 |
|
|
Sendmail
Multi Switch
Table of Contents Introduction Almost from day one it has been apparent that e-mail is the killer application for the Internet. One of the major reasons many of today’s businesses get on line is to provide e-mail for their employees. Within a very short space of time, those companies are relying on e-mail communications as a core part of their dealings with both customers and business partners. Reliable e-mail is a must. Secure e-mail is a must. Manageable e-mail is a must. Undoubtedly, electronic communication is a vital asset to the modern business, even the life blood of some, and when things go wrong and the mail server is down for hours – or even days – then operational efficiency can take a serious nose dive. Unfortunately, most corporate e-mail systems start life in a small way, with just a few users, and grow as the potential is recognised. They are rarely designed from the ground up with hundreds or thousands of users in mind, and this can result in performance problems and security risks. It has become all too easy, for instance, to unthinkingly transmit sensitive corporate information over an insecure channel – the Internet – without giving it a second thought. Just click on the “attach” button and away it goes. Such transmissions need to be secured effectively. Likewise, we are so used to receiving such attachments that we have become susceptible to receiving viruses embedded within otherwise innocent-looking documents. Such transmissions need to be stopped “at the door”, before reaching the user’s mailbox. On a more mundane level, senior management needs to take an active interest in what sort of material in general is being transmitted via corporate e-mail systems. Even personal views of individual employees can land a company in legal hot water should it contain anything defamatory or libellous, so it is essential that a clearly defined e-mail policy is in place before letting employees loose on the Internet. This policy should clearly spell out what is and is not allowed, and the penalties for transgression. Perhaps it might be prudent to forbid personal e-mail completely? Potentially vast improvements in efficiency can be realised by ensuring email is used exclusively for business purposes and through the control of "spam" e-mail. A multi-national firm estimated the cost of junk e-mail at one dollar per employee per day. Another attributes ten minutes a day lost per employee on reading and forwarding e-mail jokes. Multiply this for an organisation of ten thousand and the cost of this activity is equivalent to one man year lost per day. Once again, however, enforcement of such a policy should take place at the e-mail gateway to the Internet or on the backbone, not at the user’s desktop. It is not practical, or financially viable, to replace legacy systems or to implement enhancements on every desktop due to considerations of money, time, resource and disruption to business. The solutions that are required must add value to the existing email system, whilst being implemented and controlled at a single point where e-mail enters and leaves the organisation – the boundary. Managed correctly, e-mail can be a considerable asset to any organisation. It can improve communication between employees, between departments within a company, between geographically dispersed offices, and between customers and business partners. In order to maximise the beneficial effects of e-mail, however, it is necessary to implement is carefully and select a mail system that is scaleable, flexible, manageable, robust and secure. Sendmail was the first program designed to route electronic mail between networks, developed as long ago as 1981 by Eric Allman at UC Berkeley. Developed and distributed as an open source product, it has been widely deployed and tested in a huge number of large-scale e-mail environments, including many of the world’s largest ISP’s. Sendmail is the program that acts like a traffic cop in routing and delivering mail on Unix-based networks -- it is a Mail Transport Agent (MTA), accepting mail from Mail User Agents (MUA's), mail users (humans), and other MTA's. Then, it delivers that mail to Mail Delivery Agents (MDA's) on the local machine, or transports that mail to another MTA on another machine. Although Sendmail is used on almost every Unix system, it's one of the last great uncharted territories - and most difficult utilities to learn - in Unix system administration. According to Gartner Group, the number and size of e-mail messages is expected to increase at an average growth rate of more than 35 per cent through the year 2002. According to Daniel Bernstein, University of Illinois: Sendmail Runs over 75 per cent of Internet Mail Servers Current base of >1.5 million Sendmail servers 84 of the Fortune 100 use Sendmail 29 of the top 36 ISP’s worldwide use Sendmail
Given that Sendmail is included in all the various commercial Linux distributions, this significant proportion of live mail servers running Sendmail is only likely to increase as the interest in Linux as an alternative server OS to Windows NT/2000 continues. Sendmail is a robust, scalable Mail Transfer Agent (MTA), designed to receive, parse, sort and reliably direct e-mail messages to various delivery agents that, in turn, deliver those messages to users. The MTA itself is split into four “engines”. The Listener accepts responsibility for delivering incoming messages from any SMTP-compliant mail agent. It also provides SMTP authentication, Transport Layer Security (TLS) encryption, and a content management API that provides a link from within the MTA to third party content filtering software. The Parsing and Routing Rules engine takes care of any tricky addressing issues - resolving aliases, modifying addresses, detecting errors and spam mail – before moving the message into the queue for delivery. Sendmail can handle multiple Message Queues which hold messages until the receiving agent is ready to accept delivery. The Delivery engine then finds the receiving mail agent, rewrites the e-mail message in the format of the delivery agent and sends it.
