In association with heise online

SMTP Authentication

Authentication in SMTP is a little more complicated. Most servers, as in this example, support the AUTH PLAIN procedure, in which the access data must be Base64 coded. This is dealt with by the Perl command:

$ perl -MMIME::Base64 -e 'print encode_base64("\000user-ju\000secret")'

the output from which should be fed to the SMTP server:

235 Authentication succeeded

which signals it is ready for further SMTP commands. For protocols and servers not supported by openssl you can use gnutls-cli from the gnutls-bin package. First it creates a cleartext connection to an arbitrary TLS-enabled service such as:

$ gnutls-cli -s -p submission
Resolving ''...
Connecting to ''...
- Simple Client Mode:
220 ESMTP Exim 4.69 Wed, 16 Sep 2009 18:03:01 +0200
ehlo test Hello []
250-SIZE 78643200
250 HELP
220 TLS go ahead

Then you switch to a second shell to get the process ID of the running tool and send the signal SIGALARM to it:

$ ps aux | grep gnutls
ju 6103 pts/3 S+ 18:03 0:00 gnutls-cli [...]
$ kill -s SIGALRM 6103

This causes gnutls-cli to negotiate the TLS connection and to reconnect stdin and stdout to the newly created tunnel. It also presents some interesting information about the new TLS connection it just created:

*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
# The hostname in the certificate matches ''.
# valid since: Thu Dec 14 14:08:41 CET 2006
# expires at: Sun Dec 11 14:08:41 CET 2016
# fingerprint: 28:8C:E0:29:B9:31:9B:96:F6:3D:B4:49:10:CD:06:80
# Subject's DN: C=DE,ST=Niedersachsen,L=Hannover,O=Heise Zeitschriften Verlag GmbH Co KG,OU=Netzwerkadministration,,
# Issuer's DN: C=DE,ST=Niedersachsen,L=Hannover,O=Verlag Heinz Heise GmbH & Co KG,OU=Netzwerkadministration,,
- Peer's certificate issuer is unknown
- Peer's certificate is NOT trusted
- Version: TLS 1.0
- Key Exchange: DHE RSA
- Cipher: AES 256 CBC
- Compression: NULL
221 closing connection
- Peer has closed the GNUTLS connection

This allows you to interactively connect to arbitrary TLS enabled services. Users wanting to experiment further may be interested to know that openssl also includes s_server which is able to emulate a very simple www server. gnutls-serv provides similar functionality for the gnutls-bin package.


Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit