Reverse engineering a mailserver

Hi Guys,
Was given a EOL mailserver with no documentation from a previous Admin, I have very no experience with mailservers but now have to update it from Centos 6 to 7 and transfer all the data, without actually knowing how it works, so any Ideas on how to go about reverse engineering the previous admins work?

Centos?

yes sorry

I would look at the running services either with ps or see what is set to start with either systemd or /etc/init.d. I forget which that version of CentOS uses.

Research anything you don’t recognize. The mail service will probably be sendmail, exim or postfix. There will probably be additional services for scanning spam, antivirus, etc. Then it might run an IMAP service like Cyrus imapd. Or some other thing. You’re going to need to learn how to read the service configuration files.

I have also seen very complex systems using SQL databases and web services, where email attachments are extracted and replaced with HTTP links because the email users love to copy 50 MB attachments to entire departments. If this is one of those, good luck.

4 Likes

Thanks for the input

There is a recent security problem with exim. If your server is using this, please upgrade to the latest version.

1 Like

Yeah. It seems like there is always a security problem with somebody’s mail server software every month or two.

2 Likes

Start by figuring out what mail server is running.
netstat -lntp and ps -ef should do.

Then learn the config syntax for that mail server and look in the config directory to see where the mail is stored, what other services it is communicating with, how it is relaying messages, etc.

Look for related services and figure them out, too. Probably some spam filtering, other types of mail filters, perhaps there are other servers for the IMAP/POP3. And is there a web front-end for e-mail, too?

I have always wanted to try running my own mail server, but never gotten around to seriously researching it; do qmail and opensmtpd have a good reputation?

back on topic:
Regarding more common daemons, I think for a while at least dovecot was a popular IMAP server (it may also include some other functionality, but I forget what), so you could see that being used as well.

Common web frontends are Roundcube, Horde, and Squirrelmail.

Heck if I know. I’ve only ever run sendmail and exim, myself. So far with exim, SELinux has saved me from any too serious attackers. The one time I was slow on updates the attack scripts had no idea how to handle not being able to write to directories. They thought they were root (which they were).

1 Like

Thanks for all the ideas.