1 / 60

Unix Linux Administration II

Unix Linux Administration II. Class 8: Introduction to sendmail. Scripting read and printf. Introduction to Postfix. Agenda. discuss Homework. Setting up your CA Script using a loop script using GETOPTS Review last class Unit 1: Introduction to sendmail

Download Presentation

Unix Linux Administration II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unix Linux Administration II Class 8: Introduction to sendmail. Scripting read and printf. Introduction to Postfix.

  2. Agenda • discuss Homework. • Setting up your CA • Script using a loop • script using GETOPTS • Review last class • Unit 1: Introduction to sendmail • Unit 2: Scripting read and printf • Unit 3: Introduction to postfix Class evaluations.

  3. Homework review • Creating your CA certificate • Add user pkiadmin, create folder structure. • Create private key and csr • Once cert returned create chain file, create new ssl cert for www and update your web config. • Using a loop in your script, for f in .. • Expanding the GETOPTS sample script.

  4. Review: loops and breaks For loops: • for f in a b c; do echo "found: $f"; done • for f in $(cat filelist.txt); do echo $f; done • for f in $(cat filelist.txt); do cat $f; done $* vs $@, $@ provides a comma separated list Until and While: • while loops, if the exit status is zero the loop is entered. • until, if the exit status is NOT zero the loop is entered. Break and continue are used to manipulate the loop behavior.

  5. Review: Options and GETOPTS Passing options to your script manually. if [ "$1" = "-a" ] then option=TRUE shift GETOPTS is a built-in shell function. GETOPTS loops through arguments looking for a “-” before any arguments and determines if it is a valid option. If arguments are required with the options then you simple add a “:” after the option in your script the GETOPTS will require one.

  6. Review: PKI Private keys, Public certificates and CSR public CA Chain of Trust Chain certificates PKI setup private key, csr signed cert. sign other requests (CSR).

  7. Class 8, Unit 1 What we are going to cover: • Sendmail What you should leave this session with: • DNS mail configuration • Basic Sendmail message flow and configuration.

  8. DNS and mail In order for mail to routed to your server there must be a valid MX or mail server record in the DNS domain. MX records are another type of Resource Record (RR) just as Name Servers are of type NS. Once we add MX records we should have at least four RR types defined in our domain zone files. Just as CNAMES and NS RR always need to eventually point to A records, so do MX records.

  9. DNS and mail cont. Mail servers have priority ratings which are different from other DNS records. The values are somewhat arbitrary but tend to run from 10 to 90 The lower value the higher the priority. If you have two mail servers one set to 10 and the other to 20 mail will be routed to the lower value unless it is unavailable. If both had the same value it would be a round robin configuration.

  10. Sample DNS MX configuration books.ulcert.uw.edu MX 10 mail.books.ulcert.uw.edu mail.books.ulcert.uw.edu CNAME ns1.books.ulcert.uw.edu ----------------------------------------------------------------------- Or ----------------------------------------------------------------------- MX 10 mail mail CNAME ns1

  11. How mail servers work. A client generates a message using one of many mail clients. This client will either include a built-in SMTP client or it will hand it off to /usr/sbin/sendmail interface. This client then opens a session on port 25 with the SMTP server and begins to send SMTP commands: • HELO, MAIL FROM, RCPT TO, DATA The message is completed with dot . on a single line. And the message is delivered.

  12. Sendmail history Written by Eric Allman who was working and studying at UC Berkley. The first version was called delivermail and shipped with BSD 4.0 and 4.1. Sendmail came about as a result of move from NCP (Network Control Protocol) to TCP. Also namespaces changed from a flat design to a hierarchical namespace (think DNS). Sendmail first shipped with BSD 4.1c which happened to be the first tcp based version of BSD.

  13. Sendmail success As Allman has been quoted saying “sendmail is complex because the world is complex. It is dynamic because the world is dynamic”. Sendmail strives to accommodate all types of messages. This inclusive goal means rather than denying or rejecting messages that lack the correct header or syntax sendmail tries to compensate for them. The low cost entry along with a high delivery percentage many consider the primary reason sendmail is so popular today.

  14. Sendmail version info • Postfix is the default MTA but sendmail is simple to install • sudo yum install sendmailsendmail-cf • YUM will install sendmail 8.14.x • We can switch between sendmail and postfix using /usr/sbin/alternatives and or enabling services using /sbin/chkconfig • Current stable sendmail version available from sendmail.org is *8.14.8 * now purchased by Proofpoint

  15. Email and Sendmail • There are three primary roles to consider when reviewing mail: • MUA – message user agent, examples? • MTA – message transfer agent, delivers mail and transports mail between machines, examples? • MSA – Mail submission agent, capable of altering mail messages such as confirming hostnames are fully qualified, examples? What are Sendmail, postfix and Exchange?

  16. Basic parts of Sendmail The basic parts to Sendmail • The configuration file • /etc/mail/sendmail.cf • A queue directory • /var/spool/mqueue • Aliases • Sendmail can and will redirect mail destined for one account to another based on defined aliases.

  17. Addresses and Rules • Sendmail is based primarily on rules. • rules are used to rewrite (modify) mail addresses, to detect errors in addressing and to select mail delivery agents. • rules are used to detect and reject errors, such as mail with no username • rules examine the address of each envelope recipient and select the appropriate delivery agent.

  18. Rule Sets • a sequence of rules are grouped together into rule sets, each set is similar to a subroutine • a rule set is declared with the S command • rule sets are numbered or named • rule sets such as 0, 3, 4 and 5 are internally defined by Sendmail     0 resolve mail delivery agent    3 preprocess all addresses    4 post process all address    5 rewrite un-aliased local user

  19. The three parts to a message All messages have three primary components • Header • Body • Envelope

  20. The Header Most header lines start with a word followed by a colon. • Received: • Date: • From: • To: Each word indicates the expected value. Not all headers are required.

  21. The Body The body of a message consists of everything following the first blank line To: user@domain Subject: Test message, blank line next! The body start here. Message content here. • Is the subject line required?

  22. The Envelope • Because of the diverse recipients, the sendmail program uses the concept of an envelope. • Content that describes the sender or recipient but is not part of the header is considered envelope information. • Envelope data is used to tell remote machines that mail is ready from a given user. • Before sendmail sends the data to a remote MTA it will send just the envelope-sender address and recipient list to the remote MTA. If ANY of the recipients are accepted the message is sent over otherwise it is not.

  23. Aliases file functions • Aliasing is the process of converting one address into another address. • Convert root to mailer-daemon • Convert name to list as in mailing list • Sample conversions • Bob Barker bbarker • geeks allman, schmidt, wall, joy • Nobody /dev/null • app |/usr/local/bin/myapp When mail is bounced (returned because it could not be delivered), it is always sent from MAILER-DAEMON. That alias is needed because users might reply to bounced mail without it, replies to bounced mail would themselves bounce.

  24. Queue Management • Messages can be temporarily undeliverable for a variety of reasons. As a result sendmail will queue up messages that are delayed. • These messages are stored in the QueueDirectory which is defined in the sendmail.cf file

  25. Local delivery • Sendmail will deliver messages to local user, meaning a user with a mailbox on the host where sendmail is running. • Local mail is appended to a users mailbox file. • The local file is often ~/mbox

  26. Remote delivery • Of course sendmail will also deliver mail to other machines. This happens when sendmail determines the user is not local. • By default Sendmail only supports TCP/IP enabled networks though other options are available (uucp, mfax)

  27. Sendmail modes Usually sendmail runs in Daemon mode –bd, listening for mail but it can be run in: • Test mode –bt • Just resolve addresses • Verify mode –bv • Don’t collect or deliver mail • Mail sender –bm • Just send mail • Many others possible, verbose –v…

  28. Sendmail Macros Sendmail macros allow you to reference text symbolically within the config file. This means you can centrally define values. Some macros are defined by Sendmail for you such as $u, $h enter the following to see some of the macros used by sendmail /usr/lib/sendmail –C/etc/mail/sendmail.cf -bt -d0 *ctrl-+d to exit and no space between –C and /etc…

  29. Sendmail options cont. Sendmail options are defined in sendmail.cf. Options are declared with an O • O QueueDirectory=/var/spool/mqueue Other sample variables are: • Timeout • Timeout.queuewarn=4h • Timeout.queuereturn=5d • DeliveryMode • Background most common • TempFileMode • DefaultUser • LogLevel

  30. Review: Default MTA in CentOS 6.x is postfix. Installing sendmail provides two MTA options. Mail delivery requires DNS support. MX records are defined in DNS similar to how we setup NS records. Three primary roles for mail include: • MUA • MTA • MSA primary sendmail configuration file /etc/mail/sendmail.cf. This file is not typically edited directly.

