Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Host shared across sites

2 views
Skip to first unread message

T.D...@durham.ac.uk

unread,
Jul 15, 1991, 11:04:57 AM7/15/91
to
Durham and Newcastle run as basically independent sites, but with
close co-operation. Each site runs integrated e-mail through its
own mail hub.

a. In all outgoing e-mail at each site, the "From:" field is re-signed:
was: use...@uk.ac.XXX.machine
becomes: na...@uk.ac.XXX

For example this message:
was: cl...@uk.ac.durham.mts
becomes: T.D...@uk.ac.durham

b. All incoming e-mail is delivered according to the inverse of this.
For example, a message to "T.D...@uk.ac.durham" is delivered to
"cl...@uk.ac.durham.mts".

All this is handled by the "dbm" facility of the IDA sendmail kit
on the hubs, using an inbound and an outbound table derived from a
central register of all e-mail users.

But we have recently obtained a host (uk.ac.ncl.tuda) to support users
at both sites, and a significant number of users of each site will use
this as their primary, or even only, e-mail host. We want to set up
this host and/or the hubs so that e-mail can be handled correctly.

We can already handle incoming mail; it arrives at the hub at the user's
site which delivers it to the shared machine (uk.ac.ncl.tuda) according
to "b" above; this works across the sites.

The problem is with outbound e-mail. How can this be handled?

a. Ideally, the sendmail configuration on the shared machine would send
mail to the hub at the user's site. But how can sendmail (even with
IDA) be set up to do this?

b. The shared machine sends all mail to a fixed hub, say at Newcastle,
which then re-signs it. By a few changes to the IDA-sendmail
configuration on the hub, it could re-sign mail:

dx...@uk.ac.ncl.tuda --> Durham....@uk.ac.durham
ny...@uk.ac.ncl.tuda --> Newcastle...@uk.ac.newcastle

But this has the drawback that sites doing a check on the
"From:" field will find mail signed from a Durham user has actually
come from a Newcastle address.

My preference is the former. But how can we achieve it?
And if we are forced to the latter, how significant a problem will
it be in practice?

(If anyone from the "PP" world is watching, you too may wish to
address this problem. At Durham we are planning to replace our
current "sendmail" hub with a PP one when PP gets sufficient
functionality, at its next release. We could contemplate using
PP on the shared machine at Newcastle. But it will be some time
before the Newcastle hub becomes PP.)


: David Lee Computer Centre :
: University of Durham :
: Phone: +44 91 374 2882 (ddi) South Road :
: Fax: +44 91 374 3741 Durham :
: ARPA: T.D...@durham.ac.uk U.K. :
: JANET: T.D...@uk.ac.durham :

Andrew Findlay

unread,
Jul 15, 1991, 11:30:01 AM7/15/91
to
|The problem is with outbound e-mail. How can this be handled?
|
|a. Ideally, the sendmail configuration on the shared machine would send
| mail to the hub at the user's site. But how can sendmail (even with
| IDA) be set up to do this?

Very difficult. You would be routing on the *sender* where mail is
generally routed on the *recipient*

|b. The shared machine sends all mail to a fixed hub, say at Newcastle,
| which then re-signs it. By a few changes to the IDA-sendmail
| configuration on the hub, it could re-sign mail:
|
| dx...@uk.ac.ncl.tuda --> Durham....@uk.ac.durham
| ny...@uk.ac.ncl.tuda --> Newcastle...@uk.ac.newcastle
|
| But this has the drawback that sites doing a check on the
| "From:" field will find mail signed from a Durham user has actually
| come from a Newcastle address.

No problem. All sites that use Application Relays in the NRS get the
same effect. The From: and Sender: headers say one thing, but the
network address is something else. Taking an example from Brunel: an
on-campus company `ahl.co.uk' might send mail to a JANET site via our
mailhub. The headers show `ahl.co.uk' but the mail is injected onto
JANET from `uk.ac.brunel'

You may need to inform gateway managers (e.g. ukc and nsfnet-relay)
that mail will sometimes come `from' one site, `via' the other.

|(If anyone from the "PP" world is watching, you too may wish to
|address this problem. At Durham we are planning to replace our
|current "sendmail" hub with a PP one when PP gets sufficient
|functionality, at its next release. We could contemplate using
|PP on the shared machine at Newcastle. But it will be some time
|before the Newcastle hub becomes PP.)

PP can do similar things. It is possible for one PP to handle many
domains.

