Some Terminology
|
Part
|
What it Does
|
Example
|
|
Mail User Agent (MUA)
|
The MUA is the program which the user uses to read and send e-mail. It reads incoming messages that have been delivered to the user’s mailbox, and passes outgoing messages to an MTA for sending.
|
elm, pine, mutt
|
|
Mail Transfer Agent (MTA)
|
The MTA basicly acts as a “mail router”. It accepts a message passed to it by either an MUA or another MTA, decides based upon the message header which delivery method it should use, and then passes the message to the appropriate MDA for that delivery method.
|
sendmail, postfix, qmail
|
|
Mail Delivery Agent (MDA)
|
The MDA accepts a piece of mail from an MTA and performs the actual delivery.
|
mail.local, procmail
|
Structure of an Email Message
Email messages are compose of two parts:
1. Headers (lines of the form “field: value” which contain information about the message, such as “To:”, “From:”, “Date:”, and “Message-ID:”)
2. Body (the text of the message)
From johndoe@students.uiuc.edu Mon Jul 5 23:46:19 1999
Received: (from johndoe@localhost)
by students.uiuc.edu (8.9.3/8.9.3) id LAA05394;
Mon, 5 Jul 1999 23:46:18 -0500
Received: from staff.uiuc.edu (staff.uiuc.edu [128.174.5.59])
by students.uiuc.edu (8.9.3/8.9.3) id XAA24214;
Mon, 5 Jul 1999 23:46:25 -0500
Date: Mon, 5 Jul 1999 23:46:18 -0500
From: John Doe
To: John Smith
Message-Id:
Subject: This is a subject header.
This is the message body. It is seperated from the headers by a blank line.
SMTP and the Message Envelope
Postfix:
Download the postfix from http://www.postfix.org/. You can install both from tar.gz or rpm. Installation of postfix is straight forward. For rpm:
rpm –ivh postfix.version.rpm
For tar :
[root@mail postfix]# tar -zxvf postfix-2.1.5.tar.gz
[root@mail postfix]# rpm -qa | grep postifx
[root@mail postfix]# rpm -qa | grep sendmail
[root@mail postfix]# groupadd postfix
[root@mail postfix]# useradd -g postfix -s /bin/false postfix
[root@mail postfix]# groupadd postdrop
[root@mail postfix]# make
[root@mail postfix]# make install
The configuration files of postfix are in /etc/postfix folder. To make postfix work we mainly need to change two files. These are: main.cf and transport. The main.cf contains all the major configuration parameters.
The following is a sample postfix main.cf file:
|
/etc/postfix/main.cf
|
|
# Install Time Configuration
sendmail_path = /usr/sbin/sendmail
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
manpage_directory = /usr/local/man
sample_directory = /etc/postfix
readme_directory = no
html_directory = no
queue_directory = /var/spool/postfix
daemon_directory = /usr/libexec/postfix
command_directory = /usr/sbin
mail_owner = postfix
myhostname = hostname.domain.com
mydomain = domain.com
myorigin = $myhostname
mydestination= $myhostname, localhost.$mydomain, localhost
mynetworks = 10.0.0.0/8, 127.0.0.0/8
smtpd_banner = $myhostname ESMTP
header_checks = regexp:/etc/postfix/header_checks
smtpd_client_restrictions = hash:/etc/postfix/access
smtpd_sender_restrictions = reject_unknown_sender_domain, hash:/etc/postfix/access
smtpd_recipient_restrictions = hash:/etc/postfix/access, reject_rbl_client bl.spamcop.net, reject_non_fqdn_recipient, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_mynetworks, reject_unauth_destination, reject_multi_recipient_bounce
biff = no
smtpd_helo_required = yes
maximal_queue_lifetime = 2d
queue_run_delay = 3600s
ignore_mx_lookup_error = yes
smtp_always_send_ehlo = yes
default_destination_concurrency_limit = 10
default_destination_recipient_limit = 20
default_process_limit = 150
best_mx_transport = local
disable_vrfy_command = yes
alias_database = hash:/etc/postfix/aliases
mydestination = $myhostname, localhost.$mydomain, hash:/etc/postfix/transport
relay_domains = hash:/etc/postfix/transport
alias_database = hash:/etc/aliases
transport_maps = hash:/etc/postfix/transport
message_size_limit = 80000000
mailbox_size_limit = 1000000000
|
Explanation of the sample postfix main.cf configuration settings:
|
queue_directory
|
Postfix’s work directory. Where all the mail will be temporarily stored until it is delivered.
