Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

How to send mails native on Linux and MacOS from command-line

Daniel Nashed – 7 January 2024 14:39:04


End of last year SMTP Smuggling was a hot topic.
It turned out Domino is behaving well as you can read in Thomas Hampel's blog post who is also linking an interesting presentation about this topic.

(See details here -->
https://blog.thomashampel.com/blog/tomcat2000.nsf/dx/is-hcl-notes-domino-affected-by-smtp-smuggling.htm).

Because I didn't find any good tool to craft emails required to check, I wrote a simple command-line tool in C.

I used the OpenSSL versions of the network communication to abstract the calls from the standard socket operations.


It's a nice show case how SMTP works under the covers -- which didn't change for centuries and works the original standards (RFC 821 and 822) are still what is behind all SMTP traffic.

Once that worked, I thought adding STARTTLS would be a good addition.


After I was done with my smuggling tests and I could sleep well again, I started thinking about to make it a more useful tool.

So I added attachment support creating a MIME message with a Base64 encoded attachment.


Here is a link to the proejct in my tools repository -->
https://github.com/nashcom/nsh-tools/tree/main/nshmailx


BSD mailx compatible sending


Suddenly my old problem with the standard BSD mailx popped up in my head again.

Usually Linux tools like Ubuntu unattended-upgrades require mailx to send mails.


BSD mailx and comparable tools are designed to send and receive mails and come with quite some dependencies like a sendmail configuration and a lot of packet dependencies.

In addition mailx is not really transparent and I wanted something simple.

So I added a BSD mailx compatible command line today.



Statically compiling with OpenSSL


The project also gave me the opportunity to look into OpenSSL compiling and linking on multiple platforms.

Usually on Linux dynamic linking works well as long the build and run-time platform have similar OpenSSL versions.


But specially on a Mac this becomes more problematic. MacOS uses LibreSSL and the  run-time might not be available on another Mac.

So first I looked into making my small tool LibreSSL compatible. LibrSSL was forked long time ago from OpenSSL and doesn't have all functions you would expect from OpenSSL.

For my simple application I just had to change some calls. But for a larger project compiling with LibreSSL could be quite a challenge.


So I looked into compiling and linking statically with OpenSSL statically. I compiled OpenSSL on my Mac and linked the resulting static libs with nshmailx.


Finally I change the makefile to automatically detect what is installed on the build machine and automatically use the best option available.

On MacOS this would be statically linking with OpenSSL if available.


I wrote a short tutorial how compile on multiple Linux distributions and MacOS.


-->
https://github.com/nashcom/nsh-tools/blob/main/docs/turorial_build_apps_with_openssl.md


Conclusion


The project started as two hour work just to send basic SMTP mail and test SMTP Smuggling.

But it turned out like a great opportunity to look into OpenSSL cross platforms and have a small program to demonstrate how SMTP works under the covers.


It is also a useful testing tool, which I will extend for my own needs whenever I run into something.

Maybe adding a certificate check and dump would be useful...


The latest changes today have been to make it BSD mailx compatible.
And now I have my own mailx tool, which understands the command-line parameters from BSD/Linux mailx as well.
Which brings it from a educational project to quite useful tool for me.


Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]