1,234
edits
Changes
→Sending a Mail Message from your vm2 Machine to your Seneca Email Account
[[Category:OPS335]][[Category:OPS335 Labs]]
==MAIL SERVER RESOURCESOVERVIEW & PREPARATION==
{{Admon/important|Warning|Your lab 3 must be complete with a functioning DNS server for your domain before this lab will work.}}
Believe it or not, this is a simple diagram of you sending an email to someone else:
Although, you will not be able to receive mail messages from outside sources (such as your Seneca email account), this lab acts as a starting point in order to run a basic email server. You are NOT required to go into tremendous depth (just the minimum requirements). For example, we will not go over every aspect of the Postfix MTA service, but you should know what it represents and what is its main purpose, as opposed to the following: [https://en.wikipedia.org/wiki/Postfix_%28software%29#Architecture complex diagram 1] , [https://www.credativ.de/blog/postfix-architecture-overview complex diagram 2].
* [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command] (examples how to send e-mail using mail command)
* [http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands View and Manage Received e-mail Mesages] (Common commands to view and manage received email messages)
* [https://support.google.com/mail/answer/29436?hl=en Reading Full Email Headers] (Explanation of message header information)
* [http://wiki.dovecot.org/MailServerOverview Here's an overview] (common mail server terms)
==INVESTIGATION 1: INSTALL & SETUP , SET-UP, AND USE THE MAIL TRANSFER USER AGENT (MTA'''MUA''')==
'''Perform the following stepsSteps:''' #Make certain you are in your '''vm2''' machine.#Install the '''mailx''' application (MUA) using yum:'''NOTE:''' You can refer to the link below to acquaint yourself on how to send e-mail messages using '''mailx''' application:<br> [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command Examples]
We will now be installing the postfix application which will act as the Mail Transfer Agent ('''test to see if your MTA''') that will send and receive for your vm2 machine is correctly running by sending email messages from your vm2 machine to your Seneca e-mail messages between various server.<br>In our case, between our servers '''vm2''' and '''vm3''', as well as between our '''vm2''' server and an outside server: '''Seneca College''' (https://myseneca.ca)account.
'''Perform the following steps:'''
#Switch to Make certain you are still in your '''VM2vm2''' machine.#Check the status of the Test email from your machine by sending an email to your '''sendmailSeneca email account''' service by using the '''systemctl''' command. If the sendmail service is running, use the ''systemctl'' command to stop and disable that service. #Issue the following command to install the :<br>'''Postfixmail -s "Lab4a - test1" <Your Seneca email address>''' application (MTA):<br><br>'''yum install postfixNOTE:'''<br><br>#What is after you type in the purpose body of installing the postfix application in terms of using e-mail? Record your answer in your lab logbook.#We need message, move to <u>configure</u> an empty line, and then press the postfix application (i.e. our MTA) to recognize our recently-created domain name that we setup in lab3.<br>Edit the Postfix configuration file: key combination '''/etc/postfix/main.cf<ctrl><d>''' and edit this file to contain only send the contents displayed below:<br><br>'''mydomain = senecaIDmessage.org'''<br>'''myorigin = $mydomain'''<br>'''mynetworks = 127.0.0.0#Check your Seneca email account (Inbox /8, 192.168.X.0/24'''Junk Email Folder) to see if you got the email (note that it may take a <bru>'''relay_domains ='''few minutes to arrive<br/u>'''inet_interfaces=all'''<br><br>Your MTA has the ability to resolve "fake" public address , so you may also wish to try an actual user alternate email account name. For example, if you have a user account called "msaul"one like gmail, etc). When you can have the MTA resolve the fake name "murray.saul" to the account name "msaul". In order to do this you need to create an alias which is contained in receive that email, make a note of the MTA's alias filereturn address.<br><br>#Edit If you did not receive the '''/etc/postfix/aliases''' file and add mail, check the mail logs on your first name as an alias vm2 machine to be resolved to your VM2's account name:<br><br>'''your-first-name''' '''your-vm2-regular-username'''<br><br>determine any errors messages that would indicate a mail server setup problem.#In order Once you have succeeded in sending the first email, send a second email to update the MTA's database for the newly-create alias, issue same destination using the following command:<br>'''postalias hash:/etc/aliases'''mail -r "someone@hacker.com (Canadian Revenue Agency)" -s "Lab4a - test2" <br><brYour Seneca email address>#Finally, Check your email to start and enable your MTAsee if you got the email. If you did, issue make a note of the following commands:<br><br>'''systemctl start postfixreturn address.service'''<br>'''systemctl enable postfix.service'''<br><br>#Check How would you think that including the '''/var/log/messages-r''' file option could be used by penetration hackers to gain access to a computer system? What sort of steps do you think should be taken to see that your MTA server started without error If there are any errors, correct them before continuing.help prevent this type of attack from happening?
