Servizi di posta elettronica

Servizi di posta elettronica Serate a tema Amministrazione sistemi Linux 26 aprile 2010 Marco Moser Linuxtrent

Contesto

Termini Mail User Agent legge la posta via file, pop3, imap (mutt, thunderbird, webmail) Mail Transfer Agent riceve, spedisce, inoltra via smtp (sendmail, postfix, qmail) Mail Delivery Agent consegna la posta (procmail, deliver, lda)

Protocollo SMTP Simple Mail Transport Protocol (1982) Porta 25 Legge (e scrive) gli header dell'email ascii a 7bit Non certifica il mittente dei messaggi ESMTP (2008) 8bit, uft8, starttls, autenticazione,...

Esempio SMTP telnet www.example.com 25 S: 220 www.example.com ESMTP Postfix C: HELO mydomain.com S: 250 Hello mydomain.com, pleased to meet you C: MAIL FROM: <sender@mydomain.com> S: 250 sender@mydomain.com... Sender ok C: RCPT TO: <friend@example.com> S: 250 friend@example.com... Recipient Ok C: DATA S: 354 End data with "." on a line by itself C: Subject: messaggio di prova C: From: sender@mydomain.com C: To: friend@example.com C: C: Ciao, C: questa è una prova. C:. S: 250 Ok: queued as 12345 C: QUIT S: 221 Bye * wikipedia

Protocollo POP Post Office Protocol (ver. 3) Porta 110 (plain o starttls) oppure 995 (ssl) Autentica l'utente Elenca, mostra e cancella la posta

Esempio POP telnet www.example.com 110 S:+OK <22593.1129980067@example.com> C:USER pippo S:+OK C:PASS pluto S:+OK C:LIST S:+OK 1 817 2 124. C:RETR 1 S:+OK Return-Path: <pippo@example.org> Delivered-To: pippo@example.org Date: Sat, 22 Oct 2005 13:24:54 +0200 From: Mario Rossi <mario@rossi.org> Subject: xxxx Content-Type: text/plain; charset=iso-8859-1 testo messaggio. C:DELE 1 S:+OK C:QUIT S:+OK * wikipedia

Protocollo IMAP Internet Message Access Protocol (ver. 4 1996) Porta 143 (plain o starttls) oppure 993 (ssl) Autentica utente instaura una sessione, consente l'accesso concorrente all'account Elenca, mostra, cancella e archivia la posta organizzazione in cartelle, flags (letta, inoltrata,..., di lavoro, urgente), primitive per la ricerca Scaricamento parziale dell'email (mime) Shared folders

Esempio IMAP telnet imap.joker.net 143 * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] joker.net IMAP4rev1 2001.315 at Sun, 13 Jul 2003 22:09:17 +0200 (CEST) a100 LOGIN homer onslls a100 OK [CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS SCAN SORT THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User homer authenticated a101 select inbox * 2 EXISTS a102 fetch 1:2 (flags body[header.fields (subject)])... a103 FETCH 1 (body[text]) * 1 FETCH (BODY[TEXT] {105} Messaggio di prova, Blah blah a104 STORE 1 +FLAGS (\Deleted) * 1 FETCH (FLAGS (\Seen \Deleted NonJunk)) a104 OK STORE completed a106 LOGOUT a106 OK LOGOUT completed * openskill.info

