Mailserver. Why Postfix ? Sendmail’s legacy Built from ground up Central queue-ing More future-proof Exim4 default of debian, but...

Slides:



Advertisements
Similar presentations
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Advertisements

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
2440: 141 Web Site Administration Services Instructor: Enoch E. Damson.
SquirrelMail for Webmail AfNOG 2013 Scalable Internet Services (SS-E) Presented by Michuki Mwangi Lusaka, Zambia (Original Materials by Joelja)
Linux System Administration LINUX SYSTEM ADMINISTRATION.
Sendmail configuration and installation Presented by kathleen.
1 Linux Networking and Security Chapter 3. 2 Configuring Client Services Configure DNS name resolution Configure dial-up network access using PPP Understand.
Mail Server Setup MAIL SERVER SETUP.
Linux+ Guide to Linux Certification, Third Edition
Implementing POP3 and IMAP4 Using Dovecot
Va-scanCopyright 2002, Marchany Securing Solaris Servers Randy Marchany.
1 Web Server Administration Chapter 8 Providing Services.
Mail Server Three major components MTA MUA MDA Mail Transfer Agent
Mail Services.
Intro to Computer Networks Bob Bradley The University of Tennessee at Martin.
The Linux Operating System Lecture 7: Tonga Institute of Higher Education.
SMTP PROTOCOL CONFIGURATION AND MANAGEMENT Chapter 8.
S ystem P rogrammers' A ssociation for R esearching C omputer S ystems Popular MTAs EXIM & POSTFIX SPARCS 10 이대근 (harry)
Chapter 10 Intro to Routing & Switching.  Upon completion of this chapter, you should be able to:  Explain how the functions of the application layer,
1 Module 5 Securing SCOoffice Server. 2 3 Outlook 21 * 25 80/443* 110/ / /636 * Not used by Outlook Express External Firewall Configuration.
SMTP/POSTFIX.
ISQS server attacks Presented by Deven Patel.
Home Media Network Hard Drive Training for Update to 2.0 By Erik Collett Revised for Firmware Update.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
Mail Service Mail Service using Postfix Campus-Booster ID : **XXXXX
1 SCOoffice Server for OpenServer Technical Overview.
BIND THE DNS SERVER TO USE !. DNS Domain Name Services Name to IP resolving /etc/hosts /etc/resolv.conf.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Postfix Mail Server Postfix is used frequently and handle thousands of messages. compatible with sendmail at command level. high performance program easier-
Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.
Linux Services Muhammad Amer. 2 xinetd Programs  In computer networking, xinetd, the eXtended InterNET Daemon, is an open-source super-server daemon.
Krerk Piromsopa. Application Protocols & System Services. 1 Krerk Piromsopa. Department of Computer Engineering. Chulalongkorn University.
NA Homework 4+5 Postfix + DNS. 2 Demo >Setup everything before Demo, or you ’ ll get no point if something don ’ t work. >Show your mail functions to.
1 Electronic Messaging Module - Electronic Messaging ♦ Overview Electronic messaging helps you exchange messages with other computer users anywhere in.
1 and Exim Introduction AfNOG 2012 Serekunda, The Gambia Chimwemwe Fredrick.
Proxy Server PROXY SERVER. What is a Web Proxy? Proxy Server A proxy is a host which relays web access requests from clients Used when clients do not.
2  Supervisor : MENG Sreymom  SNA 2012_Group4  Group Member  CHAN SaratYUN Sinot  PRING SithaPOV Sopheap  CHUT MattaTHAN Vibol  LON SichoeumBEN.
Data Communications and Networks Chapter 5 – Network Services DNS, DHCP, FTP and SMTP ICT-BVF8.1- Data Communications and Network Trainer: Dr. Abbes Sebihi.
Ozan Şahin Ömer Üçler.  Purpose of Project  Used Technologies  Database Design  Problems&Solutions  Use Case’s  Demo.
Module 2: Overview of IIS 7.0 Application Server.
PLANNING A MICROSOFT EXCHANGE SERVER 2003 INFRASTRUCTURE Chapter 2.
Chapter 3 & 6 Root Status and users File Ownership Every file has a owner and group –These give read,write, and execute priv’s to the owner, group, and.
1 COP 4343 Unix System Administration Unit 14: – send and receive mail – mail filtering – mail server – mailing lists.
Homework 3 Mail System Hint.
Internet Services.  Basically, an Internet Service can be defined as any service that can be accessed through TCP/IP based networks, whether an internal.
Implementing POP3 and IMAP4 Using Dovecot AfNOG 2012 Scalable Internet Services (SS-E) Serrekunda, Gambia Presented by Michuki Mwangi (Built on materials.
SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.
INTRODUCTION Using Electronic one can send message to, can receive usages from other computer users anywhere in the world. is most common and.
Scaling Dovecot using Mysql and Virtual Users AfNOG 2013 Scalable Internet Services (SS-E) Lusaka, Zambia Presented by Michuki Mwangi.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Application Layer Functionality and Protocols.
4343 X2 – Outline The Domain Name System The Web.
CITA 310 Section 6 Providing Services (Textbook Chapter 8)
1 Web Server Administration Chapter 8 Providing Services.
Linux Operations and Administration Chapter Twelve Configuring a Mail Server.
ITI-481: Unix Administration Meeting 5 Christopher Uriarte Rutgers University Center for Applied Computing Technologies.
Small Business Server 2003 Linux Small Business Server versus Linux functionality.
101 Derek Carter
concepts & protocols
Best Practices, Postfix and Dovecot
Introduction to Operating Systems
Network Administration Practice Homework4 – Mail System
Working With TFTP.
LINUX ADMINISTRATION
Unix System Administration
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
IIS.
has many aspects that work together to give people almost instant communication from any computer on the internet to any other computer There.
COP 4343 Unix System Administration
 Zone in name space  DNS IN THE INTERNET  Generic domains :There are fourteen generic domains, each specifying an organization type.
Presentation transcript:

Mailserver

Why Postfix ? Sendmail’s legacy Built from ground up Central queue-ing More future-proof Exim4 default of debian, but...

