+

Campus Area Network

Server Configuration
DFN50303 OPEN SOURCE SERVER ADMINISTRATION
+
2.5 LINUX Mail Server
Objectives:
1. Identify mail agents in email services.
2. Explain the protocols used in mail transport across the
network.
3. Describe the process of getting an email over a network.
4. Explain on configuring Mail Server with spam and virus
filtering.
5. Identify secure network communications using SSL and
TLS.
6. Mail server in open source software.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+What is Mail Server?
 With the click of a mouse button, you can send an email from one
point of the globe to another in a matter of seconds.

 It's easy to understand how standard snail-mail gets from point A to

point B - but how does an email message make its way from a sender
to a recipient?

 The answer to that question revolves around something called a mail

server.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+What is Mail Server?

 A mail server is a computer (that run specially designed software) that

serves as an electronic post office for email.

 Every email that is sent passes through a series of mail servers along
its way to its intended recipient.

 This software is built around agreed-upon, standardized protocols for

handling mail messages and the graphics contain in the messages.

 Without this series of mail servers, you would only be able to send
emails to people whose email address domains matched your own -
i.e., you could only send messages from one example.com account to
another example.com account.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+What is Mail Server?

 Mail servers can be divided into two main categories: outgoing mail
servers and incoming mail servers.

 Outgoing mail servers are known as SMTP, or Simple Mail Transfer

Protocol, servers.

 Incoming mail servers come in two main varieties.

1. POP3, or Post Office Protocol, version 3, servers are best known
for storing sent and received messages on PCs' local hard drives.
2. IMAP, or Internet Message Access Protocol, servers always store
copies of messages on servers.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+What is Mail Server?

 What is Internet mail or email?

• Electronic mail, commonly called email or e-mail, is a method of

exchanging digital messages from an author to one or more
recipients.
• Modern email operates across the Internet or other computer
networks.
• Early email systems required that the author and the recipient both
be online at the same time, a la instant messaging.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
Mail Servers Agents

 The mail agent involved in email services at

the protocol level:

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
Mail Servers Agents

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL USER AGENT (MUA)
 Mail User Agent (MUA) - e-mail agent or an e-mail.

 The E-mail user need a Mail User Agent (MUA) to compose an email,
often referred as a mail client, a computer program that allows you to
receive and send e-mail.
 The example for mail client are Microsoft Outlook, IBM Lotus Notes,
Pegasus Mail, Mozilla's Thunderbird, The Bat!, Eudora.
 To use an MUA such as Microsoft Outlook, you install the MUA
program on your computer and then use it to download and store e-mail
messages to your computer, it will also allow you to read or write
messages offline.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL USER AGENT (MUA)
 Mail User Agent (MUA) - e-mail agent or an e-mail.

 A web application that provides message management, composition, and

reception functions is sometimes also considered an email client,
commonly referred to as webmail.
 Popular web-based email clients include Gmail, Lycos Mail, Mail.com,
Outlook.com and Yahoo! Mail.
 Web-based MUAs store messages on their own mail servers and allow
access to them through a Web page.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL USER AGENT (MUA)

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL USER AGENT (MUA)

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL TRANSFER AGENT (MTA)
 Mail Transfer Agent (MTA)
 This is the primary software working on a machine set up as an email server.

 The MTA process is used to forward e-mail. The MTA receives messages from
the MUA or from another MTA on another e-mail server and forwarded to
reach its destination.

 The MTA will send the email message from email client software out into the
Internet and to its intended recipient.

 The MTA transfers your email message to another MTA, the one that handles
the account of its recipient, which then stores it in a file known as a mailbox or
a mail spool.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL TRANSFER AGENT (MTA)
 Mail Transfer Agent (MTA)
 Your recipient's client software will then request messages from their server
and the mail spool's contents will be transferred to their client's mailbox
respectively.

 On the Internet, MTAs communicate with one another using the protocol
SMTP, and logically called SMTP servers (or sometimes outgoing mail
servers).

