System Administration

Sections and Access Rights Base Directory Structure General Settings Command Line Options Shutting Down OS syslog Server Root Privilege Domain Administration Customizing Domain WebAdmin Interface Customizing Server Prompts When the CommuniGate Pro Server is up and running, it can be configured, monitored, and set up using any Web browser. By default, the HTTP module provides access to the CommuniGate Pro administration pages (WebAdmin Interface) via the TCP port number 8010. To connect to the server, the administrator should type http://serveraddress:8010 where serveraddress is either server IP address or the server domain name (A-record). Note: If you use a Netscape® browser, check that its caching setting (Preferences->Advanced->Cache) is set to Every time.

Sections and Privileges

The Server administration pages are divided into four groups (realms). To access a page in any group, a user should be registered with the CommuniGate Pro Server (should have an account on the Server), and the user should be explicitly granted access rights to that section.

• The Settings section contains pages that allow a system administrator to modify the Server kernel and module settings.
• The Accounts section contains pages that allow a system administrator to create and remove secondary domains and accounts, and to modify the domain and account settings.
• The Directory section contains pages that allow a system administrator to configure the Directory services of the CommuniGate Pro server.
• The Monitors section contains pages that allow a system administrator to monitor server and module queues, communication channels and their states, and to browse the Server Logs.

Finally, there is the Master section that contains the pages that allow a system administrator to grant and revoke access rights, and to modify the Server License Keys.

Note: If a user is granted the Master access right, that user can access all other sections.

Note: These access rights can be granted to the accounts (users) in the main domain only. Accounts in secondary domains can be granted domain administration rights only.

When a Server is installed for the first time, it creates the postmaster account in the main domain, assigns a random password to that account, and grants the Master access right to the postmaster user.

---

Base Directory Structure

All CommuniGate Pro Server files - accounts, domains, mailboxes, settings, queues, etc. are stored in one place - in the Server base directory.

When the Server starts, it creates the following objects inside its base directory:

• The Settings directory. This directory contains files with module and kernel component settings.
• The Queue directory. This directory contains Temporary and Message files. The Message files contain messages submitted to the Server, but still undelivered to all their recipients.
• BadFiles directory. This directory contains Message files the Enqueuer kernel component failed to parse. This directory should be empty.
• Accounts directory. This directory contains account files for the Main Server Domain.
• Domains directory. This directory contains directories for all Secondary Domains.
• Submitted directory. This drop-in directory is used to submit messages to Server via the PIPE module.
• SystemLogs directory. This directory contains Server Logs.
• ProcessID file. This file exists only when the Server is running and contains the numeric identificator of the Server process.
• Directory file. This file contains or describes the Server Central Directory.

For more information about the Account and Domain files and directories, see the Account Data section.

You can use symbolic links to move some of these directories to other locations (and other disks).

---

General Settings

Start configuring the Server by opening the General page in the Settings section.

Main Domain Name:   System Internals Log: Crashes OnlyFailuresMajor & FailuresProblemsLow-LevelAll Info   Crash Recovery: DisabledEnabled   Server Time: 21:08:46 -0800   Server OS: Sun Solaris   Server Hardware: Intel   Server Version: 3.5   Server IP Address(es): [216.200.213.118],[216.200.213.119],[10.0.0.5] Name Server(s) IP Address(es): [216.200.213.113],[216.200.213.114]

Main Domain Name

In this field you should enter the name that the CommuniGate Pro Server will interpret as its own Main Domain Name. All mail addressed to that domain will be treated as local, and (in the simplest case) that mail will be stored in local account mailboxes. Initially, this field contains the server computer name that CommuniGate Pro retrieves from the OS. If this names looks like host12345hh.company.com, you should change it to the name of the domain this Server should process.

Note: unless you create additional Domains ONLY the messages directed to addresses in the Main Domain will be processed as local. If the Main Domain Name is entered as company.com, then messages to mail.company.com will not be processed as local, and if such a message is received, the server will try to deliver it to the mail.company.com system over the network. If the DNS record for the mail.company.com points to the same Server computer, the mail loop error will be detected, and the message will be rejected.

