Project 3 Warmup
You should begin by using the telnet program to login into a mail server and a pop server and running the protocol by hand, so deliver and retrieve mail.
Read RFC's 821 and 822 for SMTP, or it's updates, and 1939 for POP3. I have setup a server and an account for you to contact. As always, I might have to change the server once during the next couple months, so double check here the IP address, and name, of the server. Note: you will not need to resolve MX records, just deliver to the server's name.
Sending email
Typically, your client sends the email to a sever, for relay to the ultimate distination. You whould warm up for project 3 but sending email directly using the telnet client. Note: you will need to be somewhere that allows outgoing SMTP connections. Your lab account does allow these.
The server name is ec2-184-73-91-87.compute-1.amazonaws.com. The user to send to on that machine is dearabby. Here is a sample, without proper 822 headers, but nonetheless, it seems to work.
[burt@mcclellan ~]$ telnet ec2-184-73-91-87.compute-1.amazonaws.com smtp Trying 184.73.91.87... Connected to ec2-184-73-91-87.compute-1.amazonaws.com. Escape character is '^]'. 220 ****************************************************** EHLO test.cs.miami.edu 250-ec2-184-73-91-87.compute-1.amazonaws.com 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN MAIL FROM: <burt@miami.edu> 250 2.1.0 Ok RCPT TO: <dearabby@ec2-184-73-91-87.compute-1.amazonaws.com> 250 2.1.5 Ok DATA 354 End data with <CR><LF>.<CR><LF> test email . 250 2.0.0 Ok: queued as 646801D4042 QUIT 221 2.0.0 Bye Connection closed by foreign host. [burt@mcclellan ~]$
Popping email
You won't be able to log into that server, you will pickup the mail by POP. When you are doing this, everyone will be hitting the same server. I am not really sure what will happen :-)
Actually, when you read the RFC you will see that what should happen is the list of emails that are presented to the POP client is frozen at the moment an authenticated session is created. So emails are deleted when they are marked as deleted, and all sessions that were begun while that email existed, are ended.
[burt@mcclellan ~]$ telnet ec2-184-73-91-87.compute-1.amazonaws.com pop3 Trying 184.73.91.87... Connected to ec2-184-73-91-87.compute-1.amazonaws.com. Escape character is '^]'. +OK Dovecot ready. USER dearabby +OK PASS ********** LIST +OK 2 messages: 1 594 2 608 . RETR 1 +OK 594 octets Return-Path: <burt@miami.edu> X-Original-To: dearabby@ec2-184-73-91-87.compute-1.amazonaws.com Delivered-To: dearabby@ec2-184-73-91-87.compute-1.amazonaws.com Received: from burt (mcclellan.cs.miami.edu [192.31.89.6]) by ec2-184-73-91-87.compute-1.amazonaws.com (Postfix) with ESMTP id 8762D1D4042 for <dearabby@ec2-184-73-91-87.compute-1.amazonaws.com>; Sat, 27 Mar 2010 21:38:04 -0400 (EDT) Message-Id: <20100328013817.8762D1D4042@ec2-184-73-91-87.compute-1.amazonaws.com> Date: Sat, 27 Mar 2010 21:38:04 -0400 (EDT) From: burt@miami.edu To: undisclosed-recipients:; test mail . DELE 1 +OK Marked to be deleted. QUIT +OK Logging out, messages deleted. Connection closed by foreign host. [burt@mcclellan ~]$
The warmup
So try these things and send me the results. Take about a week to do this, and then get on with making a pop client.
Openssl s_client: how to telnet with SSL
Connecting to the pop3s port will give a dialog as follows. Note that I can downloaded the CA cert which is signing the server cert, and which you shall use to sign your client cert. That is, I have created a root of trust, here called CSC 524 CA, for the purpose of signing clients and the server.
hohokus$ openssl s_client -CAfile cacert_cscaws.pem -connect ec2-184-73-91-87.compute-1.amazonaws.com:pop3s CONNECTED(00000003) depth=1 /O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA verify return:1 depth=0 /C=US/ST=FL/O=Univ of Miami/OU=CSC AWS Services/CN=ec2-184-73-91-87.compute-1.amazonaws.com verify return:1 --- Certificate chain 0 s:/C=US/ST=FL/O=Univ of Miami/OU=CSC AWS Services/CN=ec2-184-73-91-87.compute-1.amazonaws.com i:/O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA --- Server certificate -----BEGIN CERTIFICATE----- MIICjDCCAfUCAQEwDQYJKoZIhvcNAQEFBQAwgZsxFjAUBgNVBAoTDVVuaXYgb2Yg TWlhbWkxGTAXBgNVBAsTEENvbXB1dGVyIFNjaWVuY2UxIDAeBgkqhkiG9w0BCQEW EWJ1cnRAY3MubWlhbWkuZWR1MRUwEwYDVQQHEwxDb3JhbCBHYWJsZXMxCzAJBgNV BAgTAkZMMQswCQYDVQQGEwJVUzETMBEGA1UEAxMKQ1NDIDUyNCBDQTAeFw0xMDA0 MDkwMzQyMzlaFw0xMTA0MDkwMzQyMzlaMIGAMQswCQYDVQQGEwJVUzELMAkGA1UE CBMCRkwxFjAUBgNVBAoTDVVuaXYgb2YgTWlhbWkxGTAXBgNVBAsTEENTQyBBV1Mg U2VydmljZXMxMTAvBgNVBAMTKGVjMi0xODQtNzMtOTEtODcuY29tcHV0ZS0xLmFt YXpvbmF3cy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPBUE4DdhG9q rA26GB7HTlA8PDIDj0Jgy9CLN3KoqQtip2hA38/1zEQld8LdqL6ib+XW7JjqXi3H 7D5d0ZA4ZVA6B1SpIcP/vWajjTe2RkMDiJDYk2omaQiDihapBkyRRYHzp7wC7O7l gUcD85KUwcHs8u0M+3K0LFkbmCqUZW+nAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEA ofp8p8pOgcmtc7Rc7btSafjZL+CfvnP47n3DtpbW/oLn80WN0+9yZRr9BoGMjelO vUKb/lj24JTGIL8WuyEbDkM2/p6IkKM6s2+knk/P935f0EtIiEJEl5bBjXaTIp1K mCI2zcgt0OaMRtOdmenzLgQVDalSpU9cnG1d097RpKs= -----END CERTIFICATE----- subject=/C=US/ST=FL/O=Univ of Miami/OU=CSC AWS Services/CN=ec2-184-73-91-87.compute-1.amazonaws.com issuer=/O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA --- No client certificate CA names sent --- SSL handshake has read 1220 bytes and written 316 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: C70FC5240EB1AF58607A304814F7291964EAA6135F4E97B889EC04E2F3D68ECA Session-ID-ctx: Master-Key: 5DD3643BFE6D6F8F7BD886357F59798023FD44E1E0F643AE0BA35AADC5F39AC19A7283C6336471B9A14B875F24A52DB5 Key-Arg : None Start Time: 1270934792 Timeout : 300 (sec) Verify return code: 0 (ok) --- +OK Dovecot ready.
Certificate Authority Certs
Here are the certs you need. You can cut and paste these, but they might be a bit sensitive to formating. I have included the md5 of the files, so you can check if the files are identical. The cert is show in plain text (decoded). The cert is then shown so you can grab it. The cert key is given, because you should make a client cert, generating a CSR (cert signing request) and sign it with the CA cert. For this you will need the private key (called simply "key", the public key is in the cert). To simulate further, I have encrypted the key with the you-know-what password, the openssl command for the encryption shown.
I have managed to transfer these by cut and paste. I was a bit surprised it worked, due to line end conventions perhaps not being consistent, or additional end of lines being inserted. My files have a single newline character at the end of each line, and no extraneous characters before the first "-" or after the last line.
These are PEM files. The cert files are handled with x509 subcommands of the openssl command. The key files are handled with rsa subcommands of the openssl command, given that the public key system is RSA. The openssl command is huge, see "man openssl", but you can also use the command and subcommand followed by a question mark, "openssl rsa ?", to get focused help for the subcommand.
