Curs 8 - Serviciul de e-mailandrei.clubcisco.ro/cursuri/f/f-sym/5master/sric-gsr/...Servere de...
Transcript of Curs 8 - Serviciul de e-mailandrei.clubcisco.ro/cursuri/f/f-sym/5master/sric-gsr/...Servere de...
Curs 8Serviciul de e-mail
Gestiunea Serviciilor de Ret,ea
8 decembrie 2011
GSR Curs 8, Serviciul de e-mail 1/45
Moto
Diamonds are forever. E-mail comes close.
GSR Curs 8, Serviciul de e-mail 2/45
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 3/45
Prerequisites
I “Cartea de RL”:http://books.google.com/books?id=GdF_3ttxnRIC
I Capitolul 8 – E-mail
GSR Curs 8, Serviciul de e-mail 4/45
Suport
I “Unix and Linux System Administration”I Chapter 20 – Electronic Mail
I “Professional Linux System Administration”I Chapter 10 – Mail Services
GSR Curs 8, Serviciul de e-mail 5/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 6/45
I killer-app of the Internet ın anii ’80
I mesaje text
I MIME – Multipurpose Internet Mail Extensions
I SMTP, POP3, IMAP
I MTA, MUA, MSA, MDA/LDA
I mbox/Maildir
GSR Curs 8, Serviciul de e-mail 7/45
Funct, ionare e-mail
GSR Curs 8, Serviciul de e-mail 8/45
Funct, ionare e-mail (2)
GSR Curs 8, Serviciul de e-mail 9/45
Servere de e-mail
I MTA – Mail Transfer Agent, mail relayI SMTP, portul 25I livreaza s, i primesc mesajeI surse pentru MTA: MUA, alt MTAI destinat, ii pentru MTA: casut, a pos, tala, alt MTAI Sendmail, Postfix, Exim, Dovecot, Microsoft Exchange Server
I Server IMAP/POP3I IMAP – 143 (993)I POP3 – 110 (995)I Courier-IMAP, Courier-POP, Cyrus IMAP, WU-IMAP,
Microsoft Exchange Server
GSR Curs 8, Serviciul de e-mail 10/45
Client, i de e-mail
I SMTP, POP3, IMAP
I extra: news, aggregators
I Alpine, Mutt, mailx
I Microsoft Outlook, Mozilla Thunderbird, Evolution, KMail,Claws
I webmail
I calendaring, autentificare, LDAP, SSL/TLS
I PGP, thread view, phishig, labels, signatures, searching
I PIM – Personal Information Manager
GSR Curs 8, Serviciul de e-mail 11/45
LDA
I Local Delivery Agent / Mail Delivery Agent
I MTA → LDA → casut, a pos, tala
I forma de baza integrata ın MTA
I filtrare (pe directoare), actualizare mesaje, utilitare externe
GSR Curs 8, Serviciul de e-mail 12/45
Formate de casut,e pos, tale
I intrari ın sistemul de fis, iere pentru stocarea mesajelorI RFC 2822
I mboxI un singur fis, ier stocheaza mesajeleI /var/[spool/]mail/$username
I MaildirI fiecare mesaj este stocat ıntr-un fis, ierI trei subdirectoare
I tmp – temporar (necesar pentru sincronizarea fis, ierului ın new)I new – fis, iere noiI cur – fis, iere accesate de clientul de e-mail
GSR Curs 8, Serviciul de e-mail 13/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 14/45
Postfix
I Wietse Venema, IBM Research
I aparut ın 1999, activ dezvoltat
I suport pentru TLS, mbox, Maildir, Milter etc.