 Example of MTA agent is Sendmail and Postfix

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL TRANSFER AGENT (MTA)

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL DELIVERY AGENT (MDA)
 Mail Delivery Agent (MDA)

 If the mail is addressed to a user whose mailbox is on the local server, the mail
is passed to the MDA.
 A Mail Delivery Agent (MDA) is call upon by the MTA to deliver incoming
email in the proper user's mailbox. In many cases, the MDA is actually a Local
Delivery Agent (LDA).
 Any program that actually handles a message for delivery to the point where it
can be read by an email client application can be considered an MDA.
 Some MTAs (such as Sendmail and Postfix) can fill the role of an MDA when
they append new email messages to a local user's mail spool file.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL DELIVERY AGENT (MDA)
 Mail Delivery Agent (MDA)

 MDAs do not transport messages between systems (this is provided by

MTA) nor do they provide a user interface (this is provided by MUA) ;
 MDAs distribute and sort messages on the local machine for an email
client application to access.
 Example of MDA agent is Procmail
 The recipient's MTA delivers the email to the incoming mail server (called the
MDA) which stores the email as it waits for the user to accept it.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
MAIL DELIVERY AGENT (MDA)
 There are two main protocols used for retrieving email on an MDA:
 POP3 (Post Office Protocol), the older of the two, which is used for
retrieving email and mail is deleted off the server.
 IMAP (Internet Message Access Protocol), which is used for
coordinating the status of emails (read, deleted, moved) across
multiple email clients. With IMAP, a copy of every message is
saved on the server, so that this synchronization task can be
completed.
 For this reason, incoming mail servers are called POP servers or
IMAP servers, depending on which protocol is used.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
How Email Work
 When an email is sent using MUA, the message is routed from
server to server all the way to the recipient's email server.
 More precisely, the message is sent to the mail server tasked with
transporting emails, called the MTA to the recipient's MTA. On
the Internet, MTAs communicate with one another using the
protocol SMTP, (thus it logically called SMTP servers or
sometimes outgoing mail servers).
 The recipient's MTA then delivers the email to the incoming mail
server MDA, which stores the email as it waits for the user to
accept it. There are two main protocols used for retrieving email
on an MDA ; POP3 and IMAP.
 For this reason, incoming mail servers are called POP Servers
or IMAP servers, depending on which protocol is used.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
How Email Work

 To use a real-world analogy, MTAs act as the post office (the sorting area and
mail carrier, which handle message transportation), while MDAs act as
mailboxes, which store messages (as much as their volume will allow) until the
recipients check the box.
 This means that it is not necessary for recipients to be connected in order for
them to be sent email.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
How Email Work

 To keep everyone from checking other users' emails, MDA is

protected by a user name called a login and by a password.
 Retrieving mail is done using a software program called
an MUA (Mail User Agent).
 When the MUA is a program installed on the user's system, it is
called an email client (such as Mozilla Thunderbird, Microsoft
Outlook, Eudora Mail, Incredimail or Lotus Notes).
 When it is a web interface used for interacting with the incoming
mail server, it is called webmail.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+The Process Of Getting An Email Over A
Network.

SMTP
SMTP

Username/
Password
POP/IMAP

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+The Process of Sending an Email
 The basic steps of this process are outlined below:

 Step #1: After composing a message and send, your email client -
whether it's Outlook Express or Gmail - connects to your domain's
SMTP server. This server can be named many things; a standard
example would be smtp.example.com.

 Step #2: Your email client communicates with the SMTP server,
giving it your email address, the recipient's email address, the message
body and any attachments.

 Step #3: The SMTP server processes the recipient's email address -
especially its domain. If the domain name is the same as the sender's,
the message is routed directly over to the domain's POP3 or IMAP
server - no routing between servers is needed. If the domain is
different, though, the SMTP server will have to communicate with the
other domain's server.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+The Process of Sending an Email

 Step #4: In order to find the recipient's server, the sender's SMTP
server has to communicate with the DNS, or Domain Name Server.
The DNS takes the recipient's email domain name and translates it into
an IP address. The sender's SMTP server cannot route an email
properly with a domain name alone; an IP address is a unique number
that is assigned to every computer that is connected to the Internet. By
knowing this information, an outgoing mail server can perform its
work more efficiently.

 Step #5: Now that the SMTP server has the recipient's IP address, it
can connect to its SMTP server. This isn't usually done directly,
though; instead, the message is routed along a series of unrelated
SMTP servers until it arrives at its destination.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+The Process of Sending an Email

 Step #6: The recipient's SMTP server scans the incoming message. If
it recognizes the domain and the user name, it forwards the message
along to the domain's POP3 or IMAP server. From there, it is placed in
a sendmail queue until the recipient's email client allows it to be
downloaded. At that point, the message can be read by the recipient.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Simple Mail Transfer Protocol (SMTP)

 SMTP is used by an email client to send/forward messages to its local

email server. The local server then decides if the message is for a local
mailbox or if the message is addressed to a mailbox on another server.

 If the server has to send the message to a different server, SMTP is used
between the two servers as well. SMTP requests are sent to port 25.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
Post Office Protocol version 3 (POP 3)
 A POP server receives and stores messages addressed to its users. When the
client connects to the email server, the messages are downloaded to the client.
The messages are not kept on the server after they have been accessed by the
client. Clients contact POP3 servers on port 110.

 Example; Microsoft Outlook

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Internet Message Access Protocol (IMAP4)

 An IMAP server also receives and stores messages addressed to its users.
However, it keeps the messages in the mailboxes on the server, unless they are
deleted by the user. The most current version of IMAP is IMAP4 which listens
for client requests on port 143.

 Example; Yahoo Mail

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
Various Mail Server Software
 Postfix (http://www.postfic.com)
 It is Wietse Venema's mail server that started life at IBM research as an
alternative to the widely-used Sendmail program.
 Postfix attempts to be fast, easy to administer, and secure. The outside has
a definite Sendmail-ish flavor, but the inside is completely different

 Exim (Http://www.exim.org)
 Exim is a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet. It is freely
available under the terms of the GNU General Public Licence.
 In style it is similar to Smail 3, but its facilities are more general. There is
a great deal of flexibility in the way mail can be routed, and there are
extensive facilities for checking incoming mail.
 Exim can be installed in place of Sendmail, although the configuration of
Exim is quite different.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
Cont…
 Qmail (http://qmail.org)
 Qmail is a mail transfer agent (MTA) that runs on Unix. It was written, starting
December 1995, by Daniel J. Bernstein as a more secure replacement for the
popular Sendmail program.
 qmail's source code is in the public domain, making qmail free software.

 Cyrus IMAP (http://cyrusmap.web.cmu.edu)

 The Cyrus IMAP server differs from other IMAP server implementations in
that it is generally intended to be run on sealed servers, where normal users
cannot log in. The mail spool uses a file system layout and format similar to
the Maildir format.
 The Cyrus IMAP server supports server-side mail filtering through the
implementation of a mail filtering language called Sieve.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
cont…

 Dovecot (http://dovecot.org)
 Dovecot is an open source IMAP and POP3 email server for
Linux/UNIX-like systems, written with security primarily in mind.
 Dovecot is an excellent choice for both small and large
installations. It's fast, simple to set up, requires no special
administration and it uses very little memory.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Mail Server with Spam and Virus Filtering

 ISP manager allows you to protect your mailboxes from unwanted

emails.

 There are also various application and software can be used to manage
the spam message and scan the virus in email messages.

 Example :
 Implementing a Postfix mail server with spam and antivirus
protection using SpamAssassin, a powerful open source spam filter
ClamAV a virus scanner.
 These tool can also be implemented with Exim mail server.
 SpamWall tool provides an integrated Anti-Spam and Anti-Virus
solution with a complete email protection for mail servers at the
"network perimeter" level,

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Secure network communications between clients
and mail server.
 When it comes to mail-server-to-mail-server communications, SMTP, like
HTTP, is also a plain-text by default.
 Most emails are still transferred in plain text and not encrypted.
 The username and password is sent in clear text (unencrypted) across the
Internet making it possible to anybody in the same wireless connection or
same network can potentially "intercept" your network traffic and clearly
read your username and password or steal confidential information.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Secure network communications between clients
and mail server.
 There are protocols for encrypting the session data transmitted
between clients and servers  provide a secure communications over a
network.
 Secure Sockets Layer (SSL)
 Transport Layer Security (TLS)
 SSL and TLS are both cryptographic protocols that provide
authentication and data encryption between servers, machines, and
applications operating over a network (e.g. a client connecting to a web
server).
 Although SSL was replaced by an updated protocol called TLS (Transport
Layer Security), "SSL" is still a commonly used term for this technology.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+SSL Certificate

