Changes

Jump to: navigation, search

OPS335 Lab 4

7,563 bytes added, 20:17, 4 January 2021
Sending a Mail Message from your vm2 Machine to your Seneca Email Account
[[Category:OPS335]][[Category:OPS335 Labs]]
==MAIL SERVER RESOURCESOVERVIEW & PREPARATION==
{{Admon/important|Warning|Your lab 3 must be complete with a functioning DNS server for your domain before this lab will work.}}
Online References:You may not be aware of it as an user, but email is a very <u>complex</u> system to administer. In fact, the more modern e-mail systems (eg. web-based mail applications, etc) are more technically involved than the other archaic, hard-to-configure, and sometimes inter-operable mail systems.
* [https://preziWe are going to spread the remaining email labs over a few weeks, so that by the end of this topic, you will have a sufficient understanding of what services are involved in sending, filtering, and reading email.com/iuk-advzak_o/mail-servers-postfix/ OPS335 Mail Server Notes ] Course Note providing Concepts and Overview of You will also have the skills to configure a basic mail server setup* [http://www.fredshackusing the default services provided for your Centos7 Linux distribution.com/docs/postfix.html Postfix for Dummies] Good Basic Guide to setup Postfix MTA
Believe it or not, this is a simple diagram of you sending an email to someone else:
==OVERVIEW &amp; PREPARATION==[[Image:Email-servers.png]] This lab will show you how to set up a Mail User Agent ('''PostfixMUA''' email server (), using the '''MTAmailx''') package on your '''VM2vm2''' machine to send and receive e-mails on your local VM. In this case, the '''VM3Postfix''' machines. You will also be setting up on package which represents your '''VM2MTA''' is most likely already installed and running on your local VM. In addition to sending and receiving emails on your Local VM, you will also be able to send a text-based e-mail from your '''VM3vm2 machine''' machines the to your '''mailx''' package ('''MUASeneca mail account''') to allow users to send and receive text-based mail messages. You should will also be able learn how to send email make multiple MTAs in the same network collaborate in sending emails. In addition, you will learn where the message store (MS) is located that stores mail messages until they are viewed and either deleted or transferred to your Seneca College email accountother folders.
The diagram below shows Although, you will not be able to receive mail messages from outside sources (such as your Seneca email account), this lab acts as a starting point in order to run a basic email server. You are NOT required to go into tremendous depth (just the layout minimum requirements). For example, we will not go over every aspect of the Postfix MTA service, but you should know what it represents and what this lab should be able is its main purpose, as opposed to accomplishthe following:[https://en.wikipedia.org/wiki/Postfix_%28software%29#Architecture complex diagram 1] , [https://www.credativ.de/blog/postfix-architecture-overview complex diagram 2].
===Online References:===
* [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command] (examples how to send e-mail using mail command)* [Imagehttp://www.johnkerl.org/doc/mail-how-to.html#prompt_commands View and Manage Received e-mail Mesages] (Common commands to view and manage received email-setupmessages)* [https://support.google.pngcom/mail/answer/29436?hl=en Reading Full Email Headers](Explanation of message header information)* [http://wiki.dovecot.org/MailServerOverview Here's an overview](common mail server terms)
==INVESTIGATION 1: INSTALL, SET-UP, AND USE THE MAIL USER AGENT ('''MUA''')==
==INVESTIGATION 1: INSTALL &amp; SETUP THE MAIL TRANSFER AGENT We will be using a simple text-based '''Mail User Agent (MTAMUA)==''' called '''mailx''' in this lab to '''both send and receive''' mail messages within your '''vm2''' machine and to '''only send''' mail messages from your '''vm2''' machine to your Seneca e-mail account.
