As part of the transition to the new mail server, as of 09-May-2002 I plan to change the main mail server for the nevis.columbia.edu domain. Based on the experimentation I've done thus far, I believe that this switch will be transparent to most, if not all, the users at Nevis.

Nevertheless, given the importance of mail services at Nevis, I've prepared this web page to describe in detail the nature of the switch and its potential consequences.

What is being done

The mail setup at Nevis can basically be divided into three functions:

1. Receiving mail via the internet and storing it on disk.
2. Transferring the mail from that disk to a user's mail reader.
3. Transmitting mail from a user's program to the internet.

Right now, most users at Nevis use nevis1 for all three of the above functions. In fact, a user can only change (2) or (3) on their own; item (1), the "mail exchanger", is controlled by the domain name services. If you want to check this for yourself, enter the following command on a UNIX system:

The mail will still be stored physically on nevis1. You will still be able to read it using whatever mail reader you presently use, with no change to your program's configuration.

If that were the only difference, there would be no need for me to prepare this web page. However, there are two issues that may potentially make a difference; these are described below.

Mail server accounts

The accounts on the new mail server, franklin, are not linked to the accounts on nevis1 in any direct way. Eventually, the accounts, home directories, and passwords on the two systems will be linked via NIS, but that is a project that I must postpone until mail services are entirely moved off of nevis1.

What I have done is manually duplicate every active account on nevis1 onto franklin. If a given user account can receive mail on nevis1, then a duplicate account exists on franklin as well. The chief exception are those users who left Nevis and forwarded their e-mail elsewhere; rather than creating new accounts for them, I set up permanent mail forwarding aliases on both nevis1 and franklin.

However, there are some differences between accounts on the systems:

• The server franklin is part of the Nevis Linux cluster. If you have an account on the Linux cluster, franklin will see the account information associated with the cluster, not that for nevis1.

  In practice, this only matters if you have a .forward file in your home directory. If you have an account on the Linux cluster, you'll want to copy that file to your home directory on the cluster.

• If you have a ~/.forward file, whether your home directory is on nevis1 or the Linux cluster, and that file executes a program, then that program will be executed by franklin; presently such a program would be executed by nevis1.

  An example of such a .forward file is:

  \seligman, "|/usr/bin/vacation seligman" This a typical file that might be used if I went on vacation.

  For users of procmail and vacation, I've done my best to make sure that this is transparent to you. On both the Linux cluster and on nevis1, these programs are located in /usr/bin. No changes should be necessary on your part.

  However, if you use a custom mail program (usually given a name like mymailer), it probably won't work. You should contact me and make special arrangements.

• I copied over most of the accounts roughly six months ago. If you changed your nevis1 password since then, then the older password is the one that's relevant for the Linux cluster.

  However, this is probably irrelevant. There is no need for any normal user to log on to franklin. At this time, there is nothing physically stored on the machine that is associated with a particular user: all of your mail is still stored on nevis1; the password information is not stored on franklin.

At this point, you may want to check that you have an account on franklin. If you have an account on the Linux cluster, you automatically have an account on franklin, but here's how both Linux and nevis1 users can check:

• If you get "Connection to franklin closed" as a response, then you have an account on franklin. The connection is closed because user accounts are closed on franklin, but your account name and password were accepted.

• If you get "Permission denied", then franklin did not recognize your account name and password combination. Remember, if you have an account on the Linux cluster, it's that name and password that applies. If you don't have a cluster account, remember to try your old nevis1 password.

  If you still can't get the "Connection to franklin closed" message, contact me.

Spam filtering

The new mail server has a number of security features that the mail program on nevis1 does not have. Most of these features won't be visible until we fully switch mail servers, but there's one that will have an effect immediately: the mail server on franklin has a spam filter.

The spam filter on franklin is actually rather mild as such things go. It does not filter the mail based on content; instead, it blocks mail based on where it comes from:

• All e-mail that comes from unresolvable domains is blocked.

  This means that if an e-mail address comes from an IP name or address that cannot be found via DNS, the mail is bounced back to the sender. The logic is that a lot of spam comes from "fly-by-night" mailers on unused IP addresses.

  This may have some impact on our work. Some legitimate sites may be located in countries with unreliable DNS servers; e.g., Russia and China. If a collaborator sent you e-mail from a site whose DNS had been unavailable for several days, their e-mail would bounce.

• The server rejects mail based on a spam-block list.

  This means we use a list of known sources of spam; any mail from such a site would be bounced back. It would take too much time to develop a separate list at Nevis, so in practice we'll use a list developed by someone else. The list I propose to use initially is the blackhole list.

  If you look at the list, you'll see that most of the sites are from dialup lines or bulk mailers; we're not likely to have academic, research, or even personal communications with such sites. If you see a name such as optonline.net.dialup, and your home cable modem uses optonline.net, you should not be concerned; anyone who legitimately sends e-mail from optonline.net would use Optonline's own SMTP server; they would not be running their own mail server on a computer over a dialup line.

  Still, it is conceivable that someone (e.g., a student applying for an REU position) might sign up for a cheap ISP and send legitimate e-mail from one of these sites.

  With spam blocking, there's always the risk that legitimate e-mail might not be received. Also, a great deal of spam comes from yahoo.com, hotmail.com, and aol.com; it's more involved to block such mail at the server level (we'd have to look at message content, not just the sender).

In my initial testing, no mail from legitimate sites was blocked (although all-too-many spam messages still got through). My plan is to monitor all messages rejected by franklin for a month or two after we start using it as the mail exchanger; if I spot any legitimate mail being blocked, I can always turn off the spam filter. On the other hand, if the level of spam remains excessive, I can contemplate putting in a content filter.

Note that if mail is rejected as spam, it is bounced back to the sender with an explanatory error message. This means that if someone sends you legitimate e-mail and it's rejected, the sender will know why and be able to take corrective action.

Note added 12-Aug-2002: The blackhole-list portion of the spam filter was turned off shortly after franklin was put in use. In addition to many sites which are clearly sources of junk mail, the blackhole list included servers such as travelocity.com and cc-inc.com (which is PC-Mall). Although these companies are sources of unwanted junk mail, they are also sites with which legitimate Nevis business might be conducted.

I have installed SpamAssassin on the Linux cluster. I'll eventually have a Nevis SpamAssassin web page. Until then, if you want to use this utility, read the "spamassassin" man page and web site; you can also look at ~seligman/.procmailrc for additional hints.

Reading mail on the Linux cluster

Since about 1998, the standard model for reading mail at Nevis was to logon to nevis1 and use pine. As of now (even before this mail exchanger switch), users can do this while logged on the to Linux cluster.

Some items to note:

• By default, Pine stores its files in ~/mail, that is, in a directory named mail in the user's home directory. If you have an account on the Linux cluster, then your home directory on the cluster is probably not the same as your home directory on nevis1.

  If you want to start reading your mail on the cluster, and you don't want to start using IMAP yet, you can copy your ~/mail directory from nevis1 to the cluster with the following command (on the cluster):

  scp nevis1:~/mail ~

• The Linux cluster handles security issues differently than nevis1. Some operations are faster, others are slower. Pine may take longer to connect to your mail inbox on the cluster than on nevis1.

The most important aspect of this change is that it's no longer necessary to give someone (a summer student, a staff member, a visiting scientist) an account on nevis1 just so they can receive mail here. An account on the cluster is all that's necessary.

to the Nevis Computing Page.

to the Nevis Home Page.

Send any comments or questions to the webmaster.