hohkus$ cat cacert_cscaws.pem | openssl x509 -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: f8:32:da:d6:46:bd:35:ab Signature Algorithm: sha1WithRSAEncryption Issuer: O=Univ of Miami, OU=Computer Science/emailAddress=burt@cs.miami.edu, L=Coral Gables, ST=FL, C=US, CN=CSC 524 CA Validity Not Before: Apr 9 03:19:12 2010 GMT Not After : Apr 6 03:19:12 2020 GMT Subject: O=Univ of Miami, OU=Computer Science/emailAddress=burt@cs.miami.edu, L=Coral Gables, ST=FL, C=US, CN=CSC 524 CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:ab:ab:7f:c3:fd:80:71:b9:98:96:bc:af:82:56: da:94:35:41:38:cd:36:2b:09:33:cc:85:0b:bd:42: 60:d0:3b:ed:e7:8d:45:50:57:71:a0:fa:07:df:8d: fb:f3:bf:f8:02:82:3b:52:e5:1e:d2:ea:2a:ee:45: 17:08:ed:f5:98:c3:ed:23:bf:fd:4a:7d:d7:9a:28: 7d:00:83:75:65:a6:cc:55:85:35:db:5d:6e:9d:70: 4f:ad:6d:de:49:ed:6c:1c:f5:f8:a0:3e:97:5c:dc: 5e:1c:9b:07:bd:a1:6d:bc:04:ed:f2:5a:3f:a2:65: be:f9:42:a7:fe:5e:2e:e9:79 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:TRUE X509v3 Subject Key Identifier: EA:28:BC:35:F1:68:5C:4F:C9:BE:A2:71:1D:0E:7A:90:D5:79:C2:16 X509v3 Authority Key Identifier: keyid:EA:28:BC:35:F1:68:5C:4F:C9:BE:A2:71:1D:0E:7A:90:D5:79:C2:16 DirName:/O=Univ of Miami/OU=Computer Science/emailAddress=burt@cs.miami.edu/L=Coral Gables/ST=FL/C=US/CN=CSC 524 CA serial:F8:32:DA:D6:46:BD:35:AB Signature Algorithm: sha1WithRSAEncryption 38:f9:ab:d6:8e:b1:1b:a8:6b:65:ee:79:b5:61:f4:9d:b1:34: d3:73:48:51:e4:9e:28:be:7b:b5:6f:96:95:7b:dc:d9:b4:5d: 0d:e1:8f:c1:9b:50:aa:c2:18:66:21:74:34:a4:11:38:89:a0: c5:63:c9:7f:3b:63:31:09:c2:15:fd:5f:a2:7f:48:94:90:6d: fe:b7:83:8f:42:8c:11:95:50:8c:97:79:ee:80:58:04:77:8d: 3c:26:f7:14:af:0c:40:3e:93:d0:b3:1d:91:16:ce:e1:36:57: 19:83:87:95:13:72:9a:7e:bf:64:45:63:ac:14:dd:45:7f:62: b7:de hohokus$ more cacert_cscaws.pem -----BEGIN CERTIFICATE----- MIIDvDCCAyWgAwIBAgIJAPgy2tZGvTWrMA0GCSqGSIb3DQEBBQUAMIGbMRYwFAYD VQQKEw1Vbml2IG9mIE1pYW1pMRkwFwYDVQQLExBDb21wdXRlciBTY2llbmNlMSAw HgYJKoZIhvcNAQkBFhFidXJ0QGNzLm1pYW1pLmVkdTEVMBMGA1UEBxMMQ29yYWwg R2FibGVzMQswCQYDVQQIEwJGTDELMAkGA1UEBhMCVVMxEzARBgNVBAMTCkNTQyA1 MjQgQ0EwHhcNMTAwNDA5MDMxOTEyWhcNMjAwNDA2MDMxOTEyWjCBmzEWMBQGA1UE ChMNVW5pdiBvZiBNaWFtaTEZMBcGA1UECxMQQ29tcHV0ZXIgU2NpZW5jZTEgMB4G CSqGSIb3DQEJARYRYnVydEBjcy5taWFtaS5lZHUxFTATBgNVBAcTDENvcmFsIEdh