SMTP Server: lamont.ldeo.columbia.edu
Email services are offered to students, faculty and staff of Lamont-Doherty Earth Observatory of Columbia University.The service includes automatic backups of mail stored on our servers, support for secure protocols for sending and retrieving mail, client configuration help, and spam-filtering.
The mail server called lamont.ldeo.columbia.edu will authenticate (check your ID and password) senders of outbound mail, to guard against abuse of the mail server by email viruses and spammers. This is called authenticated SMTP, and its use is required when you send mail from a location outside LDEO to a location outside LDEO.
Purpose: These changes will make it possible for more email clients to relay mail (send mail via an outside ISP to an outside email address using the Lamont mail server), and put us closer to Columbia's email policy (still allowing room for our particular needs).
IMPORTANT: No changes are needed to read mail, but if you use Netscape, Mulberry, or Eudora for PC as an email client, you *may* have to make changes before you can send mail at all. Please read on.
How you will be affected by the changes to the Lamont Mail Server depend on your email client, and the preferences you have set up. No changes are needed to read mail. You must make any required changes for sending mail after Sunday, November 24, 8:00 PM, not before. Instructions for known LDEO email clients follow.
Question: I don't care about security. Is there anything I have to do so mail still works?
Answer: Yes, you must do something in order to *send* mail in the following cases:
If you use Netscape, you must fill in the SMTP username in preferences if you haven't already. This is preferences (4.7x) and "mail and newsgroup preferences" (6 and 7).
If you use Mulberry and configured to use the "CRAM-MD5" method for SMTP Authentication, you must change this to "Plain Text".
If you use Eudora for windows, and set "Authentication style" to "CRAM-MD5", you must change this to "Passwords". If you previously loaded a Certificate into Eudora, you must load the new certificate into Eudora by a circuitous process, or turn off "Secure Sockets" everywhere.
In all other email clients we tried, things should still work. For more on each client see below.
Email Clients
- dtmail (CDE mail tool)
No changes are necessary. Relaying is moot since all clients are at LDEO.
- Entourage for Mac
No changes are necessary.
You can't relay at all now. To relay after the change:
Entourage->Tools->Accounts->Edit-> <your account>(in the "Edit Account" window, "Receiving mail" section)
Account ID: <your LDEO email username>
IMAP server: lamont.ldeo.columbia.edu
Password: <your LDEO email password>
Save password in my MacOS keychain <you must check this>
(in the "Edit Account" window, "Sending mail" section)
SMTP: server: lamont.ldeo.columbia.edu
Click here for advanced receiving options <click this>
SMTP server requires authentication <check this>
Log on using <click this>
Account ID: <your LDEO email username>
Password: <your LDEO email password>
Save password in my MacOS keychain <you must check this>
Quit Entourage and restart it.
You can now relay mail. This is INSECURE. Your password is sent in clear text over the net. Secure mail (SSL) looks like it works from the check boxes available, but it does not. We cannot guarantee that mail relaying will work with Entourage in the future.
- Eudora 4.0
No changes are necessary, but...
Please upgrade to Eudora 5.2 so you can do relaying securely. Exception: secure relaying is not possible for Eudora 5.2 on Mac OSX.
- Eudora 5.1/5.2 for Macintosh
If you don't relay mail and you don't use IMAP, no changesare necessary.
Under the old system, relaying mail was automatically secure. Relaying will continue to work under the new system, but insecurely. Please make the following changes so relaying remains secure. Exception: secure relaying is not possible for Eudora 5.2 on Mac OSX.
The following presumes you are using IMAP, not POP. You must use the same "login name" for both sending and receiving mail. To relay after the change:
Eudora->Special->Settings
Sending Mail (on the left of the Settings window, you may have to
scroll to see this) <click this>
SMTP Server: lamont.ldeo.columbia.edu
Allow authorization <check this>
Eudora->Special->Settings
SSL (on the left of the Settings window, you may have to
scroll to see this) <click this>
SSL for SMTP: Required (TLS)
SSL for IMAP: Required (TLS)
OK <click this>
Quit Eudora and restart it.
- Eudora 5.1/5.2 for Macintosh OSX
Under the old system, relaying mail was automatically secure. Relaying will continue to work under the new system, but insecurely. Secure relaying is not possible for Eudora on Mac OSX. Watch for a new release of Mac OSX Eudora that supports SMTP+SSL (equivalent to secure relaying).
- Eudora 5.1/5.2 for Windows
If you don't relay mail and you don't use IMAP, no changes are necessary. If you previously set up for relaying you must make the following changes before sending mail. The following presumes you are using IMAP, not POP. You must use the same "login name" for both sending and receiving mail. If you are using Norton AntiVirus 2002 and are configured to check outgoing mail, you will need to disable this feature first.
Eudora->Tools->Options->
Getting Started (on the left of the Settings window, you may have to scroll to see this) <click this>
SMTP Server (Outgoing): lamont.ldeo.columbia.edu
Allow authentication <check this>
Eudora->Tools->Options->
Incoming Mail (on the left of the Settings window, you may have to scroll to see this) <click this>
Server configuration: Should already be IMAP
Authentication style: Passwords
Eudora->Tools->Options->
Checking Mail (on the left of the Settings window, you may have to scroll to see this) <click this>
Mail Server: lamont.ldeo.columbia.edu
Login Name: <your LDEO email username>
Secure Sockets when Receiving: Required, Alternate Port
Eudora->Tools->Options->
Sending Mail (on the left of the Settings window, you may have to scroll to see this) <click this>
SMTP server: lamont.ldeo.columbia.edu
Allow authentication: <check this>
Secure Sockets when Sending: Required, STARTTLS
You will have to install the new LDEO certificate. Send a test email. It should fail with an error message that starts "SSL Negotiation Failed: Certificate Error: [etc...]"
Tools->Options: <select this>
Last SSL Info: <click this>
(Eudora SSL Certificate Information Manager window comes up)
Certificate Information Manager button: <click this>
(find the US,NY,...LDEO-SMTP,lamont.ldeo.columbia.edu... certificate under Server Certificates))
click the lamont.ldeo.columbia.edu certificate to highlight
Add to Trusted: <click this>
You can now relay (and read) mail securely.
- Mac OSX 10.1 Mail 1.1
If you don't relay mail and you don't use IMAP, no changesare necessary. To relay mail securely (you should already be using IMAP):
Mail->Preferences->accounts->Edit->Account Information tab
Account Type: Imap Account email address: <your email address, e.g., somebody@ldeo.columbia.edu>
full name: <your real name>
Host name: lamont.ldeo.columbia.edu
User name: <your LDEO email username>
Password: <leave blank>
SMTP host: lamont.ldeo.columbia.edu
Use authentication when sending mail: <click this>
SMTP User name: <your LDEO email username>
SMTP Password: <leave blank>
Account options tab -> Use SSL: <check this>
Connect to server using port: <should say 993>
- Mac OSX 10.1 Mail 1.q
If you don't relay mail and you don't use IMAP, no changes are necessary.
To relay mail securely (you should already be using IMAP):
Mail->Preferences->accounts->Edit->Account Information tab
Account Type: Imap Account
email address: <your email address, e.g., somebody@ldeo.columbia.edu>
Incoming Mail server: lamont.ldeo.columbia.edu
full name: <your real name>
User name: <your LDEO email username>
Password: <leave blank>
Add Server->Outgoing Mail Server: lamont.ldeo.columbia.edu
Server port: 25
Use Secure Sockets Layer (SSL): <click this>
Authentication drop-down menu->Password <select this>
User name: <your LDEO email username>
Password: <leave blank>
Advanced tab -> Use SSL: <check this>
Connect to server using port: <should say 993>
Authentication drop-down menu->Password <select this>
OK: <click this
- Mulberry (2.08 and later) for Mac
If you configured Mulberry to use the "CRAM-MD5" method for SMTP Authentication, you need to change this to "Plain Text" before you can send mail.
File->Preferences
Advanced (button on the right): <select this>
Accounts (button on the left)-> <select this>
Account pull-down menu->SMTP
Server: lamont.ldeo.columbia.edu
Method pull-down menu->Plain Text
User ID: <your LDEO email username>
Save User ID: <check this>
Save Password: <recommend *not* to check this>
Secure pull-down menu: TLSv1
Match User ID amd Password: <click this>
OK: <click this>
- Mulberry (2.08 and later) for Windows
If you configured Mulberry to use the "CRAM-MD5" method for SMTP Authentication, you need to change this to "Plain Text" before you can send mail.
File->Preferences
Advanced (button on the right): <select this>
Accounts (button on the left)-> <select this>
Account pull-down menu->SMTP
Server: lamont.ldeo.columbia.edu
Method pull-down menu->Plain Text
User ID: <your LDEO email username>
Save User ID: <check this>
Save Password: <recommend *not* to check this>
Simple (button on the right): <select this>
OK: <click this>
- Netscape 4.7x for Mac/Windows/Unix
If you didn't enter "Outgoing mail server username:" in the "Mail Servers" Preferences, you need to do this before you can send mail.
Edit->Preferences
Mail & Newsgroups (on left)-><click triangle to expand if not already done>
Mail Servers: <select this>
Outgoing mail (SMTP) Server: lamont.ldeo.columbia.edu
Outgoing mail server user name: <your LDEO email username>
Use Secure Socket Layer (SSL) or TLS for outgoing messages: <select "If Possible">
OK: <click this>
Quit Netscape and restart it.
