cit 470: advanced network and system administration
DESCRIPTION
CIT 470: Advanced Network and System Administration. E-mail. Topics. Mail Policies Anatomy of a Mail Message Components of an E-mail System SMTP IMAP & POP E-mail Addresses Aliases and Lists. Mail Policies. Privacy Policy Namespaces Reliability Scaling Security. Privacy Policy. - PowerPoint PPT PresentationTRANSCRIPT
CIT 470: Advanced Network and System Administration Slide #1
CIT 470: Advanced Network and System Administration
CIT 470: Advanced Network and System Administration Slide #2
Topics
1. Mail Policies
2. Anatomy of a Mail Message
3. Components of an E-mail System
4. SMTP
5. IMAP & POP
6. E-mail Addresses
7. Aliases and Lists
CIT 470: Advanced Network and System Administration Slide #3
Mail Policies
1. Privacy Policy
2. Namespaces
3. Reliability
4. Scaling
5. Security
CIT 470: Advanced Network and System Administration Slide #4
Privacy Policy
Personal Use Policy– Personal v. commercial use.– When may employee e-mail be read?
• By whom
• Under what circumstances
– Automatic monitoring
Retention Policy– Legal requirements.
CIT 470: Advanced Network and System Administration Slide #5
Namespaces
Avoid first.last format addresses.– There will be duplicates: John.Smith.– Use middle initials?– Append numbers?
Create unique organization-wide namespace.– Use directory to lookup addresses.
CIT 470: Advanced Network and System Administration Slide #6
Reliability
Customers expect same reliability as power.– Failures generate many support calls.
Reliability measures– Redundant servers.– Backup MX hosts.– RAID arrays.– Multiple NICs, power supplies, processors, etc.
CIT 470: Advanced Network and System Administration Slide #7
Scalability
Types of scability– To address growth in avg messages/day.– To address spikes in mail traffic.
Number of messages grows– faster than linearly with number of users.– with time, even if user base is constant.– due to spam too.
Size of messages grows– due to technology: more + larger attachments.
CIT 470: Advanced Network and System Administration Slide #8
Security
Mail server as a target– Complexity of mail leads to vulnerabilities.– Mail is an asset attackers want to take.
E-mail as a conduit– Brings viruses and trojans into organization.– Leaks confidential information outward.– ex (2005): Apple sues bloggers over releasing data about
upcoming products.
E-mail relaying– Open relays used by spammers and scammers.
Intercepting e-mail
CIT 470: Advanced Network and System Administration Slide #9
Anatomy of a Mail MessageReceived: from mailfe2.nku.edu ([192.122.237.68]) by brahms.utoledo.edu (8.11.9) with ESMTP id k3CJCM for <[email protected]>; Wed, 12 Apr 2006 15:12:22 -
0400 (EDT)Received: from mailfac1.nku.edu ([172.28.102.15]) by
mailfe2.nku.edu with MS SMTPSVC(6.0.3790.211); Wed, 12 Apr 2006 15:15:18 -0400
Subject: TestDate: Wed, 12 Apr 2006 15:15:18 -0400Message-ID: <[email protected]>From: “You" <[email protected]>To: <[email protected]>
This is a test message.
Hea
der
Body
Blank
CIT 470: Advanced Network and System Administration Slide #10
Header
Header Format– Header-name: Header-data
Common headers– From:
– To:, CC:, Reply-To:
– Date:
– Message-ID:
– Subject:
Multiple headers– Received: for each mail server handling message.
CIT 470: Advanced Network and System Administration Slide #11
Body
• Separated from header by blank line.
• Contains 7-bit ASCII text by default.
• Any non-ASCII text must be encoded:– uuencode– MIME
CIT 470: Advanced Network and System Administration Slide #12
MIME
Multipurpose Internet Mail Extensions– Text in non-ASCII character sets.
– Non-text attachments.
– Multi-part message bodies.
Identified by Content-Type: header.– text/plain: regular e-mail
– text/html: HTML markup
– multipart/mixed: text/plain + attachments
– image/jpeg: JPEG image attachment
– Many other formats
CIT 470: Advanced Network and System Administration Slide #13
Base64
Binary to text encoding scheme– Each character represents 6 bits.
– Uses 64 characters from 7-bit ASCII: A-Za-z0-9+=
Encodes in 3-byte chunks3 bytes = 24 bits = 4 base-64 characters
M a n
77 97 110
010011|01 0110|0001 01|101110
19 22 5 46
T W F u
CIT 470: Advanced Network and System Administration Slide #14
Multipart MIME Message Example
MIME-version: 1.0 Content-type: multipart/mixed; boundary="frontier“ This is a multi-part message in MIME format. --frontier Content-type: text/plain This is the body of the message. --frontier Content-type: application/octet-stream Content-transfer-encoding: base64
PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg==
--frontier--
CIT 470: Advanced Network and System Administration Slide #15
Envelope
Headers aren’t the full story– Recipient isn’t necessarily on To: or CC:– Sender isn’t necessarily given on From: header.
