AWS – Email – SES – Send Email – Thunderbird Configuration

Background

Now that I have received and responded back to AWS/SES email validation, it is time to go back and validate my Outgoing SMTP Server.

Earlier Notes

Here are some earlier notes :-

  1. AWS – Email – “Error Sending Mail – Message Reject : Email address is not verified. The following identities failed the check in region
    Link

 

Thunderbird

Configuration

Here is how to configure Mozilla’s Thunderbird to use an AWS/SES SMTP Server to send email.

Outline

  1. Review Validation Email for Sender
    • Note exact email address
    • Click on validation link
  2. Access the Account Settings panel
    • Account Settings panel
      • Email Address
        • Please use the exact email address that was verified
        • Remember it is Linux and case-sensitive
    •  Outgoing Server ( SMTP )
      • Server Name
        • Region Specific SMTP Server Name
          • US West 2
            • email-smtp.us-west-2.amazonaws.com
      • Port Number
        • 587
      • Connection Security
        • STARTTLS
      • Authentication Method
        • Normal Password
      • Username
        • Enter the username assigned to you by AWS/SES

Sender Email Address Validation

Sample Emails

Here are sample validation emails :-

Dear Amazon Web Services Customer,

We have received a request to authorize this email address for use with Amazon SES and Amazon Pinpoint in region US West (Oregon). If you requested this verification, please go to the following URL to confirm that you are authorized to use this email address:

https://email-verification.us-west-2.amazonaws.com/?Context=78&X-Amz-Date=20190110T212440Z&
Identity.IdentityName=daniel.adeniji%40mylabdomain.com&X-Amz-Algorithm=AWS4-HMAC-SHA256&Identity.IdentityType=EmailAddress&X-Amz-SignedHeaders=host&X-Amz-Credential=AKI%2Fus-west-2%2Fses%2Faws4_request&Operation=ConfirmVerification&Namespace=Bacon&X-Amz-Signature=189


Explanation

  1. Email’s body
    • Please not Identity.IdentityName
      • This is the name that will be specified as your sender

 

Account Settings

AWS.SES.Mozilla.Thunderbird.Configuration.AccountSettings.20190110.0208PM.PNG

Outgoing – Mail – Configuration

SMTP Server

AWS.SES.Mozilla.Thunderbird.Configuration.Outgoing.20190110.0209PM.PNG

References

  1. Amazon
    • AWS
      • SES
        • AWS Documentation » Amazon SES Documentation » Developer Guide » Sending Email with Amazon SES » Sending Your Email with Amazon SES » Using the Amazon SES SMTP Interface to Send Email » Configuring Email Clients to Send Through Amazon SES
          Configuring Email Clients to Send Through Amazon SES
          Link
        • AWS Documentation » Amazon SES Documentation » Developer Guide » Regions and Amazon SES
          Link

SSRS – Validating Smart Host – Using Mozilla Thunderbird

Background

A few posts ago, we provisioned a Smart Host.

Let us quickly test it out.

 

Lineage

Here are other posts in this multi-series:

  1. SSRS – Setting up Smart Host
    Link

Scenario

To make sure that we understand the specificity of Microsoft’s Office 365 SMTP service, we will install a free, durable email client; specifically Mozilla Thunderbird.

 

Wireshark

Filter

  1. tcp.port == 25 || tcp.port == 465 || tcp.port == 587

Mozilla Thunderbird

Download

Download Mozilla Thunderbird from here.

Installation

Installation is straightforward.

Configuration

Images

Session – 1

Configuration
SMTP Server Settings

 

Output
Netstat

WireShark

 

Session – 2

Configuration
SMTP Server Settings

Output
Netstat

WireShark

WireShark – SMTP ( Destination Port 587 ) – 01
WireShark – Explanation
  1. Connection to SMTP Host
WireShark – SMTP ( Destination Port 587 ) – 02

WireShark – Explanation
  1. Reply from SMTP Host

 

Session – 3

Configuration
SMTP Server Settings

WireShark

WireShark – Explanation
  1. We see a fuller conversation

 

Item Port :- 465 /
Connection :- SSL/TLS
Port :- 587 /
Connection Start :- SSL/TLS
Port :- 587 /
Connection Start :- STARTSSL
Server Name smtp.office365.com smtp.office365.com smtp.office365.com
Port 465 587 587
Connection Security SSL/TLS SSL/TLS STARTTLS
Authentication Password Normal Password Normal Password Normal Password
Results SYN/SENT  Truncated Conversation  Full Conversation

 

