PacNOG 10 Track 2 Postfix exercise ---------------- Notes ------ * Commands preceded with "$" imply that you should execute the command as a general user - not as root. * Commands preceded with "#" imply that you should be working as root using "sudo" * Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>") imply that you are executing commands on remote equipment, or within another program. 0. First, let's install postfix $ sudo -s # apt-get install postfix When asked what kind of configuration, choose: "Internet site" We'll also need telnet to manually connect to the port 25 # apt-get install telnet And, we'll also need a simple mail program to read the mail we receive, so let's install "mutt": # apt-get install mutt 1. Make sure that postfix is running: # ps ax | grep postfix You should see the "master" process for postfix running 2. Make sure your neighbour has started postfix, too, and try to send a mail manually via their machine. If you are pcX, and they are pcY, you will run "telnet pcY 25". Replace "myemailaddress@at.home" with your real email address. What YOU type is marked with -> (DON'T type "->", this is just to point the lines!). Remember to replace X and Y with the number of your PC and your neighbor's respectively. -> root@pcX:~# telnet pcY 25 Trying 10.10.0.Y... Connected to pcY.ws.nsrc.org. Escape character is '^]'. 220 pcY.ws.nsrc.org ESMTP Postfix (Ubuntu) -> HELO pcX.ws.nsrc.org 250 pctest.ws.nsrc.org -> MAIL From: 250 2.1.0 Ok -> RCPT To: 554 5.7.1 : Relay access denied Notice that your mail is rejected. Why ? Now, try and send mail to the sysadm user on pcY: -> root@pcX:~# telnet pcY 25 Trying 10.10.0.90... Connected to pcY.ws.nsrc.org. Escape character is '^]'. 220 pcY.ws.nsrc.org ESMTP Postfix (Ubuntu) -> HELO pcX.ws.nsrc.org 250 pcY.ws.nsrc.org -> MAIL From: 250 2.1.0 Ok -> RCPT To: 250 2.1.5 Ok -> DATA 354 End data with . -> Subject: A test mail for pcY -> From: sysadm@pcX.ws.nsrc.org -> To: sysadm@pcY.ws.nsrc.org -> -> Hello! -> . 250 2.0.0 Ok: queued as 818D07FE9C -> quit 221 2.0.0 Bye Repeat this with 2-3 difference neighbors around you. 3. If the above worked, your neighbor should have received mail. To check it, ask your neighbor, as the sysadm user, to run the "mutt" command: $ mutt (if it asks you to create "/home/sysadm/Mail", say 'yes') You are now using "mutt", a simple mail client. You can use the arrows to move up and down, and press on a mail you want to read. You should be able to see the mail you sent to the sanog user. To quit: press 'q', and 'q' again to leave the program. Note: If you are lost, you can always press the '?' key to get help on using mutt. Your neighbor should see one mail in the index - press SPACE or RETURN to see it. If they don't see the mail, double check that you sent the mail to the right PC! To quit, press i (index), then q (quit) or x (exit). You should check now, that YOU have received mail from one of your neighbors! 4. You saw in step 2 that you could only send mail to the local domain of the pcY when you connected to it with telnet. What if we want to use a mail server so that you can send mail to OTHER domains, on the internet ? Let's make some small changes to the config file for postfix, so that you can do this: # cd /etc/postfix/ # editor main.cf Take a look at some of the parameters, especially the last section, and find the line: mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ... and add this to the end of it: 10.10.0.0/24 ... so that the line becomes: mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.10.0.0/24 Save and quit, and check the configuration: # postfix check 5. Restart postfix, and check that mail is working: # service postfix restart # ps ax | grep postfix 6. Ok, now we're going to send a mail to the outside world, using your neighbor's PC again, like we tried before in step 2 (to myemailaddress@at.home): -> root@pcX:~# telnet pcY 25 Trying 10.10.0.Y... Connected to pcY.ws.nsrc.org. Escape character is '^]'. 