Changing your HEP mail account to the new HEP mail server.
(Last mod: 20-Nov-2002, TJH)

It is VERY IMPORTANT that users follow the instructions and complete this move to the new mail server as soon as they possibly can!

We are about to move email off ax8 and onto a dedicated Linux machine (currently pc21). There are a number of reasons for doing this, but a crucial one is that we want to remove our dependency on ax8 (all home directories have already been moved from ax8), now that we have decided not to try to fix our Alphas if they fail. This means we are now keeping our fingers crossed that ax8 doesn't collapse, and that we should try to get all the mail moved a.s.a.p.

Several people have been guinea-pigs for the use of the new mail system for some time now, but to move everyone is non-trivial. Some of the work has to be done by the software team, and some is best done by users, although of course we will do any required hand-holding.

1) Creating your account on the new mail server:

Ask Tony for a password to your new account on our new mail server.

A new account will be created for you on the mail server using your current username. You will be given a password for this account that can, at the moment, only be changed by a member of the software team. You will be able to use this password to access your email from e.g. a remote Web browser, but you will not be able to login to the account directly (the access is via imap, with security via ssl).

2)Using a new version of pine:

To access the new mail server with pine, you will need to use a new version of pine. For the time being our recommendation is for each user to set an alias for "pine" pointing to this new version. Once everyone has switched we will set the new version to be the default and you will be reminded to remove the alias.

Set up to use the new version of pine which is in /usr/bin/pine:
To set "pine" as an alias for this:

If you use bash you could edit ~/.bashrc (create this file if it doesn't exist) to contain the line:
alias  pine="/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)

If you use tcsh you could edit ~/.login to contain the line:
alias pine "/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)

3) Setup pine to access mail on the new server:

Set your pine preferences so that pine looks for mail on the new server via imap as follows:

From the main pine screen, choose S (Setup), then L (collectionList). Select the word  mail and hit return to get the edit screen for the main mail collection.
Fill in the "Nickname", "Server" and "Path" as follows:

    Nickname : mail
    Server : mail.hep.ucl.ac.uk
      Path : mail/
      View :

  If you have other folder COLLECTIONS, highlight each in turn, hitting return to get the edit  screen for the collection. Fill in the "Nickname", "Server" and "Path" with  the appropriate name. E.g. for a folder collection called "atlas":

    Nickname  : atlas
    Server    : mail.hep.ucl.ac.uk
    Path      : mail/atlas
    View      :

Type ctrl/x to save and exit.

4) Transparent access to the mail server from pine via ssh:

You will be able to access your email on the new mail server via pine without having to type a password by setting up for pine to use ssh. If you do not already have ssh version 2 keys you will need to generate them.  To do this you will have to:

  a) Generate a new ssh version2 key (from a node on linux HEP system) with:
ssh-keygen  -t  dsa
(the type "dsa" implies a version2 ssh key)

You will be prompted for a passphrase (which can be longer than 8 characters and can contain spaces and other characters). It is VERY IMPORTANT that you set a passphrase and don't override this, and that you remember your passphrase and keep it safe.(You may need to type this in every time you log in !)

A sub-directory ".ssh" will be automatically created in your home directory (if you don't already have one), and your private and public key files will be generated in it. These will be called id_dsa and id_dsa.pub respectively (id_dsa will be readable only by you). (Note that you will be able to use this public key to give you transparent ssh access in other situations also; a separate memo is being produced about this.)

Make a copy of your public key in your .ssh directory called "authorized_keys2" (note the z in the spelling) to enable yourself to ssh to other hep pc's transparently without having to type a password.

cp  ~abc/.ssh/id_dsa.pub   ~abc/.ssh/authorized_keys2

Should you wish to ssh to a further pc, then when ssh'ing from the first pc use the command "ssh -A" which also forwards your ssh agent.

b) Copy your public key (id_dsa.pub) to the mail server, placing it into your ".ssh" directory and calling it "authorized_keys2":

mkdir  /unix/mail/users/abc/.ssh
cp  ~abc/.ssh/id_dsa.pub   /unix/mail/users/abc/.ssh/authorized_keys2

c) Configure pine to use ssh for remote shell access

edit the file .pinerc in your home directory. Find the line starting
 rsh-path= and change it to: rsh-path=/usr/bin/ssh

d) Before running pine from a terminal window, add your ssh key to ssh-agent by typing:

ssh-agent  bash   then   ssh-add  .ssh/id_dsa

Gnome or FVWM users may set up their ssh key to add automatically to ssh-agent  at the beginning of each session, and this will remain in force for the duration of each gnome or fvwm session. See the appropriate following section for either:

 d1) Gnome users only:

To add your ssh key to ssh-agent automatically at the beginning of each gnome session do as follows:

