I would like to implement a transparent IMAPS (SSL/TLS) proxy from zero using python (pySocks and imaplib).
The user and the proxy are in the same network and the mail server is outside (example: gmail servers). All the traffic on port 993 is redirected to the proxy. The user should retrieve his emails using his favorite email application (example: thunderbird). The proxy should receive the commands and transmit it to the user/server and should be able to read the content of the retrieved emails.
However, as the traffic is encrypted, I don't know how to get the account and the password of the user (without using a database) OR how to read the content of the emails without knowing the account and the password of the user.
After few days looking for a solution, I still don't have any track. Maybe it is not possible ? If you have any track, I would be happy to read it.
Thank you.
You must implement your proxy as a Man In The Middle attack. That means that there are two different SSL/TLS encrypted communication channels: one between the client and the proxy, one between the the proxy and the server. That means that either:
the client explicitely sets the proxy as its mail server (if only few servers are to be used with one name/address per actual server)
the proxy has a certificate for the real mail server that will be trusted by the client. A common way is to use a dummy CA: the proxy has a private certificate trusted by the client that can be used to sign certificates for any domains like antivirus softwares do.
Once this is set up, the proxy has just to pass all commands and responses, and process the received mails on the fly.
I acknowledge that this is not a full answer, but a full answer would be far beyond the scope of SO and I hope it could a path to it. Feel free to ask more precise questions here if you are later stuck in actual implementation.
Related
I'm using django-sendgrid-v5 and I read somewhere that it isn't good to send emails from the main webserver. Should I process emails from Celery? Or is it fine to call from the main app since I'm using an external service like Sendgrid anyways?
I don't know in which context you've read that, but I would guess it has something to do with reliability, spam and security in general.
Short answer: Yes, this should be fully okay as you are using an external email service.
Another option is to set up a Smart host on your webserver and let your main email server deliver it to the final recipients.
Long answer: Nowadays sending emails from a (web)server, which is not fully set up as an email server might be difficult in means of reliably sending emails.
Due to the massive amounts of spam and malware sent, most (or at least a lot) receiving email servers (Mail Exchangers) are trying to check if the emails they should deliver to their users, are legit.
This is done by several settings mostly on the server itself. To name only a few: RDNS, DKIM, Greylisting, etc.
In general a (web) server whos main purpose is not sending emails, does not have all these settings. This might result in difficulties to reach certain email addresses.
I'm getting started out creating a website where users can store and get (on user request) private information they store on the server. Since the information is private, I would also like to provide 256 bit encryption. So, how should I go about it? Should I code the back end server stuff in node.js or Python, since I'm comfortable with both languages? How do I go about providing a secure server to the user? And if in the future, I would like to expand my service to mobile apps for Android and iOS, what would be the process?
Please try explaining in detail since that would be a great help :)
You don't need to create your own encrypted communication protocol. Just serve all traffic over https.
If you also wish to encrypt the data before storing it on a database you can encrypt it on arrival to the server.
Check out Express.js for the server, Passport.js for authentication and search for 256-bit encryption on npm. There are quite a few implementations.
When I try to look up some pages, I get the following:
Your connection is not private
Attackers might be trying to steal your information from www.xxx.com (for example, passwords, messages or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
Back to safetyHide advanced
This server could not prove that it is www.xxx.com; its security certificate is from *.herokuapp.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to www.xxx.com (unsafe)
What should I do to prevent this? Somehow google has https, but I know I haven't paid for a certificate and everything runs off http, but pages are indexed in google as http(s).
You must use the SSL Endpoint addon.
Heroku use a default *.herokuapp.com certificate. For custom domains, you must use the adon.
https://devcenter.heroku.com/articles/ssl-endpoint
I have set up an unused Macbook Pro as a shared server on our internal company intranet. I'm kind of running it as a skunkworks; it can access the internet, but doesn't have permission to access, say, Gmail via SMTP. It's also unlikely to get that access anytime soon.
I'd like to be able to run processes on the machine that send notification emails. Every library I can find seems to require an email server, and I can't access one.
Is there any way to set up my MBP to act as its own email server? Thanks.
adding this an answer cause not enough space in comments.
It might work, but highly unlikely, and if you can send outbound mail, it will most likely be spam folder'd or dropped. The reason most apps use a dedicated mail server or smart host is that there are lots of other things that need to be setup besides the mail server (DNS records, SPF, DKIM,etc..). By default it if type sendmail user#example.com on your mac, type your message and end it with a . on a line by itself you mac will try to deliver it using its internal server(postfix). It will look up the Right Hand Side, look for MX records, try to connect to port 25 on the lowest order mx, and do all the things that a mail server does when delivering email. But if your skunk work project cannot access gmail on port 465 or 587 due to firewall settings, then there is very little chance that your mail admins will allow it to connect to random servers on port 25 (since this is exactly what Direct to MX Bots/Malware do).
You best bet is to contact your admins and tell them you have an application that needs to send email, (low volume, notification type, whatever), and ask them if they have an approved server that you can smart host via.
Going around network security, even with the best of intentions, is generally a bad idea. Since the rules are generally put in place for a reason
I want to write an email sending script in Python. Most email programs have to connect to existing servers, like Gmail or Hotmail. I want my script to work independantly of those servers and just be able to send email itself (without having to logon anywhere else). The reason for this is because most email servers (like Yahoo) limit what you can do, such as controlling the sender address or sending certain types of files. So I wanted to write my own script to get around that. So what do I do? Where do I begin learning how to do this? Do I have to write my own server? If I do, how is that done?
You need an MTA (a.k.a. mail transfer agent), whether it's local or remote. SMTP servers talk to each other to deliver the mail through — if you don't want to connect to the remote one, you need to run a local one. Look into Postfix or exim — just be careful not to allow random people to connect to it. Go to Server Fault if you need help with configuring them.
This is language-agnostic, BTW.
The email-module of Python should give you a good starting point. Btw this was the first hit when googling Python email.
You'll essentially need to set up your own mail server. I prefer postfix but there are several alternatives, you'll have to google this one.
Once you can send email through your own server, look into smtplib or email-library for sending email with Python