Overview of sic!mail

Sicmail consists of a number of (open source) components written by others, and quite a substantial amount of glue between. A lot of thought has gone into choosing the feature set and implementing it in an appropriate manner.

Design principles

Most basically, of course, sicmail should be able to send and recieve mail in a safe manner.

Chalmers, being a university, has a very distributed environment, where every department is more-or-less autonomous. Sicmail must handle this, letting sysadmins control their respective domains without being able to control others'.

Although Chalmers is split this way, there is a centrally managed Kerberos cell, which means that each user on campus has a campus-wide username (called a CID) and password. Having email addresses at more than one domain is common.

Users are also demanding, and should have a rich set of features for their mail accounts, including (but not limited to) automatic filtering, virus/spam-filtering, vacation autoresponses and personal maillists.

There must also, because of the scale, be a way of managing who may change what. This must be possible without more than occasional intervention by sicmail staff.


The following image tries to explain what's happening.

Mail flow through

Incoming email enter the system through one or more email-addresses (to the left). It is delivered to one or more mail accounts (to the right) and/or email addresses external to this mail server (below), possibly through a maillist (center).

All spam/virus/filtering is performed inside the mail account boxes to the right, using each mail account's respective settings.

Important things to notice:

The next question is who may do what. The rules are:

Implementation details

All this configuration is stored in a MySQL database. To make the interface friendlier, and to implement the access control rules above, a network enabled configuration daemon (speaking a text command protocol) acts as a frontend to the database.

This configuration server is called sicmail. It is implemented in a framework called graal, and is often referred to by that name. For power-users, you can talk directly to this daemon and issue commands over SSL. There is a client which makes this a bit friendlier, which can be downloaded from this server.

If you do not want to download that client, you can use which is a web interface directly into the graal server.

For end users, however, the web application is much friendlier, being graphical and reasonably beginner-friendly. It also speaks to the graal server in the back-end.