Novell has realized not everyone will install GroupWise but most will need something to allow them to send and receive e-mail. The Novell Internet Messaging System (NIMS) is a scalable messaging system that can handle millions—even billions—of users while leveraging Novell’s NDS eDirectory. There’s a whole host of features in NIMS that make it attractive to corporate users: a secure e-mail system, the ability to block spam and other unwanted messages, as well as the ability to offer subscriber lists on many topics. In this Daily Drill Down, I’ll explain NIMS in greater detail and show you how to install and configure it.

Requirements for installing NIMS
To start with, you should have a minimum of 128 MB of RAM available on the server. More memory may be needed depending on the number of users you’ll be supporting. The number of users and the size of the mailbox you make available to each user determine the disk space requirements.

You have a choice of server platforms to work with—NetWare 5, NetWare 4.11, Solaris, or UNIX. For the purposes of this article, we’ll be working with NetWare 5. We’ll also be working from the basis of a single-server installation of NIMS. More extensive configurations are possible—consult the documentation accompanying your NIMS CD for more information.

From a client standpoint, you can use just about any POP3 or IMAP4 client with NIMS, such as Netscape Navigator/Communicator, Internet Explorer, Outlook/Outlook Express, Eudora, and/or Pegasus Mail.

Although not a direct hardware requirement of NIMS, you’ll need to do a little setup work in DNS so other companies can send e-mail to you. We’ll assume you already have a domain name in place. You’ll need an A (DNS-speak for address) record that specifies the hostname and the IP address to the outside world.

A special type of DNS record called an MX (DNS-speak for Mail Exchange) is necessary so other mail servers can automatically detect that you have a mail server for your domain. The MX record then points to the A record and tells the sending mail server the IP address it must talk to in order to send the e-mail to your domain. Depending upon how the DNS is handled for your domain, you may need to allow anywhere from a few hours to several days before other companies will be able to send e-mail to your domain name.

Installing NIMS
One step I would recommend taking before installing NIMS is to copy the installation directory on the NIMS CD to your server. This will make the install run faster and let you do a quick reinstall (if necessary) without having to locate the NIMS CD. Create a directory called \NIMS, and copy the NetWare version of NIMS to that directory.

You start the installation process by loading NWCONFIG on the server. Highlight Product Options and press the [Enter] key. Highlight the Install A Product Not Listed option, and press [Enter]. Press [F3] when prompted to enter a different installation path. Type SYS:NIMS (enter the volume and/or path where you copied the NIMS software to), and press [Enter].

When the screen shown in Figure A appears, you should have the following options selected: First-time Directory Install, Configure Server For NIMS, and Novell Internet Messaging System Files. When the appropriate options are selected, press [F10] to accept the groups you’ve marked and continue with the installation process.

Figure A
Make sure you select these options during installation.

A File Copy screen will appear while the files are being copied. When the NDS schema needs to be extended, you’ll see a screen titled Login As The Administrator. Type in the Admin or equivalent username, and press [Enter]. Then type in the password, and press [Enter]. You’ll be prompted to re-enter the password for verification purposes. Once you have done this, press [Esc] to continue. Highlight Yes when the Everything Entered Correct question appears, and press [Enter]. A status screen will appear showing the progress of the NDS schema being extended to work with NIMS.

Once the schema has been extended, you’ll see the Configuration Parameters screen. By default, the name of the NIMS server will be the name of the server you are installing NIMS on followed by the words Messaging Server. The next thing you’ll need to enter is the domain for which this mail server will be handling mail.

Type in only the domain name (ISPSBS.COM) and not the fully qualified DNS name (MAIL.ISPSBS.COM), and press Enter. Then, enter the IP address of the primary DNS server for your domain.

At this point, your Configuration Parameters screen should look similar to Figure B. This screen allows you to configure the minimum items necessary to get NIMS up and running.

Figure B
The Configuration Parameters screen displays the choices you’ve made so far.

You might want to disable IMAP at this point unless you have clients that will need to interface via this protocol. Press [Esc] to leave the Configuration Parameters screen, then highlight Yes, and press [Enter]. The remainder of the files needed for NIMS to become operational will be copied from the NIMS directory that you created to the appropriate directories on the server. After NWCONFIG copies the appropriate files, you’ll be presented with a read-only version of the README.TXT file. After you’ve reviewed this file, press [Alt][F10] to exit.
If you want to read this file again later, you can find the README.TXT file in the sys:novonyx\mail\doc\ directory on your server.
Once you’ve exited NWCONFIG, there’s a quick way to see if everything will come up as you expect it to when you restart your server. At the server’s console prompt, type mailcon, and press [Enter]. You should get a Novell IMS Console 1.0 screen. If you see this screen, you should be ready to configure the users for NIMS when you restart the server. If instead you get a series of undefined public symbol messages, the first thing you should do is apply the latest service pack (at least Service Pack 5 for NetWare 5.0) and restart the server.

I experienced this problem when installing NIMS on my server and thought SP4 would be acceptable because the NIMS documentation didn’t specifically state a particular minimum version of NetWare service pack. Once I installed SP5, NIMS loaded as expected. If everything looks okay, you should go ahead and restart the server.

Most of your administrative work will be done in NWADMIN. The manual that comes with NIMS isn’t clear on where you’ll find the NDS objects. Page 22 of the manual contains a small reference near the bottom of the page that will tell you where to find the Internet Services Container where the NIMS NDS objects are created. Figure C shows the location of and the objects that the NIMS installation creates.

Figure C
NIMS adds new objects to your NDS tree.

You’ll need to change the context that NWADMIN uses for viewing the tree so it will view the tree from the root. Once you’ve changed it, you should see the Internet Services container. There’ll be two different container objects, one housing the NIMS Messaging Server objects and the other holding the mailing lists function available with NIMS.

Protecting your e-mail from prying eyes
Protecting the mail going to and from NIMS as it pertains to employee access is extremely important. This is where the use of SSL (Secure Socket Layer) becomes important. By obtaining an SSL certificate from a recognized CA, you can remotely protect the mail being retrieved by an employee of your company or someone authorized to access your mail server. You can also protect the mail they send through your mail server for receipt by someone either on your NIMS server or on another system.
CA is security-speak for Certificate Authority. A CA is a company that is in the business of providing a digital certificate that others will recognize so they will know they’re talking to the company they think they are talking to and not a pretender or hacker.
You can turn on SSL for use by individuals accessing your mail server to pick up and send mail, but you can’t require that SSL be used on the SMTP agent. This means that mail servers sending mail to your domain will still be able to send their mail without requiring the mail administrator at the sending end to set up their system for SSL communications.

Expect the cost of an SSL certificate to run anywhere from $295 to close to $1000, depending on the level of encryption you want to use and what other services the CA is providing. Two of the most popular CAs are VeriSign and Thawte.

As we indicated before, SSL will protect only the e-mail going to and from your NIMS server and the client accessing the server. Protecting the mail going to another system requires the use of an X.509 client certificate. Check the instructions for the e-mail client you’re using to see how to obtain and install an X.509 certificate. Unless you’ve worked with SSL before, I’d suggest you first bring up the NIMS server without using SSL to make sure that everything works correctly. Doing so ensures that when you enable SSL and encounter problems, you’ll have a good idea of where the problem lies. In a future Daily Drill Down about NIMS, we’ll go through the process of obtaining an SSL certificate for your NIMS server.

Configuring NIMS for Web browser access
Depending on your users’ PC literacy level, you may want to initially go with the IMS WebMail interface. This is a fairly simple method of getting e-mail, especially for those individuals not working in the office where the NIMS server resides. Accessing the NIMS server via a Web browser can be as simple as giving your employees either the IP address of the NIMS server or the fully qualified DNS name (i.e., MAIL.DOMAIN.COM).

One thing you’ll need to check is whether you already have such services as a Web server or GroupWise Web access already running on the server running NIMS. If so, you’ll need to change the port used by NIMS because NIMS uses the same port as these services, and you can’t have more than one service using the same IP port.

To change the default NIMS port, double-click the WebMail Agent NDS object. When the WebMail Interface:WebMail Agent Properties screen appears, change the HTTP port number from its default value of 80 to whatever port number you want to use and click OK. Within a few seconds, you’ll see the WebMail and Rules NLMs unload and then reload. You should then be able to access the NIMS server via a Web browser.

You should get a pop-up screen in the browser called Enter Network Password. The information beside the Site label will be either the IP address of the NIMS server or the fully qualified DNS name, depending on how you accessed the site in the browser. The information beside the Realm label should say something to the effect of Novell IMS WebMail.

At this point, you can enter your username and password and then click OK. You should see the contents of your Inbox very shortly after that. Your users will now have a graphical interface that should require almost no training to use in order to send and receive mail.

Consolidating e-mail with NIMS Proxy Configuration
For the convenience of users who have multiple e-mail addresses, you can configure NIMS to automatically retrieve the users’ e-mail from another mail server and have it automatically show up in just one mailbox. You do this on a user-by-user basis in NWADMIN. Double-click the NDS User object for which you want to set up a mail proxy, and click the Novell IMS Proxy Configuration tab. You will then see a screen similar to Figure D.

Figure D
You can configure NIMS to retrieve e-mail from other servers.

You will be able to set up mail proxy service for up to three different e-mail servers. You should advise the users when they use their central NIMS Inbox to receive mail from third-party e-mail servers that the Reply To address in any e-mail they send from NIMS will be the return e-mail address that is currently in their NDS user profile.

The users will need to supply you with the hostname, username, and password they use on the other mail server they want to retrieve mail from. You will need to ask them if they want to automatically delete all mail retrieved from the other mail server or leave it there to be deleted the next time they connect directly to that mail server. Once you click OK, the changes will be submitted to NIMS and should take effect shortly.

Preventing unwanted mail from reaching your users
Getting spam or unwanted e-mail seems to be a fact of life these days. The problem with spam is it takes time to weed through and consumes disk space until the user deletes or retrieves the e-mail. Fortunately, NIMS helps you fight spam.

The best thing you can do with spam is delete it and never let the sending party know that you got it. If a spammer finds out you’ve read their e-mail, even if it’s to send an unsubscribe request, you can probably expect to get even more spam in the future. That happens because some spammers sell your address to others who want to get your attention.

NIMS can help you control spam, though, with its AntiSpam agent. You configure the AntiSpam agent in NIMS by double-clicking the AntiSpam Agent under the Messaging Server NDS container object in NetWare Administrator. When you do, the AntiSpam Agent will appear, as shown in Figure E.

Figure E
You can configure NIMS to deal with spam.

You have the option of blocking e-mail by an entire domain or just a specific mailbox. The more-intelligent spammers know to periodically shift or change the e-mail address they’re using, but until you get a feel for the amount of spam you’re getting, you might want to block the unwanted e-mails by just the specific e-mail address instead of the domain name.

Enter the offending address and/or domain in the input box under the Blocked Domains And Addresses label and click the Add button. Although you have the option of sending back the mail messages that are intercepted by the AntiSpam Agent in NIMS, I’d suggest that you leave this option unchecked so as not to help the spammers know they have reached a legitimate e-mail address.

If you want to know what type of e-mail is being intercepted, you can check the CC: Postmaster option. When you do, a copy of the blocked e-mail will be forwarded to the Postmaster so you can make sure your filter doesn’t block any potentially important e-mail.

Configuring your user to use NIMS
There are just a few last steps you need to go through to enable your users to be able to send and receive e-mail through NIMS. Double-click each user’s NDS object in NWADMIN, and click the Novell IMS Configuration tab. When you see the screen shown in Figure F, you’ll need to enter a few pieces of information.

Figure F
You must add some additional NIMS information in the user’s NDS object.

Under General, you should set the level of privacy you want for the user. None means that all NIMS users will be able to see the user’s first name, last name, e-mail address, and phone number. Limited Privacy means they will see only the user’s e-mail address. Especially when you are working with Web-based clients, the e-mail they receive will remain on the server until they delete it. This is where the Disk Quota comes into the picture. You have three options. First, you can establish a NIMS-wide mailbox size limit to cover all users by configuring this under the NMAP Agent object in NetWare Administrator. You can also assign a disk quota on a user-by-user basis. Finally, you can set a global limit in the NMAP Agent and grant exceptions (larger or smaller) as necessary on a user-by-user basis.

Ready to go!
Congratulations, you now have an Internet mail system ready to go. As NIMS is enhanced with new features over the coming months and years, we’ll provide additional Daily Drill Downs on how to best use it for your company and your customers. As you begin to use NIMS, you will see it’s a very scalable product that can grow to meet your needs as your company grows.

Ronald Nutter is a senior systems engineer in Lexington, KY. He’s an MCSE, a Novell Master CNE, and a Compaq ASE. Ron has worked with networks ranging in size from single servers to multiserver/multi-OS setups, including NetWare, Windows NT, AS/400, 3090, and UNIX. He’s also the help desk editor for Network World. If you’d like to contact Ron, send him an e-mail. (Because of the large volume of e-mail that he receives, it’s impossible for him to respond to every message. However, he does read them all.)

The authors and editors have taken care in preparation of the content contained herein but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.