1. Cosc 4750
Electronic Mail

2. SMTP Protocol The e-mail protocol. There are several versions.
The basic standard protocol is RFC 821, which we are going to use.
Including some headers so standard mail reader understand the message better.
By default, the smtp server uses port 25

3. SMTP Protocol commands
SMTP is command based. The client issues a series of commands to the server.
Opening a connection. client opens port 25, then
client: HELO <client host name>
example: HELO laptop.cs.uwyo.edu
Server: 250 Ok [may contain extra info]
example: 250 alameda.cs.uwyo.edu HELLO laptop.cs.uwyo.edu [IP number], pleased to meet you

4. SMTP Protocol commands (2)
clients issues from command
MAIL
example: MAIL
server responses
250… sender ok OR
5XX can't accept from sender.

5. SMTP Protocol commands (3)
Next, who the message is for
client:
RCPT
example: RCPT
server responses:
250 … Recipient ok OR
5XX user unknown
The client can issue the RCPT command several times to send the same message to multiple addresses.

6. SMTP Protocol commands (4)
The data section, which were we enter to bulk of the mail message.
Client
data
server responses.
354 enter mail, end with "." on a line by itself
client
Enter message, headers, extra information, then enter period on a line by itself
example:
bah.. bah.. bah… .

7. SMTP Protocol commands (5)
Server responses
250 … message accepted for delivery.
Finally, the client issues the quit command
quit
Server closes the connection.

8. smtp example C: HELO laptop.cs.uwyo.edu S: 250: HELO laptop
C: MAIL du>
S: 250 ok
C: RCPT u
C: Data
S: 354 …
C: blah… blah… blah…
C: etc….
C:.
S: 250 OK
C: quit
S: closing connection

9. smtp example (2) From seker@uwyo.edu Mon Nov 3 19:10:47 2003
Return-Path:
Received: from localhost (localhost [ ])
by meru.cs.uwyo.edu (SGI /8.12.5) with SMTP id hA42A4R
for Mon, 3 Nov :10: (MST)
Date: Mon, 3 Nov :10: (MST)
From:
Message-Id:
blah… blah… blah…
etc….

10. More SMTP commands RESET NOOP HELP
RSET, aborts current mail transaction, clears mail to, receipt, and data information stored.
NOOP
NOOP, no operation, server must respond with an OK.
Can be used to determined if the server is "still alive", if for some reasons it quits responding during the connection.
HELP
HELP, help function on the server. Does not have be implemented.

11. Headers
While not in the SMTP spec's clients and servers exchange more than just SMTP protocol commands.
Headers transfer information about the . Where it's been and which servers received and resent the message.
Info about the message, time/date, transport agents are listed, redirections, etc
A record of how and when a message was delivered
"Required" headers are listed in RFC 822

12. Some Headers Before the main body of mail message
Subject: <subject>
To: <same user sent to>
REPLY-TO:<user>
CC: <user>,<user>, …
Content type of message
examples:
Content-type: text/plain
Content-type: text/html
Extra headers
X-<name>: <whatever>
After all headers, that must be to blank lines for the clients programs to understand the headers have entered.
Client programs also add headers to your when they access the e- mail as well.

13. Example of Header From aperson@hotmail.com Tue Nov 14 12:29:43 2000
Received: from alameda.cs.uwyo.edu (alameda.cs.uwyo.edu [ ])
by meru.cs.uwyo.edu (SGI-8.9.3/8.9.3) with ESMTP id MAA20335
for Tue, 14 Nov :29: (MST)
Received: from roper [ ])
by alameda.cs.uwyo.edu (8.9.3/8.9.3) with ESMTP id MAA01298
for Tue, 14 Nov :29:
Received: from DIRECTORY-DAEMON by ROPER.UWYO.EDU (PMDF V #33749)
id for
(ORCPT Tue, 14 Nov :29: (MST)
Received: from hotmail.com (f74.law8.hotmail.com [ ])
by ROPER.UWYO.EDU (PMDF V #33749)
with ESMTP id for Tue,
14 Nov :29: (MST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue,
14 Nov :29:
Received: from by lw8fd.law8.hotmail.msn.com with HTTP; Tue,
14 Nov :29: (GMT)

