• No results found

Table of Contents. Architecture. Organisation. Structure of the organisation. Structure. with sendmail and postfix.

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Table of Contents. Architecture. Organisation. Structure of the organisation. Structure. with sendmail and postfix."

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)

Email Architecture

with sendmail and postfix

dr. C. P. J. Koymans

Informatics Institute University of Amsterdam

October 5, 2009

Table of Contents

Structure

Email flows

Sendmail

Postfix

Other MTA’s

Organisation

I

Say O is an example organisation

I A is an autonomous suborganisation I M is a managed suborganisation

I a is an autonomous part of M I m is a managed part of M

Structure of the organisation

I

O

I A I M

I a I m

(2)

DNS mirrors the structure

I

Where are the cuts?

I

O.org.

I A.O.org. I M.O.org.

I a.M.O.org. I m.M.O.org.

Email mirrors the structure

I

mail.* are mail relays and servers

I mail.O.org. I mail.A.O.org. I mail.M.O.org. I mail.a.M.O.org. I mail.m.M.O.org.

MX records (1)

O.org.

MX

0

mail.O.org.

A.O.org.

MX

0

mail.A.O.org.

10

mail.O.org.

M.O.org.

MX

0

mail.M.O.org.

10

mail.O.org.

MX records (2)

a.M.O.org.

MX

0

mail.a.M.O.org.

5

mail.M.O.org.

10

mail.O.org.

m.M.O.org.

MX

0

mail.m.M.O.org.

5

mail.M.O.org.

10

mail.O.org.

(3)

Email addresses

I

Employee “The Boss” working in department “a”

I [email protected] I [email protected] I [email protected]

Email forwarding

I

[email protected] is forwarded to

I [email protected], which is in turn forwarded to I [email protected]

I

Forwarding can be

I user based (.forward)

I system based (alias file or database)

SMTP flow (inbound) (1)

I

Directly to mailhost in MX record

I [email protected] enters at top I [email protected] enters at leaf

SMTP flow (inbound) (2)

I

Always to mail.O.org.

I Requires “split” DNS

I Different outside MX record for a.M.O.org., pointing to mail.O.org.

(4)

SMTP flow (outbound)

I

Directly to outside world

I No “corporate” policy

I Needs smart hosts decentrally

I

Flowing up the tree step by step

I Uses the “smart host” option

I

Directly to the top of the tree

I Uses the “smart host” option

Mail access

I

Only leaf mail servers supply mail access

I

Intermediate servers are relay only

I

In case you want to deliver higher in the tree

I Create an extra child for mail delivery

I Separate SMTP relay from local delivery and IMAP access

sendmail configuration (Ubuntu 8.04.1)

I

Debian specific (based on sendmail 8.14.2)

I

Has an extensive init script to control sendmail execution

I

Uses a separate sendmail.conf file to source inside init script

I

Uses a helper program (sendmailconfig) to generate the main

configuration file sendmail.mc

sendmail configuration directory (Ubuntu 8.04.1)

I

/etc/mail as configuration directory

I sendmail.mc, which is used to generate I sendmail.cf

I using the m4 macro processor I local-host-names

I aliases I access I . . .

(5)

m4 macros (Ubuntu 8.04.1)

I

Inside /usr/share/sendmail/cf

I m4 source files m4/*

I cf.m4, cfhead.m4, proto.m4 I debian/*, domain/*, feature/*, . . . I hack/*, mailer/*, ostype/*, . . .

sendmail.mc

I

OSTYPE(debian)

I

DOMAIN(debian-mta)

I

DAEMON_OPTIONS(. . . )

I

FEATURE(. . . )

I no_default_msa I access_db I . . . I

MAILER

I local I smtp

debian.m4

I

define(conf. . . )

I

Lots of configuration parameters, to name a few

I confSMTP_LOGIN_MSG I confCW_FILE

I confDEF_USER_ID

debian-mta.m4

I

Many more conf. . . options

I confMAX_HOP

I confDONT_BLAME_SENDMAIL I All kinds of TimeOut(TO)-timers

I confTO_MAIL I confTO_QUIT I . . .

