Policy for managed mail domain escape routes ============================================ Managed mail domain escape routes are mail domains that are known only to ppswitch, and are used to route email to a mail server in a department or college which handles a subset of the institution's addresses; the bulk of the addresses are handled by the managed mail domain system. This document proposes a formalized policy to govern their administration. "G14: Rules for administering a mail domain" includes a section on subdomains within an institution, stating that we will normally only interface with the management of the mail domain that covers the institution (department, college, or the equivalent) as a whole. This rule has also been followed by us (informally) in the setup of escape routes. The other rule that we have applied is the general rule that an institution may have only one mail domain. This coupled with a desire to minimise the amount of email admin required by institutional COs who may not have much experience with it is the reason for providing the escape route facility. Proposed policy --------------- The managed mail domain system is intended for institutions for whom the Computing Service's email facilities are sufficient. However there are occasional requirements for special email facilities in an institution which go beyond what the CS provides. There are two ways in which this can be accommodated: (1) All email for the domain can be handled by an email server in the institution via a "special route", which replaces the managed mail domain. This server must be run according to the rules in leaflet G14. The computing service's mail support team can provide advice about the setup of such a server, and assistance with migrating from a managed mail domain. (2) If special facilities are only required for a few addresses, for example a support request tracker, then we can set up an "escape route" which allows certain addresses in a managed mail domain to be redirected to a mail server in the institution. In this situation, most email for the institution is still be handled by the managed mail domain, with user accounts provided by Hermes. Many of the rules listed in G14 apply to escape routes, though some of the rules are accommodated by the institution's managed mail domain. For example, the requirements for MX records in the DNS and a "postmaster" contact address are handled by the managed mail domain system, so they don't apply to escape routes. Like mail domains, escape routes may only be requested by an institution's computer officer, and their purpose must be in the interest of the institution as a whole. For example, escape routes for personal machines are not permitted. The proliferation of escape routes is strongly discouraged; in general at most one is allowed per managed mail domain. Escape routes should only handle a few addresses; if the server is handling a significant proportion of the addresses for the domain, it should instead take over the domain properly via a special route. An escape route is an internal mechanism for routing email within ppswitch. Escape route addresses are only valid inside managed mail domain aliases files, and must not be used in other contexts or allowed to leak out. For example, if St Botolph's College has a support ticket tracker running on the machine mail.botolph.cam.ac.uk, it may use the escape route facility to direct email to to . The former address is valid globally, but the latter is not; "from" or "reply-to" addresses on messages that refer to the ticket system must use the public address, not the internal escape route address. PPswitch enforces this restriction. The foregoing applies to permanent arrangements. Escape routes can also be useful for testing purposes, or as part of a migration to or from a managed mail domain. In these cases the arrangement must be temporary, and by the end of the period the institution's email arrangements should have been normalized according to the policy for long-term setups. $Cambridge: hermes/doc/misc/escape-routes.txt,v 1.7 2006/02/20 17:49:43 fanf2 Exp $