= Some DNS Review =[[Category:OPS335]][[Category:OPS335 Labs]]
Last week we got an introduction to administering a simple authoritative DNS server. This week we'll review those topics, and learn a few more record types. You'll learn still more about DNS in your first assignment.==OVERVIEW & PREPARATION==
Also if you didn't become comfortable using the '''dig''' tool - you'll get more practice {{Admon/important|Warning|Your lab 3 must be complete with it nowa functioning DNS server for your domain before this lab will work.}}
== MX Record ==You may not be aware of it as an user, but email is a very <u>complex</u> system to administer. In fact, the more modern e-mail systems (eg. web-based mail applications, etc) are more technically involved than the other archaic, hard-to-configure, and sometimes inter-operable mail systems.
When someone tries We are going to send spread the remaining email to '''senecacollege.ca''' - they actually want to send email to labs over a few weeks, so that by the Seneca mail serverend of this topic, you will have a sufficient understanding of what services are involved in sending, filtering, which is not senecacollegeand reading email.ca. That is You will also have the skills to configure a very typical basic mail setup using the default services provided for any business - it simplifies administration and helps a little with load balancingyour Centos7 Linux distribution.
Find the MX record for senecacollege.ca using digBelieve it or not, this is a simple diagram of you sending an email to someone else:
<source lang="bash">dig senecacollege[[Image:Email-servers.ca MX</source>png]]
Notice that This lab will show you how to set up a Mail User Agent ('''MUA'''), using the email servers aren't even a subdomain of senecacollege''mailx''' package on your '''vm2''' machine to send and receive e-mails on your local VM.ca but a completely different company (Microsoft in In this case), the '''Postfix''' package which represents your '''MTA''' is most likely already installed and running on your local VM. In other cases (for example check addition to sending and receiving emails on your Local VM, you will also be able to send a text-based e-mail from your '''vm2 machine''' to your '''Seneca mail account'''. You will also learn how to make multiple MTAs in the records for googlesame network collaborate in sending emails.comIn addition, you will learn where the message store (MS) the email servers is located that stores mail messages until they are within the company's domainviewed and either deleted or transferred to other folders.
In still other Although, you will not be able to receive mail messages from outside sources (raresuch as your Seneca email account) cases there is no MX record at all , this lab acts as a starting point in order to run a basic email server. You are NOT required to go into tremendous depth (check littlesvrjust the minimum requirements).ca) - in that case For example, we will not go over every aspect of the server that's at the IP for that domain Postfix MTA service, but you should know what it represents and what is handling its main purpose, as opposed to the emailfollowing: [https://en.wikipedia.org/wiki/Postfix_%28software%29#Architecture complex diagram 1] , [https://www.credativ.de/blog/postfix-architecture-overview complex diagram 2].
Notice that the response for your dig commainds for MX records contains domain names and not IP addresses. That means that when you look for a domain's email server - you may need to do a query for MX and another for A.===Online References:===
You should be comfortable reading and writing an MX record in * [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the Bind configuration file. See -linux-command-line/ Mail Send Command] (examples how to send e-mail using mail command)* [http://www.zytraxjohnkerl.org/doc/mail-how-to.html#prompt_commands View and Manage Received e-mail Mesages] (Common commands to view and manage received email messages)* [https://support.google.com/booksmail/dnsanswer/ch829436?hl=en Reading Full Email Headers] (Explanation of message header information)* [http:/mx/wiki.html the referencedovecot.org/MailServerOverview Here's an overview] for the syntax.(common mail server terms)
== CNAME record INVESTIGATION 1: INSTALL, SET-UP, AND USE THE MAIL USER AGENT ('''MUA''')==
Sometimes you want multiple domain names We will be using a simple text-based '''Mail User Agent (MUA)''' called '''mailx''' in this lab to point '''both send and receive''' mail messages within your '''vm2''' machine and to the same server. The most common example of this is the www. subdomain. Use dig '''only send''' mail messages from your '''vm2''' machine to find the main web server for your Seneca or for CBCe-mail account.
See [http'''NOTE:''' Because you're using private IP addresses and no external DNS servers are pointing to your network, you '''<u>cannot<//www.zytrax.com/books/dns/ch8/cname.html the reference] for CNAME to get examples of how u>''' send e-mail messages from outside your environment to configure such records in Bindyour '''vm2''' machine.
== TXT record = Installing the Mail User Agent (MUA)===
A TXT record can store pretty much anything, it's typically used for purposes that ''Perform the desiners of DNS havenfollowing Steps:'''t though of themselves. For example a common use of a TXT record is SPF: a record that helps receiving email servers to determine the likelyhood that a message is spam.
== Your task ==#Make certain you are in your '''vm2''' machine.#Install the '''mailx''' application (MUA) using yum:'''NOTE:''' You can refer to the link below to acquaint yourself on how to send e-mail messages using '''mailx''' application:<br> [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command Examples]
Configure at least one of each of the records above for ===Sending a Mail Message from your domain served by the Bind server in vm2 Machine to your vm1 and verify that your records work.Seneca Email Account===
= Test Plans ={{Admon/important|Note|These instructions no longer work reliably. You can still send email to your own email server, and look at the server logs to see that it did really get sent. But it probably won't be accepted for one of a multitude of good reasons. If it doesn't work for you: don't worry about it for lab submission purposes.}}
Every IT company needs We will now test to do testing - whether on software they create or systems they set up. Whenever you have a job to do - there has to be a way to show that see if your MTA for your job vm2 machine is complete and correct (according correctly running by sending email messages from your vm2 machine to original expectations)your Seneca e-mail account.
How much detail goes into '''Perform the test plan depends on the resources available for testing, the scale of the changes, and the risk associated with getting things wrong. In your case the worst thatfollowing steps:''s going to happen if you misconfigure a server is you'll lose some marks. In the industry a mistake like that can cost the company you work for a lot of money (perhaps even more than your salary).
Whether #Make certain you have are still in your '''vm2''' machine.#Test email from your machine by sending an email to your '''Seneca email account''' using the following command:<br>'''mail -s "Lab4a - test1" <Your Seneca email address>'''<br><br>'''NOTE:''' after you type in the body of the mail message, move to an extremely detailed process or something quick empty line, and simple then press the key combination '''<ctrl><d>''' to send the message.<br><br>#Check your Seneca email account (Inbox / Junk Email Folder) to see if you got the email (note that it may take a <u>few minutes to arrive</u>, so you may also wish to try an alternate email account if you have one like gmail, etc). When you do receive that email, make a note of the return address.#If you did not receive the mail, check the mail logs on your vm2 machine to determine any errors messages that would indicate a mail server setup problem.#Once you have succeeded in sending the first email, send a second email to the same destination using the following command:<br>'''mail - r "someone@hacker.com (Canadian Revenue Agency)" -s "Lab4a - test2" <Your Seneca email address>#Check your test plan must email to see if you got the email. If you did, make a note of the return address. How would you think that including the '''-r''' option could be made with used by penetration hackers to gain access to a well organized set computer system? What sort of test cases.steps do you think should be taken to help prevent this type of attack from happening?
== Test Cases =Sending a Mail Message within your vm2 Machine===
Theoretically you write the We will now test cases before you complete the system. In a way the test suite both your MUA (mailx) and MTA (all the test cases combinedpostfix) determine by sending and receiving e-mail messages on the requirements for your systemlocal vm2 machine only.
Generally speaking each test case typically has at least one expected positive and some number of expected negative results. For example if you're setting up a DNS record for www.yoursenecaid.org your test case might look something like this''Perform the following Steps:'''
#Send an email message locally (i.e. only within your vm2 machine) by issuing the command:<br>'''mail -s "Lab4a - Local - Test1" <yourSenecaID>'''#After you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.#Login with your '''regular user''' and issue the following command to read the mail message you send to yourself:<br>'''mail'''<br><br>'''NOTE:''' You can refer to the link below to view a reference chart on how to read and delete received e-mail messages at the mail command prompt:<br>[[Imagehttp:Sample_test_case//www.johnkerl.png|800px| ]org/doc/mail-how-to.html#prompt_commands Commands to View and Manage Received e-mail Mesages]<br><br>#Issue the following command: '''cat /var/spool/mail/<yourSenecaID>'''<br>What do you see? What does this show you in terms of where mail is stored on your e-mail server?#If you received an e-mail message, the message and subject line should appear as a listing in your mail command.<br><br>'''NOTE:''' If you did not receive a mail message, check your mail server settings, check to see if your mail server is running and also check '''/var/log/maillog''' and '''/var/log/messages''' (this step requires '''root''' privilege).<br><br>#Once you have received the message, type the mail message number that is displayed in your e-mail message list in the prompt and press ENTER. You should be able to confirm the message body that you sent.#Exit the mail program by typing the letter '''q''' and press ENTER.#Re-issue the '''mail''' command. What happened? Issue the command: '''cat /var/spool/mail/<yourSenecaID>'''. What do you notice?#Exit the mail command.
