Walker News

Customize Mailsend To Secure SMTP Login And Prevent Spam

Mailsend is an open-source, console-based SMTP client which is great for sending authenticated email (via Microsoft Exchange or Gmail, for example) at command-line interface (CLI), shell script, scheduler, etc.

In order to send authenticated email, user must supply the email account credential (i.e. login ID and password) via mailsend option switches. That means, the credential is easily available to anyone who looks at the processes or reading the script file. So, we need to:

1. secure it, make it a bit harder for the average bad guys from seeing the password,

2. prevent unauthorized user from using it for sending any email (e.g. spam) to anyone, any recipient.

To achieve these 2 objectives, we modify the mailsend source code to build a customized binary program file (refer to previous post on how to compile mailsend from source files for ARM/Raspbian platform). Here is our modified main.c for your reference:

1. All our modifications are enclosed by comment line
//*** WalkerNews.net changes start/end

2. Hardcode both email account login ID and password in string variables (smtpuser and smtppass).
WARNING: This is NOT a bulletproof approach! An experienced attacker could crash the running program and analyze the core dump file (memory dump) to retrieve it.

3. Besides, we also hardcode the smtp server name and port number, as well as the recipient and sender email address:

4. Turn on both -auth and -starttls options (which are required by mailsend when authenticating with Google SMTP server at port 587):

5. Remove option switches which we are not expected to use (especially the “-cc” and “-l” option switches). We also modify -h option switch to not printing help info but to print the recipient, sender, and SMTP server that we have hardcoded.

Eventually, our modified version of mailsend only supports 4 option switches, i.e. subject (-sub), message body (-M), attachment (-attach), and the -h option. It becomes simple, and even secured, to script it for sending an authenticated email. For example:
./mailsend -sub "test subject" -M "test msg"

If this customized mailsend falls into the wrong hands, they can’t easily make use of it (to send emails to other recipients of their choice).

Custom Search

2016  •  Privacy Policy