Mail server mnjk: Difference between revisions
Jump to navigation
Jump to search
(3 intermediate revisions by the same user not shown) | |||
Line 152: | Line 152: | ||
</ol> | </ol> | ||
==Install Postfix== | |||
== Install the Postfix MTA == | |||
'''''[https://www.youtube.com/watch?v=6VsgO5695Z4&feature=youtu.be Video Tutorial - Install Postfix MTA]''''' | |||
<ol> | |||
<li> Use a package manager to install the ''postfix'' package. | |||
* During the installation process select ''Internet Site'' as the type of mail server and set the domain name to ''*.itc2480.campus.ihitc.net'' where * is the hostname letter of your system.</li> | |||
: MTA software listens for incoming connections from other MTA servers on port 25 and accepts mail on behalf of users on the system. Once the mail is received it is stored locally for users to retrieve. The most common methods for storing messages is in an .mbox file, where all messages are stored in a single file, or in a Maildir, which is a directory where each message is stored in a separate file. The MTA also listens for connections from client software (MUA) and accepts outbound messages from them and forwards them on to the destination domain's mail server. Advanced configuration of MTA software can allow for anti-spam filtering, mailing list support or other programs to intercept and manipulate mail as it passes through the server. | |||
<li>Test the connection an verify the port is open</li> | |||
:* Use Telnet to connect to the Postfix SMTP server on port 25: '''telnet localhost 25''' | |||
: [[File:Lab9_open_telnet.png|link=https://wiki.ihitc.net/mediawiki/images/1/10/Lab9_open_telnet.png|500px]] | |||
: [[Media:Lab9_open_telnet.png | Click here for larger image]] | |||
:* Type '''quit''' and press enter after verifying Postfix is running. | |||
<li>Configure Maildir</li> | |||
: Because the Courier IMAP and POP3 server software only supports Maildir style message stores and Postfix stores in mbox files by default you must edit the ''/etc/postfix/main.cf'' file to fix this. | |||
:* Add the line | |||
:<pre>home_mailbox = Maildir/</pre> | |||
: Edit or add the ''mailbox_command'' parameter so there is nothing on the line after the equals sign, delete the portion of the line referencing procmail if it exists. The line should look like: | |||
:<pre>mailbox_command = </pre> | |||
<li> Restart the ''postfix'' service to apply your change. Postfix is now saving new incoming messages into the Maildir folder inside each user's home directory. This folder is automatically created by Postfix the first time a new message comes in for a user.</li> | |||
<li> Set your shell to recognize the maildir as your mail location</li> | |||
:* Edit the ''/etc/login.defs'' file and comment out the ''MAIL_DIR /var/mail'' line (place a # in front of the line) and add a line setting ''MAIL_FILE'' like this: | |||
<pre> | |||
#MAIL_DIR /var/mail | |||
MAIL_FILE Maildir/ | |||
</pre> | |||
:* Edit the ''/etc/pam.d/login'' file, find and comment out the ''session optional pam_mail.so standard'' line (place a # in front of the line) and add a line like this immediately below it: | |||
<pre> | |||
#session optional pam_mail.so standard | |||
session optional pam_mail.so dir=~/Maildir standard | |||
</pre> | |||
:* Edit the ''/etc/pam.d/su'' file, find and comment out the ''session optional pam_mail.so nopen'' line (place a # in front of the line) and add a line like this immediately below it: | |||
<pre> | |||
#session optional pam_mail.so nopen | |||
session optional pam_mail.so dir=~/Maildir nopen | |||
</pre> | |||
:* Edit the ''/etc/pam.d/sshd'' file, find and comment out the ''session optional pam_mail.so standard noenv'' line (place a # in front of the line) and add a line like this immediately below it: | |||
<pre> | |||
#session optional pam_mail.so standard noenv | |||
session optional pam_mail.so dir=~/Maildir standard | |||
</pre> | |||
:* Edit the ''/etc/profile'' file and at the end of the file add the line: <pre>export MAIL=~/Maildir</pre></li> | |||
<li> Test sending and receiving mail as a locally logged on user.</li> | |||
:* Install the ''mailutils'' package.</li> | |||
:* Try sending a message (replace username with your username): <pre>echo "This is my message" | mail -s "Email Subject" username@localhost</pre> | |||
:* Log out of your SSH session and open a new SSH session to apply the changes to the ''/etc/profile'' and ''/etc/login.defs'' files. | |||
:* Check to see if the message was received using the '''mail''' command, press ''q'' to return to the command line. | |||
:[[File:Lab9_cli_send_mail.png|link=https://wiki.ihitc.net/mediawiki/images/4/4f/Lab9_cli_send_mail.png|500px]] | |||
:[[Media:Lab9_cli_send_mail.png|Click here for a larger image]] | |||
: You should also be able to see the message in ''~/Maildir/'' in either the ''new/'' or ''cur/'' directory depending on whether you have viewed the message list yet or not. In either case, the message will appear as a text file with a random-looking name. It's just a text file so you can use '''cat''' or '''less''' to view it. | |||
<li> Create Aliases </li> | |||
: You can create aliases and forward mail between users by editing the ''/etc/aliases'' file and then running the '''newaliases''' program. | |||
:* Create an "alias" for ''sysadmin'' which forwards mail sent to sysadmin@localhost to your username | |||
:* Send a copy of all mail to the ''root'' account to your username | |||
: Now would be a good time to try logging on to Webmin again, re-scanning for modules and then taking a look at the Postfix module in the ''Servers'' section. | |||
<li>Explore the mail log file</li> | |||
: Take a look at your ''/var/log/mail.info'' log to see Postfix sending and receiving messages for users. | |||
</ol> | |||
== Install Courier MDA == | |||
'''''[https://www.youtube.com/watch?v=uvZlSiQHlxs&feature=youtu.be Video Tutorial - Install Courier MDA]''''' | |||
<ol> | |||
<li>Install required courier packages </li> | |||
: Most users prefer to retrieve mail from a mail server using an MDA protocol like POP3 or IMAP which can be provided by the Courier programs. Install the ''courier-pop'', ''courier-imap'', and ''fam'' packages. | |||
:* Do not create the directories for web-based administration as they are unneeded for our setup | |||
: Local users accessing their mailbox with MUA software can read and write to the .mbox file or Maildir directly. If a user not locally logged on to the system wants to access their mailbox the server runs MDA software which typically uses the POP3 or IMAP protocol for accessing the .mbox file or Maildir remotely. | |||
</ol> | |||
==Auto Reply Configuration== | ==Auto Reply Configuration== | ||
Line 183: | Line 251: | ||
<pre> | <pre> | ||
#!/bin/bash | #!/bin/bash | ||
find /home/ | find /home/ping/Maildir/cur -type f -mtime +7 -exec rm {} \; | ||
find /home/ | find /home/ping/Maildir/new -type f -mtime +7 -exec rm {} \; | ||
find /home/ | find /home/ping/Maildir/tmp -type f -mtime +7 -exec rm {} \; | ||
</pre> | </pre> | ||
:[[File:MAILSVR_emailflush_sh.png|link=https://wiki.ihitc.net/mediawiki/images/b/b5/MAILSVR_emailflush_sh.png|500px]] | :[[File:MAILSVR_emailflush_sh.png|link=https://wiki.ihitc.net/mediawiki/images/b/b5/MAILSVR_emailflush_sh.png|500px]] |
Latest revision as of 01:57, 16 April 2021
Introduction
- This section documents the creation of the Auto-Reply Mail Server. This section will likely be created by an instructor or administrator.
Mail Server Documentation
- Power on you Virtual machine
- This server may reside in the VMware ESXi or NetLab as long as the network configuration allows connection to the course VLAN and student VM's.
- Install Debian Linux
- Once the system has booted and is on the "Debian GNU/Linux installer menu" choose "Install" and not "Graphical Install". If you make an incorrect choice you can reboot your virtual machine (power off and on) before installing to get back to the menu.
- In the installer you will use the space bar to select and unselect "checkboxes", the tab key to move between fields and buttons, and the enter key to continue. You will be prompted for the following choices
- Select English as the language, United States as your location, and American English as the keymap.
- Set ens192 as your primary network interface.
- Set a hostname for the system to 2480 followed by a dash and then your pod ID letter, like 2480-Z for LSA Pod Z. If you have forgotten your pod ID letter look up at the top of your screen above the line with the "Topology" and "Linux Server" tabs and you should see a line with "LSA Pod" followed by a letter, that letter is your pod ID letter.
- Note: These steps are critical to future success in labs, check your spelling carefully
- Click here for a larger image
- Set the domain name to itc2480.campus.ihitc.net
- Set the root password to something you will NOT FORGET, this is the administrator account, cisco might be a good choice for our purposes though that would not be secure for a system directly accessible from the Internet (we are protected by a firewall which you are bypassing via the VPN connection)
- Create a new user account by entering your name. The system will automatically use your first name (all lowercase) as the username and then you should set the password to another password you will not forget
- Select your timezone
- Choose "Guided - Use entire disk" as the partitioning method and select the sda drive and "All files in one partition" as the partitioning scheme, "Finish partitioning and write the changes to the disk", and then finally confirm you want to write the changes.
- You do not want to scan any other CDs or DVDs at this time.
- You want to select a mirror located close to you with good speed. Because your VM is actually running from the campus and is connected to the campus Internet connection a good option is "debian.uchicago.edu" with no http proxy.
- Choose whether you want to participate in the package usage survey, for our purposes either choice is just fine.
- On the software selection screen UNSELECT "Debian desktop environment" and "Print server" and make sure that "SSH server" and "Standard system utilities" are the only two selected options.
- Note: To select and unselect options move your cursor over the option and press the space bar.
- Choose that yes you want to install GRUB to the master boot record on the /dev/sda device.
- Complete the installation
- When the installation is complete you can select continue to "eject" the virtual CD and reboot into the new install
Install Basic Tools
- Install sudo from the command line using:
- Note: A good practice is to update your system before installing any packages, this should be completed using apt update, ensure to use sudo when not logged in as root.
apt update
apt install sudo
- For security purposes it is usually the case that you do not want to log in as the root user. Instead, best practice is to log in as a standard user and then execute specific commands that require root access with administrative privileges through the sudo program. The sudo program is not installed by default so after you have logged in to the root account enter apt update and press enter which will update the list of software available for installation and then apt install sudo and press enter to install the sudo software.
- Add sudo privileges to our standard user account.
adduser <username> sudo
- We now need to add our standard user account to the group which is allowed to have administrative access to do this enter the command sudo adduser <username> sudo and press enter, replacing <username> with the name of your standard user account (set during the setup process, probably your first name in lowercase). We'll learn more about these commands later in the course.
- Reboot system
shutdown -r now
- Reboot your system using the shutdown -r now command to apply the changes
- Log in as your standard user account, determine system IP address.
- Once you are logged in use the following command at the command line to determine the IP address of your system
ip address show
- Using the ip address show command will allow you to check the IP address of your system. The IP address should be something like 172.17.50.xxx and be an inet address on the ens192 adapter.
- Test sudo privileges
- Try running the same command as the administrator by typing sudo ip address show, you will need to enter in your password again when you run this command.
sudo ip address show
- Install open-vm-tools
- Run the sudo apt install open-vm-tools command to install the vmWare Tools. You will be prompted about several additional software packages required to be installed, type y and press enter to install the software.
sudo apt install open-vm-tools
- Install nmap
- Nmap is a tool we will learn more about later in the course but it will likely be used to check many of the labs for completion while working through the course. This course's labwork often builds upon the work you have done in previous labs. The self-check scripts are to assist you in ensuring you have not missed any critical steps in your work that would affect your success in subsequent labs.
