Changes

← Older edit

OPS335 Lab 4b

1,341 bytes removed, 02:37, 12 March 2021

→‎INVESTIGATION 1: INSTALL THUNDERBIRD (MUA) and SETUP A REFERENCE CLIENT

== OVERVIEW==

~~Last week,~~ {{Admon/important|Warning|Your lab 4a must be complete before you ~~configured and ran the '''Postfix''' application for our MTA (a.k.a. SMTP server) on our '''vm2''' and '''vm3''' machines~~can start this lab.}}

In Lab 4a, you configured and ran the '''Postfix''' application for our MTA (a.k.a. SMTP server) on your '''vm2''' and '''vm3''' machines. That setup has some major drawbacks:

:* It required an SMTP server ('''MTA''') to be configured on each machine.

:* The Message Store ('''MS''') would also be unique to each machine - what a user received on one server would not exist on any other.

===Online References===

* [https://inside.senecacollege.ca/its/services/email/studentemployee/email_clients/othermail.html Seneca Client Settings] (Seneca Server settings for mail client - Thunderbird)

* [https://help.ubuntu.com/community/Dovecot Dovecot Community Documentation]

* [https://www.debian-administration.org/article/275/Setting_up_an_IMAP_server_with_dovecot Setting up an IMAP Server with Dovecot]

* [http://wiki.dovecot.org/LDA Dovecot-lda]

* [http://wiki.dovecot.org/LDA/Postfix Configuring dovecot-lda with postfix]

== INVESTIGATION 1: INSTALL THUNDERBIRD (MUA) and SETUP A REFERENCE CLIENT==

| '''Username'''|| yoursenecauserid@myseneca.ca || yoursenecauserid@myseneca.ca

|-

| '''servername''' || ~~pod51038~~outlook.~~outlook~~office365.com || ~~pod51038~~outlook.~~outlook~~office365.com

|-

| '''port''' || 993 || 587

| '''security''' || SSL/TLS || STARTTLS

|-

| '''~~Reference~~References''' | colspan="2" | [1] [https://~~ssgoku129~~employees.~~wordpress~~senecacollege.~~com~~ca/spaces/77/it-services/~~2012~~wiki/11view/292394/~~how-to-setup-seneca-learnid-myseneca-ca-with~~other-email-clientsITS -~~and-devices/ How-to setup Seneca LearnID @myseneca.ca with~~ Configuring other Email Clients]

|}

::Note that your username is your full email address(~~firstname.lastname~~yourid@myseneca.ca) and not just ~~firstname.lastname~~yourid.

{{Admon/important |Unencrypted Options|Notice that there are unencrypted options available to connect to your SMTP/IMAP servers but those are rarely used these days - the potential for abuse is too great. On a free wifi network, the operator would be able to not only read your email, but also obtain your password without any password/encryption cracking tools. In fact, even on a private wired network, it is not uncommon for an employer to use a packet sniffer utility to monitor all the traffic going over their network (Packet Sniffing applications were actually found to be legally acceptable ~~practices~~ practice if used by the management of organizations)}}

<ol><li value="3">After you create your '''Thunderbird''' account, you should be able to read your existing email and send new email within the Thunderbird application.</li><li>Take time to view your ''Account Settings'' and ''Preferences'' to get a feel for what settings exist. For example:<ul><li>How often will Thunderbird check for new messages?</li><li>Will the messages you write be in HTML or plain text?</li><li>How do you change your SMTP server settings? Why are they in a different section?</li></ul></li><li>The main objective of this section was to learn how to setup your Thunderbird application to read your Seneca email, so in the next section you can use the exact type of setup for your own email server.</li></ol>

'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''

== INVESTIGATION 2: SETUP A CENTRALIZED MESSAGE STORE ==

'''Perform the following steps:'''

# ~~Look at~~ Issue the '''mail''' command to view the email messages you sent between your '''vm2''' and '''vm3''' in your lab 4a. Notice that each is addressed from root on whichever machine sent it.

# On both machines (vm2 and vm3), edit the '''/etc/postfix/main.cf''' file to change the '''myorigin''' parameter from '''$myhostname''' to '''$mydomain'''. Restart the '''postfix''' service.

# Now, send emails messages (via the '''mail''' command) between both of your vm2 and vm3 machines, and view the mail messages by issuing '''mail''' in each vm. The sender address should now read that the received mail messages came from '''root@yourdomain.~~org~~ops'''.

::The next step is to configure what ~~addrssess~~ addresses that the server will receive email for. This is done using postfix by setting the '''mydestination''' parameter (configuration variable) to include '''$mydomain''' (this is assuming you've set up '''mydomain''', '''myorigin''' , and '''inet_interfaces''' properly).

<ol><li value="4">Edit the '''/etc/postfix/main.cf''' file for ~~both machines~~'''vm3 ONLY''', ~~xsroll~~ scroll down to the line containing: '''mydestination''' and change line to the text shown below: <source>mydestination = $mydomain, $myhostname, localhost.$mydomain, localhost</source>'''Note:''' Even though your machine's name is ''vm3.yoursenecaid.~~org~~ops'', your postfix MTA will also receive emails addressed to the domain called: yoursenecaid.~~org~~ops</li></ol>

::In order for this to work, we need to add a DNS record that will point mail sent to the domain towards one of the SMTP servers configured to accept it.

<ol><li value="65">Add an '''MX''' record to the forward lookup zone on ~~vm1~~ '''host''' so that all incoming mail addressed to the domain is sent to your vm3.</li><li>Restart the service and use the '''dig''' command to confirm that it works.</li><li>Send an email from your '''vm2''' to '''root@yourdomain.~~org~~ops'''</li><li>Confirm that it arrives on your '''vm3''' machine.</li></ol>

=== Relay Email Through Another Server===

'''Perform the following steps:'''

# ~~First, direct~~ Move to your vm2 machine.# Direct your '''vm2''' ~~machine~~ MTA to relay mail through vm3, by making the following editing change for the '''/etc/postfix/main.cf''' file: <source>relayhost = vm3.<yourdomain>.~~org~~ops</source>

# Restart the '''postfix''' service.

# Next, you must instruct your '''vm3''' machine to allow your vm2 machine to pass email through it by making the following editing ~~chnage~~ change to the '''/etc/postfix/main.cf''' file: <source>mynetworks = 192.168.X.0/24</source>NOTE: Substitute in your '''own network''' for X

# Restart the '''postfix''' service.

=== Install and Configure the Local Delivery Agent (LDA/MDA) ===

Postfix is capable of performing the function of an LDA, but its LDA capabilities are limited, thus postfix is generally not used for that purpose. Currently, the most popular LDA is ''LMTP'', but we will be installing, configuring, and using an LDA called '''Dovecot''' since it is also popular and we will ~~later be~~ setting up Dovecot as an '''IMAP''' serverlater in this lab. Using both Postfix and Dovecot will actually increase the performance of our IMAP server.

'''Perform the following steps:'''

::NOTE: Do '''not''' replace any variables, those are set automatically by Postfix when it runs the LDA. If you are interested in learning more about the Dovecot application, you can read about dovecot-lda [http://wiki.dovecot.org/LDA/Postfix here] and [http://wiki.dovecot.org/LDA here].

<ol><li value="4">Finally, edit the '''/etc/dovecot/conf.d/10-mail.conf''' file and ~~indicated~~ indicate where you want your mail delivered by including the following line:<source>mail_location = maildir:~/Maildir</source></li>~~</ol>~~ ~~<ol>~~<li ~~value="5"~~>Restart your postfix service.</li><li>While the emails are still stored only on VM3, they will now be easier for other machines/services to access.</li><li>Due to permissions on the directories where mail will now be stored, root will no longer receive mail. Check the logs for an indication as to why.</li></ol>

'''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''

==INVESTIGATION 3: USING THUNDERBIRD (MUA) FOR VM2 and VM3 MACHINES ==

~~'''Perform the following steps:'''~~=== Accessing Received Mail Messages on VM3 VIA IMAP ===

~~#On your host machine~~First, ~~return to~~ we will set up the ~~Mail Account Setup dialog box (eg~~IMAP server so we can read email. ~~near top of lab)~~The current way we have configured our mail server on our VM3 machine should allow all the email for anyaccount@yoursenecaid.~~# Set up the account settings to connect~~ ops should be delivered to ~~your '''vm2''' for '''SMTP''' and~~ our '''vm3''' ~~for '''IMAP'''~~machine. ~~Use no encryption, and use normal password authentication for~~ We will set up Dovecot with IMAP ~~(we don't have an IMAP server running yet, but~~ to get easy access to that~~'s ok)~~email. ~~Refer to the diagram below for reference:~~

