Mail server mnjk: Difference between revisions

From ITCwiki
Jump to navigation Jump to search
Line 177: Line 177:
<ol>
<ol>
<li>Create script to delete emails older than 45 days</li>
<li>Create script to delete emails older than 45 days</li>
:''NOTE: The script must be owned by root and executable.  Additionally, the crontab must be created with sudo priviledges
:<code>sudo nano '''<scriptname.sh>'''</code>
:<code>sudo nano '''<scriptname.sh>'''</code>
<br>
<pre>
<pre>
#!/bin/bash
#!/bin/bash

Revision as of 02:26, 19 February 2021

Introduction

This section documents the creation of the Auto-Reply Mail Server. This section will likely be created by an instructor or administrator.

Mail Server Documentation

  1. Power on you Virtual machine
    • This server may reside in the VMware ESXi or NetLab as long as the network configuration allows connection to the course VLAN and student VM's.
  2. Install Debian Linux
  3. Once the system has booted and is on the "Debian GNU/Linux installer menu" choose "Install" and not "Graphical Install". If you make an incorrect choice you can reboot your virtual machine (power off and on) before installing to get back to the menu.
    In the installer you will use the space bar to select and unselect "checkboxes", the tab key to move between fields and buttons, and the enter key to continue. You will be prompted for the following choices
    • Select English as the language, United States as your location, and American English as the keymap.
    • Set ens192 as your primary network interface.
    • Set a hostname for the system to 2480 followed by a dash and then your pod ID letter, like 2480-Z for LSA Pod Z. If you have forgotten your pod ID letter look up at the top of your screen above the line with the "Topology" and "Linux Server" tabs and you should see a line with "LSA Pod" followed by a letter, that letter is your pod ID letter.
    Note: These steps are critical to future success in labs, check your spelling carefully
    Lab1 hostname.png
    Click here for a larger image
    • Set the domain name to itc2480.campus.ihitc.net
    Lab1 domainname.png
    Click here for a larger images
    • Set the root password to something you will NOT FORGET, this is the administrator account, cisco might be a good choice for our purposes though that would not be secure for a system directly accessible from the Internet (we are protected by a firewall which you are bypassing via the VPN connection)
    • Create a new user account by entering your name. The system will automatically use your first name (all lowercase) as the username and then you should set the password to another password you will not forget
    • Select your timezone
    • Choose "Guided - Use entire disk" as the partitioning method and select the sda drive and "All files in one partition" as the partitioning scheme, "Finish partitioning and write the changes to the disk", and then finally confirm you want to write the changes.
    • You do not want to scan any other CDs or DVDs at this time.
    • You want to select a mirror located close to you with good speed. Because your VM is actually running from the campus and is connected to the campus Internet connection a good option is "debian.uchicago.edu" with no http proxy.
    • Choose whether you want to participate in the package usage survey, for our purposes either choice is just fine.
    • On the software selection screen UNSELECT "Debian desktop environment" and "Print server" and make sure that "SSH server" and "Standard system utilities" are the only two selected options.
    Note: To select and unselect options move your cursor over the option and press the space bar.
    • Choose that yes you want to install GRUB to the master boot record on the /dev/sda device.
  4. Complete the installation
  5. When the installation is complete you can select continue to "eject" the virtual CD and reboot into the new install

Install Basic Tools

  1. Install sudo from the command line using:
    Note: A good practice is to update your system before installing any packages, this should be completed using apt update, ensure to use sudo when not logged in as root.
    apt update
    apt install sudo
  2. For security purposes it is usually the case that you do not want to log in as the root user. Instead, best practice is to log in as a standard user and then execute specific commands that require root access with administrative privileges through the sudo program. The sudo program is not installed by default so after you have logged in to the root account enter apt update and press enter which will update the list of software available for installation and then apt install sudo and press enter to install the sudo software.
  3. Add sudo privileges to our standard user account.
    adduser <username> sudo
  4. We now need to add our standard user account to the group which is allowed to have administrative access to do this enter the command sudo adduser <username> sudo and press enter, replacing <username> with the name of your standard user account (set during the setup process, probably your first name in lowercase). We'll learn more about these commands later in the course.
  5. Reboot system
  6. shutdown -r now
    Reboot your system using the shutdown -r now command to apply the changes
  7. Log in as your standard user account, determine system IP address.
    Once you are logged in use the following command at the command line to determine the IP address of your system
    ip address show
  8. Using the ip address show command will allow you to check the IP address of your system. The IP address should be something like 172.17.50.xxx and be an inet address on the ens192 adapter.
    Lab1 ip address show2.PNG
  9. Test sudo privileges
  10. Try running the same command as the administrator by typing sudo ip address show, you will need to enter in your password again when you run this command.
    sudo ip address show
  11. Install open-vm-tools
  12. Run the sudo apt install open-vm-tools command to install the vmWare Tools. You will be prompted about several additional software packages required to be installed, type y and press enter to install the software.
    sudo apt install open-vm-tools

  13. Install nmap
  14. Nmap is a tool we will learn more about later in the course but it will likely be used to check many of the labs for completion while working through the course. This course's labwork often builds upon the work you have done in previous labs. The self-check scripts are to assist you in ensuring you have not missed any critical steps in your work that would affect your success in subsequent labs.
    NOTE: Before we begin the installation of this tool it is important to remember that scanning a system is often seen as an attack against the system and should not be done unless you are the administrator of both the system that you are scanning from and the system you are scanning or have the explicit permission of the system administrator of those systems! In some areas people have been legally charged and prosecuted for scanning of systems which they are not authorized to do. You have been warned!
    • At this time all you will be doing is installing the tool as it will be used to self-check your lab work to verify you are ready to move on to the next lab.
    • Run the following command at the command line.
    sudo apt install nmap
    Run the sudo apt install nmap command to install the nmap tool. You will be prompted about additional software packages required to be installed, type y and press enter to install the software.
  15. Exit from the local console
  16. To log out of the console type exit and press enter.
    Because your Debian Linux server is running as a virtual machine on a vmWare host system in order to achieve the best performance and driver integration we should install the vmWare Tools software package in your virtual machine.

Add User "Ping", Install Webmin

  1. Create a new user account ping using the adduser program
  2. adduser ping
  3. Use the links browser or wget to download the DEB package file from www.webmin.com
  4. NOTE: Because this DEB file was downloaded directly instead of automatically by APT from a package repository the installation command is slightly different and some other commands such as apt show will not work.
  5. Install the package with apt install
    apt install ./<filename.deb>
    Don't forget that installation of software must be done with system administrator permissions.
  6. Apt-install-webmin.png
    Click for Larger Image
    NOTE: You can get similar information to what you can get with apt show from a DEB package file using the following command:
    dpkg -I <filename>
  7. Notice the additional packages which are required by Webmin (dependencies) which will be downloaded and installed by apt from a repository in order to complete the installation.
  8. Open a web browser on your host system and visit https://xxx.xxx.xxx.xxx:10000 where your IP replaces xxx.xxx.xxx.xxx
  9. Login using your Debian username and password
  10. Explore the Webmin interface
    Webmin-dashboard.png
    Click for Larger Image

Set Static IP Address

An important first step is to learn how to diferenciate between network interfaces. Take a look at this site and this site to understand how network interface names in Debian 9 and later are identified.
  1. Set a static IP for your server
    • Using your text editor of choice, open up the file /etc/network/interfaces
    • Notice how it is currently set to dhcp for the ens192 interface.
    • To set a static IP, you will need to change iface ens192 inet dhcp to iface ens192 inet static.
    • Now, under the iface line you just edited, you will need to enter the address, netmask, and gateway for the static network.
    Reminder: it is common practice to indent (tab) static network configuration information in the interfaces file.
    Note: Your configuration should be similar to this:
    allow-hotplug ens192
    iface ens192 inet static
    	address xxx.xxx.xxx.xxx
    	netmask 255.255.255.0
    	gateway 172.17.50.1
    	dns-nameservers 172.17.139.11 172.17.139.111
    * Now save the file, and exit your file editor.
  2. Apply your static IP address
  3. * Now we are going to apply the static IP change. Try using ip address show to view your active configuration now and you should see that your old address is still active.
    NOTE: You should only make network configuration changes when you have physical access to a machine. This way, if you mess up your configuration you will be able to fix it from a local console.' If you lose working SSH access to your system after making these changes you'll need to connect in through the NetLab console interface (which is equivalent to physical access) and find and correct your configuration issues.
    • Using the ifdown and ifup command, we are going to restart the network interface, this step is required to apply the change.
    Note: A good method to watch this change is to have to ping windows open on your local machine ping both your old IP address and your new IP address with a ping 172.17.50.xx -t this will allow you to see how quickly the change will happen. The first image below is with the DHCP address, the second is after the static address is applied.
    Lab5 ping ifup ifdown.png
    Click here for a larger image
    • In a SSH terminal, run sudo ifdown ens192 && sudo ifup ens192. Notice the two && symbols. This tells the Linux shell that it should run the second command right after the first. If we do not define this, then we would be left with a machine that has its networking turned off.
    sudo ifdown ens192 && sudo ifup ens192
    Note: you will lose your SSH connection because the IP your SSH session is connected to is no longer in use by your VM.
    • At this point, your machine should now be using a static address. You may receive an error message indicating that an address cannot be assigned which is related to your old DHCP address still being on the interface as well. Use ip address show to verify the new IP address is assigned to the interface.
  4. Verify the new static IP address
    • Used a ping command from your local PC to try pinging both the old DHCP address as well as your new static address of your VM.
    • Once you have verified the VM is responding on the new static IP address reboot the system to ensure the old DHCP address is removed by restarting your VM with sudo shutdown -r now Note you will lose your SSH connection because the IP your SSH session is connected to is no longer in use by your VM.
  5. Reconnect through SSH to your new IP address and verify it is now applied using the ip address show command.

DNS Section

  1. First you will need to install BIND. to install it, use the package manager to install bind9
  2. Open up /etc/bind/named.conf.options
      • You will also need to replace 0.0.0.0 with 172.17.139.11 for outside DNS lookups to function correctly.
    Bind named conf.png
  3. Next, open up your interfaces file (/etc/network/interfaces).
      • Change the dns server for the primary network interface to 127.0.0.1.
  4. In Webmin, go to Servers, then BIND DNS Server. Under Existing DNS Zones click on Create Master Zone and use the following settings:
    Zone type: Forward (Names to Addresses)
    Domain name / Network: *.itc2480.campus.ihitc.net
    Records file: Automatic
    Master server: *.itc2480.campus.ihitc.net.
    Email address: root@ *.itc2480.campus.ihitc.net
    • NOTE: the * stands for your system name, "automail" was used when setting the mail server up.
  5. To create our A record which points your domain to an IP address, click the Address button.
    • For the Name enter @.
    • In the address field enter your VM's static IP and click Create.
  6. Create an MX record for the domain which directs mail for your delegated domain to your system as well. (This will involve creating another A record for mail.*.itc2480.campus.ihitc.net as well).
  7. Make sure to apply the changes using the button in the top right that shows two arrows in a cricle.
  8. After applying the changes and rebooting everything should be working. just make sure to test it using the nslookup and dig commands.

Auto Reply Configuration

  1. Install vacation
  2. Vacation is a Linux package that will auto-respond to received emails for the receiving users.
    sudo apt install vacation
  3. Run the vacation program in the profile you wish to set up the reply message from
  4. vacation
  5. Follow the prompts, for now reply with the default answer (Y)
  6. MAILSVR vaca prompts.png
    Click here for a larger image
  7. Edit the vacation.msg file
  8. nano vacation.msg
    MAILSVR vaca msg.png
    Click for a larger image
    • Enter the message that you would like to have in the auto-response.
  9. Set the response to auto mail every message
  10. The default response is every one week to send an auto-reply, for our use it is important to reply to every email.
    vacation -i -r 0
    NOTE: It is important to understand this command sets the auto-reply delay. Using the -r 0 sets the vacation program to reply to EVERY message it receives. In a production environment, this is not recommended as it can create mail loops.
  11. Test your reply message from the CLI mailutils package or the MTA chosen to use on client computers

Auto Maildir Clean Up

  1. Create script to delete emails older than 45 days
  2. NOTE: The script must be owned by root and executable. Additionally, the crontab must be created with sudo priviledges
    sudo nano <scriptname.sh>
    #!/bin/bash
    find /home/testuser/Maildir/cur -type f -mtime +45  -exec rm {} \;
    find /home/testuser/Maildir/new -type f -mtime +45  -exec rm {} \;
    find /home/testuser/Maildir/tmp -type f -mtime +45  -exec rm {} \;
    
  3. Make executable
  4. sudo chmod +x <sciptname.sh>
  5. Create a crontab job
  6. sudo crontab -e
    NOTE: the astricks at the start of the following command are respective to the scheduling of time. A good additional resource for cron is https://vitux.com/how-to-setup-a-cron-job-in-debian-10. Each astrik represents [Minute] [hour] [Day_of_the_Month] [Month_of_the_Year] [Day_of_the_Week]
    • add the following line to the chrontab file to schedule the job at 8PM every day.
    * 20 * * * * /home/ping/scriptname.sh