Changing your HEP mail account to the new HEP mail server.
(Last mod: 29-Jan-02, TJH)
My "how to" notes in blue:
It is VERY IMPORTANT that users follow the instructions and complete this
move to the new mail server as soon as they possibly can!
We are about to move email off ax8 and onto a dedicated Linux machine
(currently pc21). There are a number of reasons for doing this, but a
crucial one is that we want to remove our dependency on ax8, now that
we have decided not to try to fix our Alphas if they fail. This means
we are now keeping our fingers crossed that ax8 doesn't collapse, and
that we should try to get all the mail moved a.s.a.p.
Several people have been guinea-pigs for the use of the new mail
system for some time now, but to move everyone is non-trivial. Some of
the work has to be done by the software team, and some is best done by
users, although of course we will do any required hand-holding.
To run through the procedure quickly you need only follow the steps
in red and carry out the actions highlighted below in this text.
See summary.html.
A list of accounts can be gleaned from ax8 by typing ypcat passwd and saving
the results to a file. This data can then be copied into MS Excel where it can be
sorted (alphabetically, or otherwise) and not needed columns may be hidden.
An additional source information on ax8 about newly added accounts is rc's file
/usr/sysmgr/useracct/'new_user_accounts?'.txt
1) Creating your account on the new mail server:
Ask Tony for a password to your new account on our new mail server.
A new account will be created for you on the mail server using your
current username. You will be given a password for this account that
can, at the moment, only be changed by a member of the software
team. You will be able to use this password to access your email from
e.g. a remote Web browser, but you will not be able to login to the account
directly (the access is via imap, with security via ssl).
To create account:
ssh to pc21 as root
type "nnn username" to obtain users id (uic)
useradd -s /etc/rimapd -g mailusers -c "users full name" -d /mail/nnn nnn -u 275
To change password (from root@pc21 type):
"passwd nnn" User can input their own password at this point.
2) Moving your mail files to the new mail server:
You will need to copy over your mail files from your current account
to the new mail server.
e.g. for username "abc":
cp -r ~/mail /unix/mail/abc
(note: if you don't want to lose track of your mail or otherwise
confuse yourself it would be best to first understand all these
instructions and then carry them out at one time, without manipulating
your mail until you have finished.)
Direct access to your new mail server account:
From our local network only, you will be able to directly access your
directory structure on the new mail server via NFS. E.g. for user
"abc" it will be at /unix/mail/abc/... You will be able to use this
access to copy over your mail files from your current filestore to the
new mail server and to set up your ssh authorisation (see below). It
might also be useful for direct "grepping" or other manual
manipulation of your mail files.
3)Using a new version of pine:
To access the new mail server with pine, you will need to use a new
version of pine. For the time being our recommendation is for each
user to set an alias for "pine" pointing to this new version. Once
everyone has switched we will set the new version to be the default
and you will be reminded to remove the alias.
Set up to use the new version of pine:
The new version of pine is in /usr/bin/pine.
To set "pine" as an alias for this:
If you use bash you could edit ~/.bash_profile to contain the line:
alias pine="/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)
If you use tcsh you could edit ~/.login to contain the line:
alias pine "/usr/bin/pine"
(the positioning of this line doesn't matter, provided it is executed)
4) Setup pine to access mail on the new server:
Set your pine preferences so that pine looks for mail on the new
server via imap as follows:
From the main pine screen, choose "S" (SETUP), then "L" (collectionList).
Highlight the word "mail" and hit return to get the edit screen for the
main mail collection.
Fill in the "Nickname", "Server" and "Path" as follows:
Nickname : mail (was mail)
Server : mail.hep.ucl.ac.uk (was empty)
Path : mail (was mail)
View :
If you have other folder COLLECTIONS, highlight each in turn,
hitting return to get the edit screen for the collection. Fill in the
"Nickname", "Server" and "Path" with the appropriate name. E.g. for a
folder collection called "atlas":
Nickname : atlas
Server : mail.hep.ucl.ac.uk
Path : mail/atlas
View :
5) Transparent access to the mail server from pine via ssh:
You will be able to access your email on the new mail server via pine
without having to type a password by setting up for pine to use
ssh. To do this you will have to:
a) Generate a new ssh version2 key (from a node on linux HEP system, if you haven't already done so) with:
ssh-keygen -t dsa
(the type "dsa" implies a version2 ssh key)
You will be prompted for a passphrase (which can be longer than 8
characters and can contain spaces and other characters). It is VERY
IMPORTANT that you set a passphrase and don't override this,
and that you remember your passphrase and keep it safe.
(You may need to type this in every time you log in !)