I portabil pe majoritatea Unix-urilorI alternativa la Sendmail
I security design
I un set de daemoni/procese/delivery agentsI least privilegeI chrootI master (root), smtpd, cleanup, bounce, trivial-rewrite
I delivery agentsI smtp, local, lmtp, virtual, pipe
GSR Curs 8, Serviciul de e-mail 15/45
Arhitectura Postfix
GSR Curs 8, Serviciul de e-mail 16/45
Interact, iune cu Postfix
I /etc/init.d/postfix start|stop|restart|reloadI /etc/postfix/main.cf
I man 5 postconfI /usr/share/postfix/main.cf.dist
I editare de manaI folosire postconf
I postconf – listare directive de configurareI postconf -e ’nume_directiva = valore_directiva’
I postconf -e ’mydestination = alpha.ro’
I /etc/postfix/master.cfI configurare daemoniI man 5 master
GSR Curs 8, Serviciul de e-mail 17/45
Configurare de baza Postfix
I myhostname, mydomain, myorigin
I mynetworks, mydestination
I inet_interfaces
I relay_domains
I home_mailboxI casut, a pos, talaI pathname relative to users’s home directoryI daca nu se precizeaza – /var/[spool/]mail/userI Mailbox – format mboxI Maildir/ – format Maildir (se termina cu /)
GSR Curs 8, Serviciul de e-mail 18/45
Utilitarul mail
I miniclient de e-mail
I pachetul mailxI citire mesaje
I mailI cites, te din “post office” (/var/mail/) (suprasris de variabila
de mediu MAIL)I h pentru ajutor
I scriere mesajeI echo "message" | mail -s $subject -c $carbon_copy
$destinationI echo "hello" | mail -s hello -c [email protected]
GSR Curs 8, Serviciul de e-mail 19/45
Configurare alias-uri
I redirectari de mesaje (forwarding)I tabele de aliasuri
I alias_name: destionation_name1, destination_name2
I editarea se face ın fis, iere textI utilitare specifice obt, in fis, iere index (binare) .db (sau .dbm)
folosite de MTA
I compatibilitate SendmailI directivele alias_maps s, i alias_database ın PostfixI /etc/aliases, /etc/aliases.dbI newaliasesI postalias /etc/aliases
I configurare per userI ∼/.forward
I cont, ine adresele catre care va fi livrat mesajul
GSR Curs 8, Serviciul de e-mail 20/45
Configurare domenii virtuale
I domenii multiple partajateI mydestination = alpha.org beta.org gogu.com
dorel.ro
I domenii separateI virtual_alias_domains = example.com mydomain.com
I diferite de domeniile din $mydestination
I virtual_alias_maps = hash:/etc/postfix/virtualI cat /etc/postfix/virtual
[email protected] alice
I postmap /etc/postfix/virtual
GSR Curs 8, Serviciul de e-mail 21/45
Suport Maildir ın Postfix
I home_mailbox=Maildir/
I se comenteaza directiva mailbox_command
I creare director MaildirI maildirmake Maildir/
I maildirmake este instalat cu diferite pachete (maildrop,courier-imap etc.)
GSR Curs 8, Serviciul de e-mail 22/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 23/45
Courier IMAP
I parte din suita Courier Mail Server (SMTP, IMAP, POP3,SMAP, webmail, maildrop)
I apt-get install courier-imap
I /etc/courier/imapd
I suport SSLI apt-get install courier-imap-sslI /etc/courier/imapd-ssl
I /etc/init.d/courier-imap start|stop|restartI /var/log/mail.log
GSR Curs 8, Serviciul de e-mail 24/45
Casut,e pos, tale virtuale ın Courier IMAP
I courier-authdaemon – Courier authentication daemonI /etc/courier/authdaemonrc
I authmodulelist="authuserdb" (userdatabase)
I userdb (comanda)
GSR Curs 8, Serviciul de e-mail 25/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 26/45
Maildrop
I MDA
I apt-get install maildrop
I /etc/maildroprc
I $HOME/.mailfilter
I $HOME/.mailfiters/
I integrare cu Postfix
I mailbox_command = /usr/local/bin/maildrop -d
$USER
GSR Curs 8, Serviciul de e-mail 27/45
Configurare Maildrop
1 PATH=/bin:/usr/bin:/usr/local/bin
2 DEFAULT=$HOME/Maildir/
3 MAILDIR=$HOME/Maildir
4 LOGFILE=$HOME/.mailfilterlogs
5 SHELL=/bin/bash
6
7 # lpi8 if ( /^(From|To|Cc): .*@.*lpi\.org/ )
9 {10 to $MAILDIR/.projects.lpic/
11 }12
13 # pisr14 if ( /^Subject: .*\[pisr\]/ || /^Subject: .*PISR.*/ )
15 {16 to $MAILDIR/.school.pisr/
17 }18
19 # Catch-all rule for all unmatched email20 to $MAILDIR/
GSR Curs 8, Serviciul de e-mail 28/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 29/45
SASL
I Simple Authentication and Security Layer (RFC 4422)
I framework for authentication and data security
I separarea mecanismului de autentificare de protocolul de date
I foloses, te mecanisme de autentificare (ca module): PLAIN,OTP, DIGEST-MD5 etc.
