Redbooks Paper
Jeffrey Slone
William Tworek
Lotus Workplace Messaging
Administration Guide
This Redpaper provides an overview of the IBM® Lotus® Workplace
Messaging™ 1.1 system and its components, and describes common
administration/configuration tasks. It is not intended to be a complete
administrative handbook, but rather an introduction to the Workplace Messaging
product from an administrator’s viewpoint.
Specific topics covered within this paper are:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Components
Message flows
Security
Directory considerations
Configuration of mail cells
Configuration of services (POP3, IMAP and so on)
Backup
Admin task scheduling
Routing to/from Domino™
Troubleshooting
While this paper was written based on version 1.1, its general contents and best
practices will, for the most part, be applicable to future versions of this product as
well.
© Copyright IBM Corp. 2004. All rights reserved.
ibm.com/redbooks
1
An introduction to Lotus Workplace Messaging
IBM Lotus Workplace Messaging provides a secure mail application that runs on
the IBM WebSphere® Application Server and uses IBM DB2® as the message
store. Workplace Messaging is designed to integrate with an existing corporate
infrastructure and use the corporate LDAP directory for automatic user account
creation, deletion, authentication, address-resolution, and mail routing.
Workplace Messaging uses standards-based SMTP to route mail between
servers and cells and to route incoming and outgoing mail to other mail systems.
Workplace Messaging uses information in the Directory for User Account
Creation and Routing to determine where to route internal messages and uses
the Domain Name System (DNS) to route outgoing messages.
Lotus Workplace Messaging includes the following features:
򐂰 Mail lets users send and receive e-mail messages
򐂰 Calendar lets users maintain a personal calendar
򐂰 Address Book lets users save contact information for people and for group
mailing lists
Workplace Messaging supports POP3 and IMAP clients such as Lotus Notes®
and Microsoft® Outlook. Workplace Messaging users can also use a WebSphere
Portal-based browser interface to read, create and send mail.
Lotus Workplace Messaging supports (in whole or in part) the following Request
for Comment (RFC) documents:
򐂰 Delivery Status Notification (DSN) Support - SMTP Server
򐂰 RFC 821, “Simple Mail Transfer Protocol”
򐂰 RFC 822, “Standard for the Format of ARPA Internet Text Messages”
򐂰 RFC 2554, “SMTP Service Extension for Authentication”
򐂰 RFC 1891, “SMTP Service Extension for Delivery Status Notifications”
򐂰 RFC 1123, “Requirements for Internet Hosts - Application and Support”
򐂰 RFC 1425, “SMTP Service Extensions”
򐂰 RFC 1651, “SMTP Service Extensions” (replaced RFC 1425)
򐂰 RFC 1869, “SMTP Service Extensions” (replaced RFC 1651)
򐂰 RFC 1939, “Post Office Protocol - Version 3”
򐂰 RFC 2060, “IMAP - version 4, rev1”
򐂰 RFC 2445, “Internet Calendaring and Scheduling Core Object Specification
(iCalendar)”
2
Lotus Workplace Messaging Administration Guide
򐂰 RFC 2821, “Simple Mail Transfer Protocol” (replaced 821/1123/1869)
򐂰 RFC 2822, “Internet Message Format” (replaced 822)
The following clients are supported for IMAP (technical preview only) access:
򐂰 Lotus Notes 6.02 -- on Windows® 2000 and Windows XP
򐂰 Microsoft Outlook XP/2002 - on Windows 2000 and Windows XP
򐂰 Microsoft Outlook Express 6 - on Windows 2000 and Windows XP
The following clients are supported for POP3 access:
򐂰 Lotus Notes 6.02 - on Windows 2000 and Windows XP
򐂰 Microsoft Outlook XP/2002 - on Windows 2000 and Windows XP
򐂰 Microsoft Outlook Express 6 - on Windows 2000 and Windows XP
򐂰 WebSphere Portal Internet Mailbox versions 4.2 and 5.0
For browser-based mail access, the following are supported:
򐂰 Microsoft Internet Explorer 6.0 with Service Pack 1 - on Windows 2000 and
on Windows XP with the Sun plug-in version of Java ™ Virtual Machine
(JVM) 1.4.1
򐂰 Microsoft Internet Explorer 5.5 with Service Pack 2 - on Windows 2000, with
Microsoft Java Virtual Machine (JVM)1.1
򐂰 Netscape Mozilla 1.3 - on SUSE Linux 32-bit Intel®,kernel version 7 2.4 and
SLES 8,with the Sun plug-in version of Java Virtual Machine (JVM)1.4.1
Additional browser support:
򐂰 Netscape Navigator,Versions 4.7 and 6 - for Internet Mailbox portlet in
WebSphere Portal
For the most current information on supported mail clients and Web browsers,
consult the Lotus Workplace products 1.1 release notes.
Lotus Workplace Messaging Administration Guide
3
Overview of Lotus Workplace Messaging components
The main IBM Lotus Workplace Messaging server component (called the Mail
Service) is actually a set of services that work with the message queue, queue
directory, and DB2 data store to receive, process, and send mail. In Lotus
Workplace 1.1, these services run in a WebSphere server instance called
LotusWorkplace_Server.
Five types of services make up the Mail Service:
򐂰
򐂰
򐂰
򐂰
򐂰
Mail Receiver service
Message Handler service
Mail Delivery service
POP3 service
IMAP service
You can run all the mail services on one machine, or to improve performance,
you can run these services on separate machines. All of the components of the
Mail Service are configured using the WebSphere Application Server (or
Deployment Manager) administration interface.
The Workplace Messaging Mail Service supports client access through several
methods. Users can access mail using a POP3 or IMAP client. Users can also
access mail through a Web-client interface rendered through the IBM
WebSphere Portal server.
Lotus Workplace Messaging client interface
Browser-based mail access in Lotus Workplace Messaging 1.1 relies on
WebSphere Portal for the user interface—not on the Web access client used by
Workplace Messaging 1.0. This Web-based interface is based on the Apache
Struts (Model-View-Controller) Web Application Framework.
Lotus Workplace Messaging relies on three main portlets (running on
WebSphere Portal Server) to manage communications between browser-based
clients and the Workplace Messaging Mail Service (which runs on the
WebSphere Application Server):
򐂰 The address book portlet (lwp.portlets.address.war)
򐂰 The calendar portlet (lwp.portlets.calendar.war)
򐂰 The mail portlet (lwp.portlets.mailbox.war).
Workplace Messaging also uses the spell check portlet
(lwp.portlets.spellcheck.war).
4
Lotus Workplace Messaging Administration Guide
POP3 and IMAP clients communicate directly with the Mail Service on the
WebSphere Application Server. They do not communicate with the Mail Service
through the Portal Server.
Mail Receiver defined
The Mail Receiver service is the Mail Service component responsible for
receiving incoming mail messages over SMTP. The Mail Receiver service does
the following:
򐂰
򐂰
򐂰
򐂰
Accepts inbound SMTP connection requests
Prevents the acceptance of mail from DNS blacklists
Prevents the acceptance of mail from listed domains and listed servers
Applies relay restrictions
You configure the Mail Receiver service by using the Lotus Workplace Servers,
SMTP Inbound Service link in the WebSphere Administration console. Once the
Mail Receiver service has accepted the message, it is placed in the Message
Queue.
Note: The Mail Receiver service supports eSMTP (the SMTP Service
Extensions defined in RFC 1869).
Message Queue and DB2 Data Store defined
The message queue is the data conduit for processing messages into and out of
the Mail Service. The message queue uses both the file system (usually a
network share called the Temporary File Store or TFS) and the DB2 Data Store
(containing user mailboxes and their messages, message processing
information, calendar information, contact information, and account status
information).
You configure the location of the TFS during Lotus Workplace installation. While
more than one cell may share a TFS, each messaging cell you configure must
have its own corresponding DB2 Data Store. Messages placed in the TFS and in
the messaging Data Store remain in their original MIME format (for example,
base64).
The Message Queue is composed of three subcomponents: the Message Queue
Manager, the State Queue, and the Temporary File Store. Next, we’ll look at
these in more detail.
Lotus Workplace Messaging Administration Guide
5
Message Queue Manager
The Message Queue Manager is the component responsible for maintaining
statistics on the Message Queue. Statistics gathered by the Queue Manager can
be displayed in products such as Tivoli® Performance Manager.
State Queue
The State Queue is a set of database tables (in the DB2 Data Store) that track
message progress through the system and the location of the messages in the
Temporary File Store. As messages in the queue are processed, the various Mail
Service components will record the status of the messages in the State Queue.
Temporary File Store
The Temporary Filestore (TFS) is a logical collection of disk space reserved for
use by the Mail Service as a cache for messages. Usually a network share (it can
also be part of the local file system if all the Mail Service components are on the
same machine), the TFS stores the message content while the system
processes the message for delivery or transfer.
Message Handler service defined
The Message Handler is composed of a set of subcomponents. These
subcomponents perform various processing tasks such as:
򐂰
򐂰
򐂰
򐂰
򐂰
Group expansion
Unique name checking
Determining whether delivery confirmations are required
Tracking message retry information
Delivery categorization (local delivery versus external)
The Message Handler service is configured using the Lotus Workplace Servers,
Message Handler Service link in the WebSphere Administration console.
Periodically, the Message Handler polls the Message Queue looking for
messages that are ready to be delivered. When messages are found, the
Message Handler processes them. Once processed, the messages are ready for
action by the Mail Delivery service.
Mail Delivery service defined
The Mail Delivery service is responsible for delivering mail in the message
queue. There are two mail delivery categories: local delivery and external
delivery. The Mail Delivery service is responsible for delivering both categories of
mail.
6
Lotus Workplace Messaging Administration Guide
The Mail Delivery service supports eSMTP (the SMTP Service Extensions
defined in RFC 1869). When the Delivery service contacts a domain’s inbound
SMTP server, it will first issue the eSMTP EHLO command in order to determine
whether or not the receiving server supports eSMTP. If the destination server
does not respond to the EHLO command, the Mail Delivery service will revert to
standard SMTP commands.
The Mail Delivery service performs these tasks:
򐂰
򐂰
򐂰
򐂰
򐂰
Reads from a specified list of virtual queues
Handles undeliverable mail
Manages delivery retries
Restricts outbound messages to a specified size
Updates records in the message queue to reflect queue status and delivery
status
The Mail Delivery service is configured using the Lotus Workplace Servers,
SMTP Outbound/Local Delivery Service link in the WebSphere Administration
console.
POP3 service defined
POP3, or Post Office Protocol, is an Internet mail protocol, defined in RFC 1939,
that allows a user running a POP3 client—for example, the Lotus Notes client or
Microsoft Outlook—to retrieve mail from a Lotus Workplace Messaging server
running the POP3 service.
Workplace Messaging supports basic name-and-password authentication and
Secure Sockets Layer (SSL) authentication for POP3 clients. In both cases,
Workplace Messaging uses an LDAP authentication directory to verify user
credentials. Lotus Workplace Messaging also supports SSL connections for mail
retrieval. The POP3 service does not transfer outbound mail. You configure the
SMTP services to handle message transfer from POP3 clients.
IMAP service defined
IMAP, or Internet Message Access Protocol, is an Internet mail protocol which
allows an IMAP client to access and manipulate e-mail messages on a server.
The IMAP specification in RFC 3501 allows for three different modes of
accessing mail from an IMAP server: IMAP Online, IMAP Offline and IMAP
Disconnected. Each mode of access allows the creation and manipulation of mail
folders.
Note: The IMAP service implementation in Workplace Messaging 1.1 does
not support nested folders.
Lotus Workplace Messaging Administration Guide
7
IMAP Online allows users to retrieve mail from the server and store them locally
(similar to the functionality of a POP3 client). IMAP Offline allows users to
download messages locally and also supports the ability to access messages on
the server without downloading them. IMAP Disconnected allows users to
download messages locally for offline use and then allows the user to
synchronize local mail with the IMAP server. The IMAP service in Workplace
Messaging 1.1 supports each of the IMAP client access modes.
Workplace Messaging supports basic name-and-password authentication and
Secure Sockets Layer (SSL) authentication for IMAP clients. In both cases,
Workplace Messaging uses an LDAP authentication directory to verify user
credentials. Workplace Messaging also supports SSL connections for mail
retrieval. The IMAP service doesn’t transfer mail. You configure the SMTP
services to handle message transfer from IMAP clients.
Note: The IMAP service in Lotus Workplace Messaging 1.1 supports the
IMAP search feature detailed in RFC 3501. However, the IMAP search
command in Workplace 1.1 only allows clients to use the UID and flags search
criteria.
Virtual queue defined
In a standard single-server deployment of Workplace Messaging, there is one
Message Queue, one Mail Receiver, one Mail Handler, and one Mail Deliverer.
Thus, there is one Mail Receiver placing messages in the Message Queue, one
Handler handling the messages, and one Deliverer delivering the messages.
Since there is only one of each Mail Service component operating, contention for
queue resources is at a minimum.
However, if you extend your Workplace Messaging deployment to include more
than one of each Mail Service component, contention for resources becomes
more acute. For example, if there are two Mail Handlers operating on a single
Message Queue, when the first Handler polls the queue to retrieve messages for
processing, the second Handler must sit idle until the first Handler is finished
retrieving messages.
To prevent this type of resource contention, Workplace Messaging implements
the concept of virtual queues. Virtual queues divide the physical queue into a
number of smaller logical queues. Each smaller logical queue can be assigned a
set of Mail Service components. For example, you could assign Receiver one,
Handler one, and Deliverer one to virtual queue A. You could also assign
Receiver two, Handler two, and Deliverer two to virtual queue B.
8
Lotus Workplace Messaging Administration Guide
By subdividing the queue into smaller logical queues, the Mail Service
components can concentrate on only the portion of the physical queue assigned
to them. This prevents the possibility that Mail Service components could
contend for the same portion of the queue at the same time.
Messaging cell defined
Lotus Workplace Messaging uses the same cell and node architecture used by
the WebSphere Application Server. The concept of a Lotus Workplace
Messaging mail cell is based on the concept of a cell as a logical grouping of one
or more nodes in a WebSphere distributed network. A mail cell will typically
contain two or more WebSphere Application Server/Portal Server machines,
each with all the Workplace Messaging Mail Service components installed.
These servers will be managed by a third Deployment Manager server which has
the Workplace Administration console installed.
The cell will use a single DB2 data store and a Temporary File Store (the mail
queue directory) specified during Lotus Workplace installation. The cell will
process mail for one or more domains and can use one or more LDAP
directories. Though installing all of the Mail Service components on each
machine in the cluster is typical, it is possible to install the Mail Service
components on separate machines. It is also possible for a cell to consist of a
single server running all the necessary Workplace Messaging components
(typically a demonstration or pilot deployment).
Figure 1 on page 10 shows a typical mail cell with two machines (in a horizontal
cluster) devoted to mail services.
Lotus Workplace Messaging Administration Guide
9
Tier 1 (Presentation)
Tier 2 (Business Logic)
HTTP
Servers
Clients
Tier 3 (Data/
Resources)
WebSphere Application
Server POP3, SMTP (In/
Out), Handler
Node
Agent
Portal Server
Lotus Workplace
Messaging Portlets (for
Web user interface)
Load
Balancer
Mail
Data
Store
IBM DB2 Server
WebSphere Application
Server POP3, SMTP (In/
Out), Handler
Deployment
Manager
Node
Agent
Administration
Console
Portal Server
Lotus Workplace
Messaging Portlets (for
Web user interface)
Message Queue
File Store
LDAP Server
Figure 1 Typical mail cell
You configure a mail cell through the WebSphere Administration console or by
using the Lmadmin commands. Configuration involves setting directory
properties and configuring services at the cell or server level.
Cell-wide properties include domains that are local to the cell, the default domain
name, the postmaster mail address, the dead letter address, and how often to
empty users' trash folders. In addition, all servers in the cell are affected by the
domain name system (DNS) settings and by the path of the Mail Service queue
directory (the Temporary File Store).
