Mail on the "Malinka"

Design

Mail, mail ... "Currently, any novice user can start their free electronic mail box, it is enough to register on one of the Internet portals," says Wikipedia. So starting up your own mail server for this is a bit strange. Nevertheless, I do not regret the month spent on this, counting from the day the OS was installed until the day the first letter was sent to the addressee on the Internet.

In fact, one can put iptv receivers, and a “single-board computer based on the Baikal-T1 processor,” as well as Cubieboard, Banana Pi, and other devices equipped with ARM microprocessors on a par with “raspberries”. Malinka was chosen as the most aggressively advertised option. It took more than a month to find this “single-board computer” at least some useful application. Finally, I decided to launch a mail server on it, having read shortly before this one fantastic novel about virtual reality.

“This is a wonderful vision of the future of the Web,” Wikipedia reports. 20 years have passed since the first publication date. The future has come. However, it does not seem beautiful to me without seven thousand subscribers, ten thousand rubles of the “monthly income of my site”, etc. Which probably pushed me towards “decentralized social networks” with “a meager number of likes for their posts (new users - NM), registering a domain and launching its server.

I am not strong in laws. Unless a message on a mobile phone came about the need to confirm personal data in connection with the entry into force of amendments to federal law 126-FZ, I know such a law.

And then it turned out that these laws are like mushrooms after rain. I would use further free mail - I guess, and would not know.

“And who are we now”

First of all, there is simply no law on organizing an email service. There is an “instant messenger service organizer,” but that’s a bit different. The supplement “for personal, family, and household needs”, of course, removes from this organizer all the obligations prescribed by law, but nevertheless not from the organizer from which you need.

Having on hand, along with the law, a guide to Ubuntu Server, I guess that in addition to chats with their instant messages, "for the reception, transmission, delivery and (or) processing of electronic messages from Internet users" email services are also intended (which is obvious), and file servers (which is not so obvious).

Development

Compared to other posts with postfix hashtag, my creation is, of course, very primitive. Neither do you need user authentication, nor a database, nor users that are not tied to local accounts (the first and third are in the "minimum mail server"; the database is almost everywhere, just like dovecat).

“Configuring the mail system, in my opinion, is the most difficult task in system administration,” one Habr user wrote very well. Following PostfixBasicSetupHowto (from help.ubuntu.com ), I nevertheless skipped parts of it about the alias database, .forward files, and virtual aliases from it.

But for ssl / tls I took 12 configuration lines plus 9 command lines for bash to create certificates from a Postfix- related article on CommunityHelpWiki (on the same domain help.ubuntu.com ) (is this ssl / tls only - that’s the question). A firewall was also useful in the provider's dashboard, nat on the router (I put off the Mikrotik setting as much as possible; I sent letters by connecting the mail server directly to the cable of the Internet service provider), mail, mailq, postsuper -d identifier, file /var/log/mail.log, parameter always_add_missing_headers, information about the ptr record, finally, the site mail-tester.com (with oligophrenic design), which are not written about in the "mail" articles on Habré, as if about the most taken for granted .


Before correcting the value of the myhostname parameter in the file /etc/postfix/main.cf


After correcting the value of the myhostname parameter in the file /etc/postfix/main.cf

The first letter from the technical support service of the Internet service provider taught me that you do not need to open letters with console mail program, so that later they can be opened and read using a familiar email client. Apparently, this is not a problem "for beginning administrators."

On the contrary, in the comments (to other articles with the postfix hashtag), one user of Habr asks “to complicate a bit, how about web interfaces to different parts and authentication from the database”, for the other “apparently, it is more complicated for those who have not tried anything sweeter than radish: kernel crashes, security (selinux / apparmor), slightly distributed systems ... ”, the third writes about the“ iRedmail script ”. So you expect the next one to write about IPv6.

E-mail services are not spherical horses in a vacuum, they are parts of the whole - from choosing a computer and a domain name to setting up a router - which cannot cover any manual for setting up a mail server (and in which you will probably never read the materiel - Postfix SMTP relay and access control , available on the official Postfix website).

About Mikrotik - so in general a separate song.

That's it. E-mail ceased to be a set of console commands, configuration files (including dns settings), logs, documentation, hexadecimal numbers instead of Russian letters (according to the koi8-r character table) in the received message and remained a familiar mail client with its imap, pop3, smtp protocols, accounts, incoming and sent messages.

In general, outwardly the same as email is when using free email services from major IT companies.

Although without a web interface.

Exploitation

Still, there is no escape from viewing the logs!

I hasten to please those who expected to read here about the darknet. Because I can only call manifestations of some mysterious darknet what the mail log of the newly made server turned out to be clogged with, namely, for a couple of days (after connecting directly) with messages about attempts to connect via pop3 under different names from a pair of ip addresses ( I mistakenly at first thought that this server periodically tries to send two letters from the queue, but I did not expect at all that someone else from the Internet would immediately be interested in my mail).

These attempts did not stop even after I connected the server through a router. Today's logs are full of smtp connections from the same ip address unknown to me. Nevertheless, I’m so self-confident that I don’t take any action against this: I hope that in the case of the correct selection of the username for receiving letters, the attacker will not be able to pick up the password. I am sure that many will find this unsafe, as in today's attacks, rely only on SMTP relay settings and access control in /etc/postfix/main.cf.

And they will smash the protection of my mail to pieces.