At the time of writing, Sendmail 8.10 is the latest Open Source release, adding new features such as SMTP authentication, message submission agent, LDAP support, multiple queues, IPv6 support and numerous maintenance upgrades to the previous 8.9.3 release. The new Sendmail product line consists of a range of MTA switch and console offerings: Single Switch – Stand-alone product including the Openswitch MTA (Sendmail 8.10) with a GUI console to manage a single MTA. Secure Switch – Stand-alone product including a Cryptoswitch MTA (Sendmail 8.10) with a GUI console to manage a single MTA Multi Switch – Aimed at the larger organisation, Multi Switch includes a GUI console capable of managing any number of Openswitch or Cryptoswitch MTA modules from a central location. Openswitch – Single Open Source Sendmail MTA with the new Content Management API (requires Multi Switch to configure and manage it) Cryptoswitch – Single secure MTA with the new Content Management API (requires Multi Switch to configure and manage it). Note that Cryptoswitch includes all the functionality of the normal Openswitch product, plus certificate-based authentication via TLS (Transport Layer Security) and password-based authentication. Multiple Cryptoswitch MTA’s provide the means to establish secure e-mail VPN links between sites.
As you would expect, some Unix knowledge is still beneficial when installing Sendmail, though the best possible use is made of native package installers wherever possible. Initially available on Solaris and Linux, Multi Switch will also support HP-UX, IBM AIX, Compaq Tru64, Windows NT, Windows 2000 and FreeBSD. In addition to the MTA’s that are required (either Openswitch or Cryptoswitch) it is also necessary to install the Multi Switch Administration Console on at least one host. It can reside on any internal server, including one that is also hosting an MTA, and starts a secure Apache Web server in order to complete the installation. Public key pairs are generated by the Multi Switch Administration Console and by each MTA as it is installed to ensure that communication between Console and MTA is always secure. The appropriate public keys need to be distributed out of band (i.e. on floppy disk) and to be honest, making sure the correct key files were in the correct directories was the most difficult part of the entire installation routine. Get that wrong, and there is not much conversation happening across your e-mail system. During installation, M4 files from existing Sendmail installations will be converted automatically, allowing a simple migration path from earlier versions. Unfortunately, it is not possible to convert CF files in the same way, so unless you have a set of M4 files handy, you have to start from scratch. For anyone who has ever been exposed – however briefly – to the wonders of the Sendmail CF file, the new Administration Console will quite literally transform your life.
For anyone who has never seen a CF file, you are better off without it. The contents of a Sendmail configuration file resemble nothing more than a programming language, and an incredibly complex one at that. Which is only to be expected, given that Sendmail is an incredibly complex and flexible program, every nuance of which can be controlled by the CF commands. In recent releases, the macro processor has brought forth the M4 file, where many CF commands can be combined into a single macro. Whilst making life slightly easier, it does nothing to eliminate the requirement to have a Sendmail guru on site in order to administer anything more complicated than a five mailbox system. Finally, the Multi Switch Administration Console brings Sendmail into the graphical age, and means that – while you still need to know what you are doing in order to administer a multiple MTA implementation – it is no longer necessary to own an anorak and bobble hat in order to gain access to the mysteries of the CF file. The Multi Switch host runs a secure Apache Web server that communicates on port 8890 to provide browser-based administration from any PC on the network.
As well as being able to control multiple Sendmail servers from a single Web-based console, Multi Switch also provides concurrent permission-based access for users in order to delegate administration tasks. For instance, by controlling the permissions for individual users it is possible to grant simple tasks – such as maintaining an alias database for a local mail hub – to experienced users or junior administrators, whilst granting senior administrators access to the main configuration files for the entire network. Initial configuration of an MTA can be controlled in detail via the Advanced Configuration option, or can be simplified by choosing from one of a number of configuration wizards such as: Internet Gateway – To configure Sendmail at the firewall for both incoming and outgoing mail Mail Hub – To configure local delivery agents to act as a relay or deliver mail to appropriate message stores. General Configuration – To create a “standard” Sendmail configuration where Internet mail is forwarded to the main mail backbone or a direct SMTP connection is established with the local host. If the administrator is not sure where to find a particular configuration option within the Console, there is a built-in search function that allows entry of key words and phrases in order to quickly move to a specific configuration option. Once configuration has finished there is an automated testing capability (see Figure 5) that examines various parts of the configuration in detail to ensure that are no obvious flaws. Tests include general error checking (such as host or domain existence), address parsing analysis, relational compatibility between MTA’s and simulated delivery analysis. The completed configuration can be deployed to one or more MTA’s from the Administration Console, from where the remote Sendmail daemon can also be started and stopped – in other words, it is not necessary for the Administrator to visit individual hosts for any part of the installation, configuration, or ongoing management of the MTA.
All of the configuration information entered through the Web-based GUI is still written out to M4 and CF files, which can then be modified further if required. The necessity for this should be rare, however, given that the GUI itself provides the means to enter advanced “hacks” to the M4 file during configuration, providing plenty of opportunity for those familiar with Sendmail to customise it extensively. Providing it is configured correctly, there is not a lot one can say about a MTA – it either works, or it doesn’t. Sendmail, works – and works very well. Messages flow between MTA’s, and always end up in the correct mailbox. Addresses and headers are rewritten along the way as required, and mail can be passed off to a third party content filtering engine too. This latter capability provides the ability to perform anti virus scanning, anti spam control, policy management and archiving functions on each and every message that passes through the Sendmail MTA. New virtual hosting capabilities allow Sendmail to support any number of e-mail domains form a single host. One nice new feature is that the sender’s virtual domain is now represented in mail headers and envelopes, rather than the canonical host name of the sender’s relay. This makes mail appear to come from the sender’s own mail server, even when their mail is actually hosted by an ISP. Full address rewriting is also supported on all outgoing mail, providing the ability to masquerade hosts, domains and specific local addresses. If privacy is your thing, it is possible create a secure, encrypted, e-mail VPN using TLS (the next evolution of SSL) tunnels between Cryptoswitch MTA’s (see Figure 6). TLS utilises certificate-based authentication and 128 bit session encryption between servers and from client to server. Secure communication between trusted environments – such as business to customer, business to partner, or roaming employee to head office – is essential in maintaining complete confidence and eliminating the possibility of outside interference. Client to server authentication is also a key component in restricting Internet mail relay privileges, thus preventing unauthorised users from exploiting your MTA by relaying spam. If certificate-based authentication seems a little over the top, SMTP Authentication and 56 bit DES session encryption is also available. Other anti-spam measures can also be implemented, including recipient limits, access database improvements, support for multiple “Black Hole” lists and new relaying options. Sendmail can also be configured to receive mail from mail user agents on port 587 and act as a Message Submission Agent. It could then be configured to ensure that all mail passed through port 25 be from a relaying MTA, providing much tighter control over potential spammers.
Through the GUI console, the administrator also has full control over the multiple mail queues. It is possible to view, search, prioritise, move or delete items from each queue on a host, providing the means to optimise delivery performance. Multiple queue directories are designed to help reduce queue size and improve performance by allowing the user to manually change items in the queue on each host. The only area where Sendmail is still lacking from the administrator’s point of view is in its real-time monitoring and historical reporting capabilities, which are, at present, virtually non-existent. This will be remedied in the next release of the Multi Switch software, however (Switch 2.1), which will be available on Solaris and Linux by October 2000, and Windows by the end of the year. Finally, it is worth noting that the latest Sendmail release now includes support for LDAP, IPv6 and multiple mailers (including SMTP, UUCP, Cyrus, POP, DECnet, procmail, ph, USENET and fax). So, why would anyone pay for a product that is free under the Open Source movement? In essence, it comes down the three key features: management, security and support. Simple management – This is the single biggest difference that experienced administrators will notice between the commercial and Open Source products. Centralised administration and deployment of configuration files reduces the chance of error on individual MTA hosts and makes administration of a large enterprise-wide e-mail system much more manageable than it ever was. Even on smaller systems – right down to single MTA’s – the new Web-based administration is an extremely practical, useful and time-saving feature. Security – We mentioned in the introduction how important it is to be able to trust communications between business partners and customers, and be sure that sensitive communications have not been viewed or amended by unscrupulous third parties. Sendmail provides the Cryptoswitch MTA for a secure e-mail VPN, with certificate-based authentication and 128 bit TLS session encryption, thus offering complete confidence in the message integrity. Support - Sendmail is a complex product, and although the new Administration Console makes life easier from a day to day management point of view, as well as making it much more accessible to novice administrators, when your company relies on its e-mail, it makes sense to have professional technical support at the end of a telephone. A range of support options are on offer, from Standard, through Mission Sensitive to Mission Critical. What about organisations that already have some investment in other commercial offerings, such as Lotus Notes or Microsoft Exchange? Well, Sendmail does not pretend to offer the sort of groupware and collaboration functionality provided by such offerings, but it does offer a far more flexible and scalable e-mail capability. Implement Sendmail as the mail backbone for Exchange or Notes. No more struggling with Exchange Site Connectors – leave Exchange to do your internal mail and groupware stuff while Sendmail performs the inter-site communication. For those who do not require all the groupware functionality of Exchange or Notes, Sendmail provides a smaller footprint and more easily managed mail alternative for SME environments In short, Sendmail Multi Switch takes over when Open Source Sendmail leaves off, providing a number of important new features that will appeal to both experienced, multi-site organisations and smaller, single-site SME environments. |
Security Testing |
Send mail to webmaster
with questions or
|
