Difference between revisions of "OPS335 Lab 4"

From CDOT Wiki
Jump to: navigation, search
(Sending a Mail Message from your vm2 Machine to your Seneca Email Account)
 
(128 intermediate revisions by 6 users not shown)
Line 1: Line 1:
 
[[Category:OPS335]][[Category:OPS335 Labs]]
 
[[Category:OPS335]][[Category:OPS335 Labs]]
  
==MAIL SERVER RESOURCES==
+
==OVERVIEW & PREPARATION==
  
 +
{{Admon/important|Warning|Your lab 3 must be complete with a functioning DNS server for your domain before this lab will work.}}
  
Online References:
+
You may not be aware of it as an user, but email is a very <u>complex</u> system to administer. In fact, the more modern e-mail systems (eg. web-based mail applications, etc) are more technically involved than the other archaic, hard-to-configure, and sometimes inter-operable mail systems.
  
* [https://prezi.com/iuk-advzak_o/mail-servers-postfix/ OPS335 Mail Server Notes ] (Course Notes providing Mail Server Concepts)
+
We are going to spread the remaining email labs over a few weeks, so that by the end of this topic, you will have a sufficient understanding of what services are involved in sending, filtering, and reading email. You will also have the skills to configure a basic mail setup using the default services provided for your Centos7 Linux distribution.
* [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command] (examples how to send e-mail using mail command)
 
* [http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands View and Manage Received e-mail Mesages] (Common commands to view and manage received email messages)
 
* [https://support.google.com/mail/answer/29436?hl=en Reading Full Email Headers] (Explanation of message header information)
 
  
 +
Believe it or not, this is a simple diagram of you sending an email to someone else:
  
==OVERVIEW &amp; PREPARATION==
+
[[Image:Email-servers.png]]
This lab will show you how to set up a Mail User Agent ('''MUA'''), using the mailx package on your '''VM2''' machine, to allow users of that VM to locally send and receive e-mails. You will also be able to send a text-based e-mail from your '''VM2 machine''' to your '''Seneca mail account''' (only to send to an external server, but <u>not</u> receive). You will also learn which Mail Transfer Agent (MTA) is allowing messages to be sent locally within your VM2 machine and also externally to your Seneca College mail account. In addition, you will learn where the message store (MS) is located that stores mail messages until they are viewed and either deleted or transferred to other folders.
 
 
 
In order to send e-mail messages '''between your different VMs, a more complex set-up is required''', and will be addressed in the second part of lab4 (lab4b).
 
 
 
The '''diagram''' below shows the layout of the what this lab should be able to accomplish:
 
 
 
 
 
[[Image:email-setup-simple.png]]
 
  
 +
This lab will show you how to set up a Mail User Agent ('''MUA'''), using the '''mailx''' package on your '''vm2''' machine to send and receive e-mails on your local VM. In this case, the '''Postfix''' package which represents your '''MTA''' is most likely already installed and running on your local VM. In addition to sending and receiving emails on your Local VM, you will also be able to send a text-based e-mail from your '''vm2 machine''' to your '''Seneca mail account'''. You will also learn how to make multiple MTAs in the same network collaborate in sending emails. In addition, you will learn where the message store (MS) is located that stores mail messages until they are viewed and either deleted or transferred to other folders.
  
 +
Although, you will not be able to receive mail messages from outside sources (such as your Seneca email account), this lab acts as a starting point in order to run a basic email server. You are NOT required to go into tremendous depth (just the minimum requirements). For example, we will not go over every aspect of the Postfix MTA service, but you should know what it represents and what is its main purpose, as opposed to the following: [https://en.wikipedia.org/wiki/Postfix_%28software%29#Architecture complex diagram 1] , [https://www.credativ.de/blog/postfix-architecture-overview complex diagram 2].
  
 +
===Online References:===
  
 +
* [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command] (examples how to send e-mail using mail command)
 +
* [http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands View and Manage Received e-mail Mesages] (Common commands to view and manage received email messages)
 +
* [https://support.google.com/mail/answer/29436?hl=en Reading Full Email Headers] (Explanation of message header information)
 +
* [http://wiki.dovecot.org/MailServerOverview Here's an overview] (common mail server terms)
  
 
==INVESTIGATION 1: INSTALL, SET-UP, AND USE THE MAIL USER AGENT ('''MUA''')==
 
==INVESTIGATION 1: INSTALL, SET-UP, AND USE THE MAIL USER AGENT ('''MUA''')==
  
We will be using a simple text-based Mail User Agent ('''MUA''') called '''mailx''' in this lab to '''send and receive mail messages within your VM2 machine''' and to '''send mail messages to your Seneca e-mail account'''.
+
We will be using a simple text-based '''Mail User Agent (MUA)''' called '''mailx''' in this lab to '''both send and receive''' mail messages within your '''vm2''' machine and to '''only send''' mail messages from your '''vm2''' machine to your Seneca e-mail account.
  
'''NOTE:''' Due to the simplicity of this mail server setup, and the setup of Seneca College's mail server, you '''<u>cannot</u>''' send Seneca e-mail messages to your '''VM2''' machine.
+
'''NOTE:''' Because you're using private IP addresses and no external DNS servers are pointing to your network, you '''<u>cannot</u>''' send e-mail messages from outside your environment to your '''vm2''' machine.
  
