Configure Joomla to Present Client Certificate when Sending Email
- Written by: Andrew Wellington
- Category: Synology
- Hits: 533
So you'd like to configure Joomla CMS to use a SMTP relay to send email. Unfortunately, presenting a client certificate is not a standard option and Joomla only allows authentication via SMTP Auth. You could allow access by your public IP but many have dynamic IPs and where is the fun in that? I did some research, but I could not find any good documentation on how to do it. After some trial and error, I was successful by editing the built-in PHP Mailer plugin. It was a fairly simple process and I will share the steps I took in this guide. You will need to have full root access to the Joomla host server.
Use Fail2ban and Postscreen to Fight Botnet Connections to Postfix
- Written by: Andrew Wellington
- Category: Linux
- Hits: 5551
I noticed multiple unsuccessful connection attempts in my postfix server from various IPs. The EHLO response varies but many of them respond as "User\r\n". See the following log entries from my /var/log/postfix.log file...
Nov 10 19:20:58 mail postfix/postscreen[18652]: COMMAND PIPELINING from [162.142.125.10]:57044 after ??????: 6\2 Nov 10 19:20:57 mail postfix/postscreen[18652]: COMMAND PIPELINING from [162.142.125.10]:46298 after ??????: W\ Nov 6 05:57:36 mail postfix/postscreen[15159]: PREGREET 11 after 0.12 from [147.78.103.88]:56690: EHLO User\r\n Oct 30 04:05:40 mail postfix/postscreen[8417]: PREGREET 11 after 0.13 from [87.120.84.90]:58426: EHLO User\r\n Oct 30 04:54:26 mail postfix/postscreen[9258]: PREGREET 11 after 0.13 from [87.120.84.90]:51143: EHLO User\r\nAs you can see, these connection attempts are coming from many different IP addresses. The best way to handle these attempts is with a custom Fail2ban rule that can match against the EHLO response. Fail2ban is log monitoring software that is able to take action when it matches a rule. These actions can vary but the default is to "ban" the IP and/or port by creating a rule in iptables. I will walk through the setup of this custom Fail2ban rule and the subsequent testing and verifying of the rule.
Send Email in your PowerShell Script - The Modern Method
- Written by: Andrew Wellington
- Category: Powershell
- Hits: 579
With modern companies using hosted email solutions, Microsoft has deprecated the use of the Send-MailMessage PowerShell cmdlet. The supported to way to send emails from a PowerShell script is with the Microsoft Graph API. Unfortunately, this is not as simple as using an on-premises SMTP server, but it's much more secure. And by building a proper PowerShell function, it's just as easy to integrate within your scripts. This does require an Office365 tenant and subscription. I will outline the steps and give an example of how to send emails with this method.
Setup Postfix as a Send-Only External SMTP Relay
- Written by: Andrew Wellington
- Category: Linux
- Hits: 1813
Self-hosting a mail server can be a great learning experience. I recently set up an email server using Docker Mail-Server and I ran into an issue with outgoing mail where my public IP was on a policy blocklist. This caused almost all of my outgoing emails to be blocked. If you are faced with this problem, there are two directions you can go. You can sign up for an SMTP service, some are even free up to a certain number of emails, or you can run a postfix relay in a VPS. I like to have control of the underlying infrastructure, so I went with the latter. This guide will walk you through how to configure the Postfix relay server on the VPS so that it only accepts mail from your mail server's IP or from a server with a certificate that matches your mail server's hostname.