Esempio Email Return-Path: <info@oltrefersina.it> Delivered-To: info@oltrefersina.it Received: from smtp-out05a.alice.it (smtp-out05a.alice.it [85.33.3.5]) by mail.oltrefersina.it (Postfix) with ESMTP id 4D319CF8005 for <info@oltrefersina.it>; Sat, 24 Apr 2010 11:37:16 +0200 (CEST) Received: from FBCMMO04.fbc.local ([7.168.68.254]) by smtp-out05a.alice.it with Microsoft SMTPSVC(6.0.3790.3959); Sat, 24 Apr 2010 11:37:16 +0200 Received: from FBCMCL01B02.fbc.local ([192.168.69.83]) by FBCMMO04.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Sat, 24 Apr 2010 11:36:50 +0200 Received: from [192.168.1.100] ([87.2.104.48]) by FBCMCL01B02.fbc.local with Microsoft SMTPSVC(6.0.3790.3959); Sat, 24 Apr 2010 11:36:50 +0200 Message-ID: <4BD2BBB3.20608@oltrefersina.it> Date: Sat, 24 Apr 2010 11:36:51 +0200 From: "Polisportiva Oltrefersina.it" <info@oltrefersina.it> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4 MIME-Version: 1.0 To: Polisportiva Oltrefersina <info@oltrefersina.it> Subject: prova Content-Type: text/plain; charset=iso-8859-15; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 24 Apr 2010 09:36:50.0685 (UTC) FILETIME=[AAAF2AD0:01CAE391] Email di prova

MIME Multipurpose Internet Mail Extensions Supporta il trasporto di mail non-ascii e multipart Header non ascii Subject: =?ISO-8859-15?Q?perch=E8_poich=E8?= Content-Transfer-Encoding: 8bit... Content-Type: multipart/mixed; boundary="----_=_nextpart_001_01c9e9b3.91ed543c"... ------_=_NextPart_002_01C9E9B3.91ED543C Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable

MTA Sendmail (Allman 1980) storico ma ostico da configurare Qmail (Berstein 1995) nasce molto sicuro (taglia 1 bug = 1.000$), da compilare, oggi la licenza e' public domain, e' un progetto fermo Postfix (IBM, Venema 1997) sicuro, flessibile e diffuso Altri: Exim, Apache James,...

Postfix minimale Server minimale email per utenti locali (/etc/passwd) + invio al mondo apt-get install postfix mailx vi /etc/postfix/main.cf myhostname=mail.oltrefersina.it mydestination = $myhostname, localhost. $mydomain, localhost mynetworks = 127.0.0.0/8

Postfix minimale vi /etc/aliases root: info@oltrefersina.it /usr/bin/newaliases /etc/init.d/postfix restart Test mailx -s OK marcomoser info@oltrefersina.it prova email

Postfix utility mailq coda messaggi postsuper -r AEF2ACF8004 rimuove dalla coda postqueue -f svuota coda tail -f /var/log/mail.info file di log /var/spool/mail/ caselle mbox

Postfix Alice Mail server con relay su alice business apt-get install libsasl2-modules vi /etc/postfix/main.cf myhostname=server1 mydestination = $myhostname, localhost. $mydomain, localhost mynetworks = 127.0.0.0/8 192.168.0.0/24 relayhost = [mail.191.biz]

Postfix Alice main.cf smtp_sasl_auth_enable = yes smtp_sasl_type = cyrus smtpd_use_tls = no smtp_sasl_security_options = noanonymous # evita ntlm smtp_sasl_mechanism_filter = LOGIN smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd # logging debug_peer_list = mail.191.biz vi /etc/postfix/sasl_passwd mail.191.biz postmap /etc/postfix/sasl/sasl_passwd xxx@yyy.191.it:xpasswordx

Poor programmer - antispam Postgrey greylisting (rifiuto temporaneo) Real-time Blackhole List elenco di host sconsigliati vi main.cf smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, reject_rbl_client bl.spamcop.net, check_policy_service inet:127.0.0.1:60000

Antispam Apache SpamAssasin bayesian: filtra la posta in ingresso valutandone il contenuto [perl] DSPAM autoapprendimento, filtri bayesian [c] + gui Amavis spamassasin + clamav (antivirus) ASSP smtp proxy server (bayesian, rbl, urirbl, greylisting, ) + gui ThunderBayes++ Thunderbird plugin

Utenti virtuali # Crea user vmail groupadd -g 5000 vmail useradd -m -u 5000 -g 5000 -s /bin/false vmail vi main.cf # elenco dei domini per cui accettare la email virtual_mailbox_domains = /etc/postfix/vhosts # homedir delle caselle virtual virtual_mailbox_base = /home/vmail virtual_uid_maps = static:5000 virtual_gid_maps = static:5000 # elenca puntualmente tutte le caselle postali e directory relativa virtual_mailbox_maps = hash:/etc/postfix/vmailbox # elenca tutti gli alias virtual_alias_maps = hash:/etc/postfix/valias

Utenti virtuali vi /etc/postfix/vhosts oltrefersina.it vi /etc/postfix/vmailbox info@oltrefersina.it moser@oltrefersina.it calcio@oltrefersina.it vi /etc/postfix/valias postmaster@oltrefersina.it oltrefersina.it/info/ oltrefersina.it/moser/ oltrefersina.it/calcio/ info@oltrefersina.it postmap /etc/postfix/vmailbox postmap /etc/postfix/valias Postfix reload

Dovecot T.Sirainen, Finlandia (2002) Ubuntu 8.04 1.0, beta 2.0 server IMAP e POP3 con supporto per i protocolli sicuri IMAPS e POPS, TLS e SSL caselle di posta in entrambi i formati: mbox e Maildir. Autenticazione degli utenti passwd, pam, ldap, sql Implementa un lda con mail quota e sieve (vacation, redirect) Parla con postfix sasl (scenario server) Sicurezza taglia 1 bug = 1.000 Euro

LDA apt-get install dovecot-imapd dovecot-pop3d vi /etc/dovecot/dovecot.conf protocols = imap imaps pop3 pop3s # outlook non ha il tls disable_plaintext_auth = no mail_location = maildir:/home/vmail/%d/%n # abilita il local delivery agent + sieve script protocol lda { # Address to use when sending rejection mails. postmaster_address = info@oltrefersina.it # Enabling Sieve plugin for server-side mail filtering mail_plugins = cmusieve }

Auth + Sieve auth default { # il methodo login e' usato da outlook (sasl) mechanisms = plain login #passdb passwd-file { # quello solo per deny = yes #passdb pam { passdb passwd-file { args = /home/dovecot/passwd-%d } userdb passwd-file { args = /home/dovecot/passwd-%d } # user needs access to only user and password databases user = root ## dovecot-lda specific settings ## socket listen { master { path = /var/run/dovecot/auth-master mode = 0600 user = vmail # User running Dovecot LDA #group = vmail # Or alternatively mode 0660 + LDA user in this group } } plugin { sieve = /home/vmail/%d/%n/sieve }

Postfix - Dovecot vi /etc/postfix/main.cf dovecot_destination_recipient_limit = 1 virtual_transport = dovecot vi /etc/postfix/master.cf # service type private unpriv chroot wakeup maxproc command + args # dovecot lda dovecot unix - n n - - pipe flags=drhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

File utenti + sieverc Vi /etc/dovecot/passwd # user:password:uid:gid:(gecos):home:(shell):extra_fields moser@oltrefersina.it:{plain}xxx:5000:5000 vi /home/vmail/oltrefersina.it/moser/sieverc require "fileinto"; # mailing linuxtrent if header :contains "to" "linuxtrent@freelists.org" { fileinto "Mailing.Linuxtrent"; stop; } if header :contains "to" "soci@linuxtrent.it" { fileinto "Mailing.Soci Linuxtrent"; stop; }

Qmail + vpopmail + qmailadmin Vpopmail (Inter7 GPL) virtual domains, virtual users file system, sql, ldap Gui per l'amministratore e per gli utenti (forward, vacation, autoresponder) Nota dolente... si parte dai sorgenti: qmail, vpopmail, dovecot/courier-imap

Qmailadmin (web)

Mozilla Thunderbird

NOCC

RoundCube

Groupware Overlook (openit) rubrica, calendario (condivisi) Egroupware Zimbra Horde SugarCRM

Conclusioni Fonti: http://it.wikipedia.org http://www.postfix.org http://wiki.dovecot.org/ http://openskill.info/ Licenza della presentazione: Autore: Marco Moser <marco@marcomoser.it> Licenza: Creative Commons Attribuzione - Condividi allo stesso modo 2.5 Italia License http://creativecommons.org/licenses/by-sa/2.5/it/