1 / 35

IT 3653 – Client Server Systems Administration

IT 3653 – Client Server Systems Administration. Argosoft Email Configuration (Lecture 3) Fall 2006, Feibish. Email Protocols . Email uses 3 main protocols SMTP (sending email) POP3 (receiving email, port 110) IMAP4 (receiving email, port 143) Email is also delivered via HTML ("Webmail")

Télécharger la présentation

IT 3653 – Client Server Systems Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.


Presentation Transcript

  1. IT 3653 – Client Server Systems Administration Argosoft Email Configuration (Lecture 3) Fall 2006, Feibish

  2. Email Protocols • Email uses 3 main protocols • SMTP (sending email) • POP3 (receiving email, port 110) • IMAP4 (receiving email, port 143) • Email is also delivered via HTML ("Webmail") • IMAP4 offers functionality not provided in POP3 but at a cost.

  3. SMTP • de facto standard for email transmission • Simple, text-based protocol • "Push" protocol that does not allow one to "pull" messages from a remote server on demand. • ASCII-based. Did not originally support binary attachments. (Problem solved with uuencode, MIME, etc.) • very insecure due to lack of authentication

  4. POP3 • "Post Office Protocol" • It is a "pull" technology used by almost all email clients • Email is pulled from the server onto the client machine – copy on server is deleted • Option available to "leave mail on server" • Simple, reliable. • Uses TCP port 110

  5. IMAP4 • Internet Message Access Protocol • Used for retrieving email, but unlike POP3, mail remains on the server • Can run is connected or disconnected mode.

  6. Advantages of IMAP over POP3 • Both connected and disconnected modes of operation • Multiple clients can simultaneously connect to the same mailbox • Access to MIME parts of messages and partial fetch • Message state information kept on the server • Multiple mailboxes on the server • Server-side searches • A built-in extension mechanism

  7. Disadvantages of IMAP vs POP3 • IMAP is a very heavy and complicated protocol. Implementing IMAP is more difficult and error-prone than implementing POP3 for both client and server implementations. This can result in security issues which are less likely under POP3. • IMAP generally results in higher server loads than POP3, resulting in higher costs for ISPs and end users. • Server-side searches can potentially use lots of server resources when searching massive mailboxes.

  8. Example: Argosoft Email • As an example of a working email system, we will look at a simple email server (Argosoft Pro • There are may email servers available. • This server was chosen due to it's complete yet simple user interface.

  9. Argosoft Mail Server • 3 versions • Free, Plus, Professional • Simple, easy to administer • Windows Only • Very affordable • Appropriate for workgroups • Supports SMTP, POP3, IMAP4, Webmail, WAP

  10. Main Interface Screen

  11. In the Options Screen, check Allow Relay to send email through the server. BE CAREFUL – watch for the security problem discussed in class! Allow / Disallow Relay

  12. Options / Ports • The default port numbers for each protocol are provided. • You can change the port numbers if necessary. • Port forwarding on router must match if appropriate.

  13. Options / Logging • Set an appropriate level of logging for each protocol • Don't overdo it. (Know why!)

  14. Options/Advanced • Many detailed options are available to set the timing and performance of the server. (Note message size limit!)

  15. Domains, Users and Groups • You can define one or more domains • Domains contain users and distribution lists.

  16. User Properties • For each user, administrator can set names, passwords, security settings, etc.

  17. SMTP Authentication • TURN THIS ON!!! (Know why…) • Without authentication, anyone can send email through your server to any user on the Internet.

  18. Security – Sender Rules • To maximize security, only allow users with accounts on your server to send email using your server.

  19. Security – Lockout Manager • For added security, the Lockout Manager will disable connections for IP addresses with consistent problems (errors). • You can set "blacklist time" and number of errors to trigger lockout.

  20. Trusted Senders • Use this feature carefully! • Any email address on this list will bypass security on your system altogether.

  21. AntiSpam - Filters • AntiSpam Filters allow you to reject messages and/or attachments based on content. • Be careful not to choose overly common terms.

