Mail on Kestrel and Friends

1  Getting your mail

There are two methods for getting your mail on kestrel: (1) Login to kestrel and run your favorite mail program, such as mutt or vm inside of emacs; (2) Use fetchmail to download your mail from kestrel (which runs an IMAP server) to the computer on which you are working. Note that the old system of accessing kestrel's mail system via an NFS-mounted mail directory is being eliminated for various reasons.

To set up fetchmail, you need to create a file in your home directory named .fetchmailrc. It should look something like this (all in one long line):

poll kestrel.nmt.edu port PORT via localhost proto imap:
user USERNAME preconnect "ssh -C -f -L PORT:localhost:143
kestrel.nmt.edu sleep 5" flush;

Replace PORT with a randomly chosen number between 2000 and 10000 (the same number for both instances) and replace USERNAME with your user name on kestrel. This file should have restricted permissions, which you can set with the command

chmod go-rw .fetchmailrc

You can now download mail from kestrel by typing “fetchmail” on the command line. You will be asked for your password on kestrel every time you do this. Your mail will then be downloaded. You can add your password to the .fetchmailrc file (see the fetchmail man page), but this is not recommended for security reasons.

Notice that the .fetchmailrc file uses secure shell to tunnel through any firewalls that may be in the way. This means that you can download your email on kestrel to your laptop anywhere in the world.

If you are using the ice window manager, you can add this command to your toolbar by editing the file .icewm/toolbar and adding the line

prog Mail - xterm -ls -title 'fetchmail' -e /usr/local/bin/dofetchmail.sh

where USERNAME should be replaced by your user name as before. Clicking on this toolbar entry will pop up a text window which will ask for your password (unless you have included it in your .fetchmailrc file). Note: Your toolbar file may be a symbolic link, in which case you need to do the following: give the toolbar file some temporary name, copy the temporary file to “toolbar”, and finally delete the temporary file. You have now replaced the symbolic link with a real toolbar file, which you can edit. Your new toolbar entry will appear after you logout and log back in again.

When you have finished downloading your email, you can read it with your favorite mail reader.

Booby trap! After you have downloaded mail and read it, be sure to either delete it or save it in your home directory; don't leave it in the system directory. Otherwise, if you move to a different computer, you won't be able to access this mail! Also, don't leave it in the “mbox” folder in your home directory. This confuses the fetchmail/imap programs used to download your mail.

2  Getting rid of spam

You can use the spam filter “spamassassin” in conjunction with the “razor” data base to eliminate most spam. (The combination is at least 95% effective in eliminating spam, and has a virtually zero false alarm rate.) To do this you need to set up the file “.procmailrc” in your home directory. It should contain

:0fw: spamassassin.lock
* < 256000
| spamassassin

:0:
* ^X-Spam-Status: Yes
Mail/caughtspam

:0
* ^^rom[ ]
{
LOG="*** Dropped F off From_ header! Fixing up. "
:0 fhw
| sed -e '1s/^/F/'
}

Good news: You don't have to type this in! You can download it here , and rename it .procmailrc in your home directory.

Next you should set up access to the razor data base. Here is a note from the razor documentation:

“New Users of Razor: Razor requires you to be registered before you can report spam. For a user to setup an account with the Vipul's Razor spam-reporting system (highly recommended) simply run the following commands. The distributed and collaborative system that makes razor so useful relies on user reports.

razor-client [creates symbolic links]
razor-admin –create [creates the razor home]
razor-admin –register [registers an account]

If you intend to use Razor as an add-on to Spamassassin (a perl-based spam filter using text analysis), you do not need to change the default configuration of either programs. Spamassassin will automatically look for Razor and use it if available.”

Finally, you need to forward your mail to Spamassassin so that it can do its work. Do this by creating a file named “.forward” in your main directory containing

"| procmail -f-"

(The quotes should be included.)

Booby trap! Set up everything except for the .forward file and empty your mail queue in the usual way. Then create your .forward file and send yourself some mail. If it gets through, you are probably ok. If not, immediately remove the .forward file and seek help; something is wrong, and you will lose mail!

Now, when you download your email using fetchmail, you will notice that your computer becomes quite active for a while. Relax, it is working on sorting spam from ham. The spam doesn't disappear, it is simply stored in the mail folder “~/Mail/caughtspam”. If necessary, you can access this folder using your usual mail reader. More likely, you will simply want to delete this folder periodically as the spam builds up.

You can do your part to report to the razor database spam which slips by spamassassin. Simply save such spam in the mail folder ~/Mail/spam. Then, periodically run the shell script “rspam”. You will see your computer communicating with the data base. Sometimes the connection doesn't work, and you will see a failure message on the last line of the output. Just run rspam again in this case. The rspam shell script looks like

#!/bin/sh
#
# rspam – Report spam to razor.
#
razor-report -d -f ~/Mail/spam && rm ~/Mail/spam
touch ~/Mail/spam

3  Configuring the Exim4 program

This section is for system admins, not ordinary users, as it requires root access. Exim4 is the mail transport agent on kestrel and friends. In other words, when you hit “send”, it actually sends your mail; when you download new mail, exim4 is the program which received it from the Internet.

Kestrel is set up as a “smart host”; all mail to our group comes to kestrel, and all mail leaving our group is funneled through kestrel. Things are set up so that it will always appear to the outside world that your mail is coming from you@kestrel.nmt.edu, even if you send it on some other cooperating computer. This relaying function only works for computers on the second and third floors of Workman Center, or more precisely, the local networks 129.138.41.* and 129.138.42.*. Open relaying is asking for trouble, so we avoid it.

Booby trap! The password file we use has exim4 with a different UID than the default install. (Don't ask why!) Because of this, all parts of exim4 must be purged and reinstalled after using “munchpwd” to install our password file. Otherwise, it ends up with the wrong permissions to function. (There must be a better solution to this problem.)

3.1  Subsidiary machines

Setting up exim4 on subsidiary machines (i. e., all but kestrel) is simple. As root, run

dpkg-reconfigure exim4-config

in a terminal window. You will be asked a series of questions, the answers of which are as follows:

• Split config? No.
• General type? Choice 2 (smart host with local service).
• System mailname? kestrel.nmt.edu.
• IP address to listen on? Leave blank.
• Other locally recognized destinations? Leave blank.
• Machines to relay for? Leave blank.
• Name of smart host? kestrel.nmt.edu.
• Hide local mailname? No.
• Dial on demand? No.

That's it! The system will generate a new configuration file in /var/lib/exim4 and restart exim4.

One additional point: The file /etc/mailname should be edited or created to contain one line:

kestrel.nmt.edu

This helps exim4 be sure that your mail message From: and Reply to: fields point to kestrel, not your local machine.

3.2  Kestrel

To be added.

4  Setting up the IMAP server on kestrel

To be added.

This document was translated from L^AT_EX by H^EV^EA.