a new mailing list infrastructure at cern ruben gaspar aparicio michel christaller & ruben...
TRANSCRIPT
A new Mailing List A new Mailing List infrastructure at CERNinfrastructure at CERN
Ruben Gaspar AparicioRuben Gaspar Aparicio
Michel Christaller & Ruben Leivas LedoMichel Christaller & Ruben Leivas LedoIT - Internet Services Group IT - Internet Services Group CERNCERN
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
ScheduleSchedule
What is Listbox?What is Listbox? A bit of historyA bit of history New service architecture and New service architecture and
designdesign Externals & External ListsExternals & External Lists ConclusionsConclusions
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
What is ListboxWhat is Listbox
Listbox is the Mailing list service at CERNListbox is the Mailing list service at CERN– It includes the Mailing list editor (It includes the Mailing list editor (
http://simba.cern.chhttp://simba.cern.ch) and the mailing list archive ) and the mailing list archive web siteweb site
NumbersNumbers– 3,300 lists3,300 lists– Active lists: 350 per day, 800 per weekActive lists: 350 per day, 800 per week– 8 Gb of web archives, 8 Gb of web archives, with access controlwith access control– 60 users per list (avg), up to 6,000 users per list 60 users per list (avg), up to 6,000 users per list
(max)(max)– 15,000 CERN users15,000 CERN users– 35,000 addresses-without-CERN-account35,000 addresses-without-CERN-account– 1,500 list owners1,500 list owners– Traffic: 2,000 (in) / 45,000 (out) messages Traffic: 2,000 (in) / 45,000 (out) messages
distributed in 24 hours (avg)distributed in 24 hours (avg)
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
List propertiesList properties
Name of the list (email address)Name of the list (email address) OwnersOwners MembersMembers DescriptionDescription Subscription and unsubscription policiesSubscription and unsubscription policies Posting restrictions Posting restrictions Moderation Moderation Message size limitMessage size limit An Archive may exist + authorization settingsAn Archive may exist + authorization settings Delivery policy Delivery policy AliasAlias
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Listbox4.cern.chSUN computer
Old ServiceOld Service
SMTPGateways
Simba (ApacheWeb interface)
MajordomoSendmail
Mhonarc(Web archive)
List definitions(file system)
AFSFile System
HRPeople
database
LDAP
CCDBAccounts database
Externalinternet
MailboxStores
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Motivations for Motivations for renewalrenewal
10 years of home grown software10 years of home grown software High maintenance costHigh maintenance cost
– Dedicated team and special skills necessaryDedicated team and special skills necessary– Single computer, non scalable architectureSingle computer, non scalable architecture
Service sometimes overloaded, delivery delaysService sometimes overloaded, delivery delays– Flat file database, AFS and LDAP dependenciesFlat file database, AFS and LDAP dependencies
Difficult “mirroring” of flat files for majordomo and Difficult “mirroring” of flat files for majordomo and ldap repository for SIMBAldap repository for SIMBA
– Archiving problemsArchiving problems– Little monitoring and alarms (requires human Little monitoring and alarms (requires human
monitoring)monitoring) Missing functionalitiesMissing functionalities
– anti-spam, anti-virus, anti-flood, expiration, invalid anti-spam, anti-virus, anti-flood, expiration, invalid recipients removal, web archive management by recipients removal, web archive management by owner, …owner, …
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Exchange Infrastructure
New ServiceNew Service
External Lists
HRPeople
database
CCDBAccounts database
List definitions(Active Directory)
Mail Distribution
Public Folders(Web archive)
Simba (ASP.NETWeb interface)
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
New Listbox New Listbox infrastructureinfrastructure
Infrastructure shared with Mail ServiceInfrastructure shared with Mail Service All machines Windows 2000/2003, Exchange 2000/2003, Dual Xeon All machines Windows 2000/2003, Exchange 2000/2003, Dual Xeon
2.0Ghz, Hyperthreading on, 1 Gbit/s network card2.0Ghz, Hyperthreading on, 1 Gbit/s network card Public foldersPublic folders
– 2x 4U servers, 4GB memory. Mainly List’s Archives2x 4U servers, 4GB memory. Mainly List’s Archives– Databases are replicatedDatabases are replicated
Front End ServersFront End Servers– 4x 2U servers, 2GB memory. IMAP, POP, MAPI over HTTP and HTTP 4x 2U servers, 2GB memory. IMAP, POP, MAPI over HTTP and HTTP
(webmail) gateway (webmail) gateway Store ServersStore Servers
– 12x 4U servers, 3-4GB memory, 2 SRCU32 Intel RAID controllers with 12x 4U servers, 3-4GB memory, 2 SRCU32 Intel RAID controllers with each 1xRAID1 (2x70GB/SCSI), 1xRAID5 (3x120GB/SCSI). each 1xRAID1 (2x70GB/SCSI), 1xRAID5 (3x120GB/SCSI).
