Open main menu

CDOT Wiki β

Changes

OPS335 Lab 4b

3,758 bytes added, 23:11, 20 June 2016
Merging 4C into 4B.
= Email Servers =[[Category:OPS335]][[Category:OPS335 Labs]]
You may not be aware of it as an user== OVERVIEW &amp; PREPARATION==Last week, but email is we configured and ran the '''Postfix''' application (MTA a very <u>complex</u> system to administer. In fact, the more modern e-mail systems (egk.a. web-based mail applications, etcSMTP server) are more technically involved than the other archaicon our '''vm2''' and '''vm3''' machines. This setup had a drawback, hard-in that it required an SMTP server to-configure, and sometimes inter-operable mail systemsbe configured on each machineWe are going The Message Store ('''MS''') would also be unique to spread the remaining email labs over each machine: what a few weeksuser received on one server would not exist on any other. In this lab we will centralize some of this information, so that by the end of this topic, you will have a sufficient understanding of what services are involved user can send email from any machine in sending, filteringthe network, and reading email. You will also have the skills always be able to configure a basic access '''all''' of their mail setup using the default services provided for your Centos7 Linux distribution==LAB RESOURCES== Online References:
* [https://prezi.com/dzrouvfsbsps/mail-servers-basic-terms/ Email Servers: Basic Terms] '''The a diagram below (online slide notesduplicate to lab 4a)* [httpshows your basic setup of your email system://wiki.dovecot.org/MailServerOverview Here's an overview] (common mail server terms)* [https://inside.senecacollege.ca/its/services/email/email_clients/imap.html Seneca Client Settings] (Seneca Server settings for mail client - Thunderbird)''
 
== OVERVIEW &amp; PREPARATION==
 
This is a simple (yeah, really!) diagram of how you can send an email to someone else:
[[Image:Email-servers.png]]
[[Category:OPS335]][[Category:OPS335 Labs]]We will begin by modifying the existing '''Postfix''' servers to make mail they send come from your domain, instead of each machine. Then we will add a record to your DNS server to allow mail to be sent to the domain itself, instead of the machines. Next we will add a Local Delivery Agent ('''LDA''') to your '''vm3''' by installing '''dovecot-lda''', configure it, and test it to make sure that is is working correctly.
In fact, the above diagram does not include reading mail messages, but this acts as a starting point in order to run a basic email server. Although will be learning to administer the mail services in the diagram aboveFinally, we will not required you to go into tremendous depth set up an '''IMAP''' server (just the minimum requirementsDovecot). For exampleon VM3, so you can read your email from an MUA such as ''Thunderbird'' or a ''Webmail'' (we will not go over every aspect of the Postfix MTA service, but you should know what it represents and what is its main purpose, as opposed to the following: [https://en.wikipedia.org/wiki/Postfix_%28software%29#Architecture complex diagram 1] , [https://www.credativ.de/blog/postfix-architecture-overview complex diagram 2]set up a webmail application in a later lab).
=== Services involved in email delivery ===
* When sending an email, you send it to the destination using your MTA, but you also want to save it in your '''"Sent"''' folder for yourself. This is accomplished by a separate connection to your '''IMAP''' or '''POP3''' server.
** Thus, a situation can occur that although you sent your email successfully, it may never make it to your "Sent" folder - the <u>second</u> connection to your IMAP server is quite unrelated to the first connection to the '''SMTP''' server.
* Note that a DNS server is also involved - it is needed to retrieve the address of the email server responsible for email for a particular domain. This is done with the MX records we looked at in the DNS labs.  ===Online References=== * [https://inside.senecacollege.ca/its/services/email/email_clients/imap.html Seneca Client Settings] (Seneca Server settings for mail client - Thunderbird)* [https://help.ubuntu.com/community/Dovecot Dovecot Community Documentation]* [https://www.debian-administration.org/article/275/Setting_up_an_IMAP_server_with_dovecot Setting up an IMAP Server with Dovecot] 
=== Install Thunderbird Application and Setup a Reference Client ===
<ol><li value="3">After you create your '''Thunderbird''' account, you should be able to read your existing email and send new email within the Thunderbird application.</li><li>Take time to view your ''Account Settings'' and ''Preferences'' to get a feel for what settings exist. For example:<ul><li>How often will Thunderbird check for new messages?</li><li>Will the messages you write be in HTML or plain text?</li><li>How do you change your SMTP server settings? Why are they in a different section?</li></ul></li></ol>
The main objective of this section was to learn how to setup your Thunderbird application to read your Seneca email, so in the next section you can use the exact type of setup for your own email server.
 
== INVESTIGATION 1: SETTING UP MTA FOR RECEIVING EMAIL ==
The main objective === Specifying Which Domains are Used to Send Mail Messages=== As of last lab, both of this section was to learn how to setup your Thunderbird application email servers are sending mail addressed from users of the machines themselves. This would be confusing for the receiver who might get emails from the same user @vm1, vm2, and vm3. Which would they respond to read your Seneca email? To avoid this, so in we can make all servers make the sent mail appear to come from a common location (usually the domain). Look at the next section email messages you can use the exact type of setup for sent between your own email servervm2 and vm3 in lab 4a. Notice that each is addressed from root on whichever machine sent it.
== INVESTIGATION 1: SETUP MAIL TRANSFER AGENT (MTA) FOR SENDING (NO ENCRYPTION) ==On both machines, edit /etc/postfix/main.cf and change the '''myorigin''' parameter from '''$myhostname''' to '''$mydomain'''. Restart postfix and send emails between the machines again. The sender address should now read root@yourdomain.org.
We be using the '''Postfix''' application as the '''MTA''', and we will be setting it up on your '''vm2''' machine. This will act as === Specifying Which Domains are Used to Deliver the "sendingReceived" email server for your internal network. You will be able to send email out of your network, and receive email from within your network, but you will '''<u>not</u>''' receive email from outside of your network due to the following reasons:* Individuals outside of your domain will never find the MX records because there are no '''.org''' servers pointing to your DNS server (i.e. you haven't paid for it).* Even if the individuals could read your MX records, your local network is using IP addresses on a '''private subnet''', which is not routeable on the Internet, so it cannot be reached from outside of your system.Mail Messages===
=== Verify The next step is to configure what addrssess the Postfix Service Status ===server will receive email for. This is done using postfix by setting the '''mydestination''' parameter (configuration variable) to include '''$mydomain''' (this is assuming you've set up '''mydomain''', '''myorigin''' , and '''inet_interfaces''' properly).
'''Perform the following stepson both vm2 and vm3:'''
#The Edit the '''/etc/postfix/main.cf''' application should be installed by default. If it isn't, install itfile.#Install also Scroll down to the '''netstat''' application (tipline containing: use yum search to find the package name) and also install the '''telnetmydestination''' command.#Postfix will work with the default configuration, so start and enable this service, and verify that the postfix service is running.#Look for change line to the running postfix service in the list of listening ports by issuing the following commandtext shown below:<br><source lang="bash">netstat -atnp</source>#Which service is postfix running? Locate the port used by SMTP, and look for connctions with the state LISTEN (i.e. currently listening).#Write your observations in your lab logbook.
<pre>mydestination === Testing the connection to the Postfix Service ===$mydomain, $myhostname, localhost.$mydomain, localhost</pre>
We :'''Note:''' Even though your machine's name is ''vm2.yoursenecaid.org'', your postfix MTA will be demonstrating the use of the telnet application also receive emails addressed to test that the postfix service is runningdomain called: yoursenecaid.org
'''Perform In order for this to work, we need to add a DNS record that will point mail sent to the following steps:'''domain towards one of the SMTP servers configured to accept it.
# Connect from your server Add an MX record to your server using telnet by issuing the following command:<br><source lang="bash">telnet localhost 25</source># Note forward lookup zone on vm1 so that it should indicated that you are connected by displaying the all incoming mail addressed to the text:'''Escape character domain is '^]''', which indicates that in order sent to end your vm3. Restart the telnet session, you can hold control service and press the square bracket key (and then Enter). Perform use dig to confirm that key-combination to end the telnet session.#Enter the command '''exit''' to close the telnet applicationit works.
::'''NOTE:''' If Send an email from your vm2 to root@yourdomain.org. Confirm that it worked, this indicates that the postfix service is running and listening and responding to connectionsarrives on vm3.
<ol><li value="4">Let's see if it works from other machines. Telnet All mail is now being delivered to vm2 from the host a centralized location (connect and also appears to the SMTP portbe coming from that same location) and see if it works. If your firewall is set up properly, the telnet command should not permit but a connection.</li><li>Create an iptables rule user would still have to allow incoming connections access that server to your SMTP server.</li><li>Once you open the port in the firewall, retry the '''telnet''' command. You should get a different error this time. This time the problem is that your service isn't listening on the outside interface, retrieve it's currently configured to listen only on the loopback (lo) interface.</li></ol>
=== Listening on all interfaces Installing and Configuring the Local Delivery Agent (LDA) ===
Our first editing change to the Postfix configuration will be to make is capable of performing the service "listen" function of an LDA, but its LDA capabilities are limited, thus postfix is generally not used for incoming connections on that purpose. Currently, the external interface (i.e most popular LDA is ''LMTP'', but we will be installing, configuring, and using an LDA called '''Dovecot''' since it is also popular and we will later be setting up Dovecot as an '''eth0IMAP''' from server. Using both Postfix and Dovecot will actually increase the VMs point performance of view)our IMAP server.
'''Perform the following steps:'''
# Launch Dovecot is not installed when you installed your Virtual machines in editing session for previous labs.#Install the Dovecot application by issuing the postfix configuration file calledfollowing command: '''<br>yum install dovecot#Edit your /etc/postfix/main.cffile and scroll down to (or search for) '''# Change the value of mailbox_command'''. Add the following parameter to what is displayed belowline: inet_interfaces = all
<olpre><li valuemailbox_command ="3">We should also set the string that will end up in the '''From:''' header in messages sent by this server. Change '''mydomain''' to your domain name and '''myorigin''' to '''$mydomain'''.</li><li>Restart the postfix service and confirm (using netstat) that the service is now listening on <u>all<usr/u> interfaces (not just loopback)<libexec/li><li>Test by connecting to it (using telnet) from your '''host''' machine.<dovecot/li>dovecot-lda -f "$SENDER" -a "$RECIPIENT"</olpre>
=== DNS Server used :NOTE: Do <u>'''not'''</u> replace any variables, those are set automatically by Postfix when it runs the host ===LDA. If you are interested in learning more about the Dovecot application, you can read about dovecot-lda [http://wiki.dovecot.org/LDA/Postfix here] and [http://wiki.dovecot.org/LDA here] (i.e. optional reading for interest only).
So far<ol><li value="4">Finally, you are not using vm1 as edit the DNS server for your '''host''' machine/etc/dovecot/conf. We will need to change the DNS configuration in order for the email server to operate correctlyd/10-mail. Normally you donconf't need an entire DNS server for running an email server, you can simply add an '''MX''' record in file and indicated where you want your registrar's web interface, but we haven't paid for our domains; therefore, we don't have a registrar with a web interface.mail delivered by including the following line</li></ol>
'''Perform the following steps<pre>mail_location = maildir:'''~/Maildir</pre>
#Modify <ol><li value="5">Restart your '''postfix service.</etcli></resolv.conf''' on your '''host''' machine to use your '''vm1''' machine as the name server. This will not be a permanent change, since it will only be required for our email labs.# We will have to remember to do this every time you reboot your host.ol>
If your regular (internet) DNS lookups slow down significantly, you can update While the DNS server configuration emails are still stored only on '''vm1''' VM3, they will now be easier for other machines/services to forward requests to the Google nameserver (8access.8.8.8) instead of your host machine. '''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''
==INVESTIGATION 2: SETUP THUNDERBIRD MAIL USER AGENT (MUA) FOR YOUR VIRTUAL NETWORK (vm2, vm3) ==
 
Although We are far from having a working email server, at this point we still have configured enough to be able to test the running mail service (postfix) with the '''Thunderbird''' application.
This process is a little challenging, since Thunderbird tries really hard to prevent you from connecting to a server that doesn't work (and ours mostly doesn't work at this point).
'''Perform the following steps:'''
<ol><li value="3"> Use the "Advanced config" button to bypass that check.</li><li>Use the Thunderbird application to send an email to your myseneca address. If you've done everything right, it will send the message successfully, but it will fail to save it in the Sent folder since that's done with IMAP and you don't have an IMAP server yet.</li><li>Verify that your message has been sent. Check your myseneca email and look at '''/var/log/maillog''' on vm2 (your email server).</li></ol>
=== Sending a Mail Message from VM2 (Using Thunderbird)===
 
{{Admon/important |Sent messages will not be saved to the sent folder|During this step the messages you send will not be saved to the sent folder and Thunderbird will permanently hang with a message that it is saving the message. It will never succeed, as we have not yet configured the imap server to accept the connection necessary for that to work.}}
 
'''Perform the following steps:'''
 
#Use the '''ss''' and '''nc''' commands (like you did in lab 4b) to confirm your service is listening on the correct ports/interfaces. You will probably have to open the appropriate firewall port on '''vm3''' to allow incoming '''SMTP''' connections.<br><br>'''Note:''' You should be able to send email to any regular user <u>on</u> '''vm3''' using the email address '''yourusername@yoursenecaid.org''' using the Thunderbird application on your host machine (which is configured to use the account on your vm2).<br><br>
 
<ol><li value="2">Create a new account on your '''vm3''' machine using only your <u>first</u> name. We will use this account as a one-time "test" if the mail message has been received on your VM3 machine (from your VM2 machine).<br><br>'''Note:''' It is <u>'''important'''</u> that you '''<u>don't</u>''' create this same account name on your vm2 machine, since you want to easily identify the difference between the sending and receiving SMTP servers.<br><br></li></ol>
 
<ol><li value="3">We still haven't set up IMAP (for reading email) but we can test that the message is being delivered. Use the new account in Thunderbird to send an email to '''firstname@yoursenecaid.org''' and then check the contents of '''/home/firstname/Maildir/new/''' on your '''vm3''' machine. There should be a file there with the contents of your email.</li><li>If there is no file, then check the log file '''/var/log/maillog''' to see what went wrong.</li><li>If you can see a file in the '''/home/firstname/Maildir/new/''' directory, then review the procedures on how you got the email server working (since you have performed many steps and set up many services).</li><li>Refer to the diagram at the top of this lab. Which services have you currently set up? Record your findings in your lab Logbook.</li></ol>
 
{{Admon/important |Encountering error messages when sending email|If you cannot properly receive sent e-mail messages, check the '''/var/log/syslog''' file for errors.<br><br> If you locate an error message in that file such as: '''Fatal: Error reading configuration: Invalid settings...''', then add the following <u>parameter</u> in '''/etc/dovecot/dovecot.conf''':<br>'''postmaster_address at DOMAIN''' (where DOMAIN is actually <u>your</u> domain).<br><br>After you have saved those changes, then '''restart''' your dovecot service.}}
 
=== Viewing Received Mail Message on VM3 VIA IMAP (Using Thunderbird) ===
 
Finally, we will set up the IMAP server so we can read email. The current way we have configured our mail server on our VM3 machine should allow all the email for anyaccount@yoursenecaid.org should be delivered to our '''vm3''' machine. We will set up Dovecot (with IMAP, IMAPS in the next lab) to get easy access to that email.
 
'''Perform the following steps:'''
 
#The configuration file for the Dovecot service (which is not the same thing as dovecot-lda) is: '''/etc/dovecot/dovecot.conf'''. Modify the '''protocols''' option so that Dovecot will work with IMAP connections, no POP3 or LMTP.
# Start the dovecot service, and ensure it will always start automatically when the machine boots.
# Use the '''ss''' command to confirm the service is listening, and use nc on the host to confirm you can connect to it.
#If you can connect - it's now time to do something wrong, that is connect to our IMAP server using Thunderbird over an unencrypted connection.
# Edit the '''/etc/dovecot/conf.d/10-auth.conf''' file and set '''disable_plaintext_auth''' to '''no'''.
# Then edit the '''/etc/dovecot/conf.d/10-ssl.conf''' file and set '''ssl''' to '''yes'''.<br><br>'''Note:''' This combination of parameters will allow your username and password to be sent over the internet in plain text, for anyone interested to look at. In the following lab we'll set up secure SMTP and IMAP connections, for now this is all we have time for.<br><br>
# Restart dovecot so the changes take effect.
#Try to connect to your IMAP server with Thunderbird by clicking on your '''Inbox'''.
#If nothing happens, then check the Thunderbird Activity Manager for any errors. If the connection is successful, you should see the '''Trash''' box <u>appear</u> below Inbox.
# Finally, send an email message from '''yoursenecaid@yoursenecaid.org''' to '''yoursenecaid@yoursenecaid.org''' using the Thunderbird application. The mail message should be sent without errors, and you should notice a '''Sent''' folder appear in the list. If all worked well, you should see your message arrive in the '''Inbox''' and you know that your configuration works correctly.
'''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''
== COMPLETING THE LAB ==
'''Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below'''
 
===Online Submission===
Follow the instructions for lab 4b on moodle.
 
===In Class Submission===
Students should be prepared with '''all required commands (system information) displayed in a terminal (or multiple terminals) prior to calling the instructor for signoff'''.
==EXPLORATION QUESTIONS==
# What is the purpose of an MTA?
# What is the purpose of an MUA?
# Draw a simple diagram showing how an MUA and an MTA are used to send e-mail messages between different servers.
# List the steps to test a running postfix service using the telnet application.
# What is the purpose of the Thunderbird application?
# List the steps to configure your DNS to temporarily allow your Thunderbird application to connect to your mail server.# What is the purpose of the '''Dovecot''' package?# What is the purpose of the '''mydestination''' parameter contained in the '''/etc/postfix/main.cf''' file?# Why are '''IMAP''' and '''POP''' email servers placed on separate machines (vms)?# What is the purpose of the '''mail_location''' parameter contained in the '''/etc/dovecot/conf.d/10-mail.conf''' file?
932
edits