Servizi di posta elettronica

Servizi di posta elettronica
Serate a tema
Amministrazione sistemi Linux
26 aprile 2010
Marco Moser
Linuxtrent
Contesto
Termini
●
●
●
Mail User Agent → legge la posta via file, pop3,
imap (mutt, thunderbird, webmail)
Mail Transfer Agent → riceve, spedisce, inoltra
via smtp (sendmail, postfix, qmail)
Mail Delivery Agent → consegna la posta
(procmail, deliver, lda)
Protocollo SMTP
●
Simple Mail Transport Protocol (1982)
●
Porta 25
●
●
●
Legge (e scrive) gli header dell'email → ascii a
7bit
Non certifica il mittente dei messaggi
ESMTP (2008) → 8bit, uft8, starttls,
autenticazione, ...
Esempio SMTP
telnet www.example.com 25
S:
C:
S:
C:
S:
C:
S:
C:
S:
C:
C:
C:
C:
C:
C:
C:
S:
C:
S:
220 www.example.com ESMTP Postfix
HELO mydomain.com
250 Hello mydomain.com, pleased to meet you
MAIL FROM: <[email protected]>
250 [email protected] ... Sender ok
RCPT TO: <[email protected]>
250 [email protected] ... Recipient Ok
DATA
354 End data with "." on a line by itself
Subject: messaggio di prova
From: [email protected]
To: [email protected]
Ciao,
questa è una prova.
.
250 Ok: queued as 12345
QUIT
221 Bye
* wikipedia
Protocollo POP
●
Post Office Protocol (ver. 3)
●
Porta 110 (plain o starttls) oppure 995 (ssl)
●
Autentica l'utente
●
Elenca, mostra e cancella la posta
Esempio POP
telnet www.example.com 110
S:+OK <[email protected]>
C:USER pippo
S:+OK
C:PASS pluto
S:+OK
C:LIST
S:+OK
1 817
2 124
.
C:RETR 1
S:+OK
Return-Path: <[email protected]>
Delivered-To: [email protected]
Date: Sat, 22 Oct 2005 13:24:54 +0200
From: Mario Rossi <[email protected]>
Subject: xxxx
Content-Type: text/plain; charset=ISO-8859-1
testo messaggio
.
C:DELE 1
S:+OK
C:QUIT
S:+OK
* wikipedia
Protocollo IMAP
●
Internet Message Access Protocol (ver. 4 1996)
●
Porta 143 (plain o starttls) oppure 993 (ssl)
●
●
Autentica utente → instaura una sessione, consente
l'accesso concorrente all'account
Elenca, mostra, cancella e archivia la posta →
organizzazione in cartelle, flags (letta, inoltrata, ..., di
lavoro, urgente), primitive per la ricerca
●
Scaricamento parziale dell'email (mime)
●
Shared folders
Esempio IMAP
telnet imap.joker.net 143
* OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS STARTTLS AUTH=LOGIN] joker.net
IMAP4rev1 2001.315 at Sun, 13 Jul 2003 22:09:17 +0200 (CEST)
a100 LOGIN homer onslls
a100 OK [CAPABILITY IMAP4REV1 IDLE NAMESPACE MAILBOX-REFERRALS SCAN SORT
THREAD=REFERENCES THREAD=ORDEREDSUBJECT MULTIAPPEND] User homer
authenticated
a101 select inbox
* 2 EXISTS
…
a102 fetch 1:2 (flags body[header.fields (subject)])
...
a103 FETCH 1 (body[text])
* 1 FETCH (BODY[TEXT] {105}
Messaggio di prova,
Blah blah
a104 STORE 1 +FLAGS (\Deleted)
* 1 FETCH (FLAGS (\Seen \Deleted NonJunk))
a104 OK STORE completed
a106 LOGOUT
a106 OK LOGOUT completed
* openskill.info
Esempio Email
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from smtp-OUT05A.alice.it (smtp-OUT05A.alice.it [85.33.3.5])
by mail.oltrefersina.it (Postfix) with ESMTP id 4D319CF8005
for <[email protected]>; Sat, 24 Apr 2010 11:37:16 +0200 (CEST)
Received: from FBCMMO04.fbc.local ([7.168.68.254]) by smtp-OUT05A.alice.it with
Microsoft SMTPSVC(6.0.3790.3959);
Sat, 24 Apr 2010 11:37:16 +0200
Received: from FBCMCL01B02.fbc.local ([192.168.69.83]) by FBCMMO04.fbc.local with
Microsoft SMTPSVC(6.0.3790.3959);
Sat, 24 Apr 2010 11:36:50 +0200
Received: from [192.168.1.100] ([87.2.104.48]) by FBCMCL01B02.fbc.local with Microsoft
SMTPSVC(6.0.3790.3959);
Sat, 24 Apr 2010 11:36:50 +0200
Message-ID: <[email protected]>
Date: Sat, 24 Apr 2010 11:36:51 +0200
From: "Polisportiva Oltrefersina.it" <[email protected]>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; it; rv:1.9.1.9) Gecko/20100317
Thunderbird/3.0.4
MIME-Version: 1.0
To: Polisportiva Oltrefersina <[email protected]>
Subject: prova
Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 24 Apr 2010 09:36:50.0685 (UTC) FILETIME=[AAAF2AD0:01CAE391]
Email di prova
MIME
●
Multipurpose Internet Mail Extensions
●
Supporta il trasporto di mail non-ascii e multipart
Header non ascii → Subject: =?ISO-8859-15?Q?perch=E8_poich=E8?=
Content-Transfer-Encoding: 8bit
...
Content-Type: multipart/mixed;
boundary="----_=_NextPart_001_01C9E9B3.91ED543C"
...
------_=_NextPart_002_01C9E9B3.91ED543C
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MTA
●
●
●
●
Sendmail (Allman 1980) → storico ma ostico da
configurare
Qmail (Berstein 1995) → nasce molto sicuro (taglia 1
bug = 1.000$), da compilare, oggi la licenza e' public
domain, e' un progetto fermo
Postfix (IBM, Venema 1997) → sicuro, flessibile e
diffuso
Altri: Exim, Apache James, ...
Postfix minimale
●
Server minimale → email per utenti locali
(/etc/passwd) + invio al mondo
●
apt-get install postfix mailx
●
vi /etc/postfix/main.cf
–
myhostname=mail.oltrefersina.it
–
mydestination = $myhostname, localhost.
$mydomain, localhost
–
mynetworks = 127.0.0.0/8
Postfix minimale
●
vi /etc/aliases
–
root: [email protected]
●
/usr/bin/newaliases
●
/etc/init.d/postfix restart
●
Test
–
mailx -s OK marcomoser [email protected]
–
prova email
Postfix utility
●
●
mailq → coda messaggi
postsuper -r AEF2ACF8004 → rimuove dalla
coda
●
postqueue -f → svuota coda
●
tail -f /var/log/mail.info → file di log
●
/var/spool/mail/ → caselle mbox
Postfix Alice
●
Mail server con relay su alice business
●
apt-get install libsasl2-modules
●
vi /etc/postfix/main.cf
–
myhostname=server1
–
mydestination = $myhostname, localhost.
$mydomain, localhost
–
mynetworks = 127.0.0.0/8 192.168.0.0/24
–
relayhost = [mail.191.biz]
Postfix Alice
●
●
main.cf
–
smtp_sasl_auth_enable = yes
–
smtp_sasl_type = cyrus
–
smtpd_use_tls = no
–
smtp_sasl_security_options = noanonymous
–
# evita ntlm
–
smtp_sasl_mechanism_filter = LOGIN
–
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
–
# logging debug_peer_list = mail.191.biz
vi /etc/postfix/sasl_passwd
–
●
mail.191.biz [email protected]:xpasswordx
postmap /etc/postfix/sasl/sasl_passwd
Poor programmer - antispam
●
Postgrey → greylisting (rifiuto temporaneo)
●
Real-time Blackhole List → elenco di host sconsigliati
●
vi main.cf
–
smtpd_recipient_restrictions = permit_mynetworks,
–
reject_unauth_destination,
–
reject_rbl_client sbl.spamhaus.org,
–
reject_rbl_client bl.spamcop.net,
–
check_policy_service inet:127.0.0.1:60000
Antispam
●
●
●
●
●
Apache SpamAssasin → bayesian: filtra la posta
in ingresso valutandone il contenuto [perl]
DSPAM → autoapprendimento, filtri bayesian [c]
+ gui
Amavis → spamassasin + clamav (antivirus)
ASSP → smtp proxy server (bayesian, rbl, urirbl,
greylisting, …) + gui
ThunderBayes++ → Thunderbird plugin
Utenti virtuali
# Crea user vmail
groupadd -g 5000 vmail
useradd -m -u 5000 -g 5000 -s /bin/false vmail
vi main.cf
# elenco dei domini per cui accettare la email
virtual_mailbox_domains = /etc/postfix/vhosts
# homedir delle caselle virtual
virtual_mailbox_base = /home/vmail
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# elenca puntualmente tutte le caselle postali e directory
relativa
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
# elenca tutti gli alias
virtual_alias_maps = hash:/etc/postfix/valias
Utenti virtuali
vi /etc/postfix/vhosts
oltrefersina.it
vi /etc/postfix/vmailbox
[email protected]
[email protected]
[email protected]
oltrefersina.it/info/
oltrefersina.it/moser/
oltrefersina.it/calcio/
vi /etc/postfix/valias
[email protected]
[email protected]
postmap
postmap
Postfix
/etc/postfix/vmailbox
/etc/postfix/valias
reload
Dovecot
●
●
T.Sirainen, Finlandia (2002) – Ubuntu 8.04 1.0, beta 2.0
server IMAP e POP3 con supporto per i protocolli sicuri
IMAPS e POPS, TLS e SSL
●
caselle di posta in entrambi i formati: mbox e Maildir.