If you have multiple machines running SMTP mail services (Mail Receiver and
Mail Delivery services), you can configure cell-wide properties for each type of
service without having to configure each server separately. This type of cell-wide
configuration eases your administrative burden. You can also configure SMTP
mail services at the server level.
Note: The Message Handler and Task Scheduler services must be configured
at the server level.
10
Lotus Workplace Messaging Administration Guide
Message flow in Lotus Workplace Messaging
Each of the Mail Service components, and the flow of messages into and out of
the Workplace Mail Service, are represented in Figure 2.
2b
Internet
1c
POP3/
IMAP
client
Workplace Messaging Server
1a
Mail
Receiver
(SMTP
Inbound)
2a
Message
Handler
4
Mail
Deliverer
(SMTP
Outbound)
5a
Portal
client
IBM DB2 Server
3
1b
5b
3
Internet
Message Queue
LDAP
Figure 2 Flow of messages in Lotus Workplace Messaging
Following are the meanings of the sequential numbers in Figure 2.
Numbers 1a, 1b, 1c:
If...
Then
1a) The message is sent by a POP3 or
IMAP client
The client transfers the message (over
SMTP) to the Mail Receiver.
1b) The message is sent by a
portal-based client
WebSphere Portal places the message
into the Message Queue.
1c) The message is sent by an external
host via SMTP
An SMTP conversation is initiated with the
Mail Receiver.
Lotus Workplace Messaging Administration Guide
11
Number 2a: The mail receiver verifies the sender and the destination address
against the settings provided in the Filters for SMTP Inbound Connections. This
check prevents unapproved relays and blocks blacklisted/specified
domains/hosts.
If...
Then
The mail receiver rejects the message
A reply is returned to the connecting
server indicating that the message was
rejected.
The mail receiver accepts the message
The mail receiver places the message into
the Message Queue.
Number 2b: Message processing information is placed in the Message Queue
by the Mail Receiver service.
Number 3: A Message Handler polls the message queue for unprocessed
messages. For each message retrieved, the Handler:
򐂰
򐂰
򐂰
򐂰
Expands group names (if any)
Checks to see if delivery confirmation is required
Categorizes the delivery type of the message as local or external
Looks up routing information for each local recipient in the Directory for User
Account Creation and Routing (that is, LDAP directory)
Number 4: The Mail Delivery service polls the Message Queue for messages
that are ready to be delivered.
Numbers 5a, 5b:
12
If...
Then
And
5a) Delivery type is set to
local
The Mail Delivery service
looks up the location of the
user’s Inbox folder.
Delivers the message to
the local user’s Inbox.
5b) Delivery type is set to
external
The Mail Delivery service
performs a DNS lookup to
find the IP address of the
recipient domain’s inbound
mail server(s).
The Mail Delivery service
transfers the message.
Lotus Workplace Messaging Administration Guide
Other ways in which messages may be handled in certain circumstances:
If...
Then
And
Local delivery fails
The Mail Delivery service
retries delivery until all
attempts fail.
A Delivery Status
Notification (DSN) is
delivered to the sender
indicating delivery failed.
External delivery fails
The Mail Delivery service
retries delivery until all
attempts fail.
A DSN is delivered to the
sender indicating delivery
failed.
External delivery is
rejected
A DSN is sent to the
sender’s inbox, indicating
that delivery failed.
If a DSN cannot be
delivered to the sender, the
message is DEAD.
Delivery status notifications in Workplace Messaging
Detailed in RFC 1981, Delivery Status Notifications (DSNs) are designed to
provide accurate and detailed information to the sender of an e-mail about the
delivery status of that message. Possible DSNs include relayed, successful, and
failed. You can disable delivery confirmations in the WebSphere Administration
console.
For messages that originate within the mail cell and are sent to local recipients,
the Mail Delivery service always sends a DSN for delivery failures.
Circumstances that result in delivery failure DSNs include:
򐂰 Workplace Messaging cannot locate the recipient’s address
򐂰 A virus scan prohibits delivery of the message
򐂰 The message cannot be written to the Message Queue or to the recipient’s
Inbox
In addition to failure DSNs, Workplace Messaging can send DSNs when a user
requests delivery confirmation for sent messages. If a user requests a DSN and
the message is successfully delivered, the sender receives a successful DSN.
For messages that originate within the mail cell but are sent with delivery
confirmation requests to external recipients, Workplace Messaging depends on
the recipient's mail system to provide the delivery confirmation to the sender. If a
sender requests a DSN and the recipient’s mail server does not support the DSN
extension, Workplace Messaging will provide the sender with a relayed DSN. If
the external system rejects the message or cannot deliver it, Workplace
Messaging returns a failure DSN to the sender.
Lotus Workplace Messaging Administration Guide
13
For messages that originate from outside the mail cell, delivery confirmations are
sent when requested and when delivery fails unless the connecting server is
listed in a blocked, blacklisted or suspect inbound connection filter. For
messages that are blocked or blacklisted, DSNs are never generated. You can
enable confirmations for suspect connections in the Workplace Messaging
Administration console.
Security in Lotus Workplace Messaging
Lotus Workplace Messaging has several key security concepts that should be
understood by anyone deploying a Lotus Workplace Messaging environment.
This section details these capabilities.
Active content filters
Lotus Workplace Active Content Filter (ACF) removes potentially malicious
active content (JavaScript, Java) from messages as they are displayed in a
browser client that interprets DHTML. The ACF runs over any application content
users have control over, such as e-mail bodies and subjects.
Dangerous URL protection
Lotus Workplace Messaging applies checks to URL-based commands that
perform potentially dangerous actions in the system, such as deleting folders in a
mail file. To counter the risk that a URL-based command could be misused,
Lotus Workplace Messaging generates a random number which varies from
session to session. The random number is then appended to potentially
dangerous URLs as an additional parameter. When an authenticated user sends
one of these URLs to the server, the server checks that the random number in
the URL matches the expected value that was generated for that particular
session before performing the requested action.
Lotus Workplace Messaging implements dangerous URL protection by executing
the following three steps:
1. Random number generation and storage
The server generates a random number and stores it in the session attribute
right after a user logs in, but before any other URLs are accessed.
2. URL modification
When a user requests an action using a dangerous URL, the server retrieves
the random number from the session object and adds it to the URL as a
parameter.
14
Lotus Workplace Messaging Administration Guide
3. URL validation
All potentially dangerous actions in Lotus Workplace Messaging are
performed by the struts action handlers. Every struts action handler first
checks that the URL that initiated the action contains a valid random number
before completing the action.
In the mail portlet, the server verifies the following potentially dangerous URL
commands:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
MessageListDelete
MessageListMove
DeleteMessage
MoveMessage
ForwardMessage
ReplyMessage
FolderListDelete
FolderListEmpty
SaveAttachment
DeleteAttachment
SendMessage
Data Integrity
The content of the Mail, Address Book and Calendar portlets in Lotus Workplace
Messaging can only be viewed or modified by the portlet owner. Security-related
information such as authentication user names and passwords and sensitive
data, such as DB2 user names and passwords and the LDAP server bind name
and password, are encoded and then stored in WebSphere Application Server
configuration files.
Secure Sockets Layer
The Secure Sockets Layer (SSL) settings that you enable for WebSphere
Application Server/Portal Server and the IBM HTTP Server apply to Lotus
Workplace Messaging. In addition, you can enable SSL for each of the Lotus
Workplace Messaging protocols: SMTP, POP3, IMAP. You may also choose to
enable SSL for LDAP and for your additional searchable directories.
Spam protection
You can configure Filters for SMTP Inbound Connections to prevent Lotus
Workplace Messaging servers from accepting unsolicited commercial e-mail
(“spam”) or junk mail. You can also use the SMTP inbound filters to prevent
Workplace Messaging servers from being used as mail relays.
Lotus Workplace Messaging Administration Guide
15
Virus handler API
Workplace Messaging 1.1 does not contain built-in anti-virus software. However,
the Message Handler component has an application programming interface
(API) that supports anti-virus scanning software. This API is currently available to
IBM Business Partners. Contact a PartnerWorld® representative for more
information.
Administration of Lotus Workplace Messaging
Lotus Workplace Messaging uses the same cell and node architecture used by
the WebSphere Application Server. The concept of a Lotus Workplace
Messaging mail cell is based on the concept of a cell as a logical grouping of one
or more nodes in a WebSphere distributed network. A mail cell will typically
contain two or more WebSphere Application Server/Portal Server machines,
each with all the Workplace Messaging Mail Service components deployed to
them. These servers will be managed by a third Deployment Manager server
which is used to administer the Workplace Messaging servers in the cluster.
The cell will use a Temporary File Store (the mail queue directory) specified
during Lotus Workplace installation and a single DB2 data store. The cell will
process mail for one or more domains and can use one or more LDAP
directories. Though deploying all of the Mail Service components on each
machine in the cluster is typical, it is possible to deploy the Mail Service
components on separate machines. It is also possible for a cell to consist of a
single server running all the necessary Workplace Messaging components
(typically a proof of concept or pilot deployment). If all of the Workplace
Messaging components are deployed on a single server, there is no need for a
Deployment Manager machine.
Figure 3 on page 17 shows a typical mail cell with two machines (in a horizontal
cluster) devoted to mail services:
16
Lotus Workplace Messaging Administration Guide
Tier 1 (Presentation)
Tier 2 (Business Logic)
HTTP
Servers
Clients
Tier 3 (Data/
Resources)
WebSphere Application
Server POP3, SMTP (In/
Out), Handler
Node
Agent
Portal Server
Lotus Workplace
Messaging Portlets (for
Web user interface)
Load
Balancer
Mail
Data
Store
IBM DB2 Server
WebSphere Application
Server POP3, SMTP (In/
Out), Handler
Deployment
Manager
Node
Agent
Administration
Console
Portal Server
Lotus Workplace
Messaging Portlets (for
Web user interface)
Message Queue
File Store
LDAP Server
Figure 3 Typical mail cell
You configure a mail cell through the WebSphere Administration console or by
using the Lmadmin commands. Configuration involves setting directory
properties and configuring services at the cell or server level.
If you have multiple machines running SMTP mail services (Mail Receiver or Mail
Delivery services), you can configure cell-wide properties for these services
without having to configure each server separately. This type of cell-wide
configuration eases your administrative burden. You can also configure Mail
Receiver services (SMTP Inbound) and Mail Delivery services (SMTP Outbound)
at the server level if you wish to manage individual servers separately. The
Message Handler and Task Scheduler services can only be configured at the
server level.
You can use the Lmadmin tool and associated commands to perform many
administration tasks. Common administration tasks include configuring a mail
cell, configuring individual servers, creating policies that control user access to
features, setting mail size quotas, scheduling administrative tasks and setting up
filters to prevent misuse of the messaging system.
Lotus Workplace Messaging Administration Guide
17
Configuring the Directory for User Account Creation and
Routing
Configuring the Directory for User Account Creation and Routing is the key
element when setting up and administering Lotus Workplace Messaging. You
configure settings for this directory to perform the following tasks:
򐂰
򐂰
򐂰
򐂰
򐂰
Messaging account management
Creating accounts
Deleting accounts
Suspending accounts
Mail routing
The Directory for User Account Creation and Routing can be an LDAP directory
other than the one specified in the WAS User Registry. Specify the new directory
in the settings for Directory for User Account Creation and Routing.
For more information on creating accounts, deleting accounts, suspending
accounts and messaging account management, refer to the IBM Lotus
Workplace Information Center. Also consult the documentation for your LDAP
software for details on working with LDAP users and schemas.
Information on creating mail cell objects for routing and on extending the LDAP
schema is also covered in the IBM Redbook Lotus Workplace Products 1.1:
Deployment Guide, SG24-7087.
Configuring a mail cell
There are several cell-wide properties that must be managed for every Lotus
Workplace Messaging deployment. Cell-wide properties include domains that
are local to the cell, the postmaster mail address, the dead letter address, and
how often to empty users' trash folders. These configuration properties cannot be
configured at the server level. In addition, all servers in the cell are affected by
the domain name system (DNS) settings and by the path of the Mail Service
queue directory (the Temporary File Store). These settings are available at the
server level.
If you have multiple machines running SMTP Mail Services (Mail Receiver and
Mail Delivery services), you can configure cell-wide properties for each service
without having to configure each server separately. Configuration of cell-wide
and server specific settings in a distributed deployment is done through the
Administration console on the Network Deployment server. Alternately, if you
wish to maintain SMTP settings at the server level, the SMTP Inbound and
SMTP Oubound services can be configured for each server individually.
18
Lotus Workplace Messaging Administration Guide
If you have all of the Mail Service components installed on a single machine (in a
proof of concept or pilot deployment), configuration of cell-wide settings and
server-specific settings is done through the WebSphere Application Server
Administration console.
Configuration options that apply at the cell level are stored in the messaging.xml
file that applies to the cell. The messaging.xml file can be found in the following
location:
install_root/WebSphere/DeploymentManager/config/ cells/<cell
name>/messaging.xml
To configure cell-wide messaging settings:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings; see Figure 4.
Figure 4 Lotus Workplace Administration console menu
2. On the Configuration page, populate the Mail Cell-Wide Settings fields in the
General Properties section; see Figure 5 on page 20.
Lotus Workplace Messaging Administration Guide
19
Figure 5 Mail Cell-Wide Settings - general properties
Table 1 lists the field labels and the values of the cell-wide messaging settings.
Table 1 Field labels and values - Mail cell-wide messaging settings
Field label
Value
Domains that are considered local
This setting specifies the domain names
that are considered local by the Mail
Service. Separate multiple names with
commas. This entry is populated during
Lotus Workplace setup.
Default domain name
This setting specifies the domain name to
append to group names and to recipient
addresses that lack a domain name.
For example, if you specify acme.com as
the default domain name, when the group
name design_team is entered in the To
field of a message, Workplace Messaging
appends acme.com to the name to create
the address: design_team@acme.com.
20
Lotus Workplace Messaging Administration Guide
Field label
Value
Postmaster mail address
This setting specifies the e-mail address
for the postmaster account. Messages
addressed to "postmaster" and internal
system reports are sent to this address.
The default entry is postmaster@default
domain.
Dead letter address
This setting specifies the e-mail address
to which to forward dead mail. If no
address is specified, dead mail remains in
the Message Queue until you use the
Lmadmin tool to delete it. The default is
blank.
Consider entering the postmaster e-mail
address as the dead letter address. Then
you can examine the mail and take
administrative action, such as setting up a
filter to block the sender of dead mail. If
you do not wish to use the postmaster
address, any valid email address is
permitted.
Empty mail in Trash after (days)
This setting specifies the number of days
after which mail in a user's Trash folder
will be automatically marked for deletion
by the Trash collector task. The default is
seven days.
3. Click Apply or OK.
4. Restart each of the WebSphere Application Server instances on each node
(Server1, WebSphere_Portal, and LotusWorkplace_Server).
In addition to cell-wide messaging settings, you can configure general mail
server properties for a cell. These settings (unlike the cell-wide settings) are
available at the server level as well.
To set general mail server properties for a cell:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings. Navigate to the Additional Properties section
and click General Mail services; see Figure 6 on page 22.
Lotus Workplace Messaging Administration Guide
21
Figure 6 Mail Cell-Wide settings - Additional Properties
2. Enter values in the following fields in the General Properties section; see
Figure 7.
Figure 7 General Mail services cell properties
Table 2 lists the field labels for General Mail services cell properties and their
values.
Table 2 Field labels and values - General Mail services cell properties
Field label
Value
DNS servers
Enter host names or IP addresses of DNS
servers that resolve names and
addresses and provide MX attributes. for
example, server1.lotus.com,
server2.lotus.com. This field is populated
during Lotus Workplace setup.
Network path of the mail service queue
directory
Enter the path to the network share that
will house the Temporary File Store. This
path can be to the local file system if all
Workplace Messaging components are
installed on a single machine. This field is
populated during Lotus Workplace setup.
3. Restart each of the WebSphere Application Server instances on each node
(Server1, WebSphere_Portal, and LotusWorkplace_Server).
22
Lotus Workplace Messaging Administration Guide
Starting and stopping the Mail Service components
Several of the configuration options for the various mail services require you to
restart the service. To stop or start a Mail Service component on a server,
perform the following steps:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers.
