E-mail notify plugin with local mailer

fft's Avatar

fft

03 Dec, 2015 10:37 AM

Hello,

For now, on nightly build, to enable the E-mail notify plugin (email_notify), the user must use a SMTP server with authentication enabled.

I would like to use the local mailer instead, for which i don't need to setup authentication, but without user and password, the form validation is rejected.

Do you plan to add this possibility ?

  1. Support Staff 1 Posted by Tasos Laskos on 03 Dec, 2015 10:41 AM

    Tasos Laskos's Avatar

    Hello,

    What do you mean by local mailer? Sendmail?

  2. 2 Posted by fft on 03 Dec, 2015 11:53 AM

    fft's Avatar

    yes, either sendmail, or smtp on localhost:25 without auth

  3. Support Staff 3 Posted by Tasos Laskos on 05 Dec, 2015 12:22 AM

    Tasos Laskos's Avatar

    I've updated the nightlies to not require a username and password:

    http://downloads.arachni-scanner.com/nightlies/

    Let me know how it works.

    Cheers

  4. Tasos Laskos closed this discussion on 07 Dec, 2015 09:48 PM.

  5. fft re-opened this discussion on 08 Dec, 2015 03:14 PM

  6. 4 Posted by fft on 08 Dec, 2015 03:14 PM

    fft's Avatar

    I got this error. I checked thaht unauthenticated SMTP is enabled on localhost:25.

    [2015-12-08 15:16:09 +0100] [Net::SMTPAuthenticationError] 503 5.5.1 Error: authentication not enabled
    
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.2.0/net/smtp.rb:976:in `check_auth_response'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.2.0/net/smtp.rb:740:in `auth_plain'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.2.0/net/smtp.rb:732:in `authenticate'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.2.0/net/smtp.rb:567:in `do_start'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/usr/lib/ruby/2.2.0/net/smtp.rb:520:in `start'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/gems/mail-2.6.3/lib/mail/network/delivery_methods/smtp.rb:112:in `deliver!'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/gems/mail-2.6.3/lib/mail/message.rb:252:in `deliver!'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/gems/pony-1.8/lib/pony.rb:143:in `deliver'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/gems/pony-1.8/lib/pony.rb:137:in `mail'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/components/plugins/email_notify.rb:60:in `clean_up'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/plugin/manager.rb:73:in `block (3 levels) in run'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/utilities.rb:425:in `call'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/utilities.rb:425:in `exception_jail'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/plugin/manager.rb:70:in `block (2 levels) in run'
    [2015-12-08 15:16:09 +0100] 
    [2015-12-08 15:16:09 +0100] Parent:
    [2015-12-08 15:16:09 +0100] Arachni::RPC::Server::Plugin::Manager
    [2015-12-08 15:16:09 +0100] 
    [2015-12-08 15:16:09 +0100] Block:
    [2015-12-08 15:16:09 +0100] #<Proc:0x00000003f9cec0@/srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/plugin/manager.rb:70>
    [2015-12-08 15:16:09 +0100] 
    [2015-12-08 15:16:09 +0100] Caller:
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/utilities.rb:425:in `exception_jail'
    [2015-12-08 15:16:09 +0100] /srv/arachni/arachni-2.0dev-1.0dev/system/gems/bundler/gems/arachni-fa53e2ff85b4/lib/arachni/plugin/manager.rb:70:in `block (2 levels) in run'
    [2015-12-08 15:16:09 +0100] --------------------------------------------------------------------------------
    
  7. 5 Posted by fft on 08 Dec, 2015 03:32 PM

    fft's Avatar

    The plugin was configured as following:

    server_address: localhost
    server_port: 25
    tls: false
    username: (empty)
    password: (empty)
    domain: domain.tld
    authentication: (empty)

    i guess if authentication field is kept empty, it is just kept to the default value ?
    maybe a switch is needed like "authentication: false" ?

  8. Support Staff 6 Posted by Tasos Laskos on 08 Dec, 2015 05:33 PM

    Tasos Laskos's Avatar

    For now set authentication to an empty string as the default is plain, I'll now update it to default to none.

  9. Support Staff 7 Posted by Tasos Laskos on 09 Dec, 2015 02:47 PM

    Tasos Laskos's Avatar

    Nightlies have been updated with auth disabled by default.

  10. 8 Posted by fft on 10 Dec, 2015 09:37 AM

    fft's Avatar

    scan is currently running with the new nightly, i'll see what happens at the end.

    FYI, on a profile, if i check "Scope exclude binaries", it is not saved. Other options that i checked/unchecked (not many) didn't have the issue.

  11. Support Staff 9 Posted by Tasos Laskos on 10 Dec, 2015 11:54 PM

    Tasos Laskos's Avatar

    Fixed the option, cheers for the heads up.

  12. 10 Posted by fft on 11 Dec, 2015 01:34 PM

    fft's Avatar

    "Scope exclude binaries" option still failing.

    The mailer didi'nt receive any mail. Apparently, when a scan is finished with an error, or terminated by a timeout, the mail plugin is not triggered ?

  13. Support Staff 11 Posted by Tasos Laskos on 11 Dec, 2015 02:02 PM

    Tasos Laskos's Avatar

    I didn't push the nightlies yet for the option fix.

    About the plugin, it should run in both those occasions.
    Do you have any instructions on how to setup a local mailer in the same way as you in order to see if I can reproduce the issue and stop bugging you?

  14. 12 Posted by fft on 11 Dec, 2015 03:39 PM

    fft's Avatar

    yes: a very basic mailer installation with standard settings is sufficient, as long as it accepts localdelivery.

    In my case:

    apt-get install postfix

    And then default answers at configure.

    In my case /etc/postfix/main.cf is like

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version
    
    
    # Debian specific:  Specifying a file name will cause the first
    # line of that file to be used as the name.  The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname
    
    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no
    
    # appending .domain is the MUA's job.
    append_dot_mydomain = no
    
    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h
    
    readme_directory = no
    
    # TLS parameters
    smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls=yes
    smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
    
    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.
    
    smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
    myhostname = arachni.domain.tld
    alias_maps = hash:/etc/aliases
    alias_database = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = arachni.domain.tld, localhost.domain.tld, localhost
    relayhost = smtp.domain.tld
    mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    mailbox_command = procmail -a "$EXTENSION"
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = loopback-only
    #inet_protocols = ipv4
    

    NB: with arachni configuration, i have to make sure postfix is listening on localhost:25 without authentication (that's the standard) ; here we could also directly use the sendmail command.

  15. Support Staff 13 Posted by Tasos Laskos on 15 Dec, 2015 02:50 AM

    Tasos Laskos's Avatar

    I'm using the same config but getting a timeout from the SMTP server, have you tried the same configuration but from a different client?
    I know the plugin works in general (I've tried it several times with GMail) and I'm just relying on another library to do the work to which I just pass the plugin options.

    There's not much to go wrong here, if the client and server configs are OK, then it should work.

  16. Tasos Laskos closed this discussion on 19 Jan, 2016 01:55 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac