HP TCP/IP Services for OpenVMS
Management

19.1.6.1.1 SMTP Address

The POP server uses the SMTP address within the quotation marks to rebuild the From: field of an SMTP address. For example, message header From: SMTP%"james.jones@federation.gov" becomes:

From: james.jones@federation.gov

SMTP hides nested quotation marks by changing them to cent sign (¢) characters before passing them to OpenVMS Mail and then changing them back after a reply. The POP server removes any cent signs that designate double quotation marks. For example, the following message header:

From: SMTP%"¢ABCMTS::MRGATE::\¢ABCDEF::VIVALDI \¢¢@xyz.org"

Becomes:

From: "ABCMTS::MRGATE::\"ABCDEF::VIVALDI\""@xyz.org"

19.1.6.1.2 DECnet Address

The TCPIP$POP_DECNET_REWRITE logical name values define how the POP server rebuilds a DECnet address, as shown in the following list:

GENERIC
The entire address is changed to the SMTP format. For example, from host widgets.xyzcorp.com , the message header From: ORDERS::J_SMITH becomes:
From: "ORDERS::J_SMITH"@widgets.xyzcorp.com
NONE
The From: line is sent to the POP client unmodified. For example:
From: ORDERS::J_SMITH
You cannot reply to this type of message because the SMTP server does not accept an address in this form.
TRANSFORM
The POP server attempts to translate the DECnet node name to a TCP/IP host name. If the name can be translated, the POP server checks to see whether the translated host name is local. If so, the From: header becomes an address in the form user@substitute-domain. If not, the From: header becomes an address in the form user@hostname. Note that the POP and SMTP servers call the same routine to determine if a host name is local.
The following examples show some ways the POP server translates DECnet node names to TCP/IP node names. In these examples:
- The local host name is orders.acme.widgets.com
- ORDERS translates to "orders.acme.widgets.com"
  - The message header From: ORDERS::J_SMITH becomes:
    From: j_smith@orders.acme.widgets.com
  - For a substitute domain of acme.widgets.com , the message header From: ORDERS::J_SMITH becomes:
    From: j_smith@acme.widgets.com
  - If HOST12 translates to host12.acme.widgets.com , which is not local on orders.acme.widgets.com , the message header From: HOST12::J_JONES becomes:
    From: j_jones@host12.acme.widgets.com
  - If HOST13 does not translate and host orders.acme.widgets.com has no substitute domain defined, the message header From: HOST13::J_JONES becomes:
    From: "HOST13::J_JONES"@orders.acme.widgets.com

19.1.6.1.3 User Name-Only Address

If an SMTP substitute domain is defined, the POP server appends it to the user name, followed by a commercial at sign (@). Otherwise, POP uses the local host name.

For example, with a substitute domain defined as acme.widgets.com , the message header From: Smith becomes:

From: smith@acme.widgets.com

19.1.6.1.4 DECnet Address That Contains Quotation Marks

The values assigned to the TCPIP$POP_QUOTED_DECNET_REWRITE logical name define how the POP server rebuilds a DECnet address that contains quotation marks. The values are:

GENERIC
The address is changed to the SMTP format. For example, on host widgets.xyzcorp.com , the message header From: ORDERS::"j_smith@acme.com" becomes:
From: "ORDER::\"j_smith@acme.com\""@widgets.xyzcorp.com
NONE
The From: line is passed to the POP client without being modified. For example:
From: ORDERS::"j_smith@acme.com"
You cannot reply to this type of mail message because the SMTP server does not accept an address of this form.
TRANSFORM
The POP server uses the text inside the quotation marks. For example, the message header From: ORDERS::"j.smith@acme.com" becomes:
From: j.smith@acme.com

19.1.6.1.5 Cluster-Forwarding SMTP Address

With a cluster-forwarding SMTP address, the POP server uses the SMTP address within the quotation marks. For example, the message header From: ABCDEF::SMTP%"james.jones@federation.gov" becomes:

From: james.jones@federation.gov

19.1.6.1.6 All Other Addresses

For all other address formats, the POP server changes the entire address to the SMTP format:

Quotation marks in the address are prefixed with the backslash (\) escape character.
The entire address is placed within quotation marks.
A commercial at sign (@) is appended.
If the SMTP substitute domain is configured, it is appended. Otherwise, the name of the local host is appended.

For example, if the substitute domain is xyz.org , the message header From: ABCMTS::MRGATE::"ORDERS::SPECIAL" becomes:

From: "ABCMTS::MRGATE::\"ORDERS::SPECIAL\""@xyz.org

If the logical name TCPIP$POP_IGNORE_MAIL11_HEADERS is defined and the address is an SMTP address, the rebuilt From: field is not displayed to the user. In this case, the POP server sends the actual headers from the body of the mail as the mail headers.

19.2 POP Server Startup and Shutdown

The POP server process starts automatically if you specified automatic startup during the configuration procedure (TCPIP$CONFIG.COM).

The POP server can be shut down and started independently of TCP/IP Services. This is useful when you change parameters or logical names that require the service to be restarted.

The following files are provided:

SYS$STARTUP:TCPIP$POP_STARTUP.COM allows you to start up the POP server independently.
SYS$STARTUP:TCPIP$POP_SHUTDOWN.COM allows you to shut down the POP server independently.

To preserve site-specific parameter settings and commands, create the following files. These files are not overwritten when you reinstall TCP/IP Services:

SYS$STARTUP:TCPIP$POP_SYSTARTUP.COM can be used as a repository for site-specific definitions and parameters to be invoked when the POP server is started.
SYS$STARTUP:TCPIP$POP_SYSHUTDOWN.COM can be used as a repository for site-specific definitions and parameters to be invoked when the POP server is shut down.

19.3 Modifying POP Server Characteristics

To modify the default POP server settings and configure additional characteristics, define TCPIP$POP logical names in the POP_SYSTARTUP.COM file. If you modify the POP startup file, restart the POP server to make the changes take effect.

You can modify the following POP server characteristics:

Security levels
Error-message logging
Maximum number of mail messages downloaded per connection
Link idle time
Mail header options
Ability to set the size of the TCP flow control buffer
Ability to disable the USER and PASS commands
Ability to purge mail messages

Table 19-2 outlines the POP logical names, default settings, and characteristic options.

Table 19-2 POP Logical Names
Logical Name Description

TCPIP$POP_SECURITY value Defines a level of security for the POP server. Determines the timing and text of error messages sent from the POP server to the POP client when authorization errors occur (for example, when an invalid user name or password is sent):

FRIENDLY (default)
The error messages provide information about a particular error. For example, if a password is incorrect, the client receives the following error message:
-ERR password supplied for "jones" is incorrect

SECURE
One error message is sent in response to all authorization errors except when an invalid user name is specified. For example:
Access to user account "jones" denied

When the POP server receives an invalid user name, it replies to the POP client with a +OK message. After the POP client sends the password, the POP server sends the -ERR access denied message. This method prevents an unauthorized user from knowing whether the access was denied because of an incorrect user name or password.

TCPIP$POP_DISABLE_CLEARTEXT If defined, the POP server process does not serve incoming connections to the cleartext POP port (port 110). It will listen on port 110 and respond to any client that tries to connect with a failure message. See Section 19.5.3 for more information.

TCPIP$POP_DISABLE_SSL If defined, the POP server process does not serve incoming connections to the Secure POP port (port 995). The POP server does not listen on port 995. Clients trying to connect have their connections rejected. See Section 19.5.3 for more information.

TCPIP$POP_CERT_FILE Specifies the name of the certificate file that POP uses for SSL. If not defined, the default is SSL$CERTS:SERVER.CRT. See Section 19.5.3 for more information.

TCPIP$POP_KEY_FILE Specifies the name of the key file that POP uses for SSL. If not defined, the default is SSL$KEY:SERVER.KEY. See Section 19.5.3 for more information.

TCPIP$POP_TRACE If defined, the POP server records all messages sent to and received from the POP client in a log file.

TCPIP$POP_LOG_LEVEL value Defines the type of messages logged by the POP server:

ERROR
Logs only error messages.
INFORMATIONAL (default)
Logs informational messages and error messages.
THREAD
Logs information about client and server interactions as well as informational and error messages.
DEBUG
Logs full diagnostic information. This is used for problem diagnosis.

TCPIP$POP_POSTMASTER value Defines a person or persons to receive a failure mail message from the POP server startup procedure (TCPIP$POP_STARTUP.COM) when the POP server exits with an error. For example, to have the failure mail message sent to users JONES and SMITH, define the logical name as follows:
$ DEFINE/SYSTEM TCPIP$POP_POSTMASTER "JONES, SMITH"

TCPIP$POP_MESSAGE_MAXIMUM n Defines the maximum number of mail messages that a single client can download per connection, where n is a number from 0 to 65,535. If not defined, the POP server uses the default value of 0 (no maximum).

TCPIP$POP_LINK_IDLE_TIMEOUT n Determines the length of time the server allows a link to a POP client to remain idle, where n is a number specified in OpenVMS delta time delimited by quotation marks. A POP link remains active until it is released by the POP client.
If not defined, the POP server does not set a link idle value (0 00:00:00.00).

TCPIP$POP_PERSONAL_NAME If defined, the POP server provides the POP clients with the message header From: fields that include the sender's personal name, if one appeared in the sender's From: field.

TCPIP$POP_LEAVE_IN_NEWMAIL If defined, mail that has been read by the PC client but not deleted remains in the NEWMAIL folder. Allows users to access mail from different systems and determine when to move or delete the mail from the POP server. If not defined, mail that has been read but not deleted is moved to the MAIL folder.

TCPIP$POP_USE_MAIL_FOLDER If defined, moves all mail to the MAIL folder and displays this folder instead of the NEWMAIL folder.

TCPIP$POP_FAST_SCAN If defined, the POP server estimates the number of bytes for the size of the mail message based on the number of lines in the message instead of counting the exact number of bytes. Setting this logical may improve performance.

TCPIP$POP_MAXIMUM_THREADS Allows you to define the number of process threads that POP can activate. The default is 15. If you set this logical to 1, the POP server becomes single threaded. This logical is recommended only as a temporary solution to system resource problems.

TCPIP$POP_IGNORE_MAIL11_HEADERS If defined, the POP server ignores the OpenVMS message headers when the OpenVMS Mail From: field contains an SMTP address, which indicates that the message has come from SMTP.
For information about how POP forms message headers, see Section 19.1.6.

TCPIP$POP_SEND_ID_HEADERS If defined, the POP server sends X-POP3-Server and X-POP3-ID headers for each mail message. If not defined, the ID headers are not sent for any mail from an SMTP address. For information about how POP handles message headers, see Section 19.1.6.

TCPIP$POP_DECNET_REWRITE value Determines how the POP server rebuilds a simple DECnet address (of the form node::user) in the OpenVMS Mail From: field when it sends the mail to the POP client; value is one of the following:

GENERIC
Simple DECnet addresses are changed to the SMTP address format.
NONE
Simple DECnet addresses are sent unmodified to the POP client.
TRANSFORM (default)
The POP server attempts to transform the DECnet address into an SMTP address by translating the DECnet node name to a TCP/IP host name.

For more information about how POP rebuilds the message headers, see Section 19.1.6.1.2.

TCPIP$POP_QUOTED_DECNET_REWRITE
value Determines how the POP server rebuilds a DECnet address that contains quotation marks (an address of the form node::"user@host") in the OpenVMS Mail From: field when it sends the message to the POP client; value is one of the following:

GENERIC
DECnet addresses that contain quotation marks are changed to the SMTP address format.
NONE
DECnet addresses that contain quotation marks are sent unmodified to the POP client.
TRANSFORM (default)
The POP server uses the text within the quotation marks in the From: field it sends to the POP server.

For more information about how POP rebuilds the message headers, see Section 19.1.6.1.4.

TCPIP$POP_SNDBUF n Allows you to increase or decrease the size of the TCP flow control buffer. Sets the SO_SNDBUF socket option to a specific number; n is the number 512 or greater. If not defined, the POP server uses the value specified in the SHOW PROTOCOL/PARAMETERS command.

TCPIP$POP_DISUSERPASS Disables the client USER and PASS commands and sends a failure message to the POP client on receipt of either command. For more information about POP user authorization methods, see Section 19.1.5.

TCPIP$POP_PURGE_RECLAIM If defined, the POP server performs a PURGE/RECLAIM command action after it deletes messages.

**Table 19-2 POP Logical Names**
Logical Name	Description
TCPIP$POP_SECURITY value	Defines a level of security for the POP server. Determines the timing and text of error messages sent from the POP server to the POP client when authorization errors occur (for example, when an invalid user name or password is sent): FRIENDLY (default) The error messages provide information about a particular error. For example, if a password is incorrect, the client receives the following error message: -ERR password supplied for "jones" is incorrect SECURE One error message is sent in response to all authorization errors except when an invalid user name is specified. For example: Access to user account "jones" denied When the POP server receives an invalid user name, it replies to the POP client with a `+OK` message. After the POP client sends the password, the POP server sends the `-ERR access denied` message. This method prevents an unauthorized user from knowing whether the access was denied because of an incorrect user name or password.
TCPIP$POP_DISABLE_CLEARTEXT	If defined, the POP server process does not serve incoming connections to the cleartext POP port (port 110). It will listen on port 110 and respond to any client that tries to connect with a failure message. See Section 19.5.3 for more information.
TCPIP$POP_DISABLE_SSL	If defined, the POP server process does not serve incoming connections to the Secure POP port (port 995). The POP server does not listen on port 995. Clients trying to connect have their connections rejected. See Section 19.5.3 for more information.
TCPIP$POP_CERT_FILE	Specifies the name of the certificate file that POP uses for SSL. If not defined, the default is SSL$CERTS:SERVER.CRT. See Section 19.5.3 for more information.
TCPIP$POP_KEY_FILE	Specifies the name of the key file that POP uses for SSL. If not defined, the default is SSL$KEY:SERVER.KEY. See Section 19.5.3 for more information.
TCPIP$POP_TRACE	If defined, the POP server records all messages sent to and received from the POP client in a log file.
TCPIP$POP_LOG_LEVEL value	Defines the type of messages logged by the POP server: ERROR Logs only error messages. INFORMATIONAL (default) Logs informational messages and error messages. THREAD Logs information about client and server interactions as well as informational and error messages. DEBUG Logs full diagnostic information. This is used for problem diagnosis.
TCPIP$POP_POSTMASTER value	Defines a person or persons to receive a failure mail message from the POP server startup procedure (TCPIP$POP_STARTUP.COM) when the POP server exits with an error. For example, to have the failure mail message sent to users JONES and SMITH, define the logical name as follows: $ DEFINE/SYSTEM TCPIP$POP_POSTMASTER "JONES, SMITH"
TCPIP$POP_MESSAGE_MAXIMUM n	Defines the maximum number of mail messages that a single client can download per connection, where n is a number from 0 to 65,535. If not defined, the POP server uses the default value of 0 (no maximum).
TCPIP$POP_LINK_IDLE_TIMEOUT n	Determines the length of time the server allows a link to a POP client to remain idle, where n is a number specified in OpenVMS delta time delimited by quotation marks. A POP link remains active until it is released by the POP client. If not defined, the POP server does not set a link idle value (0 00:00:00.00).
TCPIP$POP_PERSONAL_NAME	If defined, the POP server provides the POP clients with the message header `From:` fields that include the sender's personal name, if one appeared in the sender's `From:` field.
TCPIP$POP_LEAVE_IN_NEWMAIL	If defined, mail that has been read by the PC client but not deleted remains in the NEWMAIL folder. Allows users to access mail from different systems and determine when to move or delete the mail from the POP server. If not defined, mail that has been read but not deleted is moved to the MAIL folder.
TCPIP$POP_USE_MAIL_FOLDER	If defined, moves all mail to the MAIL folder and displays this folder instead of the NEWMAIL folder.
TCPIP$POP_FAST_SCAN	If defined, the POP server estimates the number of bytes for the size of the mail message based on the number of lines in the message instead of counting the exact number of bytes. Setting this logical may improve performance.
TCPIP$POP_MAXIMUM_THREADS	Allows you to define the number of process threads that POP can activate. The default is 15. If you set this logical to 1, the POP server becomes single threaded. This logical is recommended only as a temporary solution to system resource problems.
TCPIP$POP_IGNORE_MAIL11_HEADERS	If defined, the POP server ignores the OpenVMS message headers when the OpenVMS Mail `From:` field contains an SMTP address, which indicates that the message has come from SMTP. For information about how POP forms message headers, see Section 19.1.6.
TCPIP$POP_SEND_ID_HEADERS	If defined, the POP server sends `X-POP3-Server` and `X-POP3-ID` headers for each mail message. If not defined, the ID headers are not sent for any mail from an SMTP address. For information about how POP handles message headers, see Section 19.1.6.
TCPIP$POP_DECNET_REWRITE value	Determines how the POP server rebuilds a simple DECnet address (of the form node::user) in the OpenVMS Mail `From:` field when it sends the mail to the POP client; value is one of the following: GENERIC Simple DECnet addresses are changed to the SMTP address format. NONE Simple DECnet addresses are sent unmodified to the POP client. TRANSFORM (default) The POP server attempts to transform the DECnet address into an SMTP address by translating the DECnet node name to a TCP/IP host name. For more information about how POP rebuilds the message headers, see Section 19.1.6.1.2.
TCPIP$POP_QUOTED_DECNET_REWRITE value	Determines how the POP server rebuilds a DECnet address that contains quotation marks (an address of the form node::"user@host") in the OpenVMS Mail `From:` field when it sends the message to the POP client; value is one of the following: GENERIC DECnet addresses that contain quotation marks are changed to the SMTP address format. NONE DECnet addresses that contain quotation marks are sent unmodified to the POP client. TRANSFORM (default) The POP server uses the text within the quotation marks in the `From:` field it sends to the POP server. For more information about how POP rebuilds the message headers, see Section 19.1.6.1.4.
TCPIP$POP_SNDBUF n	Allows you to increase or decrease the size of the TCP flow control buffer. Sets the SO_SNDBUF socket option to a specific number; n is the number 512 or greater. If not defined, the POP server uses the value specified in the SHOW PROTOCOL/PARAMETERS command.
TCPIP$POP_DISUSERPASS	Disables the client USER and PASS commands and sends a failure message to the POP client on receipt of either command. For more information about POP user authorization methods, see Section 19.1.5.
TCPIP$POP_PURGE_RECLAIM	If defined, the POP server performs a PURGE/RECLAIM command action after it deletes messages.

19.4 Enabling MIME Mail

The MIME (Multipurpose Internet Mail Extensions) specification provides a set of additional headers you can use so users can send mail messages composed of more than simple ASCII text. MIME is an enhancement to RFC 822.

For MIME mail to be decoded correctly, follow these guidelines:

Configure the SMTP server with the /OPTION=TOP_HEADERS qualifier, because the first lines of mail text after the four OpenVMS message header lines and the initial separating line must be the MIME headers.
Configure the POP server with the TCPIP$POP_IGNORE_MAIL11_HEADERS logical name. Otherwise, MIME headers are not parsed as message headers.
The OpenVMS Mail From: field must be recognized as an SMTP address. Otherwise, the POP server sends the headers it creates from OpenVMS message headers as the headers of the mail message. For information about POP message headers, see Section 19.1.6.
Define the logical name TCPIP$SMTP_JACKET_LOCAL to 1 for all SMTP cluster systems, which ensures that the mail will be delivered if the domain in the From: or To: fields appears local. For example:
$ DEFINE/SYSTEM TCPIP$SMTP_JACKET_LOCAL 1

If MIME mail does not decode, check the mail headers on the client system. If you see multiple blocks of headers and the MIME version header is not in the first block, confirm that you have followed these guidelines.

19.5 Secure POP

Secure POP provides secure retrieval of mail.

The secure POP server accepts connections on port 995. Secure POP encrypts passwords, data, and POP commands and is compatible with clients that use the Secure Sockets Layer (SSL), such as Microsoft Outlook.

To use this feature, you must download the HP SSL kit for OpenVMS Alpha from the HP OpenVMS web site. If the OpenVMS SSL software is not installed, the POP server will communicate in non-SSL mode. It is easy to configure the SSL POP server. You can use self-signed certificates or CA-issued certificates for greater security. For more information, see the HP Open Source Security for OpenVMS manual.

The POP client must also be configured to use the secure POP server. Refer to your client documentation for procedures.

19.5.1 Installing SSL Shareable Images

The POP server image is installed with privileges, requiring that the shareable images that it loads be installed. Therefore, the following images must be installed before the POP server:

$ INSTALL CREATE SYS$LIBRARY:SSL$LIBCRYPTO_SHR32.EXE $ INSTALL CREATE SYS$LIBRARY:SSL$LIBSSL_SHR.EXE

The secure POP startup procedure does not install these images. You must ensure they are installed before the TCP/IP Services startup procedure runs.

The POP server is implemented with links to the OpenVMS SSL software, thereby allowing new versions of the SSL software to be installed and utilized by the POP server automatically. The SSL software must be loaded with the OpenVMS INSTALL command for any changes to affect the POP server.

19.5.2 Starting SSL before TCP/IP Services

The SSL logical names are defined by the SSL startup procedure. Therefore, if you have POP configured to use SSL logical names to locate the certificate and key files, you must ensure that the SSL startup procedure is run before the TCP/IP Services startup procedure.

19.5.3 Controlling Secure POP With Logical Names

You can use the following logical names to control the way the POP server works:

TCPIP$POP_DISABLE_CLEARTEXT
If this logical name is defined, the POP server process does not serve incoming connections to the cleartext POP port (port 110). It will listen on port 110 and respond to any client that tries to connect with a failure message.
The text of the message depends on the value of the TCPIP$POP_SECURITY logical name, as follows:
- If the TCPIP$POP_SECURITY logical name is defined to SECURE, the error message sent to the client is terse.
- If the TCPIP$POP_SECURITY logical name is defined to FRIENDLY, the error message informs the client that the cleartext POP service at port 110 is not running and that the client should be reconfigured to use Secure POP at port 995.
If the TCPIP$POP_DISABLE_CLEARTEXT logical name is not defined, the POP server will listen on port 110.
TCPIP$POP_DISABLE_SSL
If this logical name is defined, the POP server process does not serve incoming connections to the Secure POP port (port 995). The POP server does not listen on port 995. Clients trying to connect have their connections rejected.
If the TCPIP$POP_DISABLE_SSL logical name is not defined, the POP server will listen on port 995 if the SSL shareable images listed in Section 19.5.1 are present on your system and installed with the OpenVMS INSTALL command.
TCPIP$POP_CERT_FILE
Specifies the name of the certificate file that POP uses for SSL. If this logical name is not defined, the default is SSL$CERTS:SERVER.CRT.
TCPIP$POP_KEY_FILE
Specifies the name of the key file that POP uses for SSL. If this logical name is not defined, the default is SSL$KEY:SERVER.KEY.

Contents

Index

HP TCP/IP Services for OpenVMSManagement

19.1.6.1.1 SMTP Address

19.1.6.1.3 User Name-Only Address

19.1.6.1.5 Cluster-Forwarding SMTP Address

19.3 Modifying POP Server Characteristics

HP TCP/IP Services for OpenVMS
Management