SMTP is the connection-oriented and text-based conversation or chatty protocol. Using netcat(nc) or telnet we can connect to STMP server or the mail exchange and send the mail if the server is accepting on insecure port on 25 otherwise use the OpenSSL command to connect to secure ports such as 465 or 587
For details about SMTP protocol refer the RFC
Before you connect to the mail exchange or SMTP server, you need to find the address of SMTP server for particular domain, we can mail exchange server location of any domain if available using command dig as follows
dig gmail.com MXAbove command returns the output something like as follows
; <<>> DiG 9.10.6 <<>> gmail.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5279 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1280 ;; QUESTION SECTION: ;gmail.com. IN MX ;; ANSWER SECTION: gmail.com. 3600 IN MX 40 alt4.gmail-smtp-in.l.google.com. gmail.com. 3600 IN MX 5 gmail-smtp-in.l.google.com. gmail.com. 3600 IN MX 20 alt2.gmail-smtp-in.l.google.com. gmail.com. 3600 IN MX 30 alt3.gmail-smtp-in.l.google.com. gmail.com. 3600 IN MX 10 alt1.gmail-smtp-in.l.google.com. ;; Query time: 114 msec ;; SERVER: 2401:4900:4fd7:15bf::3f#53(2401:4900:4fd7:15bf::3f) ;; WHEN: Tue Oct 18 00:43:46 IST 2022 ;; MSG SIZE rcvd: 161
As it is shown in the above output, we have multiple MX (Mail Exchange) servers, multiple servers are used for backup and high availability. The number prior the domain of MX server indicates the priority, lower the value higher the priority. For example gmail-smtp-in.l.google.com. is having highest priority since the priority number is the lowest among which is 5
Connect to the SMTP server using openssl using command as follows
openssl s_client -connect smtp.gmail.com:465 -crlf -ign_eof
Mail conversation after connecting to gmail SMTP server using above command
read R BLOCK 220 smtp.gmail.com ESMTP w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp HELO localhost 250 smtp.gmail.com at your service AUTH LOGIN 334 VXNlcm5hbWU6 bmVvdH****vbQo** 334 UGFzc3dvcmQ6 aWZoam****dWV*** 235 2.7.0 Accepted RCPT TO:<neotronmail@mailinator.com> 503 5.5.1 MAIL first. w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp MAIL FROM:<netron@gmail.com> 250 2.1.0 OK w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp RECPT TO:<netronmail@mailinator.com> 502 5.5.1 Unrecognized command. w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp RCPT TO:<neotronmail@mailinator.com> 250 2.1.5 OK w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp DATA 354 Go ahead w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp From: "Neo Tron" <neotron@mailinator.com> To: "Botron" <botron@mailinator.com> Subject: This is test mail Hello Neotron, Welcome to the world of mailing . 250 2.0.0 OK 1666040353 w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp QUIT 221 2.0.0 closing connection w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp read:errno=0
We need to provide the username and password in base64. Use the tool util.tools/base64 -codec to convert username and password to base64
Another example mail conversation
read R BLOCK 220 smtp.gmail.com ESMTP x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp EHLO localhost 250-smtp.gmail.com at your service, [2401:4900:4fd7:15bf:8091:314f:1989:f76a] 250-SIZE 35882577 250-8BITMIME 250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-CHUNKING 250 SMTPUTF8 AUTH LOGIN 334 VXNlcm5hbWU6 bmVvd*****o= 334 UGFzc3dvcmQ6 aWZoam****dgo= 235 2.7.0 Accepted MAIL FROM: <steventron@example.com> 250 2.1.0 OK x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp RCPT TO: <alicemarvel@example.com> 250 2.1.5 OK x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp DATA 354 Go ahead x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp From: "Captain Marvel" <captainmarvel@mailinator.com> To: "Captain Marica" <captainamerica@mailinator.com> Subject: Hello Test Mail Hi Mr, We have war to attend, wake up Thanks, . 250 2.0.0 OK 1666041755 x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp QUIT 221 2.0.0 closing connection x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp read:errno=0
Troubleshooting
- If you are using gmail, make sure you have enabled the use less secure apps
In fact, google phased out the use less secure apps feature. To be able to send mail using command line we need to create app password. To get the option of “app password” enable 2-step verification first
Set the app password and use it instead of actual username and password
Click on App Passwords, and then select the App type in the next screen
Then, select the Device Type
Then, click on generate to generate the password
If authentication is consistently failing, also check if you are using proper authentication protocol as SMTP uses and supports different authentication protocols
- PLAIN (Uses Base64 encoding)
- LOGIN (Uses Base64 encoding)
- GSSAPI (Generic Security Services Application Program Interface)
- DIGEST-MD5 (Digest access authentication)
- MD5 CRAM-MD5 OAUTH10A (OAuth 1.0a HMAC-SHA1 tokens/RFC 5849)
- OAUTHBEARER (OAuth 2.0 bearer tokens/RFC 6750)
- XOAUTH2
Authentication mechanisms supported by server is provided in the response from server in response to EHLO message
C: EHLO client.getkt.com
S: 250-smtp.getkt.com Hello client.getkt.com
S: 250 AUTH GSSAPI DIGEST-MD5 PLAINAs it is shown in the example above, server supports authentication mechanisms: GSSAPI, DIGEST-MD5 and PLAIN
Such that, check and make sure you are using appropriate authentication mechanism
Leave a Reply