book

Linux Email

Name: Linux Email
ISBN: 9781847198648

by Ian Haycox, Ralf Hildebrandt, David Rusenko, Alistair McDonald, Patrick Ben Koetter, Carl Taylor, Magnus Back

November 2009

Beginner

376 pages

8h 49m

English

Packt Publishing

Read now

Unlock full access

Linux E-mail
Table of Contents
Linux E-mail
Credits
About the Authors
About the Reviewers
Preface
What this book covers
Who this book is for
Conventions
Reader feedback

Customer support
ErrataPiracyQuestions
1. Linux and E-mail Basics
Why manage your own e-mail server
What you need to host an e-mail server
Sizing the hardware of your e-mail server
Main e-mail protocols: SMTP, POP, and IMAP
OverviewPOP protocolIMAP protocolThe SMTP protocol
E-mail and DNS
DNS record types used by e-mail applications
Backup mail servers
Summary
2. Setting up Postfix
Introduction to PostfixWhat is PostfixPostfix architecture: An overviewNew message arrivalScheduling message deliveriesMessage deliverySupporting programs
Installation and basic configuration
Choosing the Postfix versionInstalling from a packageInstalling from source codeThe Postfix configurationmain.cfmaster.cfLookup tablesGetting Postfix up and runningDomains and hostnamesIndirect mail delivery through your ISPChoosing network interfacesChoosing mailbox format for local deliveriesError reportingOther useful configuration parametersStarting Postfix and sending the first message
Stopping spam and other unwanted messages
Postfix's anti-spam methods: An overviewUnderstanding SMTP restrictionsAccess mapsAccess map examplesImplementing new policiesUsing DNS blacklistsChoosing DNS blacklistsStopping messages based on contentConfiguring header and body checksHeader and body checks examplesCaveats
Virtual alias domains and local aliases
Virtual alias domainsMany virtual alias domains mapping to one local domainOne virtual alias domain mapping to many local domainsGroup addressesIntroducing MySQL lookupsLocal aliasesCommand deliveriesCommon pitfallsOther address rewriting mechanisms
Troubleshooting Postfix problems
Reading and interpreting the log filesMessage queue IDSMTP submission and local deliveryLocal submission and SMTP deliveryConnection problems upon SMTP deliveryGetting more detailed log messagesTroubleshooting lookup tables with PostmapGetting help from the Postfix mailing list
Summary
3. Incoming Mail with POP and IMAP
Choosing between POP and IMAP
Downloading and installing Courier-IMAP
Installing Courier-IMAP from a distribution repositoryInstalling Courier-IMAP from RPMInstalling Courier-IMAP using the Debian package formatInstalling Courier-IMAP from sourcePrerequisitesBuilding the Courier Authentication LibraryConfiguring the Courier Authentication LibraryResolving errorsBuilding Courier-IMAPHandling errors
Using POP3
Configuring Courier-IMAP for POP3Testing the POP3 ServiceRetrieving E-mail via POP3 with Windows Live Mail
Using IMAP
Configuring Courier for IMAPTesting the IMAP serviceRetrieving mail via IMAP with Mozilla Thunderbird
Summary
4. Providing Webmail Access
The webmail solutionThe benefitsEasy and quick accessEasy remote accessNo need to maintain clientsConfiguring mail server interface via the user interfacePossible security benefitsThe disadvantagesPerformanceCompatibility with large e-mail volumesCompatibility with e-mail attachmentsSecurity issues
The SquirrelMail webmail package
SquirrelMail installation and configuration
Prerequisites to installationBasic requirementsInstalling Apache2PHPPerlReview configurationInstalling SquirrelMailSource installationConfiguring SquirrelMail
SquirrelMail plugins
Installing pluginsExample plugin installationDownloading and unpacking the pluginPerforming custom installationEnabling the plugin in conf.plUseful plugins
Securing SquirrelMail
Summary
5. Securing Your Installation
Configuring Postfix network mapsSMTP-after-POPVirtual Private NetworksSMTP AuthenticationStatic IP rangesGeneric relay rulesExplicit relay rulesDynamic IP ranges
Cyrus SASL
SASL layersAuthentication interfaceMechanismMethodPassword verification serviceInstalling Cyrus SASLConfiguring Cyrus SASLSelecting a password verification serviceChoosing a log levelChoosing valid mechanismssaslauthdUsing an IMAP server as authentication backendUsing an LDAP server as authentication backendUsing the local user accountsUsing PAMauxpropConfiguring the sasldb pluginConfiguring the sql pluginauthdaemondSetting the authdaemond password verification serviceConfiguring the authdaemond socket path
Testing Cyrus SASL authentication
Configuring Postfix SMTP AUTH
Preparing the configurationEnabling SMTP AUTHSetting the security policyIncluding broken clients
Testing SMTP AUTH
Enabling relaying for authenticated clients
Securing plaintext mechanisms
Enabling Transport Layer SecurityConfiguring security policy
Dictionary attacks
Recipient mapsChecking local domain recipientsChecking relay domain recipientsRate-limiting connections
Summary
6. Getting Started with Procmail
Introduction to ProcmailWho wrote it and when
How can a filtering system help me?
Potential uses of mail filteringFiltering and sorting mailForwarding mailProcessing the mail in an applicationAcknowledgements and out of office/vacation repliesFile locking and integrityWhat Procmail is not suitable for
Downloading and installing Procmail
Installing via a package managerInstalling from sourceInstallation options/considerationsIndividual installationSystem-wide installationIntegration with Postfix for system-wide deliveryCreating an alias for system accountsAdding Procmail to the Postfix configurationPostfix-provided environment variables
Basic operations
Configuration fileFile formatConfiguration file dissection
Analyzing a simple rule
The rule structureVariable analysisRule analysis
Creating and testing a rule
A "hello world" exampleCreating rc.testingPerforming static testing of the scriptConfiguring Procmail to process rc.testingTesting the setup
Configuration debugging
Checking for typos in the scriptsLooking at the log file for error messagesChecking file and directory permissionsTurning on Full LoggingTaking steps to avoid disasters
Understanding e-mail structure
Message bodyE-mail headersHeader structureOfficial definitions for headers
Example rule sets
From headerReturn-Path HeaderFiltering by Return-PathTo and Cc headersFiltering by To or CcSubject headerFiltering by subject
System-wide rules
Removing executablesLarge e-mails
Summary
7. Advanced Procmail
Delivering and non-delivering recipesNon-delivering example
Formail
Advanced recipe analysis
Adding commentsAssigning variablesPerforming substitutionsAssigning variable with default valuesAssigning command output to variablesPseudo-variablesMailbox variablesProgram variablesSystem interaction variablesLogging variablesProcmail's state variablesMessage content variablesLocking variablesError-handling variablesMiscellaneous variablesPrinting Procmail variablesRecipesColon lineLockingAutomatic lockingEnforced lockingNo lockingFlagsDefault flagsScope of matching: HBScope of action: hbFlow control: aAeEcCase sensitivity: DExecution mode: fwWirConditionsApplying a rule unconditionallyTests with regular expressionsTesting the size of a message partTesting the exit code of an external programNegationVariable substitution in conditionsAction lineForwarding to other addressesFeeding to a shell or command pipelineSaving to a folderCompound recipes
Regular expressions
Introduction to regular expressionsThe dotQuantifier operationThe asteriskThe plus signRestrictive matches using parenthesesCreating a simple spam filterCharacter classesStart of lineEnd of LineFurther reading^TO and ^TO_^FROM_MAILER^FROM_DAEMON
Advanced recipes
Creating a vacation auto replyOrganizing mail by dateInforming users about large mail
Procmail Module Library
Putting it all together
Creating a structure to base your own rules uponRc.systemRc.listsRc.killspamRc.vacationRc.largefilesRc.virusesRc.spamfilter
Summary
8. Busting Spam with SpamAssassin
Why filter e-mailSpam is a moving targetSpam filtering options
Introduction to SpamAssassin
Downloading and installing SpamAssassin
Using CPANConfiguring CPANInstalling SpamAssassin using CPANUsing the rpmbuild utilityUsing pre-built RPMsTesting the installationModified e-mails
Using SpamAssassin
Using SpamAssassin with ProcmailGlobal procmailrc fileUsing SpamAssassin on a per-user basisUsing SpamAssassin as a daemon with PostfixUsing SpamAssassin with amavisd-newInstalling amavisd-new from packageInstallation prerequisitesInstalling from sourceCreating a user account for amavisd-newConfiguring amavisd-newConfiguring Postfix to run amavisd-new
Configuring e-mail clients
Microsoft OutlookMicrosoft Outlook ExpressMozilla Thunderbird
Customizing SpamAssassin
Reasons to customizeRules and scoresAltering rule scoresUsing other rulesetsWhitelists and blacklistsBayesian filtering
Other SpamAssassin features
Summary
9. Antivirus Protection
Introduction to ClamAV
Document types supported
Downloading and installing ClamAV
Adding a new system user and groupInstalling from a packageInstalling from source codeRequirementsBuilding and installingQuick test
Editing the config files
clamdExamining the sample config filefreshclamClosest mirrorsExamining the sample config fileFile permissions
Post installation testing
EICAR test virusTesting clamscanTesting clamdTesting freshclam
Introduction to ClamSMTP
Building and installingConfiguring into PostfixConfiguring clamSMTPExamining the sample config file
Testing e-mail filtering
Testing mail-borne virus filteringThorough e-mail-borne testing
Automating update of virus data
Setting up auto updating
Automating startup and shutdown
ClamSMTPClamAV
Monitoring log files
Disinfecting files
Summary
10. Backing Up Your System
Backup optionsRAIDImage backupsFile system backupsAd hoc backups
What to back up
System inventoryObtaining a list of installed softwareSystem configuration filesAuthentication dataThe users' mailboxesLog filesThe mail queue
What not to back up
Backing up users' e-mail
Mail storageUsing dumpFull dumpIncremental dumpsUsing restoreInteractive restoreNon-interactive restore across the network
Backing up configurations and logs
Transferring configurations and logs to backup mediaRestoring the configuration
Automating backups
Backup scriptAdding crontab entries
Verifying restoration procedures
Summary
Index

Content preview from Linux Email

Securing plaintext mechanisms

We already noted that SMTP AUTH using plaintext mechanisms isn't really safe because the string that is sent during authentication is merely encoded and not encrypted. This is where Transport Layer Security (TLS) comes in handy because it can shield the transmission of the encoded string from curious eyes.

Enabling Transport Layer Security

To enable TLS you must generate a key pair and a certificate, and then alter the postfix configuration to recognize them.

To generate an SSL certificate, and to use SSL, you need to have the OpenSSL package installed. This will be installed in many cases, otherwise use your distribution's package manager to install it.

To create a certificate, issue the following commands (as root): ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781847198648

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Linux Email

by Ian Haycox, Ralf Hildebrandt, David Rusenko, Alistair McDonald, Patrick Ben Koetter, Carl Taylor, Magnus Back

Securing plaintext mechanisms

Enabling Transport Layer Security

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.