Cosc 4750 Electronic Mail

SMTP Protocol The e-mail protocol. There are several versions. The basic standard protocol is RFC 821, which we are going to use. Including some headers so standard mail reader understand the message better. By default, the smtp server uses port 25

SMTP Protocol commands SMTP is command based. The client issues a series of commands to the server. Opening a connection. client opens port 25, then client: HELO <client host name> example: HELO laptop.cs.uwyo.edu Server: 250 Ok [may contain extra info] example: 250 alameda.cs.uwyo.edu HELLO laptop.cs.uwyo.edu [IP number], pleased to meet you

SMTP Protocol commands (2) clients issues from command MAIL FROM:<username@host> example: MAIL FROM:<seker@cs.uwyo.edu> server responses 250… sender ok OR 5XX can't accept from sender.

SMTP Protocol commands (3) Next, who the message is for client: RCPT TO:<username@host> example: RCPT TO:<seker@cs.uwyo.edu> server responses: 250 … Recipient ok OR 5XX user unknown The client can issue the RCPT command several times to send the same message to multiple addresses.

SMTP Protocol commands (4) The data section, which were we enter to bulk of the mail message. Client data server responses. 354 enter mail, end with "." on a line by itself client Enter message, headers, extra information, then enter period on a line by itself example: bah.. bah.. bah… .

SMTP Protocol commands (5) Server responses 250 … message accepted for delivery. Finally, the client issues the quit command quit Server closes the connection.

smtp example C: HELO laptop.cs.uwyo.edu S: 250: HELO laptop C: MAIL FROM:<seker@cs.uwyo.e du> S: 250 ok C: RCPT TO:<allyson@cs.uwyo.ed u C: Data S: 354 … C: blah… blah… blah… C: etc…. C:. S: 250 OK C: quit S: closing connection

smtp example (2) From seker@uwyo.edu Mon Nov 3 19:10:47 2003 Return-Path: <seker@uwyo.edu> Received: from localhost (localhost [127.0.0.1]) by meru.cs.uwyo.edu (SGI-8.12.5/8.12.5) with SMTP id hA42A4R7350019 for <seker@meru.cs.uwyo.edu>; Mon, 3 Nov 2003 19:10:41 -0700 (MST) Date: Mon, 3 Nov 2003 19:10:04 -0700 (MST) From: seker@uwyo.edu Message-Id: <200311040210.hA42A4R7350019@meru.cs.uwyo.edu> blah… blah… blah… etc….

More SMTP commands RESET NOOP HELP RSET, aborts current mail transaction, clears mail to, receipt, and data information stored. NOOP NOOP, no operation, server must respond with an OK. Can be used to determined if the server is "still alive", if for some reasons it quits responding during the connection. HELP HELP, help function on the server. Does not have be implemented.

E-mail Headers While not in the SMTP spec's clients and servers exchange more than just SMTP protocol commands. Headers transfer information about the e-mail. Where it's been and which servers received and resent the message. Info about the message, time/date, transport agents are listed, redirections, etc A record of how and when a message was delivered "Required" headers are listed in RFC 822

Some Headers Before the main body of mail message Subject: <subject> To: <same user sent to> REPLY-TO:<user> CC: <user>,<user>, … Content type of message examples: Content-type: text/plain Content-type: text/html Extra headers X-<name>: <whatever> After all headers, that must be to blank lines for the clients programs to understand the headers have entered. Client programs also add headers to your e-mail when they access the e- mail as well.

Example of Header From aperson@hotmail.com Tue Nov 14 12:29:43 2000 Received: from alameda.cs.uwyo.edu (alameda.cs.uwyo.edu [129.72.216.20]) by meru.cs.uwyo.edu (SGI-8.9.3/8.9.3) with ESMTP id MAA20335 for <seker@meru.cs.uwyo.edu>; Tue, 14 Nov 2000 12:29:43 -0700 (MST) Received: from roper (pmdf@roper.uwyo.edu [129.72.10.8]) by alameda.cs.uwyo.edu (8.9.3/8.9.3) with ESMTP id MAA01298 for <seker@cs.uwyo.edu>; Tue, 14 Nov 2000 12:29:38 -0700 Received: from DIRECTORY-DAEMON by ROPER.UWYO.EDU (PMDF V5.2-32 #33749) id <0G4100C014TCQY@ROPER.UWYO.EDU> for seker@cs.uwyo.edu (ORCPT rfc822;seker@uwyo.edu); Tue, 14 Nov 2000 12:29:37 -0700 (MST) Received: from hotmail.com (f74.law8.hotmail.com [216.33.241.74]) by ROPER.UWYO.EDU (PMDF V5.2-32 #33749) with ESMTP id <0G4100C1U4TBKY@ROPER.UWYO.EDU> for seker@uwyo.edu; Tue, 14 Nov 2000 12:29:36 -0700 (MST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue, 14 Nov 2000 11:29:33 -0800 Received: from 12.23.109.98 by lw8fd.law8.hotmail.msn.com with HTTP; Tue, 14 Nov 2000 19:29:32 +0000 (GMT)

Date: Tue, 14 Nov 2000 12:29:32 -0700 (MST) From: A Person <aperson@hotmail.com> Subject: Subject removed To: seker@uwyo.edu Message-id: <F74Vvjvxo6AmX3qrB0X000016da@hotmail.com> MIME-version: 1.0 Content-type: text/plain; format=flowed X-Originating-IP: [12.23.109.98] X-OriginalArrivalTime: 14 Nov 2000 19:29:33.0176 (UTC) FILETIME=[3742A780:01C04E71] Status: RO X-Status: A X-Keywords: X-UID: 17247

SPAM & mass e-mailing The same information, you just saw, is what is also used to create and send SPAM. Can you see the problem?

Example you can try. From a command window on your computer telnet cottonwood 25 Send yourself an e-mail message, using the SMTP commands.

Sendmail Currently has about 75% of the market Versions 8.9.3 to 8.13 are current standards 8.11 out, default for linux systems 8.8.8 Still used by some vendors 9.0 is in a beta version and has been for many years.

Mail Systems Mail User Agent (MUA) Mail Transport Agent (MTA) lets users read and compose mail Mail Transport Agent (MTA) routes messages among machines Delivery Agent places messages in local mailboxes Access Agent Connects user agent to messages (IMAP, POP)

User Agent Your e-mail program. Non-graphical graphical Remote basic: mail, mailx, Mail (usually same program) mail (BSD) and Mail (sysV) may both exist Non-graphical elm, pine graphical Rmail and VM (with emacs), mh/xmh, many more Remote uses pop or imap

Transport Agents Delivery agents Access agents PMDF (which roper uses), postfix, smail, qmail, exm, zmailer, and sendmail Delivery agents sendmail turns to local programs mail.local or smrsh Also procmail Usually goes to /var/spool/mail or /var/mail Access agents imapd or popd (varying names for pop daemons)

Anatomy of a Message Envelope Header (RFC 822) Body of the message Used by sendmail to figure out where the e-mail goes Header (RFC 822) Info about the message, time/date, transport agents are listed, redirections, etc A record of how and when a message was delivered Body of the message The message the user sent.

Mail addressing Sendmail is about 20+ years old. At that time, the Internet was in dozen pieces mil nets, arpa nets, bit net, “frodo” nets, and BBS systems Each had different routing, connection, and naming schemes Sendmail is still built to support them and transport e-mail between the different “nets”.

Mail Aliases /etc/aliases file example: (on a cs.uwyo.edu machine) abuse: seker@cs.uwyo.edu fred: flintstone@bedrock.net webmaster: aperson, bperson mlist: :include:/home/list/mlistfile.txt Once you add aliases to the file, you need to run: newaliases

Mail forwarding Besides the /etc/aliases (which only root can change) A user can put a .forward file into their directory and sendmail redirect their mail to somewhere else example of .forward seker@cs.uwyo.edu You can have more than one address. they need to be comma delimited.

25 hops! E-mail can only make 25 hops before it is returned to sending as undeliverable. Meaning: You should not .forward files moving mail from 1 machine to another machine, to another machine, etc. Most e-mail makes about 4 to 8 average hops from one machine to another (across the internet).

List servers Sendmail can function as a list server with the include command, but you should use another product, like mailman, majordomo, listproc, smartlist, listserv lite.

Configuration For debugging and fine gain details, see O’Reilly’s Sendmail guide (500+ pages long). File and directories involved: /etc/mail/* /etc/sendmail.cf or /etc/mail/sendmail.cf /etc/sendmail.mc (macro configuration for sendmail). /var/spool/mqueue /var/spool/mail or /var/mail

define(`ALIAS_FILE’, `/etc/aliases’) For most configuration, you can use the sendmail.mc file (8.9.X+). Uses m4 macros to generate a sendmail.cf file. Example: define(`ALIAS_FILE’, `/etc/aliases’) defines where the aliases file is.

