I am working on the wireshark project for school. And need to analyze POP3 packets over the network. I have tried capturing traffic over the network and have sent the mail from my phone to my pc using gmail. All protocols are enabled in the Wwireshark. But when filtering through the packets there wasn't POP or SMTP or IMAP packets to be shown, but I do not know why. Then I have tried using Thunderbird and hMailServer to capture the traffic, but I can not manage them to work together, since thunderbird doesn't allow me to create mail account from the hMailServer.
What I want to ask is for advice how to capture POP3 over the network, does it need special configuration when capturing for Gmail and Hotmail accounts. Or something else.
Some background for you to understand the process. Whenever anyone (including yourself) sends mail to your mail address, it's delivered to Gmail server and rests there. You have number of options to access it:
View mail on server web interface by opening "mail.google.com" in your browser. Browser uses HTTP (actually HTTPS) to get site content as it usually do with other sites. The fact, that site represents server's state doesn't mean "receiving mail" neither it uses POP/IMAP/anything else.
Download email to your PC via mail client such as Thunderbird. It requires proper configuration to point client at server address/port/protocol/credentials/etc. Protocol used for downloading is the part of configuration, you're free to use POP whenever server supports it.
So all you need is to configure your Thunderbird to download mails from Gmail via desired protocol and enjoy capturing. Instructions for POP mail clients from Gmail perspective.
Related
Based on my understanding, there are some tools that can send a request from an IP address and make the request appear to servers like from another IP address, including from localhost.
Now I have a server with a specific API that only allows requests from localhost but has some other APIs that allow requests from the internet.
The only way I can think of is to set the firewall so that any incoming packet will be blocked if the destination contains the "localhost only" API name. However this forces me to design my server in such a way that no other APIs has a substring name of the "localhost only" API. This means the "localhost only" API cannot have a short name and can be a risk if I forget this fact and/or the code is maintained by other people in the future.
Ideally, I want to distinguish whether a request truly comes from localhost at application layer and if not so block further processing of the API.
What I want to know is whether this is possible or not, in terms of networking.
I had Fiddler open recently with no filters on, and I was running a program from my command prompt that communicates with a server (it's a simple in-house proprietary program).
Interestingly, Fiddler was not picking up this communication, which is mostly made up of REST API calls. I did some research and found this quote, from here
With regard to why you're not seeing this traffic in Fiddler--
assuming you don't have any filters set, this suggests that whatever
mechanism you're using to send the HTTP request isn't adopting the
system's proxy settings. This means, for instance, that your code
would fail if run on a corporate computer that requires a proxy server
to reach the Internet.
However, I'm wondering why this would be the case. As far as I understand, my computer still needs to send data from my network card to the proxy server's network card. The traffic isn't bypassing my network card - it simply carries a different address. Why isn't Fiddler able to see this?
The reason is that Fiddler works not by sniffing your network card but by installing itself as the system proxy. If you click start and type "Internet Options" and choose the tab "Connections" and the button "LAN Settings" you'll see that localhost:8888 is your system proxy. Now, most well-behaved clients (e.g. IE and Chromer) respect and use the system proxy but some don't. In particular Java programs have their own ideas about which proxy they will use and you would have to set that separately. For other programs which are just hard-coded to make their own direct HTTP request you cannot AFAIK monitor them with Fiddler.
I am a front-end developer so the server stuff goes a bit over my head. Please excuse me if the question is dumb.
I am hosting a wordpress site on our server with contact form 7, but we only have a A-records for www pointing to our site. The email management for said domain is held by a third party.
How is contact form sending the emails to the admins? It is using our hosts SMTP service? I am asking because I am getting the emails on gmail, but the client is not receiving them on his service.
Thank you!
When your server is sending email without you configuring anything, the most likely cause is that it is using the server itself. For that, it does not need to "know" any DNS entries, as it just connects to localhost, which always points to the server itself.
When you receive the mail, and your client is not, this is most likely the result of a spam filter. Have you asked your client to check the spam folder?
The problem of - mainly - shared hosting servers is that they tend to end up on spam lists like that of spamhaus.org etc. which greatly enhances your risk to end up in the spam folder. If you control the server, you could request deblocking or even whitelisting your server, but before you do that, you should be certain that your server is not inadvertedly relaying mail because of a misconfiguation, vulnerability, or outright being hacked. Your applications or the server itself could be configured to use an external smtp server, but that's not something that's easily explained here. Maybe try on serverfault.com?
I have configured postfix over SSL and dovecot over SSL and it work fine if I send local relay , and it delivers to mailboxes within my domain name MX record point mail server.
mysysopmnds.com MX 10 mail.mysysopminds.com
However if I send an email to another domain , it bounces... and one of the error in the log is , as below
Jan 10 19:34:56 mail postfix/smtp[5334]: 37FADC28BB: to=, relay=none, delay=34, delays=34/0/0.01/0, dsn=5.4.6, status=bounced (mail for murugeshdomain.com loops back to myself)
what are key configuration that I should check or take care of to send email to other domains or any domains
TIA
hariharan
The is a good chance your internet serivice provider (ISP) is blocking out port 25 for outgoing email. I can tell you, mine is. This is also when i got the bounce message.
You can confirm this problem by typing:
telnet aspmx.l.google.com 25
If it does not generate Connected to aspmx.l.google.com but a timeout after half a minute or so than your ISP is blocking your outgoing traffic on port 25.
If this is the case you can solve it by redirecting your outgoing mail through for example a google mail account. You could use this link as guide to set the up the redirection.
It looks like this domain (murugeshdomain.com) has no MX record. For sending mails to another domain just take look in that domain has MX record. To check whether that domain has MX record dig MX domainname(in the case of linux command)
I am about to setup SmarterMail v9.0 on our Windows 2008 server (IIS7) and would first like to know what some security considerations are when opening up port 25 and/or 587 - ie how to prevent relaying, etc.
Thank you.
You must not accept email from untrusted users/sources which is not bound for domains you control.
An open relay is a mail server which allows anyone on the Internet to email anyone else, without verifying that either the source or the destination is known - thus, a relay.
You can check that the source is known by looking for a trusted IP subnet, or by requiring authentication before mail can be sent (via LOGIN over TLS, GSSAPI [called "Integrated Windows Authentication" or whatever], X.509 client certs, or the like).
You can check that the destination is known by comparing it to the list of domains for which your mail server will be the "last stop" (or a relay to another domain you control).
Either a known source or a known destination should be sufficient, but you may also want to make sure that mail inbound for your domains is at least borderline valid (originates from a domain with an MX server, for instance).
Separately, you must be conscious of DoS issues (rate limit inbound mail), and the ability to use your server to send backscatter spam. Backscatter is when I connect to your mail server and say, "why yes, I am unsuspecting_target#not_my_domain.com, please queue up this message for not_an_address#yourdomain.com". Then your mail server delivers a "bounce" message to the unsuspecting target. To mitigate this, you can verify that the recipient is known before accepting mail, or limit the rate at which mail can be accepted from one host, or try to check that the host delivering a message is authorized to use that envelope sender.
These are all well-solved problems.