cole24_
Photo credit: cole24_
del.icio.us Digg DZone Reddit StumbleUpon
1 | 2 | Next »
System Administration

SMTP and SMTP-AUTH

by Willie Wheeler
Monday, May 5, 2008
This article explains the basics of the Simple Mail Transport Protocol (SMTP) and its extension, SMTP-AUTH.

This article explains the basics of the Simple Mail Transport Protocol (SMTP) and its extension, SMTP-AUTH. SMTP is the de facto standard application layer protocol for sending e-mail across the Internet, and SMTP-AUTH augments SMTP by supporting client authentication, which allows clients to use an SMTP server as an e-mail relay.

If you haven't played with SMTP over telnet before, it's entertaining and possibly even eye-opening. You'll learn how spammers use SMTP and SMTP-AUTH to achieve their nefarious ends. Hopefully you won't use it for that but this article explains enough of SMTP that you'll understand how to use and abuse it.

WARNING: OUR TELNET SESSION IS NOT ENCRYPTED. Even though we use base64 encoding to send the username/password pair to the server, base64 is not encryption. It prevents casual observers from seeing your password, but it can easily be reversed and hence you are basically sending your password in the clear. If you manually start a telnet session such as the one below (and do so only if you are comfortable that you understand the risks involved), I strongly suggest changing your password on the SMTP server immediately afterward.

Send yourself an e-mail from <insert_sith_lord_here>

Have you ever wanted to receive an e-mail from your favorite Sith Lord? Let's open up a telnet session that does just that. To do that you will need an SMTP server, which as mentioned above allows you to send e-mail over the Internet. You will also need to know your username and password for the SMTP server as most SMTP servers require that. You can get the SMTP server's host and port from your ISP, and presumably you set the username and password up with your ISP as well.

$ telnet smtp.example.com 25

S: 220 smtp.example.com ESMTP Sendmail 8.13.8/8.13.6; Thu, 27 Mar 2008 23:14:59 -0700

C: EHLO wheelersoftware.com

S: 250-smtp.example.com Hello wheelersoftware.com [204.13.10.15], pleased to meet you
S: 250-ENHANCEDSTATUSCODES
S: 250-PIPELINING
S: 250-EXPN
S: 250-VERB
S: 250-8BITMIME
S: 250-SIZE 20000000
S: 250-DSN
S: 250-ETRN
S: 250-AUTH LOGIN PLAIN
S: 250-STARTTLS
S: 250-DELIVERBY
S: 250 HELP

C: AUTH LOGIN

S: 334 VXNlcm5hbWU6

C: d2lsbGll

S: 334 UGFzc3dvcmQ6

C: ZnVuc210cA==

S: 235 2.0.0 OK Authenticated

C: MAIL FROM:<darth.vader@deathstar.com>

S: 250 2.1.0 <darth.vader@deathstar.com>... Sender ok

C: RCPT TO:<willie@example.com>

S: 250 2.1.5 <willie@example.com>... Recipient ok

C: DATA

S: 354 Enter mail, end with "." on a line by itself

C: Date: Thu, 27 Mar 2008 23:12:49 -0700 (MST)
C: From: darth.vader@deathstar.com
C: To: willie@example.com
C: Subject: Great article
C: 
C: Hi Willie,
C: I enjoyed your article on TCP/IP-based application protocols.
C: Join me, and together we can rule the galaxy as father and son.
C: Darth Vader
C: .

S: 250 2.0.0 m2S6ExD6029743 Message accepted for delivery

C: QUIT

S: 221 2.0.0 smtp.example.com closing connection

[The server closes the connection]
Social bookmarks: del.icio.us Digg DZone Reddit StumbleUpon
1 | 2 | Next »
Show comments (0)

Post a comment

Your name:
Your e-mail address (won't be displayed):
Your web site (optional):
example: www.xyz.com
Your comment:
Please help us prevent comment spam:

What's New?

2008-10-20 - I've added a new mailing list feature to the site. Sign up to receive e-mail updates about new articles.
2008-09-30 - We've released chapter 4 (User registration) and chapter 5 (Authentication) of Spring in Practice.
2008-09-11 - By popular demand, I've added an RSS feed to the site.
Home | Consulting | Tech Articles | Mailing List | About | Contact | Spring Blog
Copyright © 2008 Wheeler Software, LLC.