Jump to first page

Electronic Mail

Peter D’Souza

Jump to first page

Outline Introduction Mail Systems Components of a Mail Message Administrative Principles/Practices Aliases Sendmail Security, privacy and other issues

Jump to first page

Introduction Essential to both businesses and individuals New standard of social behavior

Cheaper/faster than postal services Less formal than paper Less personal than actual conversations

Jump to first page

Mail Systems

Four distinct components MUA - Mail user agent MTA - Mail Transport agent Delivery Agent Access agent (optional) Mail submission agent that speaks SMTP

sometimes included

Jump to first page

Mail Systems

Message

Store

Eudora

mail

Pine

UA

UA

UA

SA

TA TA

DA

DA

DA

imapd

procmail

mail.local

sendmailsendmail

(port 25)

sendmail

(port 587)

UA=User Agent

SA=Submission Agent

TA=Transport Agent

DA=Delivery Agent

AA=Access Agent

To

local

user

agents

Internet

Host A - Sender Host B - Receiver

Jump to first page

User Agents

Used to read and compose messages Protect text embedded in contents System wide and user-specific configuration

supported

Jump to first page

Transport Agents

Accept mail from user agent, understand recipient’s address, and get mail to correct host for delivery

Speak SMTP protocol eg. sendmail, PMDF, PostFix, etc.

Jump to first page

Delivery Agents

Accept mail from transport agent and actually deliver it to the appropriate local recipients

Speak SMTP protocol eg. /bin/mail (local users), /bin/sh (mail going

to a file), mail.local, smrsh

Jump to first page

Other Agents

Access Agents Connects user agent to message store eg. IMAP or POP

Mail Submission Agents Runs on a different port Does all the prep work and error checking

before the message can be sent out by TA Sendmail acts as both MSA and TA

Jump to first page

Anatomy of a Mail Message

EnvelopeFrom evi Wed Jan 19 19:01:11 2000Received: (from evi@localhost) by xor.com (8.9.3/8.9.3) id TAA17820; Wed, 19 Jan 2000 19:01:11 –0700 (MST)Date: Wed, 19 Jan 2000 19:01:11 –0700 (MST)From: Evi Nemeth Evi.Nemeth@xor.comMessage-Id: 200001200201.TAA17820@xor.comTo: trent@xor.comSubject: xor.mcCC: evi@xor.comStatus: R

Determines where the message will be delivered or, if the message cannot be delivered, to whom it should be returned.

Jump to first page

Anatomy of a Mail Message (Contd)

Header2: Return-Path: eric@knecht.sendmail.org

3: Received: from anchor.cs.colorado.EDU (root@anchor.cs.colorado.edu [128.138.242.1]) by columbine.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA21741 for < evi@rupertsberg.cs.colorado.edu >; Fri, 1 Oct 1999 07:04:25 – 0700 (MST)

4: Received: from mroe.cs.colorado.EDU (mroe.cs.colorado.edu[128.138.243.151]) by anchor.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA26176 for < evi@anchor.cs.colorado.edu >; Fri, 1 Oct 1999 07:04:24 – 0700 (MST)

5: Received: from knecht.sendmail.org(knecht.sendmail.org [209.31.233.160]) [128.138.242.1] by mroe.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA09899 for < evi@anchor.cs.cs.colorado.edu >; Fri, 1 Oct 1999 07:04:23 – 700 (MST)

6. Received: from knecht.sendmail.org (localhost [127.0.0.1]) by knecht.sendmail.org (8.9.3/8.9.3) with ESMTP id GAA18984; Fri, 1 Oct 1999 07:04:25 – 800 (PST)

Collection of Property-value pairs formatted according to RFC822 Body

Jump to first page

Mail Philosophy Servers for incoming and outgoing mail; or for really

large sites, a hierarchy Replication of incoming and outgoing servers Typical UNIX hosts with minimal sendmail capabilities Firewall

A mail home for each user at a physical site Enforced through ‘aliases’ file, ‘maildrop’ field or LDAP

database Remote access provided via POP or IMAP

IMAP or POP to integrate PCs, Macs and remote clients IMAP delivers messages one at a time POP downloads all messages from server

Jump to first page

Mail Aliases Allow mail to be rerouted

Allow users to be referred by more than one name Define mailing lists Forward mail among machines

