Assignment 2: The core I (SMTP)

Installation and configuration of a send mail service (SMTP) [MTA]: Postfix

Now our goal is to deploy a secure MAIL service that enables managing the e-mail of users in an enterprise environment. Users managed by a LDAP active directory service on server-01.

More details in reference [2]

First, let’s start with SMTP, which will allow us to manage the sending of e-mail from a MUA (Mail User Agent) to a MTA (Mail Transfer Agent).

1. Installation of the SMTP server using POSTFIX implementation:

   • Install the Postfix mail service on server-05 and tools to manage Maildir mailboxes.

   • During installation, debconf will ask you about the initial configuration for Postfix:

   General type of mail configuration: Internet Site
   mail name: server-05.localdomain

2. Initial configuration:

   • Check the main configuration files of the Postfix service and make sure that they contain the following essential items:

     • Disable SMTPs (smtp over ssl)

     • Server hostname (FQDN): server-05.localdomain

     • Network interfaces to listen to SMTP requests: all

     • SMTP port (default): 25

     • The list of "trusted" remote SMTP clients to relay mail from (only my server):

       1. server-05.localdomain

       2. server-05

       3. localhost.localdomain

       4. localhost

       5. localdomain

     • File to store the mail alias.

       • The aliases are non-real accounts, that is, mail user accounts that do not exist in the system, but that can be associated with one or more real mail accounts.

         1. systems -> root

         2. support -> user1

       • Create a file with these aliases. When sender sends a mail to support@localdomain, the mail is actually received by user1. This file must be a ‘Berkeley database’ using the command newaliases. The result is a file called aliases.db that will be used by Postfix.

         1. alias_maps = hash:/etc/aliases

         2. alias_database = hash:/etc/aliases

     • List of "trusted" remote SMTP clients that have more privileges than "strangers". To specify the list of trusted networks by hand, specify network blocks in CIDR (network/mask) notation:

       1. mynetworks = 10.128.0.0/16, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

       It is important to remember here what is an “open relay”. Open relays allow anyone to send email from your mail server. The mail server does not check that it is authorized to send mail from the mail address on the third-party email. What this means is that anyone can send email via your cloud server IP address from any mail address. This is one reason why your server IP address can end up on blacklists. Also, your legitimate email is not being received by the people you are sending it to. So, it’s important to define mynetworks.

     • Maildrop management. You can use procmail command (it must be installed previously) as a MDA to deliver user's mail from the MTA to the user’s maildrop. also, you can keep postfix as MDA.

   • Check the configuration files of Postfix daemon and make sure that they contain the following essential items:

     • Daemon runs only the unsecure service instance (no ssl) smtpd. (for the moment)