~~[[Image~~'''Perform the following steps:~~ops335-email-step1.png|600px]]~~'''

#The configuration file for the Dovecot service (which is not the same thing as dovecot-lda) is::'''~~NOTE:~~/etc/dovecot/dovecot.conf'''. Modify the '''protocols'' ~~Thunderbird won~~'~~t let you proceed~~ option so that Dovecot will work with IMAP connections, no POP3 or LMTP.# Start the ~~"Done" button because you~~ dovecot service, and ensure it will ~~fail to connect to IMAP~~always start automatically when the machine boots. ~~<ol><li value="3">~~ # Use the ~~"Advanced config" button~~ '''ss''' command to ~~bypass that check.</li><li>Use~~ confirm the service is listening, and use '''nc''' on the ~~Thunderbird application~~ '''host''' to ~~send an email~~ confirm you can connect to ~~your myseneca address~~it. ~~If you~~# You'~~ve done everything right~~ll probably fail, ~~it will send~~ so using the ~~message successfully~~information gathered from '''ss''', ~~but~~ modify the firewall on vm3 to allow IMAP connections from your local network and try '''nc''' again. Once it ~~will fail~~ works, do not forget to save this change so it in will still be there the ~~Sent folder since that~~next time you reboot.#If you can connect - it's ~~done with~~ now time to do something wrong, that is allow connections to our IMAP ~~and you don~~server over an unencrypted connection.# Edit the '''~~t have an IMAP server yet~~/etc/dovecot/conf.<d/~~li><li>Verify that your message has been sent~~10-auth. ~~Check your myseneca email~~ conf''' file and ~~look at~~ set '''disable_plaintext_auth''' to '''no'''.# Then edit the '''/~~var~~etc/~~log~~dovecot/~~maillog~~conf.d/10-ssl.conf''' ~~on vm2 (~~file and set '''ssl''' to '''yes'''. '''Note:''' This combination of parameters will allow your ~~email server)~~username and password to be sent over the internet in plain text, for anyone interested to look at. In a later lab we'll set up secure SMTP and IMAP connections, for now this is all we have time for.<~~/li~~br><~~/ol~~br> ~~=== Sending a Mail Message from VM2 (Using Thunderbird)===~~# Restart dovecot so the changes take effect.

~~{{Admon/important |Sent messages will not be saved~~ === Connecting to ~~the sent folder|During this step the messages you send will not be saved to the sent folder and~~ IMAP Servers Using Thunderbird ~~will permanently hang with a message that it is saving the message. It will never succeed, as we have not yet configured the imap server to accept the connection necessary for that to work.}}~~===

'''Perform the following steps:'''

#~~Use the~~ On your '''sshost''' ~~and~~ machine, return to the Mail Account Setup dialog box (eg. near top of lab).# Set up a '''ncnew email account''' ~~commands (like you did in lab 4a) to confirm your service is listening on the correct ports/interfaces~~. You will ~~probably have~~ be using account settings to ~~open the appropriate firewall port on~~ connect to your '''~~vm3~~vm2''' ~~to allow incoming~~ for '''SMTP''' ~~connections. '''Note:''' You should be able to send email to any regular user on~~ and '''vm3''' ~~using the email address~~ for '''~~yourusername@yoursenecaid.org~~IMAP''' ~~using the Thunderbird application on your host machine (which is configured to use the account on your vm2)~~.Use <bru>no<br/u>encryption, and use normal password authentication for IMAP. Refer to the diagram below for reference:

~~<ol><li value="2">Create a new account on your '''vm3''' machine using only your first name. We will use this account as a one~~[[Image:ops335-email-time "test" if the mail message has been received on your VM3 machine (from your VM2 machine). '''Note:''' It is '''important''' that you '''don't''' create this same account name on your vm2 machine, since you want to easily identify the difference between the sending and receiving SMTP serversstep1.~~ </li></ol>~~png|600px]]

