Cosc 4750

Electronic Mail

SMTP Protocol

• The e-mail protocol.– There are several versions. – The basic standard protocol is RFC 821, which

we are going to use.• Including some headers so standard mail reader

understand the message better.

– By default, the smtp server uses port 25

SMTP Protocol commands

• SMTP is command based. The client issues a series of commands to the server.

• Opening a connection. client opens port 25, then– client: HELO <client host name>

• example: HELO laptop.cs.uwyo.edu

– Server: 250 Ok [may contain extra info]• example: 250 alameda.cs.uwyo.edu HELLO

laptop.cs.uwyo.edu [IP number], pleased to meet you

SMTP Protocol commands (2)

• clients issues from command– MAIL FROM:<username@host>– example: MAIL FROM:<seker@cs.uwyo.edu>

• server responses– 250… sender ok– OR– 5XX can't accept from sender.

SMTP Protocol commands (3)

• Next, who the message is for• client:

– RCPT TO:<username@host>– example: RCPT TO:<seker@cs.uwyo.edu>

• server responses:– 250 … Recipient ok– OR– 5XX user unknown

• The client can issue the RCPT command several times to send the same message to multiple addresses.

SMTP Protocol commands (4)

• The data section, which were we enter to bulk of the mail message.

• Client– data

• server responses.– 354 enter mail, end with "." on a line by itself

• client– Enter message, headers, extra information, then enter period on a

line by itself

example:bah.. bah.. bah….

SMTP Protocol commands (5)

• Server responses– 250 … message accepted for delivery.

• Finally, the client issues the quit command– quit

• Server closes the connection.

smtp example

C: HELO laptop.cs.uwyo.edu

S: 250: HELO laptop

C: MAIL FROM:<seker@cs.uwyo.edu>

S: 250 ok

C: RCPT TO:<allyson@cs.uwyo.edu

S: 250 ok

C: Data

S: 354 …

C: blah… blah… blah…

C: etc….

C:.

S: 250 OK

C: quit

S: closing connection

smtp example (2)

From seker@uwyo.edu Mon Nov 3 19:10:47 2003Return-Path: <seker@uwyo.edu>Received: from localhost (localhost [127.0.0.1]) by meru.cs.uwyo.edu (SGI-8.12.5/8.12.5) with SMTP id

hA42A4R7350019 for <seker@meru.cs.uwyo.edu>; Mon, 3 Nov 2003 19:10:41 -0700

(MST)Date: Mon, 3 Nov 2003 19:10:04 -0700 (MST)From: seker@uwyo.eduMessage-Id: <200311040210.hA42A4R7350019@meru.cs.uwyo.edu>

blah… blah… blah…etc….

More SMTP commands

• RESET– RSET, aborts current mail transaction, clears mail to,

receipt, and data information stored.

• NOOP– NOOP, no operation, server must respond with an OK.

• Can be used to determined if the server is "still alive", if for some reasons it quits responding during the connection.

• HELP– HELP, help function on the server. Does not have be

implemented.

E-mail Headers

• While not in the SMTP spec's clients and servers exchange more than just SMTP protocol commands.

• Headers transfer information about the e-mail. Where it's been and which servers received and resent the message.– Info about the message, time/date, transport agents are

listed, redirections, etc– A record of how and when a message was delivered– "Required" headers are listed in RFC 822

Some Headers

• Before the main body of mail message

• Subject: <subject>• To: <same user sent to>• REPLY-TO:<user>• CC: <user>,<user>, …

• Content type of message– examples:– Content-type: text/plain– Content-type: text/html

• Extra headers– X-<name>: <whatever>

• After all headers, that must be to blank lines for the clients programs to understand the headers have entered.

• Client programs also add headers to your e-mail when they access the e-mail as well.

Example of Header

• From aperson@hotmail.com Tue Nov 14 12:29:43 2000• Received: from alameda.cs.uwyo.edu (alameda.cs.uwyo.edu [129.72.216.20])• by meru.cs.uwyo.edu (SGI-8.9.3/8.9.3) with ESMTP id MAA20335• for <seker@meru.cs.uwyo.edu>; Tue, 14 Nov 2000 12:29:43 -0700 (MST)• Received: from roper (pmdf@roper.uwyo.edu [129.72.10.8])• by alameda.cs.uwyo.edu (8.9.3/8.9.3) with ESMTP id MAA01298• for <seker@cs.uwyo.edu>; Tue, 14 Nov 2000 12:29:38 -0700• Received: from DIRECTORY-DAEMON by ROPER.UWYO.EDU (PMDF V5.2-32 #33749)• id <0G4100C014TCQY@ROPER.UWYO.EDU> for seker@cs.uwyo.edu• (ORCPT rfc822;seker@uwyo.edu); Tue, 14 Nov 2000 12:29:37 -0700 (MST)• Received: from hotmail.com (f74.law8.hotmail.com [216.33.241.74])• by ROPER.UWYO.EDU (PMDF V5.2-32 #33749)• with ESMTP id <0G4100C1U4TBKY@ROPER.UWYO.EDU> for seker@uwyo.edu; Tue,• 14 Nov 2000 12:29:36 -0700 (MST)• Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Tue,• 14 Nov 2000 11:29:33 -0800• Received: from 12.23.109.98 by lw8fd.law8.hotmail.msn.com with HTTP; Tue,• 14 Nov 2000 19:29:32 +0000 (GMT)

