0% found this document useful (0 votes)

11 views

Lecture06 - Internet Ready Environment 2

The document discusses the Simple Mail Transfer Protocol (SMTP), including how it works, its relationship to other mail protocols, and details on using SMTP to send an email. SMTP defines how email is sent from one host to another in a simple, platform-independent way. The document provides examples of SMTP commands and interactions with a mail server.

Uploaded by

Abc

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

11 views

Lecture06 - Internet Ready Environment 2

Uploaded by

Abc

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 47

CHAPTER

Simple Mail Transfer

20
Protocol (SMTP)
The Simple Mail Transfer Protocol (SMTP) is the de facto standard for transporting mail
around the Internet. Anyone who wants to have a mail server capable of sending and
receiving mail must be able to support SMTP. As a standards-based protocol (see RFC 5321),
SMTP is well understood, platform independent, and well supported across a variety of
operating systems and devices.
In this chapter, we’ll discuss the mechanics of SMTP as a protocol and its relationship to
other mail-related protocols, such as Post Office Protocol (POP) and Internet Message
Access Protocol (IMAP). Then we will go over the Postfix SMTP server, one of the easier
and more secure SMTP servers out there.

Understanding SMTP
SMTP defines the method by which mail is sent from one host to another. That’s it. It does
not define how the mail should be stored. It does not define how the mail should be displayed
to the recipient.
SMTP’s strength is its simplicity, and that is due, in part, to the dynamic nature of
networks during the early 1980s (circa when the protocol was invented). Back in those days,
people were linking networks together with everything short of bubble gum and glue. SMTP
was the first mail standard that was independent of the transport mechanism. This meant
people using TCP/IP networks could use the same format to send a message as someone
using two cans and a string—at least theoretically.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

SMTP is also independent of operating systems, which means each system can use its own
style of storing mail without worrying about how the sender of a message stores her mail.
You can draw parallels to how the phone system works: Each phone service provider has its
own independent accounting system. However, they all have agreed upon a standard way to
link their networks together so that calls can go from one network to another transparently.
In the Free Open Source Software (FOSS) world, several software packages (such as
Exim, Postfix, Sendmail, and opensmtpd) provide their own implementation of SMTP.

Rudimentary SMTP Details

Here, the host mailserver is the recipient’s fictitious mail server. The 25 that follows
mailserver tells Telnet that you want to communicate with the server’s port 25 (standard
SMTP port) rather than the normal standard Telnet port 23.
The mail server will respond with a greeting message such as this:
220 mail ESMTP Postfix

You are now communicating directly with the SMTP server.

Although there are many SMTP commands, four are worth noting:

The HELO command is used when a client introduces itself to the server. The parameter to
HELO is the hostname that is originating the connection. Of course, most mail servers take this
information with a grain of salt and double-check it themselves. Here’s an example:

If you aren’t coming from the example.org domain, many mail servers will respond by
telling you that they know your real IP address, but they may or may not stop the connection
from continuing.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

The MAIL FROM: command requires the sender’s e-mail address as its argument. This tells
the mail server the e-mail’s origin. Here’s an example:

This means the message is from [email protected].

The RCPT TO: command requires the receiver’s e-mail address as an argument. Here’s an
example:

And that’s all there is to it. To close the connection, enter the QUIT command.
This is the basic technique used by applications that send mail—except, of course, that all
the gory details are masked behind a nice GUI application. The underlying transaction
between the client and the server remains mostly the same.

Security Implications
Developers of the Postfix mail server implementation wrote the server software from scratch
with security in mind. Basically, the package ships in a tight security mode, and it’s up to the
individual user to loosen it up as much as is needed for a specific environment. This means
the responsibility falls to us (as sysadmins) for making sure we keep the software properly
configured (and thus not vulnerable to attacks).
When deploying any mail server, keep the following issues and questions in mind:

• When an e-mail is sent to the server, what programs will it trigger? And under what
permissions do those programs run?
• Are those programs securely designed? And can you protect/secure the
communication channels between the programs and the end clients via secure
Copyright © 2020. McGraw-Hill Education. All rights reserved.

protocols?
• If the communication channels cannot be made secure, how can you limit the damage
in case of an attack?

E-mail Components
Mail service has three distinct components:

• Mail user agent (MUA) The component of the e-mail system that the user sees and
interacts with, such as the Thunderbird, Outlook, Evolution, or Mutt program. An

NOTE Some mail systems integrate all three components. For example, Microsoft
Exchange Server integrates the MTA and MDA functionalities into a single system.
Postfix, on the other hand, works as an MTA only, passing the task of performing local
mail delivery to another external program. This delineation of tasks allows the use of
other tools or solutions for tasks such as determining mailbox storage mechanisms.

Installing the Postfix Server

We chose the Postfix mail server in this discussion for its ease of use, simple design, and
secure track record. (The author of Postfix also argues that the simplicity has led to improved
security.) Postfix provides most of the functionalities that Sendmail program does—in fact,
the typical installation procedure for Postfix is to work as a drop-in replacement for Sendmail
binaries completely.
Postfix is the default mail server program on most modern Linux distros. In the following
sections, we show you how to install Postfix using the built-in package management (Red
Hat’s RPM or Debian’s dpkg) mechanism of the distribution. This is the recommended
method. We also show how to build and install the software from its source code.

Installing Postfix via DNF in Fedora, CentOS, or RHEL

To install Postfix via DNF on Fedora, CentOS, or RHEL distros, simply use the dnf package
manager as follows:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Once the command runs to completion, you should have Postfix installed.
On older legacy Linux distros, you can use the chkconfig utility to make sure that your
Postfix mail service starts automatically during system boot.
On modern systemd-enabled distros, use the systemctl command like so:

Finally, you can flip the switch and actually start the Postfix process. With a default
configuration, it won’t do much, but it will confirm whether the installation worked as
expected.

TIP You may find yourself inheriting or managing an existing Red Hat–based distro that has
both of the popular MTAs (Sendmail and Postfix) installed, or you may decide to install
a new MTA. If you want to switch the mail subsystem that is running on such a system
—from, say, Sendmail to Postfix—you can use the alternatives facility to switch the
default MTA provider. Run the command like so and follow the prompts:

Installing Postfix via APT in Ubuntu

Postfix can be installed in Ubuntu by using Advanced Packaging Tool (APT). Ubuntu does
not ship with any MTA software preconfigured and running. You explicitly need to install
and set one up. To install the Postfix MTA in Ubuntu, run this command:

You will be prompted to select your Postfix mail server configuration type during the
installation process. Here are the available types:

• No configuration This option will leave the current configuration unchanged.

• Internet site Mail is sent and received directly using SMTP.
• Internet with smarthost Mail is received directly using SMTP or by running a
utility such as fetchmail. Outgoing mail is sent using a smarthost.
• Satellite system All mail is sent to another machine, called a smarthost, for delivery.
• Local only The only delivered mail is the mail for local users. The system does not
need any sort of network connectivity for this option.

We will use the first option, No configuration, on our sample Ubuntu server. The install
process will also create the necessary user and group accounts that Postfix needs.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Configuring the Postfix Server

By following the preceding tracks, you have installed the Postfix mail system using your
distro’s package manager. After installing the Postfix software, you will need to configure it.
Most of its configuration files can be found under the /etc/postfix/ directory.
You configure the server through the /etc/postfix/main.cf configuration file. It’s obvious
from its name that this configuration file is the main configuration file for Postfix! The other
configuration file of note is the master.cf file. This is the process configuration file for
Postfix, which allows you to change how Postfix processes are run. This can be useful, for
example, for setting up Postfix on clients so that it doesn’t accept e-mail and forwards to a

The main.cf File

The main.cf file is too large to list all of its options in this chapter, but we will cover the most
important options that will get your mail server up and running. Thankfully, the configuration
file is well documented and clearly explains each option and its function.
The sample options discussed next are enough to help you get a basic Postfix mail server
up and running at a minimum.

myhostname
This parameter is used for specifying the hostname of the mail system. It sets the Internet
hostname for which Postfix will be receiving e-mail. The default format for the hostname is
to use the fully qualified domain name (FQDN) of the host. Typical examples of mail server
hostnames are mail.example.com, smtp.example.org, mx1.example.org, and so on. Here’s the
syntax:

mydomain
This parameter is the mail domain you will be servicing, such as example.com, spamrus.net,
linuxserverexperts.com, or google.com. Here’s the syntax:

myorigin
All e-mail sent from this e-mail server will look as though it came from this parameter. You
can set this to either $myhostname or $mydomain, like so:

Notice that you can use the value of other parameters in the configuration file by placing a
Copyright © 2020. McGraw-Hill Education. All rights reserved.

$ sign in front of the variable name.

mydestination
This parameter lists the domains that the Postfix server will take as its final destination for
incoming e-mail. Typically, this value is set to the hostname of the server and the domain
name, but it can contain other names, as shown here:

mail_spool_directory
You can run the Postfix server in two modes of delivery: directly to a user’s mailbox or to a
central spool directory. The typical way is to store the mail in /var/spool/mail. The variable
will look like this in the configuration file:

The result is that mail will be stored for each user under the /var/spool/mail directory,
with each user’s mailbox represented as a file. For example, e-mail sent to
[email protected] will be stored in /var/spool/mail/yyang.

mynetworks
The mynetworks variable is an important configuration option. This lets you configure what
servers can relay through your Postfix server. You will usually want to allow relaying from
local client machines and nothing else. Otherwise, spammers can use your mail server to
relay messages. Here’s an example value of this variable:

If you define this parameter, it will override the mynetworks_style parameter. The
mynetworks_style parameter allows you to specify any of the keywords class, subnet, and
host. These settings tell the server to trust these networks to which the server belongs.

CAUTION If you do not set the $mynetworks variable correctly and spammers begin using
your mail server as a relay, you might quickly find a surge of angry online mail
administrators e-mailing you about it. Furthermore, it is a fast way to get your mail
server blacklisted by one of the spam control techniques, such as a DNS Blacklist
(DNSBL) or Realtime Blackhole List (RBL). Once your server is blacklisted, very few
people will be able to receive mail from you, and you will need to jump through a lot of
hoops to get unlisted. Even worse, no one will tell you that you have been blacklisted.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

smtpd_banner
This variable allows you to return a custom response when a client connects to your mail
server. It is a good idea to change the banner to something that doesn’t give away what server
you are using. This just adds one more slight hurdle for hackers trying to find faults in your
specific software version.

inet_protocols

Tons of other parameters in the Postfix configuration file are not discussed here. You
might see them commented out in the configuration file when you set the preceding options.
These other options will allow you to set security levels and debugging levels, among other
things, as required.
Now let’s move on to running the Postfix mail system and maintaining your mail server.

Checking Your Configuration

Postfix includes a nice tool for checking a current configuration and helping you troubleshoot
it. Simply run the following:

This will list any errors that the Postfix system finds in the configuration files or with
permissions of any directories that it needs. A quick run on our sample system shows this:

Looks like we made a typo in the configuration file!

When going back to fix any errors in the configuration file, you should be sure to read the
error message carefully and use the line number as guidance, not as absolute. This is because
Copyright © 2020. McGraw-Hill Education. All rights reserved.

a typo in the file could mean that Postfix detected the error well after the actual error took
place.
In this example, an error of omission (forgetting the = symbol) that we made on line 83 in
the configuration file was shown as occurring in lines 83 through lines 115 due to how the
parsing engine works. However, by carefully reading the error message, we knew the
problem was with the “mydomain” parameter, and so it took only a quick search before we
found the real line culprit.
Let’s run the check again:

TIP You can use the nifty little postconf utility to quickly query or display the value of
parameters in your Postfix configuration files. For example, to view the current value of
the mydomain parameter, you can run the following:
$ postconf mydomain
mydomain = localdomain

Running the Server

Controlling the Postfix mail server is easy and straightforward. On systemd-enabled distros,
just pass the correct start/stop/reload option to the systemctl utility and specify the
postfix service unit. To start Postfix, type the following:

When you make any changes to the configuration files, you need to tell Postfix to reload
itself to make the changes take effect. Do this by using the reload option:

Make sure that Postfix is configured to automatically start up between reboots by typing
the following:

Checking the Mail Queue

Occasionally, the mail queues on your system will fill up. This can be caused by network
failures or other various failures, such as other external mail servers. To check the mail queue
on your mail server, simply type the following command:

This command will display all of the messages that are in the Postfix mail queue. This is
the first step in testing and verifying that the mail server is working correctly.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Flushing the Mail Queue

Sometimes after an outage, mail will be queued up, and it can take several hours for the
messages to be sent. Use the postfix flush command to flush out any messages that are
shown in the queue by the mailq command.

The newaliases Command

The /etc/aliases file contains a list of e-mail aliases. This is used to create site-wide e-mail

Making Sure Everything Works

Once the Postfix mail server is installed and configured, you should test and test again to
make sure that everything is working correctly. The first step in doing this is to use a local
mail user agent, such as pine (text-based, freeware), mutt (text-based, GNU GPL), or mailx
(simple command-line MUA for UNIX systems), to send e-mail to yourself. If this works,
great; you can move on to sending e-mail to a remote site, while keeping an eye on the output
of the mailq command to see when the message gets sent. The final step is to make sure you
can send e-mail to the server from outside networks (that is, from the Internet). If you can
receive e-mail from the outside world, your work is done.

Mail Logs
On Fedora, RHEL, and CentOS systems, by default, mail logs go to /var/log/maillog, as
defined by the rsyslogd configuration file. If you need to change this, you can modify the
rsyslogd configuration file, /etc/rsyslog.conf, by editing the following line:

Most sites run their mail logs this way, so if you are having problems, you can search
through the /var/log/maillog file for any relevant messages.
Debian-based systems, such as Ubuntu, store the mail-related logs in the /var/log/mail.log
file.
openSUSE and SUSE Linux Enterprise (SLE) store their mail-related logs in the files
/var/log/mail, /var/log/mail.err, /var/log/mail.info, and /var/log/mail.warn.

If Mail Still Won’t Work

If mail still won’t work, don’t worry. SMTP isn’t always easy to set up the first time. If you
still have problems, walk logically through all of the steps and look for errors. The first step
is to look at your log messages, which might show that other mail servers are not responding.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

If everything seems fine there, check your Domain Name System (DNS) settings. Can the
mail server perform name lookups? Can it perform Mail Exchanger (MX) lookups? Can
other people perform name lookups for your mail server? It is also possible that e-mails are
actually being delivered but are being marked as junk or spam at the recipient end. If
possible, ask the receiver to check the junk or spam mail folder at their end.
Proper troubleshooting techniques are indispensable for good system administration. A
good resource for troubleshooting is to look at what others have done to fix similar problems.
Check the Postfix web site at www.postfix.org, or search online, for the problems or
symptoms of what you might be seeing.

Post Office Protocol and

Internet Mail Access
21
Protocol (POP and
IMAP)
In Chapter 20, we covered Simple Mail Transfer Protocol (SMTP), the underlying e-mail
transport mechanism or protocol by which e-mail is sent from e-mail clients to the server and
from one mail server to another mail server. We also mentioned how mail delivery agents
(MDAs) facilitate the processing of incoming mail (such as sorting or filtering mail
according to sender, subject line, length of message, keywords, and so on). All of this
processing is usually done after the mail has been transported to the final destination mail
server. For the MDA functionality, a program like Procmail can be used. Procmail can make
copies of user e-mails available to users in the mbox format. The mbox format is a simple
text format that can be read by a number of console mail user agents (MUAs) such as pine,
elm, mailx, and mutt, as well as some GUI-based mail clients such as Thunderbird.
To make the mbox format usable, the e-mail client (MUA) needs to have direct access (at
the file system level) to the mbox file itself. This works well enough in tightly administered
environments where the administrator of the mail server is also the administrator of the client
hosts; however, this system of mail folder administration might not scale well in certain
scenarios. The following sample scenarios might prove to be a bit thorny:

• Users are unable to stay reasonably connected to a fast/secure network for file system
Copyright © 2020. McGraw-Hill Education. All rights reserved.

access to their mbox file (for example, roaming laptops).

• Users need local copies of e-mail for offline viewing.
• Security requirements dictate that users not have direct access to the mail store; for
example, Network File System (NFS) shared mail spool directories are considered
unacceptable.
• MUA does not support the mbox format (typical of MS Windows-based e-mail
clients).

To handle these thorny cases and others where Procmail and other traditional MDAs will

Figure 21-1 Sending and receiving mail with SMTP and POP

Soyinka, W. (2020). Linux administration : A beginner's guide, eighth edition. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank')
href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a>
Created from mmulibrary-ebooks on 2021-08-02 07:13:43.
Certain aspects of the POP protocol are too limiting. Features such as being able to keep a
master copy of a user’s e-mail on the server with only a cached copy on the client were
missing. This led to the development of IMAP.
The earliest RFC (request for comments) documenting the inner workings of IMAPv2 is
RFC 1064, dated 1988. After IMAPv2 came IMAP version 4 (IMAPv4) in 1994. Most e-mail
clients are compatible with IMAPv4. Some design deficiencies inherent in IMAPv4 led to
another update in the protocol specifications, and, thus, IMAPv4 is currently at its first
revision—IMAP4rev1 (RFC 3501).
The evolution of IMAP can best be understood by thinking of mail access as working in
one of three distinct modes: online, offline, and disconnected. The online mode is akin to
having direct file system access to the mail store (for example, having read access to the
/var/mail file system). The offline mode is how POP works, where the client is assumed to be
disconnected from the network, except when explicitly pulling down its e-mail. In offline
mode, the server normally does not retain a copy of the mail.
Disconnected mode works by allowing users to retain cached copies of their mail stores.
When the client is connected, any incoming/outgoing e-mail is immediately recognized and
synchronized; however, when the client is disconnected, changes made on the client are kept
until reconnection, when synchronization occurs. Because the client retains only a cached
copy, a user can move to a completely different client and re-synchronize his or her e-mail.
By using IMAP, your mail server will support all three modes of access. After all is said
and done, deploying and supporting both POP and IMAP is usually a good idea. It allows
users the freedom to choose whatever mail client, protocol, and workflow that best suits
them.
There are several Free and Open Source Software (FOSS) mail servers that implement
POP and IMAP. Some of them are Dovecot, University of Washington IMAP server (UW
IMAP), Cyrus IMAP server, and Courier IMAP server. This chapter covers the installation
and configuration of the popular Dovecot server software. This particular mail server has
been available for many years. The installation process is also easy.

POP3 and IMAP Protocol Basics

Like the other services discussed so far, POP3 and IMAP each need a server process to
handle requests. The POP3, POP3S, IMAP, and IMAPS server processes listen on ports 110,
Copyright © 2020. McGraw-Hill Education. All rights reserved.

995, 143, and 993, respectively.

Each request to and response from the server is in clear-text ASCII, which means it’s easy
for us to test the functionality of the server using Telnet. This is especially useful for quickly
debugging mail server connectivity/availability issues. Like with an SMTP server, you can
interact with a POP3 or IMAP server using a short list of commands. Although there are
many POP commands, a couple worth mentioning are USER and PASS.
And a few noteworthy IMAP commands are
LOGIN, LIST, STATUS, EXAMINE/SELECT, CREATE/DELETE/RENAME, and LOGOUT.
Later in this chapter, we’ll use some of these commands and walk through the connection

Dovecot (IMAP and POP3 Server)

The Dovecot POP3 and IMAP server software is well regarded and is used in many
production sites around the world. It is a well-tested implementation and readily available on
most of the mainstream Linux distros.
Dovecot provides its IMAP and POP3 functions through the following main processes.
Collectively, these processes provide various services that make up the Dovecot ecosystem.

• Master process As its name implies, the master process is the primary/overseer
process. It is responsible for starting and keeping all the other processes running as
needed. It reads the settings/options in the configuration files and exports the values to
the other processes. The master process is responsible for collecting and managing all
logging information that Dovecot generates. The master process runs under the
dovecot executable.
• Login processes The login processes listen for connection requests for the POP3 and
IMAP protocols and implement the minimum handshaking protocol requirement
before a user logs in successfully. The login processes run under the imap-login and
pop3-login executables.
• Authentication (auth) process Once the login processes complete the underlying
POP3 or IMAP protocol handshaking and setup, control is passed on to the
appropriate authentication process. The auth process is responsible for performing the
actual user authentication (Simple Authentication and Security Layer [SASL]
functions) to verify that the user is who she says she is. The authentication processes
run under a similarly named auth executable.
• Mail processes (IMAP, POP3) After authentication is successfully completed, the
desired mail process kicks in and provides the user access to her mailboxes. The mail
process is the actual workhorse that implements the POP3 and IMAP protocol details.
The IMAP process runs under an executable called imap, and the POP3 process runs
under an executable named pop3.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Installing Dovecot
Most Linux distributions have prepackaged binaries for Dovecot in the distros’ repositories.
For example, Dovecot can be installed in Fedora/CentOS/RHEL by using dnf like so:

On Debian-like systems, such as Ubuntu, Dovecot’s IMAP and POP3 functionality is

provided in two separate packages: dovecot-imapd and dovecot-pop3d, respectively. They
can be installed by using Advanced Packaging Tool (APT) like so:

Installing Dovecot from Source

Begin by downloading the latest Dovecot IMAP and POP3 server software to
/usr/local/src or $HOME/src. The latest version can be found at
http://dovecot.org/download.html. We’ll download version 2.3.9.2 (dovecot-
2.3.9.2.tar.gz) in our walkthrough. Once it is downloaded, unpack it as follows:

This will create a new directory under which all the source code will reside. For the
version we are using, you will see a new directory called dovecot-2.3.9.2 created.
Change into the directory as follows:

The defaults that ship with the Dovecot server work well for most installations. But as
with most other enterprise-grade software of its caliber, Dovecot offers you many
configurable features that you can turn on or off during the configuration and build
process. In addition to the default build options, we will enable a couple of simple but
important configuration tweaks.
First, we want to make sure that the Dovecot server that we build from source is able
to support secure communication using the OpenSSL libraries. For this, we need to make
sure that proper libraries (libssl) are available on the system and that the appropriate
option is specified during configuration. For Red Hat–like distros such as Fedora,
CentOS, and RHEL, make sure that the openssl-devel package is installed. And for
Debian-based distros like Ubuntu, make sure you have the libssl-dev package installed.
Second, we will specify a prefix option of /usr/local/dovecot to specify the install
Copyright © 2020. McGraw-Hill Education. All rights reserved.

location for all Dovecot-related files. Let’s begin.

Look through the INSTALL file in the software source tree.
Configure the build environment, with the desired custom options:

Begin the software compilation by running the following command:

The entire build/compile process might take only a few minutes.

The preceding command will result in Dovecot binaries being installed under the
following directories: /usr/local/dovecot/bin, /usr/local/dovecot/sbin, and
/usr/local/dovecot/libexec/dovecot. The executables should be run only by root, so make
sure to limit non-privileged access to them accordingly. And that’s it!

Dovecot Configuration Files and Options

Dovecot provides you, the system administrator, with a wide range of configuration options
to help you meet the mailing needs of your end users. The software is helpfully modularized,
and you can easily pick and choose which modules you want to customize.
The primary configuration file for Dovecot is dovecot.conf, which most mainstream
Linux distros store under /etc/dovecot/. Using an include directive (!include
conf.d/*.conf) in dovecot.conf, some Linux distros go further and organize (split) various
files that control different aspects of Dovecot under the /etc/dovecot/conf.d/ subdirectory.
Table 21-1 shows the location and descriptions of some Dovecot configuration files.

Table 21-1 Dovecot Configuration Files

The configuration files accept a rich set of options that can be used to control and tune
various aspects of Dovecot as well as turn features on and off. Table 21-2 describes only a
small subset of the more oft-used configuration options.

Table 21-2 Dovecot Configuration Options

Table 21-3 Target Dovecot Configuration Settings

Configure Protocols
Use the doveconf utility to make sure that your server supports LMTP, POP3, and IMAP:

If any of the protocols are missing, open the main /etc/dovecot/dovecot.conf

configuration file with any text editor, look for the protocols setting, and update it to look

You can also use the sed utility to quickly find and replace the option you want in the
configuration file, like so (all on one line!):

Configure the listen Parameter

Edit the /etc/dovecot/dovecot.conf file if necessary and make sure that the listen entry
exists and looks like the one here:

You can use the sed utility to quickly edit the file in place by running the following:

Configure System Users and Password Databases (passdb and userdb)

Use doveconf to check that the PAM database is one of the drivers configured for
authenticating system users. In the same command, also check for the driver being used for
the user database:

The driver entries for the passdb and userdb sections of the output should look similar to
the following:

If the driver entries in your output are different, open the /etc/dovecot/conf.d/auth-
system.conf.ext configuration file and ensure that the driver values are set to the
Copyright © 2020. McGraw-Hill Education. All rights reserved.

corresponding values in Table 21-3.

Configure Mail Location

Use doveconf to check the current value of the mail_location parameter:

By default, the mail_location parameter is unset. Use any text editor to edit and set the
parameter so that the entry in /etc/dovecot/conf.d/10-mail.conf looks like the one here:

Configure Mail Access Group

Use doveconf to check the current value of the mail_access_groups parameter:

By default, the mail_access_groups parameter is unset. Use any text editor to edit and set
the parameter so that the entry in /etc/dovecot/conf.d/10-mail.conf looks like the one here:

You can use the sed utility to quickly edit the file in place by running the following:

Configure Authentication Mechanisms

Use doveconf to check the current value of the auth_mechanisms parameter:

Edit the /etc/dovecot/conf.d/10-auth.conf file if necessary and make sure that the
auth_mechanisms entry exists and looks like the one here:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Configure Dovecot SSL Parameters

Use doveconf to check the current values of the ssl, ssl_cert, and ssl_key parameters:

Edit the /etc/dovecot/conf.d/10-ssl.conf file if necessary and make sure that the following
parameters are set to the values here:

CAUTION While trying to connect to your Dovecot server, users will receive a warning
that the certificate is not properly signed if you create and use self-signed certificates. If
you do not want this warning to appear, you can obtain a certificate (for free) from a
certificate authority (CA) such as the Let’s Encrypt Project (https://letsencrypt.org/) or
purchase one from Comodo, Symantec/Thawte, Symantec/VeriSign, and so on.
Depending on your specific environment, this might or might not be a requirement.
However, if all you need is an encrypted tunnel through which passwords can be sent, a
self-signed certificate works fine.

Running Dovecot
After configuration, the next step is to learn how to control the Dovecot services. This
includes how to start, restart, stop, and enable Dovecot. The following instructions apply to a
Dovecot instance installed via the distro’s package management system. To control or
manage the Dovecot instance compiled and installed from source, you will have to tweak the
steps a bit and specify the correct paths to the commands/binaries.
On Linux distros such as modern versions of Fedora, CentOS, Ubuntu, and RHEL that use
systemd as the service manager, check the status of the Dovecot service by running the
following:

To stop Dovecot (assuming it’s currently running), type this:

To start Dovecot, type this:

To disable Dovecot from automatic startup and stopping it (if running), type this:

To configure the Dovecot IMAP and POP3 services to automatically start up during

TIP Dovecot software suite comes with a built-in administration tool named doveadm. This
tool is distribution agnostic, so you can expect it to work in the same way regardless of
how your Dovecot instance was installed. doveadm is a powerful tool and can be used
to control and manage many aspects of Dovecot, such as reloading, stopping, logging,
testing, and so on.