(6)

sendmail.cf macros

I

Macros

I C<class> ($=<class>) I F<class_in_file> I Fw/etc/mail/local-host-names I D<name> ($<name>)

sendmail.cf hostnames

I

sendmail -bt -d0.4

I Debugging local hostname(s) I $j=$w.$m

I

What is inside $=w class?

I Many “hostnames”, also numeric

sendmail.cf map lookup

I

K<mapname> <type> <detail>

I mailertable hash -o /etc/mail/mailertable.db I generics hash -o /etc/mail/genericstable.db I virtuser hash -o /etc/mail/virtusertable.db

sendmail.cf options

I

AliasFile

I

ForwardPath

I

DaemonPortOptions (UseMSP)

I

Timeout

I

*LA (Queue, Refuse, Delay)

I

SmtpGreetingMessage

(7)

sendmail.cf headers

I

HReceived:

I $?sfrom $s $.$?_($?s$|from $.$_)

I $.$?{auth_type}(authenticated$?{auth_ssf}

bits=${auth_ssf}$.)

I $.by $j ($v/$Z)$?r with $r$. id $i$?{tls_version} I (version=${tls_version} cipher=${cipher} bits=${cipher_bits} verify=${verify})$.$?u I for $u; $|; I $.$b

sendmail.cf rulesets

I

S<name>=<number>

I canonify=3 (always first)

I parse=0 (resolves <mailer,host,user>) I check_relay (to disable open relaying) I check_mail (checks MAIL FROM:) I check_rcpt (checks RCPT TO:)

sendmail.cf rules

I

LHS (Left Hand Side)

I $*, $+, $- (token matching)

I $@ (matching zero tokens, used for empty input) I $=, $˜(class matching)

I

RHS (Right Hand Side)

I $1, $2, . . . (substitution) I $:, $@ (control flow)

I $>, $?$|$. (recursion; conditional) I $[. . . $], $(. . . $) (IP lookup; map lookup)

Sendmail ruleset testing

I

sendmail -bt

I =S<ruleset>, =M I $<m>, $=<c> I /parse <address>

I /try <mailer> <address> I /map <map> <lookup>

(8)

sendmail.cf mailers

I

M<mailer> <attributes>

I local (maybe procmail as MDA) I prog, *file*, *include* (builtin) I smtp, esmtp, smtp8, relay, bsmtp, fido I procmail (as mail filter, called with “-m”)

A new kid on the block?

I

Projects to modernise sendmail

I Sendmail X, which has been succeeded by I MeTA-1

I Resembles Postfix and qmail in architecture I All processes are resident and not semi-resident

(as in Postfix) or on demand (as in qmail)

Postfix

I

(Mostly) compatible with sendmail

I supplies /usr/{lib,sbin}/sendmail emulation

I

Good performance

I

Safe and secure

I

Modular and flexible

General postfix features

I

Support for multiple transports

I

Easy virtual domain configuration

I

Extensive UCE/SPAM control

(9)

Postfix modular setup

I

One resident master process

I compare to inetd super server

I

Some semi-resident daemons

I started via master.cf file I something like inetd.conf

Postfix queues

I

maildrop (local incoming)

I

incoming (after cleanup)

I

active (being worked on)

I deferred (temporary failure) I hold (needs human intervention) I corrupt (needs human inspection)

Postfix security

I

Is not setuid root

I

Uses chroot environment

I

Is modular and not monolithic

I

Filtering of outside information

Postfix daemons

I

pickup (mail from maildrop via postdrop (“sendmail”))

I

smtpd (remote mail from the Internet)

I

cleanup (repairs incoming mail)

I

qmgr (processes mail queues)

I

local (local delivery)

(10)

Postfix assistants

I

(trivial-)rewrite

I canonicalisation (compare “ruleset 3”) I resolving (compare “ruleset 0”)

I

bounce

I error mailer I defer messages

Postfix/Sendmail tables

Postfix

Sendmail

virtual

virtusertable

canonical

genericstable

transport

mailertable

access

access

relocated

- (aliases)

(11)

qmail

I

Who looked at qmail and wants to explain?

Exim

References

Download now ( PDF - 11 Page - 165.24 KB )

Related documents