SMTP GatewaysSMTP Gateways– 6x6x 2U servers, 2GB memory. Windows Load Balancing, Symantec 2U servers, 2GB memory. Windows Load Balancing, Symantec
Antivirus for Exchange and CERN made C# Protocol Event SinkAntivirus for Exchange and CERN made C# Protocol Event Sink Spam Content filtering servers (CERN SpamKiller)Spam Content filtering servers (CERN SpamKiller)
– 4x 2U servers, 2GB memory. 4x 2U servers, 2GB memory.
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
New Listbox designNew Listbox design
User Objects User Objects (CERN accounts or Externals)(CERN accounts or Externals)
Global security groups Global security groups – OwnersOwners– MembersMembers
List ~ Public Folder with email @List ~ Public Folder with email @– Message sent to the PFMessage sent to the PF
Restriction on who can send messagesRestriction on who can send messages Restriction on message size Restriction on message size Forwards to the group of members, possible delivery in the Forwards to the group of members, possible delivery in the
folderfolder– Web archive through OWAWeb archive through OWA– Archive PermissionsArchive Permissions
Owners Owners EditorEditor Members Members Non Editing AuthorsNon Editing Authors Owners can have more freedom for Owners can have more freedom for managingmanaging the archive. the archive.
– delete and modify possibledelete and modify possible
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Archive access from Archive access from OutlookOutlook
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
From users perspectiveFrom users perspective
Almost the same interface for Almost the same interface for managing listsmanaging lists
No change in email addressesNo change in email addresses Almost the same functionalitiesAlmost the same functionalities What was changed :What was changed :
– Bounced mail goes to sender instead Bounced mail goes to sender instead of ownersof owners
– No more Majordomo mail commandsNo more Majordomo mail commandsEvery subscription must be authenticatedEvery subscription must be authenticated
– No more AFS archives / AFS listsNo more AFS archives / AFS listsWEBDAV access / External lists web serviceWEBDAV access / External lists web service
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
CERN External AccountsCERN External Accounts
People without a CERN mail account can People without a CERN mail account can register into Listboxregister into Listbox
Implemented as special user accounts with a Implemented as special user accounts with a mail addressmail address
Access restricted to Access restricted to – SIMBA interfaceSIMBA interface– Web archives (OWA)Web archives (OWA)
With a group policy which denies access from the With a group policy which denies access from the network / logon locally on all CERN computers but a network / logon locally on all CERN computers but a few serversfew servers
Logon with the mail address Logon with the mail address (userPrincipalName property)(userPrincipalName property)
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
CERN External CERN External AccountsAccounts
Account is created Account is created disableddisabled when address is when address is inserted in a listinserted in a list
Account must be validated with a mail responseAccount must be validated with a mail response Unused accounts are reclaimedUnused accounts are reclaimed
– MemberOf propertyMemberOf property– altrecipientBLaltrecipientBL
Web interface to manage account properties Web interface to manage account properties (validation, password.. ) (validation, password.. ) http://cern.ch/externalswebhttp://cern.ch/externalsweb
External Accounts can be reused by other CERN External Accounts can be reused by other CERN Services Services
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
External’s notificationExternal’s notification
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
External ListsExternal Lists
Replaces AFS listsReplaces AFS lists Membership is provided through Membership is provided through
a web service as a filea web service as a file Email addresses are extracted Email addresses are extracted
and matched to user objectsand matched to user objects Web interface shows the Web interface shows the
original file content (retains original file content (retains comments)comments)
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
DEMODEMOhttp://simba.cern.ch/http://simba.cern.ch/
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Simba web siteSimba web site
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Owners ViewOwners View
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Members ViewMembers View
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
Web archiveWeb archive
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
ConclusionConclusion
New Listbox integrated with new Mail infrastructure deployed New Listbox integrated with new Mail infrastructure deployed at CERN last yearat CERN last year
Benefits fromBenefits from– Infrastructure redundancyInfrastructure redundancy– Antivirus Antivirus – SPAM fightSPAM fight– Flood controlFlood control– Integrated Web archiveIntegrated Web archive– Integrated repository : Active DirectoryIntegrated repository : Active Directory
Smooth migration undergoingSmooth migration undergoing– New interface in production (combines search on the old-new New interface in production (combines search on the old-new
system)system)– 450 lists already in the new system450 lists already in the new system– shorter time in delivery for list in the new systemshorter time in delivery for list in the new system
Owners will have more functionality (manage archives, Owners will have more functionality (manage archives, add/delete in bulk)add/delete in bulk)
Less SPAM hassle for owners (bounces, subscription)Less SPAM hassle for owners (bounces, subscription)
HEPIX – October 2004HEPIX – October 2004
CERN Mail Service
QuestionsQuestions