●
Autenticazione degli utenti → passwd, pam, ldap, sql
●
Implementa un lda con mail quota e sieve (vacation,
redirect)
●
Parla con postfix → sasl (scenario server)
●
Sicurezza → taglia 1 bug = 1.000 Euro
LDA
apt-get install dovecot-imapd dovecot-pop3d
vi /etc/dovecot/dovecot.conf
protocols = imap imaps pop3 pop3s
# outlook non ha il tls
disable_plaintext_auth = no
mail_location = maildir:/home/vmail/%d/%n
# abilita il local delivery agent + sieve script
protocol lda {
# Address to use when sending rejection mails.
postmaster_address = [email protected]
# Enabling Sieve plugin for server-side mail filtering
mail_plugins = cmusieve
}
Auth + Sieve
auth default {
# il methodo login e' usato da outlook (sasl)
mechanisms = plain login
#passdb passwd-file { # quello solo per deny = yes
#passdb pam {
passdb passwd-file {
args = /home/dovecot/passwd-%d
}
userdb passwd-file {
args = /home/dovecot/passwd-%d
}
# user needs access to only user and password databases
user = root
## dovecot-lda specific settings
##
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0600
user = vmail # User running Dovecot LDA
#group = vmail # Or alternatively mode 0660 + LDA user in this group
}
}
plugin {
sieve = /home/vmail/%d/%n/sieve
}
Postfix - Dovecot
vi /etc/postfix/main.cf
dovecot_destination_recipient_limit = 1
virtual_transport = dovecot
vi /etc/postfix/master.cf
# service type
command + args
private unpriv
chroot
wakeup
maxproc
-
n
-
-
# dovecot lda
dovecot
unix
n
pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f
${sender} -d ${recipient}
File utenti + sieverc
Vi /etc/dovecot/passwd
# user:password:uid:gid:(gecos):home:(shell):extra_fields
[email protected]:{plain}xxx:5000:5000
vi /home/vmail/oltrefersina.it/moser/sieverc
require "fileinto";
# mailing linuxtrent
if header :contains "to" "[email protected]" {
fileinto "Mailing.Linuxtrent";
stop;
}
if header :contains "to" "[email protected]" {
fileinto "Mailing.Soci Linuxtrent";
stop;
}
Qmail + vpopmail + qmailadmin
●
●
●
●
Vpopmail (Inter7 GPL)
virtual domains, virtual users → file system, sql,
ldap
Gui per l'amministratore e per gli utenti (forward,
vacation, autoresponder)
Nota dolente... si parte dai sorgenti: qmail,
vpopmail, dovecot/courier-imap
Qmailadmin (web)
Mozilla Thunderbird
NOCC
RoundCube
Groupware
●
Overlook (openit) → rubrica, calendario
(condivisi)
●
Egroupware
●
Zimbra
●
Horde
●
…
●
SugarCRM
Conclusioni
●
●
Fonti:
–
http://it.wikipedia.org
–
http://www.postfix.org
–
http://wiki.dovecot.org/
–
http://openskill.info/
Licenza della presentazione:
–
Autore: Marco Moser <[email protected]>
–
Licenza: Creative Commons Attribuzione - Condividi allo
stesso modo 2.5 Italia License
–
http://creativecommons.org/licenses/by-sa/2.5/it/