Andrew

--

---------------------------------------------------------------------
| From Andrew Findlay at Brunel University, Uxbridge, UB8 3PH, UK |
| Andrew....@brunel.ac.uk phone: +44 895 74000 x2512 |
---------------------------------------------------------------------

Jem Taylor

unread,
Jul 15, 1991, 11:30:28 AM7/15/91
to
| But we have recently obtained a host (uk.ac.ncl.tuda) to support users
| at both sites, and a significant number of users of each site will use
| this as their primary, or even only, e-mail host. We want to set up
| this host and/or the hubs so that e-mail can be handled correctly.
|
| We can already handle incoming mail; it arrives at the hub at the user's
| site which delivers it to the shared machine (uk.ac.ncl.tuda) according
| to "b" above; this works across the sites.
|
| The problem is with outbound e-mail. How can this be handled?
|
| a. Ideally, the sendmail configuration on the shared machine would send
| mail to the hub at the user's site. But how can sendmail (even with
| IDA) be set up to do this?
|
| b. The shared machine sends all mail to a fixed hub, say at Newcastle,
| which then re-signs it. By a few changes to the IDA-sendmail
| configuration on the hub, it could re-sign mail:
|
| dx...@uk.ac.ncl.tuda --> Durham....@uk.ac.durham
| ny...@uk.ac.ncl.tuda --> Newcastle...@uk.ac.newcastle

There is a basic problem here, regardless of which MTA (pp/sendmail/whatever) you
use. If you can distinguish ALL your users, from both sites, by looking only at
the username - as you suggest in (b) - then you have a single domain space. You could
in principle merge the user databases from the two sites and have a common namespace called
NewHam or DurCastle. If not - if you could potentially have two users called dxyn4 (or
whatever you call your users) - then it is not at all clear how the users will be able to share
this machine. One day you will have two users - one from Newcastle, the other from Durham -
both wanting to use 'tuda' and having the same username.

Have you a (management-level) mechanism to prevent this? If you have - fine, if not - forget it.

If you have, you need not sign mail seperately between Durham and Newcastle. You can sign it
all Durham-Newcastle.ac.uk* and make the two hubs mirrors of one another, with the concomitant
reduction in complexity and increase in reliability through redundancy. It then doesn't matter
which hub 'tuda' sends the mail on to. Tuda could be one of a set of hubs, all mirror copies
of one another.

-jem.


* newcastle.ac.uk and durham.ac.uk would both have ARs pointing to durham-newcastle.ac.uk

Neil Rickert

unread,
Jul 15, 1991, 1:54:50 PM7/15/91
to
In article <emu-ov07.1991.0...@uk.ac.dur.mts> T.D...@durham.ac.uk writes:
>a. Ideally, the sendmail configuration on the shared machine would send
> mail to the hub at the user's site. But how can sendmail (even with
> IDA) be set up to do this?

Not very difficult. The distributed IDA configuration package already
has support for sending to a particular mailer/host pair, based on a
dbm lookup of the hostname in MAILERTABLE. You need to do something similar,
only simpler since you don't need multi-level lookups. When consulting the
dbm table, just use '$&f' as the lookup key. The only caution would be that
there will be times when '$&f' evaluates to the null string, and you will
need to be able to handle this case. (This happens when rebuilding the
alias database, when parsing the sender address, and when processing an
SMTP command such as 'EXPN' or 'VRFY' before a 'MAIL From' command has
been given). You should note, however, that the value returned by
'$&f' has not been tokenized. Unless it is null, it will be a single token,
regardless of whether it contains '.' or '@'. In the cases that concern
you, this should not be a problem, since '$&f' should match the user
login name on your system.

>b. The shared machine sends all mail to a fixed hub, say at Newcastle,
> which then re-signs it. By a few changes to the IDA-sendmail
> configuration on the hub, it could re-sign mail:
>
> dx...@uk.ac.ncl.tuda --> Durham....@uk.ac.durham
> ny...@uk.ac.ncl.tuda --> Newcastle...@uk.ac.newcastle
>
> But this has the drawback that sites doing a check on the
> "From:" field will find mail signed from a Durham user has actually
> come from a Newcastle address.

This is certainly the simpler approach, and the one I would recommend. I
don't see your 'drawback' as being real. We regularly see mail in which
the host on the SMTP envelope, the host on the 'From:' line, and the
host from which the message was received, are all distinct. That is what
mail relaying is all about. Any mail system which can not handle that is
fundamentally broken.


--
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=
Neil W. Rickert, Computer Science <ric...@cs.niu.edu>
Northern Illinois Univ.
DeKalb, IL 60115 +1-815-753-6940

0 new messages