LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-12-2010, 11:54 AM   #1
nelson202tx
LQ Newbie
 
Registered: Mar 2009
Location: Texas
Posts: 8

Rep: Reputation: 0
Command line e-mail and NOT sending out malware



Just got a refurbished box ./c Mint 9 pre-installed and when I typed in
-- mail -- the answer was : you must install -- heirloom-mailx -- or
-- mailutils --. The system said "no such command" for mailutils so I am
left ./c heirloom... which I may install.
My computer savvy is of random fragments of information so I don't know where I got the idea that since the command line e-mail is straight text, it CANNOT transmit viruses and/or other kinds of secret embedded malware as does HTML in the popular browsers.
1. Is it true that CLI e-mail is safer than browser e-mail ?
2, If it is not safer than browser e-mail, or has some other kind of
vulnerability, could someone suggest which distro of --live CD--
would allow CLI e-mail to work through the AT&T DSL service ?
3. On another machine, I tried CLI e-mail ./c an old Knoppix CD but
answer was --...cannot find the server.-- so maybe AT&T is going to
be a problem.
Thanks for reading my post.
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 10-12-2010, 01:08 PM   #2
amarand
LQ Newbie
 
Registered: Oct 2010
Location: Galloway, Ohio, USA
Distribution: CentOS
Posts: 19

Rep: Reputation: 7
Lightbulb Mail Safety

Quote:
Originally Posted by nelson202tx View Post
1. Is it true that CLI e-mail is safer than browser e-mail ?
CLI e-mail can be much safer than browsing with webmail which is then more safer than, say, Microsoft Outlook. Outlook is generally - and relatively - the least safe method of mail reception is due to the scripting available behind the scenes, ActiveX controls and the number of bugs/exploits which are available. Webmail is usually safer, but depends on the browser and its version. If someone sends you an unsafe link, and you're using an older version of Internet Explorer, you'll have a much greater exposure/risk than if you're using a newer version of IE with anti-phishing, link scanning, etc. As this is a Linux forum, I have to say that I subscribe to the "more eyes = better/more secure code," so in an apples-to-apples comparison, Firefox is going to be generally more secure/safe than IE when using webmail. IE has had a history of similar exploits/holes as with Outlook, just not the same program. They all work with a similar set of backend (Windows) libraries, so are - in some situations - are open to the same problems. Firefox is built and rebuilt from the ground up, with lots of eyes reviewing the code. Bugs - particularly security issues - are fixed quickly, and people are nudged along to upgrade frequently. So fewer bugs, being fixed more quickly, with those fixes being pushed to center-of-mass rapidly...that means more safety in general.

Having said all that, the nice thing about CLI (I use Alpine, Pine, mailx, mail and Mutt for different reasons, on different systems) mail clients is that you can't easily display a picture, follow a link, execute a program/script without being cognizant/aware of what you're doing. If someone e-mails you a picture, you have to download it and view it in a separate viewer. Because you are downloading the file, you can see the extension, and make an informed decision if it's the right thing to do or not. JPG and GIF are generally okay, but sometimes there are malicious files that are named like pictures, but have SCR or EXE endings. If you don't know that running an SCR or EXE is a bad thing, and you don't have good anti-malware and anti-virus programs, the main question you are asking is not the worst of your problems.

I regularly send and receive e-mail, generally through Alpine, and when the random spam message gets through my various filters, greylists and Spamassassin, I sometimes see the hidden evil: links that are named one thing (www.happy.com) which actually go to other places (www.evilplace.com). In the wrong web-browser, you may click a link that shows up as happy.com (yay!) but actually be send to evilplace.com and never even know it. Scary stuff. With text-based mail, you generally see these discrepancies and can decide. I usually cut-and-paste links that I want to visit anyway, which means I can back-off the deep links (which sometimes give away personally identifiable information) and go straight to the main page, when checking out the validity of a site. Nothing like using a spammer's link, only to find out you've just shown them that the e-mail address is valid, and you're responding to a link! Spam-City.

Keep in mind that you can receive MIME-encoded malware, phishing links and other badness, even when using CLI mail clients - and you can send that garbage too. It's just that - generally - a GUI is designed to hide what's under the hood, whereas that is where you can compromise your safety.

Quote:
Originally Posted by nelson202tx View Post
2, If it is not safer than browser e-mail, or has some other kind of
vulnerability, could someone suggest which distro of --live CD--
would allow CLI e-mail to work through the AT&T DSL service ?
As mentioned in the previous answer, CLI is generally safer than webmail, which is generally safer than a Big Name commercial mail client like Outlook. Any of the standard Live CD distributions should have CLI mail clients included. I know that Alpine/Pine had a licensing issue, so I believe that's not shipped with any GPL distribution by default, but you can download it and merge it with your Live CD of choice, if you wanted to. I think mail, mailx, mutt and several other programs are available by default, I just don't boot off of Live CD enough. Ubuntu Live CD has a lot of great stuff built-in, so you may want to start there. As always, make sure you get the full version of the Live CD of whichever distribution, as sometimes there are more limited editions (say, to be burned to smaller media like CD, USB or floppy), and then the fuller editions with all the bells-and-whistles release on a DVD.

Quote:
Originally Posted by nelson202tx View Post
3. On another machine, I tried CLI e-mail ./c an old Knoppix CD but
answer was --...cannot find the server.-- so maybe AT&T is going to
be a problem.
When sending e-mail from your home, through your ISP, you sometimes need to authenticate with your ISP's SMTP server. A good test is to try telnetting to your ISP's SMTP server, and see if you can send a message manually:

http://thedaneshproject.com/posts/se...-using-telnet/

If you can send mail using that method, using the IP address (or hostname if you have DNS enabled/configured on your Live CD or through DHCP) of the AT&T SMTP mail server, then your mail client should be able to as well. Your ISP should allow your Linux machine to send e-mail through their SMTP server as a proxy, but if you are trying to send mail using your own SMTP server directly to the external world using port 25, you may find that your ISP has a proxy, which blocks and/or redirects all residential customers' SMTP traffic. In that case, your only two options are A) use their SMTP server to send and receive mail, B) use a service like MailHop by DynDNS, or C) upgrade to a business-class Internet service which allows port 25 (SMTP) inbound and outbound.

Sorry for the huge reply, but security can be a very gray area, and it's best to explain. Hope this helps!
 
2 members found this post helpful.
Old 10-16-2010, 03:36 AM   #3
nelson202tx
LQ Newbie
 
Registered: Mar 2009
Location: Texas
Posts: 8

Original Poster
Rep: Reputation: 0
Command line e-mail and NOT sending out malware

Thank you for the reply. I am encouraged by the information. I went ahead and installed heirloom-mailx and it seemed to work OK till I clicked the --send-- button. Then it said there is no /usr/bin/mailx file. This is getting more complicated than I anticipated. I will try to follow up on your other suggestions. I much appreciate the thoroughness of your reply. That looked like a lot of work. If I have to write a script file to get this going I just may be
at a roadblock. Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sending mail from command line Geert86 Linux - Server 10 11-30-2009 01:04 PM
Sendmail (mailserver) -- sending mail with the mail command -- doesn't work :-( carolinevdh Linux - Server 1 08-13-2009 10:43 PM
Debian etch - Unable to send mail from command line or from php mail command lqforumuser Linux - Newbie 1 03-01-2009 07:56 AM
Sending mail from command line matiasquestions Linux - Software 5 01-22-2006 12:51 PM
sending mail from command line won't work disorderly Linux - General 2 06-09-2005 12:29 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration