Digital_TCP/IP_Services_for_OpenVMS_________________ Release Notes November 1996 This manual describes changes to the software; installation, upgrade, and compatibility information; new and existing software problems and restrictions; and software and documentation corrections. Revision Information: This is a revised document. Operating Systems: OpenVMS Alpha Version 6.1 and later OpenVMS VAX Version 6.1 and later Software Version: Digital TCP/IP Services for OpenVMS Version 4.1, ECO2 Digital Equipment Corporation Maynard, Massachusetts ________________________________________________________________ November 1996 Digital Equipment Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description. Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Digital or an authorized sublicensor. Digital conducts its business in a manner that conserves the environment and protects the safety and health of its employees, customers, and the community. © Digital Equipment Corporation 1996. All rights reserved. The following are trademarks of Digital Equipment Corporation: ACMS, ALL-IN-1, Alpha AXP, DECdtm, DDCMP, DEC, DECnet, DECNIS, DECserver, DECsystem, DECwindows, DNA, InfoServer, LAT, OpenVMS, PATHWORKS, POLYCENTER, ULTRIX, VAX, VAXstation, VMS, VMScluster, and the DIGITAL logo. The following are third-party trademarks: IBM and OS/2 are registered trademarks of International Business Machines Corporation. Sun, NFS, and PC-NFS are registered trademarks of Sun Microsystems, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company Ltd. All other trademarks and registered trademarks are the property of their respective holders. _________________________________________________________________ Contents Preface................................................... v 1 Overview of Mandatory Update 1.1 ECO2 Contents................................. 1-1 2 New Features 2.1 UCX POP Server Now Supported.................. 2-1 2.1.1 Differences Between the UCX POP Server and the IUPOP3 Server......................... 2-2 2.2 SNMP Extensible Agent (eSNMP)................. 2-5 2.3 Finger Utility................................ 2-5 2.4 New FTP Command: VIEW ........................ 2-7 VIEW................................................ 2-8 2.5 NFS Server: File-Naming Enhancement........... 2-10 ADD EXPORT ......................................... 2-11 2.6 NFS Server: Support for XQP+.................. 2-15 3 POP Server Operations 3.1 OpenVMS Mail.................................. 3-1 3.2 Minimal Support for Mail Messages Sent Using MAIL/FOREIGN.................................. 3-1 3.3 Log File...................................... 3-1 3.4 POP Server Process............................ 3-1 3.5 UIDL Support.................................. 3-2 3.6 User Authorization............................ 3-2 3.7 Shared Secret Requirement..................... 3-5 3.8 Configuring POP............................... 3-5 3.9 Mail Header Creation.......................... 3-10 3.10 Patching the OpenVMS Mail From: Line.......... 3-12 iii 3.11 POP Error Messages............................ 3-16 3.12 POP OPCOM Messages............................ 3-22 3.13 POP Extensions................................ 3-24 4 SMTP Logical Names 4.1 SMTP Logical Names Available.................. 4-1 5 Corrections 5.1 Engineering Change Orders Included............ 5-1 5.2 BIND Server Corrections....................... 5-1 5.3 FTP (File Transfer Protocol).................. 5-1 5.3.1 FTP Server and Client Problems Corrected................................. 5-2 5.3.2 Corrections to the Digital TCP/IP Services for OpenVMS User's Guide.................. 5-4 5.4 NFS Problems Corrected........................ 5-4 5.5 SMTP Problems Corrected....................... 5-6 6 Changes, Problems, and Restrictions 6.1 BIND Server: Changes to Load Balancing........ 6-1 6.2 New Configuration Procedure Available for the BIND Server................................... 6-1 6.3 POP Problems.................................. 6-2 6.4 NTP (Network Time Protocol) Service........... 6-3 6.5 SMTP Addressing Syntax Guidelines............. 6-4 6.6 Corruption in SMTP Control Files.............. 6-5 6.7 NFS (Network File System)..................... 6-5 6.7.1 NFS Procedures Changed to Encourage Use of NFS Management Commands................... 6-5 6.7.2 NFS-Providing Universal Access to World-Readable Files...................... 6-6 6.7.3 NFS Client and Server Restrictions........ 6-6 6.7.4 Mounting the Master File Directory (MFD)..................................... 6-7 6.8 RCP (Remote Copy)............................. 6-8 6.9 UCX on OpenVMS Clusters....................... 6-9 6.10 Management Commands........................... 6-10 6.11 Sun RPC (Remote Procedure Calls).............. 6-10 iv Tables 2-1 Differences: UCX POP and IUPOP3 Servers... 2-2 3-1 Logical Names for Configuring POP......... 3-5 4-1 Logical Names for Configuring SMTP........ 4-2 v _________________________________________________________________ Preface The Digital TCP/IP Services for OpenVMS (UCX) product is Digital's implementation of the TCP/IP protocol suite and internet services for OpenVMS Alpha and OpenVMS VAX systems. The release notes in this document apply to Digital TCP/IP Services for OpenVMS, Version 4.1 ECO2 (Engineering Change Order No. 2). Intended Audience These release notes are for: o UCX installers who are using the POLYCENTER Software Installation procedure. For complete installation information, see the Digital TCP/IP Services for OpenVMS Installation and Configuration manual. o Managers of OpenVMS[TM] layered products o OpenVMS system managers o Network managers (who may or may not be familiar with UNIX) Related Documents For information about Digital TCP/IP Services for OpenVMS Version 4.1 and how to use the product, refer to the following manuals in the documentation set: o Digital TCP/IP Services for OpenVMS Installation and Configuration Order Number AA-LU49J-TE o Digital TCP/IP Services for OpenVMS User's Guide v Order Number AA-PC27G-TE o Digital TCP/IP Services for OpenVMS eSNMP Programming and Reference Order Number AA-R04BA-TE o Digital TCP/IP Services for OpenVMS Management Order Number AA-LU50H-TE o Digital TCP/IP Services for OpenVMS Management Command Reference Order Number AA-PQQGE-TE o Digital TCP/IP Services for OpenVMS Sun RPC Programming Order Number AA-Q06VD-TE o Digital TCP/IP Services for OpenVMS System Service and C Socket Programming Order Number AA-LU51H-TE o Digital TCP/IP Services for OpenVMS Concepts and Planning Order Number AA-Q06TC-TE For additional information about the Digital TCP/IP Services for OpenVMS product and services, access the Digital OpenVMS World Wide Web site. Use the following URL: http://www.openvms.digital.com Terminology This manual uses the following terminology: o The abbreviation for the product name is UCX. o Digital TCP/IP Services for OpenVMS is used to mean both: - The Digital TCP/IP Services for OpenVMS Alpha[TM] operating system product - The Digital TCP/IP Services for OpenVMS VAX[TM] operating system product o UCX is used to mean Digital's implementation of the TCP /IP protocol stack. vi o Software components - Auxiliary Server is used to mean the UCX implementation of the INETd function, system security, and other features. - NFS[TM] means the UCX implementation of the Network File System (NFS) protocols, including NFS Server, NFS Client, and PC-NFS[TM]. - TN3270 means the Telnet software that emulates IBM 3270 model terminals. o UNIX[TM] operating system UNIX refers to UNIX Version 4.3 of the Berkeley Software Distribution (BSD). The Digital ULTRIX[TM] and DEC OSF /1[TM] operating systems are fully compatible with UNIX BSD Version 4.3. o Networking terms - Host and node both mean a system connected to an internet. - The term Internet means the network, as defined by RFC 1208, consisting of large networks that use the TCP/IP protocol suite; provides universal connectivity, reaching the Defense Advanced Projects Research Agency (DARPA) Internet, MILNET, NSFnet, CERN, and many worldwide universities, government research labs, military installations, and business enterprises. The term internet means interconnected networks using the TCP/IP protocols, functioning as one, virtual network. - A VAXcluster[TM] system is made up of all VAX systems. A VMScluster[TM] system can be made up of either all Alpha systems or a mixture of VAX systems and Alpha systems. vii Conventions The following conventions apply to this book. ___________________________________________________________ Convention_______Meaning___________________________________ UPPERCASE Indicates OpenVMS system output or user SPECIAL TYPE input. UPPERCASE TEXT Indicates names of OpenVMS and UCX commands, options, utilities, files, directories, hosts, and users. lowercase Indicates UNIX system output or user special type input, commands, options, files, directories, utilities, hosts, and users. italic Indicates a variable. bold Indicates a new term defined in the text. Indicates that you press the Return key. Indicates that you press the Control key while you press the key noted by x. [ ] In command format descriptions, indicates optional elements. You can enter as many as you want. { } In command format descriptions, indicates you must enter at least one listed _________________element.__________________________________ Reader's Comments Digital welcomes your comments on this manual or any of the Digital TCP/IP Services for OpenVMS documents. Send us your comments through any of the following channels: Internet openvmsdoc@zko.mts.dec.com Fax 603 881-0120, Attention: OSSG Documentation, ZKO3-4/U08 Mail OSSG Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698 viii How To Order Additional Documentation Use the following table to order additional documentation or information. If you need help deciding which documentation best meets your needs, call 800-DIGITAL (800-344-4825). ix 1 _________________________________________________________________ Overview of Mandatory Update This chapter provides information about this version of the Digital TCP/IP Services for OpenVMS (UCX) product. 1.1 ECO2 Contents This version of the Digital TCP/IP Services for OpenVMS Version 4.1 product, ECO2, is a required update, or MUP (mandatory update). Digital requires that you install ECO2 to ensure that the Digital TCP/IP Services for OpenVMS Version 4.1 product functions correctly. ECO 2 contains general functionality and security corrections to the following Version 4.1 images: o Kernel o TELNET o Finger The remainder of this document discusses new features and release information that pertain to Digital TCP/IP Services for OpenVMS Version 4.1. Overview of Mandatory Update 1-1 2 _________________________________________________________________ New Features This chapter outlines the following new features that are provided in this release of the Digital TCP/IP Services for OpenVMS (UCX) product: o UCX POP (Post Office Protocol) server (Section 2.1) o SNMP extensible agent (eSNMP) (Section 2.2) o Finger utility (Section 2.3) o FTP command: VIEW (Section 2.4) o NFS server enhancement to the file naming rules (Section 2.5) o NFS server support for XQP+ (Section 2.6) 2.1 UCX POP Server Now Supported The UCX POP server (POP) is an OpenVMS implementation of the Post Office Protocol, Version 3 (RFC 1725) and is based on the Indiana University POP server, Version 1.8 (IUPOP3). There is no UCX POP client at this time. POP is a mail repository that is used mostly by PCs to ensure that mail is accepted even when a PC is turned off. With POP, the PC user need not be concerned with configuring the system as an SMTP server. The UCX POP server is intended to be used with the UCX SMTP server. Digital does not support the use of the UCX POP server when you use it in conjunction with third-party SMTP mailers such as the MX software, even though a third-party configuration might function successfully. For detailed information about the use of UCX POP, see Chapter 3. New Features 2-1 2.1.1 Differences Between the UCX POP Server and the IUPOP3 Server Table 2-1 outlines the differences between the UCX POP server and the IUPOP3 server. This information presumes a knowledge of the IUPOP3 server. Note that the table lists only those elements that were present in the IUPOP3 server and modified in the UCX POP server. Table_2-1_Differences:_UCX_POP_and_IUPOP3_Servers__________ FunctionalPOP_Server_________________IUPOP3_Server_________ InvocationInvoked by the UCX Invoked manually auxiliary server as a through two command nolisten service. The files that you auxiliary server runs customize. UCX$POP_RECV_STARTUP.COM in the UCX$POP account. PrivilegesInstalled with SYSPRV and Must be run in an BYPASS privileges. The account that has UCX$POP account needs no SYSPRV and BYPASS special privileges. privileges. Quotas Requires the same Modification of the quotas as IUPOP3. The SYSTEM parameter PQL_ UCX$POP account is given DTQELM is necessary. sufficient quotas by the UCX$CONFIG.COM file. No modification of the SYSGEN parameter PQL_ DTQELM is necessary. ConfiguratConfigured through UCX Configured through POP logical names, UNIX-style command which support some of line parameters in the the IUPOP3 command line command file. items. (continued on next page) 2-2 New Features Table_2-1_(Cont.)_Differences:_UCX_POP_and_IUPOP3_Servers__ FunctionalPOP_Server_________________IUPOP3_Server_________ ParametersPOP logical names define Supported parameters: the parameters: -port n UCX$POP_LOG_LEVEL -xtnd file UCX$POP_MESSAGE_ -loglevel level MAXIMUM -logfile file UCX$POP_PURGE_RECLAIM -maxmsg n IUPOP3 parameters not -purge-reclaim supported are: -port n, -xtnd file (a separate file for authorization is not required), and -logfile file (the file UCX$POP_RECV_STARTUP.LOG is used). Options POP logical names support Compile-time options. IUPOP3 compile-time options as run-time configurable options: UCX$POP_PERSONAL_NAME UCX$POP_IGNORE_MAIL11_ HEADERS Link Configurable with the Contains a hard-wired, idle UCX$POP_LINK_IDLE_TIMEOUT two-minute link idle timeout logical name. timeout. SO_SNDBUF Can be configured to take Contains a hard-wired socket the UCX default (from 8192 value for the option the QUOTA option of the SO_SNDBUF setsockopt SHOW PROTOCOL/PARAMETER option. command) or a value you specify (512 or greater). (continued on next page) New Features 2-3 Table_2-1_(Cont.)_Differences:_UCX_POP_and_IUPOP3_Servers__ FunctionalPOP_Server_________________IUPOP3_Server_________ AuthorizatDoes not permit access to Checks the dismail, verifi- an account's mail if the disuser, pwd_expired cation account has expired. If a and pdw2_expired flags password has expired, the to determine if an user can still use POP to account's mail may be read mail. accessed. Message You define the logical You modify one of communi- UCX$POP_POSTMASTER to a the command files cation user name or list of user to create a list of names to whom mail will user names that will be sent if the server receive a failure mail exits with an error. message if the server Otherwise, the mail is exited with an error sent to SYSTEM. message. Defaults There is no default limit The maximum number of to the maximum number messages defaults to of mail messages that 20 if not defined by a single client can the parameter -maxmsg. download per connection. You define the logical name UCX$POP_MESSAGE_ MAXIMUM to a number __________between_0_and_65,535.____________________________ In addition to the differences outlined in Table 2-1, see Chapter 3 for information about the following changes: o Mail header. There are numerous changes in the way the UCX POP server transforms the OpenVMS mail From: line to an SMTP style From: line. o New commands supported by UCX POP and not by IUPOP3. The UCX POP server implements the UIDL and APOP commands. For descriptions of problems that exist with POP, see Section 6.3. 2-4 New Features 2.2 SNMP Extensible Agent (eSNMP) Digital TCP/IP Services for OpenVMS provides support for network management with the Extensible SNMP (eSNMP) software. Extensibility means that a single agent can support any number of subagents. The eSNMP software consists of an agent and subagents that run on all network elements. A management station is the entity on the TCP/IP network that runs the agent software and maintains the managed information. Network elements are entities such as hosts, routers, X terminals, and terminal servers. Digital's implementation of the eSNMP software has an agent, two subagents, and an application programming interface (API) that enable developers to create subagents that manage other entities in their networks. The two provided subagents support the Internet Standard Management Information Base (MIB-II) as defined by RFC 1213 and a portion of the Host Resource MIB as defined by RFC 1514. For complete information about eSNMP functionality, see the Digital TCP/IP Services for OpenVMS eSNMP Programming and Reference manual. 2.3 Finger Utility The Finger utility implements the FINGER command, which displays information about users on the system. By default, information about each user on the host is listed. The FINGER command uses a longer output format when you specify a user name or a list of user names. This multiline format includes the following information: o Full name o Account name o Program the user is running o User's home directory o Any plan in the file named .PLAN in the user's home directory o The project on which the user is working from the file named .PROJECT in the user's home directory New Features 2-5 If you do not specify a host, the information listed is about users on the local host; otherwise, the information is about users at the specified host. You can specify a user on a remote host by using the form user@host. If you specify @host alone, the standard format listing is provided on the remote system. The specified host must have the finger service enabled. The system manager can use UCX$CONFIG.COM to enable the finger service. By default, the finger server does not allow queries to be forwarded from host2 to host1 that are in the format FINGER username@host1@host2. To enable forwarding on the finger server, define the system logical name UCX$FINGER_FORWARD. If you want to make information available to other users who run finger on your user ID, you can create the following files in your home directory: .PLAN A file that contains plans. The file can contain more than one line. .PROJECT A file that specifies the project you are working on currently. The file can contain only one line. The FINGER command supports the following qualifiers: /FULL Produces a more complete listing that includes login time. /CLUSTER Forces clusterwide lookup. /ALL Lists every user who is logged in. Used in conjunction with user name to provide additional information. Examples 1. To obtain information about user frankel at host1, enter: $ FINGER frankel@host1 Username Program Login Term/Location FRANKEL $ Mon 13:10 KWAI::FRANKEL 2-6 New Features Login name: frankel In real Life: Sam Frankel Account: CC_Y9M Directory: WORK1$:[FRANKEL] Last login: Mon 29-APR-1996 13:10:22 No unread mail No plan 2. To obtain information about all users logged in to the cluster, enter: $ FINGER/CLUSTER Username Node Program Login Term/Location SMITH QUEENB TPU Fri 09:47 QUEENB::SMITH JONES QUEENC $ Tue 18:02 BROWN QUEENC $ Mon 17:04 TAYLOR QUEENB EDT Thu 15:59 CROSBY QUEENC RTPAD Thu 14:59 CARPENTER QUEENB $ Wed 17:23 QUEENB::SYSTEM BLACK QUEENC $ Tue 10:42 QUEENC::BLACK 2.4 New FTP Command: VIEW The FTP command VIEW displays the contents of a file on the current output device. New Features 2-7 VIEW _________________________________________________________________ VIEW Displays the contents of a file on the current output device. DCL-Style Format [ /PAGE ] VIEW filespec [ /NOPAGE ] [ ] UNIX-Style Format view /filespec Parameters filespec Required. Specifies the file to be displayed. Wildcard characters (*, %) are not allowed in place of the directory name, file name, file type, or file version number field. Qualifiers /NOPAGE Optional. Default: displays the entire file by scrolling through its contents. /PAGE Optional. Displays the output from the VIEW command one screen at a time until the end of file (EOF) is reached. You can terminate the display at any time by pressing Ctrl/Z. Examples 1. FTP> VIEW LARK.TXT Scrolls through the contents of the LARK.TXT file and displays it on the current output device. 2-8 New Features VIEW 2. FTP> VIEW/PAGE LARK.TXT Displays the contents of the LARK.TXT file, one screen at a time, on the current output device. New Features 2-9 2.5 NFS Server: File-Naming Enhancement Users can now create files and directories in an OpenVMS file system using names that do not conform to OpenVMS file-naming rules. You enable the file-naming feature by using the new /OPTIONS=NAME_CONVERSION qualifier to the UCX management command ADD EXPORT. If any client hosts had the file system mounted before the name conversion was enabled, they must dismount and remount for the feature to take effect. If you need to create files with case-sensitive names, or names containing characters that do not conform to the OpenVMS syntax, this feature lets you do so without using a container file system. An updated description of the ADD EXPORT command follows. 2-10 New Features ADD EXPORT _________________________________________________________________ ADD EXPORT Adds an entry to the export database for one of the following: o An OpenVMS disk o A subset of an OpenVMS disk o A UNIX-style container file system Related commands: REMOVE EXPORT, SHOW EXPORT, SHOW HOST Applies to: NFS Server Format ADD EXPORT "/path/name" /HOST=host [ { [NO]DATA_CONVERSION } ] [ { [NO]NAME_CONVERSION } ] [/OPTIONS= { } ] [ { [NO]PURGE_VERSIONS } ] [ { [NO]TYPELESS_DIRECTORIES } ] [ ] Restrictions and Tips o No wildcards within the UNIX-style directory specification. o Requires read and write access to the export database. o For each host, define both its host name and alias name. o For each entry, use uppercase and lowercase consistently. Parameters "/path/name" Required. File system to add to the export database. Separate multiple names with slashes. New Features 2-11 ADD EXPORT Qualifiers /HOST=host Required. The NFS client that will have access to the specified NFS file system. You may use wildcards. { [NO]DATA_CONVERSION } { [NO]NAME_CONVERSION } /OPTIONS= { [NO]PURGE_VERSIONS } { } { [NO]TYPELESS_DIRECTORIES } Optional. ________________________ Note ________________________ For clients operating in OpenVMS-to-OpenVMS mode, the server ignores the options in the export record and uses the settings required for OpenVMS-to-OpenVMS mode. ______________________________________________________ Options for the specified directory: o DATA_CONVERSION, NODATA_CONVERSION - DATA_CONVERSION (default) Converts the following kinds of sequential files: . Variable . Variable with fixed-length control (VFC) . Fixed record formats Converts sequential files according to the rules applied by the following record attributes: . Carriage return/carriage control (CR) . Fortran carriage control (FTN) . Print file format control (PRN) Stream formats are returned unconverted. The data in files with nonstream records cannot be written back to the file. 2-12 New Features ADD EXPORT - NODATA_CONVERSION File data is considered "raw" and is returned without conversion. Nonstream records are returned with their record control information mixed with the record data. Files can be rewritten randomly. o NAME_CONVERSION, NONAME_CONVERSION - NAME_CONVERSION A non-OpenVMS client can create files with mixed case names and names containing characters that are invalid for OpenVMS file names. The server converts such names to valid OpenVMS file names, and reverses the conversion when displaying the file names back to a non-OpenVMS client. - NONAME_CONVERSION (default) Clients can only create files with valid OpenVMS names. The server does case-insensitive lookups, and displays directories in lowercase. o PURGE_VERSIONS, NOPURGE_VERSIONS Default: NOPURGE_VERSIONS Deletes multiple versions of files when created or detected. (The NFS CREATE and RENAME calls can create multiple versions. The NFS READDIR call can sense multiple versions.) o TYPELESS_DIRECTORIES, NOTYPELESS_DIRECTORIES - TYPELESS_DIRECTORIES Removes .dir.1 from the name of directories. A naming conflict could arise, for example, if two files exist in the parent directory. For example: DOVE.;1 (regular file) DOVE.DIR;1 (directory file) The name is returned as dove., rather than dove, if a file and a "conflicting" directory exist. - NOTYPELESS_DIRECTORIES (default) Returns names as file.ext and file.dir. New Features 2-13 ADD EXPORT Examples 1. UCX> ADD EXPORT "/gold/finch" /HOST=GOLD Adds the name of UNIX-style directory /gold/finch to the export database, specifying that remote users on OpenVMS host GOLD can access it. 2. UCX> ADD EXPORT "/gold/finch" /HOST=(PURPLE,FINCH) NFS client users on UNIX hosts purple and finch will have access to the container file system /gold/finch. 2-14 New Features 2.6 NFS Server: Support for XQP+ The NFS server now supports access to XQP+, the eXtended QIO processor file system enhancements introduced in OpenVMS Version 6.1. You can configure the NFS server to take advantage of the performance improvements offered by XQP+. These performance improvements are especially beneficial for NFS servers that are handling a heavy load. To be compatible with existing software, the XQP+ functionality is disabled; you must enable it by setting a SYSGEN parameter. The file SYS$STARTUP:UCX$NFS_SERVER_STARTUP.COM describes how to enable OpenVMS and UCX-level usage of XQP+ features. The file also describes how to define logical names in SYS$STARTUP:UCX$SYSTARTUP.COM so that the site-specific choices are preserved across NFS and OpenVMS upgrades. The NFS server can take advantage of the following XQP+ features: o Improved file system concurrency. On a single system or in a cluster with all nodes running OpenVMS Version 6.1 or greater, you can enable XQP+ improved file system concurrency by setting the SYSGEN special parameter XQPCTL2 to 1 and then rebooting. As with all performance changes, make sure you understand the action of this configuration. For complete information about invoking the AUTOGEN command procedure to collect configuration information and rebooting your system, see the OpenVMS System Manager's Manual: Essentials. o XQP+ threads, applicable for ODS2 (On Disk Structure 2) disks only To enable XQP+ threads: 1. Set the SYSGEN parameter XQPCTL1 to a number greater than 1. Because only executable images that specifically enable additional XQP+ threads use additional resources, it is usually safe to set the number to 8. The system manager should determine the specific value for each configuration, because XQPCTL1 is a dynamic system parameter that takes effect immediately. New Features 2-15 2. Define the logical name UCX$CFS_ACP_ENABLE_THREADS 1 as follows: $ DEFINE/SYSTEM/EXECUTIVE_MODE UCX$CFS_ACP_ENABLE_THREADS 1 The usual way to do this is to create, if necessary, the command procedure SYS$STARTUP:UCX$SYSTARTUP.COM, then edit the procedure appropriately. 