Sending an Email Using Shell

In this post I will introduce you about sending an email by using terminal, as sending an email via graphical MTA can be cumbersome.:) To  send an email on shell terminal, I will use ssmtp which sends mails local computer to configured mail hub. It is not  mail server such as postfix. Ssmtp package exists in epel-repo, so you need to add epel-repo, if you do not already add it.

Install Epel Repo:

#yum install epel-release

Install SSMTP:

#yum install ssmtp

After Installing ssmtp you need to configure files on /etc/ssmtp/ folder. There are two configuration files  in  /etc/ssmtp folder. ssmtp.conf file is actual configuration file that you add your mail account information. revealiases file is used for reverse mail aliases.

Configuration of SSMTP

Open ssmtp.conf  file with your favourite text editor and write down below configuration on end of the file and change it with your own account information. You can see my configuration.(Figure-1)





Testing Time:

Actually when I test it without configuring revealiases(reverse mail alias file) I got an error because of my local domain which is tbag.local. You can see below it MAIL FROM section.(Figure-2). I tried to send  an email on verbose mode. To solve the problem you also need to configure revealiases file (Figure3). Add your user and mail domain like below. After configuration of revealiases, I am able to send an email successfully.(Figure-4)

ssmtp -v
Hello world !
[<-] 220 ESMTP ready
[->] EHLO dns.tbag.local
[<-] 250 STARTTLS
[<-] 220 2.0.0 Start TLS
[->] EHLO dns.tbag.local
[<-] 334 VXNlcm5hbWU8
[->] c2VuZG1lbWVsb25AeWFob28uTv42
[<-] 334 UGFzc3cvctQ6
[<-] 235 2.0.0 OK
[->] MAIL FROM:<root@dns.tbag.local>
[<-] 553 From address not verified - see
ssmtp: 553 From address not verified - see

Figure-2 (Error while sending an email)

Figure-3 (revealiases)

[root@dns ssmtp]# ssmtp -v
Hello World !
[<-] 220 ESMTP ready
[->] EHLO dns.tbag.local
[<-] 250 STARTTLS
[<-] 220 2.0.0 Start TLS
[->] EHLO dns.tbag.local
[<-] 334 VXNpnx5hlWU9
[->] c2VuZG1lbWVsb25AetGob32uY29m
[<-] 334 UGFzc3uvcmQ6
[<-] 235 2.0.0 OK
[->] MAIL FROM:<>
[<-] 250 OK , completed
[->] RCPT TO:<>
[<-] 250 OK , completed
[->] DATA
[<-] 354 Start Mail. End with CRLF.CRLF
[->] Received: by dns.tbag.local (sSMTP sendmail emulation); Fri, 10 Mar 2017 01:40:30 +0300
[->] From: "root" <>
[->] Date: Fri, 10 Mar 2017 01:40:30 +0300
[->] Hello World !
[->] .
[<-] 250 OK , completed
[->] QUIT
[<-] 221 Service Closing transmission

Figure-4(Sending an email)







One more thing!

Mail providers such as gmail, yahoo prohibit sending an email by some third party applications such as ssmtp, sendmail etc. To allow sending an email such applications, you should turn on less secure sign-in property. For yahoo you can do that on the Account Security tab.(Figure-5)

Figure-5(Turning on less secure sign-in for yahoo)




What is My IP Address ?(in a shell)

There are couple of web sites that outputs your public IP as a plain. I wrote it down  you can pick one of them.

  • curl
  • curl
  • wget -qO- ; echo
  • curl ;echo


Dynamic DNS

Hi Folks!

It has been long time, I have not posted anything since December.  Actually I had to do many things. I was battling upkeep of Company Servers and upgrading them. But during that time  I learned many things and I would like to share  with you all. In this post I will introduce you about dynamic DNS, which saves you hassle of persistently changing of your  Router IP  by ISP.

What is Dynamic DNS ?

Dynamic DNS (DDNS) is a service that maps Internet domains name  to IP addresses. It is similar Internet Domain Name service(DNS) but some differences.