Checking Basic POP3 Functionality

If everything has worked correctly, you should now have a running IMAP server and POP3
server. The next logical step is to test the services for actual functionality.
We begin by using Telnet to connect to the POP3 server (localhost in this example). From
a command prompt, type the following:

The server is now waiting for you to give it a command. (Don’t worry that you don’t see a
prompt.) Start by submitting your login name as follows:
USER yourlogin

Here, yourlogin is, of course, your login ID. The server might respond with something
like this:

Now tell the server your password using the PASS command:
PASS yourpassword
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Here, yourpassword is your password. The server might respond with this:

You’re now logged in and can issue commands (such as LIST, STAT, and RETR) to read and
manage your mail. Since you are simply validating that the server is working, you can log out
now. Simply type QUIT, and the server will close the connection:

Checking Basic IMAP Functionality

We will use Telnet to connect to the IMAP server (localhost in this example) and test it for
basic IMAP functionality. From the command prompt, type the following:

The IMAP server will respond with something similar to this:

The server is now ready for you to enter commands. Note that like the POP3 server, the
IMAP server will not issue a prompt.
The format for IMAP commands is shown here:

Here, <tag> represents any unique (user-generated) value used to identify (tag) the
command. Example tags are A001, b, box, c, box2, 3, and so on. Commands can be executed
asynchronously, meaning that it is possible for you to enter one command and, while waiting
for the response, enter another command. Because each command is tagged, the output will
clearly reflect what output corresponds to what request.
To log into the IMAP server, simply enter the login command, like so:

Here, <username> is the username you want to test and <password> is the user’s
password. If the authentication is a success, the server will respond with something like this:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

That is enough to tell you two things:

• The username and password are valid.

• The mail server was able to locate and access the user’s mailbox.

With the server validated, you can choose from and issue a multitude of IMAP commands

The server will reply with something similar to this:

The doveconf Utility: Viewing Dovecot Services and Modules

Earlier on, we hinted that dovecot processes provide various services that make up the
Dovecot ecosystem. These are the actual dovecot workhorses. These services themselves
may be implemented by stand-alone modules or via a built-in Dovecot process. Some of
the services are listed in Table 21-2 under the service configuration options. You can
view the details about all the services by using the doveconf utility, like so:

If you want to see the setting of a particular service section, you can do so by dumping
just that section. For example, to dump the service settings for the imap-login service
section alone, run the following:

Services that are implemented via stand-alone modules often have their own module-
specific parameters or options that can be tweaked. The module-specific configuration
files are often stored under the /etc/dovecot/conf.d/ directory. For example, the pop3
service is backed by the pop3 module. To view the module-specific settings for pop3,
type this:

To drill down and view only the namespace section for the pop3 module, type this:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Other Issues with Mail Services

Thus far, we’ve covered enough material to get you started with a working mail server, but
there is still a lot of room for improvements. In this section, we walk through some of the
issues you might encounter and some common techniques to address them.

Soyinka, W. (2020). Linux administration : A beginner's guide, eighth edition. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank')
href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a>
Created from mmulibrary-ebooks on 2021-08-02 07:13:43.
SSL/TLS Security
Best security practices should be a big objective in any mail server (such as POP3 and
IMAP) implementation. Some mail server implementations do not ship with secure options
enabled out of the box (possibly to help make initial configuration easier). Some
implementations may offer varying levels of support for encryption, password-hashing
schemes, user/password databases, and so on. There is also the issue of ensuring that the
majority of e-mail clients that will use the mail server are properly supported. Regardless of
the e-mail server software stack you settle on, you should ensure that, at a minimum, you
enable encryption of the entire protocol stream whenever possible.
Fortunately for us, the Dovecot IMAP and POP3 server implementation that we installed
earlier was written from the ground up with security in mind, and it also ships with sane and
secure default configuration options. This is one of the reasons why we did not need to do too
much in the way of configuring SSL support for our Dovecot instance, thus keeping things
simple! We made sure that the SSL support is enabled and we accepted the default
certificates and keys. Besides keeping things simple, our approach hopefully made for a nice
confidence booster for you to be able to get something working quickly—before we start
tinkering too much and adding other layers of complexity.
The Telnet protocol that we used for testing POP3 and IMAP functionality earlier is not a
secure protocol by default. Rather, by default everything done over Telnet is transmitted in
plain text. So we were connecting and testing the POP3 and IMAP server over an
unencrypted channel. You may be wondering, then, why we said that Dovecot is secure out
of the box. You may also be wondering what’s the point of enabling SSL when the system
allows us to successfully connect insecurely.
Well, we are glad you caught us and called us out before we continue venturing down this
possible path of lies and vignette of deceit. Kindly allow us to explain:

• We assumed that all our testing with Telnet was being done from and to the same
computer (localhost) running the Dovecot server software. The Telnet testing would
have failed if we had tried to do it from a different system.
• By default in Dovecot, plain-text (nonsecure) authentication is always permitted for
connections originating from the localhost. This means you can connect to Dovecot
without using SSL, or even configuring it, whenever you connect from localhost.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Now that we have (hopefully) earned your trust again, we’ll go ahead and make sure our
POP3 and IMAP server is truly secure by testing it from a different computer. We will use the
Swiss Army program of all things related to SSL—the OpenSSL program suite—to do our
testing in the following section.

TIP The operating system’s logging subsystem is an indispensable tool when

troubleshooting mail server issues, so make sure you keep an eye on the log files when
you are troubleshooting issues such as the dovecot service failing to start or restart
properly (for example, via “journalctl -xe -u dovecot”).

Next, reload the firewall rules so that the new rule is immediately active:

Now let’s hop over to a different box and remotely test our Dovecot POP3 and IMAP
services. Let’s assume that our remote Dovecot server’s IP address is 192.168.56.101.

1. Make sure our previous Telnet test will fail if we try to do it from a remote system:

2. The initial connection to the POP3 port, 110, succeeded. Let’s issue the first POP3
command to begin the SASL process. At the Dovecot prompt, start by submitting
your login name as follows:
USER remoteloginname

Here, remoteloginname is the username of a user on the remote Dovecot server with
a POP3 mailbox.
We are immediately stopped from going any further by the response we get from the
remote Dovecot server:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

So, we’ve further supported our claim that nonsecure connections are not supported
by default on a Dovecot server. Issue the QUIT command to end the current POP3
session.
3. Now let’s try to connect to the remote server using openssl. Use openssl to connect
to the same remote POP3 server using STARTTLS:

If the server is listening securely on port 110, you should be greeted with a bunch of

4. As before, the initial connection to the POP3 port 110 succeeded. Let’s issue the first
POP3 command to begin the SASL process. At the Dovecot prompt, submit a login
name as follows:
USER remoteloginname
+OK

The first sign of progress is that the POP3 server allowed us to issue a USER command
and submit the username over the openssl-protected connection.
Issue the POP3 PASS command to submit the password:
PASS password_for_remoteloginname

Here, password_for_remoteloginname is the password associated with the

remoteloginname username.
+OK Logged in.

The “+OK Logged in” output from the server shows that we logged in successfully!
You can now continue to issue other POP3-related commands to interact with the
remote mailbox. Issue QUIT to exit.
5. You can similarly test the IMAP service on the remote Dovecot server using
openssl. Use openssl to connect to the remote IMAP server listening on port 143
using STARTTLS:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

6. You should be able to continue issuing supported IMAP protocol commands (such as
LOGIN, LOGOUT, and so on) to authenticate yourself and interact with the remote
server.

TIP Remember that there isn’t too much point in implementing security if nobody is using
it, so make sure that your mail clients use SSL when connecting to the IMAP or POP3
server. In most of the popular e-mail client programs, such as Thunderbird, Evolution,
Outlook, and so on, the option to enable SSL may be as simple as a check box in the

Availability
In managing a mail server, you will quickly find that e-mail qualifies as one of the most
visible resources on your network. When the mail server goes down, everyone will know,
they will know quickly, and, worst of all, they may even alert you, the administrator, before
you even realize that something is amiss! Thus, it is important that you carefully consider
how you will be able to provide 24/7 availability for e-mail services.
A simple issue that can threaten mail servers is “fat fingering” a configuration—in other
words, making an error when performing basic administration tasks. There is no solution to
this problem other than being careful! When you’re dealing with any kind of production
server, it is prudent to perform each step carefully and make sure you type what you meant to
type. When at all possible, work as a normal user rather than root and use sudo for specific
commands that need root permissions.
The second big issue with managing mail servers is hardware availability. Unfortunately,
this is best addressed with money. The more the better! Make an investment up front in a
good server chassis. Adequate cooling and as much redundancy as you can afford is a good
way to make sure the server doesn’t take a fall over something silly like a CPU fan going out.
Employing dual power supplies is another way to help keep mechanical things from failing
on you. Uninterruptible power supplies (UPSs) for your servers are almost always a must.
Make sure that the server disks are configured in some kind of RAID fashion. This is all to
help mitigate the risk of hardware failure.
Finally, consider expansion and growth early in your design. Your users will inevitably
consume all of your available disk space. The last thing you will want is to start bouncing
mail because the mail server has run out of disk space! To address this issue, consider using
disk volumes that can be expanded on the fly and RAID systems that allow new disks to be
added quickly. This will allow you to add disks to the volume with minimal downtime and
without having to move to a completely new server.

