Lect 07 - Mail Server NetMan - 2015

Technical Support Fundamentals (ITP 4107)
MAIL SERVER – SENDMAIL

&
NETWORK MANAGEMENT
Mail Server - Sendmail

Topic 05,p.1
©VTC 2012
LESSON INTENDED LEARNING OUTCOMES

On completion of the lesson, students are expecte
d to
 setup, configure, monitor and control appropriat
e TCP/IP network services for satisfying given r
equirements.

Topic 05,p.2
©VTC 2012
OVERVIEW
 Email System Architecture
 MDA, MTA, MAA, MUA
 POP3 & IMAP
 MIME
 SMTP
 Email Server (Sendmail)
 Network Management

Topic 05,p.3
©VTC 2012
The diagram below shows a typical sequence of events that takes place when Alice
composes a message using her mail user agent (MUA). She enters the email address of
her correspondent (Bob), and hits the "send" button.

Topic 05,p.4
©VTC 2012
EMAIL SYSTEM ARCHITECTURE

Email System Workflow:
1. Alice’s MUA (mail user agent, e.g. MS Outlook) formats the message in
email format and uses the Submission Protocol (a variant of the Simple
Mail Transfer Protocol (SMTP)), to send the message to the local mail
submission agent (MSA), in this case smtp.a.org, run by Alice's
internet service provider (ISP).
• A mail submission agent (MSA) is a computer program or software
agent that receives electronic mail messages from a mail user agent
(MUA) and cooperates with a mail transfer agent (MTA) for
delivery of the mail. (Many MTAs perform the function of an MSA
as well.). Both MTA and MSA functions use port number 25. The
MTA accepts locally-destined mail from other domains, and an
MSA accepts submitted mail from local users.

Topic 05,p.5
©VTC 2012

2. The MSA looks at the destination address provided in the SMTP
protocol (not from the message header), in this case bob@b.org. An
Internet email address is a string of the form
localpart@exampledomain. The part before the @ sign is the local
part of the address, often the username of the recipient, and the part after
the @ sign is a domain name or a fully qualified domain name. The
MSA resolves a domain name to determine the fully qualified domain
name of the mail exchange server in the Domain Name System (DNS).
3. The DNS server for the b.org domain, ns.b.org, responds with any
MX records listing the mail exchange servers for that domain, in this
case mx.b.org, a message transfer agent (MTA) server run by Bob's
ISP.
4. smtp.a.org sends the message to mx.b.org using SMTP.
5. mx.b.org may need to forward the message to other MTAs before the
message reaches the final message delivery agent (MDA).
Topic 05,p.6
©VTC 2012

6. The final MDA delivers the message to the mailbox of the
user bob.
7. Bob presses the "get mail" button in his MUA, which picks
up the message using either the Post Office Protocol (POP3)
or the Internet Message Access Protocol (IMAP4).
• POP3 and IMAP4 are the two most prevalent Internet
standard protocols for e-mail retrieval. Virtually all
modern e-mail clients and mail servers support both
protocols as a means of transferring e-mail messages
from a mail server.

Topic 05,p.7
©VTC 2012

Generally, the different components involved in the
Internet email system architecture are:
Internet

Topic 05,p.8
©VTC 2012
MAIL DELIVERY AGENT (MDA)

 Within the Internet mail architecture, local me
ssage delivery is achieved through a process of
handling messages from the message transfer age
nt, and storing mail into the recipient's envir
onment (typically a mailbox).
 MDA delivers mail locally according to the inst
ructions of the user or system defaults (e.g. p
rocmail). Most MTAs actually include a default
MDA to put mail in a single incoming folder kno
wn as a mailspool and/or to consult a user file
which configures other options to forward messa
ges to another host or program.
Topic 05,p.9
©VTC 2012
MAIL TRANSPORT AGENT (MTA)

 MTA is software that transfers mail messages from one comp
uter to another using a client–server application archite
cture. An MTA implements both the client (sending) and ser
ver (receiving) portions of the SMTP.
 Traditionally, MTAs were set up to accept messages from an
yone, but spammers learned that such MTA can be used as an
open relay to forward their messages. Now, virtually no MT
A will accept a message from outside its domain unless eit
her
 (a) the message is to be delivered inside the domain or
 (b) the connected session has done a login to the MTA.
 The original, and still very widely used MTA, is sendmai
l. It is a monolithic program combining an MTA, MDA, and
even the outbound part of an MUA.
 Other popular MTAs include qmail, postfix, and exim.

