Table of Contents. Email Architecture. Organisation. Structure of the organisation. Structure. with sendmail and postfix.



Similar documents
Architecture. with sendmail and postfix. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam. September 30, 2008

Linux Network Administration

sendmail Cookbook Craig Hunt O'REILLY' Beijing Cambridge Farnham Koln Paris Sebastopol Taipei Tokyo

Workflow Configuration on R12/R11. High Level Steps. SENDMAIL configuration mostly done by System Administrator Workflow configuration for R12

Postfix Configuration and Administration

Table of Contents. Electronic mail. History of (2) History of (1) history. Basic concepts. Aka (or according to Knuth)

Ficha técnica de curso Código: IFCAD241

Mail system components. Electronic Mail MRA MUA MSA MAA. David Byers

QMAIL & SMTP: A Secure Application for an Unsecure Protocol. Orr Dunkelman. orrd@vipe.technion.ac.il. January 27, 2004 SMTP and QMAIL Slide 1

How To Write An On A Linux Computer (No Mail) (No ) (For Ahem) (Or Ahem, For Ahem). (For An ) Or Ahem.Org) (Ahem) Or An

Postfix. by Rod Roark

Mail agents. Introduction to Internet Mail. Message format (2) Authenticating senders

CipherMail Gateway Quick Setup Guide

Emacs SMTP Library. An Emacs package for sending mail via SMTP. Simon Josefsson, Alex Schroeder

Marketing with OpenEMM. Installation, Configuration and Operation

SMTP Servers. Determine if an message should be sent to another machine and automatically send it to that machine using SMTP.

How To Configure Multiburb Smt On A Sidewinder G2 In A Load Sharing Environment

debops.postfix documentation

Fast, flexible & efficient delivery software

OpenSRS Service DNS Configuration Guide

Mail Avenger. David Mazières New York University

ENTERPRISE LINUX NETWORKING SERVICES

GL275 - ENTERPRISE LINUX NETWORKING SERVICES

Implementing a SPAM and virus scanning mail server using RedHat Linux 8.0

Math SMTP Server Configuration

Implementing a SPAM and virus scanning mail server using RedHat Linux 8.0

Implementing MDaemon as an Security Gateway to Exchange Server

KASPERSKY LAB. Kaspersky SMTP-Gateway 5.5 for Linux/Unix ADMINISTRATOR S GUIDE

Lecture 2 CS An example of a middleware service: DNS Domain Name System

Ensim WEBppliance 3.1 for Linux (LH) Release Notes

Configure a Mail Server

Internet Security [1] VU Engin Kirda

Certified Spam Assassin Professional VS-1114

SIOS Protection Suite for Linux v Postfix Recovery Kit Administration Guide

OpenSMTPD : We deliver!

Exchange 2007/2010 Journaling for Cryoserver

MailEnable Scalability White Paper Version 1.2

KASPERSKY LAB. Kaspersky Anti-Virus 5.5 for Linux and FreeBSD Mail Servers ADMINISTRATOR S GUIDE

GL-275: Red Hat Linux Network Services. Course Outline. Course Length: 5 days

A Modular Architecture Using Open Source Components

w e p r o t e c t d i g i t a l w o r l d s NOD32 for Linux/BSD Mail Server Installation Manual and User s documentation

OpenSMTPD: we deliver

KASPERSKY LABS. Kaspersky Anti-Virus 5.0 for Linux, FreeBSD and OpenBSD Mail Servers ADMINISTRATOR S GUIDE

Articles Fighting SPAM in Lotus Domino

Postfix: Status Quo current development an overview

Load Balancing Exchange 2007 SP1 Hub Transport Servers using Windows Network Load Balancing Technology

Change is Coming: z/os Mail Overview and Futures

Service Overview & Installation Guide

ENTERPRISE LINUX NETWORKING SERVICES

1 Thunderbird v3 and IMAP/SMTP Configuration

Filtering Mail with Milter. David F. Skoll Roaring Penguin Software Inc.

