This post demonstrates a procedure to test SMTP transport from a terminal window using Gmail's SMTP server. The idea, of course can be applied to other SMTP servers.
Gmail's SMTP server's setting on the client side at present is as follows,
Outgoing Mail (SMTP) Server - Requires TLS
smtp.gmail.com
Port: 465 or 587
Requires SSL: Yes
Requires authentication: Yes
This server is Gmail's SMTP MSA. Based on the setting above, we shall do the following.
- First, we need to be able to communicate with the server at smtp.gmail.com using TLS, for which we will use OpenSSL.
- Second, we will have to be able to authenticate with the SMTP server, for which we will use SASL.
The above are availalbe in most Linux distributions. The following steps are tested on a Ubuntu 14.04 machine.
- Open a Linux terminal.
-
Install OpenSSL and SASL-bin packages
sudo apt-get install openssl sasl2-bin
-
Select an authentication method and generate an authentication string. Assume your Gmail e-mail address is
foo.somebody@gmail.com
with passwordsecretestring
and your choose thePLAIN
authentication method. We can use thegen-auth
tool in the SASL-bin package to generate the authentication string as follows,
The output is a hash string as shown below,gen-auth PLAIN foo.somebody@gmail.com secretestring
This hash string will be used in next step.Auth String: AGdyYXkuY2hlbmh1aUBnbWFpbC5jb20Ac3Q5OTg4IUAj
By the way, you can actually find out what authentication method a SMTP server supports in the steps follows. You can always run the steps to find it out and then generate the authentication string. -
Using openssl to establish a secure connection to Gmail's SMTP server at smtp.gmail.com at port 465
The last line of the output of the above operation will be something as follows,openssl s_client -crlf -connect smtp.gmail.com:465
At this point, we will send a220 mx.google.com ESMTP e23sm3343567vdk.23 - gsmtp
EHLO
message to the SMTP server. In the following, we assume that your domain issomesubdomain.somedomain
and your IP address is10.0.2.15
.
The output will resemble something below,EHLO somesubdomain.somedomain
The message contains the line250-mx.google.com at your service, [10.0.2.15] 250-SIZE 35882577 250-8BITMIME 250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8
which indicates what authentication method you may use. As discussed above, we use the250-AUTH LOGIN PLAIN XOAUTH XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER
PLAIN
method and have already obtained the authentication string. We can now authenticate with the SMTP server using the authentication string. -
We now authenticate with the server by sending an
AUTH
message as follows,
At this point, you should be successfully authenticated as indicated by the acknowledgement from the SMTP server below,AUTH PLAIN AGdyYXkuY2hlbmh1aUBnbWFpbC5jb20Ac3Q5OTg4IUAj
You can now start a converstation with the SMTP server similar to the Wikipedia example.235 2.7.0 Accepted
-
Below is a converstation with the SMTP server to send a short e-mail to
friend.of.somebody@somesubdomain.somedomain
and copy the email toanother.friend.of.somebody@somesubdomain.somedomain
. Note that the lines starting with "C:
" are what you, a client of the SMTP server would enter and the lines starting with "S:
" are what the SMTP server would output. Obviously, "C:
" should not be part of your input.
Note in the above,C: mail from:<foo.somebody@gmail.com> S: 250 2.1.0 OK ki9sm3203907vdb.16 - gsmtp C: rcpt to:<friend.of.somebody@somesubdomain.somedomain> S: 250 2.1.5 OK ki9sm3203907vdb.16 - gsmtp C: data S: 354 Go ahead ki8sm3602907vdb.16 - gsmtp C: From: "foo somebody" <foo.somebody@gmail.com> C: To: "Friend of Somebody" <friend.of.somebody@somesubdomain.somedomain> C: Cc: "Another Friend" <other.friend.of.somebody@somesubdomain.somedomain> C: Date: Wed, 12 November 2014 17:29:43 -0500 C: Subject: Test Message from Command Line C: hello friend, C: C: reply me please. I am testing smtp server. C: C: thanks. C: C: your friend C: C: . C: S: 250 2.0.0 OK 1415831485 ki9sm3203907vdb.16 - gsmtp C: quit S: 221 2.0.0 closing connection ki9sm3203907vdb.16 - gsmtp OpenSSL: read:errno=0
-
"
read:errno=0
" is an output fromopenssl
rather than an output from the SMTP server. -
The blank lines above, i.e, the lines of "
C:
" indicate that you will enter a new line. -
The end of conversation is marked with "
<CRLF>.<CRLF>
". See the last ".
" in the above converstation. The "-crlf
" provided in the "openssl s_client
" command line is to convert a line feed to a<CRLF>
, a carriage return followed by a line feed. -
An important item to note is that the "
openssl s_client
" has the following behavior as described in the manual page of "s_client
" that you may view using "man s_client
" as follows,
If a connection is established with an SSL server then any data received from the server is displayed and any key presses will be sent to the server. When used interactively (which means neither -quiet nor -ign_eof have been given), the session will be renegotiated if the line begins with an R, and if the line begins with a Q or if end of file is reached, the connection will be closed down.
which means that you cannot use letterR
andQ
in the entire interactive openssl session. If you useR
, such as typeRCPT TO: ...
instead of what is shown in the above, you will encounter an error as follows even though SMTP treats the same.C: R
CPT TO:<friend.of.somebody@somesubdomain.somedomain>
OpenSSL: RENEGOTIATING OpenSSL: 3073996476:error:1409E0E5:SSLroutines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
-
"
Acknowledgement
The following web posts were excellent references for writing this post,- The post here led me to SASL and subsequently the SASL-bin package for the generation of authentication strings.
- The posts here and here helped me figure out the "
RENEGOTIATING
" feature of "openssl s_client
No comments:
Post a Comment