Wednesday, March 14, 2007

Testing SMTP and POP services from a console

Test a non-secure SMTP server

To test a non-secure SMTP server we simply connect to the port 25 of that machine using telnet:

telnet smtp_ip_address 25
Trying smtp_ip_address...
Connected to smtp_ip_address.
Escape character is '^]'.
220 Welcome to Postfix ESMTP Server
ehlo localhost
250-testmail
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:auser@internaldomain.org
250 2.1.0 Ok
rcpt to:noone@externaldomain.org
554 5.7.1 : Relay access denied
rcpt to:noone@internaldomain.com
550 5.1.1 : Recipient address rejected: User unknown in local recipient
rcpt to:realuser@internaldomain.com
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
Hello There!!
.
250 2.0.0 Ok: queued as 7ECF05100C6
quit
221 2.0.0 Bye
Connection closed by foreign host.

The green text are the commands you send to the server while the blue text indicates the server responses. The example above is for a simple Postfix SMTP server.

Testing the AUTH command

From the previous example we can see that the Postfix SMTP server supports the AUTH command that allows roaming users to use the server as relay. To test this command we must first encode our authentication credentials in base64 format:

perl -MMIME::Base64 -e 'print encode_base64("\000username\@domain.net\000password")'

You must have the MIME::Base64 perl module in your system (is installed by default in Kununtu). Also make sure you replace the username, domain.net and password in the command to reflect your own valid values.

After the command finishes it will output your authentication credentials as a base64 encoded string that looks like:

AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=

Copy that string somewhere and proceed to connect to the server as in the previous example:

telnet smtp_ip_address 25
Trying smtp_ip_address...
Connected to smtp_ip_address.
Escape character is '^]'.
220 Welcome to Postfix ESMTP Server
ehlo localhost
250-testmail
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
auth plain AGptczFAam1zMS5uZXQAbm90Lm15LnJlYWwucGFzc3dvcmQ=
235 2.0.0 Authentication successful
mail from:auser@internaldomain.org
250 2.1.0 Ok
rcpt to:noone@externaldomain.org
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
hahahaha
.
250 2.0.0 Ok: queued as 7B6265100C6
quit
221 2.0.0 Bye
Connection closed by foreign host.

In this example we used the "auth plain" command to authenticate ourselves against the SMTP server. Once authenticated we are allowed to relay mails to any domain (not only internal domains) from anywhere (roaming).

A closer look at the the previous example will reveal that when we send the "rcpt to" command to an external domain (noone@externaldomain.org) the server response was a "554 relay access denied". In this example we are authenticated with the server (via the AUTH command) so now the "rcpt to" command was accepted.

Test a non-secure POP server

Similar to SMTP we can test a POP server by connecting to it using telnet:

telnet pop_ip_address 110
Trying pop_ip_address...
Connected to pop_ip_address.
Escape character is '^]'.
+OK Hello there.
user username
+OK Password required.
pass password
+OK logged in.
list
+OK POP3 clients that break here, they violate STD53.
1 520
.
quit
+OK Bye-bye.
Connection closed by foreign host.

Again green are your commands and blue are the server responses. In this example we simply connect to the server, authenticate and get the list of mails in our inbox. We can also see the contents of the mails with the "retr num" command replacing num with the mail number as displayed by the "list" command.

Test secure SMTP/POP servers

If the SMTP/POP server supports encryption (TLS/SSL) we won't be able to test it using simple text telnet connections. In this case we must use the openssl command utility that will take care of all TLS/SSL negotiations, connect to the server and allow us to send plain text commands over the encrypted connection.

For SMTP we can check if the server support TLS encryption by looking at the server response to the "ehlo" command. If we get a "250-STARTTLS" within all the responses then the server supports TLS.

To connect to the SMTP server over a TLS encrypted connection we can use the following command:

openssl s_client -starttls smtp -crlf -connect smtp_ip_address:25

You will get a lot of messages from this command that show the SSL negotiations. You really don't need to care about all those messages. When openssl finishes setting up the encrypted connection you will see the same welcome message we got on the first example:

220 Welcome to Postfix ESMTP Server

From here on you can proceed with plain text commands as in the first two examples.

In the case of POP the server it is a little more difficult to check if it supports TLS/SSL connections. POP uses a different port (995 instead of 110) for SSL encrypted connections. This means that as long as the server uses the default ports if the server has the port 995 open we can assume it supports POP over SSL.

To connect to the POP server we must use the openssl utility command to take care of all the SSL negotiation procedures. The following command will do the trick:

openssl s_client -crlf -connect pop_ip_address:995

After all the SSL certificates are exchanged and the encrypted connection is established we are greeted by the POP server hello message as in the previous POP example:

+OK Hello there.

From this point on we can proceed issuing normal text commands and getting server responses. All the encryption part will be handled automatically by openssl.

References

I learned about testing the AUTH command and SMTP over TLS from the following page: http://qmail.jms1.net/test-auth.shtml

No comments:

Post a Comment