smtpwire This program sits on the normal mail port - port 25 or port 587 for both plain and TLS/SSL (or sometimes 465 or 2525 are used) - and pretends to be a fully functional mail deamon. It allows ALL mail traffic for a server to be sucked in and treated like an incoming data stream like a wire service. If only a few logons on a particular server are required and NOT all, do NOT use this program but use the normal 'sendmail' routines and add 'sffmail' to the 'aliases' file. It allows NO relays, aliases or other dodgy bits - all that is done in other Fip programs downstream (if you really need them of course). If you need outgoings, use 'ipsmtp' and point it - using the -h (hostname) switch at your in-house email server. To get mail to your system you will need to sweet-talk the mail administrator to replay those logons you are interested in to the host running 'smtpwire'. A small FipHdr is added with date and time fields, sender and receiver logons before the file is passed on - normally to spool/xsmtp for 'ipchkmail' to sort out. The Sender is the FipHdr fields SA and the Receipient the DA FipHdr (and DZ to the no angle brackets-non-domain, stripped version) To install on a Unix box, you will need to take sendmail down first before replacing it (so please do make sure no-one else needs mail on that system !). It is usually started by : On Unix it is the 'sendmail' with the '-bd' switches running : ps -ef | grep sendm root 163 1 0 09:40:22 ? 0:00 /usr/lib/sendmail -bd -q1h On Solaris - /etc/rc2.d/S88sendmail Stop sendmail with 'S88sendmail stop' Then stop it from restarting by renaming this to something NOT starting with 'S99' On Linux - RedHat - /etc/rc.d/rc2.d/S80sendmail Stop sendmail with 'S80sendmail stop' Then stop it from restarting by renaming this to something NOT starting with 'S99' Note that on some flavours of Unix, 'smtpwire' needs to be started by someone with 'root' priviledges if the port number is less than 1024 - which port 25 normally is ! If using Unix/Linux, only one instance of smtpwire should be in the SYSTEM file and the -E 99 switch is used to determine the number of simultaneous inputs. There is an optional parameter file which will be the same as the -z input switch. It can contain any SSL settings : use-tls:yes/no/both The commands are for a ftp running over SSL/TLS on the remote server NOTE - smtpwiressl and NOT smtpwire must be used for SSL/TLS default is NO no - normal, standard SMTP on (normally) port 25 for the control yes - connect (on port 587) and use SSL for all transfers both - connect in plain and if the remote client sends a 'STARTTLS' command, use SSL for all subsequent transfers tls-auth: (XXX) AUTH type for TLS/SSL default: TLS Valid entries are TLS, SSL, TLS-C (whatever that is !) and something starting 'X-' which will be something homegrown ! NOTE that for all versions of SSL the method string is "SSL" (this string is case sensitive according to the RFC) eg tls-auth:SSL ssl-method: tls tls1 tls1.1 tls1.2 sslv2 sslv3 sslv2and3 Version number to use for TLS/SSL default: 999 for current default (2 or 3) (only the digits are significant, so add other text to make it readable) For 'modern' connection, pls do NOT use sslv2 ! as it is deemed insecure If default it will check the available list and pick the highest. The default is currently 23 which on a modern server is sslv3 and tls1_2 !) ssl-password: (password) ssl-passwd: (password) default: none Optional password if the handshake requires a shared secret ssl-cert: (name of a PEM certificate file) default: none ssl-root-cert: (name of a root PEM certificate file) defaunt: none Optional certificates - held in tables/ssl ssl-verify: yes/no verify certificates default: yes ssl-ciphers: (list) acceptable ciphers (use 'openssl ciphers' to list) default: "HIGH:!aNULL:!kRSA:!SRP:!PSK:!CAMELLIA:!RC4:!MD5:!DSS" Input Parameters : All Optional : -A : name of the archive file if not the -n name field default: 'name' -c : the chrset of the source (SC header field) default: ascii -C : always close the underlying socket default: no -d : done folder default: none This holds a copy of all incoming data files from every source The structure is (done folder) / (date)_(logon) eg 20110921_fip / (filename as written to the o utput folder) It can be purged with an entry in maintenance (zapfiplog) eg if '-d raw.smtpwire' and we want the last 30 days data /fip/bin/ipdelque -q/fip/spool/raw.smtpwire -i1 -a30 -D : the name of a DUPLICATE wire where 2 copies of the same file is required (SD header field). default: none -E : maximum number of threads default: 1 up to a max of 200 (not Win2k) Note this is also a hardware limit in that small systems may not be able to run more than 50 or so -f : Extra FIP header information default: none For fixed header info in FIP. eg -f #QA:AA#QB:BASIC As this flag is normally the last specified, its contents can be used to overwrite any unique fields such as DU, DP, SN etc. -h : hostname/internet address to select default: systemname on boot for servers with more than one card/address To specify ALL ipaddresses on this box : '-h +' -I : id of this instance default: ignored Where there are several copies of 'smtpwire' running (more relevant for Win2k) -j : balance queue for balancing doneque items default: 2balance -J : balance group for balancing doneque items default: -none- no balancing This group MUST be in sys/BALANCE -l : no logging at all default: file -L : log all connections and files default: no -n : name of service (same as -z) default: SMTPWIRE -o : Output folder in /fip/spool default: spool/xsmtp -O : Name of output format (DF field) default: SMTPWIRE -P : port number to use default: 25 for plain, 587 if TLS is specified -r : the name of a DIFFERENT routing table to 'name' (SR field : used by iproute) default: name -R : dump all raw data in a dump file in /fip/dump default: no -s : same as -h -SSL : Force HTTPS (ie TLS/SSL) default: no -w : max timeout with no data default: 60 secs ie between packets. Set to ZERO to disable or 10 (or more) secs -u : logon for files created if NOT that which was used to start 'smtpwire' default: same -V : HTTPS TLS/SSL method to use default: 23 for 2 or 3 -z : name of service (same as -n) default: SMTPWIRE -Z : do NOT archive any incoming files default: archive -v : Print the version number and exit Version Control ;1h 24sep15 minor cleanups ;b-f 23nov15 added blacklist in /fip/fix (e - allow 0 for range) ;f 16apr18 better TLS plus optional param file ;g-h 18jun18 fipseq + Exchange/QP and spc dot bugette ;0z 23may00 original version ;a 18oct00 added -u plus bugette for MS EXCHG relays ;b-d 15nov00 MSexchg seems to allow multiple Senders !! - 503 already have sender now ignored ;e 29oct01 WINNT filenames better ;f 21jul03 better handling of to/from names; added DZ ;g-i 26jul03 added -C; added -w; better logging of incoming files allow multiple incoming files in one connection ;j-p speedy, -I wireId added ;n donque added, parse added ;o added S5 (remaddr) S6 (thsaddr) and S7 (thshost) ;q-s added -B for balance any done queue items ;t 24jun15 started STARTTLS ;u-z bugette - return MUST CRNL (copyright) 2018 and previous years FingerPost Ltd.