Practical Exercises
To be completed by 4/20/2005

Postfix installation, configuration and testing

Your desktop machine, say unisys18, is going to be an e-mail client; your node host, say node18, should be configured as a Postfix e-mail server. You need to change the host names in the configurations below for those of your machines.

On the node, install Postfix 
apt-get install postfix
During the installation, a configurator started: 
choose "Internet site"
aliases for root "NONE"
Check /etc/postfix/main.cf and modify it as follows: 
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

myhostname = node18.rutgers.edu
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = node18, node18.rutgers.edu, localhost.rutgers.edu, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command =
mailbox_size_limit = 0
recipient_delimiter = +
Restart the server: 
/etc/init.d/postfix reload

Test the server by telneting to it from the desktop, say unisys18: 
telnet node18 25

Trying 192.168.5.38...
Connected to node18.rutgers.edu.
Escape character is '^]'.
220 node18.rutgers.edu ESMTP Postfix (Debian/GNU)

EHLO node18

250-node18.rutgers.edu
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250 8BITMIME

mail from: root@unisys18
250 Ok
rcpt to: root@node18.rutgers.edu
250 Ok

data
354 End data with .

Subject: test mail
Hi root.
.


press ENTER

250 Ok: queued as 1D0B8140F3

quit
Check for e-mail in file /var/mail/root on node18

Setup aliases to re-direct e-mail for root to youself on the server. Modify /etc/aliases 
root:          jerry 
postmaster:    root
Run command 
newaliases
Try to e-mail again something to root@node18
Install UW-IMAP server on node18: 
apt-get install uw-imapd
Choose "Yes" for Allow insecure authentication using plaintext passwords.
Choose "Yes" for Continue installing libc-client without Maildir support Select "imap2 and "imaps".
Check if there are entries in /etc/inetd.conf for IMAP and IMAPS: 
#:MAIL: Mail, news and uucp services.
imap2   stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/imapd
imaps   stream  tcp     nowait  root    /usr/sbin/tcpd /usr/sbin/imapd
To verify that the IMAP and IMAPS ports are open (tcp/143 and tcp/993), run 
netstat -nalp | grep inetd

On your desktop, configure an e-mail program. It can be either Mozilla or pine. You can download the pine deb package from here
Install it 
dpkg -i pine_4.61-1_i386.deb
In configuration file /etc/pine.conf, specify the name of the domain, outgoing SMTP server, and the Inbox IMAP server, for example 
user-domain=node18.rutgers.edu

smtp-server=node18.rutgers.edu

inbox-path="{node18.rutgers.edu:143/novalidate-cert}inbox"

Install ntpdate on both the desktop and the node in order to synchronize the clocks. Otherwise, e-mail time stamps would be inconsistent. 
apt-get install ntpdate
ntpdate -su 128.6.224.114

Run pine or Mozilla to send and receive emails at node18.rutgers.edu.

  • Sending e-mail to remote hosts.
    Modify /etc/hosts on node18 and include a new entry for capone.rutgers.edu: 
    192.168.5.240           capone.rutgers.edu capone

    Modify mynetworks in /etc/postfix/main.cf and also add disable_dns_lookups as follows: 
    mynetworks = 127.0.0.0/8  192.168.5.0/24
disable_dns_lookups = yes
    Reload postfix: 
    /etc/init.d/postfix reload

    Send an e-mail to mailtest18@capone.rutgers.edu. Note, if you are using unisys01/node01, send e-mail to mailtest01@capone.rutgers.edu, accordingly.
    Retrieve the e-mail from capone by telneting to POP3 and authenticating as user mailtest18 with password 'Password18'. Note, for mailtest01, the password is 'Password01', for mailtest02, the password is 'Password02', etc: 
    telnet capone 110
Trying 192.168.5.240...
Connected to 192.168.5.240.
Escape character is '^]'.
+OK
USER mailtest18
+OK
PASS Password18 
+OK
RETR 1
+OK
......

DELE 1  
+OK
QUIT
  • Send e-mail to the other students in the class. You can use either their user name or aliased root on nodes as the recepient e-mail address, such as root@node01.rutgers.edu, root@node02.rutgers.edu, etc. Check if they can receive your e-mails.
  • Try to email yourself at eden or any other remote host outside of our private subnet.
    The email should bounce back to you with an error like below 
     5.1.8 ... Domain of sender address
 jack@node18.rutgers.edu does not exist (in reply to MAIL FROM command)
    Modify /etc/postfix/main.cf by adding line 
    canonical_maps = hash:/etc/postfix/canonical
    Create a new file, /etc/postfix/canonical with the following content: 
    @node18.rutgers.edu    @capone.rutgers.edu
@unisys18.rutgers.edu  @capone.rutgers.edu
    Rebuild canonical maps and reload the server: 
    postmap /etc/postfix/canonical
/etc/init.d/postfix reload

    If you send email again, it should be delivered fine and appear as coming from User_Name@capone.rutgers.edu. Don't try to respond to it as it won't be delivered to the private network.
    Comment out the line in /etc/postfix/main.cf 
    #canonical_maps = hash:/etc/postfix/canonical
    otherwise, email for local destinations will end up at capone. Reload postfix server again.

  • Header Filtering.
    Modify /etc/postfix/main.cf file by including an extra line with 
    header_checks = regexp:/etc/postfix/bad_headers
    Reload the postfix as you always do after modifying /etc/postfix/main.cf: 
    /etc/init.d/postfix reload
    Create a new file, /etc/postfix/bad_headers with the following content: 
    /^Subject:(.*)Mortgage Low Rates/                                       REJECT Mortgage Rates
/^Subject:(.*)[Vv]iagra/                                                REJECT Viagra
/^Subject:(.*)[Ss]ildenalfil/                                           REJECT You meant the v-word.
/^Subject:(.*)[Cc]itrate/                                               REJECT You meant the v-word.
/^Subject:(.*)[Cc]ialis/                                                REJECT c_ialis.
/^Subject:(.*)[Ee]nzyte/                                                REJECT e_nzyte.
/^Content\-Transfer\-Encoding:(.*)base64$/                              REJECT base_64
    Try to send emails to yourself at the node with the following subjects: 'Viagra', 'Mortgage Low Rates', 'Cialis' and notice how emails bounce off.

  • Body content filtering
    Modify /etc/postfix/main.cf file by including an extra line with 
    body_checks =  regexp:/etc/postfix/bad_content
    Reload the postfix as you always do after modifying /etc/postfix/main.cf: 
    /etc/init.d/postfix reload
    Create a new file, /etc/postfix/bad_content with the following content: 
    /Nude Celebrities/                                              REJECT  Nude celebrities
/FREE MEMBERSHIP/                                               REJECT  Free membership
    Try to send emails to yourself containing 'Nude Celebrities' and 'FREE MEMBERSHIP' in the text and watch for error messages.

  • Reject email from hosts with unresolvable names.
    Modify /etc/postfix/main.cf file by including extra two lines with 
    smtpd_helo_required = yes
smtpd_helo_restrictions = reject_unknown_hostname
    Reload the postfix. Email to youself at the node machine. You should get a bounce off error similar to the following: 
    [Mail not sent: : Helo command rejected: Host not found]
    Since we don't have a local DNS, your desktop machine is unresolvable. Comment out these lines in /etc/postfix/main.cf, otherwise, you won't be able to send emails from your desktop.

    Previous Pageprevious First Pagetop