Spam-related features FEATURE (`access_db’) Allows you to build a “mail firewall” The file looks like the following cyberspammer.com 550 Spam not accepted okguy@cyberspammer.com OK badguy@aol.com REJECT 170.201.180.16 REJECT uwyo.edu RELAY hotlivesex@ 550 Spam not accepted

Other FEATUREs FEATURE(`relay_entire_domain’) RELAY_DOMAIN(`domain,…’) allows relaying for just your domain RELAY_DOMAIN(`domain,…’) add more domains to be relayed. define(confCW_FILE,`-o /etc/sendmail.cw’) FEATURE(use_cw_file) in the sendmail.cw list virtual domains and domains you want to have relayed Define(`SMART_HOST’, ‘mailhost.uwyo.edu’) Where all outbound mail will be sent MASQUERADE_AS, MASQUERADE_DOMAIN, masquerade_envelope, and masquerade_entier domain Can the From line, so that you “hide”/masquerade as a single machine

Debugging mail mail –v seker@uwyo.edu Send an e-mail as normal, but sendmail then gives verbose out as it talks to the receiving machine.

Lastly Sendmail is cryptic and hard to configure and difficult to lecture on most of it, but a lot doesn’t need to be configured manually. Read the book for more information and if needed be buy a good sendmail reference book.

AntiVirus and Linux There are many vendors who provide antivirus for “mail gateways” on UNIX and linux Clamav is an open source version and is also free. http://www.clamav.net/

Clamav command-line scanner fast, multi-threaded daemon milter interface for sendmail database updater with support for digital signatures virus scanner C library on-access scanning (Linux® and FreeBSD) detection of over 40000 viruses, worms and trojans built-in support for RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2, MS Cabinet files, MS CHM (Compressed HTML), MS SZDD built-in support for mbox, Maildir and raw mail files built-in support for Portable Executable files compressed with UPX, FSG, and Petite From http://www.clamav.net/abstract.html#pagestart

Configuring Clamav /etc/clamd.conf configuration file See the varying documentation in the file. For clamav-milter Reads /etc/clamd.conf and takes command line parameters Some common ones --max-children=15 --noreject --dont-wait --force-scan \ --dont-log-clean --postmaster-only --timeout=0 --quarantine-dir=/quarantinedir --pidfile=/var/run/clamav/clamav-milter.pid \ local:/var/run/clamav/clamav-milter.sock

With Sendmail Configure clamav and clamav-milter Make sure both are started and start onboot. Clamav-milter is part that works with sendmail (and other mailers) Add the following lines to the sendmail.mc file INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clam av-milter.sock,F=, T=S:4m;R:4m')dnl Clamav-milter.sock must be same as configured in clamav define(`confINPUT_MAIL_FILTERS', `clmilter') Now e-mail will be scanned for viruses.

Virus updates Uses freshclam to get updates. Configured to run as a deamon or as cron job Uses DNS entries to lookup the current virus pattern files, if new, then it downloads it and updates the definition file.

SpamAssassin Get it from the DAG archive For Redhat/Fedora/CentOS Main Config’s are in /etc/mail/spamassassin/, but can be configured per user as well. Normally called via procmail, instead of sendmail can be configured into sendmail like clamav

local.cf Configure up which tests and the “threshold” value Somewhere between 6 and 10. # How many hits before a message is considered spam. required_score 7.6 # Change the subject of suspected spam rewrite_header subject [SPAM-H]

Using for all inbound e-mail Edit/create a file /etc/procmailrc, uses procmail DROPPRIVES=yes # send mail through spamassassin :0 HD #look for Subject: [SPAM-H] # don't run spamassassin on already marked spam * ! ^Subject:.*\[SPAM-H\] { :0fw | /usr/bin/spamc }

Documentation For ClamAV For SpamAssassin For Procmail For Sendmail http://www.clamav.net/ For SpamAssassin http://spamassassin.apache.org/ For lots of tips and config’s: http://www.stearns.org/doc/spamassassin-setup.current.html For Procmail http://www.procmail.org/ see interesting links For Sendmail http://www.sendmail.org/

Q A &