"Charting the Course... Enterprise Linux Networking Services Course Summary

Important Information

The Domain Name System


Domain Name System (DNS)

EMB. Basics. Goals of this lab: Prerequisites: LXB, NET, DNS

Serial Deployment Quick Start Guide

Cannot send Autosupport , error message: Unknown User

F-Secure Messaging Security Gateway. Deployment Guide

FaxCore Ev5 -To-Fax Setup Guide

Configuring Your Gateman Server

SonicWALL Security Appliance Administrator Guide

Cryoserver Archive Lotus Notes Configuration

KASPERSKY LAB. Kaspersky Mail Gateway 5.6 ADMINISTRATOR S GUIDE

Copyright

GRAYWALL. Introduction. Installing Graywall. Graylist Mercury/32 daemon Version 1.0.0

Lab Tasks 1. Configuring a Slave Name Server 2. Configure rndc for Secure named Control

Table of Contents. Index. Search the text of TCP/IP Network Administration. Symbols A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

ETH Zürich - Mail Filtering Service

Best Practices Revision A. McAfee Gateway 7.x Appliances

W3Perl A free logfile analyzer

Scaling DBMail with MySQL

ESET Mail Security & Zarafa 7 infrastructure Integration

The Application Layer: DNS

KB Windows 2000 DNS Event Messages 1 Through 1614

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt

Ubuntu Sever Administration

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Exim4U. Server Solution For Unix And Linux Systems

What is included in the ATRC server support

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Gateway

Installing Policy Patrol on a separate machine

Service Launch Guide (US Customer) SEG Filtering

How to set up the Integrated DNS Server for Inbound Load Balancing

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

Talk Internet User Guides Controlgate Administrative User Guide

Transcription:

Table of Contents Email Architecture with sendmail and postfix dr. C. P. J. Koymans Informatics Institute University of Amsterdam October 5, 2009 Structure Email flows Sendmail Postfix Other MTA s Organisation Structure of the organisation Say O is an example organisation A is an autonomous suborganisation M is a managed suborganisation a is an autonomous part of M m is a managed part of M O A M a m

DNS mirrors the structure Email mirrors the structure Where are the cuts? O.org. A.O.org. M.O.org. a.m.o.org. m.m.o.org. mail.* are mail relays and servers mail.o.org. mail.a.o.org. mail.m.o.org. mail.a.m.o.org. mail.m.m.o.org. MX records (1) MX records (2) O.org. MX 0 mail.o.org. A.O.org. MX 0 mail.a.o.org. 10 mail.o.org. M.O.org. MX 0 mail.m.o.org. 10 mail.o.org. a.m.o.org. MX 0 mail.a.m.o.org. 5 mail.m.o.org. 10 mail.o.org. m.m.o.org. MX 0 mail.m.m.o.org. 5 mail.m.o.org. 10 mail.o.org.

Email addresses Email forwarding Employee The Boss working in department a boss@a.m.o.org The.Boss@M.O.org emp0@o.org emp0@o.org is forwarded to The.Boss@M.O.org, which is in turn forwarded to boss@a.m.o.org Forwarding can be user based (.forward) system based (alias file or database) SMTP flow (inbound) (1) SMTP flow (inbound) (2) Directly to mailhost in MX record emp0@o.org enters at top boss@a.m.o.org enters at leaf Always to mail.o.org. Requires split DNS Different outside MX record for a.m.o.org., pointing to mail.o.org. Alternatively block port 25 from the outside

SMTP flow (outbound) Mail access Directly to outside world No corporate policy Needs smart hosts decentrally Flowing up the tree step by step Uses the smart host option Directly to the top of the tree Uses the smart host option Only leaf mail servers supply mail access Intermediate servers are relay only In case you want to deliver higher in the tree Create an extra child for mail delivery Separate SMTP relay from local delivery and IMAP access sendmail configuration (Ubuntu 8.04.1) sendmail configuration directory (Ubuntu 8.04.1) Debian specific (based on sendmail 8.14.2) Has an extensive init script to control sendmail execution Uses a separate sendmail.conf file to source inside init script Uses a helper program (sendmailconfig) to generate the main configuration file sendmail.mc /etc/mail as configuration directory sendmail.mc, which is used to generate sendmail.cf using the m4 macro processor local-host-names aliases access...

m4 macros (Ubuntu 8.04.1) sendmail.mc Inside /usr/share/sendmail/cf m4 source files m4/* cf.m4, cfhead.m4, proto.m4 debian/*, domain/*, feature/*,... hack/*, mailer/*, ostype/*,... OSTYPE(debian) DOMAIN(debian-mta) DAEMON_OPTIONS(... ) FEATURE(... ) no_default_msa access_db... MAILER local smtp debian.m4 debian-mta.m4 define(conf... ) Lots of configuration parameters, to name a few confsmtp_login_msg confcw_file confdef_user_id Many more conf... options confmax_hop confdont_blame_sendmail All kinds of TimeOut(TO)-timers confto_mail confto_quit...

sendmail.cf macros sendmail.cf hostnames Macros C<class> ($=<class>) F<class_in_file> Fw/etc/mail/local-host-names D<name> ($<name>) sendmail -bt -d0.4 Debugging local hostname(s) $j=$w.$m What is inside $=w class? Many hostnames, also numeric sendmail.cf map lookup sendmail.cf options K<mapname> <type> <detail> mailertable hash -o /etc/mail/mailertable.db generics hash -o /etc/mail/genericstable.db virtuser hash -o /etc/mail/virtusertable.db AliasFile ForwardPath DaemonPortOptions (UseMSP) Timeout *LA (Queue, Refuse, Delay) SmtpGreetingMessage...

sendmail.cf headers sendmail.cf rulesets HReceived: $?sfrom $s $.$?_($?s$ from $.$_) $.$?{auth_type}(authenticated$?{auth_ssf} bits=${auth_ssf}$.) $.by $j ($v/$z)$?r with $r$. id $i$?{tls_version} (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u for $u; $ ; $.$b S<name>=<number> canonify=3 (always first) parse=0 (resolves <mailer,host,user>) check_relay (to disable open relaying) check_mail (checks MAIL FROM:) check_rcpt (checks RCPT TO:) sendmail.cf rules Sendmail ruleset testing LHS (Left Hand Side) $*, $+, $- (token matching) $@ (matching zero tokens, used for empty input) $=, $ (class matching) RHS (Right Hand Side) $1, $2,... (substitution) $:, $@ (control flow) $>, $?$ $. (recursion; conditional) $[... $], $(... $) (IP lookup; map lookup) sendmail -bt =S<ruleset>, =M $<m>, $=<c> /parse <address> /try <mailer> <address> /map <map> <lookup>

sendmail.cf mailers A new kid on the block? M<mailer> <attributes> local (maybe procmail as MDA) prog, *file*, *include* (builtin) smtp, esmtp, smtp8, relay, bsmtp, fido procmail (as mail filter, called with -m ) Projects to modernise sendmail Sendmail X, which has been succeeded by MeTA-1 Resembles Postfix and qmail in architecture All processes are resident and not semi-resident (as in Postfix) or on demand (as in qmail) Postfix General postfix features (Mostly) compatible with sendmail supplies /usr/{lib,sbin}/sendmail emulation Good performance Safe and secure Modular and flexible Support for multiple transports Easy virtual domain configuration Extensive UCE/SPAM control Rewriting through table lookups

Postfix modular setup Postfix queues One resident master process compare to inetd super server Some semi-resident daemons started via master.cf file something like inetd.conf maildrop (local incoming) incoming (after cleanup) active (being worked on) deferred (temporary failure) hold (needs human intervention) corrupt (needs human inspection) Postfix security Postfix daemons Is not setuid root Uses chroot environment Is modular and not monolithic Filtering of outside information pickup (mail from maildrop via postdrop ( sendmail )) smtpd (remote mail from the Internet) cleanup (repairs incoming mail) qmgr (processes mail queues) local (local delivery) smtp (remote delivery)

Postfix assistants Postfix/Sendmail tables (trivial-)rewrite canonicalisation (compare ruleset 3 ) resolving (compare ruleset 0 ) bounce error mailer defer messages Postfix virtual canonical transport access relocated Sendmail virtusertable genericstable mailertable access - (aliases) Postfix architecture inbound Postfix architecture outbound

qmail Exim Who looked at qmail and wants to explain? Who looked at Exim and wants to explain?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information