Unlike DNS that allows mapping static IP to domain name and domain name to static IP, Dynamic DNS maps your domain name to your dynamic IP. By doing that even though, your IP changes you will access your home router with the your domain name that you choose. And you will be able to access your IP camera or IoTs. But Unlike DNS service that you configure it only once for one domain name, DDNS needs to be informed each time IP has changed. But do be afraid.:)

There are many Dynamic DNS services on the internet enterprise or free. In this post I will introduce you about free dynamic dns, which I am currently using it.–duckns  Duck DNS is free dynamic domain name services. You can signup with your google, twitter, facebook or reddit account. After successfully login, duckdns create a token for you. You will update your new IP with this token so keep it secret.(Figure-1)


Also write your domain name you choose in to the box with the name domain.(Figure-2)


Almost done.We have just couple of things to do. As I mention before, we have to feed dynamic DNS service with the new IP, each time IP changes.

To do so, I wrote a shell script which pools every 5 minutes to check if  IP changes. For more information you can visit the link.

You can tweak the shell script for your own purpose. (If you use this script do not forget to replace  XYXY, xxxxxxxx-yyyy-xxxx-yyyy-zzzzzzzzzzzz  and mail addresses with yours!)

Edited: To execute script below every 5 minutes, we need to add the script on  a crontab.


 */5 * * * * script

newip=$(curl -s
oldip=$(head ip.txt)

echo "old:$oldip"
echo "new:$newip"

if [ "$oldip" != "$newip" ] ; then
        echo "$newip" > ip.txt
        /usr/bin/mail -s "oldIP:$oldip/NewIP:$newip" < ip.txt
#do not forget to create a folder with the name "duckdns"
#$mkdir ~/duckdns
        echo url="" | curl -k -o ~/duckdns/duck.log -K -
        if [ "$res" -eq 0 ] ; then
                /usr/bin/dig +short | /usr/bin/mail -s "DuckDNS IP changed"
                /usr/bin/mail -s "DuckDNS Error!"<.




Measuring a Temperature with DS18B20

DS18B20 is a digital temperature sensor which measures temperatures from -55°C to +125°C. It uses 1-Wire communication protocol. We have only one data pin for sending and receiving data. For more information see DS18B20 datasheet.

In this post I will use Raspberry PI-III as a micro controller. For data pin I chose GPIO26. Before using this pin as a 1-Wire, we need to enable 1-Wire communication. You can do it raspi-config or adding the lines below end of the /boot/config.txt file and reboot your Raspberry.









After reboot the system. We should check whether or not device is connected properly. You can see below configuration looks good. 28-0000010edf01 is the my device.

Each DS18B20 contains a unique ROM code that is 64-bits long. The first 8 bits are a 1-Wire family
code (DS18B20 code is 28h). The next 48 bits are a unique serial number. The last 8 bits are a CRC of the first 56 bits.

pi@raspberrypi:~ $ ls -l /sys/bus/w1/devices/28-0000010edf01
lrwxrwxrwx 1 root root 0 Dec 25 08:02 /sys/bus/w1/devices/28-0000010edf01 -> ../../../devices/w1_bus_master1/
cat /sys/bus/w1/devices/28-0000010edf01/driver/28-0000010edf01/w1_slave

5c 01 4b 46 7f ff 04 10 a1 : crc=a1 YES
5c 01 4b 46 7f ff 04 10 a1 t=21750

As you see output above t is the temperature. Bu we need to some calculations conver to Celcius.

echo $(cat /sys/bus/w1/devices/28-0000010edf01/w1_slave | tail -n +2 | cut -f 2 -d '=') | awk '{x=$1}END{print(x/1000)}'
while true
                echo $(cat /sys/bus/w1/devices/28-0000010edf01/w1_slave | tail -n +2 | cut -f 2 -d '=') | awk '{x=$1}END{print(x/1000)}'
                sleep 2


Final Result.









Redirecting http to https

Do you have  a SSL certificated web site and your audience still connects you via  http because of their habit ? Easy way to handle this problem is redirecting http requests to https. By doing that any http requests are redirected to the https. To do that we will use Apache web server (httpd RHEL,CentOS).

Apache is the world’s most used web server software. It has many features loadbalancing, cgi support, headers and content rewriting, URL rewriting etc,. In this post we will use URL rewriting capability of Apache, which is supported by mod_rewrite.

mod_rewrite module provides flexible and powerful way to URLs using an unlimited number of rules. By default, mod_rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch.

You can add the configuration below either .htacces or apache2.conf (httpd.conf on RHEL, CentOS).

#Redirect permanently any request, which comes from Port 80(http) to https.
<IfModule mod_rewrite.c>
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]

Do not forget to enable mod_rewrite module. You can check with apache2ctl or httpd utility.

On Debian, Ubuntu system.

root@debian:/etc/apache2# apache2ctl -M|grep rewrite

On RHEL, CentOS system.

[root@centos7 media]# httpd -M| grep rewrite

You can track the requests http to https with curl -v.








Port Knocking

Port knocking is one of hardening method to prevent unauthorized user access the services. This method ability to externally open ports that, by default, keep closed by firewall. It works by sending  TCP packets to predefined closed ports in right order. In my virtual environment, I have two Linux based systems one is Debian8 and the other is Centos7.







I closed ssh port accessing anywhere except for my current connection to configure knockd service on Debian8.

root@debian:~# iptables -A INPUT -p tcp --dport 22 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
root@debian:~# iptables -A INPUT -p tcp --dport 22 -j REJECT

Installing knockd service :

root@debian:~# apt-get install knockd

Configuration of knockd service:

First we need to activate knockd service by configuring  parameter START_KNOCKD=0 to  START_KNOCKD=1 on /etc/default/knockd file.(Figure-1)








After that, we configure consecutive of ports to be used and what TCP packet will be send, before open  SSH port file by editing /etc/knockd.conf  file.(Figure-2)



According to configuration Figure-2 – To open SSH port, we have to  send TCP SYN packet for each port 7000, 8000, 9000 in order which is not more than 50 seconds. To close SSH port, we have to  send TCP SYN packet for each  port 9000, 8000, 7000 in order which is not more than 50 seconds.

Enabling knockd service:(It will also start after reboot)

root@debian:~# systemctl enable knockd.service

Starting knockd service:

root@debian:~# systemctl start knockd.service

To send a TCP SYN packet for specific ports you can use nmap network utility. Below you can find shell script to do that.

Make sure that nmap is installed on your system. If It is not, you can install as it below.

#For Debian System
apt-get install nmap
#For Redhat,Centos System
yum install nmap


./ <IP> <open,close>

./ open

./ close

echo $count
if [[ count -eq 2 ]] ; then
case $choose in
		echo "---opening ports for $IP"
		for port in 7000 8000 9000 
			echo "sending SYN for port $port"
			nmap -v -PS --disable-arp-ping -p $port $IP

		echo "---closing ports for $IP"
		for port in 9000 8000 7000 
			echo "sending SYN for port $port"
			nmap -v -PS --disable-arp-ping -p $port $IP
		echo "Wrong usage... ./ <IP> <open/close>"


./ open

Nov 27 11:52:23 debian knockd: openSSH: Stage 1
Nov 27 11:52:23 debian knockd: openSSH: Stage 2
Nov 27 11:52:23 debian knockd: openSSH: Stage 3
Nov 27 11:52:23 debian knockd: openSSH: OPEN SESAME
Nov 27 11:52:23 debian knockd: openSSH: running command: /sbin/iptables -I INPUT 1 -s -p tcp --dport 22 -j ACCEPT

./ close

Nov 27 11:53:32 debian knockd: closeSSH: Stage 1
Nov 27 11:53:32 debian knockd: closeSSH: Stage 2
Nov 27 11:53:32 debian knockd: closeSSH: Stage 3
Nov 27 11:53:32 debian knockd: closeSSH: OPEN SESAME
Nov 27 11:53:32 debian knockd: closeSSH: running command: /sbin/iptables -D INPUT -s  -p tcp --dport 22 -j ACCEPT

For more information about port knocking you can visit

Happy Hardening.




Today’s new word  is Cyberchondriac.

Cyberchondriac, someone who looks up medical advice on the Internet for every symptom  they have  and get anxious because they think they have serious illness.

Free SSL Certificate

Q: Is is possible to get free SSL certificate, which is supported by modern web browsers such as Chrome, Mozilla Firefox, IE etc,.

A: Actually, yes you can have free green bar SSL certificates which is supported by modern web browsers. Let’s Encrypt is a free, automated, open Certificate Authority. But before you have SSL certificate, It requires some of the things you have to do to confirm you are the owner of domain that you want to get SSL certificate. There are some web sites to direct you, is one of them.


Hello world!

Welcome to WordPress. This is your first post. Edit or delete it, then start blogging!


RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$$1 [R=301,L]