<ol><li value="3">~~We still haven't set up~~ Try to connect to your IMAP ~~(for reading email) but we can test that the message is being delivered. Use the new account in~~ server with Thunderbird ~~to send an email to '''firstname@yoursenecaid.org''' and then check the contents of '''/home/firstname/Maildir/new/'''~~ by clicking on your '''~~vm3~~Inbox''' ~~machine. There should be a file there with the contents of your email~~.</li><li>If ~~there is no file~~nothing happens, then check the ~~log file~~ Thunderbird Activity Manager for any errors. If the connection is successful, you should see the '''~~/var/log/maillog~~Trash''' ~~to see what went wrong~~box appear below Inbox.</li><li>Use the Thunderbird application to send an email to your myseneca address. If you ~~can see a file in~~ 've done everything right, it will send the message successfully</li><li>Verify that your message has been sent. Check your myseneca email and look at '''/~~home~~var/~~firstname/Maildir/new~~log/maillog''' ~~directory, then review the procedures~~ on ~~how you got the~~ vm2 (your email server ~~working (since you have performed many steps and set up many services~~)~~.</li><li>Refer to the diagram at the top of this lab. Which services have you currently set up? Record your findings in your lab Logbook~~.</li></ol>

{{Admon/important |Encountering error messages when sending email|If you cannot properly receive sent e-mail messages, check the '''/var/log/syslog''' file for errors. If you locate an error message in that file such as: '''Fatal: Error reading configuration: Invalid settings...''', then add the following parameter in '''/etc/dovecot/dovecot.conf''': '''postmaster_address <nowiki>=~~</nowiki> DOMAIN'''~~ == Sending a Mail Message from VM2 (~~where DOMAIN is actually your domain~~Using Thunderbird)~~. After you have saved those changes, then '''restart''' your dovecot service. This problem can also be resolved by properly setting the hostname of your machine to include the domain.}}~~===

~~=== Viewing Received Mail Message on VM3 VIA IMAP (Using Thunderbird) ===~~'''Perform the following steps:'''

~~Finally, we will set up~~ #Use the '''ss''' and '''nc''' commands (like you did in lab 4a) to confirm your service is listening on the ~~IMAP server so we can read email~~correct ports/interfaces. ~~The current way we~~ You will probably have ~~configured our mail server~~ to open the appropriate firewall port on ~~our VM3 machine should~~ '''vm3''' to allow ~~all the email for anyaccount@yoursenecaid~~incoming '''SMTP''' connections.~~org~~ '''Note:''' You should be ~~delivered~~ able to ~~our~~ send email to any regular user on '''vm3''' using the email address '''yourusername@yoursenecaid.ops''' using the Thunderbird application on your host machine~~. We will set up Dovecot with IMAP~~ (which is configured to ~~get easy access to that email~~use the account on your vm2).

<ol><li value="2">Create a new account on your '''~~Perform~~ vm3''' machine using only your first name. We will use this account as a one-time "test" if the ~~following steps~~mail message has been received on your VM3 machine (from your VM2 machine). '''Note:'''It is '''important''' that you '''don't''' create this same account name on your vm2 machine, since you want to easily identify the difference between the sending and receiving SMTP servers. </li></ol>

~~#The configuration file for~~ <ol><li value="3">Use the ~~Dovecot service (which is not the same thing as dovecot-lda) is:~~ new account in Thunderbird to send an email to '''~~/etc/dovecot/dovecot~~firstname@yoursenecaid.~~conf~~ops'''~~. Modify~~ and then check the contents of '''~~protocols~~/home/firstname/Maildir/new/''' ~~option so that Dovecot will work with IMAP connections, no POP3 or LMTP.# Start the dovecot service, and ensure it will always start automatically when the machine boots.# Use the~~ on your '''ssvm3''' ~~command to confirm the service is listening, and use nc on the host to confirm you can connect to it~~machine.~~# Using~~ There should be a file there with the ~~information gathered from ss, modify the firewall on vm3 to allow IMAP connections from~~ contents of your ~~local network~~email. ~~Remember to add this to your firewall_restore script.~~#</li><li>If ~~you can connect - it's now time to do something wrong~~there is no file, ~~that is connect to our IMAP server using Thunderbird over an unencrypted connection.# Edit~~ then check the log file '''/~~etc/dovecot~~var/~~conf.d~~log/~~10-auth.conf''' file and set '''disable_plaintext_auth~~maillog''' to ~~'''no'''~~see what went wrong.~~# Then edit~~ </li><li>If you can see a file in the '''/~~etc~~home/~~dovecot~~firstname/~~conf.d~~Maildir/new/~~10-ssl.conf~~''' ~~file~~ directory, then review the procedures on how you got the email server working (since you have performed many steps and set ~~'''ssl''' to '''yes'''~~up many services).<br/li><brli>~~'''Note:''' This combination of parameters will allow your username and password~~ Refer to ~~be sent over~~ the ~~internet in plain text, for anyone interested to look~~ diagram atthe top of this lab. ~~In a later lab we'll~~ Which services have you currently set up ~~secure SMTP and IMAP connections, for now this is all we have time for. # Restart dovecot so the changes take effect.#Try to connect to~~ ? Record your ~~IMAP server with Thunderbird by clicking on~~ findings in your ~~'''Inbox'''.#If nothing happens, then check the Thunderbird Activity Manager for any errors~~lab Logbook. ~~If the connection is successful, you should see the '''Trash''' box~~ <u/li>~~appear~~</uol> ~~below Inbox.~~# Finally, send an email message from '''yoursenecaid@yoursenecaid.org''' to '''yoursenecaid@yoursenecaid.org''' using the Thunderbird application. The mail message should be sent without errors, and you should notice a '''Sent''' folder appear in the list. If all worked well, you should see your message arrive in the '''Inbox''' and you know that your configuration works correctly.