Envelope specifies sender/receiver– Specified via SMTP commands.– Envelope recipient used for BCC:– Envelope recipient used by mail lists.– Envelope facilities used by spammers too.
CIT 470: Advanced Network and System Administration Slide #16
Components of a Mail System
TA
Sendmail
TA
Sendmail
UA
Eudora
UA
Outlook
UA
mutt
DA
mail.localMsgStore
AA
imapdUA
mutt
CIT 470: Advanced Network and System Administration Slide #17
MTAs
• Mail Transport Agents– Receive mail from MUAs.– Route mail across internet.
• MTA Protocol: SMTP
• MTA Examples– sendmail– postfix– qmail
CIT 470: Advanced Network and System Administration Slide #18
SMTP220 brahms.nku.edu ESMTP Sendmail 8.13.3; Wed, 12 Apr 2006 helo mydomain.com250 brahms.nku.edu Hello mydomain.com, pleased to meet youmail from: [email protected] 2.1.0 [email protected]... Sender okrcpt to: [email protected] 2.1.5 [email protected]... Recipient okdata354 Enter mail, end with "." on a line by itselfSubject: TestFrom: [email protected]: [email protected]
This is a test..250 2.0.0 k3GIcr001606 Message accepted for deliveryquit221 2.0.0 brahms.nku.edu closing connection
CIT 470: Advanced Network and System Administration Slide #19
SMTP Commands
HELO hostnameEHLO hostnameMAIL FROM: addrRCPT TO: addrVRFY addrEXPN addrDATAQUITRSETHELP
CIT 470: Advanced Network and System Administration Slide #20
Message Store
• Communication– Receives data from MDA (mail.local, procmail)– Provides data to MAA (IMAP, POP, NFS, web)
• Types of stores– Files (all messages for a user in one file)– Directories (directory per user)– Databases
CIT 470: Advanced Network and System Administration Slide #21
Mail Access Agents
• Older systems directly accessed mail files.
• Modern systems use network– POP: Post Office Protocol
• Simple download protocol for offline reading.
– IMAP: Internet Mail Access Protocol• Online and offline modes of reading.
• Partial message fetch (headers, attachments, etc.)
• Message state stored on server, not client.
• Multiple mailbox and multiple client support.
CIT 470: Advanced Network and System Administration Slide #22
IMAP
• IMAP Servers– Cyrus– UW
• IMAP Features– Message store types– Authentication– Security (SSL)
CIT 470: Advanced Network and System Administration Slide #23
Mail User Agents• Text clients
– mutt
– pine
• GUI clients– Eudora
– Mozilla Thunderbird
– MS Outlook
• Web clients– Run on remote web server.
CIT 470: Advanced Network and System Administration Slide #24
Mail Addressing
• Relative Addresses– mcvax!uunet!ucbvax!hao!boulder!air!evi
• Absolute Addresses– user@domain
• MX Records– Mail clients use MX records, not A records.– Lowest preference # = highest priority.– Permits failover if server down.
CIT 470: Advanced Network and System Administration Slide #25
Aliases• Allow mail to be rerouted.
– Sysadmin: files (/etc/mail/aliases), local db, NIS, LDAP
– Personal: ~/.forward
• Alias destinations– Local: address– Remote: address@domain– File: :include:pathname– Program: |pathname
• Required aliases– postmaster, abuse, root
CIT 470: Advanced Network and System Administration Slide #26
Mailing List AliasesMailing List Aliases
mylist: :include:/etc/mail/include/mylistowner-mylist: mylist-requestmylist-request: meowner-owner: postmaster
Purposeowner: Messages appear to be from owner. Receives
bounces, list management mail.request: Indirection ensures owner’s real address doesn’t
appear on Return-Path.owner-owner: Receives errors from messages destined for
owner-* aliases.
CIT 470: Advanced Network and System Administration Slide #27
Mailing List Software
• Automate list management.– E-mail interface.
– Web interface.
• Packages– Mailman
– Majordomo
– Listserv
• List Archiving– Mailman
– MHonArc
CIT 470: Advanced Network and System Administration Slide #28
References1. Bryan Cosales with Eric Allman, Sendmail, 3rd edition, O’Reilly,
2002.2. David H. Crocker, RFC 822: STANDARD FOR THE FORMAT OF
ARPA INTERNET TEXT MESSAGES, http://www.ietf.org/rfc/rfc0822.txt, 1982.
3. Aeleen Frisch, Essential System Administration, 3rd edition, O’Reilly, 2002.
4. MIME, http://en.wikipedia.org/wiki/MIME5. Evi Nemeth et al, UNIX System Administration Handbook, 3rd
edition, Prentice Hall, 2001.6. Thomas A. Limoncelli and Christine Hogan, The Practice of System
and Network Administration, Addison-Wesley, 2002.7. RedHat, Red Hat Enterprise Linux 4 System Administration Guide,
http://www.redhat.com/docs/manuals/enterprise/RHEL-4-Manual/sysadmin-guide/, 2005.
8. Alan Schwartz, Managing Mailing Lists, O’Reilly, 1998.