ElectronicMail

《ElectronicMail》由会员分享，可在线阅读，更多相关《ElectronicMail（70页珍藏版）》请在装配图网上搜索。

1、Electronic MailChapter 22Chapter GoalsUnderstand the basic steps in the mail delivery system.Understand the role of the Mail User Agent(MUA)Understand the role of the Mail Transport Agent(MTA)Understand the basic strategies for handling email.Understand the basic protocols used to deliver and transp

2、ort mail.Understand the basics of email securityUnderstand the basics of sendmail configuration and rulesets.ParsingAnti-spamAnti-relayAuthenticationEmailEmail OverviewEmail is a“vital”service in users eyes.Lost mail is not acceptableBut it happens daily!Email is assumed to be confidentialIt is not

3、confidential!Email delivery delays are not toleratedEmail is an unreliable service!This leaves system administrators with huge problems.How to ensure reliable serviceHow to secure the MTA/SMTP serviceHow to monitor and manage email servicesHow to secure MUA servicesEmailEmail OverviewTypical user co

4、mplaints/questions:How do I send mail to my friend?I dont know their address,but I need to send them mail.I sent person X mail,why dont they respond?Why do I get all of this spam?Why cant you stop all of this spam?Is OIT reading my mail?Where did my mail go?It was there a minute ago!EmailMail Overvi

5、ew(at the sending end)A user creates a mail message using a mail user agent(MUA)(pine,mh,elm,netscape,eudora,mailx).When done“creating”,they exit the MUA.The MUA“contacts”a local mail delivery agent(MDA).The MDA spools the message in the mail spool area and signals a program to process it.The progra

6、m that processes the message is called a Mail Transport Agent(MTA).The MTA implements the Simple Mail Transfer Protocol(SMTP).The MTA parses the“To:”address,and attempts to contact the remote hosts MTA.If contact succeeds,the local MTA transfers the mail to the remote end.If contact fails,the local

7、MTA retries for some finite period of time.EmailMail Overview(At the destination end)The destination MTA“receives”the message as per the SMTP protocolsending end introduces itselfsending end tells who mail is fromsending end tells who mail is forIf destination user is valid,open a spool,and continue

8、 collection.More on this in a minuteSending end transfers dataSending end closes connectionEmailMail Overview(”deliver it”)The destination MTA checks the“To:”address to see if there is a system wide alias for the user.If alias exists,deliver as per alias.If no alias,check to see if account exists.If

9、 no account,reject message.If account exists,check to see if the user has a.forward file.If.forward exists,deliver mail as per.forwardIf no.forward,deliver to local spool.When recipient invokes their MUA,it checks local spool,and informs user there is a message.EmailMail AliasesUnix:/etc/mail/aliase

10、s a text a list of recipients,and names of users to deliver mail to.root:curt,mmcnallypostmaster:rootepadmin:curtcfh:curterp:curt,mentor:suggest,henrytou:scott:EmailMail StrategyTo implement the delivery of e-mail at a site,the administrator has to make a few decisions about how mail will be handled

11、 at the site.There are two primary e-mail models in use:the“every host”(mail host)model and the“smart-hub/thin-client”model.EmailMail Strategy“Every Host”Mail host In this model,every machine on the network is capable of sending and receiving e-mail.Although this requires the least setup,it also cau

12、ses problems.The administrator should add the mail spool to the backup schedule to ensure that a users messages are not lost.The individual machines are all running the SMTP daemon,and could be used as open relays.The fact that e-mail does not pass to a single host means that router filters and spam

13、/virus filtering are more difficult to implement.Troubleshooting mail problems is difficult,as every machine is(potentially)configured differently.EmailMail Strategy“Every Host”Mail host Every time a new version of the software is released,the administrator has to update every host.The good side of

14、this model is that the configuration is pretty minimal.Clients read mail from their own local disk,and therefore the mail does not have to be made available to other hosts.The administrator may have to develop a standard delivery configuration file,and distribute it to all machines.EmailMail Strateg

15、ySmart Hub/Thin Client This model of e-mail management requires a large central e-mail server.The central server is the only machine that will accept mail messages for the entire enterprise.This server is configured with plenty of disk space and connectivity to allow it to keep up with the load of a

16、ll e-mail into and out of the enterprise.If the enterprise decides to implement this model,the name service may also require some reconfiguration,to add MX records for all hosts in the enterprise.The MX record would tell other hosts to send their mail messages to the smart hub,instead of to individu

17、al hosts within the enterprise.EmailMail StrategyThis model requires much more configuration at the beginning,but it also brings a certain amount of sanity to the e-mail process.For example,the enterprise router filters may be tuned such that they only allow SMTP connections to the mail hub(mail ser

18、ver).All other SMTP connection requests can be denied.Anti spam/virus filtering can be installed on the mail server to ensure that all messages are checked for harmful content.The administrator only has to back up one mail host,instead of backing up the mail spool from every host at the corporation.

19、If an upgraded version of the mail software is released,the operator has to update only one mail server,instead of hundreds.EmailMail StrategyMail client machines can also be greatly simplified using the mail hub model.For example,you might determine that it is not necessary to run the SMTP daemon o

20、n client machines.A simple cron job to check the queue periodically and process pending requests by sending them to the mail server for delivery may be all the client support your site requires.For slightly more complicated scenarios,you may still need to build an SMTP daemon configuration control t

21、his process,and/or find a way to make the mail spool(on the server)available to the MUAs on mail clients.EmailMail StrategyBut the news is not all good,as this model also has its downside.The mail server is a great repository of mail messages,but it also has to make these messages available to users

22、.Although you could force the user to log in to the mail server to read mail,this is rarely acceptable.Another problem with the mail hub model is user education.Users like to personalize their mail.Many users prefer to think that by having mail delivered to their desktop,it is more secure.Some users

23、 want correspondents to think the mail goes directly to their desktop,instead of to a corporate mail server.Quite often,the administrator has to convince the user to advertise the e-mail address on the corporate server,rather than the address on the users desktop.EmailMail StrategyMail Servers often

24、 require substantial hardware to implement this mail management model.A 20,000-employee operation could easily swamp a four-processor mail hub with 300 gigabytes of disk space reserved for the mail spool area.If that single mail server ever experiences a problem that takes it off-line for an extende

25、d period of time,the users will be on the warpath!EmailEmail ProtocolsThe heart of e-mail is the collection of protocols used to transport e-mail from server to server and make it available to users.This collection of standard protocols allows the wide range of e-mail software to interoperate across

26、 the Internet.These protocols can be split into three categories:those used by MTAs as mail is moved between servers,those used by MDAs to deliver the mail,and those used by MUAs to allow the user to read,create,and reply to mail.EmailEmail ProtocolsMUAs typically allow the user several methods of a

27、ccessing mail,depending on how and where messages are stored.The three most common access methods are plain files,the Post Office Protocol(POP),and the Internet Mail Access Protocol(IMAP).These protocols,as well as the SMTP protocol used by MTAs and associated service daemons,have their own reserved

28、 portsEmailMail User Agents(MUAs)Some MUAs“read”mail directly from the spool(/var/mail,/var/spool/mail).(mailx)Mail spool must be mounted on machine where user reads mail.Some MUAs move messages to an Inbox and operate on it there(pine,netscape).Mail spool must be accessible,but not necessarily moun

29、ted on machine where user reads mail.EmailMail User Agents(MUAs)Some MUAs use delivery protocols to get mail to user Post Office Protocol(POP)Network based cleartext passwords copies mail to client,can remove from server,or leave copy on server(pointer into spool tells what has been read)Internet Ma

30、il Access Protocol(IMAP)Network based cleartext passwords uses RPCs to act on messages.Displays message on client,does not copy to local disk.EmailMUAsHave their own transport languages.Typical commands:UserPassGetPutDeletePurgeWrite(Save)EmailMail transport agents(MTAs)Mail transport agents(MTAs)ar

31、e the workhorses of the e-mail system.Several MTAs exist for a wide range of platforms.Some common choices are Sendmail,Microsofts Exchange Server(exchange),postfix,qmail,and exim,PMDF.This variety of choices means that the administrator needs to make a decision as to which MTA will work the best fo

32、r the site.EmailMail transport agents(MTAs)Many factors influence the MTA selection process,including the following.Security is one of the primary factors in choosing an MTA.Like a web server,a mail server will need to accept input from a wide variety of sources,including malicious sources.A mail se

33、rver needs to be capable of handling a large volume of data.A mail server should be capable of using encrypted connections.A mail server should be capable of controlling access.Sendmail is the most commonly used MTA.It is shipped as the default MTA on nearly every UNIX variant and is available for W

34、indows.EmailSendmailSendmail,Inc.distributes an open-source version of the sendmail MTA.The sendmail MTA is configurable on two fronts:The Build utilities(shipped with sendmail)allow the administrator to configure the operation of the sendmail binary(email strategy,security).The sendmail.cf used to

35、customize the local delivery rules.EmailSendmail PhilosophyDont actually deliver email route it.Too many local conventions.Too hard to customize sendmail to fit these conventions.Generalized crossbar switchIndividual MUAs dont need to know where mail goes.All knowledge about mail routing is in SMTP

36、daemon.All routing is consistent.Do some protocol conversionBasic header mungingDo whatever is necessary to route messageBetter to deliver twice,than not at allImplemented via binary(typically/usr/lib/sendmail)Main configuration file:/etc/mail/sendmail.cf)EmailSMTP protocol(spoken by MTAs)HELO/EHELO

37、 introduce yourself,and your capabilitiesMAIL FROM who is this message from?RCPT TO who is this message to?DATA what is the body of the message?VRFY see if this user exists.EXPN expand this address and tell me who it isHELP display the sendmail.hf fileRSET reset the connectionNOOP do nothingVERB ver

38、bose modeDSN delivery status noticeAUTH authenticate this userQUIT close the connectionEmailUnder the hood of MTAsThe SMTP daemon places the “message”in an envelope for delivery.There is a header on the“letter”There is a header on the envelope.The headers contain addresses,and other information abou

39、t the message.They should be the same,but are not always!Envelope headers are(usually)assigned by system software(SMTP)Message headers can be(and are)easily forged by user.EmailUnder the hood of MTAsUsers typically do not see the envelope.These headers are stripped off by the SMTP daemon.Every messa

40、ge is assigned a unique ID by EACH SMTP daemon that touches it.This allows tracing the message from end to end(if log files are available).EmailThe following are the files typically used to configure and support the Sendmail binary.sendmail.mc:List of macro definitions used to create the sendmail.cf

41、 file.sendmail.cf:Master Sendmail configuration file.It contains the rules that parse mail messages,and determine how,and if,a message gets delivered.sendmail.cw:Contains a list of hosts the mail server will accept messages for.sendmail.hf:Contains help information for the SMTP daemon.sendmail.pid:C

42、ontains the process ID of the running Sendmail daemon.aliases:Contains e-mail aliases(addresses)for users on this mail server.access.db:Contains a database of sites/hosts/users that are,or are not,allowed to access this mail server.EmailParts of a sendmail.mc fileDefinitionsConfigured via FEATURE an

43、d DEFINE statements in.mc fileDefine variablesDefine()dnlDefine macros to perform functionsFeature()dnlDefine classes(sets of names)Rulesparse address,and re-write it for transport.Use macros,classes,and variable definitions during re-write.Apply rules to reject spam and other messages.MailersDefine

44、 the mailers that are available for mail delivery on this system.EmailVariables That Control Sendmail ConfigurationMost of the Build options for Sendmail are implemented as a series of macro definitions,and/or variables the administrator can set.There are tens(if not hundreds)of variables that might

45、 be used to customize Sendmail.The following is a partial list of variables that may be set via the sendmail.cf configuration file,or via the siteconfig file.confMAILER_NAME:Sender name used for internally generated messages.confDOMAIN_NAME:Should only be defined if your system cannot determine your

46、 local domain name.confCF_VERSION:If defined,this is appended to the configuration version name.confCW_FILE:Name of host names this system accepts mail for.confCT_FILE:Name of the list of trusted users.confCR_FILE:Name of the list of hosts allowed to relay.confTRUSTED_USERS:Names of users to add to

47、the list of trusted users.This list always includes root,uucp,and daemon.confTRUSTED_USER:Trusted user for and starting the daemon.confSMTP_MAILER:Mailer name used when SMTP connectivity is required.EmailVariables That Control Sendmail ConfigurationconfSEVEN_BIT_INPUT:Force input to seven bits.confE

48、IGHT_BIT_HANDLING:Enable 8-bit data handling.confMAX_MESSAGE_SIZE:Maximum size of messages accepted(in bytes).confMIME_FORMAT_ERRORS:Send error messages as MIME-encapsulated messages per RFC 1344.confFORWARD_PATH:Colon-separated list of places to search for.forward files.confLOG_LEVEL:Log level.conf

49、PRIVACY_FLAGS:Privacy flags.confTIME_ZONE:Zone info.Can be USE_SYSTEM to use the systems idea,USE_TZ to use the users TZ environment variable,or something else to force that value.confUNSAFE_GROUP_WRITES:If set,group-writable,:include:and.forward files are considered“unsafe.”That is,programs and fil

50、es cannot be directly referenced from such files.World-writable files are always considered unsafe.confDONT_BLAME_SENDMAIL:Override Sendmails checks.This will definitely compromise system security and should not be used unless absolutely necessary.confAUTH_MECHANISMS:List of authentication mechanism

51、s for AUTH(separated by spaces).The advertised list of authentication mechanisms will be the intersection of this list and the list of available mechanisms as determined by the CYRUS SASL library.EmailSendmail.mc use_cw_file:Reads the/etc/mail/sendmail.cw get a list of hosts the server will accept m

52、essages for.use_ct_file:Reads the/etc/mail/trusted-users get the names of users that will be“trusted.”stickyhost:This feature is sometimes used with LOCAL_RELAY,although it can be used for a different effect with MAIL_HUB.When used with without MAIL_HUB,e-mail sent to is marked as“sticky”and is not