 Most Linux MUAs designed to check email on remote servers

support SSL encryption.
 An SSL certificate is a file installed on a website's origin
server.
 It is a data file containing the public key and the identity of
the website owner with other information.
 Without an SSL certificate, a website's traffic can't be
encrypted with TLS.
 An SSL certificates issued by a certificate authority will be
considered as trustworthy by the web browsers.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Secure Sockets Layer (SSL)

 A protocol developed by Netscape in 1995 (v1.0) for transmitting

private documents via the Internet and has been the de facto
standard for e-commerce transaction security.
 With SSL, information were transmitted over the Internet in an
encrypted form for security purposes.
 POP/SMTP over SSL encrypts all data exchanged between your mail
client and the mail server with a digital security certificate to protect
your password and messages.
 Logically, it also provides a secure connection between the web
browser and the web server.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Secure Sockets Layer (SSL)

 SSL supported by Netscape Navigator, Internet Explorer,

Microsoft and other Internet client/server developers, and
many Web sites use the protocol to obtain confidential user
information, such as credit card numbers until it became the
de facto standard until evolving into Transport Layer
Security. (TLS)
 By convention, URLs that require an SSL connection start
with https: instead of http.
 HTTPS functions over Port 443.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Secure Sockets Layer (SSL)

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Secure Sockets Layer (SSL)

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Transport Layer Security (TLS)

 Transport Layer Security is a successor to SSL protocol,

developed by IETF as an enhancement to SSL.
 TLS protocol was released in January 1999 to create a
standard for private communications and released version 3.1
of SSL as TLS 1.0.
 It used for web browsers and other applications that require
data to be securely exchanged over a network, such as web
browsing sessions, file transfers, VPN connections, remote
desktop sessions, and voice over IP (VoIP).

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Transport Layer Security (TLS)

 The basic operation the two protocols is the same, but TLS
incorporates improvements found as SSL became widely used.
 These goals are achieved through implementation of the TLS
protocol on two levels: the TLS Record protocol and the
TLS Handshake protocol.
 The Record protocol provides connection security.
 The TLS Handshake Protocol allows the server and client to
authenticate each other and to negotiate an encryption
algorithm and cryptographic keys before data is exchanged.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+Transport Layer Security (TLS)

 The mutual authentication of the servers requires public key

deployment to clients.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+How Does SSL/TLS Encryption Work?

 SSL/TLS encrypts the messages between the email client and

the email server as well as between email servers.
 SSL/TLS uses both asymmetric and symmetric encryption to
protect the confidentiality and integrity of data-in-transit.
 Asymmetric encryption is used to establish a secure session
between a client and a server, and symmetric encryption is
used to exchange data within the secured session.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+How Does SSL/TLS Encryption Work?

A website must have an SSL/TLS certificate for their web

server/domain name to use SSL/TLS encryption.
 Once installed, the certificate enables the client and server to
securely negotiate the level of encryption.
 Once you leave the website, those keys are discarded.
 On your next visit, a new handshake is negotiated, and a new
set of keys are generated.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
SSL vs SSH

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+
SSL vs SSH

 SSH and SSL are both cryptographic protocols used for creating a
secure connection to exchange confidential/sensitive data by
ensuring its integrity.
 SSH and SSL are build based on the Public Key Infrastructure (PKI)
and its public-private key pair.
 However, although they both imply securing remote communications
and data transfers, their applications are different:
 SSH - Securing computer networks
 SSL – Securing web data transfers - essential element of an SSL
Certificate

DFN50303 OPEN SOURCE SERVER ADMINISTRATION

+SSL and TLS

Conclusion
Both SSL and TLS are protocols which serve the same purpose,
providing security and encryption to your connection between TCP
and applications.
SSL version 3.0 was designed first then TLS version 1.0 was
designed, which is the predecessor or the latest version of SSL which
consist of all the SSL features but have some enhanced security
features too.

DFN50303 OPEN SOURCE SERVER ADMINISTRATION