Issues to be covered

  1. email protocols
  2. features and security of mail
  3. encryption and signing of messages (OpenPGP)
  4. service providers
  5. End-to-End encryption - ProtonMail.com

Activities

  1. Introduction to the topic of classes, providing teaching materials.
  2. A brief discussion of the history of email and POP3 and SMTP protocols.
  3. Sending a message via telnet (SMTP)
  4. Configuring the OpenPGP key

Materials for classes

Introduction tasks

Task 1 - SMTP

  1. Log in to the university mail server using the telnet tool

    $ telnet pp.amu.edu.pl 587
  2. Say hello to the server with the command helo.

    helo pp.amu.edu.pl
  3. Try to send a message as to the address of the teacher

    mail from: <rectorof@amu.edu.pl>
    rcpt to: <bikol@amu.edu.pl>

    What is the response from the server?

  4. Since the server rejects our request, let us try to login. For this purpose, we will use the extended SMTP-AUTH protocol. The ehlo command returns a list of options supported by the server.

    ehlo pp.amu.edu.pl
    auth plain
    AHVzZXIAcGFzcw==

    AHVzZXIAcGFzcw== is a base64 encoded login and password. For example, you can do this in the following way.

    $ echo -n -e '\0user\0pass' | base64
  5. Fortunately, the server will reject our request (regardless of providing correct data). Why?

Task 2 - Gmail

  1. Repeat the procedure for Gmail servers (smtp.gmail.com, port 587). What response we get this time. Does the server offer us AUTH PLAIN authentication?

Task 3 - STARTTLS

  1. Most modern servers require at least basic encryption. We will try to send an e-mail using Gmail servers. We will use the following account for this: (base64 encoded: AGR0aW4uMjAxOGxAZ21haWwuY29tAGR0aW5AdWFt).

  2. We establish an encrypted connection with the Gmail server:

    $ openssl s_client -starttls smtp -crlf -connect smtp.gmail.com:587
  3. Did the result of the ehlo command changed?

  4. We log in to the server

    ehlo smtp.gmail.com
    auth plain
    AGR0aW4uMjAxOGxAZ21haWwuY29tAGR0aW5AdWFt
  5. Then we send the message to your teacher just like in the original SMTP protocol:

    mail from: <dtin.2018l@gmail.com>
    rcpt to: <bikol@wmi.amu.edu.pl>
    data
  6. Enter the message (do not forget about the period at the end)

    Date: 30 Jan 18 21:21:21
    From: dtin.2018l@gmail.com
    To: bikol@wmi.amu.edu.pl
    Subject: subject
    
    message
    .
  7. We finish the session with the quit command.

Task 4 - Experiments with Gmail

  1. Try to change the data in the message body from the previous task. Is it possible to send a message retrospectively or signed as someone else?

Task 5 - Generating OpenPGP keys

  1. Signing and encrypting email is a very important skill. As part of this task, OpenPGP keys will be generated.

  2. To create an OpenPGP key, use the gpg command. The default values of most parameters are appropriate. Please enter correct data (name, surname and email address) - this will be needed for the homework.

    $ gpg --gen-key
  3. The next step will be to add the generated key to the server (instead of 3303CE03 insert your key id):

    $ gpg --send-keys --keyserver keyserver.ubuntu.com 3303CE03

Assessment tasks

Mandatory

Basic tasks are checked automatically, hence it is important to send to the appropriate address and keep the indicated message title. Email is a completely different email account than (how to check it?).

The results of tasks are available in the per student text file at https://kino.vm.wmi.amu.edu.pl/results/dtin/######.txt, where ###### is a six-digit student index number. Global list of results is available at https://kino.vm.wmi.amu.edu.pl/results/dtin.txt

Task 2.1 - Fake email (1p.)

Send an e-mail from a given, non-existent address (test@test.pl) to the address . Message title: “[DTIN] Z2.1 ######”, where ###### is a six-digit student index number.

Task 2.2 - PGP signature (2p.)

Send a digitally signed e-mail by OpenPGP using the OpenPGP certificate generated during classes to . Message title: “[DTIN] Z2.2 ######”, where ###### is a six-digit student index number. The signature of the message should be placed in the attachment (PGP/MIME instead of PGP/Inline) with filename signature.asc.

Task 2.3 - PGP encyrption (2p.)

Send an encrypted by OpenPGP e-mail to using the certificate with key ID : 3303CE03. Message title: “[DTIN] Z2.3 ######”, where ###### is a six-digit student index number. Email subject should be unencrypted and encrypted email body should be in attachment named encrypted.asc.

Extra

Task D2- Remote computer control via email (5p.)

You need to write a bash script reading an e-mail (in a student-defined form) from a given mailbox and then executing the message’s content as a Bash shell command. The result of calling these commands should also be sent back as an e-mail. The script should be run regularly, eg every minute using the cron utility. The whole should be implemented on the student virtual machine.

Useful tools:

  • cron
  • fetchmail
  • procmail
  • ripmime
  • bash
  • sendemail