2. Click the Services tab to view all services on all servers; see Figure 8.
Figure 8 Workplace Services page
3. Select the check box in the left column of the service you want to start or stop.
4. Click start (or stop).
5. Click Apply or OK.
Configuring the SMTP service
The Mail Service components responsible for SMTP services are the Mail
Receiver service and the Mail Delivery service. The Mail Receiver service
receives external mail into the Workplace Messaging system and is configured
using the SMTP Inbound section of the Lotus Workplace Administration console.
The Mail Receiver service can be configured for multiple servers at the cell level,
or it can be configured at the server level.
The SMTP Inbound interface has filters that you configure to prevent the
acceptance of unsolicited commercial email (SPAM). You can also use the
SMTP Inbound interface to configure the Mail Receiver so that it is not used as
an open relay.
Lotus Workplace Messaging Administration Guide
23
The Mail Delivery service is responsible for delivering mail inside the local cell,
for transferring mail to another cell, and for transferring mail to an external
system or relay server. The Mail Delivery service is configured using the SMTP
Outbound/Local Delivery section of the Lotus Workplace Administration console.
The Mail Delivery service can be configured for multiple servers at the cell level
or it can be configured at the server level.
Configuring SMTP Inbound properties for a cell
You can configure all Mail Receiver services in a cell with the same settings by
performing the following steps:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click SMTP Inbound.
3. Edit the SMTP Inbound Service field values in the General Properties section,
shown in Figure 9.
Figure 9 SMTP Inbound cell properties
Table 3 on page 25 lists the field labels and values for SMTP inbound cell
properties.
24
Lotus Workplace Messaging Administration Guide
Table 3 Field labels and values - SMTP inbound cell properties
Field label
Value
Enable SMTP inbound
This setting specifies the TCP/IP port on
which the Mail Receiver listens for
incoming SMTP connections. If you
change this property, you must restart the
WebSphere Application Server on each
node in the cell. The default is port 25.
Use SSL with SMTP
If you enable SSL in this field, enter a port
and select an SSL configuration from the
list. The default port is 465. To use SSL
with the Mail Receiver, you must first
enable SSL in WebSphere.
SMTP greeting
This setting specifies the SMTP greeting
returned when the Mail Receiver is
contacted by an external server. Make the
greeting generic or specific, depending on
your needs. The default greeting is "Lotus
Workplace Mail."
Maximum number of SMTP inbound
sessions on any one node
This setting specifies the maximum
number of incoming SMTP sessions
allowed. Leave this field blank to indicate
an unlimited number of sessions. The
default is 50.
Note: This setting is only available at the
cell level.
Maximum number of “received” headers
This setting specifies the maximum
number of received headers allowed
before the message is considered looping.
A received header is added each time a
message is received by an SMTP server
and contains information about the
transferring server, the receiving server,
the time and date of the transfer, and so
on. Once the maximum number of
headers is reached, the message is
considered dead (this is similar to a
maximum hop count). The default is 15.
Note: This setting is only available at the
cell level.
4. Click Apply or OK.
Lotus Workplace Messaging Administration Guide
25
5. Restart the SMTP Inbound Service on each server in the cell unless you
changed the SMTP port. If you changed the port number, or if the changes do
not take effect after restarting the service, restart each of the WebSphere
Application Server instances on each node (Server1, WebSphere_Portal, and
LotusWorkplace_Server).
Configuring filters for SMTP inbound connections (cell-level only)
To prevent the acceptance of unwanted e-mail (“spam”), you configure a series
of filters for SMTP Inbound Connections. SMTP inbound filters are configured at
the cell level using the Lotus Workplace Administration console. SMTP inbound
filters cannot be set at the server level.
By default, all inbound SMTP mail is accepted by the Workplace Messaging Mail
Receiver service. To control the acceptance of e-mail from external systems, you
configure SMTP inbound filters based on the type of connection to the Mail
Receiver service. SMTP inbound connections are classified as one of five types:
򐂰 Trusted - A trusted connection is one that has not provided authentication
credentials via SMTP but comes from a specified list of TCP/IP addresses
that you configure.
򐂰 Authenticated - A connection is considered authenticated if the source
provided authentication credentials via SMTP or the message was placed in
the message queue by a portal-based Web client.
򐂰 Suspect - A connection is considered suspect if you do not have confidence
that it is trustworthy. For example, you could suspect a source as the origin of
spam although it is not listed in a Realtime Blacklist (also called a DNS
Blacklist). Treating the source as suspect allows you to control the connection
without blocking it altogether.
򐂰 Blocked - A connection is considered blocked if the source is either on a
specified list that you configure or if it is on one of the listed Realtime
Blacklists (RBLs).
򐂰 Anonymous - A connection is considered anonymous if it does not qualify as
any of the other connection types.
To access the SMTP inbound filters:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click Filters for SMTP
Inbound connections; see Figure 10 on page 27.
26
Lotus Workplace Messaging Administration Guide
Figure 10 Filters for SMTP Inbound Connections link
3. Select one of the filters listed in Figure 11.
Figure 11 Filters for SMTP Inbound Connections list
Configuring anonymous SMTP inbound filters
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click Filters for SMTP
Inbound Connections.
3. Click Anonymous and populate the following fields on the Configuration tab;
see Figure 12 on page 28.
Lotus Workplace Messaging Administration Guide
27
Figure 12 Anonymous SMTP inbound filter properties
Table 4 lists the field labels and values for Anonymous SMTP inbound filter
properties.
Table 4 Field labels and values - Anonymous SMTP inbound filter properties
Field label
Value
Force anonymous addresses to
authenticate
Select this field to force anonymous
connections to authenticate. If you enable
this property, all of the other Anonymous
filter properties are ignored.
Allow anonymous connections to relay
Select this field to allow anonymous
connections to transfer mail to your
domain that is destined for non-local
domains/users.
If this field is deselected, the Mail Receiver
service will only accept messages (from
anonymous connections) that are
destined for users in the configured local
domain(s). All other domains/users are
rejected.
28
Lotus Workplace Messaging Administration Guide
Field label
Value
Maximum meaningless commands before
termination
This setting specifies the maximum
number of meaningless commands that
the server accepts before terminating the
connection. Leave blank to indicate an
unlimited number. The default is 40.
This property protects the Mail Service
from unauthorized users who try to
overwhelm the server with meaningless
commands such as NOOP, Help, RSET,
and so on. This is commonly referred to as
a “keep alive” or denial of service attack.
Maximum inbound message size (KB)
This setting specifies the maximum size of
inbound messages that are accepted over
anonymous connections. Leave this field
blank to indicate unlimited size. The
default is 2000 KB (approximately 2 MB).
Maximum recipients
This setting specifies the maximum
number of recipients in a single domain to
whom an inbound message (from an
anonymous source) can be addressed.
The default is 0, or no limit to the number
of recipients.
Configuring this field allows you to prevent
address harvesting and e-mail “flooding.”
Verify senders with a DNS lookup
Select this field to force the server to look
up the domain (in the MAIL FROM portion
of the SMTP envelope) in the sender's
DNS database.
If the domain cannot be resolved to a
proper MX or A record, the mail is
rejected. This check prevents
unauthorized users from spoofing a
domain name.
Lotus Workplace Messaging Administration Guide
29
Field label
Value
Verify the client with a DNS lookup
Select this field to force the SMTP
Inbound service to find a PTR record for
the connecting client's IP address in the
DNS database. (A PTR record matches
an IP address to a host name in the DNS.)
This is commonly referred to as a "reverse
lookup."
If a PTR record does not exist in the DNS
database, or if the IP address does not
match a valid host name, the mail is
rejected. This check prevents
unauthorized clients from transferring mail
on behalf of a domain.
Allow the sending of delivery
confirmations
Select this field to send success, delay,
and failure DSNs for messages originating
over anonymous connections.
4. Click Apply or OK.
5. Restart the SMTP Inbound service on each server in the cell. If restarting the
service does not cause the configuration changes to take effect, restart each
of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring authenticated SMTP inbound filters
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click Filters for SMTP
Inbound Connections.
3. Click Authenticated and populate the following fields on the Configuration
tab; see Figure 13.
30
Lotus Workplace Messaging Administration Guide
Figure 13 Authenticated SMTP inbound filter properties
Table 5 on page 31 lists the field labels and values for Authenticated SMPT
inbound filters.
Table 5 Field labels and values - Authenticated SMTP inbound filters
Field label
Value
Allow authenticated connections to relay
Select this field to allow authenticated
connections to transfer mail to you that is
destined for non-local domains/users.
If this field is deselected, the Mail Receiver
service will only accept messages (from
authenticated connections) that are
destined for users in the configured local
domain(s). All other domains/users are
rejected.
Lotus Workplace Messaging Administration Guide
31
Field label
Value
Maximum meaningless commands before
termination
This setting specifies the maximum
number of meaningless commands that
the server accepts before terminating the
connection. Leave this field blank to
indicate an unlimited number. The default
is 0.
This property protects the Mail Service
from unauthorized users who try to
overwhelm the server with meaningless
commands such as NOOP, Help, RSET,
and so on. This is commonly referred to as
a “keep alive” or denial of service attack.
Maximum inbound message size (KB)
This setting specifies the maximum size of
inbound messages that are accepted over
authenticated connections. Leave this
field blank to indicate unlimited size. The
default is 2000 KB (approximately 2 MB).
Maximum recipients
This setting specifies the maximum
number of recipients in a single domain to
whom an inbound message (from an
authenticated source) can be addressed.
The default is 0, or no limit to the number
of recipients.
Configuring this field allows you to prevent
address harvesting and e-mail “flooding.”
Allow the sending of delivery
confirmations
Select this field to send success, delay,
and failure DSNs for messages originating
over authenticated connections.
4. Click Apply or OK.
5. Restart the SMTP Inbound service on each server in the cell. If restarting the
service does not cause the configuration changes to take effect, restart each
of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring trusted SMTP inbound filters
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click Filters for SMTP
Inbound Connections.
32
Lotus Workplace Messaging Administration Guide
3. Click Trusted and populate the following fields on the Configuration tab; see
Figure 14.
Figure 14 Trusted SMTP inbound filter properties
Table 6 on page 33 lists the Trusted SMTP inbound filter properties field labels
and values.
Table 6 Field labels and values - Trusted SMTP inbound filter properties
Field label
Value
Trusted IP addresses
This setting specifies IP addresses you
wish to explicitly trust. Use a comma to
separate multiple addresses. You can use
an asterisk (*) as a wildcard for an
individual octet set, for example, 127.0.0.*
Lotus Workplace Messaging Administration Guide
33
Field label
Value
Force trusted addresses to authenticate
Select this field to force trusted
connections to authenticate. This field
forces the transferring server to
authenticate itself using the SMTP AUTH
command. If you enable this property, all
of the other trusted filter properties are
ignored.
Allow trusted connections to relay
Select this field to allow trusted
connections to transfer mail to you that is
destined for non-local domains/users.
If this field is deselected, the Mail Receiver
service will only accept messages (from
trusted connections) that are destined for
users in the configured local domain(s). All
other domains/users are rejected.
Maximum meaningless commands before
termination
This setting specifies the maximum
number of meaningless commands that
the server accepts before terminating the
connection. Leave this field blank to
indicate an unlimited number. The default
is 128.
This property protects the Mail Service
from unauthorized users who try to
overwhelm the server with meaningless
commands such as NOOP, Help, RSET,
and so on. This is commonly referred to
as a “keep alive” or denial of service
attack.
Maximum inbound message size (KB)
34
Lotus Workplace Messaging Administration Guide
This setting specifies the maximum size of
inbound messages that are accepted over
trusted connections. Leave this field blank
to indicate unlimited size. The default is
2000 KB (approximately 2 MB).
Field label
Value
Maximum recipients
This setting specifies the maximum
number of recipients in a single domain to
whom an inbound message (from a
trusted source) can be addressed. The
default is 0, or no limit to the number of
recipients.
Configuring this field allows you to prevent
address harvesting and e-mail “flooding.”
Verify senders with a DNS lookup
Select this field to force the server to look
up the domain (in the MAIL FROM portion
of the SMTP envelope) in the sender's
DNS database.
If the domain cannot be resolved to a
proper MX or A record, the mail is
rejected. This check prevents
unauthorized users from spoofing a
domain name.
Verify the client with a DNS lookup
Select this field to force the SMTP
Inbound service to find a PTR record for
the connecting client's IP address in the
DNS database. (A PTR record matches
an IP address to a host name in the DNS.)
This is commonly referred to as a “reverse
lookup”.
If a PTR record does not exist in the DNS
database or if the IP address does not
match a valid host name, the mail is
rejected. This check prevents
unauthorized clients from transferring mail
on behalf of a domain.
Allow the sending of delivery
confirmations
Select this field to send success, delay,
and failure DSNs for messages originating
over trusted connections.
4. Click Apply or OK.
5. Restart the SMTP Inbound service on each server in the cell. If restarting the
service does not cause the configuration changes to take effect, restart each
of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Lotus Workplace Messaging Administration Guide
35
Configuring suspect SMTP inbound filters
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click Filters for SMTP
Inbound Connections.
3. Click Suspect and populate the following fields on the Configuration tab, as
shown in Figure 15 on page 36.
Figure 15 Suspect SMTP inbound filter properties
Table 15 lists the field labels and values for suspect SMTP inbound filters.
36
Lotus Workplace Messaging Administration Guide
Table 7 Field labels and values - Suspect SMTP inbound filter properties
Field label
Value
Suspect TCP/IP addresses
This setting specifies IP addresses you
wish to render suspect. Use a comma to
separate multiple addresses. You can use
an asterisk (*) as a wildcard for an
individual octet set, for example, 127.0.0.*
Force suspect addresses to authenticate
Select this field to force suspect
connections to authenticate. This field
forces the transferring server to
authenticate itself using the SMTP AUTH
command. If you enable this property, all
of the other suspect filter properties are
ignored.
Host names of blacklist servers
This setting specifies the DNS names of
servers that record host names and IP
addresses of users or organizations that
send junk mail. Separate multiple names
with a comma.
Allow suspect connections to relay
Select this field to allow suspect
connections to transfer mail to you that is
destined for non-local domains/users.
If this field is deselected, the Mail Receiver
service will only accept messages (from
suspect connections) that are destined for
users in the configured local domain(s). All
other domains/users are rejected.
Maximum meaningless commands before
termination
This setting specifies the maximum
number of meaningless commands that
the server accepts before terminating the
connection. Leave this field blank to
indicate an unlimited number. The default
is 32.
This property protects the Mail Service
from unauthorized users who try to
overwhelm the server with meaningless
commands such as NOOP, Help, RSET,
and so on. This is commonly referred to
as a “keep alive” or denial of service
attack.
Lotus Workplace Messaging Administration Guide
37
Field label
Value
Maximum inbound message size (KB)
This setting specifies the maximum size of
inbound messages that are accepted over
suspect connections. Leave this field
blank to indicate unlimited size. The
default is 2000 KB (approximately 2 MB).
Maximum recipients
This setting specifies the maximum
number of recipients in a single domain to
whom an inbound message (from a
suspect source) can be addressed. The
default is 0, or no limit to the number of
recipients.
Configuring this field allows you to prevent
address harvesting and e-mail “flooding.”
Verify senders with a DNS lookup
Select this field to force the server to look
up the domain (in the MAIL FROM portion
of the SMTP envelope) in the sender's
DNS database.
If the domain cannot be resolved to a
proper MX or A record, the mail is
rejected. This check prevents
unauthorized users from spoofing a
domain name.
Verify the client with a DNS lookup
Select this field to force the SMTP
Inbound service to find a PTR record for
the connecting client's IP address in the
DNS database. (A PTR record matches
an IP address to a host name in the DNS.)
This is commonly referred to as a “reverse
lookup”.
If a PTR record does not exist in the DNS
database or if the IP address does not
match a valid host name, the mail is
rejected. This check prevents
unauthorized clients from transferring mail
on behalf of a domain.
Allow the sending of delivery
confirmations
4. Click Apply or OK.
38
Lotus Workplace Messaging Administration Guide
Select this field to send success, delay,
and failure DSNs for messages originating
over suspect connections.
5. Restart the SMTP Inbound service on each server in the cell. If restarting the
service does not cause the configuration changes to take effect, restart each
of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring blocked SMTP inbound filters
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click Filters for SMTP
Inbound Connections.
3. Click Blocked and populate the following fields on the Configuration tab.
Figure 16 Blocked SMTP inbound filter properties
lists the field labels and values for Blocked SMTP inbound filters.
Table 8 Field labels and values - Blocked SMTP inbound filters
Field label
Value
Blocked IP addresses
This setting specifies IP addresses you
wish to block from transferring e-mail to
you. Use a comma to separate multiple
addresses. You can use an asterisk (*) as
a wildcard for an individual octet set, for
example, 127.0.0.*
Host names of blacklist servers
This setting specifies the DNS names of
servers that record IP addresses of users
or organizations that send junk mail.
Separate multiple names with a comma.
4. Click Apply or OK.
5. Restart the SMTP Inbound service on each server in the cell. If restarting the
service does not cause the configuration changes to take effect, restart each
of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Lotus Workplace Messaging Administration Guide
39
Configuring SMTP outbound cell properties
You can configure all Mail Delivery services in a cell with the same settings by
performing the following steps:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click SMTP
Outbound/Local Delivery.
3. Edit the SMTP Outbound Service field values in the General Properties
section; see Figure 17.
Note: All of the SMTP Outbound service properties configurable at the cell
level are available at the server level, as well.
Figure 17 SMTP Outbound/Local Delivery cell properties
Table 9 lists the field labels and values of SMTP Outbound/Local Delivery cells.
40
Lotus Workplace Messaging Administration Guide
Table 9 Field labels and values - SMTP Outbound/Local Delivery cells
Field label
Value
Name of relay server
This setting specifies the host name or IP
address of the server used to relay all
non-local outbound SMTP mail. Lotus
Workplace Messaging supports only one
relay server.
DNS name for the Mail Service
This setting specifies the fully qualified
domain name of the Mail Service. for
example, myserver.domain.com. This
name identifies the Mail Delivery service
when establishing a connection to other
mail systems and when sending delivery
status notification messages. The default
value is myhost.org.
Local domain smart host
This setting specifies the host name or IP
address of the mail server to which a
message is routed when the recipient
cannot be found in the Directory for User
Account Creation and Routing. The smart
host either returns the undeliverable
message or routes it to another mail
system that knows about the target
recipient.
Maximum number of retries
This setting specifies the maximum
number of delivery attempts before a DSN
is sent indicating delivery failure. The
default is 10.
Retry interval (min)
This setting specifies the interval to wait
between the first delivery failure and the
next attempt. Each retry increases the
interval between attempts by a multiple
of 2.
For example, the first retry occurs
5 minutes after the first failed attempt. The
second retry occurs 10 minutes later. The
third retry occurs 20 minutes later, and so
on. The default value is 5 minutes.
Maximum size of an outbound message
(KB)
This setting specifies the maximum size of
an outbound message, including
attachments. Type 0 (zero) to set no limit.
The default is 2000 KB (approximately 2
MB).
Lotus Workplace Messaging Administration Guide
41
4. Click Apply or OK.
5. Restart the SMTP Outbound service on each server in the cell. If the
configuration changes do not take effect, restart each of the WebSphere
Application Server instances on each node (Server1, WebSphere_Portal, and
LotusWorkplace_Server).
Configuring the POP3 service for a cell
POP3, or Post Office Protocol Version 3, is an Internet mail protocol that allows a
user running a POP3 client (for example, Microsoft Outlook or the Lotus Notes
client) to retrieve mail from a server that runs the POP3 service. You can set up a
Lotus Workplace server to run the POP3 service. Once you have configured the
POP3 service, POP3 clients can periodically connect to the Lotus Workplace
server and retrieve their mail. The POP3 task does not transfer mail. You
configure SMTP routing to handle message transfer from POP3 clients.
Before a POP3 client can access an inbox, he/she must authenticate with the
LDAP authentication directory (this may or may not be the same LDAP directory
as the Directory for User Account Creation and Routing). Lotus Workplace
Messaging supports basic name-and-password authentication and Secure
Sockets Layer (SSL) authentication.
You can configure all POP3 services in a cell by performing the following steps:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click POP3; see Figure 18.
Figure 18 POP3 service link
3. Edit the POP3 service field values in the General Properties section; see
Figure 19 on page 43.
42
Lotus Workplace Messaging Administration Guide
Note: All of the POP3 service properties that are configurable at the cell
level are available at the server level, as well.
Figure 19 POP3 service cell properties
Table 10 lists the field labels and values of POP3 service cells.
Table 10 Field labels and values - POP3 service cells
Field label
Value
Use POP3
This setting enables the POP3 service
and specifies the TCP/IP port on which the
POP3 Service listens for incoming POP3
client requests. If you change this
property, you must restart the WebSphere
Application Server on each node in the
cell. The default port is 110.
Use SSL with POP3
If you enable SSL in this field, enter a port
and select an SSL configuration from the
list. The default port is 995. For POP3 to
use SSL, you must first set up the
WebSphere Application Server to use
SSL.
Session time-out (sec)
This setting specifies the number of
seconds of inactivity before a POP3 client
session times out. The default is 900 (15
minutes).
Lotus Workplace Messaging Administration Guide
43
Field label
Value
Maximum sessions
This setting specifies the maximum
number of concurrent POP3 client
sessions for each POP3 server in the cell.
Leave this field blank for an unlimited
number of sessions. The default is 10
sessions.
Note: A user can have no more than one
POP3 session at a time.
4. Click Apply or OK.
5. Restart the POP3 service on each server in the cell. If the configuration
changes do not take effect, or if you changed the POP3 port number, restart
each of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring the IMAP service for a cell
IMAP, or Internet Mail Access Protocol version 4, rev 1, is an Internet mail
protocol that allows a user running an IMAP client (for example, Microsoft
Outlook or the Lotus Notes client) to access mail from a server that runs the
IMAP service. You can set up a Lotus Workplace server to run the IMAP service.
Once you have configured the IMAP service, IMAP clients can periodically
connect to the Lotus Workplace server and retrieve/manipulate their mail. The
IMAP service does not transfer mail. You configure SMTP routing to handle
message transfer from IMAP clients.
Before IMAP clients can access an inbox, they must authenticate with the LDAP
authentication directory (this may or may not be the same LDAP directory as the
Directory for User Account Creation and Routing). Lotus Workplace Messaging
supports basic name-and-password authentication and Secure Sockets Layer
(SSL) authentication.
You can configure all IMAP Services in a cell by performing the following steps:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Mail Cell-Wide Settings.
2. Navigate to the Additional Properties section and click IMAP; see Figure 20
on page 45.
44
Lotus Workplace Messaging Administration Guide
Figure 20 IMAP service link
3. Edit the IMAP service field values in the General Properties section; see
Figure 21.
Note: All of the IMAP service properties that are configurable at the cell
level are available at the server level, as well.
Figure 21 IMAP service properties
Table 11 on page 46 lists the field labels and values of IMAP service properties.
Lotus Workplace Messaging Administration Guide
45
Table 11 Field labels and values - IMAP service properties
Field label
Value
Use IMAP
This setting specifies the TCP/IP port on
which the IMAP service listens for
incoming IMAP client requests. If you
change this property, you must restart the
WebSphere Application Server on each
node in the cell. The default port is 143.
Use SSL with IMAP
If you enable SSL in this field, enter a port
and select an SSL configuration from the
list. The default port is 993. For IMAP to
use SSL, you must first set up the
WebSphere Application Server to use
SSL.
Session time-out (seconds)
This setting specifies the number of
seconds of inactivity before a session
times out. The default is 1800
(30 minutes).
Maximum sessions
This setting specifies the maximum
number of concurrent IMAP client
sessions on any server in the cell. Leave
this field blank for an unlimited number of
sessions. The default is 20 sessions.
Note: Users can have no more than one
IMAP session at a time.
4. Click Apply or OK.
5. Restart the IMAP service on each server in the cell. If the configuration
changes do not take effect, or if you changed the IMAP port number, restart
each of the WebSphere Application Server instances on each node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Setting Mail Service properties for a server
In addition to configuring SMTP (Inbound and Outbound), POP3 and IMAP at the
cell level, you can configure each of the Mail Service components at the server
level. The Message Handler and Task Scheduler services are only configurable
at the server level. Configuring Mail Services at the server level allows you the
flexibility to manage the services on each node in the cell independently.
46
Lotus Workplace Messaging Administration Guide
In a distributed deployment, you configure Mail Service settings for individual
servers using the Deployment Manager’s Administration console. If you have all
of the Workplace Messaging components installed on a single machine (as in a
proof of concept or pilot deployment), you configure Mail Service settings for
individual servers using the WebSphere Application Server Administration
console.
Configuration options that apply at the server level are stored in the
messaging.xml file that applies to the node/server. The messaging.xml file can
be found in the following location:
install_root/WebSphere/DeploymentManager/config/cells/<cell
name>/nodes/<node name>/servers/<server name>/messaging.xml
Note: Changes you make at the server level take precedence over those you
set at the cell level.
Setting general mail server properties
In addition to setting general mail server properties at the cell level, you can
configure general mail server properties at the server level. You can override the
cell settings for DNS servers and for the path to the queue directory (Temporary
File Store).
To set general mail server properties for a server:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers; see Figure 22.
Figure 22 WebSphere Administration console - Servers menu
2. On the Servers page, click the LotusWorkplace_Server link for the node you
wish to configure; see Figure 23.
Figure 23 Workplace Server list
Lotus Workplace Messaging Administration Guide
47
3. In the Additional Properties section, click the General Mail Services link; see
Figure 24.
Figure 24 Workplace server settings - Additional Properties
4. Enter values in the following fields in the General Properties section of the
Configuration tab; see Figure 25.
Note: Cell settings appear under each field on the page.
Figure 25 General Mail services server properties
Table 12 lists the field labels and values for General Mail services server
properties.
Table 12 Field labels and values - General Mail services server properties
48
Field label
Value
DNS servers
Enter host names or IP addresses of DNS
servers that resolve names and
addresses and provide MX attributes. For
example, server1.lotus.com,
server2.lotus.com. This field is populated
during Lotus Workplace setup.
Lotus Workplace Messaging Administration Guide
Field label
Value
Network path of the mail service queue
directory
Enter the path to the network share that
will house the Temporary File Store. When
using network shares for the queue
directory, you can specify a different file
store for each Workplace Messaging
server in the cell.
5. (Optional) Click the Status tab to see the entire list of services on the node.
To view properties assigned to a specific service on the node, click the
service name; see Figure 26.
Figure 26 Workplace Server Status page
6. Restart each of the WebSphere Application Server instances on the affected
node (Server1, WebSphere_Portal, and LotusWorkplace_Server).
Configuring SMTP for individual servers
The Mail Service components responsible for SMTP services are the Mail
Receiver service and the Mail Delivery service. The Mail Receiver service
receives external mail into the Workplace Messaging system and is configured
using the SMTP Inbound section of the Lotus Workplace Administration console.
The Mail Receiver service can be configured for multiple servers at the cell level,
or it can be configured at the server level.
The SMTP Inbound interface has filters that you configure to prevent the
acceptance of unsolicited commercial e-mail (“spam”). You can also use the
SMTP Inbound interface to configure the Mail Receiver so that it is not used as
an open relay. SMTP Inbound options to control SPAM and mail relay are
configurable at the cell level only.
Lotus Workplace Messaging Administration Guide
49
The Mail Delivery service is responsible for delivering mail inside the local cell,
for transferring mail to another cell, and for transferring mail to an external
system or relay server. The Mail Delivery service is configured using the SMTP
Outbound/Local Delivery section of the Lotus Workplace Administration console.
The Mail Delivery service can be configured for multiple servers at the cell level,
or it can be configured at the server level.
Configuring SMTP Inbound properties for a server
If you have multiple servers in a cell running the Mail Receiver service, you can
administer each server’s SMTP Inbound settings individually. To configure
SMTP Inbound properties for a particular server:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers.
2. On the Servers page, click the LotusWorkplace_Server link for a node
running the Mail Receiver service.
3. On the Configuration tab, click the SMTP Inbound Service link; see
Figure 27.
Figure 27 SMTP Inbound Service link
4. On the Configuration tab for the SMTP Inbound Service, enter values in the
General Properties section; see Figure 28 on page 51.
Note: The SMTP Inbound properties include both Configuration properties
and Runtime properties. Configuration properties are loaded when the
service first starts. Runtime properties can be changed on the fly without
restarting the service.
50
Lotus Workplace Messaging Administration Guide
Figure 28 SMTP Inbound server properties
Table 13 lists the field labels and values of SMTP Inbound server properties.
Table 13 Field labels and values - SMTP Inbound server properties
Field label
Value
Enabled
Select whether or not this service is
enabled. Disable this service if you are not
running it on this server and do not want to
see its status on service status pages.
Lotus Workplace Messaging Administration Guide
51
Field label
Value
Initial state
This setting specifies the state to request
when the server first starts. The default is
Started.
Virtual queues to write to
This setting specifies a list of virtual
queues that this particular Mail Receiver
writes to. Each queue will have a name
that consists of a single letter A through
H. The default is A. Adding queue names
in this field will create the virtual queues
when the service is restarted.
Add virtual queues only in a distributed
deployment where there are multiple
Message Handlers and Mail Delivery
services. You can specify multiple virtual
queues for the Mail Receivers to write to.
However, each virtual queue should have
one Handler and one Mail Delivery service
assigned to it.
Enable SMTP inbound
This setting enables SMTP inbound and
specifies the TCP/IP port on which the
Mail Receiver service listens for incoming
SMTP connections. If you change this
property, you must restart the WebSphere
Application Server on the affected node.
The default is port 25.
Use SSL with SMTP
If you enable SSL in this field, enter a port
and select an SSL configuration from the
list. Default port is 465. For SMTP to use
SSL, you must first enable SSL in
WebSphere.
Bind specific host
This setting specifies the host names or
IP addresses to bind to. Separate entries
with commas. Leave this field blank to
bind to all available network interfaces.
Binding to a specific host is useful when
you have multiple TCP/IP addresses on
one machine, and each address has a
different SMTP Inbound service. By
binding to a specific host, you restrict the
SMTP Inbound Service to one host name.
52
Lotus Workplace Messaging Administration Guide
Field label
Value
SMTP greeting
This setting specifies the SMTP greeting
returned when the Mail Receiver is
contacted by an external server. Make the
greeting generic or specific, depending on
your needs. The default greeting is: Lotus
Workplace Mail. You can change this field
at runtime.
Note: The text "Cell setting: <current cell setting>" indicates that the
property has an equivalent setting at the cell level. If you change a value
for a field that has a cell setting, the new value overrides the cell setting for
this node/server only. Fields that do not have a cell setting are configurable
only at the server level.
5. (Optional) Switch to the Runtime page and change the SMTP greeting for the
current session.
6. Restart the SMTP Inbound service on the affected node. If the configuration
changes do not take effect or if you changed the SMTP port number, restart
each of the WebSphere Application Server instances on the affected node
(Server1, WebSphere_Portal, and LotusWorkplace_Server).
Configuring SMTP outbound properties for a server
If you have multiple servers in a cell running the Mail Delivery service, you can
administer each server’s SMTP Outbound settings individually. To configure
SMTP Outbound properties for a particular server, follow these steps:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers.
2. On the Servers page, click the LotusWorkplace_Server link for a node
running the Mail Delivery service.
3. On the Configuration tab, click the SMTP Outbound/Local Delivery Service
link; see Figure 29 on page 54.
Lotus Workplace Messaging Administration Guide
53
Figure 29 SMTP Outbound service link
4. Edit the SMTP Outbound Service field values in the General Properties
section; see Figure 30 on page 55.
Note: The SMTP Outbound properties include both Configuration
properties and Runtime properties. Configuration properties are loaded
when the service first starts. Runtime properties can be changed on the fly
without restarting the service.
