Archive for the ‘Internet protocol suite’ Category
Posted by jpluimers on 2020/04/08
After a 2018 discussion with a “zorgkantoor” (Dutch for office that arranges for special long term health care needs, successor of AWBZ) about their very low (10 megabyte) SMTP message size limit – even though they expect scanned PDF documents.
Their web-care team posed this limit as normal, so I made a list of limits in their peer group, common world-wide and well-ranked Dutch internet providers.
My plan is to check the progression of these limits over time.
Note these are the bruto message sizes including encoded attachments. Since encoding in [WayBack] MIME Base64 – Wikipedia has a overhead of at least 37% (encoded size is at least 1.37 the original size), the unencoded maximum size is less than 73% of what is listed below.
References:
2018
Read the rest of this entry »
Posted in base64, Communications Development, Development, eMail, Encoding, Internet protocol suite, MIME, Power User, Python, Scripting, SMTP, SocialMedia, Software Development, TCP | Leave a Comment »
Posted by jpluimers on 2020/04/06
I found this in one of my logs a a while ago:
Error when executing EHLO command for domain mail.com on SMTP server mx00.mail.com.
(554, 'mail.com (mxgmxus007) Nemesis ESMTP Service not available\nNo SMTP service\nBad DNS PTR resource record.\nFor explanation visit http://postmaster.gmx.com/en/error-messages?ip=37.153.243.242&c=rdns')
It means that gmx.de / mail.com are among the strictest email handling providers I know. I don’t blame them: EHLO is at the start of an extended SMTP session.
At [WayBack] Error messages | GMX Postmaster it indicates:
5xy Bad DNS PTR resource record
Emails from your email server were rejected because the PTR Resource Record (PTR-RR) of your IP address does not follow our guidelines. Possible reasons for this can be:
–jeroen
Posted in Communications Development, Development, eMail, Internet protocol suite, Power User, SMTP, SocialMedia, TCP | Leave a Comment »
Posted by jpluimers on 2020/03/26
Often when you send large emails the only reply you get is a non-descriptive message like 552 5.3.4 Message size exceeds fixed limit from the SMTP server without an indication what the limit actually is.
Most SMTP servers however implement extensions in the EHLO greeting that returns a SIZE mail parameter. You can query it by hand using this:
telnet aspmx.l.google.com smtp
Trying 108.177.119.27...
Connected to aspmx.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP 32si3005669edb.510 - gsmtp
EHLO example.org
250-mx.google.com at your service, [80.100.143.119]
250-SIZE 157286400
250-8BITMIME
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
QUIT
221 2.0.0 closing connection 32si3005669edb.510 - gsmtp
Connection closed by foreign host.
There you can see the maximum message size at the time of writing is 157286400 bytes which is about 150 megabytes.
There is a nice Python script showing how to obtain it at [WayBack] Getting Information from EHLO | Erle Robotics Python Networking Gitbook Free (note this one does send an email, so you might want to trim the example if you just want to see the size).
More background reading:
Trimming down the Python script so it queries message size for each mail server of a domain
This turns out to be a tad more complex, because DNS functionality isn’t part of core Python, and the rdata part of DNS records ends with a dot, which might not be usable with the SMTP library.
References for me when trimming down:
–jeroen
Posted in Communications Development, Conference Topics, Conferences, Development, Event, Internet protocol suite, Power User, SMTP | Leave a Comment »
Posted by jpluimers on 2020/03/10
In a lot of ssh-keygen related posts, you still see DSA being mentioned, though that has been deprecated and later removed from OpenSSH.
I wondered why, so I did some digging.
TL;DR: it’s complicated:
- different standards mandating eventually conflicting parameters,
- extending the parameters would require protocol extension,
- a logjam vulnerability for certain combinations of parameters and finally
- better algorithms having become available.
Some of the related topics cannot be archived in the WayBack machine or refuse being archived at Archive.is, so here is a list of partially archived relevant links:
–jeroen
Posted in Communications Development, Development, Internet protocol suite, Power User, Security, SSH, TCP | Leave a Comment »
Posted by jpluimers on 2020/02/27
Cool tool, but be aware it does aJavaScript:xmlhttpPost from , so your data can be logged [WayBack] Redirect Detective – A Free Tool To Trace Where Redirects End Up.
For http://www.xs4all.nl/~jp, it shows these redirects (where in bold I’ve listed the changes):
Oh and it runs this call: JavaScript:xmlhttpPost("/linkdetect.px")?word=www.xs4all.nl%2F%7Ejp from [WayBack] redirectdetective.com/ajax.js.
Note that this shows more redirects than the plain http ones, so wget from [WayBack] wget – How do I display all URLs in a redirect chain? – Unix & Linux Stack Exchange shows this:
$ wget http://www.xs4all.nl/~jp 2>&1 | grep Location:
Location: https://www.xs4all.nl/~jp [following]
Location: https://jp.home.xs4all.nl/ [following]
–jeroen
Posted in *nix, *nix-tools, Communications Development, Development, HTTP, Internet protocol suite, Power User, TCP, wget | Leave a Comment »
Posted by jpluimers on 2019/06/20
The TCP SACK vulnerabilities as found by Netflix: [WayBack] security-bulletins/2019-001.md at master · Netflix/security-bulletins · GitHub.
Easy, but slow workaround from [WayBack] linux – How to disable TCP SACK for CentOS? – Super User:
Temporary (until boot):
echo "0" > /proc/sys/net/ipv4/tcp_sack
Permanent (even after boot):
echo "net.ipv4.tcp_sack = 0" >> /etc/sysctl.conf
sysctl -p
Coverage:
–jeroen
Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, Security, TCP | Leave a Comment »
Posted by jpluimers on 2019/05/21
Since many HTTP stacks do not have fields for this so it’s hard to get the originating IP address:
It is about these HTTP header fields with and without X- prefix:
ForwardedX-Forwarded-ForX-Forwarded-ByX-Forwarded-Proto
Note that widely used tools like HAProxy do not always fully adhere to the “standard”…
Via:
–jeroen
Posted in Communications Development, Development, HTTP, Internet protocol suite, Software Development, TCP | Leave a Comment »
Posted by jpluimers on 2019/03/15
For me, scp is like tar; somehow I Google this every time…
- On the remote machine, find out the full path of the remote file:
~ # ssh username@192.168.71.123
...
~ # ls -alh `find /vmfs/volumes/ | grep -w W81Entx64CI | grep '\.vmdk$'`
-rw------- 1 root root 200.0G Aug 26 22:48 /vmfs/volumes/552f5788-33e30274-8dba-001f29022aed/VM/PSO/W81Entx64CI/W81Entx64CI-flat.vmdk
-rw------- 1 root root 500 Aug 19 16:36 /vmfs/volumes/552f5788-33e30274-8dba-001f29022aed/VM/PSO/W81Entx64CI/W81Entx64CI.vmdk
- On the local machine, go to the right directory, then copy the file from the remote machine:
~ # cd /vmfs/volumes/Samsung512NVME/PSO/VM/W81Entx64CI/
~ # time scp -v username@192.168.71.123:/vmfs/volumes/552f5788-33e30274-8dba-001f29022aed/PSO/W81Entx64CI/W81Entx64CI-flat.vmdk W81Entx64CI-flat.vmdk
I don’t know what’s worse–the fact that after 15 years of using tar I still can’t keep the flags straight, or that after 15 years of technological advancement I’m still mucking with tar flags that were 15 years old when I started.
The last line will logon over ssh and shows the file transfer in a verbose way.
Requirements:
- both machines have ssh
- local machine has firewall entry to allow client ssh
- remote machine has sshd and firewall entry to allow sshd server connections
Via [WayBack] shell – How to scp a folder from remote to local? – Stack Overflow (thanks [WayBack] Gryphius)
Image source: [WayBack] xkcd: tar
–jeroen
Posted in Communications Development, Development, Internet protocol suite, SSH, TCP | Leave a Comment »
The Wiert Corner - irregular stream of stuff 