From b834c5578d9f7e8743e0d3cfa514b8e215063742 Mon Sep 17 00:00:00 2001 From: hellrezistor <50468493+hellresistor@users.noreply.github.com> Date: Mon, 6 Jan 2020 20:02:07 +0000 Subject: [PATCH 1/4] SSMTP adding Simple way to set mail output using an existing account :) --- README.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/README.md b/README.md index 0c93c93..0efd670 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,7 @@ An evolving how-to guide for securing a Linux server that, hopefully, also teach - [Lynis - Linux Security Auditing](#lynis---linux-security-auditing) - [The Danger Zone](#the-danger-zone) - [The Miscellaneous](#the-miscellaneous) + - [SSMTP (Simple Sendmail) with google](#ssmtp) - [Gmail and Exim4 As MTA With Implicit TLS](#gmail-and-exim4-as-mta-with-implicit-tls) - [Separate iptables Log File](#separate-iptables-log-file) - [Left Over](#left-over) @@ -2882,6 +2883,40 @@ Keep in mind, deborphan finds packages that have **no package dependencies**. Th ## The Miscellaneous +### The Simple way with SSMTP(#ssmtp) + +#### Why + +Well I will SIMPLIFY this method, to only output email using google mail account (and others). True Simple! :) + + ``` bash + #!/bin/bash + ###### PLEASE .... EDIT IT... + MYEMAIL="mail@gmail.com" + PWDEMAIL="plalala" ## ATTENTION DONT USE Special Chars.. like as SPACE # and some others not all. Feel free to test ;) + MAILPROV="smtp.google.com:583" + DOMPROV="gmail.com" + USERLOC="root" + ####### + apt install -y ssmtp + cp -r --preserve /etc/ssmtp /etc/ssmtp.bck + echo "AuthUser=$MYEMAIL + AuthPass=$PWDEMAIL + root=$MYEMAIL + mailhub=$MAILPROV + hostname=$HOSTNAME + FromLineOverride=YES + UseTLS=Yes + UseSTARTTLS=YES + RewriteDomain=$DOMPROV" > /etc/ssmtp/ssmtp.conf + echo "$USERLOC:$MYEMAIL:$MAILPROV" >> /etc/ssmtp/revaliases ## USERLOC = root + chmod -R 0640 /etc/ssmtp + sleep 1 + echo "Test message from Hardened Linux server using ssmtp" | sendmail -v $MYEMAIL + ``` + +DONE!! ;) + ### Gmail and Exim4 As MTA With Implicit TLS #### Why From 73bb1990ec23551741c8f35ce1fe26ed67a0864b Mon Sep 17 00:00:00 2001 From: hellrezistor <50468493+hellresistor@users.noreply.github.com> Date: Sat, 1 May 2021 08:16:25 +0100 Subject: [PATCH 2/4] Add MSMTP --- README.md | 83 +++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 63 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 818f57e..a5808fc 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ An evolving how-to guide for securing a Linux server that, hopefully, also teach - [OSSEC - Host Intrusion Detection](#ossec---host-intrusion-detection) - [The Danger Zone](#the-danger-zone) - [The Miscellaneous](#the-miscellaneous) - - [SSMTP (Simple Sendmail) with google](#ssmtp) + - [MSMTP (Simple Sendmail) with google](#msmtp) - [Gmail and Exim4 As MTA With Implicit TLS](#gmail-and-exim4-as-mta-with-implicit-tls) - [Separate iptables Log File](#separate-iptables-log-file) - [Left Over](#left-over) @@ -3085,7 +3085,7 @@ Keep in mind, deborphan finds packages that have **no package dependencies**. Th ## The Miscellaneous -### The Simple way with SSMTP(#ssmtp) +### The Simple way with MSMTP(#msmtp) #### Why @@ -3094,31 +3094,74 @@ Well I will SIMPLIFY this method, to only output email using google mail account ``` bash #!/bin/bash ###### PLEASE .... EDIT IT... - MYEMAIL="mail@gmail.com" - PWDEMAIL="plalala" ## ATTENTION DONT USE Special Chars.. like as SPACE # and some others not all. Feel free to test ;) - MAILPROV="smtp.google.com:583" + USRMAIL="usernameemail" DOMPROV="gmail.com" + PWDEMAIL="passwordStrong" ## ATTENTION DONT USE Special Chars.. like as SPACE # and some others not all. Feel free to test ;) + MAILPROV="smtp.google.com:583" + MYMAIL="$USRMAIL@$DOMPROV" USERLOC="root" ####### - apt install -y ssmtp - cp -r --preserve /etc/ssmtp /etc/ssmtp.bck - echo "AuthUser=$MYEMAIL - AuthPass=$PWDEMAIL - root=$MYEMAIL - mailhub=$MAILPROV - hostname=$HOSTNAME - FromLineOverride=YES - UseTLS=Yes - UseSTARTTLS=YES - RewriteDomain=$DOMPROV" > /etc/ssmtp/ssmtp.conf - echo "$USERLOC:$MYEMAIL:$MAILPROV" >> /etc/ssmtp/revaliases ## USERLOC = root - chmod -R 0640 /etc/ssmtp - sleep 1 - echo "Test message from Hardened Linux server using ssmtp" | sendmail -v $MYEMAIL + apt install -y msmtp + ln -s /usr/bin/msmtp /usr/sbin/sendmail + #wget http://www.cacert.org/revoke.crl -O /etc/ssl/certs/revoke.crl + #chmod 644 /etc/ssl/certs/revoke.crl + touch /root/.msmtprc + cat < .msmtprc + defaults + account gmail + host $MAILPROV + port $MAILPORT + #proxy_host 127.0.0.1 + #proxy_port 9001 + from $MYEMAIL + timeout off + protocol smtp + #auto_from [(on|off)] + #from envelope_from + #maildomain [domain] + auth on + user $USRMAIL + passwordeval "gpg -q --for-your-eyes-only --no-tty -d /root/msmtp-mail.gpg" + #passwordeval "gpg --quiet --for-your-eyes-only --no-tty --decrypt /root/msmtp-mail.gpg" + tls on + tls_starttls on + tls_trust_file /etc/ssl/certs/ca-certificates.crt + #tls_crl_file /etc/ssl/certs/revoke.crl + #tls_fingerprint [fingerprint] + #tls_key_file [file] + #tls_cert_file [file] + tls_certcheck on + tls_force_sslv3 on + tls_min_dh_prime_bits 512 + #tls_priorities [priorities] + #dsn_notify (off|condition) + #dsn_return (off|amount) + #domain argument + #keepbcc off + logfile /var/log/mail.log + syslog on + account default : gmail + EOF + chmod 0400 /root/.msmtprc + + ## In testing .. auto command + # echo -e "1\n4096\n\ny\n$MYUSRMAIL\n$MYEMAIL\nmy key\nO\n$PWDMAIL\n$PWDMAIL\n" | gpg --full-generate-key + ## + gpg --full-generate-key + gpg --output revoke.asc --gen-revoke $MYEMAIL + echo -e "$PWDEMAIL\n" | gpg -e -o /root/msmtp-mail.gpg --recipient $MYEMAIL + echo "export GPG_TTY=\$(tty)" >> .baschrc + chmod 400 msmtp-mail.gpg + + echo "Hello there" | msmtp --debug $MYEMAIL + echo"###################### + ## MSMTP Configured ## + ######################" ``` DONE!! ;) + ### Gmail and Exim4 As MTA With Implicit TLS #### Why From 4857357cbfaf78b87af006c22a61358a0fa80eef Mon Sep 17 00:00:00 2001 From: hellrezistor <50468493+hellresistor@users.noreply.github.com> Date: Sat, 1 May 2021 08:22:35 +0100 Subject: [PATCH 3/4] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a5808fc..0a2e86c 100644 --- a/README.md +++ b/README.md @@ -3085,7 +3085,7 @@ Keep in mind, deborphan finds packages that have **no package dependencies**. Th ## The Miscellaneous -### The Simple way with MSMTP(#msmtp) +### The Simple way with MSMTP #### Why @@ -3160,7 +3160,7 @@ Well I will SIMPLIFY this method, to only output email using google mail account ``` DONE!! ;) - +([Table of Contents](#table-of-contents)) ### Gmail and Exim4 As MTA With Implicit TLS From d89ccda8a832179d52a51ab2cf3fd08695878c2b Mon Sep 17 00:00:00 2001 From: hellrezistor <50468493+hellresistor@users.noreply.github.com> Date: Sat, 1 May 2021 08:26:24 +0100 Subject: [PATCH 4/4] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0a2e86c..e39f125 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ An evolving how-to guide for securing a Linux server that, hopefully, also teach - [OSSEC - Host Intrusion Detection](#ossec---host-intrusion-detection) - [The Danger Zone](#the-danger-zone) - [The Miscellaneous](#the-miscellaneous) - - [MSMTP (Simple Sendmail) with google](#msmtp) + - [MSMTP (Simple Sendmail) with google](#msmtp-alternative) - [Gmail and Exim4 As MTA With Implicit TLS](#gmail-and-exim4-as-mta-with-implicit-tls) - [Separate iptables Log File](#separate-iptables-log-file) - [Left Over](#left-over) @@ -3086,7 +3086,7 @@ Keep in mind, deborphan finds packages that have **no package dependencies**. Th ## The Miscellaneous ### The Simple way with MSMTP - +(#msmtp-alternative) #### Why Well I will SIMPLIFY this method, to only output email using google mail account (and others). True Simple! :)