The test above shows a few things: that the DNS server is running'''Record steps, that it's accessible from the internal networkcommands, and it is serving the correct record. It also shows that the needed record does not propagate to the public DNS servers your observations in INVESTIGATION 1 in your OPS335 lab log- the server 8.8.8.8 doesnbook't have the same record that your private server does. That's not a wonderful result but it's what you were expecting so it's still a positive result. In fact if 8.8.8.8 returned an A record for your query - you should be concerned that the rest of your test cases may be incorrect.
You can spend an infinite amount of time running tests and stil not prove anything definitively, so you have to do your best to make sure the tests you run are representative of the requirements - that after a successful run of all the tests the service is almost certainly working correctly.==INVESTIGATION 2: SETUP MTA TO SEND MAIL MESSAGES (NO ENCRYPTION)==
=== Failures ===We will be using the '''Postfix''' application as the '''MTA''', and we will be setting it up on your '''vm2''' and '''vm3''' machines. They will act as the "sending" email servers for your internal network. You will be able to send email out of your network, and receive email from within your network, but you will '''<u>not</u>''' receive email from outside of your network due to the following reasons:* Individuals outside of your domain will never find the MX records because there are no other DNS servers pointing to your DNS server (i.e. you haven't paid for it).* Even if the individuals could read your MX records, your local network is using IP addresses on a '''private subnet''', which is not routeable on the Internet, so it cannot be reached from outside of your system.
Test cases (in a test suite, in a system that keeps track of them) are not intended to only show that === Verify the system is working. It's equally valuable to see that at some point in the past there was a problem. In that case there may be a bug number or some other means of tracking down what caused the problem in the past and how it was fixed. So recording failed test results is just as important as recording passes.Postfix Service Status ===
== Your task =='''Perform the following steps:'''
When I check your lab - I normally ask you to run some commands#The '''postfix''' application should be installed by default. If it isn't, install it.#Postfix is capable of sending email with the default configuration, so start and I'll ask you some questionsenable this service, and verify that the postfix service is a sort running.#Look for the running postfix service in the list of made-up-onlistening ports by issuing the following command:<br><source>ss -atnp</source>#Which service is postfix running? Locate the-fly test suite port used by SMTP, and look for connections with the state LISTEN (i.e. currently listening).#Write your observations in your lab. Let's formalize that for one section of one lab in a set of test caseslogbook.
Pick any section of any lab you like that would justify having at least three test cases. Write === Testing the test cases in a template, save a copy of that for connection to the current test run, and execute the tests, recording the results.Postfix Service ===
= Submit =We will be demonstrating the use of the '''nc''' application to test that the postfix service is running and listening.
To submit '''Perform the following steps:''' # If the '''nc''' command is not installed on your vm2 machine, install it (install '''nc''' command for your '''vm3''' as well).# Connect from your '''vm2''' to itself using the '''nc''' command by issuing the following command:<br><source >nc localhost 25</source># You should see a response: <br><source >220 vm2.yourdomain.ops ESMTP Postfix</source># You could theoretically use SMTP commands to send an email here, but this would be a very unusual use of your mail server. You have an '''MUA''' for a reason.#Enter the command '''QUIT''' to close the connection to the server, then '''<ctrl>-c''' to terminate the nc command. ::'''NOTE:''' If it worked, this indicates that the postfix service is running, listening, and responding to connections. <ol><li value="4">Let's see if it works from other machines. Use '''nc''' to connect to '''vm2''' from '''vm3''' and see if it works. If your firewall is set up properly, the nc command should not permit a connection (i.e. ''no route to host'').</li><li>Create an iptables rule to allow incoming connections to your '''SMTP''' server on your '''vm2'''.</li><li>Once you open the port in the firewall, retry the '''nc''' command. You should get a different error this time (e.g. ''connection refused''). This time the problem is that your service isn't listening on the outside interface, it's currently configured to listen only on the loopback (lo) interface.</li><li>Make sure the new iptables rule gets saved so that it will be loaded automatically from startup.