Spring 2009Web services and emailThe two most popular services visibly provided byservers are email and web-type services. Full emailsetups generally consists of an MTA such as sendmailor postfix, a delivery agent such as procmail or dropmail,a pop/imap server, and perhaps a webmail interface suchas openwebmail, Outlook Web Access (OWA), horde, orsquirrelmail. They may also include various spam andvirus programs, such as MailScanner, spamassassin, avis,clamav, dcc, razor, and many others, and other mail typesCNT 4603Spring 2009of mail filters such as the popular milter library programs(e.g., milter-ahead).Web services generally center around an Apache webserver, some CGI-friendly regime such as Perl (anywherefrom embedded Perl to mod perl with any of the numerousCGI packages), Python, PHP, Ruby, JSP, ASP, and adatabase such as MySQL, Postgresql, Oracle, or SQLite.It may also include other bits such as SOAP or RSSservices.CNT 4603Spring 2009Email: sendmail+ Sendmail functions as a MTA (and also a RFC 2476MSA). It is generally configured to listen to port 25 (and587 for MSA functions), and the configuration files arenow generally stored in /etc/mail.+ The primary configuration for administrators typically is/etc/mail/sendmail.mc This contains m4 directivesto control the creation of /etc/mail/sendmail.cfCNT 4603Spring 2009+ An example /etc/mail/sendmail.mc:divert(-1)dnldnl #dnl # This is the sendmail macro config file for m4. If you make changes todnl # /etc/mail/sendmail.mc, you will need to regenerate thednl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package isdnl # installed and then performing adnl #dnl # make -C /etc/maildnl #include(‘/usr/share/sendmail-cf/m4/cf.m4’)dnlVERSIONID(‘setup for Red Hat Linux’)dnlOSTYPE(‘linux’)dnldnl #dnl # default logging level is 9, you might want to set it higher todnl # debug the configurationdnl #dnl define(‘confLOG_LEVEL’, ‘9’)dnldnl #CNT 4603Spring 2009dnl # Uncomment and edit the following line if your outgoing mail needs todnl # be sent out through an external mail server:dnl #dnl define(‘SMART_HOST’,‘smtp.your.provider’)dnl #define(‘confDEF_USER_ID’,‘‘8:12’’)dnldnl define(‘confAUTO_REBUILD’)dnldefine(‘confTO_CONNECT’, ‘1m’)dnldefine(‘confTRY_NULL_MX_LIST’,true)dnldefine(‘confDONT_PROBE_INTERFACES’,true)dnldnl define(‘PROCMAIL_MAILER_PATH’,‘/usr/bin/procmail’)dnldefine(‘ALIAS_FILE’, ‘/etc/aliases’)dnldefine(‘STATUS_FILE’, ‘/var/log/mail/statistics’)dnldefine(‘UUCP_MAILER_MAX’, ‘2000000’)dnldefine(‘confUSERDB_SPEC’, ‘/etc/mail/userdb.db’)dnldefine(‘confPRIVACY_FLAGS’, ‘authwarnings,novrfy,noexpn,restrictqrun’)dnldefine(‘confAUTH_OPTIONS’, ‘A’)dnldnl #dnl # The following allows relaying if the user authenticates, and disallowsdnl # plaintext authentication (PLAIN/LOGIN) on non-TLS linksCNT 4603Spring 2009dnl #dnl define(‘confAUTH_OPTIONS’, ‘A p’)dnldnl #dnl # PLAIN is the preferred plaintext authentication method and used bydnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs dodnl # use LOGIN. Other mechanisms should be used if the connection is notdnl # guaranteed secure.dnl #dnl TRUST_AUTH_MECH(‘EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnldnl define(‘confAUTH_MECHANISMS’, ‘EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)dnldnl #dnl # Rudimentary information on creating certificates for sendmail TLS:dnl # make -C /usr/share/ssl/certs usagednl # or use the included makecert.sh scriptdnl #dnl define(‘confCACERT_PATH’,‘/usr/share/ssl/certs’)dnl define(‘confCACERT’,‘/usr/share/ssl/certs/ca-bundle.crt’)dnl define(‘confSERVER_CERT’,‘/usr/share/ssl/certs/sendmail.pem’)dnl define(‘confSERVER_KEY’,‘/usr/share/ssl/certs/sendmail.pem’)dnl #CNT 4603Spring 2009dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP’sdnl # slapd, which requires the file to be readble by group ldapdnl #dnl define(‘confDONT_BLAME_SENDMAIL’,‘groupreadablekeyfile’)dnldnl #dnl define(‘confTO_QUEUEWARN’, ‘4h’)dnldnl define(‘confTO_QUEUERETURN’, ‘5d’)dnldnl define(‘confQUEUE_LA’, ‘12’)dnldnl define(‘confREFUSE_LA’, ‘18’)dnldefine(‘confTO_IDENT’, ‘0’)dnldnl FEATURE(delay_checks)dnlFEATURE(‘no_default_msa’,‘dnl’)dnlFEATURE(‘smrsh’,‘/usr/sbin/smrsh’)dnlFEATURE(‘mailertable’,‘hash -o /etc/mail/mailertable.db’)dnldnl FEATURE(‘virtusertable’,‘hash -o /etc/mail/virtusertable.db’)dnlFEATURE(redirect)dnlFEATURE(always_add_domain)dnldnl FEATURE(use_cw_file)dnlFEATURE(use_ct_file)dnldnl #CNT 4603Spring 2009define(‘PROCMAIL_MAILER_PATH’,‘/usr/bin/procmail, U=vmail:vmail’)dnlVIRTUSER_DOMAIN_FILE(‘-o /etc/mail/virtuserdomains’)dnlFEATURE(‘virtusertable’,‘hash -o /etc/mail/virtusertable.db’)dnlFEATURE(always_add_domain)dnlFEATURE(use_cw_file)dnldnldnl #dnl # The -t option will retry delivery if e.g. the user runs over his quota.dnl #dnl FEATURE(local_procmail,‘’,‘procmail -t -Y -a $h -d $u’)dnlFEATURE(local_procmail,‘/usr/bin/procmail’,‘procmail -t -Y -a $h -d $u’)dnlFEATURE(‘access_db’,‘hash -T<TMPF> -o /etc/mail/access.db’)dnlFEATURE(‘blacklist_recipients’)dnldefine(‘PROCMAIL_MAILER_ARGS’,‘procmail -t -Y -a $h -a $u’)dnl according to documentation, not used with FEATURE(local_procmail)define(‘PROCMAIL_MAILER_FLAGS’,‘cl0’)dnl according to documentation, not used with FEATURE(local_procmail)EXPOSED_USER(‘root’)dnldnl #dnl # The following causes sendmail to only listen on the IPv4 loopback addressdnl # 127.0.0.1 and not on any other network devices. Remove the loopbackdnl # address restriction to accept email from the internet or intranet.CNT 4603Spring 2009dnl #DAEMON_OPTIONS(‘Port=smtp,Addr=127.0.0.1, Name=MTA’)dnldnl #dnl # The following causes sendmail to additionally listen to port 587 fordnl # mail from MUAs that authenticate. Roaming users who can’t reach theirdnl # preferred sendmail daemon due to port 25 being blocked or redirected finddnl # this useful.dnl #dnl DAEMON_OPTIONS(‘Port=submission, Name=MSA, M=Ea’)dnldnl #dnl # The following causes sendmail to additionally listen to port 465, butdnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followeddnl # by STARTTLS is preferred, but roaming clients using Outlook Express can’tdnl # do STARTTLS on ports other than 25. Mozilla Mail