Nevis Mail Server Switch |
On 15:00 Thu 09-May-2002, I plan to switch the server that receives mail for
Nevis from nevis1 to the new mail server, franklin. This web page
discusses:
|
As part of the transition to the new mail server, as of 09-May-2002 I plan to change the main mail server for the nevis.columbia.edu domain. Based on the experimentation I've done thus far, I believe that this switch will be transparent to most, if not all, the users at Nevis.
Nevertheless, given the importance of mail services at Nevis, I've prepared this web page to describe in detail the nature of the switch and its potential consequences.
What is being done |
The mail setup at Nevis can basically be divided into three functions:
Right now, most users at Nevis use nevis1 for all three of the above functions. In fact, a user can only change (2) or (3) on their own; item (1), the "mail exchanger", is controlled by the domain name services. If you want to check this for yourself, enter the following command on a UNIX system:
The mail will still be stored physically on nevis1. You will still be able to read it using whatever mail reader you presently use, with no change to your program's configuration.
If that were the only difference, there would be no need for me to prepare this web page. However, there are two issues that may potentially make a difference; these are described below.
Mail server accounts |
The accounts on the new mail server, franklin, are not linked to the accounts on nevis1 in any direct way. Eventually, the accounts, home directories, and passwords on the two systems will be linked via NIS, but that is a project that I must postpone until mail services are entirely moved off of nevis1.
What I have done is manually duplicate every active account on nevis1 onto franklin. If a given user account can receive mail on nevis1, then a duplicate account exists on franklin as well. The chief exception are those users who left Nevis and forwarded their e-mail elsewhere; rather than creating new accounts for them, I set up permanent mail forwarding aliases on both nevis1 and franklin.
However, there are some differences between accounts on the systems:
In practice, this only matters if you have a .forward file in your home directory. If you have an account on the Linux cluster, you'll want to copy that file to your home directory on the cluster.
An example of such a .forward file is:
For users of procmail and vacation, I've done my best to make sure that this is transparent to you. On both the Linux cluster and on nevis1, these programs are located in /usr/bin. No changes should be necessary on your part.
However, if you use a custom mail program (usually given a name like mymailer), it probably won't work. You should contact me and make special arrangements.
However, this is probably irrelevant. There is no need for any normal user to log on to franklin. At this time, there is nothing physically stored on the machine that is associated with a particular user: all of your mail is still stored on nevis1; the password information is not stored on franklin.
At this point, you may want to check that you have an account on franklin. If you have an account on the Linux cluster, you automatically have an account on franklin, but here's how both Linux and nevis1 users can check:
If you still can't get the "Connection to franklin closed" message, contact me.
Spam filtering |
The new mail server has a number of security features that the mail program on nevis1 does not have. Most of these features won't be visible until we fully switch mail servers, but there's one that will have an effect immediately: the mail server on franklin has a spam filter.
The spam filter on franklin is actually rather mild as such things go. It does not filter the mail based on content; instead, it blocks mail based on where it comes from:
This means that if an e-mail address comes from an IP name or address that cannot be found via DNS, the mail is bounced back to the sender. The logic is that a lot of spam comes from "fly-by-night" mailers on unused IP addresses.
This may have some impact on our work. Some legitimate sites may be located in countries with unreliable DNS servers; e.g., Russia and China. If a collaborator sent you e-mail from a site whose DNS had been unavailable for several days, their e-mail would bounce.
This means we use a list of known sources of spam; any mail from such a site would be bounced back. It would take too much time to develop a separate list at Nevis, so in practice we'll use a list developed by someone else. The list I propose to use initially is the blackhole list.
If you look at the list, you'll see that most of the sites are from dialup lines or bulk mailers; we're not likely to have academic, research, or even personal communications with such sites. If you see a name such as optonline.net.dialup, and your home cable modem uses optonline.net, you should not be concerned; anyone who legitimately sends e-mail from optonline.net would use Optonline's own SMTP server; they would not be running their own mail server on a computer over a dialup line.
Still, it is conceivable that someone (e.g., a student applying for an REU position) might sign up for a cheap ISP and send legitimate e-mail from one of these sites.
With spam blocking, there's always the risk that legitimate e-mail might not be received. Also, a great deal of spam comes from yahoo.com, hotmail.com, and aol.com; it's more involved to block such mail at the server level (we'd have to look at message content, not just the sender).
In my initial testing, no mail from legitimate sites was blocked (although all-too-many spam messages still got through). My plan is to monitor all messages rejected by franklin for a month or two after we start using it as the mail exchanger; if I spot any legitimate mail being blocked, I can always turn off the spam filter. On the other hand, if the level of spam remains excessive, I can contemplate putting in a content filter.
Note that if mail is rejected as spam, it is bounced back to the sender with an explanatory error message. This means that if someone sends you legitimate e-mail and it's rejected, the sender will know why and be able to take corrective action.
Note added 12-Aug-2002: The blackhole-list portion of the spam filter
was turned off shortly after franklin was put in use. In addition to
many sites which are clearly sources of junk mail, the blackhole list
included servers such as travelocity.com and cc-inc.com (which is
PC-Mall). Although these companies are sources of unwanted junk mail,
they are also sites with which legitimate Nevis business might be
conducted.
I have installed SpamAssassin on the Linux
cluster. I'll eventually have a Nevis SpamAssassin web page. Until
then, if you want to use this utility, read the "spamassassin" man
page and web site; you can also look at ~seligman/.procmailrc for
additional hints.
Reading mail on the Linux cluster |
Since about 1998, the standard model for reading mail at Nevis was to logon to nevis1 and use pine. As of now (even before this mail exchanger switch), users can do this while logged on the to Linux cluster.
Some items to note:
If you want to start reading your mail on the cluster, and you don't want to start using IMAP yet, you can copy your ~/mail directory from nevis1 to the cluster with the following command (on the cluster):
The most important aspect of this change is that it's no longer necessary to give someone (a summer student, a staff member, a visiting scientist) an account on nevis1 just so they can receive mail here. An account on the cluster is all that's necessary.
to the Nevis Computing Page.
to the Nevis Home Page.
Send any comments or questions to the
webmaster.