 
=== Installing the Mail User Agent (MUA)===
 
=== Installing the Mail User Agent (MUA)===
Line 37: Line 35:
  
 
#Make certain you are in your '''vm2''' machine.
 
#Make certain you are in your '''vm2''' machine.
#Issue the following command to install the '''mailx''' application (MUA):<br>'''yum install mailx'''<br><br>
+
#Install the '''mailx''' application (MUA) using yum
 
:'''NOTE:''' You can refer to the link below to acquaint yourself on how to send e-mail messages using '''mailx''' application:<br> [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command Examples]
 
:'''NOTE:''' You can refer to the link below to acquaint yourself on how to send e-mail messages using '''mailx''' application:<br> [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command Examples]
  
===Sending a Mail Message from your VM2 Machine to your Seneca Email Account===
+
===Sending a Mail Message from your vm2 Machine to your Seneca Email Account===
 +
 
 +
{{Admon/important|Note|These instructions no longer work reliably. You can still send email to your own email server, and look at the server logs to see that it did really get sent. But it probably won't be accepted for one of a multitude of good reasons. If it doesn't work for you: don't worry about it for lab submission purposes.}}
  
We will now test to see if your MTA for your VM2 machine is correctly running by sending email messages from your VM2 machine to your Seneca e-mail account.
+
We will now test to see if your MTA for your vm2 machine is correctly running by sending email messages from your vm2 machine to your Seneca e-mail account.
  
 
'''Perform the following steps:'''
 
'''Perform the following steps:'''
  
 
#Make certain you are still in your '''vm2''' machine.
 
#Make certain you are still in your '''vm2''' machine.
#Test email from your machine by sending an email to your '''Seneca email account''' using the following command:<br>'''mail -s "Lab4a - test1" <Your Seneca email address>'''<br><br>'''NOTE:''' after you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.<br><br>
+
#Test email from your machine by sending an email to your '''Seneca email account''' using the following command:<br>'''mail -s "Lab4a - test1" <Your Seneca email address>'''<br><br>'''NOTE:''' after you type in the body of the mail message, move to an empty line, and then press the key combination '''&lt;ctrl&gt;&lt;d&gt;''' to send the message.<br><br>
#Check your Seneca email account to see if you got the email (note that it may take a <u>few minutes to arrive</u>, so you may also wish to try an alternate email account if you have one like gmail, etc). When you do receive that email, make a note of the return address.
+
#Check your Seneca email account (Inbox / Junk Email Folder) to see if you got the email (note that it may take a <u>few minutes to arrive</u>, so you may also wish to try an alternate email account if you have one like gmail, etc). When you do receive that email, make a note of the return address.
 
#If you did not receive the mail, check the mail logs on your vm2 machine to determine any errors messages that would indicate a mail server setup problem.
 
#If you did not receive the mail, check the mail logs on your vm2 machine to determine any errors messages that would indicate a mail server setup problem.
#Test email from your '''Host Machine''' by sending an email to your Seneca account using the following command:<br>'''mail -r "hacker.com (Canadian Revenue Agency)" -s "Lab4a - test2" <Your Seneca email address>
+
#Once you have succeeded in sending the first email, send a second email to the same destination using the following command:<br>'''mail -r "someone@hacker.com (Canadian Revenue Agency)" -s "Lab4a - test2" <Your Seneca email address>
#Check your Seneca email to see if you got the email. If you did, make a note of the return address. How would you think that including the '''-r''' option could be used by penetration hackers to gain access to a computer system? What sort of steps do you think should be taken to help prevent this type of attack from happening?
+
#Check your email to see if you got the email. If you did, make a note of the return address. How would you think that including the '''-r''' option could be used by penetration hackers to gain access to a computer system? What sort of steps do you think should be taken to help prevent this type of attack from happening?
  
===Sending a Mail Message within your VM2 Machine (vm2)===
+
===Sending a Mail Message within your vm2 Machine===
  
We will now test both your MUA (mailx) and MTA (postfix) by sending and receiving e-mail messages on the local VM2 machine only.
+
We will now test both your MUA (mailx) and MTA (postfix) by sending and receiving e-mail messages on the local vm2 machine only.
  
 
'''Perform the following Steps:'''
 
'''Perform the following Steps:'''
  
#Send an email message locally (i.e. only within) your VM2 machine by issuing the command:<br>'''mail -s "Lab4a - Local - Test1" <yourSenecaID>'''
+
#Send an email message locally (i.e. only within your vm2 machine) by issuing the command:<br>'''mail -s "Lab4a - Local - Test1" <yourSenecaID>'''
 
#After you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.
 
