Using e-mail

These notes are relevant to e-mail users on Linux and Windows. We assume that you are familiar with the general concepts of sending and receiving e-mail.  The HEP group maintains its own mail server, which is based on Exim. All mail from outside the group which is addressed to user@hep.phy.cam.ac.uk will be directed to mail.hep.phy.cam.ac.uk. Also, this server will forward all mail not addressed to local recipients on to the campus mail switch (ppsw.cam.ac.uk) for it to deal with.

Note that to protect against the use of our mail server as a relay (which is what spammers like to use to flood the network with mails), we do not accept unauthenticated mail from addresses outside the HEP network. Authenticated mail can be sent to our mail server from an external mail client, but this may not be able to use the default port 25, as in practice most ISPs block traffic directed to this port as a protection against spam. Hence to get round this issue, we will accept traffic from alternative ports. Also a mechanism does exist to create a ssh tunnel into the mail server and send mail from your client via that route. See towards the bottom of this page for some notes on the various options.

See the bottom of this page for a brief discussion of @cam.ac.uk addresses.

There are many programs which can be used to read and send e-mail. The most widely used programs within the HEP group are probably Alpine or Thunderbird.

Due to the increased number of multi-part mail messages (attachments) Thunderbird (Linux or Windows) is becoming increasingly attractive as an e-mail reader with Alpine being used where something lighter is required or where only a simple terminal or terminal emulator is available.

Mail servers

Mail servers were conceived as a way of allowing people who move frequently between different locations to always have access to their mail folders. To achieve this, mail folders are kept on a central server which the e-mail reader can access transparently (i.e. the folders appear to be local) over the network using some standard protocol. A popular protocol in widespread use at present is IMAP4 and this is integrated into the Alpine and Thunderbird mail clients. Within the HEP group, mail.hep.phy.cam.ac.uk (currently aliased to pciv.hep.phy.cam.ac.uk) has been configured as an IMAP4 mail server.

Secure vs. insecure connections

The mail server supports IMAPS as well as IMAP connections. In general, we strongly recommend that you use secure IMAP, especially if you are connecting from outside Cambridge. The latest versions of Alpine and Thunderbird support secure connections. For the first Thunderbird connection, you will be asked to accept the certificate that I've created - you should do so. Pine/Alpine should not ask about this - the Linux PCs should have been set up correctly for the certificate to be accepted automatically.

Setting up alpine

There shouldn't be much to do here as the system-wide configuration files take care of setting up reasonable options. The system default is to read mail via the IMAP4 service on mail.hep.phy.cam.ac.uk. This can be overridden by user preferences if desired.

When using IMAP, pine/alpine asks for your login ID and password. This is the login ID and password on the IMAP mail server. Pine/Alpine automatically tries to use your local userid as your userid on the IMAP server. In a few rare cases this may not be correct. You can specify the userid to use in the pine/alpine setup where you can use the syntax

  • inbox={mail.hep.phy.cam.ac.uk:993/ssl/user=yourname}INBOX
  • folder-collections={mail.hep.phy.cam.ac.uk/user=yourname}mail/[]

instead of

  • inbox={mail.hep.phy.cam.ac.uk:993/ssl}INBOX
  • folder-collections={mail.hep.phy.cam.ac.uk}mail/[]

Setting up Thunderbird

On both Windows and Linux Thunderbird 31 is now in use.

On Windows you should find that the important account settings to use with the HEP IMAP and SMTP server are set for you and cannot be changed. As a convenience, we have also defined address book connections to the HEP directory server, the University directory server (also accessible via Lookup), and the CERN directory server. In the case of the CERN directory server you also need to set up an ssh tunnel to use it but this is beyond the scope of this topic (though there is some additional information below for the intrepid). Ask if you are interested.

The following description refers to the Linux version of Thunderbird. The user preferences dialogue may differ from the Windows version but the same sort of information is required.

If you use Thunderbird 31 on your own laptop you should probably ask for advice if you want to connect to the HEP servers as some additional settings to control new features may be required.

  • Select "Account Settings" from the edit menu.
  • Select "Add Account". Select "email account".
  • Add your name and email address.
  • Select IMAP as type of incoming server.
  • Set the following parameters:
    Parameter Value Example
    Incoming mail server server IP name mail.hep.phy.cam.ac.uk
    Outgoing mail (SMTP) server server IP name mail.hep.phy.cam.ac.uk
    Incoming username mail username wotton

When this is completed, there are some further settings that need to be changed.

  • Select "Server Settings" underneath the name of that account that you have just created.
  • Select either "TLS" or "SSL" checkboxes under secure settings to use a secure connection (TLS or SSL) for the Incoming mail server connection. If you tick one of these boxes, ensure that the port number is set to 143 for TLS or 993 for SSL. TLS is preferred as it is a more secure protocol - but the important thing is to select a secure mechanism.
  • Do NOT select "Move deleted messages into Trash". Instead change this to "Mark it as deleted".
  • Select "Advanced" and set the following parameters:
    Parameter Value Example
    IMAP server directory Leave blank - change from January 2011

You may select "Remember mail password" to avoid typing your password each time you start Thunderbird mail. In this context your mail password is your logon password on Linux.

It is perfectly OK to share a mail folder directory between Alpine and Thunderbird and this will allow you to switch easily between Alpine and Thunderbird if you choose to do so.

Similar settings can be used to read your mail on mail.hep.phy.cam.ac.uk while running Thunderbird locally at CERN but you may need to change the outgoing mail server to smtp.cern.ch and the local mail folder directories to something appropriate for your CERN account.

Additional notes for Thunderbird mail users

Having set up Thunderbird for reading mail as described above, the way to delete mail messages from a folder is to select the message, mark it for deletion using the "Delete" button then select "Compress folder" via the menu which pops up when you click the right hand mouse button.

Remember that you should NOT have selected "Move deleted messages into Trash" in the mail server configuration.

Thunderbird can generate mail in HTML format as well as plain text. You should remember, however, that some people do not read e-mail with an HTML-aware reader so you risk causing annoyance to the recipient if you send HTML formatted messages indiscriminately. The Thunderbird preferences allow you to control this behaviour.

Hint: Try sending a mail to yourself using Thunderbird and read it using Alpine.

Exim mail filters

The full details of  how to use the Exim mail filter mechanism is in the relevant part of the Exim manual. The filter is invoked by setting up your .forward file appropriately. As a simple example, to set up a spam filter you could have:

# Exim filter
if error_message then finish endif
if $h_X-Cam-SpamScore contains ssss then
save mail/spam
seen finish
endif

The first line tells the mailer to use the Exim filter mechanism. The rest of the filter sends mail with a spam score of 4 or more into a specific folder.

Read the manual to see all the possibilities offered by the filter mechanism.

Simple automatic vacation program

If you are away from your e-mail for a week or two, you may want to set things up so that an automatic reply, containing the message of your choice, is returned to the mail sender. To set this up, you can use the "vacation" mechanism which is part of the Exim filter (see previous section). The simplest example would be:

# Exim filter
vacation

which would send the contents of ~/.vacation.msg to the sender, but only once a week for a given sender. A more sophisticated version, such as:

# Exim filter
if personal alias john.smith@cern.ch
alias jcs1@cam.ac.uk
then
mail
to $reply_address
subject "Re: $h_subject:"
file $home/vacation/message
once $home/vacation/once
once_repeat 10d
endif

only sends your vacation message to personal (rather than mailing-list) messages. See here for more information.

Accessing your e-mail via a web broswer

The Squirrelmail web client has been set up to allow you to handle your mail on the HEP cluster via a browser interface - which has the advantage that you can send mail when you are anywhere in the world, without either having to set up for the local mail server or to negotiate firewalls to connect to the HEP server.

Go to https://www.hep.phy.cam.ac.uk/webmail/ to login. You can also go to http://www.hep.phy.cam.ac.uk/webmail/ but in this case the connection is insecure and so should not be used unless absolutely necessary (and then only on trusted networks).

Sending mail remotely to the mail server

As noted earlier we have to protect against our mail server being used as a spam relay. This means that mail sent to mail.hep.phy.cam.ac.uk from non-HEP clients has to be authenticated. Note that "non-HEP" in this context means anything not on the local wired network - hence eduroam and Lapwing are treated as "non-HEP" for this purpose. There is an additional complication: many ISPs block port 25 traffic other than to their local mail server. Hence sending mail to the HEP mail server from a remote site may require extra configuration:

  • Try using port 587 rather than port 25. Other settings should not need to change (you should be using STARTTLS with normal (rather than encrypted) password).
  • If this fails to connect, try changing to using SSL/TLS security for the connection, on port 465. Again the password should be unencrypted.

Note that although the password is unencrypted, the underlying connection is encrypted and so there shouldn't be a serious security issue.

An alternative mechanism is to set up a ssh tunnel to the mail server and direct your mail through that. In essence, if you issue the command:

ssh -v -N userid@mail.hep.phy.cam.ac.uk -L 2525:localhost:25

and then set up your mail client to send mail to localhost on port 2525, then mail can be sent via our mail server from any location. You don't have to use port 2525 - any unused port greater than 1024 should work.

@cam.ac.uk mail addresses

The University offers a generic mail address of the form <CRSID@cam.ac.uk>, where CRSID is the username you will be given for accounts on the UCS services (eg. Magpie, CUS, Hermes). All members of the University are normally given a CRSID when they first join, even if they don't use any of the UCS services. However, the @cam.ac.uk address does not imply a mailbox - users have to ensure that the address directs mail to a real mail server if they wish to use the address for mail (which is completely the choice of the user).

The University maintains a searchable database of @cam.ac.uk addresses. Due to the requirements of the Data Protection Act, individuals must opt-in to this database (you are normally asked when you request a UCS account). However, you may separately request that your @cam.ac.uk address sends mail to a mail server. The default is for this server to be Hermes. If you prefer, however, you can request that mail addressed to crsid@cam.ac.uk be directed to the HEP server (mail.hep.phy.cam.ac.uk).

Users who wish to take advantage of this should first ensure that they have a Raven account (see our Web server page for more discussion regarding the Raven service). They can then change the destination of your @cam.ac.uk mail to any valid server. This is now done via your lookup page (also see below) The old cammail interface still exists but is restricted to controlling whether your @cam.ac.uk address is world-readable.

University Lookup Service

The searchable database mentioned above contains certain personal details such as your phone number that you are responsible for maintaining yourself. It is up to you to choose whether this information is made available to others. Here is a summary of how to update your details:

  • Every user with a CRSID can edit their own personal page in the Lookup Service, adding their extension number and their email address. We have provided links to your Lookup Service page on each individual user's page. Go to http://www.hep.phy.cam.ac.uk/people/ and use the sidelinks to navigate to the appropriate page.
  • Click on the link "University lookup page" to display your Lookup Service personal page (at this point you may be required to authenticate yourself using Raven) and click on the EDIT button at the bottom of the LHS of the page. You will then be taken to the edit page.
  • To conform with the current use of forenames in the back of the Telephone Network Directory we would ask you to complete the Display name box with your full name as you would wish to be known including any titles. We will only print characters in the Latin Alphabet. If any other characters are used or the Display name is left blank then the Registered name will be used in the printed directory.
  • Under Phone Numbers you will note at least two boxes. Enter your telephone extension number in the first left-hand box. This can be entered in one of the following formats (though remember, Lookup can only generally be seen by University personnel).
    5-digit
    37722
    National
    01223 337722
    International
    +44 1223 337722
  • If you are proposing to enter more than one telephone number, click the "Add" button and put the additional number in the next left-hand box. If you are providing more than one telephone number then indicate in the appropriate right-hand box what that number represents (e.g. extension, mobile extension or home). You may wish to distinquish between a Departmental and College extension if you enter both of them.
  • In the Email Addresses box enter the email address that you would wish to appear in the directory. If you wish to add more than one email address then remember it will be the first one (preferred email address) that will appear in the directory
  • There is now also a field to set where your @cam.ac.uk mail is actually delivered (this is a new feature as from 28 May 2012).

The Lookup Service data can be used as an extra "Address book" in most e-mail clients. Windows Thunderbird users should find that this has been done for them. To set it up yourself, open the "Address Book" tool and navigate to File>New>LDAP directory and carefully enter the following connection data

In the General tab:

Name
CAM.AC.UK
Hostname
ldap.lookup.cam.ac.uk
Base DN
ou=people,o=University of Cambridge,dc=cam,dc=ac,dc=uk
Port number
636
Bind DN
Leave this blank
Use secure connection (SSL)
Select this

In the Advanced tab:

Scope
Subtree
Search filter
(objectclass=*)

Note the brackets are required in the filter box.

HEP directory service

We also have our own HEP directory service which can be added and used in a similar way. Use the following Thunderbird settings.

In the General tab:

Name
HEP.PHY.CAM.AC.UK
Hostname
ad.hep.phy.private.cam.ac.uk
Base DN
ou=HEP Users,dc=ad,dc=hep,dc=phy,dc=private,dc=cam,dc=ac,dc=uk
Port number
389
Bind DN
Leave this blank
Use secure connection (SSL)
Do not select this

In the Advanced tab:

Scope
Subtree
Search filter
(objectclass=*)

CERN directory service

Even more advanced users can integrate the CERN directory but this requires that you also set up an ssh tunnel to use it. Here are the addressbook settings you need:

In the General tab:

Name
CERN.CH
Hostname
localhost
Base DN
o=cern,c=ch
Port number
60389
Bind DN
Leave this blank
Use secure connection (SSL)
Do not select this

In the Advanced tab:

Scope
Subtree
Search filter
(objectclass=*)

Your ssh tunnel needs to forward port 60389 on the local machine to ldap.cern.ch:389 e.g.

ssh -N -o "LocalForward 60389 ldap.cern.ch:389" lxplus.cern.ch

You may also need to kinit user@CERN.CH before doing the above.

Steve Wotton or John Hill   Last update 2 August 2016