Tài liệu Chapter-27-Electronic mail -servers pptx

16 497 1
Tài liệu Chapter-27-Electronic mail -servers pptx

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

Thông tin tài liệu

2Apr il 2003, 17:00:47 The Complete FreeBSD (mta.mm), page 489 27 Electronic mail: ser vers In this chapter: • Howmail gets delivered • Installing postfix • Rejecting spam • Running postfix at boot time • Downloading mail from your ISP • Mailing lists: majordomo In this chapter: • Howmail gets delivered • Installing postfix • Rejecting spam • Running postfix at boot time • Downloading mail from your ISP • Mailing lists: majordomo In the previous chapter,welooked at email from a user perspective.The other part of a mail system is the Mail Transfer Agent,orMTA.Asthe name suggests, MTAs perform the transfer of mail from one system to another.Specifically,theyperform three related tasks: • Theysend outgoing mail, in other words mail that originates from their system. If the destination system is not available, theylook for an alternative system, and if none is available, theyretry delivery at a later date. Typically an MTAwill retry every 30 minutes for fivedays before giving up. • Theyreceive incoming mail, possibly for multiple domain names. Theymay be quite pickyabout howtheyperform this task: since the advent of spam, a number of techniques have dev eloped. We’ll look at some in the section on postfix configuration. • They relay mail. Consider the case where a sending MTAcan’treach the destination MTAand chooses an alternative.The alternative MTA iscalled a relay,and it must be prepared to deliverthe mail to the final recipient at a later time. Until a fewyears ago, MTAs performed relaying by default, but the advent of spam has changed that radically. Mail has been around for a long time now, well over25years. In that time, manymail systems have come and gone. One seems to have been around for ever: the sendmail MTA. sendmail has an unparalleled reputation. On the one hand, it can do just about anything, but on the other hand, its configuration file is one of the most arcane evertobe mta.mm,v v4.15 (2003/04/02 05:01:57) 489 The Complete FreeBSD 490 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 490 seen. Still, it’sholding well against the competition, and it is still actively being developed. The definitive book on sendmail,called the ‘‘bat book’’after its cover, was written by Bryan Costales and others (O’Reilly)—see Appendix A, Bibliography for more details. It is over1000 pages long. Obviously this book can’tcompete with it. The good news about sendmail is: it works. It is possible to install sendmail and run it with no configuration whatsoever. The less good news is that in the past fewyears it has been constantly changing, and anyinformation I write here is liable to be out of date by the time you read it. As a result, I recommend: If sendmail works for you, use it. If you havedifficulties, use postfix instead. The following sections showhow toconfigure a mail system using postfix.Ingeneral, sendmail is quite similar.You’ll find every detail in the bat book, and the original sendmail distribution, available from http://www.sendmail.org/ ,contains instructions for experts. Howmail gets delivered Ideally,tosend mail, the source MTAcontact the destination MTAand sends the message. In practice, this doesn’talways work. Here’sthe general method: • Each time an MTAreceivesamessage not addressed to its system, this MTAcollects all MX records for the destination that are not higher than its own MX record. • If the MTAfinds anyMXrecords, it attempts to send to one of them, starting at the lowest preference. • If the lowest MX record points to the MTA’ s ownmachine, then there’samail misconfiguration: the MTAdoesn’tknowwhat to do with it locally,but the MX is telling it to deliveritlocally.When this happens, the MTAreject the message (‘‘mail loops back to myself’’). • If there are no MX records at all (which implies that the MTAdoesn’thav e one either), most, but not all versions of sendmail will look up an A record for the system name. If theyfind one, theywill try to deliverthere, and only there. • If all else fails, the MTArejects the message (‘‘can’tfind the destination’’). MTAfiles MTAs use three different kinds of files: • Configuration files tell the MTAwhat to do. Typical configuration issues include what name to present to the outside world, and when to accept mail for delivery and when to reject it. The issue of spam (unsolicited commercial email) makes this quite mta.mm,v v4.15 (2003/04/02 05:01:57) 491 Chapter 27: Electronic mail: servers 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 491 acomplicated issue. postfix keeps its configuration files in the directory /usr/lo- cal/etc/postfix,and sendmail keeps them in /etc/mail. • Outgoing postfix mail is stored in the directory hierarchy /var/spool/postfix,while sendmail currently stores its mail in the hierarchies /var/spool/mqueue and /var/spool/clientmqueue. • Incoming mail is stored in the directory /var/mail.Normally each user gets a file that corresponds to his user name. Who gets the mail? According to RFC 2822, a mail ID is something like grog@example.org.This looks very much likeauser ID, the @ sign, and the name of a machine. This similarity is intended, but it’sstill only a similarity.Consider the system manager of example.org.At different times he might send mail from freebie.example.org, bumble.example.org,and wait.example.org.Ifthe mail ID were associated with the machine, he would have three different mail IDs: fred@freebie.example.org, fred@bumble.example.org and fred@wait.example.org.Itwould makethings a whole lot simpler (and easier to type) if his mail ID were simply fred@example.org.This name change is called masquerading. One way to do this would be to associate the name example.org as a CNAME with one of the machines—say wait.example.org.This would work, but it would mean that mail would always have tocome from and go to wait.example.org.Iffor anyreason that machine were inaccessible, the mail would not get through. In practice, it’spossible to run MTAs on more than one machine. DNS solves this problem with a special class of record, the MX record (mail exchanger). MX records can point to more than one machine, so if one machine is not accessible, the mail can be sent to another.Wesaw how toadd them on page 370. MX records are not directly associated with anyparticular machine, though theypoint to the names of machines that run an MTA. Installing postfix postfix is in the Ports Collection, not the base system, so before you can use it, you must install it. It is an interactive port: at various points in the installation process it asks for input. The first is a menu offering optional additional configurations, as shown in Figure 27-1. For the configuration in this book, you don’tneed anything in addition to what the menu suggests; just select OK and continue. Some time later you get the informational messages: Added group "postfix". Added group "maildrop". Added user "postfix". You need user "postfix" added to group "mail". Would you like me to add it [y]? Enter pressed Done. mta.mm,v v4.15 (2003/04/02 05:01:57) Installing postfix 492 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 492 Figure27-1: Postfix configuration menu The build continues for a while, and finally you get the information: Installed HTML documentation in /usr/local/share/doc/postfix ===> Generating temporary packing list Would you like to activate Postfix in /etc/mail/mailer.conf [n]? y The output goes on to explain which flags to set in your system configuration file /etc/rc.conf.Inparticular,ittells you to set sendmail_enable and finishes by saying ‘‘This will disable Sendmail completely.’’This may look strange, especially if you don’t have any sendmail-related entries in /etc/rc.conf.Why should setting sendmail_enable to YES disable sendmail?Well, it’sasomewhat unfortunate choice of naming, and it’s possible it will change, but the answer is in the details: sendmail_enable should really be called something like mail_enable.The other sendmail parameters turn offall sendmail-related components. Configuring postfix postfix requires only one configuration file, /usr/local/etc/postfix/main.cf.This file contains a large number of comments: with a little experience you can configure it without anyoutside help. In this section, we’ll look at some of the entries of interest. #The mail_owner parameter specifies the owner of the Postfix queue #and of most Postfix daemon processes. Specify the name of a user #account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS #AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In #particular, don’t specify nobody or daemon. PLEASE USE A DEDICATED #USER. # mta.mm,v v4.15 (2003/04/02 05:01:57) 493 Chapter 27: Electronic mail: servers 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 493 mail_owner = postfix Older MTAs used to run as root,which made it easier to write exploits transmitted by mail. Modern MTAs use a dedicated user ID. As we sawabove,the postfix user gets added to your password files when you install it. sendmail uses another user ID, smmsp. Don’tchange this entry. Host and domain names Asignificant portion of the configuration file defines host names. By default, the variable myhostname is the fully qualified host name of the system, for example freebie.exam- ple.org.You should normally leave itlikethat; it’snot identical to the name that will appear on outgoing mail. The next variable is mydomain,which defaults to the domain name of the system. Again, you won’tnormally want to change it. Then comes the variable myorigin,which is the name that appears on outgoing mail. It defaults to myhostname,which is probably not a good choice. As suggested above,a better name would be the domain name, mydomain.Makethe following changes to main.cf : #The myorigin parameter specifies the domain that locally-posted #mail appears to come from. The default is to append $myhostname, #which is fine for small sites. If you run a domain with multiple #machines, you should (1) change this to $mydomain and (2) set up #adomain-wide alias database that aliases each user to #user@that.users.mailhost. # #myorigin = $myhostname myorigin = $mydomain In the original configuration file, the last line is present, but it is ‘‘commented out’’: it starts with the # character.Just remove this character. The next variable of interest is mydestination.This is a list of host and domain names for which the MTAconsiders itself the final destination (in other words, it accepts mail for final delivery). By default, it accepts mail addressed to the name of the machine ($myhostname in postfix parlance) and also localhost.$mydomain,the local host name for this domain. In particular,itdoes not accept mail addressed to the domain, so if you send mail as fred@example.org,any reply will bounce. To fixthis, add $mydomain to the list. Youmight also want to accept mail for other domains. Forexample, if you also wanted to accept mail for beispiel.org,you would add that name here as well. The result might look likethis: #mydestination = $myhostname, localhost.$mydomain #mydestination = $myhostname, localhost.$mydomain $mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain, beispiel.org Forthe mail for beispiel.org to actually be delivered to this machine, the lowest priority mta.mm,v v4.15 (2003/04/02 05:01:57) Installing postfix 494 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 494 MX record for beispiel.org must point to this host. Further down, we’ll see a feature called virtual hosting.This is a way to allocate email addresses to people without a UNIX account on this machine. It works at the user level, not the domain name level. Relaying mail One of the favourite tricks of spammers is to send their mail via another system to give it the aura of respectability.This is doubly annoying for the ‘‘other’’system: first, it givesit the reputation of being a spammer,and secondly it often incurs expense, either for data charges or simply from congestion. postfix has a number of tricks to help. The first specifies which networks to trust: postfix will relay mail coming from these networks. Youcould consider this to be ‘‘outgoing’’mail, though the methods postfix uses don’t makethis assumption. By default, postfix trusts your network and the localhost network 127.0.0.0/8, in other words with a net mask 255.0.0.0. But howdoes it knowthe net mask for your network? There are twopossibilities: you tell it, or it guesses. postfix is pretty simplistic when it comes to guessing. It takes the default net mask for the address class, so if your IP address is, say,61.109.235.17 (a ‘‘class A’’ network), it will accept mail from anynetwork whose first octet is 61. Iknowofatleast 20 sources of spam in that range. In almost every case, you should specify the network and mask explicitly: mynetworks = 223.147.37.0/24, 127.0.0.0/8 This is a good choice where you knowthe name of the originating networks, for example systems that expect you to handle the mail connection to the outside world. But what if you want to accept mail from anywhere addressed to specific domains? Consider this ‘‘incoming’’mail, though again that’snot the way postfix looks at it. Forexample, maybe you’re a backup MX for beispiel.de,soyou want to accept anymail sent to that domain. In that case, you want to relay mail to this domain no matter where it comes from. For this case, use the relay_domains variable, a list of domain names for which postfix will always relay.You might put this in your main.cf : relay_domains = $mydestination, $mydomain, beispiel.de Youcan also use the permit_mx_backup variable to accept mail for anydomain that lists you as a secondary MX. This is very dangerous: you don’thav e anycontrol over who lists you as a secondary MX, so anyspammer could takeadvantage of this setting and use you for a relay. Aliases revisited