"Phone home" mail script for MS-Windows - Programmer

This is a discussion on "Phone home" mail script for MS-Windows - Programmer ; Greetings. I've got a laptop computer which I'm trying to secure against theft. I've already got insurance and a security cable, but as a last resort I'd like to set it up to "phone home" by trying to send me ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: "Phone home" mail script for MS-Windows

  1. "Phone home" mail script for MS-Windows

    Greetings.

    I've got a laptop computer which I'm trying to secure against theft. I've
    already got insurance and a security cable, but as a last resort I'd like
    to set it up to "phone home" by trying to send me an e-mail whenever it's
    activated.

    The system is dual-boot Windows XP and GNU/Linux. I use the latter almost
    exclusively, and writing my own "phone home" program is a trivial one-line
    shell script (see below). However, I expect most thieves will opt to boot
    into Windows XP. Is there any comparable batch file or free software I
    can use to have it send an e-mail upon Windows bootup? I'd rather not
    install something big and complicated like Cygwin or a C compiler just to
    port my one-line shell script. Is there some MS-Windows equivalent of the
    following I can add to my Startup folder or AUTOEXEC.BAT file?

    #!/bin/sh
    echo "Hello world" | mail -s "Phoning home" me@example.com

    Regards,
    Tristan

    --
    _
    _V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
    / |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
    (7_\\ http://www.nothingisreal.com/ >< To finish what you

  2. Re: "Phone home" mail script for MS-Windows

    >>>>> Tristan Miller writes:

    > Greetings.
    >
    > I've got a laptop computer which I'm trying to secure against theft. I've
    > already got insurance and a security cable, but as a last resort I'd like
    > to set it up to "phone home" by trying to send me an e-mail whenever it's
    > activated.
    >
    > The system is dual-boot Windows XP and GNU/Linux. I use the latter almost
    > exclusively, and writing my own "phone home" program is a trivial one-line
    > shell script (see below). However, I expect most thieves will opt to boot
    > into Windows XP. Is there any comparable batch file or free software I
    > can use to have it send an e-mail upon Windows bootup? I'd rather not
    > install something big and complicated like Cygwin or a C compiler just to
    > port my one-line shell script. Is there some MS-Windows equivalent of the
    > following I can add to my Startup folder or AUTOEXEC.BAT file?


    Since you mainly use it for Linux anyway, why not set it to boot
    directly into Linux, unless a certain key combination is pressed within
    say, a few seconds. To the thief there would be no indication that the
    machine even runs another OS, unless of course the perpetrator was familiar
    with multi-boot systems, in which case it will be too late anyway as the
    machine will already have booted and sent your email.

    > #!/bin/sh
    > echo "Hello world" | mail -s "Phoning home" me@example.com


    In your mail you obviously want to include information such as the
    connecting IP address.

    --
    Neil.
    There cannot be a crisis next week. My schedule is already full.
    -- Henry Kissinger

  3. Re: "Phone home" mail script for MS-Windows

    Greetings.

    In article <87k6b9xugu.fsf@phun.phasmic.org>, Neil Woods wrote:
    > Since you mainly use it for Linux anyway, why not set it to boot
    > directly into Linux, unless a certain key combination is pressed within
    > say, a few seconds.


    I'd rather the thief think he has a working Windows system that he can use
    or sell as-is rather than reformatting, thus destroying my phone-home
    script. That way I have a better chance of tracking the machine's
    whereabouts.

    >> #!/bin/sh
    >> echo "Hello world" | mail -s "Phoning home" me@example.com

    >
    > In your mail you obviously want to include information such as the
    > connecting IP address.


    I figure the mail server would add this information automatically.

    Regards,
    Tristan

    --
    _
    _V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
    / |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
    (7_\\ http://www.nothingisreal.com/ >< To finish what you

  4. Re: "Phone home" mail script for MS-Windows

    Tristan Miller wrote:

    > I'd rather the thief think he has a working Windows system that he can use
    > or sell as-is rather than reformatting, thus destroying my phone-home
    > script. That way I have a better chance of tracking the machine's
    > whereabouts.


    You reckon the thief will connect to the Internet before booting? Or that
    he'd sell an un-reformatted machine (that can obviously be seen to be stolen?)

    [...]

    > I figure the mail server would add this information automatically.


    How do you propose to figure out which mail server to connect to, given
    that you know nothing about the network the machine is connected to?

    You'd be far better off to write a simple Perl script that does an HTTP
    request to some Web site you own; then you can look in the logs for
    an IP address. This can be done in a couple of dozen lines of Perl, and
    should be portable across Linux and Windows. It also doesn't rely on
    a working e-mail setup. You could have it run in the background trying
    the GET request once a minute until it succeeds, so you have a better
    chance of finding the laptop when it's connected to the Internet.

    Nevertheless, the amount of security offered by such a phone-home
    script is minimal at best. You're better off password-protecting the
    boot ROM, password-protecting your boot loader, and storing any
    sensitive information on an encrypted file system. That way, if your
    laptop is stolen, all you've lost is the laptop, and laptops can always
    be replaced.

    Regards,

    David.

  5. Re: "Phone home" mail script for MS-Windows

    On Sun, 5 Mar 2006, Tristan Miller wrote:

    TM>
    TM> #!/bin/sh
    TM> echo "Hello world" | mail -s "Phoning home" me@example.com
    TM>

    I've been thinking about phoning home from my mac and that looks perfect.
    From the headers, it seems that mail uses postfix and presumably it would
    queue the mail as there would not be a network connection at bootup.

    It would be useful to put something on my wife's windows machine.
    Googling "windows command line email" looks useful and there even appear
    to be a few free ones.

    As my wife uses Eudora, I tried "windows command line email eudora" and,
    apparently, Eudora has a command line interface.

    http://www.eudora.com/developers/cmndline.html

    hmmm maybe not so useful - a brief reading indicates it queues the message
    to the outbox.


    --
    Alan

    ( If replying by mail, please note that all "sardines" are canned.
    There is also a password autoresponder but, unless this a very
    old message, a "tuna" will swim right through. )


  6. Re: "Phone home" mail script for MS-Windows

    Tristan Miller wrote:
    [deleted]
    > Is there any comparable batch file or free software I
    > can use to have it send an e-mail upon Windows bootup? I'd rather not
    > install something big and complicated like Cygwin or a C compiler just to
    > port my one-line shell script. Is there some MS-Windows equivalent of the
    > following I can add to my Startup folder or AUTOEXEC.BAT file?
    >
    > #!/bin/sh
    > echo "Hello world" | mail -s "Phoning home" me@example.com


    I agree with the others that something like this is of very little use
    for your intended purpose, but ...

    In the recent (February 22) posting "Re: Where : Free sendmail portage
    for Win32 ?" () in this
    group, this was mentioned:



    See also my responses in that thread, especially those about ssmtp and
    how to run it without (full) Cygwin.

    I hope this helps.

  7. Re: "Phone home" mail script for MS-Windows

    Greetings.

    In article <4YidnQlQnMaMYpfZnZ2dnUVZ_t-dnZ2d@magma.ca>, David F. Skoll
    wrote:

    > Tristan Miller wrote:
    >
    >> I'd rather the thief think he has a working Windows system that he can
    >> use or sell as-is rather than reformatting, thus destroying my
    >> phone-home
    >> script. That way I have a better chance of tracking the machine's
    >> whereabouts.

    >
    > You reckon the thief will connect to the Internet before booting?


    It doesn't matter when he connects to the Internet. The mail sent at
    bootup will be placed in the queue and sent out when an Internet
    connection is established. At least, it will with GNU/Linux. I am
    assuming that Windows, if it has an equivalent of "mail", will work the
    same way.

    > Or
    > that he'd sell an un-reformatted machine (that can obviously be seen to
    > be stolen?)


    Yep, there are plenty of small-time or opportunistic-only thieves who
    aren't likely to think to format the machine before using or selling it.

    > How do you propose to figure out which mail server to connect to, given
    > that you know nothing about the network the machine is connected to?


    I can have it connect to my own mail server.

    > You'd be far better off to write a simple Perl script that does an HTTP
    > request to some Web site you own; then you can look in the logs for
    > an IP address. This can be done in a couple of dozen lines of Perl, and
    > should be portable across Linux and Windows.


    Yeah, that would work as well, though it would require sifting through
    server logs rather than simply checking my e-mail.

    > Nevertheless, the amount of security offered by such a phone-home
    > script is minimal at best. You're better off password-protecting the
    > boot ROM, password-protecting your boot loader, and storing any
    > sensitive information on an encrypted file system. That way, if your
    > laptop is stolen, all you've lost is the laptop, and laptops can always
    > be replaced.


    I don't have any particularly sensitive information on my laptop which is
    not protected with OpenPGP, and I make regular offline backups. My plan
    is therefore not about security, but recovering stolen hardware.

    Regards,
    Tristan

    --
    _
    _V.-o Tristan Miller [en,(fr,de,ia)] >< Space is limited
    / |`-' -=-=-=-=-=-=-=-=-=-=-=-=-=-=-= <> In a haiku, so it's hard
    (7_\\ http://www.nothingisreal.com/ >< To finish what you

  8. Re: "Phone home" mail script for MS-Windows

    >>>>> Tristan Miller writes:

    >> How do you propose to figure out which mail server to connect to, given
    >> that you know nothing about the network the machine is connected to?

    >
    > I can have it connect to my own mail server.


    This would not work if the gateway ISP forwards port 25 connections to
    their own SMTP server, which many do. Does your mail server listen on a
    non-standard port or use port 587 (submission - RFC2476)?

    >> You'd be far better off to write a simple Perl script that does an HTTP
    >> request to some Web site you own; then you can look in the logs for
    >> an IP address. This can be done in a couple of dozen lines of Perl, and
    >> should be portable across Linux and Windows.


    This is a much better idea.

    > Yeah, that would work as well, though it would require sifting through
    > server logs rather than simply checking my e-mail.


    If you configure your perl script to use a unique User-Agent header,
    this can be very quickly detected by using a program such as logcheck,
    which can be setup to mail you as soon as this header is picked up in
    the logs.

    --
    Neil.
    The one day you'd sell your soul for something, souls are a glut.

  9. Re: "Phone home" mail script for MS-Windows

    Tristan Miller wrote:
    > Greetings.
    >
    > In article <4YidnQlQnMaMYpfZnZ2dnUVZ_t-dnZ2d@magma.ca>, David F. Skoll
    > wrote:
    >
    > > Tristan Miller wrote:
    > >
    > >> I'd rather the thief think he has a working Windows system that he can
    > >> use or sell as-is rather than reformatting, thus destroying my
    > >> phone-home
    > >> script. That way I have a better chance of tracking the machine's
    > >> whereabouts.

    > >
    > > You reckon the thief will connect to the Internet before booting?

    >
    > It doesn't matter when he connects to the Internet. The mail sent at
    > bootup will be placed in the queue and sent out when an Internet
    > connection is established. At least, it will with GNU/Linux. I am
    > assuming that Windows, if it has an equivalent of "mail", will work the
    > same way.


    *Windows* will not queue outgoing e-mail. It doesn't even know what
    e-mail *is*. Only a 'mailer' (MUA) like Outlook Express knows what
    e-mail is, but you don't want to use *its* 'queue' (Outbox), because
    it's in plain sight. In order to *queue*, you do not only need a MSA
    (Mail Submission Agent) like "sendmail -t", but also a MTA (Mail
    Transfer Agent) a.k.a. mail*server*, like full-blown sendmail.

    As I said before, ssmtp or the mentioned "sendmail -t" clone can do
    the MSA part, but for the MTA part will be bigger, for example Exim
    (sendmail look-alike), which needs (at least part of) Cygwin.

    > > Or
    > > that he'd sell an un-reformatted machine (that can obviously be seen to
    > > be stolen?)

    >
    > Yep, there are plenty of small-time or opportunistic-only thieves who
    > aren't likely to think to format the machine before using or selling it.
    >
    > > How do you propose to figure out which mail server to connect to, given
    > > that you know nothing about the network the machine is connected to?

    >
    > I can have it connect to my own mail server.


    Many ISPs, especially consumer-grade ones, *block* the standard
    outgoing (and incoming) SMTP port, so, as Neil also mentioned, you will
    have to use another port.

    [deleted]

  10. Re: "Phone home" mail script for MS-Windows

    Tristan Miller wrote:

    > It doesn't matter when he connects to the Internet. The mail sent at
    > bootup will be placed in the queue and sent out when an Internet
    > connection is established. At least, it will with GNU/Linux.


    :-) Not with Windows, unless you install a proper MTA.

    > Yep, there are plenty of small-time or opportunistic-only thieves who
    > aren't likely to think to format the machine before using or selling it.


    You will achieve better security for much less hassle by doing what I
    do: Buy an engraving tool and engrave your name, address and phone
    number on the laptop case.

    [About suggestion to do background HTTP requests]

    > Yeah, that would work as well, though it would require sifting through
    > server logs rather than simply checking my e-mail.


    Well, presumably the URL it hits could be a CGI that e-mails you...

    [...]

    > I don't have any particularly sensitive information on my laptop which is
    > not protected with OpenPGP, and I make regular offline backups. My plan
    > is therefore not about security, but recovering stolen hardware.


    Probably not worth it. Just insure your laptop, do normal sensible
    things, and don't worry about it.

    Regards,

    David.

+ Reply to Thread