Agenda: postfix-exercise.txt

PacNOG 10
Track 2

Postfix exercise
----------------

Notes
------

* Commands preceded with "$" imply that you should execute the command as
  a general user - not as root.
* Commands preceded with "#" imply that you should be working as root using
  "sudo"
* Commands with more specific command lines (e.g. "RTR-GW>" or "mysql>")
  imply that you are executing commands on remote equipment, or within
  another program.


0. First, let's install postfix

        $ sudo -s

        # apt-get install postfix

        When asked what kind of configuration, choose: "Internet site"

        We'll also need telnet to manually connect to the port 25

        # apt-get install telnet

        And, we'll also need a simple mail program to read the mail we receive,
        so let's install "mutt":

        # apt-get install mutt

1. Make sure that postfix is running:

        # ps ax | grep postfix

        You should see the "master" process for postfix running

2. Make sure your neighbour has started postfix, too, and try to send a mail
   manually via their machine.  If you are pcX, and they are pcY, you will
   run "telnet pcY 25".

   Replace "myemailaddress@at.home" with your real email address.  What YOU
   type is marked with ->  (DON'T type "->", this is just to point the
   lines!).  Remember to replace X and Y with the number of your PC and
   your neighbor's respectively.


->      root@pcX:~# telnet pcY 25
        Trying 10.10.0.Y...
        Connected to pcY.ws.nsrc.org.
        Escape character is '^]'.
        220 pcY.ws.nsrc.org ESMTP Postfix (Ubuntu)
->      HELO pcX.ws.nsrc.org
        250 pctest.ws.nsrc.org
->      MAIL From: <sysadm@pcX.ws.nsrc.org>
        250 2.1.0 Ok
->      RCPT To: <myemailaddress@at.home>
        554 5.7.1 <myemailaddress@at.home>: Relay access denied


   Notice that your mail is rejected.  Why ?

   Now, try and send mail to the sysadm user on pcY:

->      root@pcX:~# telnet pcY 25
        Trying 10.10.0.90...
        Connected to pcY.ws.nsrc.org.
        Escape character is '^]'.
        220 pcY.ws.nsrc.org ESMTP Postfix (Ubuntu)
->      HELO pcX.ws.nsrc.org
        250 pcY.ws.nsrc.org
->      MAIL From: <sysadm@pcX.ws.nsrc.org>
        250 2.1.0 Ok
->      RCPT To: <sysadm@pcY.ws.nsrc.org>
        250 2.1.5 Ok
->      DATA
        354 End data with <CR><LF>.<CR><LF>
->      Subject: A test mail for pcY
->      From: sysadm@pcX.ws.nsrc.org
->      To: sysadm@pcY.ws.nsrc.org
->
->      Hello!
->      .
        250 2.0.0 Ok: queued as 818D07FE9C
->      quit
        221 2.0.0 Bye

   Repeat this with 2-3 difference neighbors around you.

3. If the above worked, your neighbor should have received mail.

        To check it, ask your neighbor, as the sysadm user, to run the "mutt"
        command:

        $ mutt

        (if it asks you to create "/home/sysadm/Mail", say 'yes')

        You are now using "mutt", a simple mail client.  You can use the arrows
        to move up and down, and press <RETURN> on a mail you want to read.

        You should be able to see the mail you sent to the sanog user.

        To quit: press 'q', and 'q' again to leave the program.

        Note: If you are lost, you can always press the '?' key to get help
        on using mutt.

        Your neighbor should see one mail in the index - press SPACE or RETURN to
        see it.

        If they don't see the mail, double check that you sent the mail to the
        right PC!

        To quit, press i (index), then q (quit) or x (exit).

        You should check now, that YOU have received mail from one of your
        neighbors!

4. You saw in step 2 that you could only send mail to the local domain of the
   pcY when you connected to it with telnet.  What if we want to use a mail
   server so that you can send mail to OTHER domains, on the internet ?
   
   Let's make some small changes to the config file for postfix, so that you
   can do this:

        # cd /etc/postfix/

        # editor main.cf

        Take a look at some of the parameters, especially the last section, and
        find the line:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

... and add this to the end of it:

        10.10.0.0/24

... so that the line becomes:

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 10.10.0.0/24

        Save and quit, and check the configuration:

        # postfix check
        
5. Restart postfix, and check that mail is working:

        # service postfix restart

        # ps ax | grep postfix

6. Ok, now we're going to send a mail to the outside world, using your
   neighbor's PC again, like we tried before in step 2 (to
   myemailaddress@at.home):

->      root@pcX:~# telnet vmX 25
        Trying 10.10.0.Y...
        Connected to pcY.ws.nsrc.org.
        Escape character is '^]'.
        220 pcY.ws.nsrc.org ESMTP Postfix (Ubuntu)
->      HELO pcX.ws.nsrc.org
        250 pctest.ws.nsrc.org
->      MAIL From: <sysadm@pcX.ws.nsrc.org>
        250 2.1.0 Ok
->      RCPT To: <myemailaddress@at.home>
        250 2.1.5 Ok
->      DATA
        354 End data with <CR><LF>.<CR><LF>
->      Subject: A test mail for myself at home
->      From: sysadm@pcX.ws.nsrc.org
->      To: myemailaddress@at.home
->
->      Hello to myself!
->      .
        250 2.0.0 Ok: queued as 3BC377FE9E

7. Check your mail at home (or Gmail, or hotmail, or whatever you use...) and
   check that you received the mail.  Did you ?

   Either way, ask your neighbor to run:

   $ tail /var/log/mail.log

   You should see something like:

Nov 23 21:32:16 pctest postfix/smtpd[32174]: connect from noc.ws.nsrc.org[10.10.0.250]
Nov 23 21:32:48 pctest postfix/smtpd[32174]: 3BC377FE9E: client=noc.ws.nsrc.org[10.10.0.250]
Nov 23 21:32:53 pctest postfix/cleanup[32178]: 3BC377FE9E: message-id=<>
Nov 23 21:32:53 pctest postfix/qmgr[32144]: 3BC377FE9E: from=<sysadm@pc3.ws.nsrc.org>, size=223, nrcpt=1 (queue active)
Nov 23 21:32:53 pctest postfix/smtpd[32174]: disconnect from noc.ws.nsrc.org[10.10.0.250]
Nov 23 21:32:57 pctest postfix/smtp[32179]: 3BC377FE9E: to=<regnauld@gmail.com>, relay=gmail-smtp-in.l.google.com[74.125.53.27]:25, delay=14, delays=10/0.02/2.7/1.6, dsn=2.0.0, status=sent (250 2.0.0 OK 1322083977 h3si4968239pbm.236)
Nov 23 21:32:57 pctest postfix/qmgr[32144]: 3BC377FE9E: removed

   ... do you see your mail there ?

9. Try to send mail again like in step 6, but try something different for the
   MAIL From: <sysadm@nonexist.ws.nsrc.org>.  Does it work ?  Why ?

10.  We're going to send mail again, but this time we're going to use the "mutt"
        command:

        (as sysadm)
        # su - sysadm
        $ echo "testing mail" | mail -s "test" sysadm@pcY.ws.nsrc.org
        $ tail /var/log/mail.log

        You should see something like this:

Nov 23 21:23:31 pcX postfix/pickup[32143]: 76DB67FE9E: uid=1000 from=<sysadm>
Nov 23 21:23:31 pcX postfix/cleanup[32166]: 76DB67FE9E: message-id=<20111123212331.GA32155@pcX.ws.nsrc.org>
Nov 23 21:23:31 pcX postfix/qmgr[32144]: 76DB67FE9E: from=<sysadm@pcX.ws.nsrc.org>, size=438, nrcpt=1 (queue active)
Nov 23 21:23:31 pcX postfix/smtp[32168]: 76DB67FE9E: to=<sysadm@pcY.ws.nsrc.org>, relay=pcY.ws.nsrc.org[10.10.0.250]:25, delay=0.48, delays=0.29/0.01/0.07/0.1, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as F21281FF72)
Nov 23 21:23:31 pcX postfix/qmgr[32144]: 76DB67FE9E: removed

11. Ask your neighbor to read the mail he should have received!

        Note: do this as the "sysadm" user!

        $ mutt

        (again, if mutt asks you

        /home/sysadm/Mail does not exist. Create it? ([yes]/no): 
        
        ... answer 'yes')

12. Let's modify the /etc/aliases file, so we can receive mail for
   other system users into our mailbox:

        (As root!)

        # editor /etc/aliases

        Add the line:

root: sanog

        root:   sysadm

        Exit & save the file, and run the "newaliases" command:

        # newaliases


13. Try sending mails to the "postmaster" and "root" users on your PC:

        # su - sysadm
        $ echo "test to postmaster" | mutt -s "test postmaster" postmaster@localhost
        $ echo "test to root" | mutt -s "test root" root@localhost

        Send another mail but this time, to postmaster@pcX.ws.nsrc.org (your PC:)

        $ echo "test to postmaster" | mail -s "test postmaster" postmaster@pcX.ws.nsrc.org

        Notice how both work (use mutt, check the /var/log/mail.log)

    Check that you received these mails

        $ mutt

        Check that all mails have been received

14. Reading headers

        While in mutt, look at a mail, then press the 'h' key -- while displaying
        a mail, this will toggle between showing "full" headers, and limited
        headers.

        Use this feature to inspect the mails in your mailbox.

        Note the "To:" and "X-Original-To:" headers.


15. Send mail to other users in the class!

        Since you were able to send mail to your OWN machine, then you can also
        send mails to other users in the class:

        $ echo "hello from pcX" | mail -s "mail from pcX" sysadm@pcY.ws.nsrc.org
        $ echo "hello from pcX" | mail -s "mail from pcX" sysadm@pxZ.ws.nsrc.org


etc...