Re: send email
From: nessuno (nessuno_at_wigner.berkeley.edu)
Date: 07/21/03
- Next message: Jim Fischer: "Re: Apache & VirtualHosts"
- Previous message: SRIKANTH NS: "Re: How to enable IceWm session in RH9?"
- In reply to: nessuno: "Re: send email"
- Next in thread: Atse: "Re: send email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 21 Jul 2003 11:05:56 -0700
nessuno@wigner.berkeley.edu (nessuno) wrote in message news:<f76c1166.0307201501.5c9ead33@posting.google.com>...
> "CL (dnoyeB) Gilbert" <CheckMyGPGKey@ThisOneIsFake.com> wrote in message news:<5eacnZhtGc13o4SiXTWJig@comcast.com>...
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > CL (dnoyeB) Gilbert wrote:
> > | Atse wrote:
> > | | That means the user who is a valid user of this mail server, locating
> > | | anywhere and hosting any IP without specified at this server, can send
> email
> > | | through this SMTP by using MS Outlook/Outlook Express
> > | |
> > |
> > | You have to first install another component. look for mapi package, I
> > | believe the mapi one contains the SMTP server as well
> > |
> > |
> > |
> >
> > cant remember if thats mapi or imap...
> >
> > - --
> > Respectfully,
> >
> >
> > CL Gilbert
> >
> > "Verily, verily, I say unto you, He that entereth not by the door() into
> > the sheepfold{}, but climbeth up some other *way, the same is a thief
> > and a robber." John 10:1
> >
> > GnuPG Key Fingerprint:
> > 82A6 8893 C2A1 F64E A9AD 19AE 55B2 4CD7 80D2 0A2D
> >
> > For a free Java interface to Freechess.org see
> > http://www.rigidsoftware.com/Chess/chess.html
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.2.2 (GNU/Linux)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQE/GT7qVbJM14DSCi0RAi2RAJ4uyUSB39S/MXrZ8ef1gWaGLexv0ACdEuWL
> > Pb4TW+mO6bFWlvqz0rW8HE8=
> > =/+AV
> > -----END PGP SIGNATURE-----
>
> Dear Atse,
>
> I'm certainly no expert on this subject, but recently I set up RH 9.0
> to act as a mail server for local and remote clients, so my experience
> may help. My clients were using Netscape or Mozilla to send and
> receive email, not Outlook, but I suspect the general principles are
> the same. (These programs are called Mail User Agents, or MUAs).
>
> First, I found the documentation that came with RH 9.0 very useful.
> Since you have RH 8.0, I can't give you page numbers, but it should be
> similar. If you don't have the printed manuals (worth the price), you
> should have this documentation on CDs with the distribution itself, or
> you can get it online from RedHat. In particular, the Reference Guide
> has a chapter on email that you might start with.
>
> Let's think about two machines: Yours, the *mail server*, presumably
> running RH Linux 8.0, and a *client*, presumably running Outlook on
> Windows or something like that. The client wants to be able to send
> and receive email.
>
> In addition, you might have users with accounts on your mail server
> itself, who want to send and receive email. Call them *local
> clients*. I'll talk about the remote clients first, they're more
> difficult to set up.
>
> Most MUAs, running on the client machine, interact with the mail
> server via one of two protocols, POP or IMAP. One difference is that
> when you read emails, POP transfers the entire email to the client
> machine (this can be slow if the client is using dial-up and the email
> has big attachments), while IMAP only transfers the message header.
> In the IMAP system, emails are maintained on the server itself, not
> the client machine. This costs disk space on the server, but it is
> convenient if a user wants to access his email from several different
> client machines.
>
> When a mail client (in your case, someone running Outlook on another
> machine) configures his account, he will have to specify whether he
> wants POP or IMAP. Also, if you want to use the IMAP protocol (say),
> then you must have an imap daemon running on your client machine to
> listen to and respond to imap requests that come in. I set up IMAP on
> my machine, so I'll talk about that, but I believe POP is similar.
>
> In addition to the imap daemon, you also need to have sendmail running
> on the server (or equivalent program, but I'll talk about sendmail
> because that's what I used). You will want to think about security
> when you set up both these programs on the server.
>
> One important security requirement concerns the process whereby remote
> clients send emails. The process is that a remote client sends an
> email to your server, and sendmail running on your server then
> "relays" it to the destination. By default, however, sendmail on
> recent RH distributions is configured not to relay anything from
> anywhere. You can change the configuration of sendmail to make it
> respond to any relay request it receives from anywhere ("promiscuous
> relaying"), but if you do this every spammer in the world will soon be
> using your mail server to relay their spam to hide its true source.
> Some of the messages earlier in this thread alluded to this threat. It
> sounded from your original message that you wanted to configure
> sendmail for promiscuous relaying, but you surely don't want to do
> that. Instead, you want to configure it to relay only from the ip
> addresses of your trusted clients.
>
> Another security question is whether you want communications between
> remote clients and the mail server to be encrypted. If so, the
> clients will have to enable SSL (secure sockets layer) on their MUA,
> and you will have to use the right version of the imap daemon (there
> are two versions, with and without ssl protection). I set
> up my system with encryption.