3. Restart the NFS server by issuing the following commands: $ @SYS$STARTUP:UCX$NFS_SHUTDOWN $ @SYS$STARTUP:UCX$NFS_SERVER_STARTUP o Performance enhancement through a change in the process of writing data to files. To cause all data writes to files to occur before the NFS call completes, enter the following command: $ DEFINE/SYSTEM/EXEC UCX$CFS_ACP_ENABLE_DEFERRED_HEADER_WRITES 1 Be aware that this command allows the NFS call to return without waiting for certain file header operations to complete. This behavior is a technical violation of the NFS protocol, but it is common practice for some NFS vendors. If the system crashes before the file header completes, the data is safe, but you should issue the following command to determine whether the Analyze/DISK_ STRUCTURE utility repairs errors that are detected in the file structure of a specified device: $ ANALYZE/DISK_STRUCTURE/REPAIR This XQP+ feature offers a performance increase at some risk. Before enabling this feature, application and system managers should ascertain that the risk is acceptable. After enabling this feature, shut down and then restart the NFS server for the change to take effect. 2-16 New Features 3 _________________________________________________________________ POP Server Operations This chapter discusses the functionality, use, and configuration of the UCX POP (Post Office Protocol) server. 3.1 OpenVMS Mail The POP server reads mail from the OpenVMS NEWMAIL folder. If not instructed to delete it by the POP client, the mail is moved to the MAIL folder. 3.2 Minimal Support for Mail Messages Sent Using MAIL/FOREIGN POP contains minimal support for mail messages sent with MAIL/FOREIGN. Such messages are usually binary and are therefore not transferred to the POP client. Instead, the message headers are transferred, along with a brief message instructing the user to log in and EXTRACT the foreign message. Also, the foreign messages are never deleted; they are always moved into the MAIL folder after the client retrieves them. 3.3 Log File The POP server logs to SYS$OUTPUT, which is the log file UCX$POP_RECV_STARTUP.LOG for the POP service. See Section 3.8 for information about the four log level options. 3.4 POP Server Process The POP server is invoked by the UCX auxiliary server as a nolisten service. A POP server process can handle up to 31 simultaneous client threads. This limitation is imposed by the OpenVMS callable mail routines that the POP server uses to access users' mail files. POP Server Operations 3-1 The POP server runs in the UCX$POP account, which receives the correct quotas by the UCX$CONFIG.COM file. The POP server is installed with SYSPRV and BYPASS privileges. 3.5 UIDL Support Some POP clients make use of the POP UIDL command, which the POP server supports. The UID that POP composes for each mail message is a concatenation of the user name and the OpenVMS mail message's date of arrival. 3.6 User Authorization The POP server uses security features provided in the POP protocol and in the OpenVMS operating system to minimize the possibility of an inappropriate access to a user mail file on the served system. The POP server also provides the following additional security measures: o User name and password functionality. Because POP specifies how a user on one system can access the mail of a user on another system, it also specifies ways for the POP server to authorize the client user so the user can access the desired mailbox: - The POP client passes a user name and password to the server. - The POP server sends a user name and an MD5 cryptographic checksum. USER and PASS Commands The POP client sends a user name and password pair to the server, which authorizes the pair against the OpenVMS SYSUAF file. If the pair is authorized, the UCX POP server allows access to the user's OpenVMS mailbox. Note that the password is sent unencrypted over the TCP connection, which has security drawbacks for some environments. The user name and password must be configured into the POP client system. Each POP client has its own method of configuring. Remember that the user name and password pair you configure into the POP client 3-2 POP Server Operations is the user name and password on the UCX system, not the POP client system. APOP Command POP also provides a way for users to become authorized without sending passwords over the network. This authorization method is known as APOP, which is a multistep process as follows: 1. A timestamp string is sent from the POP server to the client at link setup time. 2. The POP client concatenates a shared secret string to the timestamp string and puts the result through the MD5 cryptographic checksum algorithm to produce an MD5 digest, which is a fixed-length cryptographic checksum. Note that the shared secret must be protected much the same as a password. 3. The checksum is sent to the POP server along with a clear user name. The POP server calculates the checksum and if it matches, the client is allowed access to the user's mailbox. For more information about the MD5 algorithm, see RFC 1321. 4. POP requires a shared secret string for any user who wants to read mail using the APOP authorization method. For more information, see Section 3.7. o OpenVMS SYSUAF settings on user accounts. Access is not permitted if: - Either the DISMAIL or DISUSER flags are set for the account - The account is expired according to the SYSUAF expiration date o A limit on connection attempts. To discourage attempts to break in to the system, POP permits only two user name and password authorization attempts per TCP connection. After the second failure, POP closes the connection. o Error messages. POP Server Operations 3-3 POP allows you to configure the type of errors sent back to the POP client when an authorization error occurs. By default, POP sends informative error messages back to the POP client when an authorization error occurs. For example, if a USER command specifies a non-existent account, the failure reply is as follows: -ERR no such user "jones" However, as a way to help deter breakins, you can instruct POP to present vague error text when authorization errors occur. When configured this way, the authorization error is as follows: -ERR Access to user account "nameofuser" denied. You configure this method by setting the POP configuration security value to SECURE. The default, SECURITY=FRIENDLY, causes informative error messages to be sent. In addition to issuing vague error messages when SECURITY=SECURE is set, the POP server also holds back an error message when an invalid user name is specified in a USER command. When an invalid user name is specified, the server replies to the POP client with a success reply (+OK). After the POP client sends the PASS command, the POP server sends the Access denied message. This method prevents a nonauthorized user from knowing whether the access is denied because of a bad user name or password. For more information about how to configure this method, see Section 3.8. o Disabling USER and PASS commands. POP allows you to disable the USER and PASS commands altogether. When you do so, the POP server responds to these commands with a failure reply and ignores them. Disabling these commands allows the system manager to force POP clients to use the APOP command, which is a more secure means of authorization. Using the APOP command alone for authorization ensures that no unclear passwords are sent over the network and closes a potential path for unauthorized users to break into your system. 3-4 POP Server Operations 3.7 Shared Secret Requirement POP requires a shared secret string for any user who wants to read mail using the APOP authorization method. POP users store the shared secret in a file named POP_SECRET.DAT in their default OpenVMS mail directory. The file is a one- line file that contains the shared secret string. You can use the DCL command CREATE or your text editor to create the file. It may be Stream_LF but need not be; if so, the closing is ignored. You should set the file protection to prevent other users from accessing it. For example: $ SET DEF USER$DISK:[ADAMS.MAIL] $ CREATE POP_SECRET.DAT tanstaaf $ SET FILE/PROT=(s,w,g,o:rwed) POP_SECRET.DAT The shared secret cannot exceed 500 characters. 3.8 Configuring POP To configure the POP server, you define logical names in the SYSTEM logical table; you need not define them as EXEC- mode logical names. Table 3-1 lists the logical names. Table_3-1_Logical_Names_for_Configuring_POP________________ Logical_Name_________________Type________Value_____________ UCX$POP_PERSONAL_NAME Boolean[1] NA UCX$POP_PURGE_RECLAIM Boolean NA UCX$POP_IGNORE_MAIL11_ Boolean NA HEADERS [1]The_option_associated_with_a_Boolean_logical_name_is____ enabled by defining the logical name to any value. The POP server does not look at the value of these logical names. If the logical name is defined, the option is enabled. If not, the option is disabled. To disable an option, do not define the Boolean logical name. (continued on next page) POP Server Operations 3-5 Table_3-1_(Cont.)_Logical_Names_for_Configuring_POP________ Logical_Name_________________Type________Value_____________ UCX$POP_SEND_ID_HEADERS Boolean NA UCX$POP_DISUSERPASS Boolean NA UCX$POP_MESSAGE_MAXIMUM Number 0-65535 UCX$POP_LOG_LEVEL String ERROR, INFORMATIONAL, THREAD,DEBUG UCX$POP_SECURITY String FRIENDLY, SECURE UCX$POP_DECNET_REWRITE String NONE, TRANSFORM, GENERIC UCX$POP_QUOTED_DECNET_ String NONE, TRANSFORM, REWRITE GENERIC UCX$POP_LINK_IDLE_TIMEOUT OpenVMS - delta time UCX$POP_SNDBUF Number 512 or greater UCX$POP_POSTMASTER___________String______Text_you_specify__ The POP logical names function as follows: o UCX$POP_PERSONAL_NAME If defined, the POP server provides your POP clients with From: lines that include the sender's personal name, if one appeared on the sender's From: line. For information about how POP forms mail headers, refer to Section 3.9. o UCX$POP_PURGE_RECLAIM If defined, the POP server performs the equivalent of issuing a PURGE/RECLAIM command after it deletes messages. For information about a current problem associated with issuing a PURGE/RECLAIM command that can result in an error, refer to Chapter 6. o UCX$POP_IGNORE_MAIL11_HEADERS 3-6 POP Server Operations If defined, the POP server ignores the OpenVMS mail headers when mail is sent from SMTP (Simple Mail Transfer Protocol), which contains an SMTP address in the From: line. For information about how POP forms mail headers, refer to Section 3.9. o UCX$POP_SEND_ID_HEADERS If defined, the POP server sends X-POP3-Server and X- POP3-ID headers for each mail message. Note that if you do not define this logical name, the ID headers are not sent for any mail from an SMTP address. For information about how POP handles mail headers, see Section 3.9. o UCX$POP_DISUSERPASS If defined, the POP server considers the POP USER and PASS commands to be disabled and returns a failure message to the POP client on receipt of either of these two commands. For more information about POP security, see Section 3.6. o UCX$POP_MESSAGE_MAXIMUM n, where n is a number from 0 to 65,535. Defines the maximum number of mail messages that a single client can download per connection. If not defined, the POP server uses the default value of 0 (zero), which denotes that there is no limit (or maximum) to the number of mail messages that a single client can download per connection. o UCX$POP_LOG_LEVEL value Defines the log level of the POP server. The values are: - ERROR. Logs error messages only. - INFORMATIONAL (default). Logs informational-level messages as well as error messages. - THREAD. Logs information about client and server interactions as well as informational-level and error messages. - DEBUG. Logs full diagnostic information; used for problem diagnosis. POP Server Operations 3-7 If not defined, the POP server uses the default value INFORMATIONAL. o UCX$POP_SECURITY value Defines a level of security for the POP server. Determines the timing and text of error messages that are sent to the POP client when authorization errors occur (for example, when an invalid user name or password is sent). The values are: - FRIENDLY (default). The error messages sent by the POP server provide information about a particular error. For example, you receive the following error message if a password is incorrect: -ERR password supplied for "jones" is incorrect. - SECURE. The POP server sends one error message in response to all authorization errors. For example: Access to user account "jones" denied. For more information about POP security, refer to Section 3.6. If not defined, the POP server uses the default value FRIENDLY. o UCX$_DECNET_REWRITE value Determines how the POP server rewrites a simple DECnet address in the OpenVMS mail From: line when it passes the mail to the POP client. (A simple DECnet address is an address of the form NODE::USER.) The values are: - GENERIC. Simple DECnet addresses are handled like any non-SMTP address. - NONE. Simple DECnet addresses are passed unmodified to the POP client. Note that the SMTP server does not accept an address in this form should you attempt to reply. 3-8 POP Server Operations - TRANSFORM (default). The POP server attempts to transform the DECnet address into an SMTP address by translating the DECnet node name to a TCP/IP host name. For more information about the TRANSFORM value, refer to Section 3.10. If not defined, the POP server uses the default value TRANSFORM. o UCX$POP_QUOTED_DECNET_REWRITE value Determines how the POP server rewrites a DECnet address that contains quotation marks in the OpenVMS mail From: line when it passes the message to the POP client. For example, an address of the form NODE::"user@host". The values are: - GENERIC. DECnet addresses that contain quotation marks are handled like any non-SMTP address. - NONE. DECnet addresses that contain quotation marks are passed unmodified to the POP client. Note that the SMTP server does not accept an address of this form should you attempt to reply. - TRANSFORM (default). The POP server uses the text inside the quotation marks in the From: line that it passes to the POP server. For more information about the TRANSFORM value, refer to Section 3.10. If not defined, the POP server uses the default value TRANSFORM. o UCX$POP_LINK_IDLE_TIMEOUT n, where n is a number specified in OpenVMS delta time. Determines the length of time the server allows a link to a POP client to remain idle. The value must be specified in OpenVMS delta time, delimited by quotation marks. To turn off the link idle timeout functionality, define the logical name to be all zeros ("0 00:00:00.00"). A POP link remains active until released by the POP client. For more information about specifying delta time values, see the OpenVMS User's Manual. If not defined, the POP server uses the default number of 2 minutes ("0 00:02:00.00"). POP Server Operations 3-9 o UCX$POP_SNDBUF n, where n is the number 512 or greater. Allows you to set the SO_SNDBUF socket option to a specific number. If not defined, the POP server uses the value specified in the SHOW PROTOCOL/PARAMETERS command. o UCX$POP_POSTMASTER value Allows you to define a person or persons to receive a failure mail message from the POP server startup procedure (UCX$POP_RECV_STARTUP.COM) if the POP server exits with an error. For example, to have the failure mail message sent to users Bert and Ernie, enter the following command: $ DEFINE/SYSTEM UCX$POP_POSTMASTER "BERT, ERNIE" 3.9 Mail Header Creation The POP RFC requires that mail headers sent by a POP server conform to the standard specified in SMTP RFC 822. Because much of the mail received on an OpenVMS system is not from SMTP (for example, from DECnet or MTS), an OpenVMS mail POP server cannot assume that it has RFC 822 headers to send to the POP client for every mail message it reads from OpenVMS. Consequently, a set of new headers based on the OpenVMS mail headers is built for each message. The composed mail headers used with POP are as follows: 3-10 POP Server Operations ___________________________________________________________ Header______From_______________________Comments____________ Date Arrival date of message changed to UNIX format From OpenVMS mail From: line Patched to ensure RFC 822 compatibility To OpenVMS mail To: line No patching to ensure RFC 822 compatibility. A future enhancement possible. CC OpenVMS mail CC: line No patching to ensure RFC 822 compatibility. A future enhancement possible. Subject OpenVMS mail Subj: line No patching to ensure RFC 822 compatibility. (Not required.) X-VMS-From OpenVMS mail From: line Unpatched. X-POP3- Server host name and POP Sent only if Send Server version information ID Headers option is configured. X-POP3-ID Message UID Sent only if Send ID Headers option is _______________________________________configured._________ These mail headers are sent to the POP client unless all of the following are true: o The Ignore Mail11 Headers option is enabled o The From: address is an SMTP address o The SMTP /OPTION=TOP_HEADERS option is set Note that the POP server checks the SMTP configuration database to ensure that it has been configured with the qualifier /OPTION=TOP_HEADERS. If the POP Ignore Mail11 Headers option is enabled, the SMTP TOP_HEADERS option must also be set. If not, the POP server issues a warning in the POP Server Operations 3-11 log file and does not acknowledge the Ignore Mail11 Headers option. 3.10 Patching the OpenVMS Mail From: Line The most important header in the list of created headers is the From: header because it can be used as a destination address if a reply is done on the POP client. This header must be RFC 822 compliant; the POP server must patch it to make it compliant before sending the header to the POP client. The different types of addresses that can appear in the OpenVMS mail From: line follow, including a brief explanation of how each is patched. ________________________ Note ________________________ Be aware that some POP3 clients are confused by the presence of personal names when attempting to reply to a mail message. Other POP3 clients are confused when the name contains commas and other special characters. If you enable the Personal Name option, make sure you test the configuration carefully with your POP3 clients. ______________________________________________________ SMTP Address Any address of the form SMTP%"RFC822-legal-addr", where "RFC822-legal-addr" is any address that is compliant with RFC 822. This address is commonly a user@domain. The SMTP address from within the doubles quotes is used. For example, OpenVMS mail: From: SMTP%"james.t.kirk@federation.gov" results in the patched form From: james.t.kirk@federation.gov. Note that there is a restriction in OpenVMS mail (versions prior to Version 7.0) that prevents the Mail utility from being able to handle nested double quotes in addresses. Because of this restriction, SMTP includes a special code to hide the nested double quotes by changing them to cent sign characters before passing them to OpenVMS mail and then changing them back when a reply is done. OpenVMS Version 7.0 can handle nested double quotes, but SMTP still 3-12 POP Server Operations uses the cent-sign workaround. The POP server changes the cent signs to double quotes when transforming the OpenVMS mail From: line. For example, From: SMTP%"¢ABCMTS::MRGATE::\¢ABCDEF::VIVALDI \¢¢@xyz.org" results in the patched form From: "ABCMTS::MRGATE::\"ABCDEF::VIVALDI\""@xyz.org. DECnet Address Any address of the form NODNAM::USERNAME. If the DECnet Rewrite option is set to GENERIC, the address is handled like any non-SMTP address for which the POP server has no special handling. This condition is called the last-chance parse. For example, on host widgets.xyzcorp.com, the From: TIRES::TUBULAR results in the patched form From: "TIRES::TUBULAR"@widgets.xyzcorp.com. If the DECnet Rewrite option is set to NONE, the From: line is passed to the POP client unmodified. Note that the SMTP server does not accept an address in this form in the RCPT TO: command if a reply is sent. For example, From: TIRES::TUBULAR results in the patched form of the same format. If the DECnet Rewrite option is set to TRANSFORM, the POP server attempts to transform the DECnet address into an SMTP legal address by translating the DECnet node name to a TCP/IP host name. The DECnet node name is extracted from the address and passed to the gethostbyname routine. If the name can be translated, the POP server checks to see if the translated host name is local. If so, the From: header becomes user@substitute_domain. If not, the From: header becomes user@hostname. Note that the POP server calls the same routine that SMTP calls to determine if a host name is local. A host name is local if any of the following are true: o Any of its IP addresses match any of the local host's IP addresses or the cluster alias IP address. o The host name is the same as the substitute domain. POP Server Operations 3-13 o The host name is found in the UCX$SMTP_LOCAL_ALIASES.TXT file. If the gethostbyname call cannot translate the DECnet name, the address is handled the same way as the GENERIC option. For each of the following examples, assume that the local host name is sumnod.what.ever.com, and that gethostbyname("SOMNOD") translates to sumnod.what.ever.com. o OpenVMS mail From: SUMNOD::JOE_PERSON results in the patched form From: joe_person@sumnod.what.ever.com. o If host sumnod.what.ever.com has a substitute domain of what.ever.com:, OpenVMS mail From: SUMNOD::JOE_ PERSON results in the patched form From: joe_ person@what.ever.com. o If gethostbyname("NOWARE") translates to noware.what.ever.com, which is not local on sumnod.what.ever.com, OpenVMS mail From: NOWARE::JOE_ PERSON results in the patched form From: joe_ person@noware.what.ever.com. o If gethostbyname("WUTEVR") does not translate and host sumnod.what.ever.com has no substitute domain defined, OpenVMS mail From: WUTEVR::JOE_PERSON results in the patched form From: "WUTEVR::JOE_ PERSON"@sumnod.what.ever.com. User Name Address Any address of the form USERNAME. If an SMTP substitute domain is defined, it is appended to the user name and a commercial at (@) sign. Otherwise, the local host name is used. For example, with a substitute domain defined as acme.widgets.com, OpenVMS mail From: Smith results in the patched form From: smith@acme.widgets.com. DECnet Address in Quotes Any address of the form NODNAM::"user@host". If the Quoted DECnet Rewrite option is set to GENERIC, the address is handled like any non-SMTP address for which the POP server has no special handling. This is called the last-chance parse. 3-14 POP Server Operations For example, on host widgets.xyzcorp.com, OpenVMS mail From: TIRES::"tubular@acme.com" results in the patched form From: "TIRES::\"tubular@acme.com\""@widgets.xyzcorp.com. If the Quoted DECnet Rewrite option is set to NONE, the From: line is passed to the POP client without being modified. Note that the SMTP server does not accept this type of address in the RCPT TO: command if a reply is sent. For example, OpenVMS mail From: TIRES::"tubular@acme.com" results in the same patched form. If the Quoted DECnet Rewrite option is set to TRANSFORM, the POP server uses the text inside the quotes as the From: line that it passes to the POP server. For example, OpenVMS mail From: SOMNOD::"j.person.friendly@hometown-u.edu" results in the patched form From: j.person.friendly@hometown-u.edu. To comply with RFC 822, the address within the quotes is not parsed. Cluster-Forwarding SMTP Address For any address of the form NODNAM::SMTP%"user@domain", the SMTP address within the doubles quotes is used. For example, OpenVMS mail From: ABCDEF::SMTP%"james.t.kirk@federation.gov" results in the patched form From: james.t.kirk@federation.gov. All Other Addresses For all other address formats, the last-chance parser is used. The entire address is changed to the SMTP format: o Double quotes in the address are prefixed with an RFC 822 escape, which is the backslash (\) character. o The entire address is put into double quotes. o A commercial at sign (@) is appended. o If the SMTP substitute domain is configured, it is appended. Otherwise, the name of the local host is appended. POP Server Operations 3-15 For example, if the substitute domain is xyz.org, OpenVMS mail From: ABCMTS::MRGATE::"ABCDEF::VIVALDI" results in the patched form From: "ABCMTS::MRGATE::\"ABCDEF::VIVALDI\""@xyz.org. Note that the patch of the OpenVMS mail From: line will not be seen by the user reading mail on the POP client if the address in the From: line is an RFC 822 address and the Ignore Mail11 Headers configuration option is set. When the Ignore Mail11 Headers option is set, the UCX POP server sends the actual RFC 822 headers from the body of the mail as the mail headers. 3.11 POP Error Messages This section outlines the POP error messages displayed by the POP server to the client as a result of failed or misinterpreted commands. Note that when failures occur, there is often additional information written to the POP server log file. -ERR Message `n' does not exist, -ERR Message `n' has been deleted, Explanation: The message number is either out of range or was deleted previously, where n is the message number specified in the command. This message is displayed in response to any command that takes a message number as a parameter, such as LIST or RETR. Possible Cause: The POP client and server protocol are not synchronized. User Action: Report the problem to your system manager. -ERR Message `n' has already been deleted, Explanation: The message was deleted previously, where n is the message number specified in the DELETE command. Possible Cause: The POP client and server protocol are not synchronized. User Action: Report the problem to your system manager. 3-16 POP Server Operations -ERR Too few arguments for the `cmd' command, Explanation: There are too few arguments to the command, where cmd is any command sent to the POP server. Possible Cause: The POP client is not compliant with RFC 1725. User Action: Report the problem to your system manager. -ERR Too many arguments for the `cmd' command, Explanation: There are too many arguments to the command, where cmd is any command sent to the POP server. Possible Cause: The POP client is not compliant with RFC 1725. User Action: Report the problem to your system manager. -ERR Unknown command: `cmd', Explanation: The command sent by the POP client is not known to the POP server, where cmd is any command sent to the POP server. Possible Cause: The POP client is not compliant with RFC 1725. User Action: Report the problem to your system manager. -ERR The USER command has been administratively disabled, -ERR The PASS command has been administratively disabled, Explanation: The USER or PASS command was sent by the POP client but the DISUSERPASS POP server configuration option is set. Possible Cause: The POP client is configured to use the USER and PASS commands for authentication rather than the APOP command. User Action: Change your POP client to use the APOP command or ask your system manager to disable the DISUSERPASS POP server configuration option so that your client can use the USER and PASS commands. POP Server Operations 3-17 -ERR password supplied for `username' is incorrect, Explanation: The password sent by the POP client does not match the password for the account in the SYSUAF file on the POP server system, where username is the password specified in response to the PASS command. Possible Cause: The POP client is misconfigured (for example, the password is spelled incorrectly) or the password was changed on the POP server system but not on the POP client system. User Action: Check your POP client to make sure you entered the correct password. If you believe your password to be correct, report the problem to your system manager. -ERR No such user "`username'", Explanation: There is no account in the SYSUAF file for the user name specified, where username is the user name specified in response to the USER or APOP command. Possible Cause: The POP client is misconfigured (for example, the user name is spelled incorrectly) or the account was deleted from the SYSUAF file. User Action: Check your POP client to make sure you entered the correct user name. If the user name is correct, report the problem to your system manager. -ERR account `username' has expired, Explanation: There is an account in the SYSUAF file for the user, where username is the user name specified in the USER or APOP command, but the account has expired. An account cannot be used after its expiration date has passed. Possible Cause: The account is expired. User Action: Report the problem to your system manager. -ERR account "`username'" is administratively disabled, Explanation: There is an account in the SYSUAF file for the user, where username is the user name specified in the USER or APOP command, but the DISUSER or DISMAIL flag is set. Possible Cause: The DISUSER or DISMAIL flag is set for the account. User Action: Report the problem to your system manager. 3-18 POP Server Operations -ERR MD5 digest supplied for "`username'" is wrong length, Explanation: The MD5 digest, where username is the user name specified with the APOP command, is 32 ASCII characters in length. Possible Cause: The POP client is not compliant with RFC 1725. User Action: Report the problem to your system manager. -ERR Can't open MD5 shared secret file `f'. errno = `e', vaxc$errno =`v', Explanation: An error occurred when the POP server attempted to open the shared secret file in response to the APOP command, where: o f is the name of the file in which the POP server was looking for the shared secret to compute the MD5 digest for validation purposes. o e is the integer value of the VAXC$ERRNO symbol after the FOPEN operation. o v is the OpenVMS error text indicated by the VAXC$ERRNO symbol after the FOPEN operation. Possible Causes: You forgot to create the file, you specified an incorrect file name, or you put the file in the wrong directory. User Action: Create the shared secret file and try again. For information about how to create the shared secret file, see Section 3.7. -ERR Read error on shared secret file `f'. errno = `e', vaxc$errno =`v', Explanation: An error occurred when the POP server attempted to read the shared secret file in response to the APOP command, where: o f is the name of the file in which the POP server was looking for the shared secret to compute the MD5 digest for validation purposes. o e is the integer value of the VAXC$ERRNO symbol after the READ operation. POP Server Operations 3-19 o v is the OpenVMS error text indicated by the VAXC$ERRNO symbol after the READ operation. Possible Cause: To determine the cause, check the text of the VAXC$ERRNO symbol parameter. User Action: Correct the shared secret file and try again. For information about how to create the shared secret file, see Section 3.7. -ERR Empty shared secret file `f', Explanation: The POP server located an empty file in response to the APOP command, where f is the name of the file in which POP server was looking for the shared secret to compute the MD5 digest for validation purposes. Possible Cause: The user created an empty shared secret file. User Action: Create the shared secret file and try again. For information about how to create the shared secret file, see Section 3.7. -ERR MD5 digest mismatch. Check shared secret on client and server systems, Explanation: The MD5 digest computed by the POP server did not match the MD5 digest sent in the APOP command. Possible Cause: The shared secrets of the client and server do not match. User Action: Check the shared secret on both the client and server to make sure they match. If not, correct the error and try again. Note that the MD5 algorithm is case sensitive and the shared secrets on each side must match exactly. Also note that on the POP client, you might need to take additional action for your correction to take effect. If the shared secrets appear to be correct, report the problem to your system manager. 3-20 POP Server Operations -ERR Access to user account `username' denied, Explanation: The POP server security configuration option is set to SECURE and an authorization error occurred in response to the USER or APOP command. When the security option is set to SECURE, this message is displayed for all authorization errors. Possible Cause: There can be many reasons for the error. For information about POP security, see Section 3.6. User Action: Report the problem to your system manager. -ERR Not validated for the XTND `sub-cmd' command, Explanation: The user of the session does not have a BYPASS, OPER, or SYSPRV privilege set, where sub-cmd is the XTND subcommand. Possible Cause: The account does not have the required privilege. User Action: Report the problem to your system manager. -ERR Can't build message list for `username': Out of memory, Explanation: The POP server ran out of dynamic memory while building an internal list of information about each of the user's messages, where username is the user name specified in response to the PASS or APOP command. Possible Cause: A memory leak occurred with the POP server. User Action: Stop the POP server process and retry. Report further problems to your system manager. -ERR Error getting info from SYSUAF. sys$getuai: `v', Explanation: The SYS$GETUAI system service returned an error when called with the user name specified in the APOP or USER command, where v is the error text associated with the SYS$GETUAI completion status. Possible Cause: Check the error text for the possible cause. User Action: Report the problem to your system manager. POP Server Operations 3-21 -ERR Error determining password validity. sys$hash_password: `v', Explanation: SYS$HASH_PASSWORD returned an error when called with the password from the PASS command, where v is the error text associated with the SYS$HASH_PASSWORD completion status. Note that this error is not the result of an invalid password. Possible Cause: Check the error text for the possible cause. User Action: Report the problem to your system manager. -ERR Opening mail user context: `v', -ERR Getting mail user info: `v', -ERR Opening mail file context: `v', -ERR Opening mail message context: `v', -ERR Selecting mail folder: `v', Explanation: These error messages are displayed as a result of errors in callable OpenVMS mail routines in response to the PASS or APOP command, where v is the error text associated with an callable OpenVMS mail call completion status. Possible Cause: Check the error text for the possible cause. User Action: Report the problem to your system manager. 3.12 POP OPCOM Messages The POP server sends the OPCOM messages that are outlined in this section. The messages pertain to authorization errors, which occur when POP authorization commands encounter errors. If the UCX SERVICE database log option REJECT is set, the POP server sends OPCOM messages when it rejects POP client commands due to authorization failures. These errors include the receipt of a USER command with an invalid user name or a PASS command with an invalid password. 3-22 POP Server Operations By default, OPCOM messages are sent. To disable the OPCOM messages, disable the REJECT logging option for the POP service as follows: $ UCX SET SERVICE POP/LOG=NOREJECT When you receive an OPCOM message, you can refer to the POP log file for troubleshooting information. The OPCOM messages are as follows: o POP server authentication error: password supplied for "jones" is incorrect. Occurs when a POP client sends a PASS command containing an invalid password. o POP server authentication error: Error determining password validity for "smith". Occurs when the POP server encounters an error (often a failure status from a system service call) when trying to validate the user's password. o POP server authentication error: User account "example" is invalid. Occurs when the account (specified in a USER or an APOP command) is nonexistent or one or more of the SYSUAF flags checked by the POP server are set. See Section 3.6 for the SYSUAF flags that, when set, instruct POP to not allow access to the mail file. o POP server authentication error: Max # of authentication attempts exceeded. Occurs when two authentication errors occur in the context of one POP server thread. o POP server authentication error: MD5 digest supplied for "neely" is incorrect. Occurs when the MD5 digest sent in an APOP command does not match the one calculated, or another error occurs in computing the MD5 digest. o POP server authentication error: The USER command has been administratively disabled. Occurs when a POP client has issued a USER command and the USER and PASS commands have been disabled in the POP configuration. POP Server Operations 3-23 o POP server authentication error: The PASS command has been administratively disabled. Occurs when a POP client has issued a PASS command and the USER and PASS commands have been disabled in the UCX POP configuration. 3.13 POP Extensions POP does not implement any of the optional XTND commands discussed in RFC 1082. However, POP does implement the following custom XTND commands: ___________________________________________________________ Command__________Action____________________________________ XTND CLIENT Logs POP3 client information (if client supplies it). Helpful for troubleshooting if you use POP with a variety of POP3 clients that identify themselves. XTND Dynamically adjusts POP logging level. LOGLEVEL[1] Supported levels are INFORMATIONAL (default), ERROR, THREAD, and DEBUG. XTND STATS[1] Displays POP statistics. XTND Performs an orderly shutdown of POP. SHUTDOWN[1] Waits for current client connections to disconnect. Recommended over the DCL command STOP. [1]Requires_special_validation._Only_users_with_SYSPRV,____ OPER, BYPASS, or SETPRV privileges can perform these commands.__________________________________________________ Although you are unlikely to have a POP3 client that implements these POP XTND commands, you can pretend to be a POP3 client by issuing a TELNET command to the POP3 port (110) to execute the XTND commands. For example, type the commands indicated below, substituting the name of your POP host for ucxsys and using your real user name and password: 3-24 POP Server Operations $ TELNET UCXSYS 110 %TELNET-I-TRYING, Trying ... 16.20.208.53 %TELNET-I-SESSION, Session 01, host ucxsys, port 110 +OK UCX POP server UCX V4.1, OpenVMS V6.1 Alpha at ucxsys.acme.com, up since 1996-04-04 06:42:17 <24A00E61._6_APR_1996_06_02_31_15@ucxsys.acme.com> user xxxxxxx +OK Password required for "xxxxxxx" pass xxxxxxxxxx +OK Username/password combination ok xtnd loglevel debug +OK logging level changed to debug quit +OK UCX POP server at ucxsys.acme.com signing off. POP Server Operations 3-25 4 _________________________________________________________________ SMTP Logical Names This chapter provides information about the logical names that you use to configure SMTP. 4.1 SMTP Logical Names Available SMTP logical names governing the behavior of the SMTP symbiont are translated at queue startup time. If you change or deassign a logical name's value, you must stop the queue and restart it for the change to take effect. Some SMTP logical names are Boolean in nature in that they are associated with an SMTP configuration option that is either enabled or disabled. If you define the logical name, the option is considered to be enabled. If not defined, the option is disabled. The actual value of the logical name is not examined by the symbiont, although by convention each logical name is defined to a 1, or enabled. To disable an option, do not define the logical name at all. (Defining the logical name to OFF, ON, or 0 (zero) enables the option.) You define the SMTP configuration logical names as /SYSTEM except where noted. Table 4-1 outlines the logical names you use to configure SMTP. SMTP Logical Names 4-1 Table_4-1_Logical_Names_for_Configuring_SMTP_______________ Name /Type_____Description______________________________________ Diagnostic_Logical_Names___________________________________ UCX$SMTP_LOG_LEVEL Numeric (2, 3, or 5) Instructs the SMTP symbiont to write specific diagnostic information to the log file. Can have one of three values: 2, 3 or 5, with 2 being the most concise and 5 containing the most information. The values are cumulative in that all messages printed out by one logging level are printed by each of the higher logging levels. Digital recommends a value of 3. Value 2: o All the SMTP configuration information is logged when the symbiont starts up. o The Next Open File message is printed, giving the name of each control file before processing begins. o All mail headers and mail recipients in a control file are logged after control file processing is complete. Value 3: o Logs additional information about symbiont initialization and activity during control file processing. Value 5 o Full symbiont diagnostics. For use only when diagnosing problems. Used primarily by Digital. UCX$SMTP_NOSEY Boolean (continued on next page) 4-2 SMTP Logical Names Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Diagnostic_Logical_Names___________________________________ If you define UCX$SMTP_LOG_LEVEL, instructs the symbiont to print the Subject RFC header when it logs the RFC headers. If not defined, the Subject header is logged as Subject: only. UCX$SMTP_LOG_LINE_NUMBERS Boolean If defined, line numbers are written to SMTP logs. Includes the symbiont, receiver, and MAIL$PROTOCOL (DEBUG.TXT) logs. UCX$SMTP_SYMB_TRACE Boolean Instructs the symbiont to log all messages received from and transmitted to remote SMTP servers. Allows you to trace the SMTP application layer protocol. Any unprintable or control characters that are sent or received are printed as \n where n is the hexadecimal value of the character. For example, command lines and replies are terminated with a that would appear in the log as follows: send buf=MAIL FROM:\d\a recv buf=250 ... Sender OK\d\a where \d\a is the . UCX$SMTP_RECV_TRACE; UCX$SMTP_PROTO_TRACE[1] Boolean Instructs the receiver to log all messages received from and transmitted to remote SMTP clients. The same conventions for logging unprintable or control characters are used. [1]Obsolete________________________________________________ (continued on next page) SMTP Logical Names 4-3 Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Diagnostic_Logical_Names___________________________________ UCX$SMTP_RECV_DEBUG; UCX$SMTP_PROTO_DEBUG[1] Boolean Instructs the receiver to log full diagnostics. Performs a function similar to the symbiont's UCX$SMTP_LOG_LEVEL 5 logical name. UCX$SMTP_VMSMAIL_SEND Boolean If defined, the MAIL$PROTOCOL code logs diagnostics to a file named DEBUG.TXT in the default directory. Used primarily by Digital. UCX$SMTP_VMSMAIL_PARSE Boolean Causes the SMTP address parsing code to log diagnostics. The symbiont, receiver, and MAIL$PROTOCOL code are sensitive to this logical name, which is used primarily by Digital. UCX$SMTP_LOG_MEMORY; UCX$SMTP_LOG_EFS Boolean Used primarily by Digital to trace memory and event flag leaks. UCX$SMTP_SYMB_SNAPSHOT_BLOCKS; UCX$SMTP_RECV_SNAPSHOT_ BLOCKS Numeric ( 1-1000) [1]Obsolete________________________________________________ (continued on next page) 4-4 SMTP Logical Names Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Diagnostic_Logical_Names___________________________________ The symbiont and receiver contain a feature called snapshot logging, which allows you to run with full diagnostics enabled but to write the diagnostics to the log file only if an error is signaled. This feature saves disk space and allows the receiver or the symbiont, or both, to run at a normal speed. As each line of diagnostic text is generated, it is saved in an internal snapshot buffer rather than to the disk. The buffer is circular in that once it fills up, new lines of text start to overwrite the old data already there. This functionality provides a snapshot of the last lines of diagnostic text. Two logical names enable the snapshot feature: UCX$SMTP_SYMB_SNAPSHOT_BLOCKS for the symbiont UCX$SMTP_RECV_SNAPSHOT_BLOCKS for the receiver The value you assign to these logical names is the desired size of the snapshot buffer in OpenVMS blocks (1 block being 512 bytes). Defining either one for the given component(s) (symbiont or receiver, or both) enables the snapshot logging function. When you enable this feature, you must define the other SMTP diagnostic logical names that instruct SMTP about the types of logging you want (for example, for the symbiont you want to define UCX$SMTP_LOG_LEVEL to 5). Examples: Enter the following command line to set the log level to 5 and enable snapshot logging for the SMTP symbiont with a snapshot buffer of 200 blocks: $ DEFINE/SYSTEM UCX$SMTP_LOG_LEVEL 5 $ DEFINE/SYSTEM UCX$SMTP_SYMB_SNAPSHOT_BLOCKS 200 Enter the following command line to set all of the receiver diagnostics on and enable snapshot logging for the receiver with a snapshot buffer of 200 blocks: SMTP Logical Names 4-5 $ DEFINE/SYSTEM UCX$SMTP_RECV_DEBUG 1 $ DEFINE/SYSTEM UCX$SMTP_RECV_TRACE 1 $ DEFINE/SYSTEM UCX$SMTP_RECV_SNAPSHOT_BLOCKS 200 Note that when you enable snapshot buffering for the symbiont, it takes some time for the symbiont process to stop when you do issue a UCX STOP MAIL command or you stop the queue, depending on the size of the snapshot buffer and the speed of the system and its disks. (continued on next page) Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ (continued on next page) 4-6 SMTP Logical Names Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Miscellaneous_Configuration_Logical_Names__________________ UCX$SMTP_NO_SUBS_DOMAIN_INBOUND Boolean Instructs SMTP not to consider mail that is sent to the substitute domain as local mail. UCX$SMTP_COMMON String Specifies a cluster common directory where certain SMTP files can be placed by the system manager. SMTP looks for .DIS files and for the local alias file in this directory if it is defined. The system manager defines this logical name before UCX SMTP startup, creates the directory, and moves the .DIS files or the local alias file, or both, to the directory. If UCX$SMTP_COMMON is not defined, SMTP looks for the files in the SYS$SPECIFIC:[UCX_SMTP] directory. This logical name can be a search list. You might want SMTP to look at the clusterwide directory and then the SYS$SPECIFIC:[UCX_SMTP] directory, as follows: $ DEFINE/SYSTEM UCX$SMTP_COMMON WORKDISK:[SMTP_DIS], - _$ SYS$SPECIFIC:[UCX_SMTP] Note that other files such as control files and log files reside in the SYS$SPECIFIC:[UCX_SMTP] directory. UCX$SMTP_JACKET_LOCAL Boolean (continued on next page) SMTP Logical Names 4-7 Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Miscellaneous_Configuration_Logical_Names__________________ Affects the OpenVMS mail From: line of mail delivered by the SMTP symbiont, which contains logic to detect when SMTP mail that originated on the local host is also being delivered to OpenVMS mail on the local host. In this case, the From: line text that the symbiont passes to OpenVMS mail contains only the user name rather than SMTP%"username@host", making it impossible to know that the mail message went through SMTP. The option instructs the symbiont to put the SMTP jacket on local-to-local mail to provide sufficient information to the POP server. UCX$SMTP_INBOUND_NOXVMS Boolean Affects the OpenVMS mail To: and CC: lines of mail delivered by the SMTP symbiont. Instructs the symbiont not to use the RFC X-VMS-To header as the text of the OpenVMS mail To: line and the X-VMS-CC header as the text of the CC: line. Instead, the RFC To: and CC: lines are used. If the UCX$SMTP_INBOUND_NOXVMS option is not defined, the SMTP symbiont uses the text of the X-VMS-To and X-VMS-CC lines for the mail header lines. UCX$SMTP_VMSDEF_TO Boolean (continued on next page) 4-8 SMTP Logical Names Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Miscellaneous_Configuration_Logical_Names__________________ Affects the OpenVMS mail To: line of mail delivered by the SMTP symbiont. Instructs the symbiont not to pass any text for the To: line to OpenVMS callable mail when delivering local mail. This option causes OpenVMS callable mail to use the default text for the To: line (the user name). Overrides the UCX$SMTP_INBOUND_NOXVMS option for the To: field. ___________________________________________________________ Special_Case_Logical_Names_for_MTS_Interaction_____________ UCX$SMTP_MTS_ALLIN1 Boolean Used in older UCX versions. When relaying mail from the SMTP environment to MTS (the message router), the symbiont puts UCX_SMTP into the From: field. Otherwise, older versions of MR /MRGATE would send the mail back with a Return path too complicated error. No longer needed if you are running MR and MRGATE Versions 3.3A. UCX$SMTP_REWRITE_MTS_FROM Boolean (continued on next page) SMTP Logical Names 4-9 Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Special_Case_Logical_Names_for_MTS_Interaction_____________ Many sites make extensive use of ALL-IN-1 and MTS. They have all or many of their users forwarded to ALL-IN-1 through the use of MTS addresses. This setup can cause problems when an SMTP mail comes in from the Internet, is forwarded to MTS, and is replied to from the ALL-IN-1 account. Either the reply is sent back once it makes its way onto the Internet or the mail makes it to the other end but you cannot reply to it because the return address has been corrupted. The logical name UCX$SMTP_REWRITE_MTS_FROM allows the system manager to instruct the symbiont that when it tries to form an address in the From: field, it should parse the user name out of the complex MTS address and append the local host name instead. Then, only a simple address is sent out onto the Internet. Because the user is forwarding mail on XYZ.COM to MTS, a reply coming back to this user is relayed correctly back to MTS. Note that to ensure a correct configuration, you should use this feature only for sites that have most or all of their users forwarded to ALL-IN-1. ___________________________________________________________ Options_for_Routing_Non-Local_Mail_________________________ UCX$SMTP_ALTGATE_ALWAYS Boolean (continued on next page) 4-10 SMTP Logical Names Table_4-1_(Cont.)_Logical_Names_for_Configuring_SMTP_______ Name /Type_____Description______________________________________ Options_for_Routing_Non-Local_Mail_________________________ Instructs the symbiont to send all mail that is destined for another system (non-local mail) to the alternate gateway. Zone check is not performed. UCX$SMTP_MX_IF_NOALTGATE Boolean Instructs the symbiont to use MX records to connect to a host if the alternate gateway cannot be reached. UCX$SMTP_NO_MX Boolean Instructs the SMTP symbiont not to use MX records to route mail. Attempts to translate the domain part of each SMTP address into a host name and send the mail directly to that address. If the host name does not translate to an address, the mail is returned. If the host is not available, __________the_mail_is_queued_again.________________________ SMTP Logical Names 4-11 5 _________________________________________________________________ Corrections This chapter discusses corrections to the software and the documentation for Digital TCP/IP Services for OpenVMS, Version 4.1. 5.1 Engineering Change Orders Included This version of UCX includes the UCXECO1-040 update kit and selected files from the UCXECO2-040 update kit. For a summary of the problems that were corrected with the kit releases, see the UCXECO1-040 and UCXECO2-040 release notes. 5.2 BIND Server Corrections The following corrections to the BIND server are included in this version of the software: o On Alpha systems, zone transfer no longer terminates the system with an access violation. o The BIND server no longer terminates the system with an access violation whenever there is a cluster record in its database that points to a host that does not have the metric service enabled. o The BIND server now disables round-robin scheduling correctly, as defined by the UCX$BIND_ROUND_ROBIN_OFF logical name. 5.3 FTP (File Transfer Protocol) The notes in the following sections discuss FTP functionality. Corrections 5-1 5.3.1 FTP Server and Client Problems Corrected The following corrections to the FTP server and client are included in this version of the software. For detailed information about FTP commands and functionality, see the Digital TCP/IP Services for OpenVMS User's Guide. o Issuing a GET command to an IBM MVS host from a OpenVMS client no longer hangs the session. o Output files no longer default to FILE.TXT if you do not specify an output file name when you issue a GET command. If you do not specify an output file name when you issue a GET command, the input file name is used. If you use characters that do not conform to OpenVMS syntax, the offending characters are replaced with the underscore character (_). You need not enclose file names within quotation marks. o FTP no longer hangs when you use the /INPUT qualifier, and the commands in the specified file are now executed. Conflicts that occurred with the /USER qualifier have also been resolved. o Various FTP client logical names such as UCX$FTP_RAW_ BINARY, UCX$FTP_KEEPALIVE, and UCX$FTP_STREAMLF are now translated correctly. o File names containing characters that do not conform to OpenVMS syntax are now correctly parsed. o When you use wildcard (*) processing, FTP now returns the appropriate RMS errors instead of filtering them out. o Newly created files and directories are no longer owned by the FTP user instead of the owner of the parent directory. File ownership is determined based on user privileges. o You can now use the FTP server on a port other than the port 21 (default). o The protection problems associated with using Anonymous FTP are now resolved. 5-2 Corrections o You will no longer receive inconsistent results when you use search lists or rooted logical names with various FTP commands such as DIRECTORY, GET, and SHOW DEFAULT. A new parsing mechanism correctly handles search lists and rooted logical names. o When you issue an APPEND command to a file whose file name contains mixed-case characters, the append results are achieved and you no longer receive an error message specifying that the file was not found. o You can now use mixed-case file names in an FTP command line without enclosing them in quotation marks. o When you use the logical name UCX$FTP_WNDSIZ, you can now set the window size up to 64K. o Access problems no longer exist with Anonymous FTP. A new algorithm keeps track of allowed directory names. The new algorithm also results in accurate listings from a DIRECTORY or ls command. o The server child process UCX$FTPC_xxx no longer hangs or aborts because of access violation. o The system prompts for a user name and password now work correctly. The system prompts you for a user name and password and, if not valid, the system states that the login is incorrect. o The cd command (the UNIX equivalent to the DCL command SET DEFAULT) is no longer restricted to using the [.xxx] format for specifying directory names. o The FTP client no longer hangs after receiving an RMS-W- RTB error message when issuing a PUT command. o Files no longer become corrupted when you use FTP in VMS-Plus mode. o The PUT command no longer fails with an -RMS-E-FNF, file not found error message when you specify a source directory other than your default directory. o When you issue a a GET/FDL command, you no longer receive an -RMS-E-FNF, file not found error message after the file has been copied successfully. Corrections 5-3 5.3.2 Corrections to the Digital TCP/IP Services for OpenVMS User's Guide Please make note of the following corrections to the FTP functionality described in the Digital TCP/IP Services for OpenVMS User's Guide: o Section 2.1.2. With Version 4.1, you do not need to enclose a remote file name within quotation marks except where the remote file or path name contains unrecognized OpenVMS characters (for example: #, %, @, and /). Now that quotation marks are not required, it is no longer necessary for you to redefine FTP as FTP/ULTRIX. o FTP examples throughout the manual. When you enter DCL commands, you must include additional information within quotation marks if that information contains unrecognized OpenVMS characters (for example: #, %, @, and /). The following example shows the correct format: FTP> SET DEFAULT "/usr/users/robin" o Section 2.3.2. The GUEST$PUBLIC directory no longer exists. See your system manager for information about the directory UCX$FTP_ANONYMOUS_DIRECTORY that is used for remote file operations for users of Anonymous FTP. o Section 2.4.1. Note the following correction to the first paragraph: By default, the PUT command copies files to UNIX systems without affecting the case of the file names. 5.4 NFS Problems Corrected The following corrections to the NFS server and client are included in this version of the software. For detailed information about NFS functionality, see the Digital TCP/IP Services for OpenVMS Management. 5-4 Corrections NFS Server o The NFS server now uses an end-of-directory "cookie" that is less likely to be misinterpreted. In previous versions, misinterpretation of the "cookie" by some implementations caused symptoms such as UNIX utilities looping through a directory over and over or reporting an error where no error condition existed. o A user is no longer denied access if the exported disk device has an ACE (access control entry) that denies access to a different user. o In OpenVMS-to-OpenVMS mode, if the target of a rename is the same as an existing file in the directory, the existing file of that name is no longer deleted. o In OpenVMS-to-OpenVMS mode, files are no longer purged at inappropriate times. o If you enable the typeless directory export option, the .DIR extension is no longer removed from files that are not directories. o If data conversion is disabled, UNIX clients are now given a period (.) as the version delimiter instead of a semicolon (;). o The NFS server no longer loops if it receives a request to mount that contains a zero-length path name. o The UCX server now correctly forms a reply to the UNIX commands showmount -e and showmount -d when used with a large export database. o If you rename a directory with the typeless directory export option enabled, the directory name now contains the .DIR extension on the Files-11 disk. o Sequential, STREAM_CR format records are no longer converted to STREAM_LF format if the NODATA_CONVERSION export option is enabled. o If you write an application, an incorrect message sent to the NFS port no longer causes the NFS server to terminate with an access violation. Corrections 5-5 NFS Client o The NFS client no longer terminates the system with an access violation as a result of certain sequences of operations. o If a proxy record contains a host name that cannot be translated, the loading of the proxy database is no longer halted. o With certain server implementations, the client no longer loops indefinitely when trying to create a file without write access to the parent directory. o The NFS client no longer terminates the system with an access violation when files are being restored as a result of issuing a BACKUP/REPLACE command. o After you create a new directory and a file within that directory in OpenVMS-to-OpenVMS mode, you can view the new file immediately. o The NFS client no longer causes a PGFIPLHI bugcheck system crash. PC-NFS Daemon o NFS clients that use the Version 1 of the PC-NFS protocol can now authenticate. 5.5 SMTP Problems Corrected In addition to those problems corrected with the update kits noted in Section 5.1, the following SMTP (Simple Mail Transfer Protocol) corrections are included in this version of the UCX software. For detailed information about SMTP commands and functionality, see the Digital TCP/IP Services for OpenVMS User's Guide. o The UCX$UUENCODE program for storing binary files in 7-bit ASCII format no longer fails with an access violation. o Mail that contains a return-path with a quoted local part that needs to be rejected and sent back is no longer sent back incorrectly to the local postmaster. Instead, the mail is sent back to the original sender. 5-6 Corrections o Using SMTP, users can now forward mail to themselves on the local host without causing the symbiont to crash and create a corrupt control file. o Local addresses in the SMTP distribution files are now recognized as such. o SMTP now supports a new system logical name for cluster common storage named UCX$SMTP_COMMON. With UCX$SMTP_ COMMON, SMTP distribution files no longer need to be duplicated in each SYS$SPECIFIC:[UCX_SMTP] directory. The logical name UCX$SMTP_COMMON replaces the logical name UCX$SMTP_DIS_DIRECTORY. UCX$SMTP_COMMON should be defined by the system manager before UCX SMTP startup to point to a single directory or a directory search list. If the logical name is defined, SMTP looks for its distribution files in the directory or directories to which the logical name points. To configure all your UCX SMTP cluster nodes to look in the same place, define the logical name to point to a directory visible to all the nodes. If you do not define UCX$SMTP_COMMON, UCX looks for the distribution files in the SYS$SPECIFIC:[UCX_ SMTP] directory. The logical name can be a search list. You can define the logical name such that SMTP searches the clusterwide directory then the SYS$SPECIFIC:[UCX_SMTP] directory. For example: $ DEFINE/SYSTEM UCX$SMTP_COMMON WORKDISK:[SMTP_DIS], - _$ SYS$SPECIFIC:[UCX_SMTP] Note that SMTP distribution (.DIS) files must be world readable or owned by UCX_SMTP. o You can now use an exclamation point (!) to include a comment in an SMTP distribution file with the restriction that the exclamation point must be the first character of the line. No leading white space is allowed. o In previous releases, you could not configure SMTP to recognize as local any domain from a list of domains specified by the system manager. Corrections 5-7 This release contains a new local alias feature that allows the system manager to define a list of domains that SMTP interprets as local. If it sees mail to any one of the domains specified as local aliases, it delivers the mail on the local system through callable OpenVMS mail rather than forwarding it to another system through the SMTP protocol. To define the aliases that you want to be considered local, use your text editor or the DCL command CREATE to create a file named UCX$SMTP_LOCAL_ALIASES.TXT. You can put the file in either the UCX$SMTP_COMMON directory or in the SYS$SPECIFIC:[UCX_SMTP] directory. Each line in the file represents one domain that you want SMTP to recognize as local. For example: $ SET DEF UCX$SMTP_COMMON $ CREATE UCX$SMTP_LOCAL_ALIASES.TXT ! ! This is a comment. ALIAS1.MYDOMAIN.EDU ALIAS2.MYDOMAIN.EDU ALIAS3.MYDOMAIN.EDU $ @SYS$MANAGER:UCX$SMTP_SHUTDOWN.COM $ @SYS$MANAGER:UCX$SMTP_STARTUP.COM The above example tells SMTP to recognize aliases 1, 2, and 3 as local. The entries in the local alias file must adhere to the following syntax rules: o Only one alias entry per line. o The comment character, a exclamation point (!), must appear in the first column. o Include a period (.) to the entry. SMTP does not append the local domain name to an entry that does not contain a period. For example, if your local domain is MYDOMAIN.COM and you want ALIAS1.MYDOMAIN.COM to be recognized as local, you must enter ALIAS1.MYDOMAIN.COM into the local alias file. o Enter characters in either uppercase or lowercase. 5-8 Corrections o Set the file protection to W:RE. o There is a maximum of 255 aliases, each of which can be a maximum of 64 characters long. After you change the local alias file, you must stop and restart SMTP for the changes to take effect. o In previous releases, mail from a local sender to a local recipient did not appear to be from SMTP but from a user name. In this release, you can define the symbiont to include the SMTP path information by defining the Boolean logical name UCX$SMTP_JACKET_LOCAL as follows: $ DEFINE/SYSTEM UCX$SMTP_JACKET_LOCAL 1 For example, user Jones sends mail to SMTP%"SMITH@ACME.COM. Without UCX$SMTP_JACKET_LOCAL defined, user Smith sees only From: JONES. With UCX$SMTP_JACKET_LOCAL defined, user Smith sees From: SMTP%"JONES@ACME.COM". o In previous versions, users wrote their own queue watcher .COM file to keep the queues running while problems were researched by Digital engineering. A queue watcher command file is now available that replaces the need to write your own command file to keep queues running on systems that are having problems with a crashing symbiont. The command file is located in UCX$EXAMPLES and is named UCX$RESTART_SMTPQ.COM. The operation and use of the command file are documented in the file's header comments. The file can check for a number of different situations and put a job suspected of causing problems on hold so that the job does not get back into the queue and cause more problems. Please note that you are responsible for the use of this command file; Digital does not provide support for its use. Corrections 5-9 6 _________________________________________________________________ Changes, Problems, and Restrictions This chapter provides general notes about changes, problems, and restrictions in the Digital TCP/IP Services for OpenVMS Version 4.1 (UCX) software. 6.1 BIND Server: Changes to Load Balancing For Version 4.1, changes were made to the load balancing mechanism for the BIND server. If you are accustomed to the previous behavior of METRICVIEW, you can define a symbol pointing to the METRICVIEW image, as follows: $ METRIC*VIEW := $UCX$METRICVIEW $UCX$METRICVIEW supports the following qualifier: /HOST=hostname The name of the host that is to receive a query from METRICVIEW. The metric service must be enabled on the host. If you use $UCX$METRICVIEW without the qualifier, METRICVIEW sends a broadcast message to the subnet, waits 2 seconds for responses, then prints the results. 