|
|
daemon_directory
|
Specifies the location of all the postfix programs.
|
|
command_directory
|
Specifies the location of all post* commands.
|
|
mail_owner
|
Specifies the user account that will own the mail queues.
|
|
myhostname
|
The name of this computer including the domain part. This is used when adding received by headers in email messages.
|
|
mydomain
|
This specifies the domain of this current computer.
|
|
myorigin
|
This name is added to locally originating email. So if you sent yourself a message from root, it would appear to come from root@mta1.domain.com.
|
|
mydestination
|
This setting tells postfix what domains it is the final destination for. This should be left at the default, and your domain should instead be listed in the transport file.
|
|
mynetworks
|
This setting tells postfix what networks it should consider local. In other words, computers connecting from any of these networks will be able to relay mail, etc. In our case, we put 127.0.0.0 (for localhost) and 10.0.0.0 (for any internal computer).
|
|
relay_domains
|
This setting tells postfix which domains it should relay. In this setting, we specify the transport file (which we’ll create below). This simply lists domains each on separate lines.
|
|
biff
|
This setting tells postfix not to use the biff program to let local users know that they have new email.
|
|
message_size_limit
|
This sets the maximum size of a message. Messages larger than 80 megs will be rejected. You can increase or decrease this based on your own server requirements.
|
|
mailbox_size_limit
|
This sets the maximum size of local mailbox files. We set it to 100 megs, although it should never reach this high because our only local mailboxes are spam and notspam
|
|
smtpd_banner
|
This is the banner that is displayed to connecting computers. It is a good security practice to give as little information as possible. I’ve included just the essentials.
|
|
transport_maps
|
This setting tells postfix where to find the transport information. The transport file is where we tell Postfix where to route certain mail. In our case, this file is where we tell Postfix that mail for domain.com should be delivered to our exchange server.
|
|
local_transport
|
This setting tells postfix that all local mail should be delivered using the local delivery agent.
|
|
smtpd_helo_restrictions, smtpd_sender_restrictions, smtpd_recipient_restrictions
|
These settings are used to deny access to postfix based on the HELO command, the sender, or the recipient. The recipient restrictions settings are used to prevent our mail server from being used as an open. You can get the details from http://www.postfix.org/uce.html
|
|
header_checks
|
The header_checks parameter restricts what is allowed in message headers. Patterns are applied to entire logical message headers, even when a header spans multiple lines of text.
|
Now change the transport file. The transport file contains the domain which have the relay access. The sample transport look like this:
|
/etc/postfix/transport
|
|
domain.com local:
.domain.com local:
|
Run the following command:
|
Syntex
|
Comment
|
|
cp /etc/postfix/aliases /etc/
|
#copy the aliases file to /etc
|
|
postalias /etc/postfix/aliases
|
#create the aliases.db file
|
|
postalias /etc/ aliases
|
#create the aliases.db file
|
|
postmap /etc/postfix/transport
|
#create the transport.db file
|
You can now start postfix using the postfix start command. Please check from netstat –nat output that port 25 is opne. You should test to make sure that you can connect to the SMTP interfaces on port 25. To do this use the command:
telnet localhost 25
The server should respond with:
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
220 mta1.domain.com ESMTP
press ctrl-], then type ‘quit’ to quit
For further troubleshoot please check the maillog from /var/log/maillog.
