Changes

OPS335 Lab 4

4,978 bytes removed, 21:37, 20 June 2016

Updating lab to re-incorporate configuring MTA.

==OVERVIEW & PREPARATION==

This lab will show you how to set up a Mail User Agent ('''MUA'''), using the mailx package on your '''~~VM2~~vm2''' machine, to allow users of that VM to use a locally installed Mail Transfer Agent ('''MTA''') to send and receive e-mails. You will also be able to send a text-based e-mail from your '''~~VM2~~ vm2 machine''' to your '''Seneca mail account''' ~~(only to send to an external server, but not receive)~~. You will also learn ~~which Mail Transfer Agent (MTA) is allowing messages~~ how to ~~be sent locally within your VM2 machine and also externally to your Seneca College mail account~~make multiple MTAs in the same network collaborate in sending emails. In addition, you will learn where the message store (MS) is located that stores mail messages until they are viewed and either deleted or transferred to other folders. ~~In order to send e-mail messages '''between your different VMs, a more complex set-up is required''', and will be addressed in the second part of lab4 (lab4b)~~.

The '''diagram''' below shows the layout of the what this lab should be able to accomplish:

* [https://prezi.com/iuk-advzak_o/mail-servers-postfix/ OPS335 Mail Server Notes ] (Course Notes providing Mail Server Concepts)

* [https://prezi.com/dzrouvfsbsps/mail-servers-basic-terms/ Email Servers: Basic Terms] (online slide notes)

* [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command] (examples how to send e-mail using mail command)

* [http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands View and Manage Received e-mail Mesages] (Common commands to view and manage received email messages)

* [https://support.google.com/mail/answer/29436?hl=en Reading Full Email Headers] (Explanation of message header information)

* [http://wiki.dovecot.org/MailServerOverview Here's an overview] (common mail server terms)

==INVESTIGATION 1: INSTALL, SET-UP, AND USE THE MAIL USER AGENT ('''MUA''')==

We will be using a simple text-based Mail User Agent ('''MUA''') called '''mailx''' in this lab to '''send and receive mail messages within your ~~VM2~~ vm2 machine''' and to '''send mail messages to your Seneca e-mail account'''.

'''NOTE:''' Due to the simplicity of this mail server setupand the lack of other DNS servers pointing to your network, and the setup of Seneca College's mail server, you '''cannot''' send Seneca e-mail messages to your '''~~VM2~~vm2''' machine.

=== Installing the Mail User Agent (MUA)===

:'''NOTE:''' You can refer to the link below to acquaint yourself on how to send e-mail messages using '''mailx''' application: [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command Examples]

===Sending a Mail Message from your ~~VM2~~ vm2 Machine to your Seneca Email Account===

We will now test to see if your MTA for your ~~VM2~~ vm2 machine is correctly running by sending email messages from your ~~VM2~~ vm2 machine to your Seneca e-mail account.

'''Perform the following steps:'''

#Check your Seneca email account to see if you got the email (note that it may take a few minutes to arrive, so you may also wish to try an alternate email account if you have one like gmail, etc). When you do receive that email, make a note of the return address.

#If you did not receive the mail, check the mail logs on your vm2 machine to determine any errors messages that would indicate a mail server setup problem.

#~~Test~~ Once you have succeeded in sending the first email ~~from your '''Host Machine''' by sending an~~ , send a second email to ~~your Seneca account~~ the same destination using the following command: '''mail -r "hacker.com (Canadian Revenue Agency)" -s "Lab4a - test2" <Your Seneca email address>#Check your ~~Seneca~~ email to see if you got the email. If you did, make a note of the return address. How would you think that including the '''-r''' option could be used by penetration hackers to gain access to a computer system? What sort of steps do you think should be taken to help prevent this type of attack from happening?

===Sending a Mail Message within your ~~VM2~~ vm2 Machine ~~(vm2)~~===

We will now test both your MUA (mailx) and MTA (postfix) by sending and receiving e-mail messages on the local ~~VM2~~ vm2 machine only.

'''Perform the following Steps:'''

#Send an email message locally (i.e. only within) your ~~VM2~~ vm2 machine by issuing the command: '''mail -s "Lab4a - Local - Test1" <yourSenecaID>'''

#After you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.

#Issue the following command to read the mail message you send to yourself: '''mail''' '''NOTE:''' You can refer to the link below to view a reference chart on how to read and delete received e-mail messages at the mail command prompt: [http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands Commands to View and Manage Received e-mail Mesages]

#Issue the following command: '''cat /var/spool/mail/<yourSenecaID>''' What do you see? What does this show you in terms of where mail is stored on your e-mail server?

#If you received an e-mail message, the message and subject line should appear as a listing in your mail command. If you did not receive a mail message, check your mail server settings, check to see if you mail server is running and also check '''/var/log/maillog''' and '''/var/log/messages'''.

#~~Type~~ Once you have received the message, type the mail message number that is displayed in your e-mail message list in the prompt and press ENTER. You should be able to confirm the message body that you sent.

#Exit the mail program by typing the letter '''q''' and press ENTER.

#Re-issue the '''mail''' command. What happened?

'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''

==INVESTIGATION 2: ~~IDENTIFYING A DEFAULT~~ SETUP MAIL TRANSFER AGENT (~~'''~~MTA~~'''~~) FOR SENDING (NO ENCRYPTION)==

~~Obviously~~ We will be using the '''Postfix''' application as the '''MTA''', and we will be setting it up on your '''vm2''' and '''vm3''' machines. They will act as the ~~Mail Transfer Agent must~~ "sending" email servers for your internal network. You will be ~~running in order~~ able to send ~~e-mail messages locally or~~ email out of your network, and receive email from within your network, but you will '''not''' receive email from outside of your network due to the following reasons:* Individuals outside of your domain will never find the MX records because there are no '''.org''' servers pointing to ~~external mail~~ your DNS server (~~like myseneca~~i.e.cayou haven't paid for it). ~~In this section~~* Even if the individuals could read your MX records, ~~we will determine information relating to Seneca College~~your local network is using IP addresses on a '''private subnet'''~~s MTA when email messages are sent via~~ , which is not routeable on the Internet, so it cannot be reached from outside of your ~~VM2 machine~~system.

=== ~~Email Headers~~ Verify the Postfix Service Status ===

~~Normally, detailed e-mail headers are seldom seen with our e-mail applications such as~~ '''~~MS Outlook~~Perform the following steps:''' (webmail) or '''Thunderbird'''. On the other hand, there are ways to be able to view these detailed headers (a.k.a. message details) that can provide useful information how the email message was sent and received (For example: name of Mail Transfer Agent program, domain name, IPADDR, how many times it was transferred, etc.). Although these email headers may look complicated, they can trace the steps of sending the e-mail messages among the MTAs to gain a better understanding of the email transmission process.

#The '''postfix''' application should be installed by default. If it isn't, install it.

#Postfix is capable of sending email with the default configuration, so start and enable this service, and verify that the postfix service is running.

#Look for the running postfix service in the list of listening ports by issuing the following command: <source lang="bash">ss -atnp</source>

#Which service is postfix running? Locate the port used by SMTP, and look for connections with the state LISTEN (i.e. currently listening).

#Write your observations in your lab logbook.

~~'''Perform~~ === Testing the ~~following Steps:'''~~connection to the Postfix Service ===

~~{| width="40%" align="right" cellpadding="10"~~We will be demonstrating the use of the nc application to test that the postfix service is running and listening.

~~|- valign="top"~~|[[Image:outlook-lite-mode.png|thumb|right|300px|If your MS outlook web application looks like above, then your MS Outlook application is using the '''lite version''', and you would have to switch versions (see below for procedure). ]]|~~[[Image:outlook-regular-mode.png|thumb|right|300px|If your MS outlook web application looks like above, then your MS Outlook application is using the ''~~'~~standard version~~''~~', so you can skip the procedure to switch versions.]]~~|} ~~#Make certain you are in your '''vm2''' machine.~~#Send another email message from your VM2 machine to your '''Seneca email account''' using the command: '''mail -s "Lab4a - Header Message" <Your Seneca email address>''' '''NOTE:''' after you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message. ~~#View your e-mail message in your Seneca email account.~~ ~~'''Switching Viewing Modes in MS Outlook Web Application:'''~~ ~~[[Image:option-lite.png|thumb|right|400px|How to switch to '''standard version''': click to un-check the ''lite version'' option and save option setting. ]]~~ :If you are using web-mail to read your Seneca e-mail message, then your Mail User Agent is most-likely the '''MS Outlook Web mail application'''. In order to view mail header information in your MS Outlook web application, you need to be in a particular "viewing-mode". :This program can run in '''standard version''' or '''lite version'''. If your MS Outlook web application is using the '''"lite version"''', then it should look similar to the left-most of the two side-by-side diagrams displayed above, and you should follow the procedure below to switch to the '''"standard version"'''. If your MS Outlook web application appears like the right-most side-by-side diagrams above, then your program is using the '''"standard version"''', which mean that you can skip Perform the following ~~procedure to switch versions.~~ ~~:'''Procedure to Change from Lite-mode to Regular mode~~steps:'''

~~:<ol type="a"><li>Click~~ # Connect from your '''~~options~~vm2''' ~~located at the top-right corner of the MS Outlook web application window (~~to itself using nc by issuing the ~~left of the '''Sign Out''')~~following command: <source lang="bash">nc localhost 25</lisource># You should see a response: <lisource lang="bash">~~Click '''Outlook Version''' on the left-side of the ''Options'' window~~220 vm2.yourdomain.org ESMTP Postfix</lisource>~~<li>Click~~ # You could theoretically use SMTP commands to ~~de-select the~~ send an email here, but this would be a very unusual use of your mail server. You have an '''~~Use the light version~~MUA''' ~~(i.e~~for a reason. ~~no check mark)</li><li>Click~~ #Enter the command '''~~Save~~exit''' ~~button near~~ to close the ~~top of~~ connection to the ~~Options window to save your settings.</li><li>Sign-out of your MS Outlook Session~~server, ~~and login again. ~~then '''~~NOTE: If your MS Outlook application does not change versions, then close all of your web~~<ctrl>-~~browsers, and then log into your Seneca email account.~~c'''~~ </li></ol>~~to terminate the nc command.

~~=== Viewing Seneca Mail Message Headers ===~~::'''NOTE:''' If it worked, this indicates that the postfix service is running, listening, and responding to connections.

<ol><li value="4">Let's see if it works from other machines. Use nc to connect to vm2 from vm3 and see if it works. If your firewall is set up properly, the nc command should not permit a connection.</li>

<li>Create an iptables rule to allow incoming connections to your SMTP server.</li>

<li>Once you open the port in the firewall, retry the '''nc''' command. You should get a different error this time. This time the problem is that your service isn't listening on the outside interface, it's currently configured to listen only on the loopback (lo) interface.</li>

<li>Add thist rule to your saved script so that it will be loaded automatically from now on.</li>

</ol>

~~{| width~~=~~"40%" align~~=~~"right" cellpadding~~=~~"10"~~Listening on all interfaces ===

~~|- valign=~~Our first editing change to the Postfix configuration will be to make the service "~~top~~listen"|~~[[Image:view-message-details.png|thumb|right|300px|'''Right-click'''~~ for incoming connections on the ~~mail message that you recently sent with subject line "Lab4a - Header Message" and, select '''View Message Details'''~~external interface (i. e '''~~NOTE: If no mail message headers appear, try the previous step again until you see mail message header information.~~eth0''' ]]|~~[[Image:message-details.png|thumb|right|300px|Use these header details to analyse information regarding the MTAs use to transfer the mail message~~ from ~~your VM2 machine to your Seneca mail account.]]~~|}~~Now that you are using~~ the ~~standard version~~ VMs point of ~~MS Outlook, we will now analyse the mail message header in your Seneca e-mail account that was sent from your VM2 machine to obtain information regarding Seneca's Mail Transfer Agent (MTA~~view).

'''Perform the following steps:'''

#~~'''Right-click''' on~~ Launch in editing session for the ~~mail message that you recently sent with subject line "Lab4a - Header Message".#Within the context menu, select '''View Message Details~~postfix configuration file called: '''/etc/postfix/main.~~ ~~cf'''~~NOTE: If no mail message headers appear, try the previous step again until you see mail message header information.''' ~~#~~To make~~ Change the ~~header information easier~~ value of the following parameter to ~~read, highlite the text, copy and paste into a text editor (like '''gedit'''). #Below~~ what is ~~an example of header information that was sent by user msaul within their domain name msaul.org: ~~ ~~<source lang="bash">Received~~displayed below: ~~from SN1PR07MB2288.namprd07.prod.outlook.com (10.164.47.158) by~~ ~~DM3PR07MB2284.namprd07.prod.outlook.com (10.164.33.158) with Microsoft SMTP~~ ~~Server (TLS) id 15.1.409.15 via Mailbox Transport; Thu, 18 Feb 2016 15:08:51~~ ~~+0000Received: from BLUPR07CA088.namprd07.prod.outlook.com (10.160.24.43) by~~ ~~SN1PR07MB2288.namprd07.prod.outlook.com (10.164.47.158) with Microsoft SMTP~~ ~~Server (TLS) id 15.1.409.15; Thu, 18 Feb 2016 15:08:49 +0000Received: from BN1BFFO11FD041.protection.gbl (2a01:111:f400:7c10::1:173) by~~ ~~BLUPR07CA088.outlook.office365.com (2a01:111:e400:8ae::43) with Microsoft~~ ~~SMTP Server (TLS) id 15.1.409.15 via Frontend Transport; Thu, 18 Feb 2016~~ ~~15:08:49 +0000Authentication-Results: spf=none (sender IP is 142.204.244.22)~~ ~~smtp.mailfrom=msaul.org; senecacollege.ca; dkim=none (message not signed)~~ ~~header.d=none;senecacollege.ca; dmarc=none action=none header.from~~inet_interfaces =~~msaul.org;Received-SPF: None (protection.outlook.com: msaul.org does not designate~~ ~~permitted sender hosts)~~all

<ol><li value="3">We should also set the string that will end up in the '~~Received~~''From: ~~from vm2~~''' header in messages sent by this server. Change '''mydomain''' to your domain name and '''myorigin''' to '''$myhostname'''.~~localdomain~~ </li><li>Ensure your hostname is properly set (~~142~~including the domain name), otherwise you will need to set the '''myhostname''' parameter.~~204~~</li>{{Admon/important|Warning|Make sure there are no other uncommented copies of these parameters in the file.~~244.22~~}}<li>Restart the postfix service and confirm (using ss) that the service is now listening on all interfaces (not just loopback) </li><li>Test by ~~BN1BFFO11FD041.mail.protection.outlook.com~~ connecting to it (~~10.58.144.104~~using nc) ~~with Microsoft~~ ~~SMTP Server id 15.1.415~~from your '''vm3''' machine.~~6 via Frontend Transport; Thu, 18 Feb 2016 15:08:49~~ ~~+0000'~~</li></ol>

~~'Received~~==INVESTIGATION 3: ~~by vm2.localdomain~~ SENDING EMAIL BETWEEN MTAs (~~Postfix, from userid 1000~~NO ENCRYPTION) ~~id 4EB6210866B2; Thu, 18 Feb 2016 05:08:44 -0500 (EST)'~~==

~~Date: Thu~~With these steps complete, ~~18 Feb 2016 05:08:44 -0500To: <murray~~'''vm2''' should now be capable of sending and receiving email, but we can't be certain until we test it.~~saul@senecacollege~~ This also would not help the users on the other machines in the network, which are still not capable of receiving email.~~ca>Subject: Lab4a - Header Message~~

~~'User-Agent: Heirloom mailx 12~~Repeat the configuration from investigation 2 on vm3 (swap vm2 and vm3 in the instructions so that you are configuring vm3, and using vm2 to test the connections).~~5 7/5/10'~~

