CIT 470: Advanced Network and System Administration

CIT 470: Advanced Network and System Administration Slide #1

CIT 470: Advanced Network and System Administration

E-mail


Topics

1. Mail Policies

2. Anatomy of a Mail Message

3. Components of an E-mail System

4. SMTP

5. IMAP & POP

6. E-mail Addresses

7. Aliases and Lists


Mail Policies

1. Privacy Policy

2. Namespaces

3. Reliability

4. Scaling

5. Security


Privacy Policy

Personal Use Policy– Personal v. commercial use.– When may employee e-mail be read?

• By whom

• Under what circumstances

– Automatic monitoring

Retention Policy– Legal requirements.


Namespaces

Avoid first.last format addresses.– There will be duplicates: John.Smith.– Use middle initials?– Append numbers?

Create unique organization-wide namespace.– Use directory to lookup addresses.


Reliability

Customers expect same reliability as power.– Failures generate many support calls.

Reliability measures– Redundant servers.– Backup MX hosts.– RAID arrays.– Multiple NICs, power supplies, processors, etc.


Scalability

Types of scability– To address growth in avg messages/day.– To address spikes in mail traffic.

Number of messages grows– faster than linearly with number of users.– with time, even if user base is constant.– due to spam too.

Size of messages grows– due to technology: more + larger attachments.


Security

Mail server as a target– Complexity of mail leads to vulnerabilities.– Mail is an asset attackers want to take.

E-mail as a conduit– Brings viruses and trojans into organization.– Leaks confidential information outward.– ex (2005): Apple sues bloggers over releasing data about

upcoming products.

E-mail relaying– Open relays used by spammers and scammers.

Intercepting e-mail


Anatomy of a Mail MessageReceived: from mailfe2.nku.edu ([192.122.237.68]) by brahms.utoledo.edu (8.11.9) with ESMTP id k3CJCM for <[email protected]>; Wed, 12 Apr 2006 15:12:22 -

0400 (EDT)Received: from mailfac1.nku.edu ([172.28.102.15]) by

mailfe2.nku.edu with MS SMTPSVC(6.0.3790.211); Wed, 12 Apr 2006 15:15:18 -0400

Subject: TestDate: Wed, 12 Apr 2006 15:15:18 -0400Message-ID: <[email protected]>From: “You" <[email protected]>To: <[email protected]>

This is a test message.

Hea

der

Body

Blank


Header

Header Format– Header-name: Header-data

Common headers– From:

– To:, CC:, Reply-To:

– Date:

– Message-ID:

– Subject:

Multiple headers– Received: for each mail server handling message.


Body

• Separated from header by blank line.

• Contains 7-bit ASCII text by default.

• Any non-ASCII text must be encoded:– uuencode– MIME


MIME

Multipurpose Internet Mail Extensions– Text in non-ASCII character sets.

– Non-text attachments.

– Multi-part message bodies.

Identified by Content-Type: header.– text/plain: regular e-mail

– text/html: HTML markup

– multipart/mixed: text/plain + attachments

– image/jpeg: JPEG image attachment

– Many other formats


Base64

Binary to text encoding scheme– Each character represents 6 bits.

– Uses 64 characters from 7-bit ASCII: A-Za-z0-9+=

Encodes in 3-byte chunks3 bytes = 24 bits = 4 base-64 characters

M a n

77 97 110

010011|01 0110|0001 01|101110

19 22 5 46

T W F u


Multipart MIME Message Example

MIME-version: 1.0 Content-type: multipart/mixed; boundary="frontier“ This is a multi-part message in MIME format. --frontier Content-type: text/plain This is the body of the message. --frontier Content-type: application/octet-stream Content-transfer-encoding: base64

PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg==

--frontier--


Envelope

Headers aren’t the full story– Recipient isn’t necessarily on To: or CC:– Sender isn’t necessarily given on From: header.

Envelope specifies sender/receiver– Specified via SMTP commands.– Envelope recipient used for BCC:– Envelope recipient used by mail lists.– Envelope facilities used by spammers too.


Components of a Mail System

TA

Sendmail

TA

Sendmail

UA

Eudora

UA

Outlook

UA

mutt

DA

mail.localMsgStore

AA

imapdUA

mutt


MTAs

• Mail Transport Agents– Receive mail from MUAs.– Route mail across internet.

• MTA Protocol: SMTP

• MTA Examples– sendmail– postfix– qmail


SMTP220 brahms.nku.edu ESMTP Sendmail 8.13.3; Wed, 12 Apr 2006 helo mydomain.com250 brahms.nku.edu Hello mydomain.com, pleased to meet youmail from: [email protected] 2.1.0 [email protected]... Sender okrcpt to: [email protected] 2.1.5 [email protected]... Recipient okdata354 Enter mail, end with "." on a line by itselfSubject: TestFrom: [email protected]: [email protected]

This is a test..250 2.0.0 k3GIcr001606 Message accepted for deliveryquit221 2.0.0 brahms.nku.edu closing connection


SMTP Commands

HELO hostnameEHLO hostnameMAIL FROM: addrRCPT TO: addrVRFY addrEXPN addrDATAQUITRSETHELP


Message Store

• Communication– Receives data from MDA (mail.local, procmail)– Provides data to MAA (IMAP, POP, NFS, web)

• Types of stores– Files (all messages for a user in one file)– Directories (directory per user)– Databases


Mail Access Agents

• Older systems directly accessed mail files.

• Modern systems use network– POP: Post Office Protocol

• Simple download protocol for offline reading.

– IMAP: Internet Mail Access Protocol• Online and offline modes of reading.

• Partial message fetch (headers, attachments, etc.)

• Message state stored on server, not client.

• Multiple mailbox and multiple client support.


IMAP

• IMAP Servers– Cyrus– UW

• IMAP Features– Message store types– Authentication– Security (SSL)


Mail User Agents• Text clients

– mail

– mutt

– pine

• GUI clients– Eudora

– Mozilla Thunderbird

– MS Outlook

• Web clients– Run on remote web server.


Mail Addressing

• Relative Addresses– mcvax!uunet!ucbvax!hao!boulder!air!evi

• Absolute Addresses– user@domain

• MX Records– Mail clients use MX records, not A records.– Lowest preference # = highest priority.– Permits failover if server down.


Aliases• Allow mail to be rerouted.

– Sysadmin: files (/etc/mail/aliases), local db, NIS, LDAP

– Personal: ~/.forward

• Alias destinations– Local: address– Remote: address@domain– File: :include:pathname– Program: |pathname

• Required aliases– postmaster, abuse, root


Mailing List AliasesMailing List Aliases

mylist: :include:/etc/mail/include/mylistowner-mylist: mylist-requestmylist-request: meowner-owner: postmaster

Purposeowner: Messages appear to be from owner. Receives

bounces, list management mail.request: Indirection ensures owner’s real address doesn’t

appear on Return-Path.owner-owner: Receives errors from messages destined for

owner-* aliases.


Mailing List Software

• Automate list management.– E-mail interface.

– Web interface.

• Packages– Mailman

– Majordomo

– Listserv

• List Archiving– Mailman

– MHonArc


References1. Bryan Cosales with Eric Allman, Sendmail, 3rd edition, O’Reilly,

2002.2. David H. Crocker, RFC 822: STANDARD FOR THE FORMAT OF

ARPA INTERNET TEXT MESSAGES, http://www.ietf.org/rfc/rfc0822.txt, 1982.

3. Aeleen Frisch, Essential System Administration, 3rd edition, O’Reilly, 2002.

4. MIME, http://en.wikipedia.org/wiki/MIME5. Evi Nemeth et al, UNIX System Administration Handbook, 3rd

edition, Prentice Hall, 2001.6. Thomas A. Limoncelli and Christine Hogan, The Practice of System

and Network Administration, Addison-Wesley, 2002.7. RedHat, Red Hat Enterprise Linux 4 System Administration Guide,

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/, 2005.

8. Alan Schwartz, Managing Mailing Lists, O’Reilly, 1998.

http://www.ietf.org/rfc/rfc0822.txt

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/

http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/

Documents

CIT 470: Advanced Network and System Administration