![Page 1: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/1.jpg)
Email Services
CSCI N321 – System and Network Administration
Copyright © 2007 by Scott Orr and the Trustees of Indiana University
![Page 2: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/2.jpg)
Section Overview
Email Architecture
Postfix Configuration
Mail forwarding
CS Spam-Filtering Architecture
Procmail
![Page 3: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/3.jpg)
References
Apache Site – http://www.postfix.org
RedHat Deployment GuideChapter 24 – Email
![Page 4: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/4.jpg)
Email Server Architecture
smtp(s)smtp(s)
MTAMTA
smtpsmtp
(sendmai(sendmail)l)
MTAMTA(postfix)(postfix)
MDAMDA(procmail(procmail
))
MUAMUA(Outlook)(Outlook)
AAAA(imapd)(imapd)
(popd)(popd)
imap(s)imap(s)pop(s)pop(s)
![Page 5: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/5.jpg)
SMTP Protocol[smo@sysadmin ~]$ telnet tempest.cs.iupui.edu 25Trying 134.68.140.202...Connected to tempest.cs.iupui.edu (134.68.140.202).Escape character is '^]'.220 tempest.cs.iupui.edu ESMTP Postfixhelo sysadmin250 tempest.cs.iupui.edumail from: <[email protected]>250 2.1.0 Okrcpt to: <[email protected]>250 2.1.5 Okdata354 End data with <CR><LF>.<CR><LF>Subject: HelloHi Scott.250 2.0.0 Ok: queued as B06375050618quit221 2.0.0 ByeConnection closed by foreign host.
![Page 6: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/6.jpg)
Postfix MTA
More secure replacement for SendmailSuite of programs to handle emailpostfix <option> start stop reload flush
Configuration files /etc/postfix/master.cf /etc/postfix/main.cf
![Page 7: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/7.jpg)
master.cf
Maps services to postfix daemonsFormat
Service Name Service Type (inet | fifo | unix) Private (y | n) Unprivileged (y | n) Chroot (y | n) Wakeup # Maxproc # command + args
Spam and Virus filtering
![Page 8: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/8.jpg)
main.cf – Directories/Owner
Key Directories queue_directory = /var/spool/postfix command_directory = /usr/sbin daemon_directory = /usr/libexec/postfix
mail_spool_directory = /var/spool/mail
config_directory = /etc/postfix
Ownership - mail_owner = postfix
![Page 9: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/9.jpg)
main.cf – Delivery Addesses
Address Configuration myhostname = tempest.cs.iupui.edu mydomain = cs.iupui.edu myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
Smart Host relayhost = mail-relay.iu.edu
![Page 10: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/10.jpg)
main.cf – SMTPd
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
![Page 11: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/11.jpg)
Authenticated Delivery
Only allow valid users to send emailmain.cf smtpd_sasl_auth_enable = yes smtpd_sasl_loglevel = 2 smtpd_sasl_received_header = yes
saslauthd Daemon /etc/sysconfig/saslauthd /usr/lib/sasl2/smtpd.conf
![Page 12: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/12.jpg)
SSL Support
Authenticated access must be protectedmain.cf smtpd_use_tls = yes smtpd_tls_auth_only = yes smtpd_tls_key_file =
/etc/postfix/certs/smtpd.key smtpd_tls_cert_file = /etc/postfix/certs/smtpd.crt smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s
![Page 13: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/13.jpg)
Mail Forwarding
/etc/postfix/aliasesalias: real-address[,…]
alias_maps = hash:/etc/postfix/aliases alias_database = hash:/etc/postfix/aliases
~/.forwardMailing lists
alias: :include:<path_to_file> Majordomo & mailmain
![Page 14: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/14.jpg)
Reading Email
IMAP/IMAPS Used to read messages online Should always use with via SSL Typically started via inetd/xinetd
Webmail Squirrelmail Horde
![Page 15: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/15.jpg)
Opening Spam-dora’s Box
April 12, 1994 – Lawyers Laurence Canter and Martha Siegel sent message about upcoming Green Card lottery to some 6000+ Usenet News Groups in less than 90 minutesArizona ISP Internet Direct received so many email complaints, their email server(s) crashed more than 15 times.C&S account gets cancelled and threaten to sue (although never do)C&S publish How to Make a Fortune on the Information Superhighway (1995)
![Page 16: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/16.jpg)
14 years later…
SPAM (Unsolicited Commercial Email) 60% - 94% of all email (1st Qtr. 2008)Phishing Attacks less than 1% of all email but growingSignificant increase in BotnetsTop Spam-Sending Countries United States (37.9%) China (4.6%) United Kingdom (4.3%) Germany (3.8%) Brazil (3.8%)