- NOTE: Before we begin the installation of this tool it is important to remember that scanning a system is often seen as an attack against the system and should not be done unless you are the administrator of both the system that you are scanning from and the system you are scanning or have the explicit permission of the system administrator of those systems! In some areas people have been legally charged and prosecuted for scanning of systems which they are not authorized to do. You have been warned!
- At this time all you will be doing is installing the tool as it will be used to self-check your lab work to verify you are ready to move on to the next lab.
- Run the following command at the command line.
sudo apt install nmap
- Run the sudo apt install nmap command to install the nmap tool. You will be prompted about additional software packages required to be installed, type y and press enter to install the software.
- Exit from the local console
- To log out of the console type exit and press enter.
- Because your Debian Linux server is running as a virtual machine on a vmWare host system in order to achieve the best performance and driver integration we should install the vmWare Tools software package in your virtual machine.
Add User "Ping", Install Webmin
- Create a new user account ping using the adduser program
adduser ping
- Use the links browser or wget to download the DEB package file from www.webmin.com
- NOTE: Because this DEB file was downloaded directly instead of automatically by APT from a package repository the installation command is slightly different and some other commands such as apt show will not work.
- Install the package with apt install
apt install ./<filename.deb>
- Don't forget that installation of software must be done with system administrator permissions.
- Click for Larger Image
- NOTE: You can get similar information to what you can get with apt show from a DEB package file using the following command:
dpkg -I <filename>
- Notice the additional packages which are required by Webmin (dependencies) which will be downloaded and installed by apt from a repository in order to complete the installation.
- Open a web browser on your host system and visit https://xxx.xxx.xxx.xxx:10000 where your IP replaces xxx.xxx.xxx.xxx
- Login using your Debian username and password
- Explore the Webmin interface
Set Static IP Address
- An important first step is to learn how to diferenciate between network interfaces. Take a look at this site and this site to understand how network interface names in Debian 9 and later are identified.
- Set a static IP for your server
- Using your text editor of choice, open up the file /etc/network/interfaces
- Notice how it is currently set to dhcp for the ens192 interface.
- To set a static IP, you will need to change iface ens192 inet dhcp to iface ens192 inet static.
- Now, under the iface line you just edited, you will need to enter the address, netmask, and gateway for the static network.
- Reminder: it is common practice to indent (tab) static network configuration information in the interfaces file.
- * Now save the file, and exit your file editor.
- Apply your static IP address
- * Now we are going to apply the static IP change. Try using ip address show to view your active configuration now and you should see that your old address is still active.
- NOTE: You should only make network configuration changes when you have physical access to a machine. This way, if you mess up your configuration you will be able to fix it from a local console.' If you lose working SSH access to your system after making these changes you'll need to connect in through the NetLab console interface (which is equivalent to physical access) and find and correct your configuration issues.
- Using the ifdown and ifup command, we are going to restart the network interface, this step is required to apply the change.
- Click here for a larger image
- In a SSH terminal, run sudo ifdown ens192 && sudo ifup ens192. Notice the two && symbols. This tells the Linux shell that it should run the second command right after the first. If we do not define this, then we would be left with a machine that has its networking turned off.
sudo ifdown ens192 && sudo ifup ens192
- At this point, your machine should now be using a static address. You may receive an error message indicating that an address cannot be assigned which is related to your old DHCP address still being on the interface as well. Use ip address show to verify the new IP address is assigned to the interface.
- Verify the new static IP address
- Used a ping command from your local PC to try pinging both the old DHCP address as well as your new static address of your VM.
- Once you have verified the VM is responding on the new static IP address reboot the system to ensure the old DHCP address is removed by restarting your VM with sudo shutdown -r now Note you will lose your SSH connection because the IP your SSH session is connected to is no longer in use by your VM.
- Reconnect through SSH to your new IP address and verify it is now applied using the ip address show command.
allow-hotplug ens192 iface ens192 inet static address xxx.xxx.xxx.xxx netmask 255.255.255.0 gateway 172.17.50.1 dns-nameservers 172.17.139.11 172.17.139.111
DNS Section
- First you will need to install BIND. to install it, use the package manager to install bind9
- Open up /etc/bind/named.conf.options
- You will also need to replace 0.0.0.0 with 172.17.139.11 for outside DNS lookups to function correctly.
- Next, open up your interfaces file (/etc/network/interfaces).
- Change the dns server for the primary network interface to 127.0.0.1.
- In Webmin, go to Servers, then BIND DNS Server. Under Existing DNS Zones click on Create Master Zone and use the following settings:
Zone type: Forward (Names to Addresses) Domain name / Network: *.itc2480.campus.ihitc.net Records file: Automatic Master server: *.itc2480.campus.ihitc.net. Email address: root@ *.itc2480.campus.ihitc.net
- NOTE: the * stands for your system name, "automail" was used when setting the mail server up.
- To create our A record which points your domain to an IP address, click the Address button.
- For the Name enter @.
- In the address field enter your VM's static IP and click Create.
- Create an MX record for the domain which directs mail for your delegated domain to your system as well. (This will involve creating another A record for mail.*.itc2480.campus.ihitc.net as well).
- Make sure to apply the changes using the button in the top right that shows two arrows in a cricle.
- After applying the changes and rebooting everything should be working. just make sure to test it using the nslookup and dig commands.
Install the Postfix MTA
Video Tutorial - Install Postfix MTA
- Use a package manager to install the postfix package.
- During the installation process select Internet Site as the type of mail server and set the domain name to *.itc2480.campus.ihitc.net where * is the hostname letter of your system.
- MTA software listens for incoming connections from other MTA servers on port 25 and accepts mail on behalf of users on the system. Once the mail is received it is stored locally for users to retrieve. The most common methods for storing messages is in an .mbox file, where all messages are stored in a single file, or in a Maildir, which is a directory where each message is stored in a separate file. The MTA also listens for connections from client software (MUA) and accepts outbound messages from them and forwards them on to the destination domain's mail server. Advanced configuration of MTA software can allow for anti-spam filtering, mailing list support or other programs to intercept and manipulate mail as it passes through the server.
- Test the connection an verify the port is open
- Use Telnet to connect to the Postfix SMTP server on port 25: telnet localhost 25
- Click here for larger image
- Type quit and press enter after verifying Postfix is running.
- Configure Maildir
- Because the Courier IMAP and POP3 server software only supports Maildir style message stores and Postfix stores in mbox files by default you must edit the /etc/postfix/main.cf file to fix this.
- Add the line
home_mailbox = Maildir/
- Edit or add the mailbox_command parameter so there is nothing on the line after the equals sign, delete the portion of the line referencing procmail if it exists. The line should look like:
mailbox_command =
- Restart the postfix service to apply your change. Postfix is now saving new incoming messages into the Maildir folder inside each user's home directory. This folder is automatically created by Postfix the first time a new message comes in for a user.
- Set your shell to recognize the maildir as your mail location
- Edit the /etc/login.defs file and comment out the MAIL_DIR /var/mail line (place a # in front of the line) and add a line setting MAIL_FILE like this:
- Edit the /etc/pam.d/login file, find and comment out the session optional pam_mail.so standard line (place a # in front of the line) and add a line like this immediately below it:
- Edit the /etc/pam.d/su file, find and comment out the session optional pam_mail.so nopen line (place a # in front of the line) and add a line like this immediately below it:
- Edit the /etc/pam.d/sshd file, find and comment out the session optional pam_mail.so standard noenv line (place a # in front of the line) and add a line like this immediately below it:
- Edit the /etc/profile file and at the end of the file add the line:
export MAIL=~/Maildir
- Edit the /etc/profile file and at the end of the file add the line:
- Test sending and receiving mail as a locally logged on user.
- Install the mailutils package.
- Try sending a message (replace username with your username):
echo "This is my message" | mail -s "Email Subject" username@localhost
- Log out of your SSH session and open a new SSH session to apply the changes to the /etc/profile and /etc/login.defs files.
- Check to see if the message was received using the mail command, press q to return to the command line.
- Click here for a larger image
- You should also be able to see the message in ~/Maildir/ in either the new/ or cur/ directory depending on whether you have viewed the message list yet or not. In either case, the message will appear as a text file with a random-looking name. It's just a text file so you can use cat or less to view it.
- Create Aliases
- You can create aliases and forward mail between users by editing the /etc/aliases file and then running the newaliases program.
- Create an "alias" for sysadmin which forwards mail sent to sysadmin@localhost to your username
- Send a copy of all mail to the root account to your username
- Now would be a good time to try logging on to Webmin again, re-scanning for modules and then taking a look at the Postfix module in the Servers section.
- Explore the mail log file
- Take a look at your /var/log/mail.info log to see Postfix sending and receiving messages for users.
#MAIL_DIR /var/mail MAIL_FILE Maildir/
#session optional pam_mail.so standard session optional pam_mail.so dir=~/Maildir standard
#session optional pam_mail.so nopen session optional pam_mail.so dir=~/Maildir nopen
#session optional pam_mail.so standard noenv session optional pam_mail.so dir=~/Maildir standard
Install Courier MDA
Video Tutorial - Install Courier MDA
- Install required courier packages
- Most users prefer to retrieve mail from a mail server using an MDA protocol like POP3 or IMAP which can be provided by the Courier programs. Install the courier-pop, courier-imap, and fam packages.
- Do not create the directories for web-based administration as they are unneeded for our setup
- Local users accessing their mailbox with MUA software can read and write to the .mbox file or Maildir directly. If a user not locally logged on to the system wants to access their mailbox the server runs MDA software which typically uses the POP3 or IMAP protocol for accessing the .mbox file or Maildir remotely.
Auto Reply Configuration
- Install vacation
- Vacation is a Linux package that will auto-respond to received emails for the receiving users.
- Run the vacation program in the profile you wish to set up the reply message from
- Follow the prompts, for now reply with the default answer (Y)
- Edit the vacation.msg file
- Click for a larger image
- Enter the message that you would like to have in the auto-response.
- Set the response to auto mail every message
- The default response is every one week to send an auto-reply, for our use it is important to reply to every email.
- NOTE: It is important to understand this command sets the auto-reply delay. Using the -r 0 sets the vacation program to reply to EVERY message it receives. In a production environment, this is not recommended as it can create mail loops.
- Test your reply message from the CLI mailutils package or the MTA chosen to use on client computers
sudo apt install vacation
vacation
nano vacation.msg
vacation -i -r 0
Auto Maildir Clean Up
- Create script to delete emails older than 45 days
- NOTE: The script must be owned by root and executable. Additionally, the crontab must be created with sudo priviledges
sudo nano <scriptname.sh>
- Make executable
sudo chmod +x <sciptname.sh>
- Create a crontab job
sudo crontab -e
- NOTE: the astricks at the start of the following command are respective to the scheduling of time. A good additional resource for cron can be found at Vitux. Each astrik represents [Minute] [hour] [Day_of_the_Month] [Month_of_the_Year] [Day_of_the_Week]
- Add the following line to the chrontab file to schedule the job at 8PM every day.
#!/bin/bash find /home/ping/Maildir/cur -type f -mtime +7 -exec rm {} \; find /home/ping/Maildir/new -type f -mtime +7 -exec rm {} \; find /home/ping/Maildir/tmp -type f -mtime +7 -exec rm {} \;
* 20 * * * * /home/ping/scriptname.sh