER=adserver.example.com LDAP_ATTRIBUTE=sAMAccountName LDAP_SEARCHACCT_DN=CN=Administrator,CN=Users,DC=Example,DC=com LDAP_SEARCHACCT_PASSWORD=password __________________________________________________________________ 4.4 Many Enhancements and Bug Fixes PMDF V6.3 contains many smaller enhancements and bug fixes. See the Release Notes chapter below. 4-2 _______________________________________________________ 5 Release Notes For PMDF V6.3 The following sections document the enhancements and bug fixes that have been made since PMDF V6.2- 1. __________________________________________________________________ 5.1 Installation and Startup 1. Changed the installation on OpenVMS to supply a default UIC of [374,1] for the PMDF_USER ac- count. (D/E 9111) [OpenVMS only] 2. Changed the installation on OpenVMS to allow the installer to not specify any timezone. If no timezone is specified, PMDF uses the timezone set by the system. (D/E 10212) [OpenVMS only] 3. Added a "LOGICALS" parameter to the generated pmdf_startup.com which will only define the PMDF logicals and not try to load the PMDF licenses or start up the counters process, etc. (D/E 10209) [OpenVMS only] 4. Fixed an error message that showed up when run- ning pmdf_startup.com on a node in a VMS clus- ter immediately after PMDF was upgraded from a different node in the cluster. (D/E 10213) [Open- VMS only] 5. Fixed a problem that could come up during VMS installations if there are both PMDF_STARTUP.COM and PMDF_STARTUP.COM_OLD files in SYS$SPECIFIC. The old PMDF_STARTUP.COM_OLD files are now deleted before the PMDF_STARTUP.COM files are renamed. [OpenVMS only] 5-1 Release Notes For PMDF V6.3 Channels __________________________________________________________________ 5.2 Channels 1. Added channel keyword relaxheadertermination and norelaxheadertermination. Keyword relaxhead- ertermination is the default and corresponds to PMDF's standard behavior, which is to treat a line containing only spaces and tabs as mean- ing the same as a blank line, i.e. it termi- nates the header and the rest of the message is considered the body. If keyword norelaxhead- ertermination is specified on a channel, then a line within the header containing only spaces and tabs is treated as a continuation of the pre- vious header line, and PMDF continues to pro- cess the next lines as part of the header. (D/E 10215) 2. Added channel keywords acceptalladdresses and acceptvalidaddresses. Keyword acceptvalidad- dresses is the default and corresponds to PMDF's standard behavior. If keyword acceptalladdresses is specified on a channel, then all recipient addresses are accepted during the SMTP dialogue. Any invalid addresses will have a Non-Delivery Notice sent later. (D/E 10214) 3. Added syntax checking for the value of the af- ter channel keyword on UNIX and Windows, to ver- ify that it is an integer (and not, for exam- ple, a VMS-format delta time). (D/E 10240) (UNIX and Windows only) 4. Fixed a problem using the INLINE feature for di- rectory channels where messages for certain re- cipients to a mailing list can get lost if there is a temporary error in doing the directory chan- nel lookup for that recipient. (D/E 9937) 5. The SMTP XTSA command now correctly displays the Attemped and Rejected counts for each channel. (D/E 9984) 5-2 Release Notes For PMDF V6.3 Channels 6. Fixed a problem in the tcp_smtp_client where it would operate in single-threaded mode instead of multi-threaded mode like it should. (D/E 10103) [UNIX and Windows only] 7. Fixed a problem with the defragment channel on unix platforms. It would not work, reporting a failure of qcache_init_once:os_attach_share_memory failed,No such file or directory (D/E 10122) [Tru64 and Solaris only] __________________________________________________________________ 5.3 Dispatcher and Servers 1. A number of timing issues were corrected that could result in the creation of more worker pro- cesses than specified with the MAX_PROCS dis- patcher configuration parameter. Some efficiency changes were made as well for VMS. (D/E 9966) 2. Fixed a problem with the legacy POP server where it would incorrectly tell the POP client that there were 0 messages in the folder when it got an error opening the folder. Due to this, the POP client may then download all messages in the folder again the next time it is able to access the folder. This has been changed to return an error message instead. (D/E 10029) [OpenVMS only] 3. The DISPATCHER_printf routine in the dispatcher API has been restored. (D/E 10180) 5-3 Release Notes For PMDF V6.3 Job Controller __________________________________________________________________ 