Setting Up Web Messaging

---

To set up Web Messaging, you need to:

• Determine the web address for your Web Messaging server.
• Optionally, set up the SSL capability to provide secure communications between the server and users' browsers.
• Configure the Web Messaging server.
• Set user access to Web Messaging.

Web Address for the Web Messaging Server

By default, the Web Messaging server is assigned a web address that consists of the host name of the IMail Server host and a web server port number. The default port number is 8383. If your mail host had a name of mailhost1.ipswitch.com, then the address will be:
http://imail.ipswitch.com:8383

Your mail users can start Web Messaging by entering the address in their browser's address field.

If you are not running another web server on the same host, you can set the port number to the normal HTTP (web) server port of 80. In this case, users do not have to specify the port with the web address. For example, you could enter: http://imail.ipswitch.com

Note that some firewalls may block the 8383 port, in which case you need to change the port number. To change the port number, see "Configuring the Web Server".

If You Have Multiple Mail Hosts

If you have set up multiple mail hosts on your IMail Server system, the web address is determined by whether the mail host has it's own IP address or uses a virtual IP address. (For information on virtual hosts, see "Chapter 3: Configuration".)

If each host has its own IP address, you will have a different web address for each host. For example, if you have set up the following hosts:

mail.marcel.com 	156.21.50.78 
mail.magnolia.net	156.21.50.80 

the web address for the respective hosts would be:

mail.marcel.com:8383 
mail.magnolia.net:8383 

If a mail host does not have an IP address, then it will have the same web address as the primary mail host. For example, if you have set up the following hosts:

mail.marcel.com 	156.21.50.78 
mail.magnolia.net	<$virtual IP> 

the web address for both hosts would be:

mail.marcel.com:8383 

The host mail.magnolia.net can still have its own set of users, but users on this host must identify the host when they enter their logon user ID. For example, the user fred on mail.magnolia.net would enter the web address mail.marcel.com:8383 to open the Logon page, then would enter fred@mail.magnolia.net as his user ID.

Using Secure Sockets Layer (SSL)

You can set up the Web Messaging server to use Secure Sockets Layer (SSL) for communications between a browser and the server. SSL encrypts your mail communications so they can be read only by the intended recipients.

SSL is a protocol that uses "certificates" to authenticate the client and server, and uses a public/private key "pair" to encrypt and decrypt communications. All of the major browsers are SSL enabled.

Certificates. Certificates are used to establish the identity of the client (browser) and the server.

You can run SSL for Web Messaging with:

• A self-signed SSL certificate. The server identifies itself to the client, but its certificate has not been issued by one of the third-party Certificate Authorities. Clients who log on to IMail Server using Netscape and Internet Explorer will receive a warning message ("This site is not secured..."). These users can continue logging on after acknowledging the warning.
• An SSL certificate issued by a Certificate Authority. The certificate verifies to the client that the identity claimed on the certificate is accurate. You can purchase a third-party certificate from Thawte Consulting (www.thawte.com) or Verisign (www.verisign.com).

IMail Server comes with an SSL Utility that generates both an IMail Server self-signed SSL certificate as well as a certificate request you can send to a Certificate Authority.

Public/private key encryption. When a browser connects to the Web Messaging server, the server sends its certificate and public key to the browser. The browser can now use the public key to encrypt communications. Only the web server has the private key, which is used to decrypt communications sent from the browser.

Ciphers. The server and client must agree on the algorithm, called a "cipher," used to encrypt data. You select the cipher when setting up SSL on the server.

For more information on how SSL works, visit:

home.netscape.com/security/techbriefs/ssl.html

Setting Up SSL on the Server

This section outlines the procedure for setting up SSL on the server.

• First, you use the IMail SSL Configuration Utility to set up the SSL certificate and public/private key pair.
• Then, you enable SSL in the IMail Administrator, on the Web Messaging Advanced tab.

For detailed information about the SSL options, see the online help in the IMail SSL Configuration Utility and help for the Web Messaging Server tab in IMail Administrator.

To enable SSL for the Web Messaging Server, you need to do the following:

1. Set the registry path for the SSL keys.

   From the Start menu, select Programs -> IMail -> IMail SSL Configuration Utility. Select Registry Path from the File menu. Enter the path: software\ipswitch\imail\ssl

2. Generate a certificate and public key. We recommend that you use the self-signed certificate for your server.

   In the IMail SSL Configuration Utility, click Certificate. For more information, select Help Topics from the Help menu, then go to the "Getting an SSL Certificate" topic.

3. Configure SSL and select the cipher to use for encryption.

   In the SSL Configuration Utility, click SSL Configuration, and then complete the wizard. For information, select Help Topics from the Help menu, then go to the "Configuring SSL" topic.

4. If you want the server to authenticate clients, configure how it will do it.

   In the SSL Configuration Utility, click Client Authentication. For more information, select Help Topics from the Help menu, then go to the "Dealing with Clients" topic.

   We recommend that you allow any client to connect to your server, thus you would not turn on the Client Authentication option.

5. Activate SSL for the Web Messaging server. In the IMail Administrator, select the "Services" folder, then select Web Messaging and click on the Advanced tab to show the SSL options. Turn on Enable SSL. See "Configuring the Web Server" for information about the SSL options.

Starting an SSL Connection from a Browser

Users can open Web Messaging with an SSL connection as follows:

1. In the browser, enter the address for the Web Messaging server, for example: mail.domain1.com:8383.The IMail Web Messaging logon appears.
2. On the Logon page (or on any other Web Messaging page), select Enter Secure Mode.
3. The browser usually asks you to confirm that you want to use "secure mode." Click OK. If you used the self-signed certificate, the browser may also display a warning that the certificate is not "trusted." Click OK again to continue.

The browser is now in secure mode. You can click again at the bottom of any Web Messaging page to return to regular mode.

Enabling SSL from within the Web Address

When you enter the web server's address in a browser and use HTTPS (in place of HTTP) in the address, the browser attempts to connect to the server using SSL. For example, the address would look like:

https://mail.domain1.com:8383 

Using a Different Port for SSL

The standard port for SSL is 443. If you use a different port number, this port number must be specified in the web address that Web Messaging users log on to. For example, if you use port 8384 for SSL, and the web server is on port 8383 of mail1.domain.com, the web address would be:

mail1.domain.com:8384 

Users can bookmark the web address (save it as a Favorite), so they do not have to enter it each time they log on.

Troubleshooting SSL

You can check the following if you are having trouble getting SSL to work:

• IWebMsg.ini should have EnableSSL=1 (ForceSSL=1 may or may not be there).
• IWebMsg.ini is in proper windows directory (%WINDOWS% usually \Winnt).
• After changing IWebMsg.ini, stop service and restart it again to have changes recognized by the application.
• Select "Allow Service to interact with Desktop" to see if there is any message from SSL.DLL, like initialization failure because certificate or key file is not found. If SSL.DLL initialization has failed, then Web Messaging will not continue.
• If application is running but SSL is not working, EnableSSL is the only problem.
• SSL2.CGI allows change from secure to non-secure mode. If SSL is disabled, then changeover from secure to non-secure is not allowed; hence SSL2.CGI is not parsed.
• The private key file is protected using a password specified in SSL Configuration Utility. This password is required for decoding the key file while loading the SSL server. This password is stored in the registry and automatically retrieved during the loading process of SSL Server. The registry path for IMail Server is usually SOFTWARE\Ipswitch\imail\ssl. The registry path must be correct; otherwise an error message is generated and the files will not be created.

Configuring the Web Server

The Web Messaging server is installed on the host where the IMail Server software is installed. You can change the default port number and web directory, set SSL options, set other web server options, and start and stop the web server. (Some of these options can also be set in the iwebmsg.ini file in the winnt folder.)

1. Select the "Services" folder in the left panel and click Web Messaging. Then click on the Web Messaging Server tab.

2. Change any of the web server properties. See the previous sections for more information about the web server port and SSL.

   Log to. This is where web server information will be stored. You can choose from:

   W#YYMMDD.log	No Log
   App Log	Log Server

   Web Server Port. This is the port on the local system on which the Web Messaging server operates. If you change the port, the Web Messaging server must be stopped and restarted.

Note: If you use a non-standard port number (anything other than 80), users will need to specify the port in the logon web address. For more information, see "Web Address for the Web Messaging Server".

Web Files Directory. This directory contains the files used to create web pages for Web Messaging. If you change this directory, you must stop and restart the web server.

Max Concurrent Users. This is the maximum number of users that can be logged into Web Messaging at the same time.This option must set between 256 and 1024 users.

Note: It is not possible to limit Web Messaging to allow less than 256 concurrent users, and no more than 1024. If a number outside of this range is entered for this option, it will still be displayed, but will not function. In that case even though the setting may display 2, the system is actually allowing 256 concurrent users.

Max Attachment Size. Use this setting to control the maximum size (in kilobytes) allowed for attachments.

Ignore source address in security check. Before displaying a page, the web server checks the IP address that requested the page against the IP address from which the user logged on. If you select this option, the web server does not check the IP address. This can be useful with some firewalls and with service providers that use dynamic IP addresses (such as America Online).

Enable Keep Alive. Turn on this option if you want to create a persistent TCP connection between the Web Messaging server and a browser (if the browser supports it). If the option is turned off, the server closes the TCP connection after each response.

Normally, the connection between a browser and a web server is valid only for a single request/response pair. Turning on Enable Keep Alive can improve performance by reducing overhead per request, but it also means that less resources are available for other processes, such as creating new connections.

Note: If you turn on Enable Keep Alive and Enable Thread Pooling, the number of simultaneous connections allowed to the server will equal the Max Work Threads. Thus, you will be limiting the number of connections allowed.

Enable Statistics. Enables statistical information about the system, to be viewed through Web Messaging.

Auto Restart Server on Apply. If this is selected, the web server will be stopped and restarted automatically when you click Apply (if you changed anything requiring the server to stop and restart). We recommend that you select this option.

3. Click Apply to save your changes.
4. Click Stop to stop the Web Messaging server. The Stop button toggles to Start. Click Start to restart the server.

Advanced Tab

On the Advanced tab, you can set Spell Checking, SSL, thread pooling and user login suspend properties.

1. Optionally, set Spell Checking Options.

   Web Spell Checking Port. The port which runs the spell checker's java applet. By default the port is 8385 but is configurable.

   Maximum Number of Spelling Suggestions. The maximum number of spelling suggestions that will be given for a misspelled word.

   For information about setting up spell check dictionaries, see the Spell Check section on page 109.

2. Optionally, set SSL options. For information about SSL, see "Using Secure Sockets Layer (SSL)".

   Enable SSL. Turn on this option if you are using the Secure Sockets Layer (SSL) utility to encrypt communications with the Web Messaging client. This sets the Web Messaging server to accept SSL connections in addition to normal connections.

   Web SSL Port. The TCP port on which Web Messaging listens for an SSL-based HTTP request. If you used the default Web Server Port for Web Messaging (8383), then you can assign any TCP port number here, the default is 8384. The standard SSL port is 443.

Note: If you use a non-standard port number (anything other than 443), users will need to specify the SSL port in the logon web address.

Force SSL. Turn this option on if you want the Web Messaging server to accept only SSL-based HTTP connections; normal HTTP connections are not accepted.

3. Optionally, set Thread Pooling options.

   Web Messaging can create a thread pool for handling HTTP requests (from the browser) on this TCP port. Using thread pooling reduces the overhead involved in creating and closing threads. However, if all threads in the pool are in use (in other words, your server is seeing heavy use), then an additional HTTP request will be denied. Also, threads reserved for use by Web Messaging are not available to other processes running on your server. You need to determine if thread pooling is appropriate for your Web Messaging server.

   Enable Thread Pooling. Turn on this option to create a thread pool for handling HTTP requests from clients. Web Messaging creates up to Max Work Threads (default is 64) to process requests. If this option is turned off, Web Messaging creates a thread to handle each request (either persistent or normal) and after handling that request, destroys the thread.

   Max Work Threads. Use this setting to constrain the load on your web server. This value sets the maximum number of work threads that can be used simultaneously by Web Messaging. If an HTTP request requires a work thread and the maximum has already been reached, Web Messaging returns a "server not available" message. This option requires that Enable Thread Pooling is turned on. The default value is 64.

   Thread Exit. Turn on this option if you want Web Messaging to close a thread after the HTTP request is processed completely. Web Messaging will create a replacement for closed threads on next poll time, which is set in Thread Check Time. Turn off this option if you want Web Messaging to keep the thread open and available for another request. This option is used only when Enable Thread Pooling is turned on.

   Thread Check Time. This is the interval (in seconds) used by Web Messaging to check the status of the thread pool. If the current number of work threads is less than Max Work Threads, then new threads are created. This option is used only when Enable Thread Pooling is turned on. The default value is 10 seconds.

4. Optionally, set suspend user options

   Enable User Login Suspend. Turn on this option to activate automatic suspension of user accounts. This occurs only when an account has met the criteria listed by the administrator.

   Maximum Number of Tries before Suspend. The maximum number of times a user can attempt to logon before their account is suspended.

   Suspend Duration. The amount of time(in seconds), that the account will be suspended.

   Time Suspend Info Remains in the Registry. The amount of time that information about suspended accounts is stored.

   Maximun Number of Suspends Before Lockout. The maximum number of times a user can attempt to logon before being locked out of the system.

5. Click Apply to save your changes.

Setting Access to Web Messaging Functions

Web Messaging provides access to mail functions based on the user permissions granted in the IMail Administrator. Permissions can be assigned for each individual mail account or globally, for all users on a mail host. A user can be granted some or all of the following permissions:

Allow Web Access. Allows this user access to their account via Web Messaging.

Host Administrator. Allows this user to add, modify, or delete users and aliases and set rules on their mail host. Allow Web Access must also be selected.

List Administrator. Allows this user to remotely manage IMail Server mailing lists on their mail host. Allow Web Access must also be selected.

IMail System Administrator. Lets this user manage all mail hosts, view the spool directory and logs, set rules, and edit the messages displayed when users log on to Web Messaging. If this user also has Host Administrator permission, they can manage user accounts and aliases on all mail hosts. If this user has List Administrator permission, they can manage lists on all mail hosts. Allow Web Access must also be selected.

To set access to Web Messaging for an individual user mail account:

1. In IMail Administrator, select the mail host, and then select the "Users" folder. Select a user ID to see the user's properties in the right panel.
2. Select Allow Web Access and then click Apply to apply the change.
3. Optionally, click the Host Administrator, List Administrator or IMail System Administrator options to allow this user access to the extended menu options associated with each. Click Apply to save any changes.

To set Allow Web Access as the default for all new users that you create:

1. Select the mail host, and then select the "Users" folder.
2. Select Allow Web Access and click Apply to apply the change.

To set Allow Web Access to be the default for all existing users:

1. Select the mail host, and then select the "Users" folder to see the default settings in the right panel.
2. Select Global User Changes.
3. Select Allow Web Access and then click Change ALL Accounts to apply the change.

Using Remote Administration Functions

An extended menu containing remote administration functions is available to you if your mail account has Host Administrator, List Administrator or IMail System Administrator access enabled. See "Setting Access to Web Messaging Functions" for how to grant permissions.

The following sections provide an overview of the remote administration functions. See the Web Messaging online help for more information on these functions.

User Administration

If you have User Administrator permissions, you can add, modify, and delete user mail accounts for your mail host. If you have User Administrator and IMail System Administrator permissions, you can add, modify, and delete user mail accounts for any mail host.

Alias Administration

If you have Alias Administrator permissions, you can add, modify, and delete aliases for your mail host. If you have Alias Administrator and IMail System Administrator permissions, you can add, modify, and delete aliases for any mail host. See "Chapter 4: User Mail Accounts" for a description of the alias properties.

List Administration

If you have List Administrator permissions, you can add, modify, delete and moderate lists for your mail host. If you have List Administrator and IMail System Administrator permissions, you can add, modify, delete and moderate lists for any mail host.

Viewing Monitor Logs and the Spool Directory

If you have IMail System Administrator permissions, you can view the following IMail Server log files.

• Monitor Access Log - shows each access attempt to the Web Messaging server and to the IMonitor web server.
• Monitor System Log - shows logons to the mail server and to the IMonitor web server and shows the status of services.
• IMail System Log - shows IMail Server send and receive mail transactions. This shows the contents of syslog.txt.
• IMail Syslog Log - records transaction and debug information when enabled in each of the servers (for example, POP3 and SMTP). This shows the contents of lognnnn.txt, the System Log Service file.
• Spool directory - shows all IMail Server send and receive mail transactions that are in process. Click View Spool Directory to display the spool information.

For more information on the log files and spool directory, see "Appendix E: Spool, Queue, and Log Files."

Managing Virtual Hosts

If you have IMail System Administrator permissions, you can add, modify, and delete virtual (mail) hosts.

Managing Mailing Lists

If you have List Administrator permissions, you can create, modify, and delete list server mailing lists.

Setting Rules

If you have Host Administrator permissions, you can set rules for the mail host. If you also have IMail System Administrator permissions, you can set rules for any mail hosts. Regular users can set rules for their own mail account.

Editing News of the Day and Welcome Message

If you have IMail System Administrator permissions, you can add, delete, or modify the News of the Day and the Welcome message directly from the Web Messaging interface.

Ipswitch, Inc. http://www.ipswitch.com

©Ipswitch 2002