Franske ITC-2480 Mail Lab: Difference between revisions
BenFranske (talk | contribs) (use domains instead of IPs) |
BenFranske (talk | contribs) |
||
Line 52: | Line 52: | ||
# See if you can follow [https://wiki.debian.org/PostfixAndSASL these instructions] for setting up SASL with Postfix. | # See if you can follow [https://wiki.debian.org/PostfixAndSASL these instructions] for setting up SASL with Postfix. | ||
#* Note: You do not need to setup TLS to support SASL (more on that in the additional considerations section) | #* Note: You do not need to setup TLS to support SASL (more on that in the additional considerations section) | ||
# Now modify your MUA to use a username and password when connecting to your SMTP server and try sending mail to someone else's system from your MUA using a destination address like root@ | # Now modify your MUA to use a username and password when connecting to your SMTP server and try sending mail to someone else's system from your MUA using a destination address like root@*.itc2480.campus.ihitc.net where the * is replaced by the host letter of your system. | ||
# Troubleshoot as needed using the mail log files on your system. | # Troubleshoot as needed using the mail log files on your system. | ||
Revision as of 21:39, 26 October 2015
Introduction
In this lab you will setup a basic email server on your Debian Linux server including both MTA and MDA software.
The MTA to be installed is Postfix. MTA software listens for incoming connections from other MTA servers on port 25 and accepts mail on behalf of users on the system. Once the mail is received it is stored locally for users to retrieve. The most common methods for storing messages is in an .mbox file, where all messages are stored in a single file, or in a Maildir, which is a directory where each message is stored in a separate file. The MTA also listens for connections from client software (MUA) and accepts outbound messages from them and forwards them on to the destination domain's mail server. Advanced configuration of MTA software can allow for anti-spam filtering, mailing list support or other programs to intercept and manipulate mail as it passes through the server.
Local users accessing their mailbox with MUA software can read and write to the .mbox file or Maildir directly. If a user not locally logged on to the system wants to access their mailbox the server runs MDA software which typically uses the POP3 or IMAP protocol for accessing the .mbox file or Maildir remotely.
Lab Procedure
Prerequisites
- Open an SSH console to your Linux system using the PuTTY software, login with your standard user account
- Make sure that webmin is installed on your system.
- Get the username and domain name of someone else's system in the class who you can send mail to
- This lab requires that you have appropriate domain name records (at least a correct A and MX record) for your system working from the DNS lab before things will work.
Install the Postfix MTA
- Install the postfix package using a package management program
- During the installation process select "Internet Site" as the type of mailserver and set the domain name to "yourhostname.test"
- Use the telnet command to connect to your SMTP server on port 25 (telnet localhost 25)
- Type quit and press enter after verifying Postfix is running.
- Because the Courier IMAP and POP3 server software only supports Maildir style message stores and Postfix stores in mbox files by default you must edit the /etc/postfix/main.cf file to fix this. Add the line
home_mailbox = Maildir/
And edit the mailbox_command parameter so there is nothing on the line after the equals sign, delete the portion of the line referencing procmail if it exists. The line should look like:mailbox_command =
- Restart the postfix service to apply your change. Postfix is now saving new incoming messages into the Maildir folder inside each user's home directory. This folder is automatically created by Postfix the first time a new message comes in for a user.
- Set your shell to recognize the maildir as your mail location
- Edit the /etc/login.defs file and comment out the "MAIL_DIR /var/mail" line (place a # in front of the line) and add two lines setting QMAIL_DIR and MAIL_FILE like this:
#MAIL_DIR /var/mail QMAIL_DIR Maildir/ MAIL_FILE Maildir/
- Edit the /etc/profile file and add the line:
export MAIL=~/Maildir
- Test sending and receiving mail as a locally logged on user.
- Install the heirloom-mailx package.
- Try sending a message:
echo "This is my message" | mail -s "Email Subject" username@localhost
- Check to see if the message was received using the mail command, press q to return to the command line.
- You should also be able to see the message in ~/Maildir/ in either the new/ or cur/ directory depending on whether you have viewed the message list yet or not. In either case the message will appear as a text file with a random looking name. It's just a text file so you can use cat followed by the filename to view it.
- Create an "alias" for sysadmin which forwards mail to your username and send a copy of all mail to the root account to your username as well by editing the /etc/aliases file and then running the newalises program
- It might be a good time to try logging on to Webmin again, re-scanning for modules and then taking a look at the Postfix module in the "Servers" section.
- Take a look at your /var/log/mail.info log to see Postfix sending and receiving messages for users.
Install Courier MDA
- Most users prefer to retrieve mail from a mail server using an MDA protocol like POP3 or IMAP which can be provided by the Courier programs. Install the "courier-pop" and "courier-imap" packages.
- Do not create the directories for web-based administration as they are unneeded for our setup
- Install an email client (MUA) on your host system such as Mozilla Thunderbird
- Setup two user accounts in your MUA, the usernames and passwords should be the same as users and their passwords on your system. Use IMAP as the protocol for retrieving mail. The email address for each should be username@*.itc2480.campus.ihitc.net where the * is replaced by the host letter of your system. You can verify the IMAP and SMTP settings that are detected, both server addresses should be *.itc2480.campus.ihitc.net where the * is replaced by the host letter of your system.
- Try sending a message from one user to the other user by sending a message to the other account like username@localhost Verify that you can receive and read the messages.
- Note: If a user has not yet received any mail Postfix has not created a Maildir for the user and the courier software will send an error to the client software. Use the mail program explained above to send some mail to the user, see that the ~/Maildir is then created and try retrieving the messages again with your MUA.
Allow Remote Users to Send Mail
- Try setting up your MUA software to send mail by creating an SMTP server entry and sending an email to anotheruser@localhost This should work because localhost is your own server but if you try sending email to someuser@somedomain.com like root@ben.itc2480.campus.ihitc.net that will fail.
- The problem is you don't want just anyone to send mail through your mailserver (we did allow this in the olden days) because a spammer could then use your server to send mail worldwide and it would all trace back to the IP of your server, we call servers setup like this "open relays" because they relay mail for anyone and they are generally considered very bad practice and can get your mailserver on lists of servers to ignore all messages from. There are a number of ways to solve this. By default Postfix will only allow mail relaying from computers on the same network (based on IP) as set in the /etc/postfix/main.cf mynetworks parameter but this is inconvenient for remote users. The SASL protocol allows users to authenticate with a username and password before sending mail and then relay messages are accepted from them.
- See if you can follow these instructions for setting up SASL with Postfix.
- Note: You do not need to setup TLS to support SASL (more on that in the additional considerations section)
- Now modify your MUA to use a username and password when connecting to your SMTP server and try sending mail to someone else's system from your MUA using a destination address like root@*.itc2480.campus.ihitc.net where the * is replaced by the host letter of your system.
- Troubleshoot as needed using the mail log files on your system.
Additional Considerations
Running a mailserver is tricky business. The basic server we have setup does not use encryption for connections meaning usernames, passwords, and mail contents are all sent in plaintext. This is very undesirable from a security standpoint and it would be suggested to support SSL/TLS encryption for both the MTA and MDA portions. In addition, you will almost certainly want spam filtering at the server. More complicated setups also use database tables for users, passwords and domains so that you can host multiple domains on a single server and have email user boxes for people who do not have local logins on the system.