Setting up a simple X.400 System using the Isode tools

Introduction

This document gives step by step instructions for setting up a simple X.400 system. This is primarily intended as a training exercise on the Isode configuration tools, which will provide a practical basis for building more complex configurations.

Following the steps in this document will lead to a system which is similar to that produced by the X.400 Quick Install script. This is intentional, and allows comparison of automatically generated system, with the one produced by these steps.

Once the user can build a system like this using the Isode tools, the M-Switch Administrator's guide can be used to understand how to extend this.

Before you start is is important to make sure you have a license.dat file in either C:\Isode\etc (Windows), or /etc/isode (unix).

DSA Configuration

M-Switch X.400 keeps it's configuration in a directory server or DSA (Part of M-Vault).

So the first thing to do is to create a DSA to hold that configuration. (For more detailed information about creating DSAs look in Chapter 2 of the M-Vault Administration Guide, for more information describing how M-Switch uses the DSA look in Chapter 1.4 of the M-Switch Administrators Guide.

For this use EDM (Enterprise Directory Manager), this will be within the "Isode" group of applications within the Start->Programs menu on Windows. Or within the /opt/isode/sbin directory.

Click on "File->New"
Select "Directory Server"
A wizard will be displayed.
Click on "Master Information", then "Next"

The new DSA will master a country, you should use the pull down menu to select the country you wish to master (this guide will use "GB").

Click on "Next"

You must now choose where to locate the DSA node, this contains information about the directory server

Leave the dsa under C=GB.

Each "node" (location) within the DSA can be described using a Distinguished Name (DN). In this case the DN of the dsa is "cn=dsa, c=gb"

Click on "Next"

The directory server will listen on a presentation address. This should look something like:

"Internet=<your_hostname>+19999|LDAP=<your_hostname>+19389"

Where the "<your_hostname>" is the hostname of the machine you are using. This should resolve to the external IP address.

The actual information held within the directory server will be written to disk according to the "Configuration path". This should be fine be default

Click on Next.

You should now choose a password. This password will be used by any tool or program that needs to connect to the directory server.

Use the password "secret".
Click on "Next".
Select "Start the new directory server once it has been created", and click on "Finish"

You may now close EDM (File->Exit).

You have now:

Created a basic DSA to store a messaging configuration
Created a DSA Manager profile (This was done by EDM).
The DSA Manager profile has a DN as a user name.
That DN is: "cn=DSA Manager, cn=DSA, C=GB"

Creating a basic messaging configuration

Creating a messaging placeholder within the DSA

Now a DSA has been configured you may create a messaging configuration. To do this you should use the "EMMA" (Enterprise Messaging Management and Administration) tool. This is described in: Chapter 2 of the M-Switch Administrators Guide. Whilst Chapter 4 of the M-Switch Administrators Guide explains how to create an X.400 messaging system in greater detail.

This will be within the "Isode" applications under the Start->Programs menu on Windows. Or "/opt/isode/bin" on unix.

Since this is the first time you have run EMMA, a wizard is displayed asking if you would like to bind to an existing configuration, or alternatively create a new Messaging Configuration.

Select "Create a new Messaging Configuration", and click on "Next" You must now select the presentation address of the DSA. The default PA should be fine. Click on Next. You must now use the DSA Administrators bind profile.

The "Directory Name" should be "cn=DSA Manager, cn=DSA, c=GB".
The password should be "secret"
select "save password".
Click on "Next"

You must now choose a place within the DSA to hold the messaging configuration expand the tree, and select "GB", and click on "Next". Leave the default placeholder information, and click on "Next".

Since you are creating an X.400 configuration select X.400, and click on "Next". You will now see three options selected:

Routing Tree
Message Transfer Agent
Message Store

Make sure they are all selected and click on "Finish"

Creating a routing tree

You will now create a new routing tree. Leave the name "Main routing tree", click on "Next"
Create the OR address for the MTA. Note: You are creating the basic routing tree, which you can extend later. To make the configuration easier you should created the nodes required for the MTA. In this case:

C=GB
ADMD=TestADMD
PRMD=TestPRMD
O=Testorg

Click on "Finish"

Creating the MTA

You now have a choice of the type of mta you wish to create. The defaults of "Isode MTA with tailoring information" and "X.400" are fine, click on "Next"

The "Host Name" should be the host name of your machine, click on "Next" and accept the default. "Use the X.500 directory for lookup", click on "Next" You must now select the O/R Address of the MTA. Select the node representing the O/R Address of the MTA, (in our case C=GB/ADMD=TestADMD/PRMD=TestPRMD) and click on "Next"

You may now alter the P1 and P3 presentation addresses. If your hostname resolved to an IP address correctly, these addresses should be fine, so click on "Next".

The configuration of the next pane depends on what you want to do. If you want to support X.400 Distribution Lists (quite likely), then select the first option.

If you plan to use or develop a MT Gateway application, then click on the second option.

In case you are setting up a military configuration, then select to create the STANAG 4406 channel and also select to support military content.
For Aviation customers, in case you are creating a MTCU, you could select restricting the bodyparts to valid AMHS ones.
For EDI customers, select to use Pedi.

For all customers: in case you want to have an archive copy of every message that goes through the MTA, then select the Set up message archiving option.
You will also need to enter the System administrator details, although this can be done at a later stage, is easier if you do it now. By default, Quick Config users “pp” for the user name and “secret” for the password.

M-Switch has a program called "isode.pp.qmgr" (the Queue Manager), one of its jobs is to read the DSA, pull out information about the MTA, and create an "mtatailor" file. In order to connect to the DSA, "Queue manager" needs to know which DSA to connect to, and which bind profile to use, as well as the "DN" under which the MTA configuration information is stored.

This information is held within a stub mtatailor file, which you can have automatically created in the right place. To do that, accept the default “Override current mtatailor file” click on "Next"

You will be presented with a summary of the MTA. Click on "Finish" to create the MTA.

Creating a Message store

Leave the name "Main Message Store", click on "Next" You will see the presentation address, the message store will listen on. The default should be fine. Click on "Next"

The Listen level and Invoke level should be fine, click on "Next" You must now select the "Main Routing Tree",as the routing tree to support the store. Click on "Next"

You shouldn't need to alter the P7/P3 Responder and P3 Initiator requirements. Click on "Next"

Do not select "zero length" for both the Directory and Server passwords, enter a password for both values (whatever you want, QC uses “secret”).

The Message Store can be controlled by an application called XMSConsole. This application will require authentication to, for example, delete messages from a mailbox. The authentication details are provided by the Auth Userid and Auth Password fields. Accept the default creation of the pumicetailor file. Click on "Finish"

Once finished you will see EMMA in the "System Editor" view.

You have now:

Created a messaging place holder within the DSA
Created a new routing tree
Created a new MTA
Created a new Message Store.

Creating new Users

Chapter 6 of the M-Switch Administrators Guide explains administrating users in more detail. For now lets create 2 users, and send a message from one to the other.

Routing tree modification

To demonstrate the routing tree, lets have one user under a node "senders", and another user under the node "receivers".

Expand the routing tree

Select The lowest node in the routing tree. (it should be O=Testorg)

Right click on it.
Select "Add Node".
Type in "senders".
Click on "Ok".

Create a new node again, this time called "receivers"

Create the new users

Click on "Create->User->X.400 Message Store User" You will be presented with the new user wizard. Type in the following:

Given Name= test
Initials= me
Surname= sender

Click on "Next"
Select the "OU=Senders" node.

The "test me sender" O/R Address should look like:

"/OU=senders/O=Testorg/PRMD=TestPRMD/ADMD=TestADMD/C=GB"

Click on "Next"

This use will use the "Main Message Store" to send and receive messages. The channel should be P3 (This is the channel that is used to deliver to the message store). You will need to associate the X.400 MTA to this user.

Click on "Add".
Click on "OK"
Click on "Next"

You must now enter the mailbox path. (e.g: /var/isode/mailboxes/sender on unix). You must make sure this path exists. EMMA will create the user information, but not the mailbox directory. So you will have to create the path by hand.

Click on Next.
Type in the MS Password "p7password"
Click on finish.

Repeat the process but this time use the surname "receiver", the "receivers" node, and change the mailbox path to something appropriate.

Authorizing mconsole and logviewer

The logviewer and mconsole both need permissions set, to allow them to connect to the MTA. To do this:

Select the "Tables" folder underneath your MTA.
Click on the "auth.qmgr" table.
Click on the "table override" tab on the right hand pane
set userid="pp", password="secret", rights= full.
Click on "Add"

Starting the MTA and Message Store

Linux & Solaris

Use the startup script:

/etc/init.d/pp start
/etc/init.d/pumice start

HP-UX

Use the startup script

/sbin/init.d/pp start
/sbin/init.d/pumice start

Windows

Start ISM (Isode Service Manager), from the Start->Programs->Isode, menu start the following services in the following order:

isode.x500dsa (Should already be running)
isode.ldapd (Should already be running)
isode.pp.qmgr
isode.pumice
isode.iaed

Send a test message between the two users

You will need to send & receive messages using the Isode P7 API. "x400quick" contains a send & receive test client.

Run Quick Config:

C:\Program Files\Isode\bin\quickconfig.exe send (Windows)
/opt/isode/bin/quickconfig send (Unix)

Do not click on the "Remove existing configuration" button. Instead just click on "Next" x400quick will then skip to a screen asking if you want default options.

Select "No Default Values"
Click on "Next"

The Send User Agent will be blank. In the "From" field type in:

/I=me/S=sender/G=test/OU=senders/O=Testorg/PRMD=TestPRMD/ADMD=TestADMD/C=GB/

In the "Password" field use "p7password"

In the "To" field type in:

/I=me/S=receiver/G=test/OU=receivers/O=Testorg/PRMD=TestPRMD/ADMD=TestADMD/C=GB/

In the Server:

"3001"/Internet=<your_domain_name>+3001

Replace the "<your_domain_name>" with the full qualified domain name of your machine. This should resolve to the external IP address of your machine.

Type in a suitable test message, then click on "Send". Once the message is sent click on "Receive UA"

Make sure user is:

/I=me/S=receiver/G=test/OU=receivers/O=Testorg/PRMD=TestPRMD/ADMD=TestADMD/C=GB/

Password is:

p7password

and Server is:

"3001"/Internet=<your_domain_name>+3001

Replace the "<your_domain_name>" with the full qualified domain name of your machine. This should resolve to the external IP address of your machine. Now click on "Receive" The test UA will bind to the message store & retrieve the test message.

Adding a Gateway MTA

Chapter 8 of the M-Switch Admin guide contains more information on interworking, including a section on Gateway MTAs.

Updating the routing tree

You should update your routing tree, to represent the O/R address space for the Gateway MTA.

Expand the routing tree in EMMA.
Right click on "PRMD=TestPRMD", select "Add Node".
Create the node, "Gateway".

Creating a Gateway MTA

Right click on the "Message Transfer Agents" folder, and select "New MTA"
Select "External MTA", and "Gateway". Click on Next.
Type in the hostname "GatewayMTA".
Click on "Next", and select the O/R Address space for the gateway mta, this should be:
/O=Gateway/PRMD=TestPRMD/ADMD=TestADMD/C=GB/

Click on "Next" and "Finish".

Creating a Gateway Channel

To communicate with the Gateway MTA you must create a new gateway channel.

Right click on the "Channels" folder below your MTA. (Not the Gateway MTA).
Select "New".
This is a protocol channel, so select "yes", and click on "Next".
Select "X.400" and "Transfer". Click on "Next".

Type in the Name of the channel, in this case "x400mt". You may need to type in the of the MTA this channel has been created for. Click on Next again, and you should be able to select the application context for this channel.

Make sure only "MTS Gateway" is selected.

Click on "Next".
Use the presentation address of "realNS=".
Click on "Next".
Click on "Next" again.
Set "Type" to be "Both",
Keep "Access" as "mta"
Set the "Outbound Protocols" to be "MTS-Gateway".
Make sure the "key" is "x400mt"
Click on "Next".

For all of the "out" fields, click on the "Edit" button, and select all of the options. With the exception of "822" in the content-out field. Click on "Next"

For both the "in_adr" and the "out_adr" select X.400, keep on click on "Next" and "Finish" until the channel is created.

Adding an external MTA (Non-Isode)

Chapter 8 of the M-Switch Admin guide contains more information on interworking, including a section on external MTAs.

This chapter will talk you through creating a place in your configuration for an external MTA, as if the external MTA is not an Isode MTA. Isode MTAs have the ability to connect to a single Directory Server, to read routing tree information, etc. This makes maintaining configurations for multiple MTAs a lot easier.

Creating a new external MTA (Non-Isode)

First of all create a new O/R Address in the Routing tree. Create the node under PRMD=TestPRMD, and call it O=externalNI (NI for Not Isode).

Right Click on "Message Transfer Agents", and select "New MTA".

Select "External", and click on "Next"
Type in the hostname of the external MTA.
Select the OR address:
/O=externalNI/PRMD=TestPRMD/ADMD=TestADMD/C=GB/
Click on "Next"
Leave the PA as it is.
Click on "Next", and "Finish"

A reference to the new X.400 external MTA will be created.

Setting up usernames & passwords

You will need to set up the usernames & passwords, to be used when communicating with the external MTA.

Note: The usernames and passwords described, will make the test connection work, against an X.400 MTA created with the Quick Config program. (Provided the local MTA name matches the local hostname, and that has been used in the "External" field of Quick config, when the external mta was created).

The External MTAs username & passwords

Expand the channel list under the external MTA.
Click on the "x400p1" channel.
Select the "Auth" tab. There are two boxes:

Initiator - This is the username & password combination the external MTA will use when initiating a new connection.

Responder - This is the username & password combination the external MTA will use when responding to an incoming connection request.

Click on the "Edit" button next to the "RTS Credentials" section. For the name type in the name of the MTA, and set the password to be "p1password". Repeat this for both the Initiator and Responder sections.

Click on "Apply".

The Local MTA's usernames & passwords

You need to set the local MTA's username & password. To do this:

Expand the "channels" folder below the local MTA folder.
Select the x400p1 channel.
Click on the "Auth" tab.

Click on the "Edit" button next to the "RTS Credentials" section. For the name type in the name of the local MTA, and set the password to be "p1password". Repeat this for both the Initiator and Responder sections.

Click on "Apply".

Now Click on "Generate".

Testing the connection

You should now be able to right click on the "x400p1" channel below the external mta entry.
And click on "Test Connection".

You should see something like:

Connecting (RTS 88 mode, mono) to site cn=x400p1, cn=dhcp-244.isode.net, cn=Messaging Configuration, ou=MHS, c=GB
LOGGING: Connected Successfully to cn=x400p1, cn=dhcp-244.isode.net, cn=Messaging Configuration, ou=MHS, c=GB

Extra note

It is important for the external MTAs routing tree to match the routing tree held within the local machines DSA. Otherwise messages may not be routed properly

Adding an external MTA (Isode)

Chapter 8 of the M-Switch Admin guide contains more information on interworking, including a section on external MTAs.

Install M-Switch onto the external MTA.

Create a new routing tree node

Expand the routing tree.
Create a new node under PRMD=TestPRMD.
Call it O=external.

Create the new X.400 external MTA

Right click on "Message Transfer Agents" & select "New MTA".
Select "Isode MTA with Tailoring information".
Click on "Next".
Set the Hostname, to the hostname of the external MTA.
Click on "Next".
Leave "Use X.500 directory for lookup", and click on "Next".
Select the O/R Address of the external MTA:
/O=external/PRMD=TestPRMD/ADMD=TestADMD/C=GB/

Click on "Next". The P1 & P3 Addresses should be fine, so click on "Next" again.

You must now create a new tdtailor file. Type in a suitable directory, and click on "Next" followed by "Finish".

In the directory specified you will find a new file: <external_hostname>.tdt

You should copy this file into the ETC directory (c:\Isode\etc, or /etc/isode) on the remote machine. Rename the file to "tdtailor".

You may need to alter the file. Open tdtailor up on the external machine, and set the line:

call: Internet=127.0.0.1+19999

to:

call: Internet=<external hostname>+19999

Where <external hostname> is the hostname of the external machine.

You also need to configure a dsaptailor file on the external machine. This file tells the external MTA which DSA to use to find its configuration. To do this:

Edit the file dsaptailor.sample (in either C:\Isode\etc or /etc/isode)

Change the line:

# dsa_address "Directory Server" Internet=localhost+19999

To:

dsa_address "Directory Server" Internet=<your local machine name>+19999

Where <your local machine name> is the hostname of the machine which contains the directory server.
Rename the file to "dsaptailor".

Now start M-Switch.

M-Switch on the external machine, will now use the X.500 directory server to control the new MTA. This means your configuration can now be maintained on the X.500 directory server.

Setting the usernames & passwords of both machines.

You will need to set up the usernames & passwords, to be used when communicating with
the external MTA.

Configuring the External MTAs username & passwords

Expand the channel list under the external MTA.
Click on the "x400p1" channel.
Select the "Auth" tab. There are two boxes:

Initiator - This is the username & password combination the
external MTA will use when initiating a new connection.

Responder - This is the username & password combination the
external MTA will use when responding to an incoming connection request.

Click on the "Edit" button next to the "RTS Credentials" section. For the name type in the name of the MTA, and set the password to be "p1password".

Repeat this for both the Initiator and Responder sections.

Click on the "generate" button.

Click on "Apply".

The Local MTA's usernames & passwords

You need to set the local MTA's username & password. To do this:

Expand the "channels" folder below the local MTA folder.
Select the x400p1 channel.
Click on the "Auth" tab.

Click on the "Edit" button next to the "RTS Credentials" section. For the name type in the name of the local MTA, and set the password to be "p1password".

Repeat this for both the Initiator and Responder sections.

Now Click on "Generate".
Click on "Apply".

Testing the connection

You should now be able to right click on the "x400p1" channel below the external mta entry. And click on "Test Connection".

You should see something like:

Connecting (RTS 88 mode, mono) to site cn=x400p1, cn=dhcp-244.isode.net, cn=Messaging Configuration, ou=MHS, c=GB
LOGGING: Connected Successfully to cn=x400p1, cn=dhcp-244.isode.net, cn=Messaging Configuration, ou=MHS, c=GB

Additional Note

Because the external MTA is an Isode MTA, both the local and the external MTA can share the same configuration information.

So for example you only need to maintain one routing tree. This routing tree will be used by both MTAs.

This can be very useful if you need to maintain the configuration of multiple MTAs.

Creating user that connects via p3server, not using P7

Repeat section 3.2, to create a new receiver. This time call the receiver "receiverp3". Use "receiverp3" instead of "p3deliver" in the "PP Channel" field.

Once created, Perform a user search:

View->User Search, click on the button marked "Search"
Select the receivep3 user & select "Edit".
Select passwords, set the MTS password to "p3password".
Select the "sender" user, click on "Edit", select "password", and set the MTS password to "p3password".

You will need to use another user "sender" to send the message to the p3receive user.

The "sender" user will use the p3 channel to submit a message. However the "sender" p3 user password will be incorrect. Using the technique described above search for the "sender" user, and change the corresponding p3 password to "p3password".

Testing the P3 / p3server channels

Start the Quick Config UA (either using the “send” parameter or by clicking on Next at the start), make sure "No Default values" is selected.

Set the "From" Address to "/I=me/G=test/S=sender/OU=senders/O=Testorg/PRMD=TestPRMD/ADMD=TestADMD/C=GB/".
Set the "Password" to "p3password".
Set the "Server" to ""593"/Internet=<your_domain_name>", where <your_domain_name> is the domain name of your machine.
Select "P3" as the protocol to use.
Type in a test message, and click on "send".
Click on the "Receive UA" button.

Make sure "User" is

"/I=me/G=test/S=receiverp3/OU=receivers/O=Testorg/PRMD=TestPRMD/ADMD=TestADMD/C=GB/"
"Password" should be "p3password"

"Server" should be ""594"/Internet=<your_domain_name>", where <your_domain_name>
is the domain name of your machine.

Click on "Receive", you should receive your message

Documentation List

Documentation