Validate Mail Connections with Telnet


Validating a non-SSL POP server connection

  1. telnet host port
  2. user user
  3. pass pass
LOGIN TEST:
andy@sup-jira2:/usr/local/apps/home/log$ telnet x.y.com 110
Trying 1.2.3.4...
Connected to x.y.com.
Escape character is '^]'.
+OK Dovecot (Ubuntu) ready.
user MAILUSER
+OK
pass MAILPASS
+OK Logged in.
LIST MESSAGES (after login):

Use LIST to list the messages, and then RETR (RETR 1) to view the given message

LIST
+OK 2 messages:
1 437
2 2408
.
RETR 1
+OK 437 octets
Return-Path: <root@localhost>
X-Original-To: andy@localhost
Delivered-To: andy@localhost
Received: by isoserver (Postfix, from userid 0)
	id C09044061F; Tue,  2 Dec 2014 13:15:11 +0000 (GMT)
Subject: Test
To: <andy@localhost>
X-Mailer: mail (GNU Mailutils 2.99.98)
Message-Id: <20141202131511.C09044061F@localhost>
Date: Tue,  2 Dec 2014 13:15:11 +0000 (GMT)
From: root@localhost (root)

Hi there
quick test
DELETE A mail
DELE 1
+OK Marked to be deleted.

 

QUITTING:

As we're using telnet, you can use CTRL + ] to close the connection, the mail server may also support quit

^]
telnet> quit
Connection closed.

Validating Plain SMTP

http://www.yuki-onna.co.uk/email/smtp.html

Validating SMTP with TLS

Its also possible to do telnet style interaction with a TLS secured server (this example shows that there is a server side block on the account I am logging in as)

openssl s_client -starttls smtp -connect smtp.gmail.com:587 -crlf
 
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEdjCCA16gAwIBAgIIGcMF7jeVMoAwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwNzE1MDg0MDM4WhcNMTUwNDA0MTUxNTU1
WjBoMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEXMBUGA1UEAwwOc210
cC5nbWFpbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCu4vOr
LgyNsHicxBORgO2OOfXKxEKb830NzNu6elubbf1T45GilB3fHgDQJELRydTRZilo
Efv75Ag7uRQM/M1tk+1h18wDpJZem+zFmJcs30ccBN21CnCvqsIEYJMyY3kcV4vD
x44bx6VvEAmJ9/kiFJ7xRUlCchu5YVOFoVkMaEax3UWb5Fti9pe8VgYdasuk53ae
8ZuIr4pFew9fraxOe/6LXEaPMSw622KSWpyK/GUbaAp07hV11c+LVgjlUDTgA+2k
nDigWrdb+yLL9Hv3WNLWjEAHFWhEce5QwV3SN8JLga3Rbw2N3lq9afkQtOnkJgdM
UG4xkUHGqscggMDJAgMBAAGjggFBMIIBPTAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwGQYDVR0RBBIwEIIOc210cC5nbWFpbC5jb20waAYIKwYBBQUHAQEE
XDBaMCsGCCsGAQUFBzAChh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lBRzIuY3J0
MCsGCCsGAQUFBzABhh9odHRwOi8vY2xpZW50czEuZ29vZ2xlLmNvbS9vY3NwMB0G
A1UdDgQWBBSanZBvY+Rnj0HquJmae9AJvwiCzTAMBgNVHRMBAf8EAjAAMB8GA1Ud
IwQYMBaAFErdBhYbvPZotXb1gba7Yhq6WoEvMBcGA1UdIAQQMA4wDAYKKwYBBAHW
eQIFATAwBgNVHR8EKTAnMCWgI6Ahhh9odHRwOi8vcGtpLmdvb2dsZS5jb20vR0lB
RzIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCVoGAOKZoil4sNAYvlb9uxNmWqQqyh
ql0D1bewbLxs3DSVWSe2DhPjjhdMHMTcMpB+jQzAbGxVYiuNLdqLl1Xcde7EUmo1
KJUGzTO046k+11LYVOxEXLBe5s3FF+niFJby7XFgmI3yMt4blHN5tHm/7JijL1Ip
vkcsynOnOwAEHehI1U12N0JEpkcoetM6MA8cGtn74EPTas4Npa+mTNo3seH8iY43
4L4hnsubXMhcQQ9IQMPtKuZYNUXklN/NS0f69Be+3HQRTOljtCxdpm/v/emHPjwg
/Cwu+58fZK+flQ1PQcY24Cgt7EF0R+uqo5Il3CGuCgrd4JxJNMuGcsGS
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
---
SSL handshake has read 3990 bytes and written 466 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: EC0E1D8CA1227AE9386A2104174ADA6C7CE7AB1D62A068DC50B5FE1F5B92CBEE
    Session-ID-ctx: 
    Master-Key: 4A72DA545F7AF1FB22F571F299FDDA8034691266ED34E94B7FF6DD71239B20F3CC84105C27399A2B1A61FFD5680ED231
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 100800 (seconds)
    TLS session ticket:
    0000 - d7 15 b6 8e 84 c9 af 13-f0 5d 95 16 f3 99 1e b5   .........]......
    0010 - 0d ef 79 0a ae 64 51 27-33 1e e2 d2 5b 5d 59 71   ..y..dQ'3...[]Yq
    0020 - ba cb 6d 91 1e 91 fd e2-12 2e ab 54 51 87 28 7b   ..m........TQ.({
    0030 - 92 19 de ac 62 d3 99 8a-86 2b b6 a5 85 89 b2 ce   ....b....+......
    0040 - 10 48 9b 5d 28 d8 f1 61-4e a9 b3 0c 0d ce 03 03   .H.](..aN.......
    0050 - 21 d0 fa 09 af e4 7b a7-e5 6b c2 16 c3 3a 03 ec   !.....{..k...:..
    0060 - ef 8d 8e cf de 41 ba 8c-f9 57 00 a4 24 d0 34 50   .....A...W..$.4P
    0070 - 00 c2 39 43 ec 3a f4 87-d3 d3 32 3c e6 8e 4e a9   ..9C.:....2<..N.
    0080 - ef 7e 8a 6e a1 22 1d 8a-06 97 4f 1d cc 26 9b 85   .~.n."....O..&..
    0090 - bc 3f 2a a2 cf 36 ed 6d-10 b6 39 41 98 79 34 d8   .?*..6.m..9A.y4.
    00a0 - cc 73 31 0e                                       .s1.
    Start Time: 1419973684
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
250 SMTPUTF8
HELO <andy@sol.thepluginpeople.com>
250 mx.google.com at your service
mail from: meh@gmail.com
530-5.5.1 Authentication Required. Learn more at
530 5.5.1 http://support.google.com/mail/bin/answer.py?answer=14257 ej10sm48089217wib.1 - gsmtp

Authenticating for SMTP

Once a session has been setup as above, authentication can occur with: auth login.  What happens next is a 334 code response is sent by the server, what's wanted now is a base64 encoded value of the username (AAAAAAAAAAAAAA==), JEMHC has a Base64 Encoder in the Tools section.  After hitting enter, a further 334 code response is sent, next it wants the password, also base64 encoded.  If that worked, you're now authenticated.  If not, check Common Problems.

auth login
334 VXNlcm5hbWU6
AAAAAAAAAAAAAAAAAA==
334 UGFzc3dvcmQ6
BBBBBBBBBBBBBBBBBB==
235 2.7.0 Accepted    <------------ you get this if it worked :)


Related articles