{{Admon/important |~~Backup your VMs!~~Encountering error messages when sending email|~~You MUST perform a~~ If you cannot properly receive sent e-mail messages, check the '''~~full backup~~/var/log/syslog''' ~~of ALL of your VMs whenever~~ file for errors. If you ~~complete your~~ locate an error message in that file such as: '''Fatal: Error reading configuration: Invalid settings...''', then add the following parameter in '''/etc/dovecot/dovecot.conf''': '''~~OPS335 labs~~postmaster_address <nowiki>=</nowiki> DOMAIN''' ~~or when working on~~ (where DOMAIN is actually your domain). After you have saved those changes, then '''~~OPS335 assignments~~restart'''your dovecot service. ~~You should~~ This problem can also be ~~using the dump command, and you should use~~ resolved by properly setting the ~~Bash shell script that you were adviced to create in order to backup all~~ hostname of your ~~VMs~~machine to include the domain.}}

{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using the dump or rsync command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}

'''Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book'''

== COMPLETING THE LAB ==

~~'''Depending on your professor you will either be asked to submit~~ ===Online Submission===Follow the instructions for lab ~~in class, or online~~4b on blackboard. ~~Follow the appropriate set of instructions below''~~<!--===Andrew's sections===

~~===Online Submission (Peter Callaghan~~You may choose to:* Submit screenshots of your work on Blackboard, in which case you don'~~s Classes only)===~~t need to come to the lab.~~Follow~~ * Or come to the ~~instructions for~~ lab ~~4b on moodle~~, show me your work, and talk to me about it. I want to hear what you've learned and answer any questions you have.

~~===In Class Submission===Students should be prepared with~~ You'~~''all required commands (system information) displayed in a terminal (or multiple terminals) prior to calling~~ ll get the ~~instructor for signoff'''.~~ ~~'''Arrange evidence (command output) for each~~ same grade regardless of ~~these items on~~ how you choose to submit your ~~screen, then ask your instructor to review them and sign off on the lab's completion:'''~~work.

::✓Status and configuration of your Postfix service on vm2.

::✓Your Thunderbird configuration.

::✓The email you sent to your myseneca account.

::✓Download ~~the labcheck4b.bash checking bash shell script by issuing the command: ~~and run '''wget ~~http~~https://~~matrix~~ict.~~senecac.on~~senecacollege.ca/~~~peter~~andrew.~~callaghan/files~~smith/~~OPS335~~ops335/labcheck4b.bash'''~~ set execute permission and run the shell script~~ on your '''c7host''' machine. ~~::*For '''Peter's classes''', follow his Online Submission instructions in Moodle.::*For '''Murray's classes''', run command (piping to the '''more''' command) and show output to instructor~~.

::✓Completed Lab4b log-book notes.

-->

==EXPLORATION QUESTIONS==

# Why are '''IMAP''' and '''POP''' email servers placed on separate machines (vms)?

# What is the purpose of the '''mail_location''' parameter contained in the '''/etc/dovecot/conf.d/10-mail.conf''' file?

# Why is root not able to receive mail with the changed mail location? What could you change to allow mail to be sent to root again?

Andrew

Bureaucrats, Administrators

1,234

edits

Changes

OPS335 Lab 4b

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools