Bài giảng LPI202 - Chapter 04 Advanced Linux Network Administration

Mail servicesChapter 04Advanced Linux Network Administration ObjectivesSMTP ProtocolUsing SendmailConfiguring mailing listsManaging Mail TrafficSMTP ProtocolServer is at TCP-port 25Currently undeliverable messages can (and should) be queuedRelatedStandardsRFC2821: Defines transfer-protocolRFC2822: Defines message-formThese are updated by many other RFCsRFC 1123: Internet Host RequirementsRFC 1870, 2821: SMTP Service ExtensionsRFC 1891-1895: Even more extensions, now obsoleted by newer RFCsRFCs 2045-2049: MIMEMail agents Mail User AgentsMUAs are the source and destination of e-mailPine, Microsoft Outlook, MH, Mozilla, Elm, mail etc.Mail Transfer AgentsMTAs transport and route the messages from the sender’s MUA to the recipient’s MUAThis is applications level routing and similar to but not related to IP-routingThe decision is made based on the recipient’s addressSpam blocking is an exceptionThe recipient’s address may be changedE.g. e-mail aliases, .forwardThe e-Mail Message’s JourneyThe message in the SMTP-standard consists of two partsThe envelope is information transmitted using SMTP protocol unitsThe contents includes the headers and body of the messageThe MUA receives the message from the end user and interprets the correct sender and receiver informationThe message is passed to the MTA for transportation over the networkUsually the message is first stored in a spool directory to wait until it can be transmitted to the next MTAAt the destination the message is placed into the recipient’s mailboxusually a file, can also be a directory or a databaseIn practice the distinction between modern MTA and MUA software is not always clearSample SMTP Session Initiationriku@mole $ telnet nixu-gw.nixu.fi 25Trying 194.197.118.1...Connected to nixu-gw.nixu.fi.220 nixu-gw.nixu.fi ESMTP Sendmail 8.9.3/8.9.3; Tue, 13 Apr 1999 13:40:05 +0300HELP214-This is Sendmail version 8.9.3214-Topics:214- HELO EHLO MAIL RCPT DATA214- RSET NOOP QUIT HELP VRFY214- EXPN VERB ETRN DSN214-For more info use "HELP ".214-To report bugs in the implementation send email to214- sendmail-bugs@sendmail.org.214-For local information send email to Postmaster.214 End of HELP infoEHLO mole.nixu.fi250-nixu-gw.nixu.fi Hello mole.nixu.fi [194.197.118.22], pleased to meet you250-8BITMIME250-SIZE250-DSN250-XUSR250 HELPSending the Message in SMTPMAIL From: 250 ... Sender okRCPT To: 250 ... Recipient okDATA354 Enter mail, end with "." on a line by itselfFrom: To: Subject: foobarDemo material for SMTP course.250 NAA12630 Message accepted for deliveryQUIT221 nixu-gw.nixu.fi closing connectionConnection closed by foreign host.19 riku@mole $The Message StructureThe envelope contains the MTA’s view of the sender and receiverThis is why you receive complaints about viruses and spam you have not sentThese are transported in the MAIL FROM and RCPT TO commands of the SMTP protocol Notice the difference between the "From:" in the message headers and the "From" in the envelopeHeadersFrom the beginning of the content until the first empty lineFormat is "field-name: field body"Some are mandatory, some notBodyAfter first empty line until the end of the messageSMTP and DNSMXs Mail eXchanger - records in DNSEnables mail forwarding in cases where access to customers mail-server is limitedExample: part of sral.fi MXssral.fi. IN MX 1 bar.foo.fi.sral.fi. IN MX 10 smtp3.kolumbus.fi.Logic: Mail is transferred only closer to destinationSmaller MX-value means that machine is closer to destinationMachine with the smallest MX-value is tried first, then the machine with the next smallest and so on...SMTP and DNSExplicit MXsDefined MXse.g. sral.fi. IN MX 1 bar.foo.fi.Implicit MXsIf a machine has an IP-address, is also has an implicit MX with value of 0e.g. bar.foo.fi. IN A 193.209.237.254Wildcard-MXsIf a whole domain is handled by one server, it can be configured with a wildcard MXUse with caution (wrong configuration causes “tennis tournaments”)!e.g. *.wild.fi. IN MX 1 mail.wild.fi.Order of use: explicit-implicit-wildcardIf none found: Host unknownErrors in DNS are critical! Mail can not be delivered without functioning name serviceSendmailThe most common MTA and a reference implementationA rather complex and capable piece of softwareSupports many message formatsCan route messages between different e-mail systemsThree modes of operation Daemon, which receives e-mail over SMTP at TCP port 25 and forwards it as neededTo a local user’s mailboxTo a different host using SMTPTo a different mail system using some protocol (UUCP, X.400)Local, operation initiated by the user’s MUA, Sendmail receives the message and takes the appropriate action as previouslyHousekeeping actions, e.g. when started under the alias "newaliases" sendmail reads the changes in mail alias configurationUsage of SendmailSendmail’s main configuration directory /etc/mailHeart of sendmail installation: configuration filesendmail.cfDo not edit, unless you know what you are doing!Start-up in system boot/usr/lib/sendmail -bd -q30m-bd: server mode-q30m: process the mail queue in every 30 minutesSendmail Settings1. By default sendmail is configured to listen for connections ONLY for the 127.0.0.1 interface.In order to make sendmail listen to all interfaces we need to comment out the following line in /etc/mail/sendmail.mc using 'dnl' which stands for “do next line”:dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnlOnce this is done run:m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf2. Restart sendmail and try the following:telnet 0.0.0.0 25If you get a connection then sendmail is responding. This doesn't mean that sendmail will deliver mail (relay) for you!Sendmail Settings3. To configure sendmail to relay for you you need to add the IP for your machine to the /etc/mail/access file: 192.168.246.12 RELAY cd /etc/mail; make all4. Finally, we also need to tell sendmail to accept mail for @seafront.bar addresses. For this, add the domain name to /etc/mail/local-host-names: seafront.barRestart sendmail and send a mail to an existing userVirtual HostingWe want the server seafront.bar to accept mail for the city.bar domainThe DNS entriesWe need to add an MX record for the city.bar domain. Here is the whole block for clarity:seafront.bar. IN MX 10 test1.seafront.bar.city.bar. IN MX 10 test1.seafront.bar.test1.seafront.bar. IN A 192.168.246.12Virtual HostingSendmail Settings1. We need to make sendmail accept mail for users at @city.bar. For this we add the next line to the local-host-names file:city.barIf mail is sent to tux@city.bar and tux is a valid user on test1.seafront.bar then mail will be delivered to the local user tux. To avoid this we can use the /etc/mail/virtusertable database. 2. If you want to forward mail onto another account here are example entries for the virtusertable database:tux@city.bar mr.tux@otherdomain.org@city.bar administratorlist@city.bar local-listHere mail for user tux is diverted to mr.tux@otherdomain.org, the user administrator is the catchall account, lists are redirected to local lists (this needs to point to a valid list defined in the aliasesUsage of SendmailHow to check statusEither telnet to SMTP-port $ telnet server.company.fi 25 Trying... Connected to server.company.fi. 220 server.company.fi ESMTP Sendmail ready QUITor check process list $ ps -ef | grep sendmail | grep -v grep root 778 ... 0:04 sendmail: accepting connections If sendmail is currently processing queues, there might be other processes running, but they don’t have the “accepting connections”-stringUsage of SendmailKillingMust be rootCheck process-number from the output of above mentioned ps-command (1st number in line) and give it a kill-command # kill 778RestartMust be rootUse command /usr/lib/sendmail -bd -q30mCheck statusUsage of SendmailForced processing of mail queue Normally mail queue contains dataContents of mail queue can be viewed with command mailq or /usr/lib/sendmail -bpYou can force immediate processing with command /usr/lib/sendmail -qIf you want to observe what happens use command /usr/lib/sendmail -q -vAliases FileA feature of Sendmail and may other MTAsContains mappings of one local user-id to mail addresses, these affect the left hand side of the email address postmaster: yllapito root: yllapito yllapito: kiravuo, samuli, sakke rd: nasse, hessu, lisse@hut.fi timo.kiravuo: kiravuo birds-list: :include:/home/hessu/lists/birdsThe target can be:A list of local or remote usersA file of mail addressesA programProcmail and .forward.forward is a feature of the Sendmail program is that the user may redirect his own e-mail to another addressAn easy way to generate mail loops when the user makes two mailboxes to point to each otherWhen the message has collected enough "Received:“ headers, it is bounced back to the senderThe .forward -file may also direct the message to a programProcmail is one popular program that can process e-mail messages, e.g.Distribute messages to different foldersRun them through a personal spam filterSend an SMS message when an e-mail message matches some ruleReply to the sender that the user is on vacationLog filesSendmail keeps log of its activities through syslog (see. /etc/syslog.conf)Samples from log filesMessage from riku at mole.nixu.fiActual message looks like this:From: riku.kalinen@nixu.fi To: oh2lwo@sral.fi Cc: riku.kalinen@nixu.fi Subject: Teshting Please ignoreLog tracking Message has been received Apr 13 14:26:04 mole sendmail[15822]: OAA15822: from=riku, size=104, class=0, pri=60104, nrcpts=2, msgid=,relay=riku@localhost Message sent for oh2lwo@sral.fi to bar.foo.fi Apr 13 14:26:06 mole sendmail[15822]: OAA15822: to=oh2lwo@sral.fi, ctladdr=riku (1138/200), delay=00:00:14, xdelay=00:00:02, mailer=esmtp, relay=bar.foo.fi. [193.209.237.254], stat=Sent (OAA13538 Message accepted for delivery) Message sent for riku@nixu.fi locally Apr 13 14:26:06 mole sendmail[15822]: OAA15822: to=riku@nixu.fi, ctladdr=riku (1138/200), delay=00:00:14, xdelay=00:00:00, mailer=local,stat=SentError situations and recovery Host unknownstring right from @-character is not found in DNSEither a typo in address orDNS configuration errorUser unknownstring left from @-character does not match with any user, mailing-list or alias in receiving machinePostmaster missing Serious faultIf there is a MX entry, there must also be a postmasterMakes problem solving a painError situations and recoveryToo many hopsSeen with customers who have misconfigured sendmailsMail goes to customer’s server that does not know how to handle itCustomers server sends mail to a “smarter” server: smtp.isp.fiWhich sends it back to customer’s server...After about 25 hops the mail bouncesTypical with misconfigured wildcard MXsLocal configuration errorReceiving server did not know how to handle the mailTypically disagreement between MTA configuration and DNSConfiguring Mailing ListsMajordomo and SendmailMajordomo is a program which automates the management of Internet mailing listsMajordomo interfaces to the mail system (sendmail, exim, etc) through aliasesDownload the code from Source version: majordomo-1.94.5.tar.gzPre-installation Configuration1. In the Makefile, replace /bin/perl with the path to the perl binary on your system (usually /usr/bin/perl): PERL = /usr/bin/perlTo make things easier we will leave the W_HOME as is: W_HOME = /usr/test/majordomo-$(VERSION)You need to create the directory /usr/testmkdir /usr/testCreate a group called majordomo with GID 45, and add a user called majordomo with UID 123 Pre-installation Configuration2. In the sample.cf file we need to define our domain (for example seafront.bar). This is also where the path to the sendmail binary is set:$whereami = "seafront.bar";$sendmail_command = "/usr/sbin/sendmail";Now we can run make install make install-wrapperSendmail ConfigurationCreate a symbolic link in /etc/smrsh pointing to the majordomo wrapper binary ln -s /usr/test/majordomo-1.94.5/wrapper /etc/smrshCreating the list “test”1 . create an empty file called test and a file containing information about the list called test.info in the directory /usr/test/majordomo-1.94.5/lists/2. Create the following aliases in /etc/aliases:majordomo: "|/usr/test/majordomo-1.94.5/wrapper majordomo"test: "|/usr/test/majordomo-1.94.5/wrapper resend -l test test-list"test-list: :include:/usr/test/majordomo-1.94.5/lists/testtest-request: "|/usr/test/majordomo-1.94.5/wrapper request-answer test"owner-test: tuxtest-approval: tux3. Run newaliases and restart sendmail.SummarySMTP ProtocolSetting up SendmailConfiguring mailing listsManaging Mail Traffic