Franske ITC-2480 Lab 8: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
No edit summary
Line 20: Line 20:
# Restart the postfix service to apply your change
# Restart the postfix service to apply your change
# Install the mailutils package to test your setup by sending and receiving mail directly from the command line.
# Install the mailutils package to test your setup by sending and receiving mail directly from the command line.
# Try sending a message: <pre>sendmail "yourusername@localhost" "Sample Subject" "Hello World!"</pre>
# Try sending a message: <pre>echo "This is my message" | mail -s "Email Subject" username@localhost</pre>
# Check to see if the message was received using the mail command, press q to return to the command line.
# Check to see if the message was received using the mail command, press q to return to the command line.
#* If you do not see the message listed you may need to quit the mail program and set an environment variable "MAIL=/home/yourusername/Maildir"
#* If you do not see the message listed you may need to quit the mail program and set an environment variable "MAIL=/home/yourusername/Maildir"

Revision as of 00:11, 6 March 2014

Introduction

In this lab you will setup a basic email server on your Debian Linux server including both MTA and MDA software.

The MTA to be installed is Postfix. MTA software listens for incoming connections from other MTA servers on port 25 and accepts mail on behalf of users on the system. Once the mail is received it is stored locally for users to retrieve. The most common methods for storing messages is in an .mbox file, where all messages are stored in a single file, or in a Maildir, which is a directory where each message is stored in a separate file. The MTA also listens for connections from client software (MUA) and accepts outbound messages from them and forwards them on to the destination domain's mail server. Advanced configuration of MTA software can allow for anti-spam filtering, mailing list support or other programs to intercept and manipulate mail as it passes through the server.

Local users accessing their mailbox with MUA software can read and write to the .mbox file or Maildir directly. If a user not locally logged on to the system wants to access their mailbox the server runs MDA software which typically uses the POP3 or IMAP protocol for accessing the .mbox file or Maildir remotely.

Lab Procedure

Prerequisites

  1. Open an SSH console to your Linux system using the PuTTY software, login with your standard user account
  2. Make sure that webmin is installed on your system.
  3. Get the IP address of someone else's system in the class who you can send mail to

Install the Postfix MTA

  1. Install the postfix package using a package management program
    • During the installation process select "Internet Site" as the type of mailserver and set the domain name to "yourhostname.test"
  2. Use the telnet command to connect to your SMTP server on port 25 (telnet localhost 25)
    • Type quit and press enter after verifying Postfix is running.
  3. Because the Courier IMAP and POP3 server software only supports Maildir style message stores and Postfix stores in mbox files by default you must edit the /etc/postfix/main.cf file and set the "home_mailbox = Maildir/" parameter.
  4. Restart the postfix service to apply your change
  5. Install the mailutils package to test your setup by sending and receiving mail directly from the command line.
  6. Try sending a message: 
    echo "This is my message" | mail -s "Email Subject" username@localhost
  7. Check to see if the message was received using the mail command, press q to return to the command line.
    • If you do not see the message listed you may need to quit the mail program and set an environment variable "MAIL=/home/yourusername/Maildir"
  8. You should also be able to see the message in /home/yourusername/Maildir/
  9. Create an "alias" for sysadmin which forwards mail to your username and send a copy of all mail to the root account to your username as well by editing the /etc/aliases file and then running the newalises program
  10. It might be a good time to try logging on to Webmin again, re-scanning for modules and then taking a look at the Postfix module in the "Servers" section.
  11. Take a look at your /var/log/mail.info log to see Postfix sending and receiving messages for users.

Install Courier MDA

  1. Most users prefer to retrieve mail from a mail server using an MDA protocol like POP3 or IMAP which can be provided by the Courier programs. Install the "courier-pop" and "courier-imap" packages.
    • Do not create the directories for web-based administration as they are unneeded for our setup
  2. Install an email client (MUA) on your host system such as Mozilla Thunderbird and setup a new account which connects over IMAP to the IP address of your server for each of the different user accounts you have on your server. Test receiving mail using this client.
    • Note: If your user has not yet received any mail Postfix has not created a Maildir for the user and the courier software will send an error to the client software. Use the sendmail program explained above to send some mail to the user, see that the Maildir is then created and then try retrieving the messages again with your MUA.

Allow Remote Users to Send Mail

  1. Try setting up your MUA software to send mail by creating an SMTP server entry and sending an email to anotheruser@localhost This should work because localhost is your own server but if you try sending email to someuser@anotherIP like root@172.17.50.10 that will fail.
  2. The problem is you don't want just anyone to send mail through your mailserver (we did allow this in the olden days) because a spammer could then use your server to send mail worldwide and it would all trace back to the IP of your server, we call servers setup like this "open relays" because they relay mail for anyone and they are generally considered very bad practice and can get your mailserver on lists of servers to ignore all messages from. There are a number of ways to solve this. By default Postfix will only allow mail relaying from computers on the same network (based on IP) as set in the /etc/postfix/main.cf mynetworks parameter but this is inconvenient for remote users. The SASL protocol allows users to authenticate with a username and password before sending mail and then relay messages are accepted from them.
  3. See if you can follow these instructions for setting up SASL with Postfix.
    • Note: You do not need to setup TLS to support SASL (more on that in the additional considerations section)
  4. Now modify your MUA to use a username and password when connecting to your SMTP server and try sending mail to someone else's system from your MUA using a destination address like root@172.17.50.10
  5. Troubleshoot as needed using the mail log files on your system.

Additional Considerations

Running a mailserver is tricky business. The basic server we have setup does not use encryption for connections meaning usernames, passwords, and mail contents are all set in plaintext. This is very undesirable from a security standpoint and it would be suggested to support SSL/TLS encryption for both the MTA and MDA portions. In addition, you will almost certainly want spam filtering at the server. More complicated setups also use database tables for users, passwords and domains so that you can host multiple domains on a single server and have email user boxes for people who do not have local logins on the system.

Additional Resources

Retrieved from "https://wiki.ihitc.net/mediawiki/index.php?title=Franske_ITC-2480_Lab_8&oldid=6370"