===================================================================== ####### PaKnPost Pro Configuration and Usage Notes ####### ===================================================================== See INSTALL.txt for installation notes. See FAQ.txt for frequently unasked questions. See LICENSE.txt for licensing provisions Steve Grasso steveg at nexus.iinet.net.au 20160621 Revision 1.15 Update from 1.14 includes bug fixes and security enhancements. CREDIT for discovery of vulnerabilities and patching to Edvin Rustemagic and Grega Preseren with thanks. ===================================================================== ########## Why was PaKnPost Pro written? ########## ===================================================================== To take the load off email servers which by default are being used by many people to send and store rediculously large files as attachments. In the corporate world, the size of email attatchments is usually restricted to preserve bandwidth and email server file system resources. PaKnPost Pro presents an alternative way of sharing large files, without losing the ability to restrict certain potentially malicious file types or to scan files for potentially malicious code. PaKnPost Pro utilises HTTP to convey the files, and text email to notify file recipients. PaKnPost Pro has inbuilt counter-measures designed to make it difficult for people to abuse (unless administrators turn these counter-measures off). ===================================================================== ########## Features at a Glance ########## ===================================================================== System Features =============== - Automated cross-platform installer and manual FTP based installation options - Full system documentation - Written in Perl, with some JavaScript, so cross-platform compatible Tested on Unix, Linux and Windows platforms - Dynamically generated HTML User FAQ, reflecting Admin selected configuration options - Customisable CSS or HTML wrapper to control suite look-and-feel - Unique randomised Holding Area directory names to protect shared files, with 1 x 10 to the power of 23 different combinations (32 selected out of 52 upper and lowercase characters, in random order) - May be used on an SSL enabled server for secure transmission of files - Admin switchable extended error messages - Automatic PaKnPosT Pro Plugin Installer - Optional Contacts Directory of email addresses - Optional LDAP Plugin to synchronise Contacts Directory with corporate email address books User Features ============= - Notification email sent to recipient(s), confirmation email sent to sender - Sender may choose recipient(s) from a Contacts Directory - Sender may elect to send notification email to one or many recipients - Sender may include comments in the notification email - Optional strong file encryption on the server - Full aggregated statistics of files shared by the system, including breakdown of total MB shared by file type Administrative Features ======================= - System configuration via password protected Web interface, or direct edit of text configuration files - Full usage log - Admin defined username/password for Web configuration manager. Password is encrypted - Admin defined shared file retention period with automatic Holding Area cleanup - Admin definable limit on the number of notification emails sent to multiple recipients to minimise spam - Admin optional check of User entered email addresses for valid email servers - Admin optional virus scanning of uploaded files - Admin optional restriction of domains able to access PaKnPost Pro - Admin optional restriction of networks or individual machines able to access PaKnPost Pro - Admin optional restriction of file-types - Admin optional limit on uploaded file size - Admin optional graphical validation code to minimise spam - Admin optional set User defined username/password protection of Holding Area to further protect shared file - Admin definable file size limits for encrypting files - Admin option to enable user selection of recipients from a Contacts Directory - Admin option to enable user selection of cc addresses from a Contacts Directory - Optional LDAP Plugin to allow Admin to synchronise the Contacts Directory with a corporate email address book - available from http://www.paknpost.com - Admin optional restriction of networks or individual machines able to use the Contacts Directory - Admin selectable notification email transmission method - either directly via local 'sendmail' or through external Mail Transfer Agent relay - Admin definable 'blacklist' of recipient usernames who may not receive notification emails - Admin definable 'blacklist' of recipient usernames who may not send notification emails ===================================================================== ########## Initial Configuration ########## ===================================================================== System configuration is read from pnp_config.pl. This may be edited by hand, but it's probably safer to use the Web Configuration Manager. Open the PaKnPost Pro Configuration Manager with a Web browser to configure it eg. http://www.yourdomain.com/cgi-bin/pnp/configure.cgi The initial username is admin with password initial Change these IMMEDIATELY from the configuration manager to prevent unauthorised changes to your PaKnPost Pro installation The first time the Configuration Manager is run, a default configuration profile will be loaded up. Change this as required and click "Save Configuration". This will generate a current profile, which will be loaded when the Configuration Manager is run on subsequent occasions. To revert to the default configuration at any time, click "Revert to Default Configuration". CAUTION: This will DESTROY any current configuration settings you have. ===================================================================== ########## Configuration Options ########## ===================================================================== ===================================================================== # Debug mode This gives extended error messages Default is OFF ===================================================================== # Use Cascading Style Sheet wrapper The look and feel of PaKnPosT Pro may be controlled from a Cascading Style Sheet or plain HTML wrapper. Default is OFF (ie. plain HTML wrapper) ===================================================================== # Title of the PaKnPost Pro installation This is used in the HTML header for pages across PaKnPost Pro ===================================================================== # Organisation name This is used in HTML pages eg. the FAQ ===================================================================== # Organisation URL This is the base URL of the PaKnPosT Pro server NOTES : 1. If the PaKnPost Pro server is SSL enabled (ie. a secure server) make sure you use a https URL prefix, http otherwise. 2. Do NOT include a trailing slash. eg. http://www.yourdomain.com ===================================================================== # Fully Qualified Domain Name of the PaKnPost Pro web server This is used to construct site URLs and to confirm that the Phase 2 script has been called from the Phase 1 script on our machine, and not from some other process on an external machine eg. a nasty spammer's machine eg. www.mydomain.com ===================================================================== # File retention period The number of days files will be retained for collection in the Holding Area NOTE: This is used by the clear_efiles.sh script which is run from cron once daily to clear old shared files from the Holding Area eg. 5 ===================================================================== # Notification Email address of the PaKnPost Pro Admin This is rendered in plain text for use in the notification email message body eg. admin@mydomain.com ===================================================================== # Web Email address of the PaKnPost Pro Admin This is ASCII Entity encoded before inclusion into PaKnPost Pro HTML pages. This prevents evil spammers from screen-scraping the email address from PaKnPost Pro Web pages. It may be a different address from the Notification Email address eg. admin@mydomain.com ===================================================================== # Base location of images for PaKnPost Pro This is the location of images used by the HTML header. It may be a URL or a relative local directory path, WITHOUT a trailing slash. NOTE: If you enter a URL and the PaKnPost Pro server is SSL enabled (ie. a secure server) make sure you use a https URL prefix. eg. 1. http://www.mydomain.com/pnp/images 2. https://www.mydomain.com/pnp/images 2. ../html/pnp/images ===================================================================== # The URL for the CSS wrapper stylesheet If the PaKnPost Pro server is SSL enabled (ie. a secure server) make sure you use a https URL prefix, http otherwise. eg. http://www.yourdomain/pnp/css/default.css ===================================================================== # HTML header for all PaKnPost Pro pages This is the header used to prepare all the HTML pages for PaKnPost Pro ===================================================================== # HTML footer for all PaKnPost Pro pages This is the footer used to complete all the HTML pages for PaKnPost Pro ===================================================================== # Limit Domains When set to YES this prevents broadscale public use of PaKnPost Pro for file sharing by ensuring that the file shared is either To or From email addresses in your domain only. Default is YES. If you set Limit Domains to "Yes", you MUST complete a list of BOTH acceptable domains AND acceptable networks (EVEN IF you set Limit Networks to "No"). In this case, Network(s) should be internal LAN/WAN IP's (or if part, most significant network octets eg. 10.11. 192.168.0.) each separated by a single space. List of Acceptable Domain(s) should be Fully Qualified Domain Names, each separated by a single space eg. mydomain.com yourdomain.co.uk anotherdomain.net ===================================================================== # Limit Networks When set to YES this limits use of PaKnPost Pro to people originating from particular network(s). Default is NO. List of Acceptable Network(s) can be internal LAN/WAN IP's or selected external networks. If part IP's are used, nominate the most significant network octets eg. 10.11. 192.168.0. List of Acceptable Network(s) should be IP's or part IP's each separated by a single space eg. 10.11. 192.168.0. 172.27.0.24 ===================================================================== # Limit Upload Size When set to YES this limits the size of file allowed to be uploaded to the PaKnPost Pro server. Setting upload file size limits helps prevent the file system filling, and limits the effect of denial of service attacks. Default is YES. ===================================================================== # Upload Size Limit in MB This is the upper file size limit in megabytes. Default is 50 eg. 5.5 ===================================================================== # Enable File Encryption Option When set to YES this enables the user to elect to encrypt the shared file stored on the PaKnPost Pro server in its Holding Area. This helps prevent leakage of sensitive information in the unlikely event that the file is inspected on the server or downloaded by an unauthorised third-party. File encryption requires the CipherSaber.pm perl module - this is installed by default with PaKnPosT, latest version available from CPAN: http://search.cpan.org/~chromatic/Crypt-CipherSaber-0.61/lib/Crypt/CipherSaber.pm According to the authors ( http://ciphersaber.gurus.com/ ) CipherSaber "uses Ron Rivest's RC4 algorithm" which is "widely respected and used in a number of products, including SSL, the tool Web browsers use to secure credit card forms." As implemented in PaKnPost Pro, the CipherSaber key is a randomised 20 byte key, conforming to the author's advice: "For medium security (64 bit entropy), we recommend a user key with a minimum of 15 random letters...For high security, use 20 random letters". WARNING: Files in the Holding Area are encrypted on the PaKnPost Pro server AFTER transmission from the sender's computer, and decrypted on the PaKnPost Pro server BEFORE transmission to the recipient's computer. Unless an SSL enabled PaKnPost Pro server is used, shared files will be sent UNENCRYPTED over the Internet up to and down from the PaKnPost Pro server. In this case, after encryption, files will be protected while it is in the PaKnPost Pro Holding Area, but not in transmission. To take full advantage of the privacy afforded by the encryption option, it is suggested that an SSL enabled PaKnPost Pro server be used. Once decrypted files have been collected from the Holding Area, they should be deleted by the recipient. If they are not, they will remain UNENCRYPTED in the Holding Area until the automatic cleanup time has elapsed and they are deleted. LEGAL WARNING: Using CipherSaber to encrypt files may be illegal in your country. I am not a lawyer, so if you are in doubt you should seek legal advice. There is a survey of many country's cryptography laws at http://rechten.uvt.nl/koops/cryptolaw which may be of some use, but I can't verify its correctness. ===================================================================== # Limit Size of File for Encryption When set to YES the size of files allowed to be encrypted is limited. This is useful, because there is a time overhead (affecting the user) and a computational overhead (affecting the server) in encrypting files. Default is YES. ===================================================================== # Encryption File Size Limit in MB This is the upper file size limit in megabytes. Default is 20 eg. 5.5 ===================================================================== # CPU Speed for Estimating Encryption Time (MHz or BogoMIPS) On a Linux platform, the best estimation is given using the BogoMIP CPU speed indicator, although MHz can be used. Windows platform, use MHz Linux: Read from /proc/cpuinfo, either automatically by the install script or manually by browsing to http://www.yourdomain.com/cgi-bin/pnp/cpuinfo.cgi Windows: Check CPU speed using the CHKCPU32.EXE utility available from http://web.inter.nl.net/hcc/J.Steunebrink/chkcpu.htm. If this is available in %windir%\system32, browsing to http://www.yourdomain.com/cgi-bin/pnp/cpuinfo.cgi will indicate the CPU speed in MHz CPU speed is used in conjunction with previously benchmarked (*) average encryption times for 1 MB, 5MB, 10MB and 20MB files using PII, two PIII and two P4 processors: Speed: MHz Time to Encrypt 1 byte: Seconds 334.081 0.000027656 (PII) 498.858 0.000020610 (PIII) 930.326 0.00000749 (PIII) 1495.178 0.00000664 (P4) 2400.160 0.00000424 (P4) MHz predicts encryption time well for Pentium class Intel processors, but not AMD. The arbitrary "BogoMIPS" CPU performance indicator gives better predictive reults