Configuring Postfix for mail using Gmail as a relay server

I am using Radius Manager 3.9, Radius Authentication server for my users for hotspot & PPPoE since 2 year but there is no email functionality to email to users when they register or upgrade their plan,and expiry date of account. I also mailed to DMASOFTLAB regarding this. He replied that install a email server. In a normal behaviour, I will not prefer to install a mail server only for Radius Manager. after lots of experiments, I decided to use gmail as a relay server to email to my users.

First of all check that sendmail is installed on your system or not if it is then stop the service and remove it.

Verify the sendmail package

#rpm -q sendmail

check service status

#service sendmail status

remove package

#yum remove sendmail

Now install postfix

#yum install postfix openssl openssl-perl

Now create a password file so that postfix can authenticate gmail servers. You do this by create a file named sasl_passwd in /etc/postfix.

#echo “smtp.gmail.com smtp_user:smtp_passwd” > /etc/postfix/sasl_passwd

for security reasons you can hash/encrypt this file

Make sure the sasl_passwd and sasl_passwd.db files are readable/writable only by root

$ chmod 600 /etc/postfix/sasl_passwd
$ chmod 600 /etc/postfix/sasl_passwd.db

Need to create a Certificate Authority (if you don’t already have one) but you can do this one by multiple ways, two are


# cd /etc/pki/tls/misc
# ./CA.pl -newca

You will be prompted for the file name (just hit Enter). Then you will be asked for a PEM pass phrase, which you need to remember. You can fill out the Country Name, State or Province Name, Locality Name, Organization Name, and Organizational Unit Name to your liking (or take the defaults). You need to remember the Organization Name (if you changed it) as it must match one in a key we create later. For the Common Name, fill in “CA” (without quotes). Take defaults for everything else and when prompted to enter the pass phrase you need to enter the same one you did above.

 

# cd /etc/pki/tls
# mkdir gmail_relay
# cd gmail_relay
# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl ca -out server.pem -infiles server.csr

The second openssl command above will prompt you for the Country, State, Locality, etc parameters again. The only value that has to match what was entered for the Certificate Authority is the Organization Name. For the Common Name you should put your server name (fully qualified preferred, but does not really matter). The last command will prompt you for your CA pass phrase that you used earlier. When asked if you want to Sign the certificate, say yes. also when asked if you should commit it, say yes.


Generate your own CA certificate

a. Change directory to /etc/pki/tls/certs

#cd /etc/pki/tls/certs

b.Create a key and test certificate in one file

#make hostname.pem

You will something like

# make hostname.pem

 

ou are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:
Email Address []:

c. Fill-up the necessary information and copy the file on /etc/postfix as cacert.pem

#cp /etc/pki/tls/certs/hostname.pem /etc/postfix/cacert.pem

My mail.cfg file configuration

Finally you can past the following lines to /etc/postfix/main.cf file

#Gmail as Relay server for Postfix
smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl/passwd

Restart postfix and send a test email

$ postfix reload
$ sendmail email@example.com
Test relay thru Gmail

Troubleshooting
Monitor postfix mail log in sperate session by using following command

$ tail -f /var/log/maillog

Regards

Amit Kumar Sinsinwar

Hits:5317

Preparing for CEH exam ?

In March 2012, I got certified under CEH v7 certification. (EC1-350). It was indeed a tough exam. Since a lot of people are asking me on the guide lines for clearing this exam, I decided to put them down for you.

Study Material:

Books:

I studied about four books directly related to CEH exam. These are:

  • CEH Certified Ethical Hacker Study Guide by Kimberly Graves (ISBN-10: 0470525207 | ISBN-13: 978-0470525203 )
  • CEH: Official Certified Ethical Hacker by Kimberly Graves ( ISBN-10: 0782144373 | ISBN-13: 978-0782144376)
  • Certified Ethical Hacker Exam Prep by Michael Gregg ( ISBN-10: 0789735318 | ISBN-13: 978-0789735317)
  • CEH Certified Ethical Hacker All-in-One Exam Guide by Matt Walker ( ISBN-10: 0071772294 | ISBN-13: 978-0071772297)

In addition to the books mentioned above, I also studied some extra books:

  • Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems by Chris Sanders (ISBN-10: 1593272669 | ISBN-13: 978-1593272661)
  • BackTrack 5 Wireless Penetration Testing Beginner’s Guide by Vivek Ramachandran (ISBN-10: 1849515581 | ISBN-13: 978-1849515580)
  • BackTrack 4: Assuring Security by Penetration Testing by Shakeel Ali , Tedi Heriyanto (ISBN-10: 1849513945 | ISBN-13: 978-1849513944)
  • Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning by (Gordon Fyodor Lyon) (ISBN-10 : 0-9799587-1-7 | ISBN-13 978-0-9799587-1-7 )
  • Hacking Exposed (5th Edition) (ISBN: 007226081-5)

Out of the four CEH books, I liked the All-in-One Guide by Matt Walker, and Exam Prep by Micheal Gregg. It must be noted that only the All-in-One by Matt Walker is the book updated with CEH v7 content. I did not find Kimberly’s books any useful at all. You opinion and experience may differ.

The extra books mentioned above have been a real help. I really recommend everyone to read them in addition to any  CEH exam guide you may be studying. Each book mentioned above took 10-15 days of mine, including any practice needed to learn the tools and techniques. I studied for 8-10 hours a day. That makes 80 – 120 days of book study.

Security tools:

Following are few Linux Distributions, which I really like, and recommend to everyone. They contain a lot of tools, which will help you practice various concepts mentioned in books, and various websites on the Internet.

 

Study plan:

Step 1:

Study each book (study guide /exam guide), chapter by chapter. Normally one chapter a day. Attempt sample questions at the end of each chapter (of each study / exam guide), and keep the record of your score. Also make a list of your weak areas. (10 – 15 days per book).

Step 2:

Attempt the sample exam at the end of Gregg’s Exam Prep book. Make a record of score and note weak areas. (2-3 hours, one day)

Step 3:

When you finish all the CEH specific study/exam guides, then study the side books listed above. (10 -15 days per book).

Step 4:

Watch various videos on YouTube, etc, related to the topics you are weak in. This step can be done in parallel to Step 1 and Step 2. This is also a good way to kill boredom while studying. There are a few interesting channels on YouTube, which explain some concepts in light ways. Hak5.org is a website, which has it’s youtube channel as well. The show may not explain anything really in depth, but is a good source to touch up and to know a lot of  things, small and big alike. There are other channels and people as well, who have put up good information on various websites. I watched this show just for a change of taste / kill boredom.

Step 5:

Study the All-in-One exam guide by Matt again, from first chapter to the last, optionally taking any notes. Attempt the sample exam “quiz” provided on the CD, which comes with this book. Record your score. (The software only installs/runs on windows :( ) . ( 1 – 3 days, total).

Step 6:

Cover your weak areas identified in Step 5, and then attempt the sample “master exam” provided on the same CD which comes with Matt’s All-in-One exam guide. (The software only installs/runs on windows :( ) (4 hours, 1 day)

Helpful tools and tips:

Make sure you play a lot with various security tools and penetration / hacking tools, for both Linux and Windows. You must be very well versed with  tcpdump, wireshark, nmap, netcat, snort, etc. You must be absolutely clear on how to capture packets, and how to extract information out of them. You must be absolutely clear on various scan types and various flags, including their binary and hexadecimal representation. You must be good in programming in C and C++, etc.

 

Exam code, exam cost, course outline:

CEH (v7) has exam code of EC1-350. Exam itself  is 500 USD. If you did not take official training from any of the CEH certified instructors / institutes, and studied at your own, like me, then you have to submit an “Eligibility Application Form” to EC-Council, with an additional fee of 100 USD. That makes a total of 600 USD, making it an expensive exam.

EC-Council has provided a CEH handbook, in PDF form,  which can be downloaded, and printed. It contains the complete course outline / exam blue-print. It also contains all the application forms, etc, as well as FAQs. It is available on EC-Council’s website http://eccouncil.org.

 

Conclusion:

If you follow the above study plan, it will take 3-5 months for you to prepare for CEH exam. Remember, the above plan worked for me. And the books I chose worked for me. By no means you should take it as granted, that Matt’s All-in-One exam guide, is all you need! (Even Matt’s All-in-One guide has errors in it). You need to have a lot of experience, and rock-solid concepts  in Information System Security field.

CEH exam is 4 hours+ computer based multiple choice exam . Be patient during the exam. May success be with you. Ameen. Good Luck!

 

Hits:4232