Network Ports

  1. Port :- 25
    • SMTP
      • Server to Server email
        • Message relay port
      • (-)
        • Not Authenticated
        • Blocked by a lot of firewall
  2. Port :- 465
    • SMTP
      • (-)
        • Not widely adopted
  3. Port 587
    • SMTP
      • Mail Submission Port
      •  (+)
        • Authenticated emails

 

References

  1. Microsoft
    • Office
      • Support
        • POP and IMAP settings for Outlook Office 365 for business
          Link
        • How to set up a multifunction device or application to send email using Office 365
          Link
    • technet
      • blogs.technet.com
        • Andrew Stobart – Useful Wireshark Filters for Mail Flow Troubleshooting
          Link
  2. Mozilla.Org
    • Mozilla Support
      • cannot send mail. Connected to smtp.office365.com but times out.
        Link
  3. Stanford University
    • Stanford | University IT
      • How to Configure Thunderbird for Office 365 Using IMAP
        Link
  4. StackOverflow
    • Network Ports
      • What is the difference between ports 465 and 587?
        Link
  5. JSCAPE
    • Managed File Transfer and Network Solutions
      • John Carl Villanueva
        • Still Confused With SMTP Ports? Read This
          Link
  6. FastMail
    • SSL vs TLS vs STARTTLS
      Link

 

Accessing Outlook.live.com from 3rd Party Software

Background

Mistakenly deleted all the emails in my hotmail.com inbox this morning.

The functionality that Microsoft has to recover email is dauntingly inaccessible.

One has to select individual emails as one is not able to select all emails at once.

Way Forward

A good forward is to use 3rd party email tools.  Let us try Windows Applications, rather than browsers.

Windows Live Mail

Tried Windows Live Mail, but not able to successfully authenticate with my email address and password.

One good thing I got from trying to use “Windows Live Mail” is a text message on my phone.

The message reads:

You need a new app password to keep your apps and devices working.  Learn more here: http://account.live.com/APHelp

Went there, followed the steps, and accepted a password, but it did not work for us.

 

Mozilla.Org – Thunderbird

Always like Mozilla.Org’s Thunderbird and so tried that next.

ApHelp

Here is the contents that Microsoft has on APHelp.

Instructions

Image

aphelp

Textual

Here is Microsoft’s exact words:
If you’ve turned on two-step verification and you see an incorrect password error with an app or device, you’ll need to get and enter a unique app password to sign in. Once you’ve signed in with your app password, you’re all set to use that app or device. You’ll need to create a different app password to sign in to each app or device that can’t prompt you for a security code.

The steps for generating a new app password are always the same. Repeat these steps to get a different password for every app or device that needs an app password:

Go to the Security settings page for your Microsoft account.

Under App passwords, tap or click Create a new app password.

A new app password is generated and appears on your screen.

Enter this app password where you would enter your normal password.

Sign-in

Please sign in to live.com

signin

 

Account Live.Com – Security Settings

Image

apppasswords

Textual

Microsoft’s word
App passwords

Some apps and devices (such as Xbox 360, Windows Phone, or mail apps on your other devices) don’t support security codes for two-step verification. In these cases, you need to create an app password to sign in. 

Create a new app password
Remove existing app passwords

App Password Add

To request a new password, please click here.

 

Thunderbird email configuration

Let us go use our new App’s password:

Welcome to Thunderbird

wouldyoulikeanewemailaddress_20161016_1158am

Mail Account Setup

Please enter your email address and password.

mailaccountsetup_20161016_1200pm-revised

Mail Account Setup

As we entered  a well know domain name, hotmail.com, Thunderbird is able to successfully auto-configure us.

We receive the good message “Configuration found in Mozilla ISP database”.

mailaccountsetup_configurationfound_20161016_1201pm-revised

 

Item Value Description
 Mail Storage IMAP Choices are IMAP or POP3.

With IMAP mails are kept on the server; while with POP mails are kept locally.

 Incoming  imap-mail.outlook.com
 Outgoing smtp-mail.outlook.com

 

 

Notifications

BTW, outside of receiving notifications on my cell phone as to need for an “App Password“, received notification on my gmail inbox, as well.

Here is the gmail message.

gmail notification

youneedanapppassword

 

Listening

Listening to …

Jamie Lawson – Don’t Let Me Let You Go
Link

Mac OS/X – Sun/Oracle – Java Applet – Typical workspace interaction

Mac OS/X – Sun/Oracle – Java Applet – Typical workspace interaction

Google Chrome

Java Applet (needs permission to run) Chrome - Java Applet (needs permission to run)

So we are asked to confirm whether we want Java to run:

  • Always run on this site
  • Run this time

We chose to have it “Run this time”.

Chrome - Java Applet (Need to download the java plug-in)

We did not get very far.  We are greeted with a warning message stating “Missing Plug-in” and prompted to download Java plug-in.