</li></ol> === Listening on all interfaces === We need to configure the MTA not only to listen to connections from other (separate) MTAs, but to set the domain name and server name in order to allow the user to issue emails in the "standard way", and allow mail messages to provide a correct email address for replies. '''Perform the following steps:''' # In your '''vm2''' machine, launch in editing session for the postfix configuration file called: '''/etc/postfix/main.cf'''# Our first editing change to the Postfix configuration will be to make the service "listen" for incoming connections on the external interface (i.e '''eth0''' from the VMs point of view).<br>Change the value of the following parameter to what is displayed below:<br><source>inet_interfaces = all</source># We should also set the string that will end up in the '''From:''' header in messages sent by this server.<br>Change the '''mydomain''' option to YOUR domain name (shown below):<source>mydomain = yoursenecaid.ops</source># Also you must set the '''hostname''' for this server so that will correctly specify the hostname in the '''From:''' header in a sent mail message.<br>Make certain the following parameter only appears once (shown below):<source>myorigin = $myhostname</source>#Ensure that your '''hostname''' and '''DOMAIN''' name is properly set on your machine, otherwise you will need to set the '''myhostname''' parameter.<br>{{Admon/important|Warning|Make sure there are no other un-commented copies of those above-mentioned parameters in the Postfix configuration file.}}<br><ol><li value="6">Restart the postfix service, then use the '''ss''' command to confirm that the your MTA is now listening on <u>all</u> interfaces (not just loopback)</li><li>Test by connecting to it (using the '''nc''' command) from your '''vm3''' machine.</li></ol> '''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book''' ==INVESTIGATION 3: SENDING EMAIL BETWEEN MTAs for vm2 and vm3 (NO ENCRYPTION)== Your '''vm2''' server should now be capable of '''sending''' and '''receiving''' email, but we can't be certain until we test it. This also would not help the users on the other machines in the network, which are still not capable of receiving email. '''Perform the following steps:''' # Repeat the configuration from investigation 2 on '''vm3''' (swap vm2 and vm3 when issuing command so that you are configuring vm3, and using your vm2 server to test the connections).# Once that is complete, send an email from '''root on vm2''' to '''root on vm3''', and then reply '''from vm3 to vm2'''.# If both messages arrive, both MTAs are working. If not, use the troubleshooting tools and techniques you have already learned to diagnose and fix the problem.<br><br>{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using the dump or rsync command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}<br>'''Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book''' ==COMPLETING THE LAB== Upon completion of this lab you should have postfix mail servers running on two machines, and starting automatically when they do. These servers must have sent email both ways between each other (from vm2 to vm3, and from vm3 to vm2), and to your seneca email (or other external mail server). ===Online Submission===Follow the instructions for lab 4a on blackboard.<!- -===Andrew's sections=== You may choose to:* Submit screenshots of your work on Blackboard, in which case you don't need to come to the lab.* Or come to the lab, show me your work, and talk to me about it. I want to hear what you've learned and answer any questions you have. You'll get the same grade regardless of how you choose to submit your work. ::<span style="color:green;font-size:1.5em;">✓</span>Arrange proof that you can send e-mail from your '''vm2''' machine to your '''Seneca College e-mail account''', and than you can '''send and receive e-mail messages between on your vm2 and vm3 machines'''.::<span style="color:green;font-size:1.5em;">✓</span>Download and run '''https://ict.senecacollege.ca/~andrew.smith/ops335/labcheck4a.bash''' on your '''host''' machine. ::<span style="color:green;font-size:1.5em;">✓</span>Completed Lab4a log-book notes.--> ==EXPLORATION QUESTIONS== #Briefly list the new DNS records steps to install the MUA on your server for text-based messaging.#Briefly list the steps to trouble-shoot your server if you created could not send e-mail messages from your vm2 machine to an external e-mail server.#Write the command to send an e-mail message from your vm2 to your Seneca College e-mail account.#What are served correctly the commands to issue in the mail prompt to:<ul><li>Read the first e-mail message displayed</li><li>Save the 4th e-mail message to the file pathname: ~/maildir/3.msg.txt</li><li>Delete the 3rd e-mail message displayed</li><li>Exit the mail command prompt and show return to the shell</li></ul>#What were the results of sending emails locally on your vm2 machine? Show log segments to verify your completed answers.# What is the purpose of an MTA?# What is the purpose of an MUA?# Draw a simple diagram showing how an MUA and an MTA are used to send e-mail messages between different servers.# List the steps to test plana running postfix service using the nc application.