===Sending a Mail Message within your vm2 Machine===
'''Perform the following Steps:'''
=== Installing the Mail User Agent INVESTIGATION 2: SETUP MTA TO SEND MAIL MESSAGES (MUANO ENCRYPTION)===
We will be using the '''Perform Postfix''' application as the '''MTA''', and we will be setting it up on your '''vm2''' and '''vm3''' machines. They will act as the "sending" email servers for your internal network. You will be able to send email out of your network, and receive email from within your network, but you will '''<u>not</u>''' receive email from outside of your network due to the following Stepsreasons:* Individuals outside of your domain will never find the MX records because there are no other DNS servers pointing to your DNS server (i.e. you haven't paid for it).* Even if the individuals could read your MX records, your local network is using IP addresses on a '''private subnet''', which is not routeable on the Internet, so it cannot be reached from outside of your system.
'''Perform the following steps:'''
We will be demonstrating the use of the '''nc''' application to test that the postfix service is running and listening.
'''Perform the following steps:'''
#Make certain you are in If the '''nc''' command is not installed on your vm2 machine, install it (install '''vm2nc''' command for your '''vm3''' machineas well).#Test email Connect from your machine by sending an email '''vm2''' to your Seneca account itself using the '''nc''' command by issuing the following command:<br><brsource >'''mail -s "PART C3" nc localhost 25<Your Seneca email address/source>'''# You should see a response: <br><brsource >'''NOTE:''' after you type in your letter, enter a period in the first column on the last line and hit the ENTER key220 vm2.yourdomain.ops ESMTP Postfix<br><br/source>#Check your learn email You could theoretically use SMTP commands to see if you got the send an email (note that it may take a few minutes to arrivehere, so you may also wish to try an alternate email account if you have one). When you do receive that email make but this would be a note very unusual use of the return address.#If you did not receive the your mail, check the mail logs on your machine to determine what the error isserver.#Test email from your Host Machine by sending You have an email to your Seneca account using the following command:<br><br>'''mail -s "PART C4" -r hacker@evil.com <Your Seneca email address>MUA'''<br><br>#Check your Seneca email to see if you got the email. If you did make for a note of the return addressreason.#Repeat Enter the steps for INSTALL & command '''SETUP THE MAIL TRANSFER AGENT (MTA)QUIT''' and to close the connection to the server, then '''INSTALL & SETUP THE MAIL USER AGENT (MUA)<ctrl>-c''' for your to terminate the nc command. ::'''VM3NOTE:'''If it worked, this indicates that the postfix service is running, listening, and responding to connections.
<ol><li value===Testing email using IP Addresses==="4">Let's see if it works from other machines. Use '''nc''' to connect to '''vm2''' from '''vm3''' and see if it works. If your firewall is set up properly, the nc command should not permit a connection (i.e. ''no route to host'').</li><li>Create an iptables rule to allow incoming connections to your '''SMTP''' server on your '''vm2'''.</li><li>Once you open the port in the firewall, retry the '''nc''' command. You should get a different error this time (e.g. ''connection refused''). This time the problem is that your service isn't listening on the outside interface, it's currently configured to listen only on the loopback (lo) interface.</li><li>Make sure the new iptables rule gets saved so that it will be loaded automatically from startup.</li></ol>
# In your '''vm2''' machine, launch in editing session for the postfix configuration file called: '''/etc/postfix/main.cf'''# Our first editing change to the Postfix configuration will be to make the service "listen" for incoming connections on the external interface (i.e '''eth0''' from the VMs point of view).<br>Change the value of the following parameter to what is displayed below:<br><source>inet_interfaces =all</source># We should also set the string that will end up in the '''From:''' header in messages sent by this server.<br>Change the '''mydomain''' option to YOUR domain name (shown below):<source>mydomain =yoursenecaid.ops</source># Also you must set the '''hostname''' for this server so that will correctly specify the hostname in the '''From:''' header in a sent mail message.<br>Make certain the following parameter only appears once (shown below):<source>myorigin =$myhostname</source>#Ensure that your '''hostname''' and '''DOMAIN''' name is properly set on your machine, otherwise you will need to set the '''myhostname''' parameter.<br>{{Admon/important|Warning|Make sure there are no other un-commented copies of those above-mentioned parameters in the Postfix configuration file.}}<br><ol><li value="6">Restart the postfix service, then use the '''ss''' command to confirm that the your MTA is now listening on <u>all</u> interfaces (not just loopback)</li><li>Test email by connecting to it (using host names===the '''nc''' command) from your '''vm3''' machine.</li></ol>
'''Record Perform the following steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book:'''
# Repeat the configuration from investigation 2 on '''vm3''' (swap vm2 and vm3 when issuing command so that you are configuring vm3, and using your vm2 server to test the connections).
# Once that is complete, send an email from '''root on vm2''' to '''root on vm3''', and then reply '''from vm3 to vm2'''.
# If both messages arrive, both MTAs are working. If not, use the troubleshooting tools and techniques you have already learned to diagnose and fix the problem.<br><br>
{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using the dump or rsync command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}
<br>
'''Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book'''
==COMPLETING THE LAB==
Upon completion of this lab you should have postfix mail servers running on two machines, and starting automatically when they do. These servers must have sent email both ways between each other (from vm2 to vm3, and from vm3 to vm2), and to your seneca email (or other external mail server).
===Online Submission===
Follow the instructions for lab 4a on blackboard.
<!--
===Andrew's sections===
You may choose to:
* Submit screenshots of your work on Blackboard, in which case you don't need to come to the lab.
* Or come to the lab, show me your work, and talk to me about it. I want to hear what you've learned and answer any questions you have.
You'll get the same grade regardless of how you choose to submit your work.
::<span style="color:green;font-size:1.5em;">✓</span>Arrange proof that you can send e-mail from your '''vm2''' machine to your '''Seneca College e-mail account''', and than you can '''send and receive e-mail messages between on your vm2 and vm3 machines'''.
::<span style="color:green;font-size:1.5em;">✓</span>Download and run '''https://ict.senecacollege.ca/~andrew.smith/ops335/labcheck4a.bash''' on your '''host''' machine.
::<span style="color:green;font-size:1.5em;">✓</span>Completed Lab4a log-book notes.
-->
==EXPLORATION QUESTIONS==
#What did changing Briefly list the steps to install the relay_domains parameter do?MUA on your server for text-based messaging.#What firewall rule or rules, Briefly list the steps to trouble-shoot your server if any, did you have could not send e-mail messages from your vm2 machine to an external e-mail server.#Write the command to send an e-mail message from your vm2 to enter so that email between your VMs would work?Seneca College e-mail account.#What is are the commands to issue in the mail prompt to:<ul><li>Read the first e-mail message displayed</li><li>Save the 4th e-mail message to the meaning of file pathname: ~/maildir/3.msg.txt</li><li>Delete the square brackets surrounding 3rd e-mail message displayed</li><li>Exit the IP address in mail command prompt and return to the examples?shell</li></ul>#What were the results of sending email between the VMsemails locally on your vm2 machine? Show log segments to verify your answers.# What is the purpose of an MTA?# What is the purpose of an MUA?# Draw a simple diagram showing how an MUA and an MTA are used to send e-mail messages between different servers.# List the steps to test a running postfix service using the nc application.