Project 3 Warmup
You should begin by using the telnet program to login into a mail server and a pop server and running the protocol by hand, so deliver and retrieve mail.
Read RFC's 821 and 822 for SMTP, or it's updates, and 1939 for POP3. I have setup a server and an account for you to contact. As always, I might have to change the server once during the next couple months, so double check here the IP address, and name, of the server. Note: you will not need to resolve MX records, just deliver to the server's name.
Sending email
Typically, your client sends the email to a sever, for relay to the ultimate distination. You whould warm up for project 3 but sending email directly using the telnet client. Note: you will need to be somewhere that allows outgoing SMTP connections. Your lab account does allow these.
The server name is ec2-184-73-91-87.compute-1.amazonaws.com. The user to send to on that machine is dearabby. Here is a sample, without proper 822 headers, but nonetheless, it seems to work.
[burt@mcclellan ~]$ telnet ec2-184-73-91-87.compute-1.amazonaws.com smtp Trying 184.73.91.87... Connected to ec2-184-73-91-87.compute-1.amazonaws.com. Escape character is '^]'. 220 ****************************************************** EHLO test.cs.miami.edu 250-ec2-184-73-91-87.compute-1.amazonaws.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: <burt@miami.edu> 250 2.1.0 Ok RCPT TO: <dearabby@ec2-184-73-91-87.compute-1.amazonaws.com> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> test email . 250 2.0.0 Ok: queued as 646801D4042 QUIT 221 2.0.0 Bye Connection closed by foreign host. [burt@mcclellan ~]$
Popping email
You won't be able to log into that server, you will pickup the mail by POP. When you are doing this, everyone will be hitting the same server. I am not really sure what will happen :-)
Actually, when you read the RFC you will see that what should happen is the list of emails that are presented to the POP client is frozen at the moment an authenticated session is created. So emails are deleted when they are marked as deleted, and all sessions that were begun while that email existed, are ended.
[burt@mcclellan ~]$ telnet ec2-184-73-91-87.compute-1.amazonaws.com pop3 Trying 184.73.91.87... Connected to ec2-184-73-91-87.compute-1.amazonaws.com. Escape character is '^]'. +OK Dovecot ready. USER dearabby +OK PASS ********** LIST +OK 2 messages: 1 594 2 608 . RETR 1 +OK 594 octets Return-Path: <burt@miami.edu> X-Original-To: dearabby@ec2-184-73-91-87.compute-1.amazonaws.com Delivered-To: dearabby@ec2-184-73-91-87.compute-1.amazonaws.com Received: from burt (mcclellan.cs.miami.edu [192.31.89.6]) by ec2-184-73-91-87.compute-1.amazonaws.com (Postfix) with ESMTP id 8762D1D4042 for <dearabby@ec2-184-73-91-87.compute-1.amazonaws.com>; Sat, 27 Mar 2010 21:38:04 -0400 (EDT) Message-Id: <20100328013817.8762D1D4042@ec2-184-73-91-87.compute-1.amazonaws.com> Date: Sat, 27 Mar 2010 21:38:04 -0400 (EDT) From: burt@miami.edu To: undisclosed-recipients:; test mail . DELE 1 +OK Marked to be deleted. QUIT +OK Logging out, messages deleted. Connection closed by foreign host. [burt@mcclellan ~]$
The warmup
So try these things and send me the results. Take about a week to do this, and then get on with making a pop client.
Openssl s_client: how to telnet with SSL
Connecting to the pop3s port will give a dialog as follows. Note that I can downloaded the CA cert which is signing the server cert, and which you shall use to sign your client cert. That is, I have created a root of trust, here called CSC 524 CA, for the purpose of signing clients and the server.
