I am developing an interface which sends an encrypted email to a partner. The partner would like the attachment only to be encrypted, with a clear-text body.
Currently, the send port encrypts both body and attachment. I did not find anything, be a property or a configuration, that would allow that.
Anybody know if this is possible in a BizTalk SMTP Send port?
Related
I am working on the wireshark project for school. And need to analyze POP3 packets over the network. I have tried capturing traffic over the network and have sent the mail from my phone to my pc using gmail. All protocols are enabled in the Wwireshark. But when filtering through the packets there wasn't POP or SMTP or IMAP packets to be shown, but I do not know why. Then I have tried using Thunderbird and hMailServer to capture the traffic, but I can not manage them to work together, since thunderbird doesn't allow me to create mail account from the hMailServer.
What I want to ask is for advice how to capture POP3 over the network, does it need special configuration when capturing for Gmail and Hotmail accounts. Or something else.
Some background for you to understand the process. Whenever anyone (including yourself) sends mail to your mail address, it's delivered to Gmail server and rests there. You have number of options to access it:
View mail on server web interface by opening "mail.google.com" in your browser. Browser uses HTTP (actually HTTPS) to get site content as it usually do with other sites. The fact, that site represents server's state doesn't mean "receiving mail" neither it uses POP/IMAP/anything else.
Download email to your PC via mail client such as Thunderbird. It requires proper configuration to point client at server address/port/protocol/credentials/etc. Protocol used for downloading is the part of configuration, you're free to use POP whenever server supports it.
So all you need is to configure your Thunderbird to download mails from Gmail via desired protocol and enjoy capturing. Instructions for POP mail clients from Gmail perspective.
I have a virtual CentOS machine, and I need to configure sendmail for integration testing. I need sendmail to accept all e-mail from anywhere, and not do any user validation. I just need it to accept all incoming valid e-mails and not complain nor reject for any reason. And sendmail should not forward the mail to anywhere else.
All of the setup documentation I have read pertains to making a "working" server as opposed to a "dummy" or "stub" server.
How can I configure this?
Thanks
Sendmail configuration for software testing environment
Choose your mix of the fixes below:
sendmail.mc : To redirect all outgoing message to local mailbox of user1
define(`SMART_HOST',`local:user1')dnl
sendmail.mc : To redirect messages to all addresses in local email domains (normally delivered to local mailboxes) to mailbox of `user1'
define(`MAIL_HUB',`local:user1')dnl
access file : To allow relaying (accepting message to non local email addresses) from specific IP addresses:
# relay from 192.168.0.1
connect:192.168.0.1 RELAY
# relay from 192.168.1.0/24
connect:192.168.1 RELAY
# relay from 172.32.0.0/16
connect:172.32 RELAY
Releasing more test do not make sense in most testing environments
(e.g. no checks existence of envelope sender domain)
sendmail.mc must be compiled into sendmail.cf
access file must be compiles usually into access.db file
More goodies possible:
* storing ALL envelope recipients in message headers (message to multiple recipients not mentioned in email headers)
I am about to setup SmarterMail v9.0 on our Windows 2008 server (IIS7) and would first like to know what some security considerations are when opening up port 25 and/or 587 - ie how to prevent relaying, etc.
Thank you.
You must not accept email from untrusted users/sources which is not bound for domains you control.
An open relay is a mail server which allows anyone on the Internet to email anyone else, without verifying that either the source or the destination is known - thus, a relay.
You can check that the source is known by looking for a trusted IP subnet, or by requiring authentication before mail can be sent (via LOGIN over TLS, GSSAPI [called "Integrated Windows Authentication" or whatever], X.509 client certs, or the like).
You can check that the destination is known by comparing it to the list of domains for which your mail server will be the "last stop" (or a relay to another domain you control).
Either a known source or a known destination should be sufficient, but you may also want to make sure that mail inbound for your domains is at least borderline valid (originates from a domain with an MX server, for instance).
Separately, you must be conscious of DoS issues (rate limit inbound mail), and the ability to use your server to send backscatter spam. Backscatter is when I connect to your mail server and say, "why yes, I am unsuspecting_target#not_my_domain.com, please queue up this message for not_an_address#yourdomain.com". Then your mail server delivers a "bounce" message to the unsuspecting target. To mitigate this, you can verify that the recipient is known before accepting mail, or limit the rate at which mail can be accepted from one host, or try to check that the host delivering a message is authorized to use that envelope sender.
These are all well-solved problems.
does anyone know of a module thats available for asp.net that uses a queue to send email to an smtp server?
the queue being the operative word here.. we need a proper fallback mechanism for storing any messages that can't be sent so that the send can be re-attempted later
thanks
You can submit your messages to an IIS SMTP relay server via the Pickup Folder. This is the cheapest, and probably best, outgoing mail queue for ASP.NET.
Otherwise, you'll just need to connect to your SMTP relay server and configure its queue in whatever manner meets your business needs.
I want to use Postfix to accept incoming emails and have it send them to an external Python script which parse them and add them to a database.
I read that this could be done via a Policy file.
My first question is what should the policy file return to have Postfix delete the email from the queue with a success message to the sender.
My second question is can I use the Policy file to validate the SMTP authentication that was sent by the client? If not, is there any way of having it use an external script to validate the login?
Thanks!
Christian
If you need SMTP authentication anyway and just want a script to act as MDA, I think you can do it simply by
setting mailbox_command = /path/to/my/script in /etc/postfix/main.cf and configuring an authentication scheme. If you have dovecot running, too, I can recommend having postfix authenticate via dovecot, which is very configurable when it comes to SASL authentication.
Update
Since you will be having plaintext passwords going over the wire (assuming this service is reachable from the network), I recommend permitting authentication only over an encrypted line. The configuration I'm going to show will still accept mails for which the server is the destination without authentication. As far as I know, that behaviour is mandated by an RFC for SMTP servers which are reachable from the internet.
Announce SASL authentication only over encrypted connections
smtpd_tls_auth_only=yes
Don't require everyone to talk to you over an encrypted channel
smtpd_tls_security_level=may
SASL boilerplate
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_local_domain = $mydomain
For whom to accept mail. This is worked left to right, until a permitting or denying rule is encountered. Fallback behaviour would be to permit.
smtpd_recipient_restrictions = permit_auth_destination, reject_plaintext_session, permit_sasl_authenticated, reject
permit_auth_destination as first rule would make sure that clients may deliver mail to users for which I feel responsible unauthenticated. The clients may choose whether to use TLS or not.
reject_plaintext_session as second rule makes sure that all other rules further down the line can assume an ecrypted channel.
permit_sasl_authenticated is self-explanatory
reject as last rule basically changes the default policy to "deny".
If you don't want to accept mails without SMTP authentication, you may want to drop the first rule of smtpd_recipient_restrictions.
Not shown is the configuration of the SSL certificate and how to tell postfix about it (the latter of which is easy).