Electronic mail
Download
1 / 24

Electronic Mail - PowerPoint PPT Presentation


  • 100 Views
  • Uploaded on

Electronic Mail. Peter D’Souza. Outline. Introduction Mail Systems Components of a Mail Message Administrative Principles/Practices Aliases Sendmail Security, privacy and other issues. Introduction. Essential to both businesses and individuals New standard of social behavior

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Electronic Mail' - janeeva


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Electronic mail

Electronic Mail

Peter D’Souza


Outline
Outline

  • Introduction

  • Mail Systems

  • Components of a Mail Message

  • Administrative Principles/Practices

  • Aliases

  • Sendmail

  • Security, privacy and other issues


Introduction
Introduction

  • Essential to both businesses and individuals

  • New standard of social behavior

    • Cheaper/faster than postal services

    • Less formal than paper

    • Less personal than actual conversations


Mail systems
Mail Systems

  • Four distinct components

    • MUA - Mail user agent

    • MTA - Mail Transport agent

    • Delivery Agent

    • Access agent (optional)

    • Mail submission agent that speaks SMTP sometimes included


Mail systems1
Mail Systems

Internet

UA

DA

Eudora

mail.local

TA

TA

Message

Store

sendmail

(port 25)

DA

sendmail

procmail

UA

mail

SA

UA=User Agent

SA=Submission Agent

TA=Transport Agent

DA=Delivery Agent

AA=Access Agent

sendmail

(port 587)

DA

To

local

user

agents

UA

imapd

Pine

Host A - Sender

Host B - Receiver


User agents
User Agents

  • Used to read and compose messages

  • Protect text embedded in contents

  • System wide and user-specific configuration supported


Transport agents
Transport Agents

  • Accept mail from user agent, understand recipient’s address, and get mail to correct host for delivery

  • Speak SMTP protocol

  • eg. sendmail, PMDF, PostFix, etc.


Delivery agents
Delivery Agents

  • Accept mail from transport agent and actually deliver it to the appropriate local recipients

  • Speak SMTP protocol

  • eg. /bin/mail (local users), /bin/sh (mail going to a file), mail.local, smrsh


Other agents
Other Agents

  • Access Agents

    • Connects user agent to message store

    • eg. IMAP or POP

  • Mail Submission Agents

    • Runs on a different port

    • Does all the prep work and error checking before the message can be sent out by TA

  • Sendmail acts as both MSA and TA


Anatomy of a mail message
Anatomy of a Mail Message

  • Envelope

    From evi Wed Jan 19 19:01:11 2000

    Received: (from [email protected]) by xor.com (8.9.3/8.9.3) id TAA17820; Wed, 19 Jan 2000 19:01:11 –0700 (MST)

    Date: Wed, 19 Jan 2000 19:01:11 –0700 (MST)

    From: Evi Nemeth [email protected]

    Message-Id: [email protected]

    To: [email protected]

    Subject: xor.mc

    CC: [email protected]

    Status: R

  • Determines where the message will be delivered or, if the message cannot be delivered, to whom it should be returned.


Anatomy of a mail message contd
Anatomy of a Mail Message (Contd)

  • Header

    2: Return-Path: [email protected]

    3: Received: from anchor.cs.colorado.EDU ([email protected]

    [128.138.242.1]) by columbine.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id

    HAA21741 for < [email protected] >; Fri, 1 Oct 1999 07:04:25 –

    0700 (MST)

    4: Received: from mroe.cs.colorado.EDU (mroe.cs.colorado.edu[128.138.243.151])

    by anchor.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id

    HAA26176 for < [email protected] >; Fri, 1 Oct 1999 07:04:24 – 0700 (MST)

    5: Received: from knecht.sendmail.org(knecht.sendmail.org [209.31.233.160])

    [128.138.242.1] by mroe.cs.colorado.edu (8.9.3/8.9.2) with ESMTP id

    HAA09899 for < [email protected] >; Fri, 1 Oct 1999 07:04:23 –

    700 (MST)

    6. Received: from knecht.sendmail.org (localhost [127.0.0.1]) by

    knecht.sendmail.org (8.9.3/8.9.3) with ESMTP id GAA18984; Fri, 1 Oct 1999

    07:04:25 – 800 (PST)

    • Collection of Property-value pairs formatted according to RFC822

  • Body


Mail philosophy
Mail Philosophy

  • Servers for incoming and outgoing mail; or for really large sites, a hierarchy

    • Replication of incoming and outgoing servers

    • Typical UNIX hosts with minimal sendmail capabilities

    • Firewall

  • A mail home for each user at a physical site

    • Enforced through ‘aliases’ file, ‘maildrop’ field or LDAP database

    • Remote access provided via POP or IMAP

  • IMAP or POP to integrate PCs, Macs and remote clients

    • IMAP delivers messages one at a time

    • POP downloads all messages from server


Mail aliases
Mail Aliases

  • Allow mail to be rerouted

    • Allow users to be referred by more than one name

    • Define mailing lists

    • Forward mail among machines

  • Defined in UA’s configuration file (sending user), /etc/mail/aliases (global) or in a .forward file(recipient)

  • Examples

  • From mail point of view, alias supersedes /etc/passwd

  • Loops detected by sendmail


Mailing lists
Mailing lists

  • Giant alias

  • Usually specified in /etc/aliases but maintained in external file

  • :include: directive in aliases

    • sabook: :include:/usr/local/mail/usah.readers

      owner-mylist: mylist-request

      mylist-request:evi

      owner-owner: postmaster

  • Maintenance done by list manager

    • eg. Majordomo, Mailman, etc.


Sendmail
sendmail

  • Transport agent developed at Berkeley

  • Can adapt to whims of standard-makers due to

    flexibiiity of its configuration file

  • Generates error messages and returns messages to sender if they are undeliverable

  • Components required for installation

    • sendmail binary

    • configuration file (/etc/mail/sendmail.cf)

    • Mail queue directory (/var/spool/mqueue)

    • Links to sendmail (newaliases, mailq, hoststat)

    • Local delivery agents, smrsh and mail.local


Sendmail contd
sendmail (contd)

  • Latest version available at www.sendmail.org

  • Steps for installation

    • Initialize Database format and strategy for interfacing with administrative databases such as NIS or NetInfo

    • Compile

      FOR LDAP - sh ./Build –c –f site.config.m4

    • Should be explicitly started in rc files at boot time

    • Can be run on standalone clients as well by configuring it as null client (not run as daemon)

    • switch file used to exert fine grained control


Sendmail config file
sendmail – Config file

  • Raw config file designed for ease in parsing

  • Config file determines

    • Choice of delivery agents

    • Address rewriting rules

    • Mail header formats

    • Options

    • Security precautions

    • Spam resistance

  • At runtime, sendmail must be killed and restarted or sent a HUP signal if config file is changed

  • Commonly uses m4 macros


Sendmail config primitives
sendmail – config primitives

  • VERSIONID – embed version information (CVS)

  • OSTYPE – Vendor specific information for operating system details

  • DOMAIN – site-wide generic information (doing an include)

  • MAILER – must be included for every delivery agent


Spam control features
Spam control features

  • Rules that control relaying

    • Relaying used by spammers to disguise identity

    • Only hosts that are tagged with RELAY in access database can submit mail for relaying

    • Offers features for restricted relaying

  • Access database

    • Acts as mail specific firewall

    • Blocks mails from specific users and domains

    • Specify which domains a machine will relay for

  • Blacklists

    • Blocks local users or hosts

  • Header checking

    • Uses low level sendmail config file syntax to look for patterns in headers and reject these


Security in sendmail
Security in sendmail

  • Ships with built-in hooks for encryption

  • Later versions support both SMTP authentication and encryption with SSL (TLS–Transport Layer Security)

  • Includes DontBlameSendmail option to warn about potential risks in installation

  • Ownerships

    • DefaultUser : should not own any files

    • TrustedUser : can own maps and alias files

    • RunAsUser : run under after socket connections to port 25 are opened; switches identities to a different UID


Security contd
Security (contd)

  • Permissions

    • Does not read files with lax permissions (world-writeable or that live in group or world-writeable directories)

    • Requires that entire path to any alias or forward file must be trusted i.e. no component can have group write permission

    • Does not read a .forward file with link count > 1

    • SafeFileEnvironment option controls where files can be written and protect device files and directories


Security contd1
Security (contd.)

  • Authentication

    • Includes SMTP authentication to verify identity of sending machine

    • authwarnings option flags local attempts at forgery by adding Authentication-warning header to outgoing mail

    • identd daemon can be used to verify a sender’s real login name

  • Message Privacy

    • External encryption package needs to be used (PGP,TLS,etc)

  • Simple authentication and Security Layer

    • Generic authentication mechanism

    • Uses authorization identifier and authentication identifier to

      map to permissions on files, UNIX passwords, Kerberos tickets, etc.

    • Only authentication part used in sendmail


Other issues
Other issues

  • Privacy

    • Lists privacy options in sendmail/conf.c

    • Controls what people can determine about your site from SMTP

    • States what you require of host on other end of SMTP connection

    • Defines whether users can see or run mail queue

  • DOS attacks

    • Flooding SMTP port with bogus connections

    • MaxDaemonChildren

      • limits number of sendmail processes

      • Prevents system from being overwhelmed with sendmail work

    • MaxMessageSize

      • Prevents mail queue directory from filling

    • ConnectionRateThrottle

      • Limits number of connections per second that are permitted

    • MaxRcptsPerMessage

      • Controls max number of recipients allowed on a single message



ad