Koozali.org: home of the SME Server
Contribs.org Forums => General Discussion => Topic started by: William R H on November 26, 2021, 02:45:55 PM
-
Can I please test my understanding of what goes on and ask for corrections and help filling in the gaps? This is largely driven by an inadvertent exposure to a mailbot that sent several 100k messages by relaying them out through our server. That gruesome experience left me wondering exactly what goes on to make emails work. I know the individual components each have their man pages and wikis but which ones and how they are all configured to work together in Sme Server is not at all clear to me.
Even if a point I make is without qualification it doesn't mean it is correct - just my understanding. If I don't know I do put a ?
So hack away as you will.
I'm not sure if this counts as an idiot's guide or an email 101. No doubt the moment I press "Post" more points will occur to me but hey ho! here goes...
- I sit and type an email in my client, Thunderbird.
- T'bird has a valid smtp server configuration for me - username, password.
- I may be on the local network to my server or coming in remotely.
- I press send and T'bird tries to open an SMTP connection to my server.
- that "opening up" depends on what?
- having a valid username and pw for the server.
- being on the local network (in some way or another)
- What validates that? qpsmtpd?
- given I "get in" the process on the server that continues with it is qpsmtpd
- qpsmtpd and its various plugins check the email - correct use of protocols, sender user/domain black/white lists, spf, dkim and contents, etc etc
- qpsmtpd etc will also check if the destination for this email is internal or external to my server
- if external it will reject it unless some "relay allowed" flag is set in the qpsmtpd config
- given it passes it is handed over to qmail for delivery which generates internal messages each with an enormous message id for use within qmail's processing, scheduling and rescheduling etc
- is the email handed over to qmail one for each addressee? Or is qmail responsible for breaking it up? So if an email is
to: jim,sally cc: peter bcc: mike
is it 4 separate messages in qmail with appropriate addressing and bccs hidden? or just one that qmail has to divide up itself? (I suspect the latter based on looking at the /var/qmail directories)
- qmail puts the email to any internal addresses (removing bcc)into the relevant boxes without further ado
- how does it handle "copy to [sent] folder" or is that done by qpsmtpd making yet another message for the qmail queue?
- if the email is for an external mailbox qmail opens up an smtp connection to that server and delivers the email as best it can
- if the delivery gets a failure qmail may decide to requeue the email.
- if so how does it decide what to do - try again after a suitable delay? send a bounce message or what?
some questions...
- what puts our dkim-signature into the headers? and when?
- what decides if the dkim signature should be included and how?
- what does sqpsmtpd do?
- who deals with aliases, groups, forwarding,vacation messages etc etc?
Thanks for your time.
-
Digging deep, going need the brighter ones to chip in here...jump in guys
-
SNIP...
some questions...
- what puts our dkim-signature into the headers? and when?
- what decides if the dkim signature should be included and how?
- what does sqpsmtpd do?
- who deals with aliases, groups, forwarding,vacation messages etc etc?
I commend you for this post. It can only help.
I am no expert and probably a bit dangerous in posting a reply. Lack of wisdom never stopped me before, sooo...
1. DKIM is defined in the DNS zone record. The topic is complicated, but it boils down to updating your zone record with a properly formatted string. The devil is in the details.
2. I don't know, but I am going to take a look around.
3. sqpsmtpd handles secure smtp negotiations. It recieves the request from your client to send an email, then verifies that you can or not.
4. The system admin. You can add various contribs to provide convenience features, such as allowing the system user to set their own password, vacation message, and so on.
I hope this helps a bit. Please post more questions in this thread. It may be a great way to gather info to update the documentation.
-
....
Thanks for your time.
qmail has multiple parts to it, below is some of the flows :
Mail remote to Local :
PIC.rem2local
qmail-smtpd Receive message by SMTP from another host / localhost:
| MAIL FROM:<bill@irs.gov>
| RCPT TO:<joe@heaven.af.mil>
|
| Is $RELAYCLIENT set? No.
| Is heaven.af.mil in rcpthosts? Yes.
| Accept RCPT.
V
qmail-queue Store message safely on disk.
Trigger qmail-send.
|
V
qmail-send Look at envelope recipient, joe@heaven.af.mil.
| Is heaven.af.mil in locals? Yes.
| Deliver locally to joe@heaven.af.mil.
V
qmail-lspawn ./Mailbox
| Look at mailbox name, joe.
| Is joe listed in qmail-users? No.
| Is there a joe account? Yes.
| Is joe's uid nonzero? Yes.
| Is ~joe visible to the qmailp user? Yes.
| Is ~joe owned by joe? Yes.
| Give control of the message to joe.
| Run qmail-local.
V
qmail-local joe ~joe joe '' '' heaven.af.mil bill@irs.gov ./Mailbox
Does ~joe/.qmail exist? No.
Write message to ./Mailbox in mbox format.
mail Local to Remote :
PIC.local2rem
Qmail Flow Diagram
Original message:
To: bill@irs.gov
Hi.
qmail-inject Fill in the complete envelope and header:
| (envelope) from joe@heaven.af.mil to bill@irs.gov
| From: joe@heaven.af.mil
| To: bill@irs.gov
|
| Hi.
V
qmail-queue Store message safely on disk.
Trigger qmail-send.
|
V
qmail-send Look at envelope recipient, bill@irs.gov.
| Is irs.gov in locals? No.
| Is bill@irs.gov in virtualdomains? No.
| Is irs.gov in virtualdomains? No.
| Is .gov in virtualdomains? No.
| Deliver remotely to bill@irs.gov.
V
qmail-rspawn Run qmail-remote.
|
V
qmail-remote Look at host name, irs.gov.
Is irs.gov listed in smtproutes? No.
Look up DNS MX/A for irs.gov and connect to it by SMTP:
MAIL FROM:<joe@heaven.af.mil>
RCPT TO:<bill@irs.gov>
Mail Local to Local Delivery :
To: fred
Hi.
qmail-inject Fill in the complete envelope and header:
| (envelope) from joe@heaven.af.mil to fred@heaven.af.mil
| From: joe@heaven.af.mil
| To: fred@heaven.af.mil
|
| Hi.
V
qmail-queue Store message safely on disk.
Trigger qmail-send.
|
V
qmail-send Look at envelope recipient, fred@heaven.af.mil.
| Is heaven.af.mil in locals? Yes.
| Deliver locally to fred@heaven.af.mil.
V
qmail-lspawn ./Mailbox
| Look at mailbox name, fred.
| Is fred listed in qmail-users? No.
| Is there a fred account? Yes.
| Is fred's uid nonzero? Yes.
| Is ~fred visible to the qmailp user? Yes.
| Is ~fred owned by fred? Yes.
| Give control of the message to fred.
| Run qmail-local.
V
qmail-local fred ~fred fred '' '' heaven.af.mil joe@heaven.af.mil ./Mailbox
Does ~fred/.qmail exist? No.
Write message to ./Mailbox in mbox format.
Local to alias delivery :
Original message:
To: help
Hi.
qmail-inject Fill in the complete envelope and header:
| (envelope) from joe@heaven.af.mil to help@heaven.af.mil
| From: joe@heaven.af.mil
| To: help@heaven.af.mil
|
| Hi.
V
qmail-queue Store message safely on disk.
Trigger qmail-send.
|
V
qmail-send Look at envelope recipient, help@heaven.af.mil.
| Is heaven.af.mil in locals? Yes.
| Deliver locally to help@heaven.af.mil.
V
qmail-lspawn ./Mailbox
| Look at mailbox name, help.
| Is help listed in qmail-users? No.
| Is there a help account? No.
| Give control of the message to alias.
| Run qmail-local.
V
qmail-local alias ~alias help - help heaven.af.mil joe@heaven.af.mil ./Mailbox
Does ~alias/.qmail-help exist? Yes: "john".
Forward message to john.
-
(s)qpsmtpd takes the place of qmail-smtpd
also with qmail installed a wrapper replace sendmail to send it through qmail.
dkim signature is added at qpsmtpd level. you see there a files issue that any email sent using sendmail (eg php) is not signed unless you use the sendmail-wrapper contrib or you configure your app to use smtp in place of semdmail
-
Also note comments here:
https://en.wikipedia.org/wiki/Qmail
https://en.wikipedia.org/wiki/Qpsmtpd