53、forwarded to LOCAL_RELAY.With MAIL_HUB,mail addressed to is forwarded to the mail hub,with the envelope address remaining.Without stickyhost,the envelope would be changed to usermail_hub,in order to protect against mailing loops.always_add_domain:Includes the local host domain even on locally delive

54、red mail.ldap_routing:Implements LDAP-based e-mail recipient routing according to the Internet Draft draft-lachman-laser-ldap-mail-routing-01.Nullclient:A special case.Creates a configuration nothing but support for forwarding all mail to a central hub via a local SMTP-based network.promiscuous_rela

55、y:By default,the Sendmail configuration files do not permit mail relaying(that is,accepting mail from outside your local host and sending it to a host other than your local hosts).EmailSendmail.mc relay_entire_domain:By default,only hosts listed as RELAY in the access db will be allowed to relay.rel

56、ay_hosts_only:By default,names listed as RELAY in the access db are domain names,not host names.relay_mail_from:Allows relaying if the mail sender is listed as RELAY in the access map.relay_local_from:Allows relaying if the domain portion of the mail sender is a local host.accept_unqualified_senders

57、:Normally,MAIL FROM:commands in the SMTP session will be refused if the connection is a network connection and the sender address does not include a domain name.accept_unresolvable_domains:Normally,MAIL FROM:commands in the SMTP session will be refused if the host part of the argument to MAIL FROM:c

58、annot be located in the host name service(e.g.,an A or MX record in DNS).access_db:Turns on the access database feature.blacklist_recipients:Turns on the ability to block incoming mail for certain recipient user names,host names,or addresses.delay_checks:The rule sets check_mail and check_relay will

59、 not be called when,respectively,a client connects or issues a MAIL command.dnsbl:Turns on rejection of hosts found in an DNS-based rejection list.EmailSummary of the sendmail configuration file/etc/sendmail.cf is built from the sendmail.mc file/etc/mail/sendmail.cf-controls nearly everything:sets g

60、lobal variables and optionsdefines macros and classes(sets of names)describes syntax of message headersdefines Delivery Agents(mailers)that may be useddefines rule setsbased on a“production system”programming languageLine at a time syntaxRead only at startupEmailCreating a sendmail.cfUsed to be a gu

61、ru function.Hand editing of an existing sendmail.cf fileComplicatedEasy to mess upHave to understand sendmail languageBetter to create a sendmail.mc file,let the system build.cf youEasier to port changesLess knowledge of language required just need to understand macrosEmailRewrite rules read“tokens”

62、and make decisions based on contents of the token stream.The left hand side of rewriting rules contains a pattern.Normal words are simply matched directly.Metasyntax is introduced using a dollar sign.The metasymbols are:$*Match zero or more tokens$+Match one or more tokens$-Match exactly one token$=

63、x Match any phrase in class x$x Match any word not in class xEmailExample:()could become 7 tokens:curt cse .nd .edu$1$2$3$4$5$6$7$*$1=$+$1=$+$+$1=curt$2=cse.nd.edu$-$+$1=curt$2=cse.nd.edu$+$-.$D$1=curt$2=cse$+.$+.$=$T$1=curtcse$2=nd$3=eduEmailSendmail OperatorsWhen the left hand side of a rewriting

64、rule matches,the input is deleted and replaced by the right hand side.Tokens are copied directly from the RHS unless they begin with a dollar sign.Metasymbols are:$n Substitute indefinite token n from LHS$name$Canonicalize name$(map key$arguments$:default$)Generalized keyed mapping function$n Call r

65、uleset n$#mailer Resolve to mailer$host Specify host$:user Specify userThe$n syntax substitutes the corresponding value from a$+,$-,$*,$=,or$match on the LHSEmailHSubject:$CheckSubjectDMPatImportant Message FromDMMsgThis message may contain the Melissa virus.DHPatHomeworkers NeededDHMsgGo away spamm

66、erSCheckSubjectR$MPat$*$#error$:553$MMsgRRe:$MPat$*$#error$:553$MMsgR$HPat$*$#error$:553$HMsgRRe:$HPat$*$#error$:553$HMsgEmailLOCAL_RULESETSSLocal_check_mailR$*$:$1$|$Local_check_numb$1R$*$|$#$*$#$2R$*$|$*$Local_check_bull$1R$*$|$#$*$#$2#SLocal_check_numbR$*$:$Parse0$3$1R$+$*$:$(allnumbers$1$)RMATCH$#error$:553 Header Error#SLocal_check_bullR$*$:$Parse0$3$1R$+$*$:$(SpamFriend$1$)RMATCH$#error$:550 We no longer accept spam email from you#now call Basic_check_mail to continue processing#R$*$|$*$Ba