• Date: Tue, 14 Nov 2000 12:29:32 -0700 (MST)• From: A Person <aperson@hotmail.com>• Subject: Subject removed• To: seker@uwyo.edu• Message-id: <F74Vvjvxo6AmX3qrB0X000016da@hotmail.com>• MIME-version: 1.0• Content-type: text/plain; format=flowed• X-Originating-IP: [12.23.109.98]• X-OriginalArrivalTime: 14 Nov 2000 19:29:33.0176 (UTC)• FILETIME=[3742A780:01C04E71]• Status: RO• X-Status: A• X-Keywords:• X-UID: 17247

SPAM & mass e-mailing

• The same information, you just saw, is what is also used to create and send SPAM.

• Can you see the problem?

Example you can try.

• From a command window on your computer– telnet cottonwood 25– Send yourself an e-mail message, using the

SMTP commands.

Sendmail

• Currently has about 75% of the market

• Versions– 8.9.3 to 8.13 are current standards– 8.11 out, default for linux systems– 8.8.8 Still used by some vendors– 9.0 is in a beta version and has been for many

years.

Mail Systems

• Mail User Agent (MUA)– lets users read and compose mail

• Mail Transport Agent (MTA)– routes messages among machines

• Delivery Agent– places messages in local mailboxes

• Access Agent– Connects user agent to messages (IMAP, POP)

User Agent

• Your e-mail program.– basic: mail, mailx, Mail (usually same program)– mail (BSD) and Mail (sysV) may both exist

• Non-graphical– elm, pine

• graphical– Rmail and VM (with emacs), mh/xmh, many more

• Remote– uses pop or imap

• Transport Agents– PMDF (which roper uses), postfix, smail, qmail, exm,

zmailer, and sendmail

• Delivery agents– sendmail turns to local programs– mail.local or smrsh– Also procmail– Usually goes to /var/spool/mail or /var/mail

• Access agents– imapd or popd (varying names for pop daemons)

Anatomy of a Message

• Envelope– Used by sendmail to figure out where the e-mail goes

• Header (RFC 822)– Info about the message, time/date, transport agents are

listed, redirections, etc

– A record of how and when a message was delivered

• Body of the message– The message the user sent.

Mail addressing

• Sendmail is about 20+ years old.• At that time, the Internet was in dozen

pieces– mil nets, arpa nets, bit net, “frodo” nets, and

BBS systems– Each had different routing, connection, and

naming schemes– Sendmail is still built to support them and

transport e-mail between the different “nets”.

Mail Aliases

• /etc/aliases file• example: (on a cs.uwyo.edu machine)

– abuse: seker@cs.uwyo.edu– fred: flintstone@bedrock.net– webmaster: aperson, bperson– mlist: :include:/home/list/mlistfile.txt

• Once you add aliases to the file, you need to run: newaliases

Mail forwarding

• Besides the /etc/aliases (which only root can change)

• A user can put a .forward file into their directory and sendmail redirect their mail to somewhere else– example of .forward

– seker@cs.uwyo.edu

You can have more than one address. they need to be comma delimited.

25 hops!

• E-mail can only make 25 hops before it is returned to sending as undeliverable.

• Meaning:– You should not .forward files moving mail

from 1 machine to another machine, to another machine, etc.

– Most e-mail makes about 4 to 8 average hops from one machine to another (across the internet).

List servers

• Sendmail can function as a list server with the include command, but you should use another product, like– mailman, majordomo, listproc, smartlist,

listserv lite.

Configuration

• For debugging and fine gain details, see O’Reilly’s Sendmail guide (500+ pages long).

• File and directories involved:– /etc/mail/*

– /etc/sendmail.cf or /etc/mail/sendmail.cf

– /etc/sendmail.mc (macro configuration for sendmail).

