I developed an application using rails4 mongoid and devise by following the instructions at http://railsapps.github.io/tutorial-rails-mongoid-devise.html. Application is running successfully except confirmation mail and password reset instruction mail features. In my app logs it is showing something like:
Sent mail to csecse.great#gmail.com (8.4ms)
Date: Wed, 11 Dec 2013 13:56:39 +0530
From: sender#mail.com
Reply-To: sender#mail.com
To: csecse.great#gmail.com
Message-ID: <52a821bf82f6c_b1f3fc131e38fa07856e#TEST.local.mail>
Subject: Reset password instructions
Mime-Version: 1.0
Content-Type: text/html;
charset=UTF-8
Content-Transfer-Encoding: 7bit
I am getting this in logs whenever I am requesting for send password instructions but mail is not arriving to my mail id. please suggest me a solution for this.
Related
I have the following question. We are using net core 3.1.
We make a soap request (HttpWebRequest) to a external webservice where they only allow a whitelist of IP addresses into the portal. Our VPN Ipadress is in the whitelist.
But when i send a request (Via Visual studio debugger) it get rejected by de external webservice: 403 Unauthorized.
But when starting Fiddler and then sending the same request again, via Visual studio debugger, we get a 200 OK.
The same is with Postman. When fiddler is not running the request gets rejected. When Fiddler
is running the request is accepted and the response is 200 OK.
I dont understand what is happening, How to solve this.
NOT VIA Fiddler:
Status: 500 Internal Server Error
Version HTTP/1.1
Transferred 408 B (233 B size)
Referrer Policy strict-origin-when-cross-origin
Request Priority Highest
Response Headers:
Content-Type: application/json
Date: Thu, 28 Jul 2022 08:42:32 GMT
Server: Kestrel
Transfer-Encoding: chunked
X-Powered-By: ASP.NET
VIA Fiddler:
Status 200 OK
Version HTTP/1.1
Transferred 1.57 KB (1.41 KB size)
Referrer Policy strict-origin-when-cross-origin
Request Priority Highest
Content-Type text/plain; charset=utf-8
Date Thu, 28 Jul 2022 09:01:24 GMT
Server Kestrel
Transfer-Encoding chunked
X-Powered-By ASP.NET
I use Xampp control panel to host an Apache server. I'm testing how to run mhtml files on a server. So far it only shows me raw text when visiting it on server side. I looked around on how to make it work but the solutions I got (for example, adding "AddType message/rfc822 .mhtml .mht" in http conf file) just proceeds to download the file instead of reading it.
Here's a sample of the initial block of the mhtml file:
From: <Saved by Blink>
Snapshot-Content-Location: https://www.instagram.com/jo0sef/
Subject: =?utf-8?Q?Yousef=20AlSudais=20=D9=8A=D9=88=D8=B3=D9=81=20=D8=A7=D9=84=D8?=
=?utf-8?Q?=B3=D8=AF=D9=8A=D8=B3=20(#jo0sef)=20=E2=80=A2=20Instagram=20pho?=
=?utf-8?Q?tos=20and=20videos?=
Date: Tue, 16 Feb 2021 08:18:55 -0000
MIME-Version: 1.0
Content-Type: multipart/related;
type="text/html";
boundary="----MultipartBoundary--c1Osf7aCebmaZjjAXk0gfl7cuYp300joTDYRFPKyLF----"
------MultipartBoundary--c1Osf7aCebmaZjjAXk0gfl7cuYp300joTDYRFPKyLF----
Content-Type: text/html
Content-ID: <frame-AD05338F6D10E72FA62E6C2E3D66903E#mhtml.blink>
Content-Transfer-Encoding: quoted-printable
Content-Location: https://www.instagram.com/jo0sef/
My app is required to support users logged in via SSO on a 3rd party server.
I configured settings.py based on the docs, i.e.
MIDDLEWARE_CLASSES = [
'...',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.auth.middleware.PersistentRemoteUserMiddleware',
'...',
]
AUTHENTICATION_BACKENDS = [
'django.contrib.auth.backends.RemoteUserBackend',
]
I tried to test this using Postman on a couple of the app's URLs with no auth and with basic auth (user is defined) and, of course, with REMOTE_USER (and/or HTTP_REMOTE_USER header set).
In all cases I get a 401 - unauthorized code. Moreover, the breakpoint in authenticate is never called. The process_request in the middleware is called, but the REMOTE_USER header is not in request.META.
What else do I need to configure (in Django, Postman - or better still Apache) so that the REMOTE_USER will be set?
My knowledge of Apache is minimal, so a link to an example will help a lot.
The closest "solution" I saw is this, but it seems that the person circumvented the proper way to do this.
UPDATE
The Postman request is simply to one of the basic services which requires users to be logged in (#login_required decorator in Django)
I've tried with both basic auth and no auth.
The reply is a 401 without additional information.
>curl -i -H 'REMOTE_USER: user' localhost:9000/project/files/
HTTP/1.0 401 Unauthorized
Date: Sun, 17 Dec 2017 13:38:38 GMT
Server: WSGIServer/0.1 Python/2.7.10
Expires: Sun, 17 Dec 2017 13:38:38 GMT
Vary: Cookie
Last-Modified: Sun, 17 Dec 2017 13:38:38 GMT
Location: /accounts/login/?next=/project/files/
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Same command with cURL. The Location seems to suggest it tried to redirect to the login page (which should not happen)
I'm trying to collect and download my lifelog user data. The first step into doing this is getting a user-access token. I am encountering problems while requesting authorization.
From the sony developer authenticization page I am told to input the following code into my API explorer:
https://platform.lifelog.sonymobile.com/oauth/2/authorize?client_id=YOUR_CLIENT_ID&scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read
I am supposed to receive the authorization code as such:
https://YOUR_CALLBACK_URL?code=abcdef
However, this is what the current situation is actually like:
I have replaced my actual client ID below with MY_CLIENT_ID for security reasons
INPUT:
GET /oauth/2/authorize?client_id=MY_CLIENT_ID&scope=lifelog.profile.read%2Blifelog.activities.read%2Blifelog.locations.read HTTP/1.1
Authorization:
Bearer kN2Kj5BThn5ZvBnAAPM-8JU0TlU
Host:
platform.lifelog.sonymobile.com
X-Target-URI:
https://platform.lifelog.sonymobile.com
Connection:
Keep-Alive
RESPONSE:
HTTP/1.1 302 Found
Content-Length:
196
Location:
https://auth.lifelog.sonymobile.com/oauth/2/authorize?scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read&client_id=MY_CLIENT_ID
Access-Control-Max-Age:
3628800
X-Amz-Cf-Id:
HILH9w3eOm-6ebs_74ghegYQyWS4xyqA1l0gXPRJuuubsoZ6eiiS3g==
Access-Control-Allow-Methods:
GET, PUT, POST, DELETE
X-Request-Id:
76caccfc976d40259ef30415d10980e9
Connection:
keep-alive
Server:
Apigee Router
X-Cache:
Miss from cloudfront
X-Powered-By:
Express
Access-Control-Allow-Headers:
origin, x-requested-with, accept
Date:
Sun, 22 Jan 2017 03:00:42 GMT
Access-Control-Allow-Origin:
*
Vary:
Accept
Via:
1.1 dc698cd00b7ec82887573cfaba9ecca6.cloudfront.net (CloudFront)
Content-Type:
text/plain; charset=utf-8
Found. Redirecting to https://auth.lifelog.sonymobile.com/oauth/2/authorize?scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read&client_id=MY_CLIENT_ID
Nowhere can I see the authorization code in the above code. I even tried copying and pasting the URL (on the last line) into my browser, it says "localhost.com took too long to respond"
This is where I input my request
I am not sure whether it is an issue with the callback URL. I don't have an actual website or app made, I just used the default localhost
I am a beginner in this and would really appreciate all help.
We have a server with DirectAdmin panel where is exim. It's default configuration like here:
http://files.directadmin.com/services/exim.conf
We get e-mails for example from kontakt#hoseo.pl to kontakt#hoseo.pl it's spoofed:
Examples:
1.
Return-path: <nickedc#gmail.com>
Envelope-to: kontakt#hoseo.pl
Delivery-date: Thu, 12 Sep 2013 03:15:21 +0200
Received: from [200.10.67.162] (helo=gmail.com)
by omega.hoseo.pl with esmtp (Exim 4.80.1)
(envelope-from <nickedc#gmail.com>)
id 1VJvV7-0003OM-UP
for kontakt#hoseo.pl; Thu, 12 Sep 2013 03:15:21 +0200
Received: from [191.7.129.87] (account quadrennial16#gmail.com HELO lyjqnysvr.nfevzzqxeweo.tv)
by (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 125612437 for kontakt#hoseo.pl; Wed, 11 Sep 2013 20:17:47 -0500
Date: Wed, 11 Sep 2013 20:17:47 -0500
From: <kontakt#hoseo.pl>
X-Mailer: The Bat! (v3.5.25) Home
X-Priority: 3 (Normal)
Message-ID: <9925188213.R1G0JAD6616751#hfvnvpdpni.dahsrtr.ru>
To: <kontakt#hoseo.pl>
Subject: Jestem gotow placic Ci 95 euro za spolecznie uzyteczne prace wykonywane w wolnym czasie
MIME-Version: 1.0
Content-Type: text/html;
charset=iso-8859-2
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130911-1, 2013-09-11), Inbound message
X-Antivirus-Status: Clean
2.
