Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I've been doing a few experiments with smtp. I have postfix setup with auth plain. I've always wanted to see if ssl was really needed so I setup tcpdump to sniff the traffic. I sent an email on my iphone which uses my postfix smtp server. Then in the dump I could see my base64 string which decodes to usernamepassword. Ok so I decided that I really need to turn on ssl.
So I recompile postfix with TLS and put in a self signed cert. I then fire up postfix again (with smtpd_tls_auth_only=yes) and then send another email on my iphone(after i configure my phone to use ssl for smtp) while running tcpdump. I then take a look at the dump. I'm assuming it uses auth plain still. I can see the EHLO host then the greeting the my phone choosing STARTTLS command in the dump being executed. Anyhow, the base64 string cannot be found, which is great, just what I want. However, the email, including the data, is all in plaintext. I just want to make sure that I'm not doing anything wrong. So smtp over ssl only hides the authentication part, but the actual email message is sent via plaintext? Or is it because I ran tcpdump from my server on port 25 and the data gets unencrypted on that port when starttls is run? In any case I never saw the auth plain server command or the base64 string.
I see that smtpd_enforce_tls = yes is not really necessary since it's deprecated (Postfix 2.3 or later). Anyhow, I added it in.
From what I've read these commands only accept mail if TLS is turned on. There's no mention about it encrypting the whole message unless that's the default which would make sense. Anyhow I can still see the email body in plaintext in my dump.
I running this command for the sniff
tcpdump -vv -x -X -s 1500 'port 25' > dump.log
Or is it simply because I'm sniffing on the mail server where it gets unencrypted.
At what point does the email get unencrypted?
I'm going to test it out and sniff on my gateway instead.
Here's the log from /var/log/maillog withsmtp_tls_loglevel = 2 in the main.cf
Mar 20 12:51:59 hostname postfix/postfix-script: refreshing the Postfix mail system
Mar 20 12:51:59 hostname postfix/master: reload -- version 2.6.1, configuration /etc/postfix
Mar 20 12:51:59 hostname postfix/anvil: statistics: max connection rate 1/60s for (smtp:domain) at Mar 20 12:48:59
Mar 20 12:51:59 hostname postfix/anvil: statistics: max connection count 1 for (smtp:domain) at Mar 20 12:48:59
Mar 20 12:51:59 hostname postfix/anvil: statistics: max cache size 1 at Mar 20 12:48:59
Mar 20 12:58:59 hostname postfix/smtpd: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Mar 20 12:58:59 hostname postfix/smtpd: connect from unknown[domain]
Mar 20 12:58:59 hostname postfix/smtpd: setting up TLS connection from unknown[domain]
Mar 20 12:59:00 hostname postfix/smtpd: Anonymous TLS connection established from unknown[domain]: TLSv1 with cipher AES128-SHA (128/128 bits)
Mar 20 12:59:00 hostname postfix/smtpd: 5B8ABC0002: client=unknown[domain], sasl_method=PLAIN, sasl_username=user
Mar 20 12:59:00 hostname postfix/cleanup: 5B8ABC0002: message-id=<47A498DA-2D24-47CA-B5A7-F00EF50276FC@domain.net>
Mar 20 12:59:00 hostname postfix/qmgr: 5B8ABC0002: from=<email@example.com>, size=571, nrcpt=1 (queue active)
Mar 20 12:59:00 hostname postfix/smtp: 5B8ABC0002: to=<firstname.lastname@example.org>, relay=mail.domain.net[domain]:25, delay=0.36, delays=0.1/0/0.14/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A0F22F0067)
Mar 20 12:59:00 hostname postfix/qmgr: 5B8ABC0002: removed
Mar 20 13:00:00 hostname postfix/smtpd: disconnect from unknown[domain]