Topic 05,p.10
©VTC 2012
MAIL ACCESS AGENT (MAA)

 As computing has become more decentralized and mobile
, a new kind of agent has appeared to provide remote
access to the mailspool and mail folders. These agent
s look like MUAs to the system they're running on, bu
t they are actually accepting instructions from remot
e programs.
 POP (port 110) is the original MAA protocol. It sim
ply delivers all messages from the incoming mailspo
ol to the remote MUA. The remote system has the opt
ion of deleting the messages from the spool or leav
ing them. POP is the service offered by most ISPs.
 IMAP (port 143) works with a remote MUA accepting c
ommands to manage folders, download messages, move
them to folders, or delete them.
Topic 05,p.11
©VTC 2012
MAIL USER AGENT (MUA)

 MUA sends messages to the MTA and retrieves mes
sages from the mailspool. It also manages the m
ail folders on behalf of the user. This the mos
t visible part of the Internet mail system and
the one that interacts with humans. There are m
any MUAs, Examples from the major categories ar
e:
 traditional text
 mail, mailx, elm, pine, mutt.
 Windowed GUI
 Netscape Messenger, KMail, Eudora, Microsoft Outloo
k family.
 Webmail (Web browsers)
Topic 05,p.12
©VTC 2012
POST OFFICE PROTOCOL (POP)

 Move mail messages from server to host
 All messages are typically downloaded at onc
e
 Two versions of POP
 POP2
 POP3 (popular version)
 Incompatible with each other
 Both use simple ASCII commands
 Neither is very secure
 Port: 109 (POP2) and 110 (POP3)

Topic 05,p.13
©VTC 2012
POST OFFICE PROTOCOL (POP3)

 POP3 (post office protocol 3) is used by client
s to collect messages from email servers. Clien
ts must supply a username and password to the s
erver in order to log into their account or POP
3 mailbox. The email server will respond with t
he number of messages waiting and the client ca
n initiate a ‘deque’ command to download the
queued emails. The messages will either be dele
ted from the email server or marked as read so
they are not downloaded again.
 POP3 is very good at the simple task of collect
ing messages. The POP3 transactions between cli
ent and the email server are similar to SMTP.
Topic 05,p.14
©VTC 2012
IMAP (INTERACTIVE MAIL ACCESS PROTOCOL)

 IMAP is the Internet message access protocol used
for accessing mail messages stored on a server.
 It is a protocol that allows users to perform ce
rtain electronic mail functions on a remote serve
r rather than on their local computer.
 The fundamental difference between accessing emai
l via IMAP as opposed to via POP3 is that IMAP do
es not download the messages and store them local
ly as POP3 does. All message manipulations, such
as opening, closing and deleting, is carried out
on the server.
 This makes backup simpler and security tighter si
nce no mail message is stored locally on the user
’s own computer.
 Use Port 143
Topic 05,p.15
©VTC 2012
MIME (MULTIPURPOSE INTERNET MAIL EXTENS

IONS)
 MIME was developed because of the need for a system to t
ranslate the array of constantly changing attachment for
mats.
 SMTP can only transmit text – this creates a problem wh
en it comes to sending images, video and other attachmen
ts via email. SMTP gets around this problem by using MIM
E.
 Defines complex message bodies
 Extends original TCP/IP mail system
 Original specifications
 Only supported 7-bit data (not suitable for binary data
or multi-byte character sets)
 Did not support complex message bodies
 Specifies new headers to indicate the content of the b

ody
Topic 05,p.16
©VTC 2012
SMIME (SECURE MULTI-PURPOSE INTERNE

T MAIL EXTENSIONS)
 SMIME (secure multi-purpose internet mail exten
sions) is a secure version of MIME that prevent
s interception and forgery.
 It ensures privacy, tamper detection and verifi
cation of sender.
 Both the sender and receiver need SMIME compati
ble clients for them to exchange email securely
using this method.

Topic 05,p.17
©VTC 2012
SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

 Simple mail transfer protocol was invented during
the 1980s as a standard for the transmission of m
essages. It is the language that most mail server
s use to send messages between each other, i.e. S
MTP is for MTA.
 When the SMTP mail system sends a message it uses
DNS to convert the domain part of an email addres
s (such as @cwcim.org) to the TCP/IP network a
ddress of the machine that maintains the domain
(such as 202.100.200.23). It then connects to tha
t IP address on port 25 and uses very simple comm
ands to communicate the sender’s and recipient’
s email addresses and the body of the message.
Topic 05,p.18
©VTC 2012
SMTP COMMANDS
Command Function
HELO <hostname> Identifies connecting host
MAIL From: <revpath> Starts mail with sender
RCPT To: <fwdpath> Identifies envelope
DATA Begins message body
terminated by a line only with a dot
VRFY <address> checks that address is valid
EXPN <address> expands aliases and .forward
QUIT Closes the connection
RSET Resets the state of the connection