On page 481 we looked at howtoset up individual aliases for use with mutt. postfix and sendmail also have analias facility,this time at the system level. The system installs a file called /etc/mail/aliases.It’sthere by default, so there’snoparticular reason to move it. The default /etc/mail/aliases looks like: mta.mm,v v4.15 (2003/04/02 05:01:57) 495 Chapter 27: Electronic mail: servers 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 495 #Basic system aliases -- these MUST be present MAILER-DAEMON: postmaster postmaster: root #General redirections for pseudo accounts bin: root daemon: root games: root ingres: root nobody: root system: root toor: root uucp: root #Well-known aliases -- these should be filled in! #root: #manager: #dumper: #operator: root: grog Each line contains the name of an alias, followed by the name of the user who should receive it. In this case, mail addressed to the users bin, daemon, games, ingres, nobody, system, toor and uucp will be sent to root instead. Note that the last line redefines root to send all mail to a specific user. Youmust run the newaliases program after changing /etc/aliases to rebuild the aliases database. Don’tconfuse this with the newalias program, which is part of the elm MUA. Acouple of other uses of aliases are: • Youcan also use an alias file for spam protection. If you want to subscribe to a mailing list, but you are concerned that spammers might get hold of the contents of the mailing list, you could subscribe as an alias and add something like: frednospamplease: fred If you do get spam to that name, you just remove the alias (and remember neverto have any dealings with the operator of the mailing list again). • Another use of aliases is for majordomo,the mailing list manager we’ll look at on page 503. By default, postfix doesn’thav e aspecific alias file. main.cf contains: #alias_maps = dbm:/etc/aliases #alias_maps = hash:/etc/aliases #alias_maps = hash:/etc/aliases, nis:mail.aliases #alias_maps = netinfo:/aliases The texts dbm, hash and netinfo describe the kind of lookup to perform. For sendmail compatibility,wewant hash.Assuming you also want to run majordomo,add the line: mta.mm,v v4.15 (2003/04/02 05:01:57) Installing postfix 496 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 496 alias_maps = hash:/etc/mail/aliases,hash:/usr/local/majordomo/aliases.majordomo Rejecting spam One of the biggest problems with email today is the phenomenon of spam,unsolicited email. Currently the lawand ISPs are powerless against it. Hopefully the community will find solutions to the problem in the future, but at the moment keeping spam to manageable proportions is a battle of wits. There are a number of ways to combat it, of course: • Reject mail from domains known to be spammers. postfix helps here with a file called /usr/local/etc/postfix/access,which contains names of domains to reject. There are a couple of problems with this approach: • It’srelatively easy to register a domain, so you may find the same spam coming from a different location. • It’srelatively easy to spoof adomain name. Mail is regularly relayed, so you have togobythe name on the From line. But you can forge that, so you often see mail from yahoo.com or hotmail.com that has neverbeen near those ISPs. Obviously it doesn’thelp to complain to the ISP. • Of course, if the names are spoofed, you can still find out where the message really came from from the headers, as we sawonpage 482. Or can we? There are two issues there: firstly,ifthe message has gone by another system, a relay,you can’trely on the headers further back than one hop. Anything beyond that can be forged. In the olden days, MTAs would accept mail for relaying from anysystem: theywere so-called open relays.Spammers have found this very useful, and nowmost systems have restricted relaying to specific trusted systems. There are still a large number of open relays on the net, though. This is a problem that could theoretically happen to you: if your system is an open relay,you could end up delivering spam without evenknowing it. By default, all current MTAs supplied with FreeBSD refuse to relay,but it’spossible to (mis)configure them to be open relays. Be aware of the problems. But what if you get a message likethis? Received: from femail.sdc.sfba.home.com (femail.sdc.sfba.home.com [24.0.95.82]) by wantadilla.lemis.com (Postfix) with ESMTP id BCBFF6ACC0 for <webmaster@lemis.com>; Tue, 19 Jun 2001 13:50:57 +0930 (CST) Received: from u319 ([24.21.217.142]) by femail2.sdc1.sfba.home.com (InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP id <20010619042005.FBWM26828.femail2.sdc1.sfba.home.com@u319>; Mon, 