getKT

Send Mail Using Command Line with Command OpenSSL

neotam Avatar
neotam
Send Mail Using Command Line with Command OpenSSL
Posted on :

Tags :

, , ,

SMTP is the connection-oriented and text-based conversation or chatty protocol. Using netcat(nc) or telnet we can connect to STMP server or the mail exchange and send the mail if the server is accepting on insecure port on 25 otherwise use the OpenSSL command to connect to secure ports such as 465 or 587

For details about SMTP protocol refer the RFC

Before you connect to the mail exchange or SMTP server, you need to find the address of SMTP server for particular domain, we can mail exchange server location of any domain if available using command dig as follows

dig gmail.com MX

Above command returns the output something like as follows

; <<>> DiG 9.10.6 <<>> gmail.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5279
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;gmail.com.			IN	MX

;; ANSWER SECTION:
gmail.com.		3600	IN	MX	40 alt4.gmail-smtp-in.l.google.com.
gmail.com.		3600	IN	MX	5 gmail-smtp-in.l.google.com.
gmail.com.		3600	IN	MX	20 alt2.gmail-smtp-in.l.google.com.
gmail.com.		3600	IN	MX	30 alt3.gmail-smtp-in.l.google.com.
gmail.com.		3600	IN	MX	10 alt1.gmail-smtp-in.l.google.com.

;; Query time: 114 msec
;; SERVER: 2401:4900:4fd7:15bf::3f#53(2401:4900:4fd7:15bf::3f)
;; WHEN: Tue Oct 18 00:43:46 IST 2022
;; MSG SIZE  rcvd: 161

As it is shown in the above output, we have multiple MX (Mail Exchange) servers, multiple servers are used for backup and high availability. The number prior the domain of MX server indicates the priority, lower the value higher the priority. For example gmail-smtp-in.l.google.com. is having highest priority since the priority number is the lowest among which is 5

Connect to the SMTP server using openssl using command as follows

openssl s_client -connect smtp.gmail.com:465 -crlf -ign_eof

Mail conversation after connecting to gmail SMTP server using above command

read R BLOCK
220 smtp.gmail.com ESMTP w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
HELO localhost
250 smtp.gmail.com at your service
AUTH LOGIN
334 VXNlcm5hbWU6
bmVvdH****vbQo**
334 UGFzc3dvcmQ6
aWZoam****dWV***
235 2.7.0 Accepted
RCPT TO:<neotronmail@mailinator.com>
503 5.5.1 MAIL first. w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
MAIL FROM:<netron@gmail.com>
250 2.1.0 OK w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
RECPT TO:<netronmail@mailinator.com>
502 5.5.1 Unrecognized command. w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
RCPT TO:<neotronmail@mailinator.com>
250 2.1.5 OK w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
DATA
354  Go ahead w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
From: "Neo Tron" <neotron@mailinator.com> 
To: "Botron" <botron@mailinator.com> 
Subject: This is test mail 

Hello Nutron, 

Welcome to the world of mailing 

.

250 2.0.0 OK  1666040353 w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
QUIT
221 2.0.0 closing connection w4-20020a628204000000b005623fa9ad42sm7152018pfd.153 - gsmtp
read:errno=0

Let’s make sense of the above chat. between the SMTP server and our client

  1. Server: First, connected to the SMTP mail server usign command openssl s_client -connect smtp.gmail.com:465
  2. Client: On successful connection, server replied with 220 followed by it’s domain name
  3. Client: Then, we greet the server with HELO or EHLO followed by our domain name
    • If we greet with EHLO, server replies with possible commands that are suppored
  4. Client: Login to the server by sending command AUTH LOGIN
  5. Server: Server Asks the username in base64 334 VXNlcm5hbWU6 which means 344 Username:
  6. Client: reply with username after converting it to base64
  7. Server: asks the password
  8. Client: reply with password after converting it to base64
  9. Server: If credentials are correct, server replies with 235 Accepted

After successful login, write the mail and end it with .\n\n (.LFLF) to send the mail body and headers to server.

We need to provide the username and password in base64. Use the tool util.tools/base64 -codec to convert username and password to base64

Another example mail conversation

read R BLOCK
220 smtp.gmail.com ESMTP x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp
EHLO localhost
250-smtp.gmail.com at your service, [2401:4900:4fd7:15bf:8091:314f:1989:f76a]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
AUTH LOGIN
334 VXNlcm5hbWU6
bmVvd*****o=
334 UGFzc3dvcmQ6
aWZoam****dgo=
235 2.7.0 Accepted
MAIL FROM: <steventron@example.com>
250 2.1.0 OK x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp
RCPT TO: <alicemarvel@example.com>
250 2.1.5 OK x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp
DATA 
354  Go ahead x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp
From: "Captain Marvel" <captainmarvel@mailinator.com>
To: "Captain Marica" <captainamerica@mailinator.com>
Subject: Hello Test Mail

Hi Mr, 

We have war to attend, wake up 

Thanks, 

. 


250 2.0.0 OK  1666041755 x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp
QUIT
221 2.0.0 closing connection x3-20020a170902ec8300b00178143a728esm7059155plg.275 - gsmtp
read:errno=0

Troubleshooting

  • If you are using gmail, make sure you have enabled the use less secure apps

In fact, google phased out the use less secure apps feature. To be able to send mail using command line we need to create app password. To get the option of “app password” enable 2-step verification first

Set the app password and use it instead of actual username and password

Click on App Passwords, and then select the App type in the next screen

Google App Password: Select App

Then, select the Device Type

Google App Password: Select Device

Then, click on generate to generate the password

Google App Password: Generated

If authentication is consistently failing, also check if you are using proper authentication protocol as SMTP uses and supports different authentication protocols

  1. PLAIN (Uses Base64 encoding)
  2. LOGIN (Uses Base64 encoding)
  3. GSSAPI (Generic Security Services Application Program Interface)
  4. DIGEST-MD5 (Digest access authentication)
  5. MD5 CRAM-MD5 OAUTH10A (OAuth 1.0a HMAC-SHA1 tokens/RFC 5849)
  6. OAUTHBEARER (OAuth 2.0 bearer tokens/RFC 6750)
  7. XOAUTH2

Authentication mechanisms supported by server is provided in the response from server in response to EHLO message 

C: EHLO client.getkt.com
S: 250-smtp.getkt.com Hello client.getkt.com
S: 250 AUTH GSSAPI DIGEST-MD5 PLAIN

As it is shown in the example above, server supports authentication mechanisms: GSSAPI, DIGEST-MD5 and PLAIN

Such that, check and make sure you are using appropriate authentication mechanism

Leave a Reply

Your email address will not be published. Required fields are marked *

Trending News

Find Us On