– /var/spool/mqueue

– /var/spool/mail or /var/mail

• For most configuration, you can use the sendmail.mc file (8.9.X+). Uses m4 macros to generate a sendmail.cf file.

• Example:

• define(`ALIAS_FILE’, `/etc/aliases’)– defines where the aliases file is.

Spam-related features

• FEATURE (`access_db’)– Allows you to build a “mail firewall”

The file looks like the followingcyberspammer.com 550 Spam not acceptedokguy@cyberspammer.com OKbadguy@aol.com REJECT170.201.180.16 REJECTuwyo.edu RELAYhotlivesex@ 550 Spam not accepted

Other FEATUREs

• FEATURE(`relay_entire_domain’)– allows relaying for just your domain

• RELAY_DOMAIN(`domain,…’)– add more domains to be relayed.

• define(confCW_FILE,`-o /etc/sendmail.cw’)• FEATURE(use_cw_file)

– in the sendmail.cw list virtual domains and domains you want to have relayed

• Define(`SMART_HOST’, ‘mailhost.uwyo.edu’)– Where all outbound mail will be sent

• MASQUERADE_AS, MASQUERADE_DOMAIN, masquerade_envelope, and masquerade_entier domain

– Can the From line, so that you “hide”/masquerade as a single machine

Debugging mail

• mail –v seker@uwyo.edu– Send an e-mail as normal, but sendmail then

gives verbose out as it talks to the receiving machine.

Lastly

• Sendmail is cryptic and hard to configure and difficult to lecture on most of it, but a lot doesn’t need to be configured manually.

• Read the book for more information and if needed be buy a good sendmail reference book.

AntiVirus and Linux

• There are many vendors who provide antivirus for “mail gateways” on UNIX and linux– Clamav is an open source version and is also

free.– http://www.clamav.net/

Clamav

• command-line scanner • fast, multi-threaded daemon • milter interface for sendmail • database updater with support for digital signatures • virus scanner C library • on-access scanning (Linux® and FreeBSD) • detection of over 40000 viruses, worms and trojans • built-in support for RAR (2.0), Zip, Gzip, Bzip2, Tar, MS OLE2, MS

Cabinet files, MS CHM (Compressed HTML), MS SZDD • built-in support for mbox, Maildir and raw mail files • built-in support for Portable Executable files compressed with UPX,

FSG, and Petite

Configuring Clamav

• /etc/clamd.conf configuration file– See the varying documentation in the file.

• For clamav-milter– Reads /etc/clamd.conf and takes command line

parameters– Some common ones

• --max-children=15 --noreject --dont-wait --force-scan \• --dont-log-clean --postmaster-only --timeout=0• --quarantine-dir=/quarantinedir • --pidfile=/var/run/clamav/clamav-milter.pid \• local:/var/run/clamav/clamav-milter.sock

With Sendmail

• Configure clamav and clamav-milter– Make sure both are started and start onboot.

– Clamav-milter is part that works with sendmail (and other mailers)

– Add the following lines to the sendmail.mc fileINPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/

clamav-milter.sock,F=, T=S:4m;R:4m')dnl– Clamav-milter.sock must be same as configured in clamav

define(`confINPUT_MAIL_FILTERS', `clmilter')

– Now e-mail will be scanned for viruses.

Virus updates

• Uses freshclam to get updates.– Configured to run as a deamon or as cron job

– Uses DNS entries to lookup the current virus pattern files, if new, then it downloads it and updates the definition file.

SpamAssassin

• Get it from the DAG archive– For Redhat/Fedora/CentOS

• Main Config’s are in /etc/mail/spamassassin/, but can be configured per user as well.

• Normally called via procmail, instead of sendmail– can be configured into sendmail like clamav

local.cf

• Configure up which tests and the “threshold” value– Somewhere between 6 and 10.# How many hits before a message is considered spam.

required_score 7.6

# Change the subject of suspected spam

rewrite_header subject [SPAM-H]

Using for all inbound e-mail

• Edit/create a file /etc/procmailrc, uses procmailDROPPRIVES=yes# send mail through spamassassin:0 HD#look for Subject: [SPAM-H]# don't run spamassassin on already marked spam* ! ^Subject:.*\[SPAM-H\]{:0fw| /usr/bin/spamc}

Documentation

• For ClamAV– http://www.clamav.net/

• For SpamAssassin– http://spamassassin.apache.org/

– For lots of tips and config’s: http://www.stearns.org/doc/spamassassin-setup.current.html

• For Procmail– http://www.procmail.org/ see interesting links

• For Sendmail– http://www.sendmail.org/

QA&