Curs 8 - Serviciul de e-mailandrei.clubcisco.ro/cursuri/f/f-sym/5master/sric-gsr/...Servere de...

Curs 8Serviciul de e-mail

Gestiunea Serviciilor de Ret,ea

8 decembrie 2011

GSR Curs 8, Serviciul de e-mail 1/45

Moto

Diamonds are forever. E-mail comes close.


E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


Prerequisites

I “Cartea de RL”:http://books.google.com/books?id=GdF_3ttxnRIC

I Capitolul 8 – E-mail


http://books.google.com/books?id=GdF_3ttxnRIC

Suport

I “Unix and Linux System Administration”I Chapter 20 – Electronic Mail

I “Professional Linux System Administration”I Chapter 10 – Mail Services


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


E-mail

I killer-app of the Internet ın anii ’80

I mesaje text

I MIME – Multipurpose Internet Mail Extensions

I SMTP, POP3, IMAP

I MTA, MUA, MSA, MDA/LDA

I mbox/Maildir


Funct, ionare e-mail


Funct, ionare e-mail (2)


Servere de e-mail

I MTA – Mail Transfer Agent, mail relayI SMTP, portul 25I livreaza s, i primesc mesajeI surse pentru MTA: MUA, alt MTAI destinat, ii pentru MTA: casut, a pos, tala, alt MTAI Sendmail, Postfix, Exim, Dovecot, Microsoft Exchange Server

I Server IMAP/POP3I IMAP – 143 (993)I POP3 – 110 (995)I Courier-IMAP, Courier-POP, Cyrus IMAP, WU-IMAP,

Microsoft Exchange Server


Client, i de e-mail

I SMTP, POP3, IMAP

I extra: news, aggregators

I Alpine, Mutt, mailx

I Microsoft Outlook, Mozilla Thunderbird, Evolution, KMail,Claws

I webmail

I calendaring, autentificare, LDAP, SSL/TLS

I PGP, thread view, phishig, labels, signatures, searching

I PIM – Personal Information Manager


LDA

I Local Delivery Agent / Mail Delivery Agent

I MTA → LDA → casut, a pos, tala

I forma de baza integrata ın MTA

I filtrare (pe directoare), actualizare mesaje, utilitare externe


Formate de casut,e pos, tale

I intrari ın sistemul de fis, iere pentru stocarea mesajelorI RFC 2822

I mboxI un singur fis, ier stocheaza mesajeleI /var/[spool/]mail/$username

I MaildirI fiecare mesaj este stocat ıntr-un fis, ierI trei subdirectoare

I tmp – temporar (necesar pentru sincronizarea fis, ierului ın new)I new – fis, iere noiI cur – fis, iere accesate de clientul de e-mail


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


Postfix

I Wietse Venema, IBM Research

I aparut ın 1999, activ dezvoltat

I suport pentru TLS, mbox, Maildir, Milter etc.

I portabil pe majoritatea Unix-urilorI alternativa la Sendmail

I security design

I un set de daemoni/procese/delivery agentsI least privilegeI chrootI master (root), smtpd, cleanup, bounce, trivial-rewrite

I delivery agentsI smtp, local, lmtp, virtual, pipe


Arhitectura Postfix


Interact, iune cu Postfix

I /etc/init.d/postfix start|stop|restart|reloadI /etc/postfix/main.cf

I man 5 postconfI /usr/share/postfix/main.cf.dist

I editare de manaI folosire postconf

I postconf – listare directive de configurareI postconf -e ’nume_directiva = valore_directiva’

I postconf -e ’mydestination = alpha.ro’

I /etc/postfix/master.cfI configurare daemoniI man 5 master


Configurare de baza Postfix

I myhostname, mydomain, myorigin

I mynetworks, mydestination

I inet_interfaces

I relay_domains

I home_mailboxI casut, a pos, talaI pathname relative to users’s home directoryI daca nu se precizeaza – /var/[spool/]mail/userI Mailbox – format mboxI Maildir/ – format Maildir (se termina cu /)


Utilitarul mail

I miniclient de e-mail

I pachetul mailxI citire mesaje

I mailI cites, te din “post office” (/var/mail/) (suprasris de variabila

de mediu MAIL)I h pentru ajutor

I scriere mesajeI echo "message" | mail -s $subject -c $carbon_copy

$destinationI echo "hello" | mail -s hello -c [email protected]

[email protected]


Configurare alias-uri

I redirectari de mesaje (forwarding)I tabele de aliasuri

I alias_name: destionation_name1, destination_name2

I editarea se face ın fis, iere textI utilitare specifice obt, in fis, iere index (binare) .db (sau .dbm)

folosite de MTA

I compatibilitate SendmailI directivele alias_maps s, i alias_database ın PostfixI /etc/aliases, /etc/aliases.dbI newaliasesI postalias /etc/aliases

I configurare per userI ∼/.forward

I cont, ine adresele catre care va fi livrat mesajul


Configurare domenii virtuale

I domenii multiple partajateI mydestination = alpha.org beta.org gogu.com

dorel.ro

I domenii separateI virtual_alias_domains = example.com mydomain.com

I diferite de domeniile din $mydestination

I virtual_alias_maps = hash:/etc/postfix/virtualI cat /etc/postfix/virtual

[email protected] alice

[email protected] bob

I postmap /etc/postfix/virtual


Suport Maildir ın Postfix

I home_mailbox=Maildir/

I se comenteaza directiva mailbox_command

I creare director MaildirI maildirmake Maildir/

I maildirmake este instalat cu diferite pachete (maildrop,courier-imap etc.)