18 Jun 2001 21:20:05 -0700 From: britneyvideo1234@yahoo.com To: Subject: stolen britney spears home video!!! Date: Thu, 19 Jun 2025 13:52:44 -0200 mta.mm,v v4.15 (2003/04/02 05:01:57) 497 Chapter 27: Electronic mail: servers 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 497 This message has come from the domain home.com,though it’sclaiming to come from yahoo.com,but the IP address of the originating MTAdoes not resolvetoa name. The format of the Received: headers is: announced-name (real-name [real-IP]) The first header is correct: the name it claims to be (femail.sdc.sfba.home.com) matches the reverse lookup. In the second case though, u319 is not a valid fully- qualified domain name, and there is no second name: the reverse lookup failed. Some MTAs use the word unknown in this case, and some evenadd a warning. Whyshould the IP of an MTAnot resolve? It’sideal for spammers, of course: it makes them almost impossible to trace. In this case, it’sprobable that the IP range belongs to home.com,because theyaccepted the message for relaying, but the lack of avalid reverse lookup says nothing for their professionalism. • Anumber of commercial and public service sites maintain a list of known spam sites. Youcan use them to decide whether to accept a mail message. • The previous example shows another obvious point: this message has been forged to appear to come from yahoo.com.All messages that really come from Yahoo! have a header of this nature: Received: from web11207.mail.yahoo.com (web11207.mail.yahoo.com [216.136.131.189]) by mx1.FreeBSD.org (Postfix) with SMTP id 4079E43E65 for <freebsd-arch@freebsd.org>; Mon, 7Oct 2002 10:39:14 -0700 (PDT) (envelope-from gathorpe79@yahoo.com) So if you can recognize messages claiming to come from yahoo.com,but without this kind of header,there’sagood chance that they’re spam. So howdoweuse this information to combat spam? postfix helps for the first three, but we need other tools for the last. The rules for blocking unwanted messages are not included in /usr/local/etc/post- fix/main.cf.Instead, they’re in /usr/local/etc/postfix/sample-smtpd.cf.Copythose you want to the bottom of your /usr/local/etc/postfix/main.cf.Specifically,the variables of interest are smtpd_helo_restrictions (which relates to the sending MTA, which could be a relay), and smtpd_sender_restrictions,which relates to the (claimed) original sender.See sample-xmtpd.cf for details of all possible restrictions. The more interesting ones are: • reject_unknown_client:reject the request if the client hostname is unknown, i.e. if the DNS reverse lookup fails. • reject_maps_rbl:reject if the client is listed under $maps_rbl_domains.We’ll discuss this below. • reject_invalid_hostname:reject hostname with bad syntax. mta.mm,v v4.15 (2003/04/02 05:01:57) Rejecting spam 498 2April 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 498 • reject_unknown_hostname:reject hostname without DNS A or MX record. • reject_unknown_sender_domain:reject sender domain without A or MX record. This is probably a forged domain name. • check_sender_access maptype:mapname.Look the sender address up in the specified map and decide whether to reject it. We’lllook at this in more detail below. • reject_non_fqdn_hostname:reject HELO hostname that is not in FQDN form. • reject_non_fqdn_sender:reject sender address that is not in FQDN form. Rejecting known spam domains If you have identified domains that you would rather not hear from again, use the form check_sender_access maptype:mapname.Bydefault, the map is stored in /usr/lo- cal/etc/postfix/access.db.Add the following text to main.cf : smtpd_sender_restrictions = hash:/usr/local/etc/postfix/access Note that the .db is missing from the name. Nowadd this line to the file /usr/local/etc/postfix/access,creating it if necessary: spamdomain.com 550 Mail rejected. Known spam site. This form rejects messages from this domain with SMTP error code 550 and the message that follows. As we have seen, postfix reads the file /usr/local/etc/postfix/access.db,not /usr/lo- cal/etc/postfix/access.Use the postmap program to create or update /usr/local/etc/post- fix/access.db: # postmap /usr/local/etc/postfix/access The changes to /usr/local/etc/postfix/main.cf depend on other items as well, so we’ll look at them at the end of this discussion. To judge by the name, spamdomain.com is probably a hard-core spam producer.But there are others, notably large ISPs with little or no interest in limiting spam, and they also have innocent users who will also be blocked. If you find out about it, you can make exceptions: spamdomain.com 550 Mail rejected. Known spam site. innocent@spamdomain.com OK Don’tforget to re-run postmap after updating alias.One way is to create a Makefile in /usr/local/etc/postfix with the following contents: mta.mm,v v4.15 (2003/04/02 05:01:57) [...]