across processors, and is used by default: Speed: BogoMIPS Time to Encrypt 1 byte: Seconds 663.07 0.000027656 (PII) 996.14 0.000020610 (PIII) 1854.66 0.00000749 (PIII) 2981.88 0.00000664 (P4) 3591.37 0.0000036 (AMD Athlon 2200+) 4784.12 0.00000424 (P4) Estimating the time to encrypt a given file is achieved using two perl modules, Interpolate.pm and IntervalSearch.pm - these are installed by default with PaKnPosT, latest versions available from CPAN: http://search.cpan.org/~bzajac/Math-Interpolate-1.05/lib/Math/Interpolate.pm http://search.cpan.org/~bzajac/Math-Interpolate-1.05/lib/Math/IntervalSearch.pm (*) Benchmarking may be fine-tuned using the scripts in the benchmarking directory and added to the samples used in select_.cgi to estimate encryption time. Decryption time (estimated in fetch.cgi) is about 86.93% of the initial time taken to encrypt a file. ===================================================================== # Allow optional user-set username/password protection for uploaded files? If this is set to YES users are given the option to enter a username and password combination which must be used by recipients to download the shared file. This is an additional layer of protection for shared files, in case the randomised Holding Area URL becomes known to an unauthorised third party. The username and password entered by the user should be communicated to the recipient(s) separately from the PaKnPost Pro notification email eg. by phone NOTE: The username and password entered by the user is CASE SENSITIVE and the recipient must enter the same username and password EXACTLY as entered by the user, or the file will not be released. ===================================================================== # Validate a graphical code to minimise automated SPAM? If set to YES the Phase 2 script will not send the notification email unless an uppercase letter sequence displayed in a graphic is correctly entered into the form. This is designed to prevent automatic processes (typically used by spammers) using the form to generate bulk emails. If set to YES, be sure to set a corresponding password ===================================================================== # Password for Anti-SPAM validation This is used to encrypt the required graphical validation code so it can't be read from the HTML form This should be any random string of 9 upper-case characters eg. AKRNFHTEB ===================================================================== # Check uploaded files for allowed file types? If set to YES, uploaded files are restricted by file type. File type is determined from both the file's extension and its MIME type. If this is set to YES: - The MIME file types perl module must be installed (it's installed by default with PaKnPosT). The latest version of MMagic.pm can be obtained from from CPAN if required: http://search.cpan.org/~knok/File-MMagic-1.22/MMagic.pm and - unzip must be installed. Get unzip from http://www.info-zip.org/pub/infozip/ ===================================================================== # Check uploaded files for viruses? If set to YES, uploaded files will be checked for malicious content This assumes clamscan anti-virus is installed Linux: clamscan: part of Clam AntiVirus http://www.clamav.net/ http://clamav.elektrapro.com/ Windows: http://www.clamwin.com/ ===================================================================== # Location of clamscan antivirus If clamscan is installed, this its location in the file system eg. Linux /usr/bin/clamscan, Windows C:\\Program Files\\Clamwin\\bin\\clamscan ===================================================================== # Directory path to the holding area This is the full path to the HTML directory where uploaded files are held while awaiting collection. eg. Linux: 1. /var/www/html/pnp/files/ 2. /home/yourusername/public_html/pnp/files/ Windows (include the drive letter and all back-slashes should be double): C:\\Program Files\\Apache Software Foundation\\Apache2.2\\htdocs\\pnp\\files\\ NOTES: 1) The owner of this directory must be the same as the user that the web server runs as. Typically in the case of Apache on Red Hat, the owner and group should be apache:apache on SuSE wwwrun:www on Debian www-data:www-data or if running out of user webspace, typically the owner should be the same as the username 2) Must INCLUDE a trailing slash after directory name 3) Windows Servers Only: Include the drive letter and all back-slashes should be double eg. C:\\Program Files\\Apache Software Foundation\\Apache2.2\\htdocs\\pnp\\files\\ 4) Make sure the URL to the holding area references the correct directory If you have access to cron on your system: 1) the clear_efiles.pl script needs to exist in the upload directory if it will be used to periodically clear files out of the holding area 2) clear_efiles.pl needs to be called once daily from cron by making a suitable crontab entry eg. Linux: 0 23 * * * /usr/bin/perl /var/www/html/pnp/files/clear_efiles.pl > /dev/null 2>&1 Windows: C:\usr\bin\perl