Topic 05,p.19
©VTC 2012
EMAIL ADDRESS
 An email address has two parts: the email accou
nt (which is the actual user’s account) and th
e domain name (which is the Internet registered
name for the organisation). These two parts are
separated by the @ (pronounced ‘at’) symbol.
 The following example shows a user called James
.cim with an account on the cwcim.org domain.
James.cim@cwcim.org

Topic 05,p.20
©VTC 2012
EMAIL SERVER
 Most email servers conduct email services by run
ning two separate processes on the same machine.
 One process is the POP3 (Post Office Protocol 3)
server which holds mail messages in a queue and
delivers the messages to the clients when reques
ted.
 The other is the SMTP (simple mail transfer prot
ocol) server that receives outgoing emails from
clients and sends and receives emails from other
SMTP servers.
 These two processes are linked by an internal ma
il delivery mechanism that moves messages betwee
n the POP3 and SMTP servers.
Topic 05,p.21
©VTC 2012
EMAIL SERVER
 When the client calls the email server to send
messages, it connects to the server on certain
TCP port (port 25 for SMTP).
 When the client checks for new messages, it co
nnects to the server on another TCP port
(port 110 for POP3).
 Figure on the next slide shows the relationshi
p between the client, server, POP3, SMTP and t
he Internet.

Topic 05,p.22
©VTC 2012
EMAIL SERVER

Topic 05,p.23
©VTC 2012
CONNECTION BETWEEN EMAIL SERVERS

Topic 05,p.24
©VTC 2012
Sendmail
 Sendmail is the most widely used MTA in Linux
.

Topic 05,p.25
©VTC 2012
COMPONENTS OF SENDMAIL
 Configuration file – /etc/mail/sendmail.cf
 location of files and directories needed
 Parsing rules for addresses
 Rules to select a delivery agent
 Configuration file is too complex to be edited

directly and therefore we must use the configur
ation tool – m4 macro
 Configuration tool – /etc/mail/sendmail.mc and
m4 macro processor)
 Queues
 Aliases and Mailing Lists

Topic 05,p.26
©VTC 2012
DNS RECORD FOR MAIL SERVER (OF A DOMAIN)

 DNS (domain name service) is the Internet’s
‘directory enquiries’ and translates names i
nto contact numbers (i.e. IP addresses).
 Each domain will have a DNS entry that contain
s information about where to find the domain’
s email servers (the MX records and A records)
and other relevant information.

Topic 05,p.27
©VTC 2012
Postfix
 Postfix is a replacement for the well known S
endmail (i.e. another mail server).
 Postfix is preferable (as compared to Sendma
il) because of the numerous security leaks tha
t were found in the Sendmail daemon.
 Postfix is robust and easy to setup (the conf
iguration file for sendmail is too complex).
It acts as a MTA (mail transfer agent) that can
receive mail messages and drop them into a loca
l mailbox.

Topic 05,p.28
©VTC 2012
NETWORK MANAGEMENT
 Network management generally includes th
e following tasks:
 Fault detection for networks, gateways, and c
ritical servers.
 Schemes for notifying an administrator of pro
blems.
 General network monitoring, to balance load a
nd plan expansion.
 Documentation and visualization of the networ
k.
 Administration of network devices from a cent
ral site.
Topic 05,p.29
©VTC 2012
NETWORK TROUBLESHOOTING
 Several good tools are available for debugging
a network at the TCP/ IP layer. Most give low-l
evel information, so you must understand the ma
in ideas of TCP/ IP and routing in order to use
the debugging tools.
 The architecture of TCP/ IP defines several lay
ers of abstraction at which components of the n
etwork can function. You can dramatically reduc
e the amount of time spent debugging a problem
if you first figure out which layer is misbehav
ing.

Topic 05,p.30
©VTC 2012
PING COMMAND
The ICMP sequence number is a particularly valuable piece of information.

Discontinuities in the sequence indicate dropped packets. They’re normally
accompanied by a message for each missing packet.
Lost-packet problems are important to track down because they tend to be masked
by higher-level protocols. The network may appear to function correctly, but it
will be slower than it ought to be, not only because of the retransmitted packets
but also because of the protocol overhead needed to detect and manage them.

Topic 05,p.31
©VTC 2012
TRACEROUTE COMMAND
 It uncovers the sequence of gateways through whi
ch an IP packet travels to reach its destination
.
 The output is simply a list of hosts, starting w
ith the first gateway and ending at the destinat
ion.
As packets arrive at the first gateway (lab-gw in this case), their TTL is decreased to
zero. When a gateway decreases the TTL to 0, it discards the packet and sends an
ICMP “time exceeded” message back to the originating host. The sender’s IP
address in the header of the error ICMP packet identifies the gateway, and traceroute
looks up this address in DNS to find the gateway’s hostname. To identify the second-
hop gateway, traceroute sends out a second round of packets with TTL fields set to 2.

Topic 05,p.32
©VTC 2012
NETSTAT COMMNAD
 netstat collects a wealth of information about t
he state of your computer’s networking software
.
 The most common uses of netstat are:
1. Inspecting interface configuration information.

2. Monitoring the status of network connections.
3. Identifying listening network services.
4. Examining the routing table.
5. Viewing operational statistics for various netwo
rk protocols

Topic 05,p.33
©VTC 2012
NETSTAT COMMNAD
2. With no arguments , netstat displays the status
of active TCP and UDP ports. Inactive (“listen
ing”) servers that are waiting for connections
are normally hidden, but you can see them with
netstat -a. For example:
The output above
shows an inbound
SSH connection, two
inbound IMAPS
connections, one
inbound HTTP
connection, an
outbound MySQL
connection, and a
bunch of ports
listening for other
connections.
Addresses are shown as hostname:service, where the service is a
port number. For well-known services, netstat shows the port
symbolically, using the mapping defined in /etc/services.
Topic 05,p.34
©VTC 2012
TCPDUMP
 By default, tcpdump tunes in on the first network interfac
e it comes across. If it choose the wrong interface, you c
an force an interface with the -i flag.
 If DNS is broken or you don't want tcpdump doing name look
ups, use the -n option; because slow DNS service can cause
the filter to start dropping packets before they can be de
alt with by tcpdump.
 The -v flag increases the information you see about packet
s. Finally, tcpdump can store packets to a file with the -
w flag and can read them back in with the -r flag.
 An overwhelming amount of information can be produced by p
acket sniffers. To avoid this problem on busy networks, tc
pdump lets you specify complex filters. For example, the f
ollowing filter collects only incoming web traffic from on
e subnet.
# tcpdump src net 192.168.1.0/24 and dst port 80
Topic 05,p.35
©VTC 2012

Lect 07 - Mail Server NetMan - 2015

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lect 07 - Mail Server NetMan - 2015

Uploaded by

Copyright:

Available Formats

Technical Support Fundamentals (ITP 4107)

MAIL SERVER – SENDMAIL

Mail Server - Sendmail

LESSON INTENDED LEARNING OUTCOMES

Mail Server - Sendmail

Mail Server - Sendmail

Mail Server - Sendmail

EMAIL SYSTEM ARCHITECTURE

Mail Server - Sendmail

EMAIL SYSTEM ARCHITECTURE

EMAIL SYSTEM ARCHITECTURE

Mail Server - Sendmail

EMAIL SYSTEM ARCHITECTURE

Mail Server - Sendmail

MAIL DELIVERY AGENT (MDA)

MAIL TRANSPORT AGENT (MTA)

Mail Server - Sendmail

MAIL ACCESS AGENT (MAA)

MAIL USER AGENT (MUA)

POST OFFICE PROTOCOL (POP)

Mail Server - Sendmail

POST OFFICE PROTOCOL (POP3)

IMAP (INTERACTIVE MAIL ACCESS PROTOCOL)

MIME (MULTIPURPOSE INTERNET MAIL EXTENS

 Specifies new headers to indicate the content of the b

SMIME (SECURE MULTI-PURPOSE INTERNE

Mail Server - Sendmail

SMTP (SIMPLE MAIL TRANSFER PROTOCOL)

Mail Server - Sendmail

Mail Server - Sendmail

Mail Server - Sendmail

Mail Server - Sendmail

CONNECTION BETWEEN EMAIL SERVERS

Mail Server - Sendmail

Mail Server - Sendmail

 Rules to select a delivery agent

 Configuration file is too complex to be edited

Mail Server - Sendmail

DNS RECORD FOR MAIL SERVER (OF A DOMAIN)

Mail Server - Sendmail

Mail Server - Sendmail

Mail Server - Sendmail

The ICMP sequence number is a particularly valuable piece of information.

Mail Server - Sendmail

Mail Server - Sendmail

1. Inspecting interface configuration information.

Mail Server - Sendmail

You might also like