Installing Email

COIT20266 Week-5 Systems Security Administration
Installing Email [1]
COIT20266 – Systems Security Administration
Installing Email
Having the ability to generate emails automatically from a server
is something that is often overlooked or undervalued. Events can
occur on a server, that, if monitored, can often be used to
prevent worse events from occurring. An obvious example of this
is a hacking attempt. Other more mundane events such as low
filesystem space, backup failures/success etc. can generate emails
that are sent to administrators to act upon – preventing future or
more major events from occurring. Email can be sent to a service
that allows SMS messages to be generated from the email. Email is
a great ‘trigger’ for other services.
We will see later how email can be used to monitor security on our
server, however we must be careful to limit the ‘noise’ our server
makes in the number of emails generated or they will likely be
ignored. We will reflect more on this later.
There is nothing in this installation process that should ‘break’
our servers’ configuration, however it would be prudent to make a
clone of our server and run through the process on the clone
first.
Assumptions
We have an up-to-date Ubuntu Server connected to the Internet and
have a working Gmail account to use as our SMTP (Simple Mail
Transfer Protocol) server. Alternative SMTP serves can be used if
we are confident in there use – minimal support can be given for
alternate servers – post queries to the course forum.
We should be using the PuTTY SSH interface, not the VirtualBox
interface of our server.
Exim
COIT20266 Week-5 Systems Security Administration
Installing Email [2]
* exim (
www.exim.org, help.ubuntu.com/community/Exim4) – “Exim is
a message transfer agent (MTA) developed at the University of
Cambridge for use on Unix systems connected to the Internet.”
Install Exim
Installing exim is a simple task. Notice that we are also
installing the mailutils package at the same time. The mailutils
(
mailutils.org) package allows us to email directly from the
command line.
[email protected]:~$
sudo apt-get install exim4-daemon-light
mailutils
Ensure to read through the package details before continuing with
the install.
We now need to configure exim. We introduce another tool to do
this – dpkg. Read the man pages for dpkg and dpkg-reconfigure.
dpkg is a lower level package manager than apt, which provides
more functionality. In this case, if a package has a
configuration tool we can work through it using full screen
prompts rather than configuration file changes. To start the exim
configuration package enter the following at the command line:
[email protected]:~$
sudo dpkg-reconfigure exim4-config
COIT20266 Week-5 Systems Security Administration
Installing Email [3]
We want to send mail using a smarthost (Gmail) and also allow
local mail. So the second option, as highlighted, is the
configuration we want.
Our server name (student number) is fine for our System mail name.
We won’t be enabling any incoming SMTP connections, so by setting
this to the local host address, internal email on our server will
work correctly. Check that the default is the same as above and
continue.

COIT20266 Week-5 Systems Security Administration
Installing Email [4]
As above, we are not accepting email from other destinations so
the default of our system name is what we want.
We do not want our server to relay any mail.
We need to configure our outgoing smarthost as Gmail. So enter
Gmail’s SMTP server address as shown above (“smtp.gmail.com::587”
– it runs on port 587).

COIT20266 Week-5 Systems Security Administration
Installing Email [5]
We want to see that any outgoing mail has come from users on our
server, so <No>, don’t hide the name in outgoing mail.
We should be connected at all times so the default <No>, is fine
here.
The most commonly use option is good for our needs.

COIT20266 Week-5 Systems Security Administration
Installing Email [6]
Now we can see why we use the dpkg configuration option. The
default single file option is fine. Once the install is complete
take the time to view the exim4.conf.template file.
The server is restarted.
There is one final thing we need to configure and that is our
Gmail username and password.
It is never a good idea to put clear text passwords in files, but
for simplicity, that is what we will do. [Just be careful that
access to this file is restricted.]
Edit the /etc/exim4/passwd.client file:
[email protected]:~$
sudo vi /etc/exim4/passwd.client
Append a line as follows – change the account name and password to
match our own Gmail account:
*.google.com:[email protected]:y0uRpaSsw0Rd
Save the file and then test email at the command line (read the
mail man page first) using our own email address:
[email protected]:~$ mail [email protected]
Cc:
Subject: TEST
TESTING TESTING TESTING
[Ctrl-D]

COIT20266 Week-5 Systems Security Administration
Installing Email [7]
We can now email the outside world directly from our server
command line.
It is important to get this working. Any problems should be
directed to the course forum.