Adrian Midgley, GP, Exeter mailto:amidgley2@defoam.net
Version 1.4 - July 2005
Original 31 May 2002
How to setup email using SMTP in and out of a General Practice via the central NHS Net servers
The Cabinet Office has declared the NHS will follow other public organsations into eGIF which includes as its most visible change using Simple Mail Transfer Protocol (SMTP) for email and at last dumping the X.400 systems that have been so disappointing.
NHS Net has from early on contained the required elements for this to work, and early in 2002 developed the administrative will to permit them to be used by GPs.
Homefield Surgery has had email services since well before NHS Net, evaluated and discarded Exchange Server (as part of SBS) and X.400 and rejected them as solutions in this context and has migrated from mail accumuluted outside NHS Net and collected by POP3 to receiving mail by SMTP from the NHS Net main relay server. The system has proved reliable, flexible, low-maintenance and satisfactory in service.
SMTP has been extended since almost the beginning of the Internet, and only excruciating pedants call it eSMTP. What we use is eSMTP in case any doubt arises. Beware of extensions, since it is easy for a supplier to slip in another one and break compatibility with anyone else's software.
There has been an enormous amount of FUD spread about SMTP, particular points to note are that mail need not be relayed, it can be sent directly to its recipient's mail exchanger computer - provided that computer is not configured to only accept mail from a single other machine. The accusation that SMTP mail travels by a random path is really silly, each machine in a relay chain only sends to selected other relays, picked on a basis of mutual trust, this is in no wise less secure than X.400 relay chains and for the same reason.
Internally to NHS Net this is run by the NHSIA, and operated by part of BT or by Cable and Wireless depending on which part of the network you are on. Don't worry about it, what you need to do is to get a DNS entry that identifies your machine as the mail exchanger for your domain.
Supposing you are a General Practice with the identifier GP-F12345 your domain will be GP-F12345.nhs.uk
This is not case sensitive but for practices with an "L" in their identifier (one of the letters that should not be mixed with digits) it is worth using a capital to avoid mistakes.
Your email addresses therefore will be of the form absolutelyanyone@gp-f12345.nhs.uk and it is up to you to distribute the mail once it arrives, since all mail address to @ GP-F12345.nhs.uk will drop into your inbox. A bit like the paper mail does, and about as hard to decide what to do with it. Probably the best person to set up names and aliases is the post clerk since they will be accustomed to what you are all called.
dr.john.smith@GP-F12345.nhs.uk practice.nurse@GP-F12345.nhs.uk and so on. I'd suggest using pm for Practice Manager to reduce the amount of typing but your mileage may vary. Repeats and results may be useful addresses - no rush, once you control your domain you can add as many as you like, and route the mail to where you want.
These addresses almost pass the car-park test, but you could do better. If you are the City Wall Medical Practice then you might reasonably choose to be @citywall.nhs.uk @citywallGP.nhs.uk @citywall.chester.nhs.uk or whatever, and it is often possible to make a far more usable name. It would be a mistake of a commonly made type to acquire @jonesandsmith.nhs.uk since when Dr Brown joins whether or not he replaces Dr Smith you will have a problem. This is part of the reasoning behind the naming of the site currently relating to a PCT in Exeter as http://primary.exeter.nhs.uk since NHS organisations come and go whereas Exeter is unlikely to disappear and its residents will probably ontinue to have something identifiable as Primary Care.
Car Park test: After the meeting you pause in the car park to arrange to follow it up by email. You exchange email addresses. One which passes the car park test is easy to remember and doesn't require spelling out or writing. X.400 NHS Net addresses have rarely passed.
You require in the DNS a record pointing mail for your human readable address to the machine-readable address which will be a "dotted quad" like 172.90.90.90 You can obtain the IP number of your network from your network supplier (BT or C&W) or possibly from your local IT facilitator or engineers. You can actually work it out if necessary, see elsewhere. You will also need your SIN (Surgery Identification Number) to deal with BT and some equivalent if your supplier is C&W.
An important point is that the IP address given will be that of
your network, and this is not usable for an actual computer. The next
number in the sequence is the one that by convention is assigned to
your mail server. If you are wise and have NAT (Network Adress
Translation) enabled in your router, then that address is usually
assigned to a fixed address inside the network.
The convention I follow is to have the router assigned the last address in the
internal network (192.168.8.254 if your network is 192.168.8.0) and
to assign the mail server the next to last.
An alternative convention is to use the first address. This is used by Microsoft in their somewhat disappointing and complex Small business Server.
Outside NHS Net I use IP Masquerade, which I recommend to you, and here the SMTP Port which is
port 25 is mapped to whatever machine inside you decide upon, with
noticeably less information about your internal network being
revealed.
The Cisco router would assign your internal computers a random address from its pool in this case of three available addresses, thus allowing you to move to having three machines connected to the Web at any one time. Using your own mail server as described here allows you to use as many email addresses as you like, so you can have a reasonable service that way, but if more than three people need to use the external network at once then you need a router between your network and the Cisco router. Running IP Masquerade on this internal router means all your internal machines appear to be this one router. It makes excellent sense to place the mail server computer between the internal network and the external network, in what is referred to as the DMZ (de-militarized zone) where it would have an NHS Net address of its own, thus each practice would use two actual IP addresses, perhaps leaving a spare for the practice laptop or a machine in the out of hours centre.
Now I have ADSL but on ISDN I used to use a 486 with Freesco running and a terminal adapter, but for £100 you can have a hardware firewall, a little box that needs hardly any setting up and takes up minimal space, or you could acquire a copy of Smoothwall and run this on a PC with two or three network cards in it. Alternatively you could set up IP routing on the machine that is already in use as your mail server, which we are discussing in this document, but which would take us a little out of its scope and into slightly more complicated territory. I feel it is acceptable to combine Masquerade and mail service on one machine, given that we are all inside the NHS overall firewall, but others might regard the threats from internal networks in the NHS as excessive for that. I think most would agree that as long as no variety of Windows is being trusted as the barrier there is reasonable security.
This is the post-office program. Until 2005 we used VPOP3. This is the best choice for an installation on the various Microsoft windows operating systems. For several years the proportion of mail passing through Postfix systems on my networks has been increasing and this has now taken over from VPOP3. We also have Fetchmail; Procmail; Postfix available on the Linux installations and this may supplant the MS windows side. Open Source applications are more sustainable in the long run.
A variety of desktop email client programs are in use. MS Outlook is regarded as a major and wholly unnecessary security risk and avoided, however all parts of this system work with Outlook and anyone who insists on using Outlook can go ahead and do so. Outlook Express has been used but was eliminated in the 2003 reconfiguration. It uses Internet Explorer components which seems an unnecessary and excessive risk. Mozilla Thunderbird seems the best cross-platform mail client program just now, with Evolution offering some extra functions for the Linux machines.
VPOP3 is commercial, closed source, software from the British programmer Paul Smith. It is mature, economical and has widespread and good support as well as a large personal following among professionals in IT in the UK in their own businesses. You may reasonably expect to acquire and install and manage it on your own, but if you are worried or busy just buy the support you need. {ToDO insert link to other resellers}
I have managed mail on three networks (Practice; family; Local Medical Committee at http://www.devonlmc.org ) all of which have used the standard version of VPOP3. There is also an Enterprise version, which includes the IMAP4 protocol for handling mail. There are some advantages to this and if you are a large practice or a whole PCT then you should consider that version. Feel free to ask advice. The Enterprise version is good for hot-desking, however the webmail system included in the standard version is usable for this, and I find the POP3 protocol adequate.