220 pcY.ws.nsrc.org ESMTP Postfix (Ubuntu) -> HELO pcX.ws.nsrc.org 250 pctest.ws.nsrc.org -> MAIL From: 250 2.1.0 Ok -> RCPT To: 250 2.1.5 Ok -> DATA 354 End data with . -> Subject: A test mail for myself at home -> From: sysadm@pcX.ws.nsrc.org -> To: myemailaddress@at.home -> -> Hello to myself! -> . 250 2.0.0 Ok: queued as 3BC377FE9E 7. Check your mail at home (or Gmail, or hotmail, or whatever you use...) and check that you received the mail. Did you ? Either way, ask your neighbor to run: $ tail /var/log/mail.log You should see something like: Nov 23 21:32:16 pctest postfix/smtpd[32174]: connect from noc.ws.nsrc.org[10.10.0.250] Nov 23 21:32:48 pctest postfix/smtpd[32174]: 3BC377FE9E: client=noc.ws.nsrc.org[10.10.0.250] Nov 23 21:32:53 pctest postfix/cleanup[32178]: 3BC377FE9E: message-id=<> Nov 23 21:32:53 pctest postfix/qmgr[32144]: 3BC377FE9E: from=, size=223, nrcpt=1 (queue active) Nov 23 21:32:53 pctest postfix/smtpd[32174]: disconnect from noc.ws.nsrc.org[10.10.0.250] Nov 23 21:32:57 pctest postfix/smtp[32179]: 3BC377FE9E: to=, relay=gmail-smtp-in.l.google.com[74.125.53.27]:25, delay=14, delays=10/0.02/2.7/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1322083977 h3si4968239pbm.236) Nov 23 21:32:57 pctest postfix/qmgr[32144]: 3BC377FE9E: removed ... do you see your mail there ? 9. Try to send mail again like in step 6, but try something different for the MAIL From: . Does it work ? Why ? 10. We're going to send mail again, but this time we're going to use the "mutt" command: (as sysadm) # su - sysadm $ echo "testing mail" | mail -s "test" sysadm@pcY.ws.nsrc.org $ tail /var/log/mail.log You should see something like this: Nov 23 21:23:31 pcX postfix/pickup[32143]: 76DB67FE9E: uid=1000 from= Nov 23 21:23:31 pcX postfix/cleanup[32166]: 76DB67FE9E: message-id=<20111123212331.GA32155@pcX.ws.nsrc.org> Nov 23 21:23:31 pcX postfix/qmgr[32144]: 76DB67FE9E: from=, size=438, nrcpt=1 (queue active) Nov 23 21:23:31 pcX postfix/smtp[32168]: 76DB67FE9E: to=, relay=pcY.ws.nsrc.org[10.10.0.250]:25, delay=0.48, delays=0.29/0.01/0.07/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as F21281FF72) Nov 23 21:23:31 pcX postfix/qmgr[32144]: 76DB67FE9E: removed 11. Ask your neighbor to read the mail he should have received! Note: do this as the "sysadm" user! $ mutt (again, if mutt asks you /home/sysadm/Mail does not exist. Create it? ([yes]/no): ... answer 'yes') 12. Let's modify the /etc/aliases file, so we can receive mail for other system users into our mailbox: (As root!) # editor /etc/aliases Add the line: root: sanog root: sysadm Exit & save the file, and run the "newaliases" command: # newaliases 13. Try sending mails to the "postmaster" and "root" users on your PC: # su - sysadm $ echo "test to postmaster" | mutt -s "test postmaster" postmaster@localhost $ echo "test to root" | mutt -s "test root" root@localhost Send another mail but this time, to postmaster@pcX.ws.nsrc.org (your PC:) $ echo "test to postmaster" | mail -s "test postmaster" postmaster@pcX.ws.nsrc.org Notice how both work (use mutt, check the /var/log/mail.log) Check that you received these mails $ mutt Check that all mails have been received 14. Reading headers While in mutt, look at a mail, then press the 'h' key -- while displaying a mail, this will toggle between showing "full" headers, and limited headers. Use this feature to inspect the mails in your mailbox. Note the "To:" and "X-Original-To:" headers. 15. Send mail to other users in the class! Since you were able to send mail to your OWN machine, then you can also send mails to other users in the class: $ echo "hello from pcX" | mail -s "mail from pcX" sysadm@pcY.ws.nsrc.org $ echo "hello from pcX" | mail -s "mail from pcX" sysadm@pxZ.ws.nsrc.org etc...