Skip to content

Commit

Permalink
SD-3996 4.6 release documentation
Browse files Browse the repository at this point in the history
  • Loading branch information
kkelley1 committed Sep 22, 2023
1 parent 88ecf68 commit f82fc80
Show file tree
Hide file tree
Showing 9 changed files with 35 additions and 79 deletions.
67 changes: 7 additions & 60 deletions content/momentum/4/4-tls-macros.md
Original file line number Diff line number Diff line change
Expand Up @@ -15,71 +15,18 @@ The tls_macros module must be loaded in a configuration file, as follows:
`tls_macros {}`
### <a name="tls_macros.macros"></a> TLS Logging Macros

[Table 71.2, “TLS Logging Macros”](/momentum/4/4-tls-macros#tls-macros-table) lists the TLS logging macros.

<a name="tls-macros-table"></a>


| Macro | Description | Examples |
| --- | --- | --- |
| outbound_tls:outbound_tls | Whether TLS was used or not |

* SMTP ("SMTP" = no TLS)

* TLS

* unknown

|
| outbound_tls:outbound_tls_type | TLS type of connection |

When TLS is being used, this matches the value of the TLS configuration variable.

* no ("no" = no TLS)

* ifavailable

* required

|
| outbound_tls:outbound_tls | Indicates whether TLS was used or not | * SMTP ("SMTP" = no TLS)<br>* TLS<br>* unknown |
| outbound_tls:outbound_tls_type | When TLS is being used, this matches the value of the TLS configuration variable. | * no ("no" = no TLS)<br> * ifavailable<br> * required |
| outbound_tls:local_ip | IP address to which the message was sent | 1.2.3.4 |
| outbound_tls:outbound_tls_cipher | Cipher suite for TLS session |

Currently, the cipher suite names are specific to the TLS library used and are different between OpenSSL and GNUTLS.

* For OpenSSL: ECDHE_RSA_AES_128_GCM_SHA256

* For GNUTLS: AES256-GCM-SHA384

|
| outbound_tls:outbound_tls_cipher_algbits |

* For OpenSSL: outbound_tls_cipher_algbits returns the bits processed by chosen algorithm.

* For GNUTLS: outbound_tls_cipher_algbits returns the key size.

|   |
| outbound_tls:outbound_tls_cipher_usebits |

* For OpenSSL: outbound_tls_cipher_usebits returns the secret bits used by chosen cipher.

* For GNUTLS: outbound_tls_cipher_usebits returns the key size.

|   |
| outbound_tls:outbound_tls_protocol | TLS/SSL protocol version string |

* For OpenSSL: TLSv1.2

* For GNUTLS: TLS1.2

|
| outbound_tls:outbound_tls_verified | Whether the certificate passed verification (including subject verification) |

* verified

* unverified

|
| outbound_tls:outbound_tls_cipher | Cipher suite for TLS session | For OpenSSL: ECDHE_RSA_AES_128_GCM_SHA256<br> For GNUTLS: AES256-GCM-SHA384 |
| outbound_tls:outbound_tls_cipher_algbits | For OpenSSL: outbound_tls_cipher_algbits returns the bits processed by chosen algorithm.<br> For GNUTLS: outbound_tls_cipher_algbits returns the key size. |   |
| outbound_tls:outbound_tls_cipher_usebits | For OpenSSL: outbound_tls_cipher_usebits returns the secret bits used by chosen cipher.<br> For GNUTLS: outbound_tls_cipher_usebits returns the key size. |   |
| outbound_tls:outbound_tls_protocol | TLS/SSL protocol version string | For OpenSSL: TLSv1.2<br> For GNUTLS: TLS1.2 |
| outbound_tls:outbound_tls_verified | Whether the certificate passed verification (including subject verification) | * verified<br>* unverified |
| outbound_tls:outbound_tls_issuer | Issuer from TLS certificate | ca.test.messagesystems.com |
| outbound_tls:outbound_tls_subject | Subject from TLS certificate | server.ectest.examplecompany.com |

Expand Down
2 changes: 1 addition & 1 deletion content/momentum/4/config/tls-ciphers.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ tls_ciphers — specify allowable ciphers for TLS inbound and outbound sessions

**Configuration Change. ** Support for GNUTLS is available as of version 4.1 for SMTP reception and SMTP deliveries only.

This option specifies the allowable ciphers for a TLS session. The allowable ciphers must be a subset of the available ciphers on the host system.
This option specifies the allowable ciphers for a TLS session using TLSv1.2 or below. The allowable ciphers must be a subset of the available ciphers on the host system. For TLSv1.3, see tlsv13_ciphersuites.

**OpenSSL**

Expand Down
5 changes: 3 additions & 2 deletions content/momentum/4/install-upgrade-packages.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,10 @@ title: "Install / Upgrade the Packages"
description: "The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4 x releases prior to 4 2 28 For release 4 2 28 and beyond please refer to the installation and upgrade PDF documents available under the desired release's folder on the..."
---

### Warning
| **WARNING** |
| -- |
| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|

**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.

Ensure that you are in the `/var/tmp/momentum-4.2.1.50062` directory, then install the appropriate packages on each node type, as directed in the following steps.

Expand Down
5 changes: 3 additions & 2 deletions content/momentum/4/new-installation.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ description: "The installation and upgrade instructions in Chapters 8 through 11
---


### Warning
| **WARNING** |
| -- |
| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|

**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.

This section documents the installation procedures for use in either a local or Amazon Web Services (AWS) environment. This installation can be scaled for a variety of installation configurations, including singlenode, a cluster with three combined Platform and Analytics nodes, and two-tiered topologies that have multiple Platform and multiple, separate Analytics nodes.

Expand Down
5 changes: 3 additions & 2 deletions content/momentum/4/upgrade-single-node.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,10 @@ description: "The installation and upgrade instructions in Chapters 8 through 11
---


### Warning
| **WARNING** |
| -- |
| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|

**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.

<a name="idp401488"></a>

Expand Down
6 changes: 3 additions & 3 deletions content/momentum/4/upgrade-two-tier-configuration-rolling.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ description: "The installation and upgrade instructions in Chapters 8 through 11
---


### Warning

**The installation and upgrade instructions in Chapters 8 through 11 are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.
| **WARNING** |
| -- |
| **The installation and upgrade instructions in this section are only applicable in their entirety for Momentum 4.x releases prior to 4.2.28.** For release 4.2.28 and beyond, please refer to the installation and upgrade PDF documents available under the desired release's folder on the Message Systems Support website's [Downloads page](https://support.messagesystems.com/start.php/). If you are uncertain as to which document is applicable to your situation, please contact your technical support representative.|

<a name="idp1094736"></a>

Expand Down
21 changes: 12 additions & 9 deletions content/momentum/4/using-dkim.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,8 @@ description: "Domain Keys Identified Mail DKIM is a mechanism that allows verifi
---


DomainKeys Identified Mail (DKIM) is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message's signature may be verified by any (or all) MTAs during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents. For more information about DKIM, see [draft-ietf-dkim-base-00](http://tools.ietf.org/html/draft-ietf-dkim-base-00).
DomainKeys Identified Mail (DKIM) is a mechanism that allows verification of the source and contents of email messages. Using DKIM, sending domains can include a cryptographic signature in outgoing email messages. A message's signature may be verified by any (or all) MTAs during transit and by the Mail User Agent (MUA) upon delivery. A verified signature indicates the message was sent by the sending domain and the message was not altered in transit. A signature that fails verification indicates the message may have been altered during transit or that the sender is fraudulently using the sending domain name. Unsigned messages contain no guarantee about the sending domain or integrity of the message contents.
For more information about DKIM, see [RFC 6376](https://www.rfc-editor.org/rfc/rfc6376.html).

To determine subsequent handling of incoming email messages, service providers may use the success/failure of DKIM signature verification or the lack of a DKIM signature. The provider can drop invalid messages without impacting the final recipient, exposing the results of DKIM verification directly to the recipient, or exposing the lack of a signature directly to the recipient. Additionally, service providers may use signature verification as the basis for persistent reputation profiles to support anti-spam policy systems or to share with other service providers.

Expand All @@ -19,7 +20,7 @@ To determine subsequent handling of incoming email messages, service providers m
## <a name="idp3362288"></a> For Sending Servers

1. Set up

q
The domain owner (typically the team running the email systems within a company or service provider) generates a public/private key pair to use for signing all outgoing messages (multiple key pairs are allowed). The public key is published in DNS, and the private key is made available to their DKIM-enabled outbound email servers. This is step "A" in the diagram to the right.

2. Signing
Expand Down Expand Up @@ -60,13 +61,13 @@ To control how OpenDKIM signing statistics are recorded, see [signing_stats](/mo

### <a name="using_dkim.generating"></a> Generating DKIM Keys

The OpenSSL cryptography toolkit is used to generate RSA keys for DKIM. As an example, the following openssl commands are used to generate public and private keys for the domain `example.com` with a selector called `dkim1024`. Typically, the directory `/opt/msys/ecelerity/etc/conf/dkim` is used for key storage.
The OpenSSL cryptography toolkit is used to generate RSA keys for DKIM. As an example, the following openssl commands are used to generate public and private keys for the domain `example.com` with a selector called `dkim2048`. Typically, the directory `/opt/msys/ecelerity/etc/conf/dkim` is used for key storage.

```
# mkdir -p /opt/msys/ecelerity/etc/conf/dkim/example.com
# openssl genrsa -out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim1024.key 1024
# openssl rsa -in /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim1024.key \
-out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim1024.pub -pubout -outform PEM
# openssl genrsa -out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim2048.key 2048
# openssl rsa -in /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim2048.key \
-out /opt/msys/ecelerity/etc/conf/dkim/example.com/dkim2048.pub -pubout -outform PEM
```

All DKIM verification implementations must support key sizes of 512, 768, 1024, 1536, and 2048 bits. A signer may choose to sign messages using any of these sizes and may use a different size for different selectors. Larger key sizes provide greater security but impose higher CPU costs during message signing and verification.
Expand All @@ -75,6 +76,8 @@ All DKIM verification implementations must support key sizes of 512, 768, 1024,

Note that Google requires all senders to sign with a 1024 bit or greater DKIM key size.

It is recommended that a key size of at least 2048 bits is used.

The resulting public key should look similar to:

```
Expand All @@ -86,10 +89,10 @@ Q7jIOnF5fG9AQNd1UQIDAQAB
-----END PUBLIC KEY-----
```

Once the public and private keys have been generated, create a DNS text record for `dkim1024._domainkey.example.com`. The DNS record contains several DKIM "tag=value" pairs and should be similiar to the record shown below:
Once the public and private keys have been generated, create a DNS text record for `dkim2048._domainkey.example.com`. The DNS record contains several DKIM "tag=value" pairs and should be similiar to the record shown below:

```
dkim1024._domainkey.example.com. 86400 IN TXT
dkim2048._domainkey.example.com. 86400 IN TXT
"v=DKIM1; k=rsa; h=sha256; t=y; p=MHww...QAB"
```

Expand Down Expand Up @@ -117,7 +120,7 @@ Key type. This tag defines the syntax and semantics of the p= tag value. Current

<dd>

Hash algorithm. Currently, this tag should have the value "sha1" or "sha256".
Hash algorithm. Currently, this tag should have the value "sha1" or "sha256". Use of sha256 is recommended.

</dd>

Expand Down
1 change: 1 addition & 0 deletions content/momentum/changelog/4/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ name: "Momentum 4.x Changelogs"
description: "Momentum 4.x Changelogs"
---

* [Momentum 4.6 Changelogs](/momentum/changelog/4/4-6)
* [Momentum 4.4.1 Changelogs](/momentum/changelog/4/4-4-1)
* [Momentum 4.4.0 Changelogs](/momentum/changelog/4/4-4-0)
* [Momentum 4.3.1 Changelogs](/momentum/changelog/4/4-3-1)
Expand Down
2 changes: 2 additions & 0 deletions content/momentum/navigation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -1965,6 +1965,8 @@
- link: /momentum/changelog/4
title: Momentum 4.x Changelog
items:
- link: /momentum/changelog/4/4-6
title: Momentum 4.6 Changelog
- link: /momentum/changelog/4/4-4-1
title: Momentum 4.4.1 Changelog
- link: /momentum/changelog/4/4-4-0
Expand Down

0 comments on commit f82fc80

Please sign in to comment.