#After you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.
# Issue the following command: '''cat /var/log/spool/mail/<yourSenecaID>'''<br>What do you see? What does this show you in terms of where mail is stored on your e-mail server?
+
#Login with your '''regular user''' and issue the following command to read the mail message you send to yourself:<br>'''mail'''<br><br>'''NOTE:''' You can refer to the link below to view a reference chart on how to read and delete received e-mail messages at the mail command prompt:<br>[http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands Commands to View and Manage Received e-mail Mesages]<br><br>
#Issue the following command to read the mail message you send to yourself:<br>'''mail'''<br><br>'''NOTE:''' You can refer to the link below to view a reference chart on how to read and delete received e-mail messages at the mail command prompt:<br>[http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands Commands to View and Manage Received e-mail Mesages]<br><br>
+
#Issue the following command: '''cat /var/spool/mail/<yourSenecaID>'''<br>What do you see? What does this show you in terms of where mail is stored on your e-mail server?
#If you received an e-mail message, the message and subject line should appear as a listing in your mail command.<br>If you did not receive a mail message, check your mail server settings, check to see if you mail server is running and also check '''/var/log/messages'''.
+
#If you received an e-mail message, the message and subject line should appear as a listing in your mail command.<br><br>'''NOTE:''' If you did not receive a mail message, check your mail server settings, check to see if your mail server is running and also check '''/var/log/maillog''' and '''/var/log/messages''' (this step requires '''root''' privilege).<br><br>
#Type the mail message number that is displayed in your e-mail message list in the prompt and press ENTER. You should be able to confirm the message body that you sent.
+
#Once you have received the message, type the mail message number that is displayed in your e-mail message list in the prompt and press ENTER. You should be able to confirm the message body that you sent.
 
#Exit the mail program by typing the letter '''q''' and press ENTER.
 
#Exit the mail program by typing the letter '''q''' and press ENTER.
#Re-issue the '''mail''' command. What happened?
+
#Re-issue the '''mail''' command. What happened? Issue the command: '''cat /var/spool/mail/<yourSenecaID>'''. What do you notice?
 
#Exit the mail command.
 
#Exit the mail command.
 
===Checking the Message Store (MS) of Received Mail Messages===
 
 
We will now view the Message Store where messages are sent to be retrieved from the mail program.<br>We will also show you how to save mail messages into another message store file in another directory.
 
 
'''Perform the following Steps:'''
 
 
#Create a directory in your home directory called: '''mail'''.
 
#Re-issue the '''mail''' command, and enter the following command at the mail prompt: '''save &nbsp; 1 &nbsp; mail/msg1'''<br>Use the cat command to check the contents of '''/var/spool/mail<yourSenecaID>''' and '''~/mail/msg1'''. Exit the mail command.
 
#Try sending another e-mail from your VM2 account to yourself, but using your first name instead by issuing the following command:<br>'''mail -s "Lab4a - Local - Test2" <yourFirstName>'''
 
#Issue the '''mailq''' command on your VM2 machine (you will need to be root) to view the mail queue. Why would this command be useful for an administrator?
 
#Now, issue the '''mail''' command to see if you received that e-mail message. Did it work? If so, why?<br>Record your observations in your OPS335 lab logbook.<br><br>
 
  
 
'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''
 
'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''
  
 +
==INVESTIGATION 2: SETUP MTA TO SEND MAIL MESSAGES (NO ENCRYPTION)==
  
==INVESTIGATION 2: IDENTIFYING A DEFAULT MAIL TRANSFER AGENT ('''MTA''')==
+
We will be using the '''Postfix''' application as the '''MTA''', and we will be setting it up on your '''vm2''' and '''vm3''' machines. They will act as the "sending" email servers for your internal network. You will be able to send email out of your network, and receive email from within your network, but you will '''<u>not</u>''' receive email from outside of your network due to the following reasons:
 +
* Individuals outside of your domain will never find the MX records because there are no other DNS servers pointing to your DNS server (i.e. you haven't paid for it).
 +
* Even if the individuals could read your MX records, your local network is using IP addresses on a '''private subnet''', which is not routeable on the Internet, so it cannot be reached from outside of your system.
  
Obviously the Mail Transfer Agent must be running in order to send e-mail messages locally or to external mail server (like myseneca.ca). In this section, we will determine information relating to Seneca College's MTA when email messages are sent via your VM2 machine.
+
=== Verify the Postfix Service Status ===
  
=== Email Headers ===
+
'''Perform the following steps:'''
  
Normally, email headers are seldom seen with our e-mail applications such as '''MS Outlook''' (webmail) or '''Thunderbird'''. There are way in order to view detailed header information for each email we send that provides information how the email message was sent, including the name of the program that is running as the Mail Transfer Agent and its IPADDR. Although these email headers may look complicated, they can trace the steps of sending the e-mail messages among the MTAs to gain a better understanding of the email transmission process.
+
#The '''postfix''' application should be installed by default. If it isn't, install it.
 +
#Postfix is capable of sending email with the default configuration, so start and enable this service, and verify that the postfix service is running.
 +
#Look for the running postfix service in the list of listening ports by issuing the following command:<br><source>ss -atnp</source>
 +
#Which service is postfix running? Locate the port used by SMTP, and look for connections with the state LISTEN (i.e. currently listening).
 +
#Write your observations in your lab logbook.
  
 +
=== Testing the connection to the Postfix Service ===
  
'''Perform the following Steps:'''
+
We will be demonstrating the use of the '''nc''' application to test that the postfix service is running and listening.
  