14. Date: Tue, 14 Nov :29: (MST)
From: A Person
Subject: Subject removed
To:
Message-id:
MIME-version: 1.0
Content-type: text/plain; format=flowed
X-Originating-IP: [ ]
X-OriginalArrivalTime: 14 Nov :29: (UTC)
FILETIME=[3742A780:01C04E71]
Status: RO
X-Status: A
X-Keywords:
X-UID: 17247

15. SPAM & mass ing
The same information, you just saw, is what is also used to create and send SPAM.
Can you see the problem?

16. Example you can try. From a command window on your computer
telnet cottonwood 25
Send yourself an message, using the SMTP commands.

17. Sendmail Currently has about 75% of the market Versions
8.9.3 to 8.13 are current standards
8.11 out, default for linux systems
8.8.8 Still used by some vendors
9.0 is in a beta version and has been for many years.

18. Mail Systems Mail User Agent (MUA) Mail Transport Agent (MTA)
lets users read and compose mail
Mail Transport Agent (MTA)
routes messages among machines
Delivery Agent
places messages in local mailboxes
Access Agent
Connects user agent to messages (IMAP, POP)

19. User Agent Your e-mail program. Non-graphical graphical Remote
basic: mail, mailx, Mail (usually same program)
mail (BSD) and Mail (sysV) may both exist
Non-graphical
elm, pine
graphical
Rmail and VM (with emacs), mh/xmh, many more
Remote
uses pop or imap

20. Transport Agents Delivery agents Access agents
PMDF (which roper uses), postfix, smail, qmail, exm, zmailer, and sendmail
Delivery agents
sendmail turns to local programs
mail.local or smrsh
Also procmail
Usually goes to /var/spool/mail or /var/mail
Access agents
imapd or popd (varying names for pop daemons)

21. Anatomy of a Message Envelope Header (RFC 822) Body of the message
Used by sendmail to figure out where the goes
Header (RFC 822)
Info about the message, time/date, transport agents are listed, redirections, etc
A record of how and when a message was delivered
Body of the message
The message the user sent.

22. Mail addressing Sendmail is about 20+ years old.
At that time, the Internet was in dozen pieces
mil nets, arpa nets, bit net, “frodo” nets, and BBS systems
Each had different routing, connection, and naming schemes
Sendmail is still built to support them and transport between the different “nets”.

23. Mail Aliases /etc/aliases file example: (on a cs.uwyo.edu machine)
abuse:
fred:
webmaster: aperson, bperson
mlist: :include:/home/list/mlistfile.txt
Once you add aliases to the file, you need to run: newaliases

24. Mail forwarding Besides the /etc/aliases (which only root can change)
A user can put a .forward file into their directory and sendmail redirect their mail to somewhere else
example of .forward
You can have more than one address. they need to be comma delimited.

25. 25 hops!
can only make 25 hops before it is returned to sending as undeliverable.
Meaning:
You should not .forward files moving mail from 1 machine to another machine, to another machine, etc.
Most makes about 4 to 8 average hops from one machine to another (across the internet).

26. List servers
Sendmail can function as a list server with the include command, but you should use another product, like
mailman, majordomo, listproc, smartlist, listserv lite.

27. Configuration
For debugging and fine gain details, see O’Reilly’s Sendmail guide (500+ pages long).
File and directories involved:
/etc/mail/*
/etc/sendmail.cf or /etc/mail/sendmail.cf
/etc/sendmail.mc (macro configuration for sendmail).
/var/spool/mqueue
/var/spool/mail or /var/mail

28. define(`ALIAS_FILE’, `/etc/aliases’)
For most configuration, you can use the sendmail.mc file (8.9.X+). Uses m4 macros to generate a sendmail.cf file.
Example:
define(`ALIAS_FILE’, `/etc/aliases’)
defines where the aliases file is.

29. Spam-related features
FEATURE (`access_db’)
Allows you to build a “mail firewall”
The file looks like the following
cyberspammer.com 550 Spam not accepted OK
REJECT
REJECT
uwyo.edu RELAY
Spam not accepted

30. Other FEATUREs FEATURE(`relay_entire_domain’) RELAY_DOMAIN(`domain,…’)
allows relaying for just your domain
RELAY_DOMAIN(`domain,…’)
add more domains to be relayed.
define(confCW_FILE,`-o /etc/sendmail.cw’)
FEATURE(use_cw_file)
in the sendmail.cw list virtual domains and domains you want to have relayed
Define(`SMART_HOST’, ‘mailhost.uwyo.edu’)
Where all outbound mail will be sent
MASQUERADE_AS, MASQUERADE_DOMAIN, masquerade_envelope, and masquerade_entier domain
Can the From line, so that you “hide”/masquerade as a single machine

31. Debugging mail mail –v seker@uwyo.edu
Send an as normal, but sendmail then gives verbose out as it talks to the receiving machine.

32. Lastly
Sendmail is cryptic and hard to configure and difficult to lecture on most of it, but a lot doesn’t need to be configured manually.
Read the book for more information and if needed be buy a good sendmail reference book.

33. AntiVirus and Linux
There are many vendors who provide antivirus for “mail gateways” on UNIX and linux
Clamav is an open source version and is also free.

34. Clamav command-line scanner fast, multi-threaded daemon
milter interface for sendmail
database updater with support for digital signatures
virus scanner C library
on-access scanning (Linux® and FreeBSD)
detection of over viruses, worms and trojans
built-in support for RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2, MS Cabinet files, MS CHM (Compressed HTML), MS SZDD
built-in support for mbox, Maildir and raw mail files
built-in support for Portable Executable files compressed with UPX, FSG, and Petite
From

35. Configuring Clamav /etc/clamd.conf configuration file
See the varying documentation in the file.
For clamav-milter
Reads /etc/clamd.conf and takes command line parameters
Some common ones
--max-children=15 --noreject --dont-wait --force-scan \
--dont-log-clean --postmaster-only --timeout=0
--quarantine-dir=/quarantinedir
--pidfile=/var/run/clamav/clamav-milter.pid \
local:/var/run/clamav/clamav-milter.sock

36. With Sendmail Configure clamav and clamav-milter
Make sure both are started and start onboot.
Clamav-milter is part that works with sendmail (and other mailers)
Add the following lines to the sendmail.mc file
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clam av-milter.sock,F=, T=S:4m;R:4m')dnl
Clamav-milter.sock must be same as configured in clamav
define(`confINPUT_MAIL_FILTERS', `clmilter')
Now will be scanned for viruses.

37. Virus updates Uses freshclam to get updates.
Configured to run as a deamon or as cron job
Uses DNS entries to lookup the current virus pattern files, if new, then it downloads it and updates the definition file.

38. SpamAssassin Get it from the DAG archive
For Redhat/Fedora/CentOS
Main Config’s are in /etc/mail/spamassassin/, but can be configured per user as well.
Normally called via procmail, instead of sendmail
can be configured into sendmail like clamav

39. local.cf Configure up which tests and the “threshold” value
Somewhere between 6 and 10.
# How many hits before a message is considered spam.
required_score
# Change the subject of suspected spam
rewrite_header subject [SPAM-H]

40. Using for all inbound e-mail
Edit/create a file /etc/procmailrc, uses procmail
DROPPRIVES=yes
# send mail through spamassassin
:0 HD
#look for Subject: [SPAM-H]
# don't run spamassassin on already marked spam
* ! ^Subject:.*\[SPAM-H\] {
:0fw
| /usr/bin/spamc }

41. Documentation For ClamAV For SpamAssassin For Procmail For Sendmail
For SpamAssassin
For lots of tips and config’s:
For Procmail
see interesting links
For Sendmail

42. Q A
&