On Mon, 26 Jan 1998, Terry W Rhodes wrote:
:
: I am looking for some info and input from those of
: you who have implemented a mail solution that
: delivers the users mail into a mailbox that
: resides in their AFS file space.
:
: We are running Solaris 2.5 and AFS 3.4a
:
: We are looking to replace our current "old"
: sendmail server and would like to get input on
: authenticated sendmail or some other solution that
: you might have implemented.
:
: All input would be appreciated.
:
: Thanks, Terry
At the University of Maryland we maintain two cells that do mail delivery
into AFS. One with 40,000 users and three external, and two internal
mailservers plus two imap/pop servers. It is the main login service for
campus. The other cell has 13,000 users, but supports alot of departments so
there are mailservers all over campus. The majority of those users are on
AFS but we also support about 2000 UFS/NFS clients. The majority of our
machines are running Solaris 2.5, but we also support most of what Transarc
supports, including NT, plus NetBSD and Linux. We think highly of Digital
Unix, our second most popular platform, though calling them Compaq's sound
wierd. Our current AFS releases are 3.4a.1197, and 3.4a.797.
We use the most current sendmail on all platforms. For mail delivery we use
a modified version of mail.local that comes with the sendmail release. We
also use the smrsh (restricted shell) for those programs that we allow to be
used in .forward files (filter procmail rcvstore sendmail slocal vacation).
We use the imap and pop servers from the imap-4.1-BETA release from the
University of Washington, that Marc Crispan maintains. This has the basic
AFS support.
We deliver mail directly into AFS. We have changed the users filespace a bit
from the norm. Each user has his own volume. In it are his "home", "mail",
and "pub" directories. The acls on these directories differ because of their
use. The "home" directory is private to the user, the "pub" directory is
open to the world, and is where the ftp server looks for /pub/$USER, and
where the httpd server looks for Welcome.html files. The "mail" directory is
private to the user and "system:postmaster". So sendmail needs to run
authenticated and get new tokens periodicaly. We use MIT Kerberos 4
based utilities here also. we wrote a program given a srvtab, will get a tgt
for a given principle instance pair, then get an AFS token from that. It
will renew itself at a given time interval. All this is run under a seperate
PAG. This works quite well.
(Ohh, there is also a .lli directory in the users volume. In it is stored
the users "network last login" information. It is stored in "htonl" format
so various machines can read it. It is similar to the usual lastlogin
information except it stores the local hostname as well. The hostname fields
are MAXHOSTNAMELEN long so you do not get those stupid cut off names like;
Last login Mon Jan 26 08:35 on pts/1 from shorty.csc.umd.e
Instead you would see something like;
On since Mon Jan 26 18:22 (EST) on kermit.dial.umd.edu:0.0 at bank.umd.edu
Currently /bin/login, xdm, and finger use this.)
We use AMD (the public autmounter) on all our platforms, and distribute the
maps with Hesiod (i.e. in the nameserver). The top of the users volume in
/users/$USER. Their home is /homes/$USER, pub /pub/$USER, and mail
/mail/$USER. For AFS users these are just links into afs space, for NFS
users these are mounts and link combinations. We have modified all the mail
programs to deliver into /mail/$USER. Sendmail looks for .forward files in
/mail/$USER as well as vacation, procmail, filter (elm), and slocal (mh) for
their .files and such. We have had to do a few things with these to make
sure the locking is consistant with AFS expectations. Slocal may have a
small problem still but it does not get as much use anymore, but it is on
the "todo" to look at.
One of the really nice things about AFS delivery is that if you run out of
horse power with one machine you can just and more machines. All you need to
do is start an athenticated sendmail and add that machine to the MX list for
the given addresses. I have this t-shirt from Transarc that has this quote
from Bucaroo Bonzie (sp?) "Where ever you go, there you are". This is very
true and AFS sendmail delivery is the epitamy of this. Of course www and
other services work the same way. If you are supporting different
departments with their own identities and servers, you can reduce a number
of mail server hops with in the cell. If a person from a different
department mails me, it gets delivered directly my their mail server. In the
past it would go to their server, then to my departmental server and maybe a
final server. We used to get these these clogs/delays in the middle of the
delay with mail trying to get from one local server to another. This no
longer occurs for AFS mail delivery within the cell. It also allows us to
have our general site mailservers act as backup (higher numbered preference)
MX servers for individual department servers. This also helps with peak load
conditions.
Overall our mail system works very well for its size.
Randall