Terms SMTP (Simple Mail Transfer Protocol ) MTA (Postfix, Exim4, Sendmail,... ) MDA (POP3, IMAP4,...) MX – record FQDN

Dangers UBE (Unsollicited Bulk ers) UCE (Unsollicited Commercial ers) Open Relay

Fresh copy of debian ! ( ) Desktop Environment ( ) Web Server ( ) Print Server ( ) DNS Server ( ) File Server ( ) Mail Server ( ) SQL database ( ) manual package selection Just proceed here as usual, installing a basic system More info in the book on page 106

Prepare system # apt-get remove lpr nfs-common portmap pidentd pcmcia-cs pppoe \ pppoeconf ppp pppconfig Now, disable some service scripts: # update-inetd --remove daytime # update-inetd --remove telnet # update-inetd --remove time # update-inetd --remove finger # update-inetd --remove talk # update-inetd --remove ntalk # update-inetd --remove ftp # update-inetd --remove discard and restart the inetd superserver: # /etc/init.d/inetd reload

/etc/hosts mail.jouwvoornaam.be

Install Postfix and libraries apt-get install postfix postfix-doc postfix-tls libsasl2-2 sasl2-bin libsasl2-modules Choose “Internet Site”, also for local delivery Answer “NONE” if it asks where root’s mail should be delivered Insert your FQDN

/etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) biff = no append_dot_mydomain = no myhostname = mail.voornaam.be mydomain = voornaam.be myorigin = $mydomain inet_interfaces = all mydestination = $mydomain, localhost.$mydomain, localhost mynetworks = /24 More detailed information on p

Test mail ~$echo “This will go into the body of the mail.” | mail -s “Hello world” Check delivery with tail /var/log/mail.log Mar 3 15:20:07 debian postfix/qmgr[3777]: 3F452340B1: from=, size=349, nrcpt=2 (queue active) Mar 3 15:20:07 debian postfix/local[3827]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled Mar 3 15:20:07 debian postfix/local[3818]: 3F452340B1: to=, orig_to=, relay=local, delay=0.06, delays=0.03/0/0/0.02, dsn=2.0.0, status=sent (delivered to mailbox) Mar 3 15:20:07 debian postfix/local[3827]: 3F452340B1: to=, orig_to=, relay=local, delay=0.06, delays=0.03/0.01/0/0.01, dsn=5.1.1, status=bounced (unknown user: "world?") Mar 3 15:20:07 debian postfix/cleanup[3814]: 4A51B340B2: message-id= Mar 3 15:20:07 debian postfix/bounce[3819]: 3F452340B1: sender non-delivery notification: 4A51B340B2 Mar 3 15:20:07 debian postfix/qmgr[3777]: 4A51B340B2: from=<>, size=2085, nrcpt=1 (queue active) Mar 3 15:20:07 debian postfix/qmgr[3777]: 3F452340B1: removed Mar 3 15:20:07 debian postfix/local[3818]: 4A51B340B2: to=, orig_to=, relay=local, delay=0.02, delays=0.01/0/0/0.01, dsn=2.0.0, status=sent (delivered to mailbox) Mar 3 15:20:07 debian postfix/qmgr[3777]: 4A51B340B2: removed

SASLAUTHD Postfix runs with limited privileges PAM restricts Postfix to verify authentication Saslauthd runs as superuser under the Postfix process Limited security risks

/etc/postfix/main.cf Add following lines in the postfix config : smtpd_sasl_local_domain = $myhostname smtpd_sasl_auth_enable = yes broken_sasl_auth_clients = yes smtpd_sasl_security_options = noanonymous smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination

Create SASL config # mkdir -p /etc/postfix/sasl # cd /etc/postfix/sasl Create the smtpd.conf file with these two lines: pwcheck_method: saslauthd mech_list: plain login You can now restart Postfix: # postfix reload

Configure saslauthd 1. Create the necessary directory for the daemon: # mkdir -p /var/spool/postfix/var/run/saslauthd 2. Edit /etc/default/saslauthd to activate saslauthd. Remove the comment marker (#) from the line START=yes, then add the line: PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" 3. Your file should now look like this: # This needs to be uncommented before saslauthd will be run automatically START=yes PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam“ 4. Next, edit /etc/init.d/saslauthd to change the location of saslauthd’s process ID file. Change the value of PIDFILE to the following: PIDFILE="/var/spool/postfix/var/run/${NAME}/saslauthd.pid“ 5. Start saslauthd: # /etc/init.d/saslauthd start

Test with saslauthd Now test again the mail delivery and see what the difference is in the mail.log when you deliver to a known user and an unknown user.... Next week encryption and more....

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.