Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've been doing a few experiments with smtp. I have postfix setup with auth plain. I've always wanted to see if ssl was really needed so I setup tcpdump to sniff the traffic. I sent an email on my iphone which uses my postfix smtp server. Then in the dump I could see my base64 string which decodes to usernamepassword. Ok so I decided that I really need to turn on ssl.
So I recompile postfix with TLS and put in a self signed cert. I then fire up postfix again (with smtpd_tls_auth_only=yes) and then send another email on my iphone(after i configure my phone to use ssl for smtp) while running tcpdump. I then take a look at the dump. I'm assuming it uses auth plain still. I can see the EHLO host then the greeting the my phone choosing STARTTLS command in the dump being executed. Anyhow, the base64 string cannot be found, which is great, just what I want. However, the email, including the data, is all in plaintext. I just want to make sure that I'm not doing anything wrong. So smtp over ssl only hides the authentication part, but the actual email message is sent via plaintext? Or is it because I ran tcpdump from my server on port 25 and the data gets unencrypted on that port when starttls is run? In any case I never saw the auth plain server command or the base64 string.
I see that smtpd_enforce_tls = yes is not really necessary since it's deprecated (Postfix 2.3 or later). Anyhow, I added it in.
From what I've read these commands only accept mail if TLS is turned on. There's no mention about it encrypting the whole message unless that's the default which would make sense. Anyhow I can still see the email body in plaintext in my dump.
I running this command for the sniff
Code:
tcpdump -vv -x -X -s 1500 'port 25' > dump.log
Or is it simply because I'm sniffing on the mail server where it gets unencrypted.
At what point does the email get unencrypted?
I'm going to test it out and sniff on my gateway instead.
Here's the log from /var/log/maillog withsmtp_tls_loglevel = 2 in the main.cf
Code:
Mar 20 12:51:59 hostname postfix/postfix-script[32714]: refreshing the Postfix mail system
Mar 20 12:51:59 hostname postfix/master[32673]: reload -- version 2.6.1, configuration /etc/postfix
Mar 20 12:51:59 hostname postfix/anvil[32694]: statistics: max connection rate 1/60s for (smtp:domain) at Mar 20 12:48:59
Mar 20 12:51:59 hostname postfix/anvil[32694]: statistics: max connection count 1 for (smtp:domain) at Mar 20 12:48:59
Mar 20 12:51:59 hostname postfix/anvil[32694]: statistics: max cache size 1 at Mar 20 12:48:59
Mar 20 12:58:59 hostname postfix/smtpd[323]: warning: dict_nis_init: NIS domain name not set - NIS lookups disabled
Mar 20 12:58:59 hostname postfix/smtpd[323]: connect from unknown[domain]
Mar 20 12:58:59 hostname postfix/smtpd[323]: setting up TLS connection from unknown[domain]
Mar 20 12:59:00 hostname postfix/smtpd[323]: Anonymous TLS connection established from unknown[domain]: TLSv1 with cipher AES128-SHA (128/128 bits)
Mar 20 12:59:00 hostname postfix/smtpd[323]: 5B8ABC0002: client=unknown[domain], sasl_method=PLAIN, sasl_username=user
Mar 20 12:59:00 hostname postfix/cleanup[328]: 5B8ABC0002: message-id=<47A498DA-2D24-47CA-B5A7-F00EF50276FC@domain.net>
Mar 20 12:59:00 hostname postfix/qmgr[32720]: 5B8ABC0002: from=<user@domain.net>, size=571, nrcpt=1 (queue active)
Mar 20 12:59:00 hostname postfix/smtp[329]: 5B8ABC0002: to=<thartanian@domain.com>, relay=mail.domain.net[domain]:25, delay=0.36, delays=0.1/0/0.14/0.11, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as A0F22F0067)
Mar 20 12:59:00 hostname postfix/qmgr[32720]: 5B8ABC0002: removed
Mar 20 13:00:00 hostname postfix/smtpd[323]: disconnect from unknown[domain]
Ah I see why. I'm using a relayhost which does not have TLS, that's what I'm seeing in the dump. That makes sense now. I'll just setup the relay host to use tls. OK great. Thanks guys.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.