Telnet et dialogue avec les serveurs

Tester une connection à un serveur SMTP

Scenario: Your domain: mydomain.com Domain you wish to send to: theirdomain.com

Sous windows pour trouver le serveur de mail * Open a CMD prompt

NSLOOKUP 
> set q=mx 
> theirdomain.com 
Response: 
Non-authoritative answer: 
theirdomain.com MX preference = 50, mail exchanger = mail.theirdomain.com

SMTP communicates over port 25. We will now try to use TELNET to connect to their mail server “mail.theirdomain.com”

* Open a CMD prompt

telnet mail.theirdomain.com 25

You should see something like this as a response:

220 mx.google.com ESMTP 6si6253627yxg.6

Be aware that different servers will come up with different greetings but you should get SOMETHING. If nothing comes up at this point there are 2 possible problems. Port 25 is being blocked at your firewall, or their server is not responding. Try a different domain, if that works then it’s not you. Now, use simple SMTP commands to send a test email. This is very important, you CANNOT use the backspace key, it will work onscreen but not be interpreted correctly. You have to type these commands perfectly.

ehlo mydomain.com 
mail from:<martin9700@mydomain.com> 
rcpt to:<recipient@theirdomain.com> 
data 
This is a test, please do not respond 
. 
quit

So, what does that all mean? EHLO - introduce yourself to the mail server HELO can also be used but EHLO tells the server to use the extended command set (not that we’re using that).

MAIL FROM - who’s sending the email. Make sure to place this is the greater than/less than brackets as many email servers will require this (Postini).

RCPT TO - who you’re sending it to. Again you need to use the brackets. See Step #4 on how to test relaying mail!

DATA - tells the SMTP server that what follows is the body of your email. Make sure to hit “Enter” at the end.

. - the period alone on the line tells the SMTP server you’re all done with the data portion and it’s clear to send the email.

quit - exits the TELNET session.

Step 4: Test SMTP relay

Testing SMTP relay is very easy, and simply requires a small change to the above commands. See below:

ehlo mydomain.com 
mail from:<martin9700@mydomain.com> 
rcpt to:<recipient@someotherdomain.com> 
data 
This is a test, please do not respond 
. 
quit

See the difference? On the RCPT TO line, we’re sending to a domain that is not controlled by the SMTP server we’re sending to. You will get an immediate error is SMTP relay is turned off. If you’re able to continue and send an email, then relay is allowed by that server.

$ openssl s_client -connect 192.168.0.1:443

CONNECTED(00000004)
depth=0 /C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
verify return:1
---
Certificate chain
 0 s:/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
   i:/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICvTCCAiYCCQCp0MCxsgeZ8TANBgkqhkiG9w0BAQUFADCBojELMAkGA1UEBhMC
Q04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0JlaWppbmcxJDAiBgNVBAoT
G0luaGFuZCBOZXR3b3JraW5nIENvLiwgTHRkLjEMMAoGA1UECxQDUiZEMRQwEgYD
VQQDEwsxOTIuMTY4LjIuMTElMCMGCSqGSIb3DQEJARYWc2hhbmR5OThAaW5oYW5k
LmNvbS5jbjAeFw0wOTAzMTMwOTU2MjVaFw0xOTAzMTQwOTU2MjVaMIGiMQswCQYD
VQQGEwJDTjEQMA4GA1UECBMHQmVpamluZzEQMA4GA1UEBxMHQmVpamluZzEkMCIG
A1UEChMbSW5oYW5kIE5ldHdvcmtpbmcgQ28uLCBMdGQuMQwwCgYDVQQLFANSJkQx
FDASBgNVBAMTCzE5Mi4xNjguMi4xMSUwIwYJKoZIhvcNAQkBFhZzaGFuZHk5OEBp
bmhhbmQuY29tLmNuMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9IRRFZ36K
QAzooJCvIAT7Ooznhjjvwxum9JsuVLdYuC1KOi671iGCvZSPOXAJWK545Z3tUUxn
JGrC5AmbB0XU5zK9+KOxjbeIuxFPJYhYmw7ZItGZyR/fAxt/qJuvc9A9BxyNiZQI
xN8gtTTJiIydz2FYYflXmy7jN4u7gmcFfwIDAQABMA0GCSqGSIb3DQEBBQUAA4GB
AKViXs+MQ0sEStschBVsoSt86G39EBA86r0MYqpeJBv5Aciwv9SEdJr6ABTn0fKe
tkxOzLUKfHPlCD4S6Gk+ZtgIvmGilXsmzjCqLq3ibQ1rx0Vq6Bg6HvQzB8dy2dpn
IYtj0l8Xa2HU3AxWimzUGZvTCJXfAHlGDskhAyuhYb5G
-----END CERTIFICATE-----
subject=/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
issuer=/C=CN/ST=Beijing/L=Beijing/O=Inhand Networking Co., Ltd./OU=R&D/CN=192.168.2.1/emailAddress=shandy98@inhand.com.cn
---
No client certificate CA names sent
---
SSL handshake has read 883 bytes and written 351 bytes
---
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DES-CBC3-SHA
    Session-ID: 0000000087FB5D10D8D9B8E3648079D0F767736105D73580F1B224F644D58AA8
    Session-ID-ctx: 
    Master-Key: 98671803A9C41143E29EA871A128F937ED1766E44307643A2433E4F19A39138D9BC2F80FA4B3708A8608475511F4436E
    Key-Arg   : None
    Start Time: 1427298063
    Timeout   : 300 (sec)
    Verify return code: 18 (self signed certificate)
---

GET / HTTP/1.1
Host: 192.168.0.1

HTTP/1.1 408 Request Time-out
Date: Wed, 25 Mar 2015 15:44:53 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 223
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>408 Request Time-out</title>
</head><body>
<h1>Request Time-out</h1>
<p>Server timeout waiting for the HTTP request from the client.</p>
</body></html>
closed