C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\pnp\files\clear_efiles.pl otherwise, you'll have to clear old files from the Holding Area periodically to prevent the file system filling up. ===================================================================== # URL of the file holding area This is the base URL of the file holding area which will be used to publish the file's location in the notification email. NOTE 1.: It must INCLUDE a trailing slash NOTE 2.: If the PaKnPost Pro server is SSL enabled (ie. a secure server) make sure you use a https URL prefix. eg. 1. http://www.mydomain.com/pnp/files/ 2. https://www.mydomain.com/pnp/files/ 3. http://www.mydomain.com/~yourusername/pnp/files/ NOTE: Make sure this correctly references the Holding Area directory defined above ===================================================================== # Base directory URL of the PaKnPost Pro cgi-bin directory This is the CGI-BIN directory where the PaKnPost Pro files are. It is used to construct URL's which point to the PaKnPost Pro index, faq and stats scripts. Make sure this is the same as was defined in the install script. It must be entered WITHOUT domain OR trailing slash eg. 1. cgi-bin/pnp 2. ~yourusername/cgi-bin/pnp ===================================================================== # The name of the log file This will be read by the stats.cgi script to give stats on PaKnPost Pro usage over time ===================================================================== # Do you want to check for valid mail exchangers to weed out invalid email addresses? If this is set to YES, dig is used to verify that the domain portion of any given email address corresponds with a valid mail exchanger. ===================================================================== # Outbound Email method You MUST choose one of OPTION 1 or OPTION 2 EMAIL OPTION 1 Use local 'sendmail' as an MTA? If this is set to YES, sendmail (or its equivalent) will be used to send the notification email directly from the server PaKnPost Pro is installed on. NOTES: 1) Mail generated by this method is often identified to other MTA's as coming from the user id associated with the local web server eg. for Red Hat 9 this is apache@yourdomain.com 2) Windows: Assumes use of Bmail ( http://www.beyondlogic.org/solutions/cmdlinemail/cmdlinemail.htm ) in %windir%\system32 folder which passes email off to a local MTA (eg. Mercury Mail Transport System http://www.pmail.com/ ) EMAIL OPTION 2 Use an SMTP relay server? If this is set to YES, the notification email will be directed to a mail exchanger for sending. It can be an IP or Fully Qualified Domain Name (and may even be the IP of the local machine if the local machine is to be used as the relay) NOTE: Any server selected here needs to be configured to accept mail for relay from this machine ===================================================================== # Domain for email servers requiring a domain entry If you've selected EMAIL OPTION 2, some email servers require that you provide a domain name for checking eg. yourdomain.com ===================================================================== # Do you wish to enable use of a Contacts Directory of internal email addresses? A Contacts Directory may make it easier for file sharers to select a recipient's email address. A file sharer may select a recipient from the Directory, or type a recipient email address into the form by hand, but not both. If an address is selected from the directory AND an email address has been typed in, the entry selected from the Directory will be the recipient address used. WARNING: If the use of a Contacts Directory is enabled, it is STRONGLY recommended to RESTRICT the use of the Directory to networks that are INTERNAL to your organisation, or trusted, non-public networks. If access is not restricted, it may be possible for malicious public users to copy the names and email addresses of people in your Contact Directory. ===================================================================== # Do you wish to enable selection of cc addresses from Contacts Directory? If this is set to YES, file sharers may select multiple Carbon Copy recipient addresses from the Contacts Directory. A file sharer may select Cc recipient(s) from the Directory, or type a Cc recipient(s) list by hand, but not both. If addresses are selected from the Directory AND a list is typed in, the addresses selected from the Directory will be used. WARNING: If the use of a Contacts Directory is enabled, it is STRONGLY recommended to RESTRICT the use of the Directory to networks that are INTERNAL to your organisation, or trusted, non-public networks. If access is not restricted, it may be possible for malicious public users to copy the names and email addresses of people in your Contact Directory. OPTIONAL: The Contacts Directory may be created or refreshed from a corporate Exchange address list (or other LDAP address list) by using the PaKnPosT Pro LDAP Plugin. See www.paknpost.com for details. ===================================================================== # Do you wish to limit the use of the email address Contacts Directory to certain networks? When set to YES this limits access to the Contact Directory to people originating from particular network(s). List of Acceptable Network(s) can be internal LAN/WAN IP's or selected external networks. If part IP's are used, nominate the most significant network octets eg. 10.11. 192.168.0. List of Acceptable Network(s) should be IP's or part IP's each separated by a single space eg. 10.11. 192.168.0. 172.27.0.24 NOTE: If the Contacts Directory is enabled, it is STRONGLY RECOMMENDED that Acceptable Networks be restricted to networks INTERNAL to your organisation, or trusted, non-public networks. ===================================================================== # Dummy username for Confirmation emails Most corporate spam filters will rightly filter any email to a recipient from that recipient's email address. For this reason, PaKnPosT Pro uses a dummy username as the originator of Confirmation emails. This username should be allowed to pass through corporate spam filter rules. It is STRONGLY recommended that this be changed from the default paknpost username ===================================================================== # Set the maximum number of cc recipients to minimise SPAM This is the maximum number of email addresses PaKnPost Pro will carbon copy the notification email to. ===================================================================== # Blacklisted outbound email recipient usernames These are email recipients you DON'T want notification email sent to Part usernames are OK List usernames separated by a single space eg. All all postmaster admin ===================================================================== # Blacklisted inbound email originators These are usernames of people who are NOT allowed to use PaKnPost Pro # Part usernames are OK List usernames separated by a single space eg. luesr1 spammer dipstick ===================================================================== # Allowed File Extensions These are the file extensions of files which will be accepted for upload. The list is comprised of acceptable file extensions, in lowercase, WITHOUT a dot, and separated by a single space eg. ai avi dat doc dmg eps indd jpeg jpg lha log lzh mdb mde nrg pdf ppt ps psd qxd rtf sit tif tiff ttf txt vsd xls xtg zip ===================================================================== # Allowed octet-stream MIME type File Extensions These are the extensions of octet-stream MIME file types which ARE allowed. These extensions MUST also be in the Allowed File Extensions list above. The list is comprised of acceptable file extensions, in lowercase, WITHOUT a dot, and separated by a single space eg. |dmg indd iso lha lzh mdb mde nrg ===================================================================== # Plugin Directory This a randomised directory where PaKnPost Pro Plugins are managed from. It is automatically generated and NOT admin configurable ===================================================================== ########## Usage ########## ===================================================================== Direct users of PaKnPost Pro to open the page http://www.mydomain.com/pnp or http://www.mydomain.com/cgi-bin/pnp/index.cgi in a Web browser. If you have a secure web server running, you may optionally direct users to https://www.mydomain.com/pnp so that transactions are encrypted. Phase 1 Users are prompted to browse their local computer for file(s) they'd like to share. If file types are restricted, the user will see a list of acceptable filename extensions. Compressed archives are checked internally for acceptable file types. When the file is successfully uploaded, if virus checking is set, the file is scanned for potentially malicious content. Phase 2 Details of a successful upload are displayed and users are prompted for their name and email address, the email address(es) of people to be notified that there's a file to be collected and any comments they'd like to make. If graphical validation is set, the user must correctly enter the displayed graphical uppercase letter string in order to continue. If username/password is set, the user may optionally enter a username and password to further protect the shared file from unauthorised access. If this option is available and the user does NOT enter a username and password, file retrieval is NOT restricted by any username/password. If shared file encryption is set, the user is given the option to encrypt the file in its Holding Area. An indication of how long the encryption process will take is presented to the user. When the user clicks the "Email Details Now" button, a notification email is sent to the nominated recipient(s) which contains the URL and instructions for collecting the shared file. A confirmation email is also sent to the user as a receipt of the transaction. See FAQ.txt for additional usage information. =====================================================================