Using your HEP mail account on the HEP mail server.
(Last mod: 20-Nov-2003, TJH)
1) Creating your account on the mail server:
Ask Tony for a password to your new account on our new mail server.
A new account will be created for you on the mail server using your current username. You will be given a password for this account that can, at the moment, only be changed by a member of the software team. You will be able to use this password to access your email from e.g. a remote Web browser, but you will not be able to login to the account directly (the access is via imap, with security via ssl).
2)Using pine:
To access the mail server with pine, for the time being our recommendation is for each user to set an alias for "pine" pointing to this version.
Set up to use pine 4.44 which is in /usr/bin/pine:
To set "pine" as an alias for this:
If you use bash you could edit ~/.bashrc (create this file if it
doesn't exist) to contain the line:
alias pine="/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)
If you use tcsh you could edit ~/.login to contain the line:
alias pine "/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)
3) Setup pine to access mail on the new server:
Set your pine preferences so that pine looks for mail on the new server via imap as follows:
From the main pine screen, choose S (Setup), then L
(collectionList). Select the word mail and hit return to get the edit screen for the main mail collection.
Fill in the "Nickname",
"Server"
and "Path" as follows:
Nickname :
mail
Server :
mail.hep.ucl.ac.uk
Path :
mail/
View :
If you have other folder COLLECTIONS, highlight each in turn, hitting return to get the edit screen for the collection. Fill in the "Nickname", "Server" and "Path" with the appropriate name. E.g. for a folder collection called "atlas":
Nickname : atlas
Server : mail.hep.ucl.ac.uk
Path : mail/atlas
View :
Type ctrl/x to save and exit.
4) Transparent access to the mail server from pine via ssh:
You will be able to access your email on the mail server via pine without having to type a password by setting up pine to use ssh. If you do not already have ssh version 2 keys you will need to generate them. To do this you will have to:
a) Generate a new ssh version2 key (from a node on linux HEP
system)
with:
ssh-keygen -t dsa
(the type "dsa" implies a version2 ssh key)
You will be prompted for a passphrase (which can be longer than 8
characters
and can contain spaces and other characters). It is VERY IMPORTANT that
you set a passphrase and don't override
this,
and that you remember your passphrase and keep it safe. (You may need
to
type this in every time you log in !)
(If you wish to change this password at a later stage you may do so
by
typing (from a node on linux HEP system):
ssh-keygen -p -t dsa
)
A sub-directory ".ssh" will be automatically created in your home directory (if you don't already have one), and your private and public key files will be generated in it. These will be called id_dsa and id_dsa.pub respectively (id_dsa will be readable only by you). (Note that you will be able to use this public key to give you transparent ssh access in other situations also.)
Make a copy of your public key in your .ssh directory called "authorized_keys2" (note the z in the spelling) to enable yourself to ssh to other hep pc's transparently without having to type a password.
cp ~abc/.ssh/id_dsa.pub
~abc/.ssh/authorized_keys2
Should you wish to ssh to a further pc, then when ssh'ing from the first pc use the command "ssh -A" which also forwards your ssh agent.
b) Copy your public key (id_dsa.pub) to the mail server, placing it into your ".ssh" directory and calling it "authorized_keys2":
mkdir /unix/mail/users/abc/.ssh
cp
~abc/.ssh/id_dsa.pub
/unix/mail/users/abc/.ssh/authorized_keys2
c) Configure pine to use ssh for remote shell access
edit the file .pinerc in your home directory. Find the line starting
rsh-path= and change it to: rsh-path=/usr/bin/ssh
d) Before running pine from a terminal window, add your ssh key to ssh-agent by typing:
ssh-agent bash
then ssh-add .ssh/id_dsa
Gnome or FVWM users may set up their ssh key to add automatically to ssh-agent at the beginning of each session, and this will remain in force for the duration of each gnome or fvwm session. See the appropriate following section for either:
d1) Gnome users only:
To add your ssh key to ssh-agent automatically at the beginning of each gnome session do as follows:
Log in using gnome (not gnome failsafe though).
