1 / 24

Electronic Mail

Electronic Mail. Peter D’Souza. Outline. Introduction Mail Systems Components of a Mail Message Administrative Principles/Practices Aliases Sendmail Security, privacy and other issues. Introduction. Essential to both businesses and individuals New standard of social behavior

janeeva
Download Presentation

Electronic Mail

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Mail Peter D’Souza

  2. Outline • Introduction • Mail Systems • Components of a Mail Message • Administrative Principles/Practices • Aliases • Sendmail • Security, privacy and other issues

  3. Introduction • Essential to both businesses and individuals • New standard of social behavior • Cheaper/faster than postal services • Less formal than paper • Less personal than actual conversations

  4. Mail Systems • Four distinct components • MUA - Mail user agent • MTA - Mail Transport agent • Delivery Agent • Access agent (optional) • Mail submission agent that speaks SMTP sometimes included

  5. Mail Systems Internet UA DA Eudora mail.local TA TA Message Store sendmail (port 25) DA sendmail procmail UA mail SA UA=User Agent SA=Submission Agent TA=Transport Agent DA=Delivery Agent AA=Access Agent sendmail (port 587) DA To local user agents UA imapd Pine Host A - Sender Host B - Receiver

  6. User Agents • Used to read and compose messages • Protect text embedded in contents • System wide and user-specific configuration supported

  7. Transport Agents • Accept mail from user agent, understand recipient’s address, and get mail to correct host for delivery • Speak SMTP protocol • eg. sendmail, PMDF, PostFix, etc.

  8. Delivery Agents • Accept mail from transport agent and actually deliver it to the appropriate local recipients • Speak SMTP protocol • eg. /bin/mail (local users), /bin/sh (mail going to a file), mail.local, smrsh

  9. Other Agents • Access Agents • Connects user agent to message store • eg. IMAP or POP • Mail Submission Agents • Runs on a different port • Does all the prep work and error checking before the message can be sent out by TA • Sendmail acts as both MSA and TA

  10. Anatomy of a Mail Message • Envelope From evi Wed Jan 19 19:01:11 2000 Received: (from evi@localhost) by xor.com (8.9.3/8.9.3) id TAA17820; Wed, 19 Jan 2000 19:01:11 –0700 (MST) Date: Wed, 19 Jan 2000 19:01:11 –0700 (MST) From: Evi Nemeth Evi.Nemeth@xor.com Message-Id: 200001200201.TAA17820@xor.com To: trent@xor.com Subject: xor.mc CC: evi@xor.com Status: R • Determines where the message will be delivered or, if the message cannot be delivered, to whom it should be returned.

  11. Anatomy of a Mail Message (Contd) • Header 2: Return-Path: eric@knecht.sendmail.org 3: Received: from anchor.cs.colorado.EDU (root@anchor.cs.colorado.edu [128.138.242.1]) by columbine.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA21741 for < evi@rupertsberg.cs.colorado.edu >; Fri, 1 Oct 1999 07:04:25 – 0700 (MST) 4: Received: from mroe.cs.colorado.EDU (mroe.cs.colorado.edu[128.138.243.151]) by anchor.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA26176 for < evi@anchor.cs.colorado.edu >; Fri, 1 Oct 1999 07:04:24 – 0700 (MST) 5: Received: from knecht.sendmail.org(knecht.sendmail.org [209.31.233.160]) [128.138.242.1] by mroe.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA09899 for < evi@anchor.cs.cs.colorado.edu >; Fri, 1 Oct 1999 07:04:23 – 700 (MST) 6. Received: from knecht.sendmail.org (localhost [127.0.0.1]) by knecht.sendmail.org (8.9.3/8.9.3) with ESMTP id GAA18984; Fri, 1 Oct 1999 07:04:25 – 800 (PST) • Collection of Property-value pairs formatted according to RFC822 • Body

  12. Mail Philosophy • Servers for incoming and outgoing mail; or for really large sites, a hierarchy • Replication of incoming and outgoing servers • Typical UNIX hosts with minimal sendmail capabilities • Firewall • A mail home for each user at a physical site • Enforced through ‘aliases’ file, ‘maildrop’ field or LDAP database • Remote access provided via POP or IMAP • IMAP or POP to integrate PCs, Macs and remote clients • IMAP delivers messages one at a time • POP downloads all messages from server