6.2 New Configuration Procedure Available for the BIND Server With Version 4.1, an interactive, menu-driven procedure is available for configuring the BIND server. To start the procedure, run the SYS$MANAGER:UCX$BIND_SHELL.COM file. Changes, Problems, and Restrictions 6-1 6.3 POP Problems The following problems exist in this release of POP: o Both the UCX and IUPOP3 servers have problems parsing addresses that include personal names containing double quotes. o Both the UCX and IUPOP3 servers have problems parsing addresses that contain a space within the address. These problems happen in special situations only and will not concern most users. o The UCX POP server serves a maximum of 31 threads only. Because of problems in the UCX auxiliary server's handling of nolisten services, the maximum number of concurrent connections to the UCX POP port (port 110) of each host is 31. The callable OpenVMS Mail utility (MAIL) limits user processes to 31 concurrent mail threads; therefore, one POP server process can handle 31 threads only. A system could serve more than 31 concurrent POP connections by having multiple POP server processes running. However, the auxiliary server problem prevents the creation of additional POP server processes when one process reaches its maximum. When this problem is corrected, more than 31 concurrent POP connections will be servable, because multiple POP server processes will be created. o Problems relating to the OpenVMS operating system: - The UCX POP server receives an RMS-F-IRC error message. Problem: If you are running OpenVMS Version 6.1, the POP server is susceptible to crashing at intermittent and unpredictable intervals, returning this message: RMS-F-IRC, illegal record encountered; VBN or record number = nn where nn is the OpenVMS number that was in error. This situation is caused by a problem that occurs when you issue a CONVERT/RECLAIM command; the resulting action can sometimes corrupt an index file's internal data structures. The UCX POP server 6-2 Changes, Problems, and Restrictions is capable of performing a PURGE/RECLAIM action but does not do so by default. Solution: 1. Apply the appropriate patch. o CSCPAT_1181 VAXRMS01_061 Mail/Convert VAX V6.0- V6.1 ECO S o CSCPAT_2062 AXPRMS01_061 AXP V6.1 Mail/Convert ECO Summary 2. Ensure that all users issue the following command to clean out their mail files: $ CONVERT MAIL.MAI MAIL.MAI - Memory leaks in OpenVMS callable mail may still exist. If the UCX POP server crashes with insufficient memory, you can lengthen the life of the server process between crashes by increasing the UCX$POP account's PGFLQUO. - On OpenVMS VAX Version 6.2, the UCX POP server may exit with an access violation message. If the POP server reads a variable with fixed-length control (VFC) .MAI file on an OpenVMS VAX Version 6.2 system, the server displays an access violation message and exits. This problem will be corrected in a future release of the software. 6.4 NTP (Network Time Protocol) Service The default system time is in Greenwich Mean Time (GMT). The logical name UCX$NTP_TZ stores the UTC offset (in seconds). For example, in a location with daylight saving time (EST5EDT4), the UCX$NTP_TZ definition is -040000. For time-zone offset information, define the logical name UCX$NTP_TZ before you start NTP. Edit the following line in SYS$COMMON:[SYSMGR]UCX$NTPD_STARTUP.COM: $ DEFINE /SYSTEM UCX$NTP_TZ -040000 Change the value to your time-zone offset and delete the semicolon. Changes, Problems, and Restrictions 6-3 If the NTP Service is enabled, turn on your privileges and stop NTP by executing the command file as follows: $ @SYS$MANAGER:UCX$NTPD_SHUTDOWN.COM To restart NTP, execute the command file as follows: $ @SYS$MANAGER:UCX$NTPD_START.COM 6.5 SMTP Addressing Syntax Guidelines SMTP does not set the RFC 822 CC: header for outbound mail. SMTP does not work correctly when a user, sending mail to multiple users, mixes local and remote addresses. To work around this problem, use the following syntax at the To: prompt: $ MAIL MAIL> SEND To: SMTP%"addr1,addr2,addr3" where each address is a fully qualified SMTP address. For example, mail a copy of the same file to the following people: o Users Julie and Mark on the local system o User John on remote host beach.ocean.com o User Ramesh on remote host lake.tarn.edu $ MAIL MAIL> SEND MEMO.TXT To: julie,mark,smtp%"john@beach.ocean.com,ramesh@lake.tarn.edu" Subj: For Your Review To use SMTP to send to the local recipients, keep the local recipients separate from the non-local recipients. At the To: prompt, enter: To: SMTP%"julie,mark",smtp%"john@beach.ocean.com,ramesh@lake.tarn.edu" 6-4 Changes, Problems, and Restrictions 6.6 Corruption in SMTP Control Files Intermittently, the SMTP symbiont signals an error on a particular control file. The most common error message returned is SYSTEM-F-BADPARAM, although the problem can sometimes result in the access violation message SYSTEM- F-ACCVIO. During most of the occurrences, the symbiont process crashes, leaving a dump file. If you do not delete the queue entry for the control file that caused the crash, the entry will be the first entry processed when the queue is started after the crash and will cause the queue to crash again. If the job is put on hold and a UCX command SHOW MAIL/FULL is issued, the SHOW MAIL command either signals an error or hangs. This problem is due to a periodic corruption that occurs in SMTP control files and happens more frequently with high- use systems (1000 or more control files processed per day) than with systems processing less mail. To work around the problem, run the SMTP queue watcher command file UCX$EXAMPLES:UCX$RESTART_SMTPQ.COM. The header comments of this file describe its use and operation. 6.7 NFS (Network File System) The notes in the following sections discuss functionality in the NFS software. 6.7.1 NFS Procedures Changed to Encourage Use of NFS Management Commands With Version 4.1, the NFS startup and configuration procedures were changed to encourage system managers to migrate to current NFS management commands. If the file SYS$STARTUP:UCX$NFS_SET_FS.COM exists at UCX startup, it is executed and the following informational message is displayed: %UCX$NFS-I-INFO, SYS$SYSROOT:[SYS$STARTUP]UCX$NFS_SET_FS.COM has been superseded -UCX$NFS-I-INFO, by $UCX SET CONFIGURATION MAP command. -UCX$NFS-I-INFO, File can be deleted after migration to current method. ________________________ Note ________________________ If POSIX is installed on your system, ignore this informational message and continue to use Changes, Problems, and Restrictions 6-5 SYS$SYSROOT:[SYS$STARTUP]UCX$NFS_SET_FS.COM unchanged. The POSIX startup sequence requires this file and the use of the BIND command instead of the MAP command. ______________________________________________________ You should migrate to the current documented method at your convenience, then delete the UCX$NFS_SET_FS.COM file. In the meantime, the software will work as before: the informational message continues to be displayed at UCX startup if the UCX$NFS_SET_FS.COM file exists. When you have migrated (and have deleted the file), you no longer receive the informational message. As a result of this change in functionality, the UCX$CONFIG.COM file no longer generates an empty UCX$NFS_SET_FS.COM file. You are expected to use the SET CONFIGURATION MAP command instead. 6.7.2 NFS-Providing Universal Access to World-Readable Files Both the NFS server and the NFS client use a proxy database for access control. To provide universal access to world-readable files, you can use the default user ID (UID) and avoid the need to create a proxy for every NFS client user. Digital strongly recommends that, for any other purpose, you provide a proxy with a unique UID for every NFS client user. Otherwise, client users may see unpredictable and confusing results when they try to create files. 6.7.3 NFS Client and Server Restrictions This release of the NFS (Network File System) software has the following restrictions: o If you add an export record using the command ADD EXPORT/OPTIONS=NAME_CONVERSION and enter a SHOW EXPORT command, the display does not show any evidence of the name conversion option unless you include another option such as /OPTIONS=TYPELESS_DIRECTORIES. o Issuing the BACKUP/VERIFY command might result in spurious verification error messages. o Remotely accessing CMS libraries through NFS is not recommended. 6-6 Changes, Problems, and Restrictions o The NFS Client with OpenVMS POSIX is not supported. You cannot map remote file systems for use by OpenVMS POSIX applications through the use of the NFS client. 6.7.4 Mounting the Master File Directory (MFD) The MFD of an OpenVMS server's disk is not world-readable. Both UNIX and OpenVMS NFS clients can mount the MFD. The following are sample mounts from UNIX and OpenVMS NFS clients: o On the NFS server: UCX> SHOW MAP Dynamic Filesystem Map Pathname Logical File System/dkb100 DKB100: o Mounting from the UNIX client: # mount grackle:/dkb100/mnt o Mounting from the OpenVMS client: UCX> MOUNT DNFS1: /HOST="nfs_server" /PATH="/dkb100" The OpenVMS client always reads the MFD. However, if the MFD is protected, the operation fails. If the MFD of a disk you are mounting is read-protected against the UIC to which the remote OpenVMS clients are mapped ("destination UIC"): o Do not mount the MFD. o Mount the lower-level directories. They are readable by the destination UIC. The following are sample directory listings from UNIX and OpenVMS NFS Clients: - A listing from the UNIX client. This command fails (by design) because the MFD is protected: # ls /mnt - A listing from the OpenVMS client. This command fails (by design) because the MFD is protected: $ DIRECTORY DNFS1: - A listing from the UNIX client. This command executes because the client does not read the MFD: # ls /mnt /mydir Changes, Problems, and Restrictions 6-7 - A listing from the UNIX client. This command also fails (unintentionally) because the OpenVMS client reads the MFD: $ DIRECTORY DNFS1:[MYDIR] 6.8 RCP (Remote Copy) How some of the RCP error and status messages appear to you depends on the remote host's implementation. If a remote user supplies incorrect information, the contents of the error message that is sent is unpredictable. Regardless of the exact text, however, it always informs you that the problem is either an invalid user name or password at the remote system. For example: $ RCP /PRESERVE /LOG /USER=AC LOGIN.COM - _$ "LORAN:SYS$SYSDEVICE:[ARVIND]AC.DAT" UCX$RSHD - Permission denied - VMS user:AC %RCP-E-INVRESP, invalid response from remote system $ RCP /USER=ARVIND /PASS=AC LOGIN.COM - _$ "LORAN:SYS$SYSDEVICE:[ARVIND]AC.DAT" INTERnet ACP AUXS failure Status = %LOGIN-F-INVPWD $ RCP /PRESERVE /LOG /USER=AC LOGIN.COM - _$ "HAGELN:SYS$SYSDEVICE:[ARVIND]AC.DAT" Login incorrect. %RCP-E-CONHST, error connecting to remote host HAGELN.UCX.LKG.DEC.COM $ RCP /USER=ARVIND/PASS=AC LOGIN.COM - _$ "DOT:SYS$SYSDEVICE:[ARVIND]AC.DAT" login information not recognized at remote node %RCP-E-CONHST, error connecting to remote host DOT $ RCP NEWSYS:LOGIN.COM "arv@loran:abc.dat" %RCP-E-INVRESP, invalid response from remote system INTERnet ACP AUXS failure Status = %NONAME-E-NOMSG $ RCP /USER=ARV NEWSYS:LOGIN.COM "LORAN:AC.DAT" UCX$RSHD - Permission denied - VMS user:ARV 6-8 Changes, Problems, and Restrictions When you interactively invoke RCP, you get the following prompts: From To _Option The valid choices are: From -r To -p If you first answer the _Option prompt, RCP prompts you again (one prompt for -r and the other for -p). You can also answer each prompt by entering Return. 6.9 UCX on OpenVMS Clusters The UCX$CONFIG.COM configuration procedure creates node- specific data on an OpenVMS cluster in SYS$COMMON. The command procedure does not configure this data in SYS$SPECIFIC on a per-node basis. Node-specific data is identified by the member's node name, which is defined in SCSNODE in SYSGEN. If you change your node name in SYSGEN, follow these steps: 1. Delete the node-specific information. 2. Make the changes in SYSGEN, then reboot the system. 3. Rerun UCX$CONFIG.COM. Avoid binding a socket to a cluster alias. Because the cluster alias is distributed in time, a socket bound to it has periods during which it is not fully active. A UDP socket may stop receiving data, while a TCP socket may stop both to transmit and receive data. For receiving data destined to the cluster alias, bind to the IP address 0 (UCX$C_INADDR_ANY). Changes, Problems, and Restrictions 6-9 6.10 Management Commands The management commands have the following restrictions: o SET NOROUTE command-Partial wildcards are not valid, for example: UCX> SET NOROUTE route* o SET SERVICE command-When you modify parameters to a service, disable and re-enable the service for the modifications to take effect. o DISABLE SERVICE command-Except for Telnet and remote login, the DISABLE SERVICE command disables the specified service, but does not stop the current process, if one exists. To stop and restart the current process, follow these steps: 1. Wait until the process exits or stop it with the DCL STOP PROCESS /ID=n command. 2. Issue ENABLE SERVICE. 6.11 Sun RPC (Remote Procedure Calls) Digital TCP/IP Services for OpenVMS Version 4.0 (UCX) implemented the Sun ONC Version 4.2 RPC protocol. UCX links this development software with DECC$SHR instead of VAXCRTL. To use UCX RPC, you must now compile your programs using DEC C. OpenVMS VAX Systems On an OpenVMS VAX system, when you upgrade from UCX Version 3.3 or earlier to Version 4.1, the installation procedure installs a new UCX$RPCXDR_SHR.EXE image and renames the existing copy of UCX$RPCXDR_SHR.EXE to UCX$RPCXDR_SHR.EXE_ OLD. If any of your applications that use RPC were compiled and linked using UCX Version 3.3 or earlier, you must either rebuild the application using DEC C or revert to the previous UCX$RPCXDR_SHR.EXE file. 6-10 Changes, Problems, and Restrictions