{| width="40%" align="right" cellpadding="10"
+
'''Perform the following steps:'''
  
|- valign="top"
+
# If the '''nc''' command is not installed on your vm2 machine, install it (install '''nc''' command for your '''vm3''' as well).
|
+
# Connect from your '''vm2''' to itself using the '''nc''' command by issuing the following command:<br><source >nc localhost 25</source>
[[Image:outlook-lite-mode.png|thumb|right|300px|If your MS outlook web application looks like above, then your MS Outlook application is using the '''lite version''', and you would have to switch versions (see below for procedure). ]]
+
# You should see a response: <br><source >220 vm2.yourdomain.ops ESMTP Postfix</source>
|
+
# You could theoretically use SMTP commands to send an email here, but this would be a very unusual use of your mail server.  You have an '''MUA''' for a reason.
[[Image:outlook-regular-mode.png|thumb|right|300px|If your MS outlook web application looks like above, then your MS Outlook application is using the '''standard version''', so you can skip the procedure to switch versions.]]
+
#Enter the command '''QUIT''' to close the connection to the server, then '''<ctrl>-c''' to terminate the nc command.
|}
 
  
#Make certain you are in your '''vm2''' machine.
+
::'''NOTE:''' If it worked, this indicates that the postfix service is running, listening, and responding to connections.
#Send another email message from your VM2 machine to your '''Seneca email account''' using the command:<br>'''mail -s "Lab4a - Header Message" <Your Seneca email address>'''<br><br>'''NOTE:''' after you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.<br><br>
 
#View your e-mail message in your Seneca email account.
 
  
 +
<ol><li value="4">Let's see if it works from other machines. Use '''nc''' to connect to '''vm2''' from '''vm3''' and see if it works. If your firewall is set up properly, the nc command should not permit a connection (i.e. ''no route to host'').</li>
 +
<li>Create an iptables rule to allow incoming connections to your '''SMTP''' server on your '''vm2'''.</li>
 +
<li>Once you open the port in the firewall, retry the '''nc''' command. You should get a different error this time (e.g. ''connection refused''). This time the problem is that your service isn't listening on the outside interface, it's currently configured to listen only on the loopback (lo) interface.</li>
 +
<li>Make sure the new iptables rule gets saved so that it will be loaded automatically from startup.</li>
 +
</ol>
  
'''Switching Viewing Modes in MS Outlook Web Application:'''
+
=== Listening on all interfaces ===
  
[[Image:option-lite.png|thumb|right|400px|How to switch to '''standard version''': click to un-check the ''lite version'' option and save option setting. ]]
+
We need to configure the MTA not only to listen to connections from other (separate) MTAs, but to set the domain name and server name in order to allow the user to issue emails in the "standard way", and allow mail messages to provide a correct email address for replies.
  
:If you are using web-mail to read your Seneca e-mail message, then your Mail User Agent is probably using the '''MS Outlook Web mail application'''. In order to view mail header information in your MS Outlook web application, you need to be in a particular "viewing-mode".
+
'''Perform the following steps:'''
  
:This program can run in '''standard version''' or '''lite version'''. If your MS Outlook web application is using the '''"lite version"''', then it should look similar to the left-most of the two side-by-side diagrams displayed above, and you should follow the procedure below to switch to the '''"standard version"'''. If your MS Outlook web application appears like the right-most side-by-side diagrams above, then your program is using the '''"standard version"''', which mean that you can <u>skip</u> the following procedure to switch versions.
+
# In your '''vm2''' machine, launch in editing session for the postfix configuration file called: '''/etc/postfix/main.cf'''
 +
# Our first editing change to the Postfix configuration will be to make the service "listen" for incoming connections on the external interface (i.e '''eth0''' from the VMs point of view).<br>Change the value of the following parameter to what is displayed below:<br><source>inet_interfaces = all</source>
 +
# We should also set the string that will end up in the '''From:''' header in messages sent by this server.<br>Change the '''mydomain''' option to YOUR domain name (shown below):<source>mydomain = yoursenecaid.ops</source>
 +
# Also you must set the '''hostname''' for this server so that will correctly specify the hostname in the '''From:''' header in a sent mail message.<br>Make certain the following parameter only appears once (shown below):<source>myorigin = $myhostname</source>
 +
#Ensure that your '''hostname''' and '''DOMAIN''' name is properly set on your machine, otherwise you will need to set the '''myhostname''' parameter.
 +
<br>
 +
{{Admon/important|Warning|Make sure there are no other un-commented copies of those above-mentioned parameters in the Postfix configuration file.}}
 +
<br><ol><li value="6">Restart the postfix service, then use the '''ss''' command to confirm that the your MTA is now listening on <u>all</u> interfaces (not just loopback)</li>
 +
<li>Test by connecting to it (using the '''nc''' command) from your '''vm3''' machine.</li></ol>
  
:'''Procedure to Change from Lite-mode to Regular mode:'''
+
'''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''
 
 
:<ol type="a"><li>Click '''options''' located at the top-right corner of the MS Outlook web application window (to the left of the '''Sign Out''')</li><li>Click '''Outlook''' Version on the left-side of the ''Options'' window.</li><li>Click to de-select the '''Use the light version''' (i.e. no check mark)</li><li>Click the Save button near the top of the Options window to save your settings.</li><li>Sign-out of your MS Outlook Session, and login again.<br><br>'''NOTE: If your MS Outlook application does not change versions, then close all of your web-browsers, and then log into your Seneca email account.'''<br><br></li></ol>
 
  
=== Viewing Seneca Mail Message Headers ===
+
==INVESTIGATION 3: SENDING EMAIL BETWEEN MTAs for vm2 and vm3 (NO ENCRYPTION)==
{| width="40%" align="right" cellpadding="10"
 
  
|- valign="top"
+
Your '''vm2''' server should now be capable of '''sending''' and '''receiving''' email, but we can't be certain until we test it. This also would not help the users on the other machines in the network, which are still not capable of receiving email.
|
 
[[Image:view-message-details.png|thumb|right|300px|'''Right-click''' on the mail message that you recently sent with subject line "Lab4a - Header Message" and, select '''View Message Details'''. '''NOTE: If no mail message headers appear, try the previous step again until you see mail message header information.''' ]]
 
|
 
[[Image:message-details.png|thumb|right|300px|Use these header details to analyse information regarding the MTAs use to transfer the mail message from your VM2 machine to your Seneca mail account.]]
 
|}
 
Now that you are using the standard version of MS Outlook, we will now analyse the mail message header in your Seneca e-mail account that was sent from your VM2 machine to obtain information regarding Seneca's Mail Transfer Agent (MTA).
 
 
  
 
'''Perform the following steps:'''
 
'''Perform the following steps:'''
  
#'''Right-click''' on the mail message that you recently sent with subject line "Lab4a - Header Message".
+
# Repeat the configuration from investigation 2 on '''vm3''' (swap vm2 and vm3 when issuing command so that you are configuring vm3, and using your vm2 server to test the connections).
#Within the context menu, select '''View Message Details'''.<br><br>'''NOTE: If no mail message headers appear, try the previous step again until you see mail message header information.'''<br><br>
+
# Once that is complete, send an email from '''root on vm2''' to '''root on vm3''', and then reply '''from vm3 to vm2'''.
#To make the header information easier to read, highlite the text, copy and paste into a text editor (like '''gedit''').<br><br>
+
# If both messages arrive, both MTAs are working.  If not, use the troubleshooting tools and techniques you have already learned to diagnose and fix the problem.<br><br>
#Below is an example of header information that was sent by user msaul within their domain name msaul.org:<br><br>
+
{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using the dump or rsync command, and you should use  the Bash shell script that you were adviced to create in order to backup all of your VMs.}}
 +
<br>
 +
'''Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book'''
  
<source lang="bash">
+
==COMPLETING THE LAB==
Received: from SN1PR07MB2288.namprd07.prod.outlook.com (10.164.47.158) by
 
DM3PR07MB2284.namprd07.prod.outlook.com (10.164.33.158) with Microsoft SMTP
 
Server (TLS) id 15.1.409.15 via Mailbox Transport; Thu, 18 Feb 2016 15:08:51
 
+0000
 
Received: from BLUPR07CA088.namprd07.prod.outlook.com (10.160.24.43) by
 
SN1PR07MB2288.namprd07.prod.outlook.com (10.164.47.158) with Microsoft SMTP
 
Server (TLS) id 15.1.409.15; Thu, 18 Feb 2016 15:08:49 +0000
 
Received: from BN1BFFO11FD041.protection.gbl (2a01:111:f400:7c10::1:173) by
 
BLUPR07CA088.outlook.office365.com (2a01:111:e400:8ae::43) with Microsoft
 
SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Thu, 18 Feb 2016
 
15:08:49 +0000
 
Authentication-Results: spf=none (sender IP is 142.204.244.22)
 
smtp.mailfrom=msaul.org; senecacollege.ca; dkim=none (message not signed)
 
header.d=none;senecacollege.ca; dmarc=none action=none header.from=msaul.org;
 
Received-SPF: None (protection.outlook.com: msaul.org does not designate
 
permitted sender hosts)
 
'Received: from vm2.localdomain (142.204.244.22) by
 
BN1BFFO11FD041.mail.protection.outlook.com (10.58.144.104) with Microsoft
 
SMTP Server id 15.1.415.6 via Frontend Transport; Thu, 18 Feb 2016 15:08:49
 
+0000'
 
  
'Received: by vm2.localdomain (Postfix, from userid 1000)
+
Upon completion of this lab you should have postfix mail servers running on two machines, and starting automatically when they do. These servers must have sent email both ways between each other (from vm2 to vm3, and from vm3 to vm2), and to your seneca email (or other external mail server).  
    id 4EB6210866B2; Thu, 18 Feb 2016 05:08:44 -0500 (EST)'
 
Date: Thu, 18 Feb 2016 05:08:44 -0500
 
To: <murray.saul@senecacollege.ca>
 
Subject: Lab4a - Header Message
 
'User-Agent: Heirloom mailx 12.5 7/5/10'
 
MIME-Version: 1.0
 
Content-Type: text/plain; charset="us-ascii"
 
Content-Transfer-Encoding: 7bit
 
Message-ID: <20160218100844.4EB6210866B2@vm2.localdomain>
 
'From: Murray Saul <msaul@msaul.org>'
 
'Return-Path: msaul@msaul.org'
 
</source>
 
#Study the sections in <span style="color:red;font-weight:bold">"red"</span> to determine the following information of the e-mail source (i.e. "starting-point"):<ul><li>'''Full Name''' of sender</li><li>'''return e-mail address''' of sender</li><li>'''domain name''' where sender resides</li><li>'''UID''' of send's user account</li><li>'''name''' of MUA program</li><li>'''name''' of MTA program<li>'''domain name''' of MTA</li><li>'''IPADDR''' of MTA<br><br></li></ul>
 
#Using your e-mail header detail, determine the same information for the MTA on the receiving end of the MTA for Seneca E-mail.
 