5.4 Job Controller 1. Fixed a problem on Solaris with processes be- ing unable to contact the job controller. (D/E 10031) [Solaris only] 2. Fixed a problem whereby the pmdf run channel slave or pmdf submit channel slave command ran the mas- ter program for the channel instead of the slave. (D/E 10035) [UNIX and Windows only] 3. Fixed a problem where the job controller would reject a connection from another process if the hostname involved exceeded 32 characters. This limit has been raised. (D/E 10208) [UNIX and Windows only] __________________________________________________________________ 5.5 MailServ 1. Modified MAILSERV to be able to parse multipart/signed (e.g. PGP-signed) messages to recognize the MAILSERV commands in the plain text part. (D/E 9912) 2. Made some enhancements to MAILSERV to option- ally be more liberal in what it accepts. If the LIBERAL=1 option is set in pmdf_table:mailserv_ option, then MAILSERV will strip out leading quote characters (> the greater-than sign), and will continue processing after reading an invalid com- mand, and will strip out stray strings.(D/E 7581) 5-4 Release Notes For PMDF V6.3 Miscellaneous __________________________________________________________________ 5.6 Miscellaneous 1. Fixed a problem with the QM web interface "full listing" page in which the message count always shows 0 when it is using the queue cache database. (D/E 10057) [UNIX and Windows only] 2. Fixed a problem on unix platforms with /pmdf/bin/get_ count, which is used by the post job and the re- turn job to keep track of how many times that job has been run. It was returning 0 every time. It has been fixed to count upwards correctly. (D/E 9961) [Tru64 and Solaris only] 3. The following headers have been added to the known headers list: (D/E 10202): DomainKey-Signature: DomainKey-X509: Authentication-Results: X-PMAS-Software: X-PMAS-Allowed: X-PMAS-Quarantined: X-PMAS-Final-Score: X-PMAS-Spam: X-PMAS-Not-Spam: X-PMAS-Not-Positive: X-PMAS-Sophos: X-PMAS-NoVirus: 4. PMDF process queues will no longer crash on VMS 7.3-2 and higher when the MBA device unit num- bers exceed MBA9999. (D/E 10129) [OpenVMS only] 5. Added a few new top-level domains (TLDs) to the internet.rules file. 5-5 Release Notes For PMDF V6.3 popstore / MessageStore __________________________________________________________________ 5.7 popstore / MessageStore 1. Reconstructing a mailbox that contains "_BAD" files will no longer result in duplicate UIDs. (D/E 9905) __________________________________________________________________ 5.8 Security 1. Added support for the PWDMIX SYSUAF flag. The following special characters aren't supported: whitespace, open parenthesis (, close parenthe- sis ), open brace {, percent sign %, asterisk *, double quote ", and backslash \. (D/E 9613) [OpenVMS only] 2. Fixed several problems related to intrusion records on VMS: problem with creating intrusion records for failed login attempts via SMTP, problem with intruders not being rejected when they should, problem with no audit record being created for a failed login due to the remote user being flagged as an intruder, problem (on VAX only) with au- dit records never being created. (D/E 9174) [Open- VMS only] __________________________________________________________________ 5.9 TLS 1. Fixed a problem with using TLS with older ver- sions of TLS, using protocols including SMTP and IMAP. The problem seen is an error message in log files saying "decryption failed or bad record mac". (D/E 9890) [Tru64 only] 2. Fixed a problem running the tls_certreq util- ity or sending messages using TLS. The problem seen is an error message in log files or on the screen saying "PRNG not seeded". (D/E 9893) [Tru64 and OpenVMS only] 5-6 Release Notes For PMDF V6.3 TLS __________________________________________________________________ 5.10 Utilities 1. pmdf chbuild utility: a. The following switches for pmdf chbuild on Open- VMS have been removed: /ALPHA, /VAX. 2. pmdf cnbuild utility: a. The following switches for pmdf cnbuild on Open- VMS have been removed: /ALPHA, /VAX. 3. pmdf db utility: a. The pmdf db utility now supports HUGE databases. The open command now supports huge as well as short and long keywords. The add command ac- cepts an alias-value as long as 1024 bytes. (D/E 6975) 4. movein utility: a. Fixed a problem using the /BEFORE or /SINCE qualifier where it would fail on the second folder that it processed. (D/E 9871) [Open- VMS only] 5. pmdf send utility: a. Fixed a problem with sending text files con- taining lines longer than 1024 characters, even with /ENCODING=QUOTED_PRINTABLE. (D/E 9931) [OpenVMS only] 5-7