Sample /etc/postfix/access file:
zakat.guide@gmail.com 550 Sorry, You are BLOCKED
xxx@123.net 550 Sorry, You are BLOCKED on Our Network
83.156.130.100 550 Sorry, You are BLOCKED on Our
221.29.132.160 550 Sorry, You are
Sample /etc/postfix/header_checks file:
/^From: khatun@123.net.ae/ REJECT Your PC is Virus Infected, Clean it first.
/^Subject: No More Guessing/ REJECT I can’t except mail from you!!.
/^Subject: 5 Minute Auto Loan/ REJECT I can’t except mail from you!!.
/^Subject: YOU JUST WONT A FREE GREENCARD!/ REJECT I can’t except mail from you!!.
/^Subject: You Have A Tiffany Bracelet Waiting For You/ REJECT I can’t except mail from you!!.
Sample /etc/postfix/body_checks file:
/Your Place Can Be Improved/ REJECT You are BLOCKED on Our Network.
/Your Private Or Company Account/ REJECT You are BLOCKED on Our Network.
/Your Secure Investment/ REJECT You are BLOCKED on Our Network.
/Your Spouce Cheating Online/ REJECT You are BLOCKED on Our Network.
/Yourthings.com.br/ REJECT You are BLOCKED on Our Network.
/Young Hot Bitches/ REJECT You are BLOCKED on Our Network.
/Young Teen Bitches/ REJECT You are BLOCKED on Our Network.
Blind Carbon Copy Maps
# vi /etc/postfix/main.cf
# always_bcc = root → copy all the incoming & outgoing mail to the user root
# sender_bcc_maps = hash:/etc/postfix/sender_bcc → this is one to one carbon copy. In the file we define which users mail are copied.
# vi /etc/postfix/sender_bcc → user (sender to match) root(BCC receipent) [mail send by user is BCC to root]
# postmap /etc/postfix/sender_bcc
SMTP Authentication
You have to go through the following steps:
- install Cyrus-SASL
- configure Cyrus-SASL
- configure Postfix source-code with Cyrus-SASL support
- build Postfix
- (re)install Postfix
- configure Postfix to use the SASL SMTP features
Cyrus-SASL
SASL comes with default linux installation which is ok for us. Or we can install it from cyrus-sasl packages. We need the cyrus-sasl and cyrus-sasl-devel program along with one or more authentication mechanism. If it is install or not we can check it from rpm -q cyrus-sasl.
The initial script is located in /etc/init.d/saslauthd
Reinstall Postfix
Need to recompile the postfix to support SMTP Authentication
# rpm -qa|grep cyrus → need to support authentication
# cd /root/postfix-2.1.5
# make tidy → clean up the installation
# make makefiles CCARGS=”-DUSE_SASL_AUTH -DUSE_CYRUS_SASL -I/usr/include/sasl” AUXLIBS=”-L/usr/lib -lsasl2”
# make install
# postconf | grep smtpd_sasl
# postconf | grep smtpd_recipient_restriction
# postconf -a
# vi /etc/postfix/main.cf
# smtpd_sasl_auth_enable = yes
# smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
# cd /usr/lib/sasl2
# vi smtpd.conf → pwcheck_method: saslauthd
mech_list: plain login
#ln -s /usr/lib/sasl2 /usr/local/lib/sasl2
# saslpasswd2 username
Check for SMTP AUTH support
telnet localhost 25
S: 220 mail.example.com ESMTP Postfix
C: EHLO example.com
S: 250-mail.example.com
S: 250-PIPELINING
S: 250-SIZE 10240000
S: 250-VRFY
S: 250-ETRN
S: 250-AUTH PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-AUTH=PLAIN LOGIN DIGEST-MD5 CRAM-MD5 GSSAPI
S: 250-XVERP
S: 250 8BITMIME
C: quit
S: 221 Bye