A sub-directory ".ssh" will be automatically created in your home
directory (if you don't already have one), and your private and public
key files will be generated in it. These will be called id_dsa and
id_dsa.pub respectively (id_dsa will be readable only by you).
(Note that you will be able to use this public key to give you
transparent ssh access in other situations also; a separate memo is
being produced about this.)
b) Copy your public key (id_dsa.pub) to the mail server, placing it into
your ".ssh" directory and calling it "authorized_keys2":
mkdir /unix/mail/abc/.ssh
cp ~abc/.ssh/id_dsa.pub /unix/mail/abc/.ssh/authorized_keys2
c) tell pine to use ssh for remote shell access
edit .pinerc in your home directory. Find the line starting
"rsh-path=" and change it to: "rsh-path=/usr/bin/ssh".
d) Before running pine from a terminal window, type /usr/bin/ssh-add .ssh/id_dsa
(blue part above can be omitted as it is implied anyway)
You will then be prompted to type your ssh passphrase.
(This needs to be done once each time a new terminal window is opened
that you intend to run pine from.)
Then when you run pine and ask to view one of your mail folders that
have been moved to the new mail server, it should connect you
transparently (via ssh and imap), without need to type any password.
Gnome users may set this this up to run automatically at the beginning of,
and stay in force for the duration of each gnome session as follows:
Log in using gnome (not gnome failsafe though).
From your main menu, choose programs, settings, session,
session properties & startup programs.
Click on the startup programs tab.
Click add.
In the startup command box type /usr/bin/ssh-add .ssh/id_dsa
(blue part above can be omitted as it is implied anyway)
It's ok to leave the priority at 50.
click ok, then ok.
When you log out of gnome save session.
Every time you log into gnome you will now automatically be prompted to
type your ssh passphrase which will apply to, and allow transparent ssh
mailserver access for a pine session started in any subsequently opened windows.
6) Ask the software team to redirect your new mail / move your inbox to
the new mail server instead of ax8.
To move a users inbox from ax8 to new mail server (pc21):
Log into pc29 as root.
cd /var/spool/mail
mv nnn nnn.old (renames existing mail file inbox).
cp nnn.old /unix/mail/spool/nnn (moves inbox to new mail server)
(existing inbox is renamed .old in case any mail arrives before mail is
redirected as a new nnn inbox would be created in the current location,
thereby making any newly arrived mails easy to differentiate and pick up.)
chown nnn.mail /unix/mail/spool/nnn (change ownership to user=nnn
group=mail of newly created file tjh in spool directory on new mail server).
To redirect a users mail from ax8 to new mail server (pc21):
Log into ax8 as root.
cd var/yp
vi src/mail
change user's spec to "mail.hep" (see file for examples).
save & exit from vi
run "make" (from within var/yp directory).
(if directory has been set to var/yp/src then cd.. to go up to var/yp).
{An alternate, though not recommended way for a user to forward their
own mail is for them to create a ".forward" file in their own home
directory containing the line "nnn@mail.hep.ucl.ac.uk" or wherever
they may wish to forward their mail to.}
Once you are satisfied that you are set up to access mail on the new
mail server, and have copied across any mail that you wish to keep
there, you should let the software team know so that they can direct
new mail to the new mail server instead of ax8. When a member of the
software team has switched your new mail to go to the new mail server,
you will be able to access it by setting where pine looks for your inbox
in your pine preferences:
7) Setting where pine looks for your INBOX to the new mail server:
When the mail has been redirected you should change where pine will look for your
inbox in your pine preferences as follows:
From the main pine screen, type S for SETUP, then C for Config, and
edit the inbox-path line to:
inbox-path = {mail.hep.ucl.ac.uk} INBOX
(highlight the line, hit return to go to edit mode, add the text, and
hit return again to accept the change. Finally, type E to exit Setup.
when logging in using ssh, type ssh -A (agent)
When you have completed steps 1 to 7, you should be able to access
your mail via pine very much like you did before.
You may also, however, access your mail:
-- from pine on another system (e.g. a laptop), using ssh.
-- from any ssl-enabled imap client e.g. Netscape Communicator,
using your username and mail server password. (Tell the client to use
imap and ssl).
-- from any ssl-enabled Web browser, using the SquirrelMail utility on
the new mail server:
go to "https://mail.hep.ucl.ac.uk". You will be asked to accept a
security certificate (probably in a number of steps). Choose the
defaults to accept the certificate. You should then see a SquirrelMail
prompt screen in which you can login using your username
and mail server password.
Moreover your files will no longer be housed on the ageing and
vulnerable ax8!
Info: smtp server is still ax8.hep.ucl.ac.uk.