Mail Server
DEMO
Simple
Useful
Powerful
Send Mail
Don't Be Afraid. It's Friendly!
yum install mailx
echo "mama is god" | \
mail -s "Subject" \
[e-mail addr.]
That's All :)
Receive Mail
Hold it...
You have new mail!
example: ouo -✉-> owo
Send
Notification
Retrieve your mail
So...
Why Mail Server?
Aggressive missionary...?
for (( int i = 0 ; i < 100 ; i+=1 )); do
echo "<(_ _)>" | \
mail -s "MAMA IS GOD!!!!" \
b05902xxx@ntu.edu.tw
done
WASAY!!
SPAM!!
spam-script
So, safety?
SMTP
(Simple Mail Transfer Protocol)
NOT SO SIMPLE
HELO [who am i?]
MAIL FROM: [e-mail addr.]
DATA
RCPT TO: [e-mail addr.]
five steps:
telnet [server] smtp
If 麻麻(mama)
wants to play a prank...
MAIL FROM:
b05902008@csie.ntu.edu.tw
RCPT TO:
hsinmu@csie.ntu.edu.tw
DATA
我NASA想要被當!! Plz!!
I Actually Like This Idea
example:
counterfeit mail
step1 : telnet
step2 : who am i?
step3 : MAIL FROM
step4 : RCPT TO
step5 : type "DATA" and start your context
use a single line with . as EOF
However,
I'm not 008
He will get an counterfeit mail!
**[SPAM] tag:
The mail server we built
thought this is spam.
(details later)
So, we need SASL
Authentication!
(Simple Authentication and Security Layer)
SMTP + Auth
EHLO [who am i?]
AUTH PLAIN/LOGIN [secret]
Note that: password should encrypt
(EHLO (Extended HeLlo): find supported mechanism)
printf "\0[account]\0password" | base64
to encrypt, and copy it.
But, If Piepie wants to
eavesdrop...
PiePie is Python master, aka PPP.
Auth but being Eavesdrop
(Use Wireshark, we can intercept the data.)
Use encrypt string to login
(Encrypt String) username: vmail password vmail
We can eavesdrop the data.
We also need TLS!
(Transport Layer Security)
>STARTTLS
<250-STARTTLS
<220 2.0.0 Ready to start TLS
Simply use SMTPS!
(More Secure!!)
(SSL Encytption)
Using SSL...
Use SMTPs to Deliever:
openssl s_client -connect [server]:smtps
Use SMTP + openssl TLS mech.
openssl s_client -connect [server]:smtp
-starttls smtp
Not So Good Service and Our Difficulty
That's what Postfix does!
How about recieving mail with mail server?
Two Popular Protocols:
imap & pop3
POP3
1 login [username] [pw]
2 select INBOX
3 fetch 1 body[]
4 logout
Commands are too Starburst(星爆) to demo.
user [username]
pass [password]
list (list all mails)
retr [num] (retrieve %d mail)
quit
EASY! Huh?
IMAP
User-friendly but
Function is
not complete
Function is complete
but it's too hard for me.
cmd:
cmd:
Also, We need Safety!
Use SSL, too!
Pop3s
openssl s_client -connect [server]:pop3s
Imaps
openssl s_client -connect [server]:imaps
DEMO:
Pop3s
MAIL
DATA
LOGIN
SSL
title
That's what Dovecot does!
Why Postfix can
communicate with Dovcot?
Use LMTP to connect
(Local Mail Transfer Protocol)
If Users Information
is not right here...
Let dovecot to listen
remote ldap's infromation
(Lightweight Directory Access Protocol)
If we already know 行健 is spam...
1. reject_rbl_client
popular blacklist!
2. Postgrey
trash usually delivered only once.
DEMO: postgrey
the first Addr. we meet
will greylisted
for 60 seconds.
Greylisted After 60 sec...
OK!
3. SpamAssassin
Looks like trash?
3. SpamAssassin
Trash will be add [SPAM] tag
If you really really
hate someone...
e.g. b05902008
4. Alias ACL
Set Alias as blacklist!
If set rules to reject...
In MailLog...
REJECT!
If someone's hands are dirty...
他
手
很
賤
Like this one
If he guess right the password,
what things will happen?
sudo rm -rf /*
Fail2ban
IP has lots of failed login attempt
will be banned.
Fail2ban:
Wrong Tries == 3 will be banned
and inform manager.
Notification
3 wrong tries
Connection refused
That's a Lots of command!
don't be scared, because...
Web Mail Server
Ultimately user-friendly!
Friendly GUI!
Overfail Postfix
Why only postfix?
Postfix Queue mech.
Ansible
Script: www.csie.ntu.edu.tw/~b05902127/playbook.yml