>
> Yet another security question concerns your firewall. You may not
> have a firewall, but if you do, you are using (probably) iptables to
> implement it, and the default firewall (my choice was Medium Firewall
> at installation time) blocks all incoming imap requests. Thus, the
> firewall configuration must be modified to accept imap requests.
>
> Here is another security consideration. Email clients, whether local
> or remote, must have accounts on the mail server. (The mail
> itself is stored somewhere under /var.) However, clients who only want
> you use your system for email do not need to have full accounts with
> home directories, etc. In fact, it is better if they do not, since if
> someone finds out their password, they could log in as a user and
> create mischief if the account is a full account. I only had one
> remote client I wanted to serve, so I went ahead and created a full
> account for that person, but you might want to investigate how to set
> up user accounts without login privileges for your email clients.
>
> What follows are the steps I used (somewhat simplified) when I set up
> my mail server on RH 9.0. Some things may be different on RH 8.0.
>
> First I got sendmail itself running and configured. First I went to
> System Settings -> Server Settings -> Services and checked sendmail,
> and then started it. Now as a local user on the mail server, I used
> the unix mail program to send an email to another email address (I
> have one on a local ISP that I used as a target.) This should work.
>
> The next problem is that the default configuration of sendmail with RH
> 9.0 can send email, but not receive it. To change this configuration,
> go to /etc/mail (as root), save copies of sendmail.mc and sendmail.cf.
> Then edit /etc/mail/sendmail.mc to comment out the line with
> DAEMON_OPTIONS in it. Then run
>
> m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
> /sbin/service sendmail restart
>
> See the Reference Guide for documentation about this process. The
> first time I did this, I found that program m4 was not installed with
> my installation. So I had to go back and install the package
> sendmail-cf, to get this program. When I ran the above commands, I
> got an error message on shutting down sm-client, but it didn't
> seem to hurt anything.
>
> After this, a local mail client on the server itself should be able to
> receive email sent from another source by using the unix mail
> program. If all is ok up to this point, sendmail is probably working
> correctly.
>
> Next we worry about setting up your machine as an imap server. The
> first problem is the firewall, that by default blocks imap requests.
> If you're an expert with iptables, you know how to change this to
> allow incoming imap requests. On RH 9.0 there is a tool for
> configuring the firewall (under Start Here -> System Settings ->
> Security Level), but it is rather crude and does not allow you to
> enable imap. However, I found that I could use the command line
> lokkit to do this (I entered imap under "Other Ports" on the second
> page). This is an alternative to using iptables. BTW, gnome-lokkit,
> a GUI version of lokkit, does not allow you to enable imap, use the
> command line version.
>
> Next you need to make sure imap is installed and running, and in the
> right version. There are basically two versions, one that transfers
> data in plain text (imap), and one that uses SSL encryption (imaps).
> These listen on different ports (143 and 993 resp). I bought a book,
> "Open Source Email Security" by Blum, which discusses this in Ch. 16.
> On RH 9.0, you go to Start Here -> System Settings -> Server Settings
> -> Services, make sure imaps is is running, and imap is not. These
> are xinetd services, you might want to read about this, since xinetd
> has ways of controlling access to different services. However, I
> found that xinetd as configured by RH was not blocking access to imap
> services.
>
> Now you need to set up an SSL certificate, if you want to use
> encrypted communication. See p. 164 of the 9.0 Reference Guide. Go
> to /usr/share/ssl/certs, rename the file imapd.pem, then run
>
> make imapd.pem
>
> and follow the instructions to make a certificate. To do it right you
> need a certificate from a certificate authority, but you have to pay
> for that. Then do
>
> /sbin/service imaps restart
>
> or use the Services tool to restart.
>
> Now you can test this out to see if you can make a connection. From
> another unix computer enter:
>
> openssl s_client -host <your mail server> -port 993
>
> It will be obvious if you make the connection (you should be able to).
> This will guarantee that the SSL version if the imap daemon is running
> on your mail server.
>
> Next you need to configure sendmail to relay from privileged clients.
> For each such client, enter a line in the file /etc/mail/access file
> like the following:
>
> 207.213.11 RELAY
>
> where on the left is an ip address (or a partial ip address if you
> want to allow access from a subnet). After changing this file, you
> must run
>
> makemap hash /etc/mail/access < /etc/mail/access
>
> That's most of what worked for me. Hope this helps.
>
> Sincerely, Robert Littlejohn (=nessuno, the email address above is a
> dummy that forwards to the real me).
Dear Atse,
I made a mistake in my last posting. In the 6th paragraph where I
said,
"an imap daemon running on your client machine", I meant to say, "an
imap daemon running on your mail server".
Yours sincerely, Robert Littlejohn
- Next message: Jim Fischer: "Re: Apache & VirtualHosts"
- Previous message: SRIKANTH NS: "Re: How to enable IceWm session in RH9?"
- In reply to: nessuno: "Re: send email"
- Next in thread: Atse: "Re: send email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