... default, the system starts sendmail at boot time You don’t need to do anything special Just set the following parameters in /etc/rc.conf : sendmail_enable="YES" sendmail_flags="-bd" sendmail_outbound_enable="NO" sendmail_submit_enable="NO" sendmail_msp_queue_enable="NO" The flags have the following meanings: • sendmail_enable is a bit of a misnomer It should be called mail_ enable • -bd means become... system where the mail is queued: $ telnet mail. example.net smtp Trying 139.130.237.17 Connected to mail. example.net Escape character is ’ˆ]’ 220 freebie.example.org ESMTP Sendmail 8.8.7/8.8.7 ready at Mon, 5 May 1997 12:55:10 +0930 (CST) etrn freebie.example.org 250 Queuing for node freebie.example.org started quit 221 mail. example.net closing connection Connection closed by foreign host The mail starts... speed demon: if you have a lot of mail to transfer, be prepared to wait much longer than an SMTP MTA would take Mailing lists: majordomo majordomo is a mail list manager If you run mailing lists, you probably want to use majordomo: it saves you manually modifying the mailing lists As usual, you can find majordomo in the Ports Collection, in the directory /usr/ports /mail/ majordomo When installing, you’ll... mail_ enable • -bd means become daemon: postfix runs as a daemon and accepts incoming mail sendmail uses an additional parameter, usually something like -q30m This tells sendmail how often to retry sending mail (30 minutes in this example) postfix accepts this option but ignores it Instead, you tell it how often to retry mail (‘‘run the queue’’) with the queue_run_delay parameter in the configuration file,... quit +OK Pop server at freebie.example.com signing off Connection closed by foreign host fetchmail: the client Install fetchmail from the Ports Collection To run it, just specify the name of the server from which you want to load the mail $ fetchmail hub querying hub Enter mailserver password: doesn’t echo QPOP (version 2.3) at hub.freebsd.org starting ... connected, this doesn’t seem to be a problem: the mail will be sent to that system instead When you connect, the mail can be sent to you How does the mail system know when you connect? Normally it doesn’t That’s the first problem Most systems set up their MTA to try to deliver mail every 30 to 120 minutes If you are connected that long, the chances are good that the mail will be delivered automatically, but... Chapter 27: Electronic mail: servers reading message 2 flushing message 3 reading message 3 flushing message 4 reading message 4 flushing message 5 reading message 5 fetchmail and popper are relatively simple to use if you have to, but they add another level of complexity to the mail system, and they require additional work in a system that is designed to be automatic In addition, fetchmail is not a speed... test-l, which you should remove once you have things up and running • Ensure that there is a mail user majordomo-owner on the system The best way to handle this is to add an entry in /etc /mail/ aliases (see page 494): majordomo-owner: root Since root should be an alias for your mail ID, this will mean that you get the mail for majordomo-owner as well Don’t run postmap or newaliases yet mta.mm,v v4.15 (2003/04/02... 2003, 17:00:47 The Complete FreeBSD ( /tools/tmac.Mn), page 501 501 250 8BITMIME mail from: grog@example.org 250 Ok rcpt to: grog@example.org 250 Ok data 354 End data with . Test data 250 Ok: queued as 684F081471 quit 221 Bye Connection closed by foreign host Chapter 27: Electronic mail: servers who the mail is from and who it goes to start the message body The message End of message... transferring already-delivered mail to another site It consists of two parts, the client and the server A number of both clients and servers are available In this discussion, we’ll look at the server popper and the client fetchmail, both of which are in the Ports Collection popper: the server Install popper from the Ports Collection in the usual manner: # cd /usr/ports /mail/ popper # make install popper . sendmail keeps them in /etc /mail. • Outgoing postfix mail is stored in the directory hierarchy /var/spool/postfix,while sendmail currently stores its mail. your ISP • Mailing lists: majordomo In the previous chapter,welooked at email from a user perspective.The other part of a mail system is the Mail Transfer

Ngày đăng: 11/12/2013, 00:15

Từ khóa liên quan

Tài liệu cùng người dùng

  • Đang cập nhật ...

Tài liệu liên quan