280 likes | 414 Views
CIT 470: Advanced Network and System Administration. E-mail. Topics. Mail Policies Anatomy of a Mail Message Components of an E-mail System SMTP IMAP & POP E-mail Addresses Aliases and Lists. Mail Policies. Privacy Policy Namespaces Reliability Scaling Security. Privacy Policy.
E N D
CIT 470: Advanced Network and System Administration E-mail CIT 470: Advanced Network and System Administration
Topics • Mail Policies • Anatomy of a Mail Message • Components of an E-mail System • SMTP • IMAP & POP • E-mail Addresses • Aliases and Lists CIT 470: Advanced Network and System Administration
Mail Policies • Privacy Policy • Namespaces • Reliability • Scaling • Security CIT 470: Advanced Network and System Administration
Privacy Policy Personal Use Policy • Personal v. commercial use. • When may employee e-mail be read? • By whom • Under what circumstances • Automatic monitoring Retention Policy • Legal requirements. CIT 470: Advanced Network and System Administration
Namespaces Avoid first.last format addresses. • There will be duplicates: John.Smith. • Use middle initials? • Append numbers? Create unique organization-wide namespace. • Use directory to lookup addresses. CIT 470: Advanced Network and System Administration
Reliability Customers expect same reliability as power. • Failures generate many support calls. Reliability measures • Redundant servers. • Backup MX hosts. • RAID arrays. • Multiple NICs, power supplies, processors, etc. CIT 470: Advanced Network and System Administration
Scalability Types of scability • To address growth in avg messages/day. • To address spikes in mail traffic. Number of messages grows • faster than linearly with number of users. • with time, even if user base is constant. • due to spam too. Size of messages grows • due to technology: more + larger attachments. CIT 470: Advanced Network and System Administration
Security Mail server as a target • Complexity of mail leads to vulnerabilities. • Mail is an asset attackers want to take. E-mail as a conduit • Brings viruses and trojans into organization. • Leaks confidential information outward. • ex (2005): Apple sues bloggers over releasing data about upcoming products. E-mail relaying • Open relays used by spammers and scammers. Intercepting e-mail CIT 470: Advanced Network and System Administration
Anatomy of a Mail Message Received: from mailfe2.nku.edu ([192.122.237.68]) by brahms.utoledo.edu (8.11.9) with ESMTP id k3CJCM for <him@utoledo.edu>; Wed, 12 Apr 2006 15:12:22 -0400 (EDT) Received: from mailfac1.nku.edu ([172.28.102.15]) by mailfe2.nku.edu with MS SMTPSVC(6.0.3790.211); Wed, 12 Apr 2006 15:15:18 -0400 Subject: Test Date: Wed, 12 Apr 2006 15:15:18 -0400 Message-ID: <F01E4499C4EC5842A@mailfac1.hh.nku.edu> From: “You" <you@nku.edu> To: <him@utoledo.edu> This is a test message. Header Blank Body CIT 470: Advanced Network and System Administration
Header Header Format • Header-name: Header-data Common headers • From: • To:, CC:, Reply-To: • Date: • Message-ID: • Subject: Multiple headers • Received: for each mail server handling message. CIT 470: Advanced Network and System Administration
Body • Separated from header by blank line. • Contains 7-bit ASCII text by default. • Any non-ASCII text must be encoded: • uuencode • MIME CIT 470: Advanced Network and System Administration
MIME Multipurpose Internet Mail Extensions • Text in non-ASCII character sets. • Non-text attachments. • Multi-part message bodies. Identified by Content-Type: header. • text/plain: regular e-mail • text/html: HTML markup • multipart/mixed: text/plain + attachments • image/jpeg: JPEG image attachment • Many other formats CIT 470: Advanced Network and System Administration
Base64 Binary to text encoding scheme • Each character represents 6 bits. • Uses 64 characters from 7-bit ASCII: A-Za-z0-9+= Encodes in 3-byte chunks 3 bytes = 24 bits = 4 base-64 characters M a n 77 97 110 010011|01 0110|0001 01|101110 19 22 5 46 T W F u CIT 470: Advanced Network and System Administration
Multipart MIME Message Example MIME-version: 1.0 Content-type: multipart/mixed; boundary="frontier“ This is a multi-part message in MIME format. --frontier Content-type: text/plain This is the body of the message. --frontier Content-type: application/octet-stream Content-transfer-encoding: base64 PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg== --frontier-- CIT 470: Advanced Network and System Administration
Envelope Headers aren’t the full story • Recipient isn’t necessarily on To: or CC: • Sender isn’t necessarily given on From: header. Envelope specifies sender/receiver • Specified via SMTP commands. • Envelope recipient used for BCC: • Envelope recipient used by mail lists. • Envelope facilities used by spammers too. CIT 470: Advanced Network and System Administration
UA UA UA UA Outlook mutt Eudora mutt AA DA TA TA Sendmail mail.local imapd Sendmail Components of a Mail System Msg Store CIT 470: Advanced Network and System Administration
MTAs • Mail Transport Agents • Receive mail from MUAs. • Route mail across internet. • MTA Protocol: SMTP • MTA Examples • sendmail • postfix • qmail CIT 470: Advanced Network and System Administration
SMTP 220 brahms.nku.edu ESMTP Sendmail 8.13.3; Wed, 12 Apr 2006 helo mydomain.com 250 brahms.nku.edu Hello mydomain.com, pleased to meet you mail from: me@mydomain.com 250 2.1.0 me@mydomain.com... Sender ok rcpt to: friend@nku.edu 250 2.1.5 friend@nku.edu... Recipient ok data 354 Enter mail, end with "." on a line by itself Subject: Test From: me@mydomain.com To: friend@nku.edu This is a test. . 250 2.0.0 k3GIcr001606 Message accepted for delivery quit 221 2.0.0 brahms.nku.edu closing connection CIT 470: Advanced Network and System Administration
SMTP Commands HELO hostname EHLO hostname MAIL FROM: addr RCPT TO: addr VRFY addr EXPN addr DATA QUIT RSET HELP CIT 470: Advanced Network and System Administration
Message Store • Communication • Receives data from MDA (mail.local, procmail) • Provides data to MAA (IMAP, POP, NFS, web) • Types of stores • Files (all messages for a user in one file) • Directories (directory per user) • Databases CIT 470: Advanced Network and System Administration
Mail Access Agents • Older systems directly accessed mail files. • Modern systems use network • POP: Post Office Protocol • Simple download protocol for offline reading. • IMAP: Internet Mail Access Protocol • Online and offline modes of reading. • Partial message fetch (headers, attachments, etc.) • Message state stored on server, not client. • Multiple mailbox and multiple client support. CIT 470: Advanced Network and System Administration
IMAP • IMAP Servers • Cyrus • UW • IMAP Features • Message store types • Authentication • Security (SSL) CIT 470: Advanced Network and System Administration
Mail User Agents • Text clients • mail • mutt • pine • GUI clients • Eudora • Mozilla Thunderbird • MS Outlook • Web clients • Run on remote web server. CIT 470: Advanced Network and System Administration
Mail Addressing • Relative Addresses • mcvax!uunet!ucbvax!hao!boulder!air!evi • Absolute Addresses • user@domain • MX Records • Mail clients use MX records, not A records. • Lowest preference # = highest priority. • Permits failover if server down. CIT 470: Advanced Network and System Administration
Aliases • Allow mail to be rerouted. • Sysadmin: files (/etc/mail/aliases), local db, NIS, LDAP • Personal: ~/.forward • Alias destinations • Local: address • Remote: address@domain • File: :include:pathname • Program: |pathname • Required aliases • postmaster, abuse, root CIT 470: Advanced Network and System Administration
Mailing List Aliases Mailing List Aliases mylist: :include:/etc/mail/include/mylist owner-mylist: mylist-request mylist-request: me owner-owner: postmaster Purpose owner: Messages appear to be from owner. Receives bounces, list management mail. request: Indirection ensures owner’s real address doesn’t appear on Return-Path. owner-owner: Receives errors from messages destined for owner-* aliases. CIT 470: Advanced Network and System Administration
Mailing List Software • Automate list management. • E-mail interface. • Web interface. • Packages • Mailman • Majordomo • Listserv • List Archiving • Mailman • MHonArc CIT 470: Advanced Network and System Administration
References • Bryan Cosales with Eric Allman, Sendmail, 3rd edition, O’Reilly, 2002. • David H. Crocker, RFC 822: STANDARD FOR THE FORMAT OF ARPA INTERNET TEXT MESSAGES, http://www.ietf.org/rfc/rfc0822.txt, 1982. • Aeleen Frisch, Essential System Administration, 3rd edition, O’Reilly, 2002. • MIME, http://en.wikipedia.org/wiki/MIME • Evi Nemeth et al, UNIX System Administration Handbook, 3rd edition, Prentice Hall, 2001. • Thomas A. Limoncelli and Christine Hogan, The Practice of System and Network Administration, Addison-Wesley, 2002. • RedHat, Red Hat Enterprise Linux 4 System Administration Guide, http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/, 2005. • Alan Schwartz, Managing Mailing Lists, O’Reilly, 1998. CIT 470: Advanced Network and System Administration