Defined in UA’s configuration file (sending user), /etc/mail/aliases (global) or in a .forward file(recipient)

Examples Nemeth: evi Evi: evi@mailhub Authors: evi,garth,scott,trent

From mail point of view, alias supersedes /etc/passwd

Loops detected by sendmail

Jump to first page

Mailing lists Giant alias Usually specified in /etc/aliases but maintained in

external file :include: directive in aliases

sabook: :include:/usr/local/mail/usah.readersowner-mylist: mylist-requestmylist-request:eviowner-owner: postmaster

Maintenance done by list manager eg. Majordomo, Mailman, etc.

Jump to first page

sendmail Transport agent developed at Berkeley Can adapt to whims of standard-makers due to

flexibiiity of its configuration file Generates error messages and returns messages to

sender if they are undeliverable Components required for installation

sendmail binary configuration file (/etc/mail/sendmail.cf) Mail queue directory (/var/spool/mqueue) Links to sendmail (newaliases, mailq, hoststat) Local delivery agents, smrsh and mail.local

Jump to first page

sendmail (contd) Latest version available at www.sendmail.org

Steps for installation Initialize Database format and strategy for interfacing

with administrative databases such as NIS or NetInfo Compile

FOR LDAP - sh ./Build –c –f site.config.m4 Should be explicitly started in rc files at boot time Can be run on standalone clients as well by configuring

it as null client (not run as daemon) switch file used to exert fine grained control

Jump to first page

sendmail – Config file Raw config file designed for ease in parsing Config file determines

Choice of delivery agents Address rewriting rules Mail header formats Options Security precautions Spam resistance

At runtime, sendmail must be killed and restarted or sent a HUP signal if config file is changed

Commonly uses m4 macros

Jump to first page

sendmail – config primitives VERSIONID – embed version information (CVS) OSTYPE – Vendor specific information for operating

system details DOMAIN – site-wide generic information (doing an

include) MAILER – must be included for every delivery agent

Jump to first page

Spam control features Rules that control relaying

Relaying used by spammers to disguise identity Only hosts that are tagged with RELAY in access

database can submit mail for relaying Offers features for restricted relaying

Access database Acts as mail specific firewall Blocks mails from specific users and domains Specify which domains a machine will relay for

Blacklists Blocks local users or hosts

Header checking Uses low level sendmail config file syntax to look for

patterns in headers and reject these

Jump to first page

Security in sendmail Ships with built-in hooks for encryption Later versions support both SMTP authentication and

encryption with SSL (TLS–Transport Layer Security) Includes DontBlameSendmail option to warn about

potential risks in installation Ownerships

DefaultUser : should not own any files TrustedUser : can own maps and alias files RunAsUser : run under after socket connections to port

25 are opened; switches identities to a different UID

Jump to first page

Security (contd) Permissions

Does not read files with lax permissions (world-writeable or that live in group or world-writeable directories)

Requires that entire path to any alias or forward file must be trusted i.e. no component can have group write permission

Does not read a .forward file with link count > 1 SafeFileEnvironment option controls where files can be

written and protect device files and directories

Jump to first page

Security (contd.) Authentication

Includes SMTP authentication to verify identity of sending machine

authwarnings option flags local attempts at forgery by adding Authentication-warning header to outgoing mail

identd daemon can be used to verify a sender’s real login name

Message Privacy External encryption package needs to be used

(PGP,TLS,etc) Simple authentication and Security Layer

Generic authentication mechanism Uses authorization identifier and authentication identifier to

map to permissions on files, UNIX passwords, Kerberos tickets, etc.

Only authentication part used in sendmail

Jump to first page

Other issues Privacy

Lists privacy options in sendmail/conf.c Controls what people can determine about your site from

SMTP States what you require of host on other end of SMTP

connection Defines whether users can see or run mail queue

DOS attacks Flooding SMTP port with bogus connections MaxDaemonChildren

limits number of sendmail processes Prevents system from being overwhelmed with sendmail work

MaxMessageSize Prevents mail queue directory from filling

ConnectionRateThrottle Limits number of connections per second that are permitted

MaxRcptsPerMessage Controls max number of recipients allowed on a single message

Jump to first page

Thank you