Log Files
Although we’ve mentioned this earlier in the chapter, watching the /var/log/messages,
Copyright © 2020. McGraw-Hill Education. All rights reserved.

/var/log/syslog, /var/log/maillog, and /var/log/mail.log files is a prudent way to manage and

track the activities on your mail server. The Dovecot software provides a rich array of
logging options and log messages to help you understand what is happening with your server
and troubleshoot any peculiar behavior. In short, when in doubt, take a moment to look
through the log files. You’ll probably find a solution or pointer to your problem there.

Summary
This chapter covered some theory behind the IMAP and POP3 protocols, ran through the
complete installation for the Dovecot software (from source and from prepackaged binaries),

Soyinka, W. (2020). Linux administration : A beginner's guide, eighth edition. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank')
href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a>
Created from mmulibrary-ebooks on 2021-08-02 07:13:43.
and discussed how to test connectivity to each service manually. With this chapter, you have
enough information to set up and run a simple POP3 and IMAP server instance.
The chapter also covered enabling secure access to your mail server assets via SSL/TLS.
This is an easy way to prevent clear-text passwords (embedded in IMAP or POP3 traffic)
from making their way into hands that should not have them. We ended by touching on some
basic human- and hardware-related concerns, necessities, and precautions in regard to
ensuring that your mail server is available 24/7.
If you find yourself needing to build out a larger mail system, take the time to read/learn
more about the mail server software of your choice (such as Dovecot, Cyrus, UW IMAP, or
Courier). If you find that your environment requires more groupware functionality (such as
provided with Microsoft Exchange Server), you might want to check out other software, such
as Scalix, Open-Xchange, Zimbra, Horde Groupware, and EGroupware. They all provide
significant extended capabilities at the expense of additional complexity in setup and
configuration.
As with any server software that is visible to the outside world, you will want to keep up
to date with the latest releases. Thankfully, the Dovecot package has shown sufficient
stability and security so as to minimize the need for frequent updates, but a watchful eye is
still nice. Finally, consider perusing the latest IMAP and POP RFCs to understand more
about the protocols. The more familiar you are with the underlying protocols, the easier
you’ll find troubleshooting to be.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

23 Secure Shell (SSH)

In Chapter 16, we discussed techniques (and considerations) for securing your Linux system.
Our discussions emphasized the importance of limiting network-based exposure to your
system to the bare essentials. But what if you need to perform system administrative duties
remotely? How can you reap the benefits of a truly multiuser system if you can’t easily and
securely log into it?
Secure Shell (SSH) was developed to tackle the issue of secure remote logins. SSH is a
suite of network communication tools that are collectively based on an open
protocol/standard that is guided by the Internet Engineering Task Force (IETF). It allows
users to connect to a remote server just as they would using Telnet, rlogin, FTP, and so on,
except that the session is 100 percent encrypted. Someone using a packet sniffer merely sees
encrypted traffic going by. Should they capture the encrypted traffic, decrypting it could
theoretically take a long time!
In this chapter, we take a brief and general look at cryptography concepts. Then we take a
grand tour of SSH, how to get it, how to install it, and how to configure it.

Understanding Public Key Cryptography

A quick disclaimer is probably necessary before proceeding: This chapter is by no means an
authority on the subject of cryptography and, as such, is not the definitive source for
cryptography matters. What you will find here is a general discussion as it relates to systems
administration.
Secure Shell relies on a technology called public-key cryptography. It works similarly to a
safe deposit box at the bank: You need two keys to open the box or at least multiple layers of
Copyright © 2020. McGraw-Hill Education. All rights reserved.

security/checks have to be crossed. In the case of public-key cryptography, you need two
mathematically related keys: a public one and a private one. Your public key can be
published on a public web page, printed on a T-shirt, or posted on a billboard in the busiest
part of town. Anyone who asks for it can have a copy. Any data encrypted with the public
key can be decrypted with the private key. On the other hand, your private key must be
protected to the best of your ability. It is this piece of information that makes the data you
want to encrypt truly secure. Any data signed (encrypted) with the private key can be verified
(decrypted) with the public key. Every public key/private key combination is unique.
The actual process of encrypting data and sending it from one person to the next requires
several steps. We’ll use the popular “Alice and Bob” analogy and go through the process one

Figure 23-1 Alice and Bob exchange public keys via billboard, T-shirt, or over the network.

Figure 23-2 Alice uses Bob’s public key, along with her private key, to encrypt and sign the
data, respectively.

Figure 23-3 Alice sends the encrypted and signed data to Bob.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Figure 23-4 Bob uses Alice’s public key, along with his private key, to verify and decrypt
the data, respectively.

Looking at these steps, you’ll notice that at no point was the secret (private) key sent over
the network. Also notice that once the data was encrypted with Bob’s public key and signed

NOTE SSH supports a variety of encryption algorithms. Public-key encryption just happens
to be one of the more interesting methods of performing end-to-end encryption, and it’s
arguably the most secure!

Key Characteristics
So what exactly is a key? Essentially, a key is a large number that has special mathematical
properties. Whether someone can break an encryption scheme depends on his or her ability to
find out what the key is. Thus, the larger the key is, the harder it will be to discover it.
Low-grade encryption has 56 bits. This means there are 256 possible keys. To give you a
sense of scale, 232 is equal to 4 billion, 248 is equal to 256 trillion, and 256 is equal to 65,536
trillion. Although this seems like a significant number of possibilities, it has been
demonstrated that a loose network of PCs dedicated to iterating through every possibility
could conceivably break a low-grade encryption code in less than a month.
For a key to be sufficiently difficult to break, experts usually recommended minimum key
lengths. Keep in mind that every extra bit effectively doubles the number of possibilities. For
example, if you really want to make the encryption solid, a key size of 2048 bits or higher is
recommended for RSA type keys. Depending on the internal limitations of the key type
(RSA, DSA, ECDSA, and so on), SSH can use various key lengths to encrypt your data.
The trade-off to using higher bit encryption is that it requires more math-processing power
for the computer to churn through and validate a key. This takes time and, therefore, makes
the authentication process a touch slower—but most people think this trade-off is
Copyright © 2020. McGraw-Hill Education. All rights reserved.

worthwhile.

SSH Backstory (Versions)

The first version of SSH that was made available by DataFellows (now F-Secure) restricted
free use of SSH to noncommercial activities; commercial activities required that licenses be
purchased. The early closed source versions of SSH suffered from some serious security
deficiencies. Some of these security issues might have been avoidable if the vendors of the
software had made the source code open. This open access is especially important to
cryptographic software, because it allows peers to examine the source code and make sure

OpenSSH and OpenBSD

The OpenSSH project was spearheaded by the OpenBSD project. OpenBSD is a version of
the Berkeley Software Distribution (BSD) operating system (another UNIX variant) that
strives for the best security of any operating system available. A quick trip to its web site
(www.openbsd.org) shows that the organization has gone over two decades with only two
remote exploits in its default installation. Unfortunately, this level of fanaticism over security
comes at the expense of sometimes not having the most whiz-bang-feature-rich tools
available, since anything added to their distribution must get audited for security first. The
nature and focus of OpenBSD has also made it a popular foundation for firewalls.
The core of the OpenSSH package is considered part of the OpenBSD project and is thus
simple and specific to the OpenBSD operating system. To make OpenSSH available to other
operating systems, a separate group exists to make OpenSSH portable with each new release
issued. Typically, this happens quickly after the original release.

NOTE Since this book focuses on Linux-based operating systems, you will frequently see
versions of OpenSSH for this platform that are suffixed with the letter p, indicating that
they have been ported.

Alternative Vendors for SSH Clients

The SSH client is the client component of the SSH protocol suite. It allows users to interact
with the service(s) provided by an SSH server daemon.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

These days, people work within heterogeneous environments, and it’s impossible to ignore
all the Windows 20**/7/8/10 and macOS systems out there. To allow these folks to work
with a real operating system (Linux, of course!), there must be a mechanism in place for
logging into such systems remotely. Virtually all Linux systems come with their own built-in
SSH clients, and as such, there isn’t any need to worry about them; however, the non-UNIX
operating systems are a different story.
Here is a quick rundown of some SSH clients and other useful SSH resources:

• PuTTY (www.chiark.greenend.org.uk/~sgtatham/putty) This is probably one of

the oldest and most popular SSH implementations for the Win32 (Microsoft

Soyinka, W. (2020). Linux administration : A beginner's guide, eighth edition. ProQuest Ebook Central <a onclick=window.open('http://ebookcentral.proquest.com','_blank')
href='http://ebookcentral.proquest.com' target='_blank' style='cursor: pointer;'>http://ebookcentral.proquest.com</a>
Created from mmulibrary-ebooks on 2021-08-02 07:13:43.
Windows) platforms. It is extremely lightweight and can either be used as a stand-
alone, self-contained executable or be installed like other Windows programs. The
web site also hosts other tools such as pscp, which is a Windows command-line
version of Secure Copy (SCP).
• OpenSSH for Apple systems macOS is actually a UNIX-based and UNIX-
compliant operating system. One of its main core components—the kernel—is based
on the BSD kernel. So you shouldn’t be too surprised that OpenSSH is available on
macOS systems. When you open the terminal application, you can simply issue the
ssh command. macOS systems also ship with an OpenSSH SSH server.
• MindTerm, multiplatform (www.cryptzone.com) This program supports versions
1 and 2 of the SSH protocol. Written in 100 percent Java, it works on many UNIX
platforms (including Linux), as well as Windows and macOS. See the web page for a
complete list of tested operating systems.
• Cygwin (www.cygwin.com) This might be a bit of overkill, but it is well worth the
initial effort involved with getting it set up. It is a collection of tools that provides a
POSIX-compatible environment for Windows. It can be used to run numerous
GNU/Linux programs without extensive changes to their source code. Under Cygwin,
you can run all your favorite GNU/Linux programs, such as bash, grep, find, nmap,
gcc, awk, vim, emacs, rsync, OpenSSH client (ssh), OpenSSH server (sshd), and so
on, as though you were at a traditional GNU/Linux shell.
• FileZilla (https://filezilla-project.org/) The FileZilla client is a cross-platform FTP,
FTPS, and SFTP client.
• PowerShell (https://github.com/PowerShell/openssh-portable) A native port of
OpenSSH to Microsoft Windows platforms via the PowerShell environment.

The Weakest Link

You’ve probably heard the saying, “Security is only as strong as your weakest link.” This
saying is particularly relevant when it comes to OpenSSH and securing your network:
OpenSSH is only as secure as the weakest connection between the user and the server. This
means that, for example, if a user uses Telnet to connect from host A to host B and then uses
ssh to connect to host C, the entire connection can be monitored from the link between host
Copyright © 2020. McGraw-Hill Education. All rights reserved.

A and host B. The fact that the link between host B and host C is encrypted becomes
irrelevant. Be sure to explain these subtle points to your users.

NOTE As you make connections and use services across the Internet, you are crossing
several network boundaries. Each of those providers has full rights and capabilities to
sniff traffic and gather any information they want. For example, someone can easily see
your e-mail as you read it. With SSH and other things being equal, you can rest assured
that your connection is secure.

And, if by some freak occurrence, you don’t have it already installed (or you accidentally
uninstalled it), you can install an OpenSSH server using dnf (or Yum) by issuing this
command:

Installing OpenSSH via APT in Ubuntu

The Ubuntu Linux distribution usually comes with the client component of OpenSSH
preinstalled, but you may sometimes have to (re)install the server component explicitly.
Installing the OpenSSH server using Advanced Packaging Tool (APT) in Ubuntu is as simple
as running this:

The install process will also automatically start the SSH daemon for you after installation.
You can confirm that the software is installed by running the following:
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Downloading, Compiling, and Installing OpenSSH from Source

As mentioned, virtually all Linux distros ship with OpenSSH; however, you may have a
need to roll your own version from source for whatever reason. This section will cover
downloading the OpenSSH software and the two components it needs: OpenSSL and
zlib. Once these are in place, you can then compile and install the software. If you want
to stick with the precompiled version of OpenSSH that ships with your distribution, you
can skip this section and move straight to the section “Server Startup and Shutdown.”
We will use OpenSSH version 8.4p1 in this section, but you can still follow the steps

This will create a directory called openssh-8.4p1 under $HOME/src.

Along with OpenSSH, you will need the proper OpenSSL version. We’ll use
OpenSSL version 1.1.1* (openssl-1.1.1*.tar.gz) in this example. Download the latest
version from www.openssl.org. After downloading OpenSSL, unpack it with the tar
command, like so:

Finally, the last package you need is the zlib library, which is used to provide
compression and decompression facilities. Most modern Linux distributions have this
already, but if you want the latest version, you need to download it from www.zlib.net.
We use zlib version 1.2.11 in our example. To unpack the package in $HOME/src after
downloading, type this:

The following steps will walk through the process of compiling and installing the
various components of OpenSSH and its dependencies:

1. Begin by going into the directory where zlib was unpacked, like so:

2. Then run configure and make:

This will result in the zlib library being built.

3. Install the zlib library:

The resulting library will be placed in the /usr/local/lib directory.

4. Now you need to compile OpenSSL. Begin by changing to the directory where
the downloaded OpenSSL was unpacked:

5. Once you’re in the OpenSSL directory, all you need to do is run config and
make. OpenSSL will take care of figuring out the type of system it is on and

Note that this step may take a few minutes to complete.

6. If all went well, the compilation step should run without problems by spewing a
bunch of stuff on the terminal. If there are any problems, the OpenSSL build
process will report them to you. If you do get an error, you should remove this
copy of OpenSSL and try the download/unpack/compile procedure again.
7. Once you have finished compiling, you can install OpenSSL via the following
command:

This step will install OpenSSL into the /usr/local/ssl directory.

8. You are now ready to begin the actual compile and install of the OpenSSH
package. Change into the OpenSSH package directory, like so:

9. As with the other two packages, you need to begin by running the configure
program. For this package, however, you need to specify some additional
parameters. Namely, you need to tell it where the other two packages got
installed. You can always run ./configure with the --help option to see all of
the parameters, but you’ll find that the following ./configure statement will
probably work fine:

10. Once OpenSSH is configured, simply run make and make install to put all of
the files into the appropriate /usr/local directories:

That’s it—you are done. This set of commands will install the various OpenSSH
binaries and libraries under the /usr/local/ssh/ directory. The SSH server (sshd), for
Copyright © 2020. McGraw-Hill Education. All rights reserved.

example, will be placed under the /usr/local/ssh/sbin directory, and the various client
components will be placed under the /usr/local/ssh/bin/ directory.
Note that even though we just walked through how to compile and install OpenSSH
from source, the rest of this chapter will assume that we are dealing with OpenSSH as it
is installed via RPM or APT (as discussed in previous sections).

Server Startup and Shutdown

If you want users to be able to log into your system via SSH, you will need to make sure that

The sample output shows the service is up and running. On the other hand, if the service is
stopped, issue this command to start it:

If you are connected to the SSH server remotely, you should be very careful before
stopping the service, because you run the risk of kicking yourself off the server once SSHD is
stopped. But, if for some reason, you do need to stop the SSH server, type the following:

If you make configuration changes that you want to go into effect, you can restart the
daemon at any time by simply running this:

On a systemd-enabled Debian-based Linux distro such as Ubuntu, you can also use
systemctl to manage the OpenSSH daemon. Note, however, that the daemon is referred to
as “ssh” in this world and not “sshd” (as in the RPM world).
For example, to view the status of the OpenSSH daemon on an Ubuntu distro, type this:

To start the OpenSSH server, you would run the following:

TIP On an openSUSE distro, the command to check the status of sshd is

And to start it, the command is

SSHD Configuration File

Out of the box, most Linux systems already have the OpenSSH server configured and

• AuthorizedKeysFile Specifies the path to the file that contains the public keys that
can be used for user authentication. The default is
/<User_Home_Directory>/.ssh/authorized_keys.
• Ciphers This is a comma-separated list of ciphers allowed for the SSH protocol
version 2. Examples of supported ciphers are 3des-cbc, aes256-cbc, aes256-ctr,
arcfour, and blowfish-cbc.
• HostKey Defines the file containing a private host key used by SSH. The default is
either /etc/ssh/ssh_host_rsa_key, /etc/ssh/ssh_host_dsa_key,
/etc/ssh/ssh_host_ecdsa_key, or /etc/ssh/ssh_host_ed25519 for protocol version 2.
• Port Specifies the port number on which sshd listens. The default value is 22.
• AllowTcpForwarding Specifies whether Transmission Control Protocol (TCP)
forwarding is permitted. The default is yes.
• X11Forwarding Specifies whether X11 (or Xorg) forwarding is permitted. The
argument must be yes or no. The default is no.
• ListenAddress Specifies the local address on which the SSH daemon listens. By
default, OpenSSH will listen on both Internet Protocol version 4 (IPv4) and Internet
Protocol version 6 (IPv6) sockets. But if you need to specify a particular interface
address, you can tweak this directive.

NOTE sshd_config is a rather odd configuration file. Unlike other Linux configuration
files, out-of-the-box comments (#) in the sshd_config file denote the default values of
the options that are enabled. In other words, the commented-out parameters represent
defaults that are already compiled in.

OpenSSH comes with several useful programs that are covered in this section: the ssh client
program, the Secure Copy (scp) program, and the Secure FTP (sftp) program. The most
common application you will probably use is the ssh client program.

Secure Shell (ssh) Client Program

The ssh client program can be used to securely log into a machine running an sshd server
daemon from any remote location.
By default, the ssh client program assumes that you want to log into the remote system

Or you could use the username@host command format, like so:

You would be prompted with a password prompt from server-B for the user yyang.
But if you just want to log into the remote host without needing to change your login at
the remote end, simply run ssh, like so:

With this command and the proper credentials, you’ll be logged in as the master user at
server-B.
Of course, you can always replace the hostname with a valid IP address, like this:

To connect to a remote SSH server that is also listening on an IPv6 address (for example,
2001:DB8::2), you could try the following:

TIP If you don’t have a remote server to test your ssh/scp/sftp connections, you can easily
switch all references to server-A or server-B to localhost. Similarly, you can also
switch all references to remote IP addresses from 192.168.1.50 to the loopback IP
address of 127.0.0.1. Note that both localhost and 127.0.0.1 refer to your local system.

Creating a Secure Tunnel

This section covers what is commonly called the “poor man’s virtual private network”
(VPN). Essentially, you can use SSH to create a tunnel from your local system to a remote
system. This is a handy feature when you need to access an intranet or another system that is
not exposed to the outside world on your intranet. For example, you can ssh to a file server
that will set up the port forwarding to the remote web server.
Let’s imagine a scenario like the one described next with the following components:

• Inside The inside component consists of the entire local area network, or LAN (the
192.168.1.0 network). It houses various servers and workstations that are accessible
only by other hosts on the inside. Let’s assume that one of the internal servers on the

We already said the entire internal company network (LAN, accounts server, other internal
hosts, and so on) is cut off from the Internet and the home system (hostA) is part of the
public Internet, so what gives? The setup is illustrated in Figure 23-5.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Figure 23-5 Port forwarding with SSH

Enter the poor man’s VPN (aka SSH tunneling). The user yyang will set up an SSH tunnel
to the web server running on “accounts” by following these steps:

1. While sitting in front of her home system (hostA), the user yyang will log into the
home system as herself.
2. Once logged in locally, she will create a tunnel from port 9000 on the local system to
port 80 on the system (named accounts) running the web-based accounting software.

NOTE The complete syntax and meaning of the port-forwarding command is ssh -L
local_port:destination_host:destination_port ssh_server, where local_port is
the local port you will connect to after the tunnel is set up,
destination_host:destination_port is the host:port pair where the tunnel will be
directed, and ssh_server is the host that will perform the forwarding to the end host.

4. After yyang successfully authenticates herself to serverA and has logged into her
account on serverA, she can then launch a web browser installed on her workstation
(hostA).
5. User yyang can use a web browser to access the forwarded port (9000) on the local
system. For this example, she needs to type the Uniform Resource Locator (URL)
http://localhost:9000 into the address field of the browser.
6. If all goes well, the web content being hosted on the accounting server should show
up on yyang’s web browser—just as if she were accessing the site from within the
local office LAN (that is, the 192.168.1.0 network).
7. To close down the tunnel, she simply closes all windows that are accessing the tunnel
and then ends the SSH connection to serverA by typing exit at the prompt.

The secure tunnel affords you secure access to other systems or resources within an
intranet or a remote location. It is a great and inexpensive way to create a virtual private
network between your host and another host. It is not a full-featured VPN solution, since you
can’t easily access every host on the remote network, but it gets the job done.
In this demo, we port-forwarded HTTP traffic. You can tunnel almost any protocol, such
as Virtual Network Computing (VNC) or Remote Desktop Protocol (RDP). Note that this is a
way for people inside a firewall or proxy to bypass the firewall mechanisms and get to
computers on the outside world. The ProxyJump and SOCKS Proxy features of OpenSSH are
alternative methods of transparently traversing firewalls or other barriers to connect to other
hosts/resources.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

OpenSSH Shell Tricks

It is also possible to create a secure tunnel after you have already logged into the remote
SSH server. That is, you don’t have to set up the tunnel when you are setting up the
initial SSH connection. This is especially useful if you have a shell on a remote host and
you need to hop around onto other systems that would otherwise be inaccessible.
SSH has its own nifty little shell that can be used to accomplish this and other neat
tricks.
To gain access to the built-in SSH shell after you log into an SSH server, press these

To set up a tunnel similar to the one we set up earlier, type this command at the ssh
prompt/shell:

To leave or quit the SSH shell, press ENTER on your keyboard, and you’ll be back to
your normal login shell on the system.
While logged in remotely to a system via SSH, simultaneously typing the tilde
character (~) and the question mark (?) will display a listing of all the other things you
can do at the ssh prompt. Note that escapes are recognized only immediately after
newlines.

Here are some of the supported escape sequences:

Secure Copy (scp) Program

Secure Copy (scp) is used for securely copying data from one host to another remote host.
The format and usage of scp is very simple—you only need to know the source and the
destination.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

Suppose user yyang, for example, is logged into her home workstation (client-A) and
wants to copy a file named .bashrc located in the local home directory to her home directory
on server-A. Here’s the command:

If she wants to copy the other way—that is, from the remote system server-A to her local
system client-A—the arguments need to be reversed, like so:

You will then be prompted for your password (similar to a regular ssh session). Once you
have been authenticated, you will see a prompt like the following:

You can issue various sftp commands while at the sftp shell. For example, to list all the
files and directories under the /tmp folder on the sftp server, you can use the ls command:

For a listing of all the commands, just type a question mark (?):

Notice that some of the commands look strikingly similar to the FTP commands discussed
in Chapter 18. Among other things, sftp is handy if you forget the full name of a file you are
looking for, because you can browse the remote file system using familiar FTP commands.

Files Used by the OpenSSH Client

The configuration files for the SSH client and SSH server typically reside in the directory
/etc/ssh/ on most Linux distributions. (If you installed SSH from source into /usr/local/ssh/,
the full path will be /usr/local/ssh/etc/.) If you want to make any system-wide changes to
defaults for the SSH client, you need to modify the /etc/ssh/ssh_config file or its equivalent.
Copyright © 2020. McGraw-Hill Education. All rights reserved.

CAUTION Remember that the sshd_config file is for the server daemon, while the
ssh_config file is for the SSH client! Note the letter d for daemon in the server
configuration filename.

Within a user’s home directory, SSH-related data is stored in the ~username/.ssh/

directory. The file known_hosts stores host key information and is used to guard against
man-in-the-middle attacks. SSH will alert you when remote host keys change. If the keys
have changed for a valid reason—for instance, if the server was reinstalled—you will need to
edit the known_hosts file and delete the line referencing the (now incorrect) identity of the
changed server.