YmxlczELMAkGA1UECBMCRkwxCzAJBgNVBAYTAlVTMRMwEQYDVQQDEwpDU0MgNTI0 IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrq3/D/YBxuZiWvK+CVtqU NUE4zTYrCTPMhQu9QmDQO+3njUVQV3Gg+gffjfvzv/gCgjtS5R7S6iruRRcI7fWY w+0jv/1KfdeaKH0Ag3VlpsxVhTXbXW6dcE+tbd5J7Wwc9figPpdc3F4cmwe9oW28 BO3yWj+iZb75Qqf+Xi7peQIDAQABo4IBBDCCAQAwDAYDVR0TBAUwAwEB/zAdBgNV HQ4EFgQU6ii8NfFoXE/JvqJxHQ56kNV5whYwgdAGA1UdIwSByDCBxYAU6ii8NfFo XE/JvqJxHQ56kNV5whahgaGkgZ4wgZsxFjAUBgNVBAoTDVVuaXYgb2YgTWlhbWkx GTAXBgNVBAsTEENvbXB1dGVyIFNjaWVuY2UxIDAeBgkqhkiG9w0BCQEWEWJ1cnRA Y3MubWlhbWkuZWR1MRUwEwYDVQQHEwxDb3JhbCBHYWJsZXMxCzAJBgNVBAgTAkZM MQswCQYDVQQGEwJVUzETMBEGA1UEAxMKQ1NDIDUyNCBDQYIJAPgy2tZGvTWrMA0G CSqGSIb3DQEBBQUAA4GBADj5q9aOsRuoa2XuebVh9J2xNNNzSFHknii+e7VvlpV7 3Nm0XQ3hj8GbUKrCGGYhdDSkETiJoMVjyX87YzEJwhX9X6J/SJSQbf63g49CjBGV UIyXee6AWAR3jTwm9xSvDEA+k9CzHZEWzuE2VxmDh5UTcpp+v2RFY6wU3UV/Yrfe -----END CERTIFICATE----- hohokus$ cat cakey_cscaws.pem | openssl rsa -aes128 [password prompt elited] -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-128-CBC,F4D9DFE9FF9CC383421621E3A399304B dCok5h6nGB8s4Yme4+6cCjZAjSrVuVFuyAGjU8CSMxFfBTNfjgTo6T7066cxnFIg eiK6fb+zABhdODrXaLmy1vxABFEh3+ABp6+2BHjDk/MjNy7XXD2Ssh2Umyjlm9XA ibUgq1mjlVcieC8TuXcBcbBHcXSO3NZmJu6r1RZwGDaRumWWnUsa2ZHwfgoRylys zsXeXRNwx8EWFkQP4iLcM7z2yuz08UgdV8kPfmlTMuABESSi8JMex194bwoMBWbb pws/kPS8RQZZy7vqnbWbGpQqjxN5Kr5eZoT9gdKXpAzYU8tx7DmSk7PZ2j2vpgJd BKrc2Xz2js4htl77b3StedX6zO7qO25y2IB4i8vEPOk3edGFiqiw+j0q1gcXqWsO 7TKIDuoS7I5DiFL2/L20I9yz8uUOb3iRqVsM7XMwih+byqcrbWlhavSLo9qVXzXD xe6ewm5iuhktfZTgH8kYwBjRGgtfmDUMHwt9MVKCMO1DcivZplaC2gejH4uup4Zl ZuJ+Sp4OsBdt0/3W7ajacLHWwNqmoOOtkG9/OhPpkcOBAHofo0VzBGwErEgptXNF g+TlxQm6K8e1OWX3DZmdvi5rmAhe+9VBZyMdqypkMTR13lm+rO5+SLEbobe/peG1 6C7Xee/za7SXcj0iIZ/lvo2X+5TSbL8MsMdmF7aG31oIJnm485L2UHtDQwyFl8G6 OZKRUWcxByROvQCSl2YFp5+BAMFCQE59Pu1zGmVD9HQfsTAcWU5RPXN5n5Y0ApWT ILkf8sH3J9MArrpGuUp9yOZMxiBd3b4lxZc+LVB8+7K35GZho/Zy2MmFsHMNaf6t -----END RSA PRIVATE KEY----- hohokus$ md5 cacert_cscaws.pem MD5 (cacert_cscaws.pem) = bdf396f9f9798bc4a54215aad8a12023 hohokus-3:csc521 burt$ md5 cakey_cscaws.pem MD5 (cakey_cscaws.pem) = 7da00db1f644239046e84e935194e3cc hohokus-3:csc521 burt$ md5 cakey_cscaws.pem.pw MD5 (cakey_cscaws.pem.pw) = cec32cc83297fd58a37617fb6f9a107e
References