jump to first page electronic mail peter d’souza
TRANSCRIPT
Jump to first page
Electronic Mail
Peter D’Souza
Jump to first page
Outline Introduction Mail Systems Components of a Mail Message Administrative Principles/Practices Aliases Sendmail Security, privacy and other issues
Jump to first page
Introduction Essential to both businesses and individuals New standard of social behavior
Cheaper/faster than postal services Less formal than paper Less personal than actual conversations
Jump to first page
Mail Systems
Four distinct components MUA - Mail user agent MTA - Mail Transport agent Delivery Agent Access agent (optional) Mail submission agent that speaks SMTP
sometimes included
Jump to first page
Mail Systems
Message
Store
Eudora
Pine
UA
UA
UA
SA
TA TA
DA
DA
DA
imapd
procmail
mail.local
sendmailsendmail
(port 25)
sendmail
(port 587)
UA=User Agent
SA=Submission Agent
TA=Transport Agent
DA=Delivery Agent
AA=Access Agent
To
local
user
agents
Internet
Host A - Sender Host B - Receiver
Jump to first page
User Agents
Used to read and compose messages Protect text embedded in contents System wide and user-specific configuration
supported
Jump to first page
Transport Agents
Accept mail from user agent, understand recipient’s address, and get mail to correct host for delivery
Speak SMTP protocol eg. sendmail, PMDF, PostFix, etc.
Jump to first page
Delivery Agents
Accept mail from transport agent and actually deliver it to the appropriate local recipients
Speak SMTP protocol eg. /bin/mail (local users), /bin/sh (mail going
to a file), mail.local, smrsh
Jump to first page
Other Agents
Access Agents Connects user agent to message store eg. IMAP or POP
Mail Submission Agents Runs on a different port Does all the prep work and error checking
before the message can be sent out by TA Sendmail acts as both MSA and TA
Jump to first page
Anatomy of a Mail Message
EnvelopeFrom evi Wed Jan 19 19:01:11 2000Received: (from evi@localhost) by xor.com (8.9.3/8.9.3) id TAA17820; Wed, 19 Jan 2000 19:01:11 –0700 (MST)Date: Wed, 19 Jan 2000 19:01:11 –0700 (MST)From: Evi Nemeth [email protected]: [email protected]: [email protected]: xor.mcCC: [email protected]: R
Determines where the message will be delivered or, if the message cannot be delivered, to whom it should be returned.
Jump to first page
Anatomy of a Mail Message (Contd)
Header2: Return-Path: [email protected]
3: Received: from anchor.cs.colorado.EDU ([email protected] [128.138.242.1]) by columbine.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA21741 for < [email protected] >; Fri, 1 Oct 1999 07:04:25 – 0700 (MST)
4: Received: from mroe.cs.colorado.EDU (mroe.cs.colorado.edu[128.138.243.151]) by anchor.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA26176 for < [email protected] >; Fri, 1 Oct 1999 07:04:24 – 0700 (MST)
5: Received: from knecht.sendmail.org(knecht.sendmail.org [209.31.233.160]) [128.138.242.1] by mroe.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id HAA09899 for < [email protected] >; Fri, 1 Oct 1999 07:04:23 – 700 (MST)
6. Received: from knecht.sendmail.org (localhost [127.0.0.1]) by knecht.sendmail.org (8.9.3/8.9.3) with ESMTP id GAA18984; Fri, 1 Oct 1999 07:04:25 – 800 (PST)
Collection of Property-value pairs formatted according to RFC822 Body
Jump to first page
Mail Philosophy Servers for incoming and outgoing mail; or for really
large sites, a hierarchy Replication of incoming and outgoing servers Typical UNIX hosts with minimal sendmail capabilities Firewall
A mail home for each user at a physical site Enforced through ‘aliases’ file, ‘maildrop’ field or LDAP
database Remote access provided via POP or IMAP
IMAP or POP to integrate PCs, Macs and remote clients IMAP delivers messages one at a time POP downloads all messages from server
Jump to first page
Mail Aliases Allow mail to be rerouted
Allow users to be referred by more than one name Define mailing lists Forward mail among machines
Defined in UA’s configuration file (sending user), /etc/mail/aliases (global) or in a .forward file(recipient)
Examples Nemeth: evi Evi: evi@mailhub Authors: evi,garth,scott,trent
From mail point of view, alias supersedes /etc/passwd
Loops detected by sendmail
Jump to first page
Mailing lists Giant alias Usually specified in /etc/aliases but maintained in
external file :include: directive in aliases
sabook: :include:/usr/local/mail/usah.readersowner-mylist: mylist-requestmylist-request:eviowner-owner: postmaster
Maintenance done by list manager eg. Majordomo, Mailman, etc.
