Author: Arto Teräs
Status: Draft, version 0.91
Date: 2004-11-08
Configuring the mail server properly is the task of the local admin at each site, with the help of university IT staff. It should be possible to send emails from the cluster front end and the administration server. Receiving email at the cluster is not necessary, because the cluster is not intended to be used for personal email accounts. However, mail should be configured so that bounces (return mails when sending mail from the cluster to a non-existing address) are treated properly.
The default firewall settings in both cluster front-end and admin server block inbound access to the SMTP port (port 25) for security reasons. Local admins may optionally open access from a specific ip in order to receive mail from another mail server acting as a smarthost (see below), but do NOT open access to the whole world.
The default mail server in Rocks is postfix and we suggest keeping that setting. There are basically two alternatives on configuring the email: sending outbound mail directly or using a smarthost. They are both briefly described below.
The default configuration in Rocks is to send outbound mail directly, so in this case you don't need to change the local mail server settings in any way. However, you will need to configure some other machine to receive mail adressed to the cluster front end and administration server. This could be your lab mail server (if you have one) or the university mail server. Ask your university IT staff for more details.
The cluster front end is not intended to be used for personal email accounts so a perfectly reasonable setup would be to redirect all incoming mail to *@your_cluster_name.your_domain.fi and *@your_admin_server_name.your_domain.fi to the local administrator mailbox.
Note that access from the cluster to port 25 in the outside world needs to be enabled in the university wide firewall. In some universities, outbound access to port 25 is blocked by default for security reasons.
Delivering outbound mail via another server acting as a smarthost is another common configuration. To configure postfix to use a smarthost for sending mail, you need to add one line to /etc/postfix/main.cf:
relayhost = your.smtp.host.name (your.smtp.host.name = smtp1.csc.fi in case of CSC)
You will also need to configure the smarthost machine to accept relaying email originating from the cluster front-end and administration server. You will also need to either configure some machine to receive mail adressed to the cluster front end and administration server, as in Option 1. You may also configure the smarthost to send received mail back to the front-end and admin server.
The decision on whether to use a smarthost or send outbound mail directly should be done depending on local university policy, ask the IT staff what they recommend.
One thing to consider when making the decision might be the consequences in the unfortunate situation that the front-end is broken into and used for spamming. Naturally we'll do our best to prevent this but it should always be prepared for. If you send outbound mail directly, only the cluster itself should get blacklisted, but if you use the university wide mail server as a smarthost, blacklist maintainers might add the whole university domain in the lists.
If you want to rewrite the addresses so that the part after the @ sign is not the full host name, you can use options masquerade_classes and masquerade_domains:
masquerade_classes = envelope_sender, header_sender masquerade_domains = your.domain
At CSC we rewrite addresses so that all mails appear to come directly from csc.fi. In this way we don't need to do any extra configuration in order to receive mail properly, when the same user names are used both in the cluster and other CSC computers.
2004-11-08 Version 0.91. Added a note about compute nodes and testing. (AJT)
2004-11-04 Version 0.9. Initial published version. (AJT)