  31. Review: • Mail is store in the Queue directory before/until delivered • Aliases allow mail to be redirected between accounts or services as required. • sendmail is based on rules and rulesets. • messages are processed by these rulesets before being accepted or denied. • The three primary parts of a message are: header: received, date body: everything after the first blank line. envelope: meta data about the message

  32. In class lab 8a • Lab notes for this session can be found here: http://www.ulcert.uw.edu -> Class Content -> InClass labs ->

  33. Class 8, Unit 2 What we are going to cover: • Reading and printing data What you should leave this session with: • How to read data in at the cmd line • How to format data for printing

  34. Reading in data To read in data use read variable eg. read userinput echo $userinput Or for multiple variables read value1 value2 value3

  35. Read cont. If more arguments are entered than variables the last variable will store the overflow. echo -n "enter names: " read name names echo "you entered \$name $name" echo "then you entered \"$names\" to be stored in \$names “ enter names: TOM SAM JOHN BILL you entered $name TOM then you entered "SAM JOHN BILL" to be stored in $names

  36. Read exit code. • Read always returns an exit status of zero unless the end of file condition is detected from input. This usually means Ctrl+d • Knowing this we can use a while loop to read in data at the command line. while read num1 num2 do echo $(( $num1 + $num2 )) done

  37. User input, yes/no Using the read function and if/then statements we can check for user acceptance. echo -n "enter yes/no" read answer if [ "$answer" = yes ]; then echo "you agree!" elif [ "$answer" = no ] ; then echo "you disagree" else echo "I did not understand your answer" fi

  38. Using $$ for uniqueness The value for $$ is set to the process id for a given process. Each process ID on Unix or Linux system is unique for that host. So using this value you can create objects that are very unlikely to conflict with other files on the same system. grep $USER /etc/passwd >> /tmp/userinfo.$$.tmp

  39. printf: print formatted output Syntax is printf “format” arg1 arg2 e.g. printf “this is a number: %d\n” 10 printf scans the input, sees %d substitutes the first variable with an argument 10

  40. printf conversions. printf “octal for %d is %o\n” 20 20 Format characters that are NOT preceded by a percent sign are written to stdout. octal for 20 is 24 Characters that ARE preceded by a percent sign are called “conversion specifications” and will be converted based on the display command.

  41. printf cont. Common printf conversion characters d integer c single character s literal characters b literal strings with backslash escape char % percent sign

  42. printf output samples. printf "string contains backslash: %s\n" "test\string" string contains backslash: test\string printf "string %s and character %c\n" hello A string hello and character A printf “print just the first character: %c\n” QAZW print just the first character: Q

  43. printf general format %[flags][width][.precision]type Only the % and type are required the others are modifiers. Flags include - Left justify + precedes integers with -/+ # printf precedes hex integers with 0x or 0X

  44. printf formatting Printf is typically used to format output. Printf can align output, set columns and justify content as required. printf "%+d\n%+d\n%+d\n" 10 -10 20 +10 -10 +20 printf "%-20s%-20s\n" Firstname Lastname Firstname Lastname

  45. Review read variable echo $variable read var0 var1 var2 read exit code zero or true unless end of file detected while true or while read input; do ... read answer if [ "$answer" = X ] ; then using process id for file names: file.txt.$$ printf used for formatting output. printf "%-20s%-20s\n" ColumnA ColumnB

  46. Class 8, Unit 3 What we are going to cover: • Postfix What you should leave this session with: • Basic Postfix setup • Understanding of TLS and mail.

  47. Postfix Was developed by Wietse Venema while at the IBM Research Center. Postfix was developed as a simpler but still secure alternative to sendmail. It was released under the IBM Public License in 1999 when it was known as “Secure Mailer”.

  48. Supported platforms Postfix like Sendmail supports a wide array operating systems, including Linux, Solaris, AIX, BSD etc. Postfix requires the ANSI C and POSIX.1 libraries

  49. Installing Postfix Postfix is the default MTA installed. We will be able to switch back to postfix using: sudo /usr/sbin/alternatives --config mta This can also be accomplished using /sbin/chkconfig postfix on|off

  50. Configuration points The vast majority of the postfix config files exist under /etc/postfix The primary configuration file is main.cf, back this file up before making any changes. We will be updating values like mydomain, myhostname and myorigin. master.cf is used to manages communication between postfix and other processes used to manage mail, e.g. anti spam and virus solutions. The postfix aliases definition is the same config file sendmail leverages which is maintained in /etc/aliases.

More Related