Email ports and servers

Outgoing: e.g email leaving outlook
25 for for server to server. neither encryption nor authentication.
587 for MUA to connect, with authentication
Encryption: by STARTTLS command
Authentication: by AUTH LOGIN command. no Authentication needed on internal network
or none: just as port 25
465 smtps: SMTP over SSL, 465 is to 25 as 443 is to 80. therefore neither plain HELO nor EHLO

Incoming: e.g. Retrieval to outlook:
110 POP3 Non-Encrypted
995 POP3 over SSL
143 IMAP Internet Message Access Protocol
993 IMAP over SSL

Some programs:
msmtp: for sending. I was using this to send notifications to my gmail account.
is MUA, talking to MTA port 587 for further sending,
For example, it talks to with my login to send to
Postfix: MTA
Receive emails from MUA with authentication on port 587
Receive emails from other MTA without authentication on port 587 or 25 or 465
Send emails to other MTA
I used it to setup my own email server for
Need reverse DNS record in order to be accepted by MTA community
More detail at
ssmtp: it’s like half Pstfix, only sending no receiving
sendmail: MUA and MTA in the 1980s
mail: MUA, calls /usr/sbin/sendmail, which connects to local MTA like port 25.
mutt: MUA, read from POP/IMAP and send to local MTA


TLS Transport Layer Security is to replace SSL Secure Sockets Layer
It’s to encryt, e.g. SMTP or HTTP.
For Emai:
eSMTP Enhanced SMTP is SMTP + SSL, which introduced some new commands, including EHLO
client says: EHLO myHostName
<- options I can accept, like STARTTLS PIPELINING
client says: STARTTLS to start encrypted communication,
or AUTH LOGIN to start authentication by username and password, Base64 encoded
For web site:
SSL version can be checked by:
Chrome: pressing F12 then Security tab
command line: openssl.exe s_client -connect -tls1_2
nginx is defaulted to TLS 1.2 since 1.9.1.
if manually upgrading OpenSSL/TLS, add this line to nginx.conf
ssl_protocols TLSv1.2; this line under listen 443
check SSL version: $ openssl version ; OpenSSL 1.1.1 supports TLS v1.3


Remote desktop

In preparation for the corona virus, setting up working from home.
I have two setups: Window10 built-in Remote Desktop Connection and Vcxsrv+SSH

1. Remote Desktop: windows doesn’t need to install anything since it’s built in.
Server in office CentOS7, install xrdp
install: yum install xrdp
check: check: systemctl status xrdp sudo systemctl start xrdp
Client side Windows:
Run Remote Desktop Connection, type in server address, connect.
Choose xvnc; the option is xorg, which I didnt’ use
A new desktop shows up, which is not a clone of the local gnome desktop as vnc shows.
A pitfall: in case of VsCode, all instance of vscode on local desktop have to be closed.
Otherwise, when start vscode on “remote desktop”, vscode shows up the linux local   desktop, which is not what we want.

2. Vcxsrv+SSH this is not really desktop, but a GUI environment
Server side: no work needed
No need to manually set up $DISPLAY; sshd automatically sets it up since X11 forwarding enabled
Client side Windows:
No installation needed. Just copy two folders from internet, one for Vcxsrv and one for SSH.
Run set DISPLAY=
Run \VcXsrv\vcxsrv.exe
Run ssh.exe -X -F configFile -o UserKnownHostsFile=known_hosts MyCentOsSvrHost
-X so that this windows host doesn’t have to accept incoming x11 connection

Most articles talk about tigervnc-server. I avoided this option because it requires client to install vnc.

Terminal vs shell

Terminal is handled by the parent process of shell
$ ps -o ‘cmd=’ -p $(ps -o ‘ppid=’ -p $$) give the parent process in these circumstances:
output when SSH: sshd: rio@pts/0
output when WSL: /init ro

The flow:
Physical Line: terminal – modem – – modem – UART – tty driver – application
UART: Universal Asynchronous Receiver and Transmitter
Virtual Console: keyboard and monitor – Terminal Emulator – /dev/tty*
fullscreen controlled by CtrlAltF*,
/dev/tty1-6 are supported by kernel directly
SSH: ssh client – sshd – ptmx – pts/* – shell forked by sshd
Terminal Window: the ones launched in a window system:
same flow as SSH, just replace ssh+sshd with the grphaic terminal since no network involved.
WSL: $tty1 pts/0, therefore, similar to Terminal Window

Terminal handles the input and output of shell.
Input: e.g. translate arrow keys, translate ctrlC to SIGINT
Output: application -> tty driver in kernel -> UART
Each tty driver, e.g. ttyS0, server multiple applications
$ lsof /dev/pts/1 tells stdin stdout stderr binded to this tty as FD 0u 1u 2u
tty keeps record of Foreground process group