1,234
edits
Changes
→INVESTIGATION 1: INSTALL THUNDERBIRD (MUA) and SETUP A REFERENCE CLIENT
[[Category:OPS335]][[Category:OPS335 Labs]]
== OVERVIEW & PREPARATION==Last week{{Admon/important|Warning|Your lab 4a must be complete before you can start this lab.}} In Lab 4a, we you configured and ran the '''Postfix''' application for our MTA (MTA a.k.a. SMTP server) on our your '''vm2''' and '''vm3''' machines. This That setup had a drawback, in that it has some major drawbacks::* It required an SMTP server ('''MTA''') to be configured on each machine. :* The Message Store ('''MS''') would also be unique to each machine: - what a user received on one server would not exist on any other. In this lab we you will centralize some of this information, so that a user can send email from any machine in the network, and have incoming mail sent to a centralized messages store.
'''The a diagram below (duplicate to lab 4a) shows your basic setup of your email system:'''
[[Image:Email-servers.png]]
Finally, we you will set up an '''IMAP''' server (called '''Dovecot) ''' on VM3your '''vm3''' machine, so you can read your email from an MUA such as ''Thunderbird'' or a ''Webmail'' (we application. You will set up a webmail application called '''Roundcube''' in a later lab).
=== Learning About the Services involved Involved in email delivery an Email Delivery ===
In reality, the terms '''MTA''', '''MDA''', '''MUA''', '''LDA''' can actually be considered misleading since some of those services can be combined together to form a single entity (application), while other applications may operate as separate entities. There may be overlap, so if you don't find those acronyms helpful, don't worry too much about them. On the other hand, when referred to in diagrams, they can help to visualize those processes when trying to understand how an e-mail system works.
[http://wiki.dovecot.org/MailServerOverview Here's is an overview] of those terms (from the Dovecot wiki). It is worth viewing this link.
In the diagram displayed above, the elements include:
* A '''userUser Account'''. That's the person The individual who wants to send an emailor receive mail messages.* An '''MUA''' (email client). This is the application that the user individual uses to send an emailor receive mail messages. It can be a '''native application ''' or a '''web application'''. We'll set up You will learn how to setup and use both typesof these applications throughout the remainder of this course.* Two '''MTAsMTA'''servers. These are the servers responsible for getting your emails to the <u>destination</u> server.
** They are similar to routers (which route packets) but work on the <u>application</u> layer rather than the <u>network</u> layer.
** In our example, there are only two MTAs - but there can be several.
** You connect to your MTA over a <u>secure</u> connection, so your emails can't be read by the operators of the network you're connected to.
** The mail message then travels the rest of the way to the destination MTA <u>unencrypted</u>, so anyone with access to the routers in-between can read all your emails. That is why many organizations will refuse to send you confidential information over email.
* The '''LDA/MDA''' Server. This server will receive the email from the MTA, and will store it on disk in some format. '''MailDir''' and '''MBOX''' are the most popular mailbox formats.* '''IMAP/POP3''' server(s). When sending an email, you send it to the destination using your MTA, but you also want to save it in your '''"Sent"''' folder for yourself. This is accomplished by a separate connection to either your '''IMAP''' or '''POP3''' server.
** Thus, a situation can occur that although you sent your email successfully, it may never make it to your "Sent" folder - the <u>second</u> connection to your IMAP server is quite unrelated to the first connection to the '''SMTP''' server.
* Note that a '''DNS''' Server. A DNS server is also involved - it is needed to retrieve the address of the email server responsible for email for a particular domain. This is done with '''MX ''' records.
===Online References===
* [https://help.ubuntu.com/community/Dovecot Dovecot Community Documentation]
* [http://wiki.dovecot.org/LDA Dovecot-lda]
* [http://wiki.dovecot.org/LDA/Postfix Configuring dovecot-lda with postfix]
== INVESTIGATION 1: INSTALL THUNDERBIRD (MUA) and SETUP A REFERENCE CLIENT==
'''Perform the following steps:'''
#Switch to your '''host''' machine, and install the '''Thunderbird''' email application.