  13. Mail Aliases • Allow mail to be rerouted • Allow users to be referred by more than one name • Define mailing lists • Forward mail among machines • Defined in UA’s configuration file (sending user), /etc/mail/aliases (global) or in a .forward file(recipient) • Examples • Nemeth: evi • Evi: evi@mailhub • Authors: evi,garth,scott,trent • From mail point of view, alias supersedes /etc/passwd • Loops detected by sendmail

  14. Mailing lists • Giant alias • Usually specified in /etc/aliases but maintained in external file • :include: directive in aliases • sabook: :include:/usr/local/mail/usah.readers owner-mylist: mylist-request mylist-request:evi owner-owner: postmaster • Maintenance done by list manager • eg. Majordomo, Mailman, etc.

  15. sendmail • Transport agent developed at Berkeley • Can adapt to whims of standard-makers due to flexibiiity of its configuration file • Generates error messages and returns messages to sender if they are undeliverable • Components required for installation • sendmail binary • configuration file (/etc/mail/sendmail.cf) • Mail queue directory (/var/spool/mqueue) • Links to sendmail (newaliases, mailq, hoststat) • Local delivery agents, smrsh and mail.local

  16. sendmail (contd) • Latest version available at www.sendmail.org • Steps for installation • Initialize Database format and strategy for interfacing with administrative databases such as NIS or NetInfo • Compile FOR LDAP - sh ./Build –c –f site.config.m4 • Should be explicitly started in rc files at boot time • Can be run on standalone clients as well by configuring it as null client (not run as daemon) • switch file used to exert fine grained control

  17. sendmail – Config file • Raw config file designed for ease in parsing • Config file determines • Choice of delivery agents • Address rewriting rules • Mail header formats • Options • Security precautions • Spam resistance • At runtime, sendmail must be killed and restarted or sent a HUP signal if config file is changed • Commonly uses m4 macros

  18. sendmail – config primitives • VERSIONID – embed version information (CVS) • OSTYPE – Vendor specific information for operating system details • DOMAIN – site-wide generic information (doing an include) • MAILER – must be included for every delivery agent

  19. Spam control features • Rules that control relaying • Relaying used by spammers to disguise identity • Only hosts that are tagged with RELAY in access database can submit mail for relaying • Offers features for restricted relaying • Access database • Acts as mail specific firewall • Blocks mails from specific users and domains • Specify which domains a machine will relay for • Blacklists • Blocks local users or hosts • Header checking • Uses low level sendmail config file syntax to look for patterns in headers and reject these

  20. Security in sendmail • Ships with built-in hooks for encryption • Later versions support both SMTP authentication and encryption with SSL (TLS–Transport Layer Security) • Includes DontBlameSendmail option to warn about potential risks in installation • Ownerships • DefaultUser : should not own any files • TrustedUser : can own maps and alias files • RunAsUser : run under after socket connections to port 25 are opened; switches identities to a different UID

  21. Security (contd) • Permissions • Does not read files with lax permissions (world-writeable or that live in group or world-writeable directories) • Requires that entire path to any alias or forward file must be trusted i.e. no component can have group write permission • Does not read a .forward file with link count > 1 • SafeFileEnvironment option controls where files can be written and protect device files and directories

  22. Security (contd.) • Authentication • Includes SMTP authentication to verify identity of sending machine • authwarnings option flags local attempts at forgery by adding Authentication-warning header to outgoing mail • identd daemon can be used to verify a sender’s real login name • Message Privacy • External encryption package needs to be used (PGP,TLS,etc) • Simple authentication and Security Layer • Generic authentication mechanism • Uses authorization identifier and authentication identifier to map to permissions on files, UNIX passwords, Kerberos tickets, etc. • Only authentication part used in sendmail

  23. Other issues • Privacy • Lists privacy options in sendmail/conf.c • Controls what people can determine about your site from SMTP • States what you require of host on other end of SMTP connection • Defines whether users can see or run mail queue • DOS attacks • Flooding SMTP port with bogus connections • MaxDaemonChildren • limits number of sendmail processes • Prevents system from being overwhelmed with sendmail work • MaxMessageSize • Prevents mail queue directory from filling • ConnectionRateThrottle • Limits number of connections per second that are permitted • MaxRcptsPerMessage • Controls max number of recipients allowed on a single message

  24. Thank you

More Related