Sending Email (TLS) using Command Line

There are times when we need to check whether we can send email using specific mail server from command line. In this example, we are going to send email using a mail server on secure connection (port 465 or 587). The text in bold is the one we need type. We need to change the one with underline on it.

To use SSL/TLS on port 465:

$ openssl s_client -crlf -quiet -connect smtp.server.com:465

To use STARTTLS on port 587:

$ openssl s_client -crlf -quiet -starttls smtp -connect smtp.server.com:587

depth=2 C = US, O = “VeriSign, Inc.”, OU = VeriSign Trust Network, OU = “(c) 2006 VeriSign, Inc. – For authorized use only”, CN = VeriSign Class 3 Public Primary Certification Authority – G5
verify return:1
depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA – G4
verify return:1
depth=0 C = US, ST = Washington, L = Seattle, O = “smtp.com, Inc.”, CN = smtp.server.com
verify return:1
220 smtp.server.com ESMTP EmailService-1737464811 q9foEapZyGpqLYwMbkii
EHLO domain-name.com
250-email-smtp-server.com
250-8BITMIME
250-SIZE 10485760
250-AUTH PLAIN LOGIN
250 Ok
AUTH LOGIN
334 VXNlcm5hbWU6
YourBase64UsernameHere
334 UGFzc3dvcmQ6
YourBase64PasswordHere
235 Authentication successful.
MAIL FROM:sender@email.com
250 Ok
RCPT TO:recipient@email.com
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
Subject: Testing Email

This email was sent using command line.
.
250 Ok 01000158d8d607b6-c9ec22ef-4ca3-4e03-9fac-b1340d485950-000000
quit
221 Bye

 

To convert text to base64 for username and password, you can use the following command:

$ echo -n ‘YourTextHere‘ | base64

Advertisements

Let’s Encrypt on EC2

You can get free and valid SSL certificate from Let’s Encrypt. In this article, I will go through the steps to install Let’s Encrypt SSL certificate on Apache running on Amazon Linux.

Things you should know about Let’s Encrypt:
1. Let’s Encrypt’s certificates last for 90 days old.
2. Let’s Encrypt does not offer wild-card certificates.

Requirements:
1. An email address.
2. The domain pointing to a directory on the server, that’s accessible on the Internet. Let’s Encrypt servers will access a file on http://yourwebsite.com/some_secret_file_name to validate that you own the domain.

Installation steps:

1. Install some requirements for the following steps.

yum install python27-devel git

2. Clone the letsencrypt repository and run the installer.

git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
/opt/letsencrypt/letsencrypt-auto –debug

3. Create a config file that will be used for new certificates and renewals. It contains the private key size and your email address.

echo “rsa-key-size = 4096” >> /etc/letsencrypt/config.ini
echo “email = email@example.com” >> /etc/letsencrypt/config.ini

4. Request a certificate for your domain and it’s www subdomain. You must also specify the root directory of the domain.

/opt/letsencrypt/letsencrypt-auto certonly –webroot -w /var/www/yourdomainroot -d yourdomain.com -d http://www.yourdomain.com –config /etc/letsencrypt/config.ini –agree-tos

5. Remove the directory that was used for validation. This step is optional.

rmdir /var/www/yourdomainroot/.well-known

6. The certificates are located at /etc/letsencrypt/live/ and the last thing is to update your webserver’s configuration. For apache it will look like this:

Listen 443
<VirtualHost *:443>
ServerName yourdomain.com
DocumentRoot “/var/www/yourdomainroot”
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/yourdomain.com/chain.pem
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”
</VirtualHost>

7. Be sure to add the renew command in a crontab. Refresing your webserver command should also be here.

/opt/letsencrypt/letsencrypt-auto renew –config /etc/letsencrypt/config.ini –agree-tos && apachectl graceful

 

This article is taken and modified from:
https://ivopetkov.com/b/let-s-encrypt-on-ec2/

SSH Tunneling

You can tunnel all of the traffic from your local box to a remote box that you have an account on using SSH. This is very useful to get around firewall restrictions.

ssh -g -f username@localmachine -i privatekey.pem -p 2222 -L 12345:remotemachine:56789 -N

The -g tells ssh to allow remote hosts to connect to local forwarded ports. The -f tells ssh to go into the background just before it executes the command. This is followed by the username and local machine you are logging into. If you use SSH key-based authentication to connect to your local box, use -i option to specify the private key. The -p option is used if your SSH is not running on port 22, so you need to specify it here. The -L 12345:remotemachine:56789 is in the form of -L local-port:host:remote-port. Finally the -N instructs OpenSSH to not execute a command on the remote system.

This essentially forwards the localmachine port 12345 to port 56789 on remotemachine over, with nice benefit of being encrypted. You can then simply connect to localmachine:12345 when you want to connect to remotemachine at port 56789.

Reference:
http://www.revsys.com/writings/quicktips/ssh-tunnel.html

How do I assign a static hostname to a private Amazon EC2 instance running RHEL 7 or Centos 7?

Amazon EC2 instance hostnames are derived from the IP address that is dynamically assigned to the instance at startup. Although you can change the hostname of a private instance of EC2 Linux by using the hostname command, if you reboot or stop/start the instance it will revert to using a hostname derived from the IP address assigned to the instance

For a hostname to be static on RHEL 7 or CentOS 7, you have to perform the below steps.

  1. Edit /etc/hostname and replace the value with the hostname that you want.
  2. Update /etc/hosts file. Change the entry beginning with 127.0.0.1 to include your hostname
  3. Edit /etc/sysconfig/network and append HOSTNAME=xxxxxxx with your hostname
  4. Edit /etc/cloud/cloud.cfg and append the following line at the end of the file without the quotes: “preserve_hostname: true”
  5. Change hostname using hostnamectl command

Your hostname change will be persistent across reboots now.

For more information:
https://aws.amazon.com/premiumsupport/knowledge-center/linux-static-hostname-rhel7-centos7/

Estimating Web Hosting Needs

To have a website on the Internet, the most basic needs you require are disk space and bandwidth.

Disk space is the amount of data you can store on the web server. Obviously, the amount of space needed depends on the size of your website. Most websites are composed of HTML (text), images, Flash, or a combination of all.

Text is very economical, it occupies very little space. Images and flash are more expensive, as they require more disk space.

Ideally, your web page should stay under 50-60KB, including images and flash. This is because there are some people using slow dial-up connections of under 56Kbps. For these people, a 60KB page will take more than 8 seconds to load. 8 seconds seems like a small number, but imagine you have to sit there and stare at a blank white page for 8 seconds. That’s a lot of time. Use the slow dial-up connection as your reference. If your website loads fast using slow dial-up, it will be even faster for broadband, high-speed connection.

If your average page size is 50KB, you can put approximately 20 pages on 1Mb of space. If you have 100MB of disk space, you can host 200 pages.

Bandwidth is the amount of data you are allowed to transfer to and from your web server per month. This includes all uploads and downloads, both HTTP and FTP. Bandwidth depends on your web page size, as well as the number of visitors to your website and the number of pages they visit.

For an average page size of 50KB, 20,000 visitors per month, and 5 pages per visitor your website will need about 5000MB, or 5GB, of bandwidth per month. Note that 20,000 visitors per month equates to approximately 667 visitors per day. This is a number even most large websites cannot achieve.

If you are just launching your website, chances are you will not need a huge amount of space, nor a huge amount of bandwidth. Unless you have reasons to believe, and evidentiary numbers to support, that your website will have lots of visitors and/or you are offering movie and music downloads, there is little reason for many of us to worry about space and bandwidth. However, in choosing a web host, choose one that allows you to upgrade your disk space and bandwidth if you should need it later on.

You can use the following formula if you need to do a load test, you can determine the number of concurrent users to test if you know daily visits to your site (you may want to use Google Analytics report to find visits per hour):

Concurrent_users = (peak hourly_visits * visit_duration in seconds) / 3600

References:
https://www.website.com/beginnerguide/webhosts/7/6/how-to-estimate-your-web-hosting-needs.ws
http://support.loadimpact.com/knowledgebase/articles/265461-calculating-the-number-of-concurrent-users-to-test

Adding Swap from Instance Store (Amazon Linux)

Below is the procedure to add a swap from instance-store volumes to Amazon Linux instance.
In this example the instance-store device is /dev/xvdb. Feel free to change it according to your instance-store device.

a. Ensure the Instance includes instance-store volumes or add one instance-store volume to your instance during launch time.

b. SSH into the instance and query for the instance-store:
# df -ah | grep ephemeral
The above command should return output like the following (note this may be different based on your AMI and you have to manually test to see which device is mounted as ephemeral storage):
/dev/xvdb 37G 177M 35G 1% /media/ephemeral0

c. Unmount the mounted instance-store:
# umount /media/ephemeral0

d. Create swap partition:
# mkswap /dev/xvdb

e. Comment out the line for /media/ephemeral0 within /etc/fstab:
#/dev/sdb /media/ephemeral0 auto defaults,nofail,comment=cloudconfig 0 2

f. Activate the swap space:
# swapon /dev/xvdb

g. Check that the swap space is active:
# cat /proc/meminfo | grep Swap
The above command should return output like the following:
SwapCached: 0 kB
SwapTotal: 39313404 kB
SwapFree: 39313404 kB

Should you stop start the instance to move underlying hosts, you will need to re-do the above procedure in order to ensure that you have instance-store configured as swap. You can bypass this by creating a script to prepare swap space so that if the instance is shutdown and then moved to a different underlying host, a pristine instance-store will be converted to swap space again. Adding it inside /etc/fstab will not work as the volume will not be prepared for swap when an instance is stopped and started. Invoking the script within /etc/rc.local would be ideal to perform this. For example:

cat << EOF >> /etc/rc.d/rc.local

# Create swap space – /dev/xvdb
if file /dev/xvdb | grep -q block; then
umount /dev/xvdb;
mkswap /dev/xvdb;
swapon -a /dev/xvdb;
fi

EOF

Setting up vsftpd in passive mode

If vsftpd server is behind a router, you are likely to get errors like “Server sent passive reply with unroutable address. Using server address instead.” or “500 illegal port command” on list (ls) command, this post might help. Setting passive mode configuration correctly is the trick.

Make sure port 20, 21 and few more ports, for example 4242-4252, are being forwarded to the server. We will need these extra ports for passive mode – set pasv_min_port andpasv_max_port accordingly in the configuration file. Add following to /etc/vsftpd.conf

connect_from_port_20=YES

pasv_enable=YES

pasv_addr_resolve=YES

pasv_address=myaddress.dyndns.com

pasv_min_port=4242

pasv_max_port=4252

 

Reference:

http://flukylogs.blogspot.sg/2012/01/vsftpd-behind-routerfirewall.html