Sending Email (TLS) using Command Line

There are times when we need to check whether we can send email using specific mail server from command line. In this example, we are going to send email using a mail server on secure connection (port 465 or 587). The text in bold is the one we need type. We need to change the one with underline on it.

To use SSL/TLS on port 465:

$ openssl s_client -crlf -quiet -connect smtp.server.com:465

To use STARTTLS on port 587:

$ openssl s_client -crlf -quiet -starttls smtp -connect smtp.server.com:587

depth=2 C = US, O = “VeriSign, Inc.”, OU = VeriSign Trust Network, OU = “(c) 2006 VeriSign, Inc. – For authorized use only”, CN = VeriSign Class 3 Public Primary Certification Authority – G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA – G4
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = “smtp.com, Inc.”, CN = smtp.server.com
verify return:1
220 smtp.server.com ESMTP EmailService-1737464811 q9foEapZyGpqLYwMbkii
EHLO domain-name.com
250-email-smtp-server.com
250-8BITMIME
250-SIZE 10485760
250-AUTH PLAIN LOGIN
250 Ok
AUTH LOGIN
334 VXNlcm5hbWU6
YourBase64UsernameHere
334 UGFzc3dvcmQ6
YourBase64PasswordHere
235 Authentication successful.
MAIL FROM:sender@email.com
250 Ok
RCPT TO:recipient@email.com
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Testing Email

This email was sent using command line.
.
250 Ok 01000158d8d607b6-c9ec22ef-4ca3-4e03-9fac-b1340d485950-000000
quit
221 Bye

 

To convert text to base64 for username and password, you can use the following command:

$ echo -n ‘YourTextHere‘ | base64

Let’s Encrypt on EC2

You can get free and valid SSL certificate from Let’s Encrypt. In this article, I will go through the steps to install Let’s Encrypt SSL certificate on Apache running on Amazon Linux.

Things you should know about Let’s Encrypt:
1. Let’s Encrypt’s certificates last for 90 days old.
2. Let’s Encrypt does not offer wild-card certificates.

Requirements:
1. An email address.
2. The domain pointing to a directory on the server, that’s accessible on the Internet. Let’s Encrypt servers will access a file on http://yourwebsite.com/some_secret_file_name to validate that you own the domain.

Installation steps:

1. Install some requirements for the following steps.

yum install python27-devel git

2. Clone the letsencrypt repository and run the installer.

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
/opt/letsencrypt/letsencrypt-auto –debug

3. Create a config file that will be used for new certificates and renewals. It contains the private key size and your email address.

echo “rsa-key-size = 4096” >> /etc/letsencrypt/config.ini
echo “email = email@example.com” >> /etc/letsencrypt/config.ini

4. Request a certificate for your domain and it’s www subdomain. You must also specify the root directory of the domain.

/opt/letsencrypt/letsencrypt-auto certonly –webroot -w /var/www/yourdomainroot -d yourdomain.com -d http://www.yourdomain.com –config /etc/letsencrypt/config.ini –agree-tos

5. Remove the directory that was used for validation. This step is optional.

rmdir /var/www/yourdomainroot/.well-known

6. The certificates are located at /etc/letsencrypt/live/ and the last thing is to update your webserver’s configuration. For apache it will look like this:

Listen 443
<VirtualHost *:443>
ServerName yourdomain.com
DocumentRoot “/var/www/yourdomainroot”
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”
</VirtualHost>

7. Be sure to add the renew command in a crontab. Refresing your webserver command should also be here.

/opt/letsencrypt/letsencrypt-auto renew –config /etc/letsencrypt/config.ini –agree-tos && apachectl graceful

 

This article is taken and modified from:
https://ivopetkov.com/b/let-s-encrypt-on-ec2/

SSH Tunneling

You can tunnel all of the traffic from your local box to a remote box that you have an account on using SSH. This is very useful to get around firewall restrictions.

ssh -g -f username@localmachine -i privatekey.pem -p 2222 -L 12345:remotemachine:56789 -N

The -g tells ssh to allow remote hosts to connect to local forwarded ports. The -f tells ssh to go into the background just before it executes the command. This is followed by the username and local machine you are logging into. If you use SSH key-based authentication to connect to your local box, use -i option to specify the private key. The -p option is used if your SSH is not running on port 22, so you need to specify it here. The -L 12345:remotemachine:56789 is in the form of -L local-port:host:remote-port. Finally the -N instructs OpenSSH to not execute a command on the remote system.

This essentially forwards the localmachine port 12345 to port 56789 on remotemachine over, with nice benefit of being encrypted. You can then simply connect to localmachine:12345 when you want to connect to remotemachine at port 56789.

Reference:
http://www.revsys.com/writings/quicktips/ssh-tunnel.html

Redirecting Uppercase to Lowercase in Apache

This should go at the very top of your .htaccess file. At least it should go above ANY other RewriteRules. That is because this uses a loop, until there are no more uppercase characters to convert, it will keep starting at the first HASCAPS:TRUE RewriteRule. Oh, and this is actually really quick and isn’t gonna slow down anything.

RewriteEngine On
RewriteBase /

# If there are caps, set HASCAPS to true and skip next rule
RewriteRule [A-Z] – [E=HASCAPS:TRUE,S=1]

# Skip this entire section if no uppercase letters in requested URL
RewriteRule ![A-Z] – [S=28]

# Replace single occurance of CAP with cap, then process next Rule.
RewriteRule ^([^A]*)A(.*)$ $1a$2
RewriteRule ^([^B]*)B(.*)$ $1b$2
RewriteRule ^([^C]*)C(.*)$ $1c$2
RewriteRule ^([^D]*)D(.*)$ $1d$2
RewriteRule ^([^E]*)E(.*)$ $1e$2
RewriteRule ^([^F]*)F(.*)$ $1f$2
RewriteRule ^([^G]*)G(.*)$ $1g$2
RewriteRule ^([^H]*)H(.*)$ $1h$2
RewriteRule ^([^I]*)I(.*)$ $1i$2
RewriteRule ^([^J]*)J(.*)$ $1j$2
RewriteRule ^([^K]*)K(.*)$ $1k$2
RewriteRule ^([^L]*)L(.*)$ $1l$2
RewriteRule ^([^M]*)M(.*)$ $1m$2
RewriteRule ^([^N]*)N(.*)$ $1n$2
RewriteRule ^([^O]*)O(.*)$ $1o$2
RewriteRule ^([^P]*)P(.*)$ $1p$2
RewriteRule ^([^Q]*)Q(.*)$ $1q$2
RewriteRule ^([^R]*)R(.*)$ $1r$2
RewriteRule ^([^S]*)S(.*)$ $1s$2
RewriteRule ^([^T]*)T(.*)$ $1t$2
RewriteRule ^([^U]*)U(.*)$ $1u$2
RewriteRule ^([^V]*)V(.*)$ $1v$2
RewriteRule ^([^W]*)W(.*)$ $1w$2
RewriteRule ^([^X]*)X(.*)$ $1x$2
RewriteRule ^([^Y]*)Y(.*)$ $1y$2
RewriteRule ^([^Z]*)Z(.*)$ $1z$2

# If there are any uppercase letters, restart at very first RewriteRule in file.
RewriteRule [A-Z] – [N]

RewriteCond %{ENV:HASCAPS} TRUE
RewriteRule ^/?(.*) /mb2/$1 [R=301,L]

Reference:
http://www.askapache.com/htaccess/rewrite-uppercase-lowercase.html

How do I assign a static hostname to a private Amazon EC2 instance running RHEL 7 or Centos 7?

Amazon EC2 instance hostnames are derived from the IP address that is dynamically assigned to the instance at startup. Although you can change the hostname of a private instance of EC2 Linux by using the hostname command, if you reboot or stop/start the instance it will revert to using a hostname derived from the IP address assigned to the instance

For a hostname to be static on RHEL 7 or CentOS 7, you have to perform the below steps.

  1. Edit /etc/hostname and replace the value with the hostname that you want.
  2. Update /etc/hosts file. Change the entry beginning with 127.0.0.1 to include your hostname
  3. Edit /etc/sysconfig/network and append HOSTNAME=xxxxxxx with your hostname
  4. Edit /etc/cloud/cloud.cfg and append the following line at the end of the file without the quotes: “preserve_hostname: true”
  5. Change hostname using hostnamectl command

Your hostname change will be persistent across reboots now.

For more information:
https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname-rhel7-centos7/

How to Set CloudFlare into Development Mode

Development Mode temporarily allows you to enter development mode for your websites if you need to make changes to your site. This will bypass CloudFlare’s accelerated cache and slow down your site, but is useful if you are making changes to cacheable content (like images, css, or JavaScript) and would like to see those changes right away. Once entered, development mode will last for 3 hours and then automatically toggle off.

Run the following command to set CloudFlare into Development Mode (disabling cache) for the next 3 hours:

curl -X PATCH “https://api.cloudflare.com/client/v4/zones/yourzoneid/settings/development_mode” \
-H “X-Auth-Email: your@email.com” \
-H “X-Auth-Key: yourglobalapikey” \
-H “Content-Type: application/json” \
–data ‘{“value”:”on”}’

where:
yourzoneid is your CloudFlare’s zone ID
your@email.com is the email address used to login to CloudFlare
yourglobalapikey is your CloudFlare’s Global API key

You should see the response similar to the following:

{“result”:{“id”:”development_mode”,”value”:”on”,”modified_on”:”2016-07-29T03:12:44.569389Z”,”time_remaining”:10800,”editable”:true},”success”:true,”errors”:[],”messages”:[]}

P.S.
To find out your CloudFlare’s Zone ID, please see my previous post here.

Reference:
https://api.cloudflare.com/#zone-settings-change-development-mode-setting