I am fiddeling arround with Honeypots these days and want to receive email alerts when something is happening on those machines. Specifically I want to relay emails via my freemail provider for this. However as Honeypots may be compromised at some point I dont want to store my mail credentials on those machines.
So what I had planned was to set up an open mail relay in my internal network which accepts smtp connections and relays them to my freemail provider.
To save energy (and with that my hard earned cash) I do not want my server be running 24×7, but still want the comfort of having an easy option to relay emails from every machine in my network.
Besides some Honeypot VMs there is the RAID controller of my server for example which can alert via email on hard disk problems. The possibilities are endless. Maybe I want to teach my Espresso machine smtp some day.
So there is only one device in my household running 24×7: My OpenWRT based Internet Router (TP-Link WDR-4300) which is already:
- Serving OpenVPN
- Bridging WiFi to neighbors
- Waking up my Server on demand
- Drawing graphs about my Internet Usage
- And all the normal boring Consumer-Router stuff (ddns, dhcp, dns, switching, routing, etc…)
So why not also promote it to MTA?
Sadly I seem to be one of very few people who try to achieve this as there is virtually no proper how-to available on the internet for this. I guess most people do not have the need for this kind of setup as they do not relay emails in their home network. Probably because most consumer electronics have some kind of smtp functionality with smtp authentication integrated.
So here it is:
How to set up XMail on OpenWRT as open mail relay
Hopefully you have read the above and understand for what reason I want to set this up. Be sure to know what you are doing and do not connect open mailrelays to the Internet as they will just end up being exploited.
- Get a separate freemail account for this activities. One which you will not mourn when it gets cancelled. Just create a new one when things go wrong and your account got deleted.
- (Again) Not forward port 25 from the internet to the open mail relay!
- Keep your OpenWRT Systet locked up. Do not open services to the Internet if you are not 100% sure what you are doing!
2. Chose an MTA:
Most common MTAs like postfix and exim are too big or just not available in OpenWRT’s repositories. I stumbled over quite a few easy sendmail tools which were able to send emails via the freemail provider just fine, however they were all small lightweight scripts intended to send emails only from the local OpenWRT system.
After I googled _a lot_ and studied the opkg repositories I notice XMail:
XMail is an Internet and intranet mail server featuring an SMTP server, POP3 server, finger server, multiple domains, no need for users to have a real system account, SMTP relay checking, RBL/RSS/ORBS/DUL and custom ( IP based and address based ) spam protection, SMTP authentication ( PLAIN LOGIN CRAM-MD5 POP3-before-SMTP and custom ), a POP3 account syncronizer with external POP3 accounts, account aliases, domain aliases, custom mail processing, direct mail files delivery, custom mail filters, mailing lists, remote administration, custom mail exchangers, logging, and multi-platform code. XMail sources compile under GNU/Linux, FreeBSD, Solaris and NT/2K.
Jackpot! This is a full-fledged (if you may call it that) MTA. In other terms it can serve as a full-scale email system. For what forum posts i stumbled upon it seems that it also is, or at least was in the past, used for exactly this by some companies and internet providers.
I am no expert on email communication but XMail seems to be a bit outdated. Nowadays there are open collaboration platforms like OpenExchange and Zimbra available for free. This matches the fact that I found no proper xmail How-To and also the XMail Website and Forum seems to be a bit outdated.
As already explained I want to use XMail as a mail relay only. So I will not go into any other functions of XMail.
3. Install XMail
First the basics:
- This How-To is based on Trunk OpenWrt Barrier Breaker r35896 whichs repositories include xmail 1.26-3 as of this moment when I am writing this tutorial.
- With OpenSource Things change. Check the versions. Maybe Packages were altered and the below steps do not fit 1 to 1.
- Try to understand the underlying logic instead of just copy commands and config files.
- Check that you have enough disk space. XMail itself came as an 354KB binary plus you will need a library and some space for the configuration and spool files.
- If you have at least 1mb free space on your router you should be fine.
- Dont max out your routers flash storage! I warned you!
- Set up USB Storage to store at least the spool folder on. You dont know the exact size of the emails you want to send out in the future and also spooling will wear out your routers flash memory read/write-cycles.
- USB Storage How-To’s are widely available. Even in the official OpenWRT wiki.
- opkg update
- opkg install xmail
4. The interesting part: Configuring XMail
So this was the tricky part for me. I was not even entirely sure XMail supports the kind of email relay setup I wanted and the nearly non existing documentation did not help me with this. Ontop of that I either caught a bad trunk version or the XMail package I got is just incomplete (more on that shortly).
There are 2 places where the configuration magic happens:
- /etc/config/xmail – a usual openwrt config file
- MailRoot – a freely placeable directory containing configuration files, logs and spooling folders
Lets begin with the first one. The interessting part is the top of the configuration file:
# Configuration parameters for xmail # # To see what xmail command line parameters each parameter corresponds to, # please see /etc/init.d/xmail # # The xmail configuration files are contained in /etc/MailRoot.tar.gz, and need # to be installed in the MAIL_ROOT directory, set by default to # /var/MailRoot below by: # MAIL_ROOT=`grep "option.*mail_root.*'$" /etc/config/xmail | sed -e "s/'$//" -e "s/.*'//"` # mkdir -p $MAIL_ROOT; cd $MAIL_ROOT; tar -xjf /etc/MailRoot.tar.bz2 # NOTE: On OpenWRT /var is a temporary filesystem, so change mail_root below, # but it is probably not a good idea to install on a device's internal # flash due to the amount of writing of the flash that will ensue. # # To see what settings are appropriate, please refer to: # http://www.xmailserver.org/Readme.html # which also documents the configuration files in mail_root # ( please note that the values commented out are not real values ) # config xmail option mail_root '/mnt/usb/mailroot' # option debug 1 ... (truncated)
This config file is more of a "starter config" which defines what components of XMail are going to be started and where the actual configuration (MailRoot) is located. In this file you only need to alter the first 2 option lines.
- Set option mail_root to an folder on your external USB Storage where we will copy the MailRoot
- For the setup I recommend uncommenting the debug option to see what XMail is up to after start, as smtp is quite a bitch
Now the fun Part: MailRoot
The promised MailRoot.tar.bz2 was not delivered with the opkg package for me. Maybe I caught a bad trunk branch or maybe they just decided to leave it out to save space on our precious router flash storage. Then again it is only a couple of bytes (less than 10) in compressed state...
So as the Config Header did not say much about where else to get the MailRoot I googled if Ubuntu has a XMail package and naturally they have it in their apt repos.
So I just went quick and dirty and headed to: https://launchpad.net/ubuntu/+source/xmail and downloaded the latest package and extracted it. I found the MailRoot directory in there and just scp'ed the contents of it over to the location on the external usb storage I specified in the xmail config file above.
5. Finally the XMail configration files in $MailRoot
The configuration of XMail is stored in a bunch of *.tab files. We only need to alter the following:
- $MailRoot/server.tab - the main configuration file
- $MailRoot/userauth/smtp/smtp.web.de.tab - mail relay credentials, NOTE that the name needs to match the mailrelay server with an ".tab" appended
# # Example configuration file. # Note : remember to use _REAL_ TABs and " to format this file # "RootDomain" "xmailserver.test" "SmtpServerDomain" "xmailserver.test" "POP3Domain" "xmailserver.test" "HeloDomain" "xmailserver.test" "PostMaster" "firstname.lastname@example.org" "ErrorsAdmin" "email@example.com" "DefaultSMTPGateways" "smtp.web.de" "RemoveSpoolErrors" "0" "Pop3LogPasswd" "0" "MaxMTAOps" "16" "ReceivedHdrType" "0" "FetchHdrTags" "+X-Deliver-To,+Received,To,Cc" "DefaultSmtpPerms" "MRVZ"
I only post the the uncommented lines from the config here as there are only two important lines here:
- "DefaultSMTPGateways" "smtp.web.de" <- add the dns/ip of your providers smtp server here
- # Note : remember to use _REAL_ TABs and " to format this fileReally take a note of this! This cost me a lot of time! The .tab files needs to contain only one tab between: "Option" -> "Value"
"LOGIN" "USERNAME" "PASSWORD-IN-CLEARTEXT"
This is only a one liner. The First Value is the SMTP authentication scheme. Valid options are:
Again: there are Tab-Stops between the values, not spaces! Username and Password are expected in cleartext. No need to base64 them for smtp authentication!
If you think this insecure: This whole tutorial is not about high-secure systems! It is intended for easy and reasonable safe email relay at home.
So thats about it! There is a lot more functionality in XMail but this how-to covers only external mail relay (smart host) functionality!
6. Enable start and test XMail
- /etc/init.d/xmail enable
- /etc/init.d/xmail start
The first command enables XMail as an startup daemon (autostart) the second command starts xmail. If you have uncommented the debug line in /etc/config/xmail you will now see the debug output. I recommend this for the first couple of email relay attemps!
To test xmail just use sendmail from the OpenWRT console (while watching the debug output):
- "sendmail firstname.lastname@example.org"
7. Send emails from other Linux machines
I dont want to cover the detailed configuration in this tutorial but just outline the basic steps and explain a few caveats:
- Setup an MTA of your liking
- I prefer exim4 which is available in the ubuntu repositories: "aptitude install exim4"
- "dpkg-reconfigure exim4-config" will guide you through the configuration of exim menu based. Tell the wizzard to only relay via smarthost and point it to the OpenWRT
- Your email provider expects you to send only in the name of your registered email account. So make sure to tell sendmail to use your email address as sender address. The syntax for this varies in different MTA's sendmail scripts. Its probably -f or -F.
- Exim also has a rewrite file which can rewrite sender for all relayed emails. Read up on that if you like.
- Watch the XMail debug output to see which sender address is specified for an outgoing email. You will also see the email providers error code there if something does not work.
8. So what the fuck were you talking about honeypots in the beginning?!?!
I currently have set up a kippo ssh honeypot on a virtual machine on my homeserver. I use swatch to monitor the lastlog.txt file and let it send real time email alerts to get notified when the action is going down (last line of the file contains IP Adress and duration of interaction).
swatch is also in the ubuntu repositories and a simple swatch file can look like this:
watchfor /./ exec tail -n 1 /home/kippo/kippo/data/lastlog.txt | sendmail -F honeypot email@example.com
The first line is basically the command "watchfor" followed by an regex what changes to look for. /./ stands for everything in this case.
The second line pipes the last line of kippos lastlog.txt to sendmail.
You could also put the following line in your rc.local to begin the watch on boot up:
swatch -c /home/kippo/kippo/data/kippo.swatch -t /home/kippo/kippo/data/lastlog.txt
9. And how do I set up my own honeypot?!?!?!
There are a lot of tutorials out there. I liked:
Props to the autors!
Dont try this at home if you dont know what you are doing!
Do your research first!
You are responsible and liable for your machines and your internet connection!
I hope this helps someone out there. Feel free to leave comments, inspiration, discussions!