Download VPOP3 1.5 or version 2 under the trial licence (30 days) from www.pscs.co.uk
VPOP3 comes as a self-extracting compressed executable file. Run this installer program on the machine you intend to handle mail on. In a small organisation this can be a heavily-used machine unless you have a great deal of email - as an example, one installation was on a 400MHz Pentium2 PC with 64MBytes of RAM which acted as a print-server for the network, the scanning station, and both a clinical system terminal and the main secretarial word-processing station. It also had a web-cam attached to it.
Read the readme file.
You need to set up a connection - and inmail and outmail. Both of the latter are SMTP.
| Setting | Value | Notes |
|---|---|---|
|
SMTP server |
relay.nhs.uk |
The PC you are using as your in house mail server must have an entry for a
Domain Name Server (DNS) in its network settings, or be told the
DNS address by the DHCP server on the network. |
|
POP3 Server |
Like post.freeserve.co.uk if you have and want to use an account there. |
If you have an email account external to NHS Net and want to collect yourmail from there as well, you can give the details in an inmail setting here. This is optional. It works very well but can then appear in NHS network logs. Encryption of anything private is sensible anyway. |
|
In connections |
relay.nhs.uk SMTP |
|
|
|
|
|
A knowledgebase and escalation through peer support to paid telephone help are vaialble - details T Knowledgebase etc
On each desktop mail client program (Pegasus, Outlook, Kmail etc.) start a new account and set it up for your VPOP3 installation or whatever other mail transfer agent you have chosen and installed - sendmail or Exim for instance. Note that you may add an account to the mail client you currently use, thus preserving any legacy arrangements you have, or you may install and use a second mail client on your desktop machine, thus separating the two services. You will require administrator privileges to install these programs on MS NT4; windows 2000; and XP. If your supplier has not provided administrator passwords now would be a good time to reprovision your IT support.
Assume you have installed VPOP3 on a machine with IP address 192.168.8.253 (substitute if it has a different address - mine does) and that you set up an account in VPOP3 with username Fred and password Blogg5
|
Type of account |
|
|
|---|---|---|
|
SMTP server |
192.168.8.253 |
Port 25 |
|
POP3 Server |
192.168.8.253 |
Port 110 |
|
Username |
Fred |
|
|
Password |
Blogg5 |
|
|
|
|
|
VPOP3 includes a directory server (LDAP) which can be used to hold the addressbook for email for the practice. Optionally set up an account for this, this can be done later and varies from mail client to mail client.
|
Type of account |
LDAP |
Notes |
|---|---|---|
|
LDAP server |
192.168.8.253 |
|
|
Port |
389 |
Some clients show it like 192.168.8.253:389 |
|
|
|
|
|
|
|
|
|
|
|
|
Try it out first with internal mail, and then external.
Open the VPOP3 settings menu and map external email names to your internal mailbox accounts where people may require to receive email addressed to several entities - for instance admin, prescriptions, practice manager and so on, then publish your addresses however you choose.
SMTP is specified in RFC 2821 now. RFC 821 got obsoleted in 2001.
RFC 2822 which covers details of message formatting obsoleted RFC822 which is commonly quoted as the type of email (in X.400 commands and references for instance)
http://www.faqs.org/rfcs/rfc2821.html
http://www.faqs.org/rfcs/rfc2822.html
{more to follow here}
In practice this doesn't seem to be a problem.
Given that links is really just a matter of moving a text file from one place to another you could expect it to work with bicycle messenger boys and floppy disks, never mind require some specific transport protocol.
When we get onto XML it may be different, for instance there may actually be use of some of the protocols like SOAP, but this changes so fast that any project taking more than 3 months to complete is doomed to failure.
All trademarks mentioned here are the property of their respective owners. Windows are gaps in a wall and windowing environments on computers antedate Microsoft, it is improbable that windows is a trademark, but this has been legally determined as far as I know at the date of writing only in Washington and if it is a trademark then it is acknowledged as a trademark of Microsoft Corporation. District Judge John Coughenour's judgement
Version 1.4 Comments and corrections and questions to Adrian Midgley amidgley2@defoam.net
July 2005