1,234
edits
Changes
→INVESTIGATION 1: INSTALL THUNDERBIRD (MUA) and SETUP A REFERENCE CLIENT
==LAB RESOURCESOVERVIEW=={{Admon/important|Warning|Your lab 4a must be complete before you can start this lab.}}
That setup has some major drawbacks::* [http://wiki.dovecot.org/MailServerOverview Here's It required an overview] SMTP server (common mail server terms'''MTA''')to be configured on each machine.:* [https://inside.senecacollege.ca/its/services/email/email_clients/imap.html Seneca Client Settings] The Message Store (Seneca Server settings for mail client '''MS''') would also be unique to each machine - Thunderbird) what a user received on one server would not exist on any other.
In this lab you will centralize some of this information, so that a user can send email from any machine in the network, and have incoming mail sent to a centralized messages store.
[[Image:Email-servers.png]]
=== Learning About the Services involved Involved in email delivery an Email Delivery ===
In reality, the terms '''MTA''', '''MDA''', '''MUA''', '''LDA''' can actually be considered misleading since some of those services can be combined together to form a single entity (application), while other applications may operate as separate entities. There may be overlap, so if you don't find those acronyms helpful, don't worry too much about them. On the other hand, when referred to in diagrams, they can help to visualize those processes when try trying to understand how an e-mail system works.
[http://wiki.dovecot.org/MailServerOverview Here's is an overview] of those terms (from the Dovecot wiki). It is worth viewing this link.
In the diagram displayed above, the elements include:
* A '''userUser Account'''. That's the person The individual who wants to send an emailor receive mail messages.* An '''MUA''' (email client). This is the application that the user individual uses to send an emailor receive mail messages. It can be a '''native application ''' or a '''web application'''. We'll set up You will learn how to setup and use both typesof these applications throughout the remainder of this course.* Two '''MTAsMTA'''servers. These are the servers responsible for getting your emails to the <u>destination</u> server.
** They are similar to routers (which route packets) but work on the <u>application</u> layer rather than the <u>network</u> layer.
** In our example, there are only two MTAs - but there can be several.
** You connect to your MTA over a <u>secure</u> connection, so your emails can't be read by the operators of the network you're connected to.
** The mail message then travels the rest of the way to the destination MTA <u>unencrypted</u>, so anyone with access to the routers in-between can read all your emails. That is why many organizations will refuse to send you confidential information over email.
* The '''LDA/MDA''' Server. This server will receive the email from the MTA, and will store it on disk in some format. '''MailDir''' and '''MBOX''' are the most popular mailbox formats.* '''IMAP/POP3''' server(s). When sending an email, you send it to the destination using your MTA, but you also want to save it in your '''"Sent"''' folder for yourself. This is accomplished by a separate connection to either your '''IMAP''' or '''POP3''' server.
** Thus, a situation can occur that although you sent your email successfully, it may never make it to your "Sent" folder - the <u>second</u> connection to your IMAP server is quite unrelated to the first connection to the '''SMTP''' server.
* Note that a '''DNS''' Server. A DNS server is also involved - it is needed to retrieve the address of the email server responsible for an email for a particular domain. This is done with the '''MX ''' records we looked at in the DNS labs. ===Online References=== * [https://help.ubuntu.com/community/Dovecot Dovecot Community Documentation]* [http://wiki.dovecot.org/LDA Dovecot-lda]* [http://wiki.dovecot.org/LDA/Postfix Configuring dovecot-lda with postfix] == INVESTIGATION 1: INSTALL THUNDERBIRD (MUA) and SETUP A REFERENCE CLIENT==
#Switch to your '''host''' machine, and install the '''Thunderbird''' email application.#When you see first launch the Thunderbird application, a configuration dialog box, configure it in a similar way (''using your own information'') should appear as shown in the diagram below:
<br>::[[Image:Seneca-student-thunderbird-email-setup.png|600px]]<br><ol><li value="3">Use the data in the table below to configure the Thunderbird settings dialog box for YOUR Seneca e-mail account:</li></ol>
{{Admon/important |Unencrypted Options|Notice that there are <u>unencrypted</u> options available to connect to your SMTP/IMAP servers but those are rarely used these days - the potential for abuse is too great. On a free wifi network, the operator would be able to not only read your email, but also obtain your password without any password/encryption cracking tools. In fact, even on a private wired network, it is not uncommon for an employer to use a packet sniffer utility to monitor all the traffic going over their network (Packet Sniffing applications were actually found to be legally acceptable practice if used by the management of organizations)}}<br><ol><li value="3">After you create your '''Thunderbird''' account, you should be able to read your existing email and send new email within the Thunderbird application.</li><li>Take time to view your ''Account Settings'' and ''Preferences'' to get a feel for what settings exist. For example:* <ul><li>How often will Thunderbird check for new messages?* </li><li>Will the messages you write be in HTML or plain text?* </li><li>How do you change your SMTP server settings? Why are they in a different section?</li></ul></li><li>The main objective of this section was to learn how to setup your Thunderbird application to read your Seneca email, so in the next section you can use the exact type of setup for your own email server.</li></ol>
== INVESTIGATION 12: SETUP MAIL TRANSFER AGENT (MTA) FOR SENDING (NO ENCRYPTION) A CENTRALIZED MESSAGE STORE ==
'''Perform the following steps:'''
#The Issue the '''mail''' command to view the email messages you sent between your '''vm2''' and '''postfixvm3''' application should be installed by defaultin your lab 4a. If it isn't, install Notice that each is addressed from root on whichever machine sent it.#Install also On both machines (vm2 and vm3), edit the '''netstat/etc/postfix/main.cf''' application (tip: use yum search file to find the package name) and also install change the '''telnetmyorigin''' parameter from '''$myhostname''' to '''$mydomain''' command.#Postfix will work with the default configuration, so start and enable this service, and verify that Restart the '''postfix ''' service is running.#Look for Now, send emails messages (via the running postfix service in the list '''mail''' command) between both of listening ports by issuing the following command:<br><source lang="bash">netstat -atnp</source>#Which service is postfix running? Locate the port used by SMTPyour vm2 and vm3 machines, and look for connctions with view the state LISTEN (imail messages by issuing '''mail''' in each vm.e The sender address should now read that the received mail messages came from '''root@yourdomain. currently listening)ops'''.#Write your observations in your lab logbook.
'''Perform the following steps:'''
# Connect from Move to your server vm2 machine.# Direct your '''vm2''' MTA to your server using telnet relay mail through vm3, by issuing making the following commandediting change for the '''/etc/postfix/main.cf''' file:<br><source lang>relayhost ="bash"vm3.<yourdomain>telnet localhost 25.ops</source># Note that it should indicated that you are connected by displaying Restart the the text:'''Escape character is postfix''' service.# Next, you must instruct your '''^]vm3''', which indicates that in order machine to allow your vm2 machine to end pass email through it by making the telnet session, you can hold control and press following editing change to the square bracket key'''/etc/postfix/main.cf''' file:<br><source>mynetworks = 192.168. Perform that key-combination to end the telnet sessionX.0/24</source>NOTE: Substitute in your '''own network''' for X<br><br>#Enter Restart the command '''exitpostfix''' to close the telnet applicationservice.
'''Perform the following steps:'''
# Launch Move to your '''vm3''' machine.#Dovecot is not installed when you installed your Virtual machines in editing session for previous labs.<br>Install the Dovecot application by issuing the postfix configuration file calledfollowing command: <br><source>yum install dovecot</source>#Edit your '''/etc/postfix/main.cf'''# Change the value of file and scroll down to (or search for) '''mailbox_command'''. Add the following parameter to what is displayed belowline: inet_interfaces <br><source>mailbox_command = all/usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"</source>
::NOTE: Do <u>'''not'''</u> replace any variables, those are set automatically by Postfix when it runs the LDA. If you are interested in learning more about the Dovecot application, you can read about dovecot-lda [http://wiki.dovecot.org/LDA/Postfix here] and [http://wiki.dovecot.org/LDA here].<br><ol><li value="34">We should also set the string that will end up in Finally, edit the '''From:''' header in messages sent by this server/etc/dovecot/conf.d/10-mail. Change conf'''mydomain''' to file and indicate where you want your domain name and '''myorigin''' to '''$mydomain'''.mail delivered by including the following line:<source>mail_location = maildir:~/Maildir</source></li><li>Restart the your postfix service and confirm (using netstat) that the service is now listening on .<u/li>all<li>While the emails are still stored only on VM3, they will now be easier for other machines/u> interfaces (not just loopback)services to access.</li><li>Test by connecting Due to permissions on the directories where mail will now be stored, root will no longer receive mail. Check the logs for an indication as to it (using telnet) from your '''host''' machinewhy.</li></ol>
'''Record Perform the following steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book:'''
#The configuration file for the Dovecot service (which is not the same thing as dovecot-lda) is: '''/etc/dovecot/dovecot.conf'''. Modify the '''protocols''' option so that Dovecot will work with IMAP connections, no POP3 or LMTP.
# Start the dovecot service, and ensure it will always start automatically when the machine boots.
# Use the '''ss''' command to confirm the service is listening, and use '''nc''' on the '''host''' to confirm you can connect to it.
# You'll probably fail, so using the information gathered from '''ss''', modify the firewall on vm3 to allow IMAP connections from your local network and try '''nc''' again. Once it works, do not forget to save this change so it will still be there the next time you reboot.
#If you can connect - it's now time to do something wrong, that is allow connections to our IMAP server over an unencrypted connection.
# Edit the '''/etc/dovecot/conf.d/10-auth.conf''' file and set '''disable_plaintext_auth''' to '''no'''.
# Then edit the '''/etc/dovecot/conf.d/10-ssl.conf''' file and set '''ssl''' to '''yes'''.<br><br>'''Note:''' This combination of parameters will allow your username and password to be sent over the internet in plain text, for anyone interested to look at. In a later lab we'll set up secure SMTP and IMAP connections, for now this is all we have time for.<br><br>
# Restart dovecot so the changes take effect.
==INVESTIGATION 2: SETUP THUNDERBIRD MAIL USER AGENT (MUA) FOR YOUR VIRTUAL NETWORK (vm2, vm3) = Connecting to IMAP Servers Using Thunderbird===
[[Image:ops335-email-step1.png|600px]]
#Use the '''ss''' and '''nc''' commands (like you did in lab 4a) to confirm your service is listening on the correct ports/interfaces. You will probably have to open the appropriate firewall port on '''vm3''' to allow incoming '''SMTP''' connections.<br><br>'''Note:''' You should be able to send email to any regular user <u>on</u> '''vm3''' using the email address '''yourusername@yoursenecaid.ops''' using the Thunderbird application on your host machine (which is configured to use the account on your vm2).<br><br>
<ol><li value="2">Create a new account on your '''vm3''' machine using only your <u>first</u> name. We will use this account as a one-time "test" if the mail message has been received on your VM3 machine (from your VM2 machine).<br><br>'''Note:''' It is <u>'''important'''</u> that you '''<u>don't</u>'''Record stepscreate this same account name on your vm2 machine, since you want to easily identify the difference between the sending and receiving SMTP servers.<br /><br /></li></ol> <ol><li value="3">Use the new account in Thunderbird to send an email to '''firstname@yoursenecaid.ops''' and then check the contents of '''/home/firstname/Maildir/new/''' on your '''vm3''' machine. There should be a file there with the contents of your email.</li><li>If there is no file, commandsthen check the log file '''/var/log/maillog''' to see what went wrong.</li><li>If you can see a file in the '''/home/firstname/Maildir/new/''' directory, then review the procedures on how you got the email server working (since you have performed many steps and set up many services).</li><li>Refer to the diagram at the top of this lab. Which services have you currently set up? Record your observations findings in your lab Logbook.</li></ol> {{Admon/important |Encountering error messages when sending email|If you cannot properly receive sent e-mail messages, check the '''/var/log/syslog''' file for errors.<br><br> If you locate an error message in INVESTIGATION 2 that file such as: '''Fatal: Error reading configuration: Invalid settings...''', then add the following <u>parameter</u> in '''/etc/dovecot/dovecot.conf''':<br />'''postmaster_address <nowiki>=</nowiki> DOMAIN''' (where DOMAIN is actually <u>your</u> domain).<br /><br />After you have saved those changes, then '''restart''' your dovecot service. This problem can also be resolved by properly setting the hostname of your machine to include the domain.}} {{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 lab log-booklabs''' or when working on your '''OPS335 assignments'''. You should be using the dump or rsync command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}
'''Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book'''
== COMPLETING THE LAB ==
You'''Arrange evidence (command output) for each ll get the same grade regardless of these items on how you choose to submit your screen, then ask your instructor to review them and sign off on the lab's completion:'''work.
::<span style="color:green;font-size:1.5em;">✓</span>Status and configuration of your Postfix service on vm2.
::<span style="color:green;font-size:1.5em;">✓</span>Your Thunderbird configuration.
::<span style="color:green;font-size:1.5em;">✓</span>The email you sent to your myseneca account.
::<span style="color:green;font-size:1.5em;">✓</span>Download and run '''wget https://ict.senecacollege.ca/~andrew.smith/ops335/labcheck4b.bash''' on your '''c7host''' machine. ::<span style="color:green;font-size:1.5em;">✓</span>Completed Lab4b log-book notes.-->
==EXPLORATION QUESTIONS==
#What is the purpose of the Thunderbird application?# List the steps to configure your DNS to allow your Thunderbird application to connect to your mail server.# What is the purpose of the '''Dovecot''' package?# What is the purpose of the '''mydestination''' parameter contained in the '''/etc/postfix/main.cf''' file?# Why are '''IMAP''' and '''POP''' email servers placed on separate machines (vms)?# What is the purpose of the '''mail_location''' parameter contained in the '''/etc/dovecot/conf.d/10-mail.conf''' file?# Why is root not able to receive mail with the changed mail location? What could you change to allow mail to be sent to root again?