cole24_
Photo credit: cole24_
del.icio.us Digg DZone Reddit StumbleUpon
1 | 2 | Next »
System Administration

SMTP and SMTP-AUTH

by Willie Wheeler
Monday, May 5, 2008
This article explains the basics of the Simple Mail Transport Protocol (SMTP) and its extension, SMTP-AUTH.

This article explains the basics of the Simple Mail Transport Protocol (SMTP) and its extension, SMTP-AUTH. SMTP is the de facto standard application layer protocol for sending e-mail across the Internet, and SMTP-AUTH augments SMTP by supporting client authentication, which allows clients to use an SMTP server as an e-mail relay.

If you haven't played with SMTP over telnet before, it's entertaining and possibly even eye-opening. You'll learn how spammers use SMTP and SMTP-AUTH to achieve their nefarious ends. Hopefully you won't use it for that but this article explains enough of SMTP that you'll understand how to use and abuse it.

WARNING: OUR TELNET SESSION IS NOT ENCRYPTED. Even though we use base64 encoding to send the username/password pair to the server, base64 is not encryption. It prevents casual observers from seeing your password, but it can easily be reversed and hence you are basically sending your password in the clear. If you manually start a telnet session such as the one below (and do so only if you are comfortable that you understand the risks involved), I strongly suggest changing your password on the SMTP server immediately afterward.

Send yourself an e-mail from <insert_sith_lord_here>

Have you ever wanted to receive an e-mail from your favorite Sith Lord? Let's open up a telnet session that does just that. To do that you will need an SMTP server, which as mentioned above allows you to send e-mail over the Internet. You will also need to know your username and password for the SMTP server as most SMTP servers require that. You can get the SMTP server's host and port from your ISP, and presumably you set the username and password up with your ISP as well.

$ telnet smtp.example.com 25

S: 220 smtp.example.com ESMTP Sendmail 8.13.8/8.13.6; Thu, 27 Mar 2008 23:14:59 -0700

C: EHLO wheelersoftware.com

S: 250-smtp.example.com Hello wheelersoftware.com [204.13.10.15], pleased to meet you
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-EXPN
S: 250-VERB
S: 250-8BITMIME
S: 250-SIZE 20000000
S: 250-DSN
S: 250-ETRN
S: 250-AUTH LOGIN PLAIN
S: 250-STARTTLS
S: 250-DELIVERBY
S: 250 HELP

C: AUTH LOGIN

S: 334 VXNlcm5hbWU6

C: d2lsbGll

S: 334 UGFzc3dvcmQ6

C: ZnVuc210cA==

S: 235 2.0.0 OK Authenticated

C: MAIL FROM:<darth.vader@deathstar.com>

S: 250 2.1.0 <darth.vader@deathstar.com>... Sender ok

C: RCPT TO:<willie@example.com>

S: 250 2.1.5 <willie@example.com>... Recipient ok

C: DATA

S: 354 Enter mail, end with "." on a line by itself

C: Date: Thu, 27 Mar 2008 23:12:49 -0700 (MST)
C: From: darth.vader@deathstar.com
C: To: willie@example.com
C: Subject: Great article
C: 
C: Hi Willie,
C: I enjoyed your article on TCP/IP-based application protocols.
C: Join me, and together we can rule the galaxy as father and son.
C: Darth Vader
C: .

S: 250 2.0.0 m2S6ExD6029743 Message accepted for delivery

C: QUIT

S: 221 2.0.0 smtp.example.com closing connection

[The server closes the connection]
Social bookmarks: del.icio.us Digg DZone Reddit StumbleUpon
1 | 2 | Next »

Comments (5)

Thanks for the article. It helped me prove to a third party vendor that our mail servers were okay and the problem laid elsewhere. Would have never been able to do it without your descriptive and plain english article.

Thanks again, Bill

By Bill Forsyth, III on Jun 5, 2009 at 10:39 AM PDT

Oh, forgot to mention. Your link to a base64 encoder/decoder is broken. For anybody else reading this article, there are many of the out there, but here's one I found that worked for me:

http://www.motobit.com/util/base64-decoder-encoder.asp

Bill

By Bill Forsyth, III on Jun 5, 2009 at 10:43 AM PDT

Hi All,

thanks the article it was very helpful :-) I have a problem, i will try to forward a mail with telnet but i can't :-( How to forward an email from telnet?

By somi on Oct 13, 2009 at 2:54 AM PDT

@somi: The example in the article is a telnet session, and indeed telnet is a generic client so there's nothing about telnet itself that would be causing the problem here. It may be something else, such as mistyping information in your telnet session, spam filters on the receiving end detecting that the e-mail looks a little off, etc.

By Willie Wheeler on Nov 9, 2009 at 10:46 PM PST

The Pandora pandora schmuck myth first Pandora Armreifenappears in lines Pandora Halsketten of Hesiod's poem in Pandora Charms epic meter, the Theogony (ca. 8th?7th centuries BC), without ever giving the woman a name. After humans Pandora Sets have received thethe myth is a rosetta stone kind of theodicy, addressing the question pop information, web easy get, sports fashion, news-fashionof why there is evil in the world. In the seventh hot-winter century BC, Hesiod, both in his Theogony (briefly, without naming Pandora outright rosetta stone language, rosetta stone spanish, abercrombie and fitch, Abercrombie Fitch

By pandora schmuck on Aug 30, 2010 at 11:42 PM PDT

Post a comment

Your name:
Your e-mail address (won't be displayed):
Your web site (optional):
example: www.xyz.com
Your comment:
Preview:
By You
Please help us reduce comment spam:
Spring Annotations RefCard
Check out the new DZone Spring Annotations Refcard by Craig Walls!

What's New?

2009-08-30 - Check out my two-part series on DZone: Spring Integration: A Hands-On Tutorial.
2009-03-25 - My new article Getting Started with Spring Batch 2.0 is available on DZone.
Home | Consulting | Tech Articles | Mailing List | Contact | Spring Blog
Copyright © 2008 Wheeler Software, LLC.