Changing to new HEP mail server.
=====================================
(Last mod: 28-Jan-02, TJH)
It is VERY IMPORTANT that users follow the instructions and complete
this move to the new mail server as soon as they possibly can!
We are about to move email off ax8 and onto a dedicated Linux machine
(currently pc21). There are a number of reasons for doing this, but a
crucial one is that we want to remove our dependency on ax8, now that
we have decided not to try to fix our Alphas if they fail. This means
we are now keeping our fingers crossed that ax8 doesn't collapse, and
that we should try to get all the mail moved a.s.a.p.
Several people have been guinea-pigs for the use of the new mail
system for some time now, but to move everyone is non-trivial. Some of
the work has to be done by the software team, and some is best done by
users, although of course we will do any required hand-holding.
To run through the procedure quickly you need only follow the steps highlighted
below in this text.
1) Creating your account on the new mail server:
Ask Tony for a password to your new account on our new mail server.
A new account will be created for you on the mail server using your
current username. You will be given a password for this account that
can, at the moment, only be changed by a member of the software
team. You will be able to use this password to access your email from
e.g. a remote Web browser (see details in Appendix), but you will not
be able to login to the account directly (the access is via imap, with
security via ssl).
2) Direct access to your new mail server account:
From our local network only, you will be able to directly access your
directory structure on the new mail server via NFS. E.g. for user
"abc" it will be at /unix/mail/abc/... You will be able to use this
access to copy over your mail files from your current filestore to the
new mail server and to set up your ssh authorisation (see below). It
might also be useful for direct "grepping" or other manual
manipulation of your mail files.
Moving your mail files to the new mail server:
You will need to copy over your mail files from your current account
to the new mail server.
e.g. for username "abc":
cp -r ~/mail /unix/mail/abc
(note: if you don't want to lose track of your mail or otherwise
confuse yourself it would be best to first understand all these
instructions and then carry them out at one time, without manipulating
your mail until you have finished.)
3) Using a new version of pine:
To access the new mail server with pine, you will need to use a new
version of pine. For the time being our recommendation is for each
user to set an alias for "pine" pointing to this new version. Once
everyone has switched we will set the new version to be the default
and you will be reminded to remove the alias.
Set up to use the new version of pine:
The new version of pine is in /usr/bin/pine. To set "pine" as an alias
for this:
If you use bash you could edit ~/.bash_profile to contain the line:
alias pine="/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)
If you use tcsh you could edit ~/.login to contain the line:
alias pine "/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)
4) Setup pine to access mail on the new server:
Set your pine preferences so that pine looks for mail on the new
server via imap as follows:
From the main
pine screen,
choose "S" (SETUP), then "L"
(collectionList). Highlight
the word
"mail" and
hit return to get
the edit screen for the main mail collection. Fill in the
"Nickname", "Server"
and
"Path" as follows:
Nickname : mail
Server : mail.hep.ucl.ac.uk
Path : mail
View :
If you have other folder COLLECTIONS, highlight each in turn,
hitting return to get the edit screen for the collection. Fill in the
"Nickname", "Server" and "Path" with the appropriate name. E.g. for a
folder collection called "atlas":
Nickname : atlas
Server : mail.hep.ucl.ac.uk
Path : mail/atlas
View :
5) Transparent access to the mail server from pine via ssh:
You will be able to access your email on the new mail server via pine
without having to type a password by setting up for pine to use
ssh. To do this you will have to:
a) Generate a new ssh version2 key (if you haven't already done so) with:
ssh-keygen -t dsa
(the type "dsa" implies a version2 ssh key)
You will be prompted for a passphrase (which can be longer than 8
characters and can contain spaces and other characters). It is VERY
IMPORTANT that you don't override this, and that you remember your
passphrase, but keep it safe. (You may need to type this in every time you log
in !)
A sub-directory ".ssh" will be automatically created in your home
directory (if you don't already have one), and your private and public
key files will be generated in it. These will be called id_dsa and
id_dsa.pub respectively (id_dsa will be readable only by you).
(Note that you will be able to use this public key to give you
transparent ssh access in other situations also; a separate memo is
being produced about this.)
b) Copy your public key to the mail server
copy your id_dsa.pub (public key) file to .ssh in
your account on the mail server, renaming it to authorized_keys2, e.g.:
mkdir /unix/mail/abc/.ssh
cp ~abc/.ssh/id_dsa.pub /unix/mail/abc/.ssh/authorized_keys2
c) tell pine to use ssh for remote shell access
edit .pinerc
in your home directory. Find
the line starting
"rsh-path="
and change it to: "rsh-path=/usr/bin/ssh".
d) ...add description for using ssh-add...
Now when you run pine and ask to view one of your mail folders that
have been moved to the new mail server, it should connect you
transparently (via ssh and imap), without need to type any password.
6) Ask the software team to redirect your new mail to
the new mail server instead of ax8.
7) Once you are satisfied that you are set up to access mail on the new
mail server, and have copied across any mail that you wish to keep
there, you should let the software team know so that they can direct
new mail to the new mail server instead of ax8. When a member of the
software team has switched your new mail to go to the new mail server,
you will be able to access it by setting your inbox in the pine
preferences:
Moving your INBOX to the new mail server:
When the mail has been redirected reset your inbox
in the pine preferences as follows:
From
the main
pine
screen,
type S for SETUP, then C for Config, and
edit
the
inbox-path
line to:
inbox-path = {mail.hep.ucl.ac.uk} INBOX
(highlight the line, hit return to go to edit mode, add the text, and
hit return again to accept the change. Finally, type E to exit Setup.
When you have completed steps 1 to 7, you should be able to access
your mail via pine very much like you did before. You will also,
however, be able to access it:
-- from pine on another system (e.g. a laptop), using ssh.
-- from any ssl-enabled imap client e.g. Netscape Communicator,
using your username and mail server password. (Tell the client to use
imap and ssl).
-- from any ssl-enabled Web browser, using the SquirrelMail utility on
the new mail server:
go to "https://mail.hep.ucl.ac.uk". You will be asked to accept a
security certificate (probably in a number of steps). Choose the
defaults to accept the certificate. You should then see a SquirrelMail
prompt screen in which you can login using your username
and mail server password.
Moreover your files will no longer be housed on the ageing and
vulnerable ax8!