If your server should process mail for several domains, enter the additional domain names as Main Domain Aliases (if those domain names should be mapped to the Main Domain), or create additional Secondary Domains.

Sample configuration:

A server should process mail for the company.com and client1.com domains. In the DNS system, these domain names have only MX-records pointing to mail.company.com and mail.client1.com A-records, and these A-records point to IP address(es) belonging to the CommuniGate Pro Server system.

• set company.com as the Main Domain Name.
• open the Domains page, find the company.com record and click on its Settings link to open the company.com Domain Settings page. Scroll it down to find the Aliases fields.
• enter mail.company.com into an empty Aliases field, and click the Update button.
• open the Domains page. Enter client1.com into the text field and click the Create Domain button.
• the client1.com record should appear in the list; click its Settings link to open the client1.com Domain Settings page. Scroll it down to find the Aliases fields.
• enter mail.client1.com into an empty Aliases field, and click the Update button.

System Internals Log

Use this setting to specify what kind of information the server kernel module should put in the Server Log. Usually you should use the Major (message transfer reports) level. But when you experience problems with the server kernel, you may want to set the Log Level setting to Low-Level or All Info: in this case low-level details will be recorded in the System Log as well. When the problem is solved, set the Log Level setting to its regular value, otherwise your System Log files will grow in size very quickly.
The kernel records in the System Log are marked with the SYSTEM tag.

Kernel problems are very unlikely to happen. If you see any problem with the Server, try to detect which component is causing it, and change the Log setting of that component (Router, SMTP, POP, etc.) to get more information.

Crash Recovery

If this option is enabled, the CommuniGate Pro Server uses special recovery techniques to proceed after various failures (including the crashing bugs in the Server software itself).

If you see "exception raised" messages in your CommuniGate Pro Log and/or in the OS system.log or mail.log, you may want to disable this option and force the Server to stop when an exception is raised again, and to produce a core dump file.
Core dump files can be uploaded to the Stalker ftp site for examination.

Stalker Software recommends you to disable this option if you are running any beta-version of the CommuniGate Pro software.

Information fields

Information fields on the General Settings page display the name of the Server Operating System, the hardware platform, the version of the CommuniGate Pro Server, the Server network address(es), the Server Local Time and Time Zone. This information is useful for system administrators that have to examine Logs from remote locations, as all time stamps in the System Logs are specified in the Server local time.

Refresh

This button can be used after the Server OS local IP Addresses have been changed or the DNS settings for CommuniGate Pro Domains have been modified. When you click this button:

• the Server re-reads the list of Local IP Addresses from the OS;
• the Server re-reads the Domain Name Server addresses from the OS settings.
• the Server updates the "Assigned IP Addresses" for all Server Domains. If some domains have IP Addresses specified "Using DNS A/MX Records", the new addresses are retrieved from the DNS system;

---

Command Line Options

The CommuniGate Pro Server supports the following command-line options (parameters):

--CGateBase directory
or
--Base directory

The next parameter string specifies the location of the CommuniGate Pro base directory.

--LogToConsole

This option tells the Server to duplicate all its System Log records to the stdout (standard output). This option can be used for troubleshooting when the Web interface to System Logs is not available.

--LogAll

This option tells the Server to ignore all current Log Level settings and record all possible Log records.

--NoWebCache

This option tells the server not to cache the Web Interface files internally. Use this option when you modify the Web Interface files and you need to see the results without restarting the server.

--Daemon

This option can be specified on Unix platforms only. It tells the server to fork and operate in the background, with stdin, stdout, and stderr redirected to /dev/null.

--CGateApplication directory

The next parameter string specifies the location of the CommuniGate Pro application directory. You can use this option when the application itself cannot properly detect its own location, or if the CommuniGate Pro Server application file is not placed in the same location as other application directory files and subdirectories. For example, on OS/400 CommuniGate Pro Server is located in an OS/400 library, and this parameter is used to tell the server where the Unix-style directory with WebUser, WebAdmin, WebGuide, and other files is located.

--noLockFile

This option tells the Server not to create the ProcessID lock file. This option can be used if the file system hosting the base directory does not support file locks.