Jump to first page
sendmail Transport agent developed at Berkeley Can adapt to whims of standard-makers due to
flexibiiity of its configuration file Generates error messages and returns messages to
sender if they are undeliverable Components required for installation
sendmail binary configuration file (/etc/mail/sendmail.cf) Mail queue directory (/var/spool/mqueue) Links to sendmail (newaliases, mailq, hoststat) Local delivery agents, smrsh and mail.local
Jump to first page
sendmail (contd) Latest version available at www.sendmail.org
Steps for installation Initialize Database format and strategy for interfacing
with administrative databases such as NIS or NetInfo Compile
FOR LDAP - sh ./Build –c –f site.config.m4 Should be explicitly started in rc files at boot time Can be run on standalone clients as well by configuring
it as null client (not run as daemon) switch file used to exert fine grained control
Jump to first page
sendmail – Config file Raw config file designed for ease in parsing Config file determines
Choice of delivery agents Address rewriting rules Mail header formats Options Security precautions Spam resistance
At runtime, sendmail must be killed and restarted or sent a HUP signal if config file is changed
Commonly uses m4 macros
Jump to first page
sendmail – config primitives VERSIONID – embed version information (CVS) OSTYPE – Vendor specific information for operating
system details DOMAIN – site-wide generic information (doing an
include) MAILER – must be included for every delivery agent
Jump to first page
Spam control features Rules that control relaying
Relaying used by spammers to disguise identity Only hosts that are tagged with RELAY in access
database can submit mail for relaying Offers features for restricted relaying
Access database Acts as mail specific firewall Blocks mails from specific users and domains Specify which domains a machine will relay for
Blacklists Blocks local users or hosts
Header checking Uses low level sendmail config file syntax to look for
patterns in headers and reject these
Jump to first page
Security in sendmail Ships with built-in hooks for encryption Later versions support both SMTP authentication and
encryption with SSL (TLS–Transport Layer Security) Includes DontBlameSendmail option to warn about
potential risks in installation Ownerships
DefaultUser : should not own any files TrustedUser : can own maps and alias files RunAsUser : run under after socket connections to port
25 are opened; switches identities to a different UID
Jump to first page
Security (contd) Permissions
Does not read files with lax permissions (world-writeable or that live in group or world-writeable directories)
Requires that entire path to any alias or forward file must be trusted i.e. no component can have group write permission
Does not read a .forward file with link count > 1 SafeFileEnvironment option controls where files can be
written and protect device files and directories
Jump to first page
Security (contd.) Authentication
Includes SMTP authentication to verify identity of sending machine
authwarnings option flags local attempts at forgery by adding Authentication-warning header to outgoing mail
identd daemon can be used to verify a sender’s real login name
Message Privacy External encryption package needs to be used
(PGP,TLS,etc) Simple authentication and Security Layer
Generic authentication mechanism Uses authorization identifier and authentication identifier to
map to permissions on files, UNIX passwords, Kerberos tickets, etc.
Only authentication part used in sendmail
Jump to first page
Other issues Privacy
Lists privacy options in sendmail/conf.c Controls what people can determine about your site from
SMTP States what you require of host on other end of SMTP
connection Defines whether users can see or run mail queue
DOS attacks Flooding SMTP port with bogus connections MaxDaemonChildren
limits number of sendmail processes Prevents system from being overwhelmed with sendmail work
MaxMessageSize Prevents mail queue directory from filling
ConnectionRateThrottle Limits number of connections per second that are permitted
MaxRcptsPerMessage Controls max number of recipients allowed on a single message
Jump to first page
Thank you