Telnet et dialogue avec les serveurs

Tester une connection à un serveur SMTP

Scenario: Your domain: mydomain.com Domain you wish to send to: theirdomain.com

Sous windows pour trouver le serveur de mail * Open a CMD prompt

NSLOOKUP 
> set q=mx 
> theirdomain.com 
Response: 
Non-authoritative answer: 
theirdomain.com MX preference = 50, mail exchanger = mail.theirdomain.com

SMTP communicates over port 25. We will now try to use TELNET to connect to their mail server “mail.theirdomain.com”

* Open a CMD prompt

telnet mail.theirdomain.com 25

You should see something like this as a response:

220 mx.google.com ESMTP 6si6253627yxg.6

Be aware that different servers will come up with different greetings but you should get SOMETHING. If nothing comes up at this point there are 2 possible problems. Port 25 is being blocked at your firewall, or their server is not responding. Try a different domain, if that works then it’s not you.

Now, use simple SMTP commands to send a test email. This is very important, you CANNOT use the backspace key, it will work onscreen but not be interpreted correctly. You have to type these commands perfectly.

ehlo mydomain.com 
mail from:<martin9700@mydomain.com> 
rcpt to:<recipient@theirdomain.com> 
data 
This is a test, please do not respond 
. 
quit

So, what does that all mean? EHLO - introduce yourself to the mail server HELO can also be used but EHLO tells the server to use the extended command set (not that we’re using that).

MAIL FROM - who’s sending the email. Make sure to place this is the greater than/less than brackets as many email servers will require this (Postini).

RCPT TO - who you’re sending it to. Again you need to use the brackets. See Step #4 on how to test relaying mail!

DATA - tells the SMTP server that what follows is the body of your email. Make sure to hit “Enter” at the end.

. - the period alone on the line tells the SMTP server you’re all done with the data portion and it’s clear to send the email.

quit - exits the TELNET session.

Step 4: Test SMTP relay

Testing SMTP relay is very easy, and simply requires a small change to the above commands. See below:

ehlo mydomain.com 
mail from:<martin9700@mydomain.com> 
rcpt to:<recipient@someotherdomain.com> 
data 
This is a test, please do not respond 
. 
quit

See the difference? On the RCPT TO line, we’re sending to a domain that is not controlled by the SMTP server we’re sending to. You will get an immediate error is SMTP relay is turned off. If you’re able to continue and send an email, then relay is allowed by that server.

To encode text to base64, use the following syntax:

$ echo -n 'scottlinux.com rocks' | base64
c2NvdHRsaW51eC5jb20gcm9ja3MK

To decode, use base64 -d. To decode base64, use a syntax like the following:

$ echo -n c2NvdHRsaW51eC5jb20gcm9ja3MK | base64 -d
scottlinux.com rocks

What will be returned from each command is a base64 encoding of the username and password; save these as you will need them later. Now connect to the mail server using Telnet:

telnet mailserver.com 25

Greet the mail server:

EHLO mailserver.com

Tell the server you want to authenticate with it:

AUTH LOGIN

The server should have returned 334 VXNlcm5hbWU6; this is a base64 encoded string asking you for your username, paste the base64 encoded username you created earlier, example:

dXNlcm5hbWUuY29t

Now the server should have returned 334 UGFzc3dvcmQ6;. Again this is a base64 encoded string now asking for your password, paste the base64 encoded password you created, example:

bXlwYXNzd29yZA==

Now you should have received a message telling you that you successfully authenticated. If it failed your user/pass may have been wrong or your mailserver is broken.

Below is a log of a real successful SMTP AUTH connection over Telnet:

user@localhost [~]# telnet exampledomain.com 25
Trying 1.1.1.1...
Connected to exampledomain.com (1.1.1.1).
Escape character is '^]'.
220-server1.exampledomain.com ESMTP Exim 4.66 #1 Wed, 09 May 2007 23:55:12 +0200
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
EHLO exampledomain.com
250-server1.exampledomain.com Hello  [1.1.1.2]
250-SIZE 52428800
250-PIPELINING
250-AUTH PLAIN LOGIN
250-STARTTLS
250 HELP
AUTH LOGIN
334 VXNlcm5hbWU6
dXNlcm5hbWUuY29t
334 UGFzc3dvcmQ6
bXlwYXNzd29yZA==

235 Authentication succeeded

$ openssl s_client -connect 192.168.0.1:443

CONNECTED(00000004)
depth=0 /C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
   i:/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvTCCAiYCCQCp0MCxsgeZ8TANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
Q04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxJDAiBgNVBAoT
G0luaGFuZCBOZXR3b3JraW5nIENvLiwgTHRkLjEMMAoGA1UECxQDUiZEMRQwEgYD
VQQDEwsxOTIuMTY4LjIuMTElMCMGCSqGSIb3DQEJARYWc2hhbmR5OThAaW5oYW5k
LmNvbS5jbjAeFw0wOTAzMTMwOTU2MjVaFw0xOTAzMTQwOTU2MjVaMIGiMQswCQYD
VQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEkMCIG
A1UEChMbSW5oYW5kIE5ldHdvcmtpbmcgQ28uLCBMdGQuMQwwCgYDVQQLFANSJkQx
FDASBgNVBAMTCzE5Mi4xNjguMi4xMSUwIwYJKoZIhvcNAQkBFhZzaGFuZHk5OEBp
bmhhbmQuY29tLmNuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9IRRFZ36K
QAzooJCvIAT7Ooznhjjvwxum9JsuVLdYuC1KOi671iGCvZSPOXAJWK545Z3tUUxn
JGrC5AmbB0XU5zK9+KOxjbeIuxFPJYhYmw7ZItGZyR/fAxt/qJuvc9A9BxyNiZQI
xN8gtTTJiIydz2FYYflXmy7jN4u7gmcFfwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AKViXs+MQ0sEStschBVsoSt86G39EBA86r0MYqpeJBv5Aciwv9SEdJr6ABTn0fKe
tkxOzLUKfHPlCD4S6Gk+ZtgIvmGilXsmzjCqLq3ibQ1rx0Vq6Bg6HvQzB8dy2dpn
IYtj0l8Xa2HU3AxWimzUGZvTCJXfAHlGDskhAyuhYb5G
-----END CERTIFICATE-----
subject=/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
issuer=/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
---
No client certificate CA names sent
---
SSL handshake has read 883 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DES-CBC3-SHA
    Session-ID: 0000000087FB5D10D8D9B8E3648079D0F767736105D73580F1B224F644D58AA8
    Session-ID-ctx: 
    Master-Key: 98671803A9C41143E29EA871A128F937ED1766E44307643A2433E4F19A39138D9BC2F80FA4B3708A8608475511F4436E
    Key-Arg   : None
    Start Time: 1427298063
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

GET / HTTP/1.1
Host: 192.168.0.1

HTTP/1.1 408 Request Time-out
Date: Wed, 25 Mar 2015 15:44:53 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 223
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>408 Request Time-out</title>
</head><body>
<h1>Request Time-out</h1>
<p>Server timeout waiting for the HTTP request from the client.</p>
</body></html>
closed