1 Figures 23-1 through 23-4 are based on illustrations by Omolara Soyinka.

Assassin 20140706
100% (4)
Assassin 20140706
2 pages
McAfee ATD Cisco ESA How To Guide 1.1
No ratings yet
McAfee ATD Cisco ESA How To Guide 1.1
12 pages
How To Send Fake Mail Using SMTP Servers
No ratings yet
How To Send Fake Mail Using SMTP Servers
5 pages
SMTP Auth Spam Final
No ratings yet
SMTP Auth Spam Final
25 pages
SMTP
No ratings yet
SMTP
6 pages
E-Mail Server
No ratings yet
E-Mail Server
32 pages
Introduction To Unix: SMTP - Simple Mail Transfer Protocol
No ratings yet
Introduction To Unix: SMTP - Simple Mail Transfer Protocol
23 pages
SMTP
No ratings yet
SMTP
4 pages
Lecture 10 11 Understanding SMTP and FTP Protocols
No ratings yet
Lecture 10 11 Understanding SMTP and FTP Protocols
10 pages
Anarchist Cookbook 2004
No ratings yet
Anarchist Cookbook 2004
12 pages
Simple Mail Transfer Protocol: Waleed Bin Shahid
No ratings yet
Simple Mail Transfer Protocol: Waleed Bin Shahid
30 pages
Applications:Electronic Mail (SMTP, Pop, Imap, Mime) : Presented By-Tarun Lall Badrinath Sai Kumar Praveen
No ratings yet
Applications:Electronic Mail (SMTP, Pop, Imap, Mime) : Presented By-Tarun Lall Badrinath Sai Kumar Praveen
28 pages
Simple Mail Transfer Protocol
No ratings yet
Simple Mail Transfer Protocol
29 pages
CS 39006 Assignment 3
No ratings yet
CS 39006 Assignment 3
7 pages
CN SMPT and Email
No ratings yet
CN SMPT and Email
18 pages
Comenzi Linux 2017 Email
No ratings yet
Comenzi Linux 2017 Email
6 pages
Squid Mailserver
No ratings yet
Squid Mailserver
44 pages
Exp8 2022301002 VirajBhalerao
No ratings yet
Exp8 2022301002 VirajBhalerao
9 pages
SMTP
No ratings yet
SMTP
3 pages
Electronic Mail Servers: Certification Objectives
No ratings yet
Electronic Mail Servers: Certification Objectives
42 pages
Simple Mail Transfer Protocol (SMTP)
No ratings yet
Simple Mail Transfer Protocol (SMTP)
13 pages
13
No ratings yet
13
42 pages
Application Layer: FTP & Email: Notes Derived From "
No ratings yet
Application Layer: FTP & Email: Notes Derived From "
11 pages
Unit V
No ratings yet
Unit V
40 pages
RFC 5321
No ratings yet
RFC 5321
78 pages
Unit V Application Layer Traditional Applications
No ratings yet
Unit V Application Layer Traditional Applications
29 pages
Lab3 3
No ratings yet
Lab3 3
7 pages
Modulo 12
No ratings yet
Modulo 12
67 pages
telnet email and ftp
No ratings yet
telnet email and ftp
15 pages
MAIL SERVERS_english
No ratings yet
MAIL SERVERS_english
23 pages
SMTP: Simple Mail Transfer Protocol: Isaac Liney
No ratings yet
SMTP: Simple Mail Transfer Protocol: Isaac Liney
12 pages
IT221 T Project Template - 1444
No ratings yet
IT221 T Project Template - 1444
9 pages
Unit-5 (1)
No ratings yet
Unit-5 (1)
29 pages
Chapter 8 - Providing E-Mail Services: at A Glance
No ratings yet
Chapter 8 - Providing E-Mail Services: at A Glance
9 pages
Unit-5 Application Layer
No ratings yet
Unit-5 Application Layer
29 pages
Telnet Project
No ratings yet
Telnet Project
16 pages
Email FTP
No ratings yet
Email FTP
38 pages
22d41a0455 (DCN)
No ratings yet
22d41a0455 (DCN)
10 pages
Understanding TCP/IP: PC Network Advisor
No ratings yet
Understanding TCP/IP: PC Network Advisor
6 pages
SMTP - Simple Mail Transfer Protocol What Is SMTP?
No ratings yet
SMTP - Simple Mail Transfer Protocol What Is SMTP?
6 pages
Artificial Neural Networks Conference by Slidesgo
No ratings yet
Artificial Neural Networks Conference by Slidesgo
15 pages
Application SMTP
No ratings yet
Application SMTP
47 pages
SMTP
No ratings yet
SMTP
3 pages
IY5511 2008 2009 Lecture07
No ratings yet
IY5511 2008 2009 Lecture07
70 pages
Unit 1.10 1.11 How Email Works
No ratings yet
Unit 1.10 1.11 How Email Works
40 pages
E-Mails: A Simple Note!
100% (1)
E-Mails: A Simple Note!
31 pages
Install and Configure A Mail Server: Sendmail: Dr. Anuradha Jayakody
No ratings yet
Install and Configure A Mail Server: Sendmail: Dr. Anuradha Jayakody
25 pages
WT7
No ratings yet
WT7
30 pages
Web Based Mail Client
No ratings yet
Web Based Mail Client
11 pages
SMTP(508)CN
No ratings yet
SMTP(508)CN
10 pages
How To Send Fake Mail Using SMTP Servers
No ratings yet
How To Send Fake Mail Using SMTP Servers
5 pages
Chapter 8 Mail Server Basics + Remote Administration
No ratings yet
Chapter 8 Mail Server Basics + Remote Administration
25 pages
CN WK 16 Lec 31 32
No ratings yet
CN WK 16 Lec 31 32
12 pages
Lecture 10
No ratings yet
Lecture 10
12 pages
E Mail Tutorial
No ratings yet
E Mail Tutorial
7 pages
Mail Server
No ratings yet
Mail Server
17 pages
Simple Mail Transfer Protocol
No ratings yet
Simple Mail Transfer Protocol
14 pages
Lecture 10
No ratings yet
Lecture 10
12 pages
Unit V Notes
No ratings yet
Unit V Notes
37 pages
Test Email Flow Using SMTP Commands - Spiceworks Community
No ratings yet
Test Email Flow Using SMTP Commands - Spiceworks Community
2 pages
SMTP Sequence Diagram
No ratings yet
SMTP Sequence Diagram
2 pages
Basic Setup of FortiMail Mail Server
From Everand
Basic Setup of FortiMail Mail Server
Dr. Hidaia Mahmood Alassouli
No ratings yet
376420_LEC06_Normalization_Up
No ratings yet
376420_LEC06_Normalization_Up
51 pages
376875_Lab6
No ratings yet
376875_Lab6
3 pages
376867_Lab2
No ratings yet
376867_Lab2
3 pages
376686_LEC12_ClientSvr_OO_DW_Update
No ratings yet
376686_LEC12_ClientSvr_OO_DW_Update
56 pages
CH 02
No ratings yet
CH 02
55 pages
376418_LEC04_ERDI_Up
No ratings yet
376418_LEC04_ERDI_Up
53 pages
376421_LEC07_BasicSQL_sol
No ratings yet
376421_LEC07_BasicSQL_sol
56 pages
376422_LEC08_AdvancedSQL
No ratings yet
376422_LEC08_AdvancedSQL
64 pages
376338_Lec10 (Topic 5 Inheritance)2
No ratings yet
376338_Lec10 (Topic 5 Inheritance)2
16 pages
376419_LEC05_ERDII_Up
No ratings yet
376419_LEC05_ERDII_Up
42 pages
376378_LEC01_OverviewOfDBNew
No ratings yet
376378_LEC01_OverviewOfDBNew
44 pages
Lec 09 - Random Number
No ratings yet
Lec 09 - Random Number
19 pages
376337_Lec09 (Topic 5 Inheritance)
No ratings yet
376337_Lec09 (Topic 5 Inheritance)
26 pages
Lec 08m - File Handling
No ratings yet
Lec 08m - File Handling
23 pages
Lab 03
No ratings yet
Lab 03
9 pages
Lec 06 - Regular Expression
No ratings yet
Lec 06 - Regular Expression
19 pages
Lec 01 - Python Basic
No ratings yet
Lec 01 - Python Basic
20 pages
Topic 4 - Prob Distributions
No ratings yet
Topic 4 - Prob Distributions
98 pages
Lecture 1b Digital Forensic
No ratings yet
Lecture 1b Digital Forensic
42 pages
TCP Lec09
No ratings yet
TCP Lec09
33 pages
TCP Lec06
No ratings yet
TCP Lec06
39 pages
TCP Lec05
No ratings yet
TCP Lec05
32 pages
TCP Lec07
No ratings yet
TCP Lec07
41 pages
TCP Lec01
No ratings yet
TCP Lec01
32 pages
Tutorial 12
No ratings yet
Tutorial 12
3 pages
TCP Lec02
No ratings yet
TCP Lec02
39 pages
TCP Lec03
No ratings yet
TCP Lec03
44 pages
4600 Mails in US
No ratings yet
4600 Mails in US
78 pages
List of 366 Proxy Websites
No ratings yet
List of 366 Proxy Websites
10 pages
Unlimited by Rolfe Goodenmeyer
No ratings yet
Unlimited by Rolfe Goodenmeyer
16 pages
Network Protocols and Architecture: (Application Layer and Services)
No ratings yet
Network Protocols and Architecture: (Application Layer and Services)
15 pages
Imap
No ratings yet
Imap
257 pages
DNS and Email
100% (1)
DNS and Email
23 pages
Exchange Server Interview Questions
100% (1)
Exchange Server Interview Questions
110 pages
Enable POP - Gmail Help
No ratings yet
Enable POP - Gmail Help
2 pages
Index of Greek Lessons - Pappas
No ratings yet
Index of Greek Lessons - Pappas
2 pages
ICEWRAP DOMAIN and ACCOUNT REFERENCE
No ratings yet
ICEWRAP DOMAIN and ACCOUNT REFERENCE
122 pages
Tera Romm 4
No ratings yet
Tera Romm 4
6 pages
The Sandman – Overture 005 (2014) Read All Comics Online
No ratings yet
The Sandman – Overture 005 (2014) Read All Comics Online
1 page
Quote Rigol DSA-815-TG
No ratings yet
Quote Rigol DSA-815-TG
1 page
Spam Traps Cheat Sheet 1
No ratings yet
Spam Traps Cheat Sheet 1
4 pages
How Much How Many Speaking
No ratings yet
How Much How Many Speaking
1 page
MIX ALL HITS BY MEGALODON (12)
No ratings yet
MIX ALL HITS BY MEGALODON (12)
219 pages
Ngin 2
No ratings yet
Ngin 2
5 pages
Gmail - Accenture Location Details
No ratings yet
Gmail - Accenture Location Details
3 pages
PHP PROJECT by fvxhjjvbs,vjksbzhjkc,
No ratings yet
PHP PROJECT by fvxhjjvbs,vjksbzhjkc,
21 pages
10 Minute Mail
No ratings yet
10 Minute Mail
2 pages
RSB Equity Group Roy Mullman FDCPA PDF
No ratings yet
RSB Equity Group Roy Mullman FDCPA PDF
2 pages
SMTP Pen Testing
No ratings yet
SMTP Pen Testing
4 pages
Google_[Chrome]_Profile 13 Network
No ratings yet
Google_[Chrome]_Profile 13 Network
1 page
DSHS - 2009 April 29 - DSHS Once Again Denies Possession of School District Survey Reports
No ratings yet
DSHS - 2009 April 29 - DSHS Once Again Denies Possession of School District Survey Reports
3 pages
HOWTO Virtual Mail Hosting CentOS 6 - Postfix Postfixadmin Webmail
No ratings yet
HOWTO Virtual Mail Hosting CentOS 6 - Postfix Postfixadmin Webmail
16 pages
How To Configure Mail Gateway Service Limits: Barracuda Cloudgen Firewall
No ratings yet
How To Configure Mail Gateway Service Limits: Barracuda Cloudgen Firewall
4 pages
Enable The MRS Proxy Endpoint For Remote Moves in Exchange Server
No ratings yet
Enable The MRS Proxy Endpoint For Remote Moves in Exchange Server
7 pages
"502 Bad Gateway" Gitlab Error in Nginx Server
No ratings yet
"502 Bad Gateway" Gitlab Error in Nginx Server
3 pages