@device(PostScript) @make(Plan) @planhead(versiondate="14 August 1987", plansection="Section E.4.2", copyrightdate="1987", title="Electronic Mail Service", author="by R. Hoffmann, J. I. Schiller, and J. H. Saltzer") @Majorheading - No major development in a programming sense--uses mostly off-the-shelf components--but the overall configuration and operational strategy is not obvious. - ground rules: public workstations with no longterm memory; private workstations not necessarily available to receive mail at all times; scale of up to 15,000 users, needs to work with 5000 users immediately. - components: BSD 4.3 sendmail, MH/POP, Rmail. One general forwarding server, several post office servers. Uses Kerberos, Bind, Hesiod, Server Management System, NFS. - general addressing plan: all mail to, from, and among Athena participants carries the host address of "Athena.MIT.EDU"; every Athena participant has a unique name that is congruent to that person's Kerberos principal identifier (user name). Mailing lists administered by Athena are named from this same name space. - mechanics: one machine (a microvax II) advertises the address "Athena.MIT.EDU" to the outside world, and acts as a general purpose forwarder and header-processing engine. Every piece of mail, whether incoming, outgoing, or within Athena, goes first to Athena.MIT.EDU. The forwarder has a giant /usr/lib/aliases file with one entry for every Athena participant and also one entry for every Athena-administered mailing list. For individuals, the entry relates the person's user name to a post office that actually holds that person's arriving mail. For mailing lists, the entry relates the mailing list name to a list of electronic mail addresses. - post offices: each user is assigned to one post office, a server whose only function is to hold mail for pickup for some set of Athena participants. A workstation user runs some user mail interface such as mh, xmh, or rmail, which requests mail from the post office using a modified version of the ARPANET Post Office Protocol (POP). The modification is to require Kerberos authentication for the user. The workstation finds the right post office by asking Hesiod for a post office record that corresponds to the workstation user's name. - User mail storage: Once the user has picked up mail from the post office, it is the user's responsibility to provide storage for it. A user at a public workstation would probably configure the mail reading system to place mail in the user's private NFS locker. A user with a private workstation might instead store mail in a directory on the workstation. - Post office quotas: Before mail is picked up, it is the responsibility of the Post Office to provide storage. To keep the amount of storage used from getting out of hand in the face of electronic mailing lists that sometimes generate astonishing amounts of text, a limit on the amount of mail that any one user may accumulate before picking it up is needed. Rather than placing a single hard quota on every user (with the consequence that all mail coming in after the quota overflows is returned to its sender; that strategy makes life very difficult for mailing-list maintainers) mail is arbitrarily divided into two classes: explicitly addressed and mailing list addressed. When a user's queue of mail not yet picked up exceeds some threshold, a filter goes through that user's mail and replaces the text of the oldest mailing list message with a note explaining that the user is over quota and the text of this; message has been deleted. This policy has the advantage that all mail explicitly addressed to the user continues to be queued even if the user is over quota. - Relation to Service Management System. For each Athena participant, SMS keeps the authoritative record of the user's name and the user's assigned post office. It also maintains the authoritative record of contents for each Athena-administered mailing list. Once per day it uses this information to create a new copy of the /usr/lib/aliases file required by Athena.MIT.EDU and sends that file to the mail service administrator for review and installation.