Test SMTP Auth 
Thursday, 24 September 2015, 19:07 - Mail stuff
Posted by Administrator
Sometimes, you need to test SMTP auth (for sending e-mails) is working properly and you don't want (or can't) test with an ordinary email client.

One can test using a telnet session. But first, you must encode username and password using this command snipplet:
echo -en "testlogin" | openssl enc -base64
dGVzdGxvZ2lu
echo -en "testpass" | openssl enc -base64
dGVzdHBhc3M=

Then:
telnet <your_server_address> 25 (or 587)

Now you do the same as an e-mail client:
HELO mybox.mydomain.tld
250 host.domain.tld
AUTH LOGIN
334 VXNlcm5hbWU6
dGVzdGxvZ2lu
334 UGFzc3dvcmQ6
dGVzdHBhc3M=
235 2.7.0 Authentication successful
quit
221 2.0.0 Bye

If something with "Authentication successful" appears, login was able to authenticate against the mail server for sending e-mail.

REMARK: There are some other sites with examples in perl that don't work with full e-mail address usernames (user@domain.tld) because of lack of escaping the "@" sign that designates a perl array.
add comment ( 2135 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 169 )
Turning SSLv3 off on Apache Server to mitigate "POODLE" attack (CVE-2014-3566) 
Thursday, 16 October 2014, 10:22 - Apache Stuff, OpenSSL
Posted by Administrator
Add the following to your SSL configuration section:

# Disable SSLv2 & SSLv3 against POODLE issue (CVE-2014-3566)
SSLProtocol All -SSLv2 -SSLv3

Note to insert this to all VirtualHost sections where SSL is enabled!

Check your config:
apachectl configtest

Then restart apache server:
sudo service apache2 restart

To check if SSLv3 is turned off:
openssl s_client -connect server.domain.tld:443 -ssl3

Then you shold see a message like this:
error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40

To disable SSLv3 within other services:
see this post
add comment ( 2562 views )   |  permalink   |  related link   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 3553 )
Check certificate on a server 
Wednesday, 4 June 2014, 18:26 - Knowledge, OpenSSL
Posted by Administrator
Issue the following command:
openssl s_client -CApath /etc/ssl/certs/ -connect <host.domian.tld>:993

For testing on a mail server supporting both non-encrypted and encrypted (TLS) connections using STARTTLS method:
openssl s_client -CApath /etc/ssl/certs/ -starttls smtp -connect <host.domian.tld>:25


There should be stated quite at end of command output:
    Verify return code: 0 (ok)

before an eventual greeting message of the server.

A bit above, you can check the certificate chain completeness:
Certificate chain
0 s:/description=3UwjnK9kRZ2wUo8e/C=CH/CN=domain1.ownspace.ch/emailAddress=hostmaster@ownspace.ch
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
---

The last i(ssuer) is the root cert that most client will trust.
add comment ( 2744 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 2624 )
Postfix Mail Queue Cleaner 
Monday, 14 April 2014, 12:17 - Tools & more, Knowledge, Postfix Stuff
Posted by Administrator
This small shell script removes all messages originating from a certain sender address out of the postfix mail queue.


#! /bin/bash
if [ "$1" == "" ]; then
echo "please give e-mail address"
exit 1
else
emailaddr=$1
fi
for id in `mailq | egrep "[0-9A-F]{10} " | grep "$emailaddr" | cut -d " " -f 1`
do
echo $id
postsuper -d $id
done


add comment ( 727 views )   |  permalink   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 306 )
Detect and block abuse of (cracked) e-mail account 
Friday, 28 February 2014, 10:45 - Postfix Stuff, Mail stuff
Posted by Administrator
To avoid bad things(TM) caused by a cracked e-mail account on our postfix mailserver, I used the script Check Auth Log to detect abnormal high numbers of logins or logins from many different IP addresses within a certain time onto a certain account. Then the script will lock out the account. This, together with per-session limits within postfix configuration (smtpd_client_message_rate_limit, smtpd_client_recipient_rate_limit), should help to avoid or at least mitigate the damage caused by cracked accounts, i.e. SMTP server being blacklisted.

add comment ( 710 views )   |  permalink   |  related link   |  $star_image$star_image$star_image$star_image$star_image ( 3 / 1011 )

<<First <Back | 1 | 2 | 3 | 4 | 5 | 6 | 7 | Next> Last>>