54
Lotus Workplace Messaging Administration Guide
Figure 30 SMTP Outbound server properties
Table 14 on page 56 lists the field labels and values for SMTP Outbound server
properties.
Lotus Workplace Messaging Administration Guide
55
Table 14 Field labels and values - SMTP Outbound server properties
56
Field label
Value
Enabled
Select whether or not this service is
enabled. Disable this service if you are not
running it on this server and do not want to
see its status on service status pages.
Initial state
This setting specifies the state to request
when the server first starts. The default is
Started.
Virtual queues to read from
This setting specifies a virtual queue that
this particular Mail Delivery service reads
from. The queue will have a name that
consists of a single letter A through H. The
default is A. The entry in this field should
correspond to an entry you placed in the
“Virtual queues to write to” field in the
SMTP Inbound properties.
Add virtual queues only in a distributed
deployment where there are multiple
Message Handlers and Mail Delivery
services. You can specify multiple virtual
queues for the Mail Receivers to write to.
However, each virtual queue should have
one Handler and one Mail Delivery service
assigned to it.
Name of relay server
This setting specifies the host name or IP
address of the server used to relay all
non-local outbound SMTP mail. Lotus
Workplace Messaging supports only one
relay server.
DNS name for the Mail Service
This setting specifies the fully qualified
domain name of the Mail Service, for
example, myserver.domain.com. This
name identifies the Mail Delivery service
when establishing a connection to other
mail systems and when sending delivery
status notification messages.
Lotus Workplace Messaging Administration Guide
Field label
Value
Local domain smarthost
This setting specifies the host name or IP
address of the mail server to which a
message is routed when the recipient
cannot be found in the Directory for User
Account Creation and Routing. The
smarthost either returns the undeliverable
message, or routes it to another mail
system that knows about the target
recipient.
Maximum number of retries
This setting specifies the maximum
number of delivery attempts before a DSN
is sent indicating delivery failure. The
default is 10.
Retry interval
This setting specifies the interval to wait
between the first delivery failure and the
next attempt. Each retry increases the
interval between attempts by a multiple
of 2.
For example, the first retry occurs 5
minutes after the first failed attempt. The
second retry occurs 10 minutes later. The
third retry occurs 20 minutes later, and so
on. The default value is 5 minutes.
Maximum size of an outbound message
(KB)
This setting specifies the maximum size of
an outbound message, including
attachments. Type 0 (zero) to set no limit.
The default is 2000 KB (approximately
2 MB). This field can be changed at
runtime.
Maximum threads
The maximum number of threads the
deliverer can use. Changing the thread
settings may result in decreased
performance.
Minimum threads
The minimum number of threads the
deliverer can use. Changing the thread
settings may result in decreased
performance.
Lotus Workplace Messaging Administration Guide
57
Notes:
򐂰 Although the Mail Delivery service in Workplace Messaging 1.1 can
transfer a single message to multiple recipients over a single
connection, the delivery service cannot batch multiple messages that
are destined for the same Internet domain. Each message destined for
the domain requires its own SMTP connection for transfer.
򐂰 The text "Cell setting: <current cell setting>" indicates that the property
has an equivalent setting at the cell level. If you change a value for a
field that has a cell setting, the new value overrides the cell setting for
this node/server only. Fields that do not have a cell setting are
configurable only at the server level.
5. Click Apply or OK.
6. (Optional) Switch to the Runtime page and change the Maximum size of
outbound messages for the current session.
7. Restart the SMTP Outbound service on the affected node. If the configuration
changes do not take effect, restart each of the WebSphere Application Server
instances on the affected node (Server1, WebSphere_Portal, and
LotusWorkplace_Server).
Configuring the POP3 service for a server
If you are running the POP3 service on more than one node in a cell, you can
configure the POP3 service properties for each server individually. You can
configure the POP3 Service on a server by performing the following steps:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers.
2. On the Servers page, click the LotusWorkplace_Server link for a node
running the POP3 service.
3. On the Configuration tab, click the POP3 Service link; see Figure 31 on
page 59.
58
Lotus Workplace Messaging Administration Guide
Figure 31 POP3 service link
4. Edit the POP3 service field values in the General Properties section; see
Figure 32 on page 60.
Note: The POP3 service properties include both Configuration properties
and Runtime properties. Configuration properties are loaded when the
service first starts. Runtime properties can be changed on the fly without
restarting the service.
Lotus Workplace Messaging Administration Guide
59
Figure 32 POP3 service server properties
Table 15 lists the field labels and values of POP3 service server properties.
Table 15 Field labels and values - POP3 service servers
60
Field label
Value
Enabled
Select whether or not this service is
enabled. Disable this service if you are not
running it on this server and do not want to
see its status on service status pages.
Initial state
This setting specifies the state to request
when the server first starts. The default is
Started.
Lotus Workplace Messaging Administration Guide
Field label
Value
Use POP3
This setting specifies the TCP/IP port on
which the POP3 service listens for POP3
client requests. If you change this
property, you must restart the WebSphere
Application Server on the affected node.
The default port is 110.
Use SSL with POP3
If you enable SSL in this field, enter a port
and select an SSL configuration from the
list. The default port is 995. For POP3 to
use SSL, you must first set up the
WebSphere Application Server to use
SSL.
Bind specific host
This setting specifies the host names or
IP addresses to bind to. Separate entries
with commas. Leave this field blank to
bind to all available network interfaces.
Binding to a specific host is useful when
you have multiple TCP/IP addresses on
one machine, and each address has a
different POP3 service running. By
binding to a specific host, you restrict the
POP3 service to one host name.
Session time-out (seconds)
This setting specifies the number of
seconds of inactivity before a POP3 client
session times out. The default is 900
(15 minutes).
Maximum sessions
This setting specifies the maximum
number of concurrent POP3 client
sessions for the specific server. Leave
this field blank for an unlimited number of
sessions. The default is 10 sessions. You
can change this field at runtime.
Note: Users can have no more than one
POP3 session at a time.
5. Click Apply or OK.
Lotus Workplace Messaging Administration Guide
61
Note: The text "Cell setting: <current cell setting>" indicates that the
property has an equivalent setting at the cell level. If you change a value
for a field that has a cell setting, the new value overrides the cell setting for
this node/server only. Fields that do not have a cell setting are configurable
only at the server level.
6. (Optional) Switch to the Runtime page and change the Maximum sessions
field for the current session.
7. Restart the POP3 service on the affected node. If the configuration changes
do not take effect or if you changed the POP3 port number, restart each of the
WebSphere Application Server instances on the affected node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring the IMAP service for a server
If you are running the IMAP service on more than one node in a cell, you can
configure the IMAP service properties for each server individually. You can
configure the IMAP service on a server by performing the following steps:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers.
2. On the Servers page, click the LotusWorkplace_Server link for a node
running the IMAP service.
3. On the Configuration tab, click the IMAP Service link; see Figure 33 on
page 63.
62
Lotus Workplace Messaging Administration Guide
Figure 33 IMAP service link
4. Edit the IMAP service field values in the General Properties section; see
Figure 34 on page 64.
Note: The IMAP service properties include both Configuration properties
and Runtime properties. Configuration properties are loaded when the
service first starts. Runtime properties can be changed on the fly without
restarting the service.
Lotus Workplace Messaging Administration Guide
63
Figure 34 IMAP service server properties
Table 16 lists the field labels and values of IMAP service servers.
Table 16 Field labels and values - IMAP service servers
64
Field label
Value
Enabled
Select whether or not this service is
enabled. Disable this service if you are not
running it on this server and do not want to
see its status on service status pages.
Lotus Workplace Messaging Administration Guide
Field label
Value
Initial state
This setting specifies the state to request
when the server first starts. The default is
Started.
Use IMAP
This setting specifies the TCP/IP port on
which the IMAP service listens for IMAP
client requests. If you change this
property, you must restart the WebSphere
Application Server on the affected node.
The default port is 143.
Use SSL with IMAP
If you enable SSL in this field, enter a port
and select an SSL configuration from the
list. The default port is 993. For IMAP to
use SSL, you must first set up the
WebSphere Application Server to use
SSL.
Bind specific host
This setting specifies the host names or
IP addresses to bind to. Separate entries
with commas. Leave this field blank to
bind to all available network interfaces.
Binding to a specific host is useful when
you have multiple TCP/IP addresses on
one machine, and each address has a
different IMAP service running. By
binding to a specific host, you restrict the
IMAP service to one host name.
Session time-out (seconds)
This setting specifies the number of
seconds of inactivity before a IMAP client
session times out. The default is 1800 (30
minutes).
Maximum sessions
This setting specifies the maximum
number of concurrent IMAP client
sessions for the specific server. Leave
this field blank for an unlimited number of
sessions. The default is 20 sessions. You
can change this field at runtime.
Note: Users can have no more than one
IMAP session at a time.
5. Click Apply or OK.
Lotus Workplace Messaging Administration Guide
65
Note: The text "Cell setting: <current cell setting>" indicates that the
property has an equivalent setting at the cell level. If you change a value
for a field that has a cell setting, the new value overrides the cell setting for
this node/server only. Fields that do not have a cell setting are configurable
only at the server level.
6. (Optional) Switch to the Runtime page and change the Maximum sessions
field for the current session.
7. Restart the IMAP service on the affected node. If the configuration changes
do not take effect or if you changed the IMAP port number, restart each of the
WebSphere Application Server instances on the affected node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring Message Handler options
The Message Handler service polls the message queue for new messages,
expands group and alias names, checks for delivery confirmations, and tracks
message retry information. There is no cell-wide setting for the Mail Handler
Service. You can have more than one Message Handler Service in a cell and you
configure Message Handler options at the server level. Configure the Message
Handler Service on a server by performing the following steps:
1. From the WebSphere Administration Console, expand Servers and click
Lotus Workplace Servers.
2. On the Servers page, click the LotusWorkplace_Server link for a node
running the Message Handler service.
3. On the Configuration tab, click the Message Handler Service link; see
Figure 35 on page 67.
66
Lotus Workplace Messaging Administration Guide
Figure 35 Message Handler Service link
4. Edit the Message Handler service field values in the General Properties
section; see Figure 36 on page 68.
Note: There are no Runtime properties for the Message Handler service.
Lotus Workplace Messaging Administration Guide
67
Figure 36 Message Handler service server properties
Table 17 lists the field labels and values of Message Handler service servers.
Table 17 Field labels and values - Message Handler service servers
68
Field label
Value
Enabled
Select whether or not this service is
enabled. Disable this service if you are not
running it on this server and do not want to
see its status on service status pages.
Initial state
This setting specifies the state to request
when the server first starts. The default is
Started.
Lotus Workplace Messaging Administration Guide
Field label
Value
Virtual queues to read from
This setting specifies a virtual queue that
this particular Message Handler service
reads from. The queue will have a name
that consists of a single letter A through H.
The default is A. The entry in this field
should correspond to an entry you placed
in the “Virtual queues to write to” field in
the SMTP Inbound properties.
Add virtual queues only in a distributed
deployment where there are multiple
Message Handlers and Mail Delivery
services. You can specify multiple virtual
queues for the Mail Receivers to write to.
However, each virtual queue should have
one Handler and one Mail Delivery service
assigned to it.
Maximum threads
The maximum number of threads the
handler can use. Changing the thread
settings may result in decreased
performance.
Minimum threads
The minimum number of threads the
handler can use. Changing the thread
settings may result in decreased
performance.
5. Click Apply or OK.
6. Restart the Message Handler service on the affected node. If the
configuration changes do not take effect, restart each of the WebSphere
Application Server instances on the affected node (Server1,
WebSphere_Portal, and LotusWorkplace_Server).
Configuring searchable directories
A searchable LDAP directory is one that users can select from the "Look in" list
when addressing email or creating mailing lists (groups). If you have not yet
configured the Directory for User Account Creation and Routing, no directories
will be listed in the list of searchable directories. You must configure the Directory
for User Account Creation and Routing before you can add directories to the list
of searchable directories.
Lotus Workplace Messaging Administration Guide
69
By default, a user's address book is searched first. You cannot change this
default. To configure additional searchable directories and set the order in which
they are searched, edit the searchable directory properties:
1. From the WebSphere Administration Console, expand Lotus Workplace and
click Directories; see Figure 37.
Figure 37 Lotus Workplace Administration console - Directories menu
2. Click Additional Searchable Directories for Mail; see Figure 38.
Figure 38 Directory links
3. Click New to add a directory.
4. Populate the additional searchable directory properties in the General
Properties section; see Figure 39 on page 71.
70
Lotus Workplace Messaging Administration Guide
Figure 39 Additional searchable directories properties
Table 18 on page 72 lists the field labels and values of additional searchable
directories.
Lotus Workplace Messaging Administration Guide
71
Table 18 Field labels and values - additional searchable directories
72
Field label
Value
Directory name
This setting specifies the display name for
this directory. This is the directory name
that users see in search results.
Attribute for the user's display name
This setting specifies the LDAP attribute
to use for displaying users' names, for
example, displayName or CN.
Attribute for additional user information
This setting specifies the LDAP attribute
to use to display additional information to
users when they search and find two or
more identical names. Consider using the
OU, location, or job responsibility
attributes. If you leave this field blank, the
e-mail address is used.
Search restrictions
This setting specifies whether users can
search the directory for both people and
groups or just people.
Name lookup timeout (sec)
This setting specifies the number of
seconds that the LDAP server has to
respond before aborting a request. Type
0 (zero) for no timeout. For best
performance, enter a low number to
prevent the directory from conducting
extensive searches that the user should
refine. The default is 15 seconds.
Search user filter
This setting specifies the LDAP filter
clause to use to search this directory for
people. The default is
objectclass=inetorgperson.
Group filter
This setting specifies the LDAP filter
clause to use to search this directory for
groups. The default is
objectclass=groupofnames.
Directory rank
This setting specifies an integer
representing the order in which this
directory is displayed. For example, 1
specifies that this directory is displayed
first. Type -1 to exclude this directory from
display. By default, a user's Address
Book is searched first, and you cannot
change this default.
Lotus Workplace Messaging Administration Guide
Field label
Value
Authentication type
This setting specifies how to authenticate
with the LDAP server. Simple
authentication consists of sending the
fully-qualified distinguished name of the
user and the user's clear-text password.
Note that the password can be read from
the network. To avoid exposing the
password in this way, use the simple
authentication mechanism with SSL.
Bind distinguished name
This setting specifies the distinguished
name that WebSphere Application Server
uses to bind to the directory service. The
DN can be a person or some other DN.
For example: cn=root. Leave blank to
allow users to bind anonymously.
Bind password
This setting specifies the password that
WebSphere Application Server uses to
bind to the directory service. Leave blank
to allow users to bind anonymously.
Type of LDAP server
Select the type of LDAP server for the
additional directory.
Host
This setting specifies the LDAP host
name or IP address, for example,
ldap.acme.com.
Port
This setting specifies the LDAP server
port. The default LDAP port is usually
389. If SSL is enabled, it is 636.
Use SSL
This setting specifies the use of SSL
when contacting the additional LDAP
directory.
Note: Enabling SSL for LDAP searches
may degrade Lotus Workplace
performance.
Base distinguished name
This setting specifies the location in the
directory tree at which to begin the
search. Some LDAP directory servers
require a search base, for example
o=Acme or o=Acme,c=US.
5. Click Apply or OK.
Lotus Workplace Messaging Administration Guide
73
6. Restart each of the WebSphere Application Server instances on the affected
node (Server1, WebSphere_Portal, and LotusWorkplace_Server).
Creating messaging-specific user policies
A “policy” in IBM Lotus Workplace is a set of enabled features and restrictions
that control user access to the Workplace products you have deployed. There
are two major types of polices in Lotus Workplace:
򐂰 User policies - These are sets of enabled features and restrictions that control
user access to Messaging, Learning Content System, Instant Messaging and
Presence, and Team Spaces, and Web Conferencing. You can create one
policy for all users, different policies for groups, or a policy for one person.
򐂰 Workplace policies - These help to identify obsolete workplaces and control
their size. There are two types of Workplace policies, team space policies and
Web conference policies.
When you create messaging-specific user policies, you can control access to
mail features. For example, you can select whether to give users access to
browser-based portlet mail (HTTP), POP3, IMAP, or access to all mail retrieval
protocols. You can also give users access to a calendar for personal information
management and a personal address book. In addition to giving users access to
mail features, you can use messaging policies to:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Set the scope to whom the policy applies
Set the maximum number of entries in a user's personal address book
Display a customized welcome message
Set mail storage quotas
Warn users when they are reaching their maximum allowed disk space
Delete messages that are older than a specified number of days
Enable backups (exports) of user mail, calendar, and personal address book
data
Note: You cannot implement messaging user policies to control access to
SMTP services in Workplace Messaging 1.1.
Distinguished name scope
The default method of assigning users to policies is based on the distinguished
name (DN) scope that you set in the policy itself. Each policy must have a unique
scope that defines the set of users to which the policy applies.
A DN is a series of comma-separated name-value pairs. These pairs are ordered
from most specific to most general. In the example "cn=John Smith,
ou=Marketing, ou=Boston, o=Acme, c=US", the most specific is "cn" and the
74
Lotus Workplace Messaging Administration Guide
most general is "c". You assign users to polices using any or all attributes that
are present in the user's distinguished name.
Wildcards are not supported except the special scope setting of asterisk (*) that
assigns all users to the policy when a policy with a more specific scope does not
apply. If you want to assign everyone in the Directory for User Account Creation
and Routing to use the default user policy, then do nothing; the user is assigned
to the default user policy if no other policy contains a more specific DN scope
setting.
Lotus Workplace assigns a user to the policy that contains the highest number of
attributes that match the user's DN. For example, when seeking to match the
user "cn=John Smith, ou=Marketing, ou=Boston, o=Acme, c=US" to a policy,
Lotus Workplace will match the following DNs to the policy, in this order:
cn=John Smith, ou=Marketing, ou=Boston, o=Acme, c=US
ou=Marketing, ou=Boston, o=Acme, c=US
ou=Boston, o=Acme, c=US
o=Acme, c=US
c=US
*
When entering a DN scope in a policy, avoid entering extra spaces around
names and values. Use the DN as it is formatted in the Directory for User
Account Creation and Routing. Case does not matter.
Using the preceding example, if you wanted to assign all members of the
marketing organization to the same policy, enter a DN scope of "ou=Marketing,
ou=Boston, o=Acme, c=US" in the policy.
LDAP policy attribute
Alternately, you can assign users to user policies by creating a policy attribute in
each person record in the Directory for User Account Creation and Routing. This
method requires using your LDAP tools to modify an existing attribute or extend
the LDAP schema to create the new attribute. The advantage that the policy
attribute method has over the DN scope method is that you can assign members
of the same DN scope to different policies.
After you set up the policy attribute in LDAP, you must change the method of
assigning users to user policies in the Directory for User Account Creation and
Routing properties.
Lotus Workplace Messaging Administration Guide
75
Tip: To see the number of users assigned to a policy, expand Lotus
Workplace, expand Users, and click Manage User Policies in the
WebSphere Administration console. To see the policy assigned to a user's
account, enter the user's name in the search filter.
Creating messaging user policies
To create user policies for messaging:
1. From the WebSphere Administration console, expand Lotus Workplace,
expand Users and click Manage User Policies; see Figure 40.
Figure 40 Manage User Policies link
2. Click New to create a new policy (you may also choose to edit the Default
User Policy).
3. Populate the field values in the General Properties section; see Figure 41 on
page 77.
76
Lotus Workplace Messaging Administration Guide
Figure 41 General properties for policies
Table 19 lists the field labels and values for general properties for policies.
Table 19 Field labels and values - general properties for policies
Field label
Value
User policy name
This setting specifies the name of the
policy.
The name must be at least one character
in length, and cannot have leading or
trailing white space. The characters /, \, <,
and > are not allowed. The name of the
default policy is Default.
Lotus Workplace Messaging Administration Guide
77
Field label
Value
Scope of user policy
This setting specifies the scope to whom
this policy applies. Use LDAP
distinguished name format.
For example, enter ou=sales,o=Acme to
specify a scope that applies to all people
in sales.acme. The Default policy's scope
is marked with an asterisk (*), meaning
that the policy applies to everyone for
whom a more specific scope does not
exist. Because scope must be unique,
only one policy can use the asterisk.
If you assign users to policies by using a
policy attribute in LDAP, do not enter a
scope.
Allow mail
Select one or more mail protocols,
including POP3 and IMAP, for mail access.
The default allows access to all protocols.
Calendar details
Allows users access to an online calendar
for personal information management.
Allow use of personal address book
Allows users access to a personal
address book.
4. Click OK.
5. From the Manage User Policies window, click the policy you just created; see
Figure 42.
Figure 42 Policy list
6. In the Additional Properties section, click the Mail Details link. The Mail
Details properties are used to set database quota options for users; see
Figure 43 on page 79.
78
Lotus Workplace Messaging Administration Guide
Figure 43 Additional properties for policy
7. Populate fields in the General Properties section; see Figure 44.
Figure 44 Mail details for policy
Table 20 on page 80 lists the field labels and values for mail details.
Lotus Workplace Messaging Administration Guide
79
Table 20 Field labels and values - mail details
Field label
Value
Display a welcome message
When you select welcome message, it
appears in a user's Inbox as the first
message when the user initially logs into
the system.
Workplace Messaging uses a default
welcome message, or an HTML file that
you specify. When creating a custom
welcome message, the HTML file must be
encoded by the character set UTF-8.
Place the new HTML file in the Workplace
Messaging installation directory.
Maximum mail storage per user (MB)
This setting specifies the maximum
amount of disk space each user has
available to store data such as mail
messages and file attachments. The
default is 60 MB.
Note: Calendar and Address Book entries
are not subject to quotas.
Percentage of disk space before warning
This setting specifies the percentage of
disk space that can be used before users
are warned that they are about to exceed
their allowed disk space. The default is 90
percent.
When over quota, messages expire (days)
When a user exceeds the maximum
storage listed above, the Quota Manager
deletes all messages and attachments
that are older than the number of days
specified here. The default is 90 days.
Type 0 to disable message expiration. If
you use this feature, you must schedule
the Quota manager using the Task
Scheduler service.
8. Click OK.
9. In the Additional Properties section for the policy, click Mail Export. The Mail
Export options are used to set mail database backup options for users subject
to this policy. If you create a policy without enabling mail Export options, you
can use the Task Scheduler service to apply an Export task. Populate fields in
the General Properties section; see Figure 45 on page 81.
80
Lotus Workplace Messaging Administration Guide
Figure 45 Mail export properties for policy
Table 21 lists the field labels and values for mail export properties.
Table 21 Field labels and values - mail export properties
Field label
Value
Export of mail files
This setting specifies whether to export
mail, calendar entries, and personal
address books of everyone assigned to
this policy. The default is disabled.
Send notifications to
This setting specifies the e-mail address
of the person to be notified when exports
take place. You may enter more than one
e-mail address. Separate addresses by
commas. This field is empty by default.
Number of exports to keep
This setting specifies the number of export
files to keep. For example, type 5 to keep
the 4 last exports plus the most current
one. The default is one.
Location of export files
This setting specifies the path to which the
export files will be written, for example:
c:\export
Export schedule to use
This setting specifies the name of the
export schedule to associate with this
policy. You must first create and name the
export schedule in the Task Scheduler
service.
Lotus Workplace Messaging Administration Guide
81
10.Click OK.
11.In the Additional Properties section for the policy, click Personal Address
Book Details. Populate fields in the General Properties section; see
Figure 46.
Figure 46 Address book properties for policy
Table 22 lists the field labels and values for address book properties.
Table 22 Field labels and values - address book properties
Field label
Value
Maximum entries in personal address
book
This setting specifies the maximum
number of entries (people and groups)
allowed in each person's personal
address book. When users reach this
number, they will not be able to create any
more entries. The default is a limit of 250
entries.
12.Click OK twice.
Backing up and recovering user mail files
Workplace Messaging stores all user mail messages in a single DB2 database.
The DB2 backup and restore commands back up and restore all user mail
messages in the event of a database failure. However, it is impractical to use the
backup and restore commands as a way of recovering a specific user's mail file.
For scheduled backup of individual mail files, use a messaging user policy to set
your mail export preferences and configure the Task Scheduler to run the Export
task.
You may also use the Lmadmin Export command to back up one or more mail
files manually. To recover individual mail files (from a manual or scheduled
export), use the Lmadmin Import command.
82
Lotus Workplace Messaging Administration Guide
Although technically feasible, exporting all users in a large Workplace Messaging
cell may have significant performance and storage implications. Export is
typically performed on a specified schedule for a designated set of users defined
by a policy. The Export task takes a snapshot of each user's entire mail file, and
the snapshot of each mail file is exported to its own zip file.
Export file names
Each time the Export task runs it creates a new zip file for each user. To form a
user's zip file name, the Export task combines the user's account ID with a suffix
that indicates the file is an export file, for example:
0921153CA57248E5BC44B874AAD0F300000B_0_export.zip
The Export task determines the account ID using the external ID.
Multiple export files
Workplace Messaging supports multiple export files for each user. You can set
up the Export task to create additional zip files in the same directory for each
user every time the task runs. The export file names will look like this:
0921153CA57248E5BC44B874AAD0F300000B_0_export.zip
0921153CA57248E5BC44B874AAD0F300000B_1_export.zip
0921153CA57248E5BC44B874AAD0F300000B_2_export.zip
0921153CA57248E5BC44B874AAD0F300000B_3_export.zip
By default, only one copy of a zip file is saved, and it is overwritten each time the
Mail Export task runs. To save multiple, rolling copies of zip files for each user,
edit the messaging policy and change the value of the “Number of exports to
keep” field for the Mail Export properties.
For example, if you change the value of “Number of exports to keep” to 4, the
Export task creates a new zip file for each user the first four times it run. The fifth
time the Export task runs, it overwrites the first zip file (the file with the
"_0_export" suffix) created for each user.
Backing up a user mail file manually
To back up a user mail file manually, use the Export command in the Lmadmin
tool:
1. Open a command window.
2. Navigate to the WebSphere Application Server bin directory, for example:
C:\Program Files\WebSphere\DeploymentManager\Bin
Lotus Workplace Messaging Administration Guide
83
3. Start the Lmadmin tool using the Lmadmin command in this format:
c:\program files\websphere\deploymentmanager\bin>lmadmin -user
<userid> -password <password>
4. Enter the Export command. For example, to export user jsmith's mail file to
the C:\Export directory, enter the following:
wsadmin>lm export -externalid jsmith -path ‘c:/export’
For more details about Export command syntax and for more detailed examples,
consult the Lotus Workplace Information Center.
Restoring a user mail file manually
To restore a user mail file manually, use the Import command in the Lmadmin
tool:
1. Open a command window.
2. Navigate to the WebSphere Application Server bin directory, for example:
C:\Program Files\WebSphere\DeploymentManager\Bin
3. At the prompt, start the Lmadmin tool using the Lmadmin command in this
format:
c:\program files\websphere\deploymentmanager\bin>lmadmin -user
<userid> -password <password>
4. Enter the Import command, and then enter the name of the most recently
exported zip file, for example:
wsadmin>lm import -zipfile
'c:/export/0921153CA57248E5BC44B874AAD0F300000B_0_export.zip'
For more details about Import command syntax and for more detailed examples,
consult the Lotus Workplace Information Center.
Scheduling messaging administrative tasks using the
Task Scheduler service
The Task Scheduler Service runs administration tasks that affect the entire mail
cell. Because its actions affect all nodes in the cell, the Mail Service must have a
Task Scheduler running on a server in the cell.
Unlike the other Mail Service components, however, you can only run the Task
Scheduler service on a single server. As a result, there is no cell-wide setting for
the Task Scheduler. You must configure the Task Scheduler at the server level.
84
Lotus Workplace Messaging Administration Guide
The Task Scheduler Service is used to configure the following messaging
administrative tasks:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
The Administrator task
The Attachment Cleanup task
The Compact task
The Export task
The Quota Manager task
The Reconcile task
The Trash Collector task
The Administrator task defined
The Administrator task synchronizes user account information in DB2 with
updates from the Directory for User Account Creation and Routing.
The Attachment Cleanup task defined
The Attachment Cleanup task marks orphaned attachments for deletion. Then to
delete the orphaned attachments, you run the Compact task.
Orphaned attachments are files that are stored as part of a message destined to
multiple recipients. Instead of storing a copy of the attachment in every user’s
mail file, the attachment is stored in a common location in DB2. Once every user
who received the message has deleted it, the attachment is orphaned and then
marked for deletion by the Attachment Cleanup task.
The Compact task defined
The Compact task works in conjunction with the Reconcile task. Once Reconcile
has performed its check that all necessary DB2 records are marked for deletion,
the Compact task will remove the records from DB2. The Compact task removes
all DB2 data marked for deletion (messages, attachments, calendar entries, and
so on).
For best performance, schedule Compact to run during non-peak hours.
The Export task defined
The Export task backs up user mail, calendar, and personal address book data,
creating a zip file for each account referenced by the user policy. A
pre-configured Export task is created by default. This instance is called the
Export Default task. You can configure the Export Default task to meet your
needs. You may also create new instances of the Export task by clicking the New
Lotus Workplace Messaging Administration Guide
85
Export Task button in the Task Scheduler properties. Export Default is disabled
until you enable it.
If you have set up Workplace Messaging to use multiple user policies, you can
create additional export tasks and give them each a name related to the user
policy. This way you can stagger exports by scheduling each Export task at a
different time. Staggering exports ensures the least impact on system
performance.
The Quota Manager task defined
The Quota manager task warns users when they reach the percent of disk space
specified in the associated messaging policy. It also marks for deletion all
messages and attachments that are older than the time period specified in the
policy.
Once enabled, the Quota Manager does the following to enforce user disk space
quotas for Workplace Messaging:
򐂰 Scans all active user mail files and keeps track of all accounts that exceed the
warning level (the default is 90 percent).
򐂰 Sends a warning notification to all users whose mail files exceed the warning
level.
򐂰 Marks old messages for deletion in all user accounts that exceed the quota.
“Old” messages are those that are older than the expiration level set in the
mail cell configuration (the default is 90 days).
򐂰 Marks all messages in the Trash folder for deletion in all user accounts that
exceed the storage quota.
Note: A user account may continue to exceed the storage quota after Quota
Manager has marked messages for deletion if the account data is younger
than the expiration level.
The Reconcile task defined
The Reconcile task is responsible for synchronizing updates to database
records. For example, when a user’s mail database is marked for deletion, the
Reconcile task must ensure that all data, folders, and so on are correctly marked
for deletion before the Compact task can remove then. Once the data is
reconciled, you run the Compact task to remove the data from DB2.
For best performance, schedule Reconcile to run during non-peak hours.
86
Lotus Workplace Messaging Administration Guide
The Trash Collector task defined
The Trash collector task marks e-mail in the Trash folder for deletion if that mail
is older than the time period specified in the mail cell configuration. To delete the
messages marked for deletion, you must run Compact.
Configuring the Task Scheduler Service
When you configure the Task Scheduler, configuration options are stored in the
lwpscheduler.xml file that applies to the server running the Task Scheduler
Service:
install_root/WebSphere/DeploymentManager/config/cells/<cell
name>/nodes/<node name>/servers/<server name>/lwpscheduler.xml
To configure the Task Scheduler Service:
1. From the WebSphere Administration console, expand Servers and click
Lotus Workplace Servers.
2. Click the link for the Lotus Workplace server that runs the Task Scheduler
Service.
3. In the Lotus Workplace Services section, click the link for the Task Scheduler
Service; see Figure 47.
Figure 47 Task Scheduler Service link
Lotus Workplace Messaging Administration Guide
87
4. Click a link for one of the Workplace administrative tasks to make changes to
its configuration; see Figure 48.
Figure 48 Administrative task list
5. Enable, disable, or edit the task’s schedule to meet your needs. Each task
has the following configuration properties; see Figure 49 on page 89.
88
Lotus Workplace Messaging Administration Guide
Figure 49 Properties for scheduled tasks
Table 23 lists the field labels and values for scheduled tasks.
Table 23 Field labels and values - scheduled tasks
Field label
Value
Enable
Causes the Task Scheduler to run the task
at the interval you specify.
Run the task
Identifies the schedule on which you want
the Task Scheduler to run the task. You
can run a task Hourly, Daily, Weekly or
Monthly.
6. Click OK.
7. Click the Configure Task Scheduler button to edit settings for the Task
Scheduler service; see Figure 50 on page 90.
Lotus Workplace Messaging Administration Guide
89
Figure 50 Task Scheduler configuration properties
Table 24 lists the field labels and values of the Task Scheduler configuration.
Table 24 Field labels and values - Task Scheduler configuration
Field label
Value
Enabled
This setting indicates whether or not the
Task Scheduler service is enabled. You
should enable the Task Scheduler on only
one server.
Initial state
This setting selects the state to request
when the server first starts.
8. Click OK.
9. Repeat steps 3 through 6 for each task schedule you want to change.
10.Restart the Task Scheduler service on the affected server.
Routing mail between Domino and IBM Lotus Workplace
Routing mail between Domino and IBM Lotus Workplace Messaging can take a
number of different forms. Generally, it is assumed that Workplace Messaging
users are “unserved” users; that is, Workplace Messaging users do not currently
have Domino mail files on a Domino server. Integrating these unserved users
into your existing mail infrastructure can be done in several different ways. In this
section we provide general guidelines about integrating Lotus Workplace
Messaging with an existing Domino mail system.
90
Lotus Workplace Messaging Administration Guide
For information on migrating existing Domino users to Lotus Workplace
Messaging, consult the IBM Lotus Workplace Information Center.
Integration of Lotus Workplace with an existing Domino infrastructure generally
presents one of the following scenarios:
򐂰 Lotus Workplace Messaging and Lotus Domino share a common Internet
domain and the Domino LDAP directory.
򐂰 Lotus Workplace Messaging and Lotus Domino share a common Internet
domain with separate LDAP directories.
򐂰 Lotus Workplace Messaging and Lotus Domino are deployed with separate
Internet domains and separate LDAP directories.
In each of these scenarios, which we discuss in the following sections, you may
use one or more Lotus Domino servers for inbound SMTP services, you may use
one or more Lotus Workplace Messaging servers for inbound SMTP services, or
you may use both Domino and Workplace Messaging for inbound SMTP
services.
The mail routing scenarios involving Domino and Lotus Workplace Messaging
can be implemented using LDAP cell objects, smart hosts, or both.
Note: This material was written using Domino 6.0.3 and Lotus Workplace 1.1
as a guide. The mail routing scenarios detailed here were not verified in ITSO
labs at the time of writing.
Smart host defined
When you configure Domino to use a smart host, by default, messages destined
for users in your domain who are not listed in the Domino directory will be
forwarded to the smart host for routing. You can also choose to forward all local
mail to the smart host. If you add users with a mail system of “Other Internet,”
messages destined for these users will also be forwarded to the smart host for
routing.
In Lotus Workplace Messaging, a smart host is an SMTP server to which
messages are sent when a recipient in the local domain cannot be found in the
LDAP directory, when the recipient is not a member of the local cell, or when the
recipient does not have an LDAP mail cell attribute that defines an alternate
destination.
LDAP cell object defined
The Lotus Workplace Messaging Mail Service relies on the cell name of the
recipient and the domain part of the e-mail address to properly route mail. If a
recipient is in the local Internet domain, but the recipient is not a member of the
Lotus Workplace Messaging Administration Guide
91
local messaging cell, the Mail Service will attempt to locate a mail cell attribute
for the recipient. If no cell attribute is found, the message is transferred to the
configured smart host. If a cell attribute is found, the Mail Service will use the cell
name and the host name of the cell’s inbound SMTP server to route the
message.
You would use cell objects in the following circumstance:
򐂰 You plan to make Lotus Workplace Messaging route mail to all users in the
Directory for User Account Creation and Routing, and
򐂰 You have more than one mail system in your domain (or more than one
Workplace Messaging mail cell), and
򐂰 The mail systems (or cells) in your domain share a common LDAP directory
for user account creation and routing, and
򐂰 No smart host is configured
Scenario 1 - Lotus Workplace and Lotus Domino share an
Internet domain and the Domino LDAP directory
When you use Lotus Domino to provide inbound SMTP services for your domain,
you can configure Domino to route incoming Internet mail to Workplace
Messaging users in one of two ways:
򐂰 You can configure the Workplace Messaging inbound SMTP server as a
smart host in the Domino directory
򐂰 You can specify the Workplace Messaging inbound SMTP server’s host
name in users’ Person documents.
Let’s look at these methods in more detail now.
Domino routes Internet mail to Workplace Messaging (smart host)
To configure Domino to route Internet mail to Workplace Messaging users via a
smart host (when both systems are in the same domain and share the Domino
LDAP directory for user account creation and routing):
򐂰 Follow the appropriate steps to configure the Domino LDAP server to support
Lotus Workplace (refer to Chapter 2 in the IBM Redbook Planning in the
Lotus Workplace 1.1 Products: Deployment Guide, SG24-7087).
򐂰 Install Lotus Workplace and configure Workplace Messaging to use the
Domino directory as the Directory for User Account Creation and Routing
(directory configuration is done during Lotus Workplace setup).
򐂰 Add (not register) Workplace Messaging users to the Domino LDAP directory
as Mail System: “Other Internet Mail”
92
Lotus Workplace Messaging Administration Guide
– If the Domino directory is also the authentication directory, populate the
Shortname field in the Person document.
– Populate the Internet Address field in the Person document to allow mail
delivery and to support automatic account creation in Lotus Workplace.
– If, instead of relying on automatic account creation, you are using an
existing account attribute or if you have extended the LDAP schema to
include an account attribute, grant your Workplace Messaging users
access by putting LotusMailAccountGranted in the account attribute field.
– Do not populate the Forwarding Address field in the Person document (the
Forwarding Address is used when no smart host is configured, or when
the user is in another domain).
򐂰 Populate the smart host field in the Server Configuration document(s) that
apply to your Domino SMTP inbound server(s).
򐂰 Enable “SMTP used when sending messages outside of the local Internet
domain” in all Server Configuration documents; this allows each of your
servers to transfer mail via SMTP.
򐂰 Enable “SMTP allowed within the local Internet domain” (for all messages, or
for MIME messages only) since mail can only be transferred to the smart host
via SMTP.
Note: Be aware that if you enable SMTP for all messages, all Notes Rich Text
messages will be converted to MIME before transfer, resulting in loss of
message fidelity.
򐂰 Notes client users (with Domino mail files) should have the field “Format for
messages addressed to Internet addresses” set to MIME format in their
Location documents. (If the Internet message format is set to Notes Rich Text
in the Location document, messages sent by Notes users to Lotus Workplace
users must be converted to MIME before transfer.)
Once you configure smart host routing, when Domino receives a message, if the
domain part of the recipient's address matches the local Internet domain or one
of the alternate Internet domain aliases defined in the Global Domain document,
the Router looks up the address against all configured directories. If the address
is not found, or if the user’s mail system is “Other Internet,” the Router uses
SMTP to forward the message to the configured smart host.
In this case, the configured smart host is the host name of the Workplace
Messaging inbound SMTP server for the cell. Once the message is transferred to
the Workplace Messaging server, the Mail Receiver service determines whether
the recipient is a member of the local cell and routes the message accordingly.
Lotus Workplace Messaging Administration Guide
93
Note: Domino sends all messages addressed to unknown recipients in the
local Internet domain to the configured smart host. You cannot configure
Domino to send to the smart host only messages that are addressed to
recipients in some subset of the internal domains and domain aliases defined
in the Global domain document.
Domino routes Internet mail directly to Workplace Messaging
To configure Domino to route Internet mail directly to Workplace Messaging
users (when both systems are in the same domain and share the Domino LDAP
directory for user account creation and routing), do the following:
򐂰 Follow the appropriate steps to configure the Domino LDAP server to support
Lotus Workplace (refer to Chapter 2 of the IBM Redbook Planning in the
Lotus Workplace 1.1 Products: Deployment Guide, SG24-7087).
򐂰 Install Lotus Workplace and configure Workplace Messaging to use the
Domino directory as the Directory for User Account Creation and Routing
(directory configuration is done during Lotus Workplace setup).
򐂰 Add (not register) Workplace Messaging users to the Domino LDAP directory
as Mail System: “POP or IMAP”:
– If the Domino directory is also the authentication directory, populate the
Shortname field in the Person document.
– Populate the Internet Address field in the Person document to allow mail
delivery and to support automatic account creation in Lotus Workplace.
– If, instead of relying on automatic account creation, you are using an
existing account attribute or if you have extended the LDAP schema to
include an account attribute, grant your Workplace Messaging users
access by putting LotusMailAccountGranted in the account attribute field.
– Populate the “Mail server” field with the fully qualified host name of the
Workplace Messaging inbound SMTP server for the cell.
– Set the “Format preference for incoming mail” field to Prefers MIME, to
avoid potential message conversion issues.
򐂰 Enable “SMTP used when sending messages outside of the local Internet
domain” in all Server Configuration documents; this allows each of your
servers to transfer mail via SMTP.
򐂰 Enable “SMTP allowed within the local Internet domain” (for all messages or
for MIME messages only) since mail can only be transferred to Lotus
Workplace via SMTP.
Note: Be aware that if you enable SMTP for all messages, all Notes Rich Text
messages will be converted to MIME before transfer resulting in loss of
message fidelity.
94
Lotus Workplace Messaging Administration Guide
򐂰 Notes client users (with Domino mail files) should have the field “Format for
messages addressed to Internet addresses” set to MIME format in their
Location documents. (If the Internet message format is set to Notes Rich Text
in the Location document, messages sent by Notes users to Lotus Workplace
users must be converted to MIME before transfer.)
Once you configure routing using host names, when Domino receives a
message, if the domain part of the recipient's address matches the local Internet
domain or one of the alternate Internet domain aliases defined in the Global
Domain document, the Router looks up the address against all configured
directories. When the user is found in the directory, Domino will attempt to
transfer the message to the user’s mail server.
In this case, the user’s mail server is the host name of the Workplace Messaging
inbound SMTP server for the cell. Once the message is transferred to the
Workplace Messaging server, the Mail Receiver service determines whether the
recipient is a member of the local cell and routes the message accordingly.
Workplace Messaging routes Internet mail to Domino (smart host)
Instead of using Domino to receive inbound Internet mail, you may choose to
allow Workplace Messaging to act as the inbound SMTP service for the domain.
If Workplace Messaging performs inbound SMTP services, you must be sure to
configure proper MX records for the Workplace servers. You can configure
Workplace Messaging to route mail to Domino servers by configuring smart host
routing or by extending the LDAP schema to provide mail cell attributes.
To configure Lotus Workplace Messaging to route mail to Domino servers via a
smart host (where both systems are in the same domain and share the Domino
LDAP directory for user account creation and routing), do the following:
򐂰 Follow the appropriate steps to configure the Domino LDAP server to support
Lotus Workplace (refer to Chapter 2 in the IBM Redbook Planning in the
Lotus Workplace 1.1 Products: Deployment Guide, SG24-7087).
򐂰 Install Lotus Workplace and configure Workplace Messaging to use the
Domino directory as the Directory for User Account Creation and Routing
(directory configuration is done during Lotus Workplace setup)
򐂰 Add (not register) Workplace Messaging users to the Domino LDAP directory
as Mail System: “Other Internet Mail”:
– If the Domino directory is also the authentication directory, populate the
Shortname field in the Person document.
– Populate the Internet Addres field in the Person document to allow mail
delivery and to support automatic account creation in Lotus Workplace.
– If, instead of relying on automatic account creation, you are using an
existing account attribute or if you have extended the LDAP schema to
Lotus Workplace Messaging Administration Guide
95
include an account attribute, grant your Workplace Messaging users
access by putting LotusMailAccountGranted in the account attribute field.
– Do not populate the Forwarding Address field in the Person document; the
Forwarding Address is used by Domino when no smart host is configured
or when the user is in another domain.
򐂰 Populate the smart host field in the Workplace Administration console, SMTP
Outbound/Local Delivery properties (this value will be the fully qualified host
name of a Domino inbound SMTP server).
Once you configure smart host routing, when Lotus Workplace Messaging
receives a message, if the domain part of the recipient's address matches one of
the local Internet domains configured in the Mail Cell-Wide Settings, the Mail
Service will determine whether the user is a member of the local cell. Since
Domino users will not be members of the cell (and since cell attributes are not in
use), the Receiver Service will transfer the message to the configured smart
host.
In this case, the configured smart host is the host name of a Domino inbound
SMTP server. Once the message is transferred to the Domino server, the SMTP
Listener task determines the location of the recipient and routes the message
accordingly.
Workplace Messaging routes Internet mail to Domino (cell attribute)
Instead of configuring a smart host in Lotus Workplace Messaging, you can
extend the Domino LDAP schema to provide mail cell attributes for all of your
users. Domino users would have a cell attribute value of “Domino” (without the
quotes) and mail would be routed to local domain users based on the cell
attribute.
To configure Workplace Messaging to route Internet mail using cell attributes, do
the following:
򐂰 Follow the appropriate steps to configure the Domino LDAP server to support
Lotus Workplace (refer to Chapter 2 of the IBM Redbook Planning in the
Lotus Workplace 1.1 Products: Deployment Guide, SG24-7087).
򐂰 Install Lotus Workplace and configure Workplace Messaging to use the
Domino directory as the Directory for User Account Creation and Routing
(directory configuration is done during Lotus Workplace setup).
򐂰 Add (not register) Workplace Messaging users to the Domino LDAP directory
as Mail System: “Other Internet Mail”.
– If the Domino directory is also the authentication directory, populate the
Shortname field in the Person document.
96
Lotus Workplace Messaging Administration Guide
– Populate the Internet Addres field in the Person document to allow mail
delivery and to support automatic account creation in Lotus Workplace.
– If, instead of relying on automatic account creation, you are using an
existing account attribute or if you have extended the LDAP schema to
include an account attribute, grant your Workplace Messaging users
access by putting LotusMailAccountGranted in the account attribute field.
– Do not populate the Forwarding Address field in the Person document; the
Forwarding Address is used by Domino when no smart host is configured
or when the user is in another domain.
򐂰 Follow the instructions in the IBM Lotus Workplace 1.1 Information Center to
extend the Domino LDAP schema to include a mail cell object.
򐂰 Populate the mail cell attributes of your users.
Once you configure routing using cell attributes, when Workplace Messaging
receives a message, if the domain part of the recipient's address matches one of
the local Internet domains, the Mail Receiver service will look for the user’s mail
cell attribute and will route the message based on the contained values. Each
mail cell attribute will contain a cell name and a host name for the cell’s inbound
SMTP server.
In this case, a Domino user’s mail cell attribute will contain the host name of a
Domino inbound SMTP server. Once the message is transferred to the Domino
server, the SMTP Listener task determines the location of the recipient and the
message is routed accordingly.
Domino and Workplace Messaging route Internet mail to each other
Instead of configuring either Domino or Workplace Messaging to provide the
domain’s inbound SMTP services, you may choose to allow both mail systems to
receive Internet mail and route to each other. To configure both e-mail systems
for inbound SMTP services, do the following:
򐂰 Follow the steps in “Workplace Messaging routes Internet mail to Domino
(smart host)” on page 95 to configure the Workplace Messaging inbound
SMTP server as a smart host in the Domino directory, and
򐂰 Follow the steps in “Workplace Messaging routes Internet mail to Domino
(cell attribute)” on page 96 to extend the LDAP schema to provide mail cell
attributes for routing from Workplace Messaging to Domino, or
򐂰 Follow the steps in “Domino routes Internet mail directly to Workplace
Messaging” on page 94 to configure direct routing between Domino and
Workplace Messaging, and
򐂰 Follow the steps in “Domino routes Internet mail to Workplace Messaging
(smart host)” on page 92 to configure a Domino inbound SMTP server as a
smart host in the Workplace Messaging Administration console
Lotus Workplace Messaging Administration Guide
97
Note: Be certain that you do not configure smart host routing in both mail
systems. If both systems have smart host routing enabled, you will create a
routing loop for mail received for invalid users.
Scenario 2 - Lotus Workplace and Lotus Domino share an
Internet domain but use separate LDAP directories
Instead of configuring your Domino and Workplace Messaging systems to share
an LDAP directory, you may configure each system with an independent LDAP
directory. Both systems may still be in the same domain, though the directories
are separate.
Configuring Workplace Messaging and Domino to route mail to each other (when
both systems are in the same domain and the LDAP directories are separate)
involves the same configuration steps detailed on previous pages, with some
limitations, as described here.
Domino routes Internet mail to Workplace Messaging
To use Domino for inbound SMTP services (when both systems are in the same
domain with separate LDAP directories), do the following:
򐂰 Follow the steps in “Workplace Messaging routes Internet mail to Domino
(smart host)” on page 95 to configure the Workplace Messaging inbound
SMTP server as a smart host in the Domino directory.
Configuring a smart host is the only recommended option for routing mail from
Domino to Workplace Messaging when the two systems are using separate
directories. Attempting to use Person documents to route mail directly to
Workplace Messaging would cause you to create duplicate records for users in
both LDAP directories.
Note: Ensure that you do not configure smart host routing in both mail
systems. If both systems have smart host routing enabled, you will create a
routing loop for mail received for invalid users.
Workplace Messaging routes Internet mail to Domino
To use Lotus Workplace Messaging for inbound SMTP services (when both
systems are in the same domain with separate LDAP directories), do the
following:
򐂰 Follow the steps in “Domino routes Internet mail to Workplace Messaging
(smart host)” on page 92 to configure a Domino inbound SMTP server as a
smart host in the Workplace Messaging Administration console, or
98
Lotus Workplace Messaging Administration Guide
򐂰 Follow the steps in “Workplace Messaging routes Internet mail to Domino
(cell attribute)” on page 96 to extend the LDAP schema to include a mail cell
object
Note: Ensure that you do not configure smart host routing in both mail
systems. If both systems have smart host routing enabled, you will create a
routing loop for mail received for invalid users.
Domino and Workplace Messaging route Internet mail to each other
To configure both mail systems to receive inbound Internet mail and route it to
each other (when both systems are in the same domain with separate LDAP
directories), do the following:
򐂰 Follow the steps in “Workplace Messaging routes Internet mail to Domino
(smart host)” on page 95 to configure a Workplace Messaging inbound SMTP
server as a smart host in the Domino directory, and
򐂰 Follow the steps in “Workplace Messaging routes Internet mail to Domino
(cell attribute)” on page 96 extend the LDAP schema to include a mail cell
object
Note: Ensure that you do not configure smart host routing in both mail
systems. If both systems have smart host routing enabled, you will create a
routing loop for mail received for invalid users.
In this configuration, you must extend the LDAP schema for the Workplace
Messaging system, since smart host routing in Domino is the only option.
Scenario 3 - Lotus Workplace and Lotus Domino have
separate Internet domains and separate LDAP directories
Deploying Workplace Messaging and Domio in separate domains with separate
LDAP directories is the easiest configuration, from a routing perspective. In this
scenario, you manage each mail system separately and routing between the
systems is handled by DNS lookups.
You are not required to implement smart hosts or to extend the LDAP schema in
this case. Because the mail systems are in separate domains, transfer of mail to
each system relies on the same DNS lookups provided for external mail transfer.
Lotus Workplace Messaging Administration Guide
99
Troubleshooting Workplace Messaging
General tips
Troubleshooting the installation and configuration of Lotus Workplace Messaging
involves an examination of many of the components used to troubleshoot other
IBM Lotus Workplace products. These components include the WebSphere
Portal logs, the WebSphere Application server logs, and your LDAP/WebSphere
security configuration.
In general, you should follow this basic guideline for troubleshooting Workplace
Messaging issues:
򐂰 Workplace Messaging relies heavily on the DB2 server; therefore, you should
verify database connectivity by using a DB2 client to connect to the Nagano
database, and by verifying the JDBC properties in the WebSphere
Administration console.
򐂰 Proper LDAP/WebSphere security configuration is also essential to
Workplace Messaging, so follow the troubleshooting steps “Security in Lotus
Workplace Messaging” on page 14 to validate your LDAP/WebSphere
security configuration.
򐂰 For issues that seem to be specific to the Portal-based messaging client,
examine the WebSphere Portal logs for errors
򐂰 For issues specific to one of the messaging protocols (for example, POP,
IMAP, or SMTP), examine systemout.log for the LotusWorkplace_Server
instance (each of the protocol services runs in this server instance).
򐂰 Verify the installation/configuration of the messaging protocols by using an
application such as telnet to communicate with the mail service.
Analyzing messaging settings
The most common issues encountered in Lotus Workplace Messaging revolve
around incorrect configuration options. Workplace Messaging relies very heavily
on the LDAP, WebSphere security, and messaging settings in order to function
properly. Follow the troubleshooting steps detailed in this paper for examining
your LDAP and WebSphere security settings.
In addition to LDAP and WebSphere security, you should also verify the
configuration of the messaging components. Settings specific to Workplace
Messaging are stored in the messaging.xml file for your cell. You can find the
messaging.xml file in:
WAS_HOME\config\<cell>\
100
Lotus Workplace Messaging Administration Guide
Each of the properties listed in this file is visible in the WebSphere Application
server Administration console. Examining this file manually in an XML viewing
tool is most useful if a configuration issue prevents you from accessing the
Administration console, or if you wish to see a specific setting without navigating
the WebSphere user interface.
Note: The specific location of configuration parameters in messaging.xml can
be found in the IBM Lotus Workplace Information Center.
Remember to follow best practices whenever you encounter an issue; exhaust
all troubleshooting steps before changing any of your configuration settings,
because your “problem” can always be made worse by changing configurations
without careful consideration of the impact.
If you must change your configuration, modify files, or replace files, then make
sure that you keep a copy of any files changed or replaced—and make sure you
have a current backup of your environment. WebSphere allows you to do this
outside of your organization’s standard system backup procedure by taking a
“snapshot” of your current configuration, using the “backupconfig” utility.
Now let’s take a look at a typical problem.
Example - login errors produced by LDAP configuration
One of the most common issues encountered installing/configuring Workplace
Messaging 1.1 involves the following: a user logs into the portal-based Web
client and receives the following error.
User {0} does not have a local mail file.
This error generally results from incorrect entries in the security settings, or from
incorrectly populated e-mail addresses, as explained here.
Verify security settings
To verify the security settings, open lwpprops.properties and examine the
settings for:
LWMLocalDomainNames
LWMFullyQualifiedDomainName
LWMDNSNames
If these settings are incorrect, you should restore your system from backup and
re-run the enable security script with the correct settings specified in
lwpprops.properties.
Lotus Workplace Messaging Administration Guide
101
Mistakes in e-mail addresses
This error can also result from mistakes in the e-mail addresses of users. When
you add user records to your LDAP directory, a valid e-mail address must be
specified that matches the value in LWMLocalDomainNames in
lwpprops.properties. For example, if LWMLocalDomainNames is set to
workplace.acme.com, then each user’s e-mail address must end in
workplace.acme.com.
Examining log files
Generally, the starting points for diagnosing and troubleshooting Workplace
Messaging installation and configuration are the WebSphere logs. Errors
reported by the Mail Service components (POP3, IMAP, SMTP, and so on)
appear in the WebSphere Application server SystemOut.log file and in the
SystemErr.log file. The SystemOut.log and SystemErr.log files are found in the
following locations (Windows, in this example):
򐂰 C:\WebSphere\AppServer\logs\server1>
򐂰 C:\WebSphere\AppServer\logs\LotusWorkplace_Server>
򐂰 C:\WebSphere\PortalServer\log>
The SystemOut file will contain any normal messages sent from the Portal and
Workplace applications or from the application server itself. Starting, stopping,
and initialization of Web applications can be seen here. Also, if there is an
exception in a Web application, you may find it here.
The SystemErr file will write any exceptions that the Portal, Workplace, or even
the application server may have thrown. Examine it closely for a concurrent date
and time stamp, and then for an error or exception itself.
Client issues - Web-based portal clients
For issues encountered using the portal-based messaging client, you should first
examine the SystemOut.log for the WebSphere Portal server. This log will
contain errors and exceptions related to the rendering of the mail client.
The SystemOut.log for WebSphere Portal server can be found in the
\WebSphere\PortalServer\log> hierarchy. Examine the WebSphere Portal log in
conjunction with the SystemOut.log files for the other WebSphere Application
server instances.
Client issues - POP3/IMAP clients
For issues involving POP3 and IMAP clients, use a utility like telnet to issue
commands to the Mail Service components. Using a telnet session in this
102
Lotus Workplace Messaging Administration Guide
manner will verify that the service is functioning properly. Communicating directly
with the POP3/IMAP service also removes any potential issues generated by the
POP3/IMAP users’ clients. For instructions on using telnet, consult the product
documentation for your operating system.
A sample telnet session with the POP3 service might look like the following:
telnet server.acme.com POP3
USER username
PASS password
STAT [retrieves information on the user’s mail file]
LIST [retrieves the number of messages in the mail file]
RETR 1 [retrieves message 1 from the mail file]
DELE 1 [marks message 1 for deletion from the mail file]
RSET [unmarks the message marked for deletion by the DELE command]
QUIT
Note: For more information on POP3 server commands and their use, refer to
RFC 1939, “Post Office Protocol - Version 3.”
A sample telnet session with the IMAP service might look like the following:
telnet server.acme.com IMAP
C: USER username password
C: SELECT inbox
C: UID FETCH 1:* RFC822.SIZE [fetch information about the size of
message 1]
C: UID FETCH 1 BODY[] [fetch the body of message 1]
C: QUIT
Note: For more information on IMAP server commands and their use, refer to
RFC 2060, “IMAP - version 4, rev1.”
Verifying SMTP
SMTP inbound
For Workplace Messaging issues that revolve around the inability to receive
inbound SMTP mail, you should verify that each of the Workplace servers
Lotus Workplace Messaging Administration Guide
103
running the SMTP Inbound service has a valid MX/A record in the DNS
database. Verification of proper MX/A records is also important for issues around
the transfer of messages between Workplace Messaging and other mail systems
in the same domain. Generally, improperly configured DNS records will prevent
the transfer of all mail to your domain.
Use a DNS verification tool such as nslookup to verify the MX, A, and PTR
records for your domain. For more information on using nslookup, refer to the
product documentation for your operating system.
In addition to proper DNS records, inability to receive inbound mail can also be
the result of SMTP Inbound connection filters. Examine the configuration of
SMTP inbound filters in the WebSphere Administration console. Generally,
SMTP Inbound connection filters will prevent the transfer of mail from particular
domains/servers.
To verify the proper installation/configuration of the SMTP Inbound service, use a
tool such as telnet. For instructions on using telnet, refer to the product
documentation for your operating system. A sample telnet session with the
SMTP service might look like the following:
telnet server.acme.com smtp
ehlo mydomain.com
MAIL FROM: user@mydomain.com
RCPT TO: user@acme.com
DATA
Subject: test e-mail
From: user@mydomain.com
hello world
.
quit
Note: For more information on SMTP server commands and their use, refer to
RFC RFC 2821, “Simple Mail Transfer Protocol.”
SMTP outbound
Issues with the SMTP Outbound/Local Delivery service are generally the result
of configuration problems outside of Lotus Workplace Messaging. Inability to
transfer mail to a specific domain may be the result of incorrect DNS records in
the receiving domain. Transfer problems may also result if your domain has been
placed on a DNS blacklist.
104
Lotus Workplace Messaging Administration Guide
Trace settings
Message logging and diagnostic trace, although similar in concept, have a key
difference. While a log message entry is intended to be viewed and understood
by end users, systems administrators, and support personnel, a trace entry is
intended for service engineers or developers. Trace records can be more
complex, verbose, and detailed than log messages. Trace entries may be fairly
inscrutable, understandable only by the appropriate developer or service
personnel. As a result, enabling tracing for Workplace Messaging should be
done at the direction of IBM Technical Support to diagnose a specific issue.
To enable mail tracing options for all message routing activity and for the content
of routed mail, enter the following in the relevant application server's Trace
Specification field:
com.ibm.nagano.mta=all=enabled:com.ibm.nagano.queue=all=enabled
To enable all the tracing available in IBM Lotus Workplace Messaging, use:
com.ibm.nagano.*=all=enabled:
Important: The diagnostic trace service generates a large amount of data in a
very short time and can degrade server performance. Once enabled, use the
trace service to gather necessary information and then promptly disable it.
Summary
In this Redpaper we introduced the components of the Lotus Workplace
Messaging System, and discussed many topics around the administration and
configuration of this system. This paper is not a complete administrative guide for
this product, and does not cover many key installation, planning, and deployment
topics. For more details on the latest Lotus Workplace Messaging products and
capabilities, including coverage of these additional topics, refer to the following
resources:
General product information:
http://www-106.ibm.com/developerworks/lotus/products/workplace/
Product documentation:
http://www-10.lotus.com/ldd/notesua.nsf/find/lwm
For a Redbook focused on the install/deployment of the entire Workplace
“platform”:
http://www.ibm.com/redbooks/abstracts/sg247087.html
Lotus Workplace Messaging Administration Guide
105
The team that wrote this Redpaper
This Redpaper was produced by a team of specialists from around the world
working at the International Technical Support Organization, Cambridge
Massachusetts
Jeffrey Slone is currently a Senior Curriculum Developer with the IBM Software
Group (Lotus Engineering Test, Product Introduction, and Technical Support
group) in the Performance and Learning organization. As a part of the
Performance and Learning organization at IBM, he has developed and delivered
training on many of the Lotus product offerings including Domino, IBM Lotus
Collaborative Learning and Lotus Workplace Messaging. He is a CLP in Notes
and Domino System Administration.
William Tworek is a Project Leader with the International Technical Support
Organization, working out of Westford, Massachusetts. He provides
management and technical leadership for projects that produce Redbooks™ on
various topics involving IBM and Lotus Software technologies.
The authors would also like to thank the following people from the IBM Lotus
Software organization for their (sometime significant) contributions to this project:
򐂰 Jack Downing
򐂰 Rebecca Buisan
򐂰 Beth Anne Collopy
򐂰 Matt Chant
򐂰 Mike Gagnon
򐂰 Andreas Goelzer
򐂰 Pete Lyons
Thanks, too, to the many other members of the Workplace development team
who provided thoughts and input into this project.
106
Lotus Workplace Messaging Administration Guide
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area.
Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such
provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer
of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s) described in this publication at
any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on
the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the
sample programs are written. These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to IBM for the purposes of
developing, using, marketing, or distributing application programs conforming to IBM's application
programming interfaces.
© Copyright IBM Corp. 2004. All rights reserved.
107
This document created or updated on April 16, 2004.
®
Send us your comments in one of the following ways:
򐂰 Use the online Contact us review redbook form found at:
ibm.com/redbooks
򐂰 Send your comments in an Internet note to:
redbook@us.ibm.com
򐂰 Mail your comments to:
IBM Corporation, International Technical Support Organization
Dept. HYJ Mail Station P099, 2455 South Road
Poughkeepsie, New York 12601-5400 U.S.A.
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States,
other countries, or both:
Eserver®
Eserver®
Domino™
DB2®
IBM®
Lotus Notes®
Lotus®
Notes®
PartnerWorld®
Redbooks™
Tivoli®
WebSphere®
Workplace Messaging™
Redbooks (logo)
™
The following terms are trademarks of other companies:
Intel, Intel Inside (logos) and Pentium are trademarks of Intel Corporation in the United States, other
countries, or both.
Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States,
other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
108
Lotus Workplace Messaging 1.1 Administration Guide