There is no need to go much further.  Java is delivered as a 64-bit plugin on 64-bit Mac OS-X.  And, Google Chrome is 32-bit.

Safari

Safari - Java Applet

Safari is stucked at the “Missing Plug-in” spot.

And, even post install of Java Plug-in, Safari is not allowing the applet to run.

Firefox

Firefox - File Browse (pre plug-in acceptance)

So in Firefox, the browser asks whether it is OK to execute the “FileBrowse” plugin from Netapp; specifically upload.netapp.com

We reply yes and we are good.

Firefox - File Browse (post plugin acceptance)

We are able to click on the “Browse File” button and launch an Applet which exposes the “File Open” dialog on our screen.

So on a Mac with Java JRE installed, here is a round-up of Java JRE/Applet support:

  • Google Chrome – Stuck due to Sun/Oracle JRE being provided as a 64-bit utility and Chrome being to 32-bit
  • Apple Safari – Stuck
  • Firefox – Good

To review and get more granular insight into your Mac OS Support:

  • Launch “System Preferences”
  • In the other section, select “Java”

System Preferences

In the Java section, there are many options:

Java Control Panel - General

In the General section:

  • Access the “Network Settings” — Which allows one to choose a different proxy setting, than the one set for the browser

Java Control Panel - General - Network Settings

In the “Update” section:

Java Control Panel - Update

  • Choose whether you want Java updates to occur automatically
  • In our case, one can see we have a relative recent update.  Due to the recent proliferations of exploits you probably want it so

In the “Java” section:

Java Control Panel - JRE - Versioning (Select Version)

  • This is especially when you have two or more JREs installed, and you want to select the one you want
  • Obviously, you can also Disable all of them
  • Advanced users can also specify “Runtime parameters”

In the “Security” section:

Java Control Panel - Java Applet - Security Level

  • This is quite important as you are able to disable Java for all web browsers
  •  And, if you choose to enable it, be a bit more granular and set security level
  • Also, for security conscious configurations, choose which certificates you want exposed

In the “Advanced” section:

Java Control Panel - Advanced

So here I am thinking since the OS exposes the functionality to disable Java Plugin\applets, I am good if I choose to use the OS Functionality to do so.

I disabled it:

  • Access “System Preferences”
  • In the “System Preferences” window, “Other” section : Choose the “Java” icon
  • In “Java Control Panel” \ “Security” Tab, disable “Java” in the browsers

Java Control Panel - Security ( java disabled in browser)

So here I go return to Firefox and try to use the NetApp applet and it still works.

So I am thinking let me restart my browser and here again, I am still working.

So I am thinking those NetApp Developers are very smart and that they dutifully and gracefully degraded to HTML; as it allows file upload, as well.

But, before packing up my little project, I am thinking I should view the web Application’s source.

Wish I could say I found the “View Source” button easily, but that I had to Google for it.

How to view Source

http://support.mozilla.org/en-US/questions/862421

Tools Menu -> Web Developer -> click View Page Source

It seems that the Applet is still being used and ran.  The code for Applet is present and there is no conditional statement around it:



<APPLET  
	CODE = "org.sslupload.FileBrowseApplet.class" 
	archive="/hq/Userfile?send=applet&name=SSLUpload.jar" 
	WIDTH = 100% 
	HEIGHT = 40 
	NAME = "FileBrowse" 
	MAYSCRIPT = true>

</APPLET>

So it seems that the Java Applet is still being ran.

So Googled again. How to disable Java in Firefox:

http://support.mozilla.org/en-US/kb/How%20to%20turn%20off%20Java%20applets
How to turn off Java applets

This article explains how to disable the Java plugin in Firefox so that Java applets no longer run.

By default, Firefox allows Java applets to launch automatically. However, you may decide that you do not want Java applets to run. To disable Java applets in Firefox:

On the menu bar, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Plugins panel.
Click on the Java Plug-in 2 for NPAPI Browsers (Mac OS 10.6) or Java Applet Plug-in (Mac OS 10.7 and above) to select it.
Click on the Disable button (if the button says Enable, Java is already disabled).
Java applets will no longer be permitted to launch in Firefox.

Firefox - Plugins - Java Applet Plug-in

Once we clicked on the disable button on the “Java Applet Plug-in” entry, we are good:

Firefox - Plugins - Java Applet Plug-in (disabled)

the applet icon is now “X-ed” out.

So moral of the story.

  • Certain functionalities might be disabled at the OS level, but sometimes 3rd parties in this case Mozilla built a way around it.  In Firefox, they are controlling their own destiny by exposing Java JRE toolset as a plug-in

 

References: