Version 5.0 Release Notes

Release Date: April 11, 2005

PureMessage 5.0 improves existing functionality, including installation and configuration, reporting, and further mail transfer agent support. The following section outlines the key enhancements.

Menu-Based Installer
PureMessage 5.0 includes a new menu-based installer. The installer, which launches in a console window, streamlines the installation process. Use the installer to create snapshots, update components, and deploy PureMessage in varying configurations. The Basic Installation option installs PureMessage on a single server and includes all required components (for example, a mail transfer agent, PostgreSQL Server, Manager, and the End User Web Interface). The Custom Installation option provides the flexibility to assign server roles to any number of servers in a network. Use the Custom Install option to assign, for example, the database role to one server, the Manager role to a second server, and the mail transfer agent role to a third server.
Improved Reporting

PureMessage has a new way of compiling and generating report data. In previous versions of PureMessage, reports were generated directly from log files specified in the pmx.conf configuration file. The PostgreSQL database is a now a prerequisite to generating reports in PureMessage. PureMessage 5.0 uses a series of new tools, which are run as scheduled services, to consume metadata from messages and store it in a PostgreSQL database residing on a central server. Data from any edge servers is periodically collected and consolidated in the PostgreSQL tables.

The new reporting architecture offers:

Ease of querying
Storing data in PostgreSQL allows PureMessage to use SQL statements to extract report data.
Further aggregation of data
Time-based data is stored in three levels of granularity: five minutes, one hour and one day. By default, the database stores 36 hours of five-minute data, 90 days of one-hour data, and two years of one-day data.
Simpler data storage when using a central server configuration
In a multi-server deployment, report data is periodically collected from edge servers and stored in the PostgreSQL database.
More efficient use of resources
Report data is collected frequently, which is much less resource-intensive than the pmx-report-collector script used to collect report data in previous versions of PureMessage.
Java System Messaging Server (JSMS) Support
This version of PureMessage includes the Java System Messaging Server (JSMS) connector, which allows PureMessage to work with the JSMS mail transfer agent (http://www.sun.com/software/products/messaging_srvr/index.xml). PureMessage supports JSMS versions 5.2 and 6. JSMS is supported only on Solaris. JSMS is not bundled with PureMessage and must be installed before PureMessage. For more information, see the pmxchannel.conf configuration file.
LDAP/ActiveDirectory Authentication
A new means of authentication for the End User Web Interface has been added. In addition to static flat files and email-based session IDs, there is now a third option, LDAP, which allows authentication against an LDAP or ActiveDirectory database. This form of authentication is configurable through either the PureMessage Manager or configuration files. See 'Authenticating End User Access' in the 'Quarantine Management' section of the PureMessage User Guide.
Authentication Options

In addition to LDAP, the two previously available forms of authentication (Session ID and flat-file) can now be configured in the PureMessage Manager. Prior to this version, they were configured via the enduser.conf configuration file.

To access these options, on the Quarantine tab, click End User Authentication. Configure the 'SessionID' option by entering the location of the email session template and the session expiry time. The default is one week. Configure the 'password database' option by entering the location of the passwords file and the type of encryption ('none', 'crypt' or 'md5'). The default is 'none'. The End User Authentication page also includes a Test Authentication feature used to test specific usernames and passwords.

Scheduler
PureMessage 5.0 adds the Scheduler service, which consolidates all of PureMessage's scheduled jobs into a single service. If enabled, the Scheduler's status is displayed in the Background Services portion of the Local Services tab in the PureMessage Manager. This enhancement provides the basis for sub-minute granularity in scheduled services and deprecates the use of crontabs in PureMessage. See 'Scheduled Services' in the 'Local Services' section of the PureMessage User Guide for more information.
End User Resources
A 'resources' layer has been established to enable centralized configuration and administration of End User Web Interface (EUWI). Once the data is stored in the PostgreSQL database, end user configuration data that appears in various locations in the PureMessage Manager and across servers can be synchronized (for example, lists and maps associated with the PureMessage policy, end user whitelists and blacklists, and other end user features). The Scheduler handles this synchronization, but it can also be done manually from the command line using pmx-profile.
Snapshots

Use snapshots to create a copy of currently installed PureMessage components and their configuration. Snapshots can be created, restored, or deleted on the command line during installation or via the PureMessage Manager. An initial snapshot is created when PureMessage is successfully installed.

