====== Telnet et dialogue avec les serveurs ====== ===== SMTP ===== Tester une connection à un serveur SMTP Scenario: Your domain: mydomain.com Domain you wish to send to: theirdomain.com Sous windows pour trouver le serveur de mail * Open a CMD prompt NSLOOKUP > set q=mx > theirdomain.com Response: Non-authoritative answer: theirdomain.com MX preference = 50, mail exchanger = mail.theirdomain.com SMTP communicates over port 25. We will now try to use TELNET to connect to their mail server "mail.theirdomain.com" * Open a CMD prompt telnet mail.theirdomain.com 25 You should see something like this as a response: 220 mx.google.com ESMTP 6si6253627yxg.6 Be aware that different servers will come up with different greetings but you should get SOMETHING. If nothing comes up at this point there are 2 possible problems. Port 25 is being blocked at your firewall, or their server is not responding. Try a different domain, if that works then it's not you. Now, use simple SMTP commands to send a test email. This is very important, you CANNOT use the backspace key, it will work onscreen but not be interpreted correctly. You have to type these commands perfectly. ehlo mydomain.com mail from: rcpt to: data This is a test, please do not respond . quit So, what does that all mean? EHLO - introduce yourself to the mail server HELO can also be used but EHLO tells the server to use the extended command set (not that we're using that). MAIL FROM - who's sending the email. Make sure to place this is the greater than/less than brackets as many email servers will require this (Postini). RCPT TO - who you're sending it to. Again you need to use the brackets. See Step #4 on how to test relaying mail! DATA - tells the SMTP server that what follows is the body of your email. Make sure to hit "Enter" at the end. . - the period alone on the line tells the SMTP server you're all done with the data portion and it's clear to send the email. quit - exits the TELNET session. Step 4: Test SMTP relay Testing SMTP relay is very easy, and simply requires a small change to the above commands. See below: ehlo mydomain.com mail from: rcpt to: data This is a test, please do not respond . quit See the difference? On the RCPT TO line, we're sending to a domain that is not controlled by the SMTP server we're sending to. You will get an immediate error is SMTP relay is turned off. If you're able to continue and send an email, then relay is allowed by that server. ===== SMTP with Auth ===== To encode text to base64, use the following syntax: $ echo -n 'scottlinux.com rocks' | base64 c2NvdHRsaW51eC5jb20gcm9ja3MK To decode, use base64 -d. To decode base64, use a syntax like the following: $ echo -n c2NvdHRsaW51eC5jb20gcm9ja3MK | base64 -d scottlinux.com rocks What will be returned from each command is a base64 encoding of the username and password; save these as you will need them later. Now connect to the mail server using Telnet: telnet mailserver.com 25 Greet the mail server: EHLO mailserver.com Tell the server you want to authenticate with it: AUTH LOGIN The server should have returned 334 VXNlcm5hbWU6; this is a base64 encoded string asking you for your username, paste the base64 encoded username you created earlier, example: dXNlcm5hbWUuY29t Now the server should have returned 334 UGFzc3dvcmQ6;. Again this is a base64 encoded string now asking for your password, paste the base64 encoded password you created, example: bXlwYXNzd29yZA== Now you should have received a message telling you that you successfully authenticated. If it failed your user/pass may have been wrong or your mailserver is broken. Below is a log of a real successful SMTP AUTH connection over Telnet: user@localhost [~]# telnet exampledomain.com 25 Trying 1.1.1.1... Connected to exampledomain.com (1.1.1.1). Escape character is '^]'. 220-server1.exampledomain.com ESMTP Exim 4.66 #1 Wed, 09 May 2007 23:55:12 +0200 220-We do not authorize the use of this system to transport unsolicited, 220 and/or bulk e-mail. EHLO exampledomain.com 250-server1.exampledomain.com Hello [1.1.1.2] 250-SIZE 52428800 250-PIPELINING 250-AUTH PLAIN LOGIN 250-STARTTLS 250 HELP AUTH LOGIN 334 VXNlcm5hbWU6 dXNlcm5hbWUuY29t 334 UGFzc3dvcmQ6 bXlwYXNzd29yZA== 235 Authentication succeeded ===== HTTPS ===== $ openssl s_client -connect 192.168.0.1:443 CONNECTED(00000004) depth=0 /C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn verify error:num=18:self signed certificate verify return:1 depth=0 /C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn verify return:1 --- Certificate chain 0 s:/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn i:/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn --- Server certificate -----BEGIN CERTIFICATE----- MIICvTCCAiYCCQCp0MCxsgeZ8TANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC Q04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxJDAiBgNVBAoT G0luaGFuZCBOZXR3b3JraW5nIENvLiwgTHRkLjEMMAoGA1UECxQDUiZEMRQwEgYD VQQDEwsxOTIuMTY4LjIuMTElMCMGCSqGSIb3DQEJARYWc2hhbmR5OThAaW5oYW5k LmNvbS5jbjAeFw0wOTAzMTMwOTU2MjVaFw0xOTAzMTQwOTU2MjVaMIGiMQswCQYD VQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEkMCIG A1UEChMbSW5oYW5kIE5ldHdvcmtpbmcgQ28uLCBMdGQuMQwwCgYDVQQLFANSJkQx FDASBgNVBAMTCzE5Mi4xNjguMi4xMSUwIwYJKoZIhvcNAQkBFhZzaGFuZHk5OEBp bmhhbmQuY29tLmNuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9IRRFZ36K QAzooJCvIAT7Ooznhjjvwxum9JsuVLdYuC1KOi671iGCvZSPOXAJWK545Z3tUUxn JGrC5AmbB0XU5zK9+KOxjbeIuxFPJYhYmw7ZItGZyR/fAxt/qJuvc9A9BxyNiZQI xN8gtTTJiIydz2FYYflXmy7jN4u7gmcFfwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB AKViXs+MQ0sEStschBVsoSt86G39EBA86r0MYqpeJBv5Aciwv9SEdJr6ABTn0fKe tkxOzLUKfHPlCD4S6Gk+ZtgIvmGilXsmzjCqLq3ibQ1rx0Vq6Bg6HvQzB8dy2dpn IYtj0l8Xa2HU3AxWimzUGZvTCJXfAHlGDskhAyuhYb5G -----END CERTIFICATE----- subject=/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn issuer=/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn --- No client certificate CA names sent --- SSL handshake has read 883 bytes and written 351 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : DES-CBC3-SHA Session-ID: 0000000087FB5D10D8D9B8E3648079D0F767736105D73580F1B224F644D58AA8 Session-ID-ctx: Master-Key: 98671803A9C41143E29EA871A128F937ED1766E44307643A2433E4F19A39138D9BC2F80FA4B3708A8608475511F4436E Key-Arg : None Start Time: 1427298063 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- GET / HTTP/1.1 Host: 192.168.0.1 HTTP/1.1 408 Request Time-out Date: Wed, 25 Mar 2015 15:44:53 GMT Server: Apache Vary: Accept-Encoding Content-Length: 223 Connection: close Content-Type: text/html; charset=iso-8859-1 408 Request Time-out

Request Time-out

Server timeout waiting for the HTTP request from the client.

closed