#How many different MTAs where used in this process? Can you guess why so many transfers? Record your observations in your lab logbook.
 
#Use either the '''nslookup''', '''host''', or '''dig''' utilities to query those servers (type MX resource records) to see if you can obtain additional information regarding those mail servers.
 
  
 +
===Online Submission===
 +
Follow the instructions for lab 4a on blackboard.
 +
<!--
 +
===Andrew's sections===
  
=== Resetting MS Outlook Web Application to Lite Version (If Required) ===
+
You may choose to:
 
+
* Submit screenshots of your work on Blackboard, in which case you don't need to come to the lab.
'''If your MS Outline web application was previously using the lite version, and you wish to revert to this original setting, perform the following steps:'''
+
* Or come to the lab, show me your work, and talk to me about it. I want to hear what you've learned and answer any questions you have.
 
 
#Click the '''settings''' icon (looks like a gear located left to the help (?) icon.
 
#Click the General categories under the options on the left-side of the options menu.
 
#Click Light Version, and in the details area to the right, make certain that the Use the light version of Outlook on the web is selected (i.e. check mark appears), and click on Save at the top.
 
#Sign-out of your MS Outlook Session, and login again.<br><br>'''NOTE: If your MS Outlook application does not change versions, then close all of your web-browsers, and then log into your Seneca email account.'''
 
 
 
 
 
'''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''
 
 
 
 
 
==COMPLETING THE LAB==
 
  
Arrange proof that you can send e-mail from your '''VM2''' machine to your '''Seneca College e-mail account''', and than you can '''send and receive e-mail messages locally on your VM2 machine only'''. Also show your logbook notes regarding MTA information from your sent email header on your Seneca College mail account.
+
You'll get the same grade regardless of how you choose to submit your work.
  
 +
::<span style="color:green;font-size:1.5em;">&#x2713;</span>Arrange proof that you can send e-mail from your '''vm2''' machine to your '''Seneca College e-mail account''', and than you can '''send and receive e-mail messages between on your vm2 and vm3 machines'''.
 +
::<span style="color:green;font-size:1.5em;">&#x2713;</span>Download and run '''https://ict.senecacollege.ca/~andrew.smith/ops335/labcheck4a.bash''' on your '''host''' machine.
 +
::<span style="color:green;font-size:1.5em;">&#x2713;</span>Completed Lab4a log-book notes.
 +
-->
  
 
==EXPLORATION QUESTIONS==
 
==EXPLORATION QUESTIONS==
  
#Briefly list the students to install the MUA on your server for text-based messaging.
+
#Briefly list the steps to install the MUA on your server for text-based messaging.
#Briefly list the steps to trouble-shoot your server if you could not send e-mail messages from your VM2 machine to an external e-mail server.
+
#Briefly list the steps to trouble-shoot your server if you could not send e-mail messages from your vm2 machine to an external e-mail server.
#Write the command to send an e-mail message from your VM2 to your Seneca College e-mail account.
+
#Write the command to send an e-mail message from your vm2 to your Seneca College e-mail account.
#What are the commands to issue in the mail prompt to:<ul><li>Read the first e-mail message displayed</li><li>Save the 4th e-mail message to the file pathname: ~/maildir/3.msg.txt</li><li>Delete the 3rd e-mail message displayed</li><li>Exit the mail command prompt and return to the shell</li></ul><br>
+
#What are the commands to issue in the mail prompt to:<ul><li>Read the first e-mail message displayed</li><li>Save the 4th e-mail message to the file pathname: ~/maildir/3.msg.txt</li><li>Delete the 3rd e-mail message displayed</li><li>Exit the mail command prompt and return to the shell</li></ul>
#What were the results of sending emails locally on your VM2 machine? Show log segments to verify your answers.
+
#What were the results of sending emails locally on your vm2 machine? Show log segments to verify your answers.
#List the steps to show your email header to trace the transmission between Mail Transfer Agents among different mail servers.
+
# What is the purpose of an MTA?
 +
# What is the purpose of an MUA?
 +
# Draw a simple diagram showing how an MUA and an MTA are used to send e-mail messages between different servers.
 +
# List the steps to test a running postfix service using the nc application.

Latest revision as of 19:17, 4 January 2021


OVERVIEW & PREPARATION

Important.png
Warning
Your lab 3 must be complete with a functioning DNS server for your domain before this lab will work.

You may not be aware of it as an user, but email is a very complex system to administer. In fact, the more modern e-mail systems (eg. web-based mail applications, etc) are more technically involved than the other archaic, hard-to-configure, and sometimes inter-operable mail systems.

We are going to spread the remaining email labs over a few weeks, so that by the end of this topic, you will have a sufficient understanding of what services are involved in sending, filtering, and reading email. You will also have the skills to configure a basic mail setup using the default services provided for your Centos7 Linux distribution.

Believe it or not, this is a simple diagram of you sending an email to someone else:

Email-servers.png

This lab will show you how to set up a Mail User Agent (MUA), using the mailx package on your vm2 machine to send and receive e-mails on your local VM. In this case, the Postfix package which represents your MTA is most likely already installed and running on your local VM. In addition to sending and receiving emails on your Local VM, you will also be able to send a text-based e-mail from your vm2 machine to your Seneca mail account. You will also learn how to make multiple MTAs in the same network collaborate in sending emails. In addition, you will learn where the message store (MS) is located that stores mail messages until they are viewed and either deleted or transferred to other folders.

Although, you will not be able to receive mail messages from outside sources (such as your Seneca email account), this lab acts as a starting point in order to run a basic email server. You are NOT required to go into tremendous depth (just the minimum requirements). For example, we will not go over every aspect of the Postfix MTA service, but you should know what it represents and what is its main purpose, as opposed to the following: complex diagram 1 , complex diagram 2.

Online References:

INVESTIGATION 1: INSTALL, SET-UP, AND USE THE MAIL USER AGENT (MUA)

We will be using a simple text-based Mail User Agent (MUA) called mailx in this lab to both send and receive mail messages within your vm2 machine and to only send mail messages from your vm2 machine to your Seneca e-mail account.

NOTE: Because you're using private IP addresses and no external DNS servers are pointing to your network, you cannot send e-mail messages from outside your environment to your vm2 machine.

Installing the Mail User Agent (MUA)

Perform the following Steps:

  1. Make certain you are in your vm2 machine.
  2. Install the mailx application (MUA) using yum
NOTE: You can refer to the link below to acquaint yourself on how to send e-mail messages using mailx application:
Mail Send Command Examples

Sending a Mail Message from your vm2 Machine to your Seneca Email Account

Important.png
Note
These instructions no longer work reliably. You can still send email to your own email server, and look at the server logs to see that it did really get sent. But it probably won't be accepted for one of a multitude of good reasons. If it doesn't work for you: don't worry about it for lab submission purposes.

We will now test to see if your MTA for your vm2 machine is correctly running by sending email messages from your vm2 machine to your Seneca e-mail account.

Perform the following steps:

  1. Make certain you are still in your vm2 machine.
  2. Test email from your machine by sending an email to your Seneca email account using the following command:
    mail -s "Lab4a - test1" <Your Seneca email address>

    NOTE: after you type in the body of the mail message, move to an empty line, and then press the key combination <ctrl><d> to send the message.

  3. Check your Seneca email account (Inbox / Junk Email Folder) to see if you got the email (note that it may take a few minutes to arrive, so you may also wish to try an alternate email account if you have one like gmail, etc). When you do receive that email, make a note of the return address.
  4. If you did not receive the mail, check the mail logs on your vm2 machine to determine any errors messages that would indicate a mail server setup problem.
  5. Once you have succeeded in sending the first email, send a second email to the same destination using the following command:
    mail -r "someone@hacker.com (Canadian Revenue Agency)" -s "Lab4a - test2" <Your Seneca email address>
  6. Check your email to see if you got the email. If you did, make a note of the return address. How would you think that including the -r option could be used by penetration hackers to gain access to a computer system? What sort of steps do you think should be taken to help prevent this type of attack from happening?

Sending a Mail Message within your vm2 Machine

We will now test both your MUA (mailx) and MTA (postfix) by sending and receiving e-mail messages on the local vm2 machine only.

Perform the following Steps:

  1. Send an email message locally (i.e. only within your vm2 machine) by issuing the command:
    mail -s "Lab4a - Local - Test1" <yourSenecaID>
  2. After you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.
  3. Login with your regular user and issue the following command to read the mail message you send to yourself:
    mail

    NOTE: You can refer to the link below to view a reference chart on how to read and delete received e-mail messages at the mail command prompt:
    Commands to View and Manage Received e-mail Mesages

  4. Issue the following command: cat /var/spool/mail/<yourSenecaID>
    What do you see? What does this show you in terms of where mail is stored on your e-mail server?
  5. If you received an e-mail message, the message and subject line should appear as a listing in your mail command.

    NOTE: If you did not receive a mail message, check your mail server settings, check to see if your mail server is running and also check /var/log/maillog and /var/log/messages (this step requires root privilege).

  6. Once you have received the message, type the mail message number that is displayed in your e-mail message list in the prompt and press ENTER. You should be able to confirm the message body that you sent.
  7. Exit the mail program by typing the letter q and press ENTER.
  8. Re-issue the mail command. What happened? Issue the command: cat /var/spool/mail/<yourSenecaID>. What do you notice?
  9. Exit the mail command.

Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book

INVESTIGATION 2: SETUP MTA TO SEND MAIL MESSAGES (NO ENCRYPTION)

We will be using the Postfix application as the MTA, and we will be setting it up on your vm2 and vm3 machines. They will act as the "sending" email servers for your internal network. You will be able to send email out of your network, and receive email from within your network, but you will not receive email from outside of your network due to the following reasons:

  • Individuals outside of your domain will never find the MX records because there are no other DNS servers pointing to your DNS server (i.e. you haven't paid for it).
  • Even if the individuals could read your MX records, your local network is using IP addresses on a private subnet, which is not routeable on the Internet, so it cannot be reached from outside of your system.

Verify the Postfix Service Status

Perform the following steps:

  1. The postfix application should be installed by default. If it isn't, install it.
  2. Postfix is capable of sending email with the default configuration, so start and enable this service, and verify that the postfix service is running.
  3. Look for the running postfix service in the list of listening ports by issuing the following command:
    ss -atnp
  4. Which service is postfix running? Locate the port used by SMTP, and look for connections with the state LISTEN (i.e. currently listening).
  5. Write your observations in your lab logbook.

Testing the connection to the Postfix Service

We will be demonstrating the use of the nc application to test that the postfix service is running and listening.

Perform the following steps:

  1. If the nc command is not installed on your vm2 machine, install it (install nc command for your vm3 as well).
  2. Connect from your vm2 to itself using the nc command by issuing the following command:
    nc localhost 25
  3. You should see a response:
    220 vm2.yourdomain.ops ESMTP Postfix
  4. You could theoretically use SMTP commands to send an email here, but this would be a very unusual use of your mail server. You have an MUA for a reason.
  5. Enter the command QUIT to close the connection to the server, then <ctrl>-c to terminate the nc command.
NOTE: If it worked, this indicates that the postfix service is running, listening, and responding to connections.
  1. Let's see if it works from other machines. Use nc to connect to vm2 from vm3 and see if it works. If your firewall is set up properly, the nc command should not permit a connection (i.e. no route to host).
  2. Create an iptables rule to allow incoming connections to your SMTP server on your vm2.
  3. Once you open the port in the firewall, retry the nc command. You should get a different error this time (e.g. connection refused). This time the problem is that your service isn't listening on the outside interface, it's currently configured to listen only on the loopback (lo) interface.
  4. Make sure the new iptables rule gets saved so that it will be loaded automatically from startup.

Listening on all interfaces

We need to configure the MTA not only to listen to connections from other (separate) MTAs, but to set the domain name and server name in order to allow the user to issue emails in the "standard way", and allow mail messages to provide a correct email address for replies.

Perform the following steps:

  1. In your vm2 machine, launch in editing session for the postfix configuration file called: /etc/postfix/main.cf
  2. Our first editing change to the Postfix configuration will be to make the service "listen" for incoming connections on the external interface (i.e eth0 from the VMs point of view).
    Change the value of the following parameter to what is displayed below:
    inet_interfaces = all
  3. We should also set the string that will end up in the From: header in messages sent by this server.
    Change the mydomain option to YOUR domain name (shown below):
    mydomain = yoursenecaid.ops
  4. Also you must set the hostname for this server so that will correctly specify the hostname in the From: header in a sent mail message.
    Make certain the following parameter only appears once (shown below):
    myorigin = $myhostname
  5. Ensure that your hostname and DOMAIN name is properly set on your machine, otherwise you will need to set the myhostname parameter.


Important.png
Warning
Make sure there are no other un-commented copies of those above-mentioned parameters in the Postfix configuration file.

  1. Restart the postfix service, then use the ss command to confirm that the your MTA is now listening on all interfaces (not just loopback)
  2. Test by connecting to it (using the nc command) from your vm3 machine.

Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book

INVESTIGATION 3: SENDING EMAIL BETWEEN MTAs for vm2 and vm3 (NO ENCRYPTION)

Your vm2 server should now be capable of sending and receiving email, but we can't be certain until we test it. This also would not help the users on the other machines in the network, which are still not capable of receiving email.

Perform the following steps:

  1. Repeat the configuration from investigation 2 on vm3 (swap vm2 and vm3 when issuing command so that you are configuring vm3, and using your vm2 server to test the connections).
  2. Once that is complete, send an email from root on vm2 to root on vm3, and then reply from vm3 to vm2.
  3. If both messages arrive, both MTAs are working. If not, use the troubleshooting tools and techniques you have already learned to diagnose and fix the problem.

Important.png
Backup your VMs!
You MUST perform a full backup of ALL of your VMs whenever you complete your OPS335 labs or when working on your OPS335 assignments. You should be using the dump or rsync command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.


Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book

COMPLETING THE LAB

Upon completion of this lab you should have postfix mail servers running on two machines, and starting automatically when they do. These servers must have sent email both ways between each other (from vm2 to vm3, and from vm3 to vm2), and to your seneca email (or other external mail server).

Online Submission

Follow the instructions for lab 4a on blackboard.

EXPLORATION QUESTIONS

  1. Briefly list the steps to install the MUA on your server for text-based messaging.
  2. Briefly list the steps to trouble-shoot your server if you could not send e-mail messages from your vm2 machine to an external e-mail server.
  3. Write the command to send an e-mail message from your vm2 to your Seneca College e-mail account.
  4. What are the commands to issue in the mail prompt to:
    • Read the first e-mail message displayed
    • Save the 4th e-mail message to the file pathname: ~/maildir/3.msg.txt
    • Delete the 3rd e-mail message displayed
    • Exit the mail command prompt and return to the shell
  5. What were the results of sending emails locally on your vm2 machine? Show log segments to verify your answers.
  6. What is the purpose of an MTA?
  7. What is the purpose of an MUA?
  8. Draw a simple diagram showing how an MUA and an MTA are used to send e-mail messages between different servers.
  9. List the steps to test a running postfix service using the nc application.