From your main menu,
choose programs>settings>session>session properties
&
startup programs.
(*now - preferences - more preferences - sessions)
Click on the startup programs
tab.
Click add.
In the startup command box type /usr/bin/ssh-add
/home/abc/.ssh/id_dsa
Set the priority higher than 50, say
100,
to start it later to ensure that the input box you have to type your
passphrase into isn't covered by other windows.
click ok, then ok.
When you log out of gnome save session.
Every time you log into gnome you will now automatically be prompted to
type your ssh passphrase which will
apply to, and allow transparent ssh mailserver access for a pine
session started in
any subsequently opened windows.
d2) FVWM users only:
To add your ssh key to ssh-agent automatically at the
beginning
of each fvwm session do as follows:
Set fvwm to run under ssh-agent whenever you
log
in:
In your file named .xsession in your top-level directory,
replace
the line exec fvwm by
the
following section of code:
(You can see someone else's .xsession file for an example, e.g. RC's)
if [-e /usr/bin/ssh-agent]
then
exec
/usr/bin/ssh-agent
fvwm
else
exec fvwm
fi
Then, add your ssh keys to ssh-agent on initialisation of fvwm:
In the file named .fvwmrc in your top-level directory, find the section beginning
Function "InitFunction" .
If the line below exists (for example if you currently have ssh1 keys set up,):
Exec "I" ssh-add /home/abc/.ssh/identity
then modify the line to look like:
Exec "I" ssh-add
/home/abc/.ssh/identity
/home/abc/.ssh/id_dsa </dev/null
otherwise, add the line:
Exec "I" ssh-add /home/abc/.ssh/id_dsa
</dev/null
just before the line "EndFunction"
(Add wait
to this and anything that could take time to complete before this
happens
so that this window isn't created in the background).
Now, whenever you start fvwm, your will be prompted in a small window for your ssh passphrase.
Should you need to add your ssh key manually during a session, if for example you have not set it up to do so automatically:
Type
/usr/bin/ssh-add
You will
then
be prompted to type your ssh passphrase.
(This needs to be done once each
time a new terminal window is opened from which you intend to run pine.)
After adding your ssh key to ssh-agent, when you run pine and ask to view one of your mail folders that have been moved to the new mail server, you should be connected transparently (via ssh and imap), without the need to type any password.
5) Direct access to your mail server account:
From our local network only, you will be able to directly access your directory structure on the mail server via NFS. E.g. for user "abc" it will be at /unix/mail/users/abc/... It may be useful for direct "grepping" or other manual manipulation of your mail files.Your "inbox" folder will be /unix/mail/spool/abc.
7) Setting where pine looks for your INBOX on the mail server:
You should set pine to look for your inbox in pine setup as follows:
From the main pine screen, type S for Setup, then C for Config, and edit the inbox-path
line to be:
inbox-path = {mail.hep.ucl.ac.uk}INBOX
Highlight the line, hit return to go to edit mode, add the text,
and hit return again to accept the change. Finally, type E to exit Setup.
Other ways to access your HEP email account:
You may also, however, access your mail:
-- from pine on another system (e.g. a laptop), using ssh.
-- From a remote log-in session, type
"(/usr/bin/)ssh-agent bash" & then "usr/bin/ssh-add /home/abc/.ssh/id_dsa",
enter ssh password and then run pine.
-- from any ssl-enabled imap client e.g. Netscape Communicator, using your username and mail server password. (Tell the client to use imap and ssl).
-- from any ssl-enabled Web browser (set to accept cookies), using the SquirrelMail utility on the new mail server:
Go to "https://mail.hep.ucl.ac.uk". You will be asked to accept a security certificate (probably in a number of steps). Choose the defaults to accept the certificate. You should then see a SquirrelMail prompt screen in which you can login using your username and mail server password.