8/3/2019 NITA 412 - Linux Security Administration - Lab #5

http://slidepdf.com/reader/full/nita-412-linux-security-administration-lab-5 1/2

Lab #5 - SMTP, IMAP, Webmail, and Spam/Virus Scanning Stanislav

Lab Steps:I. Installing Dovecot IMAP Server

A. Install dovecot using yumB. Edit / etc/dovecot.conf and perform the following tasksC. Dovecot Configuration Tasks

1. Change ʻprotocolsʼ to only have imap and imaps enabled.2. Change ʻssl_cert_fileʼ to /etc/pki/tls/certs/localhost.crt 3. Change ʻssl_key_fileʼ to /etc/pki/tls/private/localhost.key 4. Change ʻlogin_greetingʼ to “Welcome to NITA 412”.

D. Start the dovecot service and enable it start automatically on reboot.E. Execute a lsof -i | grep :imaps and verify that Dovecot is running.

II. Installing Postfix SMTP Server

A. Remove sendmail using yumB. Install postfix using yum

C. Start the postfix service and enable it to start automatically on reboot.D. Execute a netstat -nl | grep :25 and verify that Postfix is running.

III. Install SquirrelMail Webmail

A. Install squirrelmail using yumB. Restart the Apache web service (httpd ) to enable the new configuration file.C. Open a web browser on your host machine and go to https://<vmware ip>/webmailD. Log into SquirrelMail with your regular userʼs username and password.E. Click “Compose” to create a new e-mailF. Address the e-mail to merely your systemʼs regular username. Put whatever you want for the

subject and body for the e-mail. Click “Send”.G. Check your “Inbox” and you will note that you have a new e-mail, from yourself. This is an

example of local e-mail delivery.

H. Send an e-mail to your EMich e-mail account from the webmail and see if it was received.

IV. System E-Mail Storage Configuration

A. Log into your regular system user account and look inside of the newly created mail folder.B. Open your user̓ s file inside of /var/mail/ and you will notice your received e-mail in this file.C. Changing From the Standard Mail Format/Location to Maildir++ Format

1. Become root. Edit /etc/dovecot.conf and set ʻmail_locationʼ to be maildir:~/Maildir2. Edit /etc/postfix/main.cf and set ʻhome_mailboxʼ to be Maildir/ 3. Edit /etc/squirrelmail/config.php and change ʻ$default_folder_prefixʼ to Maildir/ 4. Restart both dovecot and postfix services.5. Go back to your webmail, send another e-mail to yourself. Check your new ʻMaildir/ ̓ folder

V. Install & Configure yum-priorities and Add a RepositoryA. To download the RPM repository package execute wget http://bit.ly/9CqoR2 

B. Installation of the new repository is the same as any RPM, just do rpm -i rpmforge-* C. To keep RPMForge packages superseding CentOS packages, execute yum install yum-priorities 

D. Execute echo “priority=11” >> /etc/yum.repos.d/rpmforge.repo E. In /etc/yum.repos.d/CentOS-Base.repo  add priority=1 in the sections for “base”, “addons”,

“updates”, and “extras” sections of the file. Add priority=2 for “centosplus” and “contrib”.F. Execute yum check-update and verify that at least 400 packages are “excluded”.

8/3/2019 NITA 412 - Linux Security Administration - Lab #5

http://slidepdf.com/reader/full/nita-412-linux-security-administration-lab-5 2/2

VI. Install and Test Spam Assassin, ClamAV, ClamAV-Milter, and Amavisd-NewA. Install spamassassin, clamav , and clamav-milter  using yumB. Start the spamassassin, clamd , and clamav-milter  services. Enable them to start on boot.C. Execute freshclam to update your ClamAV database.D. Install amavisd-new with yum

E. Start amavisd and enable it to run on boot.F. Disable the reinstalled sendmail using chkconfig and stop the service.G. Execute sed -i “/^TCPSocket/d” /etc/clamd.conf H. Execute sed -i “s/clamd.sock/clamd/g” /etc/clamd.conf I. Around line 363 of /etc/amavisd.conf uncomment the four ClamAV related lines.

1. Note: If you do :line_number in vim you will jump to that point in the file

J. Edit /etc/postfix/master.cf  and add the lines below, at the end of the file:$ $ amavisfeed unix - - n - 2 lmtp  $ $ $ -o lmtp_data_done_timeout=1200  $ $ $ -o lmtp_send_xforward_command=yes  $ $ $ -o disable_dns_lookups=yes  $ $ $ -o max_use=20

$ $ 127.0.0.1:10025 inet n - n - - smtpd  $ $  $ -o content_filter=

K. Execute echo “content_filter=amavisfeed:[127.0.0.1]:10024” >> /etc/postfix/main.cf L. Add the amavis user to the clamav group. Execute a chmod -R 775 /var/amavis M. Execute echo “0” > /selinux/enforce to temporarily set SELinux into permissive mode.N. Execute a postfix reload to make changes take affect. Fix any errors if this fails.O. Execute a t ail -F /var/log/maillog press the Enter key a few times, to add spacing.P. Send yourself another test e-mail through the webmail client and view the logs for errors.Q. When you successfully receive an e-mail again, click “View Full Header” inside of the e-mail.R. Send yourself an e-mail with the body contents copied and pasted from below:

$ $ XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X

S. Check your /var/log/maillog file for an entry saying “Blocked SPAM”.

T. Send yourself an e-mail with the body contents copied and pasted from below:$ $ X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

U. Check your /var/log/maillog file for an entry saying “Blocked INFECTED”.

VII. Sending Spoofed E-Mail to Yourself Via Telnet

A. From your userʼs shell, execute a telnet localhost 25 B. Type HELO bjones.nita412.local and press the Enter key.C. Type MAIL FROM: bob@fbi.gov  and press the Enter key.

D. Type RCPT TO: bjones  and press the Enter key.E. Type data and press the Enter key.F. Type a brief message and press the Enter key.G. Type a single period and press the Enter key.H. Type quit  and press the Enter key.

I. Check your webmail Inbox for the new message.J. Set SELinux back to enforcing mode.K. Logout of your shells, save your VM snapshot as “Lab #5 Completed”