GSR Curs 8, Serviciul de e-mail 30/45
SASL Life Cycle
GSR Curs 8, Serviciul de e-mail 31/45
Suport TLS ın Postfix
I implicit, la instalarea postfix
GSR Curs 8, Serviciul de e-mail 32/45
Configurare client
I New Account
I adresa
I nume de utilizatorI SMTP Server (sending e-mail)
I use authentication (SASL)I TLS enable
I IMAP Server (receiving e-mail) (993)I SSL enable
GSR Curs 8, Serviciul de e-mail 33/45
DKIM/ADSP
I DomainKeys Identified Mail
I un mesaj primes, te o semnatura – DKIM-Signature
I verificatorul obt, ine o cheie publica folosind DNS s, i apoiverifica semnatura
I informat, ia este stocata ıntr-o resursa TXT
GSR Curs 8, Serviciul de e-mail 34/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 35/45
SPF
I Sender Policy Framework
I intrare SPF ın DNS
I example.com. IN SPF "v=spf1 a mx -all"
I se verifica header-ul
GSR Curs 8, Serviciul de e-mail 36/45
Greylisting
I “temporary reject” email (4xx SMTP error code)
I MTA-ul init, iator va ıncerca reconectare
I la fiecare conexiune se ret, ine adresa IP sursa, sender address,recipient address
I la reconectare se verifica
I avantaj: funct, ioneaza (spammerii, ın general, nu retrimitmesaje), configurare minima, resurse consumate minime
I dezavantaje: ıntarzierea mesajelor, anumite servere/client, ivechi nu vor retrimite
I ın general, “first line of defense” ın fat,a spam filterelor
GSR Curs 8, Serviciul de e-mail 37/45
Blacklisting
I DNSBL – DNS-based Blackhole List
I lista de adrese IP publicate prin DNS – fie un fis, ier zona, fie ozona live
I prima implementare – RBL (Real-time Blackhole List)
I The Spamhaus Project
GSR Curs 8, Serviciul de e-mail 38/45
Postgrey
I Postfix Greylisting Policy Server
I apt-get install postgrey
I /etc/postgrey/whitelist_*
I conexiuni pe portul 60000 localI ın /etc/postfix/main.cf
I smtpd_recipient_restrictionsI check_policy_service inet:127.0.0.1:60000
GSR Curs 8, Serviciul de e-mail 39/45
Blacklisting ın Postfix
I smtpd_recipient_restrictions
I reject_rbl_client sbl-xbl.spamhaus.org
GSR Curs 8, Serviciul de e-mail 40/45
SpamAssassin
I e-mail spam filtering
I content-matching rule
I DNS-based, Bayesian filtering, external programs, blacklists
I apt-get install spamassassin
I /etc/default/spamassassin – enable
I /etc/init.d/spamassassin
I grup s, i utilizator aferent (spamd)
GSR Curs 8, Serviciul de e-mail 41/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 42/45
Cuvinte cheie
I e-mail
I MTA, MUA, MSA, MDA
I SMTP, POP3, IMAP
I mbox, Maildir
I /var/mail/
I Postfix
I /etc/postfix/main.cf
I /etc/postfix/master.cf
I postconf
I mail
I /etc/aliases
I newaliasias, postalias
I domenii virtuale
I casut,e pos, tale virtuale
I Courier-IMAP
I userdb
I Maildrop
I SASL
I saslauthd
I TLS
I SSL
I greylisting, blacklisting
I postgrey
I SpamAssassin
GSR Curs 8, Serviciul de e-mail 43/45
Resurse utile
I http://www.postfix.org/
I http://www.courier-mta.org/maildrop/
I http://www.courier-mta.org/imap/
I http://en.wikipedia.org/wiki/Simple_Authentication_and_
Security_Layer
I http://en.wikipedia.org/wiki/DNSBL
I http://postgrey.schweikert.ch/
I http://spamassassin.apache.org/
GSR Curs 8, Serviciul de e-mail 44/45
Outline
Postfix
Courier IMAP
Maildrop
E-mail security
Anti-spam
Incheiere
Intrebari
GSR Curs 8, Serviciul de e-mail 45/45