Return-path: <dishwashersd333#google.com>
Envelope-to: kontakt#hoseo.pl
Delivery-date: Thu, 12 Sep 2013 02:14:09 +0200
Received: from [190.235.181.209]
by omega.hoseo.pl with esmtp (Exim 4.80.1)
(envelope-from <dishwashersd333#google.com>)
id 1VJuXw-004BKW-NW
for kontakt#hoseo.pl; Thu, 12 Sep 2013 02:14:09 +0200
Received: from [113.131.148.117] (helo=zczdtmhvqilhrkl.tnksjy.ru)
by with esmtpa (Exim 4.69)
(envelope-from )
id 1MMSEG-7581uu-1R
for kontakt#hoseo.pl; Thu, 12 Sep 2013 12:13:24 +1200
Date: Thu, 12 Sep 2013 12:13:24 +1200
From: <kontakt#hoseo.pl>
X-Mailer: The Bat! (v3.5) Educational
X-Priority: 3 (Normal)
Message-ID: <5655874272.ZBYQ02EL661445#ukcchbjmedjown.tboxgld.tv>
To: <kontakt#hoseo.pl>
Subject: Czy chcialbys (chcialabys) pomagac chorym w wolnym czasie i zarabiac minimum 300 euro w tygodniu?
MIME-Version: 1.0
Content-Type: text/html;
charset=Windows-1252
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130911-1, 2013-09-11), Inbound message
X-Antivirus-Status: Clean
3.
Return-path: <walesg61#gmail.com>
Envelope-to: kontakt#hoseo.pl
Delivery-date: Thu, 12 Sep 2013 00:07:26 +0200
Received: from [181.67.29.61] (helo=gmail.com)
by omega.hoseo.pl with esmtp (Exim 4.80.1)
(envelope-from <walesg61#gmail.com>)
id 1VJsZJ-003a4R-Rp
for kontakt#hoseo.pl; Thu, 12 Sep 2013 00:07:26 +0200
Date: Wed, 11 Sep 2013 23:09:57 +0100
From: <kontakt#hoseo.pl>
To: <kontakt#hoseo.pl>
Subject: Zapraszamy do zarobienia dodatkowo w wolnym czasie minimum 100 euro za godzine.
X-Mailer: vfvlsvltd
MIME-Version: 1.0
Content-Type: text/html;
charset=unicode
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 130911-0, 2013-09-11), Inbound message
X-Antivirus-Status: Clean
In Postfix to prevent this can do:
smtpd_recipient_restrictions = [...]
permit_sasl_authenticated,
check_sender_access proxy:mysql:/etc/postfix/mysql/mysql_virtual_nosasl.cf,
[...]
The first rule lets emails from users who have gone through SASL. The second checks to see if the sender's domain in the MAIL FROM is one of my domains. If so, it will block email from 554 Checking rules * _restrictions ends on the first match. So if the sender from my domain has not completed the permit_sasl_authenticated, it means that it is not my user and another rule should be blocked.
How do this with DirectAdmin exim.conf?
and more about spoofing
When an SMTP email is sent, the initial connection provides two pieces of address information:
MAIL FROM: - generally presented to the recipient as the Return-path: header but not normally visible to the end user,[6] and by default no checks are done that the sending system is authorized to send on behalf of that address.
RCPT TO: - specifies which email address the email is delivered to, is not normally visible to the end user but may be present in the headers as part of the "Received:" header.
Together these are sometimes referred to as the "envelope" addressing, by analogy with a traditional paper envelope.[7]
Once the receiving mail server signals that it accepted these two items, the sending system sends the "DATA" command, and typically sends several header items, including:
From: Joe Q Doe - the address visible to the recipient; but again, by default no checks are done that the sending system is authorized to send on behalf of that address.
Reply-to: Jane Roe - similarly not checked
The result is that the email recipient sees the email as having come from the address in the From: header; they may sometimes be able to find the MAIL FROM address; and if they reply to the email it will go to either the address presented in the MAIL FROM: or Reply-to: header - but none of these addresses are typically reliable.[8]
Furthermore the mail server may not check that these domains have been registered in the DNS and are configured to receive emails. This may generate backscatter if a reply is generated.