#When you see first launch the Thunderbird application, a configuration dialog box, configure it in a similar way (''using your own information'') should appear as shown in the diagram below:
<br>::[[Image:Seneca-student-thunderbird-email-setup.png|600px]]<br><ol><li value="3">Use the data in the table below to configure the Thunderbird settings dialog box for YOUR Seneca e-mail account:</li></ol>
{| class="wikitable" border="1" style="margin-left:40px;"! Setting !! '''Incoming: IMAP''' !! '''Outgoing:Notice that there are <u>unencrypted</u> options available to connect to your SMTP'''|-| '''Username'''|| yoursenecauserid@myseneca.ca || yoursenecauserid@myseneca.ca|-| '''servername''' || outlook.office365.com || outlook.office365.com|-| '''port''' || 993 || 587|-| '''security''' || SSL/IMAP servers but those are rarely used these days TLS || STARTTLS|- the potential for abuse is too great| '''References''' | colspan="2" | [1] [https://employees.senecacollege. On a free wifi network, the operator would be able to not only read your email, but also obtain your password without any passwordca/spaces/77/encryption cracking tools. In fact, even on a private wired network, it is not uncommon for an employer to use a packet sniffer utility to monitor all the traffic going over their network (Packet Sniffing applications were actually found to be legally acceptable practices if used by the management of organizations).-services/wiki/view/2394/other-email-clients ITS - Configuring other Email Clients]|}
::The specific security settings depend on how Note that your servers were configuredusername is your full email address(<em>yourid@myseneca.ca</em>) and not just <em>yourid</em>. '''The settings for the seneca servers are displayed below:
== INVESTIGATION 2::::<strong>SMTP</strong>::::servername: pod51038.outlook.com::::port: 587::::security: STARTTLSSETUP A CENTRALIZED MESSAGE STORE ==
#Edit Issue the '''mail''' command to view the email messages you sent between your '''vm2''' and '''vm3''' in your lab 4a. Notice that each is addressed from root on whichever machine sent it.# On both machines (vm2 and vm3), edit the '''/etc/postfix/main.cf''' fileto change the '''myorigin''' parameter from '''$myhostname''' to '''$mydomain'''. Restart the '''postfix''' service.#Scroll down to Now, send emails messages (via the line containing: '''mydestinationmail''' command) between both of your vm2 and change line to vm3 machines, and view the mail messages by issuing '''mail''' in each vm. The sender address should now read that the text shown below:received mail messages came from '''root@yourdomain.ops'''.
::The next step is to configure what addresses that the server will receive email for. This is done using postfix by setting the '''Note:mydestination''' parameter (configuration variable) to include '''$mydomain'' Even though your machine's name (this is assuming you've set up '''mydomain''', '''myorigin'vm3.yoursenecaid.org'', your postfix MTA will also receive emails addressed to the domain called: yoursenecaidand '''inet_interfaces''' properly).org
<ol><li value="5">Add an '''MX''' record to the forward lookup zone on '''host''' so that all incoming mail addressed to the domain is sent to your vm3.</li><li>Restart the service and use the '''dig''' command to confirm that it works.</li><li>Send an email from your '''vm2 ''' to '''root@yourdomain.org. ops'''</li><li>Confirm that it arrives on your '''vm3.''' machine</li></ol>
=== Relaying Relay Email Through Another Server===
When email is sent from either vm, it is addressed from the domain, but receiving MTAs might query why mail sent from vm2 doesn't match the address of the MX record for the domain. This would be a red-flag for potential spam. To avoid this, we can relay all mail sent from vm2 (or any other machine in our network) through vm3 so that it properly appears to come from the mail server that matches the MX record for the domain.
# Move to your vm2 machine.# Direct your '''vm2''' MTA to relay mail through vm3, by making the following editing change for the '''/etc/postfix/main.cf''' file:<prebr><source>relayhost = vm3.<yourdomain>.orgops</presource> *Remember to restart # Restart the '''postfix once you have done so''' service.*# Next, we you must tell instruct your '''vm3 ''' machine to allow your vm2 machine to pass email through itby making the following editing change to the '''/etc/postfix/main.cf''' file:<prebr><source>mynetworks = 192.168.X.0/24</presource>*NOTE: Substitute in your '''own network ''' for X, and remember to restart <br><br># Restart the '''postfix''' service.
All mail is now being delivered to a centralized location (and also appears to be coming from that same location), but a user would still have to access that server to retrieve it.
=== Installing Install and Configuring Configure the Local Delivery Agent (LDA/MDA) ===
Postfix is capable of performing the function of an LDA, but its LDA capabilities are limited, thus postfix is generally not used for that purpose. Currently, the most popular LDA is ''LMTP'', but we will be installing, configuring, and using an LDA called '''Dovecot''' since it is also popular and we will later be setting up Dovecot as an '''IMAP''' serverlater in this lab. Using both Postfix and Dovecot will actually increase the performance of our IMAP server.
'''Perform the following steps on vm3:'''
#Move to your '''vm3''' machine.#Dovecot is not installed when you installed your Virtual machines in previous labs.#<br>Install the Dovecot application by issuing the following command:<br><source>yum install dovecot</source>#Edit your '''/etc/postfix/main.cf ''' file and scroll down to (or search for) '''mailbox_command'''. Add the following line:<br><source>mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"</source>
::NOTE: Do <preu>mailbox_command = '''not'''</usru> replace any variables, those are set automatically by Postfix when it runs the LDA. If you are interested in learning more about the Dovecot application, you can read about dovecot-lda [http:/libexec/wiki.dovecot.org/LDA/Postfix here] and [http://wiki.dovecot-lda -f .org/LDA here].<br><ol><li value="$SENDER4" >Finally, edit the '''/etc/dovecot/conf.d/10-a "$RECIPIENT"mail.conf''' file and indicate where you want your mail delivered by including the following line:<source>mail_location = maildir:~/Maildir</source></li><li>Restart your postfix service.</li><li>While the emails are still stored only on VM3, they will now be easier for other machines/services to access.</li><li>Due to permissions on the directories where mail will now be stored, root will no longer receive mail. Check the logs for an indication as to why.</li></preol>
'''Perform the following steps:'''
#On your '''host ''' machine, return to the Mail Account Setup dialog box (eg. near top of lab).# Set up the a '''new email account'''. You will be using account settings to connect to your '''vm2''' for '''SMTP''' and '''vm3''' for '''IMAP'''. Use <u>no</u> encryption, and use normal password authentication for IMAP (we don't have an IMAP server running yet, but that's ok). Refer to the diagram below for reference:
[[Image:ops335-email-step1.png|600px]]
=== Sending a Mail Message from VM2 (Using Thunderbird)===
'''Perform the following steps:'''
#Use the '''ss''' and '''nc''' commands (like you did in lab 4a) to confirm your service is listening on the correct ports/interfaces. You will probably have to open the appropriate firewall port on '''vm3''' to allow incoming '''SMTP''' connections.<br><br>'''Note:''' You should be able to send email to any regular user <u>on</u> '''vm3''' using the email address '''yourusername@yoursenecaid.orgops''' using the Thunderbird application on your host machine (which is configured to use the account on your vm2).<br><br> <ol><li value="2">Create a new account on your '''vm3''' machine using only your <u>first</u> name. We will use this account as a one-time "test" if the mail message has been received on your VM3 machine (from your VM2 machine).<br><br>'''Note:''' It is <u>'''important'''</u> that you '''<u>don't</u>''' create this same account name on your vm2 machine, since you want to easily identify the difference between the sending and receiving SMTP servers.<br><br></li></ol>
<ol><li value="32">We still haven't set up IMAP (for reading email) but we can test that the message is being delivered. Use the Create a new account in Thunderbird to send an email to '''firstname@yoursenecaid.org''' and then check the contents of '''/home/firstname/Maildir/new/''' on your '''vm3''' machineusing only your <u>first</u> name. There should be We will use this account as a file there with one-time "test" if the contents of mail message has been received on your VM3 machine (from your emailVM2 machine).</libr><libr>If there '''Note:''' It is no file, then check the log file <u>'''/var/log/maillogimportant''' to see what went wrong.</liu><li>If that you can see a file in the '''<u>don't</home/firstname/Maildir/new/u>''' directorycreate this same account name on your vm2 machine, then review since you want to easily identify the procedures on how you got difference between the email server working (since you have performed many steps sending and set up many services)receiving SMTP servers.<br /li><libr />Refer to the diagram at the top of this lab. Which services have you currently set up? Record your findings in your lab Logbook.</li></ol>
{{Admon/important |Encountering error messages when sending email|If you cannot properly receive sent e-mail messages, check the '''/var/log/syslog''' file for errors.<br><br> If you locate an error message in that file such as: '''Fatal: Error reading configuration: Invalid settings...''', then add the following <u>parameter</u> in '''/etc/dovecot/dovecot.conf''':<br />'''postmaster_address <nowiki>=== Viewing Received Mail Message on VM3 VIA IMAP </nowiki> DOMAIN''' (Using Thunderbirdwhere DOMAIN is actually <u>your</u> domain) ===.<br /><br />After you have saved those changes, then '''restart''' your dovecot service. This problem can also be resolved by properly setting the hostname of your machine to include the domain.}}
== COMPLETING THE LAB ==
===Online Submission===
Follow the instructions for lab 4b on moodleblackboard.<!--===Andrew's sections===
You'''Arrange evidence (command output) for each ll get the same grade regardless of these items on how you choose to submit your screen, then ask your instructor to review them and sign off on the lab's completion:'''work.
::<span style="color:green;font-size:1.5em;">✓</span>Status and configuration of your Postfix service on vm2.
::<span style="color:green;font-size:1.5em;">✓</span>Your Thunderbird configuration.
::<span style="color:green;font-size:1.5em;">✓</span>The email you sent to your myseneca account.
::<span style="color:green;font-size:1.5em;">✓</span>Download the labcheck4b.bash checking bash shell script by issuing the command:<br><br>and run '''wget httphttps://matrixict.senecac.onsenecacollege.ca/~peterandrew.callaghan/filessmith/OPS335ops335/labcheck4b.bash'''<br><br>set execute permission and run the shell script on your '''c7host''' machine. ::*For '''Peter's classes''', follow his Online Submission instructions in Moodle.::*For '''Murray's classes''', run command (piping to the '''more''' command) and show output to instructor.
::<span style="color:green;font-size:1.5em;">✓</span>Completed Lab4b log-book notes.
-->
==EXPLORATION QUESTIONS==
# Why are '''IMAP''' and '''POP''' email servers placed on separate machines (vms)?
# What is the purpose of the '''mail_location''' parameter contained in the '''/etc/dovecot/conf.d/10-mail.conf''' file?
# Why is root not able to receive mail with the changed mail location? What could you change to allow mail to be sent to root again?