Source: Commtouch Software Source: Commtouch Software Online LabsOnline Labs
![Page 17: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/17.jpg)
Costs of Spam
Spammers Great ROI!!! Malware writer partnerships Phishing
Recipent Time Bandwidth Storage space
![Page 18: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/18.jpg)
SPAM Filtering Techniques
Black listsWhite listsContent (keyword blocking)Invalid addresses/header valuesHeuristicsBayesian Filtering
![Page 19: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/19.jpg)
Greylisting
Each message identified by a triplet Envelope recipient Envelope sender IP address of delivering host
Delivery based on following rules: If IP address or recipient on whitelist – send msg to
recipient If not seen triplet before – send tempfail msg and record
triplet If time limit on triplet not expired – send tmpfail msg If time limit on triplet expired – send msg to recipient and
update last seen time. Remove triplet from database after not seen for set period
of time
![Page 20: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/20.jpg)
Sender Policy Framework (SPF)
Receiving host verifies sender is legitimate mail server for originating domainAdd TXT (SPF) records to Domain DNS
Domain specific Each host with MX record (also A, PTR, IP addr,
external hosts) cs.iupui.edu. IN TXT "v=spf1 mx
a:storm.cs.iupui.edu"
Issues Breaks email forwarding Spammers can still send messages if they have an
account on domain Most major ISPs do not support SPF (yet)
![Page 21: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/21.jpg)
postfixpostfix
CS Email Architecture
smtpsmtp Maia-Mailguard (Amavisd)Maia-Mailguard (Amavisd)
clamavclamav spamassasinspamassasin
ProcmailProcmail
Mail spoolMail spool
QuarantineQuarantine(MySQL)(MySQL)
GreylistGreylist??
![Page 22: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/22.jpg)
Clam Antivirus
Open SourceIf signature match… Added header fields:
Delivered-To: virus-quarantine X-Quarantine-Id: <zzWB7-YxAXsI> X-Amavis-Alert: INFECTED, message contains virus: <virus signature ID>
Moved to quarantine area Email sent to [email protected]
Hourly checks for signature updatesPhishing signatures included
![Page 23: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/23.jpg)
Spamassassin
Open Source (Part of Apache project)Weighted Heuristic tests Full Message Header Body URI
Third party plugins
![Page 24: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/24.jpg)
SA: Full Message Tests
Message found in hashed Spam databasesEntries contributed by Spam recipientsUses statistical and randomized signaturesDistributed Checksum Clearinghouse (DCC)Vipul’s Razor
![Page 25: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/25.jpg)
SA: Message Header Tests
Header Anomalies (length, sender, etc.)Subject ObfuscationRealtime Blackhole Lists (RBL) Open Relays/Proxy (SORBS) Address/Domain Abuse lists
Sender Policy Framework (SPF)DomainKeys
![Page 26: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/26.jpg)
SA: Message Body Tests
Common Spam content checksHTML obfuscation*Locale specific checksURLs in RBLsBayesian Filters Calculates probability message is Spam (- score) < 50% / (+ score) > 50% Must be trained using Spam and “Ham”
*The Spammers' Compendium
![Page 27: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/27.jpg)
SA: URI Message Tests
Focuses on embedded URLsKeywords in URLsAddress obfuscationTLD checksCGIs and Authentications
![Page 28: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/28.jpg)
Spam Thresholds
Spam check [header] tagging (-999) Spam Status Score & breakdown by test Spam-level histogram
Spam detected (6.3)Quarantine Level (-)
![Page 29: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/29.jpg)
Header Tagging Example
X-Spam-Status: No, hits=6.069 tagged_above=3 required=6.3tests=[DNS_FROM_RFC_ABUSE=0.374, DNS_FROM_RFC_POST=1.376, HTML_50_60=0.095, HTML_FONT_BIG=0.232, HTML_IMAGE_ONLY_24=1.003, HTML_MESSAGE=0.001, MIME_HTML_ONLY=1.158, MSGID_FROM_MTA_HEADER=0, RCVD_IN_BL_SPAMCOP_NET=1.832, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001]X-Spam-Level: ******
![Page 30: Email Services CSCI N321 – System and Network Administration Copyright © 2007 by Scott Orr and the Trustees of Indiana University](https://reader036.vdocument.in/reader036/viewer/2022062421/56649e2c5503460f94b1c0bc/html5/thumbnails/30.jpg)
Procmail (MDA)
Handles were incoming messages are storedProcmail “recipes”
System-wide: /etc/procmail User: ~/.procmailrc
Single recipe & recipe chainingRecipe Example::0:* ^Subject: Broker Alert$SPAMMAYBE
Also great for managing email lists/foldersVacation-Away messages