--dropRoot

This option can be specified on Unix platforms only. It tells the Server to drop the root privilege permanently. The server drops the privilege aproximately 60 seconds after the end of its kernel initiatialization process, so all listenening sockets can be opened when the server is still running as the root. The root privilege cannot be restored later. See the Server Root Privilege section for more details.

--ThreadsScope

This option can be specified on platforms using p-threads (OS/400 and most Unix flavors). The next parameter string can be either "system" or "process". See your OS manual to learn how these "scheduling scopes" work. If this option is not specified, the default OS scheduling mode is used.

--BatchLogon

This option can be specified on Microsoft Windows NT/2000 platforms only.

The option tells the Server to use 'batch logon' instead of the 'network logon' when an account password is verified using the Windows OS password system.

--SharedFiles

This option can be specified on Microsoft Windows platforms only.

The option tells the Server to open all files with the FILE_SHARE_READ sharing attribute making it possible for other programs (such as backup daemons) read the CommuniGate Pro base directory files when the server is running.

Command line option names are case-insensitive.

---

Shutting Down

The CommuniGate Pro Server can be shut down by sending it a SIGTERM or a SIGINT signal.

On Unix platforms, you can use the startup script with the stop parameter, or you can get the Server process id from the ProcessID file in the base directory and use the kill command to stop the server.

On the Windows NT platform, you can use the Services control panel to stop and start the CommuniGate Pro server.

You can also use the shutdown CLI API command to stop the server.

When the Server receives a shutdown request, it closes all the connections, commits or rolls back mailbox modifications, and performs other shutdown tasks. Usually these tasks take 1-3 seconds, but sometimes (depending on the OS network subsystem) they can take more time. Always allow the server to shut down completely, and do not interrupt the shutdown process.

---

OS syslog

The CommuniGate Pro server can store as much as several megabytes of Log data per minute (depending on the Log Level settings of its modules and components), and it can search and selectively retrieve records from the log. To provide the required speed and functionality, the Server maintains its own multithreaded Log system.

The Server places records into the OS log (system.log or mail.log):

• when it starts up;
• when it shuts down;
• when it detects its own memory leaks;
• when it detects its own program error;
• when a program error exception (signal) is raised.

---

Server Root Privilege

The CommuniGate Pro is designed as a highly secure application. In order to perform certain operations, the Server runs as root on Unix platforms, and it carefully checks that no user can access restricted OS resources via the Server. Since many other servers do not provide the same level of security, system administrators preferred to run servers in a non-root mode, so a hole in the server security would not allow an intruder to access the restricted OS resources.

CommuniGate Pro can "drop" the root privilege. The privilege can be dropped in the "permanent" or "reversable" mode. When asked to drop the root (uid=0) privilege, the Server changes its UID:

• to the UID of the Unix user cgatepro (if exists), otherwise
• to the UID of the Unix user nobody (if exists), otherwise
• to the UID 1

When the root privilege is dropped, the following restrictions apply:

• No Listener port with number < 1024 can be opened. If you try to add a listener with the port number n (n < 1024), the port with the number 8000+n is opened instead.
• Remote applications started via Account-Level Rule EXECUTE command run in the current CommuniGate Pro Server environment (the effective UID and other OS-level process parameters are not changed).
• OS Passwords cannot be used.

If the root privilege was dropped in the "reversable" mode, the root privilege can be restored. For example, if you need to open a listener on the port 576, but the Server root privilege has been dropped, you should restore the root privilege first, then open the listener port, and then you can drop the Root provilege again.

To drop the root privilege permanently, use a special Command Line Option.

To drop the root privilege in the "reversable" mode, click the "Drop Root" button on the General page. The button should change to the "Restore Root" button - you can use it to restore the Server root privilege. This option is not available on those platforms that cannot drop the root privilege correctly (Linux).

---

Domain Administration

If your Server has several Secondary Domains, you may want to grant some user(s) in that domain the domain administrator access right.

A domain administrator can use the WebAdmin interface to access the pages in the Accounts section, but the access is limited to that domain only, and not all domain and account Settings can be modified.

When you grant the domain administrator access right to a user, you will see a list of specific access rights - the internal names of Domain and Account Settings. You should specify which settings the domain administrator can modify. Also, the list of enabling options allows you to grant the domain administrator rights:

• to create, rename, and remove accounts
• to create, rename, and remove account aliases
• to create, rename, and remove mailing lists
• to modify the WebUser Interface files (HTML templates and graphic images)
• to send Alert messages to domain users
• to have full direct access to all mailboxes in the domain accounts.

The domain administrator can also upload and update the WebUser Interface pages, if you grant the CanCreateWebPages access right to that administrator.

The domain administrator access right can be granted to users in secondary domains by a system administrator that has the Accounts (All Domains and Account Settings) access right.

A Domain administrator can control the domain using the same WebAdmin port (see HTTP module description for the details), or using the Command Line Interface commands.

---

Customizing Domain WebAdmin Interface

The Server Administrator can modify the look and feel of the Domain WebAdmin interface. For each CommuniGate Pro domain, a custom version of WebAdmin files can be created and uploaded to the domain storage.

To modify the Domain WebAdmin interface pages, connect to the server WebAdmin Interface as a Server Administrator, open the Domain Settings page and click the WebAdmin link. The list of WebAdmin files will appear. Click the Accounts link to open the subdirectory containing the files used to compose WebAdmin pages in the "Account" realm:

(Accounts subdirectory) UP

Marker File Name Size Modified default AccountDefaults.html 1929 15-Feb-00 default AccountList.html 2K 15-Feb-00 AccountMain.html 4K 27-Feb-00 default AccountRemove.html 489 15-Feb-00 default AccountRights.html 2K 15-Feb-00 default AccountSettings.html 2K 15-Feb-00 .................................. default WebUserSettings.html 1194 15-Feb-00 default WebUserSettingsMain.html 3K 15-Feb-00 Totals: 32 66K

If the file does not exist in the domain WebAdmin directory, the file from the application directory WebAdmin subdirectory is shown, and the default marker is displayed. If the file exists in the domain WebAdmin directory, that file is shown and a check box is displayed in the Marker field.

To modify some element of the WebAdmin Interface:

• use the WebAdmin Interface Editor to open the directory that contains the file you want to modify;
• use the file link to open the file and/or to copy the file on your local disk;
• modify the file using any HTML editor program;
• on the same WebAdmin Interface Editor directory page, click the Browser button and select the modified file on your local disk;
• click the Upload File button to upload the modified file to the CommuniGate Pro WebAdmin directory opened in the WebAdmin Interface Editor.

If the WebAdmin directory/subdirectory did not contain a custom copy of the uploaded file, you will see the default file marker changing to a checkbox. If a custom version of that file already existed in the WebAdmin directory/subdirectory, the old version is replaced with the uploaded one.

To remove a custom version of a WebAdmin Interface file, select the checkbox on the left of that file name and click the Delete Marked button. If the file with that name exists in the application directory WebAdmin subdirectory, the file name does not disappear from the WebAdmin Interface Editor page, but the name gets the default marker indicating that the default (original) version of the file will be used again.

Note:The Server WebAdmin interface always uses the files located in the WebAdmin subdirectory of the application directory. If you modify the WebAdmin interface for the main domain, the modified pages will be used when a Domain Administrator of the main domain uses the WebAdmin Interface. The Server Administrator will see the framed version of the WebAdmin Interface (with the Settings, Domains, Directory, and Monitors realms) and the default WebAdmin files will be used to compose the Server WebAdmin Interface pages.

---

Customizing Server Prompts

The Server Administrator can modify the protocol prompts and other text strings the CommuniGate Pro Server sends to client mailers.

To modify the Server Strings, the administrator should follow the Strings link on the General Settings page. The Server Strings page appears (the actual page has much more strings):

Keyword String POPPrompt CommuniGate Pro POP3 Server ^0 ready SMTPByeBye CommuniGate Pro SMTP closing connection SMTPNoRelay we do not relay SMTPNonInternet will leave the Internet SMTPNormalPrompt ^1 ESMTP CommuniGate Pro ^0

To modify a Server String, enter the new text in the text field, and select the upper radio button. To change the string to its default value (displayed under the text field), simply select the lower radio button.

Click the Update button to update the Server Strings.