{{Admon/important|Prerequistites|<ol><li>Ensure <u>all</u> machines have been updated and that the '''clocks NOTE:''' Because you're using private IP addresses and no external DNS servers are set pointing to the correct date and timeyour network, you '''.<bru>cannot</liu><li>Due ''' send e-mail messages from outside your environment to the changes made in this lab3, your '''you will now need your vm1 running (as the DNS server)vm2''' in order for any of your virtual machines to be able to use the internetmachine.</li></ol>}}
=== Confirm Network Connections Installing the Mail User Agent (MUA)===
Before proceeding with this lab, we need to confirm our machines have connectivity to '''Perform the Internet before we can install and start sending e-mail messages.following Steps:'''
#Make certain you are in your '''Perform vm2''' machine.#Install the following steps'''mailx''' application (MUA) using yum:'''NOTE:''' You can refer to the link below to acquaint yourself on how to send e-mail messages using '''mailx''' application:<br> [http://www.simplehelp.net/2008/12/01/how-to-send-email-from-the-linux-command-line/ Mail Send Command Examples]
#Make certain that you can connect to the Internet on ===Sending a Mail Message from your Host vm2 Machine via web-browser. Since your host should be using '''VM1''' as its '''DNS server''', you will need to make certain that the '''VM1''' machine is running as well.#Start Firefox on your Host Machine, and access your Seneca e-mail account (https://myseneca.ca).#Confirm that you can access the web from your VM2 machine. You can install the wget or lynx applications in order to test this for your text-based server (NOTE: you should not have to authenticate yourself on the guest machine).Email Account===
===Install {{Admon/important|Note|These instructions no longer work reliably. You can still send email to your own email server, and configure Postfix on look at the server logs to see that it did really get sent. But it probably won't be accepted for one of a VM===multitude of good reasons. If it doesn't work for you: don't worry about it for lab submission purposes.}}
We will now be installing the postfix application which will act as the Mail Transfer Agent (test to see if your MTA) that will send and receive for your vm2 machine is correctly running by sending email messages from your vm2 machine to your Seneca e-mail messages between servers (VMs as well as servers that are outside of our virtual network)account.
'''Perform the following steps:'''
#Switch to Make certain you are still in your '''VM2vm2''' machine.#Check the status of the Test email from your machine by sending an email to your '''sendmailSeneca email account''' service by using the '''systemctl''' command. If the sendmail service is running, use the systemctl command to stop and disable that service. #Issue the following command to install the :<br>'''Postfixmail -s "Lab4a - test1" <Your Seneca email address>''' application (MTA):<br><br>'''yum install postfixNOTE:'''<br><br>#What is after you type in the purpose body of installing the postfix application in terms of using e-mail? Record your answer in your lab logbook.<br><br>message, move to an empty line, and then press the key combination '''NOTE:&lt;ctrl&gt;&lt;d&gt;''' We need to configure send the postfix application (i.e. our MTA) to recognize our recently-created domain name that we setup in lab3message.<br><br>#Edit the Postfix configuration file: '''Check your Seneca email account (Inbox /etc/postfix/main.cf''' and edit this file Junk Email Folder) to contain only see if you got the contents displayed below:email (note that it may take a <bru>few minutes to arrive<br/u>'''mydomain = senecaID.org'''<br>'''myorigin = $mydomain'''<br>'''mynetworks = 127.0.0.0/8, 192.168.X.0/24'''<br>'''relay_domains ='''<br>'''inet_interfaces=all'''<br><br>'''NOTE:''' Your MTA has the ability to resolve "fake" public address so you may also wish to try an actual user alternate email account name. For example, if you have a user account called "msaul"one like gmail, etc). When you can have do receive that email, make a note of the MTA resolve return address.#If you did not receive the fake name "murray.saul" to mail, check the account name "msaul".<br>In order mail logs on your vm2 machine to do this you need to create an alias which is contained in the MTA's alias filedetermine any errors messages that would indicate a mail server setup problem.<br><br>#Edit Once you have succeeded in sending the '''/etc/postfix/aliases''' file and add your first name as an alias email, send a second email to be resolved to your VM2's account namethe same destination using the following command:<br><br>'''yourmail -firstr "someone@hacker.com (Canadian Revenue Agency)" -name''' &nbsp; &nbsp; &nbsp; '''yours "Lab4a -vm2-regular-username'''test2" <br><brYour Seneca email address>#In order Check your email to update see if you got the MTA's database for email. If you did, make a note of the newly-create alias, issue return address. How would you think that including the following command:<br>'''postalias hash:/etc/aliases-r'''<br><br>option could be used by penetration hackers to gain access to a computer system? What sort of steps do you think should be taken to help prevent this type of attack from happening? ===Sending a Mail Message within your vm2 Machine=== #Finally, to start We will now test both your MUA (mailx) and enable your MTA, issue (postfix) by sending and receiving e-mail messages on the following commands:<br><br>'''systemctl start postfixlocal vm2 machine only.service'''<br>'''systemctl enable postfix.service '''<br><br>#Check Perform the following Steps:'''/var/log/messages''' file to see that your MTA server started without error If there are any errors, correct them before continuing.
#Send an email message locally (i.e. only within your vm2 machine) by issuing the command:<br>'''mail -s "Lab4a - Local - Test1" <yourSenecaID>'''
#After you type in the body of the mail message, move to an empty line, type period "." and press the ENTER key to send the message.
#Login with your '''regular user''' and issue the following command to read the mail message you send to yourself:<br>'''mail'''<br><br>'''NOTE:''' You can refer to the link below to view a reference chart on how to read and delete received e-mail messages at the mail command prompt:<br>[http://www.johnkerl.org/doc/mail-how-to.html#prompt_commands Commands to View and Manage Received e-mail Mesages]<br><br>
#Issue the following command: '''cat /var/spool/mail/<yourSenecaID>'''<br>What do you see? What does this show you in terms of where mail is stored on your e-mail server?
#If you received an e-mail message, the message and subject line should appear as a listing in your mail command.<br><br>'''NOTE:''' If you did not receive a mail message, check your mail server settings, check to see if your mail server is running and also check '''/var/log/maillog''' and '''/var/log/messages''' (this step requires '''root''' privilege).<br><br>
#Once you have received the message, type the mail message number that is displayed in your e-mail message list in the prompt and press ENTER. You should be able to confirm the message body that you sent.
#Exit the mail program by typing the letter '''q''' and press ENTER.
#Re-issue the '''mail''' command. What happened? Issue the command: '''cat /var/spool/mail/<yourSenecaID>'''. What do you notice?
#Exit the mail command.
'''Record steps, commands, and your observations in INVESTIGATION 1 in your OPS335 lab log-book'''
==INVESTIGATION 2: SETUP MTA TO SEND MAIL MESSAGES (NO ENCRYPTION)==
==INVESTIGATION 2We will be using the '''Postfix''' application as the '''MTA''', and we will be setting it up on your '''vm2''' and '''vm3''' machines. They will act as the "sending" email servers for your internal network. You will be able to send email out of your network, and receive email from within your network, but you will '''<u>not</u>''' receive email from outside of your network due to the following reasons: INSTALL &amp; SETUP THE MAIL USER AGENT * Individuals outside of your domain will never find the MX records because there are no other DNS servers pointing to your DNS server (MUAi.e. you haven't paid for it)==.* Even if the individuals could read your MX records, your local network is using IP addresses on a '''private subnet''', which is not routeable on the Internet, so it cannot be reached from outside of your system.
We will be using a simple text-based Mail User Agent called mailx to send messages between your running mail servers (MTAs).=== Verify the Postfix Service Status ===
'''Perform the following steps:'''
#The '''postfix''' application should be installed by default. If it isn't, install it.#Postfix is capable of sending email with the default configuration, so start and enable this service, and verify that the postfix service is running.#Look for the running postfix service in the list of listening ports by issuing the following command:<br><source>ss -atnp</source>#Which service is postfix running? Locate the port used by SMTP, and look for connections with the state LISTEN (i.e. currently listening).#Write your observations in your lab logbook. === Installing Testing the connection to the Mail User Agent (MUA)Postfix Service ===
We will be demonstrating the use of the '''Perform the following Steps:nc'''application to test that the postfix service is running and listening.
#Issue the following command to install the '''mailx''' application (MUA)Perform the following steps:<br><br>'''yum install mailx'''<br><br>#Refer to the chart below to acquaint yourself on how to use the mailx application:
# If the '''nc''' command is not installed on your vm2 machine, install it (install '''nc''' command for your '''vm3''' as well).# Connect from your '''vm2''' to itself using the '''nc''' command by issuing the following command:<br><source >nc localhost 25</source># You should see a response: <br><source >220 vm2.yourdomain.ops ESMTP Postfix</source># You could theoretically use SMTP commands to send an email here, but this would be a very unusual use of your mail server. You have an '''MUA''' for a reason.#Enter the command '''QUIT''' to close the connection to the server, then '''<ctrl>--- INSERT REFERENCE CHART ---c''' to terminate the nc command.
::'''NOTE:''' If it worked, this indicates that the postfix service is running, listening, and responding to connections.
<ol><li value===Testing mail with "4">Let's see if it works from other machines. Use '''nc''' to connect to '''vm2''' from '''vm3''' and see if it works. If your firewall is set up properly, the nc command should not permit a connection (i.e. ''no route to host'').</li><li>Create an iptables rule to allow incoming connections to your '''SMTP''' server on your '''vm2'''.</li><li>Once you open the port in the firewall, retry the '''nc''' command. You should get a different error this time (e.g. ''connection refused''). This time the problem is that your service isn't listening on the outside interface, it's currently configured to listen only on the loopback (lo) interface.</li><li>Make sure the internet===new iptables rule gets saved so that it will be loaded automatically from startup.</li></ol>
We will now test to see if your MTA for your VM2 machine is correctly running by sending email messages to other servers (both within and outside your virtual network).=== Listening on all interfaces ===
We need to configure the MTA not only to listen to connections from other (separate) MTAs, but to set the domain name and server name in order to allow the user to issue emails in the "standard way", and allow mail messages to provide a correct email address for replies.
'''Perform the following steps:'''
#Test email from In your '''vm2''' machine by sending an email to your Seneca account using , launch in editing session for the following commandpostfix configuration file called:<br><br>'''mail -s /etc/postfix/main.cf'''# Our first editing change to the Postfix configuration will be to make the service "PART C3listen" <Your Seneca email address>for incoming connections on the external interface (i.e '''eth0'''from the VMs point of view).<br>Change the value of the following parameter to what is displayed below:<br><source>inet_interfaces = all</source># We should also set the string that will end up in the '''NOTEFrom:''' after you type header in your letter, enter a period in the first column on the last line and hit the ENTER keymessages sent by this server.<br>Change the '''mydomain''' option to YOUR domain name (shown below):<source>mydomain = yoursenecaid.ops<br/source>#Check your learn email to see if Also you got must set the email (note that it may take a few minutes to arrive, '''hostname''' for this server so you may also wish to try an alternate email account if you have one). When you do receive that email make a note of will correctly specify the return address.#If you did not receive hostname in the '''From:''' header in a sent mail, check the mail logs on your machine to determine what the error ismessage.#Test email from your Host Machine by sending an email to your Seneca account using <br>Make certain the following commandparameter only appears once (shown below):<brsource>myorigin = $myhostname<br/source>#Ensure that your '''hostname''' and '''DOMAIN''' name is properly set on your machine, otherwise you will need to set the '''mail -s "PART C4" -r hacker@evil.com <Your Seneca email address>myhostname'''<br>parameter.<br>#Check your Seneca email to see if you got the email. If you did make a note {{Admon/important|Warning|Make sure there are no other un-commented copies of those above-mentioned parameters in the return addressPostfix configuration file.}}#Repeat <br><ol><li value="6">Restart the postfix service, then use the steps for INSTALL &amp; '''SETUP THE MAIL TRANSFER AGENT ss''' command to confirm that the your MTA is now listening on <u>all</u> interfaces (MTAnot just loopback)</li><li>Test by connecting to it (using the ''' and nc'''INSTALL &amp; SETUP THE MAIL USER AGENT (MUAcommand)''' for from your '''VM3vm3'''machine.</li></ol>
===Testing email using IP Addresses==='''Record steps, commands, and your observations in INVESTIGATION 2 in your OPS335 lab log-book'''
If you were able to send e-mail to your Seneca e-mail account from your VM2 ==INVESTIGATION 3: SENDING EMAIL BETWEEN MTAs for vm2 and VM3, then we should test to see if we can send email messages within our virtual private network.First, let's send a message using a static IP ADDRESS for each VM:vm3 (NO ENCRYPTION)==
Your '''Perform the following Steps:vm2''' server should now be capable of '''sending''' and '''receiving'''email, but we can't be certain until we test it. This also would not help the users on the other machines in the network, which are still not capable of receiving email.