~~MIME-Version: 1.0Content-Type: text/plain; charset="us-ascii"Content-Transfer-Encoding: 7bitMessage-ID: <20160218100844.4EB6210866B2@vm2.localdomain>~~ ~~'From: Murray Saul <msaul@msaul.org>''Return-Path: msaul@msaul.org'~~ ~~</source>~~#Study the sections in "red" to determine the following information of the e-mail source (i.e. "starting-point"):<ul><li>'''Full Name''' of sender</li><li>'''return e-mail address''' of sender</li><li>'''domain name''' where sender resides</li><li>'''UID''' of send's user account</li><li>'''name''' of MUA program</li><li>'''name''' of MTA program<li>'''domain name''' of MTA</li><li>'''IPADDR''' of MTA </li></ul>~~#Using your e-mail header detail, determine the same information of your e-mail source ('''vm2''').#Using your e-mail header detail, determine the same information for '''Seneca's''' mail server on the receiving end of the e-mail message.#How many different MTAs where used in this process? Can you guess why so many transfers? Record your observations in your lab logbook.#Use either the '''nslookup''', '''host''', or '''dig''' utilities to query those servers (type MX resource records) to see if you can obtain additional information regarding those mail servers.~~ ~~=== Viewing Local Mail Message Headers (VM2)===~~ ~~You have the ability when sending and receiving e-mails locally on your VM2 machine to also view e-mail header details when using the '''mail''' command.~~ ~~#Make certain you are in your '''VM2''' machine.#Send another e-mail from your VM2 account to yourself, but using your first name instead by issuing the following command: '''mail -s "Lab4a - Local - Test3" <yourFirstName>'''#Now, issue the '''mail''' command to see if you received~~ Once that ~~e-mail message.#At the mail prompt~~is complete, ~~enter the command '''h''' (for detailed header) following by the number of that the "... Test3"~~ send an email ~~within the list. This sets the e-mail to display detailed header information with mail message.#View that message by entering the mail message number in the list. Did it work?~~ {{Admon/tip |View Mail Message Header Information in Vi Text Editor|You can save the mail message header information in a file to view in a text editor like vi. In order to do this, simply enter the following command at the mail prompt: '''save x ~/message.txt''' (where x represents the number of the email in the list).}} ~~<ol><li value="6">Note similar information regarding how the mail message was transmitted with your VM2 machine</li><li>Record your observations in your lab logbook.</li></ol>~~ ~~=== Resetting MS Outlook Web Application to Lite Version (If Required) ===~~ ~~'''If your MS Outline web application was previously using the lite version, and you wish to revert to this original setting, perform the following steps:'''~~ ~~#Click the '''settings''' icon (looks like a gear located left to the help (?) icon.#Click the General categories under the options~~ from root on ~~the left-side of the options menu.#Click Light Version, and in the details area~~ vm2 to ~~the right, make certain that the Use the light version of Outlook~~ root on ~~the web is selected (i.e. check mark appears)~~vm3, and ~~click on Save at the top.#Sign-out of your MS Outlook Session, and login again. '''NOTE: If your MS Outlook application does not change versions,~~ then ~~close all of your web-browsers, and then log into your Seneca email account~~reply from vm3 to vm2.~~'''~~ ~~'''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''~~

If both messages arrive, both MTAs are working. If not, use the troubleshooting tools and techniques you have already learned to diagnose and fix the problem.

==COMPLETING THE LAB==

Upon completion of this lab you should have postfix mail servers running on two machines, and starting automatically when they do. These servers must have sent email both ways between each other (from vm2 to vm3, and from vm3 to vm2), and to your seneca email (or other external mail server).

'''Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below'''

===In Class Submission===

Arrange proof that you can send e-mail from your '''~~VM2~~vm2''' machine to your '''Seneca College e-mail account''', and than you can '''send and receive e-mail messages between on your ~~VM2~~ vm2 and ~~VM3~~ vm3 machines'''.

#Briefly list the students to install the MUA on your server for text-based messaging.

#Briefly list the steps to trouble-shoot your server if you could not send e-mail messages from your ~~VM2~~ vm2 machine to an external e-mail server.#Write the command to send an e-mail message from your ~~VM2~~ vm2 to your Seneca College e-mail account.

#What are the commands to issue in the mail prompt to:<ul><li>Read the first e-mail message displayed</li><li>Save the 4th e-mail message to the file pathname: ~/maildir/3.msg.txt</li><li>Delete the 3rd e-mail message displayed</li><li>Exit the mail command prompt and return to the shell</li></ul>

#What were the results of sending emails locally on your ~~VM2~~ vm2 machine? Show log segments to verify your answers.

#List the steps to show your email header to trace the transmission between Mail Transfer Agents among different mail servers.

Peter.callaghan

932

edits

Changes

OPS335 Lab 4

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

get involved with CDOT

courses

course projects

links

Tools