At least daily I am put on a Spamhaus XBL or CSS or PBL list. After 1/ changing passwords at my email provider, 2/ using Norton and 3/ Malwarebytes antirootkit without result, I like to try Wireshark in order to find the cause of this blacklisting. I first installed Wireshark and started to capture. (My W10 PC using Thunderbird is connected to a mobile network using tethering over WIFI and my smartphone). I used Thunderbird to send a testmail. I dont see any SMTP protocol traffic after using "SMTP" as filter in Wireshark. The used port is 465 and filter "tcp.port==465" shows there was communication. I want to find the application (if there is one) which uses my PC (or phone) to send spam which causes me to be blacklisted. (TLSv1.2 is used). Someone can help me?
Related
I have a Delphi 7 application that I wrote that I have distributed to a partner living in a faraway place. The app uses the IndyDirect IdSMTP component to send mail to a mail server which I own. The mail server itself has no issues. The app worked fine until my friend moved. My friend ended up in a part of the world where his ISP blocks port 25. This prevents my Delphi app from sending email to my mail server.
The ISP said that they do permit port 587 as an alternative to port 25. My question is, is this a simple matter of changing the PORT property for the IdSMTP component from 25 to 587 and then recompiling the source code and giving my friend an updated .exe? Does anyone know if the mail server needs to be reconfigured in any way?
Thanks.
Yes, the mail server needs to be reconfigured. Right now it's listening on port 25; you need to configure it to listen on 587. This should be fairly simple with most off-the-shelf mail servers.
As an aside, I'd suggest putting the SMTP port into a configuration file that you read from in your Delphi code; then if the port changes again, all you have to do is update the config file rather than recompiling it and resending it to your friend. You could even get your friend to do it -- "Just open smtp.config and change '587' to 'xyz', then restart the program."
I'm writing an RFB server. I was wondering if anybody knows of an RFB reference client.
Currently, I run RealVNC and ask it to connect to my RFB server, and it works fine. However, RealVNC is intended to give a good end-user experience. It is not intended to test every possible valid combination of protocol features. So I know that the features which RealVNC uses are implemented correctly, but I have no idea whether the features that RealVNC doesn't use are working at all. But it would be really useful if I could check somehow.
Any suggestions?
(I could, of course, write my own RFB client as well. But that wouldn't really prove anything. If something doesn't work, I can't tell if it's the client or the server that's broken. And if everything does work, that still doesn't mean that both ends implement RFB correctly, just that each has the same bugs as the other.)
This may help you out a bit. I use to use TCP/IP builder to make various hexcode messages(pointer event, key event, cut text) store them in a text file. Now i Used to connect the tcp/ip builder with my rfb/vnc server.
The RFB server you wrote will now respond to this TCP/IP builder like any RFB Client and you can now verify each and every scenario ( incomplete payload, wrong message number, extra payload, message out of sequence etc)
Make sure you select "Parse Ascii" option if your server doesnt
respond with rfb version number info once you connect to your
server.
In order to make the the intial message you can record wireshark logs for a successful proper rfb session between your rfb server and real vnc and then use those messages to test your RFB server with TCP/IP builder.
The RFB version info can be send like this "RFB 003.008" , but
for the rest of the message you will have to use hex symbol like
it is seen network logs (pcap/wireshark)
example : this is how to send Framebuffer request message to your
server (non-incremental for 800 x 480)
0x030x000x000x000x000x000x030x200x010xe0
I'm working with the API using HTTMultiParty and I'm having trouble capturing the outgoing HTTP requests when I make POSTs. I don't see them at all in wireshark. I am capturing on the wireless adapter (I have no other internet connection) and filtering on
http.host contains "docusign"
but I can't see anything come up. Even with just an HTTP filter, I see nothing new captured while I see a request and response. Why is wireshark unable to view the traffic from my rails app? Note: I can see the request made by my browser to the rails app.
Since it's https traffic, assuming you know the IP address of the server you're talking to, use the filter ip.addr == x.x.x.x and you should see TLS traffic leaving leaving your client.
I presume in the above comments that you mean "ip.dst" because there is no such thing as "tcp.dest" as far as I'm aware.
Slightly old but here's a complete list of filters.
I want to write an application in Delphi which filters requested URLs in the OS (not only web browsers) and if it matches - blocks it or changes the URL's content to blank. The problem is - I don't know where to start looking. Could you help me with some informations?
I think you're talking about a DNS service. usually, DNS services live outside, on your router, your ISP, or a 3rd-party like www.openDNS.org
But you could write your own, run it on your PC, and set your internet settings to use that as your DNS server.
I suspect that a lot of malware works like this....
Also, this sort of thing can be done with no programming at all - just edit your hosts file in C:\WINDOWS\system32\drivers\etc\hosts (it's a text file with no extension).
Anything in there should trump.
Also, before you start writing an application to do this, have a look at OpenDNS. If it's an app for personal use, you may find that you don't need it. If it's going to be a commercial offering, this is the bar for usability and usefulness that you need to meet or beat.
http://www.mail-archive.com/delphi-talk#elists.org/msg01558.html - text by Francois PIETTE quoted bellow(in case link will become unavailable):
"There are several way to achieve your goal. The two main I see are:
1) Write a LSP (Layered Service Provider)
2) Write a proxy server
The first is not possible with Delphi (At least I think so. If anyone know
how to write a LSP using Delphi, I would love to get the code).
The second - writing a proxy - is more or less easy with Delphi using ICS
components. See "usermade" link at ICS website (http://www.overbyte.be).
With this option, you have to configure IE to use the proxy: IE Menu / Tools
/ Internet options / Connections / Network parameters / Use a proxy and then
enter the IP address (127.0.0.1 if proxy run on the same computer) and port
number (pick anyone you like, for example 8080). Once IE is configured to
use a proxy, it will send all requests to the proxy. Then the proxy will
make the real request to the target server and return data back to IE. What
is important there is that you get all URL entered in IE or indirectly use
(clicking on links), and you can either really rely them to the target
server or forge and answer your self to say the page access is denied.
At ICS website, on the usermade page, you'll even find a HTTP proxy
component. If you need help with this component and/or the entire ICS,
please use ICS support mailing list (same server as this list). See
"support" link at ICS website for support details."
LE: it seems that this question is possible a duplicate
Using delphi to block websites
use GetExtendedTcpTable api locate if there are any connexions to the remote server you want to block on port 80 if there is a connection use SetTcpEntry to terminate that connexion is pretty simple
I have built several applications in delphi using the indy components suite(version 10.5.2 i think) and they all are working. I have just finished setting up the POP3server and it works locally. I can see mail sent locally on there. I have been using "localhost" as my hostname. However, i want to graduate to a higher level of function. I want to be able to receive email from the internet such from msn, gmail, yahoo ... The problem is I don't know how to do this. What address should I be using inorder to do this? So far "myhouse#localhost" has been working but only internally; can't seem to get external mail in there. Is it possible to receive mail like this? Thanks.
You need to register a domain, and then setup its DNS records (in particular, its MX records) to point to your server machine. That way, when an email is destined for any "#yourdomain" address by any sending service, it will be routed to your server machine (which needs to run an SMTP server to receive emails - POP3 is for downloading emails from your mailbox, not for putting emails into it). If your server does not have a static IP, then you need to use a service like DynDNS to mange the DNS records for you so they can account for your dynamic IP whenever it changes.
"The Internet" doesn't use POP3 to send and receive email, it uses SMTP. Here's how email "flows" from the sending computer to the receiving computer:
Server needs to send email to address: myhome#localhost. The first thing it does is isolate the server name, that's the part after "#". Next it uses DNS to lookup the SERVER IP for the computer that's supposed to receive email for the given domain. DNS contains a special record for this purpose, it's called the "MX" record. You can use command line tools like dig on Linux or nslookup on Windows to find this address, or you can use an online tool like the one found at http://www.mxtoolbox.com/ (google found this site, I assume there are many others!).
If you try to locate the MX record for your "localhost" domain you'll obviously discover it's not possible, because it's not a fully-qualified name. You first need to get yourself an domain name, so you can register a MX record!
Things you need in order to RECEIVE email
Need an "real" IP address. Servers outside your local network need to contact your server, and they obviously need a way to do it. Make sure no routers along the way block SMTP ports.
You need to register an domain name, add a MX record and point it to your "real" IP address.
Need to run SMTP server software on your box. You can use Indy components to write one.
Things you need in order to SEND email
Theoretically sending email with SMTP is the easy part. You just contact the responsible server using SMTP and send email, that's the way the protocol works: any computer in the world may send email to any SMTP server.
Practically sending email is the most difficult thing you'd have to do, mostly because foreign SMTP servers don't trust you (ever heard of SPAM?). Here are some of the things you might need to do so foreign SMTP servers accept email from you. There's no definitive list because the protocol itself doesn't include a clear authentication mechanism, so every big SMTP server out there uses it's own heuristics to decide rather to accept email from you or not. You'll find yahoo especially fun!
You need to have REVERSE DNS for the IP you're using to send email.
You need to send from one of the SMTP servers listed in DNS as your MX servers.
Your DNS records need to have long TTL (this rules out Dynamic DNS services)
Many other things...
What people usually do?
eMail is hard, there's a surprisingly small number of full SMTP servers available for your own server: Exchange, Notes, Postfix, QMail, Sendmail. They're all notoriously difficult to configure. Most people would use hosted mail services, some people would use the SMTP services provided by the ISP, and very few would install one of the mentioned services.
If you really want to write your own SMTP server go ahead, but you might want to install one of the ready-made ones before, to get a bit of eMail and DNS experience. The Linux ones are cheap to install and may also help with development (you don't want to send too much bad email to your free yahoo address, you might get blacklisted!)
POP3 is a protocol to read email from a mailbox. The TidPOP3Server component implements a POP3 server (and AFAIK it has no host property to set...), while TidPOP3 implements a POP3 client. To read mail from GMail or any POP3 server you need a TidPOP3 component. The hostname to set is the DNS name the service instructs you to use (i.e. pop3.mydomain.com).