# Mail Server ## Introduction This is the current layout of our department's mail service. ![architecture](https://hackmd.io/_uploads/r1g-RIrs-g.png) (Source: NASA Document) Our project only focuses on the receiving process. We host a postfix server that communicates with the ldap server. For testing, we send mail directly to postfix , which listens on port 25; we also host a local mailpit service, which we redirect all postfix traffic to. The mimicked layout is as shown in the following graph. ![simplified_architecture](https://hackmd.io/_uploads/B1aC_PHjWx.png) ## Settings ### Postfix #### Installation 1. `sudo apt install postfix` 2. `sudo apt install postfix-ldap` 3. Configurations: * General Mail Configuration Type: Internet site * System mail name: csie.ntu.edu.tw 4. Modify `/etc/postfix/main.cf` Remember to use sudo! * add `local_recipient_maps =` * change to `relayhost = [127.0.0.1]:1025` * add `ldap:/etc/postfix/ldap-aliases.cf` to `virtual_alias_maps` * add `local_transport = smtp:[127.0.0.1]:1025` 5. Edit `ldap-aliases.cf` add ``` server_host = : search_base = dc=csie,dc=ntu,dc=edu,dc=tw version = 3 bind = yes bind_dn = uid=mailtest,ou=people,dc=csie,dc=ntu,dc=edu,dc=tw bind_pw = query_filter = (cn=%u) special_result_attribute = uniqueMember leaf_result_attribute = uid result_format = %s@csie.ntu.edu.tw ``` For ldaps, use ``` server_host = ldaps://172.16.127.151:636 search_base = dc=csie,dc=ntu,dc=edu,dc=tw version = 3 bind = yes bind_dn = uid=mailtest,ou=people,dc=csie,dc=ntu,dc=edu,dc=tw bind_pw = tls_ca_cert_file = /etc/postfix/mockldap_ca.crt tls_require_cert = yes query_filter = (cn=%u) special_result_attribute = uniqueMember leaf_result_attribute = uid result_format = %s@csie.ntu.edu.tw ``` and change `ldap:/etc/postfix/ldap-aliases.cf` to `proxy:ldap:/etc/postfix/ldap-aliases.cf` in `main.cf`. 6. run `sudo postfix reload` > needs to be run after every modification to postfix settings #### Usage * Connect to port 25 to send mail. * * Some scripts: > need to install pwntools `send.py`: ```py from pwn import * r = remote("localhost", 25) r.recvline() sender = input("sender: ") r.sendline(b"mail from: " + sender.encode()) r.recvline() receiver = input("receiver: ") r.sendline(b"rcpt to: " + receiver.encode()) r.recvline() r.sendline(b"data") r.recvline() subject = input("subject: ") r.sendline(b"Subject: " + subject.encode()) data = input("data: ") r.sendline(data.encode()) r.sendline(b".") r.close() ``` `test_alias.py`: ```py from pwn import * r = remote("localhost", 25) r.recvline() r.sendline(b"mail from: alias_test@csie.ntu.edu.tw") r.recvline() receiver = input("receiver: ") r.sendline(b"rcpt to: " + receiver.encode()) r.recvline() r.sendline(b"data") r.recvline() r.sendline(b"Subject: Just a test") r.sendline(b"The quick brown fox jumped over the lazy dog.") r.sendline(b".") r.close() ``` * view mail queue: `postqueue -p` * delete from mail queue(in case of wrongly configured mail getting stuck): `sudo postsuper -d ` or `sudo postsuper -d all` ### Mailpit #### Installation `sudo sh < <(curl -sL https://raw.githubusercontent.com/axllent/mailpit/develop/install.sh)` #### Run `mailpit` > run with `mailpit --webroot /mailpit/ &` if use reverse proxy check `localhost:8025` with browser for visuals