Note: Snapshots capture executables, libraries, documentation, and configuration settings; they do not back up logs, quarantines, or data that is stored in the PostgreSQL database. Policy changes are captured, as are flat-file password files used for authentication, and any lists and maps that are stored as files rather than in the database. When viewing lists or maps on the Policy tab of the PureMessage Manager, those that are stored in the database are displayed with the warning "You are editing a resource that is stored in the db store."
LDAP Lists and Maps
PureMessage 5.0 supports the use of LDAP-based lists and Maps. These can be configured through the Manager or the lists.conf configuration file. See 'Configuring Lists and Maps' in the Policy tab section of the PureMessage Manager Reference for more information. Note that LDAP-based lists and maps configured in PureMessage are read-only; you must use LDAP tools to edit them.
CDB Lists and Maps

PureMessage now supports Lists and Maps in CDB format. This on-disk format can be useful for certain types of lists and maps that have tens of thousands of entries, where the default plain text format can result in excessive memory consumption due to all of the data being retained in memory. Use the pmx-makemap program to convert a plain text 'file' list or map to the CDB format.

All of the list/map properties are the same as in other types of lists and maps configured in lists.conf, except that the source takes a 'cdb' prefix and the match_type is limited to 'is' or 'mail-parts'. This functionality is not available through the PureMessage Manager. You must edit lists.conf. For example:

<list internal-hosts>
    name = "internal hosts"
    description = "Relay hosts regarded as internal"
    precious = "yes"
    source = cdbfile:internal-hosts
    match_type = is
</list>

Maps are configured similarly. For example:

<map recipient-aliases>
    name = "Recipient aliases map"
    description = "Maps recipient addresses to a unique ID/address"
    source = cdbfile:recipient-aliases
    match_type = mail-parts
</map>

A 'mail-parts' match is a simple match on a simple string that lacks the full power of regular expressions. A 'mail-parts' match can look like:

someuser@sophos.com someuser @sophos.com

Without an @ sign, the list entry matches a username (ignoring the domain name).

Test Lists and Maps
A new option on the Policy tab provides a convenient way for administrators to see if a policy list or map contains a specific value. To display the Test List page, click Test List/Map in the Policy tab's sidebar. From the List Name drop-down list, select the list to test. Then, in the Value to test field, enter the email address, IP address, hostname, or other value. For lists, the results are returned as Match or No Match. For maps, a string is returned if there is a match.
New all Parameter for pmx_delete_header and pmx_replace_header

For pmx_delete_header, the optional all parameter deletes all repeated headers for the given key, and the optional index parameter can be used to specify which header to delete if the header is repeated.

For pmx_replace_header, the optional all parameter replaces all repeated headers for the given key, and the optional index parameter can be used to specify which header to replace if the header is repeated. If the header is not found in the message, the new header will be added in a way similar to pmx_add_header.

For both options, the header indices are zero-based. The first header is referred by index 0, the second by index 1, and so on.

For more information, see the documentation for pmx-policy.

Supported Operating Systems
PureMessage 5.0 adds support for Debian 3.0, SuSE Enterprise Server 9, SuSE 9.1 and FreeBSD 4.10. RedHat 6.2 is no longer supported. Supported platforms include:
  • Sun Solaris on Sparc 2.6 or later (not including Solaris 10)
  • Linux on x86 (RedHat 7.x-9.0, RHE 2.1, 3.0 AS & ES) SuSE (Enterprise Server 8,9 Professional 8,9) Debian 3.0.
  • FreeBSD on x86 (4.5 to 4.10)
  • HP-UX on PA-RISC (11.0 or later)
    Note: A workaround is necessary to install on HP-UX. See 'Known Issues'.
  • AIX on RISC (4.3.3 or later)