#Adjust your firewall (iptables) to allow traffic to port 25 on both VMs.# Check your '''/var/log/maillog''' file to see the log entries get created when mail is sent and received, or notes when something goes wrong.#Try sending an email from '''vm2''' to your '''vm3''' by issuing Perform the commandfollowing steps:<br><br>'''mail -s "PART E2" yyyyyy@[192.168.X.4]'''<br><br>#Try sending an email from your '''vm3''' to '''vm2''' by issuing the command:<br><br>'''mail -s "PART E3" root@[192.168.X.3]''' <br><br>
===Test # Repeat the configuration from investigation 2 on '''vm3''' (swap vm2 and vm3 when issuing command so that you are configuring vm3, and using your vm2 server to test the connections).# Once that is complete, send an email from '''root on vm2''' to '''root on vm3''', and then reply '''from vm3 to vm2'''.# If both messages arrive, both MTAs are working. If not, use the troubleshooting tools and techniques you have already learned to diagnose and fix the problem.<br><br>{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using host names===the dump or rsync command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}<br>'''Record steps, commands, and your observations in INVESTIGATION 3 in your OPS335 lab log-book'''
Let's complete this lab by sending email messages using our recently-created domain name:==COMPLETING THE LAB==
'''Perform the following Steps:'''Upon completion of this lab you should have postfix mail servers running on two machines, and starting automatically when they do. These servers must have sent email both ways between each other (from vm2 to vm3, and from vm3 to vm2), and to your seneca email (or other external mail server).
#Use the '''host''' and '''hostname''' commands to confirm that each of your machines has the same ''hostname'' and that the DNS service verifies this to be true.===Online Submission===#Restart your MTA (postfix) server if you changed Follow the hostname instructions for lab 4a on either mail serverblackboard.#Try sending mail to yourself on both machines. For example, as the username <senecaID> on VM 3, use the command:<br><br>$ mail <senecaID>@vm2.<yourdomain>.org<br><br>'''NOTE:''' the machine will prompt for a subject: enter "testing" without the quotes.<br><br>#Enter the body of your e-mail message. When you have completed entering your email message, enter a period (.) in column 1 on the last line of your letter. This will send the signal: '''end-of-file''' and your letter will be mailed. You should end up back at the shell prompt. If you make a mistake, use '''CTRL!-C''' to cancel the email (DO <u>NOT</u> USE CTRL-Z).#Use the '''mailq''===Andrew' command on both machines (you will need to be root) to view the mail queue. Why would this command be useful for an administrator?#Use the mail command to check to see if you have received any mail.s sections===
You may choose to:* Submit screenshots of your work on Blackboard, in which case you don'''Record stepst need to come to the lab.* Or come to the lab, commandsshow me your work, and your observations in INVESTIGATION 2 in your OPS335 lab log-book''talk to me about it. I want to hear what you've learned and answer any questions you have.
You'll get the same grade regardless of how you choose to submit your work.
::<span style==COMPLETING THE LAB==Upon completion of this lab "color:green;font-size:1.5em;">&#x2713;</span>Arrange proof that you should have postfix can send e-mail from your '''vm2''' machine to your '''Seneca College e-mail servers running on two machinesaccount''', and starting automatically when they do. These servers must have sent email both ways than you can '''send and receive e-mail messages between each other (from VM 2 to VM 3, on your vm2 and from VM 3 to VM 2), vm3 machines'''.::<span style="color:green;font-size:1.5em;">&#x2713;</span>Download and to run '''https://ict.senecacollege.ca/~andrew.smith/ops335/labcheck4a.bash''' on your seneca email (or other external mail server)'''host''' machine. ::<span style="color:green;font-size:1.5em;">&#x2713;</span>Completed Lab4a log-book notes.-->
==EXPLORATION QUESTIONS==
#What did changing Briefly list the steps to install the relay_domains parameter do?MUA on your server for text-based messaging.#What firewall rule or rules, Briefly list the steps to trouble-shoot your server if any, did you have could not send e-mail messages from your vm2 machine to an external e-mail server.#Write the command to send an e-mail message from your vm2 to enter so that email between your VMs would work?Seneca College e-mail account.#What is are the commands to issue in the mail prompt to:<ul><li>Read the first e-mail message displayed</li><li>Save the 4th e-mail message to the meaning of file pathname: ~/maildir/3.msg.txt</li><li>Delete the square brackets surrounding 3rd e-mail message displayed</li><li>Exit the IP address in mail command prompt and return to the examples?shell</li></ul>#What were the results of sending email between the VMsemails locally on your vm2 machine? Show log segments to verify your answers.# What is the purpose of an MTA?# What is the purpose of an MUA?# Draw a simple diagram showing how an MUA and an MTA are used to send e-mail messages between different servers.# List the steps to test a running postfix service using the nc application.

Navigation menu