Log in using gnome (not gnome failsafe though).
From your main menu, choose programs>settings>session>session properties & startup programs.
Click on the startup programs tab.
Click add.
In the startup command box type /usr/bin/ssh-add  /home/abc/.ssh/id_dsa
Set the priority higher than 50, say 100,  to start it later to ensure that the input box you have to type your passphrase into isn't covered by other windows.
click ok, then ok.
When you log out of gnome save session.
Every time you log into gnome you will now automatically be prompted to type your ssh passphrase which will apply to, and allow transparent ssh mailserver access for a pine session started in any subsequently opened windows.

d2) FVWM users only:

To add your ssh key to ssh-agent automatically at the beginning of each fvwm session do as follows:
Set fvwm to run under ssh-agent whenever you log in:

In your file named .xsession in your top-level directory, replace the line exec fvwm  by the following section of code:

(You can see someone else's .xsession file for an example, e.g. RC's)

if [-e /usr/bin/ssh-agent]
then
  exec /usr/bin/ssh-agent fvwm
else
    exec fvwm
fi
 

Then, add your ssh keys to ssh-agent on initialisation of fvwm:

In the file named .fvwmrc in your top-level directory, find the section beginning

Function "InitFunction" .  

If the  line below exists (for example if you currently have ssh1 keys set up,):

Exec "I" ssh-add /home/abc/.ssh/identity

then modify the line to look like:

Exec "I" ssh-add /home/abc/.ssh/identity  /home/abc/.ssh/id_dsa </dev/null

otherwise, add the line:

Exec "I" ssh-add /home/abc/.ssh/id_dsa </dev/null

just before the line "EndFunction"

(Add wait to this and anything that could take time to complete before this happens so that this window isn't created in the background).

Now, whenever you start fvwm, your will be prompted in a small window for your ssh passphrase.

Should you need to add your ssh key manually during a session, if for example you have not set it up to do so automatically:

Type /usr/bin/ssh-add

You will then be prompted to type your ssh passphrase.
(This needs to be done once each time a new terminal window is opened from which you intend to run pine.)

After adding your ssh key to ssh-agent, when you run pine and ask to view one of your mail folders that have been moved to the new mail server, you should be connected transparently (via ssh and imap), without the need to type any password.

5) Moving your mail files to the new mail server:

You will need to copy over your mail files from your current account to the new mail server.
e.g. for username "abc":

cp  -r  ~/mail  /unix/mail/users/abc

(note: if you don't want to lose track of your mail or otherwise confuse yourself it would be best to first understand all these instructions and then carry them out at one time, without manipulating your mail until you have finished.)

Direct access to your new mail server account:
From our local network only, you will be able to directly access your directory structure on the new mail server via NFS. E.g. for user "abc" it will be at /unix/mail/users/abc/... You will be able to use this access to copy over your mail files from your current filestore to the new mail server and to set up your ssh authorisation (see below). It might also be useful for direct "grepping" or other manual manipulation of your mail files.Your "inbox" folder will be /unix/mail/spool/abc.

6) Ask the software team to redirect your new mail / move your inbox to the new mail server instead of ax8.

Once you are satisfied that you are set up to access mail on the new mail server, and have copied across any mail that you wish to keep there, you should let the software team know so that they can direct new mail to the new mail server instead of ax8. When a member of the software team has switched your new mail to go to the new mail server, you will be able to access it by setting where pine looks for your inbox in your pine preferences:

7) Setting where pine looks for your INBOX to the new mail server:

When the mail has been redirected you should change where pine will look for your inbox in your pine preferences as follows:

From the main pine screen, type S  for Setup, then  C for Config, and edit the inbox-path line to be:
inbox-path = {mail.hep.ucl.ac.uk}INBOX
Highlight the line, hit return to go to edit mode, add the text, and hit return again to accept the change. Finally, type E to exit Setup.

Users should now NOT log in to AX8 !

When you have completed steps 1 to 7, you should be able to access your mail via pine very much like you did before.
You may also, however, access your mail:

-- from pine on another system (e.g. a laptop), using ssh.

-- for telnet access, telnet to pc29, log in, type

"(/usr/bin/)ssh-agent  bash" & then "usr/bin/ssh-add  /home/abc/.ssh/id_dsa",

 enter ssh password and then run pine.

/usr/local/bin - old version of pine.

/usr/bin - newer version of pine.

 

-- from any ssl-enabled imap client e.g. Netscape Communicator, using your username and mail server password. (Tell the client to use imap and ssl).

-- from any ssl-enabled Web browser (set to accept cookies), using the SquirrelMail utility on the new mail server:

Go to "https://mail.hep.ucl.ac.uk". You will be asked to accept a security certificate (probably in a number of steps). Choose the defaults to accept the certificate. You should then see a SquirrelMail prompt screen in which you can login using your username and mail server password.

Moreover your files will no longer be housed on the ageing and vulnerable ax8!