Il Sistema Operativo OpenVMSCMDA - Centralized Management with Delegated AdministrationDnsManagerListManagerMailboxManagerINSM - Integrated Network Services Manager

MailboxManager

DEMO


MailboxManager is the module for administrating one or more Electronic Mail domains, according to the CMDA model. In addition to the management of domains (creation, modification, cancellation of mailboxes and aliases), the system permits managing several important administrative functions such as mechanisms for blocking the Relay and the activation of the SW AntiVirus, and utility functions such as saving large attachments and converting them to files which can be downloaded via web.

The system is an extremely flexible management tool which may prove to be of particular interest for the organization of new CNR institutes, composed of a number of sections distributed around the country. Users from different sections who are already using their own e-mail server, may wish to maintain autonomy even after the formation of the new Institute. This choice could place serious limitations on the use of a single third-level domain of the type institute-acronym.cnr.it, making it necessary to introduce a fourth-level domain for each server (example: mi.xxx.cnr.it, rm.xxx.cnr.it) with a resulting loss of the simpler and more consistent view of the third-level address (xxx.cnr.it) and requiring an address change for the personnel who move from one section to another.

Distributing one Institute's mailboxes over several servers offers the advantage of having the server closer to the user, but presents the drawback of having to use an additional level in the email domain.

On the other hand, an advantage of centralizing service would be to have a single consistent third-level address, although the server will be remote for distributed sections of the Institute.

MailboxManager carries out the distribution of a single domain over various distributed servers thus getting both the aforementioned advantages:

  • activation of the mailbox on a geographically closer server
  • use of the same third-level address for all sections of an Institute

The system can be integrated with LDAP servers.

Architecture

MailboxManager is based on a master-slave type architecture which permits the distribution of a single domain on several servers.

For each domain MailboxManager allows the definition of one Master server and several Slave servers. Control of all the domain's functions occurs via Web, by means of accessing the HTTP server active on the Master with encrypted sessions. The operations towards the Slave servers are carried out via SSH sessions. The Slave servers do not require the activation of an http server, resulting in greater security.

Master and Slave are authoritative for the domain (with the exception of the databases of the mailbox database which is distributed among the servers).

Traffic distribution by means of MX records

The efficiency and flexibility of this solution is further demonstrated by the use of various MX records addressing the Master server and each Slave server.

For example, the definition of the MX record for the xxx.cnr.it domain with the mailboxes distributed among the Padua: mbx.pd.cnr.it (MASTER), Milan: mbx.mi.cnr.it (SLAVE) e Pisa: mbx.pi.cnr.it (SLAVE) would be:

 xxx.cnr.it.               MX 10                    mbx.pd.cnr.it.

                                MX 20                    mbx.mi.cnr.it.

                                MX 30                    mbx.pi.cnr.it.

The unavailability of any of the Master or Slave nodes has no effect on the service for those users whose mailboxes are defined on other active nodes, which continue to transmit/receive using the third-level domain xxx.cnr.it.

Description of the module

A domain can be subdivided into several administrative groups, based on the organizational requirements of the Institute (section of the Institute, research group, service, etc..).

The administrative structure can be divided into three levels:

  • supervisor for the control of all domains;
  • privileged administrators for the control of one or more administrative groups within the same domain;
  • non-privileged administrators for the control of one or more administrative groups within the same domain.

Management of mailboxes, aliases and addresses

The system manages the creation of POP or IMAP boxes.

The creation of a new mailbox can be carried out by merely using the fields Name, Surname, and Username. This operation is aided by various automatic functions :

  • automatic password generation;
  • conversion of strings containing special characters, such as apostrophes or accented letters, to a syntax compatible with the email addresses (RFC 2822);
  • automatic generation of three address levels name.surname@domain, initial_name.surname@ domain and surname@domain for each new personal mailbox;
  • addition of the new user to the group/section mailing list and to the general Institute mailing list. The lists are closed but the user can freely use one of his aliases in order to send a message to the list.

In any case, aliases be added to or removed from the addresses of the local mailboxes (by means of the alias management functions). With these functions it is also possible to create aliases with useful multiple destinations, for example when one wishes to set up a role address such as administration@domain, corresponding to several recipients.

Domain functions

Include:

  • activation/disactivation of controls on the origin of messages (useful as anti-spam filters)
  • anti-virus activation/ disactivation on incoming and outgoing messages
  • creation and control of global and Group/Section distribution lists with the possibility of (un)subscription of users via Web interface. The section lists will be distributed among the slave servers according to the group/section definition. In this way e-mail traffic between section members will remain confined to the section server.



    http://mx.isti.cnr.it/insm