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


Courier IMAP

I parte din suita Courier Mail Server (SMTP, IMAP, POP3,SMAP, webmail, maildrop)

I apt-get install courier-imap

I /etc/courier/imapd

I suport SSLI apt-get install courier-imap-sslI /etc/courier/imapd-ssl

I /etc/init.d/courier-imap start|stop|restartI /var/log/mail.log


Casut,e pos, tale virtuale ın Courier IMAP

I courier-authdaemon – Courier authentication daemonI /etc/courier/authdaemonrc

I authmodulelist="authuserdb" (userdatabase)

I userdb (comanda)


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


Maildrop

I MDA

I apt-get install maildrop

I /etc/maildroprc

I $HOME/.mailfilter

I $HOME/.mailfiters/

I integrare cu Postfix

I mailbox_command = /usr/local/bin/maildrop -d

$USER


Configurare Maildrop

1 PATH=/bin:/usr/bin:/usr/local/bin

2 DEFAULT=$HOME/Maildir/

3 MAILDIR=$HOME/Maildir

4 LOGFILE=$HOME/.mailfilterlogs

5 SHELL=/bin/bash

6

7 # lpi8 if ( /^(From|To|Cc): .*@.*lpi\.org/ )

9 {10 to $MAILDIR/.projects.lpic/

11 }12

13 # pisr14 if ( /^Subject: .*\[pisr\]/ || /^Subject: .*PISR.*/ )

15 {16 to $MAILDIR/.school.pisr/

17 }18

19 # Catch-all rule for all unmatched email20 to $MAILDIR/


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


SASL

I Simple Authentication and Security Layer (RFC 4422)

I framework for authentication and data security

I separarea mecanismului de autentificare de protocolul de date

I foloses, te mecanisme de autentificare (ca module): PLAIN,OTP, DIGEST-MD5 etc.


SASL Life Cycle


Suport TLS ın Postfix

I implicit, la instalarea postfix


Configurare client

I New Account

I adresa

I nume de utilizatorI SMTP Server (sending e-mail)

I use authentication (SASL)I TLS enable

I IMAP Server (receiving e-mail) (993)I SSL enable


DKIM/ADSP

I DomainKeys Identified Mail

I un mesaj primes, te o semnatura – DKIM-Signature

I verificatorul obt, ine o cheie publica folosind DNS s, i apoiverifica semnatura

I informat, ia este stocata ıntr-o resursa TXT


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


SPF

I Sender Policy Framework

I intrare SPF ın DNS

I example.com. IN SPF "v=spf1 a mx -all"

I se verifica header-ul


Greylisting

I “temporary reject” email (4xx SMTP error code)

I MTA-ul init, iator va ıncerca reconectare

I la fiecare conexiune se ret, ine adresa IP sursa, sender address,recipient address

I la reconectare se verifica

I avantaj: funct, ioneaza (spammerii, ın general, nu retrimitmesaje), configurare minima, resurse consumate minime

I dezavantaje: ıntarzierea mesajelor, anumite servere/client, ivechi nu vor retrimite

I ın general, “first line of defense” ın fat,a spam filterelor


Blacklisting

I DNSBL – DNS-based Blackhole List

I lista de adrese IP publicate prin DNS – fie un fis, ier zona, fie ozona live

I prima implementare – RBL (Real-time Blackhole List)

I The Spamhaus Project


Postgrey

I Postfix Greylisting Policy Server

I apt-get install postgrey

I /etc/postgrey/whitelist_*

I conexiuni pe portul 60000 localI ın /etc/postfix/main.cf

I smtpd_recipient_restrictionsI check_policy_service inet:127.0.0.1:60000


Blacklisting ın Postfix

I smtpd_recipient_restrictions

I reject_rbl_client sbl-xbl.spamhaus.org


SpamAssassin

I e-mail spam filtering

I content-matching rule

I DNS-based, Bayesian filtering, external programs, blacklists

I apt-get install spamassassin

I /etc/default/spamassassin – enable

I /etc/init.d/spamassassin

I grup s, i utilizator aferent (spamd)


Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


Cuvinte cheie

I e-mail

I MTA, MUA, MSA, MDA

I SMTP, POP3, IMAP

I mbox, Maildir

I /var/mail/

I Postfix

I /etc/postfix/main.cf

I /etc/postfix/master.cf

I postconf

I mail

I /etc/aliases

I newaliasias, postalias

I domenii virtuale

I casut,e pos, tale virtuale

I Courier-IMAP

I userdb

I Maildrop

I SASL

I saslauthd

I TLS

I SSL

I greylisting, blacklisting

I postgrey

I SpamAssassin


Resurse utile

I http://www.postfix.org/

I http://www.courier-mta.org/maildrop/

I http://www.courier-mta.org/imap/

I http://en.wikipedia.org/wiki/Simple_Authentication_and_

Security_Layer

I http://en.wikipedia.org/wiki/DNSBL

I http://postgrey.schweikert.ch/

I http://spamassassin.apache.org/


http://www.postfix.org/

http://www.courier-mta.org/maildrop/

http://www.courier-mta.org/imap/

http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer

http://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer

http://en.wikipedia.org/wiki/DNSBL

http://postgrey.schweikert.ch/

http://spamassassin.apache.org/

Outline

E-mail

Postfix

Courier IMAP

Maildrop

E-mail security

Anti-spam

Incheiere

Intrebari


Curs 8 - Serviciul de e-mailandrei.clubcisco.ro/cursuri/f/f-sym/5master/sric-gsr/...Servere de...

Documents

Transcript of Curs 8 - Serviciul de e-mailandrei.clubcisco.ro/cursuri/f/f-sym/5master/sric-gsr/...Servere de...