hohokus$ openssl s_client -CAfile cacert_cscaws.pem -connect ec2-184-73-91-87.compute-1.amazonaws.com:pop3s
CONNECTED(00000003)
depth=1 /O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA
verify return:1
depth=0 /C=US/ST=FL/O=Univ of Miami/OU=CSC AWS Services/CN=ec2-184-73-91-87.compute-1.amazonaws.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=FL/O=Univ of Miami/OU=CSC AWS Services/CN=ec2-184-73-91-87.compute-1.amazonaws.com
i:/O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICjDCCAfUCAQEwDQYJKoZIhvcNAQEFBQAwgZsxFjAUBgNVBAoTDVVuaXYgb2Yg
TWlhbWkxGTAXBgNVBAsTEENvbXB1dGVyIFNjaWVuY2UxIDAeBgkqhkiG9w0BCQEW
EWJ1cnRAY3MubWlhbWkuZWR1MRUwEwYDVQQHEwxDb3JhbCBHYWJsZXMxCzAJBgNV
BAgTAkZMMQswCQYDVQQGEwJVUzETMBEGA1UEAxMKQ1NDIDUyNCBDQTAeFw0xMDA0
MDkwMzQyMzlaFw0xMTA0MDkwMzQyMzlaMIGAMQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCRkwxFjAUBgNVBAoTDVVuaXYgb2YgTWlhbWkxGTAXBgNVBAsTEENTQyBBV1Mg
U2VydmljZXMxMTAvBgNVBAMTKGVjMi0xODQtNzMtOTEtODcuY29tcHV0ZS0xLmFt
YXpvbmF3cy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPBUE4DdhG9q
rA26GB7HTlA8PDIDj0Jgy9CLN3KoqQtip2hA38/1zEQld8LdqL6ib+XW7JjqXi3H
7D5d0ZA4ZVA6B1SpIcP/vWajjTe2RkMDiJDYk2omaQiDihapBkyRRYHzp7wC7O7l
gUcD85KUwcHs8u0M+3K0LFkbmCqUZW+nAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA
ofp8p8pOgcmtc7Rc7btSafjZL+CfvnP47n3DtpbW/oLn80WN0+9yZRr9BoGMjelO
vUKb/lj24JTGIL8WuyEbDkM2/p6IkKM6s2+knk/P935f0EtIiEJEl5bBjXaTIp1K
mCI2zcgt0OaMRtOdmenzLgQVDalSpU9cnG1d097RpKs=
-----END CERTIFICATE-----
subject=/C=US/ST=FL/O=Univ of Miami/OU=CSC AWS Services/CN=ec2-184-73-91-87.compute-1.amazonaws.com
issuer=/O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA
---
No client certificate CA names sent
---
SSL handshake has read 1220 bytes and written 316 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: C70FC5240EB1AF58607A304814F7291964EAA6135F4E97B889EC04E2F3D68ECA
Session-ID-ctx:
Master-Key: 5DD3643BFE6D6F8F7BD886357F59798023FD44E1E0F643AE0BA35AADC5F39AC19A7283C6336471B9A14B875F24A52DB5
Key-Arg : None
Start Time: 1270934792
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
+OK Dovecot ready.
Certificate Authority Certs
Here are the certs you need. You can cut and paste these, but they might be a bit sensitive to formating. I have included the md5 of the files, so you can check if the files are identical. The cert is show in plain text (decoded). The cert is then shown so you can grab it. The cert key is given, because you should make a client cert, generating a CSR (cert signing request) and sign it with the CA cert. For this you will need the private key (called simply "key", the public key is in the cert). To simulate further, I have encrypted the key with the you-know-what password, the openssl command for the encryption shown.
I have managed to transfer these by cut and paste. I was a bit surprised it worked, due to line end conventions perhaps not being consistent, or additional end of lines being inserted. My files have a single newline character at the end of each line, and no extraneous characters before the first "-" or after the last line.
These are PEM files. The cert files are handled with x509 subcommands of the openssl command. The key files are handled with rsa subcommands of the openssl command, given that the public key system is RSA. The openssl command is huge, see "man openssl", but you can also use the command and subcommand followed by a question mark, "openssl rsa ?", to get focused help for the subcommand.
hohkus$ cat cacert_cscaws.pem | openssl x509 -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f8:32:da:d6:46:bd:35:ab
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=Univ of Miami, OU=Computer Science/emailAddress=burt@cs.miami.edu, L=Coral Gables, ST=FL, C=US, CN=CSC 524 CA
Validity
Not Before: Apr 9 03:19:12 2010 GMT
Not After : Apr 6 03:19:12 2020 GMT
Subject: O=Univ of Miami, OU=Computer Science/emailAddress=burt@cs.miami.edu, L=Coral Gables, ST=FL, C=US, CN=CSC 524 CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:ab:ab:7f:c3:fd:80:71:b9:98:96:bc:af:82:56:
da:94:35:41:38:cd:36:2b:09:33:cc:85:0b:bd:42:
60:d0:3b:ed:e7:8d:45:50:57:71:a0:fa:07:df:8d:
fb:f3:bf:f8:02:82:3b:52:e5:1e:d2:ea:2a:ee:45:
17:08:ed:f5:98:c3:ed:23:bf:fd:4a:7d:d7:9a:28:
7d:00:83:75:65:a6:cc:55:85:35:db:5d:6e:9d:70:
4f:ad:6d:de:49:ed:6c:1c:f5:f8:a0:3e:97:5c:dc:
5e:1c:9b:07:bd:a1:6d:bc:04:ed:f2:5a:3f:a2:65:
be:f9:42:a7:fe:5e:2e:e9:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints:
CA:TRUE
X509v3 Subject Key Identifier:
EA:28:BC:35:F1:68:5C:4F:C9:BE:A2:71:1D:0E:7A:90:D5:79:C2:16
X509v3 Authority Key Identifier:
keyid:EA:28:BC:35:F1:68:5C:4F:C9:BE:A2:71:1D:0E:7A:90:D5:79:C2:16
DirName:/O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA
serial:F8:32:DA:D6:46:BD:35:AB
Signature Algorithm: sha1WithRSAEncryption
38:f9:ab:d6:8e:b1:1b:a8:6b:65:ee:79:b5:61:f4:9d:b1:34:
d3:73:48:51:e4:9e:28:be:7b:b5:6f:96:95:7b:dc:d9:b4:5d:
0d:e1:8f:c1:9b:50:aa:c2:18:66:21:74:34:a4:11:38:89:a0:
c5:63:c9:7f:3b:63:31:09:c2:15:fd:5f:a2:7f:48:94:90:6d:
fe:b7:83:8f:42:8c:11:95:50:8c:97:79:ee:80:58:04:77:8d:
3c:26:f7:14:af:0c:40:3e:93:d0:b3:1d:91:16:ce:e1:36:57:
19:83:87:95:13:72:9a:7e:bf:64:45:63:ac:14:dd:45:7f:62:
b7:de
hohokus$ more cacert_cscaws.pem
-----BEGIN CERTIFICATE-----
MIIDvDCCAyWgAwIBAgIJAPgy2tZGvTWrMA0GCSqGSIb3DQEBBQUAMIGbMRYwFAYD
VQQKEw1Vbml2IG9mIE1pYW1pMRkwFwYDVQQLExBDb21wdXRlciBTY2llbmNlMSAw
HgYJKoZIhvcNAQkBFhFidXJ0QGNzLm1pYW1pLmVkdTEVMBMGA1UEBxMMQ29yYWwg
R2FibGVzMQswCQYDVQQIEwJGTDELMAkGA1UEBhMCVVMxEzARBgNVBAMTCkNTQyA1
MjQgQ0EwHhcNMTAwNDA5MDMxOTEyWhcNMjAwNDA2MDMxOTEyWjCBmzEWMBQGA1UE
ChMNVW5pdiBvZiBNaWFtaTEZMBcGA1UECxMQQ29tcHV0ZXIgU2NpZW5jZTEgMB4G
CSqGSIb3DQEJARYRYnVydEBjcy5taWFtaS5lZHUxFTATBgNVBAcTDENvcmFsIEdh
YmxlczELMAkGA1UECBMCRkwxCzAJBgNVBAYTAlVTMRMwEQYDVQQDEwpDU0MgNTI0
IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrq3/D/YBxuZiWvK+CVtqU
NUE4zTYrCTPMhQu9QmDQO+3njUVQV3Gg+gffjfvzv/gCgjtS5R7S6iruRRcI7fWY
w+0jv/1KfdeaKH0Ag3VlpsxVhTXbXW6dcE+tbd5J7Wwc9figPpdc3F4cmwe9oW28
BO3yWj+iZb75Qqf+Xi7peQIDAQABo4IBBDCCAQAwDAYDVR0TBAUwAwEB/zAdBgNV
HQ4EFgQU6ii8NfFoXE/JvqJxHQ56kNV5whYwgdAGA1UdIwSByDCBxYAU6ii8NfFo
XE/JvqJxHQ56kNV5whahgaGkgZ4wgZsxFjAUBgNVBAoTDVVuaXYgb2YgTWlhbWkx
GTAXBgNVBAsTEENvbXB1dGVyIFNjaWVuY2UxIDAeBgkqhkiG9w0BCQEWEWJ1cnRA
Y3MubWlhbWkuZWR1MRUwEwYDVQQHEwxDb3JhbCBHYWJsZXMxCzAJBgNVBAgTAkZM
MQswCQYDVQQGEwJVUzETMBEGA1UEAxMKQ1NDIDUyNCBDQYIJAPgy2tZGvTWrMA0G
CSqGSIb3DQEBBQUAA4GBADj5q9aOsRuoa2XuebVh9J2xNNNzSFHknii+e7VvlpV7
3Nm0XQ3hj8GbUKrCGGYhdDSkETiJoMVjyX87YzEJwhX9X6J/SJSQbf63g49CjBGV
UIyXee6AWAR3jTwm9xSvDEA+k9CzHZEWzuE2VxmDh5UTcpp+v2RFY6wU3UV/Yrfe
-----END CERTIFICATE-----
hohokus$ cat cakey_cscaws.pem | openssl rsa -aes128
[password prompt elited]
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,F4D9DFE9FF9CC383421621E3A399304B
dCok5h6nGB8s4Yme4+6cCjZAjSrVuVFuyAGjU8CSMxFfBTNfjgTo6T7066cxnFIg
eiK6fb+zABhdODrXaLmy1vxABFEh3+ABp6+2BHjDk/MjNy7XXD2Ssh2Umyjlm9XA
ibUgq1mjlVcieC8TuXcBcbBHcXSO3NZmJu6r1RZwGDaRumWWnUsa2ZHwfgoRylys
zsXeXRNwx8EWFkQP4iLcM7z2yuz08UgdV8kPfmlTMuABESSi8JMex194bwoMBWbb
pws/kPS8RQZZy7vqnbWbGpQqjxN5Kr5eZoT9gdKXpAzYU8tx7DmSk7PZ2j2vpgJd
BKrc2Xz2js4htl77b3StedX6zO7qO25y2IB4i8vEPOk3edGFiqiw+j0q1gcXqWsO
7TKIDuoS7I5DiFL2/L20I9yz8uUOb3iRqVsM7XMwih+byqcrbWlhavSLo9qVXzXD
xe6ewm5iuhktfZTgH8kYwBjRGgtfmDUMHwt9MVKCMO1DcivZplaC2gejH4uup4Zl
ZuJ+Sp4OsBdt0/3W7ajacLHWwNqmoOOtkG9/OhPpkcOBAHofo0VzBGwErEgptXNF
g+TlxQm6K8e1OWX3DZmdvi5rmAhe+9VBZyMdqypkMTR13lm+rO5+SLEbobe/peG1
6C7Xee/za7SXcj0iIZ/lvo2X+5TSbL8MsMdmF7aG31oIJnm485L2UHtDQwyFl8G6
OZKRUWcxByROvQCSl2YFp5+BAMFCQE59Pu1zGmVD9HQfsTAcWU5RPXN5n5Y0ApWT
ILkf8sH3J9MArrpGuUp9yOZMxiBd3b4lxZc+LVB8+7K35GZho/Zy2MmFsHMNaf6t
-----END RSA PRIVATE KEY-----
hohokus$ md5 cacert_cscaws.pem
MD5 (cacert_cscaws.pem) = bdf396f9f9798bc4a54215aad8a12023
hohokus-3:csc521 burt$ md5 cakey_cscaws.pem
MD5 (cakey_cscaws.pem) = 7da00db1f644239046e84e935194e3cc
hohokus-3:csc521 burt$ md5 cakey_cscaws.pem.pw
MD5 (cakey_cscaws.pem.pw) = cec32cc83297fd58a37617fb6f9a107e
References