  22. AntiSpam – IP Based Filtering • You can allow or disallow traffic based on IP Address • Hard to enforce due to changind addresses

  23. AntiSpam - GeoIP • Identify the country of origin of incoming email • Block email from specific countries • Requires updates from public databases

  24. AntiSpam – Address Verification • Check for forged "from" addresses • Can be CPU and network intensive

  25. AntiSpam – DNS Based Spam Databases • Free, public databases of known spammers and open relays • Works in real-time • Somewhat effective

  26. AntiSpam - WhiteLists • Each user of ArGoSoft Mail Server Pro can create a list of email addresses, from which an account will accept mail. Account will accept mail ONLY from these addresses, and will reject all other mail (unless Auto WhiteListing for account is enabled, see below). • WhiteLists can be set up individually by users, they are accessible from the web interface, by clicking WhiteList link on the message list page, or via the server console, from Tools - Configuration, select the user, click Properties - White Lists tab. • If WhiteLists are enabled, server checks whether address, transmitted with MAIL FROM SMTP command (which does not have to match FROM or REPLY-TO headers, contained in the email message) contained in the list, and if it does not, bounces mail to the sender. If Auto WhiteListing is enabled, then server places the message on hold, and sends to the MAIL FROM address a confirmation request, asking the sender to click certain link. After sender clicks the link, hold on all messages from that particular MAIL FROM address gets released, mail is moved to the user inbox, and an address is added to the WhiteList. It means, if more messages arrive from the same sender, they will go to the inbox directly, without placing on hold, and requesting.

  27. AntiSpam - GrayLists • Graylisting works as follows: when remote server attempts to deliver mail to local recipient, server stores an IP address of the server, "try later" (4xx series) server reply to it. Then, if the same server retries again within a specified period of time, your server will accept and deliver mail. • An idea behind it is that, legitimate servers usually try to deliver mail again, while spammers - don't.

  28. AntiSpam – Sender Policy Framework (SPF) • SPF, or Sender Policy Framework, is very promising spam protection mechanism. It allows to reject delivery to local users, if connection does not originate from IP address, which was approved by the domain, used in the address of sender. • In order this method to work, domain of sender must be publishing SPF records on their DNS. Number of such domains increases very fast. • For more information about SPF, visit http://spf.pobox.com.

  29. AntiSpam – Reverse Lookup Matching • Reverse lookup matching (Security - Reverse Lookup Matching) is puts very hard restriction on the delivery of mail on your server. We would not recommend to use this option, unless you are sure that you really want to use it. • It works the following way: after remote computer connects to your server, server gest a domain name, transmitted with HELO/EHLO SMTP command, resolves it to an IP address, and compares it to the IP address of connecting computer. If there is no match, mail will be rejected. • Not all mail servers are sending their exact domain name with HELO/EHLO command. It is possible, that they are sending e.g. microsoft.com, but the actual IP address of server is e.g. mx3.microsoft.com. Connection can be legitimate, but your server will reject the connection. • Even your server may not pass through this restriction, if you did not specify a local host on the General tab of Options Dialog box, or, if you have specified the name, which does not translate to the external IP address of your server.

  30. Troubleshooting • If you have problems, you can turn off delivery. • You will receive emails, but your server will not send email to any users. • This will stop email floods.

  31. Troubleshooting – Log File • Log file will give you best information on status of your email server • Look at current or previous logs

  32. How to get your email server working? • Obtain an domain name from your registrar • Link domain to your IP address using DNS service. (You may have to set MX records in the DNS server) • If you are using a private network, configure PORT FORWARDING on the router. • Install and configure the Argosoft server. • Double-check security and test, test, test.

  33. DNS – MX Records • "An MX record or Mail exchange record is a type of resource record in the Domain Name System (DNS) specifying how Internete-mail should be routed. MX records point to the servers to send an e-mail to, and which ones it should be sent to first, by priority. " From http://www.wikipedia.org/wiki/MX_record

  34. Practice, practice, practice • You must practice to get this to work. • You will not understand email administration simply by reading it. • Many email systems are much more complicated than Argosoft.

  35. Questions?

More Related